From 15910a05e8f1cb01bfd35274a54a04b65e4311a4 Mon Sep 17 00:00:00 2001
From: haburger <haburger>
Date: Wed, 28 Aug 2024 11:09:39 +0000
Subject: [PATCH] new configuration version

---
 .../k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml |   4 +-
 ...ls-client-ke-d00b0dcbe241793d30daf91c.yaml |  18 ++
 ...ls-trust-sto-d00b0dcbe241793d30daf91c.yaml |  14 ++
 .../opt/nevisauth/default/conf/esauth4.xml    | 104 ++++++--
 .../ob-realm-accessapp-registration.groovy    | 169 +++++++++++++
 ...-trust-store-d990accd4fedae1acbc7109d.yaml |  14 ++
 ...-ob-fido-uaf-d990accd4fedae1acbc7109d.yaml |  61 +++++
 ...client-trust-d990accd4fedae1acbc7109d.yaml |  12 +
 ...ver-identity-d990accd4fedae1acbc7109d.yaml |  18 ++
 ...signer-trust-d990accd4fedae1acbc7109d.yaml |  12 +
 .../etc/nevis/nevisfido_default.yml           |  18 ++
 .../keys/own/nevisfido-techuser-key/cert.pem  |  18 ++
 .../keys/own/nevisfido-techuser-key/key.pem   |  30 +++
 .../keys/own/nevisfido-techuser-key/keypass   |   2 +
 .../own/nevisfido-techuser-key/keystore.jks   | Bin 0 -> 2100 bytes
 .../own/nevisfido-techuser-key/keystore.p12   | Bin 0 -> 2578 bytes
 .../own/nevisfido-techuser-key/keystore.pem   |  49 ++++
 .../var/opt/nevisfido/default/conf/env.conf   |  10 +
 .../opt/nevisfido/default/conf/logging.yml    |  21 ++
 .../default/conf/metadata/metadata.json       | 231 ++++++++++++++++++
 .../opt/nevisfido/default/conf/nevisfido.yml  | 104 ++++++++
 .../nevisfido/default/conf/otel.properties    |   4 +
 .../default/conf/policy/biometrics_only.json  |  24 ++
 .../default/conf/policy/default.json          |  44 ++++
 .../default/conf/policy/pin_only.json         |  14 ++
 .../var/opt/nevisfido/default/conf/status.py  |  47 ++++
 .../var/opt/nevisfido/default/log/.empty      |   0
 .../var/opt/nevisfido/default/tmp/.empty      |   0
 ...k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml |   2 +-
 .../WEB-INF/web.xml                           |  41 ++++
 30 files changed, 1067 insertions(+), 18 deletions(-)
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-ob-realm-accessapp-registration-nevisfido-tls-client-ke-d00b0dcbe241793d30daf91c.yaml
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-ob-realm-accessapp-registration-nevisfido-tls-trust-sto-d00b0dcbe241793d30daf91c.yaml
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/var/opt/nevisauth/default/conf/ob-realm-accessapp-registration.groovy
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-agov-work-internal-trust-store-d990accd4fedae1acbc7109d.yaml
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-d990accd4fedae1acbc7109d.yaml
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-client-trust-d990accd4fedae1acbc7109d.yaml
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-server-identity-d990accd4fedae1acbc7109d.yaml
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-signer-trust-d990accd4fedae1acbc7109d.yaml
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/nevisfido_default.yml
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/cert.pem
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/key.pem
 create mode 100755 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/keypass
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/keystore.jks
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/keystore.p12
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/keystore.pem
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/env.conf
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/logging.yml
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/otel.properties
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/policy/biometrics_only.json
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/policy/default.json
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/policy/pin_only.json
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/status.py
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/log/.empty
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/tmp/.empty

diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml
index 3c3b9cc..6860ff6 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml
@@ -45,13 +45,15 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-6c7464eb8d6ece1e29939bf3c8d50b1c424a0b45"
+    tag: "r-4d495f8f73f00597da5fbe633d85d96ac04db24e"
     dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth"
     credentials: "git-credentials"
   keystores:
   - "ob-auth-default-identity"
+  - "ob-auth-ob-realm-accessapp-registration-nevisfido-tls-client-ke"
   truststores:
   - "ob-auth-agov-work-internal-trust-store"
+  - "ob-auth-ob-realm-accessapp-registration-nevisfido-tls-trust-sto"
   - "ob-auth-default-tls-client-trust"
   podSecurity:
     policy: "baseline"
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-ob-realm-accessapp-registration-nevisfido-tls-client-ke-d00b0dcbe241793d30daf91c.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-ob-realm-accessapp-registration-nevisfido-tls-client-ke-d00b0dcbe241793d30daf91c.yaml
new file mode 100644
index 0000000..25d27da
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-ob-realm-accessapp-registration-nevisfido-tls-client-ke-d00b0dcbe241793d30daf91c.yaml
@@ -0,0 +1,18 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisKeyStore"
+metadata:
+  name: "ob-auth-ob-realm-accessapp-registration-nevisfido-tls-client-ke"
+  namespace: "adn-agov-nevisidm-ob-01-uat"
+  labels:
+    deploymentTarget: "ob-auth"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
+    patternId: "d00b0dcbe241793d30daf91c"
+spec:
+  cn: "ob-auth"
+  usage: "<reserved for future use>"
+  san:
+    dns:
+    - "ob-auth"
+    - "ob-auth.adn-agov-nevisidm-ob-01-uat"
+    email: []
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-ob-realm-accessapp-registration-nevisfido-tls-trust-sto-d00b0dcbe241793d30daf91c.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-ob-realm-accessapp-registration-nevisfido-tls-trust-sto-d00b0dcbe241793d30daf91c.yaml
new file mode 100644
index 0000000..7e624c0
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-ob-realm-accessapp-registration-nevisfido-tls-trust-sto-d00b0dcbe241793d30daf91c.yaml
@@ -0,0 +1,14 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisTrustStore"
+metadata:
+  name: "ob-auth-ob-realm-accessapp-registration-nevisfido-tls-trust-sto"
+  namespace: "adn-agov-nevisidm-ob-01-uat"
+  labels:
+    deploymentTarget: "ob-auth"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
+    patternId: "d00b0dcbe241793d30daf91c"
+spec:
+  keystores:
+  - name: "ob-fido-uaf-default-server-identity"
+    namespace: "adn-agov-nevisidm-ob-01-uat"
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/var/opt/nevisauth/default/conf/esauth4.xml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/var/opt/nevisauth/default/conf/esauth4.xml
index ca0a551..c147a6b 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/var/opt/nevisauth/default/conf/esauth4.xml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/var/opt/nevisauth/default/conf/esauth4.xml
@@ -35,11 +35,21 @@
             <!-- source: pattern://d00b0dcbe241793d30daf91c -->
             <KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/ob-auth-signer/cert.pem" privateKey="/var/opt/keys/own/ob-auth-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/ob-auth-signer/keypass"/>
         </KeyStore>
+        <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+        <KeyStore name="ob-realm-accessapp-registration-nevisfido-tls-trust-store">
+            <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+            <KeyObject name="ob-realm-accessapp-registration-nevisfido-tls-certificate" certificate="/var/opt/keys/trust/ob-auth-ob-realm-accessapp-registration-nevisfido-tls-trust-sto/truststore.jks" passPhrase="pipe:///var/opt/keys/trust/ob-auth-ob-realm-accessapp-registration-nevisfido-tls-trust-sto/keypass"/>
+        </KeyStore>
+        <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+        <KeyStore name="ob-realm-accessapp-registration-nevisfido-tls-client-key-store">
+            <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+            <KeyObject name="ob-realm-accessapp-registration-nevisfido-tls-client-key-object" certificate="/var/opt/keys/own/ob-auth-ob-realm-accessapp-registration-nevisfido-tls-client-ke/cert.pem" privateKey="/var/opt/keys/own/ob-auth-ob-realm-accessapp-registration-nevisfido-tls-client-ke/keystore.jks" passPhrase="pipe:///var/opt/keys/own/ob-auth-ob-realm-accessapp-registration-nevisfido-tls-client-ke/keypass"/>
+        </KeyStore>
     </SessionCoordinator>
     <!-- source: pattern://d00b0dcbe241793d30daf91c -->
     <LocalOutOfContextDataStore reaperPeriod="60"/>
-    <!-- source: pattern://6e7b5a087711bd0ada9985fe, pattern://d00b0dcbe241793d30daf91c, pattern://e1784eecf2db74484dd1e1bb, pattern://d00b0dcbe241793d30daf91c -->
-    <AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/opt/nevisidmcl/nevisauth/lib:/opt/nevisauth/plugin" propagateSession="false">
+    <!-- source: pattern://6e7b5a087711bd0ada9985fe, pattern://d00b0dcbe241793d30daf91c, pattern://e1784eecf2db74484dd1e1bb, pattern://25bdd7e6f5b76694f6688ab8, pattern://d00b0dcbe241793d30daf91c -->
+    <AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/opt/nevisidmcl/nevisauth/lib:/opt/nevisfidocl/nevisauth/lib:/opt/nevisauth/plugin" propagateSession="false">
         <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
         <Domain name="ob-realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
             <Entry method="authenticate" state="ob-realm_ob-realm-idm-pwd-login"/>
@@ -88,11 +98,11 @@
         </AuthState>
         <AuthState name="ob-realm_ob-realm-idm-pwd-login-IdmPostProcessing" class="ch.nevis.idm.authstate.IdmGetPropertiesState" final="false">
             <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
-            <ResultCond name="SOAP:showGui" next="ob-realm_ob-realm-fido2-registration"/>
+            <ResultCond name="SOAP:showGui" next="ob-realm_ob-realm-dispatch-cred-type"/>
             <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
-            <ResultCond name="default" next="ob-realm_ob-realm-fido2-registration"/>
+            <ResultCond name="default" next="ob-realm_ob-realm-dispatch-cred-type"/>
             <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
-            <ResultCond name="ok" next="ob-realm_ob-realm-fido2-registration" startOver="true"/>
+            <ResultCond name="ok" next="ob-realm_ob-realm-dispatch-cred-type" startOver="true"/>
             <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
             <ResultCond name="showGui" next="ob-realm_ob-realm-idm-pwd-login-IdmPostProcessing"/>
             <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
@@ -202,6 +212,56 @@
             <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
             <property name="admin.service.connection.0" value="https://idm.adn-agov-nevisidm-01-uat:8989/nevisidm/services/v1/AdminService"/>
         </AuthState>
+        <AuthState name="ob-realm_ob-realm-dispatch-cred-type" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true" resumeState="true">
+            <!-- source: pattern://5f192f6e91687b30b5868750 -->
+            <ResultCond name="accessapp" next="ob-realm_ob-realm-accessapp-registration"/>
+            <!-- source: pattern://5f192f6e91687b30b5868750 -->
+            <ResultCond name="default" next="ob-realm_ob-realm-dispatch-cred-type"/>
+            <!-- source: pattern://5f192f6e91687b30b5868750 -->
+            <ResultCond name="fido2" next="ob-realm_ob-realm-fido2-registration"/>
+            <!-- source: pattern://5f192f6e91687b30b5868750 -->
+            <Response value="AUTH_CONTINUE">
+                <!-- source: pattern://5f192f6e91687b30b5868750 -->
+                <Gui name="ChooseCredType" label="Choose Credential Type">
+                    <!-- source: pattern://5f192f6e91687b30b5868750 -->
+                    <GuiElem name="infotext" type="info" label="Choose the type of credential to register"/>
+                    <!-- source: pattern://5f192f6e91687b30b5868750 -->
+                    <GuiElem name="fido2" type="button" label="FIDO2 Key" value="fido2"/>
+                    <!-- source: pattern://5f192f6e91687b30b5868750 -->
+                    <GuiElem name="accessapp" type="button" label="AGOV access App" value="accessapp"/>
+                </Gui>
+            </Response>
+        </AuthState>
+        <AuthState name="ob-realm_ob-realm-accessapp-registration" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
+            <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+            <ResultCond name="failed" next="ob-realm_Authentication_Failed"/>
+            <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+            <ResultCond name="fallback" next="ob-realm_ob-realm-idm-pwd-login"/>
+            <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+            <ResultCond name="ok" next="ob-realm_Prepare_Done"/>
+            <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+            <Response value="AUTH_CONTINUE">
+                <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+                <Gui name="mauth_onboard">
+                    <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+                    <GuiElem name="fallback" type="button" label="mobile_auth.cancel.button.label" value="true" optional="true"/>
+                    <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+                    <GuiElem name="mauth_dispatcher_link" type="hidden" value="${sess:mauth_dispatcher_link}" optional="true"/>
+                </Gui>
+            </Response>
+            <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+            <property name="parameter.username" value="#{session['ch.adnovum.nevisidm.user.extId'] != null ? session['ch.adnovum.nevisidm.user.extId'] : session['ch.nevis.idm.User.extId'] != null ? session['ch.nevis.idm.User.extId'] : request.getUserId() != null ? request.getUserId() : notes['userid']}"/>
+            <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+            <property name="parameter.httpclient.authorization.basic.sectoken.userId" value="#{session['ch.adnovum.nevisidm.user.extId'] != null ? session['ch.adnovum.nevisidm.user.extId'] : session['ch.nevis.idm.User.extId'] != null ? session['ch.nevis.idm.User.extId'] : request.getUserId() != null ? request.getUserId() : notes['userid']}"/>
+            <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+            <property name="parameter.httpclient.authorization.basic.sectoken.profileId" value="${sess:ch.adnovum.nevisidm.profileId}"/>
+            <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+            <property name="parameter.httpclient.authorization.basic.sectoken.roles" value="unused"/>
+            <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+            <property name="parameter.fidoUrl" value="https://ob-fido-uaf:9443/nevisfido"/>
+            <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+            <property name="script" value="file:///var/opt/nevisauth/default/conf/ob-realm-accessapp-registration.groovy"/>
+        </AuthState>
         <AuthState name="ob-realm_ob-realm-fido2-registration" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
             <!-- source: pattern://3d382e0cf987535b6fa989b4 -->
             <ResultCond name="cancel" next="ob-realm_ob-realm-idm-pwd-login"/>
@@ -248,6 +308,29 @@
             <!-- source: pattern://3d382e0cf987535b6fa989b4 -->
             <property name="script" value="file:///var/opt/nevisauth/default/conf/ob-realm-fido2-registration.groovy"/>
         </AuthState>
+        <AuthState name="ob-realm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
+            <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+                <Gui name="Error">
+                    <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+                    <GuiElem name="info" type="error" label="error_99"/>
+                    <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+                    <GuiElem name="submit" type="button" label="continue.button.label"/>
+                </Gui>
+            </Response>
+        </AuthState>
+        <AuthState name="ob-realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
+            <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+            <ResultCond name="default" next="ob-realm_Auth_Done"/>
+            <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+            <Response value="AUTH_DONE">
+                <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+                <Gui name="ContinueResponse"/>
+            </Response>
+            <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+            <property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
+        </AuthState>
         <AuthState name="ob-realm_ob-realm-fido2-registration_Failed" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true">
             <!-- source: pattern://3d382e0cf987535b6fa989b4 -->
             <ResultCond name="default:${inargs:cancel-bottom:^.+$:true}" next="ob-realm_ob-realm-idm-pwd-login"/>
@@ -278,17 +361,6 @@
                 </Gui>
             </Response>
         </AuthState>
-        <AuthState name="ob-realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
-            <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
-            <ResultCond name="default" next="ob-realm_Auth_Done"/>
-            <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
-            <Response value="AUTH_DONE">
-                <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
-                <Gui name="ContinueResponse"/>
-            </Response>
-            <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
-            <property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
-        </AuthState>
         <AuthState name="ob-realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
             <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
             <Response value="AUTH_DONE">
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/var/opt/nevisauth/default/conf/ob-realm-accessapp-registration.groovy b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/var/opt/nevisauth/default/conf/ob-realm-accessapp-registration.groovy
new file mode 100644
index 0000000..36336bc
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/var/opt/nevisauth/default/conf/ob-realm-accessapp-registration.groovy
@@ -0,0 +1,169 @@
+import groovy.json.JsonSlurper
+import groovy.json.JsonOutput
+
+import ch.nevis.esauth.auth.engine.AuthUtil
+import ch.nevis.esauth.util.httpclient.configuration.HttpClientConfiguration
+
+/**
+ *
+ * Initiate the registration process with a `POST /nevisfido/token/dispatch/registration` to nevisFIDO.
+ *
+ * @param username - required
+ * @param policy - default policy is used when null
+ */
+void dispatchRegistration(HttpClient httpClient, String baseUrl, String username, String policy) {
+
+    LOG.debug(" ==> Starting out-of-band mobile onboarding for username '{}'.", username)
+
+    String context = '{"username":"' + username + '", "policy":"' + (policy ?: 'default') + '"}'
+
+    def jsonBody = JsonOutput.toJson([
+        dispatcher: 'link',
+        getUafRequest: [
+            op: 'Reg',
+            context: context
+        ]
+    ])
+
+    LOG.debug("JSON body: {}", jsonBody)
+
+    def fidoRequest = Http.post().url(baseUrl + "/token/dispatch/registration")
+        .header('Accept', 'application/json; charset=utf-8')
+        .header('Content-Type', 'application/json; charset=utf-8')
+        .entity(Http.entity().content(jsonBody).build())
+        .build()
+
+    def fidoResponse = fidoRequest.send(httpClient)
+
+    def responseCode = fidoResponse.code()
+    if (responseCode != 200) {
+        LOG.error('<== Failed to enroll user with username: ' + username + '. Response: ' + responseCode + ": " + fidoResponse.bodyAsString())
+        response.setResult('failed')
+        return
+    }
+
+    def json = new JsonSlurper().parseText(fidoResponse.bodyAsString())
+    LOG.debug('JSON response: {}', json)
+
+    if (json.dispatchResult != 'dispatched') {
+        LOG.error('<== Failed to enroll user with username: ' + username + '. Response: ' + responseCode + ": " + fidoResponse.bodyAsString())
+        response.setResult('failed')
+        return
+    }
+
+    String dispatcherLink = json.dispatcherInformation.response
+    String sessionId = json.sessionId
+
+    // store dispatcher information and session ID as session variables
+    // to handle page refresh and status polling
+
+    // the session variable is rendered as a hidden field
+    // and picked up by the mauth_onboard.js to render a link / QR code
+    session.put('mauth_dispatcher_link', dispatcherLink)
+
+    // the session ID is used to handle status polling
+    session.put('mauth_session_id', sessionId)
+}
+
+/**
+ *
+ * Check registration status by sending a `POST /nevisfido/status` to nevisFIDO.
+ *
+ * @param sessionId - required
+ */
+void checkRegistrationStatus(HttpClient httpClient, String baseUrl, String sessionId) {
+
+    LOG.debug(" ==> Checking out-of-band mobile registration status for session '{}'.", sessionId)
+
+    def jsonBody = JsonOutput.toJson([
+        sessionId: sessionId
+    ])
+
+    def fidoRequest = Http.post().url(baseUrl + "/status")
+        .header('Accept', 'application/json; charset=utf-8')
+        .header('Content-Type', 'application/json; charset=utf-8')
+        .entity(Http.entity().content(jsonBody).build())
+        .build()
+
+    def fidoResponse = fidoRequest.send(httpClient)
+
+    def responseCode = fidoResponse.code()
+    if (responseCode == 200) {
+
+        def json = new JsonSlurper().parseText(fidoResponse.bodyAsString())
+        LOG.debug('JSON response: {}', json)
+
+        String status = json.status
+        LOG.debug('status: {}', status)
+
+        def inctx = request.getLoginContext()
+
+        def contentType = request.getHttpHeader('Content-Type')
+        LOG.debug("incoming request has Content-Type: {}", contentType)
+
+        if (contentType ==~ /.*json.*/) {
+            LOG.debug("detected AJAX call")
+
+            // responding AJAX call from JS and returning only the status (nothing else)
+            def statusJson = JsonOutput.toJson([
+                status: status
+            ])
+
+            response.setContent(statusJson)
+            response.setContentType('application/json')
+            response.setHttpStatusCode(200)
+            response.setIsDirectResponse(true)
+        }
+        else {
+            // this is a form POST and thus we have to check if we have to continue
+            if (status == 'succeeded') {
+                response.setResult('ok')
+                return
+            }
+        }
+    }
+    else {
+        LOG.error('<== Failed to check status for session ' + sessionId + '. Response: ' + responseCode + ": " + fidoResponse.bodyAsString())
+        response.setResult('failed')
+    }
+}
+
+// convert parameters to Properties
+Properties properties = new Properties()
+for (Map.Entry<String, String> entry : parameters.entrySet()) {
+    properties.setProperty(entry.getKey(), entry.getValue())
+}
+
+def httpClientConfig = HttpClientConfiguration.from(properties, request, response)
+
+// we cannot use a cached HTTP client here as the parameters contain expressions that depend on the request
+def httpClient = HttpClients.create(httpClientConfig)
+
+def baseUrl = parameters.get('fidoUrl')
+
+if (session.containsKey('mauth_session_id')) {
+
+    def sessionId = session['mauth_session_id']
+
+    // mauth_onboard.js sends empty AJAX calls to check for completion.
+    // we have to check the status by sending a `POST /nevisfido/status` to nevisFIDO respond to the AJAX call.
+    checkRegistrationStatus(httpClient, baseUrl, sessionId)
+}
+else {
+    def usernameSource = parameters.get('username')
+    if (usernameSource == null || usernameSource.isBlank()) {
+        LOG.error('out-of-band mobile onboarding failed. no expression to determine username.')
+        response.setResult('failed')
+        return
+    }
+
+    def username = AuthUtil.substituteVariables(request, response, usernameSource)
+    if (username == null || username.isBlank()) {
+        LOG.error('out-of-band mobile onboarding failed. missing username.')
+        response.setResult('failed')
+        return
+    }
+
+    def policy = parameters.get('policy')
+    dispatchRegistration(httpClient, baseUrl, username, policy)
+}
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-agov-work-internal-trust-store-d990accd4fedae1acbc7109d.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-agov-work-internal-trust-store-d990accd4fedae1acbc7109d.yaml
new file mode 100644
index 0000000..cb08012
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-agov-work-internal-trust-store-d990accd4fedae1acbc7109d.yaml
@@ -0,0 +1,14 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisTrustStore"
+metadata:
+  name: "ob-fido-uaf-agov-work-internal-trust-store"
+  namespace: "adn-agov-nevisidm-ob-01-uat"
+  labels:
+    deploymentTarget: "ob-fido-uaf"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
+    patternId: "d990accd4fedae1acbc7109d"
+spec:
+  keystores: []
+  extraCerts:
+  - "-----BEGIN CERTIFICATE-----\nMIIBcTCCARagAwIBAgIQWRl1eifIt8yohQYzh6yr/jAKBggqhkjOPQQDAjAYMRYw\nFAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTIzMDYyODE0MzI0MFoXDTQzMDYyODE0\nMzI0MFowGDEWMBQGA1UEAxMNc2VsZnNpZ25lZC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABEwcjsIhSyyh0i9zP1G7ReOkFt/djzlGoUtSd5v3ZEk5QoZYjfl9\n04HdaZzrmveB2aRppbXgW7//s2Ma8wTd5uejQjBAMA4GA1UdDwEB/wQEAwICpDAP\nBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT7YRoWIjHwkvFicwvk0Tx/yA4uUTAK\nBggqhkjOPQQDAgNJADBGAiEAgyg9t0qgb+czuscs07pNGI+12BedrD+y71psIlqx\nt2UCIQC/85UXyjYI9zg7Mg7rROTbGNCU3Jq/KIC3VzbbD+68VA==\n-----END CERTIFICATE-----\n"
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-d990accd4fedae1acbc7109d.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-d990accd4fedae1acbc7109d.yaml
new file mode 100644
index 0000000..c120de9
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-d990accd4fedae1acbc7109d.yaml
@@ -0,0 +1,61 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisComponent"
+metadata:
+  name: "ob-fido-uaf"
+  namespace: "adn-agov-nevisidm-ob-01-uat"
+  labels:
+    deploymentTarget: "ob-fido-uaf"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
+    patternId: "d990accd4fedae1acbc7109d"
+spec:
+  type: "NevisFIDO"
+  replicas: 1
+  version: "8.2405.0"
+  gitInitVersion: "1.3.0"
+  runAsNonRoot: true
+  ports:
+    rest: 9443
+    management: 9089
+  resources:
+    limits:
+      cpu: "1000m"
+      memory: "1000Mi"
+    requests:
+      cpu: "100m"
+      memory: "700Mi"
+  livenessProbe:
+    management:
+      httpGet:
+        path: "/nevisfido/liveness"
+      periodSeconds: 5
+      timeoutSeconds: 6
+  readinessProbe:
+    management:
+      httpGet:
+        path: "/nevisfido/health"
+      periodSeconds: 5
+      timeoutSeconds: 6
+  startupProbe:
+    management:
+      httpGet:
+        path: "/nevisfido/health"
+      periodSeconds: 5
+      timeoutSeconds: 6
+      failureThreshold: 50
+  podDisruptionBudget:
+    maxUnavailable: "50%"
+  git:
+    tag: "r-4d495f8f73f00597da5fbe633d85d96ac04db24e"
+    dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf"
+    credentials: "git-credentials"
+  keystores:
+  - "ob-fido-uaf-default-server-identity"
+  truststores:
+  - "ob-fido-uaf-agov-work-internal-trust-store"
+  - "ob-fido-uaf-default-signer-trust"
+  - "ob-fido-uaf-default-client-trust"
+  podSecurity:
+    policy: "baseline"
+    automountServiceAccountToken: false
+  timeZone: "Europe/Zurich"
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-client-trust-d990accd4fedae1acbc7109d.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-client-trust-d990accd4fedae1acbc7109d.yaml
new file mode 100644
index 0000000..f1c04b1
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-client-trust-d990accd4fedae1acbc7109d.yaml
@@ -0,0 +1,12 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisTrustStore"
+metadata:
+  name: "ob-fido-uaf-default-client-trust"
+  namespace: "adn-agov-nevisidm-ob-01-uat"
+  labels:
+    deploymentTarget: "ob-fido-uaf"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
+    patternId: "d990accd4fedae1acbc7109d"
+spec:
+  keystores: []
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-server-identity-d990accd4fedae1acbc7109d.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-server-identity-d990accd4fedae1acbc7109d.yaml
new file mode 100644
index 0000000..d32df3d
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-server-identity-d990accd4fedae1acbc7109d.yaml
@@ -0,0 +1,18 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisKeyStore"
+metadata:
+  name: "ob-fido-uaf-default-server-identity"
+  namespace: "adn-agov-nevisidm-ob-01-uat"
+  labels:
+    deploymentTarget: "ob-fido-uaf"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
+    patternId: "d990accd4fedae1acbc7109d"
+spec:
+  cn: "ob-fido-uaf"
+  usage: "<reserved for future use>"
+  san:
+    dns:
+    - "ob-fido-uaf"
+    - "ob-fido-uaf.adn-agov-nevisidm-ob-01-uat"
+    email: []
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-signer-trust-d990accd4fedae1acbc7109d.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-signer-trust-d990accd4fedae1acbc7109d.yaml
new file mode 100644
index 0000000..3457a5f
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-signer-trust-d990accd4fedae1acbc7109d.yaml
@@ -0,0 +1,12 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisTrustStore"
+metadata:
+  name: "ob-fido-uaf-default-signer-trust"
+  namespace: "adn-agov-nevisidm-ob-01-uat"
+  labels:
+    deploymentTarget: "ob-fido-uaf"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
+    patternId: "d990accd4fedae1acbc7109d"
+spec:
+  keystores: []
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/nevisfido_default.yml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/nevisfido_default.yml
new file mode 100644
index 0000000..48830f2
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/nevisfido_default.yml
@@ -0,0 +1,18 @@
+schemaVersion: 1.0
+instance:
+  type: "nevisfido"
+  name: "default"
+  directory: "/var/opt/nevisfido/default"
+  pid: "systemctl show nevisfido@default -p MainPID | cut -d '=' -f2"
+  source:
+    url: "/nevisadmin/#/projects/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/patterns/d990accd4fedae1acbc7109d"
+    projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
+    patternId: "d990accd4fedae1acbc7109d"
+    patternClass: "ch.nevis.admin.v4.plugin.nevisfido.deployable.patterns.NevisFIDODeployable"
+  resources:
+    ports:
+    - "0.0.0.0:9443"
+  control:
+    start: "systemctl restart nevisfido@default"
+    stop: "systemctl stop nevisfido@default"
+    status: "systemctl status nevisfido@default"
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/cert.pem b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/cert.pem
new file mode 100644
index 0000000..0d07b2a
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAo+gAwIBAgIQfcfd9dgdKT/5gdDbpAiKlDAKBggqhkjOPQQDAjAYMRYw
+FAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI0MDUwNTE1NTAzOFoXDTI1MDUwNTE1
+NTAzOFowWDELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT
+MQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzERMA8GA1UEAxMIZmlkby11YWYw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWcQPIzUN2zbPkB3yISIGw
+mDAd285YKm/ZLbE4WWw2SIHhjfh0XoYZ6QvLMENWcC8/iOX/6g6upQnYegzZKlST
+Lix0zJjEbtMlK8fITiPhwziWPSOeqtuW66Rj+13G6kKYVtZ8vviu73LBDkXKHSNi
+g4knNgACJpIItiDhOmtmD3Wsb8JAIQ161m7D3i2jr/kqBFKLc2DXcCHYSwxBXu3A
+99iqWxoHfprL/L7RfxBo7mKbk+xjRvw6wFHBb76m6hd8fe4yg3g9zZTsZ5KeKqtA
+8NT7CTG26F/MEBEmreU6NcNP62sYBkQiY+K5WweUs5qnDCAUPz+Upu0lX49ZDsvZ
+AgMBAAGjga8wgawwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFPthGhYiMfCS8WJz
+C+TRPH/IDi5RMEwGA1UdEQRFMEOCCGZpZG8tdWFmgiFmaWRvLXVhZi5hZG4tYWdv
+di1uZXZpc2lkbS0wMS11YXSBFG5vcmVwbHlAbG9jYWwuZG9tYWluMAoGCCqGSM49
+BAMCA0gAMEUCIBCueTTUwnN53/dIs6W4FpbFtF/wkAhYjLZGuKgY08ZAAiEA9VFz
+WoaxaINHqGPR10Sh1hqeuCHRzHxnQUt07sZf2DU=
+-----END CERTIFICATE-----
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/key.pem b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/key.pem
new file mode 100644
index 0000000..2637d2f
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/key.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUWtp2pbSNdJCf9jA9
+KTzjbdorVLQCAggAMB0GCWCGSAFlAwQBKgQQb0NJGFGc8MxZaCZ71uYlEASCBND5
+XhsSZKjT6CN02euPCcN5ssgXTfOlHG5hl4KcpNl/K61CH+gNH3rTzzao8utmd5ko
+cWbl6o6nj2IdiU8IlaqI+VIR2nfHaqoGhJHfLbvPu/SItKTFjFTRRKddyKTIjN0o
+eVbHMzt8pHvNKnNK2JmKQ+TqphGTaDIgEEqPRSniE6WHLGuCfG/VdaeRxTZldj9D
+QDR41gC2kgDbsenkZZjhGEJpgM4g3mD7bc0IHMRG1wfSW8qyd+S+XxjYdgMJmffc
+PCMPv3TJ0Xbxfw+BKED9WeSIaXfCFmVprNXhWhMMN8Z7o3WxigVo2oRkHWbhSff4
+hFy4AQgyq8TOE1C2xeAcADEFagCHDdf0cs5LgwytpH5/0oTsm0+pFol6yEa7X1rF
+Eu7NT8zLxXxqUdlCJ1A2AWbi17ER6snst4RfT7cCiI3d6q6IO2dsfuHSs17AHY2m
+1KSfgVwH05o3W58ADUVuoZxtqCS0xMv2mvlTJ7xSb90R4hz5w1JBKjrYqq1Xy1Lr
+pDc9kBEwJKtN9V63veUnHR5tFku9mVTEK6iykYWRNORexNEas5wsiuxrgaXtGN5G
+ouhq9MCe5DI0coQOHM0Bvw1zfQ+wj8RUgrt0290WF0VtHW+zH0qbVHYZ6dKRY5YX
+azzLvyu5AlH9p2MZr/+oZn6lgjmVEYq0UbsUvFoZy65qwi2XqL7FvXIVSVTgr7YY
+hiODL4FBWJEevE+MujfOpOftzivdx1+/cuiQHcbqKlPQLnQXaUKI337u2o8uAEch
+lP3AvI4DVi4m6IC9lo6657r8MqwMGmdEK9PRDPHUf7SP3HGX8fYArwRWILtHrcmc
+/kHhKUkMxHduFb0nYQTVFnlpLEidcv6gYIVsh8Fx5pQWW+HyBD4sJuG7mLMgtmtY
+vk9zayWbq0lw0Bb+E83vk9xtE0tUoFF/Wcl2nBf5PjfCqesGqr9CHElcQGfcINCg
+3llXoeceN868e5DKgtQE6Fp5KukclgeeeX4kPj+UK7x4UGtdGcdghwH6EO7McQX1
+67kyLDcF4p5HnrzEhP2CVcVDHXoeykMCitvHaInwmJQsR209PVa/XxXB8YoMAAV1
+DB3GT024dAxFEl5r1HJm3A7BiFFuvQdUi+recFGKfmSNZ1Pwp2+8DV7UiAYLJ5Wf
+o/aAwUQByITI3fBPvmEAA86FeWwtQ5BG5e+q7imH1ooOzrHQzaqwzQKU+IQCzaDF
+sAqMtSD/hzIRjMKOSAL8bA2SVIXlLUnulWjPwW9zhUTv9yS1q2EsiFUJnOyq7iAI
+fX72qEBvBXLFBdGhotMAXeg1YsXLUxbldqAWuPxpZMQ5S6J7GZZloXSe1Gy/ZZh4
+tKD8qQTS5Rfwiqxxo3kgaB/z0qG99pTB/wWv4fwnv6lFjJRjgyGONRYIGCVCFH2X
+mdV2rTUxtwB1cIr71ksA64O3YkUObyfT8gSbLjPoBDBBPQQ3crbaQdiOjGUE9zUF
+8kp3/mVj/kBCNtlc4dR/lJGuM97h2OpR5sLvb/5TN9C3tcXUyRmDjqJY/eX9ui0D
+pEe6juN9Wy1yZtHauTIK0dqol+DJr56mMdMzBBmDagdr17Q2XK+GKrp5Z9rPbXJv
+8qjMHKVFlbQRMtOY8N/PQenRyl1XmZIPk9HWj+9+6w==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/keypass b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/keypass
new file mode 100755
index 0000000..85ccc28
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/keypass
@@ -0,0 +1,2 @@
+#!/bin/bash
+echo 'Hsk+IJIkp1oGu8i1S+w6p2QMDB+9WFSNjNlSYdUCfA8='
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/keystore.jks b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/keystore.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9641839d465e096b8b277f9d0668390e3abd4462
GIT binary patch
literal 2100
zcmY+Fc{J4PAIE32?~yDKBV-%j(TqfsJ+j6$g^Fe@L)kKxJDD5C7FwoBbA^;GF0zdz
zr(|iwP?3^7M#`RknT-98d(Z9s?jP@SKCkEbJfG(|=lz_|XKP_=0R#d;_yYee=tX}r
zKfZPISl3|?NB{~@VcUSDps1c87zWmb$bi8DAQ%-kH`G0TYt#u#2%57rvW6|H>Z{u>
zcU@@Pd`pSE%juD`ybeys&p$Z(nxo*4Eksse-?lK6*DNw4_3o;;{?y!Cv)XS}bzX;T
zRj9W7YHxTx*KW2`3nCmcjV<konZGn275gm^)p7qkw^g;HRls0%iK1J3cwddP;a=qM
zkH8F0K<*&vgRN$~Q%jklN*?{{(9<KgZGYG|sw!I(+{X&u)Szxex+>Ou9Q&Ua0aKR>
zJ(fS(uj^W_Wtg0^c_yG*X|_&TgE^iRl)MoeG2p_S;?-Gg!}rBjZy}1L^okZMm1i5)
z5N8Tjx?*TgQ=be}*_8>9s)o@<n!<_3S=pf#PakmZAl{{Eg}kV7mqxs>t7nU%4`G~J
z&c79)eI3IWC%9<5QtmV7x``dXwbqbIAP&fG6eFa88=VETejUt^@H)4(v-ax+qJB?N
zNQq-=Zn{{h3^a0$u0w!b-<59HGO?KRS##0t^u!0+A9I6Ql-i<mobE@Qh*ZzC-<#9f
zjb5Uk${)Wsyzp?{`E2#)_VC@jsU!;V(3hA_;>m6n9m!q2JY2%v#UAx+?CpF1{YXNm
z;=A&s_SZj{iJGMvt@~Me@#-e7B{`Lb?ObB)r|=3)#bcOYPJx8qe7*iIsm3Ra1?3lB
z%$XJ5ZL_Y3$=-M7e<~f?5ORV~w%$WmKgYOx_kHnS=A3L9)60FP3;7h}z(^UdIyN&M
zCt7%P21QFrz9Dm=8Rc&r*EynLRvxmY-FlMJqgLzay(oKH8_x(dqeFSAxqAmwU=`Zr
zUb&<bt>M=-o*sfve)zVoZzRo<HG3OY7^8)fI<=ho+odbogIP8#B218Fs2s0YYdVxP
zUWI!eEIC!TM}OMBdpobXLwW0&vmB$d+(fBXaXG~|0-NQ-dR3i(nU69)K$hIXUb`b^
z=3s2VoFm@5|MD3Yt%|y@r~Ic$M|^SqNq5fDN=$VxXk<llY^3zSU6;G4Cr3n*j2=u&
zyv$AB%D$MUvn8v9BX*u996p^VdAm;l?#)48aiYb>T&$P?p;zqO9G80fnOZfqaEH|8
z5*DS@(zVEy*X1kKI7nx{Prt<=9+lN@WU=k;#7&zjDShW=iq^BgAZ!oT_4fp9HkhCA
z+~nMswQ9^*Mcs069Cz~&4JQTqjFyuSAKZG_kI`|a;5rQYTYkQCYIOONwbIHjNAIAv
zvw^Qh)#)9Un8(?377jQ<6FHv^j+s)!b6arg{(&~v$myv~6hU}*JJB(6yTHF4l(!!3
zblv?DG_IMkeNNg{=Pb?Ws^?Tdh4}$uv-}+j=tPVQmLsp0^Xa$^xm&^Pt8*8RLf&oF
zI})w6>G@*b#CdF;I*mV?5O=c%GiiF1MSXsVH#FM}2PZ{KL}f?muN^ll_HJ9a&#l5r
z^zCl<OvV)FCNU1CdAsLWznNSHGQ`N)G{Zd-S@9dm`f>}Ar^N#XhW+AWo;BUY#(4iR
zfZBz#VJqYkUzDBiFIb_f6Z+FG|12Byr!vy%v9ztWjPWDT=(Q^)G&qTEX@A&wQ=x5y
z((_0)aq<mSV}JNT(1B?aMOHZ-$E^m~5VHWI#5sH1h*KJJbI5Bo#}&sOvb~nF*Gw39
zHDeyJZx_;RSY_;j25F|m4Z1vMAwsY4**_V?e14BQ8Y=|PJoQWgM)|uh3V0yU0KX$b
z762+_hOe6spb#(wBK`ZTQSN|>j`?ar&v21&dL|$$D6E@e{{{ntLI4G%JRm0s#lfJm
z5+wiN08$V!)Zfp*7Z0fJkuX95XaJ2wqk)4aUVP-kF9bZ0Vt~lbNkLhNwLMatUzQKT
zvQS48?7t-R9}@i!iTy(|fYd+N3kL-Gg&9QQ0{|)*4oC=!@ZXrSA_3m%=TItG3dCO*
zg;2p@Q2!-p$7}28*UZmCl&kg$)mebb@EZ@^ut9?w6VG5{`-F+>yh!g9#Tl_K!1`3U
zq50LR?ODmnVv&K%;)A*;ZzJ?0yR%+~_G#+9>TuDRXft78H1f)Z8FNLx>*v~Mt+Gz_
zQ<`{{-y&KhZP_Xsgv2y$V-Q4(E?loRVR|t@Dykx^)k0n3a(`&sm_cFHsxHhugLM95
zxcY#jxTW_(^U6Tk86}}B*<Bk=y>Zfki-erp^S;M6Oq<<W!kQk=?xFm?Xq5OH=5^*g
zk)EepZn5-!T?AP_?b9tSqxERY6y4@JcTqvm2JXvwdPXRdnO!2TCTDJ*`EWtg=ccD*
z*B}H627wC`s(^$F{@{b+RHVS*Z5ZE8p?E-Lhc#h4rV8^XqJV%96#OfK0OC8_vODPz
z00ivYAq|)UARjNcj#rY0BbVsk2_&)4y+`6YBoS_a(@ug6%oebw{<4Rv{;yF8ykDpR
zo){Kw5b7TtL<;f?F#wQ!2O|^YLc=2b!-L5d!C}7mV1!>-2tFwE|NkA-9t7Az)TArP
zsQ0ZT@~0JhW^sc&gH`9VL=*P7R)4IaRH3ik0-_G$x{<t6Y627ON_~4j+T`~u<u$1H
jc2kI!j**M)J_G2EFdkdlqjzFqpNmBakM$GX=-~GkJ?NXQ

literal 0
HcmV?d00001

diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/keystore.p12 b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/keystore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..3ca00a3d63bee05025f2176f70af6e98f3f4c067
GIT binary patch
literal 2578
zcma);XEYp&634AA>}ngmL|LNC+D-Hly@$AJBx+cl*sF`WSb|`c=w<bu8&U*`8a+y|
z%N2sG5JZjWH#hIRcXH4B^xlU#bLRJ-nQ!wygTlcWsR2L~4%!NVO5pYJM+^WOKq(Gd
z3&KGwe_|pE2d?=q37iMQfwO;N!q0dFq5IDiJq$oyiUX_vgeoZ4UlU*klnqMZpOPLW
z31W>e;qVR<&&Ez}9*lxqj%jBEqk^faMd8!{0Texi_TL++p<pT$F9hm{*9TyLAb<o2
zu2lPZ8O9nH&uh7=ZDtm84}=3v{Lc7Z*d)YQ>7veIu>fTk`<!XWENV3Mq;(aZQgO4<
zhq>&mOZ5(8tPs2*USLq4kSG`R#I&m2t&Heme4pUp@7ORJa?X7DEzrUsawV*TW0QL<
z#?`KaC!DYv?H<k3Q6Xw@3`61w%F4$JN1(m>-z43R1&I12dc&vT4^m3Er6Yb!*BEJo
z*;3yUyd$6nIDV^nvWTFeQ1Tn&tTy!po}7Z450mYx<NQsYKQnJrtM<|vj$3KF@MHtp
zuoF{yZ-|hKHq^o@CqsT?@%*;6B1kJxSziV@K0BP0uI(I{zk(8)tk~l@XB5_W!EKzo
zA?IF>-OZUkBJRe}YK#oI=>o!4j0~LA()m5DZlNL~axO0wBN6poWfcJ)V=FAVbq5_C
zX$K#}In**u2Gc3I$23KhHm%mf#UF~-6i)Q_iQMbD1HBLUVT@x-lsU6;{CHYZhDc5`
znU(yJK0-Is;jvqE{&pREu5<{s<w^6FISlznaJ)<3xVL5_o2beRWP6IictY<P`7fbd
z6Ud3|$tN|T-SxNEi}mu~`C-}Xn*eOrEL$0>6VnCd>=RDu0&Cj0E{7tr_E`VIi;rhW
z3G@h~(E(gVrrP@H&C&sQ_bXmZcZ(!0d=$D2e5SO)Sz7L&y5Wt{{30~rA4yf8?0at|
zGP5c<V_0NNYIxK8PV%d6C-?I9&u#ceOi->~->y5_fYehb2ntGg#`*=kT2twQ<IfCv
zZ2~bN@JT+?i|<omG2$`(<0}u6vMavG{!ylS+WTYq&-;Gz{s~quymsHPcI&Y?j(VQm
zK(E&?zgG$Awn~C}S21`1qk!JeS0m<pd=2H<c?4(6&oNS5J$ROLBhA;$DVeVLU4FLY
z;?JsY7bHPail8KS3#PCEOvxF+J$9w*4|1P1ueSc9cE8NC%P`Zt4y|vSdOd0GPWAI^
zGgz*q?9SAD{!zAvPUzp`EWT6e51i~F?x*Is**@axBS(}DJ@yNE(o)!I#%05Rc3G_<
zotRt@Hw?t^p8;Z=TS&!B&`2UUMKyE(P}vH92|c0+nN}`YVxm>t(8lnjIjNr7Vsu=b
zCA~nKVScF7vPHg4kpS!2@}2V}%lWrANW5OkCdazhJ{Jnk#GZ3?By|h3J)B1oX{wGL
zOdF)U%K7M~-G;`}cB-BIXkkhc`*C*UG<q9)$s)^XpGv16k%6sp0aEX<{0wFKPQhw<
ziYo=B$+<K`FR3O<;l!<br#3q-8sCmsBB4B!uAI>v-fQ5Lo7}dtatNa@NJ=WPhC)?I
zdk;gclKt_(^z)%Y)73AcU)u&)h#%T|)T5g<)CW_9`{OJ&b=Isk`*6-doKp+IcHdQ<
zwbDMMG_H<oFm>IHE%1I3To$u&s>5}DLw81C)+{s6@NV9qz@_Nf>|B2_p2`n;FZrir
z!iE#E2c?`YmR}3CXkLa?A;vV@<(@E=EOhs!?PDSiA_lZPVea1%u*LqJtj|01q7BQ%
zig^}bANP_+6X%Yc3Lqzen*mnu(l?{c?I@Ww`5AA#Kl=9hz@@_LBOA=ZxQ0OUZ!P+0
z3YYCGY%u2|kL~t&=^g7sNs$PrBNa_+2d7ECuh9>cWOsnux8xRk-)vJls}*=<?HoNk
z*_QIx2GL3=wqJG$Wku8SL8!c_FjS!^#6Oq~%?e_+@bJM1pyjX0$SKIm$;qQ-Wl=cb
z-mfMaNGT4u@)Ipm1E_u`@;?gTe;IW7>_|;v(tTE}@R!I-$=)A8IoRg^$DqIez@`-E
zI`^jYZLPC%+X+YGfR2Dd$)-vMy}(l(`1V{F)VDyqZ51pk82e1Lrzjz@Q2j|)o%4Ye
zlM&-=#IV9>pk*0-p_n^OBfj86akdY97p4iq^@#x2uOIav-}&UuNVn<FCUeNR*+aRV
z|1L0+Doj)bX=7K^&1Tzl07IGu`SDrJbDZSdnGthGZNJM>cs#DS2i4NCzpAZ~wVR1?
zML_jBs|xGV;<lAbPZ}m-uV}LqNqKW58PcLhfveOK!PM%zVAU(r53A;s(4v47=XPQX
zX~SvMGbgB-dC2R&gn@E!f<H&*_EXz2B(DE!$({RO6uFIbFF_R>70yWv6g)4z{QLG}
z_`Y|wI2Ut_h6~ba8tLjyIFvc49*};b9W}q&p;ARQh)aH^`Qj#RZhd$aD6O;vQEYYF
zR0s~;BUzJ7XRRflb{$7`-I}g4Un}wPVG$!YSI<jva}}AeH?Dhza%v_F$~8SjlNs+g
z`yMsXdN0$o+o)UedN+4um&bFF^|%e~mt{_kPA^)nOY7|pli8^_GiurA+QZMy?|G^9
zL%Qrk<6~8>y(U1gJtkKw8V%R|w3ja*C6oZTXWL2^<G%uhU-|~*ABv42m2NJ?aN*&v
z^H?afJ1=XIDPGr492<qkD7u!ucMDev?7~H4eLaA@6#La#x@$!v%e>`+Zcd)U+VMfJ
z%Df_}-$c=pf|DuvLcRmbhzAsh4UgM|U0a2vua@%}q6f`eOCjyEm~{@ouHk;64s6!k
z)?>mCSm@XLe!Q|pl0;`J=)BQpJr(nW&cX1~=%R6X3gY-ix6`KiV;{sw)U2D`WN2NG
zP7pg1Z%+i-H!OhWDiai1oag+5x|R9BK=az}H3X}<e2YDWkgg&T5XWgX)HhQ_LhlaO
z_-&4Dw)T{$hdU`fxM6Ro5ASxB&P|h)39~K@j?SrMe4mo6!^9CqH)YT)@oiW8b&vS7
zXzX8vf>La7_#scl?-qZa9<>GeT2LkKG4J#IW&#*Ian=}<R2wFYE7fLfJF9)n4}p9;
zyr*71#;#nauxjFS@y>33JX{=H-Q|UN)aZLqc1b5ae>m$+>RA~7g(}@B7gc}v<aDXY
z0lxlmBfZ7o#LLb}`Sl+!v>=wRUf5jauFSJat-o%L-0t0r;WTB6RJj`c9A%6`qZoeu
zNz?!^6-c19Wz!;9+Vm(RhWX1v7V}(KpT)2P*1@4tMjRHqXnY04sxf?cO2h^W)&S|D
Qk`Jd|-RN8i{MU*94QW)JQ2+n{

literal 0
HcmV?d00001

diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/keystore.pem b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/keystore.pem
new file mode 100644
index 0000000..0127d82
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/own/nevisfido-techuser-key/keystore.pem
@@ -0,0 +1,49 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUWtp2pbSNdJCf9jA9
+KTzjbdorVLQCAggAMB0GCWCGSAFlAwQBKgQQb0NJGFGc8MxZaCZ71uYlEASCBND5
+XhsSZKjT6CN02euPCcN5ssgXTfOlHG5hl4KcpNl/K61CH+gNH3rTzzao8utmd5ko
+cWbl6o6nj2IdiU8IlaqI+VIR2nfHaqoGhJHfLbvPu/SItKTFjFTRRKddyKTIjN0o
+eVbHMzt8pHvNKnNK2JmKQ+TqphGTaDIgEEqPRSniE6WHLGuCfG/VdaeRxTZldj9D
+QDR41gC2kgDbsenkZZjhGEJpgM4g3mD7bc0IHMRG1wfSW8qyd+S+XxjYdgMJmffc
+PCMPv3TJ0Xbxfw+BKED9WeSIaXfCFmVprNXhWhMMN8Z7o3WxigVo2oRkHWbhSff4
+hFy4AQgyq8TOE1C2xeAcADEFagCHDdf0cs5LgwytpH5/0oTsm0+pFol6yEa7X1rF
+Eu7NT8zLxXxqUdlCJ1A2AWbi17ER6snst4RfT7cCiI3d6q6IO2dsfuHSs17AHY2m
+1KSfgVwH05o3W58ADUVuoZxtqCS0xMv2mvlTJ7xSb90R4hz5w1JBKjrYqq1Xy1Lr
+pDc9kBEwJKtN9V63veUnHR5tFku9mVTEK6iykYWRNORexNEas5wsiuxrgaXtGN5G
+ouhq9MCe5DI0coQOHM0Bvw1zfQ+wj8RUgrt0290WF0VtHW+zH0qbVHYZ6dKRY5YX
+azzLvyu5AlH9p2MZr/+oZn6lgjmVEYq0UbsUvFoZy65qwi2XqL7FvXIVSVTgr7YY
+hiODL4FBWJEevE+MujfOpOftzivdx1+/cuiQHcbqKlPQLnQXaUKI337u2o8uAEch
+lP3AvI4DVi4m6IC9lo6657r8MqwMGmdEK9PRDPHUf7SP3HGX8fYArwRWILtHrcmc
+/kHhKUkMxHduFb0nYQTVFnlpLEidcv6gYIVsh8Fx5pQWW+HyBD4sJuG7mLMgtmtY
+vk9zayWbq0lw0Bb+E83vk9xtE0tUoFF/Wcl2nBf5PjfCqesGqr9CHElcQGfcINCg
+3llXoeceN868e5DKgtQE6Fp5KukclgeeeX4kPj+UK7x4UGtdGcdghwH6EO7McQX1
+67kyLDcF4p5HnrzEhP2CVcVDHXoeykMCitvHaInwmJQsR209PVa/XxXB8YoMAAV1
+DB3GT024dAxFEl5r1HJm3A7BiFFuvQdUi+recFGKfmSNZ1Pwp2+8DV7UiAYLJ5Wf
+o/aAwUQByITI3fBPvmEAA86FeWwtQ5BG5e+q7imH1ooOzrHQzaqwzQKU+IQCzaDF
+sAqMtSD/hzIRjMKOSAL8bA2SVIXlLUnulWjPwW9zhUTv9yS1q2EsiFUJnOyq7iAI
+fX72qEBvBXLFBdGhotMAXeg1YsXLUxbldqAWuPxpZMQ5S6J7GZZloXSe1Gy/ZZh4
+tKD8qQTS5Rfwiqxxo3kgaB/z0qG99pTB/wWv4fwnv6lFjJRjgyGONRYIGCVCFH2X
+mdV2rTUxtwB1cIr71ksA64O3YkUObyfT8gSbLjPoBDBBPQQ3crbaQdiOjGUE9zUF
+8kp3/mVj/kBCNtlc4dR/lJGuM97h2OpR5sLvb/5TN9C3tcXUyRmDjqJY/eX9ui0D
+pEe6juN9Wy1yZtHauTIK0dqol+DJr56mMdMzBBmDagdr17Q2XK+GKrp5Z9rPbXJv
+8qjMHKVFlbQRMtOY8N/PQenRyl1XmZIPk9HWj+9+6w==
+-----END ENCRYPTED PRIVATE KEY-----
+
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAo+gAwIBAgIQfcfd9dgdKT/5gdDbpAiKlDAKBggqhkjOPQQDAjAYMRYw
+FAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI0MDUwNTE1NTAzOFoXDTI1MDUwNTE1
+NTAzOFowWDELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT
+MQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzERMA8GA1UEAxMIZmlkby11YWYw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWcQPIzUN2zbPkB3yISIGw
+mDAd285YKm/ZLbE4WWw2SIHhjfh0XoYZ6QvLMENWcC8/iOX/6g6upQnYegzZKlST
+Lix0zJjEbtMlK8fITiPhwziWPSOeqtuW66Rj+13G6kKYVtZ8vviu73LBDkXKHSNi
+g4knNgACJpIItiDhOmtmD3Wsb8JAIQ161m7D3i2jr/kqBFKLc2DXcCHYSwxBXu3A
+99iqWxoHfprL/L7RfxBo7mKbk+xjRvw6wFHBb76m6hd8fe4yg3g9zZTsZ5KeKqtA
+8NT7CTG26F/MEBEmreU6NcNP62sYBkQiY+K5WweUs5qnDCAUPz+Upu0lX49ZDsvZ
+AgMBAAGjga8wgawwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFPthGhYiMfCS8WJz
+C+TRPH/IDi5RMEwGA1UdEQRFMEOCCGZpZG8tdWFmgiFmaWRvLXVhZi5hZG4tYWdv
+di1uZXZpc2lkbS0wMS11YXSBFG5vcmVwbHlAbG9jYWwuZG9tYWluMAoGCCqGSM49
+BAMCA0gAMEUCIBCueTTUwnN53/dIs6W4FpbFtF/wkAhYjLZGuKgY08ZAAiEA9VFz
+WoaxaINHqGPR10Sh1hqeuCHRzHxnQUt07sZf2DU=
+-----END CERTIFICATE-----
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/env.conf b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/env.conf
new file mode 100644
index 0000000..30a29d9
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/env.conf
@@ -0,0 +1,10 @@
+RUN_ARGS="--config conf/nevisfido.yml --log-config conf/logging.yml"
+
+JAVA_OPTS=(
+    "-XX:+UseContainerSupport"
+    "-XX:MaxRAMPercentage=80.0"
+    "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
+    "-Dotel.javaagent.logging=application"
+    "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
+    "-Dotel.resource.attributes=service.version=8.2405.0,service.instance.id=$HOSTNAME"
+)
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/logging.yml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/logging.yml
new file mode 100644
index 0000000..8d3cc20
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/logging.yml
@@ -0,0 +1,21 @@
+Configuration:
+  monitorInterval: 60
+  Appenders:
+    Console:
+    - name: "SERVER"
+      target: "SYSTEM_OUT"
+      PatternLayout:
+        pattern: "[nevisfido.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-40.40c %-5.5p %m%n"
+      RegexFilter:
+        regex: ".*GET /nevisfido/liveness.*"
+        onMatch: "DENY"
+        onMismatch: "ACCEPT"
+  Loggers:
+    Logger:
+    - name: "ch.nevis.auth.fido.application.Application"
+      level: "INFO"
+    Root:
+      level: "WARN"
+      additivity: "false"
+      AppenderRef:
+      - ref: "SERVER"
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json
new file mode 100644
index 0000000..7a83c28
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json
@@ -0,0 +1,231 @@
+[
+  {
+    "aaid" : "F1D0#0001",
+    "description" : "Android NEVIS Mobile Authentication PIN Authenticator",
+    "assertionScheme" : "UAFV1TLV",
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
+    "upv" : [ {
+      "major" : 1,
+      "minor" : 1
+    } ],
+    "userVerificationDetails" : [ [ {
+      "userVerification" : 4
+    } ] ],
+    "attachmentHint" : 1,
+    "authenticationAlgorithm" : 9,
+    "authenticatorVersion" : 1,
+    "isSecondFactorOnly" : false,
+    "keyProtection" : 1,
+    "matcherProtection" : 1,
+    "publicKeyAlgAndEncoding" : 256,
+    "tcDisplay" : 1,
+    "tcDisplayContentType" : "text/plain"
+  },
+  {
+    "aaid" : "F1D0#0002",
+    "description" : "Android NEVIS Mobile Authentication Fingerprint Authenticator",
+    "assertionScheme" : "UAFV1TLV",
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
+    "upv" : [ {
+      "major" : 1,
+      "minor" : 1
+    } ],
+    "userVerificationDetails" : [ [ {
+      "userVerification" : 2
+    } ] ],
+    "attachmentHint" : 1,
+    "authenticationAlgorithm" : 9,
+    "authenticatorVersion" : 1,
+    "isSecondFactorOnly" : false,
+    "keyProtection" : 4,
+    "matcherProtection" : 2,
+    "publicKeyAlgAndEncoding" : 256,
+    "tcDisplay" : 1,
+    "tcDisplayContentType" : "text/plain"
+  },
+  {
+    "aaid" : "F1D0#0003",
+    "description" : "Android NEVIS Mobile Authentication Biometric Authenticator",
+    "assertionScheme" : "UAFV1TLV",
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
+    "upv" : [ {
+      "major" : 1,
+      "minor" : 1
+    } ],
+    "userVerificationDetails" : [ [ {
+      "userVerification" : 346
+    } ] ],
+    "attachmentHint" : 1,
+    "authenticationAlgorithm" : 9,
+    "authenticatorVersion" : 1,
+    "isSecondFactorOnly" : false,
+    "keyProtection" : 4,
+    "matcherProtection" : 2,
+    "publicKeyAlgAndEncoding" : 256,
+    "tcDisplay" : 1,
+    "tcDisplayContentType" : "text/plain"
+  },
+  {
+    "aaid" : "F1D0#0004",
+    "description" : "Android NEVIS Mobile Authentication Device Passcode Authenticator",
+    "assertionScheme" : "UAFV1TLV",
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
+    "upv" : [ {
+      "major" : 1,
+      "minor" : 1
+    } ],
+    "userVerificationDetails" : [ [ {
+      "userVerification" : 132
+    } ] ],
+    "attachmentHint" : 1,
+    "authenticationAlgorithm" : 9,
+    "authenticatorVersion" : 1,
+    "isSecondFactorOnly" : false,
+    "keyProtection" : 4,
+    "matcherProtection" : 2,
+    "publicKeyAlgAndEncoding" : 259,
+    "tcDisplay" : 1,
+    "tcDisplayContentType" : "text/plain"
+  },
+  {
+    "aaid" : "F1D0#0005",
+    "description" : "Android NEVIS Mobile Authentication Password Authenticator",
+    "assertionScheme" : "UAFV1TLV",
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
+    "upv" : [ {
+      "major" : 1,
+      "minor" : 1
+    } ],
+    "userVerificationDetails" : [ [ {
+      "userVerification" : 4
+    } ] ],
+    "attachmentHint" : 1,
+    "authenticationAlgorithm" : 9,
+    "authenticatorVersion" : 1,
+    "isSecondFactorOnly" : false,
+    "keyProtection" : 1,
+    "matcherProtection" : 1,
+    "publicKeyAlgAndEncoding" : 256,
+    "tcDisplay" : 1,
+    "tcDisplayContentType" : "text/plain"
+  },
+  {
+    "aaid" : "F1D0#1001",
+    "description" : "iOS NEVIS Mobile Authentication PIN Authenticator",
+    "assertionScheme" : "UAFV1TLV",
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
+    "upv" : [ {
+      "major" : 1,
+      "minor" : 1
+    } ],
+    "userVerificationDetails" : [ [ {
+      "userVerification" : 4
+    } ] ],
+    "attachmentHint" : 1,
+    "authenticationAlgorithm" : 2,
+    "authenticatorVersion" : 1,
+    "isSecondFactorOnly" : false,
+    "keyProtection" : 1,
+    "matcherProtection" : 1,
+    "publicKeyAlgAndEncoding" : 257,
+    "tcDisplay" : 1,
+    "tcDisplayContentType" : "text/plain"
+  },
+  {
+    "aaid" : "F1D0#1002",
+    "description" : "iOS NEVIS Mobile Authentication Fingerprint Authenticator",
+    "assertionScheme" : "UAFV1TLV",
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
+    "upv" : [ {
+      "major" : 1,
+      "minor" : 1
+    } ],
+    "userVerificationDetails" : [ [ {
+      "userVerification" : 2
+    } ] ],
+    "attachmentHint" : 1,
+    "authenticationAlgorithm" : 2,
+    "authenticatorVersion" : 1,
+    "isSecondFactorOnly" : false,
+    "keyProtection" : 6,
+    "matcherProtection" : 2,
+    "publicKeyAlgAndEncoding" : 257,
+    "tcDisplay" : 1,
+    "tcDisplayContentType" : "text/plain"
+  },
+  {
+    "aaid" : "F1D0#1003",
+    "description" : "iOS NEVIS Mobile Authentication Face Recognition Authenticator",
+    "assertionScheme" : "UAFV1TLV",
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
+    "upv" : [ {
+      "major" : 1,
+      "minor" : 1
+    } ],
+    "userVerificationDetails" : [ [ {
+      "userVerification" : 16
+    } ] ],
+    "attachmentHint" : 1,
+    "authenticationAlgorithm" : 2,
+    "authenticatorVersion" : 1,
+    "isSecondFactorOnly" : false,
+    "keyProtection" : 6,
+    "matcherProtection" : 2,
+    "publicKeyAlgAndEncoding" : 257,
+    "tcDisplay" : 1,
+    "tcDisplayContentType" : "text/plain"
+  },
+  {
+    "aaid" : "F1D0#1004",
+    "description" : "iOS NEVIS Mobile Authentication Device Passcode Authenticator",
+    "assertionScheme" : "UAFV1TLV",
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
+    "upv" : [ {
+      "major" : 1,
+      "minor" : 1
+    } ],
+    "userVerificationDetails" : [ [ {
+      "userVerification" : 4
+    } ] ],
+    "attachmentHint" : 1,
+    "authenticationAlgorithm" : 2,
+    "authenticatorVersion" : 1,
+    "isSecondFactorOnly" : false,
+    "keyProtection" : 6,
+    "matcherProtection" : 2,
+    "publicKeyAlgAndEncoding" : 257,
+    "tcDisplay" : 1,
+    "tcDisplayContentType" : "text/plain"
+  },
+  {
+    "aaid" : "F1D0#1005",
+    "description" : "iOS NEVIS Mobile Authentication Password Authenticator",
+    "assertionScheme" : "UAFV1TLV",
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
+    "upv" : [ {
+      "major" : 1,
+      "minor" : 1
+    } ],
+    "userVerificationDetails" : [ [ {
+      "userVerification" : 4
+    } ] ],
+    "attachmentHint" : 1,
+    "authenticationAlgorithm" : 2,
+    "authenticatorVersion" : 1,
+    "isSecondFactorOnly" : false,
+    "keyProtection" : 1,
+    "matcherProtection" : 1,
+    "publicKeyAlgAndEncoding" : 257,
+    "tcDisplay" : 1,
+    "tcDisplayContentType" : "text/plain"
+  }]
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml
new file mode 100644
index 0000000..40793ba
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml
@@ -0,0 +1,104 @@
+server:
+  port: 9443
+  host: 0.0.0.0
+  protocol: https
+  tls:
+    keystore: /var/opt/keys/own/ob-fido-uaf-default-server-identity/keystore.p12
+    keystore-passphrase: ${exec:/var/opt/keys/own/ob-fido-uaf-default-server-identity/keypass}
+    keystore-type: pkcs12
+    truststore: /var/opt/keys/trust/ob-fido-uaf-default-client-trust/truststore.p12
+    truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido-uaf-default-client-trust/keypass}
+    truststore-type: pkcs12
+
+management:
+  server:
+    port: 9089
+  healthchecks:
+    enabled: true
+
+credential-repository:
+  type: nevisidm
+  rest-url: https://idm.adn-agov-nevisidm-01-uat:8989/nevisidm
+  administration-url: https://idm.adn-agov-nevisidm-01-uat:8989/nevisidm/services/v1_46/AdminService
+  keystore: /var/opt/keys/own/nevisfido-techuser-key/keystore.p12
+  keystore-passphrase: ${exec:/var/opt/keys/own/nevisfido-techuser-key/keypass}
+  keystore-type: pkcs12
+  truststore: /var/opt/keys/trust/ob-fido-uaf-agov-work-internal-trust-store/truststore.p12
+  truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido-uaf-agov-work-internal-trust-store/keypass}
+  truststore-type: pkcs12
+  admin-service-version: v1_46
+  client-id: 100
+  user-attribute: extId
+
+session-repository:
+  type: in-memory
+  jdbc-url: 
+  max-connection-lifetime: 
+  user: 
+  password: 
+  schema-user: 
+  schema-user-password: 
+  automatic-db-schema-setup: false
+
+fido-uaf:
+  enabled: true
+  app-id: https://auth.agov-w.azure.adnovum.net//nevisfido/uaf/1.1/facets
+  facets:
+    - android:apk-key-hash:kdcDr+sJVydAkZ6nT/HR3UpJFSd+vPORXLww8DIHV7c
+    - ios:bundle-id:ch.nevis.accessapp
+    - android:apk-key-hash:ch.nevis.mobile.authentication.sdk.android.example
+    - android:apk-key-hash:ch.nevis.mobile.authentication.sdk.flutter.example
+    - android:apk-key-hash:ch.nevis.mobile.authentication.sdk.react.example
+    - ios:bundle-id:ch.nevis.mobile.authentication.sdk.ios.example
+    - ios:bundle-id:ch.nevis.mobile.authentication.sdk.flutter.example
+    - ios:bundle-id:ch.nevis.mobile.authentication.sdk.objc.proxy.example
+    - ios:bundle-id:ch.nevis.mobile.authentication.sdk.react.example
+  metadata:
+    path: conf/metadata/metadata.json
+  policy:
+    path: conf/policy/
+  timeout:
+    registration: 600s
+    authentication: 600s
+    token-registration: 600s
+    token-authentication: 600s
+    token-deregistration: 600s
+  transaction-confirmation:
+    max-text-length: 2000
+  authorization:
+    registration:
+      type: sectoken
+      truststore: /var/opt/keys/trust/ob-fido-uaf-default-signer-trust/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido-uaf-default-signer-trust/keypass}
+      truststore-type: pkcs12
+      username-attribute-names:
+        - loginId
+        - userid
+    authentication:
+      type: none
+    deregistration:
+      type: sectoken
+      truststore: /var/opt/keys/trust/ob-fido-uaf-default-signer-trust/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido-uaf-default-signer-trust/keypass}
+      truststore-type: pkcs12
+      username-attribute-names:
+        - loginId
+        - userid
+    create-dispatch-target:
+      type: sectoken
+      truststore: /var/opt/keys/trust/ob-fido-uaf-default-signer-trust/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido-uaf-default-signer-trust/keypass}
+      truststore-type: pkcs12
+      username-attribute-names:
+        - loginId
+        - userid
+    query-dispatch-target:
+      type: none
+    delete-dispatch-target:
+      type: sectoken
+      truststore: /var/opt/keys/trust/ob-fido-uaf-default-signer-trust/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido-uaf-default-signer-trust/keypass}
+      truststore-type: pkcs12
+      username-attribute-names:
+        - userid
+  dispatchers: []
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/otel.properties b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/otel.properties
new file mode 100644
index 0000000..ffe9ce8
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/otel.properties
@@ -0,0 +1,4 @@
+otel.service.name = ob-fido-uaf
+otel.traces.exporter = none
+otel.metrics.exporter = none
+otel.logs.exporter = none
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/policy/biometrics_only.json b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/policy/biometrics_only.json
new file mode 100644
index 0000000..940439f
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/policy/biometrics_only.json
@@ -0,0 +1,24 @@
+{
+  "accepted": [
+    [
+      {
+        "aaid": ["F1D0#0002"]
+      }
+    ],
+    [
+      {
+        "aaid": ["F1D0#0003"]
+      }
+    ],
+    [
+      {
+        "aaid": ["F1D0#1002"]
+      }
+    ],
+    [
+      {
+        "aaid": ["F1D0#1003"]
+      }
+    ]
+  ]
+}
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/policy/default.json b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/policy/default.json
new file mode 100644
index 0000000..3e043e9
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/policy/default.json
@@ -0,0 +1,44 @@
+{
+  "accepted": [
+    [
+      {
+        "aaid": ["F1D0#0001"]
+      }
+    ],
+    [
+      {
+        "aaid": ["F1D0#0002"]
+      }
+    ],
+    [
+      {
+        "aaid": ["F1D0#0003"]
+      }
+    ],
+    [
+      {
+        "aaid": ["F1D0#0004"]
+      }
+    ],
+    [
+      {
+        "aaid": ["F1D0#1001"]
+      }
+    ],
+    [
+      {
+        "aaid": ["F1D0#1002"]
+      }
+    ],
+    [
+      {
+        "aaid": ["F1D0#1003"]
+      }
+    ],
+    [
+      {
+        "aaid": ["F1D0#1004"]
+      }
+    ]
+  ]
+}
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/policy/pin_only.json b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/policy/pin_only.json
new file mode 100644
index 0000000..9f56c78
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/policy/pin_only.json
@@ -0,0 +1,14 @@
+{
+  "accepted": [
+    [
+      {
+        "aaid": ["F1D0#0001"]
+      }
+    ],
+    [
+      {
+        "aaid": ["F1D0#1001"]
+      }
+    ]
+  ]
+}
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/status.py b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/status.py
new file mode 100644
index 0000000..a5c9bae
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/status.py
@@ -0,0 +1,47 @@
+import sys
+import time
+import urllib.request, urllib.error, urllib.parse
+
+health_endpoint = 'http://localhost:9089/nevisfido/health'
+log_file_path = '/var/opt/nevisfido/default/log/nevisfido.log'
+
+# Calls nevisFIDO's health check endpoint repeatedly to determine whether it is up and running
+# Returns True if the service is available or False otherwise
+def is_nevisfido_healthy():
+    for timeout in [0.1, 2, 4, 8, 16, 30]:
+        try:
+            time.sleep(timeout)
+            response = urllib.request.urlopen(health_endpoint)
+            if response.getcode() == 200:
+                return True
+        except urllib.error.URLError:
+            continue
+    return False
+
+# Parses the nevisFIDO logs for the last error registered and raises and exception about it.
+def raise_last_error_in_log():
+    event_buffer = []
+    for line in reversed(open(log_file_path).readlines()):
+        stripped_line = line.rstrip()
+        event_buffer.append(stripped_line)
+        if '[main] ERROR' in stripped_line:
+            raise Exception('\n'.join(reversed(event_buffer)))
+            break
+        # Log events (by default) starts with logging the time in the following format: '2019-11-04 12:44:45,071 21512 [main]'
+        # but these events can be multi-lined.
+        # We check here whether the current line is a start of a new event - in which case we flush the buffer.
+        if is_year(stripped_line[:4]):
+            event_buffer = []
+
+# This method returns True if the provided string can be parsed to a year (4 digit int), or False otherwise.
+def is_year(str):
+    try:
+        return int(str) > 999 and int(str) < 10000
+    except ValueError:
+        return False
+
+if is_nevisfido_healthy():
+    sys.exit(0)
+else:
+    raise_last_error_in_log()
+    sys.exit(1)
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/log/.empty b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/log/.empty
new file mode 100644
index 0000000..e69de29
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/tmp/.empty b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/tmp/.empty
new file mode 100644
index 0000000..e69de29
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml
index f77b04e..d06db53 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml
@@ -46,7 +46,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-f65a315ec4cfd8575904ed12349257a59adbd1e2"
+    tag: "r-4d495f8f73f00597da5fbe633d85d96ac04db24e"
     dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy"
     credentials: "git-credentials"
   keystores:
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml
index 4d3c3a4..3b61910 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml
@@ -282,6 +282,22 @@
     <listener>
         <listener-class>ch::nevis::isiweb4::listener::SessionListener</listener-class>
     </listener>
+    <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+    <servlet>
+        <servlet-name>Connector_NevisFIDO</servlet-name>
+        <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+        <servlet-class>ch::nevis::isiweb4::servlet::connector::http::HttpsConnectorServlet</servlet-class>
+        <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+        <init-param>
+            <param-name>AutoRewrite</param-name>
+            <param-value>none</param-value>
+        </init-param>
+        <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+        <init-param>
+            <param-name>InetAddress</param-name>
+            <param-value>ob-fido-uaf:9443</param-value>
+        </init-param>
+    </servlet>
     <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
     <servlet>
         <servlet-name>Connector_ob-realm</servlet-name>
@@ -418,6 +434,31 @@
             <param-value>/nevislogrend</param-value>
         </init-param>
     </servlet>
+    <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+    <servlet-mapping>
+        <servlet-name>Connector_NevisFIDO</servlet-name>
+        <url-pattern>/nevisfido/devices/credentials/*</url-pattern>
+    </servlet-mapping>
+    <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+    <servlet-mapping>
+        <servlet-name>Connector_NevisFIDO</servlet-name>
+        <url-pattern>/nevisfido/token/dispatch/targets/*</url-pattern>
+    </servlet-mapping>
+    <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+    <servlet-mapping>
+        <servlet-name>Connector_NevisFIDO</servlet-name>
+        <url-pattern>/nevisfido/token/redeem/registration</url-pattern>
+    </servlet-mapping>
+    <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+    <servlet-mapping>
+        <servlet-name>Connector_NevisFIDO</servlet-name>
+        <url-pattern>/nevisfido/uaf/1.1/facets</url-pattern>
+    </servlet-mapping>
+    <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
+    <servlet-mapping>
+        <servlet-name>Connector_NevisFIDO</servlet-name>
+        <url-pattern>/nevisfido/uaf/1.1/registration/</url-pattern>
+    </servlet-mapping>
     <!-- source: pattern://bed300e1196a171ca12db431 -->
     <servlet-mapping>
         <servlet-name>NevisLogrendConnector_ob-logrend</servlet-name>