diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml
index 4ef0b2d..92c4523 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml
@@ -45,7 +45,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-0d14bc8d1f507b55c11ab2b807d691b97d55b1dd"
+    tag: "r-f65a315ec4cfd8575904ed12349257a59adbd1e2"
     dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth"
     credentials: "git-credentials"
   keystores:
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-default-tls-client-trust-d00b0dcbe241793d30daf91c.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-default-tls-client-trust-d00b0dcbe241793d30daf91c.yaml
index 0ede942..853a278 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-default-tls-client-trust-d00b0dcbe241793d30daf91c.yaml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-default-tls-client-trust-d00b0dcbe241793d30daf91c.yaml
@@ -9,4 +9,6 @@ metadata:
     projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
     patternId: "d00b0dcbe241793d30daf91c"
 spec:
-  keystores: []
+  keystores:
+  - name: "ob-proxy-ob-realm-identity"
+    namespace: "adn-agov-nevisidm-ob-01-uat"
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-a2d03bb46b87b90160dc83d7.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-a2d03bb46b87b90160dc83d7.yaml
index dbf096a..3323ddb 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-a2d03bb46b87b90160dc83d7.yaml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-a2d03bb46b87b90160dc83d7.yaml
@@ -46,15 +46,14 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-0d14bc8d1f507b55c11ab2b807d691b97d55b1dd"
+    tag: "r-f65a315ec4cfd8575904ed12349257a59adbd1e2"
     dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2"
     credentials: "git-credentials"
   keystores:
   - "ob-fido2-default-identity"
-  - "ob-fido2-default-client-identity"
   truststores:
+  - "ob-fido2-agov-work-internal-trust-store"
   - "ob-fido2-default-signer-trust"
-  - "ob-fido2-default-server-trust"
   - "ob-fido2-default-tls-client-trust"
   podSecurity:
     policy: "baseline"
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-agov-work-internal-trust-store-a2d03bb46b87b90160dc83d7.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-agov-work-internal-trust-store-a2d03bb46b87b90160dc83d7.yaml
new file mode 100644
index 0000000..1315110
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-agov-work-internal-trust-store-a2d03bb46b87b90160dc83d7.yaml
@@ -0,0 +1,14 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisTrustStore"
+metadata:
+  name: "ob-fido2-agov-work-internal-trust-store"
+  namespace: "adn-agov-nevisidm-ob-01-uat"
+  labels:
+    deploymentTarget: "ob-fido2"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
+    patternId: "a2d03bb46b87b90160dc83d7"
+spec:
+  keystores: []
+  extraCerts:
+  - "-----BEGIN CERTIFICATE-----\nMIIBcTCCARagAwIBAgIQWRl1eifIt8yohQYzh6yr/jAKBggqhkjOPQQDAjAYMRYw\nFAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTIzMDYyODE0MzI0MFoXDTQzMDYyODE0\nMzI0MFowGDEWMBQGA1UEAxMNc2VsZnNpZ25lZC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABEwcjsIhSyyh0i9zP1G7ReOkFt/djzlGoUtSd5v3ZEk5QoZYjfl9\n04HdaZzrmveB2aRppbXgW7//s2Ma8wTd5uejQjBAMA4GA1UdDwEB/wQEAwICpDAP\nBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT7YRoWIjHwkvFicwvk0Tx/yA4uUTAK\nBggqhkjOPQQDAgNJADBGAiEAgyg9t0qgb+czuscs07pNGI+12BedrD+y71psIlqx\nt2UCIQC/85UXyjYI9zg7Mg7rROTbGNCU3Jq/KIC3VzbbD+68VA==\n-----END CERTIFICATE-----\n"
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/cert.pem b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/cert.pem
new file mode 100644
index 0000000..0d07b2a
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAo+gAwIBAgIQfcfd9dgdKT/5gdDbpAiKlDAKBggqhkjOPQQDAjAYMRYw
+FAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI0MDUwNTE1NTAzOFoXDTI1MDUwNTE1
+NTAzOFowWDELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT
+MQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzERMA8GA1UEAxMIZmlkby11YWYw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWcQPIzUN2zbPkB3yISIGw
+mDAd285YKm/ZLbE4WWw2SIHhjfh0XoYZ6QvLMENWcC8/iOX/6g6upQnYegzZKlST
+Lix0zJjEbtMlK8fITiPhwziWPSOeqtuW66Rj+13G6kKYVtZ8vviu73LBDkXKHSNi
+g4knNgACJpIItiDhOmtmD3Wsb8JAIQ161m7D3i2jr/kqBFKLc2DXcCHYSwxBXu3A
+99iqWxoHfprL/L7RfxBo7mKbk+xjRvw6wFHBb76m6hd8fe4yg3g9zZTsZ5KeKqtA
+8NT7CTG26F/MEBEmreU6NcNP62sYBkQiY+K5WweUs5qnDCAUPz+Upu0lX49ZDsvZ
+AgMBAAGjga8wgawwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFPthGhYiMfCS8WJz
+C+TRPH/IDi5RMEwGA1UdEQRFMEOCCGZpZG8tdWFmgiFmaWRvLXVhZi5hZG4tYWdv
+di1uZXZpc2lkbS0wMS11YXSBFG5vcmVwbHlAbG9jYWwuZG9tYWluMAoGCCqGSM49
+BAMCA0gAMEUCIBCueTTUwnN53/dIs6W4FpbFtF/wkAhYjLZGuKgY08ZAAiEA9VFz
+WoaxaINHqGPR10Sh1hqeuCHRzHxnQUt07sZf2DU=
+-----END CERTIFICATE-----
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/key.pem b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/key.pem
new file mode 100644
index 0000000..2637d2f
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/key.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUWtp2pbSNdJCf9jA9
+KTzjbdorVLQCAggAMB0GCWCGSAFlAwQBKgQQb0NJGFGc8MxZaCZ71uYlEASCBND5
+XhsSZKjT6CN02euPCcN5ssgXTfOlHG5hl4KcpNl/K61CH+gNH3rTzzao8utmd5ko
+cWbl6o6nj2IdiU8IlaqI+VIR2nfHaqoGhJHfLbvPu/SItKTFjFTRRKddyKTIjN0o
+eVbHMzt8pHvNKnNK2JmKQ+TqphGTaDIgEEqPRSniE6WHLGuCfG/VdaeRxTZldj9D
+QDR41gC2kgDbsenkZZjhGEJpgM4g3mD7bc0IHMRG1wfSW8qyd+S+XxjYdgMJmffc
+PCMPv3TJ0Xbxfw+BKED9WeSIaXfCFmVprNXhWhMMN8Z7o3WxigVo2oRkHWbhSff4
+hFy4AQgyq8TOE1C2xeAcADEFagCHDdf0cs5LgwytpH5/0oTsm0+pFol6yEa7X1rF
+Eu7NT8zLxXxqUdlCJ1A2AWbi17ER6snst4RfT7cCiI3d6q6IO2dsfuHSs17AHY2m
+1KSfgVwH05o3W58ADUVuoZxtqCS0xMv2mvlTJ7xSb90R4hz5w1JBKjrYqq1Xy1Lr
+pDc9kBEwJKtN9V63veUnHR5tFku9mVTEK6iykYWRNORexNEas5wsiuxrgaXtGN5G
+ouhq9MCe5DI0coQOHM0Bvw1zfQ+wj8RUgrt0290WF0VtHW+zH0qbVHYZ6dKRY5YX
+azzLvyu5AlH9p2MZr/+oZn6lgjmVEYq0UbsUvFoZy65qwi2XqL7FvXIVSVTgr7YY
+hiODL4FBWJEevE+MujfOpOftzivdx1+/cuiQHcbqKlPQLnQXaUKI337u2o8uAEch
+lP3AvI4DVi4m6IC9lo6657r8MqwMGmdEK9PRDPHUf7SP3HGX8fYArwRWILtHrcmc
+/kHhKUkMxHduFb0nYQTVFnlpLEidcv6gYIVsh8Fx5pQWW+HyBD4sJuG7mLMgtmtY
+vk9zayWbq0lw0Bb+E83vk9xtE0tUoFF/Wcl2nBf5PjfCqesGqr9CHElcQGfcINCg
+3llXoeceN868e5DKgtQE6Fp5KukclgeeeX4kPj+UK7x4UGtdGcdghwH6EO7McQX1
+67kyLDcF4p5HnrzEhP2CVcVDHXoeykMCitvHaInwmJQsR209PVa/XxXB8YoMAAV1
+DB3GT024dAxFEl5r1HJm3A7BiFFuvQdUi+recFGKfmSNZ1Pwp2+8DV7UiAYLJ5Wf
+o/aAwUQByITI3fBPvmEAA86FeWwtQ5BG5e+q7imH1ooOzrHQzaqwzQKU+IQCzaDF
+sAqMtSD/hzIRjMKOSAL8bA2SVIXlLUnulWjPwW9zhUTv9yS1q2EsiFUJnOyq7iAI
+fX72qEBvBXLFBdGhotMAXeg1YsXLUxbldqAWuPxpZMQ5S6J7GZZloXSe1Gy/ZZh4
+tKD8qQTS5Rfwiqxxo3kgaB/z0qG99pTB/wWv4fwnv6lFjJRjgyGONRYIGCVCFH2X
+mdV2rTUxtwB1cIr71ksA64O3YkUObyfT8gSbLjPoBDBBPQQ3crbaQdiOjGUE9zUF
+8kp3/mVj/kBCNtlc4dR/lJGuM97h2OpR5sLvb/5TN9C3tcXUyRmDjqJY/eX9ui0D
+pEe6juN9Wy1yZtHauTIK0dqol+DJr56mMdMzBBmDagdr17Q2XK+GKrp5Z9rPbXJv
+8qjMHKVFlbQRMtOY8N/PQenRyl1XmZIPk9HWj+9+6w==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keypass b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keypass
new file mode 100755
index 0000000..85ccc28
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keypass
@@ -0,0 +1,2 @@
+#!/bin/bash
+echo 'Hsk+IJIkp1oGu8i1S+w6p2QMDB+9WFSNjNlSYdUCfA8='
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.jks b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.jks
new file mode 100644
index 0000000..9641839
Binary files /dev/null and b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.jks differ
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.p12 b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.p12
new file mode 100644
index 0000000..3ca00a3
Binary files /dev/null and b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.p12 differ
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.pem b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.pem
new file mode 100644
index 0000000..0127d82
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.pem
@@ -0,0 +1,49 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUWtp2pbSNdJCf9jA9
+KTzjbdorVLQCAggAMB0GCWCGSAFlAwQBKgQQb0NJGFGc8MxZaCZ71uYlEASCBND5
+XhsSZKjT6CN02euPCcN5ssgXTfOlHG5hl4KcpNl/K61CH+gNH3rTzzao8utmd5ko
+cWbl6o6nj2IdiU8IlaqI+VIR2nfHaqoGhJHfLbvPu/SItKTFjFTRRKddyKTIjN0o
+eVbHMzt8pHvNKnNK2JmKQ+TqphGTaDIgEEqPRSniE6WHLGuCfG/VdaeRxTZldj9D
+QDR41gC2kgDbsenkZZjhGEJpgM4g3mD7bc0IHMRG1wfSW8qyd+S+XxjYdgMJmffc
+PCMPv3TJ0Xbxfw+BKED9WeSIaXfCFmVprNXhWhMMN8Z7o3WxigVo2oRkHWbhSff4
+hFy4AQgyq8TOE1C2xeAcADEFagCHDdf0cs5LgwytpH5/0oTsm0+pFol6yEa7X1rF
+Eu7NT8zLxXxqUdlCJ1A2AWbi17ER6snst4RfT7cCiI3d6q6IO2dsfuHSs17AHY2m
+1KSfgVwH05o3W58ADUVuoZxtqCS0xMv2mvlTJ7xSb90R4hz5w1JBKjrYqq1Xy1Lr
+pDc9kBEwJKtN9V63veUnHR5tFku9mVTEK6iykYWRNORexNEas5wsiuxrgaXtGN5G
+ouhq9MCe5DI0coQOHM0Bvw1zfQ+wj8RUgrt0290WF0VtHW+zH0qbVHYZ6dKRY5YX
+azzLvyu5AlH9p2MZr/+oZn6lgjmVEYq0UbsUvFoZy65qwi2XqL7FvXIVSVTgr7YY
+hiODL4FBWJEevE+MujfOpOftzivdx1+/cuiQHcbqKlPQLnQXaUKI337u2o8uAEch
+lP3AvI4DVi4m6IC9lo6657r8MqwMGmdEK9PRDPHUf7SP3HGX8fYArwRWILtHrcmc
+/kHhKUkMxHduFb0nYQTVFnlpLEidcv6gYIVsh8Fx5pQWW+HyBD4sJuG7mLMgtmtY
+vk9zayWbq0lw0Bb+E83vk9xtE0tUoFF/Wcl2nBf5PjfCqesGqr9CHElcQGfcINCg
+3llXoeceN868e5DKgtQE6Fp5KukclgeeeX4kPj+UK7x4UGtdGcdghwH6EO7McQX1
+67kyLDcF4p5HnrzEhP2CVcVDHXoeykMCitvHaInwmJQsR209PVa/XxXB8YoMAAV1
+DB3GT024dAxFEl5r1HJm3A7BiFFuvQdUi+recFGKfmSNZ1Pwp2+8DV7UiAYLJ5Wf
+o/aAwUQByITI3fBPvmEAA86FeWwtQ5BG5e+q7imH1ooOzrHQzaqwzQKU+IQCzaDF
+sAqMtSD/hzIRjMKOSAL8bA2SVIXlLUnulWjPwW9zhUTv9yS1q2EsiFUJnOyq7iAI
+fX72qEBvBXLFBdGhotMAXeg1YsXLUxbldqAWuPxpZMQ5S6J7GZZloXSe1Gy/ZZh4
+tKD8qQTS5Rfwiqxxo3kgaB/z0qG99pTB/wWv4fwnv6lFjJRjgyGONRYIGCVCFH2X
+mdV2rTUxtwB1cIr71ksA64O3YkUObyfT8gSbLjPoBDBBPQQ3crbaQdiOjGUE9zUF
+8kp3/mVj/kBCNtlc4dR/lJGuM97h2OpR5sLvb/5TN9C3tcXUyRmDjqJY/eX9ui0D
+pEe6juN9Wy1yZtHauTIK0dqol+DJr56mMdMzBBmDagdr17Q2XK+GKrp5Z9rPbXJv
+8qjMHKVFlbQRMtOY8N/PQenRyl1XmZIPk9HWj+9+6w==
+-----END ENCRYPTED PRIVATE KEY-----
+
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAo+gAwIBAgIQfcfd9dgdKT/5gdDbpAiKlDAKBggqhkjOPQQDAjAYMRYw
+FAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI0MDUwNTE1NTAzOFoXDTI1MDUwNTE1
+NTAzOFowWDELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT
+MQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzERMA8GA1UEAxMIZmlkby11YWYw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWcQPIzUN2zbPkB3yISIGw
+mDAd285YKm/ZLbE4WWw2SIHhjfh0XoYZ6QvLMENWcC8/iOX/6g6upQnYegzZKlST
+Lix0zJjEbtMlK8fITiPhwziWPSOeqtuW66Rj+13G6kKYVtZ8vviu73LBDkXKHSNi
+g4knNgACJpIItiDhOmtmD3Wsb8JAIQ161m7D3i2jr/kqBFKLc2DXcCHYSwxBXu3A
+99iqWxoHfprL/L7RfxBo7mKbk+xjRvw6wFHBb76m6hd8fe4yg3g9zZTsZ5KeKqtA
+8NT7CTG26F/MEBEmreU6NcNP62sYBkQiY+K5WweUs5qnDCAUPz+Upu0lX49ZDsvZ
+AgMBAAGjga8wgawwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFPthGhYiMfCS8WJz
+C+TRPH/IDi5RMEwGA1UdEQRFMEOCCGZpZG8tdWFmgiFmaWRvLXVhZi5hZG4tYWdv
+di1uZXZpc2lkbS0wMS11YXSBFG5vcmVwbHlAbG9jYWwuZG9tYWluMAoGCCqGSM49
+BAMCA0gAMEUCIBCueTTUwnN53/dIs6W4FpbFtF/wkAhYjLZGuKgY08ZAAiEA9VFz
+WoaxaINHqGPR10Sh1hqeuCHRzHxnQUt07sZf2DU=
+-----END CERTIFICATE-----
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/nevisfido/default/conf/nevisfido.yml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/nevisfido/default/conf/nevisfido.yml
index 690b160..2cb576d 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/nevisfido/default/conf/nevisfido.yml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/nevisfido/default/conf/nevisfido.yml
@@ -16,10 +16,10 @@ credential-repository:
   type: nevisidm
   client-id: cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720
   rest-url: https://idm.adn-agov-nevisidm-01-uat:443/nevisidm
-  keystore: /var/opt/keys/own/ob-fido2-default-client-identity/keystore.p12
-  keystore-passphrase: ${exec:/var/opt/keys/own/ob-fido2-default-client-identity/keypass}
-  truststore: /var/opt/keys/trust/ob-fido2-default-server-trust/truststore.p12
-  truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido2-default-server-trust/keypass}
+  keystore: /var/opt/keys/own/nevisfido-techuser-key/keystore.p12
+  keystore-passphrase: ${exec:/var/opt/keys/own/nevisfido-techuser-key/keypass}
+  truststore: /var/opt/keys/trust/ob-fido2-agov-work-internal-trust-store/truststore.p12
+  truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido2-agov-work-internal-trust-store/keypass}
   user-attribute: extId
 
 session-repository:
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml
index 9574c60..f77b04e 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml
@@ -46,11 +46,15 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-0d14bc8d1f507b55c11ab2b807d691b97d55b1dd"
+    tag: "r-f65a315ec4cfd8575904ed12349257a59adbd1e2"
     dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy"
     credentials: "git-credentials"
   keystores:
+  - "ob-proxy-ob-realm-identity"
   - "ob-proxy-346a2bebb04a0b74c7c9b5b9"
+  truststores:
+  - "ob-proxy-ob-realm-signer-trust"
+  - "ob-proxy-ob-realm-tls-trust"
   ingresses:
   - "ob-proxy"
   podSecurity:
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-default-client-identity-a2d03bb46b87b90160dc83d7.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-identity-b4d2da2fa2d0b060752a1fe2.yaml
similarity index 57%
rename from DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-default-client-identity-a2d03bb46b87b90160dc83d7.yaml
rename to DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-identity-b4d2da2fa2d0b060752a1fe2.yaml
index 5062fda..6233f87 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-default-client-identity-a2d03bb46b87b90160dc83d7.yaml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-identity-b4d2da2fa2d0b060752a1fe2.yaml
@@ -1,18 +1,18 @@
 apiVersion: "operator.nevis-security.ch/v1"
 kind: "NevisKeyStore"
 metadata:
-  name: "ob-fido2-default-client-identity"
+  name: "ob-proxy-ob-realm-identity"
   namespace: "adn-agov-nevisidm-ob-01-uat"
   labels:
-    deploymentTarget: "ob-fido2"
+    deploymentTarget: "ob-proxy"
   annotations:
     projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
-    patternId: "a2d03bb46b87b90160dc83d7"
+    patternId: "b4d2da2fa2d0b060752a1fe2"
 spec:
-  cn: "ob-fido2"
+  cn: "ob-proxy"
   usage: "<reserved for future use>"
   san:
     dns:
-    - "ob-fido2"
-    - "ob-fido2.adn-agov-nevisidm-ob-01-uat"
+    - "ob-proxy"
+    - "ob-proxy.adn-agov-nevisidm-ob-01-uat"
     email: []
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-default-server-trust-a2d03bb46b87b90160dc83d7.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-signer-trust-b4d2da2fa2d0b060752a1fe2.yaml
similarity index 65%
rename from DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-default-server-trust-a2d03bb46b87b90160dc83d7.yaml
rename to DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-signer-trust-b4d2da2fa2d0b060752a1fe2.yaml
index 2d65989..a342d41 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-default-server-trust-a2d03bb46b87b90160dc83d7.yaml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-signer-trust-b4d2da2fa2d0b060752a1fe2.yaml
@@ -1,12 +1,12 @@
 apiVersion: "operator.nevis-security.ch/v1"
 kind: "NevisTrustStore"
 metadata:
-  name: "ob-fido2-default-server-trust"
+  name: "ob-proxy-ob-realm-signer-trust"
   namespace: "adn-agov-nevisidm-ob-01-uat"
   labels:
-    deploymentTarget: "ob-fido2"
+    deploymentTarget: "ob-proxy"
   annotations:
     projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
-    patternId: "a2d03bb46b87b90160dc83d7"
+    patternId: "b4d2da2fa2d0b060752a1fe2"
 spec:
   keystores: []
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-tls-trust-b4d2da2fa2d0b060752a1fe2.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-tls-trust-b4d2da2fa2d0b060752a1fe2.yaml
new file mode 100644
index 0000000..72b56e3
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-tls-trust-b4d2da2fa2d0b060752a1fe2.yaml
@@ -0,0 +1,14 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisTrustStore"
+metadata:
+  name: "ob-proxy-ob-realm-tls-trust"
+  namespace: "adn-agov-nevisidm-ob-01-uat"
+  labels:
+    deploymentTarget: "ob-proxy"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
+    patternId: "b4d2da2fa2d0b060752a1fe2"
+spec:
+  keystores:
+  - name: "ob-auth-default-identity"
+    namespace: "adn-agov-nevisidm-ob-01-uat"
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml
index 4a70a68..4d3c3a4 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml
@@ -1,6 +1,116 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "/opt/nevisproxy/dtd/web-app_2_3.dtd">
 <web-app>
+    <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+    <context-param>
+        <param-name>SectokenVerifierCert</param-name>
+        <param-value>/var/opt/keys/trust/ob-proxy-ob-realm-signer-trust/truststore.pem</param-value>
+    </context-param>
+    <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+    <filter>
+        <filter-name>AuthenticationService_ob-realm</filter-name>
+        <filter-class>ch::nevis::isiweb4::filter::auth::IdentityCreationFilter</filter-class>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>AuthenticationServlet</param-name>
+            <param-value>Connector_ob-realm</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>BodyReadSize</param-name>
+            <param-value>32768</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>EntryPointID</param-name>
+            <param-value>ob.agov-w.azure.adnovum.net</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>InactiveInterval</param-name>
+            <param-value>7200</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>InterceptionRedirect</param-name>
+            <param-value>never</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>LoginRendererServlet</param-name>
+            <param-value>LoginRenderer_ob-logrend</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>Realm</param-name>
+            <param-value>ob-realm</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>RecheckAuthentication</param-name>
+            <param-value>On</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>RenewIdentification</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>StateKey</param-name>
+            <param-value>ob-realm</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>StoreInterceptedRequest</param-name>
+            <param-value>false</param-value>
+        </init-param>
+    </filter>
+    <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+    <filter>
+        <filter-name>Authentication_ob-realm</filter-name>
+        <filter-class>ch::nevis::isiweb4::filter::auth::IdentityCreationFilter</filter-class>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>AuthenticationServlet</param-name>
+            <param-value>Connector_ob-realm</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>EntryPointID</param-name>
+            <param-value>ob.agov-w.azure.adnovum.net</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>InactiveInterval</param-name>
+            <param-value>7200</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>LoginRendererServlet</param-name>
+            <param-value>LoginRenderer_ob-logrend</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>Realm</param-name>
+            <param-value>ob-realm</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>RenewIdentification</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>StateKey</param-name>
+            <param-value>ob-realm</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>StoreInterceptedRequest</param-name>
+            <param-value>false</param-value>
+        </init-param>
+    </filter>
     <!-- source: pattern://346a2bebb04a0b74c7c9b5b9 -->
     <filter>
         <filter-name>ErrorHandler_Default</filter-name>
@@ -24,6 +134,41 @@
             </param-value>
         </init-param>
     </filter>
+    <!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
+    <filter>
+        <filter-name>Level_2_ob-realm</filter-name>
+        <filter-class>ch::nevis::isiweb4::filter::auth::SecurityRoleFilter</filter-class>
+        <!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
+        <init-param>
+            <param-name>AuthenticationServlet</param-name>
+            <param-value>Connector_ob-realm</param-value>
+        </init-param>
+        <!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
+        <init-param>
+            <param-name>DynamicRoleAcquire</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
+        <init-param>
+            <param-name>DynamicRoleAcquire.CheckRoleRemoval</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
+        <init-param>
+            <param-name>InterceptionRedirect</param-name>
+            <param-value>never</param-value>
+        </init-param>
+        <!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
+        <init-param>
+            <param-name>LoginRendererServlet</param-name>
+            <param-value>LoginRenderer_ob-logrend</param-value>
+        </init-param>
+        <!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
+        <init-param>
+            <param-name>RolesRequired</param-name>
+            <param-value>2 3 4 5 6 7 8 9</param-value>
+        </init-param>
+    </filter>
     <!-- source: pattern://346a2bebb04a0b74c7c9b5b9 -->
     <filter>
         <filter-name>Qos</filter-name>
@@ -53,6 +198,51 @@
             </param-value>
         </init-param>
     </filter>
+    <!-- source: pattern://6e7b5a087711bd0ada9985fe, pattern://e1784eecf2db74484dd1e1bb -->
+    <filter>
+        <filter-name>SessionHandler_ob-realm</filter-name>
+        <filter-class>ch::nevis::nevisproxy::filter::session::SessionManagementFilter</filter-class>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>Cookie.ExtraAttributes</param-name>
+            <param-value>SameSite=None</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>Cookie.Name</param-name>
+            <param-value>Session_ob-realm</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>Cookie.Secure</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>Identification</param-name>
+            <param-value>COOKIE</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>MaxInactiveInterval</param-name>
+            <param-value>600</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>MaxLifetime</param-name>
+            <param-value>28800</param-value>
+        </init-param>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+        <init-param>
+            <param-name>Servlet</param-name>
+            <param-value>LocalSessionStoreServlet</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>UpdateTimeStampMinInterval</param-name>
+            <param-value>120</param-value>
+        </init-param>
+    </filter>
     <!-- source: pattern://346a2bebb04a0b74c7c9b5b9 -->
     <filter-mapping>
         <filter-name>ErrorHandler_Default</filter-name>
@@ -63,19 +253,184 @@
         <filter-name>ResponseHeader_Default</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
-    <!-- source: pattern://be295ae355ca9049599e0285 -->
+    <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+    <filter-mapping>
+        <filter-name>SessionHandler_ob-realm</filter-name>
+        <url-pattern>/register/*</url-pattern>
+    </filter-mapping>
+    <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+    <filter-mapping>
+        <filter-name>SessionHandler_ob-realm</filter-name>
+        <url-pattern>/pwreset/*</url-pattern>
+    </filter-mapping>
+    <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+    <filter-mapping>
+        <filter-name>Authentication_ob-realm</filter-name>
+        <url-pattern>/register/*</url-pattern>
+    </filter-mapping>
+    <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+    <filter-mapping>
+        <filter-name>AuthenticationService_ob-realm</filter-name>
+        <url-pattern>/pwreset/*</url-pattern>
+    </filter-mapping>
+    <!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
+    <filter-mapping>
+        <filter-name>Level_2_ob-realm</filter-name>
+        <url-pattern>/register/*</url-pattern>
+    </filter-mapping>
+    <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+    <listener>
+        <listener-class>ch::nevis::isiweb4::listener::SessionListener</listener-class>
+    </listener>
+    <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
     <servlet>
-        <servlet-name>Default_New_Default_Service</servlet-name>
-        <!-- source: pattern://be295ae355ca9049599e0285 -->
-        <servlet-class>ch::nevis::isiweb4::servlet::defaults::DefaultServlet</servlet-class>
+        <servlet-name>Connector_ob-realm</servlet-name>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <servlet-class>ch::nevis::isiweb4::servlet::connector::soap::esauth4::Esauth4ConnectorServlet</servlet-class>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>Transport.DNSCache.ttl</param-name>
+            <param-value>60</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>Transport.InetAddress</param-name>
+            <param-value>ob-auth:8991</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>Transport.KeepAlive.LifeTime</param-name>
+            <param-value>30</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>Transport.RequestTimeout</param-name>
+            <param-value>90000</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>Transport.ResourceManager.RetryTimeout</param-name>
+            <param-value>0</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>Transport.SSLCACertificateFile</param-name>
+            <param-value>/var/opt/keys/trust/ob-proxy-ob-realm-tls-trust/truststore.pem</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>Transport.SSLCheckPeerHostname</param-name>
+            <param-value>false</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>Transport.SSLClientCertificateFile</param-name>
+            <param-value>/var/opt/keys/own/ob-proxy-ob-realm-identity/cert.pem</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>Transport.SSLClientKeyFile</param-name>
+            <param-value>/var/opt/keys/own/ob-proxy-ob-realm-identity/key.pem</param-value>
+        </init-param>
     </servlet>
+    <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
     <servlet>
         <servlet-name>Hosting_Default</servlet-name>
+        <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
         <servlet-class>ch::nevis::isiweb4::servlet::defaults::DefaultServlet</servlet-class>
     </servlet>
-    <!-- source: pattern://be295ae355ca9049599e0285, pattern://be295ae355ca9049599e0285#path -->
+    <!-- source: pattern://b10d246bc151306dba28de4a -->
+    <servlet>
+        <servlet-name>Hosting_ob-register-service</servlet-name>
+        <!-- source: pattern://b10d246bc151306dba28de4a -->
+        <servlet-class>ch::nevis::nevisproxy::servlet::file::FileReaderServlet</servlet-class>
+        <!-- source: pattern://b10d246bc151306dba28de4a -->
+        <init-param>
+            <param-name>Profile</param-name>
+            <param-value>AllowSubDirectories</param-value>
+        </init-param>
+        <!-- source: pattern://b10d246bc151306dba28de4a -->
+        <init-param>
+            <param-name>RootDirectory</param-name>
+            <param-value>/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/register/</param-value>
+        </init-param>
+    </servlet>
+    <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+    <servlet>
+        <servlet-name>LocalSessionStoreServlet</servlet-name>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <servlet-class>ch::nevis::nevisproxy::servlet::cache::local::LocalSessionStoreServlet</servlet-class>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>MaxInactiveInterval</param-name>
+            <param-value>600</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>MaxLifetime</param-name>
+            <param-value>28800</param-value>
+        </init-param>
+        <!-- source: pattern://6e7b5a087711bd0ada9985fe -->
+        <init-param>
+            <param-name>MemorySize</param-name>
+            <param-value>512000000</param-value>
+        </init-param>
+    </servlet>
+    <!-- source: pattern://bed300e1196a171ca12db431 -->
+    <servlet>
+        <servlet-name>LoginRenderer_ob-logrend</servlet-name>
+        <!-- source: pattern://bed300e1196a171ca12db431 -->
+        <servlet-class>ch::nevis::isiweb4::servlet::rendering::LoginRendererServlet</servlet-class>
+        <!-- source: pattern://bed300e1196a171ca12db431 -->
+        <init-param>
+            <param-name>PropagateRemoteHeaders</param-name>
+            <param-value>Set-Cookie</param-value>
+        </init-param>
+        <!-- source: pattern://bed300e1196a171ca12db431 -->
+        <init-param>
+            <param-name>RenderingProvider</param-name>
+            <param-value>remote:NevisLogrendConnector_ob-logrend:/nevislogrend/index.vm?logrendresourcepath=/nevislogrend</param-value>
+        </init-param>
+    </servlet>
+    <!-- source: pattern://bed300e1196a171ca12db431 -->
+    <servlet>
+        <servlet-name>NevisLogrendConnector_ob-logrend</servlet-name>
+        <!-- source: pattern://bed300e1196a171ca12db431 -->
+        <servlet-class>ch::nevis::isiweb4::servlet::connector::http::HttpConnectorServlet</servlet-class>
+        <!-- source: pattern://bed300e1196a171ca12db431 -->
+        <init-param>
+            <param-name>InetAddress</param-name>
+            <param-value>ob-logrend:8988</param-value>
+        </init-param>
+        <!-- source: pattern://bed300e1196a171ca12db431 -->
+        <init-param>
+            <param-name>MappingType</param-name>
+            <param-value>pathinfo</param-value>
+        </init-param>
+        <!-- source: pattern://bed300e1196a171ca12db431 -->
+        <init-param>
+            <param-name>ResourceManager.RetryTimeout</param-name>
+            <param-value>0</param-value>
+        </init-param>
+        <!-- source: pattern://bed300e1196a171ca12db431 -->
+        <init-param>
+            <param-name>URIPrefix</param-name>
+            <param-value>/nevislogrend</param-value>
+        </init-param>
+    </servlet>
+    <!-- source: pattern://bed300e1196a171ca12db431 -->
     <servlet-mapping>
-        <servlet-name>Default_New_Default_Service</servlet-name>
+        <servlet-name>NevisLogrendConnector_ob-logrend</servlet-name>
+        <url-pattern>/nevislogrend/*</url-pattern>
+    </servlet-mapping>
+    <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
+    <servlet-mapping>
+        <servlet-name>Hosting_Default</servlet-name>
+        <url-pattern>/pwreset/*</url-pattern>
+    </servlet-mapping>
+    <!-- source: pattern://b10d246bc151306dba28de4a -->
+    <servlet-mapping>
+        <servlet-name>Hosting_ob-register-service</servlet-name>
         <url-pattern>/register/*</url-pattern>
     </servlet-mapping>
     <servlet-mapping>
@@ -102,4 +457,9 @@
         <extension>html</extension>
         <mime-type>text/html</mime-type>
     </mime-mapping>
+    <!-- source: pattern://b10d246bc151306dba28de4a -->
+    <mime-mapping>
+        <extension>txt</extension>
+        <mime-type>text/plain</mime-type>
+    </mime-mapping>
 </web-app>
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/register/readme.txt b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/register/readme.txt
new file mode 100644
index 0000000..95d09f2
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/register/readme.txt
@@ -0,0 +1 @@
+hello world
\ No newline at end of file