diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml
index d03da2a..21e80ab 100644
--- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml
+++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml
@@ -45,7 +45,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-2d22feca491bf9199db3855019e70ca5ffd0c219"
+    tag: "r-60b9ba22a67a26f8264776b83cc5f5017ab48294"
     dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai"
     credentials: "git-credentials"
   keystores:
diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml
index 9ebda93..00d67fd 100644
--- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml
+++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml
@@ -55,20 +55,20 @@
         <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
         <Domain name="MockRelam" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
             <Entry method="authenticate" state="MockRelam_DispatchMockRequests"/>
+            <Entry method="authenticate" state="MockRelam_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" selector="${request:currentResource:^http[s]?\u003A//[^/]+/asdf/.*$:true}"/>
+            <Entry method="authenticate" state="MockRelam_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" selector="${request:currentResource:^http[s]?\u003A//[^/]+/qwert/.*$:true}"/>
             <Entry method="stepup" state="MockRelam_Selector"/>
+            <Entry method="stepup" state="MockRelam_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" selector="${request:currentResource:^http[s]?\u003A//[^/]+/asdf/.*$:true}"/>
+            <Entry method="stepup" state="MockRelam_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" selector="${request:currentResource:^http[s]?\u003A//[^/]+/qwert/.*$:true}"/>
         </Domain>
         <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
         <Domain name="cossa_realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
-            <Entry method="authenticate" state="cossa_realm_AuthorizationServer1"/>
-            <Entry method="authenticate" state="cossa_realm_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" selector="${request:currentResource:^http[s]?\u003A//[^/]+/asdf/.*$:true}"/>
-            <Entry method="authenticate" state="cossa_realm_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" selector="${request:currentResource:^http[s]?\u003A//[^/]+/qwert/.*$:true}"/>
-            <Entry method="authenticate" state="cossa_realm_AuthorizationServer1" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
+            <Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint"/>
+            <Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
             <Entry method="logout" state="cossa_realm_AuthorizationServer1"/>
             <Entry method="logout" state="cossa_realm_AuthorizationServer1" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
             <Entry method="stepup" state="cossa_realm_Selector"/>
-            <Entry method="stepup" state="cossa_realm_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" selector="${request:currentResource:^http[s]?\u003A//[^/]+/asdf/.*$:true}"/>
-            <Entry method="stepup" state="cossa_realm_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" selector="${request:currentResource:^http[s]?\u003A//[^/]+/qwert/.*$:true}"/>
-            <Entry method="stepup" state="cossa_realm_AuthorizationServer1" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
+            <Entry method="stepup" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
         </Domain>
         <AuthState name="MockRelam_DispatchMockRequests" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
             <!-- source: pattern://1641a38402138546573b7e71 -->
@@ -109,6 +109,114 @@
             <!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
             <property name="statusCode" value="200"/>
         </AuthState>
+        <AuthState name="MockRelam_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" class="ch.nevis.esauth.auth.states.oauth2.AuthorizationServer" final="false">
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <ResultCond name="authenticate:valid-authorization-request" next="MockRelam_DispatchMockRequests"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <ResultCond name="invalid-authorization-request" next="MockRelam_Authentication_Failed"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <ResultCond name="invalid-client" next="MockRelam_Authentication_Failed"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <ResultCond name="invalid-redirect-uri" next="MockRelam_Authentication_Failed"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <ResultCond name="invalid-token-request" next="MockRelam_Authentication_Failed"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <ResultCond name="stepup:valid-authorization-request" next="MockRelam_Selector"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="keystoreref" value="Store_New_OAuth_2.0_Authorization_Server_OpenID_Provider"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="keyobjectref" value="Signer_New_OAuth_2.0_Authorization_Server_OpenID_Provider"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="keyID" value="Signer_New_OAuth_2.0_Authorization_Server_OpenID_Provider"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="openid.idTokenLifetime" value="600"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="authCodeLifetime" value="60"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="propagationScope" value="session"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="dataSource" value="nevismeta"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="nevismeta.location" value="https://sdgdf:443/nevismeta/rest/modules/oauthv2/setups/Setup_00000000000000000000000000000000/entities"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="nevismeta.maxAge" value="600"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="openid.support" value="true"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="openid.issuerId" value="https://cossa.agov-w.azure.adnovum.net"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.openid" value=""/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.openid.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.openid.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.openid.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.openid.clientCredentialsFlowPolicy" value="true"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.offline_access" value=""/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.offline_access.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.offline_access.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.offline_access.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.offline_access.clientCredentialsFlowPolicy" value="true"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.address" value=""/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.address.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.address.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.address.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.address.clientCredentialsFlowPolicy" value="true"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.profile" value=""/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.profile.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.profile.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.profile.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.profile.clientCredentialsFlowPolicy" value="true"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.email" value=""/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.email.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.email.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.email.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.email.clientCredentialsFlowPolicy" value="true"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.phone" value=""/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.phone.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.phone.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.phone.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="scope.phone.clientCredentialsFlowPolicy" value="true"/>
+        </AuthState>
+        <AuthState name="MockRelam_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://f03382307f2e35b70d181f0e -->
+                <Gui name="Error">
+                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
+                    <GuiElem name="info" type="error" label="error_99"/>
+                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
+                    <GuiElem name="submit" type="button" label="continue.button.label"/>
+                </Gui>
+            </Response>
+        </AuthState>
         <AuthState name="MockRelam_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
             <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
             <ResultCond name="nomatch" next="MockRelam_Prepare_Done"/>
@@ -120,7 +228,7 @@
         </AuthState>
         <AuthState name="MockRelam_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
             <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
-            <ResultCond name="default" next="MockRelam_Auth_Done"/>
+            <ResultCond name="default" next="MockRelam_02_CheckConsent_New_OAuth_2.0_Authorization_Server_OpenID_Provider"/>
             <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
             <Response value="AUTH_DONE">
                 <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
@@ -129,6 +237,37 @@
             <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
             <property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
         </AuthState>
+        <AuthState name="MockRelam_02_CheckConsent_New_OAuth_2.0_Authorization_Server_OpenID_Provider" class="ch.nevis.esauth.auth.states.oauth2.consentstate.ConsentState" final="false">
+            <ResultCond name="ok" next="MockRelam_Auth_Done"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <ResultCond name="reject" next="MockRelam_Authentication_Failed"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <Response value="AUTH_CONTINUE">
+                <!-- source: pattern://f03382307f2e35b70d181f0e -->
+                <Gui name="oauth_consent" label="title.oauth.consent">
+                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
+                    <GuiElem name="prompt" type="info" label="info.oauth.consent"/>
+                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
+                    <GuiElem name="accept" type="button" label="accept.button.label" value="approve"/>
+                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
+                    <GuiElem name="reject" type="button" label="reject.button.label" value="deny" optional="false"/>
+                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
+                    <GuiElem name="clientName" type="info" label="" value="${notes:client_name}" optional="false"/>
+                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
+                    <GuiElem name="clientLogo" type="image" label="" value="${notes:logo_uri}" optional="false"/>
+                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
+                    <GuiElem name="clientToS" type="link" label="consent.tos.link.label" value="${notes:tos_uri}" optional="true"/>
+                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
+                    <GuiElem name="clientPolicy" type="link" label="consent.policy.link.label" value="${notes:policy_uri}" optional="true"/>
+                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
+                    <GuiElem name="consentInformation" type="hidden" value="${notes:consentInformation}" optional="true"/>
+                </Gui>
+            </Response>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="dataSource" value="nevismeta"/>
+            <!-- source: pattern://f03382307f2e35b70d181f0e -->
+            <property name="nevismeta.location" value="https://sdgdf:443/nevismeta/rest/modules/oauthv2/setups/Setup_00000000000000000000000000000000/entities"/>
+        </AuthState>
         <AuthState name="MockRelam_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
             <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
             <Response value="AUTH_DONE">
@@ -136,6 +275,119 @@
                 <Gui name="ContinueResponse"/>
             </Response>
         </AuthState>
+        <AuthState name="cossa_realm_TokenExchangeEndpoint" class="ch.adnovum.cossa.TokenExchangeEndpoint" authLevel="auth.weak" final="false" resumeState="true">
+            <!-- source: pattern://89578db79d2bc15d55e11141 -->
+            <ResultCond name="failed" next="cossa_realm_auth_failed"/>
+            <!-- source: pattern://89578db79d2bc15d55e11141 -->
+            <ResultCond name="ok" next="cossa_realm_IdTokenVerification"/>
+            <!-- source: pattern://89578db79d2bc15d55e11141 -->
+            <Response value="AUTH_CONTINUE">
+                <!-- source: pattern://89578db79d2bc15d55e11141 -->
+                <Gui name="Default"/>
+            </Response>
+            <!-- source: pattern://89578db79d2bc15d55e11141 -->
+            <property name="clientId" value="client1"/>
+            <!-- source: pattern://89578db79d2bc15d55e11141 -->
+            <property name="clientSecret" value="clientPassword"/>
+        </AuthState>
+        <AuthState name="cossa_realm_auth_failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
+            <!-- source: pattern://72e29eb80a951e518ce123e4 -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://72e29eb80a951e518ce123e4 -->
+                <Gui name="Error">
+                    <!-- source: pattern://72e29eb80a951e518ce123e4 -->
+                    <GuiElem name="info" type="error" label="error_99"/>
+                    <!-- source: pattern://72e29eb80a951e518ce123e4 -->
+                    <GuiElem name="submit" type="button" label="continue.button.label"/>
+                </Gui>
+            </Response>
+        </AuthState>
+        <AuthState name="cossa_realm_IdTokenVerification" class="ch.adnovum.cossa.IdTokenVerification" final="false" resumeState="false">
+            <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+            <ResultCond name="failed" next="cossa_realm_Authentication_Failed"/>
+            <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+            <ResultCond name="ok" next="cossa_realm_CallRestApi"/>
+            <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+            <Response value="AUTH_CONTINUE">
+                <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+                <Gui name="Default"/>
+            </Response>
+            <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+            <property name="Issuer" value="https://login.sandbox.pre.swissid.ch:443/idp/oauth2"/>
+            <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+            <property name="clientId" value="klp-client"/>
+            <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+            <property name="jwkSetURL" value="https://login.sandbox.pre.swissid.ch/idp/oauth2/connect/jwk_uri"/>
+            <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+            <property name="httpclient.tls.trustAll" value="true"/>
+        </AuthState>
+        <AuthState name="cossa_realm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
+            <!-- source: pattern://5daa6d4f525b11a4e9b0ea79, pattern://a976546c6a56dc04c0d34592 -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://5daa6d4f525b11a4e9b0ea79, pattern://a976546c6a56dc04c0d34592 -->
+                <Gui name="Error">
+                    <!-- source: pattern://5daa6d4f525b11a4e9b0ea79, pattern://a976546c6a56dc04c0d34592 -->
+                    <GuiElem name="info" type="error" label="error_99"/>
+                    <!-- source: pattern://5daa6d4f525b11a4e9b0ea79, pattern://a976546c6a56dc04c0d34592 -->
+                    <GuiElem name="submit" type="button" label="continue.button.label"/>
+                </Gui>
+            </Response>
+        </AuthState>
+        <AuthState name="cossa_realm_CallRestApi" class="ch.adnovum.cossa.CallPolicyVerificationAPI" final="false" resumeState="false">
+            <!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
+            <ResultCond name="failed" next="cossa_realm_Authentication_Failed"/>
+            <!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
+            <ResultCond name="ok" next="cossa_realm_JwtToken"/>
+            <!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
+            <Response value="AUTH_CONTINUE">
+                <!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
+                <Gui name="Default"/>
+            </Response>
+            <!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
+            <property name="Issuer" value="https://login.sandbox.pre.swissid.ch:443/idp/oauth2"/>
+            <!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
+            <property name="clientId" value="klp-client"/>
+            <!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
+            <property name="jwkSetURL" value="https://klp.agov-w.azure.adnovum.net/api/endpoint"/>
+            <!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
+            <property name="httpclient.tls.trustAll" value="true"/>
+        </AuthState>
+        <AuthState name="cossa_realm_JwtToken" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false" resumeState="true">
+            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
+            <ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
+            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
+            <Response value="AUTH_ERROR"/>
+            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
+            <property name="out.audience" value="https://www.adnovum.ch"/>
+            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
+            <property name="out.issuer" value="https://my.nevis.server"/>
+            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
+            <property name="out.time_to_live" value="86400"/>
+            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
+            <property name="token.algorithm" value="RS256"/>
+            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
+            <property name="keystoreref" value="JwtToken"/>
+            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
+            <property name="keyobjectref" value="tokensigner"/>
+        </AuthState>
+        <AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
+            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
+            <ResultCond name="default" next="cossa_realm_Auth_Done"/>
+            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
+            <Response value="AUTH_DONE">
+                <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
+                <Gui name="ContinueResponse"/>
+            </Response>
+            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
+            <property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
+        </AuthState>
+        <AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
+            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
+            <Response value="AUTH_DONE">
+                <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
+                <Gui name="ContinueResponse"/>
+            </Response>
+        </AuthState>
         <AuthState name="cossa_realm_AuthorizationServer1" class="ch.nevis.esauth.auth.states.oauth2.AuthorizationServer" final="false" resumeState="true">
             <!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
             <ResultCond name="authenticate:valid-authorization-request" next="cossa_realm_New_Test_Login"/>
@@ -262,193 +514,6 @@
             <!-- source: pattern://635e4d617af6818edc9ae7c9 -->
             <property name="script" value="file:///var/opt/nevisauth/default/conf/new_test_login.groovy"/>
         </AuthState>
-        <AuthState name="cossa_realm_auth_failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
-            <!-- source: pattern://72e29eb80a951e518ce123e4 -->
-            <Response value="AUTH_ERROR">
-                <!-- source: pattern://72e29eb80a951e518ce123e4 -->
-                <Gui name="Error">
-                    <!-- source: pattern://72e29eb80a951e518ce123e4 -->
-                    <GuiElem name="info" type="error" label="error_99"/>
-                    <!-- source: pattern://72e29eb80a951e518ce123e4 -->
-                    <GuiElem name="submit" type="button" label="continue.button.label"/>
-                </Gui>
-            </Response>
-        </AuthState>
-        <AuthState name="cossa_realm_JwtToken" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false" resumeState="true">
-            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
-            <ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
-            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
-            <Response value="AUTH_ERROR"/>
-            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
-            <property name="out.audience" value="https://www.adnovum.ch"/>
-            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
-            <property name="out.issuer" value="https://my.nevis.server"/>
-            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
-            <property name="out.time_to_live" value="86400"/>
-            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
-            <property name="token.algorithm" value="RS256"/>
-            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
-            <property name="keystoreref" value="JwtToken"/>
-            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
-            <property name="keyobjectref" value="tokensigner"/>
-        </AuthState>
-        <AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
-            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
-            <ResultCond name="default" next="cossa_realm_02_CheckConsent_New_OAuth_2.0_Authorization_Server_OpenID_Provider"/>
-            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
-            <Response value="AUTH_DONE">
-                <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
-                <Gui name="ContinueResponse"/>
-            </Response>
-            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
-            <property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
-        </AuthState>
-        <AuthState name="cossa_realm_02_CheckConsent_New_OAuth_2.0_Authorization_Server_OpenID_Provider" class="ch.nevis.esauth.auth.states.oauth2.consentstate.ConsentState" final="false">
-            <ResultCond name="ok" next="cossa_realm_Auth_Done"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <ResultCond name="reject" next="cossa_realm_Authentication_Failed"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <Response value="AUTH_CONTINUE">
-                <!-- source: pattern://f03382307f2e35b70d181f0e -->
-                <Gui name="oauth_consent" label="title.oauth.consent">
-                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
-                    <GuiElem name="prompt" type="info" label="info.oauth.consent"/>
-                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
-                    <GuiElem name="accept" type="button" label="accept.button.label" value="approve"/>
-                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
-                    <GuiElem name="reject" type="button" label="reject.button.label" value="deny" optional="false"/>
-                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
-                    <GuiElem name="clientName" type="info" label="" value="${notes:client_name}" optional="false"/>
-                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
-                    <GuiElem name="clientLogo" type="image" label="" value="${notes:logo_uri}" optional="false"/>
-                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
-                    <GuiElem name="clientToS" type="link" label="consent.tos.link.label" value="${notes:tos_uri}" optional="true"/>
-                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
-                    <GuiElem name="clientPolicy" type="link" label="consent.policy.link.label" value="${notes:policy_uri}" optional="true"/>
-                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
-                    <GuiElem name="consentInformation" type="hidden" value="${notes:consentInformation}" optional="true"/>
-                </Gui>
-            </Response>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="dataSource" value="nevismeta"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="nevismeta.location" value="https://sdgdf:443/nevismeta/rest/modules/oauthv2/setups/Setup_00000000000000000000000000000000/entities"/>
-        </AuthState>
-        <AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
-            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
-            <Response value="AUTH_DONE">
-                <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
-                <Gui name="ContinueResponse"/>
-            </Response>
-        </AuthState>
-        <AuthState name="cossa_realm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <Response value="AUTH_ERROR">
-                <!-- source: pattern://f03382307f2e35b70d181f0e -->
-                <Gui name="Error">
-                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
-                    <GuiElem name="info" type="error" label="error_99"/>
-                    <!-- source: pattern://f03382307f2e35b70d181f0e -->
-                    <GuiElem name="submit" type="button" label="continue.button.label"/>
-                </Gui>
-            </Response>
-        </AuthState>
-        <AuthState name="cossa_realm_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" class="ch.nevis.esauth.auth.states.oauth2.AuthorizationServer" final="false">
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <ResultCond name="authenticate:valid-authorization-request" next="cossa_realm_AuthorizationServer1"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <ResultCond name="invalid-authorization-request" next="cossa_realm_Authentication_Failed"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <ResultCond name="invalid-client" next="cossa_realm_Authentication_Failed"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <ResultCond name="invalid-redirect-uri" next="cossa_realm_Authentication_Failed"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <ResultCond name="invalid-token-request" next="cossa_realm_Authentication_Failed"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <ResultCond name="stepup:valid-authorization-request" next="cossa_realm_Selector"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="keystoreref" value="Store_New_OAuth_2.0_Authorization_Server_OpenID_Provider"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="keyobjectref" value="Signer_New_OAuth_2.0_Authorization_Server_OpenID_Provider"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="keyID" value="Signer_New_OAuth_2.0_Authorization_Server_OpenID_Provider"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="openid.idTokenLifetime" value="600"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="authCodeLifetime" value="60"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="propagationScope" value="session"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="dataSource" value="nevismeta"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="nevismeta.location" value="https://sdgdf:443/nevismeta/rest/modules/oauthv2/setups/Setup_00000000000000000000000000000000/entities"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="nevismeta.maxAge" value="600"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="openid.support" value="true"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="openid.issuerId" value="https://cossa.agov-w.azure.adnovum.net"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.openid" value=""/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.openid.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.openid.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.openid.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.openid.clientCredentialsFlowPolicy" value="true"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.offline_access" value=""/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.offline_access.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.offline_access.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.offline_access.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.offline_access.clientCredentialsFlowPolicy" value="true"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.address" value=""/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.address.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.address.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.address.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.address.clientCredentialsFlowPolicy" value="true"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.profile" value=""/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.profile.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.profile.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.profile.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.profile.clientCredentialsFlowPolicy" value="true"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.email" value=""/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.email.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.email.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.email.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.email.clientCredentialsFlowPolicy" value="true"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.phone" value=""/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.phone.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.phone.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.phone.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
-            <!-- source: pattern://f03382307f2e35b70d181f0e -->
-            <property name="scope.phone.clientCredentialsFlowPolicy" value="true"/>
-        </AuthState>
         <AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
             <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
             <ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>
diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml
index 0c41d14..216d59b 100644
--- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml
+++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml
@@ -46,7 +46,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-2d22feca491bf9199db3855019e70ca5ffd0c219"
+    tag: "r-60b9ba22a67a26f8264776b83cc5f5017ab48294"
     dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi"
     credentials: "git-credentials"
   keystores:
diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/var/opt/nevisproxy/default/host-cossa.agov-w.azure.adnovum.net/WEB-INF/web.xml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/var/opt/nevisproxy/default/host-cossa.agov-w.azure.adnovum.net/WEB-INF/web.xml
index 2888d2b..acf07a4 100644
--- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/var/opt/nevisproxy/default/host-cossa.agov-w.azure.adnovum.net/WEB-INF/web.xml
+++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/var/opt/nevisproxy/default/host-cossa.agov-w.azure.adnovum.net/WEB-INF/web.xml
@@ -1,11 +1,72 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "/opt/nevisproxy/dtd/web-app_2_3.dtd">
 <web-app>
-    <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
+    <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
     <context-param>
         <param-name>SectokenVerifierCert</param-name>
-        <param-value>/var/opt/keys/trust/npi-cossa-realm-signer-trust/truststore.pem</param-value>
+        <param-value>/var/opt/keys/trust/npi-cossa-realm-signer-trust/truststore.pem
+/var/opt/keys/trust/npi-mockrelam-signer-trust/truststore.pem</param-value>
     </context-param>
+    <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+    <filter>
+        <filter-name>AuthenticationService_MockRelam</filter-name>
+        <filter-class>ch::nevis::isiweb4::filter::auth::IdentityCreationFilter</filter-class>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>AuthenticationServlet</param-name>
+            <param-value>Connector_MockRelam</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>BodyReadSize</param-name>
+            <param-value>32768</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>EntryPointID</param-name>
+            <param-value>cossa.agov-w.azure.adnovum.net</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>InactiveInterval</param-name>
+            <param-value>7200</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>InterceptionRedirect</param-name>
+            <param-value>never</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>LoginRendererServlet</param-name>
+            <param-value>LoginRenderer_nli</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Realm</param-name>
+            <param-value>MockRelam</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>RecheckAuthentication</param-name>
+            <param-value>On</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>RenewIdentification</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>StateKey</param-name>
+            <param-value>MockRelam</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>StoreInterceptedRequest</param-name>
+            <param-value>false</param-value>
+        </init-param>
+    </filter>
     <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
     <filter>
         <filter-name>AuthenticationService_cossa_realm</filter-name>
@@ -155,6 +216,51 @@
             </param-value>
         </init-param>
     </filter>
+    <!-- source: pattern://8523f0587aa8cfa7008f8171, pattern://92e282d1dc2b69d9e4f91fc0 -->
+    <filter>
+        <filter-name>SessionHandler_MockRelam</filter-name>
+        <filter-class>ch::nevis::nevisproxy::filter::session::SessionManagementFilter</filter-class>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Cookie.ExtraAttributes</param-name>
+            <param-value>SameSite=None</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Cookie.Name</param-name>
+            <param-value>Session_MockRelam</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Cookie.Secure</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Identification</param-name>
+            <param-value>COOKIE</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>MaxInactiveInterval</param-name>
+            <param-value>600</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>MaxLifetime</param-name>
+            <param-value>28800</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Servlet</param-name>
+            <param-value>LocalSessionStoreServlet</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>UpdateTimeStampMinInterval</param-name>
+            <param-value>120</param-value>
+        </init-param>
+    </filter>
     <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
     <filter>
         <filter-name>SessionHandler_cossa_realm</filter-name>
@@ -215,24 +321,24 @@
         <filter-name>SessionHandler_cossa_realm</filter-name>
         <url-pattern>/token/*</url-pattern>
     </filter-mapping>
-    <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
+    <!-- source: pattern://f03382307f2e35b70d181f0e -->
     <filter-mapping>
-        <filter-name>SessionHandler_cossa_realm</filter-name>
+        <filter-name>OAuth_Preflighted_CORS_New OAuth 2.0 Authorization Server / OpenID Provider</filter-name>
         <url-pattern>/asdf/*</url-pattern>
     </filter-mapping>
-    <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
+    <!-- source: pattern://f03382307f2e35b70d181f0e -->
     <filter-mapping>
-        <filter-name>SessionHandler_cossa_realm</filter-name>
+        <filter-name>OAuth_Preflighted_CORS_New OAuth 2.0 Authorization Server / OpenID Provider</filter-name>
         <url-pattern>/qwert/*</url-pattern>
     </filter-mapping>
-    <!-- source: pattern://f03382307f2e35b70d181f0e -->
+    <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
     <filter-mapping>
-        <filter-name>OAuth_Preflighted_CORS_New OAuth 2.0 Authorization Server / OpenID Provider</filter-name>
+        <filter-name>SessionHandler_MockRelam</filter-name>
         <url-pattern>/asdf/*</url-pattern>
     </filter-mapping>
-    <!-- source: pattern://f03382307f2e35b70d181f0e -->
+    <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
     <filter-mapping>
-        <filter-name>OAuth_Preflighted_CORS_New OAuth 2.0 Authorization Server / OpenID Provider</filter-name>
+        <filter-name>SessionHandler_MockRelam</filter-name>
         <url-pattern>/qwert/*</url-pattern>
     </filter-mapping>
     <!-- source: pattern://cc0434226c610ad74ffbf1d1 -->
@@ -245,20 +351,71 @@
         <filter-name>AuthenticationService_cossa_realm</filter-name>
         <url-pattern>/token/*</url-pattern>
     </filter-mapping>
-    <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
+    <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
     <filter-mapping>
-        <filter-name>AuthenticationService_cossa_realm</filter-name>
+        <filter-name>AuthenticationService_MockRelam</filter-name>
         <url-pattern>/asdf/*</url-pattern>
     </filter-mapping>
-    <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
+    <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
     <filter-mapping>
-        <filter-name>AuthenticationService_cossa_realm</filter-name>
+        <filter-name>AuthenticationService_MockRelam</filter-name>
         <url-pattern>/qwert/*</url-pattern>
     </filter-mapping>
-    <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
+    <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
     <listener>
         <listener-class>ch::nevis::isiweb4::listener::SessionListener</listener-class>
     </listener>
+    <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+    <servlet>
+        <servlet-name>Connector_MockRelam</servlet-name>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <servlet-class>ch::nevis::isiweb4::servlet::connector::soap::esauth4::Esauth4ConnectorServlet</servlet-class>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Transport.DNSCache.ttl</param-name>
+            <param-value>60</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Transport.InetAddress</param-name>
+            <param-value>nai:8991</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Transport.KeepAlive.LifeTime</param-name>
+            <param-value>30</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Transport.RequestTimeout</param-name>
+            <param-value>90000</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Transport.ResourceManager.RetryTimeout</param-name>
+            <param-value>0</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Transport.SSLCACertificateFile</param-name>
+            <param-value>/var/opt/keys/trust/npi-mockrelam-tls-trust/truststore.pem</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Transport.SSLCheckPeerHostname</param-name>
+            <param-value>false</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Transport.SSLClientCertificateFile</param-name>
+            <param-value>/var/opt/keys/own/npi-mockrelam-identity/cert.pem</param-value>
+        </init-param>
+        <!-- source: pattern://8523f0587aa8cfa7008f8171 -->
+        <init-param>
+            <param-name>Transport.SSLClientKeyFile</param-name>
+            <param-value>/var/opt/keys/own/npi-mockrelam-identity/key.pem</param-value>
+        </init-param>
+    </servlet>
     <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
     <servlet>
         <servlet-name>Connector_cossa_realm</servlet-name>