new configuration version

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisAuth"
   replicas: 1
-  version: "8.2505.5"
-  gitInitVersion: "1.4.0"
+  version: "8.2411.3"
+  gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
     management: 9000
@@ -39,14 +39,13 @@ spec:
     management:
       httpGet:
         path: "/nevisauth/liveness"
-      initialDelaySeconds: 50
       periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 30
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-8c63709c859f30ecc911fbf0b105249f6b4b4893"
+    tag: "r-ac938692d8edd6d7a3c23c703a8b0ad0b4510414"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict.properties

@@ -3,7 +3,6 @@ accept.button.label=Accept
 cancel.button.label=Cancel
 continue.button.label=Continue
 deputy.profile.label=(Deputy Profile)
-error.account.exists=Account already exists. Continue to log in.
 error.saml.failed=Please close your browser and try again.
 error_1=Please check your input.
 error_10=Please select the correct user account.
@@ -71,8 +70,6 @@ policyInfo.regex.numeric=▪ must contain at least {0} numeric characters.
 policyInfo.regex.upper=▪ must contain at least {0} upper case characters.
 policyInfo.title=The password has to comply with the following password policy:
 reject.button.label=Deny
-signup.button.label=Signup
-skip.button.label=Skip
 submit.button.label=Submit
 tan.sent=Please enter the security code which has been sent to your mobile phone.
 title.logout=Logout
@@ -80,5 +77,4 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Client Authorization
 title.saml.failed=Error
-title.signup=Create account
 title.timeout.page=Logout

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_de.properties

@@ -3,7 +3,6 @@ accept.button.label=Akzeptieren
 cancel.button.label=Abbrechen
 continue.button.label=Weiter
 deputy.profile.label=(Profil Stellvertreter)
-error.account.exists=Konto existiert bereits. Melden Sie sich an.
 error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut.
 error_1=Bitte überprüfen Sie Ihre Eingabe.
 error_10=Bitte wählen Sie den gewünschten Benutzer.
@@ -71,8 +70,6 @@ policyInfo.regex.numeric=▪ muss mindestens {0} numerische Zeichen enthalte
 policyInfo.regex.upper=▪ muss mindestens {0} Grossbuchstaben enthalten.
 policyInfo.title=Das Passwort muss den folgenden Passwort-Richtlinien entsprechen:
 reject.button.label=Ablehnen
-signup.button.label=Registrieren
-skip.button.label=Überspringen
 submit.button.label=Senden
 tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde.
 title.logout=Logout
@@ -80,5 +77,4 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Client Authorisierung
 title.saml.failed=Error
-title.signup=Konto erstellen
 title.timeout.page=Logout

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_en.properties

@@ -3,7 +3,6 @@ accept.button.label=Accept
 cancel.button.label=Cancel
 continue.button.label=Continue
 deputy.profile.label=(Deputy Profile)
-error.account.exists=Account already exists. Continue to log in.
 error.saml.failed=Please close your browser and try again.
 error_1=Please check your input.
 error_10=Please select the correct user account.
@@ -71,8 +70,6 @@ policyInfo.regex.numeric=▪ must contain at least {0} numeric characters.
 policyInfo.regex.upper=▪ must contain at least {0} upper case characters.
 policyInfo.title=The password has to comply with the following password policy:
 reject.button.label=Deny
-signup.button.label=Signup
-skip.button.label=Skip
 submit.button.label=Submit
 tan.sent=Please enter the security code which has been sent to your mobile phone.
 title.logout=Logout
@@ -80,5 +77,4 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Client Authorization
 title.saml.failed=Error
-title.signup=Create account
 title.timeout.page=Logout

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_fr.properties

@@ -3,7 +3,6 @@ accept.button.label=Accepter
 cancel.button.label=Abandonner
 continue.button.label=Continuer
 deputy.profile.label=(Profil du suppléant)
-error.account.exists=Le compte existe déjà. Continuez à vous connecter.
 error.saml.failed=Fermez votre navigateur et r;eacute;essayez.
 error_1=Veuillez vérifier vos données, s.v.p.
 error_10=Choisissez votre compte.
@@ -71,8 +70,6 @@ policyInfo.regex.numeric=▪ doit comprendre au minimum {0} caractères
 policyInfo.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s).
 policyInfo.title=Le mot de passe doit respecter les règles suivantes:
 reject.button.label=Refuser
-signup.button.label=Inscription
-skip.button.label=Passer
 submit.button.label=Envoyer
 tan.sent=Veuillez saisir le code de sécurité que vous avez reçu au votre téléphone mobile.
 title.logout=Logout
@@ -80,5 +77,4 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Autorisation du client
 title.saml.failed=Error
-title.signup=Créer un compte
 title.timeout.page=Logout

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_it.properties

@@ -1,9 +1,8 @@
 
-accept.button.label=Accetta
-cancel.button.label=Annulla
+accept.button.label=Accettare
+cancel.button.label=Abortire
 continue.button.label=Continua
 deputy.profile.label=(profilo del delegato)
-error.account.exists=L'account esiste gi<67>. Prosegui col login.
 error.saml.failed=Chiudi il browser e riprova.
 error_1=Verificare i dati immessi.
 error_10=Per favore selezionare il conto utente corretto.
@@ -70,9 +69,7 @@ policyInfo.regex.nonLetter=&#9642; non pu&ograve; contenere pi&ugrave; di {0} nu
 policyInfo.regex.numeric=&#9642; deve contenere un minimo di {0} carattere/i numerico/i.
 policyInfo.regex.upper=&#9642; deve conenere almeno {0} carattere/i maiuscolo/i.
 policyInfo.title=La password deve rispettare le seguenti direttive:
-reject.button.label=Rifiuta
-signup.button.label=Iscriviti
-skip.button.label=Salta
+reject.button.label=Rifiuti
 submit.button.label=Continua
 tan.sent=Inserisci il codice di sicurezza che &egrave; stato inviato al tuo telefono cellulare.
 title.logout=Logout
@@ -80,5 +77,4 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Autorizzazione del client
 title.saml.failed=Error
-title.signup=Crea un account
 title.timeout.page=Logout

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf

@@ -13,9 +13,8 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
     "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-idp-extended-truststore/truststore.p12"
     "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-idp-extended-truststore/keypass}"
 )
 
-

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/esauth4.xml

@@ -431,6 +431,4 @@
         <!-- source: pattern://eaae1a7d4c4e0ce653074f22 -->
         <property name="secToken.binary" value="true"/>
     </WebService>
-    <!-- source: pattern://4bad2fe3ccc54716cc87138f -->
-    <RESTService name="ManagementService" class="ch.nevis.esauth.rest.service.session.ManagementService"/>
 </esauth-server>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/logging.yml

@@ -16,6 +16,12 @@ Configuration:
       level: "INFO"
     - name: "EsAuthStart"
       level: "INFO"
+    - name: "org.apache.catalina.loader.WebappClassLoader"
+      level: "FATAL"
+    - name: "org.apache.catalina.startup.HostConfig"
+      level: "ERROR"
+    - name: "ch.nevis.esauth.events"
+      level: "FATAL"
     - name: "AGOV-ACCT"
       level: "DEBUG"
     - name: "AgovCaptcha"
@@ -26,6 +32,8 @@ Configuration:
       level: "INFO"
     - name: "AuthPerf"
       level: "INFO"
+    - name: "DIM-REG"
+      level: "DEBUG"
     - name: "IdmAuth"
       level: "DEBUG"
     - name: "OpTrace"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties

@@ -1,5 +1,4 @@
 otel.service.name = auth-sts
-otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-technical-trust-store-7022472ae407577ae604bbb8.yaml

@@ -16,6 +16,8 @@ spec:
     namespace: "adn-agov-nevisidm-01-uat"
   - name: "proxy-idp-auth-realm-mobile-fido-uaf-identity"
     namespace: "adn-agov-nevisidm-01-uat"
+  - name: "proxy-idp-auth-realm-dimilar-identity"
+    namespace: "adn-agov-nevisidm-01-uat"
   - name: "proxy-idp-auth-realm-recovery-identity"
     namespace: "adn-agov-nevisidm-01-uat"
   extraCerts:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisAuth"
   replicas: 1
-  version: "8.2505.5"
-  gitInitVersion: "1.4.0"
+  version: "8.2411.3"
+  gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
     management: 9000
@@ -39,19 +39,15 @@ spec:
     management:
       httpGet:
         path: "/nevisauth/liveness"
-      initialDelaySeconds: 50
       periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 30
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-8c63709c859f30ecc911fbf0b105249f6b4b4893"
+    tag: "r-ac938692d8edd6d7a3c23c703a8b0ad0b4510414"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
     credentials: "git-credentials"
-  database:
-    name: "auth"
-    requiredVersion: "8.2505.5"
   keystores:
   - "auth-sh4r3d-internal-idp-auth-signer"
   - "auth-auth-realm-mobile-fido-uaf-tls-client-nevisfido"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-database-b7b59e97b3fd18bb60178573.yaml

@@ -1,26 +0,0 @@
-apiVersion: "operator.nevis-security.ch/v1"
-kind: "NevisDatabase"
-metadata:
-  name: "auth"
-  namespace: "adn-agov-nevisidm-01-uat"
-  labels:
-    deploymentTarget: "auth"
-  annotations:
-    projectKey: "DEFAULT-ADN-AGOV-PROJECT"
-    patternId: "b7b59e97b3fd18bb60178573"
-spec:
-  type: "NevisAuth"
-  databaseType: "MariaDB"
-  version: "8.2505.5"
-  url: "session-db-primary-service.adn-agov-database-01-uat"
-  port: 3306
-  database: "nevisauth"
-  bootstrap: true
-  migrate: true
-  rootCredentials:
-    name: "root-adn-agov-nevisidm-admin-01-uat-idm"
-    namespace: "adn-agov-nevisidm-admin-01-uat"
-  podSecurity:
-    policy: "baseline"
-    automountServiceAccountToken: false
-  timeZone: "Europe/Zurich"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict.properties

@@ -10,11 +10,30 @@ agov-ident.invalid-url.message=Link can't be processed
 agov-ident.invalid-url.title=Invalid Link
 agov-ident.onboarding=Registration & Verification
 agov-ident.retry=Try again
+button.submit=Submit
 cancel.button.label=Cancel
 continue.button.label=Continue
 darkModeSwitch.aria.label=Dark mode toggle
 deputy.profile.label=(Deputy Profile)
-error.account.exists=Account already exists. Continue to log in.
+dimilar.confirm_identity.checkbox=I confirm this is my data
+dimilar.confirm_identity.description=Please confirm the data below is yours in order to proceed:
+dimilar.confirm_identity.error=Please confirm the data is yours to proceed.
+dimilar.confirm_identity.link=If this is not your data, please visit <a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar.confirm_identity.title=Confirm data
+dimilar.select_onboarding.description=Welcome to AGOV. Please complete your onboarding by connecting to an existing or new AGOV account.
+dimilar.select_onboarding.error-banner=Please select one option to continue
+dimilar.select_onboarding.existing-account=Onboard with an existing AGOV account
+dimilar.select_onboarding.proceeding=How would you like to proceed?
+dimilar.select_onboarding.registering-account=Onboard with a new AGOV account
+dimilar.select_onboarding.title=Hello !!!FIRSTNAME!!! !!!LASTNAME!!!,
+dimilar.token_error.support=For support please visit <a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar.token_error.token_expired=Token expired or already used.
+dimilar_onboarding.aborted.link=If you require support please visit <a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar_onboarding.aborted.message=Onboarding aborted. Please try again.
+dimilar_onboarding.failed.link=<a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar_onboarding.failed.message=Onboarding aborted. Please contact support at
+dimilar_onboarding.successful.message=Onboarding with AGOV account successful. You are now able to log in to Dimilar at <a class='link' href='https://www.armee.ch/dim' target='_blank'>https://www.armee.ch/dim</a>.
+dimilar_onboarding.title=Register
 error.policy.failed=The new password does not comply with the policy.
 error.saml.failed=Please close your browser and try again.
 error_1=Please check your input.
@@ -25,8 +44,16 @@ error_11=Please use another certficate or login with another credential type.
 error_2=Please select another login name.
 error_3=Your account will be locked if next authentication fails.
 error_4=Your new password does not comply with the security policy. Please choose a different password.
+error_403.description=You are not authorised to access this application.
+error_403.title=Not authorised
+error_404.description=The page you are looking for does not exist.
+error_404.title=Page not found
 error_5=Error in password confirmation.
 error_50=The new password is too short.
+error_500.description=There is currently an outage. We are working on it.
+error_500.title=Something went wrong.
+error_502.description=We are working on it. Please try again later.
+error_502.title=Something went wrong.
 error_55=The new password has to differ from old passwords.
 error_6=Password change required.
 error_7=Change of login ID required.
@@ -61,11 +88,17 @@ general.cancel=Cancel
 general.confirm=Confirm
 general.contactSupport=Contact Support
 general.continue=Continue
+general.data.birthDate=Date of birth
+general.data.birthDateFormat=DD.MM.YYYY
+general.data.enrollmentNumber=Enrolment number (SSN/AHV number)
+general.data.firstname=First name
+general.data.lastname=Last name
 general.edit=Edit
 general.email=Email
 general.email.address=Email address
 general.entryCode=Code entry
 general.fieldRequired=Field required
+general.generalAccessApp=Access app
 general.getStarted=Get started
 general.goAGOVHelp=Go to AGOV help
 general.goAccessApp=Login with AGOV access
@@ -98,7 +131,7 @@ general.skip.content=Skip to main content
 general.wrongPhoneNumber=Please enter a valid phone number
 generic.auth.error.message=There was a service interruption. We are working on it.
 generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists.
-generic.auth.error.subtitle=Something went wrong
+generic.auth.error.subtitle=Something went wrong.
 generic.auth.error.title=Error
 info.login=Please enter your authentication information.
 info.logout.confirmation=Please confirm that you want to log out.
@@ -119,6 +152,8 @@ loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
 loainfo.startVerification=Start verification
 loainfo.title=Verify your data
+loggedout.description=You have been successfully logged out.
+loggedout.title=Logged out
 login.button.label=Login
 logout.label=Logout
 logout.text=You have successfully logged out.
@@ -147,6 +182,16 @@ method.recovery.label=Recovery Codes
 method.safeword.label=SafeWord
 method.securid.label=SecurID
 method.ticket.label=Ticket
+onboard_linking_account_auth.fido_instructions=A physical security key offers a secure way to onboard with your account without having to use a phone.
+onboard_linking_account_auth.instructions=Onboard with your AGOV account by scanning the QR code with your AGOV access app
+onboarding.cancel-onboarding=Are you sure you want to cancel the onboarding process?
+onboarding.cancel-onboarding-description=In order to proceed with an account recovery, you will have to cancel the onboarding process.
+onboarding.cancel-proceed-recovery=Yes, cancel and proceed to recovery
+onboarding.login-factor=Step 1 - Login factor
+onboarding.with-agov.title=Onboard with AGOV account
+onboarding_account.switchLinking=Switch to onboard with
+onboarding_account_auth.loginSecurityKey=Start onboarding with security key
+onboarding_account_auth.useSecurityKey=Use a security key to onboard with your AGOV account
 op-admin.login=AGOV op admin
 op-admin.login.intro.message=Login with your username and password
 op-admin.login.loginid=LoginId
@@ -284,7 +329,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app, or it shows there are no accounts defined
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app
@@ -297,10 +342,10 @@ recovery_start_info.banner.warning=You will not be able to use your account unti
 recovery_start_info.instruction=During the recovery process you will register a new login factor. If  your account contains any verified information you might also have to go through a verification process to finish the recovery.
 recovery_start_info.title=You are about to start the recovery process
 reject.button.label=Deny
-signup.button.label=Signup
-skip.button.label=Skip
 submit.button.label=Submit
 tan.sent=Please enter the security code which has been sent to your mobile phone.
+timeout.description=Your session has timed out. Please close this window and try logging in again.
+timeout.title=Session expired
 title.login=Login
 title.logout=Logout
 title.logout.confirmation=Logout
@@ -309,7 +354,6 @@ title.oauth.consent=Client Authorization
 title.pwchange.label=Password Change
 title.pwreset=Password Forgotten
 title.saml.failed=Error
-title.signup=Create account
 title.timeout.page=Logout
 user_input.invalid.email=Please enter a valid email address
 user_input.invalid.email.required=Field required

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_de.properties

@@ -10,11 +10,30 @@ agov-ident.invalid-url.message=Link kann nicht verarbeitet werden
 agov-ident.invalid-url.title=Ungültiger Link
 agov-ident.onboarding=Registrierung & Verifikation
 agov-ident.retry=Versuchen Sie es erneut
+button.submit=Senden
 cancel.button.label=Abbrechen
 continue.button.label=Weiter
 darkModeSwitch.aria.label=Dark-Mode-Schalter
 deputy.profile.label=(Profil Stellvertreter)
-error.account.exists=Konto existiert bereits. Melden Sie sich an.
+dimilar.confirm_identity.checkbox=Ich bestätige, dass dies meine Angaben sind
+dimilar.confirm_identity.description=Bitte bestätigen Sie, dass die folgenden Angaben Ihnen gehören, um fortzufahren:
+dimilar.confirm_identity.error=Bitte bestätigen Sie, dass die Angaben Ihnen gehören, um fortzufahren.
+dimilar.confirm_identity.link=Wenn diese nicht Ihre Angaben sind, besuchen Sie bitte <a class='link' href='https://agov.ch/dim' target='_blank'>https://agov.ch/dim</a>.
+dimilar.confirm_identity.title=Angaben best&auml;tigen
+dimilar.select_onboarding.description=Willkommen bei AGOV. Bitte komplettieren Sie Ihr Onboarding, indem Sie ein bestehendes oder neues AGOV Konto verbinden.
+dimilar.select_onboarding.error-banner=Bitte w&auml;hlen Sie eine Option aus, um fortzufahren
+dimilar.select_onboarding.existing-account=Onboarding mit einem existierenden AGOV-Konto
+dimilar.select_onboarding.proceeding=Wie m&ouml;chten Sie fortfahren?
+dimilar.select_onboarding.registering-account=Onboarding mit einem neuen AGOV-Konto
+dimilar.select_onboarding.title=Hallo !!!FIRSTNAME!!! !!!LASTNAME!!!
+dimilar.token_error.support=Um Hilfe zu erhalten, besuchen Sie bitte <a class='link' href='https://agov.ch/dim' target='_blank'>agov.ch/dim</a>.
+dimilar.token_error.token_expired=Token abgelaufen oder bereits verwendet.
+dimilar_onboarding.aborted.link=Wenn Sie Hilfe ben&ouml;tigen, besuchen Sie bitte <a class='link' href='https://agov.ch/dim' target='_blank'>https://agov.ch/dim</a>.
+dimilar_onboarding.aborted.message=Onboarding abgebrochen. Bitte versuchen Sie es erneut.
+dimilar_onboarding.failed.link=<a class='link' href='https://agov.ch/dim' target='_blank'>agov.ch/dim</a>.
+dimilar_onboarding.failed.message=Onboarding abgebrochen. Bitte kontaktieren Sie den Support unter
+dimilar_onboarding.successful.message=Onboarding mit AGOV-Konto erfolgreich. Sie k&ouml;nnen sich nun bei Dimilar unter <a class='link' href='https://www.armee.ch/de/dim' target='_blank'>https://www.armee.ch/de/dim</a> einloggen.
+dimilar_onboarding.title=Registrieren
 error.policy.failed=Das neue Passwort stimmt nicht mit der Richtlinie &uuml;berein.
 error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut.
 error_1=Bitte &uuml;berpr&uuml;fen Sie Ihre Eingaben.
@@ -25,8 +44,16 @@ error_11=Bitte verwenden Sie ein anderes Zertifikat oder melden Sie sich mit ein
 error_2=Bitte w&auml;hlen Sie einen anderen Login-Namen.
 error_3=Wenn die n&auml;chste Authentifizierung fehlschl&auml;gt, wird Ihr Konto gesperrt.
 error_4=Ihr neues Passwort verst&ouml;sst gegen die Sicherheitsrichtlinien. Bitte w&auml;hlen Sie ein anderes Passwort.
+error_403.description=Sie sind nicht berechtigt, auf diese Anwendung zuzugreifen.
+error_403.title=Nicht zugelassen
+error_404.description=Die von Ihnen gesuchte Seite existiert nicht.
+error_404.title=Seite nicht gefunden
 error_5=Fehler bei der Passwortbest&auml;tigung.
 error_50=Das neue Passwort ist zu kurz.
+error_500.description=Zurzeit liegt eine St&ouml;rung vor. Wir arbeiten daran.
+error_500.title=Etwas ist schiefgegangen.
+error_502.description=Wir arbeiten daran. Bitte versuchen Sie es sp&auml;ter noch einmal.
+error_502.title=Etwas ist schiefgegangen.
 error_55=Das neue Passwort muss sich von alten Passw&ouml;rtern unterscheiden.
 error_6=Passwort&auml;nderung erforderlich.
 error_7=&Auml;nderung der Login-ID erforderlich.
@@ -61,11 +88,17 @@ general.cancel=Abbrechen
 general.confirm=Best&auml;tigen
 general.contactSupport=Support kontaktieren
 general.continue=Weiter
+general.data.birthDate=Geburtsdatum
+general.data.birthDateFormat=TT.MM.JJJJ
+general.data.enrollmentNumber=AHV-Nummer (Dienstmanager)
+general.data.firstname=Vorname
+general.data.lastname=Nachname
 general.edit=&Auml;ndern
 general.email=E-Mail
 general.email.address=E-Mail-Adresse
 general.entryCode=Code-Eingabe
 general.fieldRequired=Erforderliches Feld
+general.generalAccessApp=Access App
 general.getStarted=Los geht's
 general.goAGOVHelp=Weiter zur AGOV help
 general.goAccessApp=Login mit AGOV access
@@ -98,7 +131,7 @@ general.skip.content=Direkt zum Hauptteil
 general.wrongPhoneNumber=Bitte geben Sie eine g&uuml;ltige Telefonnummer ein
 generic.auth.error.message=Es gab eine Service-Unterbrechung. Wir arbeiten daran.
 generic.auth.error.next.steps=Versuchen Sie es bitte sp&auml;ter noch einmal. Bitte besuchen Sie die AGOV-Hilfe, wenn das Problem weiterhin besteht.
-generic.auth.error.subtitle=Etwas ist schiefgegangen
+generic.auth.error.subtitle=Etwas ist schiefgegangen.
 generic.auth.error.title=Fehler
 info.login=Bitte geben Sie Ihre pers&ouml;nlichen Zugangsdaten ein.
 info.logout.confirmation=Bitte best&auml;tigen Sie, dass Sie sich abmelden m&ouml;chten.
@@ -119,6 +152,8 @@ loainfo.later=Sp&auml;ter
 loainfo.startNow=M&ouml;chten Sie den Prozess jetzt starten?
 loainfo.startVerification=Verifikation starten
 loainfo.title=Verifizieren Sie Ihre Daten
+loggedout.description=Sie haben sich erfolgreich ausgeloggt.
+loggedout.title=Ausgeloggt
 login.button.label=Login
 logout.label=Logout
 logout.text=Sie haben sich erfolgreich abgemeldet.
@@ -147,6 +182,16 @@ method.recovery.label=Wiederherstellungscodes
 method.safeword.label=SafeWord
 method.securid.label=SecurID
 method.ticket.label=Ticket
+onboard_linking_account_auth.fido_instructions=Ein physischer Sicherheitsschl&uuml;ssel bietet eine sichere M&ouml;glichkeit, das Onboarding mit Ihrem Konto ohne Telefon durchzuf&uuml;hren.
+onboard_linking_account_auth.instructions=F&uuml;hren Sie das Onboarding mit Ihrem AGOV-Konto durch, indem Sie den QR-Code mit Ihrer AGOV access App scannen
+onboarding.cancel-onboarding=Sind Sie sicher, dass Sie den Onboarding-Prozess abbrechen m&ouml;chten?
+onboarding.cancel-onboarding-description=Um mit der Kontowiederherstellung fortzufahren, m&uuml;ssen Sie den Onboarding-Prozess abbrechen.
+onboarding.cancel-proceed-recovery=Ja, abbrechen und mit der Wiederherstellung fortfahren
+onboarding.login-factor=Schritt 1 &ndash; Login-Faktor
+onboarding.with-agov.title=Onboarding mit AGOV-Konto
+onboarding_account.switchLinking=Wechseln zum Onboarding mit
+onboarding_account_auth.loginSecurityKey=Onboarding mit Sicherheitsschl&uuml;ssel starten
+onboarding_account_auth.useSecurityKey=Benutzen Sie einen Sicherheitsschl&uuml;ssel, um das Onboarding mit Ihrem AGOV-Konto durchzuf&uuml;hren
 op-admin.login=AGOV-op-Admin
 op-admin.login.intro.message=Login mit Ihrem Benutzernamen und Passwort
 op-admin.login.loginid=LoginID
@@ -284,7 +329,7 @@ recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren r
 recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
 recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
 recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
-recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt
+recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt, oder es wird angezeigt, dass keine Konten definiert sind
 recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
 recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
 recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen
@@ -297,10 +342,10 @@ recovery_start_info.banner.warning=Sie k&ouml;nnen Ihr Konto nicht nutzen, bis d
 recovery_start_info.instruction=W&auml;hrend des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enth&auml;lt, m&uuml;ssen Sie zum Abschluss des Wiederherstellungsprozesses m&ouml;glicherweise auch einen Verifikationsprozess durchlaufen.
 recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten
 reject.button.label=Ablehnen
-signup.button.label=Registrieren
-skip.button.label=&Uuml;berspringen
 submit.button.label=Senden
 tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde.
+timeout.description=Ihre Sitzung ist abgelaufen. Bitte schliessen Sie dieses Fenster und versuchen Sie erneut, sich einzuloggen.
+timeout.title=Sitzung abgelaufen
 title.login=Login
 title.logout=Logout
 title.logout.confirmation=Logout
@@ -309,7 +354,6 @@ title.oauth.consent=Client Authorisierung
 title.pwchange.label=Passwort &auml;ndern
 title.pwreset=Passwort Vergesssen
 title.saml.failed=Error
-title.signup=Konto erstellen
 title.timeout.page=Logout
 user_input.invalid.email=Bitte geben Sie eine g&uuml;ltige E-Mail ein
 user_input.invalid.email.required=Erforderliches Feld

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_en.properties

@@ -10,11 +10,30 @@ agov-ident.invalid-url.message=Link can't be processed
 agov-ident.invalid-url.title=Invalid Link
 agov-ident.onboarding=Registration & Verification
 agov-ident.retry=Try again
+button.submit=Submit
 cancel.button.label=Cancel
 continue.button.label=Continue
 darkModeSwitch.aria.label=Dark mode toggle
 deputy.profile.label=(Deputy Profile)
-error.account.exists=Account already exists. Continue to log in.
+dimilar.confirm_identity.checkbox=I confirm this is my data
+dimilar.confirm_identity.description=Please confirm the data below is yours in order to proceed:
+dimilar.confirm_identity.error=Please confirm the data is yours to proceed.
+dimilar.confirm_identity.link=If this is not your data, please visit <a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar.confirm_identity.title=Confirm data
+dimilar.select_onboarding.description=Welcome to AGOV. Please complete your onboarding by connecting to an existing or new AGOV account.
+dimilar.select_onboarding.error-banner=Please select one option to continue
+dimilar.select_onboarding.existing-account=Onboard with an existing AGOV account
+dimilar.select_onboarding.proceeding=How would you like to proceed?
+dimilar.select_onboarding.registering-account=Onboard with a new AGOV account
+dimilar.select_onboarding.title=Hello !!!FIRSTNAME!!! !!!LASTNAME!!!,
+dimilar.token_error.support=For support please visit <a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar.token_error.token_expired=Token expired or already used.
+dimilar_onboarding.aborted.link=If you require support please visit <a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar_onboarding.aborted.message=Onboarding aborted. Please try again.
+dimilar_onboarding.failed.link=<a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar_onboarding.failed.message=Onboarding aborted. Please contact support at
+dimilar_onboarding.successful.message=Onboarding with AGOV account successful. You are now able to log in to Dimilar at <a class='link' href='https://www.armee.ch/dim' target='_blank'>https://www.armee.ch/dim</a>.
+dimilar_onboarding.title=Register
 error.policy.failed=The new password does not comply with the policy.
 error.saml.failed=Please close your browser and try again.
 error_1=Please check your input.
@@ -25,8 +44,16 @@ error_11=Please use another certficate or login with another credential type.
 error_2=Please select another login name.
 error_3=Your account will be locked if next authentication fails.
 error_4=Your new password does not comply with the security policy. Please choose a different password.
+error_403.description=You are not authorised to access this application.
+error_403.title=Not authorised
+error_404.description=The page you are looking for does not exist.
+error_404.title=Page not found
 error_5=Error in password confirmation.
 error_50=The new password is too short.
+error_500.description=There is currently an outage. We are working on it.
+error_500.title=Something went wrong.
+error_502.description=We are working on it. Please try again later.
+error_502.title=Something went wrong.
 error_55=The new password has to differ from old passwords.
 error_6=Password change required.
 error_7=Change of login ID required.
@@ -61,11 +88,17 @@ general.cancel=Cancel
 general.confirm=Confirm
 general.contactSupport=Contact Support
 general.continue=Continue
+general.data.birthDate=Date of birth
+general.data.birthDateFormat=DD.MM.YYYY
+general.data.enrollmentNumber=Enrolment number (SSN/AHV number)
+general.data.firstname=First name
+general.data.lastname=Last name
 general.edit=Edit
 general.email=Email
 general.email.address=Email address
 general.entryCode=Code entry
 general.fieldRequired=Field required
+general.generalAccessApp=Access app
 general.getStarted=Get started
 general.goAGOVHelp=Go to AGOV help
 general.goAccessApp=Login with AGOV access
@@ -98,7 +131,7 @@ general.skip.content=Skip to main content
 general.wrongPhoneNumber=Please enter a valid phone number
 generic.auth.error.message=There was a service interruption. We are working on it.
 generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists.
-generic.auth.error.subtitle=Something went wrong
+generic.auth.error.subtitle=Something went wrong.
 generic.auth.error.title=Error
 info.login=Please enter your authentication information.
 info.logout.confirmation=Please confirm that you want to log out.
@@ -119,6 +152,8 @@ loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
 loainfo.startVerification=Start verification
 loainfo.title=Verify your data
+loggedout.description=You have been successfully logged out.
+loggedout.title=Logged out
 login.button.label=Login
 logout.label=Logout
 logout.text=You have successfully logged out.
@@ -147,6 +182,16 @@ method.recovery.label=Recovery Codes
 method.safeword.label=SafeWord
 method.securid.label=SecurID
 method.ticket.label=Ticket
+onboard_linking_account_auth.fido_instructions=A physical security key offers a secure way to onboard with your account without having to use a phone.
+onboard_linking_account_auth.instructions=Onboard with your AGOV account by scanning the QR code with your AGOV access app
+onboarding.cancel-onboarding=Are you sure you want to cancel the onboarding process?
+onboarding.cancel-onboarding-description=In order to proceed with an account recovery, you will have to cancel the onboarding process.
+onboarding.cancel-proceed-recovery=Yes, cancel and proceed to recovery
+onboarding.login-factor=Step 1 - Login factor
+onboarding.with-agov.title=Onboard with AGOV account
+onboarding_account.switchLinking=Switch to onboard with
+onboarding_account_auth.loginSecurityKey=Start onboarding with security key
+onboarding_account_auth.useSecurityKey=Use a security key to onboard with your AGOV account
 op-admin.login=AGOV op admin
 op-admin.login.intro.message=Login with your username and password
 op-admin.login.loginid=LoginId
@@ -284,7 +329,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app, or it shows there are no accounts defined
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app
@@ -297,10 +342,10 @@ recovery_start_info.banner.warning=You will not be able to use your account unti
 recovery_start_info.instruction=During the recovery process you will register a new login factor. If  your account contains any verified information you might also have to go through a verification process to finish the recovery.
 recovery_start_info.title=You are about to start the recovery process
 reject.button.label=Deny
-signup.button.label=Signup
-skip.button.label=Skip
 submit.button.label=Submit
 tan.sent=Please enter the security code which has been sent to your mobile phone.
+timeout.description=Your session has timed out. Please close this window and try logging in again.
+timeout.title=Session expired
 title.login=Login
 title.logout=Logout
 title.logout.confirmation=Logout
@@ -309,7 +354,6 @@ title.oauth.consent=Client Authorization
 title.pwchange.label=Password Change
 title.pwreset=Password Forgotten
 title.saml.failed=Error
-title.signup=Create account
 title.timeout.page=Logout
 user_input.invalid.email=Please enter a valid email address
 user_input.invalid.email.required=Field required

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_fr.properties

@@ -10,11 +10,30 @@ agov-ident.invalid-url.message=Le lien ne peut pas être traité
 agov-ident.invalid-url.title=Lien non valide
 agov-ident.onboarding=Enregistrement et vérification
 agov-ident.retry=Essayez à nouveau
+button.submit=Envoyer
 cancel.button.label=Abandonner
 continue.button.label=Continuer
 darkModeSwitch.aria.label=Activer l'apparence sombre
 deputy.profile.label=(Profil du suppléant)
-error.account.exists=Le compte existe déjà. Continuez à vous connecter.
+dimilar.confirm_identity.checkbox=Je confirme que ce sont mes données
+dimilar.confirm_identity.description=Veuillez confirmer que les données ci-dessous vous appartiennent afin de poursuivre :
+dimilar.confirm_identity.error=Veuillez confirmer que les données vous appartiennent afin de poursuivre.
+dimilar.confirm_identity.link=Si ces donn&eacute;es ne sont pas les v&ocirc;tres, veuillez vous rendre sur <a class='link' href='https://agov.ch/fr/dim' target='_blank'>https://agov.ch/fr/dim</a>.
+dimilar.confirm_identity.title=Confirmer les donn&eacute;es
+dimilar.select_onboarding.description=Bienvenue sur AGOV. Veuillez terminer votre int&eacute;gration en vous connectant &agrave; un compte AGOV existant ou en cr&eacute;ant un nouveau compte.
+dimilar.select_onboarding.error-banner=Veuillez s&eacute;lectionner une option pour continuer
+dimilar.select_onboarding.existing-account=Se connecter avec un compte AGOV existant
+dimilar.select_onboarding.proceeding=Comment voulez-vous proc&eacute;der ?
+dimilar.select_onboarding.registering-account=Se connecter avec un nouveau compte AGOV
+dimilar.select_onboarding.title=Bonjour !!!FIRSTNAME!!! !!!LASTNAME!!!,
+dimilar.token_error.support=Si vous avez besoin d'aide veuillez vous rendre sur <a class='link' href='https://agov.ch/fr/dimf' target='_blank'>https://agov.ch/fr/dimf</a>.
+dimilar.token_error.token_expired=Jeton expir&eacute; ou d&eacute;j&agrave; utilis&eacute;.
+dimilar_onboarding.aborted.link=Si vous avez besoin d'aide veuillez vous rendre sur <a class='link' href='https://agov.ch/fr/dimf' target='_blank'>https://agov.ch/fr/dimf</a>.
+dimilar_onboarding.aborted.message=Le processus d&rsquo;int&eacute;gration a &eacute;t&eacute; annul&eacute;. Veuillez r&eacute;essayer.
+dimilar_onboarding.failed.link=<a class='link' href='https://agov.ch/fr/dimf' target='_blank'>https://agov.ch/fr/dimf</a>.
+dimilar_onboarding.failed.message=Le processus d'int&eacute;gration a &eacute;t&eacute; annul&eacute;. Veuillez contacter le service de support &agrave;
+dimilar_onboarding.successful.message=L&rsquo;int&eacute;gration avec le compte AGOV a r&eacute;ussi. Vous pouvez maintenant vous connecter sur le gestionnaire de service <a class='link' href='https://www.armee.ch/fr/dimf' target='_blank'>https://www.armee.ch/fr/dimf</a>.
+dimilar_onboarding.title=Cr&eacute;er un compte
 error.policy.failed=Votre nouveau mot de passe ne conforme pas aux mesures de s&eacute;curit&eacute;
 error.saml.failed=Fermez votre navigateur et r;eacute;essayez.
 error_1=Veuillez v&eacute;rifier votre saisie.
@@ -25,8 +44,16 @@ error_11=Veuillez utiliser un autre certificat ou vous connecter au moyen d&rsqu
 error_2=Veuillez s&eacute;lectionner un autre nom d&rsquo;utilisateur.
 error_3=Votre compte sera bloqu&eacute; si la prochaine tentative d&rsquo;authentification &eacute;choue.
 error_4=Votre nouveau mot de passe n&rsquo;est pas conforme &agrave; la politique de s&eacute;curit&eacute;. Veuillez choisir un autre mot de passe.
+error_403.description=Vous n&rsquo;&ecirc;tes pas autoris&eacute; &agrave; acc&eacute;der &agrave; cette ressource.
+error_403.title=Pas autoris&eacute;
+error_404.description=La page que vous recherchez n'existe pas.
+error_404.title=Page introuvable
 error_5=Erreur de confirmation du mot de passe
 error_50=Le nouveau mot de passe est trop court.
+error_500.description=Un incident est survenu. Nous mettons tout en œuvre pour le r&eacute;soudre.
+error_500.title=Un probl&egrave;me s&rsquo;est produit.
+error_502.description=Nous y travaillons. Veuillez r&eacute;essayer plus tard.
+error_502.title=Un probl&egrave;me s&rsquo;est produit.
 error_55=Le nouveau mot de passe doit &ecirc;tre diff&eacute;rent des pr&eacute;c&eacute;dents.
 error_6=Changement de mot de passe requis.
 error_7=Changement d&rsquo;identifiant de connexion requis.
@@ -61,11 +88,17 @@ general.cancel=Annuler
 general.confirm=Confirmer
 general.contactSupport=Contacter le service d'assistance
 general.continue=Continuer
+general.data.birthDate=Date de naissance
+general.data.birthDateFormat=JJ.MM.AAAA
+general.data.enrollmentNumber=Num&eacute;ro AVS (Gestionnaire de service)
+general.data.firstname=Pr&eacute;nom
+general.data.lastname=Nom
 general.edit=Editer
 general.email=E-mail
 general.email.address=Adresse e-mail
 general.entryCode=Entrer le code
 general.fieldRequired=Champ requis
+general.generalAccessApp=Access app
 general.getStarted=D&eacute;marrer
 general.goAGOVHelp=Rendez-vous sur AGOV help
 general.goAccessApp=Login avec AGOV access
@@ -98,7 +131,7 @@ general.skip.content=Passer au contenu principal
 general.wrongPhoneNumber=Veuillez saisir un num&eacute;ro de t&eacute;l&eacute;phone valable
 generic.auth.error.message=Une interruption de service s&rsquo;est produite. Nous nous employons &agrave; r&eacute;soudre le probl&egrave;me.
 generic.auth.error.next.steps=Veuillez r&eacute;essayer plus tard. Veuillez vous rendre sur AGOV help si le probl&egrave;me persiste.
-generic.auth.error.subtitle=Un probl&egrave;me s&rsquo;est produit
+generic.auth.error.subtitle=Un probl&egrave;me s&rsquo;est produit.
 generic.auth.error.title=Erreur
 info.login=Veuillez entrer vos &eacute;l&eacute;ments de s&eacute;curit&eacute; ci-apr&egrave;s.
 info.logout.confirmation=Veuillez confirmer que vous souhaitez vous d&eacute;connecter.
@@ -119,6 +152,8 @@ loainfo.later=Plus tard
 loainfo.startNow=Voulez-vous commencer le processus maintenant?
 loainfo.startVerification=D&eacute;marrer la v&eacute;rification
 loainfo.title=V&eacute;rifiez vos donn&eacute;es
+loggedout.description=Vous vous &ecirc;tes d&eacute;connect&eacute; avec succ&egrave;s.
+loggedout.title=D&eacute;connect&eacute;
 login.button.label=Login
 logout.label=Logout
 logout.text=Au revoir
@@ -147,6 +182,16 @@ method.recovery.label=Codes de r&eacute;cup&eacute;ration
 method.safeword.label=SafeWord
 method.securid.label=SecurID
 method.ticket.label=Ticket
+onboard_linking_account_auth.fido_instructions=Une cl&eacute; de s&eacute;curit&eacute; physique offre un moyen s&ucirc;r de se connecter &agrave; son compte sans devoir utiliser son t&eacute;l&eacute;phone.
+onboard_linking_account_auth.instructions=Connectez-vous avec votre compte AGOV en scannant le code QR avec votre application AGOV access
+onboarding.cancel-onboarding=&Ecirc;tes-vous s&ucirc;r de vouloir annuler la proc&eacute;dure d'int&eacute;gration ?
+onboarding.cancel-onboarding-description=Pour proc&eacute;der &agrave; la r&eacute;cup&eacute;ration de votre compte, vous devrez annuler le processus d&rsquo;int&eacute;gration.
+onboarding.cancel-proceed-recovery=Oui, annuler et proc&eacute;der &agrave; la r&eacute;cup&eacute;ration
+onboarding.login-factor=&Eacute;tape 1 - Facteur de connexion
+onboarding.with-agov.title=Se connecter avec un compte AGOV
+onboarding_account.switchLinking=Passer &agrave; l&rsquo;int&eacute;gration avec
+onboarding_account_auth.loginSecurityKey=Commencez l'int&eacute;gration avec une cl&eacute; de s&eacute;curit&eacute;
+onboarding_account_auth.useSecurityKey=Utilisez une cl&eacute; de s&eacute;curit&eacute; pour se connecter avec votre compte AGOV
 op-admin.login=Administration de l&rsquo;acc&egrave;s &agrave; AGOV op
 op-admin.login.intro.message=Connectez-vous avec votre nom d&rsquo;utilisateur et votre mot de passe
 op-admin.login.loginid=Identifiant de connexion
@@ -284,7 +329,7 @@ recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistr&eacute; p
 recovery_questionnaire_reason_selection.answer1=Je n'arrive pas &agrave; me connecter, m&ecirc;me si j'ai mon application / ma cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;)
 recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription
-recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute;, r&eacute;install&eacute; ou r&eacute;initialis&eacute; mon application AGOV access
+recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute;, r&eacute;install&eacute;, ou r&eacute;initialis&eacute; mon application AGOV access, ou cela indique qu'aucun compte n'est d&eacute;fini
 recovery_questionnaire_reason_selection.answer4=J'ai perdu mon t&eacute;l&eacute;phone / cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer5=J'ai un nouveau t&eacute;l&eacute;phone et j'ai oubli&eacute; de transf&eacute;rer mon application AGOV access
 recovery_questionnaire_reason_selection.answer6=J'ai oubli&eacute; mon PIN pour l'application AGOV access
@@ -297,10 +342,10 @@ recovery_start_info.banner.warning=Vous ne pourrez pas utiliser votre compte tan
 recovery_start_info.instruction=Le processus de r&eacute;cup&eacute;ration n&eacute;cessitera l&rsquo;enregistrement d&rsquo;un nouveau facteur d&rsquo;authentification. Si votre compte contient des informations ayant d&eacute;j&agrave; &eacute;t&eacute; v&eacute;rifi&eacute;es, il se peut que vous deviez les faire v&eacute;rifier &agrave; nouveau pour terminer la r&eacute;cup&eacute;ration.
 recovery_start_info.title=Vous &ecirc;tes sur le point de d&eacute;marrer le processus de r&eacute;cup&eacute;ration.
 reject.button.label=Refuser
-signup.button.label=Inscription
-skip.button.label=Passer
 submit.button.label=Envoyer
 tan.sent=Veuillez saisir le code de s&eacute;curit&eacute; que vous avez re&ccedil;u au votre t&eacute;l&eacute;phone mobile.
+timeout.description=Votre session a expir&eacute;. Veuillez fermer cette fen&ecirc;tre et essayer de vous reconnecter.
+timeout.title=Session expir&eacute;e
 title.login=Login
 title.logout=Logout
 title.logout.confirmation=Logout
@@ -309,7 +354,6 @@ title.oauth.consent=Autorisation du client
 title.pwchange.label=Changer mot de passe
 title.pwreset=Mot de Passe Oubli&eacute;
 title.saml.failed=Error
-title.signup=Cr&#233;er un compte
 title.timeout.page=Logout
 user_input.invalid.email=Veuillez saisir un e-mail valable.
 user_input.invalid.email.required=Champ requis

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties

@@ -1,5 +1,5 @@
 
-accept.button.label=Accetta
+accept.button.label=Accettare
 agov-ident.done.message=Il vostro conto AGOV è ora pronto per l'uso. Può chiudere questa pagina.
 agov-ident.done.title=Finito
 agov-ident.failed.instruction=Per completare la registrazione è necessario disporre di un account AGOV e superare la verifica dei dati suggerita. Riprova.
@@ -10,11 +10,30 @@ agov-ident.invalid-url.message=Il link non può essere elaborato
 agov-ident.invalid-url.title=Link non valido
 agov-ident.onboarding=Registrazione e verifica
 agov-ident.retry=Riprova
-cancel.button.label=Annulla
+button.submit=Continua
+cancel.button.label=Abortire
 continue.button.label=Continua
 darkModeSwitch.aria.label=Attivare la modalità scura
 deputy.profile.label=(profilo del delegato)
-error.account.exists=L'account esiste gi<67>. Prosegui col login.
+dimilar.confirm_identity.checkbox=Confermo che questi sono i miei dati
+dimilar.confirm_identity.description=Confermi che i dati riportati di seguito le appartengono per poter procedere:
+dimilar.confirm_identity.error=Confermi che i dati sono i suoi per poter procedere.
+dimilar.confirm_identity.link=Se questi non sono i suoi dati, visiti <a class='link' href='https://agov.ch/dim' target='_blank'>https://agov.ch/dim</a>.
+dimilar.confirm_identity.title=Confermare i dati
+dimilar.select_onboarding.description=Benvenuto in AGOV. Completi la procedura di registrazione collegando un account AGOV esistente o creandone uno nuovo.
+dimilar.select_onboarding.error-banner=Selezioni un&rsquo;opzione per continuare
+dimilar.select_onboarding.existing-account=Proceda con un account AGOV esistente
+dimilar.select_onboarding.proceeding=Come desidera procedere?
+dimilar.select_onboarding.registering-account=Proceda con un nuovo account AGOV
+dimilar.select_onboarding.title=Buongiorno !!!FIRSTNAME!!! !!!LASTNAME!!!,
+dimilar.token_error.support=Per assistenza visita <a class='link' href='https://agov.ch/dim' target='_blank'>https://agov.ch/dim</a>.
+dimilar.token_error.token_expired=Token scaduto o gi&agrave; utilizzato.
+dimilar_onboarding.aborted.link=Se ha bisogno di assistenza, visiti <a class='link' href='https://agov.ch/dim' target='_blank'>https://agov.ch/dim</a>.
+dimilar_onboarding.aborted.message=La procedura di registrazione &egrave; stata interrotta. Provi di nuovo.
+dimilar_onboarding.failed.link=<a class='link' href='https://agov.ch/dim' target='_blank'>https://agov.ch/dim</a>.
+dimilar_onboarding.failed.message=La procedura di registrazione &egrave; stata interrotta. Contatti il supporto al
+dimilar_onboarding.successful.message=Registrazione con l&rsquo;account AGOV completata con successo. Ora pu&ograve; accedere alla Gestione dei servizi su <a class='link' href='https://www.armee.ch/dim' target='_blank'>https://www.armee.ch/dim</a>.
+dimilar_onboarding.title=Registrarsi
 error.policy.failed=La nuova password non &egrave; stata accettata. Scegliere una password che sia conforme ai criteri di password.
 error.saml.failed=Chiudi il browser e riprova.
 error_1=Verificare i dati inseriti.
@@ -25,8 +44,16 @@ error_11=Utilizzare un altro certificato o accedere con altre credenziali.
 error_2=Selezionare un altro nome di accesso.
 error_3=Se la prossima autenticazione fallisce, l&rsquo;account sar&agrave; bloccato.
 error_4=La nuova password non rispetta le norme di sicurezza. Scegliere un&rsquo;altra password.
+error_403.description=Accesso non autorizzato a questa risorsa.
+error_403.title=Non &egrave; autorizatto
+error_404.description=La pagina che state cercando non esiste.
+error_404.title=Pagina non trovata
 error_5=Errore nella conferma della password.
 error_50=La nuova password &egrave; troppo corta.
+error_500.description=Al momento si &egrave; verificato un disservizio. Stiamo intervenendo.
+error_500.title=Qualcosa non ha funzionato.
+error_502.description=Stiamo intervenendo. Riprovi pi&ugrave; tardi.
+error_502.title=Qualcosa non ha funzionato.
 error_55=La nuova password deve differire da quelle precedenti.
 error_6=&Egrave; richiesta la modifica della password.
 error_7=&Egrave; richiesta la modifica dell&rsquo;ID di accesso.
@@ -61,11 +88,17 @@ general.cancel=Annullare
 general.confirm=Confermare
 general.contactSupport=Contattare il supporto
 general.continue=Continuare
+general.data.birthDate=Data di nascita
+general.data.birthDateFormat=GG.MM.AAAA
+general.data.enrollmentNumber=Numero AVS (Gestione dei servizi)
+general.data.firstname=Nome
+general.data.lastname=Cognome
 general.edit=Modificare
 general.email=e-mail
 general.email.address=Indirizzo e-mail
 general.entryCode=Codice
 general.fieldRequired=Campo obbligatorio
+general.generalAccessApp=App AGOV access
 general.getStarted=Iniziare
 general.goAGOVHelp=Vai ad AGOV help
 general.goAccessApp=Login con AGOV access
@@ -119,6 +152,8 @@ loainfo.later=Pi&ugrave; tardi
 loainfo.startNow=Vuole iniziare il processo ora?
 loainfo.startVerification=Inizi la verificazione
 loainfo.title=Verificare i dati.
+loggedout.description=Disconnessione effettuata con successo.
+loggedout.title=Disconnessione eseguita
 login.button.label=Login
 logout.label=Logout
 logout.text=&Egrave; uscito con successo.
@@ -147,6 +182,16 @@ method.recovery.label=Codici di ripristino
 method.safeword.label=SafeWord
 method.securid.label=SecurID
 method.ticket.label=Ticket
+onboard_linking_account_auth.fido_instructions=Una chiave di sicurezza fisica permette di accedere in modo sicuro senza utilizzare un telefono.
+onboard_linking_account_auth.instructions=Proceda con il suo account AGOV scansionando il codice QR con l&rsquo;app AGOV access
+onboarding.cancel-onboarding=Sei sicuro di voler annullare la registrazione?
+onboarding.cancel-onboarding-description=Per procedere con il recupero dell&rsquo;account, &egrave; necessario annullare la registrazione.
+onboarding.cancel-proceed-recovery=S&igrave;, annulla e procedi con il recupero
+onboarding.login-factor=Passaggio 1 &ndash; Fattore di login
+onboarding.with-agov.title=Proceda con l&rsquo;account AGOV
+onboarding_account.switchLinking=Passa alla registrazione con
+onboarding_account_auth.loginSecurityKey=Inizia la registrazione con la chiave di sicurezza
+onboarding_account_auth.useSecurityKey=Utilizzi una chiave di sicurezza per procedere con il suo account AGOV
 op-admin.login=AGOV op admin
 op-admin.login.intro.message=Accedere con nome utente e password
 op-admin.login.loginid=ID di accesso
@@ -284,7 +329,7 @@ recovery_questionnaire_no_recovery.instruction2=Se ha registrato pi&ugrave; fatt
 recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza
 recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app AGOV access o chiave di sicurezza)
 recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione
-recovery_questionnaire_reason_selection.answer3=Ho eliminato, reinstallato o reimpostato la mia app AGOV access
+recovery_questionnaire_reason_selection.answer3=Ho eliminato, reinstallato o reimpostato l&rsquo;app AGOV access, oppure risulta che non ci sono account definiti
 recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza
 recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app AGOV access
 recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app AGOV access
@@ -296,11 +341,11 @@ recovery_questionnaire_reason_selection.instruction=Selezioni il motivo per cui
 recovery_start_info.banner.warning=Non &egrave; possibile utilizzare l&rsquo;account finch&eacute; il processo di ripristino non sar&agrave; concluso.
 recovery_start_info.instruction=Durante il processo di ripristino registrer&agrave; un nuovo fattore di login. Se il suo account contiene informazioni verificate, potrebbe dover effettuare anche un processo di verificazione per completare il ripristino.
 recovery_start_info.title=Sta per iniziare il processo di ripristino
-reject.button.label=Rifiuta
-signup.button.label=Iscriviti
-skip.button.label=Salta
+reject.button.label=Rifiuti
 submit.button.label=Continua
 tan.sent=Inserisci il codice di sicurezza che &egrave; stato inviato al tuo telefono cellulare.
+timeout.description=La sessione &egrave; scaduta. Chiuda questa finestra e provi ad accedere nuovamente.
+timeout.title=Sessione scaduta
 title.login=Login
 title.logout=Logout
 title.logout.confirmation=Logout
@@ -309,7 +354,6 @@ title.oauth.consent=Autorizzazione del client
 title.pwchange.label=Cambiare Password
 title.pwreset=Password Dimenticata
 title.saml.failed=Error
-title.signup=Crea un account
 title.timeout.page=Logout
 user_input.invalid.email=Inserire un'e-mail valida.
 user_input.invalid.email.required=Campo obbligatorio

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/Recovery_mobile_nless_auth.groovy

@@ -50,4 +50,3 @@ if (inargs.containsKey('onReload')) {
     clearFidoUAFSession()
     response.setResult('default')
 }
-

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/checkloa.groovy

@@ -79,6 +79,8 @@ def getAqLevelBasedOnIdVerificationForRecovery(idVerification, highestRoleLevelN
       break
     case 'Video':
     case 'VideoSelfPaid':
+    case 'AutoIdent':
+    case 'AutoIdentSelfPaid':
     case 'Bmid':
     case 'BmidSelfPaid':
     case 'Counter':

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/dimilar_fido2_auth.groovy

@@ -0,0 +1,205 @@
+import groovy.json.JsonBuilder
+import groovy.json.JsonSlurper
+import java.util.UUID
+
+if (inargs.containsKey('cancel_fido2')) {
+    response.setResult('cancel')
+    LOG.debug("Fido2Auth: authentication cancelled by user")
+    return
+}
+
+def base64url(uuid) {
+  def msb = uuid.getMostSignificantBits()
+  def lsb = uuid.getLeastSignificantBits()
+  return new byte[] {
+       (byte) msb,
+       (byte) (msb >> 8),
+       (byte) (msb >> 16),
+       (byte) (msb >> 24),
+       (byte) (msb >> 32),
+       (byte) (msb >> 40),
+       (byte) (msb >> 48),
+       (byte) (msb >> 56),
+       (byte) lsb,
+       (byte) (lsb >> 8),
+       (byte) (lsb >> 16),
+       (byte) (lsb >> 24),
+       (byte) (lsb >> 32),
+       (byte) (lsb >> 40),
+       (byte) (lsb >> 48),
+       (byte) (lsb >> 56)
+    }.encodeBase64Url().toString()
+}
+
+def showGui() {
+    response.setGuiName('dimilar_onboarding_fido_auth') // name is the trigger for including the JS
+    response.setGuiLabel('title.login.fido2')
+    response.addInfoGuiField('info', 'info.login.fido2', null)
+    response.addHiddenGuiField('authRequestId', 'not used', session['ch.nevis.auth.saml.request.id'])
+    response.addTextGuiField('email', 'email', session['ch.nevis.idm.User.email'])
+    if (notes.containsKey('lasterrorinfo') || notes.containsKey('lasterror')) {
+        response.addErrorGuiField('lasterror', notes['lasterrorinfo'], notes['lasterror'])
+    }
+    if (parameters.containsKey('cancel')) {
+        response.addButtonGuiField('cancel_fido2', 'cancel.login.fido2.button.label', 'true')
+    }
+}
+
+def getPath() {
+    if (inargs.containsKey('path')) { // form POST
+        return inargs['path']
+    }
+    if (inargs.containsKey('o.path.v')) { // AJAX POST
+        return inargs['o.path.v']
+    }
+    return null
+}
+
+def post(connection, json) {
+    connection.setRequestMethod("POST")
+    connection.setRequestProperty("Content-Type", "application/json")
+    connection.setDoOutput(true) // required to write body
+    String body = json.toString()
+    LOG.debug("Fido2Auth: ==> Request: '${body}'")
+    connection.getOutputStream().write(body.getBytes())
+}
+
+String userExtId = session['ch.adnovum.nevisidm.user.extId'] ?: session['ch.nevis.idm.User.extId'] ?: request.getUserId() ?: notes['userid']
+if (userExtId == null) {
+    LOG.error("Fido2Auth: missing extId of nevisIDM user. check your authentication flow.")
+}
+// without the user extId this script won't work and we can fail with a System Error
+Objects.requireNonNull(userExtId)
+
+def path = getPath()
+if (path == null) {
+    showGui() // POST from JavaScript not received
+    return
+}
+
+def connection = null
+try {
+  def fullPath = "https://${parameters.get('fido')}${path}"
+  LOG.debug("Fido2Auth: opening connection to '${fullPath}'")
+  connection = new URL(fullPath).openConnection()
+} catch (Exception e) {
+  LOG.error("Fido2Auth: opening connection failed", e)
+  notes.setProperty('lasterrorinfo', 'FIDO2 authentication failed')
+  response.setResult('error')
+  return
+}
+
+def json = new JsonBuilder()
+
+if (path == '/nevisfido/fido2/attestation/options') {
+    json {
+        "username" userExtId
+        "userVerification" "required"
+    }
+    post(connection, json)
+    def responseCode = connection.responseCode
+    def responseText = responseCode == 200 ? connection.inputStream.text : '{"allowCredentials":[]}'
+    def jsonResponse = new JsonSlurper().parseText(responseText)
+    def numOfKeys = jsonResponse.allowCredentials ? jsonResponse.allowCredentials.size() : 0
+
+    // non existing account, account without FIDO2 key , or account with disabled FIDO2 key case
+    if (responseCode == 404 || responseCode == 400 || numOfKeys == 0) {
+
+      LOG.debug("Fido2Auth: <== Response: ${responseCode}")
+
+      // Accounting
+      def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
+      def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
+      def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown'
+      def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
+      def credentialType = session['authenticatedWith'] ?: 'unknown'
+      def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+      def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+      def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTime().getEpochSecond() * 1000)
+      def details = "no account (404)"
+      if (responseCode == 400 ) {
+        details = "no fido2 keys for account (400)"    
+      } else if (responseCode == 200) {
+        details = "no active fido2 key for account (200, empty allowCredentials array)"    
+      }
+      
+      LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}', Details='${details}'")
+
+      // returning a fake options structure, which shouldn't leak whether the user account exists or not
+      // keyId is unique per environment and email, fido2SessionId and challenge are renewed each time
+      def keyId = UUID.nameUUIDFromBytes("${parameters['rpId']}.${session['ch.nevis.idm.User.email']}".getBytes())
+      responseText = """{"status": "ok",
+                         "errorMessage": "",
+                         "fido2SessionId": "${UUID.randomUUID()}",
+                         "challenge": "${base64url(UUID.randomUUID())}",
+                         "timeout": 300000,
+                         "rpId": "${parameters['rpId']}",
+                         "allowCredentials": [
+                           {
+                              "type": "public-key",
+                              "id": "${base64url(keyId)}",
+                              "transports": []
+                           }
+                         ],
+                         "userVerification": "required"}"""
+    }
+
+    LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}")
+    response.setContent(responseText)
+    response.setContentType('application/json')
+    response.setHttpStatusCode(200)
+    response.setIsDirectResponse(true)
+    return
+}
+
+if (path == '/nevisfido/fido2/assertion/result') {
+
+  if (inargs.containsKey('authRequestId') && (inargs['authRequestId'] != session['ch.nevis.auth.saml.request.id'])) {
+    // wrong request, "force" a timeout
+    LOG.debug('Fido2Auth: authentication timeout enforced, due to concurrent requests')
+
+    response.setIsDirectResponse(true)
+    response.setContentType('text/html; charset=UTF-8')
+    response.setContent('Timeout')
+    response.setHttpStatusCode(205)
+    response.setHeader('IDP-AUTH', 'Timeout')
+
+    // CONTINUE to keep the other request beeing processed
+    response.setStatus(AuthResponse.AUTH_CONTINUE)
+    return
+  }
+
+    def userHandleValue = userExtId.getBytes().encodeBase64Url().toString()
+    LOG.debug("Fido2Auth: encoded userHandle: ${userHandleValue}")
+    json {
+        "id" inargs['id']
+        "type" inargs['type']
+        response {
+            "clientDataJSON" inargs['response.clientDataJSON']
+            "authenticatorData" inargs['response.authenticatorData']
+            "signature" inargs['response.signature']
+            "userHandle" userHandleValue
+        }
+    }
+    post(connection, json)
+    def responseCode = connection.responseCode
+    // test if credentials exist
+    if (responseCode != 400) {
+        def responseText = connection.inputStream.text
+        LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}")
+        if (responseCode == 200 && new JsonSlurper().parseText(responseText).status == 'ok') {
+            response.setResult('ok')
+            return
+        }
+    }
+    //response.setHttpStatusCode(400)
+    //response.setIsDirectResponse(true)
+    // DEFINE how to handel error
+    notes.setProperty('lasterror', '1')
+    notes.setProperty('lasterrorinfo', 'FIDO2 authentication failed')
+    response.setResult('error')
+    return
+}
+
+response.setError(1, "FIDO2 authentication failed")
+showGui()

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/dimilar_fido2_fetch_captcha_infos.groovy

@@ -0,0 +1,38 @@
+import groovy.json.JsonSlurper
+import io.opentelemetry.api.trace.Span
+
+def url = parameters.get('url')
+def realIpHttpHeaderName = parameters.get('realIpHttpHeaderName') ?: 'X-Real-IP'
+def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+
+try {
+  def spanCtxt = Span.current().getSpanContext()
+  def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+
+  def jsonSlurper = new JsonSlurper()
+  def httpClient = HttpClients.create(parameters)
+  def httpResponse = Http.get().url(url).header('traceparent', traceparent)
+                         .header(realIpHttpHeaderName, ip).build().send(httpClient)
+
+  LOG.debug('Response Status Code: ' + httpResponse.code())
+  LOG.debug('Response: ' + httpResponse.bodyAsString())
+
+  if (httpResponse.code() == 200) {
+    def json = jsonSlurper.parseText(httpResponse.bodyAsString())
+
+    response.setSessionAttribute('agov.fido2.captchaSettings.enabled', String.valueOf(json.friendlyCaptureClientSettings.enabled))
+    response.setSessionAttribute('agov.fido2.captchaSettings.siteKey', json.friendlyCaptureClientSettings.siteKey)
+    response.setSessionAttribute('agov.fido2.captchaSettings.puzzleUrl', json.friendlyCaptureClientSettings.puzzleUrl)
+
+    response.setResult('ok')
+  } else {
+    LOG.error('Unexcpected HTTP response code: ' + httpResponse.code())
+    response.setResult('error')
+    response.setError(1, 'Unexpected HTTP reponse')
+  }
+} catch (all) {
+  // Handle exception and set the transition
+  LOG.error('error: ' + all, all)
+  response.setResult('error')
+  response.setError(1, 'Exception during HTTP call')
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/dimilar_fido2_fetch_captcha_result.groovy

@@ -0,0 +1,63 @@
+import io.opentelemetry.api.trace.Span
+
+def url = parameters.get('url')
+
+def email = inargs['userInputValue_prompt.email']
+def token = inargs['captcha_response']?: 'MISSING'
+def enabled = (session['agov.fido2.captchaSettings.enabled']?:'true').toBoolean()
+
+def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+def payload = "{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }"
+
+LOG.debug('Token: ' + token)
+LOG.debug('Payload: ' + payload)
+
+try {
+
+  if (!enabled) {
+    LOG.info("FriendlyCAPTCHA is disabled, allowing operation for ${payload}")
+    response.setResult('ok')
+    return
+  }
+
+  def spanCtxt = Span.current().getSpanContext()
+  def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+
+  def httpClient = HttpClients.create(parameters)
+  def httpResponse = Http.post()
+          .url(url)
+          .header("Accept", "application/json")
+          .header("X-FriendlyCAPTCHA-Token", token)
+          .header("traceparent", traceparent)
+          .entity(Http.entity()
+                  .content(payload)
+                  .contentType("application/json")
+                  .build())
+          .build()
+          .send(httpClient)
+
+  LOG.debug('Response Status Code: ' + httpResponse.code())
+  LOG.debug('Response: ' + httpResponse.bodyAsString())
+
+  if (httpResponse.code() == 200) {
+      if (httpResponse.bodyAsString().contains('SUCCESSFUL')) {
+          response.setResult('ok')
+          return
+       } else {
+       LOG.warn("Friendly captcha not successful for '{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }'")
+       response.setResult('exit.1')
+       return      
+     }
+  } else {
+    LOG.error("Friendly captcha failed with statuscode ${httpResponse.code()} for '{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }'")
+    response.setResult('error')
+    response.setError(1, 'Unexpected HTTP reponse')
+  }
+} catch (all) {
+  // Handle exception and set the transition
+  LOG.error("Friendly captcha failed with a general error '${all}' for '{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }', service-url: ${url}")
+  response.setResult('error')
+  response.setError(1, 'Exception during HTTP call')
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/dimilar_handle_token.groovy

@@ -0,0 +1,10 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+if (inargs['qr'] != null) {
+      //cleanSession()
+      response.setSessionAttribute('agov.dimilar.token', inargs['qr'])
+      response.setStatus(AuthResponse.AUTH_CONTINUE)
+      response.setTransferDestination('/reg/')
+      response.setIsRedirectTransfer(true)
+      return
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/dimilar_onboarding_auth.groovy

@@ -0,0 +1,150 @@
+import groovy.json.JsonBuilder
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+def cleanSession(s){
+    s.removeAttribute('agov.dimilar.verification')
+    s.removeAttribute('agov.dimilar.User.firstName')
+    s.removeAttribute('agov.dimilar.User.lastName')
+    s.removeAttribute('agov.dimilar.User.birthDate')
+    s.removeAttribute('agov.dimilar.User.militaryId')
+
+    s.removeAttribute('agov.dimilar.User.birthDate.formatted')
+    s.removeAttribute('agov.dimilar.User.militaryId.formatted')
+
+    s.removeAttribute('agov.dimilar.User.identityConfirmed')
+    s.removeAttribute('agov.dimilar.tokenVerified')
+
+    s.removeAttribute('agov.dimilar.token')
+}
+
+def cleanSessionAndContinue(s){
+    cleanSession(s)
+    s.removeAttribute('agov.dimilar.failed')
+    s.removeAttribute('agov.dimilar.aborted')
+    s.removeAttribute('agov.dimilar.invalidToken')
+    s.removeAttribute('agov.dimilar.linkExisting')
+}
+
+def s = request.getAuthSession(true)
+
+// TODO/2025/09/23: We don't need to clear the session here since 'qr' is configured as a clear condition for the entire Auth realm
+// -> cleanSessionAndContinue could be removed
+
+// If we get a new token then we always invalidate the session and extract it
+// so we can always restart if the user provides a new token
+if(inargs.containsKey('qr')){
+    cleanSessionAndContinue(s)
+    LOG.debug("Dimilar: Clean Session and handle token")
+    response.setResult('handleToken')
+    return
+}
+
+// cornercases, receiving an unexpected XHR request, return a json answer, and don't kill the session if we had one
+if (inargs.containsKey('o.fidoUafSessionId.v')) {
+    // access app status polling
+    LOG.debug("received polling for fido session ${inargs['o.fidoUafSessionId.v']} while auth was already canceled")
+    def json = new JsonBuilder()
+    json {
+        "status" "unknown"
+        "timestamp" org.joda.time.DateTime.now().toString()
+    }
+    String body = json.toString()
+
+    response.setContent(body)
+    response.setContentType('application/json')
+    response.setHttpStatusCode(200)
+    response.setIsDirectResponse(true)
+    response.setStatus((s.getAttribute('agov.dimilar.token') != null) ? AuthResponse.AUTH_CONTINUE : AuthResponse.AUTH_ERROR)
+    return
+}
+if (inargs.containsKey('o.path.v')) {
+    // fido 2 call
+    LOG.debug("received fido2 rest call on ${inargs['o.path.v']} while auth was already canceled")
+    def json = new JsonBuilder()
+    json {
+        "status" "failed"
+        "errorMessage" "no active fido2 session"
+    }
+    String body = json.toString()
+
+    response.setContent(body)
+    response.setContentType('application/json')
+    response.setHttpStatusCode(200)
+    response.setIsDirectResponse(true)
+    response.setStatus((s.getAttribute('agov.dimilar.token') != null) ? AuthResponse.AUTH_CONTINUE : AuthResponse.AUTH_ERROR)
+    return
+}
+
+// Agov me redirects back on different paths depending on the status
+String url = request.getCurrentResource()
+
+if(url.contains('success')){
+    response.setResult('ok')
+    return
+}else if(url.contains('aborted')){
+    // will redirect below to aborted
+    s.setAttribute('agov.dimilar.aborted', 'true')
+}else if(url.contains('restart')){
+    response.setStatus(AuthResponse.AUTH_CONTINUE)
+    response.setTransferDestination('/reg/')
+    response.setIsRedirectTransfer(true)
+    return
+}else if(url.contains('failed')){
+    // Currently just for testing
+    response.setResult('failed')
+    return
+}else if(url.contains('link')) {
+    // we clean the url by redirecting again
+    response.setSessionAttribute('agov.dimilar.linkExisting', 'true')
+    response.setStatus(AuthResponse.AUTH_CONTINUE)
+    response.setTransferDestination('/reg/')
+    response.setIsRedirectTransfer(true)
+    return
+}
+
+
+// if an invalid token was detected we redirect to that error screen
+if(s.getAttribute('agov.dimilar.invalidToken') == "true"){
+    cleanSession(s)
+    response.setResult('invalidToken')
+    return
+}
+
+// if the user aborted we clean the session and redirect to the aborted error screen
+if(s.getAttribute('agov.dimilar.aborted') == "true"){
+    cleanSession(s)
+    response.setResult('aborted')
+    return
+}
+
+// if the onboarding faild because of some data error -> redirect to the failed screen
+if(s.getAttribute('agov.dimilar.failed') == "true"){
+    cleanSession(s)
+    response.setResult('failed')
+    return
+}
+
+// If the token was extracted for the url and we have not validated it yet -> continue with parsing and validation
+if(s.getAttribute('agov.dimilar.token') != null && s.getAttribute('agov.dimilar.tokenVerified') != "true"){
+    response.setResult('validateToken')
+    return
+}
+
+// If the token was validated, but the identity has not yet been confirmed -> show confirmation screen
+if(s.getAttribute('agov.dimilar.tokenVerified') == "true" && s.getAttribute('agov.dimilar.User.identityConfirmed') != "true"){
+    response.setResult('confirmIdentity')
+    return
+}
+
+// If the token is validated and the identity is confirmed then we ...
+if(s.getAttribute('agov.dimilar.tokenVerified') == "true" && s.getAttribute('agov.dimilar.User.identityConfirmed') == "true"){
+    if (s.getAttribute('agov.dimilar.linkExisting') == "true") {
+        s.removeAttribute('agov.dimilar.linkExisting')
+        // ... back from reg with already existing account, go directly to linking
+        response.setResult('linkExisting')
+    } else {
+        // ... else choose what you want to do
+        response.setResult('selectOnboarding')
+    }
+    return
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/dimilar_onboarding_link_account.groovy

@@ -0,0 +1,62 @@
+import ch.nevis.esauth.util.httpclient.api.HttpClient
+import groovy.json.JsonSlurper
+import io.opentelemetry.api.trace.Span
+
+
+// Accounting
+def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
+def credentialType = session['authenticatedWith'] ?: 'unknown'
+def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+def s = request.getAuthSession(true)
+
+String userExtId = s.getAttribute("ch.nevis.session.userid") ?: s.getAttribute('ch.adnovum.nevisidm.userExtId')
+String militaryId = s.getAttribute("agov.dimilar.User.militaryId")
+LOG.debug("Dimilar mobileId: " + userExtId)
+
+
+// Endpoint on the UtilityService to check and link an account
+String endPoint = parameters.get('utilityServiceDimilarLinkingUrl')
+
+
+String utilityServiceRequestTemplate = '{"agovId": "{{AGOVID}}", "militaryId": "{{MILITARYID}}"}'
+String utilityServiceRequest = utilityServiceRequestTemplate.replaceAll("\\{\\{AGOVID}}",userExtId)
+                                                            .replaceAll("\\{\\{MILITARYID}}",militaryId)
+
+LOG.debug("DIMILAR: UtilityService linking request: " + utilityServiceRequest)
+
+HttpClient httpClient = HttpClients.create(parameters)
+def spanCtxt = Span.current().getSpanContext()
+String traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+
+try {
+	def httpResponse = Http.post()
+			.url(endPoint)
+			.header("Accept", "application/json")
+			.header("traceparent", traceparent)
+			.entity(Http.entity()
+					.content(utilityServiceRequest)
+					.contentType("application/json")
+                    .charset("utf-8")
+					.build())
+			.build()
+		    .send(httpClient)
+
+        // an error occured on the utility -> linking not successfull
+		if (httpResponse.code() != 200) {
+			LOG.debug("DIMILAR: Linking on the Uitlity service failed: ${httpResponse.bodyAsString()}")
+			response.setResult('error')
+            return
+		}
+
+} catch (Exception e) {
+	LOG.debug("DIMILAR: Calling the Utility Service for linking failed: $e")
+	response.setResult('error')
+    return
+}
+
+
+LOG.info("Event='ACCT-LINKED', User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+
+response.setResult('ok')

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/dimilar_parse_token.groovy

@@ -0,0 +1,122 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+import ch.nevis.esauth.util.httpclient.api.HttpClient
+import java.net.URLDecoder
+import java.time.LocalDateTime
+import java.time.format.DateTimeFormatter
+import groovy.json.JsonSlurper
+import io.opentelemetry.api.trace.Span
+
+
+// Accounting
+def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+
+def s = request.getAuthSession(true)
+
+String token = session["agov.dimilar.token"]
+String[] splitToken = token.tokenize("|")
+// if the token has more than one potential signature/payload, we abort
+if(splitToken.size() != 2){
+    LOG.warn("Event='INVALID-TOKEN', errorMessage='Multiple payloads/signatures detected', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+    s.setAttribute('agov.dimilar.invalidToken', 'true')
+    response.setResult('invalidToken')
+    return 
+}
+
+LOG.debug("DIMILAR Token Payload: " + splitToken[0])
+LOG.debug("DIMILAR Token Signature: " + splitToken[1])
+
+String utilityServiceRequestTemplate = '{"payload": "{{PAYLOAD}}", "signature": "{{SIGNATURE}}"}'
+String utilityServiceRequest = utilityServiceRequestTemplate.replaceAll("\\{\\{PAYLOAD}}",splitToken[0])
+                                                            .replaceAll("\\{\\{SIGNATURE}}",splitToken[1])
+LOG.debug("DIMILAR: UtilityService request: " + utilityServiceRequest)
+
+// to Call UtilityService to validate token
+String endPoint = parameters.get('utilityServiceTokenVerificationUrl')
+
+HttpClient httpClient = HttpClients.create(parameters)
+def spanCtxt = Span.current().getSpanContext()
+String traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+
+String firstName = ''
+String lastName = ''
+LocalDateTime birthDate
+String militaryIdUnformatted = ''
+String utilityTraceId = ''
+
+try {
+	def httpResponse = Http.post()
+			.url(endPoint)
+			.header("Accept", "application/json")
+			.header("traceparent", traceparent)
+			.entity(Http.entity()
+					.content(utilityServiceRequest)
+					.contentType("application/json")
+                    .charset("utf-8")
+					.build())
+			.build()
+		    .send(httpClient)
+
+
+		if (httpResponse.code() != 200) {
+			LOG.warn("DIMILAR: Calling the Utility Service resulted in unexpected status code: ${httpResponse}")
+			response.setResult('error')
+            return
+		}
+
+        def json = new JsonSlurper().parseText(httpResponse.bodyAsString())
+		LOG.debug("DIMILAR: UtilityService Result: ${json}")
+
+        if(json.trId != null){
+            utilityTraceId = json.trId
+        }
+
+        s.setAttribute('agov.dimilar.trId', utilityTraceId)
+
+        if(!json.isValid){
+            LOG.warn("Event='INVALID-TOKEN', errorMessage='Token is not valid (validation service)', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+            s.setAttribute('agov.dimilar.invalidToken', "true")
+			response.setResult('invalidToken')
+            return
+        }
+
+        firstName = json.userName.firstName
+        lastName = json.userName.lastName
+        birthDate = LocalDateTime.of(json.dateOfBirth[0], json.dateOfBirth[1], json.dateOfBirth[2],0,0)
+        militaryIdUnformatted = json.militarySectorId
+
+        
+
+} catch (Exception e) {
+	LOG.error("DIMILAR: Calling the Utility Service failed: $e")
+	response.setResult('error')
+    return
+}
+
+s.setAttribute('agov.requestedRoleLevel', 'urn:qa.agov.ch:names:tc:ac:classes:100')
+
+DateTimeFormatter frontendDateFormatter = DateTimeFormatter.ofPattern("dd.MM.yyyy")
+DateTimeFormatter idmDateFormatter = DateTimeFormatter.ofPattern("yyyy-MM-dd")
+
+
+// For now we use hardcoded data instead of what is in the token
+s.setAttribute('agov.dimilar.User.firstName', firstName)
+s.setAttribute('agov.dimilar.User.lastName', lastName)
+s.setAttribute('agov.dimilar.User.birthDate', birthDate.format(idmDateFormatter))
+s.setAttribute('agov.dimilar.User.militaryId', "756" + militaryIdUnformatted)
+
+s.setAttribute('agov.dimilar.User.birthDate.formatted', birthDate.format(frontendDateFormatter))
+String militaryIdFormatted = "756." + militaryIdUnformatted.substring(0, 2) + "****" + militaryIdUnformatted.substring(militaryIdUnformatted.length()-2, militaryIdUnformatted.length())
+s.setAttribute('agov.dimilar.User.militaryId.formatted', militaryIdFormatted)
+
+s.setAttribute('agov.dimilar.tokenVerified', "true")
+
+s.setAttribute('agov.dimilar.trId', utilityTraceId)
+
+LOG.debug("Dimilar Utility trId: " + utilityTraceId)
+LOG.debug("Dimilar traceparent: " + traceparent)
+
+
+response.setResult('ok')
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/dimilar_redirect_to_registration_with_attributes.groovy

@@ -0,0 +1,47 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+if(outargs.containsKey('saml.SAMLResponse')) {
+     // Accounting
+     def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+     def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+     LOG.info("Event='GOTOREGISTER-ATTR', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+
+     // Redirect
+     response.addOutArg('nevis.transfer.destination', parameters.get('agovmedirecturl'))
+     response.addOutArg('nevis.transfer.field.SAMLResponse', outargs.getProperty('saml.SAMLResponse').bytes.encodeBase64().toString())
+     response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_CONTINUE) 
+     response.setIsRedirectTransfer(false)
+
+     response.removeOutArg('saml.SAMLResponse')
+}else{
+    LOG.debug("DIMILAR: Got back from agov me in redirection state: ")
+
+    def s = request.getAuthSession(true)
+
+    // Decide what to do depending on the url that agov me redirects back to
+    String url = request.getCurrentResource()
+
+    if(url.contains('success')){
+        s.setAttribute("dimilar.placeholder.text", "AGOV me returned to: /success")
+        response.setResult('redirect')
+        return
+    }else if(url.contains('aborted')){
+        s.setAttribute("dimilar.placeholder.text", "AGOV me returned to: /aborted")
+        response.setResult('redirect')
+        return
+    }else if(url.contains('restart')){
+        s.setAttribute("dimilar.placeholder.text", "AGOV me returned to: /restart")
+        response.setResult('redirect')
+        return
+    }
+
+    response.setResult('ok')
+
+
+}
+
+// NOTE/aca/2025/09/21: Since resumeState is false redirection from agov me will go back to Dimilar_OnboardingAuth -> no handling needed here
+
+
+

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/dimilar_select_onboarding_type.groovy

@@ -0,0 +1,34 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+def s = request.getAuthSession(true)
+
+
+if(inargs['continue'] == 'linking'){
+    LOG.debug("DIMILAR Onboarding: Selected Linking")
+    s.setAttribute("dimilar.placeholder.text", "DIMILAR: Linking not implemented yet")
+    response.setResult('link')
+    return
+}
+
+if(inargs['continue'] == 'registration'){
+    LOG.debug("DIMILAR Onboarding: Selected Registration")
+    // generate new extId for the registration
+    String uuidString = UUID.randomUUID().toString()
+    s.setAttribute('agov.subjectUUID', uuidString)
+    s.setAttribute('agov.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:null')
+    response.setResult('register')
+    return
+}
+
+if(inargs['cancel']){
+    LOG.debug("DIMILAR Onboarding: Abort")
+    s.setAttribute("dimilar.placeholder.text", "DIMILAR: Onboarding cancelled while selecting the onboarding type")
+    s.setAttribute("agov.dimilar.aborted", "true")
+    response.setResult('error')
+    return
+}
+
+
+LOG.debug("Show GUI")
+response.setStatus(AuthResponse.AUTH_CONTINUE)
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/dimilar_verify_identity.groovy

@@ -0,0 +1,24 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+def s = request.getAuthSession(true)
+
+
+if(inargs['confirmIdentity'] == 'yes'){
+    LOG.debug("DIMILAR Onboarding: Identity was verified by user")
+    //s.setAttribute("dimilar.placeholder.text", "DIMILAR: Onboarding Type Selection not implemented yet")
+    s.setAttribute('agov.dimilar.User.identityConfirmed', "true")
+    response.setResult('ok')
+    return
+}
+
+if(inargs['confirmIdentity'] == 'no'){
+    LOG.debug("DIMILAR Onboarding: Identity not verified by user")
+    s.setAttribute("dimilar.placeholder.text", "DIMILAR: Identity not verified by user")
+    s.setAttribute("agov.dimilar.aborted", "true")
+    response.setResult('error')
+    return
+}
+
+LOG.debug("Show GUI")
+response.setStatus(AuthResponse.AUTH_CONTINUE)
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_account_linking_check_account_state.groovy

@@ -0,0 +1,72 @@
+import ch.nevis.idm.client.IdmRestClient
+import ch.nevis.idm.client.IdmRestClientFactory
+import groovy.json.JsonSlurper
+import groovy.xml.XmlSlurper
+
+// Accounting
+def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
+def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
+def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown'
+def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
+def credentialType = session['authenticatedWith'] ?: 'unknown'
+def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+def getUserAGOVRecoveryRoles() {
+  // set attibutes from DTO: -> AGOV
+  def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
+  return list.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' }.collect({ node -> node.name.text() })
+}
+
+
+
+IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
+def sess = request.getAuthSession(true)
+
+
+String baseUrl = parameters.get("baseUrl")
+String agovClientExtId = parameters.get("agovClientExtId")
+String shadowClientExtId = parameters.get("shadowClientExtId")
+
+String userExtId = sess.getAttribute("ch.nevis.session.userid")
+
+String endpoint = "$baseUrl/api/core/v1"
+
+// Check if the account is flagged for recovery
+def recoveryRoleList = getUserAGOVRecoveryRoles()
+
+if(recoveryRoleList.contains('mustRecover') || recoveryRoleList.contains('recovery')){
+    LOG.debug("EID: User is flagged for recovery. Account linking not possible")
+    response.setResult('error')
+    return
+}
+
+
+
+// Check if there is an active shadow account for this user
+String queryParameters ="?property.agovId=$userExtId&userState=ACTIVE"
+String accountCtxtPwEndPoint = "$endpoint/clients/$shadowClientExtId/users/$queryParameters"
+try {
+
+    def idmResponse = idmRestClient.get(accountCtxtPwEndPoint)
+    def json = new JsonSlurper().parseText(idmResponse)
+	
+    def shadowAccounts = json.items
+    if(shadowAccounts.size() > 0){
+        LOG.debug("EID: User is undergoing a recovery process. Account linking not possible")
+        response.setResult('error')
+        return
+    }
+
+
+}catch(Exception e) {
+    LOG.error("EID: Failed Idm Shadow account lookup ${e}")
+    response.setResult('error')
+    return
+}
+
+
+//TODO/aca/2025/09/02: Check if the user has active shadowaccounts
+
+response.setResult('ok')
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_account_linking_fido2_auth.groovy

@@ -0,0 +1,205 @@
+import groovy.json.JsonBuilder
+import groovy.json.JsonSlurper
+import java.util.UUID
+
+if (inargs.containsKey('cancel_fido2')) {
+    response.setResult('cancel')
+    LOG.debug("Fido2Auth: authentication cancelled by user")
+    return
+}
+
+def base64url(uuid) {
+  def msb = uuid.getMostSignificantBits()
+  def lsb = uuid.getLeastSignificantBits()
+  return new byte[] {
+       (byte) msb,
+       (byte) (msb >> 8),
+       (byte) (msb >> 16),
+       (byte) (msb >> 24),
+       (byte) (msb >> 32),
+       (byte) (msb >> 40),
+       (byte) (msb >> 48),
+       (byte) (msb >> 56),
+       (byte) lsb,
+       (byte) (lsb >> 8),
+       (byte) (lsb >> 16),
+       (byte) (lsb >> 24),
+       (byte) (lsb >> 32),
+       (byte) (lsb >> 40),
+       (byte) (lsb >> 48),
+       (byte) (lsb >> 56)
+    }.encodeBase64Url().toString()
+}
+
+def showGui() {
+    response.setGuiName('eid_linking_account_fido2_auth') // name is the trigger for including the JS
+    response.setGuiLabel('title.login.fido2')
+    response.addInfoGuiField('info', 'info.login.fido2', null)
+    response.addHiddenGuiField('authRequestId', 'not used', session['ch.nevis.auth.saml.request.id'])
+    response.addTextGuiField('email', 'email', session['ch.nevis.idm.User.email'])
+    if (notes.containsKey('lasterrorinfo') || notes.containsKey('lasterror')) {
+        response.addErrorGuiField('lasterror', notes['lasterrorinfo'], notes['lasterror'])
+    }
+    if (parameters.containsKey('cancel')) {
+        response.addButtonGuiField('cancel_fido2', 'cancel.login.fido2.button.label', 'true')
+    }
+}
+
+def getPath() {
+    if (inargs.containsKey('path')) { // form POST
+        return inargs['path']
+    }
+    if (inargs.containsKey('o.path.v')) { // AJAX POST
+        return inargs['o.path.v']
+    }
+    return null
+}
+
+def post(connection, json) {
+    connection.setRequestMethod("POST")
+    connection.setRequestProperty("Content-Type", "application/json")
+    connection.setDoOutput(true) // required to write body
+    String body = json.toString()
+    LOG.debug("Fido2Auth: ==> Request: '${body}'")
+    connection.getOutputStream().write(body.getBytes())
+}
+
+String userExtId = session['ch.adnovum.nevisidm.user.extId'] ?: session['ch.nevis.idm.User.extId'] ?: request.getUserId() ?: notes['userid']
+if (userExtId == null) {
+    LOG.error("Fido2Auth: missing extId of nevisIDM user. check your authentication flow.")
+}
+// without the user extId this script won't work and we can fail with a System Error
+Objects.requireNonNull(userExtId)
+
+def path = getPath()
+if (path == null) {
+    showGui() // POST from JavaScript not received
+    return
+}
+
+def connection = null
+try {
+  def fullPath = "https://${parameters.get('fido')}${path}"
+  LOG.debug("Fido2Auth: opening connection to '${fullPath}'")
+  connection = new URL(fullPath).openConnection()
+} catch (Exception e) {
+  LOG.error("Fido2Auth: opening connection failed", e)
+  notes.setProperty('lasterrorinfo', 'FIDO2 authentication failed')
+  response.setResult('error')
+  return
+}
+
+def json = new JsonBuilder()
+
+if (path == '/nevisfido/fido2/attestation/options') {
+    json {
+        "username" userExtId
+        "userVerification" "required"
+    }
+    post(connection, json)
+    def responseCode = connection.responseCode
+    def responseText = responseCode == 200 ? connection.inputStream.text : '{"allowCredentials":[]}'
+    def jsonResponse = new JsonSlurper().parseText(responseText)
+    def numOfKeys = jsonResponse.allowCredentials ? jsonResponse.allowCredentials.size() : 0
+
+    // non existing account, account without FIDO2 key , or account with disabled FIDO2 key case
+    if (responseCode == 404 || responseCode == 400 || numOfKeys == 0) {
+
+      LOG.debug("Fido2Auth: <== Response: ${responseCode}")
+
+      // Accounting
+      def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
+      def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
+      def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown'
+      def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
+      def credentialType = session['authenticatedWith'] ?: 'unknown'
+      def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+      def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+      def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTime().getEpochSecond() * 1000)
+      def details = "no account (404)"
+      if (responseCode == 400 ) {
+        details = "no fido2 keys for account (400)"    
+      } else if (responseCode == 200) {
+        details = "no active fido2 key for account (200, empty allowCredentials array)"    
+      }
+      
+      LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}', Details='${details}'")
+
+      // returning a fake options structure, which shouldn't leak whether the user account exists or not
+      // keyId is unique per environment and email, fido2SessionId and challenge are renewed each time
+      def keyId = UUID.nameUUIDFromBytes("${parameters['rpId']}.${session['ch.nevis.idm.User.email']}".getBytes())
+      responseText = """{"status": "ok",
+                         "errorMessage": "",
+                         "fido2SessionId": "${UUID.randomUUID()}",
+                         "challenge": "${base64url(UUID.randomUUID())}",
+                         "timeout": 300000,
+                         "rpId": "${parameters['rpId']}",
+                         "allowCredentials": [
+                           {
+                              "type": "public-key",
+                              "id": "${base64url(keyId)}",
+                              "transports": []
+                           }
+                         ],
+                         "userVerification": "required"}"""
+    }
+
+    LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}")
+    response.setContent(responseText)
+    response.setContentType('application/json')
+    response.setHttpStatusCode(200)
+    response.setIsDirectResponse(true)
+    return
+}
+
+if (path == '/nevisfido/fido2/assertion/result') {
+
+  if (inargs.containsKey('authRequestId') && (inargs['authRequestId'] != session['ch.nevis.auth.saml.request.id'])) {
+    // wrong request, "force" a timeout
+    LOG.debug('Fido2Auth: authentication timeout enforced, due to concurrent requests')
+
+    response.setIsDirectResponse(true)
+    response.setContentType('text/html; charset=UTF-8')
+    response.setContent('Timeout')
+    response.setHttpStatusCode(205)
+    response.setHeader('IDP-AUTH', 'Timeout')
+
+    // CONTINUE to keep the other request beeing processed
+    response.setStatus(AuthResponse.AUTH_CONTINUE)
+    return
+  }
+
+    def userHandleValue = userExtId.getBytes().encodeBase64Url().toString()
+    LOG.debug("Fido2Auth: encoded userHandle: ${userHandleValue}")
+    json {
+        "id" inargs['id']
+        "type" inargs['type']
+        response {
+            "clientDataJSON" inargs['response.clientDataJSON']
+            "authenticatorData" inargs['response.authenticatorData']
+            "signature" inargs['response.signature']
+            "userHandle" userHandleValue
+        }
+    }
+    post(connection, json)
+    def responseCode = connection.responseCode
+    // test if credentials exist
+    if (responseCode != 400) {
+        def responseText = connection.inputStream.text
+        LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}")
+        if (responseCode == 200 && new JsonSlurper().parseText(responseText).status == 'ok') {
+            response.setResult('ok')
+            return
+        }
+    }
+    //response.setHttpStatusCode(400)
+    //response.setIsDirectResponse(true)
+    // DEFINE how to handel error
+    notes.setProperty('lasterror', '1')
+    notes.setProperty('lasterrorinfo', 'FIDO2 authentication failed')
+    response.setResult('error')
+    return
+}
+
+response.setError(1, "FIDO2 authentication failed")
+showGui()

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_account_linking_fido2_email_input.groovy

@@ -0,0 +1,31 @@
+def EMAIL_REGEXP = '^(([^<>()\\[\\]\\\\\\.,;:\\s@"]+(\\.[^<>()\\[\\]\\\\\\.,;:\\s@"]+)*)|(\\.\\+))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\])|(([a-zA-Z\\-0-9]+\\.)+[a-zA-Z]{2,}))$'
+
+
+def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+
+if ( inargs['cancelFido2'] && inargs['cancelFido2'] == 'cancelFido2') {
+    response.setResult('cancel')
+    return
+}
+
+if ( inargs['authRequestId'] && inargs['authRequestId'] != session['ch.nevis.auth.saml.request.id'] ) {
+    response.setResult('timeout')
+    return
+}
+
+if ( inargs['submit'] && inargs['submit'] == 'submit' ) {
+  if (inargs['userInputValue_prompt.email'] && inargs['userInputValue_prompt.email'].matches(EMAIL_REGEXP)) {
+    response.setResult('verifyEmail')
+    return
+  } else {
+    LOG.warn("User attempted to bypass frontend emailvalidation with inavlid email: '${inargs['userInputValue_prompt.email']}', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+    request.getInArgs().setProperty('userInputValue_prompt.email', 'inavalid@email.org')
+    response.setResult('stay')
+    return
+  }
+}
+
+response.setResult('stay')
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_account_linking_fido2_fetch_captcha_infos.groovy

@@ -0,0 +1,38 @@
+import groovy.json.JsonSlurper
+import io.opentelemetry.api.trace.Span
+
+def url = parameters.get('url')
+def realIpHttpHeaderName = parameters.get('realIpHttpHeaderName') ?: 'X-Real-IP'
+def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+
+try {
+  def spanCtxt = Span.current().getSpanContext()
+  def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+
+  def jsonSlurper = new JsonSlurper()
+  def httpClient = HttpClients.create(parameters)
+  def httpResponse = Http.get().url(url).header('traceparent', traceparent)
+                         .header(realIpHttpHeaderName, ip).build().send(httpClient)
+
+  LOG.debug('Response Status Code: ' + httpResponse.code())
+  LOG.debug('Response: ' + httpResponse.bodyAsString())
+
+  if (httpResponse.code() == 200) {
+    def json = jsonSlurper.parseText(httpResponse.bodyAsString())
+
+    response.setSessionAttribute('agov.fido2.captchaSettings.enabled', String.valueOf(json.friendlyCaptureClientSettings.enabled))
+    response.setSessionAttribute('agov.fido2.captchaSettings.siteKey', json.friendlyCaptureClientSettings.siteKey)
+    response.setSessionAttribute('agov.fido2.captchaSettings.puzzleUrl', json.friendlyCaptureClientSettings.puzzleUrl)
+
+    response.setResult('ok')
+  } else {
+    LOG.error('Unexcpected HTTP response code: ' + httpResponse.code())
+    response.setResult('error')
+    response.setError(1, 'Unexpected HTTP reponse')
+  }
+} catch (all) {
+  // Handle exception and set the transition
+  LOG.error('error: ' + all, all)
+  response.setResult('error')
+  response.setError(1, 'Exception during HTTP call')
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_account_linking_fido2_fetch_captcha_result.groovy

@@ -0,0 +1,63 @@
+import io.opentelemetry.api.trace.Span
+
+def url = parameters.get('url')
+
+def email = inargs['userInputValue_prompt.email']
+def token = inargs['captcha_response']?: 'MISSING'
+def enabled = (session['agov.fido2.captchaSettings.enabled']?:'true').toBoolean()
+
+def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+def payload = "{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }"
+
+LOG.debug('Token: ' + token)
+LOG.debug('Payload: ' + payload)
+
+try {
+
+  if (!enabled) {
+    LOG.info("FriendlyCAPTCHA is disabled, allowing operation for ${payload}")
+    response.setResult('ok')
+    return
+  }
+
+  def spanCtxt = Span.current().getSpanContext()
+  def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+
+  def httpClient = HttpClients.create(parameters)
+  def httpResponse = Http.post()
+          .url(url)
+          .header("Accept", "application/json")
+          .header("X-FriendlyCAPTCHA-Token", token)
+          .header("traceparent", traceparent)
+          .entity(Http.entity()
+                  .content(payload)
+                  .contentType("application/json")
+                  .build())
+          .build()
+          .send(httpClient)
+
+  LOG.debug('Response Status Code: ' + httpResponse.code())
+  LOG.debug('Response: ' + httpResponse.bodyAsString())
+
+  if (httpResponse.code() == 200) {
+      if (httpResponse.bodyAsString().contains('SUCCESSFUL')) {
+          response.setResult('ok')
+          return
+       } else {
+       LOG.warn("Friendly captcha not successful for '{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }'")
+       response.setResult('exit.1')
+       return      
+     }
+  } else {
+    LOG.error("Friendly captcha failed with statuscode ${httpResponse.code()} for '{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }'")
+    response.setResult('error')
+    response.setError(1, 'Unexpected HTTP reponse')
+  }
+} catch (all) {
+  // Handle exception and set the transition
+  LOG.error("Friendly captcha failed with a general error '${all}' for '{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }', service-url: ${url}")
+  response.setResult('error')
+  response.setError(1, 'Exception during HTTP call')
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_compare_and_update_idm_attributes.groovy

@@ -156,4 +156,3 @@ if(auditedRequired){
 
 
 
-

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_fetch_linked_accounts.groovy

@@ -198,4 +198,3 @@ try {
     response.setResult('error')
     return
 }
-

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_verification_auth.groovy

@@ -68,6 +68,9 @@ def clearEidSession(){
     s.removeAttribute('agov.eid.verification.link')
 }
 
+// TODO/haburger/2025-09-25: we need to restrict the trusted issuer to the correct one
+//     "accepted_issuer_dids": [ TODO ],
+//    "jwt_secured_authorization_request": true,
 def verification_request_template = '''
 { "presentation_definition": {
     "id": "{{UUID}}",
@@ -453,4 +456,3 @@ if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.
 LOG.debug("Show GUI")
 response.setStatus(AuthResponse.AUTH_CONTINUE)
 return
-

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureAccountState.groovy

@@ -4,6 +4,7 @@ import ch.nevis.idm.client.IdmRestClientFactory
 import ch.nevis.idm.client.HTTPRequestWrapper
 
 import groovy.json.JsonSlurper
+import groovy.xml.XmlSlurper
 
 // Accounting
 def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
@@ -118,6 +119,14 @@ if (!session['ch.adnovum.nevisidm.userDto'].contains("<properties><name>idVerifi
 	}
 }
 
+// Processing militarySectorId (value is on credential, thus not automatically added to the session)
+def slurper = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto') ?: '<missing></missing>')
+def militarySectorId = slurper.'**'.find { node -> node.name() == 'samlFederations' && node.issuerNameId.text() == 'urn:ch-agov-link:military' }?.subjectNameId?.text()
+
+if (militarySectorId) {
+  def s = request.getAuthSession(true)
+  s.setAttribute('agov.militarySectorId', militarySectorId)
+}
 
 if (audited) {
 	response.setResult('reload')

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf

@@ -13,9 +13,8 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
     "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-idp-extended-truststore/truststore.p12"
     "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-idp-extended-truststore/keypass}"
 )
 
-

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirect.groovy

@@ -24,4 +24,3 @@ else {
 
 
 
-

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirectRegistration.groovy

@@ -32,4 +32,3 @@ else {
 
 
 
-

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/idp_dispatcher.groovy

@@ -91,7 +91,8 @@ String getProtocolBinding(String value) {
 def dispatchIssuer(i2s, String issuer, boolean secureMode) {
     def result = i2s.get(issuer)
     if (result == null) {
-        LOG.info("No SP found for issuer '$issuer'. Hint: check SAML SP Connector patterns.")
+        // TODO/22-09-2025/haburger: proper error handling
+        LOG.error("No SP found for issuer '$issuer'. Hint: check SAML SP Connector patterns.")
     }
     
     // dispatch different idp if artifact binding is enabled
@@ -117,16 +118,20 @@ def dispatchMessage(i2s, String message) {
     def secureMode = (getAttributeConsumingServiceIndex(message) == '10101')
     def useArtifact = ('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' == getProtocolBinding(message))
 
-    LOG.info("secureMode requested: ${secureMode}")
+    LOG.info("Response to be handled: secureMode: ${secureMode}, artifact binding: ${useArtifact}")
 
     if (issuer == null) {
-        LOG.info("No issuer found in incoming SAML message. Giving up.")
+        // TODO/22-09-2025/haburger: proper error handling
+        LOG.error("No issuer found in incoming SAML message. Giving up.")
     }
     session.put('saml.inbound.issuer', issuer)
     session.put('agov.idp.use.artifact', '' + useArtifact)
     dispatchIssuer(i2s, issuer, secureMode)
 }
 
+// beef
+
+// TODO/22-09-2025/haburger: not needed for AGOV (logout not supported)
 if (parameters.get('logoutConfirmation') == 'true' && "stepup" == request.getMethod()) {
     String url = request.currentResource
     def path = new URL(url).getPath()
@@ -156,6 +161,7 @@ if (parameters.get('spInitiated') == 'true' && inargs.containsKey('SAMLRequest')
     return
 }
 
+// TODO/22-09-2025/haburger: not needed for AGOV (logout not supported)
 if (inargs.containsKey('SAMLResponse')) { // response to IDP-initiated SAML Logout
     LOG.debug("found SAMLResponse parameter")
     String message = inargs.get('SAMLResponse')
@@ -163,6 +169,7 @@ if (inargs.containsKey('SAMLResponse')) { // response to IDP-initiated SAML Logo
     return
 }
 
+// TODO/22-09-2025/haburger: not needed for AGOV (SOAP binding not supported ?)
 if (parameters.get('spInitiated') == 'true' && inargs.containsKey('soapheader')) { // SP-initiated SOAP with soapheader
     LOG.debug("found soapheader parameter for SP-initiated")
     String message = inargs.get('soapheader')
@@ -170,6 +177,7 @@ if (parameters.get('spInitiated') == 'true' && inargs.containsKey('soapheader'))
     return
 }
 
+// TODO/22-09-2025/haburger: not needed for AGOV (SOAP binding not supported ?)
 if (parameters.get('spInitiated') == 'true' && inargs.containsKey('')) { // SP-initiated SOAP with empty
     LOG.debug("found empty parameter for SP-initiated SOAP message")
     String message = inargs.get('')
@@ -178,6 +186,8 @@ if (parameters.get('spInitiated') == 'true' && inargs.containsKey('')) { // SP-i
 }
 
 String issuer = inargs['Issuer'] ?: inargs['issuer']
+
+// TODO/22-09-2025/haburger: not needed for AGOV (IDP-initiated not supported ?)
 if (parameters.get('idpInitiated') == 'true' && issuer != null) { // IDP-initiated authentication
     LOG.debug("found Issuer parameter for IDP-initiated authentication")
     dispatchIssuer(i2s, issuer)

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/initializeRecovery.groovy

@@ -24,6 +24,16 @@ if (!session['ch.nevis.auth.saml.request.id']) {
     response.setSessionAttribute('ch.nevis.auth.saml.request.id', java.util.UUID.randomUUID().toString())
 }
 
+if (!session['agov.recovery.redirectBackPath']) {
+  def referer = request.getLoginContext()['connection.HttpHeader.referer'] ?: request.getLoginContext()['connection.HttpHeader.Referer'] ?: 'no-referer'
+  // dim onboarding is using /dim as context
+  if (referer.matches('^https\\:\\/\\/[^\\/]+\\/reg(\\/?|\\/[^\\/]+)?(\\?.+)?$')) {
+    response.setSessionAttribute('agov.recovery.redirectBackPath', '/reg/')
+  } else {
+    response.setSessionAttribute('agov.recovery.redirectBackPath', '/SAML2/SSO/')
+  }
+}
+
 def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
 def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
 

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/logging.yml

@@ -16,6 +16,12 @@ Configuration:
       level: "INFO"
     - name: "EsAuthStart"
       level: "INFO"
+    - name: "org.apache.catalina.loader.WebappClassLoader"
+      level: "FATAL"
+    - name: "org.apache.catalina.startup.HostConfig"
+      level: "ERROR"
+    - name: "ch.nevis.esauth.events"
+      level: "FATAL"
     - name: "AGOV-ACCT"
       level: "DEBUG"
     - name: "AgovCaptcha"
@@ -26,6 +32,8 @@ Configuration:
       level: "INFO"
     - name: "AuthPerf"
       level: "INFO"
+    - name: "DIM-REG"
+      level: "DEBUG"
     - name: "IdmAuth"
       level: "DEBUG"
     - name: "OpTrace"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/main_idp_prepare_done.groovy

@@ -0,0 +1,23 @@
+// nevisProxy replaces the entire AUTH: scope when new outargs are returned by nevisAuth.
+// Thus, we have to store tokens in the session (as a String) and restore them on subsequent step-ups.
+
+// restore tokens
+session.each { key, value ->
+    if (key.startsWith('outarg.token.')) {
+        def name = key.substring(7)
+        if (outargs.containsKey(name)) {
+            LOG.debug("not restoring token (outarg: $name) from session: outarg already set")
+        }
+        else {
+            LOG.debug("restoring token (outarg: $name) from session")
+            outargs.put(name, value)
+        }
+    }
+}
+
+// store tokens
+outargs.each { name, value ->
+    if (name.startsWith('token.')) {
+        session.put('outarg.' + name, value)
+    }
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties

@@ -1,5 +1,4 @@
 otel.service.name = auth
-otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_handlecode.groovy

@@ -3,7 +3,8 @@ import ch.nevis.esauth.auth.engine.AuthResponse
 if (inargs['cancel'] == 'cancel') {
       //cleanSession()
       response.setStatus(AuthResponse.AUTH_ERROR)
-      response.setTransferDestination('/SAML2/SSO/')
+      def destination = session['agov.recovery.redirectBackPath'] ?: '/SAML2/SSO/'
+      response.setTransferDestination(destination)
       response.setIsRedirectTransfer(true)
       return
  }

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/requestedrolelevel.groovy

@@ -56,7 +56,11 @@ def appRequiresBestTokenWithAddress = bestTokenAddressWhitelist.contains(','+req
 def bestTokenSvnrWhitelist = ',' + (parameters.get('bestTokenSvnrWhitelist') ?: '').replaceAll('\\s','') + ','
 def appRequiresBestTokenWithSvnr = bestTokenSvnrWhitelist.contains(','+requester+',')
 
-LOG.info("Event='AUTHREQUEST', Requester='${requester}', RequestId='${requestId}', ReplacedRequestId='${replacedRequestId}', RequestedAq=${requestedAq}, BestTokenRequired='svnr: ${appRequiresBestTokenWithSvnr}; address: ${appRequiresBestTokenWithAddress}', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+def militarySectorIdWhitelist = ',' + (parameters.get('militarySectorIdWhitelist') ?: '').replaceAll('\\s','') + ','
+def appRequiresMilitarySectorId = militarySectorIdWhitelist.contains(','+requester+',')
+session.setAttribute('agov.militarySectorIdRequired', appRequiresMilitarySectorId.toString())
+
+LOG.info("Event='AUTHREQUEST', Requester='${requester}', RequestId='${requestId}', ReplacedRequestId='${replacedRequestId}', RequestedAq=${requestedAq}, BestTokenRequired='svnr: ${appRequiresBestTokenWithSvnr}; address: ${appRequiresBestTokenWithAddress}', militarySectorId=${appRequiresMilitarySectorId}, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
 
 
 if (requestedRoleLevelNumber == 0 || session.get('ch.nevis.auth.saml.request.scoping.requesterId') == null) {

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/sanitizeAndDispatchEmailInput.groovy

@@ -29,4 +29,3 @@ if ( inargs['submit'] && inargs['submit'] == 'submit' ) {
 
 response.setResult('stay')
 return
-

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisFIDO"
   replicas: 1
-  version: "8.2505.5"
-  gitInitVersion: "1.4.0"
+  version: "8.2411.2"
+  gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
     rest: 9443
@@ -40,19 +40,15 @@ spec:
     management:
       httpGet:
         path: "/nevisfido/health"
-      initialDelaySeconds: 30
       periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 30
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-8c63709c859f30ecc911fbf0b105249f6b4b4893"
+    tag: "r-ac938692d8edd6d7a3c23c703a8b0ad0b4510414"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
     credentials: "git-credentials"
-  database:
-    name: "fido-uaf"
-    requiredVersion: "8.2505.5"
   keystores:
   - "fido-uaf-default-server-identity"
   - "fido-uaf-default-client-identity"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-nevisfido-uaf-database-9385d1b33aefe975fb1c5914.yaml

@@ -1,26 +0,0 @@
-apiVersion: "operator.nevis-security.ch/v1"
-kind: "NevisDatabase"
-metadata:
-  name: "fido-uaf"
-  namespace: "adn-agov-nevisidm-01-uat"
-  labels:
-    deploymentTarget: "fido-uaf"
-  annotations:
-    projectKey: "DEFAULT-ADN-AGOV-PROJECT"
-    patternId: "9385d1b33aefe975fb1c5914"
-spec:
-  type: "NevisFIDO"
-  databaseType: "MariaDB"
-  version: "8.2505.5"
-  url: "session-db-primary-service.adn-agov-database-01-uat"
-  port: 3306
-  database: "nevisfido_uaf"
-  bootstrap: true
-  migrate: true
-  rootCredentials:
-    name: "root-adn-agov-nevisidm-admin-01-uat-idm"
-    namespace: "adn-agov-nevisidm-admin-01-uat"
-  podSecurity:
-    policy: "baseline"
-    automountServiceAccountToken: false
-  timeZone: "Europe/Zurich"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf

@@ -7,5 +7,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json

@@ -3,13 +3,14 @@
     "aaid" : "F1D0#0001",
     "description" : "Android NEVIS Mobile Authentication PIN Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [],
-    "supportedExtensions" : [
-      {
-        "id" : "ch.nevis.auth.fido.uaf.google-attestation-root-keys",
-        "fail_if_unknown" : false,
-        "data" : "[ \"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAQ==\" ]"
-      }
+    "attestationRootCertificates" : [
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
     ],
     "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
@@ -33,13 +34,14 @@
     "aaid" : "F1D0#0002",
     "description" : "Android NEVIS Mobile Authentication Fingerprint Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [],
-    "supportedExtensions" : [
-      {
-        "id" : "ch.nevis.auth.fido.uaf.google-attestation-root-keys",
-        "fail_if_unknown" : false,
-        "data" : "[ \"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAQ==\" ]"
-      }
+    "attestationRootCertificates" : [
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
     ],
     "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
@@ -63,13 +65,14 @@
     "aaid" : "F1D0#0003",
     "description" : "Android NEVIS Mobile Authentication Biometric Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [],
-    "supportedExtensions" : [
-      {
-        "id" : "ch.nevis.auth.fido.uaf.google-attestation-root-keys",
-        "fail_if_unknown" : false,
-        "data" : "[ \"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAQ==\" ]"
-      }
+    "attestationRootCertificates" : [
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
     ],
     "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
@@ -93,13 +96,14 @@
     "aaid" : "F1D0#0004",
     "description" : "Android NEVIS Mobile Authentication Device Passcode Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [],
-    "supportedExtensions" : [
-      {
-        "id" : "ch.nevis.auth.fido.uaf.google-attestation-root-keys",
-        "fail_if_unknown" : false,
-        "data" : "[ \"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAQ==\" ]"
-      }
+    "attestationRootCertificates" : [
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
     ],
     "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
@@ -123,13 +127,14 @@
     "aaid" : "F1D0#0005",
     "description" : "Android NEVIS Mobile Authentication Password Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [],
-    "supportedExtensions" : [
-      {
-        "id" : "ch.nevis.auth.fido.uaf.google-attestation-root-keys",
-        "fail_if_unknown" : false,
-        "data" : "[ \"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAQ==\" ]"
-      }
+    "attestationRootCertificates" : [
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
     ],
     "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
@@ -263,5 +268,4 @@
     "publicKeyAlgAndEncodings" : [ 257 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
-  }
-]
+  }]

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml

@@ -37,7 +37,7 @@ fido-uaf:
     max-text-length: 2000
   metadata:
     path: "conf/metadata/metadata.json"
-  idm-connection-type: "rest"
+  idm-connection-type: "soap"
   dispatchers:
   - type: "firebase-cloud-messaging"
     dry-run: false
@@ -45,7 +45,6 @@ fido-uaf:
     registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
     authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
     deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
-    message-ttl: "180s"
   - type: "png-qr-code"
     registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
     authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
@@ -55,11 +54,8 @@ fido-uaf:
     authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
     deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
     base-url: "ch.agov.access-t://x-callback-url/authenticate"
-  full-basic-attestation:
+  basic-full-attestation:
     android-verification-level: "default"
-    android-permissive-mode-enabled: true
-    android-attestation-key-revocation:
-      reload-interval: "21600s"
   authorization:
     registration:
       type: "sectoken"
@@ -98,19 +94,19 @@ fido-uaf:
       - "userid"
 session-repository:
   type: "sql"
-  jdbc-url: "jdbc:mariadb://session-db-primary-service.adn-agov-database-01-uat:3306/nevisfido_uaf?sslMode=disable&autocommit=true"
-  user: "${exec:/var/opt/nevisfido/default/conf/credentials/dbUser}"
-  password: "${exec:/var/opt/nevisfido/default/conf/credentials/dbPassword}"
+  jdbc-url: "jdbc:mariadb://mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat:3306/nevisfido_uaf?sslMode=disable&autocommit=true"
+  max-connection-lifetime: "10m"
+  user: "adndbadmin"
+  password: "not-used"
+  schema-user: ""
+  schema-user-password: ""
   automatic-db-schema-setup: false
-  max-connection-lifetime: "1800s"
-  connection-timeout: "30s"
-  min-connection-pool-size: 10
-  max-connection-pool-size: 10
-  max-connection-idle-time: "600s"
 credential-repository:
   type: "nevisidm"
   client-id: "cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720"
   user-attribute: "extId"
+  administration-url: "https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm/services/v1_46/AdminService"
+  admin-service-version: "v1_46"
   rest-url: "https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm"
   keystore: "/var/opt/keys/own/fido-uaf-default-client-identity/keystore.p12"
   keystore-type: "pkcs12"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties

@@ -1,5 +1,4 @@
 otel.service.name = fido-uaf
-otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisFIDO"
   replicas: 1
-  version: "8.2505.5"
-  gitInitVersion: "1.4.0"
+  version: "8.2411.2"
+  gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
     management: 9089
@@ -40,14 +40,13 @@ spec:
     management:
       httpGet:
         path: "/nevisfido/health"
-      initialDelaySeconds: 30
       periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 30
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-8c63709c859f30ecc911fbf0b105249f6b4b4893"
+    tag: "r-ac938692d8edd6d7a3c23c703a8b0ad0b4510414"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf

@@ -6,5 +6,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/nevisfido.yml

@@ -1,21 +1,3 @@
-fido2:
-  enabled: true
-  user-presence-requirement: "always"
-  rp-name: "AGOV-RelPartName"
-  rp-id: "adnovum.net"
-  origins:
-  - "https://ob.agov-w.azure.adnovum.net"
-  - "https://auth.agov-w.azure.adnovum.net"
-  - "https://nevisidm.agov-w.azure.adnovum.net"
-  signature-algorithms:
-  - "ES256"
-  - "EdDSA"
-  display-name-source: "email"
-  metadata:
-    allow-listing-enabled: false
-  timeout:
-    user-verification: "300s"
-    no-user-verification: "120s"
 server:
   port: 9443
   protocol: "https"
@@ -42,5 +24,27 @@ credential-repository:
   truststore-passphrase: "${exec:/var/opt/keys/trust/fido2-idp-extended-truststore/keypass}"
   truststore-type: "pkcs12"
   user-attribute: "extId"
+fido2:
+  enabled: true
+  rp-name: "AGOV-RelPartName"
+  rp-id: "adnovum.net"
+  origins:
+  - "https://ob.agov-w.azure.adnovum.net"
+  - "https://auth.agov-w.azure.adnovum.net"
+  - "https://nevisidm.agov-w.azure.adnovum.net"
+  signature-algorithms:
+  - "RS1"
+  - "RS256"
+  - "RS384"
+  - "RS512"
+  - "ES256"
+  - "ES384"
+  - "ES512"
+  display-name-source: "email"
+  metadata:
+    allow-listing-enabled: false
+  timeout:
+    user-verification: "300s"
+    no-user-verification: "120s"
 session-repository:
   type: "in-memory"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties

@@ -1,5 +1,4 @@
 otel.service.name = fido2
-otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisLogrend"
   replicas: 1
-  version: "8.2505.5"
-  gitInitVersion: "1.4.0"
+  version: "8.2411.2"
+  gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
     server: 8988
@@ -38,14 +38,13 @@ spec:
   startupProbe:
     server:
       tcpSocket: true
-      initialDelaySeconds: 30
       periodSeconds: 5
       timeoutSeconds: 4
-      failureThreshold: 30
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-8c63709c859f30ecc911fbf0b105249f6b4b4893"
+    tag: "r-ac938692d8edd6d7a3c23c703a8b0ad0b4510414"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
     credentials: "git-credentials"
   podSecurity:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf

@@ -10,5 +10,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/logrend.properties

@@ -11,7 +11,7 @@ application.language.cookie.it=LANG:it:.agov-d.azure.adnovum.net
 application.language.cookie.rm=LANG:rm:.agov-d.azure.adnovum.net
 application.languages=de,fr,it,rm,en
 application.loginapp.current=
-application.loginapp.default=Auth_Realm_Main_IDP
+application.loginapp.default=Auth_Realm_Dimilar
 application.loginapp.override=header:channel
 application.package.name=nevislogrend
 application.render.content.type=text/html; charset=UTF-8

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/mimetype.properties

@@ -1,5 +1,3 @@
-
 ico=image/x-icon
-json=application/json
 woff=font/woff
 woff2=font/woff2

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties

@@ -1,5 +1,4 @@
 otel.service.name = logrend
-otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/resources/conf/default.properties

@@ -0,0 +1,34 @@
+# source: pattern://366004bd53a000b0db75a090
+application.countries.default=CH
+# source: pattern://366004bd53a000b0db75a090
+cache.file.exempt=
+# source: pattern://366004bd53a000b0db75a090
+cache.filefolder.exempt=
+# source: pattern://366004bd53a000b0db75a090
+application.language.source.1=param:language
+# source: pattern://366004bd53a000b0db75a090
+application.language.source.2=cookie:LANG
+# source: pattern://366004bd53a000b0db75a090
+application.language.source.3=gui
+# source: pattern://366004bd53a000b0db75a090
+application.language.source.4=browser
+# source: pattern://366004bd53a000b0db75a090
+cache.revalidate.delay=-1
+# source: pattern://366004bd53a000b0db75a090
+application.languages=de,fr,it,rm,en
+# source: pattern://366004bd53a000b0db75a090, pattern://097929211988398a87bcbb0c
+application.language.cookie.de=LANG:de:.agov-d.azure.adnovum.net
+# source: pattern://366004bd53a000b0db75a090, pattern://097929211988398a87bcbb0c
+application.language.cookie.fr=LANG:fr:.agov-d.azure.adnovum.net
+# source: pattern://366004bd53a000b0db75a090, pattern://097929211988398a87bcbb0c
+application.language.cookie.it=LANG:it:.agov-d.azure.adnovum.net
+# source: pattern://366004bd53a000b0db75a090, pattern://097929211988398a87bcbb0c
+application.language.cookie.rm=LANG:rm:.agov-d.azure.adnovum.net
+# source: pattern://366004bd53a000b0db75a090, pattern://097929211988398a87bcbb0c
+application.language.cookie.en=LANG:en:.agov-d.azure.adnovum.net
+# source: pattern://366004bd53a000b0db75a090
+env.name=work
+# source: pattern://366004bd53a000b0db75a090
+page.title=AGOV Work IdP
+# source: pattern://366004bd53a000b0db75a090
+application.languages.default=en

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/resources/conf/text.properties

@@ -0,0 +1,302 @@
+
+agov-ident.done.message=Ihr AGOV-Konto ist nun einsatzbereit. Bitte schliessen Sie diese Seite.
+agov-ident.done.title=Fertig
+agov-ident.failed.instruction=Sie benötigen ein AGOV-Konto und müssen die vorgeschlagene Datenüberprüfung bestehen, um das Onboarding erfolgreich abzuschliessen. Bitte versuchen Sie es erneut.
+agov-ident.failed.message=Onboarding abgebrochen oder Verifikation der Daten verschoben
+agov-ident.failed.title=Verifikation erforderlich
+agov-ident.invalid-url.instruction=Der Link, den Sie für den Zugriff auf diese Seite verwendet haben, ist ungültig. Bitte stellen Sie sicher, dass Sie ihn so verwenden, wie Sie ihn erhalten haben, ohne Tippfehler, oder klicken Sie ihn direkt auf der Seite an, auf der er veröffentlicht ist.
+agov-ident.invalid-url.message=Link kann nicht verarbeitet werden
+agov-ident.invalid-url.title=Ungültiger Link
+agov-ident.onboarding=Registrierung & Verifikation
+agov-ident.retry=Versuchen Sie es erneut
+button.submit=Senden
+darkModeSwitch.aria.label=Dark-Mode-Schalter
+dimilar.confirm_identity.checkbox=Ich bestätige, dass dies meine Angaben sind
+dimilar.confirm_identity.description=Bitte bestätigen Sie, dass die folgenden Angaben Ihnen gehören, um fortzufahren:
+dimilar.confirm_identity.error=Bitte bestätigen Sie, dass die Angaben Ihnen gehören, um fortzufahren.
+dimilar.confirm_identity.link=Wenn diese nicht Ihre Angaben sind, besuchen Sie bitte <a class='link' href='https://agov.ch/dim' target='_blank'>https://agov.ch/dim</a>.
+dimilar.confirm_identity.title=Angaben best&auml;tigen
+dimilar.select_onboarding.description=Willkommen bei AGOV. Bitte komplettieren Sie Ihr Onboarding, indem Sie ein bestehendes oder neues AGOV Konto verbinden.
+dimilar.select_onboarding.error-banner=Bitte w&auml;hlen Sie eine Option aus, um fortzufahren
+dimilar.select_onboarding.existing-account=Onboarding mit einem existierenden AGOV-Konto
+dimilar.select_onboarding.proceeding=Wie m&ouml;chten Sie fortfahren?
+dimilar.select_onboarding.registering-account=Onboarding mit einem neuen AGOV-Konto
+dimilar.select_onboarding.title=Hallo !!!FIRSTNAME!!! !!!LASTNAME!!!
+dimilar.token_error.support=Um Hilfe zu erhalten, besuchen Sie bitte <a class='link' href='https://agov.ch/dim' target='_blank'>agov.ch/dim</a>.
+dimilar.token_error.token_expired=Token abgelaufen oder bereits verwendet.
+dimilar_onboarding.aborted.link=Wenn Sie Hilfe ben&ouml;tigen, besuchen Sie bitte <a class='link' href='https://agov.ch/dim' target='_blank'>https://agov.ch/dim</a>.
+dimilar_onboarding.aborted.message=Onboarding abgebrochen. Bitte versuchen Sie es erneut.
+dimilar_onboarding.failed.link=<a class='link' href='https://agov.ch/dim' target='_blank'>agov.ch/dim</a>.
+dimilar_onboarding.failed.message=Onboarding abgebrochen. Bitte kontaktieren Sie den Support unter
+dimilar_onboarding.successful.message=Onboarding mit AGOV-Konto erfolgreich. Sie k&ouml;nnen sich nun bei Dimilar unter <a class='link' href='https://www.armee.ch/de/dim' target='_blank'>https://www.armee.ch/de/dim</a> einloggen.
+dimilar_onboarding.title=Registrieren
+error.policy.failed=Das neue Passwort stimmt nicht mit der Richtlinie &uuml;berein.
+error_1=Bitte &uuml;berpr&uuml;fen Sie Ihre Eingaben.
+error_10=Bitte w&auml;hlen Sie das richtige Benutzerkonto aus.
+error_100=Zertifikat-Upload nicht m&ouml;glich. Das Zertifikat existiert bereits. Wenden Sie sich an Ihr Helpdesk.
+error_101=Die eingegebene E-Mail-Adresse ist ung&uuml;ltig.
+error_11=Bitte verwenden Sie ein anderes Zertifikat oder melden Sie sich mit einer anderen Art von Credential an.
+error_2=Bitte w&auml;hlen Sie einen anderen Login-Namen.
+error_3=Wenn die n&auml;chste Authentifizierung fehlschl&auml;gt, wird Ihr Konto gesperrt.
+error_4=Ihr neues Passwort verst&ouml;sst gegen die Sicherheitsrichtlinien. Bitte w&auml;hlen Sie ein anderes Passwort.
+error_403.description=Sie sind nicht berechtigt, auf diese Anwendung zuzugreifen.
+error_403.title=Nicht zugelassen
+error_404.description=Die von Ihnen gesuchte Seite existiert nicht.
+error_404.title=Seite nicht gefunden
+error_5=Fehler bei der Passwortbest&auml;tigung.
+error_50=Das neue Passwort ist zu kurz.
+error_500.description=Zurzeit liegt eine St&ouml;rung vor. Wir arbeiten daran.
+error_500.title=Etwas ist schiefgegangen.
+error_502.description=Wir arbeiten daran. Bitte versuchen Sie es sp&auml;ter noch einmal.
+error_502.title=Etwas ist schiefgegangen.
+error_55=Das neue Passwort muss sich von alten Passw&ouml;rtern unterscheiden.
+error_6=Passwort&auml;nderung erforderlich.
+error_7=&Auml;nderung der Login-ID erforderlich.
+error_8=Ihr Konto wurde aufgrund wiederholter fehlgeschlagener Authentifizierungsversuche gesperrt.
+error_81=Keine Zugangskarte gefunden, Zugang &uuml;ber das Internet verweigert.
+error_83=Ihre Zugangskarte ist nicht mehr g&uuml;ltig. Bitte wenden Sie sich an Ihre Beratungsperson, um eine neue Zugangskarte zu erhalten.
+error_9=&Uuml;bernahme der Sitzung fehlgeschlagen.
+error_97=Sie sind nicht berechtigt, auf diese Ressource zuzugreifen.
+error_98=Ihr Konto wurde gesperrt.
+error_99=Systemprobleme: Bitte versuchen Sie es sp&auml;ter noch einmal.
+error_9901=Sie ben&ouml;tigen einen g&uuml;ltigen Onboarding-Link, um auf diese Seite zuzugreifen.
+error_9902=Die f&uuml;r die Authentifizierung verwendete E-Mail-Adresse stimmt nicht mit der erwarteten E-Mail-Adresse in Operations &uuml;berein. Bitte fordern Sie einen neuen Onboarding-Link an.
+error_9903=Der verwendete IdP hat uns keine g&uuml;ltige Assertion gesendet. Bitte stellen Sie sicher, dass Sie den richtigen IdP verwenden. Fordern Sie beim Support einen neuen Onboarding-Link an.
+error_9904=Ihr Link ist nicht mehr g&uuml;ltig. Bitte stellen Sie sicher, dass Sie den neuesten Link verwenden, den Sie von Operations erhalten haben. Fordern Sie einen neuen Link an, falls das Problem weiterhin besteht.
+error_9905=Es gibt ein Problem mit Ihrem Operations-Konto. Kontaktieren Sie bitte den Support.
+error_9909=Es ist ein interner Fehler aufgetreten. Bitten Sie den Support um einen neuen Onboarding-Link.
+errors.duplicateValue=Ihr Konto ist bereits mit einem anderen Operations-Zugang verkn&uuml;pft.
+fido2_auth.cancel.fido=Die Authentifizierung mit dem Sicherheitsschl&uuml;ssel wurde unterbrochen. Bitte vergewissern Sie sich, dass Ihr FIDO-Schl&uuml;ssel registriert ist und Ihre E-Mail korrekt ist.
+fido2_auth.instruction1=Klicken Sie auf "Weiter"
+fido2_auth.instruction2=Ein Authentifizierungsfenster wird erscheinen
+fido2_auth.instruction3=Folgen Sie den Anweisungen
+fido2_auth.skipInstructions=Anweisungen n&auml;chstes Mal &uuml;berspringen
+fido2_auth.switchLogin=WECHSEL ZU LOGIN MIT
+footer.link=https://agov.ch
+footer.link.label=Kontakt
+footer.text=Authentifizierungsdienst der Schweizer Beh&ouml;rden AGOV &ndash; eine Zusammenarbeit zwischen den Kantonen, deren Gemeinden und der Bundesverwaltung. -
+general.AGOVAccessApp=AGOV access App
+general.accessApp=AGOV access App
+general.authenticate=Authentifizieren
+general.back=Zur&uuml;ck
+general.cancel=Abbrechen
+general.confirm=Best&auml;tigen
+general.contactSupport=Support kontaktieren
+general.continue=Weiter
+general.data.birthDate=Geburtsdatum
+general.data.birthDateFormat=TT.MM.JJJJ
+general.data.enrollmentNumber=AHV-Nummer (Dienstmanager)
+general.data.firstname=Vorname
+general.data.lastname=Nachname
+general.edit=&Auml;ndern
+general.email=E-Mail
+general.email.address=E-Mail-Adresse
+general.entryCode=Code-Eingabe
+general.fieldRequired=Erforderliches Feld
+general.generalAccessApp=Access App
+general.getStarted=Los geht's
+general.goAGOVHelp=Weiter zur AGOV help
+general.goAccessApp=Login mit AGOV access
+general.goToAccessApp=Zur AGOV access App wechseln
+general.help=Hilfe
+general.help.link=https://agov.ch/help
+general.login=Login
+general.login.accessApp=Login mit AGOV access App
+general.login.securityKey=Login mit Sicherheitsschl&uuml;ssel
+general.loginSecurityKey=Sicherheitsschl&uuml;ssel-Login starten
+general.moreOptions=WEITERE OPTIONEN
+general.or=ODER
+general.otherLoginMethods=Andere Login-Methoden
+general.recovery=Wiederherstellung
+general.recovery.help.link=https://help.agov.ch/?c=100recovery
+general.recoveryCode.downloadPdf=Als PDF herunterladen
+general.recoveryCode.inputLabel=Wiederherstellungscode
+general.recoveryCode.repeatCodeError=Der von Ihnen eingegebene Code war nicht korrekt. Bitte vergewissern Sie sich, dass Sie ihn richtig abgespeichert haben, und versuchen Sie es erneut.
+general.recoveryCode.repeatCodeModal.description=Um sicherzustellen, dass Sie Ihren Code richtig gespeichert haben, wiederholen Sie ihn bitte unten. Ein verlorener oder falsch gespeicherter Wiederherstellungscode kann die Wiederherstellung Ihres Kontos erschweren.
+general.recoveryCode.repeatCodeModal.title=Wiederherstellungscode wiederholen
+general.recoveryCode.reveal=Wiederherstellungscode enth&uuml;llen
+general.recoveryOngoing=Wiederherstellung nicht abgeschlossen
+general.register=Registrieren
+general.registerNow=Jetzt registrieren!
+general.registration=Registrierung
+general.registration.dontHaveAnAccountYet=Haben Sie noch kein AGOV-Konto?
+general.registration.seeOptions=Registrierungsoptionen ansehen
+general.securityKey=Sicherheitsschl&uuml;ssel
+general.skip.content=Direkt zum Hauptteil
+general.wrongPhoneNumber=Bitte geben Sie eine g&uuml;ltige Telefonnummer ein
+generic.auth.error.message=Es gab eine Service-Unterbrechung. Wir arbeiten daran.
+generic.auth.error.next.steps=Versuchen Sie es bitte sp&auml;ter noch einmal. Bitte besuchen Sie die AGOV-Hilfe, wenn das Problem weiterhin besteht.
+generic.auth.error.subtitle=Etwas ist schiefgegangen.
+generic.auth.error.title=Fehler
+info.login=Bitte geben Sie Ihre pers&ouml;nlichen Zugangsdaten ein.
+language.de=Deutsch
+language.en=English
+language.fr=Fran&ccedil;ais
+language.it=Italiano
+language.rm=Rumantsch
+languageDropdown.aria.label=Sprache w&auml;hlen
+loainfo.description.200=Um auf diese Applikation zuzugreifen, m&uuml;ssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2&ndash;3 Tage dauern.
+loainfo.description.300=Um auf diese Applikation zuzugreifen, m&uuml;ssen wir Ihre Angaben verifizieren. Sie k&ouml;nnen Ihre bevorzugte Methode im n&auml;chsten Schritt ausw&auml;hlen.
+loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
+loainfo.helper=Ihre pers&ouml;nlichen Daten m&uuml;ssen &uuml;berpr&uuml;ft werden!
+loainfo.later=Sp&auml;ter
+loainfo.startNow=M&ouml;chten Sie den Prozess jetzt starten?
+loainfo.startVerification=Verifikation starten
+loainfo.title=Verifizieren Sie Ihre Daten
+loggedout.description=Sie haben sich erfolgreich ausgeloggt.
+loggedout.title=Ausgeloggt
+mauth_usernameless.EID=Mit Schweizer E-ID fortfahren
+mauth_usernameless.banner.error=Authentifizierung unterbrochen.<br>Bitte versuchen Sie es erneut, nachdem die Seite neu geladen wurde.
+mauth_usernameless.banner.info=Scan erfolgreich. Bitte fahren Sie in der AGOV access App fort.
+mauth_usernameless.banner.success=Authentifizierung erfolgreich.<br>Bitte warten Sie, bis Sie eingeloggt werden.
+mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschl&uuml;ssel verloren?
+mauth_usernameless.cannotLogin.accessApp=Zugriff auf App verloren?
+mauth_usernameless.cannotLogin.securityKey=Zugriff auf Sicherheitsschl&uuml;ssel verloren?
+mauth_usernameless.hideQR=QR-Code ausblenden
+mauth_usernameless.instructions=Melden Sie sich an, indem Sie den QR-Code mit Ihrer AGOV access App scannen
+mauth_usernameless.noAccount=Haben Sie noch kein AGOV-Konto?
+mauth_usernameless.selectLoginMethod=Login-Methode w&auml;hlen
+mauth_usernameless.showQR=QR-Code anzeigen
+mauth_usernameless.startRecovery=Kontowiederherstellung starten
+mauth_usernameless.useSecurityKey=Verwenden Sie einen Sicherheitsschl&uuml;ssel, um sich anzumelden
+mauth_usernameless.useSecurityKeyInfo=Ein physischer Sicherheitsschl&uuml;ssel bietet eine sichere M&ouml;glichkeit, sich ohne Telefon anzumelden.
+onboard_linking_account_auth.fido_instructions=Ein physischer Sicherheitsschl&uuml;ssel bietet eine sichere M&ouml;glichkeit, das Onboarding mit Ihrem Konto ohne Telefon durchzuf&uuml;hren.
+onboard_linking_account_auth.instructions=F&uuml;hren Sie das Onboarding mit Ihrem AGOV-Konto durch, indem Sie den QR-Code mit Ihrer AGOV access App scannen
+onboarding.cancel-onboarding=Sind Sie sicher, dass Sie den Onboarding-Prozess abbrechen m&ouml;chten?
+onboarding.cancel-onboarding-description=Um mit der Kontowiederherstellung fortzufahren, m&uuml;ssen Sie den Onboarding-Prozess abbrechen.
+onboarding.cancel-proceed-recovery=Ja, abbrechen und mit der Wiederherstellung fortfahren
+onboarding.login-factor=Schritt 1 &ndash; Login-Faktor
+onboarding.with-agov.title=Onboarding mit AGOV-Konto
+onboarding_account.switchLinking=Wechseln zum Onboarding mit
+onboarding_account_auth.loginSecurityKey=Onboarding mit Sicherheitsschl&uuml;ssel starten
+onboarding_account_auth.useSecurityKey=Benutzen Sie einen Sicherheitsschl&uuml;ssel, um das Onboarding mit Ihrem AGOV-Konto durchzuf&uuml;hren
+op-admin.login=AGOV-op-Admin
+op-admin.login.intro.message=Login mit Ihrem Benutzernamen und Passwort
+op-admin.login.loginid=LoginID
+op-admin.login.password=Passwort
+op-admin.login.title=Login
+op-admin.logout=AGOV-op-Admin
+op-admin.logout.message=Sie haben sich erfolgreich ausgeloggt.
+op-admin.logout.title=Logout
+op-admin.pwchange.intro.message=Passwort&auml;nderung erforderlich
+op-admin.pwchange.newpassword=Neues Passwort
+op-admin.pwchange.newpassword2=Neues Passwort wiederholen
+op-admin.pwchange.password=Aktuelles Passwort
+op-admin.pwchange.title=&Auml;nderung des Passworts
+op-idmlogin.role.accs-mgmt-idm=IDM accessrights management
+op-idmlogin.role.accs-mgmt-nonidm=Accessrights management
+op-idmlogin.role.idmcfg-mgmt=IDM set-up
+op-idmlogin.role.readonly-access=Standardzugriff (Nur Leseberechtigung)
+op-idmlogin.role.support-basic=Supportf&auml;lle (Wiederherstellung, ...)
+op-idmlogin.role.support-priv=3rd Level Support (Archivierung, Abmeldungen, ...)
+op-idmlogin.role.usr-mgmt=Benutzerverwaltung (Betrieb)
+op-idmlogin.role.usr-unit-mgmt=Benutzer- und Organisationsverwaltung (Betrieb)
+op-idmlogin.select=AGOV idm
+op-idmlogin.select.intro=Bitte w&auml;hlen Sie ein Profil aus...
+op-idmlogin.select.note=Mit * markierte Profile sollten nur f&uuml;r bestimmte Support oder Release Aufgaben genutzt werden.
+op-idmlogin.select.title=Profilauswahl
+op-onboarding.done.message=Das Onboarding war erfolgreich. Sie k&ouml;nnen nun Ihren AGOV-Operations-Zugang verwenden. Bitte schliessen Sie den Browser, bevor Sie auf eine der Operations-Applikationen zugreifen.
+op-onboarding.done.title=FERTIG
+op-onboarding.failed.title=FEHLER
+op-onboarding.intro.message1=Um das Onboarding f&uuml;r Ihren AGOV-Operations-Zugang abzuschliessen, ben&ouml;tigen Sie entweder ein AGOV- oder ein FED-LOGIN-Konto.
+op-onboarding.intro.message2=Wenn Sie auf &laquo;Weiter&raquo; klicken, werden Sie zur Authentifizierung weitergeleitet.
+op-onboarding.intro.message3=Wenn Sie AGOV verwenden und Ihr Konto noch nicht der erforderlichen AGOVaq-Stufe entspricht, erhalten Sie die M&ouml;glichkeit, die erforderliche Identit&auml;tspr&uuml;fung zu starten.
+op-onboarding.intro.title=START
+op-onboarding.onboarding=AGOV-op-Onboarding
+op-onboarding.process.message=Bei der Bearbeitung ist etwas schiefgegangen. Wenden Sie sich wenn n&ouml;tig an den AGOV-Support und fordern Sie einen neuen Onboarding-Link an.
+prompt.client=Mandant
+prompt.newpassword=Neues Passwort
+prompt.newpassword.confirm=Passwort best&auml;tigen
+prompt.password=Passwort
+prompt.userid=Benutzer-ID
+providePhoneNumber.banner=Die Mobilnummer muss f&uuml;r den Empfang von SMS geeignet sein. Sie wird nicht verwendet, um Sie zu kontaktieren.
+providePhoneNumber.description=AGOV erlaubt nun die Wiederherstellung mittels Mobilnummer. So k&ouml;nnen Sie w&auml;hrend der Wiederherstellung mit einer SMS fortfahren, wenn Sie Ihren Wiederherstellungscode verloren haben.
+providePhoneNumber.errorBanner=Die Mobilnummern stimmen nicht &uuml;berein. Bitte versuchen Sie es erneut.
+providePhoneNumber.inputLabel=Mobilnummer (optional)
+providePhoneNumber.laterModal.description1=Ohne Mobilnummer kann die Wiederherstellung Ihres Kontos bis zu 4 Tage dauern, wenn Sie Ihren Wiederherstellungscode verlieren.
+providePhoneNumber.laterModal.description2=Durch Hinzuf&uuml;gen einer Mobilnummer k&ouml;nnen Sie Ihr Konto in wenigen Minuten wiederherstellen.
+providePhoneNumber.laterModal.description3=Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
+providePhoneNumber.laterModal.title=Ohne Mobilnummer weiterfahren?
+providePhoneNumber.modal.description=Um sicherzustellen, dass Sie Ihre Mobilnummer richtig gespeichert haben, wiederholen Sie sie bitte unten. Eine falsch gespeicherte Mobilnummer kann die Wiederherstellung Ihres Kontos erschweren.
+providePhoneNumber.modal.inputLabel=Mobilnummer
+providePhoneNumber.modal.title=Mobilnummer wiederholen
+providePhoneNumber.saveButtonText=Speichern
+providePhoneNumber.title=Mobilnummer angeben
+pwreset.done.info=Ihr Passwort wurde erfolgreich ge&auml;ndert. Bitte klicken Sie auf Weiter, um sich einzuloggen.
+pwreset.email.sent=Wenn Ihre Benutzer-ID existiert, haben Sie eine E-Mail erhalten, um Ihr Passwort zurückzusetzen..
+pwreset.info.linktext=Passwort vergessen
+pwreset.noticket=Ihr Link ist nicht mehr g&uuml;ltig. Bitte generieren Sie ein Neuen.
+qrCode.label=Klicken Sie, um den QR-Code in einem Fenster zu &ouml;ffnen.
+recovery_accessapp_auth.accessAppRegistered=AGOV access App schon registriert
+recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
+recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
+recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
+recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
+recovery_check_code.enterRecoveryCode=Wiederherstellungscode
+recovery_check_code.expired=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen.
+recovery_check_code.instruction=Bitte geben Sie unten Ihren pers&ouml;nlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten.
+recovery_check_code.invalid.code=Code ist ung&uuml;ltig
+recovery_check_code.invalid.code.required=Code erforderlich
+recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
+recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
+recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen k&ouml;nnen?
+recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen k&ouml;nnen, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterst&uuml;tzen.
+recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist m&ouml;glicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
+recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterst&uuml;tzen.
+recovery_check_noCode.banner.error=Zu viele Versuche.
+recovery_check_noCode.instruction1=M&ouml;glicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
+recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
+recovery_code.banner.error=Bitte enth&uuml;llen Sie den Code, um fortfahren zu k&ouml;nnen.
+recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf.
+recovery_code.newRecoveryCode=Einf&uuml;hrung von Wiederherstellungscode
+recovery_code.validUntil=G&uuml;ltig bis:
+recovery_fidokey_auth.button=Schl&uuml;sselauthentifizierung starten
+recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schl&uuml;sselauthentifizierung starten"
+recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschl&uuml;ssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
+recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um sich zu identifizieren.
+recovery_fidokey_auth.keyRegistered=Sicherheitsschl&uuml;ssel schon registriert
+recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
+recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken k&ouml;nnen, mit dem Sie den Wiederherstellungsprozess starten.
+recovery_intro_email.important=Wichtig:
+recovery_intro_email.process=Der Wiederherstellungsprozess sollte nur verwendet werden, wenn Sie den Zugriff auf Ihre Login-Faktoren verloren haben (gel&ouml;schte AGOV access App, verlorener Sicherheitsschl&uuml;ssel, verlorenes Telefon usw.).
+recovery_intro_email_sent.banner.button=Keine E-Mail erhalten?
+recovery_intro_email_sent.banner.success=Vielen Dank! Sie werden in K&uuml;rze eine E-Mail mit einem Wiederherstellungslink und Anweisungen erhalten.
+recovery_on_going.finishRecovery=Wiederherstellung abschliessen
+recovery_on_going.instruction=Sie haben einen laufenden Wiederherstellungsprozess. Der Wiederherstellungsprozess kann eine Identit&auml;tspr&uuml;fung umfassen. Um mit Ihrem AGOV-Login auf Applikationen zugreifen zu k&ouml;nnen, m&uuml;ssen Sie auch die Identit&auml;tspr&uuml;fung abschliessen.
+recovery_on_going.title=Bitte schliessen Sie Ihren Wiederherstellungsprozess ab.
+recovery_questionnaire_instructions.banner.info=Bitte beachten Sie, dass Sie in bestimmten F&auml;llen f&uuml;r eine erfolgreiche Wiederherstellung Zugang zu Ihrem Wiederherstellungscode ben&ouml;tigen.
+recovery_questionnaire_instructions.explanation=Aufgrund Ihrer Antworten scheint eine Wiederherstellung Ihres AGOV-Logins erforderlich zu sein. Bitte klicken Sie auf Weiter und folgen Sie den Anweisungen auf dem Bildschirm.
+recovery_questionnaire_instructions.instruction1=Geben Sie die E-Mail-Adresse Ihres AGOV-Logins an, damit wir Ihnen einen Link senden k&ouml;nnen, um den Wiederherstellungsprozess zu beginnen
+recovery_questionnaire_instructions.instruction2=Folgen Sie den Schritten zur Wiederherstellung Ihres Kontos (die Schritte variieren je nach Verifizierungsstufe Ihres Kontos)
+recovery_questionnaire_loginfactor.banner.error=Bitte w&auml;hlen Sie eine Antwort.
+recovery_questionnaire_loginfactor.no=Nein
+recovery_questionnaire_loginfactor.question=Haben Sie mehr als einen Loginfaktor (AGOV access App oder Sicherheitsschl&uuml;ssel) f&uuml;r Ihren AGOV-Login registriert?
+recovery_questionnaire_loginfactor.yes=Ja
+recovery_questionnaire_no_recovery.explanation1=Ausgehend von Ihren Antworten scheint eine Wiederherstellung Ihres AGOV-Logins im Moment nicht notwendig zu sein.
+recovery_questionnaire_no_recovery.explanation2=Falls Sie weitere Informationen ben&ouml;tigen, besuchen Sie bitte <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> f&uuml;r Support-Artikel.
+recovery_questionnaire_no_recovery.instruction1=Wenn Sie Probleme haben, sich bei einer Anwendung anzumelden, besuchen Sie bitte <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> und testen Sie, ob Sie sich erfolgreich anmelden k&ouml;nnen.
+recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren registriert haben, aber den Zugriff zu einem von ihnen verloren haben, besuchen Sie bitte <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a>, um den verlorenen Loginfaktor zu entfernen.
+recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
+recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
+recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
+recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt, oder es wird angezeigt, dass keine Konten definiert sind
+recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
+recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
+recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen
+recovery_questionnaire_reason_selection.answer7=Ich habe meine Sicherheitsschl&uuml;ssel oder AGOV access Apps, hatte aber Probleme beim Einloggen
+recovery_questionnaire_reason_selection.answer8=Ich habe den Zugriff auf alle meine Sicherheitsschl&uuml;ssel und AGOV access Apps verloren
+recovery_questionnaire_reason_selection.answer9=Ich habe Probleme mit einem meiner Loginfaktoren (gel&ouml;scht, zur&uuml;ckgesetzt, vergessene PIN)
+recovery_questionnaire_reason_selection.banner.error=Bitte w&auml;hlen Sie einen Grund aus.
+recovery_questionnaire_reason_selection.instruction=Bitte w&auml;hlen Sie einen Grund wieso Sie den AGOV recovery Prozess starten:
+recovery_start_info.banner.warning=Sie k&ouml;nnen Ihr Konto nicht nutzen, bis der Wiederherstellungsprozess abgeschlossen ist.
+recovery_start_info.instruction=W&auml;hrend des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enth&auml;lt, m&uuml;ssen Sie zum Abschluss des Wiederherstellungsprozesses m&ouml;glicherweise auch einen Verifikationsprozess durchlaufen.
+recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten
+timeout.description=Ihre Sitzung ist abgelaufen. Bitte schliessen Sie dieses Fenster und versuchen Sie erneut, sich einzuloggen.
+timeout.title=Sitzung abgelaufen
+title=NEVIS SSO Portal
+title.login=Login
+title.pwchange.label=Passwort &auml;ndern
+title.pwreset=Passwort Vergesssen
+user_input.invalid.email=Bitte geben Sie eine g&uuml;ltige E-Mail ein
+user_input.invalid.email.required=Erforderliches Feld
+user_input.invalid.email.tooLong=Eingabe zu lang

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/resources/conf/text_de.properties

@@ -0,0 +1,302 @@
+
+agov-ident.done.message=Ihr AGOV-Konto ist nun einsatzbereit. Bitte schliessen Sie diese Seite.
+agov-ident.done.title=Fertig
+agov-ident.failed.instruction=Sie benötigen ein AGOV-Konto und müssen die vorgeschlagene Datenüberprüfung bestehen, um das Onboarding erfolgreich abzuschliessen. Bitte versuchen Sie es erneut.
+agov-ident.failed.message=Onboarding abgebrochen oder Verifikation der Daten verschoben
+agov-ident.failed.title=Verifikation erforderlich
+agov-ident.invalid-url.instruction=Der Link, den Sie für den Zugriff auf diese Seite verwendet haben, ist ungültig. Bitte stellen Sie sicher, dass Sie ihn so verwenden, wie Sie ihn erhalten haben, ohne Tippfehler, oder klicken Sie ihn direkt auf der Seite an, auf der er veröffentlicht ist.
+agov-ident.invalid-url.message=Link kann nicht verarbeitet werden
+agov-ident.invalid-url.title=Ungültiger Link
+agov-ident.onboarding=Registrierung & Verifikation
+agov-ident.retry=Versuchen Sie es erneut
+button.submit=Senden
+darkModeSwitch.aria.label=Dark-Mode-Schalter
+dimilar.confirm_identity.checkbox=Ich bestätige, dass dies meine Angaben sind
+dimilar.confirm_identity.description=Bitte bestätigen Sie, dass die folgenden Angaben Ihnen gehören, um fortzufahren:
+dimilar.confirm_identity.error=Bitte bestätigen Sie, dass die Angaben Ihnen gehören, um fortzufahren.
+dimilar.confirm_identity.link=Wenn diese nicht Ihre Angaben sind, besuchen Sie bitte <a class='link' href='https://agov.ch/dim' target='_blank'>https://agov.ch/dim</a>.
+dimilar.confirm_identity.title=Angaben best&auml;tigen
+dimilar.select_onboarding.description=Willkommen bei AGOV. Bitte komplettieren Sie Ihr Onboarding, indem Sie ein bestehendes oder neues AGOV Konto verbinden.
+dimilar.select_onboarding.error-banner=Bitte w&auml;hlen Sie eine Option aus, um fortzufahren
+dimilar.select_onboarding.existing-account=Onboarding mit einem existierenden AGOV-Konto
+dimilar.select_onboarding.proceeding=Wie m&ouml;chten Sie fortfahren?
+dimilar.select_onboarding.registering-account=Onboarding mit einem neuen AGOV-Konto
+dimilar.select_onboarding.title=Hallo !!!FIRSTNAME!!! !!!LASTNAME!!!
+dimilar.token_error.support=Um Hilfe zu erhalten, besuchen Sie bitte <a class='link' href='https://agov.ch/dim' target='_blank'>agov.ch/dim</a>.
+dimilar.token_error.token_expired=Token abgelaufen oder bereits verwendet.
+dimilar_onboarding.aborted.link=Wenn Sie Hilfe ben&ouml;tigen, besuchen Sie bitte <a class='link' href='https://agov.ch/dim' target='_blank'>https://agov.ch/dim</a>.
+dimilar_onboarding.aborted.message=Onboarding abgebrochen. Bitte versuchen Sie es erneut.
+dimilar_onboarding.failed.link=<a class='link' href='https://agov.ch/dim' target='_blank'>agov.ch/dim</a>.
+dimilar_onboarding.failed.message=Onboarding abgebrochen. Bitte kontaktieren Sie den Support unter
+dimilar_onboarding.successful.message=Onboarding mit AGOV-Konto erfolgreich. Sie k&ouml;nnen sich nun bei Dimilar unter <a class='link' href='https://www.armee.ch/de/dim' target='_blank'>https://www.armee.ch/de/dim</a> einloggen.
+dimilar_onboarding.title=Registrieren
+error.policy.failed=Das neue Passwort stimmt nicht mit der Richtlinie &uuml;berein.
+error_1=Bitte &uuml;berpr&uuml;fen Sie Ihre Eingaben.
+error_10=Bitte w&auml;hlen Sie das richtige Benutzerkonto aus.
+error_100=Zertifikat-Upload nicht m&ouml;glich. Das Zertifikat existiert bereits. Wenden Sie sich an Ihr Helpdesk.
+error_101=Die eingegebene E-Mail-Adresse ist ung&uuml;ltig.
+error_11=Bitte verwenden Sie ein anderes Zertifikat oder melden Sie sich mit einer anderen Art von Credential an.
+error_2=Bitte w&auml;hlen Sie einen anderen Login-Namen.
+error_3=Wenn die n&auml;chste Authentifizierung fehlschl&auml;gt, wird Ihr Konto gesperrt.
+error_4=Ihr neues Passwort verst&ouml;sst gegen die Sicherheitsrichtlinien. Bitte w&auml;hlen Sie ein anderes Passwort.
+error_403.description=Sie sind nicht berechtigt, auf diese Anwendung zuzugreifen.
+error_403.title=Nicht zugelassen
+error_404.description=Die von Ihnen gesuchte Seite existiert nicht.
+error_404.title=Seite nicht gefunden
+error_5=Fehler bei der Passwortbest&auml;tigung.
+error_50=Das neue Passwort ist zu kurz.
+error_500.description=Zurzeit liegt eine St&ouml;rung vor. Wir arbeiten daran.
+error_500.title=Etwas ist schiefgegangen.
+error_502.description=Wir arbeiten daran. Bitte versuchen Sie es sp&auml;ter noch einmal.
+error_502.title=Etwas ist schiefgegangen.
+error_55=Das neue Passwort muss sich von alten Passw&ouml;rtern unterscheiden.
+error_6=Passwort&auml;nderung erforderlich.
+error_7=&Auml;nderung der Login-ID erforderlich.
+error_8=Ihr Konto wurde aufgrund wiederholter fehlgeschlagener Authentifizierungsversuche gesperrt.
+error_81=Keine Zugangskarte gefunden, Zugang &uuml;ber das Internet verweigert.
+error_83=Ihre Zugangskarte ist nicht mehr g&uuml;ltig. Bitte wenden Sie sich an Ihre Beratungsperson, um eine neue Zugangskarte zu erhalten.
+error_9=&Uuml;bernahme der Sitzung fehlgeschlagen.
+error_97=Sie sind nicht berechtigt, auf diese Ressource zuzugreifen.
+error_98=Ihr Konto wurde gesperrt.
+error_99=Systemprobleme: Bitte versuchen Sie es sp&auml;ter noch einmal.
+error_9901=Sie ben&ouml;tigen einen g&uuml;ltigen Onboarding-Link, um auf diese Seite zuzugreifen.
+error_9902=Die f&uuml;r die Authentifizierung verwendete E-Mail-Adresse stimmt nicht mit der erwarteten E-Mail-Adresse in Operations &uuml;berein. Bitte fordern Sie einen neuen Onboarding-Link an.
+error_9903=Der verwendete IdP hat uns keine g&uuml;ltige Assertion gesendet. Bitte stellen Sie sicher, dass Sie den richtigen IdP verwenden. Fordern Sie beim Support einen neuen Onboarding-Link an.
+error_9904=Ihr Link ist nicht mehr g&uuml;ltig. Bitte stellen Sie sicher, dass Sie den neuesten Link verwenden, den Sie von Operations erhalten haben. Fordern Sie einen neuen Link an, falls das Problem weiterhin besteht.
+error_9905=Es gibt ein Problem mit Ihrem Operations-Konto. Kontaktieren Sie bitte den Support.
+error_9909=Es ist ein interner Fehler aufgetreten. Bitten Sie den Support um einen neuen Onboarding-Link.
+errors.duplicateValue=Ihr Konto ist bereits mit einem anderen Operations-Zugang verkn&uuml;pft.
+fido2_auth.cancel.fido=Die Authentifizierung mit dem Sicherheitsschl&uuml;ssel wurde unterbrochen. Bitte vergewissern Sie sich, dass Ihr FIDO-Schl&uuml;ssel registriert ist und Ihre E-Mail korrekt ist.
+fido2_auth.instruction1=Klicken Sie auf "Weiter"
+fido2_auth.instruction2=Ein Authentifizierungsfenster wird erscheinen
+fido2_auth.instruction3=Folgen Sie den Anweisungen
+fido2_auth.skipInstructions=Anweisungen n&auml;chstes Mal &uuml;berspringen
+fido2_auth.switchLogin=WECHSEL ZU LOGIN MIT
+footer.link=https://agov.ch
+footer.link.label=Kontakt
+footer.text=Authentifizierungsdienst der Schweizer Beh&ouml;rden AGOV &ndash; eine Zusammenarbeit zwischen den Kantonen, deren Gemeinden und der Bundesverwaltung. -
+general.AGOVAccessApp=AGOV access App
+general.accessApp=AGOV access App
+general.authenticate=Authentifizieren
+general.back=Zur&uuml;ck
+general.cancel=Abbrechen
+general.confirm=Best&auml;tigen
+general.contactSupport=Support kontaktieren
+general.continue=Weiter
+general.data.birthDate=Geburtsdatum
+general.data.birthDateFormat=TT.MM.JJJJ
+general.data.enrollmentNumber=AHV-Nummer (Dienstmanager)
+general.data.firstname=Vorname
+general.data.lastname=Nachname
+general.edit=&Auml;ndern
+general.email=E-Mail
+general.email.address=E-Mail-Adresse
+general.entryCode=Code-Eingabe
+general.fieldRequired=Erforderliches Feld
+general.generalAccessApp=Access App
+general.getStarted=Los geht's
+general.goAGOVHelp=Weiter zur AGOV help
+general.goAccessApp=Login mit AGOV access
+general.goToAccessApp=Zur AGOV access App wechseln
+general.help=Hilfe
+general.help.link=https://agov.ch/help
+general.login=Login
+general.login.accessApp=Login mit AGOV access App
+general.login.securityKey=Login mit Sicherheitsschl&uuml;ssel
+general.loginSecurityKey=Sicherheitsschl&uuml;ssel-Login starten
+general.moreOptions=WEITERE OPTIONEN
+general.or=ODER
+general.otherLoginMethods=Andere Login-Methoden
+general.recovery=Wiederherstellung
+general.recovery.help.link=https://help.agov.ch/?c=100recovery
+general.recoveryCode.downloadPdf=Als PDF herunterladen
+general.recoveryCode.inputLabel=Wiederherstellungscode
+general.recoveryCode.repeatCodeError=Der von Ihnen eingegebene Code war nicht korrekt. Bitte vergewissern Sie sich, dass Sie ihn richtig abgespeichert haben, und versuchen Sie es erneut.
+general.recoveryCode.repeatCodeModal.description=Um sicherzustellen, dass Sie Ihren Code richtig gespeichert haben, wiederholen Sie ihn bitte unten. Ein verlorener oder falsch gespeicherter Wiederherstellungscode kann die Wiederherstellung Ihres Kontos erschweren.
+general.recoveryCode.repeatCodeModal.title=Wiederherstellungscode wiederholen
+general.recoveryCode.reveal=Wiederherstellungscode enth&uuml;llen
+general.recoveryOngoing=Wiederherstellung nicht abgeschlossen
+general.register=Registrieren
+general.registerNow=Jetzt registrieren!
+general.registration=Registrierung
+general.registration.dontHaveAnAccountYet=Haben Sie noch kein AGOV-Konto?
+general.registration.seeOptions=Registrierungsoptionen ansehen
+general.securityKey=Sicherheitsschl&uuml;ssel
+general.skip.content=Direkt zum Hauptteil
+general.wrongPhoneNumber=Bitte geben Sie eine g&uuml;ltige Telefonnummer ein
+generic.auth.error.message=Es gab eine Service-Unterbrechung. Wir arbeiten daran.
+generic.auth.error.next.steps=Versuchen Sie es bitte sp&auml;ter noch einmal. Bitte besuchen Sie die AGOV-Hilfe, wenn das Problem weiterhin besteht.
+generic.auth.error.subtitle=Etwas ist schiefgegangen.
+generic.auth.error.title=Fehler
+info.login=Bitte geben Sie Ihre pers&ouml;nlichen Zugangsdaten ein.
+language.de=Deutsch
+language.en=English
+language.fr=Fran&ccedil;ais
+language.it=Italiano
+language.rm=Rumantsch
+languageDropdown.aria.label=Sprache w&auml;hlen
+loainfo.description.200=Um auf diese Applikation zuzugreifen, m&uuml;ssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2&ndash;3 Tage dauern.
+loainfo.description.300=Um auf diese Applikation zuzugreifen, m&uuml;ssen wir Ihre Angaben verifizieren. Sie k&ouml;nnen Ihre bevorzugte Methode im n&auml;chsten Schritt ausw&auml;hlen.
+loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
+loainfo.helper=Ihre pers&ouml;nlichen Daten m&uuml;ssen &uuml;berpr&uuml;ft werden!
+loainfo.later=Sp&auml;ter
+loainfo.startNow=M&ouml;chten Sie den Prozess jetzt starten?
+loainfo.startVerification=Verifikation starten
+loainfo.title=Verifizieren Sie Ihre Daten
+loggedout.description=Sie haben sich erfolgreich ausgeloggt.
+loggedout.title=Ausgeloggt
+mauth_usernameless.EID=Mit Schweizer E-ID fortfahren
+mauth_usernameless.banner.error=Authentifizierung unterbrochen.<br>Bitte versuchen Sie es erneut, nachdem die Seite neu geladen wurde.
+mauth_usernameless.banner.info=Scan erfolgreich. Bitte fahren Sie in der AGOV access App fort.
+mauth_usernameless.banner.success=Authentifizierung erfolgreich.<br>Bitte warten Sie, bis Sie eingeloggt werden.
+mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschl&uuml;ssel verloren?
+mauth_usernameless.cannotLogin.accessApp=Zugriff auf App verloren?
+mauth_usernameless.cannotLogin.securityKey=Zugriff auf Sicherheitsschl&uuml;ssel verloren?
+mauth_usernameless.hideQR=QR-Code ausblenden
+mauth_usernameless.instructions=Melden Sie sich an, indem Sie den QR-Code mit Ihrer AGOV access App scannen
+mauth_usernameless.noAccount=Haben Sie noch kein AGOV-Konto?
+mauth_usernameless.selectLoginMethod=Login-Methode w&auml;hlen
+mauth_usernameless.showQR=QR-Code anzeigen
+mauth_usernameless.startRecovery=Kontowiederherstellung starten
+mauth_usernameless.useSecurityKey=Verwenden Sie einen Sicherheitsschl&uuml;ssel, um sich anzumelden
+mauth_usernameless.useSecurityKeyInfo=Ein physischer Sicherheitsschl&uuml;ssel bietet eine sichere M&ouml;glichkeit, sich ohne Telefon anzumelden.
+onboard_linking_account_auth.fido_instructions=Ein physischer Sicherheitsschl&uuml;ssel bietet eine sichere M&ouml;glichkeit, das Onboarding mit Ihrem Konto ohne Telefon durchzuf&uuml;hren.
+onboard_linking_account_auth.instructions=F&uuml;hren Sie das Onboarding mit Ihrem AGOV-Konto durch, indem Sie den QR-Code mit Ihrer AGOV access App scannen
+onboarding.cancel-onboarding=Sind Sie sicher, dass Sie den Onboarding-Prozess abbrechen m&ouml;chten?
+onboarding.cancel-onboarding-description=Um mit der Kontowiederherstellung fortzufahren, m&uuml;ssen Sie den Onboarding-Prozess abbrechen.
+onboarding.cancel-proceed-recovery=Ja, abbrechen und mit der Wiederherstellung fortfahren
+onboarding.login-factor=Schritt 1 &ndash; Login-Faktor
+onboarding.with-agov.title=Onboarding mit AGOV-Konto
+onboarding_account.switchLinking=Wechseln zum Onboarding mit
+onboarding_account_auth.loginSecurityKey=Onboarding mit Sicherheitsschl&uuml;ssel starten
+onboarding_account_auth.useSecurityKey=Benutzen Sie einen Sicherheitsschl&uuml;ssel, um das Onboarding mit Ihrem AGOV-Konto durchzuf&uuml;hren
+op-admin.login=AGOV-op-Admin
+op-admin.login.intro.message=Login mit Ihrem Benutzernamen und Passwort
+op-admin.login.loginid=LoginID
+op-admin.login.password=Passwort
+op-admin.login.title=Login
+op-admin.logout=AGOV-op-Admin
+op-admin.logout.message=Sie haben sich erfolgreich ausgeloggt.
+op-admin.logout.title=Logout
+op-admin.pwchange.intro.message=Passwort&auml;nderung erforderlich
+op-admin.pwchange.newpassword=Neues Passwort
+op-admin.pwchange.newpassword2=Neues Passwort wiederholen
+op-admin.pwchange.password=Aktuelles Passwort
+op-admin.pwchange.title=&Auml;nderung des Passworts
+op-idmlogin.role.accs-mgmt-idm=IDM accessrights management
+op-idmlogin.role.accs-mgmt-nonidm=Accessrights management
+op-idmlogin.role.idmcfg-mgmt=IDM set-up
+op-idmlogin.role.readonly-access=Standardzugriff (Nur Leseberechtigung)
+op-idmlogin.role.support-basic=Supportf&auml;lle (Wiederherstellung, ...)
+op-idmlogin.role.support-priv=3rd Level Support (Archivierung, Abmeldungen, ...)
+op-idmlogin.role.usr-mgmt=Benutzerverwaltung (Betrieb)
+op-idmlogin.role.usr-unit-mgmt=Benutzer- und Organisationsverwaltung (Betrieb)
+op-idmlogin.select=AGOV idm
+op-idmlogin.select.intro=Bitte w&auml;hlen Sie ein Profil aus...
+op-idmlogin.select.note=Mit * markierte Profile sollten nur f&uuml;r bestimmte Support oder Release Aufgaben genutzt werden.
+op-idmlogin.select.title=Profilauswahl
+op-onboarding.done.message=Das Onboarding war erfolgreich. Sie k&ouml;nnen nun Ihren AGOV-Operations-Zugang verwenden. Bitte schliessen Sie den Browser, bevor Sie auf eine der Operations-Applikationen zugreifen.
+op-onboarding.done.title=FERTIG
+op-onboarding.failed.title=FEHLER
+op-onboarding.intro.message1=Um das Onboarding f&uuml;r Ihren AGOV-Operations-Zugang abzuschliessen, ben&ouml;tigen Sie entweder ein AGOV- oder ein FED-LOGIN-Konto.
+op-onboarding.intro.message2=Wenn Sie auf &laquo;Weiter&raquo; klicken, werden Sie zur Authentifizierung weitergeleitet.
+op-onboarding.intro.message3=Wenn Sie AGOV verwenden und Ihr Konto noch nicht der erforderlichen AGOVaq-Stufe entspricht, erhalten Sie die M&ouml;glichkeit, die erforderliche Identit&auml;tspr&uuml;fung zu starten.
+op-onboarding.intro.title=START
+op-onboarding.onboarding=AGOV-op-Onboarding
+op-onboarding.process.message=Bei der Bearbeitung ist etwas schiefgegangen. Wenden Sie sich wenn n&ouml;tig an den AGOV-Support und fordern Sie einen neuen Onboarding-Link an.
+prompt.client=Mandant
+prompt.newpassword=Neues Passwort
+prompt.newpassword.confirm=Passwort best&auml;tigen
+prompt.password=Passwort
+prompt.userid=Benutzer-ID
+providePhoneNumber.banner=Die Mobilnummer muss f&uuml;r den Empfang von SMS geeignet sein. Sie wird nicht verwendet, um Sie zu kontaktieren.
+providePhoneNumber.description=AGOV erlaubt nun die Wiederherstellung mittels Mobilnummer. So k&ouml;nnen Sie w&auml;hrend der Wiederherstellung mit einer SMS fortfahren, wenn Sie Ihren Wiederherstellungscode verloren haben.
+providePhoneNumber.errorBanner=Die Mobilnummern stimmen nicht &uuml;berein. Bitte versuchen Sie es erneut.
+providePhoneNumber.inputLabel=Mobilnummer (optional)
+providePhoneNumber.laterModal.description1=Ohne Mobilnummer kann die Wiederherstellung Ihres Kontos bis zu 4 Tage dauern, wenn Sie Ihren Wiederherstellungscode verlieren.
+providePhoneNumber.laterModal.description2=Durch Hinzuf&uuml;gen einer Mobilnummer k&ouml;nnen Sie Ihr Konto in wenigen Minuten wiederherstellen.
+providePhoneNumber.laterModal.description3=Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
+providePhoneNumber.laterModal.title=Ohne Mobilnummer weiterfahren?
+providePhoneNumber.modal.description=Um sicherzustellen, dass Sie Ihre Mobilnummer richtig gespeichert haben, wiederholen Sie sie bitte unten. Eine falsch gespeicherte Mobilnummer kann die Wiederherstellung Ihres Kontos erschweren.
+providePhoneNumber.modal.inputLabel=Mobilnummer
+providePhoneNumber.modal.title=Mobilnummer wiederholen
+providePhoneNumber.saveButtonText=Speichern
+providePhoneNumber.title=Mobilnummer angeben
+pwreset.done.info=Ihr Passwort wurde erfolgreich ge&auml;ndert. Bitte klicken Sie auf Weiter, um sich einzuloggen.
+pwreset.email.sent=Wenn Ihre Benutzer-ID existiert, haben Sie eine E-Mail erhalten, um Ihr Passwort zurückzusetzen..
+pwreset.info.linktext=Passwort vergessen
+pwreset.noticket=Ihr Link ist nicht mehr g&uuml;ltig. Bitte generieren Sie ein Neuen.
+qrCode.label=Klicken Sie, um den QR-Code in einem Fenster zu &ouml;ffnen.
+recovery_accessapp_auth.accessAppRegistered=AGOV access App schon registriert
+recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
+recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
+recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
+recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
+recovery_check_code.enterRecoveryCode=Wiederherstellungscode
+recovery_check_code.expired=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen.
+recovery_check_code.instruction=Bitte geben Sie unten Ihren pers&ouml;nlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten.
+recovery_check_code.invalid.code=Code ist ung&uuml;ltig
+recovery_check_code.invalid.code.required=Code erforderlich
+recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
+recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
+recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen k&ouml;nnen?
+recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen k&ouml;nnen, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterst&uuml;tzen.
+recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist m&ouml;glicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
+recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterst&uuml;tzen.
+recovery_check_noCode.banner.error=Zu viele Versuche.
+recovery_check_noCode.instruction1=M&ouml;glicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
+recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
+recovery_code.banner.error=Bitte enth&uuml;llen Sie den Code, um fortfahren zu k&ouml;nnen.
+recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf.
+recovery_code.newRecoveryCode=Einf&uuml;hrung von Wiederherstellungscode
+recovery_code.validUntil=G&uuml;ltig bis:
+recovery_fidokey_auth.button=Schl&uuml;sselauthentifizierung starten
+recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schl&uuml;sselauthentifizierung starten"
+recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschl&uuml;ssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
+recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um sich zu identifizieren.
+recovery_fidokey_auth.keyRegistered=Sicherheitsschl&uuml;ssel schon registriert
+recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
+recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken k&ouml;nnen, mit dem Sie den Wiederherstellungsprozess starten.
+recovery_intro_email.important=Wichtig:
+recovery_intro_email.process=Der Wiederherstellungsprozess sollte nur verwendet werden, wenn Sie den Zugriff auf Ihre Login-Faktoren verloren haben (gel&ouml;schte AGOV access App, verlorener Sicherheitsschl&uuml;ssel, verlorenes Telefon usw.).
+recovery_intro_email_sent.banner.button=Keine E-Mail erhalten?
+recovery_intro_email_sent.banner.success=Vielen Dank! Sie werden in K&uuml;rze eine E-Mail mit einem Wiederherstellungslink und Anweisungen erhalten.
+recovery_on_going.finishRecovery=Wiederherstellung abschliessen
+recovery_on_going.instruction=Sie haben einen laufenden Wiederherstellungsprozess. Der Wiederherstellungsprozess kann eine Identit&auml;tspr&uuml;fung umfassen. Um mit Ihrem AGOV-Login auf Applikationen zugreifen zu k&ouml;nnen, m&uuml;ssen Sie auch die Identit&auml;tspr&uuml;fung abschliessen.
+recovery_on_going.title=Bitte schliessen Sie Ihren Wiederherstellungsprozess ab.
+recovery_questionnaire_instructions.banner.info=Bitte beachten Sie, dass Sie in bestimmten F&auml;llen f&uuml;r eine erfolgreiche Wiederherstellung Zugang zu Ihrem Wiederherstellungscode ben&ouml;tigen.
+recovery_questionnaire_instructions.explanation=Aufgrund Ihrer Antworten scheint eine Wiederherstellung Ihres AGOV-Logins erforderlich zu sein. Bitte klicken Sie auf Weiter und folgen Sie den Anweisungen auf dem Bildschirm.
+recovery_questionnaire_instructions.instruction1=Geben Sie die E-Mail-Adresse Ihres AGOV-Logins an, damit wir Ihnen einen Link senden k&ouml;nnen, um den Wiederherstellungsprozess zu beginnen
+recovery_questionnaire_instructions.instruction2=Folgen Sie den Schritten zur Wiederherstellung Ihres Kontos (die Schritte variieren je nach Verifizierungsstufe Ihres Kontos)
+recovery_questionnaire_loginfactor.banner.error=Bitte w&auml;hlen Sie eine Antwort.
+recovery_questionnaire_loginfactor.no=Nein
+recovery_questionnaire_loginfactor.question=Haben Sie mehr als einen Loginfaktor (AGOV access App oder Sicherheitsschl&uuml;ssel) f&uuml;r Ihren AGOV-Login registriert?
+recovery_questionnaire_loginfactor.yes=Ja
+recovery_questionnaire_no_recovery.explanation1=Ausgehend von Ihren Antworten scheint eine Wiederherstellung Ihres AGOV-Logins im Moment nicht notwendig zu sein.
+recovery_questionnaire_no_recovery.explanation2=Falls Sie weitere Informationen ben&ouml;tigen, besuchen Sie bitte <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> f&uuml;r Support-Artikel.
+recovery_questionnaire_no_recovery.instruction1=Wenn Sie Probleme haben, sich bei einer Anwendung anzumelden, besuchen Sie bitte <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> und testen Sie, ob Sie sich erfolgreich anmelden k&ouml;nnen.
+recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren registriert haben, aber den Zugriff zu einem von ihnen verloren haben, besuchen Sie bitte <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a>, um den verlorenen Loginfaktor zu entfernen.
+recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
+recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
+recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
+recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt, oder es wird angezeigt, dass keine Konten definiert sind
+recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
+recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
+recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen
+recovery_questionnaire_reason_selection.answer7=Ich habe meine Sicherheitsschl&uuml;ssel oder AGOV access Apps, hatte aber Probleme beim Einloggen
+recovery_questionnaire_reason_selection.answer8=Ich habe den Zugriff auf alle meine Sicherheitsschl&uuml;ssel und AGOV access Apps verloren
+recovery_questionnaire_reason_selection.answer9=Ich habe Probleme mit einem meiner Loginfaktoren (gel&ouml;scht, zur&uuml;ckgesetzt, vergessene PIN)
+recovery_questionnaire_reason_selection.banner.error=Bitte w&auml;hlen Sie einen Grund aus.
+recovery_questionnaire_reason_selection.instruction=Bitte w&auml;hlen Sie einen Grund wieso Sie den AGOV recovery Prozess starten:
+recovery_start_info.banner.warning=Sie k&ouml;nnen Ihr Konto nicht nutzen, bis der Wiederherstellungsprozess abgeschlossen ist.
+recovery_start_info.instruction=W&auml;hrend des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enth&auml;lt, m&uuml;ssen Sie zum Abschluss des Wiederherstellungsprozesses m&ouml;glicherweise auch einen Verifikationsprozess durchlaufen.
+recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten
+timeout.description=Ihre Sitzung ist abgelaufen. Bitte schliessen Sie dieses Fenster und versuchen Sie erneut, sich einzuloggen.
+timeout.title=Sitzung abgelaufen
+title=NEVIS SSO Portal
+title.login=Login
+title.pwchange.label=Passwort &auml;ndern
+title.pwreset=Passwort Vergesssen
+user_input.invalid.email=Bitte geben Sie eine g&uuml;ltige E-Mail ein
+user_input.invalid.email.required=Erforderliches Feld
+user_input.invalid.email.tooLong=Eingabe zu lang

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/resources/conf/text_en.properties

@@ -0,0 +1,302 @@
+
+agov-ident.done.message=Your AGOV account is now ready for use. Please close this page.
+agov-ident.done.title=Done
+agov-ident.failed.instruction=You need an AGOV account and pass the suggested data verification to successfully finish the on-boarding. Please try again.
+agov-ident.failed.message=Onboarding cancelled or data verification postponed
+agov-ident.failed.title=Verification needed
+agov-ident.invalid-url.instruction=The link you used to access this page isn't valid. Please make sure you use it as received without any typos or click it directly on the page, where it is published.
+agov-ident.invalid-url.message=Link can't be processed
+agov-ident.invalid-url.title=Invalid Link
+agov-ident.onboarding=Registration & Verification
+agov-ident.retry=Try again
+button.submit=Submit
+darkModeSwitch.aria.label=Dark mode toggle
+dimilar.confirm_identity.checkbox=I confirm this is my data
+dimilar.confirm_identity.description=Please confirm the data below is yours in order to proceed:
+dimilar.confirm_identity.error=Please confirm the data is yours to proceed.
+dimilar.confirm_identity.link=If this is not your data, please visit <a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar.confirm_identity.title=Confirm data
+dimilar.select_onboarding.description=Welcome to AGOV. Please complete your onboarding by connecting to an existing or new AGOV account.
+dimilar.select_onboarding.error-banner=Please select one option to continue
+dimilar.select_onboarding.existing-account=Onboard with an existing AGOV account
+dimilar.select_onboarding.proceeding=How would you like to proceed?
+dimilar.select_onboarding.registering-account=Onboard with a new AGOV account
+dimilar.select_onboarding.title=Hello !!!FIRSTNAME!!! !!!LASTNAME!!!,
+dimilar.token_error.support=For support please visit <a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar.token_error.token_expired=Token expired or already used.
+dimilar_onboarding.aborted.link=If you require support please visit <a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar_onboarding.aborted.message=Onboarding aborted. Please try again.
+dimilar_onboarding.failed.link=<a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar_onboarding.failed.message=Onboarding aborted. Please contact support at
+dimilar_onboarding.successful.message=Onboarding with AGOV account successful. You are now able to log in to Dimilar at <a class='link' href='https://www.armee.ch/dim' target='_blank'>https://www.armee.ch/dim</a>.
+dimilar_onboarding.title=Register
+error.policy.failed=The new password does not comply with the policy.
+error_1=Please check your input.
+error_10=Please select the correct user account.
+error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
+error_101=The entered email address is not valid.
+error_11=Please use another certficate or login with another credential type.
+error_2=Please select another login name.
+error_3=Your account will be locked if next authentication fails.
+error_4=Your new password does not comply with the security policy. Please choose a different password.
+error_403.description=You are not authorised to access this application.
+error_403.title=Not authorised
+error_404.description=The page you are looking for does not exist.
+error_404.title=Page not found
+error_5=Error in password confirmation.
+error_50=The new password is too short.
+error_500.description=There is currently an outage. We are working on it.
+error_500.title=Something went wrong.
+error_502.description=We are working on it. Please try again later.
+error_502.title=Something went wrong.
+error_55=The new password has to differ from old passwords.
+error_6=Password change required.
+error_7=Change of login ID required.
+error_8=Your account has been locked due to repeated authentication failures.
+error_81=No access card found, access from internet denied.
+error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
+error_9=Session take over failed.
+error_97=You are not authorized to access this resource.
+error_98=Your account has been locked.
+error_99=System problems. Please try later.
+error_9901=You need a valid on-boarding link to access this page.
+error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link.
+error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link.
+error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists.
+error_9905=There is a problem with your operations account. Please contact the support.
+error_9909=An internal error occured. Please ask the support for a new on-boarding link.
+errors.duplicateValue=Your account is already linked with another operations access.
+fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below.
+fido2_auth.instruction1=Click on "Continue"
+fido2_auth.instruction2=An authentication window will appear
+fido2_auth.instruction3=Follow the instructions
+fido2_auth.skipInstructions=Skip instructions next time
+fido2_auth.switchLogin=SWITCH TO LOGIN WITH
+footer.link=https://agov.ch
+footer.link.label=Contact
+footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. -
+general.AGOVAccessApp=AGOV access app
+general.accessApp=AGOV access app
+general.authenticate=Authenticate
+general.back=Back
+general.cancel=Cancel
+general.confirm=Confirm
+general.contactSupport=Contact Support
+general.continue=Continue
+general.data.birthDate=Date of birth
+general.data.birthDateFormat=DD.MM.YYYY
+general.data.enrollmentNumber=Enrolment number (SSN/AHV number)
+general.data.firstname=First name
+general.data.lastname=Last name
+general.edit=Edit
+general.email=Email
+general.email.address=Email address
+general.entryCode=Code entry
+general.fieldRequired=Field required
+general.generalAccessApp=Access app
+general.getStarted=Get started
+general.goAGOVHelp=Go to AGOV help
+general.goAccessApp=Login with AGOV access
+general.goToAccessApp=Go to AGOV access app
+general.help=Help
+general.help.link=https://agov.ch/help
+general.login=Login
+general.login.accessApp=Login with Access App
+general.login.securityKey=Login with Security Key
+general.loginSecurityKey=Start Security key login
+general.moreOptions=MORE OPTIONS
+general.or=OR
+general.otherLoginMethods=Other login methods
+general.recovery=Recovery
+general.recovery.help.link=https://help.agov.ch/?c=100recovery
+general.recoveryCode.downloadPdf=Download as PDF
+general.recoveryCode.inputLabel=Recovery code
+general.recoveryCode.repeatCodeError=The code you entered was incorrect. Please ensure you have stored it correctly and try again.
+general.recoveryCode.repeatCodeModal.description=To ensure you have recorded your code correctly, please repeat it below. A lost or incorrectly stored recovery code can make it more difficult to recover your account.
+general.recoveryCode.repeatCodeModal.title=Repeat recovery code
+general.recoveryCode.reveal=Reveal recovery code
+general.recoveryOngoing=Ongoing recovery
+general.register=Register
+general.registerNow=Register now!
+general.registration=Registration
+general.registration.dontHaveAnAccountYet=Don't have an AGOV account yet?
+general.registration.seeOptions=See registration options
+general.securityKey=Security key
+general.skip.content=Skip to main content
+general.wrongPhoneNumber=Please enter a valid phone number
+generic.auth.error.message=There was a service interruption. We are working on it.
+generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists.
+generic.auth.error.subtitle=Something went wrong.
+generic.auth.error.title=Error
+info.login=Please enter your authentication information.
+language.de=Deutsch
+language.en=English
+language.fr=Fran&ccedil;ais
+language.it=Italiano
+language.rm=Rumantsch
+languageDropdown.aria.label=Select language
+loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2-3 days.
+loainfo.description.300=To access the application we need to verify your data. You can choose your preferred process in the next step.
+loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
+loainfo.helper=Your data needs to be verified!
+loainfo.later=Later
+loainfo.startNow=Do you want to start the process now?
+loainfo.startVerification=Start verification
+loainfo.title=Verify your data
+loggedout.description=You have been successfully logged out.
+loggedout.title=Logged out
+mauth_usernameless.EID=Continue with CH E-ID
+mauth_usernameless.banner.error=Authentication interrupted.<br>Please try again when the page reloads.
+mauth_usernameless.banner.info=Scan successful. Please continue in the AGOV access app.
+mauth_usernameless.banner.success=Authentication successful.<br>Please wait to be logged in.
+mauth_usernameless.cannotLogin=Lost access to your app / security key?
+mauth_usernameless.cannotLogin.accessApp=Lost access to your app?
+mauth_usernameless.cannotLogin.securityKey=Lost access to your security key?
+mauth_usernameless.hideQR=Hide QR code
+mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app
+mauth_usernameless.noAccount=Don't have an AGOV account yet?
+mauth_usernameless.selectLoginMethod=Select login method
+mauth_usernameless.showQR=Show QR code
+mauth_usernameless.startRecovery=Start account recovery
+mauth_usernameless.useSecurityKey=Use a security key to log in
+mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone.
+onboard_linking_account_auth.fido_instructions=A physical security key offers a secure way to onboard with your account without having to use a phone.
+onboard_linking_account_auth.instructions=Onboard with your AGOV account by scanning the QR code with your AGOV access app
+onboarding.cancel-onboarding=Are you sure you want to cancel the onboarding process?
+onboarding.cancel-onboarding-description=In order to proceed with an account recovery, you will have to cancel the onboarding process.
+onboarding.cancel-proceed-recovery=Yes, cancel and proceed to recovery
+onboarding.login-factor=Step 1 - Login factor
+onboarding.with-agov.title=Onboard with AGOV account
+onboarding_account.switchLinking=Switch to onboard with
+onboarding_account_auth.loginSecurityKey=Start onboarding with security key
+onboarding_account_auth.useSecurityKey=Use a security key to onboard with your AGOV account
+op-admin.login=AGOV op admin
+op-admin.login.intro.message=Login with your username and password
+op-admin.login.loginid=LoginId
+op-admin.login.password=Passwort
+op-admin.login.title=Login
+op-admin.logout=AGOV op admin
+op-admin.logout.message=You have successfully logged out.
+op-admin.logout.title=Logout
+op-admin.pwchange.intro.message=Password change required
+op-admin.pwchange.newpassword=New password
+op-admin.pwchange.newpassword2=Repeat new password
+op-admin.pwchange.password=Current password
+op-admin.pwchange.title=Password Change
+op-idmlogin.role.accs-mgmt-idm=IDM accessrights management
+op-idmlogin.role.accs-mgmt-nonidm=Accessrights management
+op-idmlogin.role.idmcfg-mgmt=IDM set-up
+op-idmlogin.role.readonly-access=Default access (readonly)
+op-idmlogin.role.support-basic=Support cases (recovery, ...)
+op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding)
+op-idmlogin.role.usr-mgmt=User management (operations)
+op-idmlogin.role.usr-unit-mgmt=User and organization management (operations)
+op-idmlogin.select=AGOV idm
+op-idmlogin.select.intro=Please select one of the profiles below...
+op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks.
+op-idmlogin.select.title=Profile selection
+op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application.
+op-onboarding.done.title=DONE
+op-onboarding.failed.title=ERROR
+op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account.
+op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication.
+op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification.
+op-onboarding.intro.title=START
+op-onboarding.onboarding=AGOV op on-boarding
+op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link.
+prompt.client=Client
+prompt.newpassword=New Password
+prompt.newpassword.confirm=Confirm Password
+prompt.password=Password
+prompt.userid=User-ID
+providePhoneNumber.banner=Phone number must be able to receive SMS. It will not be used to contact you.
+providePhoneNumber.description=AGOV now supports recovery with your phone number. This will allow you to continue with an SMS during recovery if you have lost access to your recovery code.
+providePhoneNumber.errorBanner=Phone numbers do not match. Please try again.
+providePhoneNumber.inputLabel=Phone number (optional)
+providePhoneNumber.laterModal.description1=Without a phone number, a recovery of your account might take up to 4 days if you lose access to your recovery code.
+providePhoneNumber.laterModal.description2=Adding a phone number helps you to recover your account in a matter of minutes.
+providePhoneNumber.laterModal.description3=This phone number will not be used to contact you.
+providePhoneNumber.laterModal.title=Continue without a phone number?
+providePhoneNumber.modal.description=To ensure you have recorded your phone number correctly, please repeat it below. An incorrectly stored phone number can make it more difficult to recover your account.
+providePhoneNumber.modal.inputLabel=Phone number
+providePhoneNumber.modal.title=Repeat phone number
+providePhoneNumber.saveButtonText=Save
+providePhoneNumber.title=Add phone number
+pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
+pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you.
+pwreset.info.linktext=Password forgotten
+pwreset.noticket=Your password reset link is no longer valid. Please generate a new one.
+qrCode.label=Click to open QR code in pop-up window.
+recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered
+recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process.
+recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you.
+recovery_check_code.banner.lockedError=Too many invalid input attempts. Please try again in a few minutes.
+recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again.
+recovery_check_code.enterRecoveryCode=Recovery code
+recovery_check_code.expired=Too many attempts or your recovery code has expired.
+recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me.
+recovery_check_code.invalid.code=The code is invalid
+recovery_check_code.invalid.code.required=Code required
+recovery_check_code.invalid.code.tooLong=The code is too long
+recovery_check_code.noAccess=I do not have access to my code
+recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
+recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
+recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
+recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
+recovery_check_noCode.banner.error=Too many attempts.
+recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
+recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
+recovery_code.banner.error=Please reveal your recovery code to be able to continue.
+recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place.
+recovery_code.newRecoveryCode=Introducing recovery code
+recovery_code.validUntil=Valid until:
+recovery_fidokey_auth.button=Start key authentication
+recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication"
+recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process.
+recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you.
+recovery_fidokey_auth.keyRegistered=Security key already registered
+recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link.
+recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process.
+recovery_intro_email.important=Important:
+recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.).
+recovery_intro_email_sent.banner.button=Didn't receive the email?
+recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly.
+recovery_on_going.finishRecovery=Finish recovery
+recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well.
+recovery_on_going.title=Please finish your recovery process.
+recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery.
+recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen.
+recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process
+recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level)
+recovery_questionnaire_loginfactor.banner.error=Please select an answer.
+recovery_questionnaire_loginfactor.no=No
+recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account?
+recovery_questionnaire_loginfactor.yes=Yes
+recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now.
+recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> for support articles.
+recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> and test if you can log in successfully.
+recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> to remove the one you have lost access to.
+recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
+recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
+recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
+recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app, or it shows there are no accounts defined
+recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
+recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
+recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app
+recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in
+recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps
+recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN)
+recovery_questionnaire_reason_selection.banner.error=Please select a reason.
+recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process:
+recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded.
+recovery_start_info.instruction=During the recovery process you will register a new login factor. If  your account contains any verified information you might also have to go through a verification process to finish the recovery.
+recovery_start_info.title=You are about to start the recovery process
+timeout.description=Your session has timed out. Please close this window and try logging in again.
+timeout.title=Session expired
+title=NEVIS SSO Portal
+title.login=Login
+title.pwchange.label=Password Change
+title.pwreset=Password Forgotten
+user_input.invalid.email=Please enter a valid email address
+user_input.invalid.email.required=Field required
+user_input.invalid.email.tooLong=Input is too long

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/resources/conf/text_fr.properties

@@ -0,0 +1,302 @@
+
+agov-ident.done.message=Votre compte AGOV est maintenant prêt à être utilisé. Veuillez fermer cette page.
+agov-ident.done.title=Terminé
+agov-ident.failed.instruction=Vous devez disposer d'un compte AGOV et passer avec succès la vérification des données suggérée pour terminer l'inscription. Veuillez réessayer.
+agov-ident.failed.message=Enregistrement annulé ou vérification des données reportée
+agov-ident.failed.title=Vérification requise
+agov-ident.invalid-url.instruction=Le lien que vous avez utilisé pour accéder à cette page n'est pas valide. Veuillez vous assurer de l'utiliser tel qu'il a été reçu, sans fautes de frappe, ou cliquez directement sur la page où il est publié.
+agov-ident.invalid-url.message=Le lien ne peut pas être traité
+agov-ident.invalid-url.title=Lien non valide
+agov-ident.onboarding=Enregistrement et vérification
+agov-ident.retry=Essayez à nouveau
+button.submit=Envoyer
+darkModeSwitch.aria.label=Activer l'apparence sombre
+dimilar.confirm_identity.checkbox=Je confirme que ce sont mes données
+dimilar.confirm_identity.description=Veuillez confirmer que les données ci-dessous vous appartiennent afin de poursuivre :
+dimilar.confirm_identity.error=Veuillez confirmer que les données vous appartiennent afin de poursuivre.
+dimilar.confirm_identity.link=Si ces donn&eacute;es ne sont pas les v&ocirc;tres, veuillez vous rendre sur <a class='link' href='https://agov.ch/fr/dim' target='_blank'>https://agov.ch/fr/dim</a>.
+dimilar.confirm_identity.title=Confirmer les donn&eacute;es
+dimilar.select_onboarding.description=Bienvenue sur AGOV. Veuillez terminer votre int&eacute;gration en vous connectant &agrave; un compte AGOV existant ou en cr&eacute;ant un nouveau compte.
+dimilar.select_onboarding.error-banner=Veuillez s&eacute;lectionner une option pour continuer
+dimilar.select_onboarding.existing-account=Se connecter avec un compte AGOV existant
+dimilar.select_onboarding.proceeding=Comment voulez-vous proc&eacute;der ?
+dimilar.select_onboarding.registering-account=Se connecter avec un nouveau compte AGOV
+dimilar.select_onboarding.title=Bonjour !!!FIRSTNAME!!! !!!LASTNAME!!!,
+dimilar.token_error.support=Si vous avez besoin d'aide veuillez vous rendre sur <a class='link' href='https://agov.ch/fr/dimf' target='_blank'>https://agov.ch/fr/dimf</a>.
+dimilar.token_error.token_expired=Jeton expir&eacute; ou d&eacute;j&agrave; utilis&eacute;.
+dimilar_onboarding.aborted.link=Si vous avez besoin d'aide veuillez vous rendre sur <a class='link' href='https://agov.ch/fr/dimf' target='_blank'>https://agov.ch/fr/dimf</a>.
+dimilar_onboarding.aborted.message=Le processus d&rsquo;int&eacute;gration a &eacute;t&eacute; annul&eacute;. Veuillez r&eacute;essayer.
+dimilar_onboarding.failed.link=<a class='link' href='https://agov.ch/fr/dimf' target='_blank'>https://agov.ch/fr/dimf</a>.
+dimilar_onboarding.failed.message=Le processus d'int&eacute;gration a &eacute;t&eacute; annul&eacute;. Veuillez contacter le service de support &agrave;
+dimilar_onboarding.successful.message=L&rsquo;int&eacute;gration avec le compte AGOV a r&eacute;ussi. Vous pouvez maintenant vous connecter sur le gestionnaire de service <a class='link' href='https://www.armee.ch/fr/dimf' target='_blank'>https://www.armee.ch/fr/dimf</a>.
+dimilar_onboarding.title=Cr&eacute;er un compte
+error.policy.failed=Votre nouveau mot de passe ne conforme pas aux mesures de s&eacute;curit&eacute;
+error_1=Veuillez v&eacute;rifier votre saisie.
+error_10=Veuillez s&eacute;lectionner le compte d&rsquo;utilisateur correct.
+error_100=Le t&eacute;l&eacute;chargement du certificat est impossible. Le certificat existe d&eacute;j&agrave;. Veuillez contacter votre service d&rsquo;assistance.
+error_101=L&rsquo;adresse e-mail saisie n&rsquo;est pas valable.
+error_11=Veuillez utiliser un autre certificat ou vous connecter au moyen d&rsquo;un autre type de facteur d&rsquo;authentification.
+error_2=Veuillez s&eacute;lectionner un autre nom d&rsquo;utilisateur.
+error_3=Votre compte sera bloqu&eacute; si la prochaine tentative d&rsquo;authentification &eacute;choue.
+error_4=Votre nouveau mot de passe n&rsquo;est pas conforme &agrave; la politique de s&eacute;curit&eacute;. Veuillez choisir un autre mot de passe.
+error_403.description=Vous n&rsquo;&ecirc;tes pas autoris&eacute; &agrave; acc&eacute;der &agrave; cette ressource.
+error_403.title=Pas autoris&eacute;
+error_404.description=La page que vous recherchez n'existe pas.
+error_404.title=Page introuvable
+error_5=Erreur de confirmation du mot de passe
+error_50=Le nouveau mot de passe est trop court.
+error_500.description=Un incident est survenu. Nous mettons tout en œuvre pour le r&eacute;soudre.
+error_500.title=Un probl&egrave;me s&rsquo;est produit.
+error_502.description=Nous y travaillons. Veuillez r&eacute;essayer plus tard.
+error_502.title=Un probl&egrave;me s&rsquo;est produit.
+error_55=Le nouveau mot de passe doit &ecirc;tre diff&eacute;rent des pr&eacute;c&eacute;dents.
+error_6=Changement de mot de passe requis.
+error_7=Changement d&rsquo;identifiant de connexion requis.
+error_8=Votre compte a &eacute;t&eacute; bloqu&eacute; en raison de plusieurs &eacute;checs d&rsquo;authentification.
+error_81=Aucune carte d&rsquo;acc&egrave;s n&rsquo;a &eacute;t&eacute; trouv&eacute;e, l&rsquo;acc&egrave;s depuis Internet est refus&eacute;.
+error_83=Votre carte d&rsquo;acc&egrave;s n&rsquo;est plus valable. Veuillez contacter votre conseiller pour obtenir une nouvelle carte d&rsquo;acc&egrave;s.
+error_9=La reprise de session a &eacute;chou&eacute;.
+error_97=Vous n&rsquo;&ecirc;tes pas autoris&eacute; &agrave; acc&eacute;der &agrave; cette ressource.
+error_98=Votre compte a &eacute;t&eacute; bloqu&eacute;.
+error_99=Probl&egrave;mes de syst&egrave;me. Veuillez r&eacute;essayer plus tard.
+error_9901=Vous devez disposer d&rsquo;un lien d&rsquo;enregistrement valable pour acc&eacute;der &agrave; cette page.
+error_9902=L&rsquo;adresse e-mail utilis&eacute;e pour l&rsquo;authentification ne correspond pas &agrave; celle qui est renseign&eacute;e dans AGOV operations. Veuillez demander un nouveau lien d&rsquo;enregistrement.
+error_9903=Le fournisseur d&rsquo;identit&eacute; utilis&eacute; ne nous a pas envoy&eacute; d&rsquo;assertion valide. Assurez-vous d&rsquo;utiliser le bon fournisseur d&rsquo;identit&eacute;. Demandez un nouveau lien d&rsquo;enregistrement au service d&rsquo;assistance.
+error_9904=Le lien que vous avez suivi n&rsquo;est plus valable. Veuillez vous assurer que vous utilisez le dernier lien que vous avez re&ccedil;u d&rsquo;AGOV operations. Demandez un nouveau lien si le probl&egrave;me persiste.
+error_9905=Il y a un probl&egrave;me avec votre compte AGOV operations. Veuillez contacter le service d&rsquo;assistance.
+error_9909=Un probl&egrave;me interne s&rsquo;est produit. Veuillez demander un nouveau lien d&rsquo;enregistrement au service d&rsquo;assistance.
+errors.duplicateValue=Votre compte est d&eacute;j&agrave; li&eacute; &agrave; un autre acc&egrave;s &agrave; AGOV operations.
+fido2_auth.cancel.fido=L'authentification avec la cl&eacute; de s&eacute;curit&eacute; a &eacute;t&eacute; interrompue. Veuillez vous assurer que votre cl&eacute; FIDO est enregistr&eacute;e et que votre adresse e-mail est correcte, puis suivez les &eacute;tapes ci-dessous.
+fido2_auth.instruction1=Cliquez sur "Continuer"
+fido2_auth.instruction2=Une fen&ecirc;tre d'authentification s'affichera
+fido2_auth.instruction3=Suivez les instructions
+fido2_auth.skipInstructions=Passer les instructions la fois suivante
+fido2_auth.switchLogin=S'AUTHENTIFIER AVEC
+footer.link=https://agov.ch
+footer.link.label=Contact
+footer.text=Service d'authentification des autorit&eacute;s suisses AGOV - une collaboration entre les cantons, leurs communes et l'administration f&eacute;d&eacute;rale. -
+general.AGOVAccessApp=Application AGOV access
+general.accessApp=Application AGOV access
+general.authenticate=Authentification
+general.back=Retour
+general.cancel=Annuler
+general.confirm=Confirmer
+general.contactSupport=Contacter le service d'assistance
+general.continue=Continuer
+general.data.birthDate=Date de naissance
+general.data.birthDateFormat=JJ.MM.AAAA
+general.data.enrollmentNumber=Num&eacute;ro AVS (Gestionnaire de service)
+general.data.firstname=Pr&eacute;nom
+general.data.lastname=Nom
+general.edit=Editer
+general.email=E-mail
+general.email.address=Adresse e-mail
+general.entryCode=Entrer le code
+general.fieldRequired=Champ requis
+general.generalAccessApp=Access app
+general.getStarted=D&eacute;marrer
+general.goAGOVHelp=Rendez-vous sur AGOV help
+general.goAccessApp=Login avec AGOV access
+general.goToAccessApp=Allez sur votre application AGOV access
+general.help=Aide
+general.help.link=https://agov.ch/help
+general.login=Login
+general.login.accessApp=Connexion avec l'application AGOV access
+general.login.securityKey=Connexion avec la cl&eacute; de s&eacute;curit&eacute;
+general.loginSecurityKey=D&eacute;marrer la connexion avec la cl&eacute; de s&eacute;curit&eacute;
+general.moreOptions=PLUS D'OPTIONS
+general.or=OU
+general.otherLoginMethods=Autres m&eacute;thodes de connexion
+general.recovery=R&eacute;cup&eacute;ration
+general.recovery.help.link=https://help.agov.ch/?c=100recovery
+general.recoveryCode.downloadPdf=T&eacute;l&eacute;charger en format PDF
+general.recoveryCode.inputLabel=Code de r&eacute;cup&eacute;ration
+general.recoveryCode.repeatCodeError=Le code que vous avez saisi est incorrect. Veuillez vous assurer que l'avez enregistr&eacute; correctement et r&eacute;essayer.
+general.recoveryCode.repeatCodeModal.description=Pour vous assurer que vous avez correctement enregistr&eacute; votre code, veillez le r&eacute;p&eacute;ter ci-dessous. Un code de r&eacute;cup&eacute;ration perdu ou mal enregistr&eacute; peut rendre la r&eacute;cup&eacute;ration de votre compte plus difficile.
+general.recoveryCode.repeatCodeModal.title=R&eacute;p&eacute;ter le code de r&eacute;cup&eacute;ration
+general.recoveryCode.reveal=R&eacute;v&eacute;ler le code de r&eacute;cup&eacute;ration
+general.recoveryOngoing=R&eacute;cup&eacute;ration en cours
+general.register=Cr&eacute;er un compte
+general.registerNow=Enregistrez-vous d&egrave;s maintenant!
+general.registration=Enregistrement
+general.registration.dontHaveAnAccountYet=Vous n'avez pas encore de compte AGOV ?
+general.registration.seeOptions=Voir les options d'enregistrement
+general.securityKey=Cl&eacute; de s&eacute;curit&eacute;
+general.skip.content=Passer au contenu principal
+general.wrongPhoneNumber=Veuillez saisir un num&eacute;ro de t&eacute;l&eacute;phone valable
+generic.auth.error.message=Une interruption de service s&rsquo;est produite. Nous nous employons &agrave; r&eacute;soudre le probl&egrave;me.
+generic.auth.error.next.steps=Veuillez r&eacute;essayer plus tard. Veuillez vous rendre sur AGOV help si le probl&egrave;me persiste.
+generic.auth.error.subtitle=Un probl&egrave;me s&rsquo;est produit.
+generic.auth.error.title=Erreur
+info.login=Veuillez entrer vos &eacute;l&eacute;ments de s&eacute;curit&eacute; ci-apr&egrave;s.
+language.de=Deutsch
+language.en=English
+language.fr=Fran&ccedil;ais
+language.it=Italiano
+language.rm=Rumantsch
+languageDropdown.aria.label=S&eacute;lectionner la langue
+loainfo.description.200=Pour acc&eacute;der &agrave; l'application, nous devons v&eacute;rifier vos donn&eacute;es. Ce processus peut prendre jusqu'&agrave; 2&ndash;3 jours.
+loainfo.description.300=Pour acc&eacute;der &agrave; l'application, nous devons v&eacute;rifier vos donn&eacute;es. Vous pouvez choisir la proc&eacute;dure que vous pr&eacute;f&eacute;rez &agrave; l'&eacute;tape suivante.
+loainfo.description.400=Veuillez saisir votre num&eacute;ro AVS pour acc&eacute;der &agrave; l'application.
+loainfo.helper=Vos donn&eacute;es doivent &ecirc;tre v&eacute;rifi&eacute;es!
+loainfo.later=Plus tard
+loainfo.startNow=Voulez-vous commencer le processus maintenant?
+loainfo.startVerification=D&eacute;marrer la v&eacute;rification
+loainfo.title=V&eacute;rifiez vos donn&eacute;es
+loggedout.description=Vous vous &ecirc;tes d&eacute;connect&eacute; avec succ&egrave;s.
+loggedout.title=D&eacute;connect&eacute;
+mauth_usernameless.EID=Continuer avec l'e-ID suisse
+mauth_usernameless.banner.error=Authentification interrompue.<br>Veuillez r&eacute;essayer lorsque la page sera recharg&eacute;e.
+mauth_usernameless.banner.info=Scan r&eacute;ussi. Veuillez continuer dans l'application AGOV access.
+mauth_usernameless.banner.success=Authentification r&eacute;ussie.<br>Veuillez attendre d'&ecirc;tre connect&eacute;.
+mauth_usernameless.cannotLogin=Avez-vous perdu l'acc&egrave;s &agrave; votre application / votre cl&eacute; de s&eacute;curit&eacute; ?
+mauth_usernameless.cannotLogin.accessApp=Vous avez perdu l'acc&egrave;s &agrave; votre application AGOV access ?
+mauth_usernameless.cannotLogin.securityKey=Avez-vous perdu l'acc&egrave;s &agrave; votre cl&eacute; de s&eacute;curit&eacute; ?
+mauth_usernameless.hideQR=Cacher le code QR
+mauth_usernameless.instructions=Connectez-vous en scannant le code QR avec l'application AGOV access
+mauth_usernameless.noAccount=Vous n'avez pas encore de compte AGOV ?
+mauth_usernameless.selectLoginMethod=S&eacute;l&eacute;ctionner la m&eacute;thode de connexion
+mauth_usernameless.showQR=Afficher le code QR
+mauth_usernameless.startRecovery=Commencer la r&eacute;cup&eacute;ration du compte
+mauth_usernameless.useSecurityKey=Utiliser une cl&eacute; de s&eacute;curit&eacute; pour se connecter
+mauth_usernameless.useSecurityKeyInfo=Une cl&eacute; de s&eacute;curit&eacute; physique offre un moyen s&ucirc;r de se connecter sans devoir utiliser son t&eacute;l&eacute;phone.
+onboard_linking_account_auth.fido_instructions=Une cl&eacute; de s&eacute;curit&eacute; physique offre un moyen s&ucirc;r de se connecter &agrave; son compte sans devoir utiliser son t&eacute;l&eacute;phone.
+onboard_linking_account_auth.instructions=Connectez-vous avec votre compte AGOV en scannant le code QR avec votre application AGOV access
+onboarding.cancel-onboarding=&Ecirc;tes-vous s&ucirc;r de vouloir annuler la proc&eacute;dure d'int&eacute;gration ?
+onboarding.cancel-onboarding-description=Pour proc&eacute;der &agrave; la r&eacute;cup&eacute;ration de votre compte, vous devrez annuler le processus d&rsquo;int&eacute;gration.
+onboarding.cancel-proceed-recovery=Oui, annuler et proc&eacute;der &agrave; la r&eacute;cup&eacute;ration
+onboarding.login-factor=&Eacute;tape 1 - Facteur de connexion
+onboarding.with-agov.title=Se connecter avec un compte AGOV
+onboarding_account.switchLinking=Passer &agrave; l&rsquo;int&eacute;gration avec
+onboarding_account_auth.loginSecurityKey=Commencez l'int&eacute;gration avec une cl&eacute; de s&eacute;curit&eacute;
+onboarding_account_auth.useSecurityKey=Utilisez une cl&eacute; de s&eacute;curit&eacute; pour se connecter avec votre compte AGOV
+op-admin.login=Administration de l&rsquo;acc&egrave;s &agrave; AGOV op
+op-admin.login.intro.message=Connectez-vous avec votre nom d&rsquo;utilisateur et votre mot de passe
+op-admin.login.loginid=Identifiant de connexion
+op-admin.login.password=Mot de passe
+op-admin.login.title=Connexion
+op-admin.logout=Administration de l&rsquo;acc&egrave;s &agrave; AGOV op
+op-admin.logout.message=Vous vous &ecirc;tes d&eacute;connect&eacute; avec succ&egrave;s.
+op-admin.logout.title=D&eacute;connexion
+op-admin.pwchange.intro.message=Changement de mot de passe requis
+op-admin.pwchange.newpassword=Nouveau mot de passe
+op-admin.pwchange.newpassword2=R&eacute;p&eacute;ter le nouveau mot de passe
+op-admin.pwchange.password=Mot de passe actuel
+op-admin.pwchange.title=Changer de mot de passe
+op-idmlogin.role.accs-mgmt-idm=Gestion des droits d'acc&egrave;s IDM
+op-idmlogin.role.accs-mgmt-nonidm=Gestion des droits d'acc&egrave;s
+op-idmlogin.role.idmcfg-mgmt=Mise en place de l'IDM
+op-idmlogin.role.readonly-access=Acc&egrave;s par d&eacute;faut (lecture seule)
+op-idmlogin.role.support-basic=Cas de support (r&eacute;cup&eacute;ration, ...)
+op-idmlogin.role.support-priv=Support de 3&egrave;me niveau (archivage, d&eacute;sinscription)
+op-idmlogin.role.usr-mgmt=Gestion des utilisateurs (op&eacute;rations)
+op-idmlogin.role.usr-unit-mgmt=Gestion des utilisateurs et des organisations (op&eacute;rations)
+op-idmlogin.select=AGOV idm
+op-idmlogin.select.intro=Veuillez s&eacute;lectionner l&rsquo;un des profils ci-dessous...
+op-idmlogin.select.note=Les profils marqu&eacute;s d'un * ne doivent &ecirc;tre utilis&eacute;s que s'ils sont n&eacute;cessaires pour des t&acirc;ches sp&eacute;cifiques de support ou de mise en production.
+op-idmlogin.select.title=S&eacute;l&eacute;ction du profil
+op-onboarding.done.message=L&rsquo;enregistrement a &eacute;t&eacute; effectu&eacute; avec succ&egrave;s. Vous disposez maintenant d&rsquo;un acc&egrave;s &agrave; AGOV operations. Veuillez fermer le navigateur avant d&rsquo;acc&eacute;der &agrave; AGOV operations.
+op-onboarding.done.title=TERMIN&Eacute;
+op-onboarding.failed.title=ERREUR
+op-onboarding.intro.message1=Pour terminer l&rsquo;enregistrement de votre acc&egrave;s &agrave; AGOV operations, vous devez disposer d&rsquo;un compte AGOV ou d&rsquo;un compte FED-LOGIN.
+op-onboarding.intro.message2=Apr&egrave;s avoir cliqu&eacute; sur "Continuer", vous serez redirig&eacute; vers l&rsquo;authentification.
+op-onboarding.intro.message3=Si vous utilisez AGOV et que votre compte n&rsquo;a pas encore atteint le niveau de qualit&eacute; d&rsquo;authentification requis, vous aurez la possibilit&eacute; de d&eacute;marrer la v&eacute;rification d&rsquo;identit&eacute; n&eacute;cessaire pour l&rsquo;atteindre.
+op-onboarding.intro.title=D&Eacute;MARRER
+op-onboarding.onboarding=Enregistrement de l&rsquo;acc&egrave;s &agrave; AGOV op
+op-onboarding.process.message=Un probl&egrave;me s&rsquo;est produit. Veuillez contacter le service d&rsquo;assistance AGOV afin de demander un nouveau lien d&rsquo;enregistrement.
+prompt.client=Client
+prompt.newpassword=Nouveau mot de passe
+prompt.newpassword.confirm=Confirmez le mot de passe
+prompt.password=Mot de passe
+prompt.userid=ID de l&#39;utilisateur
+providePhoneNumber.banner=Ce num&eacute;ro de t&eacute;l&eacute;phone doit pouvoir recevoir des SMS. Il ne sera pas utilis&eacute; pour vous contacter.
+providePhoneNumber.description=AGOV prend d&eacute;sormais en charge la r&eacute;cup&eacute;ration avec votre num&eacute;ro de t&eacute;l&eacute;phone. Cela vous permettra de vous envoyer un SMS pendant la r&eacute;cup&eacute;ration si vous avez perdu l'acc&egrave;s &agrave; votre code de r&eacute;cup&eacute;ration.
+providePhoneNumber.errorBanner=Les num&eacute;ros de t&eacute;l&eacute;phone fournies ne correspondent pas. Veuillez r&eacute;essayer.
+providePhoneNumber.inputLabel=Num&eacute;ro de t&eacute;l&eacute;phone (facultatif)
+providePhoneNumber.laterModal.description1=Sans num&eacute;ro de t&eacute;l&eacute;phone, la r&eacute;cup&eacute;ration de votre compte peut prendre jusqu'&agrave; 4 jours si vous perdez l'acc&egrave;s &agrave; votre code de r&eacute;cup&eacute;ration.
+providePhoneNumber.laterModal.description2=Ajouter un num&eacute;ro de t&eacute;l&eacute;phone vous permet de r&eacute;cup&eacute;rer votre compte en quelques minutes.
+providePhoneNumber.laterModal.description3=Ce num&eacute;ro de t&eacute;l&eacute;phone ne sera pas utilis&eacute; pour vous contacter.
+providePhoneNumber.laterModal.title=Continuer sans num&eacute;ro de t&eacute;l&eacute;phone ?
+providePhoneNumber.modal.description=Pour vous assurer que vous avez correctement enregistr&eacute; votre num&eacute;ro de t&eacute;l&eacute;phone, veillez le r&eacute;p&eacute;ter ci-dessous. Un num&eacute;ro de t&eacute;l&eacute;phone mal enregistr&eacute; peut rendre la r&eacute;cup&eacute;ration de votre compte plus difficile.
+providePhoneNumber.modal.inputLabel=Num&eacute;ro de t&eacute;l&eacute;phone
+providePhoneNumber.modal.title=R&eacute;p&eacute;ter votre num&eacute;ro de t&eacute;l&eacute;phone
+providePhoneNumber.saveButtonText=Sauvegarder
+providePhoneNumber.title=Ajouter le num&eacute;ro de t&eacute;l&eacute;phone
+pwreset.done.info=Votre mot de passe a &eacute;t&eacute; chang&eacute avec succ&egrave;s. Veuillez cliquer sur continuer pour vous connecter.
+pwreset.email.sent=Si votre identifiant n'existe pas, vous avez reçu un courriel pour réinitialiser votre mot de passe.
+pwreset.info.linktext=Mot de passe oublié
+pwreset.noticket=Votre lien n&apos;est plus valide. Veuillez en g&eacute;n&eacute;rer un nouveau.
+qrCode.label=Cliquez pour ouvrir le code QR dans une fen&ecirc;tre.
+recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est d&eacute;j&agrave; enregistr&eacute;e
+recovery_accessapp_auth.instruction1=Vous avez d&eacute;j&agrave; enregistr&eacute; une nouvelle application AGOV access !!!ACCESS_APP_NAME!!! dans le cadre du processus de r&eacute;cup&eacute;ration.
+recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier.
+recovery_check_code.banner.lockedError=Trop de saisies erron&eacute;es. Veuillez r&eacute;essayer dans quelques minutes.
+recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez r&eacute;essayer.
+recovery_check_code.enterRecoveryCode=Code de r&eacute;cup&eacute;ration
+recovery_check_code.expired=Trop de tentatives ou votre code de r&eacute;cup&eacute;ration a expir&eacute;.
+recovery_check_code.instruction=Veuillez saisir votre code de r&eacute;cup&eacute;ration &agrave; 12 chiffres. Lors de votre inscription, vous avez re&ccedil;u le code de r&eacute;cup&eacute;ration sous la forme d&rsquo;un fichier PDF ou dans &laquo; AGOV me &raquo;.
+recovery_check_code.invalid.code=Le code est invalide
+recovery_check_code.invalid.code.required=Code requis
+recovery_check_code.invalid.code.tooLong=Le code est trop long
+recovery_check_code.noAccess=Je n&rsquo;ai pas acc&egrave;s &agrave; mon code de r&eacute;cup&eacute;ration
+recovery_check_code.noCodeAccess=&Ecirc;tes-vous s&ucirc;r de ne pas avoir acc&egrave;s &agrave; votre code de r&eacute;cup&eacute;ration ?
+recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de r&eacute;cup&eacute;ration, veuillez vous rendre sur AGOV help et contacter le service d&rsquo;assistance AGOV. Un agent pourra vous aider dans le processus de r&eacute;cup&eacute;ration.
+recovery_check_code.too_many_tries.instruction1=Le code de r&eacute;cup&eacute;ration que vous avez saisi a peut-&ecirc;tre expir&eacute; ou vous avez peut-&ecirc;tre essay&eacute; de le saisir trop de fois.
+recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d&rsquo;assistance. Un agent pourra vous aider dans le processus de r&eacute;cup&eacute;ration.
+recovery_check_noCode.banner.error=Trop de tentatives.
+recovery_check_noCode.instruction1=Vous avez peut-&ecirc;tre essay&eacute; de saisir le code de r&eacute;cup&eacute;ration trop de fois.
+recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la r&eacute;cup&eacute;ration du compte dans dix minutes &agrave; partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
+recovery_code.banner.error=Veuillez r&eacute;v&eacute;ler votre code de r&eacute;cup&eacute;ration pour pouvoir continuer.
+recovery_code.instruction=Les codes de r&eacute;cup&eacute;ration vous permettent d'acc&eacute;der &agrave; votre compte au cas o&ugrave; vous auriez perdu tous vos identifiants. Conservez le code de r&eacute;cup&eacute;ration en lieu s&ucirc;r.
+recovery_code.newRecoveryCode=Introduction du code de r&eacute;cup&eacute;ration
+recovery_code.validUntil=Valable jusqu'au:
+recovery_fidokey_auth.button=D&eacute;marrer l'authentification par cl&eacute; de s&eacute;curit&eacute;
+recovery_fidokey_auth.fidoInstruction=Cliquez sur "D&eacute;marrer l'enregistrement de la cl&eacute;"
+recovery_fidokey_auth.instruction1=Vous avez d&eacute;j&agrave; enregistr&eacute; une nouvelle cl&eacute; de s&eacute;curit&eacute; !!!SECURITY_KEY_NAME!!! dans le cadre du processus de r&eacute;cup&eacute;ration.
+recovery_fidokey_auth.instruction2=Veuillez utiliser !!!SECURITY_KEY_NAME!!! pour suivre les &eacute;tapes ci-dessous afin de vous identifier.
+recovery_fidokey_auth.keyRegistered=Cl&eacute; de s&eacute;curit&eacute; d&eacute;j&agrave; enregistr&eacute;e
+recovery_intro_email.banner.error=Le lien que vous avez utilis&eacute; a expir&eacute;. Veuillez saisir votre adresse e-mail pour recevoir un nouveau lien.
+recovery_intro_email.banner.info=Veuillez saisir votre adresse e-mail. Nous vous enverrons un e-mail vous permettant de d&eacute;marrer le processus de r&eacute;cup&eacute;ration.
+recovery_intro_email.important=Important:
+recovery_intro_email.process=Le processus de r&eacute;cup&eacute;ration ne doit &ecirc;tre utilis&eacute; que si vous avez perdu l'acc&egrave;s &agrave; vos facteurs de connexion (application AGOV access supprim&eacute;e, cl&eacute; de s&eacute;curit&eacute; perdue, t&eacute;l&eacute;phone perdu, etc.).
+recovery_intro_email_sent.banner.button=Vous n&rsquo;avez pas re&ccedil;u l'email?
+recovery_intro_email_sent.banner.success=Merci! Vous recevrez dans un instant un e-mail contenant un lien de r&eacute;cup&eacute;ration et des instructions.
+recovery_on_going.finishRecovery=Terminer la r&eacute;cup&eacute;ration
+recovery_on_going.instruction=Vous n&rsquo;avez pas encore termin&eacute; le processus de r&eacute;cup&eacute;ration. Dans le cadre du processus de r&eacute;cup&eacute;ration, votre identit&eacute; peut faire l&rsquo;objet d&rsquo;une v&eacute;rification. Pour acc&eacute;der &agrave; des applications au moyen de votre identifiant AGOV, vous devez terminer la v&eacute;rification d&rsquo;identit&eacute;.
+recovery_on_going.title=Veuillez terminer le processus de r&eacute;cup&eacute;ration.
+recovery_questionnaire_instructions.banner.info=Veuillez noter que dans certains cas, vous devez avoir acc&egrave;s &agrave; votre code de r&eacute;cup&eacute;ration pour que la r&eacute;cup&eacute;ration soit r&eacute;ussie.
+recovery_questionnaire_instructions.explanation=D'apr&egrave;s vos r&eacute;ponses, une r&eacute;cup&eacute;ration de l'identifiant AGOV-Login semble n&eacute;cessaire. Veuillez cliquer sur continuer et suivre les instructions &agrave; l'&eacute;cran.
+recovery_questionnaire_instructions.instruction1=Fournissez l'adresse &eacute;lectronique de votre compte afin que nous puissions vous envoyer un lien pour commencer le processus de r&eacute;cup&eacute;ration
+recovery_questionnaire_instructions.instruction2=Suivez les &eacute;tapes pour r&eacute;cup&eacute;rer votre compte (les &eacute;tapes varient en fonction du niveau de v&eacute;rification de votre compte)
+recovery_questionnaire_loginfactor.banner.error=Veuillez choisir une r&eacute;ponse.
+recovery_questionnaire_loginfactor.no=Non
+recovery_questionnaire_loginfactor.question=Avez-vous enregistr&eacute; plus d'un facteur d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;) sur votre compte ?
+recovery_questionnaire_loginfactor.yes=Oui
+recovery_questionnaire_no_recovery.explanation1=D'apr&egrave;s vos r&eacute;ponses, l'option de r&eacute;cup&eacute;ration d'AGOV ne semble pas n&eacute;cessaire pour l'instant.
+recovery_questionnaire_no_recovery.explanation2=Si vous avez besoin de plus amples informations, veuillez consulter <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> pour obtenir des articles de soutien.
+recovery_questionnaire_no_recovery.instruction1=Si vous rencontrez des difficult&eacute;s pour vous connecter &agrave; une application, visitez <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> et v&eacute;rifiez si vous pouvez vous connecter avec succ&egrave;s.
+recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistr&eacute; plusieurs facteurs de connexion mais que vous avez perdu l'acc&egrave;s &agrave; l'un d'entre eux, veuillez consulter <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> pour supprimer celui auquel vous avez perdu l'acc&egrave;s.
+recovery_questionnaire_reason_selection.answer1=Je n'arrive pas &agrave; me connecter, m&ecirc;me si j'ai mon application / ma cl&eacute; de s&eacute;curit&eacute;
+recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;)
+recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription
+recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute;, r&eacute;install&eacute;, ou r&eacute;initialis&eacute; mon application AGOV access, ou cela indique qu'aucun compte n'est d&eacute;fini
+recovery_questionnaire_reason_selection.answer4=J'ai perdu mon t&eacute;l&eacute;phone / cl&eacute; de s&eacute;curit&eacute;
+recovery_questionnaire_reason_selection.answer5=J'ai un nouveau t&eacute;l&eacute;phone et j'ai oubli&eacute; de transf&eacute;rer mon application AGOV access
+recovery_questionnaire_reason_selection.answer6=J'ai oubli&eacute; mon PIN pour l'application AGOV access
+recovery_questionnaire_reason_selection.answer7=J'ai mes cl&eacute;s de s&eacute;curit&eacute; ou mes applications, mais j'ai du mal &agrave; me connecter
+recovery_questionnaire_reason_selection.answer8=J'ai perdu l'acc&egrave;s &agrave; toutes mes cl&eacute;s de s&eacute;curit&eacute; et aux applications AGOV access
+recovery_questionnaire_reason_selection.answer9=J'ai des probl&egrave;mes avec l'un de mes facteurs d'authentification (effac&eacute;, r&eacute;initialis&eacute;, PIN oubli&eacute;)
+recovery_questionnaire_reason_selection.banner.error=Veuillez s&eacute;lectionner un motif.
+recovery_questionnaire_reason_selection.instruction=Veuillez s&eacute;lectionner la raison pour laquelle vous entamez le processus de r&eacute;cup&eacute;ration :
+recovery_start_info.banner.warning=Vous ne pourrez pas utiliser votre compte tant que le processus de r&eacute;cup&eacute;ration n'aura pas &eacute;t&eacute; termin&eacute;.
+recovery_start_info.instruction=Le processus de r&eacute;cup&eacute;ration n&eacute;cessitera l&rsquo;enregistrement d&rsquo;un nouveau facteur d&rsquo;authentification. Si votre compte contient des informations ayant d&eacute;j&agrave; &eacute;t&eacute; v&eacute;rifi&eacute;es, il se peut que vous deviez les faire v&eacute;rifier &agrave; nouveau pour terminer la r&eacute;cup&eacute;ration.
+recovery_start_info.title=Vous &ecirc;tes sur le point de d&eacute;marrer le processus de r&eacute;cup&eacute;ration.
+timeout.description=Votre session a expir&eacute;. Veuillez fermer cette fen&ecirc;tre et essayer de vous reconnecter.
+timeout.title=Session expir&eacute;e
+title=NEVIS SSO Portal
+title.login=Login
+title.pwchange.label=Changer mot de passe
+title.pwreset=Mot de Passe Oubli&eacute;
+user_input.invalid.email=Veuillez saisir un e-mail valable.
+user_input.invalid.email.required=Champ requis
+user_input.invalid.email.tooLong=La saisie est trop longue

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/resources/conf/text_it.properties

@@ -0,0 +1,302 @@
+
+agov-ident.done.message=Il vostro conto AGOV è ora pronto per l'uso. Può chiudere questa pagina.
+agov-ident.done.title=Finito
+agov-ident.failed.instruction=Per completare la registrazione è necessario disporre di un account AGOV e superare la verifica dei dati suggerita. Riprova.
+agov-ident.failed.message=Registrazione annullata o verifica dei dati posticipata
+agov-ident.failed.title=Verifica necessaria
+agov-ident.invalid-url.instruction=Il link utilizzato per accedere a questa pagina non è valido. Assicuratevi di utilizzarlo come ricevuto, senza errori di battitura, oppure cliccate direttamente sulla pagina in cui è pubblicato.
+agov-ident.invalid-url.message=Il link non può essere elaborato
+agov-ident.invalid-url.title=Link non valido
+agov-ident.onboarding=Registrazione e verifica
+agov-ident.retry=Riprova
+button.submit=Continua
+darkModeSwitch.aria.label=Attivare la modalità scura
+dimilar.confirm_identity.checkbox=Confermo che questi sono i miei dati
+dimilar.confirm_identity.description=Confermi che i dati riportati di seguito le appartengono per poter procedere:
+dimilar.confirm_identity.error=Confermi che i dati sono i suoi per poter procedere.
+dimilar.confirm_identity.link=Se questi non sono i suoi dati, visiti <a class='link' href='https://agov.ch/dim' target='_blank'>https://agov.ch/dim</a>.
+dimilar.confirm_identity.title=Confermare i dati
+dimilar.select_onboarding.description=Benvenuto in AGOV. Completi la procedura di registrazione collegando un account AGOV esistente o creandone uno nuovo.
+dimilar.select_onboarding.error-banner=Selezioni un&rsquo;opzione per continuare
+dimilar.select_onboarding.existing-account=Proceda con un account AGOV esistente
+dimilar.select_onboarding.proceeding=Come desidera procedere?
+dimilar.select_onboarding.registering-account=Proceda con un nuovo account AGOV
+dimilar.select_onboarding.title=Buongiorno !!!FIRSTNAME!!! !!!LASTNAME!!!,
+dimilar.token_error.support=Per assistenza visita <a class='link' href='https://agov.ch/dim' target='_blank'>https://agov.ch/dim</a>.
+dimilar.token_error.token_expired=Token scaduto o gi&agrave; utilizzato.
+dimilar_onboarding.aborted.link=Se ha bisogno di assistenza, visiti <a class='link' href='https://agov.ch/dim' target='_blank'>https://agov.ch/dim</a>.
+dimilar_onboarding.aborted.message=La procedura di registrazione &egrave; stata interrotta. Provi di nuovo.
+dimilar_onboarding.failed.link=<a class='link' href='https://agov.ch/dim' target='_blank'>https://agov.ch/dim</a>.
+dimilar_onboarding.failed.message=La procedura di registrazione &egrave; stata interrotta. Contatti il supporto al
+dimilar_onboarding.successful.message=Registrazione con l&rsquo;account AGOV completata con successo. Ora pu&ograve; accedere alla Gestione dei servizi su <a class='link' href='https://www.armee.ch/dim' target='_blank'>https://www.armee.ch/dim</a>.
+dimilar_onboarding.title=Registrarsi
+error.policy.failed=La nuova password non &egrave; stata accettata. Scegliere una password che sia conforme ai criteri di password.
+error_1=Verificare i dati inseriti.
+error_10=Scegliere l&rsquo;account utente corretto.
+error_100=Impossibile caricare il certificato. Il certificato esiste gi&agrave;. Contattare l&rsquo;help desk.
+error_101=L&rsquo;e-mail inserita non &egrave; valida.
+error_11=Utilizzare un altro certificato o accedere con altre credenziali.
+error_2=Selezionare un altro nome di accesso.
+error_3=Se la prossima autenticazione fallisce, l&rsquo;account sar&agrave; bloccato.
+error_4=La nuova password non rispetta le norme di sicurezza. Scegliere un&rsquo;altra password.
+error_403.description=Accesso non autorizzato a questa risorsa.
+error_403.title=Non &egrave; autorizatto
+error_404.description=La pagina che state cercando non esiste.
+error_404.title=Pagina non trovata
+error_5=Errore nella conferma della password.
+error_50=La nuova password &egrave; troppo corta.
+error_500.description=Al momento si &egrave; verificato un disservizio. Stiamo intervenendo.
+error_500.title=Qualcosa non ha funzionato.
+error_502.description=Stiamo intervenendo. Riprovi pi&ugrave; tardi.
+error_502.title=Qualcosa non ha funzionato.
+error_55=La nuova password deve differire da quelle precedenti.
+error_6=&Egrave; richiesta la modifica della password.
+error_7=&Egrave; richiesta la modifica dell&rsquo;ID di accesso.
+error_8=A causa dei ripetuti tentativi di autenticazione falliti, l&rsquo;account &egrave; stato bloccato.
+error_81=Non &egrave; stata trovata alcuna carta di accesso; l&rsquo;accesso da Internet &egrave; negato.
+error_83=La carta di accesso non &egrave; pi&ugrave; valida. Per richiedere una nuova carta di accesso, contattare il responsabile.
+error_9=Takeover di sessione fallito.
+error_97=Accesso non autorizzato a questa risorsa.
+error_98=L&rsquo;account &egrave; stato bloccato.
+error_99=Ci sono problemi di sistema. Riprovare pi&ugrave; tardi.
+error_9901=Per accedere a questa pagina, &egrave; necessario un link di registrazione valido.
+error_9902=L&rsquo;e-mail utilizzata per l&rsquo;autenticazione non corrisponde a quella di AGOV operations. Richiedere un nuovo link di registrazione.
+error_9903=L&rsquo;IdP utilizzato non ha inviato un&rsquo;asserzione valida. Assicurarsi di utilizzare l&rsquo;IdP corretto. Richiedere al supporto un nuovo link di registrazione.
+error_9904=Il link non &egrave; pi&ugrave; valido. Assicurarsi di utilizzare il link pi&ugrave; recente ricevuto in AGOV operations. Se il problema persiste, richiedere un nuovo link.
+error_9905=Si &egrave; verificato un problema con l&rsquo;account AGOV operations. Contattare il supporto.
+error_9909=Si &egrave; verificato un errore interno. Richiedere al supporto un nuovo link di registrazione.
+errors.duplicateValue=Il suo account &egrave; gi&agrave; collegato ad un altro accesso operativo.
+fido2_auth.cancel.fido=L'autenticazione con la chiave di sicurezza &egrave; stata interrotta. Assicurarsi che la chiave FIDO sia registrata e che l'indirizzo e-mail sia corretto, poi seguire le istruzioni.
+fido2_auth.instruction1=Cliccare su "Continua"
+fido2_auth.instruction2=A breve si aprir&agrave; una finestra per l'autenticazione.
+fido2_auth.instruction3=Seguire le istruzioni.
+fido2_auth.skipInstructions=Non mostrare pi&ugrave; le istruzioni
+fido2_auth.switchLogin=ACCEDERE CON
+footer.link=https://agov.ch
+footer.link.label=Contatto
+footer.text=Servizio di autenticazione delle autorit&agrave; Svizzere AGOV - una collaborazione tra Cantoni, Comuni e l'Amministrazione federale. -
+general.AGOVAccessApp=App AGOV access
+general.accessApp=App AGOV access
+general.authenticate=Autentifica
+general.back=Indietro
+general.cancel=Annullare
+general.confirm=Confermare
+general.contactSupport=Contattare il supporto
+general.continue=Continuare
+general.data.birthDate=Data di nascita
+general.data.birthDateFormat=GG.MM.AAAA
+general.data.enrollmentNumber=Numero AVS (Gestione dei servizi)
+general.data.firstname=Nome
+general.data.lastname=Cognome
+general.edit=Modificare
+general.email=e-mail
+general.email.address=Indirizzo e-mail
+general.entryCode=Codice
+general.fieldRequired=Campo obbligatorio
+general.generalAccessApp=App AGOV access
+general.getStarted=Iniziare
+general.goAGOVHelp=Vai ad AGOV help
+general.goAccessApp=Login con AGOV access
+general.goToAccessApp=Vai all'app AGOV access
+general.help=Aiuto
+general.help.link=https://agov.ch/help
+general.login=Accedere
+general.login.accessApp=Accesso con l'App AGOV access
+general.login.securityKey=Login con la chiave di sicurezza
+general.loginSecurityKey=Inizi l'accesso con chiave di sicurezza
+general.moreOptions=ALTRE OPZIONI
+general.or=O
+general.otherLoginMethods=Altri metodi di login
+general.recovery=Ripristino
+general.recovery.help.link=https://help.agov.ch/?c=100recovery
+general.recoveryCode.downloadPdf=Salva come PDF
+general.recoveryCode.inputLabel=Codice di ripristino
+general.recoveryCode.repeatCodeError=Il codice inserito non &egrave; corretto. Verifichi di averlo salvato correttamente e riprovi.
+general.recoveryCode.repeatCodeModal.description=Per assicurarsi di aver registrato correttamente il suo codice, lo ripeta qui sotto. Un codice di ripristino perso o registrato in modo errato pu&ograve; rendere pi&ugrave; difficile il ripristino del suo account.
+general.recoveryCode.repeatCodeModal.title=Ripeti il codice di ripristino
+general.recoveryCode.reveal=Mostri il codice di ripristino
+general.recoveryOngoing=Ripristino in corso
+general.register=Registrarsi
+general.registerNow=Si registri ora!
+general.registration=Registrazione
+general.registration.dontHaveAnAccountYet=Non ha ancora un AGOV account?
+general.registration.seeOptions=Vedere le opzioni di registrazione
+general.securityKey=Chiave di sicurezza
+general.skip.content=Vai al contenuto principale
+general.wrongPhoneNumber=Inserire un numero di cellulare valido
+generic.auth.error.message=Si &egrave; verificata un&rsquo;interruzione. Stiamo lavorando per ripristinare l&rsquo;esercizio.
+generic.auth.error.next.steps=Riprovare pi&ugrave; tardi. Se il problema persiste, consultare AGOV help.
+generic.auth.error.subtitle=Qualcosa non ha funzionato.
+generic.auth.error.title=Errore
+info.login=Per favore inserisca i suoi dati di accesso.
+language.de=Deutsch
+language.en=English
+language.fr=Fran&ccedil;ais
+language.it=Italiano
+language.rm=Rumantsch
+languageDropdown.aria.label=Selezionare la lingua
+loainfo.description.200=Per accedere all'applicazione, dobbiamo verificare i suoi dati. Il processo pu&ograve; richiedere da 2&ndash;3 giorni.
+loainfo.description.300=Per accedere all'applicazione, dobbiamo verificare i suoi dati. Potr&agrave; scegliere il processo preferito nel passaggio successivo.
+loainfo.description.400=Per accedere all'applicazione &egrave; necessario inserire il numero AVS.
+loainfo.helper=I dati devono essere verificati!
+loainfo.later=Pi&ugrave; tardi
+loainfo.startNow=Vuole iniziare il processo ora?
+loainfo.startVerification=Inizi la verificazione
+loainfo.title=Verificare i dati.
+loggedout.description=Disconnessione effettuata con successo.
+loggedout.title=Disconnessione eseguita
+mauth_usernameless.EID=Continuare con CH e-ID
+mauth_usernameless.banner.error=Autenticazione interrotta.<br>Riprovare dopo che la pagina si sar&agrave; ricaricata.
+mauth_usernameless.banner.info=Scansione eseguita. Continuare nell'app AGOV access.
+mauth_usernameless.banner.success=Autenticazione riuscita.<br>Attenda l&rsquo;accesso.
+mauth_usernameless.cannotLogin=Ha perso l'accesso alla sua app/chiave di sicurezza?
+mauth_usernameless.cannotLogin.accessApp=Ha perso l'accesso al suo App AGOV access?
+mauth_usernameless.cannotLogin.securityKey=Ha perso l'accesso alla sua chiave di sicurezza?
+mauth_usernameless.hideQR=Nascondi il codice QR
+mauth_usernameless.instructions=Per accedere, scansionare il codice QR con l'app AGOV access.
+mauth_usernameless.noAccount=Non ha ancora un AGOV account?
+mauth_usernameless.selectLoginMethod=Selezionare il metodo di login
+mauth_usernameless.showQR=Visualizza il codice QR
+mauth_usernameless.startRecovery=Inizi il ripristino dell&rsquo;account
+mauth_usernameless.useSecurityKey=Accedere utilizzando una chiave di sicurezza.
+mauth_usernameless.useSecurityKeyInfo=Una chiave di sicurezza fisica permette di accedere in modo sicuro senza utilizzare un telefono.
+onboard_linking_account_auth.fido_instructions=Una chiave di sicurezza fisica permette di accedere in modo sicuro senza utilizzare un telefono.
+onboard_linking_account_auth.instructions=Proceda con il suo account AGOV scansionando il codice QR con l&rsquo;app AGOV access
+onboarding.cancel-onboarding=Sei sicuro di voler annullare la registrazione?
+onboarding.cancel-onboarding-description=Per procedere con il recupero dell&rsquo;account, &egrave; necessario annullare la registrazione.
+onboarding.cancel-proceed-recovery=S&igrave;, annulla e procedi con il recupero
+onboarding.login-factor=Passaggio 1 &ndash; Fattore di login
+onboarding.with-agov.title=Proceda con l&rsquo;account AGOV
+onboarding_account.switchLinking=Passa alla registrazione con
+onboarding_account_auth.loginSecurityKey=Inizia la registrazione con la chiave di sicurezza
+onboarding_account_auth.useSecurityKey=Utilizzi una chiave di sicurezza per procedere con il suo account AGOV
+op-admin.login=AGOV op admin
+op-admin.login.intro.message=Accedere con nome utente e password
+op-admin.login.loginid=ID di accesso
+op-admin.login.password=Password
+op-admin.login.title=Accedere
+op-admin.logout=AGOV op admin
+op-admin.logout.message=La sessione &egrave; terminata.
+op-admin.logout.title=Disconnessione
+op-admin.pwchange.intro.message=&Egrave; richiesta la modifica della password.
+op-admin.pwchange.newpassword=Nuova password
+op-admin.pwchange.newpassword2=Ripetere la nuova password
+op-admin.pwchange.password=Password attuale
+op-admin.pwchange.title=Modificare password
+op-idmlogin.role.accs-mgmt-idm=Gestione dei diritti di accesso IDM
+op-idmlogin.role.accs-mgmt-nonidm=Gestione dei diritti di accesso
+op-idmlogin.role.idmcfg-mgmt=Configurazione dell'IDM
+op-idmlogin.role.readonly-access=Accesso predefinito (sola lettura)
+op-idmlogin.role.support-basic=Casi di supporto (ripristino, ...)
+op-idmlogin.role.support-priv=Supporto di terzo livello (archiviazione, off-boarding)
+op-idmlogin.role.usr-mgmt=Gestione utenti (operazioni)
+op-idmlogin.role.usr-unit-mgmt=Gestione utenti e organizzazione (operazioni)
+op-idmlogin.select=AGOV idm
+op-idmlogin.select.intro=Si prega di selezionare uno dei seguenti profili...
+op-idmlogin.select.note=I profili contrassegnati con * devono essere utilizzati solo se richiesti per attivit&agrave; di supporto o rilascio specifiche.
+op-idmlogin.select.title=Selezione del profilo
+op-onboarding.done.message=La registrazione &egrave; riuscita. Ora l&rsquo;accesso AGOV operations &egrave; pronto. Prima di accedere ad AGOV operations, chiudere il browser.
+op-onboarding.done.title=FINITO
+op-onboarding.failed.title=ERRORE
+op-onboarding.intro.message1=Per completare la registrazione per l'accesso AGOV operations, &egrave; necessario avere un account AGOV o FED-LOGIN.
+op-onboarding.intro.message2=Dopo aver cliccato su "Continua", si &egrave; reindirizzati al servizio di autenticazione.
+op-onboarding.intro.message3=Se utilizza AGOV e l&rsquo;account non soddisfa ancora il livello richiesto AGOVaq, potr&agrave; avviare la verifica dell&rsquo;identit&agrave; richiesta.
+op-onboarding.intro.title=INIZIARE
+op-onboarding.onboarding=Registrazione AGOV op
+op-onboarding.process.message=Qualcosa non ha funzionato. Contattare il supporto AGOV e, se necessario, richiedere un nuovo link di registrazione.
+prompt.client=Mandator
+prompt.newpassword=Nuova Password
+prompt.newpassword.confirm=Conferma password
+prompt.password=Password
+prompt.userid=Nome utente
+providePhoneNumber.banner=Il numero di telefono deve poter ricevere SMS. Non sar&agrave; utilizzato per contattarla.
+providePhoneNumber.description=AGOV ora supporta il ripristino tramite il tuo numero di telefono. Questo ti permetter&agrave; di continuare con un SMS durante il ripristino se hai perso l'accesso al tuo codice di ripristino.
+providePhoneNumber.errorBanner=Il numero di telefono non corrispondono. Si prega di riprovare.
+providePhoneNumber.inputLabel=Numero di telefono (facoltativo)
+providePhoneNumber.laterModal.description1=Senza un numero di telefono, il recupero del tuo account potrebbe richiedere fino a 4 giorni se perdi l'accesso al codice di ripristino.
+providePhoneNumber.laterModal.description2=Aggiungere un numero di telefono ti aiuta a recuperare il tuo account in pochi minuti.
+providePhoneNumber.laterModal.description3=Questo numero di telefono non sar&agrave; utilizzato per contattarti.
+providePhoneNumber.laterModal.title=Continuare senza un numero di telefono?
+providePhoneNumber.modal.description=Per assicurarsi di aver registrato correttamente il suo numero di telefono, lo ripeta qui sotto. Un numero registrato in modo errato pu&ograve; rendere pi&ugrave; difficile il ripristino del suo account.
+providePhoneNumber.modal.inputLabel=Numero di telefono
+providePhoneNumber.modal.title=Ripetere il numero di telefono
+providePhoneNumber.saveButtonText=Salva
+providePhoneNumber.title=Aggiungi numero di telefono
+pwreset.done.info=La password &egrave; stata modificata con successo. Fare clic su continua per accedere.
+pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
+pwreset.info.linktext=Password dimenticata
+pwreset.noticket=Il biglietto per la reimpostazione della password non &egrave; pi&ugrave; valido. Si prega di generarne uno nuovo.
+qrCode.label=Clicchi per aprire il codice QR in una finestra pop-up.
+recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV gi&agrave; registrata
+recovery_accessapp_auth.instruction1=Ha gi&agrave; registrato una nuova app AGOV access !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
+recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
+recovery_check_code.banner.lockedError=Troppi tentativi di inserimento non validi. Riprovare tra qualche minuto.
+recovery_check_code.codeIncorrect=Il codice inserito non &egrave; corretto. Riprovare.
+recovery_check_code.enterRecoveryCode=Codice di ripristino
+recovery_check_code.expired=Troppi tentativi o il codice di ripristino &egrave; scaduto.
+recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me.
+recovery_check_code.invalid.code=Il codice non &egrave; valido
+recovery_check_code.invalid.code.required=Codice richiesto
+recovery_check_code.invalid.code.tooLong=Il codice &egrave; troppo lungo
+recovery_check_code.noAccess=Non ho il mio codice.
+recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
+recovery_check_code.noCodeAccessInstructions=Se non ha pi&ugrave; il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assister&agrave; nel processo di ripristino.
+recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito pu&ograve; essere scaduto o &egrave; stato inserito troppe volte.
+recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
+recovery_check_noCode.banner.error=Troppi tentativi.
+recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
+recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
+recovery_code.banner.error=Mostri il suo codice di ripristino per poter continuare.
+recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro.
+recovery_code.newRecoveryCode=Introduzione del codice di ripristino
+recovery_code.validUntil=Valido fino a:
+recovery_fidokey_auth.button=Inizi l'authenticazione della chiave
+recovery_fidokey_auth.fidoInstruction=Clicchi su "Inizi l'authenticazione della chiave"
+recovery_fidokey_auth.instruction1=Ha gi&agrave; registrato una nuova chiave di sicurezza !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
+recovery_fidokey_auth.instruction2=Si prega di usare !!!SECURITY_KEY_NAME!!! per poter seguire i passaggi seguenti per identificarti.
+recovery_fidokey_auth.keyRegistered=Chiave di sicurezza gi&agrave; registrata
+recovery_intro_email.banner.error=Il link utilizzato &egrave; scaduto. Per ricevere un nuovo link, inserire l&rsquo;indirizzo e-mail.
+recovery_intro_email.banner.info=Inserisca il suo indirizzo email, cos&igrave; potremo inviarle un link per iniziare il processo di ripristino.
+recovery_intro_email.important=Importante:
+recovery_intro_email.process=Il processo di ripristino deve essere utilizzato solo se ha perso l'accesso ai suoi fattori di accesso (app AGOV access eliminata, chiave di sicurezza persa, telefono smarrito, ecc.).
+recovery_intro_email_sent.banner.button=Non avete ricevuto l'e-mail?
+recovery_intro_email_sent.banner.success=Grazie! &Egrave; stata inviata un&rsquo;e-mail contenente il codice di ripristino e le istruzioni.
+recovery_on_going.finishRecovery=Completare il ripristino
+recovery_on_going.instruction=&Egrave; in corso un processo di ripristino. Il processo di ripristino pu&ograve; includere una verifica dell&rsquo;identit&agrave;. Per accedere alle applicazioni con il proprio AGOV-Login, &egrave; necessario completare la verifica dell&rsquo;identit&agrave;.
+recovery_on_going.title=Completare il processo di ripristino.
+recovery_questionnaire_instructions.banner.info=Tenga presente che in alcuni casi &egrave; necessario utilizzare il codice di ripristino per un ripristino riuscito.
+recovery_questionnaire_instructions.explanation=In base alle sue risposte sembra essere necessario un ripristino AGOV-Login. Fare clic su Continua e seguire le istruzioni visualizzate sullo schermo.
+recovery_questionnaire_instructions.instruction1=Indichi l&rsquo;indirizzo e-mail associato al suo account, cos&igrave; potremo inviarle un link per iniziare il processo di ripristino
+recovery_questionnaire_instructions.instruction2=Si prega di seguire i passaggi per recuperare il suo account (i passaggi varieranno a seconda del livello di verifica dell'account)
+recovery_questionnaire_loginfactor.banner.error=Si prega di selezionare una risposta.
+recovery_questionnaire_loginfactor.no=No
+recovery_questionnaire_loginfactor.question=Ha registrato pi&ugrave; di un fattore di accesso (app AGOV access o chiave di sicurezza) al suo account?
+recovery_questionnaire_loginfactor.yes=Si
+recovery_questionnaire_no_recovery.explanation1=In base alle sue risposte, l'opzione di ripristino AGOV non sembra necessaria al momento.
+recovery_questionnaire_no_recovery.explanation2=Se ha bisogno di ulteriori informazioni, visiti <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> per articoli di supporto.
+recovery_questionnaire_no_recovery.instruction1=Se riscontra problemi di accesso a un'applicazione, visiti <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> e verifichi se pu&ograve; accedere con successo.
+recovery_questionnaire_no_recovery.instruction2=Se ha registrato pi&ugrave; fattori di accesso ma ha perso l'accesso a uno di essi, visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> per rimuovere quello a cui ha perso l'accesso.
+recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza
+recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app AGOV access o chiave di sicurezza)
+recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione
+recovery_questionnaire_reason_selection.answer3=Ho eliminato, reinstallato o reimpostato l&rsquo;app AGOV access, oppure risulta che non ci sono account definiti
+recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza
+recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app AGOV access
+recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app AGOV access
+recovery_questionnaire_reason_selection.answer7=Ho i miei token di sicurezza o le mie app, ma ho avuto problemi ad accedere
+recovery_questionnaire_reason_selection.answer8=Ho perso l'accesso a tutte le mie chiavi di sicurezza e alle app AGOV access
+recovery_questionnaire_reason_selection.answer9=Ho problemi con uno dei miei fattori di accesso (PIN cancellato, reimpostato, dimenticato)
+recovery_questionnaire_reason_selection.banner.error=Si prega di selezionare il motivo.
+recovery_questionnaire_reason_selection.instruction=Selezioni il motivo per cui sta iniziando il processo di ripristino:
+recovery_start_info.banner.warning=Non &egrave; possibile utilizzare l&rsquo;account finch&eacute; il processo di ripristino non sar&agrave; concluso.
+recovery_start_info.instruction=Durante il processo di ripristino registrer&agrave; un nuovo fattore di login. Se il suo account contiene informazioni verificate, potrebbe dover effettuare anche un processo di verificazione per completare il ripristino.
+recovery_start_info.title=Sta per iniziare il processo di ripristino
+timeout.description=La sessione &egrave; scaduta. Chiuda questa finestra e provi ad accedere nuovamente.
+timeout.title=Sessione scaduta
+title=NEVIS SSO Portal
+title.login=Login
+title.pwchange.label=Cambiare Password
+title.pwreset=Password Dimenticata
+user_input.invalid.email=Inserire un'e-mail valida.
+user_input.invalid.email.required=Campo obbligatorio
+user_input.invalid.email.tooLong=Il testo inserito &egrave; troppo lungo.

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/resources/conf/text_rm.properties

@@ -0,0 +1,286 @@
+
+agov-ident.done.message=Your AGOV account is now ready for use. Please close this page.
+agov-ident.done.title=Done
+agov-ident.failed.instruction=You need an AGOV account and pass the suggested data verification to successfully finish the on-boarding. Please try again.
+agov-ident.failed.message=Onboarding cancelled or data verification postponed
+agov-ident.failed.title=Verification needed
+agov-ident.invalid-url.instruction=The link you used to access this page isn't valid. Please make sure you use it as received without any typos or click it directly on the page, where it is published.
+agov-ident.invalid-url.message=Link can't be processed
+agov-ident.invalid-url.title=Invalid Link
+agov-ident.onboarding=Registration & Verification
+agov-ident.retry=Try again
+darkModeSwitch.aria.label=Activar l'apparientscha stgira
+dimilar.confirm_identity.checkbox=Jau conferm che quest en mias datas
+dimilar.confirm_identity.description=Per cuntinuar, confermai che las datas sutvart saudan a Vus per plaschair
+dimilar.confirm_identity.error=Per cuntinuar, confermai che las datas saudan a Vus per plaschair.
+dimilar.confirm_identity.link=If this is not your data, please visit <a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar.confirm_identity.title=Confermar las datas
+dimilar.select_onboarding.description=Bainvegn&igrave; ad AGOV. Cumplettai Voss Onboarding cun connectar in conto AGOV nov u gia existent.
+dimilar.select_onboarding.error-banner=Selecziunai in'opziun, per cuntinuar
+dimilar.select_onboarding.existing-account=Onboarding cun in conto AGOV gia existent
+dimilar.select_onboarding.proceeding=Co vulais Vus cuntinuar?
+dimilar.select_onboarding.registering-account=Onboarding cun in nov conto AGOV
+dimilar.select_onboarding.title=Allegra !!!FIRSTNAME!!! !!!LASTNAME!!!,
+dimilar.token_error.support=For support please visit <a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar.token_error.token_expired=Token scad&igrave; u gia duvr&agrave;.
+dimilar_onboarding.aborted.link=If you require support please visit <a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar_onboarding.aborted.message=Onboarding suspend&igrave;. Empruvai anc ina giada.
+dimilar_onboarding.failed.link=<a class='link' href='https://agov.ch/dimilar' target='_blank'>https://agov.ch/dimilar</a>.
+dimilar_onboarding.failed.message=Onboarding suspend&igrave;. Contactai per plaschair il support.
+dimilar_onboarding.successful.message=Onboarding cun conto AGOV reuss&igrave;. Vus pudais ussa acceder a Dimilar qua <a class='link' href='https://www.armee.ch/dim' target='_blank'>https://www.armee.ch/dim</a>.
+dimilar_onboarding.title=Registrar
+error_1=Controllai Vossas indicaziuns per plaschair.
+error_10=Selecziunai il conto d'utilisader correct.
+error_100=I n'&egrave; betg pussaivel da chargiar si il certificat. Quest certificat exista gia. Contactai il helpdesk.
+error_101=L'adressa d'e-mail endatada n'&egrave; betg valaivla.
+error_11=Duvrai in auter certificat u As annunziai cun in auter factur da login.
+error_2=Selecziunai in auter num d'utilisader.
+error_3=Sche la proxima autentificaziun na reussescha betg vegn Voss conto blocc&agrave;.
+error_4=Voss nov pled-clav n'&egrave; betg confurm a las directivas da segirezza. Selecziunai in auter pled-clav per plaschair.
+error_403.description=Vus n'essas betg autoris&agrave; d'acceder a questa applicaziun.
+error_403.title=Betg autoris&agrave;
+error_404.description=La pagina che Vus tschertgais n'exista betg.
+error_404.title=Pagina nunchattabla
+error_5=Sbagl da confermar il pled-clav.
+error_50=Il nov pled-clav &egrave; memia curt.
+error_500.description=Igl ha d&agrave; ina interrupziun dal servetsch. Nus lavurain vidlonder.
+error_500.title=Insatge n'ha betg funcziun&agrave;.
+error_502.description=Nus lavurain vidlonder. Empruvai anc ina giada pli tard per plaschair.
+error_502.title=Insatge n'ha betg funcziun&agrave;.
+error_55=Il nov pled-clav sto esser different da pled-clavs vegls.
+error_6=Midada d'il pled-clav &egrave; necessaria.
+error_7=Midada da la login ID &egrave; necessaria.
+error_8=Voss conto &egrave; vegn&igrave; blocc&agrave; pervia da memia bleras emprovas d'autentificaziun che n'&egrave;n betg reussidas.
+error_81=Chatt&agrave; nagina carta d'access, l'access sur l'internet &egrave; vegni refus&agrave;.
+error_83=Vossa carta d'access n'&egrave; betg pli valaivla. Contactai Voss consulent per survegnir ina nova carta d'access.
+error_9=I n'ha betg funcziun&agrave; da surpigliar la sessiun.
+error_97=Vus n'essas betg autoris&agrave; d'acceder a questa resursa.
+error_98=Voss conto &egrave; vegn&igrave; blocc&agrave;.
+error_99=Problems da sistem: Empruvai anc ina giada pli tard.
+error_9901=Vus duvrais in link da onboarding valaivel per pudair acceder a questa pagina.
+error_9902=L'adressa d'e-mail che vegn duvrada per l'autentificaziun na correspunda betg a l'adressa dad e-mail da AGOV operations. Dumandai per in nov link da onboarding.
+error_9903=L'IdP n'ans ha betg tramess ina assertion valaivla. Controllai che Vus dovrias la correcta IdP. Dumandai il support per in nov link da onboarding.
+error_9904=Voss link n'&egrave; betg pli valaivel. Controllai che Vus dovrias il link il pli actual che Vus avais survegn&igrave; d'AGOV operations. Dumandai per in nov link en cass che il problem persista vinavant.
+error_9905=I dat in problem cun Voss conto AGOV operations. Contactai per plaschair il support.
+error_9909=Igl &egrave; capit&agrave; in sbagl intern. Dumandai il support per in nov link da onboarding.
+errors.duplicateValue=Voss conto &egrave; gia colli&agrave; cun in auter access d'operaziun.
+fido2_auth.cancel.fido=L'autentificaziun cun la clav da segirezza &egrave; vegnida interrutta. Controllai che Vossa clav FIDO saja registrada e che Voss e-mail saja correct.
+fido2_auth.instruction1=Cliccai sin "Vinavant"
+fido2_auth.instruction2=En curt vegn ina fanestra d'autentificaziun ad aviar
+fido2_auth.instruction3=Suandai las instrucziuns
+fido2_auth.skipInstructions=Sursiglir las instrucziuns la proxima giada
+fido2_auth.switchLogin=ANNUNZIAR CUN
+footer.link=https://agov.ch
+footer.link.label=Contact
+footer.text=Servetsch d&rsquo;autentificaziun da las autoritads svizras AGOV &ndash; Ina collavuraziun dals chantuns, lur vischnancas e l&rsquo;administraziun federala. -
+general.AGOVAccessApp=App AGOV access
+general.accessApp=App AGOV access
+general.authenticate=Autentifitgar
+general.back=Enavos
+general.cancel=Interrumper
+general.confirm=Confermar
+general.contactSupport=Contactar il support
+general.continue=Vinavant
+general.data.birthDate=Data da naschientscha
+general.data.birthDateFormat=DD.MM.AAAA
+general.data.enrollmentNumber=Enrolment number (SSN/AHV number)
+general.data.firstname=Prenum
+general.data.lastname=Num
+general.edit=Modifitgar
+general.email=E-mail
+general.email.address=Adressa d'e-mail
+general.entryCode=Endatar il code
+general.fieldRequired=Champ obligatoric
+general.generalAccessApp=App access
+general.getStarted=Cumenzar
+general.goAGOVHelp=Vinavant a AGOV help
+general.goAccessApp=Login cun AGOV access
+general.goToAccessApp=Cuntinuai a Vossa app AGOV access
+general.help=Agid
+general.help.link=https://agov.ch/help
+general.login=Login
+general.login.accessApp=Annunziar cun la App Access
+general.login.securityKey=Annunziar cun la clav da segirezza
+general.loginSecurityKey=Iniziar il login cun la clav da segirezza
+general.moreOptions=DAPLI OPTIONS
+general.or=U
+general.otherLoginMethods=Ulteriuras metodas da login
+general.recovery=Recuperaziun
+general.recovery.help.link=https://help.agov.ch/?c=100recovery
+general.recoveryCode.downloadPdf=Telechargiar en furma da PDF
+general.recoveryCode.inputLabel=Code da recuperaziun
+general.recoveryCode.repeatCodeError=Il code che Vus avais endat&agrave; n'&egrave; betg correct. Controllai che Vus l'hajas arcun&agrave; correctamain ed endatai el anc ina giada.
+general.recoveryCode.repeatCodeModal.description=Per verifitgar che Vus hajas arcun&agrave; correctamain Voss code, al repeti qua sutvart per plaschair. In code da recuperaziun pers u betg arcun&agrave; correctamain po difficultar la recuperaziun da Voss conto.
+general.recoveryCode.repeatCodeModal.title=Repeter il code da recuperaziun
+general.recoveryCode.reveal=Scuvrir il code da recuperaziun
+general.recoveryOngoing=Recuperaziun betg terminada
+general.register=Registrar
+general.registerNow=As registrai ussa!
+general.registration=Registraziun
+general.registration.dontHaveAnAccountYet=N'avais Vus anc nagin account AGOV?
+general.registration.seeOptions=Mussar las metodas da registraziun
+general.securityKey=Clav da segirezza
+general.skip.content=Avanzar a la part principala
+general.wrongPhoneNumber=Endatai in numer da telefonin valid
+generic.auth.error.message=Igl ha d&agrave; ina interrupziun dal servetsch. Nus lavurain vidlonder.
+generic.auth.error.next.steps=Empruvai pli tard anc ina giada per plaschair. Visitai AGOV help en cass che il problem persista vinavant.
+generic.auth.error.subtitle=Insatge n'ha betg funcziun&agrave;.
+generic.auth.error.title=Errur
+language.de=Deutsch
+language.en=English
+language.fr=Fran&ccedil;ais
+language.it=Italiano
+language.rm=Rumantsch
+languageDropdown.aria.label=Selecziunar la lingua
+loainfo.description.200=Per acceder a questa applicaziun, stuain nus verifitgar Vossas datas. Quest process po durar fin 2&ndash;3 dis.
+loainfo.description.300=Per acceder a questa applicaziun, stuain nus verifitgar Vossas datas. Vus pudais selecziunar vossa metoda preferida en il proxim pass.
+loainfo.description.400=Per acceder a questa applicaziun stuais Vus inditgar Voss numer AVS.
+loainfo.helper=Vossas datas persunalas ston vegnir verifitgadas!
+loainfo.later=Pli tard
+loainfo.startNow=Vulais Vus ussa cumenzar cun il process?
+loainfo.startVerification=Cumenzar
+loainfo.title=Verifitgai Vossas datas
+loggedout.description=Voss logout &egrave; reuss&igrave;.
+loggedout.title=Deconnect&agrave;
+mauth_usernameless.EID=Vinavant cun la e-ID svizra
+mauth_usernameless.banner.error=Autentificaziun interrutta. <br>Empruvai anc ina giada suenter che la pagina &egrave; rechargiada per plaschair.
+mauth_usernameless.banner.info=Scan reuss&igrave;. Cuntinuai per plaschair en l'app AGOV access.
+mauth_usernameless.banner.success=Autentificaziun reussida <br>Spetgai fin che Vus essas annunziads per plaschair.
+mauth_usernameless.cannotLogin=Avais Vus pers l'access a l'app / la clav da segirezza?
+mauth_usernameless.cannotLogin.accessApp=Avais Vus pers l'access a Vossa app?
+mauth_usernameless.cannotLogin.securityKey=Avais Vus pers l'access a Vossa clav da segirezza?
+mauth_usernameless.hideQR=Zuppentar il code QR
+mauth_usernameless.instructions=Per As annunziar, scannai il code QR cun Vossa app AGOV access
+mauth_usernameless.noAccount=N'avais Vus anc nagin conto AGOV?
+mauth_usernameless.selectLoginMethod=Selecziunai ina metoda da login
+mauth_usernameless.showQR=Mussar il code QR
+mauth_usernameless.startRecovery=Cumenzar cun la recuperaziun dal conto
+mauth_usernameless.useSecurityKey=Duvrai ina clav da segirezza per As annunziar
+mauth_usernameless.useSecurityKeyInfo=Ina clav da segirezza fisica pussibilitescha ina annunzia segira senza telefonin.
+onboard_linking_account_auth.fido_instructions=Ina clav da segirezza fisica pussibilitescha in Onboarding da Voss conto segir senza telefonin.
+onboard_linking_account_auth.instructions=Faschai il Onboarding da Voss conto AGOV entras scannar il code QR cun Vossa app AGOV access
+onboarding.cancel-onboarding=Essas tscherts che Vus vulais interrumper il process d'Onboarding?
+onboarding.cancel-onboarding-description=Per saver cumenzar cun ina recuperaziun da Voss conto stuais Vus interrumper il process d'Onboarding.
+onboarding.cancel-proceed-recovery=Gea, interumper e cumenzar cun la recuperaziun
+onboarding.login-factor=Pass 1 - Factur da login
+onboarding.with-agov.title=Onboarding cun conto AGOV
+onboarding_account.switchLinking=Midar al Onboarding cun
+onboarding_account_auth.loginSecurityKey=Cummenzar il Onboarding cun la clav da segirezza
+onboarding_account_auth.useSecurityKey=Utilisa&igrave; vossa clav da segirezza per cuntinuar cun Voss account AGOV
+op-admin.login=AGOV op admin
+op-admin.login.intro.message=Login cun Voss num d'utilisader e cun Voss pled-clav
+op-admin.login.loginid=LoginId
+op-admin.login.password=Pled-clav
+op-admin.login.title=Login
+op-admin.logout=AGOV op admin
+op-admin.logout.message=Voss logout &egrave; reuss&igrave;.
+op-admin.logout.title=Deconnectar
+op-admin.pwchange.intro.message=Midada d'il pled-clav &egrave; necessaria
+op-admin.pwchange.newpassword=Nov pled-clav
+op-admin.pwchange.newpassword2=Repeter il nov pled-clav
+op-admin.pwchange.password=Pled-clav actual
+op-admin.pwchange.title=Midada d'il pled-clav
+op-idmlogin.role.accs-mgmt-idm=Management dals dretgs d'access IDM
+op-idmlogin.role.accs-mgmt-nonidm=Management dals dretgs d'access
+op-idmlogin.role.idmcfg-mgmt=IDM set-up
+op-idmlogin.role.readonly-access=Access da standard (mo dretgs da leger)
+op-idmlogin.role.support-basic=Cas da support (recuperaziun, …)
+op-idmlogin.role.support-priv=Support dal 3. nivel (archivaziun, deconnecziuns)
+op-idmlogin.role.usr-mgmt=Administraziun dals utilisaders (operations)
+op-idmlogin.role.usr-unit-mgmt=Administraziun dals utilisaders e da l'organisaziun (operations)
+op-idmlogin.select=AGOV idm
+op-idmlogin.select.intro=Selecziunai in d'ils profils suandants per plaschair...
+op-idmlogin.select.note=Ils profils marcads cun * duessan mo vegnir duvrads per tschertas incumbensas da support u da release.
+op-idmlogin.select.title=Selecziun dal profil
+op-onboarding.done.message=Il onboarding &egrave; reuss&igrave;. Vus pudais ussa duvrar Voss access AGOV operations. Serrai il browser per plaschair avant che acceder ad AGOV operations.
+op-onboarding.done.title=FIN&Igrave;
+op-onboarding.failed.title=ERRUR
+op-onboarding.intro.message1=Per concluder la registraziun da Voss access AGOV operations duvrais Vus in conto AGOV u in conto FED-LOGIN.
+op-onboarding.intro.message2=Suenter avair clicc&agrave; sin &laquo;Vinavant&raquo; vegnis Vus dirig&igrave; a l'autentificaziun.
+op-onboarding.intro.message3=Sche Vus utilisais AGOV ed il conto na correspunda anc betg al nivel dad AGOVaq necessari, survegnis Vus la pussaivladad da cumenzar la verificaziun d'identitad che &egrave; necessaria.
+op-onboarding.intro.title=START
+op-onboarding.onboarding=AGOV op onboarding
+op-onboarding.process.message=Igl ha d&agrave; in sbagl. Contactai il support dad AGOV e dumandai per in nov link da registraziun, sche necessari.
+providePhoneNumber.banner=Il numer da telefonin sto esser capabel da retschaiver SMS. El na vegn betg duvr&agrave; per As contactar.
+providePhoneNumber.description=AGOV pussibilitescha ussa la recuperaziun cun agid dal numer da telefonin. Durant la recuperaziun pudais Vus ussa cuntinuar cun in SMS, en cas che Vus avais pers Voss code da recuperaziun.
+providePhoneNumber.errorBanner=Ils numers da telefonin na correspundan betg in a l'auter. Empruvai danovamain per plaschair.
+providePhoneNumber.inputLabel=Numer da telefonin (opziunal)
+providePhoneNumber.laterModal.description1=Senza numer da telefonin po la recuperaziun da Voss conto cuzzar fin 4 dis, en cas che Vus perdais Voss code da recuperaziun.
+providePhoneNumber.laterModal.description2=Agiuntar in numer da telefonin pussibilitescha ina recuperaziun da Voss conto en paucas minutas.
+providePhoneNumber.laterModal.description3=Quest numer da telefonin na vegn betg duvr&agrave; per As contactar.
+providePhoneNumber.laterModal.title=Cuntinuar senza numer da telefonin?
+providePhoneNumber.modal.description=Per verifitgar che Vus hajas arcun&agrave; correctamain Voss numer da telefonin, al repeti qua sutvart per plaschair. In numer da telefonin betg arcun&agrave; correctamain po difficultar la recuperaziun da Voss conto.
+providePhoneNumber.modal.inputLabel=Numer da telefonin
+providePhoneNumber.modal.title=Reper il numer da telefonin
+providePhoneNumber.saveButtonText=Arcunar
+providePhoneNumber.title=Inditgar in numer da telefonin
+qrCode.label=Cliccai per avrir il code QR en ina fanestra separada.
+recovery_accessapp_auth.accessAppRegistered=App AGOV access gia registrada
+recovery_accessapp_auth.instruction1=Vus avais gia registr&agrave; ina nova app AGOV access !!!ACCESS_APP_NAME!!! durant il process da recuperaziun.
+recovery_accessapp_auth.instruction2=Utilisai per plaschair !!!ACCESS_APP_NAME!!! per As identifitgar.
+recovery_check_code.banner.lockedError=Memia bleras emprovas d'endataziun nunvalaivlas. Empruvai anc ina giada en intginas minutas.
+recovery_check_code.codeIncorrect=Il code endat&agrave; n'&egrave; betg correct. Empruvai anc ina giada.
+recovery_check_code.enterRecoveryCode=Code da recuperaziun
+recovery_check_code.expired=Memia bleras emprovas u Voss code da recuperaziun &egrave; scad&igrave;.
+recovery_check_code.instruction=Endatai qua sutvart Voss code da recuperaziun persunal cun 12 cifras. Vus avais survegn&igrave; il code da recuperaziun en ina datoteca PDF a chaschun da la registraziun u en AGOV me.
+recovery_check_code.invalid.code=Il code &egrave; nunvalaivel
+recovery_check_code.invalid.code.required=Code necessari
+recovery_check_code.invalid.code.tooLong=Il code &egrave; memia lung
+recovery_check_code.noAccess=Jau n'hai betg access a mes code
+recovery_check_code.noCodeAccess=Essas Vus segirs che Vus n'avais betg access a Voss code da recuperaziun?
+recovery_check_code.noCodeAccessInstructions=Sche Vus avais pers access a Voss code da recuperaziun giai ad AGOV help per contactar insatgi d'il support dad AGOV. Questa Persuna As vegn a sustegnair cun il process da recuperaziun.
+recovery_check_code.too_many_tries.instruction1=Il code da recuperaziun che Vus avais endat&agrave; &egrave; eventualmain scad&igrave; u Vuss avais empruv&agrave; da l'endatar memia bleras giadas.
+recovery_check_code.too_many_tries.instruction2=Giai per plaschair ad AGOV help per contactar insatgi d'il support. Questa Persuna As vegn a sustegnair cun il process da recuperaziun.
+recovery_check_noCode.banner.error=Memia bleras emprovas.
+recovery_check_noCode.instruction1=Vuss avais eventualmain empruv&agrave; da endatar il code da recuperaziun memia bleras giadas.
+recovery_check_noCode.instruction2=Serrai per plaschair il browser da web e cumenzai anc ina giada cun la recuperaziun da Voss conto en 10 minutas a <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
+recovery_code.banner.error=Scuvrir Voss code da recuperaziun per pudair cuntinuar.
+recovery_code.instruction=Il code da recuperaziun As permetta d'acceder a Voss conto en cas che Vus avais pers tut Voss facturs da login. Tegnai en salv quest code da recuperaziun en in lieu segir per plaschair.
+recovery_code.newRecoveryCode=Introducziun dal code da recuperaziun
+recovery_code.validUntil=Valaivel enfin:
+recovery_fidokey_auth.button=Cumenzar la autentificaziun da clav
+recovery_fidokey_auth.fidoInstruction=Cliccai sin &laquo;Cumenzar la autentificaziun da clav&raquo;
+recovery_fidokey_auth.instruction1=Vus avais gia registr&agrave; ina nova clav da segirezza !!!SECURITY_KEY_NAME!!! durant il process da recuperaziun.
+recovery_fidokey_auth.instruction2=Utilisai per plaschair !!!SECURITY_KEY_NAME!!! e suandai ils pass qua sutvart per As identifitgar.
+recovery_fidokey_auth.keyRegistered=Clav da sgirezza gia registrada
+recovery_intro_email.banner.error=Il link che Vus avais duvr&agrave; &egrave; scad&igrave;. Endatai Vossa adressa d'e-mail per survegnir in nov link.
+recovery_intro_email.banner.info=Inditgai Vossa adressa d'e-mail. Nus As tramettain in link cun il qual Vus pudais cumenzar cun il process da recuperaziun.
+recovery_intro_email.important=Impurtant:
+recovery_intro_email.process=Il process da recuperaziun duess mo vegnir duvr&agrave; en cas che Vus avais pers l'access a Voss facturs da login (stizz&agrave; l'app AGOV access, pers la clav da segirezza, pers il telefonin etc.).
+recovery_intro_email_sent.banner.button=N'avais betg retschav&igrave; il e-mail?
+recovery_intro_email_sent.banner.success=Grazia fitg! Proximamain vegnis Vus a retschaiver in e-mail cun in link da recupraziun ed instrucziuns.
+recovery_on_going.finishRecovery=Concluder la recuperaziun
+recovery_on_going.instruction=In process da recuperaziun &egrave; en curs. Il process da recuperaziun po cumpigliar ina verificaziun d'identitad. Per avair access ad applicaziuns cun Voss AGOV-Login, stuais Vus terminar la verificaziun d'identitad.
+recovery_on_going.title=Concludai Voss process da recuperaziun per plaschair.
+recovery_questionnaire_instructions.banner.info=Resguardai che en tscherts cas stuais Vus avair access a Voss code da recuperaziun per che la recupraziun po reussir.
+recovery_questionnaire_instructions.explanation=Sin basa da Vossas respostas pari d'esser necessari da recuperar Voss login AGOV. Cliccai sin Vinavant e suandai las instrucziuns sin il monitur.
+recovery_questionnaire_instructions.instruction1=Inditgai l'adressa d'e-mail da Voss login AGOV. Nus As tramettain in link cun il qual Vus pudais cumenzar il process da recuperaziun
+recovery_questionnaire_instructions.instruction2=Suandai ils pass per recuperar Voss conto (ils pass varieschan tenor il nivel da verificaziun da Voss conto)
+recovery_questionnaire_loginfactor.banner.error=Selecziunai ina resposta per plaschair.
+recovery_questionnaire_loginfactor.no=Na
+recovery_questionnaire_loginfactor.question=Avais Vus registr&agrave; pli che in factur da login (app AGOV access u clav da segirezza) per Voss login AGOV?
+recovery_questionnaire_loginfactor.yes=Gea
+recovery_questionnaire_no_recovery.explanation1=Sin basa da Vossas respostas na pari betg d'esser necessari da recuperar Voss login AGOV per il mument.
+recovery_questionnaire_no_recovery.explanation2=Sche Vus duvrais ulteriuras infurmaziuns, consultai <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> per artitgels da support.
+recovery_questionnaire_no_recovery.instruction1=Sche Vus avais difficultads d'As annunziar per in'applicaziun, visitai <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> e verifitgai sche Vus As pudais annunziar cun success.
+recovery_questionnaire_no_recovery.instruction2=Sche Vus avais registr&agrave; plirs facturs da login, ma avais pers l'access ad in dad els, consultai <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> per stizzar il factur da login pers.
+recovery_questionnaire_reason_selection.answer1=Jau hai problems da m'annunziar, malgr&agrave; che jau hai mia app / clav da segirezza
+recovery_questionnaire_reason_selection.answer10=Jau hai pers in da mes facturs da login (app AGOV access u clav da segirezza)
+recovery_questionnaire_reason_selection.answer2=Jau n'hai betg pud&igrave; terminar mia registraziun
+recovery_questionnaire_reason_selection.answer3=Jau hai stizz&agrave;, u reinizialis&agrave; mia app AGOV access, u igl &egrave; inditg&agrave; che nagin conto exista
+recovery_questionnaire_reason_selection.answer4=Jau hai pers mes telefonin / mia clav da segirezza
+recovery_questionnaire_reason_selection.answer5=Jau hai in nov telefonin ed hai emblid&agrave; da transferir mia app AGOV access
+recovery_questionnaire_reason_selection.answer6=Jau hai emblid&agrave; il PIN per mia app AGOV access
+recovery_questionnaire_reason_selection.answer7=Jau hai mias clavs da segirezza u mias apps, hai dentant g&igrave; problems da m'annunziar
+recovery_questionnaire_reason_selection.answer8=Jau hai pers l'access a tut mias clavs da segirezza ed apps AGOV
+recovery_questionnaire_reason_selection.answer9=Jau hai problems cun in da mes facturs da login (stizz&agrave;, mess enavos, PIN emblid&agrave;)
+recovery_questionnaire_reason_selection.banner.error=Selecziunai in motiv per plaschair.
+recovery_questionnaire_reason_selection.instruction=Selecziunai per plaschair il motiv pertge che Vus cumenzais il process da recuperaziun:
+recovery_start_info.banner.warning=Vus na pudais betg utilisar Voss conto, fin ch'il process da recuperaziun &egrave; termin&agrave;.
+recovery_start_info.instruction=Durant il process da recuperaziun vegnis Vus a registrar in nov factur da login. Sche Voss conto cuntegna infurmaziuns verifitgadas, stuais Vus eventualmain er far in process da verificaziun per pudair terminar il process da recuperaziun.
+recovery_start_info.title=Vus essas vidlonder da cumenzar cun il process da recuperaziun
+timeout.description=Vossa sessiun &egrave; scadida. Serrai questa fanestra ed empruvai anc ina giada d'acceder per plaschair.
+timeout.title=Sessiun scadida
+user_input.invalid.email=Endatai in'adressa d'e-mail valida
+user_input.invalid.email.required=Champ obligatoric
+user_input.invalid.email.tooLong=Il text endat&agrave; e memia lung

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/authcloud_login.js

@@ -0,0 +1,165 @@
+let baseURL; // base URL
+let statusToken; // used to check progress
+let dispatcherElement; // to display link or QR code
+let infoElement; // to display info text
+let errorElement; // to display error text
+
+function addInput(form, name, value) {
+  const input = document.createElement("input");
+  input.name = name;
+  input.value = value;
+  form.appendChild(input);
+}
+
+function submitStatus(status) {
+  // we have to do a form POST instead of AJAX
+  const form = document.createElement("form");
+  form.method = "POST";
+  form.style.display = "none";
+  addInput(form, "status", status);
+  document.body.appendChild(form);
+  form.submit();
+}
+
+const Status = {
+    _pollInterval: 2 * 1000, // Check every 2 seconds
+    latest: null,
+
+    startPolling: function (token, uiCallback) {
+        let interval = setInterval(async () => {
+            await this._check(token).then(function (resp) {
+                console.log("Polling status: %o", resp);
+                uiCallback && uiCallback(resp, false);
+                return Status.latest = resp;
+            })
+            .catch(function (err) {
+                console.error("Error during polling: %o", err);
+                return false;
+            });
+            if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) {
+                // Done!
+                console.log('Latest status is: %o', this.latest);
+                uiCallback && uiCallback(this.latest, true);
+                clearInterval(interval);
+            }
+        }, this._pollInterval);
+    },
+
+    _check: async function (token) {
+        const payload = { statusToken: token };
+        const response = await fetch(baseURL + 'api/v1/status', {
+            method: 'POST',
+            mode: 'cors',
+            cache: 'no-cache',
+            credentials: 'omit',
+            headers: {
+                'Accept': 'application/json',
+                'Content-Type': 'application/json;charset=utf-8'
+            },
+            body: JSON.stringify(payload),
+            redirect: 'follow',
+            referrerPolicy: 'no-referrer'
+        });
+
+        return await response.json();
+    }
+};
+
+function setDeepLinkLabel(button) {
+    const text = document.getElementsByName('info.deeplink')[0].value;
+    button.innerHTML = text;
+}
+
+function messageScanQR() {
+    const text = document.getElementsByName('info.qrcode')[0].value;
+    infoElement.innerHTML = text;
+}
+
+function messageCheckPhone() {
+    const text = document.getElementsByName('info.check.phone')[0].value;
+    infoElement.innerHTML = text;
+}
+
+const Element = {
+
+    _elem: null, // QR code or deep link depending on device
+
+    show: function (appLink) {
+        const userAgent = navigator.userAgent || navigator.vendor || window.opera;
+        const isIphone = 'iPhone' === navigator.platform;
+        const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent);
+        if (isAndroid || isIphone) {
+            this._elem = document.createElement('a');
+            this._elem.setAttribute('href', appLink);
+            this._elem.setAttribute('class', 'btn btn-primary');
+            this._elem.setAttribute('target', '_blank');
+            dispatcherElement.appendChild(this._elem);
+            setDeepLinkLabel(this._elem);
+        }
+        else {
+            const authenticationType = document.getElementsByName('authenticationType')[0].value;
+            if (authenticationType == 'push') {
+                messageCheckPhone();
+            }
+            else {
+                messageScanQR();
+                this._elem = document.createElement('canvas');
+                dispatcherElement.appendChild(this._elem);
+                var qrcode = new QRious({
+                  element: this._elem,
+                  foreground: "#168CA9",
+                  level: "M",
+                  size: 280,
+                  value: appLink
+                });
+            }
+        }
+    },
+
+    hide: function() {
+        // hide the element which was shown
+        if (this._elem != null) {
+            this._elem.style.display = "none";
+        }
+    }
+};
+
+function authenticateUser(appLink) {
+    Element.show(appLink);
+    console.log('Starting Authentication Cloud status polling...');
+    Status.startPolling(statusToken, (st, done) => {
+        if (st.status === 'succeeded') {
+            console.log('Authentication Cloud login done.');
+            submitStatus('succeeded')
+        }
+        else if (st.status === 'failed') {
+            // failed: The transaction failed, either by timeout or because the user did not accept.
+            console.warn('Authentication Cloud login failed. User abort or timeout.');
+            submitStatus('failed')
+        }
+        else if (st.status === 'unknown') {
+            console.error('Authentication Cloud login failed. Unknown status.');
+            submitStatus('unknown')
+        }
+    });
+}
+
+function init() {
+
+    const form = document.getElementById('authcloud_login');
+
+    baseURL = form.url.value;
+    statusToken = form.statusToken.value;
+
+    infoElement = document.getElementById('authcloud_info');
+    errorElement = document.getElementById('authcloud_error');
+
+    dispatcherElement = document.getElementById('authcloud_dispatch');
+
+    const appLink = form.appLink.value;
+    authenticateUser(appLink);
+}
+
+window.onload = function() {
+  init();
+};

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/authcloud_onboard.js

@@ -0,0 +1,154 @@
+let baseURL; // base URL
+let statusToken; // used to check progress
+let dispatcherElement; // to display link or QR code
+let infoElement; // to display info text
+let errorElement; // to display error text
+
+function addInput(form, name, value) {
+  const input = document.createElement("input");
+  input.name = name;
+  input.value = value;
+  form.appendChild(input);
+}
+
+function submitStatus(status) {
+  // we have to do a form POST instead of AJAX
+  const form = document.createElement("form");
+  form.method = "POST";
+  form.style.display = "none";
+  addInput(form, "status", status);
+  document.body.appendChild(form);
+  form.submit();
+}
+
+const Status = {
+    _pollInterval: 2 * 1000, // Check every 2 seconds
+    latest: null,
+
+    startPolling: function (token, uiCallback) {
+        let interval = setInterval(async () => {
+            await this._check(token).then(function (resp) {
+                console.log("Polling status: %o", resp);
+                uiCallback && uiCallback(resp, false);
+                return Status.latest = resp;
+            })
+            .catch(function (err) {
+                console.error("Error during polling: %o", err);
+                return false;
+            });
+            if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) {
+                // Done!
+                console.log('Latest status is: %o', this.latest);
+                uiCallback && uiCallback(this.latest, true);
+                clearInterval(interval);
+            }
+        }, this._pollInterval);
+    },
+
+    _check: async function (token) {
+        const payload = { statusToken: token };
+        const response = await fetch(baseURL + 'api/v1/status', {
+            method: 'POST',
+            mode: 'cors',
+            cache: 'no-cache',
+            credentials: 'omit',
+            headers: {
+                'Accept': 'application/json',
+                'Content-Type': 'application/json;charset=utf-8'
+            },
+            body: JSON.stringify(payload),
+            redirect: 'follow',
+            referrerPolicy: 'no-referrer'
+        });
+
+        return await response.json();
+    }
+};
+
+function setDeepLinkLabel(button) {
+    const text = document.getElementsByName('info.deeplink')[0].value;
+    button.innerHTML = text;
+}
+
+function messageScanQR() {
+    const text = document.getElementsByName('info.qrcode')[0].value;
+    infoElement.innerHTML = text;
+}
+
+const Element = {
+
+    _elem: null, // QR code or deep link depending on device
+
+    show: function (appLink) {
+        const userAgent = navigator.userAgent || navigator.vendor || window.opera;
+        const isIphone = 'iPhone' === navigator.platform;
+        const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent);
+        if (isAndroid || isIphone) {
+            this._elem = document.createElement('a');
+            this._elem.setAttribute('href', appLink);
+            this._elem.setAttribute('class', 'btn btn-primary');
+            this._elem.setAttribute('target', '_blank');
+            dispatcherElement.appendChild(this._elem);
+            setDeepLinkLabel(this._elem);
+        }
+        else {
+            messageScanQR();
+            this._elem = document.createElement('canvas');
+            dispatcherElement.appendChild(this._elem);
+            var qrcode = new QRious({
+              element: this._elem,
+              foreground: "#168CA9",
+              level: "M",
+              size: 280,
+              value: appLink
+            });
+        }
+    },
+
+    hide: function() {
+        // hide the element which was shown
+        if (this._elem != null) {
+            this._elem.style.display = "none";
+        }
+    }
+};
+
+function onboardUser(appLink) {
+    Element.show(appLink);
+    console.log('Starting Authentication Cloud status polling...');
+    Status.startPolling(statusToken, (st, done) => {
+        if (st.status === 'succeeded') {
+            console.log('Authentication Cloud onboarding done.');
+            submitStatus('succeeded')
+        }
+        else if (st.status === 'failed') {
+            // failed: The transaction failed, either by timeout or because the user did not accept.
+            console.warn('Authentication Cloud onboarding failed. User abort or timeout.');
+            submitStatus('failed')
+        }
+        else if (st.status === 'unknown') {
+            console.error('Authentication Cloud onboarding failed. Unknown status.');
+            submitStatus('unknown')
+        }
+    });
+}
+
+function init() {
+
+    const form = document.getElementById('authcloud_onboard');
+
+    baseURL = form.url.value;
+    statusToken = form.statusToken.value;
+
+    infoElement = document.getElementById('authcloud_info');
+    errorElement = document.getElementById('authcloud_error');
+
+    dispatcherElement = document.getElementById('authcloud_dispatch');
+
+    const appLink = form.appLink.value;
+    onboardUser(appLink);
+}
+
+window.onload = function() {
+  init();
+};

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/base64.js

@@ -0,0 +1,87 @@
+/*
+ * Base64URL-ArrayBuffer
+ * https://github.com/herrjemand/Base64URL-ArrayBuffer
+ *
+ * Copyright (c) 2017 Yuriy Ackermann <ackermann.yuriy@gmail.com>
+ * Copyright (c) 2012 Niklas von Hertzen
+ * Licensed under the MIT license.
+ *
+ */
+(function() {
+    "use strict";
+
+    var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+
+    // Use a lookup table to find the index.
+    var lookup = new Uint8Array(256);
+    for (var i = 0; i < chars.length; i++) {
+        lookup[chars.charCodeAt(i)] = i;
+    }
+
+    var encode = function(arraybuffer) {
+        var bytes = new Uint8Array(arraybuffer),
+        i, len = bytes.length, base64 = "";
+
+        for (i = 0; i < len; i+=3) {
+            base64 += chars[bytes[i] >> 2];
+            base64 += chars[((bytes[i] & 3) << 4) | (bytes[i + 1] >> 4)];
+            base64 += chars[((bytes[i + 1] & 15) << 2) | (bytes[i + 2] >> 6)];
+            base64 += chars[bytes[i + 2] & 63];
+        }
+
+        if ((len % 3) === 2) {
+            base64 = base64.substring(0, base64.length - 1);
+        } else if (len % 3 === 1) {
+            base64 = base64.substring(0, base64.length - 2);
+        }
+
+        return base64;
+    };
+
+    var decode = function(base64) {
+        var bufferLength = base64.length * 0.75,
+        len = base64.length, i, p = 0,
+        encoded1, encoded2, encoded3, encoded4;
+
+        var arraybuffer = new ArrayBuffer(bufferLength),
+        bytes = new Uint8Array(arraybuffer);
+
+        for (i = 0; i < len; i+=4) {
+            encoded1 = lookup[base64.charCodeAt(i)];
+            encoded2 = lookup[base64.charCodeAt(i+1)];
+            encoded3 = lookup[base64.charCodeAt(i+2)];
+            encoded4 = lookup[base64.charCodeAt(i+3)];
+
+            bytes[p++] = (encoded1 << 2) | (encoded2 >> 4);
+            bytes[p++] = ((encoded2 & 15) << 4) | (encoded3 >> 2);
+            bytes[p++] = ((encoded3 & 3) << 6) | (encoded4 & 63);
+        }
+
+        return arraybuffer;
+    };
+
+     /**
+     * Exporting and stuff
+     */
+    if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') {
+        module.exports = {
+            'encode': encode,
+            'decode': decode
+        }
+
+    } else {
+        if (typeof define === 'function' && define.amd) {
+            define([], function() {
+                return {
+                    'encode': encode,
+                    'decode': decode
+                }
+            });
+        } else {
+            window.base64url = {
+                'encode': encode,
+                'decode': decode
+            }
+        }
+    }
+})();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/default.css

@@ -0,0 +1,222 @@
+/********************************************************
+ * Layout
+ ********************************************************/
+
+html { /* magic to position footer */
+	position: relative;
+	min-height: 100%;
+}
+
+body {
+	margin-bottom: 76px; /* == footer height */
+}
+
+.container, .container-fluid {
+ 	padding-left: 36px;
+	padding-right: 36px;
+}
+
+nav {
+	min-height: 100px;
+	padding: 36px;
+}
+
+header {
+	margin-bottom: 16px; /* h1.logintitle adds 20px => 36px */
+}
+
+.container {
+ 	min-width: 260px;
+ 	max-width: 700px;
+}
+
+h1 {
+	margin-bottom: 50px;
+}
+
+footer {
+	width: 100%;
+	position: absolute;
+	bottom: 0;
+	padding: 0 36px;
+}
+
+img {
+	width: 100%;
+}
+
+/********************************************************
+ * Header
+ ********************************************************/
+
+header .logo {
+	/* width: 20%;*/
+	/*max-width: 600px;*/
+	max-height: 150px;
+	width: auto;
+}
+
+/********************************************************
+ * Dropdown
+ ********************************************************/
+a.dropdown-toggle {
+	text-decoration: none;
+}
+
+a.dropdown-toggle:hover {
+	color: #168CA9;
+	border-bottom: 3px solid #168CA9;
+}
+
+.dropdown-menu {
+	padding: 5px 0;
+}
+
+.dropdown-menu li > a {
+	padding: 6px 28px;
+}
+
+.dropdown-menu a > .prefix {
+	display: inline-block;
+	min-width: 22px;
+	margin-right: 28px;
+	text-align: right;
+}
+
+/********************************************************
+ * Form
+ ********************************************************/
+
+/* Labels should not be bold */
+label {
+	font-weight: normal;
+}
+
+/* Make error messages bold */
+.has-error .help-block {
+	font-weight: bold;
+}
+
+/* Change button size, by default 116px in width */
+.btn {
+	min-width: 116px;
+	padding: 3px 12px;
+}
+
+/* Disable gradient in buttons, ughhhh */
+.btn.btn-primary {
+	border-color: transparent;
+	background-image: none;
+	text-shadow: none;
+	box-shadow: none;
+	-webkit-box-shadow: none;
+}
+
+.help-block a, .help-block a:visited {
+	color: #168CA9;
+  font-weight: bold;
+  text-decoration: none;
+}
+
+.help-block a:hover {
+	color: #168CA9;
+  text-decoration: underline;
+}
+
+/********************************************************
+ * Footer
+ ********************************************************/
+footer .row {
+	margin: 36px 0 0 0;
+	height: 40px;
+	padding-top: 14px;
+	line-height: 26px; /* to center text: height - padding-top = 26px */
+	border-top: 1px solid #168CA9;
+}
+
+footer .row > div { /* Fix alignment between border + text on Bootstrap grid */
+	padding: 0;
+}
+
+footer .logo-round-container {
+	position: relative;
+}
+
+footer .logo-round {
+	position: absolute;
+	left: 0;
+	right: 0;
+	top: -33px; /* found visually with Chrome Dev Tools */
+	height: 36px;
+	width: 36px;
+	border: 1px solid #00868c;
+	border-radius: 18px;
+	background: #fff;
+	padding: 8px;
+}
+
+footer .logo-round > img {
+	display: block;
+}
+
+#dispatchTargets {
+	margin-top: 20px;
+}
+
+/********************************************************
+ * Social login
+ ********************************************************/
+.btn.line {
+    background-color: transparent;
+    display: block;
+    width: 100%;
+    padding: 0;
+    margin: 1.5em 0 1em;
+    border: 0.5px solid #ccc;
+    pointer-events: none;
+}
+
+.btn.socialLogin {
+    background-color: #fff;
+    border: thin solid #ccc;
+    color: #000;
+    font-weight: 600;
+    position: relative;
+    margin: 5px;
+    min-width: 140px;
+    width: 210px;
+    border-radius: 8px;
+    padding: 8px 12px;
+    text-align: left;
+}
+
+.socialLogin img {
+    width: 1.5em;
+    height: 108%;
+    margin-right: 0.5em;
+}
+
+.btn.apple img {
+    width: 1.2em;
+}
+
+/********************************************************
+ * Show password
+ ********************************************************/
+.icon-inside {
+  position: relative;
+}
+
+.icon-inside input {
+  padding-right: calc(0.75rem + 1.25rem + 0.75rem);
+}
+
+.icon-inside button {
+  position: absolute;
+  right: 0;
+  top: 0;
+  margin-top: 0.45rem;
+  margin-right: 0.45rem;
+  background: #FFFFFF;
+  border: #FFFFFF;
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/dropdown.js

@@ -0,0 +1,36 @@
+(function() {
+  var closeDropdownTimeout;
+
+  function closeDropdown(event) {
+    var dropdowns = document.querySelectorAll('.dropdown');
+    for (var i = 0; i < dropdowns.length; i++) {
+      var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
+      if (dropdownMenu.style.display !== 'none' && !dropdowns[i].contains(event.target)) {
+        dropdownMenu.style.display = 'none';
+      }
+    }
+
+    // remove event listener till we have a new dropdown menu open
+    if (document.querySelector('.dropdown-menu:not([style*="display: none"])') === null) {
+      document.removeEventListener('click', closeDropdown);
+    }
+  }
+
+  var dropdowns = document.querySelectorAll('.dropdown');
+  for (var i = 0; i < dropdowns.length; i++) {
+    var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
+    dropdownMenu.style.display = 'none'; // ensure menu is initially hidden
+
+    dropdowns[i].addEventListener('click', function(e) {
+      // show dropdown menu
+      var dropdownMenu = this.querySelector('.dropdown-menu');
+      dropdownMenu.style.display = 'block';
+
+      // handle clicking away
+      clearTimeout(closeDropdownTimeout);
+      closeDropdownTimeout = setTimeout(function() {
+        document.addEventListener('click', closeDropdown);
+      }, 10);
+    });
+  }
+}());

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/e2eenc.js

@@ -0,0 +1,98 @@
+var e2eenc = function() {
+
+	this.encryptForm = function(algoString, formId) {
+		// TODO: in case of an error we should return false, to prevent the for to be submitted
+		//       or replace the fields with dummy values, just to prevent the the transmission
+		//       of unencrypted values
+		
+
+		// create the array of input fields to encrypt (needs to be done before setting the form
+		// invisible
+		var fieldsToEncrypt = new Array();
+		$.each($("form input:visible"), function(index, _inputField) { fieldsToEncrypt.push($(_inputField));});
+
+		// hide the form, and display the splash screen
+		$('#loginform').css('display','none');
+		$('#e2eeSplashScreen').css('display','block');
+
+		// encryption logic
+		var pubKey = $("input[name='e2eenc.publicKey']").val();
+
+		var kemSessionKey = readPublicKeyAndGenerateSessionKey(pubKey)
+		var iv = forge.random.getBytesSync(16);
+		keyB64 = forge.util.encode64(kemSessionKey.key);
+		encapsulationB64 = forge.util.encode64(kemSessionKey.encapsulation);
+		ivB64 = forge.util.encode64(iv);
+
+		//console.log("Encrypting form " + formId + " (" + algoString + ")");
+		var fields = "";
+		$.each(fieldsToEncrypt, function(index, _inputField) {
+			var inputField = $(_inputField);
+			if (inputField.attr("type") == "text" || inputField.attr("type") == "password") {
+				//console.log("Encrypting field " + JSON.stringify(inputField));
+				var plainValue = inputField.val();
+
+				var encryptedValueB64 = encrypt(kemSessionKey, iv, plainValue);
+				//console.log("Setting encrypted value in b64: " + encryptedValueB64);
+				inputField.val(encryptedValueB64);
+				if (fields.length > 0) {
+					fields = fields + ","
+				}
+				fields = fields + inputField.attr("name");
+			}
+		});
+		$("input[name='e2eenc.iv']").val(ivB64);
+		$("input[name='e2eenc.encapsulation']").val(encapsulationB64);
+		$("input[name='e2eenc.fields']").val(fields);
+	}
+
+	function getRSApublicKey(pem) {
+	    //console.log("PEM: " + pem);
+
+	    var msg = forge.pem.decode(pem)[0];
+
+	    //console.log("msg type: " + msg.type);
+
+	    if(msg.procType && msg.procType.type === 'ENCRYPTED') {
+		throw new Error('Could not retrieve RSA public key from PEM; PEM is encrypted.');
+	    }
+
+	    // convert DER to ASN.1 object
+	    var asn1obj = forge.asn1.fromDer(msg.body);
+	    //console.log("ASN.1 obj: " + JSON.stringify(asn1obj))
+
+	    var pubKey = forge.pki.publicKeyFromAsn1(asn1obj)
+	    //console.log("PubKey: " + JSON.stringify(pubKey))
+	    return pubKey;
+	}
+
+	function generateKEMSessionKey(rsaPublicKey) {
+	    // generate key-derivation-function and initializes it with sha1
+	    var kdf1 = new forge.kem.kdf1(forge.md.sha1.create());
+	    // creates a KEM function based on the key-derivation-function created above
+	    var kem = forge.kem.rsa.create(kdf1);
+	    // generate and encapsulate a 16-byte secret key. 
+	    // The secret key is generated using the kdf defined above.
+	    var kemSessionKey = kem.encrypt(rsaPublicKey, 16);
+	    // kemSessionKey has 'encapsulation' (= pub key) and 'key' (= generated secret key)
+	    return kemSessionKey;
+	}
+
+	function readPublicKeyAndGenerateSessionKey(pem) {
+	    var rsaPublicKey = getRSApublicKey(pem);
+	    //console.log("PubKey: " + JSON.stringify(rsaPublicKey))
+	    var kemSessionKey = generateKEMSessionKey(rsaPublicKey);
+	    //console.log("KEM session key: " + JSON.stringify(kemSessionKey))
+	    return kemSessionKey;
+	}
+
+	function encrypt(kemSessionKey, iv, msg) {
+		var cipher = forge.cipher.createCipher('AES-CBC', kemSessionKey.key);
+		cipher.start({iv: iv});
+		cipher.update(forge.util.createBuffer(msg, 'utf-8'));
+		cipher.finish();
+		var encrypted = cipher.output.getBytes();
+		encryptedB64 = forge.util.encode64(encrypted);
+		return encryptedB64;
+	}
+};

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/eye-off.svg

@@ -0,0 +1,3 @@
+<svg width="22" height="20" viewBox="0 0 22 20" fill="none" xmlns="http://www.w3.org/2000/svg">
+    <path d="M2 1L5.58916 4.58916M20 19L16.4112 15.4112M12.8749 16.8246C12.2677 16.9398 11.6411 17 11.0005 17C6.52281 17 2.73251 14.0571 1.45825 9.99997C1.80515 8.8955 2.33851 7.87361 3.02143 6.97118M8.87868 7.87868C9.42157 7.33579 10.1716 7 11 7C12.6569 7 14 8.34315 14 10C14 10.8284 13.6642 11.5784 13.1213 12.1213M8.87868 7.87868L13.1213 12.1213M8.87868 7.87868L5.58916 4.58916M13.1213 12.1213L5.58916 4.58916M13.1213 12.1213L16.4112 15.4112M5.58916 4.58916C7.14898 3.58354 9.00656 3 11.0004 3C15.4781 3 19.2684 5.94291 20.5426 10C19.8357 12.2507 18.3545 14.1585 16.4112 15.4112" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/eye.svg

@@ -0,0 +1,4 @@
+<svg width="22" height="16" viewBox="0 0 22 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+    <path d="M14 8C14 9.65685 12.6569 11 11 11C9.34315 11 8 9.65685 8 8C8 6.34315 9.34315 5 11 5C12.6569 5 14 6.34315 14 8Z" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+    <path d="M1.45825 7.99997C2.73253 3.94288 6.52281 1 11.0004 1C15.4781 1 19.2684 3.94291 20.5426 8.00004C19.2684 12.0571 15.4781 15 11.0005 15C6.52281 15 2.73251 12.0571 1.45825 7.99997Z" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/fido2_auth.js

@@ -0,0 +1,61 @@
+(function() {
+  'use strict'
+
+  async function assertion(options) {
+    let credential;
+    try {
+      credential = await navigator.credentials.get({ "publicKey": options });
+    }
+    // Cancel and timeout can occur besides error
+    catch (error) {
+      console.error(`Failed to get WebAuthn credential: ${error}`);
+      throw error;
+    }
+    // as this is the last call we have to do a top-level request instead of AJAX
+    const form = document.createElement("form");
+    form.method = "POST";
+    form.style.display = "none";
+    addInput(form, "path", "/nevisfido/fido2/assertion/result")
+    addInput(form, "id", credential.id);
+    addInput(form, "type", credential.type);
+    addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON));
+    addInput(form, "response.authenticatorData", base64url.encode(credential.response.authenticatorData));
+    addInput(form, "response.signature", base64url.encode(credential.response.signature));
+    document.body.appendChild(form);
+    form.submit();
+  }
+
+  function authenticate() {
+    // WebAuthn feature detection
+    if (!isWebAuthnSupportedByTheBrowser()) {
+      cancelFido2();
+      return;
+    };
+
+    const request = {};
+    request.path = "/nevisfido/fido2/attestation/options";
+
+    // calling nevisFIDO through nevisAuth on current URL using AJAX
+    fetch("", {
+      method: "POST",
+      headers: {
+        'Content-Type': 'application/json'
+      },
+      body: JSON.stringify(request)
+    })
+    .then(res => res.json())
+    .then(options => {
+      options.challenge = base64url.decode(options.challenge);
+      options.allowCredentials = options.allowCredentials.map((c) => {
+        c.id = base64url.decode(c.id);
+        return c;
+      });
+      return assertion(options);
+    }).catch((error) => {
+      console.error(`Error during FIDO2 authentication: ${error}`);
+      cancelFido2();
+    });
+  }
+
+  authenticate();
+})();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/fido2_auth_std.js

@@ -0,0 +1,175 @@
+(function() {
+    'use strict'
+
+    async function authenticate(username, params) {
+
+        try {
+            const { authenticationOptionsEndpoint, authenticationEndpoint, statusServiceEndpoint, userVerification, originalResource, nevisAuthEndpoint } = params;
+            const { startAuthentication } = SimpleWebAuthnBrowser;
+
+            // fetch authentication options from nevisFIDO and save the returned fido2SessionId for later use
+            const authOptRespJson = await getAuthenticationOptions(username, userVerification, nevisAuthEndpoint);
+            const fido2SessionId = authOptRespJson.fido2SessionId;
+
+            // do the client side authentication using the SimpleWebAuthn JS library
+            const authRespJson = await startAuthentication(authOptRespJson);
+
+            // in case the authentication response does not contain a userHandle (e.g. virtual authenticators used in system tests)
+            // then we have to obtain it (in our case it is the IDM extId) using the Status Service since at the moment nevisFIDO always expects it
+            if (!authRespJson.response.userHandle) {
+                const statusRespJson = await getFido2SessionStatus(fido2SessionId, statusServiceEndpoint);
+
+                if (statusRespJson && statusRespJson.userId) {
+                    console.log("adding userHandle: " + statusRespJson.userId);
+                    authRespJson.response.userHandle = btoa(statusRespJson.userId); // add missing userHandle
+                }
+                else {
+                   throw new Error('userHandle is missing and could not determine it using the status service');
+                }
+            }
+            else {
+                console.log("userHandle already set: " + authRespJson.response.userHandle);
+            }
+
+            // send the assertion response created by the authenticator to nevisFIDO
+            const serverRespJson = await submitAssertion(authRespJson, authenticationEndpoint);
+
+            // checking the server response of nevisFIDO
+            if ((!serverRespJson) || (serverRespJson && serverRespJson.status !== 'ok')) {
+                let errorMessage = (serverRespJson && serverRespJson.errorMessage) ? serverRespJson.errorMessage : 'unexpected error';
+                throw new Error('authentication failed: ' + errorMessage);
+            }
+
+            // send a request to nevisAuth with the fido2SessionId in the header to trigger the synchronisation of the
+            // nevisFIDO and nevisAuth sessions (FIDO2 AuthState -> SyncFido2SessionStatusHandler) to reach AUTH_DONE
+            await updateNevisAuth(fido2SessionId, nevisAuthEndpoint);
+
+            console.log('authentication was successful');
+
+            console.log('reloading page...');
+            window.location.reload();
+        }
+        catch (error) {
+            console.error(`Error during FIDO2 authentication: ${error}`);
+            cancelFido2();
+        }
+    };
+
+    async function getAuthenticationOptions(username, userVerification, authenticationOptionsEndpoint) {
+
+        const authOptReqJson = {
+            'username': username,
+            'userVerification': userVerification,
+        };
+
+        const authOptReq = JSON.stringify(authOptReqJson);
+        console.log('authOptReq ==> ' + authOptReq);
+
+        const authOptResp = await fetch(authenticationOptionsEndpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            body: authOptReq,
+        });
+
+        if (!authOptResp.ok) {
+            throw new Error('authOptResp error: HTTP ' + authOptResp.status + ' ' + authOptResp.statusText);
+        }
+
+        const authOptRespJson = await authOptResp.json()
+        console.log('authOptResp <== ' + JSON.stringify(authOptRespJson));
+
+        return authOptRespJson;
+    };
+
+    async function getFido2SessionStatus(fido2SessionId, statusServiceEndpoint) {
+
+        const statusReqJson = {
+            'fido2SessionId': fido2SessionId,
+        };
+
+        const statusReq = JSON.stringify(statusReqJson);
+        console.log('statusReq ==> ' + statusReq);
+
+        const statusResp = await fetch(statusServiceEndpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            body: statusReq,
+        });
+
+        if (!statusResp.ok) {
+            throw new Error('statusResp error: HTTP ' + statusResp.status + ' ' + statusResp.statusText);
+        }
+
+        const statusRespJson = await statusResp.json();
+        console.log('statusResp <== ' + JSON.stringify(statusRespJson));
+
+        return statusRespJson;
+    }
+
+    async function submitAssertion(authRespJson, authenticationEndpoint) {
+
+        console.log("submitting assertion for userHandle: " + authRespJson.response.userHandle);
+
+        // TODO koenig 20230504: read btoa once nevisFIDO is adapted
+        let encodedAuthResp = {
+            "id": authRespJson.id,
+            "response": {
+                "authenticatorData": authRespJson.response.authenticatorData,
+                "signature": authRespJson.response.signature,
+                "userHandle": authRespJson.response.userHandle,
+                "clientDataJSON": authRespJson.response.clientDataJSON
+            },
+            "type": authRespJson.type
+        }
+
+        const authResp = JSON.stringify(encodedAuthResp);
+        console.log('authResp ==> ' + authResp);
+
+        const serverResp = await fetch(authenticationEndpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            body: authResp,
+        });
+
+        if (!serverResp.ok) {
+            throw new Error('submitAssertion error: HTTP ' + submitAssertion.status + ' ' + submitAssertion.statusText);
+        }
+
+        const serverRespJson = await serverResp.json();
+        console.log('serverResp <== ' + JSON.stringify(serverRespJson));
+
+        return serverRespJson;
+    };
+
+    async function updateNevisAuth(fido2SessionId, nevisAuthEndpoint) {
+
+        console.log('updateNevisAuth ==> ' + fido2SessionId);
+
+        const updateNevisAuthResponse = await fetch(nevisAuthEndpoint, {
+            method: 'GET',
+            credentials: 'same-origin',
+            headers: {
+                'nevis-fido2-session-id': fido2SessionId,
+            }
+        });
+
+        if (!updateNevisAuthResponse.ok) {
+            throw new Error('updateNevisAuthResponse error: HTTP ' + updateNevisAuthResponse.status + ' ' + updateNevisAuthResponse.statusText);
+        }
+
+        console.log('updateNevisAuth <== OK');
+
+        return;
+    };
+
+    // TODO koenig 20230206: we don't generate IDs into the HTML yet
+    let username = document.getElementsByName("username")[0].value;
+    params.nevisAuthEndpoint = window.location.href;
+    authenticate(username, params);
+})();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/fido2_onboard.js

@@ -0,0 +1,70 @@
+function dispatch(name) {
+  // we have to do a top-level request instead of AJAX
+  const form = document.createElement("form");
+  form.method = "POST";
+  form.style.display = "none";
+  addInput(form, name, "true");
+  document.body.appendChild(form);
+  form.submit();
+}
+
+async function attestation(options) {
+  let credential;
+  try {
+    credential = await navigator.credentials.create({ "publicKey": options });
+  }
+  // cancel and timeout can occur besides error
+  catch (error) {
+    console.error(`Failed to create WebAuthn credential: ${error}`);
+    throw error;
+  }
+  // as this is the last call we have to do a top-level request instead of AJAX
+  const form = document.createElement("form");
+  form.method = "POST";
+  form.style.display = "none";
+  addInput(form, "path", "/nevisfido/fido2/attestation/result")
+  addInput(form, "id", credential.id);
+  addInput(form, "type", credential.type);
+  addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON));
+  addInput(form, "response.attestationObject", base64url.encode(credential.response.attestationObject));
+  document.body.appendChild(form);
+  form.submit();
+}
+
+function start() {
+
+  if (!isWebAuthnSupportedByTheBrowser()) {
+    dispatch("unsupported");
+    return;
+  };
+
+  const request = {};
+  request.path = "/nevisfido/fido2/attestation/options";
+
+  // calling nevisFIDO through nevisAuth on current URL using AJAX
+  fetch("", {
+    method: "POST",
+    headers: {
+      'Content-Type': 'application/json'
+    },
+    body: JSON.stringify(request)
+  })
+  .then(res => res.json())
+  .then(options => {
+    options.user.id = base64url.decode(options.user.id);
+    options.challenge = base64url.decode(options.challenge);
+    if (options.excludeCredentials != null) {
+      options.excludeCredentials = options.excludeCredentials.map((c) => {
+        c.id = base64url.decode(c.id);
+        return c;
+      });
+    }
+    if (options.authenticatorSelection.authenticatorAttachment === null) {
+      options.authenticatorSelection.authenticatorAttachment = undefined;
+    }
+    return attestation(options);
+  }).catch((error) => {
+    console.log('Error during FIDO2 onboarding: ' + error);
+    dispatch("failed");
+  });
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/fido2_utils.js

@@ -0,0 +1,40 @@
+function addInput(form, name, value) {
+    const input = document.createElement("input");
+    input.name = name;
+    input.value = value;
+    form.appendChild(input);
+}
+
+/**
+ * Checks whether WebAuthn is supported by the browser or not.
+ * @return true if supported, false if it is not supported or not in secure context
+ */
+function isWebAuthnSupportedByTheBrowser() {
+  if (window.isSecureContext) {
+    // This feature is available only in secure contexts in some or all supporting browsers.
+    if ('credentials' in navigator) {
+      return true;
+    }
+    console.warn('Oh no! This browser does not support WebAuthn.');
+    return false;
+  }
+  console.warn('WebAuthn feature is available only in secure contexts. For testing over HTTP, you can use the origin "localhost".');
+  return false;
+}
+
+/**
+ * Trigger on cancel pattern of the FIDO2 authentication step.
+ * 
+ * Provides an alternative when the user decides to 
+ * cancel the fido2 credential operation(create or fetch) or
+ * the operation fails and the error cannot be handled.
+ */
+function cancelFido2() {
+  // we have to do a top-level request instead of AJAX
+  const form = document.createElement("form");
+  form.method = "POST";
+  form.style.display = "none";
+  addInput(form, "cancel_fido2", "true");
+  document.body.appendChild(form);
+  form.submit();
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/icons/apple/black.svg

@@ -0,0 +1 @@
+<svg width="842" height="1e3" xmlns="http://www.w3.org/2000/svg"><path d="M702 960c-54.2 52.6-114 44.4-171 19.6-60.6-25.3-116-26.9-180 0-79.7 34.4-122 24.4-170-19.6-271-279-231-704 77-720 74.7 4 127 41.3 171 44.4 65.4-13.3 128-51.4 198-46.4 84.1 6.8 147 40 189 99.7-173 104-132 332 26.9 396-31.8 83.5-72.6 166-141 227zM423 237C414.9 113 515.4 11 631 1c15.9 143-130 250-208 236z"/></svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/icons/microsoft/microsoft.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" aria-label="Microsoft" role="img" viewBox="0 0 512 512"><rect width="512" height="512" rx="15%" fill="#fff"/><path d="M75 75v171h171v-171z" fill="#f25022"/><path d="M266 75v171h171v-171z" fill="#7fba00"/><path d="M75 266v171h171v-171z" fill="#00a4ef"/><path d="M266 266v171h171v-171z" fill="#ffb900"/></svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/loading.svg

@@ -0,0 +1,31 @@
+<svg width="38" height="38" viewBox="0 0 38 38" xmlns="http://www.w3.org/2000/svg">
+    <defs>
+        <linearGradient x1="8.042%" y1="0%" x2="65.682%" y2="23.865%" id="a">
+            <stop stop-color="#168CA9" stop-opacity="0" offset="0%"/>
+            <stop stop-color="#168CA9" stop-opacity=".631" offset="63.146%"/>
+            <stop stop-color="#168CA9" offset="100%"/>
+        </linearGradient>
+    </defs>
+    <g fill="none" fill-rule="evenodd">
+        <g transform="translate(1 1)">
+            <path d="M36 18c0-9.94-8.06-18-18-18" id="Oval-2" stroke="url(#a)" stroke-width="2">
+                <animateTransform
+                    attributeName="transform"
+                    type="rotate"
+                    from="0 18 18"
+                    to="360 18 18"
+                    dur="0.9s"
+                    repeatCount="indefinite" />
+            </path>
+            <circle fill="#fff" cx="36" cy="18" r="1">
+                <animateTransform
+                    attributeName="transform"
+                    type="rotate"
+                    from="0 18 18"
+                    to="360 18 18"
+                    dur="0.9s"
+                    repeatCount="indefinite" />
+            </circle>
+        </g>
+    </g>
+</svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/mauth_link_qr.js

@@ -0,0 +1,142 @@
+(function () {
+
+    function createForm() {
+        const form = document.createElement("form");
+        form.method = "POST";
+        form.style.display = "none";
+        return form;
+    }
+
+    function addInput(form, name, value) {
+        const input = document.createElement("input");
+        input.name = name;
+        input.value = value;
+        form.appendChild(input);
+    }
+
+    let statusPolling;
+
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
+    function dispatchLink() {
+
+        document.getElementById("mauth_started").style.display = "block"; // show
+
+    	const request = {};
+
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
+            method: "POST",
+            headers: {
+                'Content-Type': 'application/json'
+            },
+            body: JSON.stringify(request)
+        }).then(res => {
+            res.json().then(o => {
+                // example response: {"dispatchResult":"..."}
+                if (o.dispatchResult == 'dispatched') {
+                    // example response: {..., "dispatcherInformation":{..., "response":"admin4testing://authenticate?dispatchTokenResponse=ey..."}}
+                    var link = o.dispatcherInformation.response;
+                    console.log("received link: " + link);
+                    var linkElem = document.getElementById("mauth_link");
+                    linkElem.href = link; // custom scheme link does not work in Android 13
+                    const isMobile = !!/(iPhone|iPad|Android)/.test(window.navigator.userAgent);
+                    if (isMobile) {
+                        document.getElementById("mauth_link_parent").style.display = "inline"; // show
+                    }
+                    var url = new URL(link);
+                    var dispatchTokenResponse = url.searchParams.get("dispatchTokenResponse");
+                    // render QR code
+                    var qrCodeElem = document.getElementById("mauth_qrcode");
+                    var qrcode = new QRious({
+                      element: qrCodeElem,
+                      foreground: "#168CA9",
+                      level: "M",
+                      size: 256,
+                      value: link
+                    });
+                    var sessionId = o.sessionId;
+                    console.log("started polling for session ID: " + sessionId);
+                    poll(sessionId);
+                }
+                else {
+                    console.log("authentication failed: " + o.dispatchResult);
+                    const form = createForm();
+                    document.body.appendChild(form);
+                    form.submit();
+                }
+            });
+        }).catch((err) => console.error("error: ", err));
+    }
+
+    function poll(sessionId) {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
+
+        isPolling = true;
+
+        const request = { fidoUafSessionId: sessionId };
+
+        const fetchRequest = fetch("", {
+            method: "POST",
+            headers: {
+                'Content-Type': 'application/json'
+            },
+            body: JSON.stringify(request)
+        });
+
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
+                var status = o.status;
+                console.log("status: " + status);
+
+                if (status == 'clientAuthenticating') {
+                    // show process icon
+                    document.getElementById("mauth_loading").style.display = 'block';
+                    // hide QR-code and information
+                    document.getElementById("mauth_qrcode").style.display = 'none';
+                    document.getElementById("mauth_qrcode_info").style.display = 'none';
+                }
+                if (status == 'succeeded') {
+                    clearInterval(statusPolling);
+                    // as this is the last call we have to do a top-level request instead of AJAX
+                    const form = createForm();
+                    addInput(form, "continue", "true"); // required for custom dispatching in usernameless
+                    document.body.appendChild(form);
+                    form.submit();
+                } else if (status == 'failed' || status == 'unknown') {
+                    clearInterval(statusPolling);
+                    console.error("authentication failed with status: " + status);
+                    // as this is the last call we have to do a top-level request instead of AJAX
+                    const form = createForm();
+                    addInput(form, "fidoUafSessionId", sessionId);
+                    document.body.appendChild(form);
+                    form.submit();
+                }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
+            });
+    }
+
+    dispatchLink();
+})();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/mauth_onboard.js

@@ -0,0 +1,128 @@
+(function () {
+
+    function createForm() {
+        const form = document.createElement("form");
+        form.method = "POST";
+        form.style.display = "none";
+        return form;
+    }
+
+    function addInput(form, name, value) {
+        const input = document.createElement("input");
+        input.name = name;
+        input.value = value;
+        form.appendChild(input);
+    }
+
+    let statusPolling;
+
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
+    function renderEnrollment() {
+
+        // link is provided by a hidden GuiElem
+        var link = document.getElementsByName("mauth_dispatcher_link")[0].value;
+        console.log("received dispatcher link: " + link);
+
+        const isMobile = !!/(iPhone|iPad|Android)/.test(window.navigator.userAgent);
+        if (isMobile) {
+            var linkElem = document.getElementById("mauth_link");
+            linkElem.href = link;
+            document.getElementById("mauth_link_parent").style.display = "inline"; // show
+        }
+
+        var url = new URL(link);
+        var dispatchTokenResponse = url.searchParams.get("dispatchTokenResponse");
+
+        // render QR code into mauth_qrcode element
+        var qrCodeElem = document.getElementById("mauth_qrcode");
+        var qrcode = new QRious({
+          element: qrCodeElem,
+          foreground: "#168CA9",
+          level: "M",
+          size: 256,
+          value: link
+        });
+
+        // show entire element
+        document.getElementById("mauth_started").style.display = "block";
+
+        console.log("scheduling status polling (2s interval)");
+        statusPolling = window.setInterval(function () {
+            poll();
+        }, 2000);
+    }
+
+    function poll() {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
+
+        isPolling = true;
+
+        // state is held on backend side
+        const request = {};
+
+        const fetchRequest = fetch("", {
+            method: "POST",
+            headers: {
+                'Content-Type': 'application/json'
+            },
+            body: JSON.stringify(request)
+        });
+
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
+                var status = o.status;
+                console.log("status: " + status);
+
+                if (status == 'clientRegistering') {
+                    // show process icon
+                    document.getElementById("mauth_loading").style.display = 'block';
+
+                    // hide QR-code and information
+                    document.getElementById("mauth_qrcode").style.display = 'none';
+                    document.getElementById("mauth_qrcode_info").style.display = 'none';
+                } else if (status == 'succeeded') {
+                    clearInterval(statusPolling);
+                    console.log("onboarding successful");
+
+                    // as this is the last call we have to do a top-level request instead of AJAX
+                    const form = createForm();
+                    document.body.appendChild(form);
+                    form.submit();
+                } else if (status == 'failed' || status == 'unknown') {
+                    clearInterval(statusPolling);
+                    console.error("onboarding failed with status: " + status);
+
+                    // as this is the last call we have to do a top-level request instead of AJAX
+                    const form = createForm();
+                    document.body.appendChild(form);
+                    form.submit();
+                }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(), POLLING_INTERVAL);
+            });
+    }
+
+    renderEnrollment();
+})();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Dimilar/webdata/resources/mauth_push_qr.js

@@ -0,0 +1,193 @@
+(function () {
+
+    function createForm() {
+        const form = document.createElement("form");
+        form.method = "POST";
+        form.style.display = "none";
+        return form;
+    }
+
+    function addInput(form, name, value) {
+        const input = document.createElement("input");
+        input.name = name;
+        input.value = value;
+        form.appendChild(input);
+    }
+
+    let statusPolling;
+
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
+    function dispatch(id) {
+
+        document.getElementById("mauth_devices").style.display = "none"; // hide selection menu
+        document.getElementById("mauth_started").style.display = "block"; // show
+
+    	const request = {};
+	    request.dispatchTargetId = id;
+	    request.dispatcher = "firebase-cloud-messaging";
+
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
+            method: "POST",
+            headers: {
+                'Content-Type': 'application/json'
+            },
+            body: JSON.stringify(request)
+        }).then(res => {
+            res.json().then(o => {
+                console.log("dispatch response: " + JSON.stringify(o));
+                // example response: {"dispatchResult":"..."}
+                if (o.dispatchResult == 'dispatched') {
+                    // example response: {"token":"...","sessionId":"...","dispatchResult":"dispatched","dispatcherInformation":{"name":"firebase-cloud-messaging","response":"..."}}
+                    console.log("push dispatching successful");
+                    // set numbers for number matching
+                    if (o.channelLinking) {
+                        document.getElementById('mauth_match_numbers').innerHTML = o.channelLinking.content;
+                    }
+                    // preparing content for QR-code
+                    var token = o.token;
+                    console.log("found token: " + token);
+                    // hidden GuiElem
+                    var redeemUrl = document.querySelector('input[name=redeem_url]').value;
+                    console.log("found redeem URL: " + redeemUrl);
+                    let qrCodeContents = {
+                      nma_data_version: "1",
+                      nma_data_content_type: "application/json",
+                      nma_data: {
+                        token: token,
+                        redeem_url: redeemUrl
+                      }
+                    };
+                    var qrCodeValue = window.btoa(JSON.stringify(qrCodeContents));
+                    // render QR code
+                    var qrCodeElem = document.getElementById("mauth_qrcode");
+                    console.log("rendering QR code");
+                    var qrcode = new QRious({
+                      element: qrCodeElem,
+                      foreground: "#168CA9",
+                      level: "M",
+                      size: 256,
+                      value: qrCodeValue
+                    });
+                    var sessionId = o.sessionId;
+                    console.log("started polling for session ID: " + sessionId);
+                    poll(sessionId);
+                }
+                else {
+                    console.log("authentication failed: " + o.dispatchResult);
+                    const form = createForm();
+                    document.body.appendChild(form);
+                    form.submit();
+                }
+            });
+        }).catch((err) => console.error("error: ", err));
+    }
+
+    function renderDeviceList() {
+
+        const request = {};
+
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
+            method: "POST",
+            headers: {
+                'Content-Type': 'application/json'
+            },
+            body: JSON.stringify(request)
+        }).then(res => {
+            res.json().then(o => {
+                // example response: {"dispatchTargets":[{"id":"40a41ac7-0189-4c0b-8db9-cafcaa3e3f11","name":"Android Google Pixel 4 23.11.2022 07:26:25"}]}
+                var devices = o.dispatchTargets;
+                if (devices.length > 1) {
+                    console.log("multiple devices found, selection menu required.");
+                    let list = document.getElementById("mauth_devices");
+                    for (let i = 0; i < devices.length; i++) {
+                        let device = devices[i];
+                        var item = document.createElement("li");
+                        item.class = "list-group-item list-group-item-action";
+                        item.onclick = function() { dispatch(device.id) };
+                        item.innerHTML += device.name;
+                        list.appendChild(item);
+                    }
+                    list.style.display = "block"; // show selection menu
+                }
+                else if (devices.length == 1) {
+                    console.log("user has only 1 device, no selection required.");
+                    dispatch(devices[0].id);
+                }
+                else {
+                    console.error("user has no device.");
+                    // TODO koenig 20221124: design this case
+                }
+            });
+        }).catch((err) => console.error("error: ", err));
+    }
+
+    function poll(sessionId) {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
+        isPolling = true;
+
+        const request = { fidoUafSessionId: sessionId };
+
+        const fetchRequest = fetch("", {
+            method: "POST",
+            headers: {
+                'Content-Type': 'application/json'
+            },
+            body: JSON.stringify(request)
+        });
+
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
+                var status = o.status;
+                console.log("status: " + status);
+
+                if (status == 'clientAuthenticating') {
+                    document.getElementById("mauth_qrcode").style.display = 'none';
+                    document.getElementById("mauth_qrcode_info").style.display = 'none';
+                    document.getElementById("mauth_match_numbers").style.display = 'block';
+                    document.getElementById("mauth_loading").style.display = 'block';
+                }
+
+                if (status == 'succeeded') {
+                    clearInterval(statusPolling);
+                    const form = createForm();
+                    document.body.appendChild(form);
+                    form.submit();
+                } else if (status == 'failed' || status == 'unknown') {
+                    clearInterval(statusPolling);
+                    console.error("authentication failed with status: " + status);
+                    const form = createForm();
+                    addInput(form, "fidoUafSessionId", sessionId);
+                    document.body.appendChild(form);
+                    form.submit();
+                }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
+            });
+    }
+
+    renderDeviceList();
+})();