From cd9d71f23267f5dcd76c98282b2f2ea78c55c0d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20G=C3=BCnther?= Date: Mon, 20 Dec 2021 11:38:20 +0100 Subject: [PATCH 1/4] keycloak authentication --- docker-compose.yaml | 11 + keycloak-realm.json | 1794 +++++++++++++++++ pom.xml | 9 + .../ApplicationAccessControlConfig.java | 14 + .../rest/v1/ProductRestService.java | 4 + src/main/resources/application.properties | 5 +- .../rest/v1/ProductRestServiceTest.java | 4 + 7 files changed, 1840 insertions(+), 1 deletion(-) create mode 100644 keycloak-realm.json create mode 100644 src/main/java/com/devonfw/quarkus/general/rest/security/ApplicationAccessControlConfig.java diff --git a/docker-compose.yaml b/docker-compose.yaml index cbbb18a8..fd8e035a 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -102,5 +102,16 @@ services: networks: - demo + keycloak: + container_name: keycloak + image: jboss/keycloak:latest + ports: + - "8180:8080" + environment: + KEYCLOAK_USER: admin + KEYCLOAK_PASSWORD: admin + networks: + - demo + networks: demo: \ No newline at end of file diff --git a/keycloak-realm.json b/keycloak-realm.json new file mode 100644 index 00000000..7d15a42e --- /dev/null +++ b/keycloak-realm.json @@ -0,0 +1,1794 @@ +{ + "id": "devon4quarkus-product", + "realm": "devon4quarkus-product", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "defaultRole": { + "id": "6425f4a1-c4db-4d11-b7c6-c994de2870c5", + "name": "default-roles-devon4quarkus-product", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "devon4quarkus-product" + }, + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpSupportedApplications": [ + "FreeOTP", + "Google Authenticator" + ], + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [ + { + "name": "builtin-default-policy", + "builtin": true, + "enable": false + } + ] + }, + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account" + ] + } + ] + }, + "clients": [ + { + "id": "4d7ee156-38be-48f6-9bbe-7b9d3ea06921", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/devon4quarkus-product/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/devon4quarkus-product/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "f667a8ec-f3d0-4b50-8c4e-c11d5eeddb8a", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/devon4quarkus-product/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/devon4quarkus-product/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "42e9ca66-95a4-493e-84c1-cb2f7ffc9aa8", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "ac10be4f-6567-4a9d-a506-3799641c4ed5", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "ed146823-8742-4570-ba3b-629de870fcc4", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "b9170390-279b-4056-83b9-27e4a76de22a", + "clientId": "devon4quarkus-product-cli", + "rootUrl": "http://172.18.0.3:32223", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "http://172.18.0.3:32223/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", + "oidc.ciba.grant.enabled": "false", + "saml.artifact.binding": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "fc20bfa3-3e82-42c2-a044-9eaa25475bb8", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/devon4quarkus-product/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/devon4quarkus-product/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "9064444b-db4a-4eaf-8587-599a116870e1", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "86f0de28-ca18-45c9-b2cf-c4fdd97060a0", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "78b1f674-1ad3-44fe-876f-5208357bec70", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + }, + { + "id": "b052bdff-0959-44d6-87e8-cb33bcb05f25", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "fc66d3d9-e339-4e04-b699-35396a2821de", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "9c64ff98-4806-4294-aad1-c7c3f68b68ae", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "bb2055fc-87b5-4eaa-9d2a-ecae66523ee9", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "e9adedcf-fe16-42e9-8b52-8860dc821c23", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "id": "283eb5ad-4517-4c75-9115-b0f22e66e81d", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "fad65129-6f6f-41c6-a022-5036d64378bb", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + } + ] + }, + { + "id": "11e519fa-e2f8-4a67-ae7f-cb72c21497c6", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "3bc2fc18-6e5c-4e37-b2e6-c36281cadbb6", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "acd957f7-8e54-4db0-9018-93984bbe272e", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "95ed9602-97ec-4a1d-b237-9a2a172486ae", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "e0c53a32-11af-4cb6-8796-a8fe0a6f4d4d", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "0d5d5ce7-7282-49c7-8ef8-dfe665daf8c1", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "390283e5-2cf6-471a-8994-a19a365496a5", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "ed45c7b6-e55a-43e4-a668-b0d593a523b3", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "d2774896-9ca8-416b-9afe-a477cd96ca0f", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "d703d57c-9d4d-4360-956b-675f1c7e094d", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "d94effd9-b8e2-4f95-b21d-05097a78f6b0", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "b972105c-de7c-4810-8204-1fbdbf6eb32a", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "12480587-c1b2-400e-a7dc-cab6347262ee", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "652a36a3-8323-455a-b0df-c517f63a3c03", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "5a54a6ca-415b-42a3-9da7-fc88290ec983", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "411b5e24-3a59-499e-a241-9e4fcfc5f2c6", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "04a62c9b-a4e5-4a14-98c0-f269dcfbc21a", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "82a03fcf-e51a-43a5-8a61-12842517b480", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "7457dfa2-b244-4592-a321-133970b76dfc", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String" + } + }, + { + "id": "7888cadf-da14-48cc-97bb-c9a784ef3eb3", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "8065faec-a944-4df3-b8db-048124ad3304", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "e52ca998-e4d3-439a-84ab-ba33548aee8a", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "7ae107b4-37d5-473c-9ae5-b0341c597d6a", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "a5bfbcf9-5959-4886-951a-3cedae51a02b", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "44944612-aa38-449c-a9f7-b16a0d6f4599", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "05e01092-4fa9-42ab-b974-820bff7bb0e4", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + } + ], + "defaultDefaultClientScopes": [ + "web-origins", + "email", + "roles", + "role_list", + "profile" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "phone", + "microprofile-jwt", + "address" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "085a812e-c177-4653-9b19-5a3b7521436a", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "7205906c-1666-491d-a841-c0777c318fb8", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "4a088175-798a-4cdb-aa72-c749e7dbc9b5", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "c426fee9-a81a-4aa1-be1a-0c36d4d533b9", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "oidc-address-mapper" + ] + } + }, + { + "id": "e47db9c2-deb9-417f-815c-24819e15043b", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "d5baf6c0-0ed0-435f-b009-3677d630faf1", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "889a97ec-8bcd-409b-939a-8d0bcc79cd45", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "686b7cde-8151-4058-9776-c2848e077a6d", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "8b4aba7d-56ab-4b95-a6e4-50f78f53f082", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "f37936f5-667e-4278-81a0-5be6b5c6c30b", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, + { + "id": "33a8f061-c812-4de6-9b9d-ac86d065d573", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "b9506abb-84b3-428d-b9b7-fa12c1f8129c", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "22a4d4fb-cc3a-48af-9c5d-22106304c01e", + "alias": "Authentication Options", + "description": "Authentication options.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "basic-auth", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "basic-auth-otp", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "5f11d9fa-b452-451a-83f0-fd4f8c3eb5ef", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "19cedaa4-3219-41c8-a03a-d2c14da8e94c", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "dc12ac1d-3236-4e59-bc97-ef409bfd0236", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "4470def2-4d22-4676-89c2-46e9d8a1f737", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "Account verification options", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "7e224a0d-8138-4175-b72c-38e812537afb", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "34b882e4-eb03-428a-8520-eacd1ea4ddca", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "5580510f-feff-47f2-8e69-34c0593f68be", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "9534ff03-4b54-4321-b0a9-ff4b307f6791", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "forms", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "6ffae7d6-c26a-46bf-a434-2d106e1c1670", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "bda796d0-fb48-4d2f-a394-43fec701000e", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "97eb18a6-810a-403c-8b07-ecccf5782113", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "95d1f57f-02b3-4a50-94c4-1ec94dedb474", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "User creation or linking", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "9136f39a-f291-4bdf-b756-39a58be7b7e9", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "eb678ccf-3b43-4768-8c7e-516b20d9120c", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "Authentication Options", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "d2c9c213-2830-45a3-9e0d-ad4ebc531a41", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "flowAlias": "registration form", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "2c7ac5d5-771e-4832-9603-0bdba91b033b", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-profile-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "6ad306a4-c63b-45db-a772-b5aec34cb260", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "bbd12372-13df-41c1-8cb6-b1aed28a8e1c", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "7b5313a0-ab33-4dd7-a8a8-9217db672615", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "9eb9e03f-6ebc-495d-8c8e-7156ed90874b", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "terms_and_conditions", + "name": "Terms and Conditions", + "providerId": "terms_and_conditions", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", + "oauth2DevicePollingInterval": "5", + "cibaInterval": "5" + }, + "keycloakVersion": "13.0.1", + "userManagedAccessAllowed": false +} \ No newline at end of file diff --git a/pom.xml b/pom.xml index 12ecfc76..f8b140fa 100644 --- a/pom.xml +++ b/pom.xml @@ -83,6 +83,10 @@ io.quarkus quarkus-smallrye-fault-tolerance + + io.quarkus + quarkus-smallrye-jwt + org.hibernate hibernate-jpamodelgen @@ -149,6 +153,11 @@ rest-assured test + + io.quarkus + quarkus-test-security + test + org.testcontainers testcontainers diff --git a/src/main/java/com/devonfw/quarkus/general/rest/security/ApplicationAccessControlConfig.java b/src/main/java/com/devonfw/quarkus/general/rest/security/ApplicationAccessControlConfig.java new file mode 100644 index 00000000..37a1bf67 --- /dev/null +++ b/src/main/java/com/devonfw/quarkus/general/rest/security/ApplicationAccessControlConfig.java @@ -0,0 +1,14 @@ +package com.devonfw.quarkus.general.rest.security; + +public class ApplicationAccessControlConfig { + + public static final String APP_ID = "devon4quarkus-product"; + + private static final String PREFIX = APP_ID + "."; + + public static final String PERMISSION_FIND_PRODUCT = PREFIX + "FindProduct"; + + public static final String PERMISSION_SAVE_PRODUCT = PREFIX + "SaveProduct"; + + public static final String PERMISSION_DELETE_PRODUCT = PREFIX + "DeleteProduct"; +} \ No newline at end of file diff --git a/src/main/java/com/devonfw/quarkus/productmanagement/rest/v1/ProductRestService.java b/src/main/java/com/devonfw/quarkus/productmanagement/rest/v1/ProductRestService.java index 78668daa..a7166e81 100644 --- a/src/main/java/com/devonfw/quarkus/productmanagement/rest/v1/ProductRestService.java +++ b/src/main/java/com/devonfw/quarkus/productmanagement/rest/v1/ProductRestService.java @@ -1,5 +1,6 @@ package com.devonfw.quarkus.productmanagement.rest.v1; +import javax.annotation.security.RolesAllowed; import javax.inject.Inject; import javax.ws.rs.BeanParam; import javax.ws.rs.Consumes; @@ -15,6 +16,7 @@ import org.springframework.data.domain.Page; +import com.devonfw.quarkus.general.rest.security.ApplicationAccessControlConfig; import com.devonfw.quarkus.productmanagement.logic.UcFindProduct; import com.devonfw.quarkus.productmanagement.logic.UcManageProduct; import com.devonfw.quarkus.productmanagement.rest.v1.model.NewProductDto; @@ -82,6 +84,7 @@ public Page getAllOrderedByTitle() { } @POST + @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_SAVE_PRODUCT) // We did not define custom @Path - so it will use class level path. // Although we now have 2 methods with same path, it is ok, because it is a different method (get vs post) public ProductDto createNewProduct(NewProductDto dto) { @@ -104,6 +107,7 @@ public ProductDto getProductByTitle(@PathParam("title") String title) { } @DELETE + @RolesAllowed(ApplicationAccessControlConfig.PERMISSION_DELETE_PRODUCT) @Path("{id}") public ProductDto deleteProductById(@PathParam("id") String id) { diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 32632ed8..28d89657 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -41,4 +41,7 @@ quarkus.micrometer.binder.http-server.enabled=true %test.quarkus.datasource.password=demo %test.quarkus.flyway.clean-at-start=true -ryuk.container.image=testcontainersofficial/ryuk \ No newline at end of file +ryuk.container.image=testcontainersofficial/ryuk + +mp.jwt.verify.issuer=http://localhost:8180/auth/realms/devon4quarkus-product +mp.jwt.verify.publickey.location=http://localhost:8180/auth/realms/devon4quarkus-product/protocol/openid-connect/certs \ No newline at end of file diff --git a/src/test/java/com/devonfw/demoquarkus/rest/v1/ProductRestServiceTest.java b/src/test/java/com/devonfw/demoquarkus/rest/v1/ProductRestServiceTest.java index bd532591..588568be 100644 --- a/src/test/java/com/devonfw/demoquarkus/rest/v1/ProductRestServiceTest.java +++ b/src/test/java/com/devonfw/demoquarkus/rest/v1/ProductRestServiceTest.java @@ -17,10 +17,12 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.api.TestMethodOrder; +import com.devonfw.quarkus.general.rest.security.ApplicationAccessControlConfig; import com.devonfw.quarkus.productmanagement.rest.v1.model.ProductDto; import io.quarkus.test.common.QuarkusTestResource; import io.quarkus.test.junit.QuarkusTest; +import io.quarkus.test.security.TestSecurity; import io.restassured.response.Response; @QuarkusTest @@ -48,6 +50,7 @@ void getNonExistingTest() { } @Test + @TestSecurity(user = "testuser", roles = { ApplicationAccessControlConfig.PERMISSION_SAVE_PRODUCT }) @Order(3) void createNewProduct() { @@ -83,6 +86,7 @@ public void testGetById() { } @Test + @TestSecurity(user = "testuser", roles = { ApplicationAccessControlConfig.PERMISSION_DELETE_PRODUCT }) @Order(5) public void deleteById() { From acc7daf3071a1ca0238c28a8b39fe775369bb7bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20G=C3=BCnther?= Date: Tue, 21 Dec 2021 14:02:12 +0100 Subject: [PATCH 2/4] added keycloak documentation --- documentation/Keycloak/keycloak-realm.json | 1752 ++++++++++++++++ documentation/Keycloak/keycloak_add_user.png | Bin 0 -> 61255 bytes .../Keycloak/keycloak_authentication.asciidoc | 132 ++ documentation/Keycloak/keycloak_user_role.png | Bin 0 -> 81535 bytes keycloak-realm.json | 1794 ----------------- .../rest/v1/ProductRestService.java | 3 + src/main/resources/application.properties | 7 +- 7 files changed, 1892 insertions(+), 1796 deletions(-) create mode 100644 documentation/Keycloak/keycloak-realm.json create mode 100644 documentation/Keycloak/keycloak_add_user.png create mode 100644 documentation/Keycloak/keycloak_authentication.asciidoc create mode 100644 documentation/Keycloak/keycloak_user_role.png delete mode 100644 keycloak-realm.json diff --git a/documentation/Keycloak/keycloak-realm.json b/documentation/Keycloak/keycloak-realm.json new file mode 100644 index 00000000..2fc25cc6 --- /dev/null +++ b/documentation/Keycloak/keycloak-realm.json @@ -0,0 +1,1752 @@ +{ + "id" : "devon4quarkus-product", + "realm" : "devon4quarkus-product", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "a0760ede-668a-404a-a084-c804a2e20b4a", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "devon4quarkus-product", + "attributes" : { } + }, { + "id" : "6425f4a1-c4db-4d11-b7c6-c994de2870c5", + "name" : "default-roles-devon4quarkus-product", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ] + }, + "clientRole" : false, + "containerId" : "devon4quarkus-product", + "attributes" : { } + }, { + "id" : "f7fcd2f9-832a-4f46-a9c4-b45ef7d69340", + "name" : "devon4quarkus-product.FindProduct", + "composite" : false, + "clientRole" : false, + "containerId" : "devon4quarkus-product", + "attributes" : { } + }, { + "id" : "9854538a-76c0-4837-9b05-89a2e99e7a9b", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "devon4quarkus-product", + "attributes" : { } + }, { + "id" : "3ad93f7d-816f-4a01-95b4-7bdfa6543b1d", + "name" : "devon4quarkus-product.DeleteProduct", + "composite" : false, + "clientRole" : false, + "containerId" : "devon4quarkus-product", + "attributes" : { } + }, { + "id" : "ad0287d3-2eb6-4fca-97ef-2ff3e53e4dcf", + "name" : "devon4quarkus-product.SaveProduct", + "composite" : false, + "clientRole" : false, + "containerId" : "devon4quarkus-product", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "8a027e5f-96ac-4629-afa0-23bbba9e90cb", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "0a332057-5b8a-4a76-bea3-66a8a859e549", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "621316b4-e4b6-4896-9277-c48dcc01d265", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "fc203f7a-03e0-4e01-98b4-7f6b11c9a85f", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "26d5a91b-784d-46a7-bc00-bb43688c12cd", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "db216bd9-c477-4bc2-b4ef-d9bd65d182dc", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "c8d10563-ec36-424e-8d5c-b2adc1cf6fca", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "a767781a-ff8a-4ed4-870c-06993dd89b2c", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "e9583503-fd73-4a4d-a2bb-cfea10f7fcb3", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "af01bd0c-e3a4-4765-ab65-a0997367a260", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "view-events", "query-clients", "query-users", "manage-events", "query-groups", "view-identity-providers", "manage-realm", "manage-clients", "impersonation", "view-authorization", "view-clients", "view-users", "manage-users", "view-realm", "query-realms", "create-client", "manage-authorization", "manage-identity-providers" ] + } + }, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "fbe3d5ae-bf3c-4f0a-b225-dbc069b7ba25", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "05fa707e-53b2-4986-988b-ff2522f2ef43", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "3141f44b-3bd0-465a-afa0-5d5af5d63a87", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "a9c4c994-9826-44cf-b834-d7e9ceda2459", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "62723609-f084-4cdb-b1d0-3784b5eebb72", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "5640f18a-ec05-492e-893f-f314daffc370", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "1a761a6b-4c58-4e2e-a1a0-095b83ad970c", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "5fff8594-5a76-45a6-9a19-da44092ce137", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + }, { + "id" : "a0d00452-d21a-4b6b-9007-bda592583f7c", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "devon4quarkus-product-cli" : [ ], + "admin-cli" : [ ], + "account-console" : [ ], + "broker" : [ ], + "account" : [ { + "id" : "64cafbb0-e0e7-4c14-a84c-a407f3c3caa7", + "name" : "manage-account", + "composite" : false, + "clientRole" : true, + "containerId" : "4d7ee156-38be-48f6-9bbe-7b9d3ea06921", + "attributes" : { } + }, { + "id" : "f91007ab-3151-4f20-b72d-340423768c7c", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "4d7ee156-38be-48f6-9bbe-7b9d3ea06921", + "attributes" : { } + } ] + } + }, + "groups" : [ { + "id" : "3f715cf7-48bc-4b85-afae-ff6e50d1cb18", + "name" : "User", + "path" : "/User", + "attributes" : { }, + "realmRoles" : [ "devon4quarkus-product.DeleteProduct" ], + "clientRoles" : { }, + "subGroups" : [ ] + } ], + "defaultRole" : { + "id" : "6425f4a1-c4db-4d11-b7c6-c994de2870c5", + "name" : "default-roles-devon4quarkus-product", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "devon4quarkus-product" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account" ] + } ] + }, + "clients" : [ { + "id" : "4d7ee156-38be-48f6-9bbe-7b9d3ea06921", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/devon4quarkus-product/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/devon4quarkus-product/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "f667a8ec-f3d0-4b50-8c4e-c11d5eeddb8a", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/devon4quarkus-product/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/devon4quarkus-product/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "42e9ca66-95a4-493e-84c1-cb2f7ffc9aa8", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "ac10be4f-6567-4a9d-a506-3799641c4ed5", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "ed146823-8742-4570-ba3b-629de870fcc4", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "b9170390-279b-4056-83b9-27e4a76de22a", + "clientId" : "devon4quarkus-product-cli", + "rootUrl" : "http://172.18.0.3:32223", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "http://172.18.0.3:32223/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "use.refresh.tokens" : "true", + "exclude.session.state.from.auth.response" : "false", + "oidc.ciba.grant.enabled" : "false", + "saml.artifact.binding" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "503b046f-f118-46ce-9fa7-57bbd1efa387", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "fc20bfa3-3e82-42c2-a044-9eaa25475bb8", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/devon4quarkus-product/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/devon4quarkus-product/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "9064444b-db4a-4eaf-8587-599a116870e1", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "86f0de28-ca18-45c9-b2cf-c4fdd97060a0", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "78b1f674-1ad3-44fe-876f-5208357bec70", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + }, { + "id" : "b052bdff-0959-44d6-87e8-cb33bcb05f25", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "fc66d3d9-e339-4e04-b699-35396a2821de", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "9c64ff98-4806-4294-aad1-c7c3f68b68ae", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "bb2055fc-87b5-4eaa-9d2a-ecae66523ee9", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "e9adedcf-fe16-42e9-8b52-8860dc821c23", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + }, { + "id" : "283eb5ad-4517-4c75-9115-b0f22e66e81d", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "fad65129-6f6f-41c6-a022-5036d64378bb", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + } ] + }, { + "id" : "11e519fa-e2f8-4a67-ae7f-cb72c21497c6", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "3bc2fc18-6e5c-4e37-b2e6-c36281cadbb6", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "acd957f7-8e54-4db0-9018-93984bbe272e", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "95ed9602-97ec-4a1d-b237-9a2a172486ae", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "e0c53a32-11af-4cb6-8796-a8fe0a6f4d4d", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "0d5d5ce7-7282-49c7-8ef8-dfe665daf8c1", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "390283e5-2cf6-471a-8994-a19a365496a5", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "ed45c7b6-e55a-43e4-a668-b0d593a523b3", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "d2774896-9ca8-416b-9afe-a477cd96ca0f", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "d703d57c-9d4d-4360-956b-675f1c7e094d", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "d94effd9-b8e2-4f95-b21d-05097a78f6b0", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "b972105c-de7c-4810-8204-1fbdbf6eb32a", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "12480587-c1b2-400e-a7dc-cab6347262ee", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "652a36a3-8323-455a-b0df-c517f63a3c03", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "5a54a6ca-415b-42a3-9da7-fc88290ec983", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "411b5e24-3a59-499e-a241-9e4fcfc5f2c6", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "04a62c9b-a4e5-4a14-98c0-f269dcfbc21a", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "82a03fcf-e51a-43a5-8a61-12842517b480", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "7457dfa2-b244-4592-a321-133970b76dfc", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "String" + } + }, { + "id" : "7888cadf-da14-48cc-97bb-c9a784ef3eb3", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "8065faec-a944-4df3-b8db-048124ad3304", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "e52ca998-e4d3-439a-84ab-ba33548aee8a", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "7ae107b4-37d5-473c-9ae5-b0341c597d6a", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "a5bfbcf9-5959-4886-951a-3cedae51a02b", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "44944612-aa38-449c-a9f7-b16a0d6f4599", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "05e01092-4fa9-42ab-b974-820bff7bb0e4", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + } ], + "defaultDefaultClientScopes" : [ "web-origins", "email", "roles", "role_list", "profile" ], + "defaultOptionalClientScopes" : [ "offline_access", "phone", "microprofile-jwt", "address" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "085a812e-c177-4653-9b19-5a3b7521436a", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "7205906c-1666-491d-a841-c0777c318fb8", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "4a088175-798a-4cdb-aa72-c749e7dbc9b5", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "c426fee9-a81a-4aa1-be1a-0c36d4d533b9", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper" ] + } + }, { + "id" : "e47db9c2-deb9-417f-815c-24819e15043b", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper" ] + } + }, { + "id" : "d5baf6c0-0ed0-435f-b009-3677d630faf1", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "889a97ec-8bcd-409b-939a-8d0bcc79cd45", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "686b7cde-8151-4058-9776-c2848e077a6d", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "8b4aba7d-56ab-4b95-a6e4-50f78f53f082", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEAuSh4enxpU1GwIMBf3DbNdg1SPGXZYkvlDyH1B8vhvFcwIqkHX/bhhjzT+XKdTFBALMWImjtOgjhc5ZSeNt9sBcms+4IRz/5DRgC5CL64/NhsMtpQraxP6zwBuGDQ8HcI7pLls9iTT0/QwqQwFYTowteVNG9S0chwXwWL8IovGgEmA5DjZiOLj5GGEa6y1EZrNQ9daDTFR4PX0VHLsCAEJCDrXWhLYkUARru9ByT74B8m1S7Tq6+nQw5ETvAhXG2qN6UfPlO8AhcBNON37oqRpb2Y3en3MPnTTpO9KB5YxkeXbRt6EdrxUX2vja81Gc+MszzqMai5wpfv7JjXIKfhbQIDAQABAoIBAQCEzD38u5ZfJ8uG8fLO4o9iCBPfNb0//ub+f4BaYyQ4DOB9O3YKoesGeEIgOtAOl9AvTE25MKgSRZJ7JqiC+qNjU0455QQZhWeCoaoUV5Yd4qtXnbUXmuqG8LbbIrU4gmdplPoij0a4L6qur0u9Y2H9vNlKjj18MKJHxJalorY9kzJLHKC3uY0WRs77oZkFD1xh+lIQU/QxE2TyfdYEcuudpnj2VXv78HYfBr6KMWg7YwWWOMB5KSiQSb7P0LPcKgxnQsLXx7p0Ke9ud1kbvd4P5OKcjkoFaHYk6TLmpTGeCwV6ZFfkHFusbyCWkcrN409KD9DXLZAUvfHcOJp7FQ+RAoGBAPhNz5JFQL6+jbDnHq3y2hR7FJbIIaZdRMx+TqfzfS/bQOcuAYbZz4gv2FTYpuOW2tq6kkBodsKSiFr7kNyGu1uy1INC8vnuAiWWs33WYnE6zjcVkmfGEJLNHGV5CzIezZKK3ZTpFJyb5CKTmtcmzsbh0jTzIjDfI0CKExCk1J4rAoGBAL7ln52omLQc30qvYocTyfboNxlwWo1cfbWyjDty3ZsYTdgQvG/eB4dislwKw8t9CGz+O/xpAtAHdLpIVGDCRnze96Mir8LzUGvbUua12EuQoSinSeiWOo61MDFG8K9iJu6nrDnFbpozTtfSe4j6IxmecaRHZp+IYcLe+BGJOcrHAoGAdU69jAsvxW3dHwBx3Bhps1daqMmwLBrQUBQ0MOC1+hAJn656hi0NAPgpqhwY7Fju2HtgcRFpWg9EYEeNbsIwbegUwla02CL73KpP7lmEdJ4lopyMaH6IgfJpQf9nrKwkzuDQQnPDiyGTLEqz0oXBFvDFEML1GkWxL+KLk0dsM7UCgYBwZ8mLDkGMnQumcIt1umNMLgRzyEKpxnKHUPFd+A8hSjhcJ86tmHGaeLVJmVUdNyyE8VblE/iCAkHrhreYmgzjbm8m8j/IbXlHaUfxbdZE+I7M32SXvg4RBgOwoHMM8qC2GqlBA05TIi8kyl3PlGqipTeJYjm9apMWKjCsMr+C9QKBgHiIx/4Vo8ZEUlPpcRTZdTGnVGkG3cvTwip6AjTX9gPPKwLqSrVL5g+J+X4Z+eHKqxnD8Uv1K0rBLxMi8yD4iXxdUDB4y42f3DSFIKU6ZQyAR5j33nG5uU23USjXPVcVrgVJpAuh/5KvLcBzrvTBpesdHhfpdXTk4x+7dgn/iR2z" ], + "certificate" : [ "MIICuTCCAaECBgF91s1HPzANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVkZXZvbjRxdWFya3VzLXByb2R1Y3QwHhcNMjExMjIwMDc0MzM3WhcNMzExMjIwMDc0NTE3WjAgMR4wHAYDVQQDDBVkZXZvbjRxdWFya3VzLXByb2R1Y3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5KHh6fGlTUbAgwF/cNs12DVI8ZdliS+UPIfUHy+G8VzAiqQdf9uGGPNP5cp1MUEAsxYiaO06COFzllJ4232wFyaz7ghHP/kNGALkIvrj82Gwy2lCtrE/rPAG4YNDwdwjukuWz2JNPT9DCpDAVhOjC15U0b1LRyHBfBYvwii8aASYDkONmI4uPkYYRrrLURms1D11oNMVHg9fRUcuwIAQkIOtdaEtiRQBGu70HJPvgHybVLtOrr6dDDkRO8CFcbao3pR8+U7wCFwE043fuipGlvZjd6fcw+dNOk70oHljGR5dtG3oR2vFRfa+NrzUZz4yzPOoxqLnCl+/smNcgp+FtAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADvYzgmkAtINx4wxF1uu/SLPCyPigclrzEiwX7MoHqqLZnq0RH1qULeS2nh9uuyZVst3UUYDDZgaN3fjo+DIsX4JrsObt1upXbAOEfVwslngeT3A42cM8o9UFG7lJ/T+niTrr26R+pVpIsq0M/4UaDWruwTLNRdFT9E1cIF35MQvtDOLrXprbk5PB4+PsO1D1cZ1YO2h+oBaOnW4wHMaVRE6ON6aJQUo4s7RaUbyVdDhpFS5LLDzuJKGYopjfjnNXfcwP9i9/sGrB5a3BmHNUo04KsBXrNJtaMdaxKauSgjE6lnkhb4EkL1erYps4VcVqTzbESx73M7gZLW7hW6Gpkc=" ], + "priority" : [ "100" ] + } + }, { + "id" : "f37936f5-667e-4278-81a0-5be6b5c6c30b", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "cd58e010-3c6f-4191-8c42-7fa7a78a1d41" ], + "secret" : [ "2Pt2IQDIanceKckNd3lvyHXsWHc7kFOPNfdaU752arDpOzzAP_u0vNXUCtSe2yi1Q-iqxUyXDbnDQO7HOy4Paw" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + }, { + "id" : "33a8f061-c812-4de6-9b9d-ac86d065d573", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "357bd81c-a10f-4941-9c07-5ffe46c186e0" ], + "secret" : [ "Pi_GA1AMkBFRpimZO5UtPw" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "afd3d9bb-6af3-4174-95a5-50f82061e1c3", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "787f5f99-9887-4d94-af23-6ab01edc2d1a", + "alias" : "Authentication Options", + "description" : "Authentication options.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "basic-auth", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "basic-auth-otp", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "c5ecb8f7-d757-4762-af2f-d61b397d9a52", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "0f37c451-9d98-4e23-8a2a-284c308075e8", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "ddc58533-b63e-4edb-91e4-aea7b49b6093", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "f816eefe-7ebd-495f-add5-80454f27b963", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "17cc8ddf-8161-4300-860e-4b7b5eb5b818", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "1f411e3d-7203-418a-9d17-43675f200119", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "4b21ce06-af72-4ad3-acc8-fe07d8b71fa1", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "8de76dbd-9cee-4dcd-94bc-1164b52cde8b", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "flowAlias" : "forms", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "3c202ecc-259b-479b-ae57-0aaf43ee4deb", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "a62a36fe-86c8-46e4-b5a0-5eda19304e21", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "719f7612-147a-452a-b9f0-f1c146524d53", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "25e8bb7a-96e3-497a-811f-f8ee85690103", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "906d98ca-ff7e-4602-907f-909b2cb94849", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "1131d1a7-caaf-4580-90d7-682c99879112", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "Authentication Options", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "16598ff0-6c48-4844-b2ca-e489307cefa7", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "flowAlias" : "registration form", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "11588c90-da21-4417-8b8d-fcf932b733aa", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-profile-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "cd512290-b184-4f97-8cd0-84c2541a0c6a", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "0e3fb7c4-eef2-4526-928f-5bee107d3a49", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "21af0ad9-f867-4939-a7c5-d49740b7a383", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "d4aca693-f9ea-4b34-9e92-6f04c6b3a354", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "terms_and_conditions", + "name" : "Terms and Conditions", + "providerId" : "terms_and_conditions", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "clientOfflineSessionMaxLifespan" : "0", + "oauth2DevicePollingInterval" : "5", + "clientSessionIdleTimeout" : "0", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5" + }, + "keycloakVersion" : "15.1.0", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/documentation/Keycloak/keycloak_add_user.png b/documentation/Keycloak/keycloak_add_user.png new file mode 100644 index 0000000000000000000000000000000000000000..8fa1df3e650c05dc3bc6e57ae2b8442dea364832 GIT binary patch literal 61255 zcmeFZc~sKt_dnV>R(2}$G^eI^>NII)rf3dmrD@1@Y$nJp0+t-mll* zuZIWL=Pl&cDz06zVujq9(`L3SR;+@oSn=!Rn$^HNGXvyPz(2nP+ghAlQP#P09C)$P z>x9*b6)VaU*DYLK1-$<4=IP79D^_d@k^cQM;;9zia(!3+mSKEiH~8w%j;p*>&*2p5JzDK|R=Z zLhYBdHP2VpJ*C8MA{z0=bch@DPIMeQe`EZ5-m_|NrvZ9cqi}>3#Y(=8{*yI#iCyR2 z+0WYd8Y)MJPE7{)Xw-N;xbIydEP+VQ0>cEZsB4J5IdS)STbEyn;(1B;kM3@ETz>UY zui0^T>-`;&U!*T@F?K*69N2RWA)O#_qx=7W8#9X{doOLX_G^(;sDjCDTl%^_MJ*5i zmFSh|teL_S9FrYj+-qvGn6zQBSz?fdWUL~NMx_OoLF|xG$45Je9J!dQ-)DTzB@Soy ze4`dAK_1DqJ6Ka|cIutnL}-B04yL-)AXh&BZA#deGD)?wCL1HeBO7Oz2I~nyxiXW~eMzid43p41=u$QZ+dgb~ZQl5X9ksQ;b;HW%V4Rsf zc`#&G1cFG*Z}!`Z%G_+d%d7fqH3&0Bz1>XTKy{*|7=7F)Uk&EcN*azh{=&Y*Z#Z?q zzF33fwQXtS*NDBCW8K+qY*T{ zy6oZBl1fr-&?#2^@VKCDsh2kO2UrrCNIKHQN&y>0?8-}*M<^V>L<7_E z-l4zzuprHbABi(?J8bWNe&OaoNix?<9d4RS7$VQ!o3KZvAl;czoM7PgQIJ_y70z*( zRbT2D?CN8CISaNFAxtjWPJQ`@^InVH+bc4{!*kw_n^m(Fm7!XxSC z$q6(hsYF1+i1WoPoB#qAN5gs+FI@9_tvEc!TXNhV%|-Y$)6=8o13$l7kn?;ryF={Ms+{wzOxNZF|BqJJv}D)$-kI;~8xm5CyJq2A!U@ zl%xV@Zq8gX(oG#`!qnY3ezu&YOE#JrV|8w~p$mBZeAGn&sX#K*upzY8t8=8t1Y*m# zghfta^G1UYbkd=uIs1h#x}Z~(!&7}%k(ozd>~rOV?4aN>hl3V!;T`mB*U%T@b4h2X zgX~3iSVhy}&i)!*7C5gVtiA<)CK4?j*NRKa(PSEifKiMDJ0Vlrj?YYPvI(TGbve&0 zqWmCYd>&O_*rNi8UPR9>aT0~1iHZ7xM8m_-rcNO&7%M1E{(XTu6cVH|2 zF%oLP%)&Y@v}x&#t08W&v5{tFsL6I0vbUsYvPqbAk&JottcR?xCVOFpJL?t`+N%ni z9u?yAV1GFxiLXD|Bd0K}#nzTHzhbn;f_{0zE*MBrzHhjh7Anb^;4{sw#M3LvU+cb! ztCxw#!8esDv3H1US0Q}|H(B>e00f_?_Y(_3v1nb{1VLxIB zzham8>0d!^u{xxvMRa5oOB`vCdQ;H%$ArD;OFXjAft$8=6^Zfm7{)xcZKGLPx^MJH zhiptIp>aBz=(ruCE?jtpeZv~;Ri1l=<;$t5ev_#wCEs{YTkzAEC`Z>^0Mp!COIcGw zEk{E;NQQF#J}mIT43{L;x+0a}XM&wXM?&wmhfA+CzGs!=Kz0F=%7O|cUmCOaf<2=~ z8AOMYy2Xhu%Lkjkhy(tbw3IU|V;M{pZl9rXbG9obMJ=UGOhj)5kBzZR)gmM&vVd36 z^W`+(X7R^Z(fM)#Zf6!gmR+r#9rUNjuT(<0f&A7MeU4+zOl0*NKm@EzP4RyPy87Pg zJwCk+-y@x0b5BOUT0gC*tP(F1hfB^1rJC3mxddlAh_$RHqV{vNz#0QisY=9T=okFv z&JanJ75)k9Wvj*^`%~KAga3=@?~7$Z`gM8j&XJ|*W#jk%T=7kbsVW$e*0;ZK`BuaX+>+A#{Edr z9V{Lm{X~!|sT=Xkv`eB(HXDT9Ul-LbLTSwj`3BR{56A!bupc507wY-4Vx)__G#1Es zi&g7m$CZ(HK(zNaM!78z*YE!^j+#In5-I~iS^AnvMn0)@-?ORnsq&4#rX&4W_|Fju zxzrPaftZ(u8^}sG4(M|AgW8WXOCsci2bDR(rwgefmSu4xn)`u7`Ks`oXTthQscl5# z_(NSRrCBjwl;+euxCdPX%E{gTp z;?vVLV~aIUrU|;Z#@v~ziTn)`dH|N|lO>ddLgm>D0VcF@tb8QHq*d#?y;n5GSMsRJ zNl#ZBd3m2jlp>vnu7Ez)CK;_AU^-7*k8ZgAo|z4fyG)tVy3yZsDcaqA`h_R4fF>+CGqJaF<#T~^4Rw;1PfVvu1uuvh{*aY8*zzC5hGI*cCxwpo3u@$ z`PyeAtSIR5D~#ME7BfRQE)h(TU~!dANcqwjyc+#EA=8 z@<2k|WJ(p>Iw;hI2FR7aan!S(S|vy(PtE^+1!b)uDnp_18WXZaK}Who$0U(ocsE9w zcrj>mM%pm@f!SR2cjT z^qLtWl#ZDkE6zdtQhr?C`zG4)+_Zz^`m!p&5y_eq;Z-n>bxHpf{EWiKrwr$lO*zG^+X5AN|$sf7;yr^b+$kwpcH&FK+H~-l3gTS(O9N(r? ze9z=?+7oqyml1KQPABE+OX1U?r6Xi3e)t~P&2!+;1E!uc_zv;6 z`LwtYM11m$L5z+Fetsb!mIulN7wv}_7A|R8HI+R0xwkXoabv03@}61mfpRW!No>-mSA2rd5@gL>(uwmx8hYa^BMwnPrvOkx%l)_!4gx;y5CD7 zYN6cT#OvyS*S3A~ew`nard66l5K{rqLt-7-b(>XtC(5ha8-8PQ`N!+*Y(i| zd_{CZOe3(-EB*PAV6j9X=AWNzArt3Y)JD1OQN&)M;Wwc-C}ZjHeEo2g9~)jd;`o_u z7+v@trz#0BnS+Ni9?_$@G^PXC?ogOiDyjIL5 z2Y*#$@<2h5-7Nj7jryZnoUhv{QPE?wU(gm4<(>R|6~i1JRSkAXc|y!T*14nkv3Ikh z7@WVb(6Cg$BLsn0`W(I8zl*2yMsnG1mC39qB4VNO7qJ-cFI)&{XL~(g5IzoXKh6d9 zxc{JG{6Iwhr!g?eHt(xwB2d*P=!Xph;&9Ak&Gg$!18JpZ=l}a%ci^tKA}PaNv0|ZF zWRT#FP(Ie|sQAD7;D2ScjUHzI`sQVNw44A}G%oX-e?8&AyCX@(5t^WRbznzZW2Gb*Ge(dk@9o9MkPoQgQQq z4n6nb_gHa@_t!Ex;TD6t0=JR*SGiO z1_!8seti4>@BHl%PkEaxnKSHP73C12xLcbO!YJy)}^8s?+@A{ z`&@#kzjt&LhVI9_xdmI;vlV!{)fBhN5TsY++jPT&^}J{i!Pv!wq7Rc?a&E9Af>d#~ zrj_EI4t``|QO+^P+i$SGbESqI%n|`|QlnzTtNJ0S(IVc9wH30Y}%w7@NF!y63^gs{z4vznY3ZVo4CL&DCAbdo{y~^bAJ! zO(1I=?&^D}DSbrYz>NnkhQ6?NP8T=!oe*lVQ%|xZlJf%*cwD@5(Lk6iX`eruMZr31 zFenZ$UY_-H97=yWQ)S<8Lc!?b_TMDanO16T>KB`0P1Bl}%ShjvmyKyarjx=j&y^22 zUYu5VhBTe~s3Bb6FK4BAV=Yk>l+7>UxdAB3=`P%GwSEsxSrf}TLl+rjuujwHo>8>D zzF&g^zFqJ9JqsPOFX%6Ak|*m6=5zZirsncwfszfd6AmB&Mvu}JL`U2{VG`a((!EhF zfqsi2bQe_s3426)>)Mro8&mpU{B{z5G-coELDBrWV0e%Y}gRujzs;f_|_O$$h zs!tihq>D-3paqj?1Nz(nJ z2$2O>f`TsJj_Qn4rg(;qJk?*+p<%!V<8oX28hWca!On&rG zpEXv1I2Gd(wCl~B$|E;Rze26SB6u*szsH8SzH?&`OU#R5f>O)KM?Yw!mQ5oNQb(;#88FXp#rg_-Yj+` zI>z>agylBhBg?I>rsYc95|jNZW%KFY!dX@&So6Xw5h@SoJO#IWuH52a<7)AlLQ{dn zin6as{sxS3D$6_)p$d@|zrbE+5lzBN*!bP6f@aqTzL@07)Xeu*cMy=KJs-?n(8f30 z7Dw(Gk_d#vH2OiCrb3Qfvsb(tek5$FoHPjQy;&iP^;2T;$xZIBl0qo2s*ZrVAf2lTQ+GjW?U=vx{YIiqw(dmfw)-ci`~q>#}RM(0NqJ3+&T9@3(K~=K2K?7(kK!)P2=wdpoVE-FgbcGpBDoHw;D&Lo zoh>c}&6FXfdw(;(BazFiJ{^pRM|^O2bKhVK=QwKNwKLMsein4TEkR&1HcN6Yd6RL} zPqMfWg`1j)tGtUr>Iq_qyW4SmukHR+TE&wMk2!dMJsnJaVgP z;mQ(6M_04KzHpNDZ3Mgg{i7LyKgj=O7JXg?^;z@G$59kLqvJmft4A_mx?fr2g((P% z-pXLc)DRL=2GKKUXP0c5jw#=0R?gw9nnk0*A}~YKHuU_135rm^ahAc5g}QR>#cu4r zDCz=nc9-Mc zB>2;;Tvsa#U;FZ)YC-Tf19tNFO!~vFeh9qDF?DBq?)vCR(ENy&SKTZhDt0vJt<7~g zb=UKfPGg0twg1&(H8-D&j$f|Z@EcK5z$0)@QNvMd*tL3wIogTir9e`rZlO|gx{UL z#I1y{F&P=*TMaz>hIAU;IzX|3znxEu$VzMfPt!|oJ1@tA70WLE6Np$%@Ib;YFZ+7j zc^C{9>Hkh9i~PHd=TF==#uv@Yjc!R|*P)2ByL@X{r|j(y(ZN|{#_?cXOemw$Da%j7 zHRN_>hB0zwRn;AB+`0q*4Fl(nkvgqEX=`Hq8KGd;g~ve^UcMOn&Kec!yoKuYvBhRW zVMzT%b@JEFuYU609WZKxFz9Lp=ZOY-k zdQ)ebao!0D~{MFlaOB=!N zNM*y3gAu(Nh~}N{S!{A-S3`kdBxp!nG2K?>5i2H64ra4jw?QW|A5bjJ7XPtfk7xpX zy+FsKJS(dF{L=K>lUBsR`FT!Sw`idh(_GtU1&%(n#IpW$IM8le~GBp4i5(zs8i!GD}dM7dbgsx-L!61dXCB51wlz z*Krr|^C`$d{NkrHLdX1kwZc05Vg$Rd;*a$o%ycGxu6%q64~D7JIWd%$d%hFzwB#{$ zhy{fshRev@L=(>f2meQg&Au;r_(pNfA?=v5xyY|fs4L8;RrVhE5=l>Rj*)L-H=I={ zxU%49_Qmq&VljOY_}KQpPV|nWv%%k;of@jF7p%atcj;HY#F13l3W4wIlf?@OTX%Y)bqNgBQ2i={X$+3PZcJ-rw4ahr|7KmHql01fM3lrLM%#>}Qd(S)f88+#~o_4~

QS9N|*lyn;rSf^cVU=onjOHa6rGBi4tz!7n1je^N_3g*`q&>_m!ZF`<^li^X4K zO_d;6|8#y))&rxFDzDfq=MK@?=LtV}J!3%`Lbj@`nxETlZ$JOIqWyC5SoJ||9f7lw zKod475J`CCOS9eqw@P1=gl^Qe^B9?_MMQz=iY6k?Sl61 zwDLhtR2tCS^y19^-O}r<=@^4K zzTAHV3dFZUfJW-_+Ylf$o4ErJ@c(;nHBF?W>?>>%v4ce(jCs$=*!K``W`aS)_f;go9CRU*!Jt%mA=$ZBRK#v#n)*#e9wlC6qqpejFgT7 z*8!v!X+z1*4)~-GnAh7AS+#3_sJQAR*mrpL?L`lio<``x^E*eyefw3^d!M(In?1Jy zHtINSN#s;TJOfaz5@Ov6eA3=lkm-$24tT_vir$$cq~#^Z*KDR=P0D7n*A>F*_*EDp zXHU*AfQxlwmw5Qe@I-h_E`>n+Kmfx{p9zZI$NXzNxj07saZ9>BlkMK7(yhk{4+tqi&J$DA> z?#nw^S$lnoSY+cfW$CLQb}9XHb5Kq>u(M9rWGCWm(F14-08ONT)auy^08>kSXZ{*O zIVc!EQ(S0YJyJKuc31k`870^OnW}Wtt0k8)t`FCo6z(%(v{aJm!i3@q@3d`c4)&O_ z_!o!6?onMbxpS#XzK6(kyzJJ=NxQGT#(qwt2orX7Ltd`e223|wbbBDk_EXQ`MSq;p zRf&t+>4vFfRcA)eT?cC1=qt|VpM}GU4QUCC2roRn@z2t#- zi(M)Zc_{47)Z75F`eF)YQc+R~A>Tx3MC~nVQzlovXOcdFOetAw*g?}G1MFFHQ)V$! z{mBLC8tOIxHA?Zm1Hc{uuAG^7B7-l@Vi77oUhaJjutPN1+GjZ>xIAv8M zyyZI%qqs*hAgZMGvhZu28IAe{FFwBz>(*Y`t&UOh+gPFehtHF(@E) zC4jf3F5SJI$$nf9kxxmx4Wd1qHB{9*OF&&8ZN9#G<2Upy%C3$)M zo4mRxcL+O;^*;*iDt(>6_ultrPkWzQcyXyXcWko1mPfBDB6YYQNC>#MO(Mz*-Zy^t zaVN3-LVB`(lcx^cY=duf;E*3@bY&-1^U;W|B9qNyZL;Ww;r1?;mR!gunZIEVxCeE^ z^Wzf!-nm3B4Fkjuu~=gQ7LdOFUrYb8wX1=g@dOlk=C-UuAJcdCIXr~*+z6iGI)5v; zL6Yt4i9nWGU)+?%YOVkZN{4!C+bxT``@UUh||p!gYbisYT4$-B?59@j!F% zv&sabTN6oR-k1hm8l=&cPbf2-i*wS-nFq9g1VL~3vjK*W;~-B4GjPPYpXPV_B)b;M z34FHlUxCO$5{K&wq}DM~cmkq3=8#jtDTnlSyjw?qDX-}hCT6Yqz5eGX4XS8h|AC`^ zI=L+Pr>_FL%+*Q|CaJpqH4ii(aq>gIQ!-pfH6GOYBq49r`)fobLM?#v6L1lR&R8_8 z#5egER|ER~Fdpzm!e0L`2@B_@{^)mEr#D9^e}3lgfUl_TT&a4{af-J=;1ZUYX7+EB zPk13*Yfc6)jytzX3RgK1I&nOZ|A&lf>f+Xg5A3AC#%TuSYpOK~bK&kVwC3=KnU<*- zxo26Xqu%kjg81JkNz;mlgRq$!mr|N&dY$v=vSvQHcthKLCN#lClo}O%6$3otvOkV72S7=pl32Xie z6hUTXedUg<#DR;FFKQM~KX^xDGjMe!)e|3pey-2(yEL4F;(r^@*C-KJUXHIbFo|?N z@$LkEWz)k&6yjK3FwQT2!|luJVa57iN4z@k_<>8U*pP00bTd8P#Lxcap4s^n&A+x9 z1zRU^K=!#-&bcVPfuXB?2Y24ExB4=GpVd;br~687OtOB%bV{tt4*??xG-+W^4{8?o z?KJG>Q6uHVGWa3k?+3#@(X_NiafIg$xp!q~XtasA>WTbFYaalW^MI!P&wT8_1R5qf zpn#Hu=-+8|jy0G*@UuRB=Po4}MayB-2z?mw3*6iNdVf?L6aVPaXyu<|d%{==cH z=fwm;LhT?I<*N$!a@ZBBWHr>@Uk)V7gQFw`jDAn?w+GlWHJbsCKW*|)kUXo?n`KmB z?RDCsrZf<@KRv&+A6ivRqLPN1cp9clzaMVR_^;vaRSeR$a|yO(?WQNfaN~*wVYc;X zm&rgQDc+pC!65|0}{qKiha*&H49K zq&&8F8b2CYm1kC|(n3`Zi&Ra|qOm`~GuILcBTVDnifuoM*}g?lBwY^#qwR4b5M1&- z((MSLncKisW(+l_LMj`Jqo-!U_I@$OUg*zcjUI8s>^c;o&gCT~mXwiM@X9 z+EQRNhd~gnGz=ZzX2slZ{__Wws(GMK8rk?^SZG|jFsf8Fu)d7lhDW?VIh=0vazx+t zqUxohyXwPNLx)#uxQbpDTv+#~F~hs+#aXh+5qGFHnO)=S+I3Vz%_-N)P`+d|-c{{o zqNNIi?k!C*IKKoi#oJ-#X(uu4QV9UJTVMV&ua6>B?qzk|;;MFH)p7p>e_|86_N~8U z{#-}+OEX49yTY}U&NNQMP)n<$VEpCb*b60*x9O563jke|ruKHx+3VyV-AdhG$aH-t z@6Kx)8q_BF&aUCG2xaClwr9+nwn-SY(sC?ZMLXxAyjov>adPI|h|mHUBC)wo!D%L@ z$ydv(3)QyGWsMY73fnIiPV|gvrQ-twO73jmOx=#Lf zdPZ+u3*Y%J1KN|V+MZx+(sli(6vyv#0xl5i*1r@BO_Tpb5We1|0b#4u7uYc_g9%LN z2uIhIbEAh7F(M=@A`l%?;NAJsY1Y4YC`}0EjKvsi=h%Hq>eKQ>5O;1+?g*5cT=|ncm_}dn*XA8w>{9Ac8OwQ8gX~5dyRPJM&OW^*|Q@*R~N{Y z=Gycq4W}G&h1Wjh8ppKc!|n9mTftbmf@SHTIncJT==^rZK5{6f?+TNBl$y!56PYE! zSC>3P&fThIg*DTkMTR;}raJpGQjdO#Ou%Vo%!VK8`jYrlaS#-b;|YX+xHvGwfLhU5 z=Xrc@`_0DCO3FPs-z7C^1qocKe)WaG;1Mktk?BP=j}?djdQ=pdJH6xTLDQcVkMt@g zds;TwNQJF4z$^*wzwJO>Z*YCXQBqk@nX*!JChgK6%1&&fL@+69gkx-x_eTP*AdPJ= z!N7@^g01?|d)+Q3dmn8Ut&J;Jk5^l_(k`@tOk8d-y%HHHV!@@>EN{feR$oD%R@`{AE&wSBp-IE!&e!YFGg0;06;T&U7Mvy)CCm?At481{5`8a3B|i@KsyM2#fkUG>5>fS2sxr#TF9B(Z_NV`Fef1j=F-aF zXjQfYqBRn-l;cu&`<7H0+efm1&pP?3_e{QVg3Z*)#+N_Rq&Qx&h!s=i6emOjbZIj+ zh#$1I1xJ6!=1kcTedmn5K1kcesXKQ-EK2a2<1V!qQw#?}LcH=HK1%j^LM3R_+X>%z z3Tt0C(+_#{)5GN0E={4>V03Oc|FCkTNBy=s@_HDe}@w_9KC@pN9nflE+wFy-F0X=Bm%V6Zl|5)kqpsJoS%Ibe94+jclL*rdNJ0R zqgf)L*g)f)MR3;9g7xftHmWw9dS=w@7`GqLaZf_(8IhqcF1i@nK@%SjPejzXdGOnD z6LhBtI7^Z6lq`bxz{xEoI zFgFRLW)SA)<0!d!w==Eowo8(oZc#3sNTDJN&hDLsx6&q)?0q8(udV^y)S-m$H0*nz zdW6oO>VzLP_6upG)CxgP%p+14$$PzWC!{iDFz&9C%LJHUepUq%AZa$*T6(C4>&(l% zi<%d_W&N4+UYV)h{A_m0^U|S<%&o%J7dk~KVu9UWPnY3p3%Hw4@ak?$fm)TcWAUQe zI@SOsyhOf4j%qyB6+h$q$hT42As(bIp08I#YgV}hlO`z6LO|ro&0n2_3gpk}3f!jb z18|1730|X~xS`yA{2?!;D*Ok7vLm4nZjr39W9h=`3R=`+H4{I}PA?C6#S{2GYsI>^ zre}tY$9=H(eN>7YLuP`!npfM+51e8l^QYRcNat4@xH$-cuXiUDw9h9b1alelE-0o%V&N-tB%r8*|l$@4*G;~{uo)Q^LnCN7!=wC2UoQ^o@=2}K zEyCAVkX|)THF8EI19#|Mr`_wy4VxV@9vEVEue(8CYI{oqz?EyMwM=N9VPmm^JhuB` zp5?|vnyI<)?a2VEEbFcbYAkjps$5tWXEs0klre|8slUScdV@fXqmQd%ANMGJ_%td$ z8mN4`TTJ$S$zWF!aE%2v!?Sx_V%+%Dy7pUi{%T#&yUsq3WeLua2j>=eAY0nG;hGlx zCXm6KGUviOm$hMJWfk&fX({X>FAwNTrfHuk8Bth3;Uoz-b@{J3bNGe4`S$*oUGg&+ z+l!8g!S!`nz6(YAA4N|2$yrfZ@H{5Fa7?E9SGD4yTrk|7YV2`1_IEu+?d1k+s@Xn@ zXd;xY2jsk`Nlv1VJBML~LM^lB5z_q|7~66@ka&0&Zq>8c>?o{|Iny|ceg%D1<*%*U z3F;F~xP-nU>Xz;onpQs5H2ikn{xg4nooE`t)(TA7dH;S~g~iapl;w#3>d&L&QXq<3 z4rj^-%gL?B-HI{0z3%wqtbMK$;TnCw6D%EL&UVCJ16SC~ab$h*%8cBHepa33oEK@t zY&Sm|a;ihtZt-+z_pyO&@YrPE!djL-$}mIwG7ev&Mu~t3Iy!@E^z@2aBgf=t24mu4%SgKbL_!(s1^`+LR$#USNLXgdqbqXQqV%rA_ zHZuJvV#Qf2bm(Bpy8EgY;!aiTG`LmY&>NYqKzs05Wcgl{U-M=DLd0D)MpyDTV?sKX zRinx_if${M!r&8xJ0TQ66fZE6WOhur+`CGe(A0=V<<~ z9{EWhVzL1alnipM86FQ*-RJ>m+ohIS@hae1FuzA3nD5%u(c0044f|7d^9R?ub@-beb;zM^efJ};&N~;h zqVZ~dUBzvg{+}LqW=5V-;nl0OW9M zv}Zp|_Oarlz*V}()3t+XeAQ}G>NAu2Ga$ghRstH*m5Borce2DCVT6K=Tw9nt+M_>@KYjGDjZ9n94Al> zLYp_StGjkW9{mlnW8_lbGfU_@3{4+J-MpkRcE~CCw_EG}z&ALJXX&%;kOM}ZmAV{1 z`y)Zcx7M8i(MxTTk?lvR8NXR*{_%V9+}*z5w*Ux2&5%mpaFs85%q%WLwN*_V$@VvE zvj*}%`vg+TXJ4MoEVQo-Np)Q`dJIvMGsgsz#u|9f0k=oF; zt={gAATm2R*4_s)a{B=2CqM=Yb!{_P_$E!$BLn|8qI0=V?evz*_1FQ|$VRf{d<3;{ zN(kdnv1-+t#V>8BprqDdE^y-R!@R;uSV)`V)-8vuUt_Qaid7?C->yswrg&7sRE)0j z!=1vn#`x6Nvy-IS+YxssI@8E17e`wWR%oI*b$==MUB>0f#W+3PRBi_$n)<61Iyr#o zmhU_3P<&v1r`ZFbY_Pni8m%7k1T-JM-OJBs5IOyJm=FC+CkeGN}+hms(BBvD`Lw!#|93SEvGTCRq={KvtHb4I(%$r$4ZSNR} zrhzwu`Y@(crKFT^LnB;unuD@@*u>Dty9YIzeTBi9SCykX!R}OLNQ{Z)!maXBR{O`D z-Pw4K-|PzI-o?*-S~cfNg4}XP>Na5K6lRv9?%M*T$jAQK)~5qVbNi&VmW}y;@VUGY zAc0H6MW*n6a#>)Rbh9Qo)godX;PJSgLg+*(*L%*1RlW7yUZ*c^GNA&L?I@*HN~{~2 ze^(;%sC6rkTUrg_=;^!Nzx<#iKH=xUk3w6RCBy4Sv5YcPuXcq}8b7ScH*AK!kSQER z_W!C5w~JT0kXy$c$HzY)V=ovV=FRQl!d>5Jb*@0n^@fU}taC2xI?7H5!92qJlA;da zR^y(FufxU}OU^0Aa~aE(k%jj8u-Z9cxWTy=o`9pTj=z?vV7pARJ5slWUA|qKMhLiC z43BnUW8JrpLMNX0l>=3RWf(;q8EQQ7s4>YfNBe4K+lDI4zBxkvLAmdo2%3mK_^ufc zZGora9+&$A`tT(DTjKRsgR+?rW*Eb|vc%Y!x3TNKKvg}WJ*7J&@m zOm}U$i0CkdJ8i&EK5+Q^z{`c)M#-~9W*FoW@{F1EBF)^DZ~-yXA9|MZ>E%_W=hpFq z=9Mi2GTmOBN~~*Q6Kp$(HI0_*SB8*@mQ_P4K9)L7{L~Xc(V2_QCO4svwa*PVMkt+xKG>XmB(wploruA9x?p zzF?TagSB*Yy%A|U(U-&g*Tcd6D}oQ+8QSZ#rEbe>Cl=-OZz(%!dt4rV+^C@e<5ngD zk}JizTL<{Jt)(ghJ;00~7Hec1$Dq@Amw-tW&Tjzx zk#ba@g{p~>qd%{cR^9aYiA2uQ;-e_BxN+GZpCqP5$7+){)aCI&-Sa`%^Q0}Wd+%}- zuxGH933yG=?_t2OHnB-S0n`BslqmVd5@kOFLZ$7yQ*Bi(zQf6`82Hsn_|O$Vn@}ZjJ*ChzI_ocY4nfRIvQafGEyRdf=#QthlJwE zslE>ZC5ma)HglY0;_`I_i2k4>7$=$U+k--VbJD?Rk!%(J`$4tCb5_IkFYVOZVa`lh zszoDKp-X;9js7s_F3K2uA;Oa816v3z$e$w^at)nGw0Q;x4=KDJ(XcJvEe`j*`QJ6& zNT4O`6E+$i_mcC~*Vs&bvF}jg#^f$4a3uR+Jm9#S-zKN$-HG9Bf7W&>0k>b5kyi&p zM~ql3Ph(t*G~&%!Qy=oasW=xJG`j|>T>rQ$>AkjMKrzT~Jc zGt%(EFtlArujE>g!US*vq&Ho+CSrsRan~hfnY^geyUg8R)|fv1m{dO%XAo(Wuqqzj`p7;KUi9sY_hG6(N;sf4{X!0fK`S2Rc9SWTg(uv}QTxO>ZBhGDon0 zW)Y|Ecr`0H+CT8FV$?8u#HSq67D=MC2YPh!C%*zVwsB7rG}hFVh;Lw9$2{sOkb?QJ zT#Em=JsHs8nH&Y0Ws=*+%hsYXj_{eswJiOM`J03hL61s$MOSf=BiKaaF#oG{8#1`T zsw_fx*?i&JB(`zb8IKr)&m*M5S!{QQ{F%ytWVcMCTAZZ^LFM@Rt6-Ehl^7Gdg)UeTZ9tDN>5KUC%q>P25S3Ha8RIP+NS60MhSmSlw{ zC!8r`@Te0Kw3@hp9P;g1pC5Xqymv>b^UT)Z2X}BIIYThnnYO%2_st1&V*Po}Bks8E zkVNVrX1PE?Vq@110BS?lyCZ-zz4zKSQFUudB$=TgqOT_jN1Nt{tEdE%uHD>faLlcf|g=(t(7_pjB8kZ49hMY=yt=roL@sCJn`G7Bp1Q8I+z z1}Pz5()8!+15~Y#Oz#M8XJ~e@`bhoytpnu3H+p8kdN;~Kd0vLN-4{bF2A zUeaF9$9YoK&6t_j_TsYl*RC_!a7@FLCz9Kd$Bep+9V96#odT%9ob9TyRMDqi709z# zJN|-RzHxNkiDo)?cnf?ooidy>ukv)HQGZ{(u8+50q?6vT16Ge2utz#K#dp#^Y%_3j zNOWz77ipq$UlQ5X_T#Jm!vb^j-j+m+Q`di& zoSNRHs02y>%q5JJlvT>w*WV z>F`(tT-@v5NY0MKJ*bID#M%3fpNZr;ASJG$yJXH0cvRy`-Jth(06|YN`FAO7i1%BT za_wZQBf1829v2o) zR;Cr%a27txDaY9M8}UCm-NneAD&r317WhezrgY4`ED1wZdF9XD!m8m1V`qvb5y84Q z%FeQfbP(J5ma{#-_s^Vjiw2WxXXJc=acksxHL)q3aG&1a481oy*vE$ zN+xUJ4}Otus@;T7KX%oMaoy)U>H=obbZ~?zQ!LGK_sxNm9@nB9@ z;@>gmKhVziu=D@?TiMnvi?XWHwc9v{mXaSpFJ@!@QvogQ*tsA}LY|#%Gtchci<+2I z^x@p?Aq)ZK2RGryuKWK~PHr*TJ2hq$ZDoDlb;rWEGW=^A2k`!yUF#|I9sYyVq5k4F zp6eR*aNiUM%8WtOW57`6|0q%86d;dOJA0Hb_qcaB`3xHaEx5K34=1}XRsL-!@F5`+ zLEm0Dz>Pg`{pW4J0V4J8CN@!)cC}`)zI7H6|7k1^*P;36FljFJO(xKZLWhX20J|+d z@@L&@Ghe2LgF=OGW3Q>7I-JN-u>q7a+F`|e=VpOERj^vow^hRFm7iXqptJ+(i-B%T zXgBlC>mJNy{XL;eRUk}6u2psm-))V02>S1)~$ME-!PhbhvpuGD@_C+_CUC16M{KR zhcW2l{k^k5s9s*QjU{=!p1uoc8mYppt~uhFgt^uB)Cft269sE3N9cnq$k*g>k>nkRUf^SIpu*{`oA;QdQwy)W)uaA122*LN|(}1V=*gT{m*4-#chgk~!H<-L#) z{(52cyJe+i4B4*Ew|s2dAqQTv`&uWdoXB{#?+Z^byR}o`YH|!aoK8QMqI+PVsCE8t zjwjGn9==@s`HnaV1TUve8Tp~D;JrljfqzaCr@PP*R{qpYRuoj3VFL=^ZQvP#n?pq= z7XvUvzWK1i5rAr)U$vEVW!N7)7Ids=ERziaF9sfDmLx?CDfz8ErQ)@9Lp7$ESo&%r z6A(eY<pl z{2fjf-R_Cr7#8&RuIqrnX8CSWy!_Da|Md@6Vr8GJ=Jvy;a28h|qCz`uE7TmdvXz_jtnM-;(|8zO^a*f9G4T!fE+3 ziPzQPmX9K*aB%6bVC}Ll*&t@Wmx^|POUmiLKlarX13RT7FtDp-^k`lK;H7;? zt`$z)oTH267Q|MG8|X-BPBUX_{zyGL;tWat1}|pA2AC5;vNk3jvm!;K>WlT!5gmME z?mpmfWL;Fm3nxaViB)u1j}_tl#Bz4@H_ZOH-;KOknknP}eDs}mtZ!C^gvG_yX+I;= zDX^Q=j@E%~v$eR!eO;pYE`=l{-&mtR)ciH4b}(987uEl5&*+G4PW06M`r(C!v*u!A zLt*P+RNm$+q4aCJ%;J8e!qwV9C1?l|Ihk{qWLx&eNISt3I(sh?FPy=!!;{YLuECbt zws~=y;z)<_lUSgkRR(K>odZtU-hkTCLBhorXbK2JUPQHRSdTk%l(aYtMh3L%u*Ew* zmNGt`A3a}8O9x2og|GFw61P%%3+chKX}ypBfG@wsC=7@cTi(+q$!zM(`FhlB@_|8u zhM}foojQ~nUhV2 zs8N?uDKK7I+@{W|kkM@L``@Vh@~|Y+w(n+~$!WEwu~JhjTQxOPEca=(GP5!@S1MCf zQZqzTP%GQah0M%dEB6J-1$VJBrQFC3+(}VXPzVuG5%?~wo_XHq{l4Qn-v7SuuQ?hO z?&Z3#`#gW=Z}FCBGHZ@_B^aDo)5aYTZ4{^O?jKDMwMbZH1lJTF+4ls;P98gp%6!88eyip z0#y3WJXfR3f>ezJE&Mp5)|MY%oV9d%?@k&HWevAIJ^(kl76i3O_IccZnf=i6387C# zkmdrB0B4L*j6M~>S$;!`g=7^-Alt1&cAvw6!e}%c|9acs~xjfeJnLO)sA{6&Y zuiz9hDr0yy5Yq?Ey)da#GOg{BUavvRhpnRJ8~n9LY$wc=+Fj)i8m}Ix!EvXN-r}~? zat7eBJzTzfn{#7#|H`fMR5YF5MclP6^)rq(TPZ@iPZ{+R3&Pi8y%gyIN}Wdq$4mPz zZw^vsPokia175e={)`l@9a@Se%(S4|#B=h{>9pRJFt^BoIRT~=HDtcXBAJv+w>}2G zMz^MWDjppq^ifGtCRSf)glKV!Ub%}YNrcqrTxL+!C5vX=zwb?V*ZcMU0$9MqWk9Pc z5vP|CG%i~q;sOij^7wZC9ki`bn%P#UK;c)a*nI$bCZ%0tj6!R5j%lR4*ho^+6e!5o znhuV_35nyi`vYF#SCfaf)D9Xqig-(-1LIn3=b>NxTXaau;?$O{3aHwz7D^q*HLKa5 z;b?q_s}oLE;B?=F`f8x=aGdFUv|pW^o-;(mk;34FK_ovFkpWi}fD+Y8j=KFVa1Gok z502;F`-tv&2B(5a_SEB)Yk|dlu*^IQ2=IzJG(;^Fu%4v+a|=E%SP3i=Q>|H^GLvbc zwmi(T`UI`s9(FO(1?4B5lP4bU(3{4xOvmXi6<{V)@JX3 z`dy`;7akgppKsycN^`nHU096yYJnepiJMgRO2`^Of{o;@6ZfV4tiL7Qt(8OzR;Mms z7rve|s9t}m&I--n@!&qoGYvfxeSTYsk~6FPkkm9a z$l&(mz1QR{b`Vb^_N4KKmNsER5Z7IC>Q=}px>V7SVfx{8N^~SMUDwKZ1OK%(>s8V% z^PX~lJ1Qw?alCvGS50zjwHajhI@r&Zr{$~6M+<5rX4#Ur5&$;~e%^>*GWtIOM14Gv z+dzCF;I|>o#9n8^RFg)CjTe=mn~bNLs<63sW?5);7M@z-q`7djlRtax^EP1$kZ>c^ zyFF5FJtmGii-z;t_?%dKR_F8azBjadIduy|M4ISYFh1(UDa&#Tjfcq5xFM+wgwUFs zd>H=u-X|>qfBS~zr*A@)>;JDb4=t!?fHjJj%*+0$NpAE z-dq)Ck3`Pd;WfPWQAy zz_Jse->NhTz7hXovECW*cg6-oGMdSJMd*>9JfX>ztOFPtu^_-6IqQ(`@zjVFj^RMk zK@IuuV1IWx-EFvv2!SV3f(~~a0nMRPMDKJ_FeDAgdV>5Yrs z4Lhsc!R(gp3f2fDVcfYf!%AAVW<$s8z5o9C$H7iz!L8fR>U*_Z6#0S`w@BWmexN_2 z|d2*YO~!yiv##x#a0>^7Fzp2bgd|y-kSI z1s$AQ*%GA-AMFb5_0_LNKJs<*91yNiMdoxTKV%wu=kVU@P6NeSjFZVW zLu_KK_I2=j^)zzrlV={`FSONWoTM8wA#-VAD7Iw4Ka@H0$=Tfj2&w>7;!9s<-EWk% z+VxFFD5Q=ZU(p3cXuM^n2wmf0C(Bx!@4`OSni5b4#7=qXNB#eZP=J<{C7(0&;vP*| z8amGShwI+@oTg9Wdij(AnO z3~Atds5S#z<>L6vF$0){bGkmKjVWz!FB>Sx$V)pI2j*&%tRO)vY1f@|vH6?fUhl8V zdIMP)FR`6nH~)%(uSTxtp-TeFE`~JBK9J06%)1E zp4fuG6r~yDyd*!n?|rj8SVR_RR#2-*a#{5-Xh+otv`eeQtCJQttsKoW>nPQkI{-Al zeenAZ`J`hLjrlh54;Vo|)Or4d)yM{zOc>|*#39s@nQ@zOzc%_(EQ``MA9#thrv?hU zy6q-dhVy~VF~m!4O0E693{F+i^E6oCdwDBDA3fqjl1eC+yEw;>Su&jaHjp*A=1*_U zp8n1Js_3+Ka)oo*p48kV9fE6b+?HFUr;*04k5Y}UwJk;}K&L4d`d)S&w(sT;2Dr2% zc~$8%q*LP17Pp%K&H1lS;XsM2De?|vH+cU!N|jwQH5hq(VZ7pHVurSvO8VCyBl>2< zk^+9YgOx@=P8i2G8^U^&WQ-qN=nH0bX?vUJx1RPI+=6ya z(^c1o)n_Rkr%Buo|9#-+{mOuqkZWM*#rKNZ9JTn(V99PvA|+!-7y4|-(yfFG zH_w$4DV?mXJye8k04D0VQJWEMF4VctjgVSyF|J>)PuR_gpHCjw%R0-=pKmu?wJUCM zF*?t}mKsL^$|r8AX2{jrxbfuZs*dFM@*#?S0FV#`1Q>aDNPG3-(q<6;;Y&3!sRl)W zvR)gcAKbR6cLlSmF6a;^ut=xyKdvtF!64`FFeP=h_O%#6&6){vb&XeD`y+r)%w+z$ zXrQ50*GQT8RM}u;*2N4h9AWSS{$zxpr}>=d_nk&u$nXINe(?%*1Fj`Td9;O6kZ2u{ zvY`J}pnOY0Fu0MwK4p#C@V~zHzu|o6dN|#{(U4~khU8IJpH=d-k0e6z%1sdH@z2EF zWBv2;a(Yl)v5AhF->P5Pk93^YA0z}iA-YvLiMaE&BwJ#lnM^!!*I=CCGeD&_C%n8F z0{&A=zj^F9@Py4u-~>J)K4*i?a=H1hGylYa=++Fmr9%d?Qs3KMg+g^Q=qUv2MWj z6zkk{WnWb^>n*Q_%(r=aj_H?bJ#n9B$DuK&)smUj!OQdYqL8`pr(ixWif8PkqUvbO zz-beN9n!v_j@ql8ETe#GMfY6E_c+2uI{br-0Gu=-vAPLU9^t&XC; zm8_OVE)jt)K_B_#fMm4(O1nj$_{f)q$F{>0*CWvoXL^Zuyv)7Zsen2C7~!yM{P_Eo z%2uY%XnbPXDMr}Wg(DoF>a@|&@<#YSXcf0u3YwOAe`1AwRwh+csHAl9 z_rww2lH8!HprHLL$@?*BHLsM3#_2_?W|)KSu6*B<(bmYK2su-l%Uxi zp&Vps6+DmiDKWLf(?4LF*$Ih?va!wyZxomR_wX;s%JQqXzgw(Jem7%K%h6KlO3vdr zTxU8H2!?LnB^%|AHP_|aR_ayp)?*|Da|wYyG?nH8s0;gJ71>2B9tu4TX7=1guD@>% zsTT4f0O#USGct5nLH8vMPK^2#VhWCB#d9Fx$Z%i7OL@PNB2snC6l4b&?p;^6O@^fH{AKUHt}ShrBGCD1fl#T{s!VgZYG3jrf6q zZ2NaMEVvQOKdOc~$j{qIV?TTV+-%>8QZokW~*=>k;jtQ066C*`H&lG%tS1E~HthCd7FTdK>Kl zR&=R->3+;YFQ!&WYrIEVJL9s#?NrTZL7+<{WBz19u~e_B;N;C3vmjh8X@@J>4mtalx+c=KqQXO5Sr3friYq150l~&jj9P&| zA^XgA(D#h=q#BXrN@+xiGKySSrWnmJLT)=O9{kO(beUc=eZG_bkW#HuF2Y}Y6 z2TP4lw>48zUaBwKiB<3H@HQ!!v^<5l16hYaJ6^~Y!tSqz9;{pRM(!y1I_any1&XrG z!mn@bjGqiBUuw>eRedt#?Q+UOJI9WMoVeLztbx7`pAuC((jl}-iuoe`U+Yt?Tbty< zi18GUNXHM$b_sK!-VQaQfO0;8c+TEgaom_%8CUv=U;_PayP(806lJ73el_&FXrBLp zHQhdt=E?Y!GK(lJrj`gCqFZRka9-rbS~ByL`22m3LfiV?Yxe+;x2-bCJ{@bFIVV@P zi5e+)i_7u3hrLP=8fqIZ^hRrtu5~N17Zn3kMjCCnW0`@nb|k$JRJ9Rr@Z1sYaG1g41Uh@LGF7n!p;>`PHTVc1oX+SQkF^K^0#~ zS;-Of70q!#IwbFQ97_-)cdNF58UA^6BKnaStZBA*R^mWM|PK|T}#B^T8 z0+}`-Lp^ldaS7qT?rxyl#cGB-$Zzl1&ZY#X-c@b;SoelR1#Nt&amlpLqyL1dC)Je>DMtQjBuh ze+Ai46Adi*Lk5;$ld$-#&3U zeq6th^a=1fwehw|T7Oxea(~_Ei`>saLx4Z=67HGz6g~eki0(e62fRYvf>N->aRyyM zAYGz1$fFzzbECmOc%}jn+%7P=dDqABpwAD&+)sePY01od^;C(daK!5{=1e6$U)Tef zsv>qjeaZiwMK2P zyAif)ywc9&dE52Kh{XH>+_YAyc{Q!=>y#!4QApL^%{MyP*o$0+K{PfuXa9*gqjZbw zS8hv^RXFu{#-Z(wJh{D^Mr0e09?pF>Ai=!H&b zStUZ*7?RLR%&>IAjnN6-0@OEslWJ6uRk7Rj=H=!@%n=FOXQdCkIhW{v>@HpF91W z^1D$j@X0(QH69edla05SCMC(Zsb22(;U;=|3^=_R*oNqj#NevPg?WZdUJJxbCGN&S z<(*}(jlHH)<^kbpJ*^nT4}jCYd$^IZ@r9Atpvphd;0+LLds07Hl~t0Np_qwb?~ucG zqELDtE+Fwa1mYLe1DO5?LuSFG_I6ob62D^n#d6ygUblYo-EptdYoO@{i0xZ}xll0% zedg|KLmM$rvVd;XBwXfvK0WOBM5W3>j5bsbx)-2z;B5*=Pp|9FUyAOXlgpzAbHjM} zR-d%skXn27{+)3u@z|%@XVR0gX`Jp`CTO+cTBqt9DTM(_i`wM{HAP?@OI{58tI;Ms zdyw$pKKG1}1)p*=3-aF71HewEX$%lmSM|MKjO|qoz&0=ReRtkmE}TvlE>tZR5%ClK zW-s{f4wwrcAtEXLEMH7DA`dZWgNhHjLIvWL5j@NGZF*p<4gYv)+tj6_GeK+oavL1j zv)L@(`PxKR#Z8KvQlRZJyP^3yl^3@`Q_SQ`-TA*_1Ov%%!XD*LDg-JWTqq*izz&)# z8BQ|?*Q3xpf}d9%1?_@PnO(-^04jcp-)k4!stuEu{+^6OYxMi>a{R>v+#6qhxspXq z#=Ezwl#$*}@Hl0-U`=j{6HyagW_jojU{4%r6?82f&DM~XfjiFDCj%FjgwDMF;)}nR zz}%Lx7jo7u7@#aO%Uye=TtUBD22VkS-Tlc6|0|#s=xe;8!wxaL(9XWvfJl_>{m8rm zldP(}z%9_tJxFsH$XhBs?g0`&C$RO9E!JGOL2Uf!n*$ISvhdfiX_Tz*vwlAO9Ky8k zQEO9@UmeeBpn31E$Q;mr+2S@?HxEVHUA|fiV+KumMVd7CgmEC+%kToI{Y&_JqLwvU zr=mCjV~FOy-CTHpztu*N?|^yvVxK0=_c7&kr6j#S9UzlDgUR9<_~4z)q`CX^Y2q8<5Hj%Dy|SjQi2!CKp|(bjX{{ zm$zAm%e|we;%=WA8QTGpEmR~;3m{J6`JJ1s#(-s(Bnsy%AY4Vg$}QRAvG^B15$Aut z+p)LAmtF9%2?HpJF_pXC8=9vnRd0KbwVcs``+0rfZfqa@NwR`aCe%@5*FWrDX6OuT z1#951S~`<)$>^r>W#&*qRXsX~tayf)C_`&XEZom;vm83U+pen5$kOjJZsF_+nuMby zIV1^-;oXF!wm9t9N-?+7huzdL`uhY;`@i&A%qOcS3TsSDeOqsVr{YXL<%OyVJE^Lh zs~6^047#y@YrtyX0~>|I5S}r@_Lp&e+#1j~J%uQgq65MZgOtZg)}f zf4G$VD6@ZZ(133TIH>JL5`0m@}&)*;l@pjn(Jd zWfmK#7U;(d zt0i?SMo(%g{b7I-MnR~n`{1wjkCBzgxEVv1@@@O`s^~z}h^Mgrl0 zfP!~M!LRC&dgfwm6`Og6Z!Rc%+0T!4Ym845R#^deIFI1&hzy|18M$^F;LIDzW1NG8 z^ZB<4*`plf0afFi?QvGGw1B1k{}IigDC{r)sK>(`K^q;@VzgdNB`q!2el91kNO8)brY<6Vi{n zXO2$wbfw+nmUtD~X2BHtu2YH9SpCaIM_5OiUPu%nNejdw9+NV-yfx1^NW@aSQ%@ss z!1V;2uPtU#i$KrM!dnh+vYNx6372R(%VqNR4aWnb>G|By^jM>KyK?BVRw&T`@o2`{ ztGoRb(*A?Xdg~lkGSdFv`VBxG{N`?D+SZ6qQ!BXD6Hs`+cL9Kt%*spDB*&)tDknj! zGoYF!?v*H456J?{DVPeZ=zRWV$9iBni2u9OyAFENK5D<4k#}?3QV(Jd;p#m@+KF2% z{Xj-}gH|Yf^=3D(_EXbd>-GkRutTj$!bN#BwurphTpO1W$`r3)}b7 zqU16`ClS$CkVyWxqsu|FOdHS?i=21H$sDm^r-tcwjRWl|gO@0!dmI8QU~?`H@Q;A1 z-eF6b;%8AQ$!ap0Q_p97BgED>c*TZ2Jd~~XU z=f$8T4gYPOSreW`(Fgqo0LKrINR|DQ_PhV#DD?P5Fnm`v?>xZYq-gMX-T`3KDmZuO z^Q%uX(HJmY6a<(=)7qwPo7(bW!oJ1~+G2>IIqQcW2wVgS%69lm#O@&#c!+w)K_WN6 zt3b9-?3ew9q8dpeth_l|aZw%`)A)IGN9p3_4%8FPndIZ>LZHE#g9H5CRlT=h(7SYh z*T!mV&kq7Ez#(>YY1=oaWU)#5>uYhr{_i!wawWQaz5fPjEI~8z$LKb!G~Ys`yl1zW zK1}1}H;2*CLLg}!pDu|4vP2TP8gR0v${wHC!eDxg<g^`jq3e&o&x6*3GQr<}OL>4X=;20%@bglx4H@FyL7m$8>Egp9*%dC5|PS zZCM*|&~ey-`m_Gp!#ZU}R;g8aO8pu-g}yc&cqx+ks5*KT?DHO(cH5-Z zgvM+5sll9+zpv4uEDrgVC#L1|f(Oz-yx49cu#iYMjdc0t_h0dhTi$0dp9FuniK5o? zD$7sJZqqFJA=(;v3vO^5X=tI^r^#xVCaeGLJO=ff zY?;tY&C)Dxjqv$XfgbB+LK0qZ?!xdVxYHlGm97a$>RMS!vh_jM92iC8+t8 zCzG@T2f|bZy10_NYgE@0hhnV2eySRGLW6zvIyw`8`dY#B2MKd!IoH1o>*x|z{`xSl zZggl0=-q8_>6;`jRZ~`Leve_+`|3`EsyCWLm09zW95LyyY@E< zxf=fvjl)~w!XrVlzqb<+%ApZB)|G^VrFP{B@ESmmxEQy7*OI*W3DG7zXx&Aw zgNy6wNW;ez)cIP^jAbvd3V7f7OJLCly9x(x)9p=~KM~#6@rtE>@ia=B-{=57{_i~? zM`M{brxkqSRP&!!Q-kS7K9C22nHCC{|NLVg>UeG6luW1os~OW`FceOut1^os+l1EU zD6;}Vi4`wO`>h@Y9*N#=lhmitAZ!YG!JqfgaQ|9kVtE5SZ7JZ=|NP@&p1zk;iFqWz zBa)oGsyQ4hN}p9Mtk%gXmywjh{w&&{#e{v;yI^raMIMUd=kh(u^`j_x9~T3*Oi#bX zeO9=J0VAD?%zVW>Xae>*<@%NYJm#~SP5pw>__+~+6VDf)8!9sZy0O0>{T!r$vuUJs zy@B0Nl{nL={B)+#4|N+A4PB^hQcm!cDW>~WJ{-&QWIc_%O{wlKR==%xzc=ql%t2h$ zq8xM`zrOrWVAk$;QChbGmtd1K12QQDg?cLf5>$rhFkW_|q}4@cC$1=6omXpq73{LD zr0vgn{#RxtS*=4Rk*pHDDgq~yyqpM36WQNNaBf;N$ox$j#JS#i$fL%hBN{Nk43d6!xM03| zLmaxS5Pq^m`uEu>_^kg=qOAYtJt=qq|L<|#lXLH-mEAr+-(9spPvVJ}OvEzlo-N2F zq{S{INS@i$Gc)%%oL48pTOJlJ)%kY9t>@B=Hqn{tkCS-JHCwtVlx!360?Bz1c4S+b^c8N2 z6!^M568`71RZ@oKXaPmc!^Mr9GRK&xM0N^V<#IVH?jez6A)VJkk|ZX@=lnd!XXm4# z{dJRH*uI@4?0QEZaq<;tl2+H+bV(m7g#G-Zb^q~4MV#)4ca^?%UtC;8xX_Qd=m z1J?G;T`cE5g7$3uqDh$lP`HA}J^$uDQ3WtJBg%kyzg%Y1yJo-2f6z|QMI9I0d`}kxjgjI86iK%%`7FaDa{oiI9kABI05@l zZOQ2X`DyxlUIBN%`akqYmRXHztaZW#cv_)Dpc&SCTf0a~fERz!5{|?vPnd|tt5EMo zH-enYCwf1K9*>CQ9NtD@=O#_Y-lWZYhteGL@<1Gio0DzFd>}?N*{+<&XsDgry@oM2 zZ8iP!(%6t3>gKREGSGF>LDs0m(WDoqVSgd}dv1#}ao`Ybqv!m%V!MDjcNt!PU#>{t zo%UJ}o@O=e#4NI&)1n7Bq1*M_jOcCBrSp@F9=M_SxOy5lvSNJu8xGKy==;qcHulTW zy*g+^&QaoTraFLEXu$O7DPe6y9f!9FV>5d0^@v-|S$MKcx4?$~^~`pCg3`S2$DnBk z+<6fR%4?tw?8Q3>JJXPFh2^V=-9ij1Ta;CAb*C37{GbgnaUUm-#87-%esR zWPehZ=scfb!{=~U|x1t_j2lfs}qB3pV-hTgg|{KbB;f#h7yHbI`D3_L#Pdsv?k zJT25jb_Zz)r@a?PG_Bh=&Ux#HEcmxOJJa&Vnl1EqFtA6(2*ay!4G#i*n^Il(^8 zu(Yk420`Wp`nnEyp3re}2CNJvXmb>Xr-sP};ZxoxrOCp@hKA7qUZO@ypR(dr>O}lD zF5DL#G#0bb_oOsxaPMM$+H6nVNiT5EHckd&%T!~ z0_oKK?OCh|m$QSf5vGq9jZ34{bV;404SFE+v!=Ymc?*(r`r+A`7Qw13;_@QZVPOu= zOdX|mSw4V7MlB~>Pk2odvR$ORyn?)4xWz_kL}0u2-I)Ro61!|)0MkpAL%+#O>Iv+L z62wkif5w~&m_{k5wwpzZ4FX@;#)+;D`c0e6dcjNV3BL}XD&I!PeuYQ^R9wpELgS!oVv@0uw@lfORnl>YpbvX)4R<;J zQmL=h2Jf=aHhqT1G>M<0{e9Yvt76Gu$id^a}aUK>UcZ>OrO2LZyskw>-EDc z_U7%>_N7ypZ%{7^Y`l7%UKuCG$QzM(NiA+1+t3B5I^V=h0VhY(}*CMZggDE&UG!MJ_ov77+rm1Mw$;47^(JM z%I@3SbeXW%>o@bQ&=jc9Vw*LV=!qAZTnA8X?W4{B1rTvGADCS^dyj{78qnhOI&;GN zo&k>kM)N0N;R0z5Xqa3p28ObRUdRlxLD}59dh`lulRuPSbP09yW^vl~88uOFp1wlJ z(;R7k5CCNzsiq6ax)fDBF|u6Ipd}$+%E8iV(8IymNFz|!d(>#RaTa^ZTEJ6nt0?j5 znC}b9*u_H*VewwgGNJzfP!`v?Pp}^^ z@7P;Ybs}-r(ap%U`5^Yu#X{Q-{28GCQu;l$zWU(?g?97b7 zoni04{gU0>CRYp$_qf{JHsi)1^kk9O_%DSo_*=&7JL%$;dy$8x1{NsdFSh&xJy&p( zDWsI@y~Us)DZxCZPMS1o7<|jm5Ckt|_W%`;j~D3l=}hq#GPRO{DYJ5DWo;&DAlKDezMWQ}(% zg^)^UwnnLS7ci8MUPsi5(0Ckh(YilC-tz83)g;9r9y9#s=5PM5odV4u=@2OXvNuL zDXAzNa7!lWZ7RE9)#}L5VvpICbCpiHNSag&6DsqMMhYS7@SkEfb`mCy9G%#xsF&<} z=2rnhn{iv&AR6RQC^rb%?+GIFDXDT0(quGOg%UICI^R=Gjc+m67)>js9U<7Iu(|^T zZ|i^rxb7l?ddtaV4)UYu1Nn5ca$7s$Qg|EWT6RUbdBW>lYG3@3-!`>B0Q19InCjHE zq8dHUr4>PJvIhZ)`W*f77p=VVllE9atF&7}$@S^x^}hjo+sc(USJx43FwTYcL3d7D}_I>3i|PvYnM zvFk;}X?1a{_UID`ORu|4S!vNbp?k%0)nYi?38ATcb)la++W;*X80?P78`ngdDsKUP zeMQ8$CDSE{&IlX9;)}F-!P<}J=H?bRFQ4Ha{YFYg$qnZ*xUj8OHRQ;G-_FD*z?=#F zq*IA|?ILhY_UZ=~wb-&sSlMQBUVZIoPOu}c*mIr7ZOvb<8h>p<-?8#dp7ywqyRab- z2wvZ#Z^i1-=asB(h9~P80Q201VyWpm)=MBq130lnju!QKzh$j3IMMfO?oJmJa9C#> zu%ya&Qew=Nph&EvRRCElAT!U~k7|zy&C~6wrrO_dYqkFDG>&r1Q^N;mNkL=g`Wm2a zAxod+E2rMYmirzQ&4t3cg*M}bVH!SYMO&yqT*w$@i{%ejowX6qX09i2-9Px`((-eO zwL|&QXzG{m^wmd?ImokNWmBk&qyxypRd9d)IivZHe%-b6rAjs0tSdVc--0XQhcz=d zXtHu!c~aYhE}MrojnQaKTPtvnS@xl=q(;PY&tB%7tqvSHzimqJ_6*))w<2QnjX^wE z!FZ|}y1m_ZAE=^AHe1P#_hBIH%)CnbL3%u3@}Nwss}l1sA0o+}gW(D;Sq>z;1#vJl5#lyoW;o`^w0Qq=DDkPthwWH#R6j zp;c4lUQ!xO0B)~{BwoUJ|9Bw)l6X^-X6H*q7T(1i1-;y@or#X$+`bDmJzGNx`474S zr(QYbVH6xg{7%%lu`jWA>CqrNfh24rV&pqFc-?n6nWR;-NPWOw{LlWi^Z9PGDGqXBW{fd8>EoSp2UxFmwYR?(i`Zf%?ofz0NYX{m z{kKL|8U5|(>=Y$zz(hnd=?l%#Q$ZGJ;}8@_|6UVGp6}H+KtZ@Xdk0g{jqS+|dUB_F zirSVUT1ZcaB~ZveO)B^YaM=BM-6j9}e>|6c6B@m4f?4v?W3pH_aQ?mFV8COF)`@>b z%!h0WMAvfdF_U50sZnKqKB?nA|NPKf@pmqVGiN6)To>UlS?b2hcmOp&bP&l~vuqDySNynObHs$XeBZymiqb0Zr0ye)g^I5+am}zUTlt`d1bid z8BlVYVf@^8T+!%qwundYwPnHJ4d|O!=E#$6LR+&k#s&C3zux;YAdca>&j-Ziv@$P~ zTBG5zPuxdNj>@&I+qMMaFC{s7BB4Y>Xi}7M+&ubsS?TUS*AksdRC4HvkX6JD=2_r; zGm_+-G@WX4mhqdROtZMIj*bz+%*WZu?6f|q1K>apMw|BlEm!g}S?u78gT)%cy@)h0 z4q~FT^fEARsRe5^7KLlbh7|B-l ziYO7l>f9B%}WEbp`*Q3JDEmL;471V29J3;A)3wd!UimKRxL|G=@DH( z5J5eJ<5TKH$PcdZ+E>BGa5wDc^(dS_$)-IfOe%lSf1K&Z6zyMtTWzky-fWlvY&j5| z24q}Sy)`MsB^zQS2YE;CM_;*TbY4I6)dA$4AdeU&N07aly>iOAaTcUi z%Rz1G3W>wYNC zzp*FkRTLY0xxMA1bJ!kd$=9_;yq17o-U*cIVBz9})~k}O?%j#QKwE^;fxFCnTP(Hy zYxD@8x?t{NQgN9YoYCW%s}%2p@iGrcRd5?JPGL@6HZvc=O~P883QnG+KmS!Q)%+*O zl;No4cFIr7%z-Lc%KP+VvOWm^L-Xz!qtLat>`14)lFH60@Kd`gWeR8p^?-_O)^G+k z_UHE%V-HL-VVRAXjA&epxTamOyoukP1x`nB2E;M#O7&&xLH?kTjal<^76Ns1a_Zu? ztApCM7MC-VuQ5s;TaU{_y=Pk}XBDTvZH1CpmQEie!{o-p%Z}6IEl8M!r$xZF_8ZHY zSqWOR;hKcEk1ujz8AXeIHK_~VuyspgnyH`iy;kHs53UGMV4Fz8F}Ev7M6&F)p@?_?UkO!elYLB`UAPk69L0atk zwmGg$^)DlGAmM3+w(odC5#%pa;Tp2QsKi2H;j4P$M+prI5M75|mW3Zz-y|8*n8Jpk zP&gVR>+zK0y!T?;Ji}+5?VGiLSR|UX>PJ+r{!8gX9LkKuIrRIlzjQwuP(V|Dy4>(s zI~Ti<8OI(5{KBktfzR=ix_q*Z_3CAMEOi;(c#zC4m!uCWEOIHvj+L`7?WjlI2&L!X z;@8fL4VorjLY6SxYi2Q#a>sFw)pYylBLAGY{ad|5pW1|=H{=Jc#FWPL_FoFXmBCBN}ufn7hb3hLCU1=>VOc=cdh+VF~v+I;%ueL80N zbfx0|1=(Bax)vatqEY*LB^1t~D=fw2a{F^{roD`%U$X zK2YTQSv9sGz+rdu(`4KhqrzIY2!pzL1FhasZevS~r=9ChiW zgrNUCZXjHp6_d-7BLnUa0~t%G!%fwIV%$-LA& zv^sV(y^k*q@?&n;r&qmEcr6(4i953O4mvh4sTnI6&lf#Mh58It9{BsiZt23(d{OQ( zkaoXrG%ut0sG^U*0nWLWh1Y<1sTE<=42GNsX(GcWd8|JL`_j`T(esg`AmCiv1%_VY z`kBNkuT6A5mOwKrqHSr`<86)+zfpf`FcUwK3!)e)f+?|3`IAIj8-R z1KDd|iMeT2{~h!?#*MFWfZYO0I22bYwkQ2MR{u@fFTe?Qdf860^2K|Os=%kHdF9#= zba(fj*rf40dVVZsLlr=`RJ;C^(+3=c4}qG!YWxW?b*OfQ4O00|DyfY;*LKdz+uYmS zV)`<-;$T# ztT!H_#Ba*f=W*M`UbtKqF|m3L$=lx0!w2Uh4j~#0e`fuT6H$bMz`i)Bpn2O_E}Dz~=*~)ILHJh2D{xZ8v>m zbRR5*%Ptr>#RRtXcCrtMqwZ<@-AwP@iN)EN!*iV=4<{Wla9(?kXSPYlF;qXhbTY%% z-yvyW2HDBUDcVCUpV(iHHrib4`Aln{q=9)hu@Aax$C-^ylpC~{k?pJEikyz>n^g{L z#xX7}z+D|juO zw=#kh1ut!xjqrw}uyzB|Jf*2yNh3V+(@gh-RjJ(@iX%9|F}s^l3R;l+JUxQjP{=o! zb$P3rmGCn;>J-0ySZ#XsLYCrb3(~~~J(%SiZ5KCFQ`441U%3$3BjDV;-T4g@(~v;e zqh7zXp#kTYNu?ZHSZ`XkE<}%3Pn;R|@9P;gp})I+K_c|q-hPqr=dtHIU*JABswM;2@kHWQMSP48iJdYqUdmxIH$8&U}kgJ{&-uX+FmP$@$daH+oo&3-aPN?B#8|keKI=F)mC%B-dQI(G(pQmHh_b-)I|)t%(e1>fZp_eXrK@ zapFMGrj-51`}?sZ%~M+A)xML@h3sG`DY!uF6^Fy9F>iIv(PakRrJcSs(p-hvUJD-T z%HjG^0YcvrOM-E=ZQ3FQTAzP(L8AOQVY+bkk26m%5cVWRt3pw6@r*KZLcq1hc9KJE zfo8e5%7;>#QWh*6+x}V+ZMpLVQ(#E3maOw>1N@h5hdui4<(b6a*RMcZ*`%ztIVoGv zKj1BIVDoyLI8d#(S|xn&1U(i<&ppp&G}uQ4D>D3W=-NO#JWZx;i`O9U`s?#$mCXM0 za7q%UkIBBX)53JBC{2~54&@s2=J*XZ1l?2K3OCj^N!aJR^qXvsoxb#72GU#M;yha_ zg-RND{>`qL;yTt=+ITJ=7jX$uGi}Fp$ZM1_TVR+QU7a&;AGsaE^O!8?7&${OJA;V5 zMp)ZYllI0zJy_p)#du}e439BB`;^Q{j4c}+A{Ye~dZm1^Sn!xMw97dV@|j_7@a59$ zo8rZ(OAx4!ZsbbQUZ{EHgbH^$Gk)P_i`obCvG}v_&8;2StSJa>k9jw@xjB7x_q7Ai$oyo>!PY)eVs+35 zY$C7kJcMnZ#Sy;1ooW^>efm{bpXv8Wu)eVU1C-FXGgK97eqOPQ?h-!x)wldXimoN5 zw&HB{&a>9b7y0VJANz^T*Tv33`AcVl%MNLyGnsjYveuB?pudbb47quo74@4CgtD@- z2a*4=jDCGme&+>li-yD7@Rk#3$ba3UY*uh|C)`&&+KM1>$4Pr{{(i zq2nRK^!Qsk(BLaSChb4on$|^BrK7P}>?(!-ct(HU;LX_wC8Zd^wj_kj zd;G`!STWN2;x#=yS>-6XjK2#@w_=-WQCE3Iu_OqNJ z_VkQKM*&x#xSWfSzjMfRMFPOTr9Ukx@Ec%Q@js=!^6xfiULHa)8KlLjb<+-uOl`ph zHVKKYTO`fanG;v$2QU@RQesp(BF-cF6&I$4*njcp{zEROMMebpyR0(PPJp!ELK~1= zmml4jdH>|rPP{^R?y+m6!BgYji4{v@^f-Eo~|6$ka3+3O+VsO+AiZO_rdkNG{ zexES4Mwmc!nktt5xO|KDZWY#0%C^gZW~~h81M$ehI~8TkU~Qeg@XjC{x*~kdV=2@o z6vC>6@l0Pbv36Rlvu=5>igR*VZf|GQN2!>Y@~P7O9tB~_0dM^~ou8CFtinHhG~mjN zQ*WI%EE}Ko@Drx^3r49<)fa`gCHZq^el=Zq_q0oD-OfKA_UbSldL*IgwQBo6Y*|t2 zRjck}0OuD~FVL0b&)%4SpYb*k%^AGgi6xn|q?l4^`OLLc3d?PI$`j+-Fc5Gph2eF+ zj2bh&*Ng3l(GT_9jb6lWKlSHt0ljS}fc>V?PQKHRQ=&1}-L%zmJt+qnq(@&=32vGT@3BU8NcOre%{# z6mPeRYjW8RRuO);k$2F^iRvwTyy;sv`p}uYW+&IDsjF)&#FxLzC_BN%eFv)c?=G#5 zACoPaIDy&V8P+=IfWu*&tXerrK~&cKf}m=?zp|4E8NXpPzugA6W5@2_OUeaj{3BY_ zhth9f$2Q6PY`B?68|Yy~KTD3U+N|WNV{nh&XZ{F-+*B(+EcZSPh7y)df~nNB+pWk{6&APota7sp@b zMc#+EI17eOdo=GoBb$$qKlJ&x>Ybzkrs&CAU3E-WgpSGR)Cb9_Y_PzzAc3*cEURYA{XyvADJMLWoBEnDW?uwqZ8G{ha z_1Vn#n8_)sso6;B`0rbJ_95TP%$uD}uj>`IV4Y;oiCVd`2I$Vd;SN?#dx{!KH+p=a z{X{aCHG=;3?Q*6*>^y}+VQv?}e%~+tbF1;SuP4xa>dm8|-wm3kpjRWcm%~TMSM0E& z`1I)u1xGdax?`_0OkzA$R8%-6mzWPan<}_#rcW>nnwr81uhnPWX8KoLUFWqF^x^UK&MQ~n zW@hp?0zTo+cx2`mPAIO0L9HORj}utUV<&Z6fVfV(!$({m;?E760+{r`NEg0ekG(jdIz=4-^&8 zS7-=1_MINprwmN!!Q%4e%xq& zDSmkEZCd`jyqM`%XZhwNfW7wKWTW)7z+Zfl|A3pDKqrnacNmL$%&ckf!i z6F8dhor)FS;fyai$FkPh3JiLM-2(NXnKP6X?aa&I`(^lvv^W>={$<}CdsiIFv-Q-H z+y5jfrtcOIRpY2vR}pDW(VSMrv#s5!B`!My2bKtqS3gb#H0{P3L}4$nQtYy4&r&`9WmXtY6KF4t^DG$h0(e<>bQ13>y#}ZVn+y?qCal%2<$LTOsa`!fsaJfQ=6^o) z0SK1`8X{`t=Lhs`54ZYum7tJb3hf5Y?ImjyzAu=yA#|;zO5n>|MZ0A-ZTk0Qu8U&N zS7ieEjNlTExk(933yNRrL)4zgOdpvpzs3kTPmVRnIOThR3Z2sEzqN!l=8ruyBTp#*2VqE4K)gSL^>HPZ#WB|5Mk6Jo1wqJp0~&xY%tZ^ zi#mZ}2Vylsh6&{dSF7w$1S^VwfV--DsPz9ZI)FYVK`RsuAmd8K`kN*42wprtdLY24 z^k$N)6w}fiNzg7rIq_Cu@IYI!KQ*8OG<>&Eas70F!FS`r^dB9p{UKwt=JnE_*caOg zHO0~ep&oo(O~8l`71?mVa|oW)`s_WhtOK091Jm%y;Ftt;IsP#ZU$>oTAK(Cvy5Us* zAQ0wng*SR}VasHK#!plA^f=bOfo!?;*s$&bEDO^>vPrK<=T z=tmAzsNKN=nftwz@=P^X{+;Hf_JR`Y*pl20_yFd~E{7wn&BNz8OwZk+?=+h4by$sD z)U0D;tl)UPkCQpd%;J+$H`y5a&Zg`zqhxd^5z`ihUh!k^yU49s2H~n1cs%|`bAp^n zxs8cH>p*L~49LqX&pP9HPI7Yc{TZR4$xEDKz?JxE!Vlzx;{Ar~L7r(Qqu|orkt7G4 zcjub|nb%rDspuKJun7H~!;5t*ZhsA=Z%@66{cRwwE4sj`y!fdGB4()adGMwV9Yyt8W-RKdzDaBc{uV7;8Tk zzEH;%X!ik1xJkTwEE#fY{P@@O_SA9?K% zTN;l`)fAirSWRl6sjEpH*Nr(rNEGbR9Vw$oF?jcKgKR=zULo z6btj=`PaQM^bcA-ubtj`y_6ah#nJPak}k*{a1|Dx<&C@R!C}J&D3kr@4nq>$?fB~B z2`&V?(Zt765ACl!9JGWkNenMcK$k7$(tX7=Y6?*dX!v8b(F5#j-xnw7u#`R>!h~{A zhweShNB34DMIVX|>6Y=V31)jWd~k1|HC9O{y_a(ydr$ED$d|4iXz(fxc|ol{%DBn~ zH}hTcsaIK%L77R52lCy=OuL-JMMxsV$6SJ6mV*=6q{LABteHY9YoX7ua zKoSD+usgs)I&TL>EMos;7?X3`haaI|uzrjKT1|CtWp)NX?3wQUp`IzAgp?@`&~Rgs{DOc536IywnTmU( zj1Ay1T;EG9qwsJ!$D1taQF_Qoh_$y{1Q^oDLL9B?&}d)z5FAbC4}uD;=l6!hH2U@( zR`F~cR0Vgw|7-W|-5kX0lVeRU#?t@G*WHAg^7P$v+X**uXH(F(tqHcfyxlDMj=j%zPioHpobt8Az;=cK2Cg2=mcR?l@`7~ zhIK;hp(vRMU9;uhDaOuJH7GlCjOkZ70(maLX*k%k;?|q)$}{3)X`Y~BpXJ4JR|vv{ z3T1K0t$F~+gf3rFg^K!NpJWq4uI8J9RdG6KaFhI zYjxdZ4-b#kmIeCF_dUbi4LbYK(6Grw45IPFt~-;&=tEH%DSbrho)`Ck&4w}&BS+DM ztg0R_N~rXg!=SHaBY9OPNn7c&$5{_k4rK#!1z+aWGWK2 zU$~g|u5Y?Z$;qH316h2&R*5Sx3RE1-IT&mG;6?rDX+}j2OHuL5Vw`suN7LK-bE?C| zpb{b&Jv&?>s3%6^iV0!-_O~@9!-Dt)g1@r1M4#nAg_> z_`$Pjb#8@EpcAMt>VaoD8toJiP-a9q;o(7XXifKK4W8t731ZpvlC!ltW6JK)<`YW+ zq<5exoKhyYycA}Ig(l0s7&8=uLWcXW@NZT(Tlf04bRsQGllE&nFZT@U?XdGUuh~P9 zHHLYIy(qvp1h?fvv zFM!%-r035iG3$~hUBR!xolJG(nvETu`V%DDsnfAKXq&Bax++E%^>T#CXS%4_$9@k( zlBh}W@fV~mQyC3{?^#xD!QClYZaJF6(YBL(!<5j762%D3`I8fN-3!RB=NUtC+11H; z=qB^swk%EMT4(J7B+bB`3_2$)a=zEONbKxV57#yr%S~a_(b|NA0&;1_lJn4TePd}y zFUlhhyKT5TWurJ|DDmy~vA(1x%vp$j=U>nU7n;dEwVrH;#l@`$hDlCfj|*evS=~k| z(C5a1g?+6hWib-cp{;eaPv|dizs-+!DjB8f3{MNjYb>I zy>fbET<#V)W#n@%@_<_sKIVuv$~0o99V8Wg1#0_cVS8IUX=>p0n2Obg z!L#QoS1Jda^AU{c>FOYj$fkI(nzUnuM@t~SHEE!@sN5DtZC$+BG)v=?;?Ksh42vEb zLP>DCgF7?cl!-3IwJ!2}= zQp4JWpX63(Y;0j7yR%-<0yae5lS|8$YJv%Kbzqf3ylz-wYCYC&Glu87?RDI?VC0>D z;4uj`&*~MF2+*G;wncCzZI&|L&D8Y;yY<AbakbYpg4gkQxu&-3K8&z1#IO5A7H zOtxm5mdjNjcBq0)Hj=GHC|Ym;unNo)WHALhe`rXz4_EvHFKy8oV-hSuuUu0(Tbl}Y zEWB0A?kAhE2DT#TfeRnq3lN#h-(MRG^uMy_6=thL-SSVFWfZMHmGsed@l&S}skN)8 z_g3&g9jUWlOxs(k`s%X=L6&J7v8Srp2y=4AEp3vy994lSk1+3^!NIFgg6P{}jtygF z{fYixZowNFM*M+NGQi)GIy%SzDGd!RHUs;7fRj*@r%t@TWIq-RX+9) zg!*Yoj{CNS?3|{yZen6$-90M(Ixl0YZJ2;H$sdw0%`_?Ny}Pw-m%dD6%WDJVdDRXL_B^`SQ9|dPMr4bZm=;?g%Tf5I~<< zYy7t!1veX{tPopB+&b^9=|HI4-_b zb`wITBWx#2R&No<^UFcVTzN;O3z{cfmcv0>$gaMq!SCy#Za^ILA^Lq%wqdE5ubacT zFg3=TdBEy=ZKo$R%a8I>K`=(SRedQP^g`dJ7+>Pky0*zUC>XsXj8lA`Ubo+2ZBm2d zfp&ttQf0iu+}ZChe$>eXnHsCp-NL>lHjT0eT)T)~aV2H_$-c)pS_&6RVNm1EZEZeU_sfK2u;-ncGrqc+ka?*-q?j7H-eji?llB;- z8?xKIsAtA%_pw0cjxy4v^Nvt~aEG@_hU~D9$t6B1iD>8O6||KxB&iPZKf_yeu2Cve zKS?cdTGJhta?rv}t%q8YRG~R%S?8`J|HCb9h^Dpijyw1PLCs~=j~4)tjp`=fUkv)Q zi8|q=W)?5q!(otMqwmDvQX;^A-TnvLKseds*G>!!47_Lip`?#-Ka39#k`Jbbtf82g zp}C%lVDa<^RT*rU5J6E_y$HY10tffbm!g)AU*x|&%-5eBP*Djk*R4~9vt zESsG*h?>dEhw>p(B6!7m!gK#=pT7%qo<5`1bsr0d}-;IgO=Xv^r81Mi)R%6uVXe#K`{On)JS)Exr&~KUrPozyM1$53;}rbdo3C#mzx;Ec%XwDb zS=*JCT=i7G*nkF|ldeQ|^7ISY1D{{y%imT`T>rr9r!oXCE$QAw%3p2ZHS@>2OFEVu z$ImAJT}HX`pk7=@)T!f(#zR;3aS4fN!V{@zbpmn`cGJhY$y9gFp>X(^wFz!{=*OV% z@-@(pI%r2b)S_B7;K3e4ozs1GWrmnDQa}yN?!7nteb-X?z{e9PL^+!nZPi@-QGH8d25y%5>2DRRPJ)k~q-|6m9k{9!N zt$fhTcV+YYzvMEveP!96x-8d5fVNp-hn$MLvS#lyUo7ktFyfdTsi5Ai3d88h5Q>6l znPJqj+S(t9(_h&g4f4gMW#Qw#+CZpAjrUiwI- zHI?ToicWzcRcxiww}rgF1J@4dn!TA%pEmRH?Y(pTCV%^>X9oe8@>?7L)r*GyWFeLf zd%@0RCG^FO1@$DvL^re~EZcVPS_5zhfKu^|2+ihuB4-a=JY!+_7%RH()($kda@E&S z?lu6c-ew}|oyM)4xmDYOmSjceI)1w+y6Wt)L|LGrk<-98Czk#}(t1~)Xqo+hpi6~-R1W)xH4x=kB@w^*CA zBe41+qQb(BrzigIxkwN?{cP=mQ1rvf-lQts;;(s#CY|@LxUk|yBptF+ z-?>H+Q72ZaWj7+E{CH_Npy&j2An9oVGJv`E;7bI<&^G7Rv}JxlfwIv-(2$!_Xk{Pe zukYv6PkoGR>p17+gTf>Xb)O$kLogaH2I!jR!{U=S?%!P&UK87XvP!kvC}l_ieQtl1 zjdSJ(!I;M|JUGR^!q{wgtCYhxnRYBQK8R{a(Bk2Z+Z_Ps4G?UZ`8HfT}|gKu{4q0;M{+CG1>J8AU@Yx$WlkbB{J z*pEc9@^K2DvxFSYt>T|~P^r1WoV zeW=5er$z7H2R7_=!08|pCzZ85oFp+`4kNLil$wceUv{B-OubQITG)0~&2C?o;#Oj{ zT6aw2%@lM~TYHO4TgMT5j|;wtOK6yt9$q`mRnztPd~}t4RGUX=Yz<1ePdOy7&1tsY zJ1NSvg#LPdsGN97rt@-26R!KvsUP!T#)|;dzIfqMxpTIJs8ILjb>6>}uZBI)>vO)_ zA$CKmP&*gF$opWQ;qIN8$*{GU$*iU zI=bU)H#(tPWF<}mv>VZCUs*F5)Dp!B4lwhM*YmJ!CR zu-XC7Oh(rLqOfx+zU5DM#qZMVlNltylLUXZ5sXdb#w6Pb!gzBLV`!Vfzop=Yb9Ggk zuJ;I^9?t35Z*6eV#`_7?*j(yW0vmR*Z;Mv(k+0no2OqT>KWr1CWG3=K11z`JK`1V+ z!_weM`BEBg_=)_K(NH#tKVTFxc{Zd#Z=GuBZS=BVYjuIlClUmC+1QEi0vNEbY5%qw zaGsy9Vl5u>%52Ze9&nv^%mYwOZwP}F% z+>vSxYuMF!w9v7{0M#jEmkd*(i@-7uX+BZHw>uY$ui!7eD?2hQ5xQGClvCS$P5Gcr zek+lzCQG-cLk5cJ+>N!pNwp2;0pr{7u&|me`+3`-F1$5=@)B_FK*y?Zc)L8LMDh81 zkZwfw*g(8*%&6n{?&2b?1U1niP=EdLuZcToi<>%Mb-pv3WM+gU3L-HZbg$^oKJvMu z1hGv(<4EBBuy6} zrY-N&w}U!GsqMpB0Jz82M-U zAE0BDlSWR5&7_sdz{;kyY*4OP1JXd$>ucL$*e3QJAtHY2Qvg0qBu6|C{7chX7hxhF z!RL}0CKFx;`>*t`Wb+=i&G!!AUIVp3N3qFBB4JcD;fToOuX=nG2pKx9xKlZi8@0l5 zpR2I^0$VY9T^7#}_{Yv&F5UifV`Fg!ND#B{)|G7+af z)&BAYb>=3S6(>Si%ckF7JgCwN7am-k;kHb)ZgnQf z;hc0AYj>^?msfpbL5g%pH~Jy z@I%S`WioD-b_FH#1HF}|ZnfBOeR1;kQ+mvN`)JzofFd{?)%m5m|C43?{P>L-^-qu7 zb}M=AXpDPuXw%=${b$5++dPyP6}Okk#!SS$44C=U8O6K(L=q7F`u}eFgDNI(qA~$DA|L{Yl9MqVf^z+1NW+_yIGTi*}k0gkHwqn z`}W*Xa;OfCZ@I%wEr9XMW{+m(q=d9PgnW>3^2mj4ENJlZeBHWGV0^U@-Gfyq4G@KZ zH-nlF?jJ}D_>yZrJhOgp(|<-ruwxbN1O-^T)i8EFmTC*}bPDR|y&ahSgl;-tTgMj{RXqqrU{h1>s|`bHm^t3S^*VyNUwE! z%l^A(_0|Bb9M~H~RH`R`m%Po_?2T}|m<%dbj zVH%M>G3`Exqqu8O?BRMFOf)|h0iU`#XCJPo-Io=7acm=#y;I8GtBn}RtW5Xi^u7KV zMez)4Bcx?O4z#Q>ij=a)Sw}SuV%I{KWu)d78$Tz$K2&r{6fgn|gTKT3b4xq6u6M_E z5oC6@Ox{&L{5-VPD`BF5)10|9_g0wPx!@c#ir+|drp#U`@hEnr(f0=N=^t%vIv003 z;L0;;vVHAu0E*%Dkd&*GEt*z0G02z)mG446?$E&Q6otZ~zkQMFj2l567|1?qi2<$H z$otLvHX;a}MwW=Gf!pA)eY@5`CaBQkCaDGaq*8hj+TO95cIZkd0L!i1|3Q*kBD(z| zm0k<+DFL9HAEl|mFYR131*A+paQiTmW!?{vu^EP5a;##4)u$r>#dqb-``Y7(&HBQZ zV~N>KG(={OV(sv>6wP=BI|Ba`AM;rKJcbrtW@}44&>6~&VSls?KoH=k!oE`J(-^$o zDfuXPOSjfI9zICxq(B5d=IE)j5Fk?&HFlyDARB*~5tk`g znl^HRvU2-*f0jihd3W4*W_|bRbjLb)58%A|9sOwO!|H22anbN;>yNeH)xxkJ}Z^ zwYFU4qyxFryi5buT?(A}RwC%Bh^qY0H~_N{2gLTj$&`7B`TzXFqJurpVh)_16|HHZ zYxoF+eP1>Tfs=i`%=mtDNT8BFvvKZ=jL8OLW59y{=JZ}pMvpX^>r!+qwsuCkZUuYE zVwVFcbAp#%J5QYzrNMs>PX4MWCbuXUHsjV+IEvD(yDJpu$+&p!Nq>T4UE@JE+|)(AXp0Q`oNlx<=-Ez)bi{llIvdSp1_h> zpX5A7fo=W=(r&HdYSV}9Y`u>dmIt?g%4L+ zxmM-T20b4R|6rJXI0h*T)ZBcz$hP zg3I97;{(%!6MS$lSfy2VE50ErAut_#j;>S&gI6X=HU(j-Si7JjiZ*5aT~9FOq4}tY zF`R*oi_b_KLM6%{3yYuR=qYv1ICY1#MzogncRiDI*mJb!d66c7vvf}fbU0W%Q~%A{ zeT`_c+FB=1Uu}{=-eda)`@oFnnyf?74XhkiEn|6v;p!ar&t566oo2e#PmN}&JGL}l zZW*{r*~!$0HwQN%ZMy$@uINkkTNg0UJ`Ad4&YY5K+{HUn3b2o#J^m$Zo#Hk^Pz;v^ zYd<)n3Win(dVa4XJfaU=XgqW|Q&R_vU^KC6n;XuU&KrSN&$(orWd*6-tDX@X`Aatu zeQ575x^Td*By^WFTKH|?5GMq;m}LjkEM#l@fzgQhtoul$+Z#|d?)oUtjc+JRRW|SX zr2$e#A`PElibJMw_h0$tav=-rZElc;E9RNRbDbLurRaEL0kNXbgUIDs60oJOY*>fXN59uK0ZWW4alFq)ScXDV>oyJI zudb-%v=gB1Fk>3MB&euRP}j>YVbPmR6xS7JbR9XByPicYOIp zbej|CE6)AGUgOqer`s*tG_WhXQFQzVPyCGoJ@EQ=lRY10-t4Wo|4Jbso^3(nKCE}K z8~?_ro*ci!hHc|@y}02kwl+;&@n-8|plrE*Zx1l^`??`jgyG@x`1mcqpk@*1tla`| z=RV5<6LeNf6m)iyr(t1Xe?#gbt~TL{2=qB9DM}T60y#M0BJ>}}F8!}068NRuz5eeX z);&1=uRP!ztV(od_r7TE*iS=yBVr|A|BY3xfMOy${|lHB^>-!I|Aj*FqMCf2c*;AI zG+=RQWbOCm-c{oTudWJ{9mBu%(RPr~O!}0$R9-0B zX}R72OmZWi%(J?cg6@p0D$VXbV^tk(-7SG>fQmCG;NeQ%k!1~`nZExItmr>h%+N2u z525W194pG%UFMOmHY7H-^v-q>!dvfw(@_jR`>;h#&50-1qUmqSN^ZZGCXj_KB*wwVtZ?{lDDC*!_KmKMa7-kP}_39 zJXx&&aD{VKpj=RZ9NJCJrIcYsbsaZ}hm${jtHjIpfewg>!XfeA_&xVR;_$(c=Q_B-ywp?<4PqWkMgy$rZ!#m;wQ%Cy-No!MMj*j< zgfmmyO{nbk3C|mCT;{o@4Pezy&oZtXv6@n_n<&0bTSJ5*I;pXDaC z@qGTX>Hj8L^X0C#8dD>^@J^d5BXH5SE3w5-n6!;h$i`Hela^29JYsD#+--lU~%stD2y?H361%5N)cX@7j|g6hn7P#USUtm>E(!(&Gk!4O|&#!Of} z_Gl+IULQokKxroNPHlHwTy3v-I9b&PgERc%GK(MULq=5T8R4D`Z0=?h0uygC?3#r^ zG!%0ji;9mpJ(4I}AERnE5>igfZw#g{`eBR$lC`57_b`8KxJ(lyWNQ+zh%nQEJdud;z$mRt_}pg<`V#-=ibwke zRkH^aDF-xs%QZOj{V^QrydIlYrl#psMA`AHd$9Jxv>{#g#+UEive}o4RE5a?kM97tljO zOG2_d84g&*H$Q%E@hDNGkk!b-=X1EHEP$E6JvUhsB;PCaWth91FoW9Adck#m`iIi{0-8pN)4I!mjmADe0*jcU8RP5JDZ=(CoC2Ofi zg8Y*7vi*>;q~}Vo>{|@;c#h{a9R=)7^0drQ8ouF>VdY2FOX8lWEkV4r`yb`KMX`OZ zXuG0ln~!$ok&t9oec1aquC4~uV-;WExIQDRL6dh&SAr@n?uobzgoFu zX;^YNE;^^qD9ORY7);VKk zelduY^J%@r4#GeXXHnIPVHZX}L9%cAdrQihpC~TW-WHFv-)lQtzgD~77>o-sr2yUN;DQ0goZmf01m8-~|^Nz6gh6+GC{VO;epp*b%;dNJn0U)M%W0XQgo@G z)PA^xw~s7{Z}F;8EqJQ5_wuY2$4Au}9`z^pQGQm}I*F^EIleK9DNRNz#CVrrtk~u6 zDaWn)BS05CEqHzs3F9_G1;0QnKh_CetIWml+OB0=%6x%|T~*0oO>bbkUGep3Z8n1szFpWmnL6vSEWP-7&yRsT)7L?b8(+8{OQM>=52E! z=TFA$otUP@aobMA-@0n`?OAwaQ5&&I;&tHX3FRw-KDjwn)r0dc{&xwH@+g*I4vRXs z+IV~wS}(Xh0hwpq{MKC!SOw)VKjGfZQRjOM)u*C;duhyKyb`~ADhNYkYUPvdjhYSF zZoKqId!Wez2z3lbKllg}l0BQ4-~8R5lCoXcHw*a5+UCI$zX#24q%48G?KK>5(-$N3 zP*5()xYm-2)SM(jX69H znfDA>Fdr;`4}E8H`vHhBm>u#JB0ZxSZrsorXTX~w2~rJqpp_%x!C0qzOXnu z0p}ePedQ0SOqjuUq&VTK`j2!Y^wR7{@R_s&Uz+_x+RO`{z&KnW8a~R2^6QJ@6Do%4!N3-{k!=2*%KFkglj`aI|l#R zgLONt^ts#7=Po+bBdOqB@nK9tu7al#A*u=@anILxR6+ZF`yZ1YxU?pe}vJ~#g2*CfT z3Nj}X(Qj_JGkm&L#rTV$sFCb8u0a>@JcerC^y+bWvk*E&vm zhI|PADw=}nc>w&_xBX`s1hxi)O?k>Z9+TtOJxVl-oDfdpnvXv| zdM$HiyLUnJ%jw#QX%D7;t85fc|B2U@xwM1r&JghO4CAuy)a+jiKOem1c`0-Y~FBkLYpvUOaChwC7#94 z%)*Wvmdc6CrfkzlTiNLOPeySANOdNGAj-Po^v>l=H&QuLfJmMlUjfcnKqDZTApB8K zfIxnwoh0!;b<4?e*f0)JQoElZ{>m9G{#fCTsHiV0$p4dj5P&x*DucN+sO{7yt4E)V zBqfd+GtE2ghlHEcWUAwy*aB(Ns+pBqho}}#ztI=NTg+t5dqN-|+6W&MH9<}ehx_Mu zXk@IUX1`*ZEys~5=#l1mTca5ORxvb|zuc4wbku7+03e&4bMtJhhX@8uiOwGAG^ws%v+jzfT}`8;g#Xc9GoF4RRu)Du*=_%(h5DJ0K7S=%8>J84IDJ4nYUrT{ z4(~>9!!ZAy375k1m9^y&rIBsL)p&<-XpdJPjFdQ;#=DGDDnlxZUIC-V8s+}*qeWCp9P%t(DO16tb;#x&{wl?A!B9)KU<%m?6w zH)#)#`ew2*&SE*S7cF?Bcl=m8KebS>B={MEkh)f3>{>i?C{9u;z_snnFwmYie z+hb}@Aac>#MWS)FNEp`ekBTOllWW_OWM`_2-Ex!5LmxT>5pOt+h;Ti`-8?r-p8hoPcgat52!pK$F3ndwDj+5d z6&QcqGh-|X-GsaLXxqy2T@gw}@(n8eFC@hBP3UURrM@lX2oRbv(xlFIzAi#V)Ytz4 z2k#sOn>hfm#{=_UfVM5JMN|v_aOl@8i(nDpI44mF6DX8Jf8rr4|NeggJkM}wCd-li zhg`qBxFUMT{kC5y`ZgQX3;sv;0VMtD+?|9-Ibm+kQUez2Di^(Q$*vW#cGqj*^83F~ z_WKf`Pq6TC(nqQlRI*g-@LWlx+_>Ncm)fKYGL9C^6Q-u7&J&$x_eNv`LFB5hqWonA zkNc=#FYA2FQ{4AlZ(Q?OwwO&b;0fO( z{Hzdc+lsoQDdr7<6nMA__m#Zu;#N()Uk*!#3mE{3m9)~lA=US?(26&eh#s#xW)id_ zqKIGOn%U-oi)J-NA%l{VxKkN`Z*LOTavgAK1;)?yR;0U5goUjXAnxCrV9(#>PEq=K z!c6D(MD*Jg6!nDY)Pt3B#tFj+Dm?`p?VFOkET3l`lkSr81uYs0pnl^csEDPh67)0u zm4U2i*V2D>Lm^Lf^fXUWrc^=AP&fXS&6ubmiBK=Rd=&&`htZUgL&VYwBJy7hZu?Z+YnBTje9pN+YO534X$ z!H%OheJH(9%PM2+LY$)A}#YaPX>@ zTl@TZ14!2lB-03KPTx{HnKx_w9L}j5l11V^%{k%1LPG)3`X&e`l2Qe6Ri0Z*qg>E{ zXQ1ToR^ng7WTp8qxHhD@)CR%eVGs^ARnC_qymRm&>om<)Yi7QEms`cWo`w-{eLRY@ zoIPLWQb^TNy!I$aczRXS;nPLU$}P?XAf#}J>4)|AUw!5#IXmAg1`hQz%2#} zjQ_O+MjB;$M@nB`_T&R~;wV-rs{+qNJ2)b9A#k*yyRf4goznc}kxyj1X{Hw6qp{GJ z!-*<`YAWM;%nT4D5>ZQM@h>nkXT*cLSkC!g(wz9%*%)VPld3VB%@qq`K_a<3pv?`v z)dUZqSkBjipFZ8aFfk_A*>e;cNo=$EGd|{|!Sah@1C&c^V}A(FE3(_ARgkHZb*#Oq zoscDftASRI>j0{=|C~rA3v4r7Ug*BJHjC`zoiP=hDa9|Ub)gME{!^2$q#|^a41jxoY z-{vt_`-XWHL0Fd;06uv3R=3JC3rshA4W&5mnekRnfZ#utddu3t&_cv*~Yk1`@3u7yG-cOgmvcLYaSN!^ReedvHSBoBQ%CgT6 z&-9+I7iZ}HD(q#R@w*-^-<4Uq*Uh$QzW3OjwZEi$-|6@l^J|XJeqQ%++M2)m=JP+! zUGA4}VqGj2v+v8&Z8E0EcP_bfEx+W^kC!K2b5_WD{k(Or%p>yiT>WFaUcWTo^5?CI zb$!i8%caX^Ub>>~Du1~ixIE#~CD~g$o><;BJ-bFa+wy-+7Sq!!ISo00jt6nX8aP3hM&|z4%ngoxKEL#) zUX1K?YklqSkJ~=XkS^c;dPnSmsC6Z;e|$8qdbv3-JE2|dSO3?<-BE8G@2~jbe80-t zx9ate)YvcQrK^8Rhss%qnXUt+Z~fR^CL6ZYu8MuXcZqu4+bJ8C$;|!s;{DhA+ht3) z&0iPx>$CCPpK;6WS3SRfd-deq_cuC4%@wy*um*YLJo1GsYzc%du$9Z?xxV^9V3znvU#I8K2-ol2>Vu>H&;K7W`NPZAHM!Z@-mk!&6a~~Gr2cce)Zf|mQJxRN zPhEe2O~w9-y;1)^zc%Ikdn^2B)x$%rpq1!A2cy*)^W)ZU3z~dkeYke~+295Lf{Y@k zVJm0%SG{fccl`RQyVscmPhVVr{rNXwwF^8r1}Fxf<=dMMq<{@2p#2VfsFM%bx8ERbCW> z*3Tf>W7ImQQt8r^;(PO7t0$fL>TZA2G799VFFS$i7=ULT!VWp~F*J`7(#`NO0-orC j)V2qyB5egt^rip&vz423>*CnIf^>Vj`njxgN@xNA+0PKq literal 0 HcmV?d00001 diff --git a/documentation/Keycloak/keycloak_authentication.asciidoc b/documentation/Keycloak/keycloak_authentication.asciidoc new file mode 100644 index 00000000..02cea3b4 --- /dev/null +++ b/documentation/Keycloak/keycloak_authentication.asciidoc @@ -0,0 +1,132 @@ +:toc: macro +toc::[] + += Authentication and authorization + +Authentication and authorization are important aspects to consider when implementing microservice architectures. A brief overview of these two aspects can be found in the devonfw solutions browser or in the devon4j documentation: + +* link:https://github.com/devonfw/solutions/blob/master/solutions/security_authentication/index.asciidoc[Authentication] +* link:https://github.com/devonfw/solutions/blob/master/solutions/security_authorization/index.asciidoc[Authorization] +* link:https://github.com/devonfw/devon4j/blob/master/documentation/guide-access-control.asciidoc[devon4j documentation] + +This guide shows how to enable role-based access control using JWTs (link:https://github.com/devonfw/devon4j/blob/master/documentation/guide-jwt.asciidoc[JSON Web Tokens]) and authentication using Keycloak as centralized IAM (Identity and Access Management) solution. + +== Setup and configure Keycloak + +The `docker-compose.yaml` file already includes a configuration for the setup of Keycloak. Use the `docker-compose up` command to deploy Keycloak in your Docker environment. +You can also install Keycloak on your local machine without Docker. For this, follow the instructions on the official link:https://www.keycloak.org/docs/latest/server_installation/index.html[Keycloak website]. + +You can access Keycloak by browsing to http://localhost:8180/auth/ in your browser. Open the Administration console and log in with the default username "admin" and password "admin". + +The first step is to create a new realm. A realm in Keycloak is used to manage a set of users with their credentials, groups and roles. Click on "Add realm" and then select the `keycloak-realm.json` file from the documentation/Keycloak folder of this repository. +This will create the `devon4quarkus-product` realm with some preconfigured roles. + +In the next step, add a new user. Click on the "Users" section in the outline, then on "Add user" and fill in the form fields. + +image::keycloak_add_user.png[Add a new user] + +After this, open the "Credentials" tab and enter the credentials for the user. The newly created user is now able to authenticate himself in Keycloak. By default, new users must enter a new password themselves the first time they log in to fully set up the new account. So open http://localhost:8180/auth/realms/devon4quarkus-product/account, sign in with the new user and enter new credentials for him. + +== Enable the access control in Quarkus + +To secure the Quarkus application, we use role-based access control (RBAC) using JWTs, which is the common approach in devon4j. We use the Smallrye JWT extension to implement it. For more documentation, see the official link:https://quarkus.io/guides/security-jwt[Quarkus guide on JWT RBAC]. + +.**Smallrye JWT extension** +[source,xml] +---- + + io.quarkus + quarkus-smallrye-jwt + +---- + +The extensions is already included in the dependencies. To enable it, set `quarkus.smallrye-jwt.enabled=true` in the `application.properties` file. + +Additionally, the issuer of the JWT and the location of the public key must be configured. To do this, the following two properties must be set: + +[source,properties] +---- +mp.jwt.verify.issuer=http://localhost:8180/auth/realms/devon4quarkus-product +mp.jwt.verify.publickey.location=http://localhost:8180/auth/realms/devon4quarkus-product/protocol/openid-connect/certs +---- + +== Test the application + +First, try to make a request to get all products: + +.*Bash command* +[source, bash] +---- +curl -X GET http://localhost:8080/products -v +---- + +.*Powershell command* +[source, powershell] +---- +Invoke-WebRequest -method GET http://localhost:8080/products +---- + +You should receive a response with status code 200 containing a list of all products. This is because the corresponding method in the `ProductRestService.java` file is annotated with `@PermitAll`, which causes anyone (even without having a specific role) to be able to access this method. + +In the next step, try to delete a product: + +.*Bash command* +[source, bash] +---- +curl -X DELETE http://localhost:8080/products/100 -v +---- + +.*Powershell command* +[source, powershell] +---- +Invoke-WebRequest -method DELETE http://localhost:8080/products/100 +---- + +You will get an `401 Unauthorized` response. This is because the corresponding method is annotated with `@RolesAllowed(ApplicationAccessControlConfig.PERMISSION_DELETE_PRODUCT)`, which means that only users with a valid token and the corresponding role can access this method. + +--- + +So in the next step, add the appropriate role to the user. Log in to Keycloak again with the admin credentials, edit the previously created user and add the role "devon4quarkus-product.DeleteProduct" to the field "Assigned Roles". + +image::keycloak_user_role.png[Configure the role] + +After that, you need to obtain a token from Keycloak that you can pass in the request. To do this, use the following commands: + +.*Bash command* +[source, bash] +---- +curl -d 'client_id=devon4quarkus-product-cli' -d 'username=john doe' -d 'password=demo' -d 'grant_type=password' http://localhost:8180/auth/realms/devon4quarkus-product/protocol/openid-connect/token +---- + +.*Powershell command* +[source, powershell] +---- +$body = @{ + "client_id" = "devon4quarkus-product-cli" + "grant_type" = "password" + "username" = "john doe" + "password" = "demo" +} + +Invoke-WebRequest -method POST -body $body -contenttype "application/x-www-form-urlencoded" http://localhost:8180/auth/realms/devon4quarkus-product/protocol/openid-connect/token | Select-Object -Expand content +---- + +Finally we can again test the delete method. Pass the "access_token" from the previous response as Bearer token in the Authorization header of the request. + +.*Bash command* +[source, bash] +---- +curl -X DELETE -H "Authorization: Bearer $TOKEN" http://localhost:8080/products/100 -v +---- + +.*Powershell command* +[source, powershell] +---- +$headers = @{ + Authorization="Bearer $TOKEN" +} + +Invoke-WebRequest -method DELETE -headers $headers http://localhost:8080/products/100 +---- + +Now you should be able to delete the product. \ No newline at end of file diff --git a/documentation/Keycloak/keycloak_user_role.png b/documentation/Keycloak/keycloak_user_role.png new file mode 100644 index 0000000000000000000000000000000000000000..3a6357b1132c349d2cc7564f2df959909a5785c5 GIT binary patch literal 81535 zcmd42by$>7_%DniC4vGX0s=~RcXxN^A|TzlG>RbI-Q6XzG%PCJz2wrhbhG4(@%^21 z{(1jBXReEjeRgJ^nS18W&wX!*vZ55mbAsmx2nZN5(&DNJ2*^|j2v56FpFVz*b2`QJ z`0t6cs+1@~>_H!iiwL=sRxY+n?^=$R3Ra-L~UUIQz&B9Mp;PPyTciw^% zq6!KTkNf!BluHr^AD;a8q>iHUNX);Uwm03~-GlG{d;T0+$IQ9G`W0ccd@pRl(#ono z{9hM4i-i%&f5S?HigEt?Tuhv+_}}Mj&tTsF*7*$k0DJad$N%LC9Vq4Rp#%KnVfZQ$ zKgj@_Ii&{Vf3_xE8}LX8v+AXxO|?)Keu=PRx_fIdzNMtB^J?Bzu9Mk|zZ4LVJQ8^% zh>eyDB;VpU>Hhm|_VI5L6`*CtV|S`%jhUW&he8`BLuUU+_qjU2`?yr^sO!xxQ$1=k zw^>g@0N?lyg;u0t^^&y0A!uWKSk8DyeHC!fd9=`q0_6OrCi4YMarzY2>2!9t{#aCz4{SQJ-W1*TZxSqcpbXo= z%0J~9!!J)lM}|Ulb|ecTYMkd^F{wAA75u!yuye~x_Hd$Q{Y;5PjOIjWuVb>3-=AMy zduv=%=8f@(wq=3Oj|Ve3vNqo?gB^y}{lI{KvefF!CkZ=hR*O5#=&uEr5HmY3`^h2S zv(=yX1+-=~Y{O*=D3-be4>kleqEg!+K>9cu@)rx=OVA~n?C81 zvpC{kA?yo0HDZ^v$x+U5jIK{8m^9 z2uJP0lV}LABIgl=%!DpG zsS*n@!F^u2+m99wo4_D@0~%VB!s#?gr2&>ZJ+ucPOcxPM+nO$Y#yV=$Ep7Ab$G2Pl z!eK0tw{N#u#XhMP^&5qXMD-t5^SK&-TVL#3(b9SPgJqdj42dTN*mS*^%pz+q2CxJG za@c98EJB;Yw*aDN;+1fsKl>Fv{jFe_=afOwr8HFeV-%sOUkZ-L;F4pTu!r<^)9)Kr zR%mPj*SjCoYx!o)Lo?ZPc!%sVYZaJAwymf36o zn;Z3_Q+x7uX`e~LX`uXV3Gw9I_V%2@J9m$#e22GR!v;H>6E-us&%ieZf|<;P4GZ0q zQNDh9tCSi)iv78%1cJ;vjJl!9Kr!ME*tl#a`9YU-*S_N%?E93jpr+l_O+4Nhh^2G5 z37sSTA{&%{cIKY-TeG~Vz~U8Zf6XVg381I;xX-O?T!v=$`jc?Xj}U0)Ar|JY(i#60 zj!TD5c?5gf$U=w9y42HJ@F*_rpt1?)lz=p?k;6p~N1Z&}#S#^P1qGk|Xq*sRo<5D& zuN~e?=_|h4z&29tWo)0wXK_+EfCgZW{Mg*9%<#q{62UeM3E@79R(y}oJGerukJAa3 zE5bFGcy>5`?7*BuKol#}YVyRFMe8}mx~5ELps4Q~PnqpDQSF@*#!Z8KP@ z!Qi_b5eixnWaw8!u8hOmw(r{%`ClMnO*sR7(;~=xz3b0tcm29%gLbcQKOChC4QYeJWow9(=z|E9l~Ki zf1YBy6zi~IDA$TSFcH7tj;+DsSfDlFBb!}QfR_>-*B zy()N@7kBcT^j@>+Vl+|DVzX{z=(%P)xvn!(YukVnC}`&ArW^;2Q}C@S@F*e3-vPT7 z%{S}7HSdH;?y`3L$s*5P>4LPifnT!8v4b}OxR zb~B8YinBB`jK8Ga<}SSF;aDY-@CBPzep$LV zbq&dYqGwFtUPxmfZ zhp7`=K3n)%@W;Y_GQ1NWEUwn+ZEe@}+tVAvMg3}3SX{gawQkLemWTAXBotFk-#{xO z9Ww7c2en;Cam}8LOU~wg@0i>4?RB5-9JV-ZKXsdd&751`2)77w(gjI14Or(YyBT3| zNJN>dm#rI94+h6mrFW2MgVS>E4A5u;$KNaW7A9bWiHolbk@Gqx%hFBMH^20I%V)ug zBSEURDA^j^Q7a;p{-sm4%Nnz zb8gZyO!+;R_I|v+z^wP49L!8wJw8zQ?WSiClwhoaS}Q7RB2-5MQE5Cn4%3m2#{$st zkR0-tV1z@kWCSl37jbCHho4jZ!Q3QFc)>a4y}f0{FK``LMm`36qgu{srYUZj6tE;| z6t;D0J!rL2%Ej-Z%|a|!L*aC2B*A>HNo7s7ymr1@I3TT1l~z)x`Q#i39*t+m!DJYI zPH@!;ZeThwGzZeo8(F$I@m(1m^gJ($aHfB6GlU?fiiFjEy6F!YDEQP@q)iTH#lF20 z9q*Y+(7vVTGwzoXxW}UNcrZep!&1=yZhKj5v{9uGGU6i)K-FvF3+4c?>!f7^gK_@Ro)87>uL9$JLn;I z&a1Yx3YOEHnx-2?wmRMxcXhIp+9J%Dj$fK2m@!kMnW&&@D}`=~5P4cDKM0<^a>pjW!_n_LqF&(V(zWQT)pf8Cgzw+X@`cLnQV^BrpDqh3 zQ^`|QCoBsRH4BJ7zt%rjn>|z#-h(U3lkt^?<)&gZLVIB$zh?JVpiV#VU~3i~#DZDG zmG=krTpxVebhmI$ysoA0bQAIA<1hA!q~y!byWCviMyze!2A%1lo=W2u>Rm;|pyJM# zcFbbROfJhiRi{0#oc^lz&o4DiBs08&-uBLEODuY51J6@}C$#vYazq&_H6>rJUlWoR zY3+x$h)y-D_g6TSzi3hST|MdCDqxbz<9&$i_3J&zAMqAZtWv~)J(<I*{)7tYB=T zw#ITZBp%G)1oc(F3~GTG(8!=!UPANAz|obZ!=4;kIZG)+E=(F}p6_DjBDsI_1;CE~ zH5dS@>IPauyc=-;=Xg-c#&Q)W^&a@LmMC@`(qQ!=k<>IeePH>wKKw%)CV4@48)BT3 zE}OPMCwedq;iphU(Bm5IKn)N>tHh=5W*~R=$=#YGg5FEDSFop~M`Ydsp{l6I26b z{Um6$*`&~e2m`l^i-f>q;8IYLA?_ngk47zu>_p6)fTeZrClenw*M=dgbRb+XY00LP z$`$^Wq>a@0>Q?tUH`hu%MalaYbmE^85Ju8{o92`vGL`MmI#o6wJc6QeF|Ce^3ygkA zyWTafFu$&hPQLn@Q>m{g`8_TS`z^J=cfV2yE$CQ>aIF-uD@sr*ER1XWLQi^+=tQIoR}kv;CC ze&1edcKEB)Sr5UW zuS6~>Xh)hM_J+;p$@rBW2Rz@Y((sZ0&}Cu65U$Yl2-C3B-H-y?1B=x(gPZiAp#jT| zyn_Ld>1Vl$IyswmDudtO)wi?sWP=&(CsB8eu5CEXtek-yMmG-!%)fBCNk)jxJ74_0 zes<2f?}(o-Q>$zJEVQ)~qQIxxjJuL9qYE@9J@PO4W62oJH*N2mUp$1ew9>Jm{n^H{ zfyiSR3ALWP)@QSudO7mLH1pviAii_S+a|=MtVl^ahT2ods7sSQ!B)s6Nby^bH3qKJ#RVqSAL0ALcM(nMiF#F~1~kCO4BL_$F`^R^^_N zjP+;s=LR&_420#c-S}%bt>IMRCo|rPKjr_jG=j#Tpthowc~`o39AB+Fb;72|z4ArW z2=ymbYc)o!j4(7^R-e#{GwVdRiNtT@GzSVLN5M((Tyd+A$>yJTn~DvD6nE1zG|qRq zBU7MC$WQ#k1E>Oa?Pc<6L0I4|wa|#ATjH6Uc4St&i`WZ8Z7Bt^6S*-uffNH`Q!XDF z<-z$`_rKeuL}%DTNG+4JGotE?I6g&{rEFBJB`WtCEnyP(&rjaYe>cqiu)I;9ZpHL9 zPj{vbRq)`}VgIZH{hQ*1jnvuNsKN|+?wJXT7xrnR;0=UN{YG;Ii>W0U>jnZ7XVUfz zH|6Vde5TaQn5*ngE6A^zJrP~#aBgWtMZwSP(=VBky8i?n{sAzMcj`IAs|1fPldG!N zPWI;J-&{b)iK_U)NckM_MT_yx-r3n44eRZoYiveIj$lw@S{xj_9ZmgZczwA7-JRF| ze){)K+&h*P?Q^R!n2FxKHof=Q(*!>9%5OqHOZpe%2s=*|s}!{y0}PQuyXjC6&J_#S{g?R59x^%2LiHZOdcZpt_NQe;JWHEj6?7oDJ3hj$_*Ks z$@@@KIB(u_T?KGe0UV32r80u8v2Y3lPyN-_ljseI%yax1Xx33Y+`C>8gZCfiqEpmA zY(Z!y$he{NcNy0jeJ?E~rxrFK$J^ZnTgZsKZLh!<(oEY7dbJ#(m7DdPu=(#FasOOT z$L=HFW;a=N7ONSxCK$Z;P&dk zGmH@C_zTBcux~>iK^ju|$d%gk_G@*c-jGg$bzbLia!SS~Gt^Gc(2AeYI5J?Nq{cKF z_0d@@^UbR{7;E*5prhdUcOTeFdG{1EQ2n#0j3v=TNx9$nKssk-93Ni-AM`P6DBtdU zXO^Dm>h7F)d@BR8X^%|!$`Ipy@pHG$r;@h<^E{-rZ|q}(`L{nOhCqP$JBmk9@pQsu z>GRaKUBSanN5IsI0)d_#$|`+kIAlv+1pI zGNMvDu^NZfw^p=wDzb_CsPwxw<^; z__=-D4&}Rz#rGUK1-DnySk^V5g&Ua5i*TLJKwdy1RWn2OwQsCXn4M!1*(GUfgS=eX z6Q%+a>yqMce+E-zY-!jun%Nud9& ziurrhAUn)mpeJGaaoWc%{MTvJ+*H|uG{-A+i+hF0A>HNk;F=Om7g}sqJw3Qg_$+aq zOTV_9)X27ZySKfT+c)T ztLT4x6e}+zfJiIk>eFs1+iT+E8a>z@KsTO?S1vC%pobP zcI}$&G3EBVMIb&}WMReM;_Sf7`OEHykaC9S#m?+$UbB$rw%ofvg9r>xi+4NWU^L7H z##Dw7fAFPLCY^ENQ|}q5r~y^T$BEY?+yL!ZE-lxHjz1F+mVcdb<|f0dlY+%1?_ zj3A)%I+k|1j}odO8MCa)yP*b3?T3MhWWDB^K?Gx`50Y+;zM>9MGS99)mXO29d2tz( z+1BeQgN=<&R*sULncV3vP$1qpgnwTzj9AhdXrPDFvok^8lK6>I@*omg&Bx37f$ZTv z4)T%*OI*rFV8}mhM+tRxDh$umwq^U0;~;WV2%+=?&9W4VyXWxvnSL!@S;besPftbv zx%b)Fw3WM)#}9>#PI?7B;#tZD2IK~GTb6TpoZSYd-A_JWxcx(K5fGFyrX(|XBT`mA zd2byhuE7TbtXz_RJG#&(2})jil`z8>igzC*0%eWZD>=y=iy6 zxvGfI8_4lzs!Ui5s@%Y?X z3ti9Ivp@Fr?r1y1@zK)m$aV}>!}HAgsU3MOkJ2!++4H5B=3$w^BtkwSkrzaq--o8u zWFTEkXsf1X3zBTM!evay@Nl5wE zLOk*-Ajm3D@g<4Chh`Vs{7p+HMoLQlZ63>Et|gz-A@8jx8|Ii)i$<{oFh|K3Q~p&a z&fH-#|6+24&ybwe;)yP6iHeB9#u{kq`a-joxP|MuX}9#8KnuuM|128c3xfgVuS%x&bJ@6FQ~WCBZD#s|jnKIG zn0aG##V?u1L>y>sa>Ey9_7Bp{YxDU9|RT~um*0;bZH^hk;o*y2Y-_6 z%a9){gBFrWMX-}`gyu@WEK1YcuUh4j7za`RQX-5q@pC4A-~}gJMtNb> zq3dbqm(vDWz$@|HdZOl3g=>8#d&4udCgOo7P?N_C_3NY!500gj+1E1h`;lN#S3>gmvXYQ z$yn}S3oENtqSudOMtdKXghl0VO_9*zacWitX#3s2y!8X+&J1uRL2zzZ71!|oQk*@9GVWC1Hh!HFpgPYv;+;g@^E_yq-)f zQ*-!(I#@#U``XBeZMoDG!%z%>WvsTzHhGLI(XV6T(Bia0Sk1|D9(a(chn;ni$_$*v z7CK=Y=&p-kzT^q(8XT)z5ab41`4nur$#eyrQ?42-dAdEuO=ami{cT(w#(8?JP_3H=yx-j9*` zs-GyU)Ee?jr(t+8shF*gc4~JZ%fz?t@W&$t)j{|hzfmtFYN;^0sW*6m?9fEEXHJhc z-#*>7JjV$R9>g|7F6d{>&oD(^l8Oy?E(wTOyQ(jW$|{-jmi`ebch3V%#kUb}7`~gL zJ{N{Y`sZ0gNEpVmnjE)~frNAi9~t5J0!9ZlBuNp|#%7kfCu&M z&Eg)8W~*NigC;89@W;J^r3wt`x2IVu4J$R(*%}L1x^P}ojoP~rJnL*8=Q-Ki>?<}H zGiMF!Ln^g~U99mcrdZEkX53>M-X=XX%-6O0-mRym*%CiS!Qk2@G{=`1~_780+d z7(zC=iDsUi6-V-lsY>2se{|zJDT?Un6(Fj% zSpvS9?C#HCusv&BGuTulC}$XAQ8l`*jJ8Fa?ONX{5*Rf*XpP~zOGMjCsa53t>VKLd zN*sCKS-SKtODga_U7SgOU~=4an2XFa8XcTacNIi^@^;Kwb+2SibtAs=p|5HV(eZS1 z2+-!qLROV$q0~64qjw3WaZ0FXt*qy!47s0kvC{Ia%U`}ELlT10%K1pR*cNbB8}=aF z9Ow>KeT0A6MZd={B;l)Hoz=H9LsXdliRGCo_WB!E$$9t14vfBat7MF4q^U(eFm{WI ztcu1FRpCwp=~ymX~x>3^j`Eb{jIq=1yGp?3B9ku~F2OGi zrjrYF?i*OznaiVfGXfO}4bueO1n45izVaDK5eEv;gH^fxarsiQH9miCTf&nZI9al+*(x#K}*p`#xhJBXaY1fNSm6&mofRwu_ zZm|P&+cUqHxw*}|^)_qv zCwl0eob~%!D<~4KEv+=WYdy4(mWUQrX>gbH4P(mNX4)Z;tGr=tx(at&;o`>8zH<|! z7MY*-)pGTXswqO5n}8(K;_)JCX$%C}vjB^6GL9G?y#unD$7oA=l6EP1yUq3OTx+?; z7Jp>h{`EV9U9Ffpwn4wbyeDA=@W{+#)K#l)9vLq}FXyfgMbEqZGlXmgNVuKHu)(Hl z;oA{y*YiJ-aLwgrjIGb(cJcOFJJpBj9#zQfbpUp4lThqUqg#rG&SdMkRDlRV|RqzjZm9KF<&iUbK(_fT} z8?PutiY+Zi$(T+M{rWEHZ9o>@Bc#Buab$D+BR(Hn$+(n^1oE{mImg*<6xper4)GU* zf)%g1n8jo^`Z)72bS}k>@6pZDRo#J6(nHSLTxRhqz7$Hvqe@%F)>))lZ43g2cgZf+ zTMU#DE{AqGKIx6S%xz%@K6bwSobL3*1deyP3&!xGs>Y4tkyK&ZnM1_M`@TkVVDYqO zz@?qgI~;iM_WVYGS5`}$%O1tZzKOG1fgBkd`LzhU+-`AC$3tuQ!JOqBh@79{=C+}; z*Pr@YK)3$J$1W0*QlL<0d2>KuVVWi5K0bY*X8L%{9Q|{ra`W3^Apbj*RSn; zrLClw{NR4J+Vy3ee+&lo1!rfBXRKe)y744dCjLt$aWp2le3vbAm zG`ZF=RH-h5%@;3xMNc$#d}?!v%q{DuY{V4DCleK81o$$-d2QR>;_Bct!Ulnkb=a=E zrs(@k$jzzyu3ix?80lQOqj)O!KDn z69o;A7TH~&Mt!^g0RMFSd}nstB>Ik($xFt#)6hlzXmf=@Dl1%DyZS~l&j3*XC7wSg z)&i6@GWbG#>~uw_+!damm3ihsp9XCpKVHya{la^oyN~KGVaDeZufx&M+D_#c$NP$- z)f3=-{%xy?HB3-9k53urBo^IgKzq!P(8nl0Z%Sm~>fw4nc_CBl?9&z!5>{GkzQ4o+ z2!3Zx)&h7e|8$`jNi4darzBw@$W$VA>$Y3F@`mJamPPe~$0R#|D5FSt>>> z%zh!?3d%E_ORgM(Kq@{WGd`Rjb2PNRV(wM8d0u;u-J{Fw$iUR!XC-vCGikT4c@iiG z8s?SB*e@N3&rJO^rrn=SAYE<28ecRge0!eGJ9ZTYgk)~}`ep{aHMZ#pr&Y@TnyEs@3pJi^hr=LxeaP!n zwsO?fsSU=M1|2PL!yS(GI3}|Dr@m5qTUER74~F7z(z~&E#>UGUJ_)tkz&%f6K0SRh z*(IX21e7>6wPKuX|N@&cUhp#xcoc}_vzAXyERqofv4XJ;n4u6WAvdMvp1dR=vwQ$Ta$*4 zn{e;xUM&5lrCqOcLeT};0eW(jlB|qJPsxIJR^Da0wCuU0VUo<(jV+pf#g+=eajRl| z44SXL`lMM|3W6tipPq-J4aB^0GR!_zD?B*WnV4IUK5%duBg=xE+JOO)Q=TVWZHOY+ zZcpnXxrV(TCGPeoPvah zk|#o`J$zM;y1!3!8LK6+#nylGti@ zyQY$8F5x|W31C+WE|I2rV{BdOBXNjawzRG=4;cojZ#}#@8cLcF_!`xJA-B`jI^E*$ zd9bX<2S7j|dHxvrE$=@TJ@c}uM`!6t>M!2gc9A_lKVHxhruN7*1_TI!SBEB^NTob8 z^$b6K>7XujzUED(1&#n`wHfH_tSm;OVwafFBqAms`%dFDbMEPc8D&%9Ei0ExQ8f#O z$P*5^Jv**jr(v68h65{K#Ree2*EZ^64y+TKU8kM(H+E+>2b=AS{5D!PI#O)$!BOZzC@ z7Xsf)FS>><+(eW33Y~C@4f&VpVU@TiUM64V)_U)K$+yi`ctv4a^I0)4mhRETB*c9} zf1T$T%FkYvNjERWfsQluA#hdO(z$6s!ib`r2^sPNA%1b7A7deg#VpUIPjt&FBg48_ z!#1{OnzBJxmC>u4ebi>?g^a5*)fV_>m4Z!I;k=-a#cFFpb(PS07mDsw)gM~5Y1<^` zez7lo**W1cU02y&A)7%~b7K##IXy(_I&2p@i^Ya-f4up@csAd8+g{$-&Qh8HLIGAz zQ7Z)4y+o{ehpXk&;?HVOSIU_)HNG#xPe(@)l=_i|n!5B(>E*e3b(SxvImJc2c{yfJ z&%o8%I-ra7fpNyUBV*gtP{D8=%tuqpnwWc=t5D`s%`w%U3oL58r#iUz%JYM+b5st1 z?%HvO7UBVe)@^jfTbS*jH6(Q3L{3@v~CnktC?Owo0`s>+vfj8Ve@T z&e3e)#L!w}OazPT=XP6I0o9p%=f5-o<91)ygP;}+T}s+rq)p!4uh?eRZdD1~VIH3JGaik|2Aey!*R-risH_{Dq~uR< z5Z9!=*Xa>+$|}f`Zc(-s>Y(_zmHC~5aSXUWKDcMn!9qsIB!~le*yx^&YN3xVm1brz(U4l-6b>)wpCK0~ca_RBw+9lPs{~bzwdxhr3ArA|Q3$fhP5O9ZA<-V~!hGx*ixS zlL-wB&;q~bY&m~rzg@Q{K*>cO$_)EfTmWF0`NjXmn!p+dEL7|^hr59rLj&UgC_tvO z5sz=ylEx7d7o=(xh`5-V^KMEq25H*0owzQLt1YA(U_%gMq2M>|siuX8V!*omsno$G zbC0RH?vQ~4Rx#C8Ql~N*Q3h-md1L1!BD6p!=;-(y#|T#`y%5q7 z_^Wg(McMk-SQ@YC^2Tfi*oz`1!TZv{U@-XpYsF;Noogw8iMm*}s)faoL#Z>IWqXO- z1!PtBft031^Dex%O^ZX_P~RcVqKxrU?Gp|SQu!CL#(gkB8;^2KH|eIO4Ef&#xya1A zJM}7=gDnLMAzIDd&ZOhZJTGUQ$JtuGu8>;h_0TUVwghqB{`Fks0#gd{7B?qb$57Vo z%w$6G3I@nRI5nO7S){LatIxFsB}<264ae^b#~1kF_{#A{-P3gO9h}HKUWNcrB;vG5 zI-$fZsAQ&c|%9^7*9V_;29KP7*2;X{#B{w?D}YNjrT#O4PD zIg)F=qn94Ll7K<*y}HgN#rdddw8zWU!6%y>+Ed#EDfJ2IJXAhtG4bR#q*?go zOK|-p-IvGKS+|GR!jqFzs#Kpf+K;OATqLcIJxj2F#98r6f<{JXCO>z8QfO&_qI!y;s?F2!q-McW0*R00 zmEqamd-RCK77eHB6S@r#OQoNv9DpUOHnFLmI68P0`y6Pz^fa~d@|*z0*JDQ6<5 zSsWECf!uD^y(UL#P*)#dNV*|kdg};w`kilG0r3h+UDvACmPJj_D_wDcQ2u-|uog5XV^Dmy8Y zXR?KPW}D;bMbrhxQA0aZ3bxwk19}f}x@pP*JA3wGe2hu`Z`un#Zz;+j@<*}EO+8*C*4fbZl-LRoRrLGa#O#YTEpv-$|!B?$=mTnHEsk5SfT56k* zIG6D?P*XhiA$PfvEy?c9x*=} z7z*H5TisCDwxDT_gLac=Uur1b+3M*_3dXSsi7y=h3Jx{UT~~4t&FzIeG-C~gq1cyi zFEiwTEA@c`ZW;36R6_?gzB?Ducs~c$JISANE#3_z0?rw!DF8@i985Ct>#p->=yOmz zTOV7+`kw9x{Jtel5q%tKk_z52%pg@FUm2KrCu-i7#)ro+lR@8@sFcxc9_v=INb0kj z74u8p&N3F9MK6^1#-6vQ^wv}l4%eqbBy&Db3woJes5p6hGexXO=y1YSji{n#Euh30 z_6j#}?8#VV-gz#cbUF|)m!hG4+j!LGw+m!WmZ28xW#z^pDRUKrN)k{;sAsNCOY4~Z!8058!q`s%wMpK09W6`Zh8 zKMxDOJ00%^qaO&o*)m}u2W8jHhC`gv65+dslg7a`x2g#ZD}|oC!|BU57Rn| z^URaOuXitlBhXx=f|@ze&3B5v(d*sxP&lRS++hSa&qG{mbbJ7|ZVy!q_cyU@CA-*n zi;F>(Fm1iFoY;6k-LCpwR7@;x8zPd-eY;*R_AsmYVoLs~=>RR8!lR#E-{OD$pPwE4 zrn^wz?8pGddN%PR!?2b5CaN{U-oWitUe*pRXLew`#-1;CUAG_KsodZ&Cb3Po?LA44 zZgGR%-Ex-6&iM_xZs6275jw_cE@zht_-(^f!}o>;uJKlQ&k0hDz4D0bqmp+NPoFq3 z7`(EsKDl;1aL_y`xpOqP7bI&wBQotWG4&^nYXgEIWKa zy}N!f;VNoc25^4(M@x+Fr?+kIZ@q8y&XgwSM)S**dJpGN#2eqn#Py>;Lm?x@ z?$fh9xh|_*^!l9878aI397ZjTvD8ktKj-7wTxchhS-ZOsbJ%R3L(mYR6TdI8vS&1M2%S&wN+cS4=wnLe?PXno*ZKti93^n<-M_%A{jpg>{oGU9aEYcJP@}?f7unRUF*<8F=4Uu?bA< zy03j5Xv~UnS-#BkCq$aGR5COJd0l{5N#K3kKMdw30n@!CyEb_4O#qs z-RcKa1#^G!PwKwDRFCueKRJTz9r287!OCDpj1P>o;ktmB?6H z3&l2$%(&Llq3@m5OldH$j=Q}9C$(Ra+{brpIhk|K*%G=<=L%6SH(}P0=fb7VSMc$US|5)+~#>CFwZ?^slP#OwQi7G3(dS8 z3RI|sEGK`LyQIbyj{iI$>H~W`;OA86VYypdUw5s3H!QGSa0_4n75Q$NZ}TvsUUP&h zhR)*Dnk2{xQRal=Td$INn+@xq?gDm1eeXCv)|9|s=u9-VrQz|>-sU>-l5LhR5!4zs z!#JD=3mA-TZb{wb4~i7G=O@sYRxTG;+gjd5Oojl~wn0+#^`u*|hi;*Btz8%OwZGg( z**f>&u6HlO`n!R;7wBIv#;qUypQn^@Xp&i8fql9U61I!%&W&fke_eKTof*H;Mp`$o zUe=`H)NqxMdocC84ktB>65G}DSU-1mWc;F5$(G^9s{Oi3Hz_mze+^GFC@tBM5DwivQquq@^4>39^Q#CRV(Zd~N_;ccCs(4B*+wH&^k^n0BwH zX3!U8;w0ALGaD7;mH1;OBQxpmTUN#SEmIv;j$u?>$X4zj&U#6+jX&_XNq=pl!j~MW;U#+VP{!_xjV&C{J3*t^QksEVfsgaY zyIjsy54fo==R6{)alNKyo6qeF51kE(vW}h$B|S&hwh?!zEc58Tbo_$6fGfv?j>dZy+g}E?743b%D5a&eP@q78;>8_`yF)1!+$F`G;4a18-CcqfcPQ=z zclY4#@}}pU=g!>s^PRgtFd1gUO4eSM|Ia)Fi9C`Q3s+8o_<)_(xb}V6EpW3|Z>oArRnME#}N z5q7#qiz&NTL$gmtHfTDVFA-$bsG09x1)__cPpmq_hv;0zZL`V z;~7|MX6Nn%hL3=&Jj~T ztZkx-a9kBvGw0DqEwck?O-g_!Hgdi7S*^DO=nYI2VakWC6!=tBCP%@aMIov@4vvd2 zJi$?VpQ+BZ-9a(ES2&kVsN|-#PwSC(iYPN@EK1MwPm^Vum}=7jcui=_mdsP2C2Rju z$20EixLy%%@~*UOUtheO23hCgr7CCzweXho;?f9+-Km(=j;Uh*yKS!oNa~f~RPjX+ zkd;{?ud!fpE2EoCgmcr)33RuV8Ji*Ft zx$pf~*SX(<6U%Ah8F795Ur&>v#oZI8jk0HZ?{`~|Bpf_U-nTVV|vl~ zWHw@|ob@tOKY^wt%a(?9OL19Fq5{K{%4La_B!1eLR3qwV0x_p|35dKc#Vc$t8H}9k zeP@is{~Rp;P|%Qf=P*AZQ{{&COtSscdV*CXy}fEkRkqy2EaPDL#mIfyNcJ&7dD-d| zsiwN4zAO}6jHO}+rN%Y?+G&A1LTB~DBm zf-z(5K61M}{Al+tH+jGVwObTt8n?dC3n$}a&7^Kt{hGVSOUTVMdTH0|1m4r@w4pth zFaGxpz{w{S;yKcKJ6!9ZD47>;_w}ZW+@Ay~@0s7d@oB7?314tPlS=B6(^Vtpa-Blj zlY5WyosjLX{_-b5kckp)2+~ip8{Ca~Eor67Q>wKx4b#HS;<(|-Z-R0r63FIlg$5aK zXXQ9lFf(7a_!6+~sq3;YsRS%`Bk=(RsCewIJ`fSD2a9(xk7u|!oGvGy?Yghr<=?Pw zkTFlJIB=*HSw*e7p;&x0$(|E$%ct)6A-AEbt9Qsx6?MEMs#Ka3uq9H#c%Hvb8TVg> z85~@;I;OSW+}AN{J~y37NB>7Qe!G0~UBtBkhd~Jrd$qfFWoH_@eAS4h{uRp(G*2*` zuV+2wu;FB-)qMBw=JSThsnV26VX^G3(B9<#B3rP}%?JsBdj-bq;r@!AfFYUxLR_736E5 z5|AONL3Su)4yhCzeG!ZMc5!i16D0FutTJDz#mSI7{&>G&_0j@jUHdjX~mOiab+SFfLY_^LX;e$ZVm3P{EF2C)`1#Wt9xJ+|pn&8bk5;2?17CXJZ^ClEiYw|5L`A3_d3Jk!00~h~aDxsFmo4Hf zEw%X7CL?evLliyLt(y?1>>=M|VbnWzA4YEa&-FXdjECW9eZ|~@*?v%_v|T5kKRPKX z;S18ew^#tBZc%>@%|8aEJU3gHThzvXsgR=oBvK;(_+h9%A-7*q8Dam4O#lY4q|(6{ z;Y9pyJ)hqEMLg z0sVvS{&)TV&Q%nMRv+5M@kf zu3+g(Lk0%MMmsXH(lTOFypGpeAexQ`3sLEMHXTGd3s$R^!>;zuAg!C3Xs6t;^QE~m zohC|$TQI(U2>BjMoNi8$*IZ-E(;*xt(H}uR=ZhE z0anRKrTrN0z`2G6m)`G~tMhl)k4Y$vSUh9yOssE&5dPoKR|YeL#|-}yG*9KGc7LPI z9YGudWLCm5U-+Tbkfxi2ipM~_)|jl;BV!c}fk$IvcDL zs1d{;F_ZYbBPX8H&*5ezU4WVRe3Rs;*OOUfP|Q#hWbDDX@Aq)9dB2Mk#UA!n(i*L zuGDf{CTS+g;Y`^WS{$v|EkE2>K8%x0zM*^rm)cY~T^Z-bdu;6)j)+2RSeE^GmS||M zMp+kTd>=Mfx-Eupys8w`=zJ^}Ktg52l_^M{HJ#P?waR9!0r^(Pn*XoaOjJTfWCN>X z#^T{@=Cy!*o2u2G;LiMr26slfhux0D<9L`{ND(wAPhcbB!SKM%H@V%i0tVaWj|bQn zj_Tkx2YGAUG5uFj60tY4;tuf+p=PNe7u*Ex#dI?ZmugRTjgxhZLtKZ?V$2vP)g064GINq|kHeU`(6$*> zRz&|yQrG&SQj1shzO8KjZaUo^2ha-w)|iu36#tt@5xyRc2?Dc;ca_57AG6J33GUKaaF` zVb8M{Bo%T+(ZHDgV1K)sjC?-{hC}g#siI--f+7Mfuy+O4@X4L|LsA}yYHjtZAr0WP z`y%TOhexczS74Cci>NFN^J9mr z1r8QTQS%3{R36T&Gsmv88t$A9!o?b|NQAim ztTG^kdxFQiOUVnln#n!&jHNl=9>Vb}EyiQ1_as!moqg%u3}eWpb8D4jUt{xR@N~S8 z-LJ}VBjA4*R^p0fD4%o{xXXo9yfr~J?mL9uwxB`V|GGNd%3x)Ev`1rsqQqf#%vvOl zCWAOLU8V`B;h%*Unj%3#QlrZ^q@f&UVTFeq?Fsto zNQ#;{;wEN8zsI=6jCnxy%y?fOrOiE3EVUf0!%DZgIpx&MpYk6~ShnJJ+`%P~G`|}* zeG&wQasik^Q&eI6gGgnyEw<3_aBRrLhSMQ;_8Y6L0b-DII_%OwfJJ1+A@LiRuz07{~ z0xs+SN}|65!eD z$hd-TxbZ9YnBu9@*B67p1JO3ZA|+m!tR)@S8wF7<0*Gr%8&x1^e9*NstjY-Fa8K9h zh?LQ{64P5_TuNd*;Wp-YP6&t_xzbAd!V)qRJPQgNC3z1(3thnG>W}>P(nba4w(D#C zyD}kcVVqh8>Z#Od2uk^nY)4t_>9{oshfykMP(oFK#>*e8ys zJ_nLns8hYRBEgN~XcQai@RG!T8mDJVz;=QyoScjWz_#mkS1VA75~$MR`*^-LlNC(J zz9Vvj;-3!ta~i%)BWr7-*v@c{lJL)VGrAH7O1M{VDF7b{ECeWcl8C@SCmQ~2jVsbk ze3E_@58bxdFWS=lj$9lpJS=v=SCf+K@`w5F(sk#J`;mA z52PZ@r$MRW(k6}@LoI}2hrZ>KdP>Bas|2_?QWTn`uZw!}w6FnFI;P_BkRx9s9LC0FTE}7!t z*OF*e>;4su;8$^x#?5yo*2B<0#k1pI;Dj#45m9NwGd7_(6x1GboO>EMBRBH@%nHJ> zJ=Syb!#_*2&=HW?r9RtFwFs^ao$3ZJ;k$C}*jWo#Z8wQ2DpC(MMLXEs`Y1K&KV<}Q zQd)RUtuKCdAn0HAFwl-0tEC6E7Z7Llh-9vl{KJjAK-R~lJ- z?wurJE^2!7Icm50xEOoeY7elDdJHny?f_NQ17Dpgq%nG4@s{v6dD1*80=&+VpJL#D z-!3G(>gDLYgy~p0+GB|F^E(-{pYZ#O%wCFgcd5F!L_*^)O@fOgT$JVuoyADGyySCx zjn^XffCiLpMD+!b^V;XJwv-9yUBXNd0=TMw5;;rB&$8{Mo1UJ&@tOO$Si$xL+?a16 zGv)Ssjue@@?r63y2gOE==G+5?LyL_2e)&*<_uA>@SUD6z&B6MBniJmb9!ftq*|6Bw z>@GLEUh(p&wx_N_&L!|iIV zK_)ZFvOPzTq)QN2p|N&FMBL-%A423$AN8&lIFTFK3^0T*-h2d|@Z9?3>h!Cq3O?(& zne1ulnO_(+SHBHowL93BV|agiy5=3-Yob)Bc~CU~j(v*X(r7dZm=hBS7{Xg&YlYyD zyxL$}f}g%CID5RZH{~;lIuw*Qoyf-nmr=d4jO|PYUW#4Ob!%@Dk3r=EoqA_EbQT zk${0t{I3^E6sQ(Ual~&gDt1=ra=Tz#GVvF74z0A-E%2R2vv#^Y`G6JQO!Kf^tJ+Vg z9jkCIGD_1yhZY58!ow=1#2?!74#UFN1lzdY3{-A|UrM}v6`XW=5d!q}p5Al9BqV`` z3jCV7e-?PQNB#5l0g~1p}ggMeDCKqyqFiTW)P7O&?k>$ z>R-4f2NJsRWzy~F1J^auY+aowW9JRvp}V>v$?|ndShkaj7t{zDWO2P3Rl?FmGy|j* z{6*CK*?~Mv@6f~c5f+;fW)cnRvKZ=0oZ8Vb^m;KytcvIj)wDY=9``>(Ek^AbJ z;xmyR#f7SjL!2xvM``;h`^?F=R?SzlQ{SXOK&}J_+S1?O*d8K|D#eSwXag#b{o&;S zs^>ni4gZ3Su%gmpa6(NzPGHxTfl&SFZku<+Fm|&>bHlOB+{DT*Nh&3p-VBj0?OksC z=gQDY&4N~(fkeJpD9-I z7)b>&uM8F>Yc)oQ*%FJ#XJ=#>t4kUhiWR|;@$ymsGc#&sfGRAew8nWGN+svLkdVVi z)fJPfs_`xq6RZ^!ag`x%jqs{Z=Q$Wpx>PWVC29o?H=ibJRzMSbcS!uD}%$x zk&n4AZQ1U1Fyq}4KcN~WoqA8*hXykrUn15y&{~y2lONZtMW{o)?;Tv!S-RKBRV1Wl z7TQzcW+|Q<%Dc4JpoB`qbta+cc5=LQ+cQ1(M}4GBPFw`4L?`rikd~*e9`tJ$Nu|EnS8LV z?o@-|_81DP*0DA1Mv%Luv6Lpv5ycRqBR;!oxbZNtvMv>!hCh{&PEOWi?catCz%-lca8yfW9@~}%!Ch*`pZ|sPO zj8&vzpgAwlzMawQq+2e3{CaR$EnDQ;f<`u#?mJkWwf_o6}+)MTc30K`5v& z(^H(ZRm+`a>*$g`yz(W>e5NF8x{}(bu!OKC|ETLogT(bzX0jZsiO&#N(5>TcOsV#N z=4e;G?A~FOWt+D&D^4cCSg8yKtVnU&oc+zggf=-_uX&0joX#G|++(j{(KhD)4MKu> zJ^U{8e~}zbH!^B=e`o0cM5p#R*f^*F3icNn*Tivnr4pn7sA^ z>XjL6GY{3`K9F+n0nJ2Ewx0b=7VJhXSCSx{ugb$w#R5>!+(~XhbHlcOh{s^=3bw0P*VE2 z0EXK#K5kSfX>6l}C-==L9rF90%2felM5^sanhgR z*ecrYu3NiSI>$nuIULkmXSx;(<)vlG!$V%4XKG6d;(nCn{XLWV&gRmIXxQ9;XZ34} z<&g| zL2XEJuQHU)-0~dTfcr=if2}Qx zCn*(+H%alW-}a2`KgkZlTW@W*O=`GFD{VlP?qeU7wHGzLr<0~EAN~XvCCLp8Ij7`5 zAZ@(;r)(Bd61jb9KC!^O2<+LQL-a&()35reEcG)V4K4no56-}nV+W?CRcsNzSPtV%5^_msF}}Tboo~u#y{n_vs+Bk|vMmD`nP) zBvuBgC%|VhMbfN_fF4}d!PH*|V&gR_Tv0iPnDJruu_B3Mzch1PPGBTh$@@3#`wHh4 z;J}=Z_ra+YWkmGKZuQD)kN17-u;%&kQ41rjjIHYoq_f@@Ojx&uvX^5;D*@w``e)q} zH@e$&4f^L@1NxNePD&L^-7aMv@c9ZG-k%>h4f(tU-zPMHXH4D}2jNHnJ96W;yQ=&O z{7nxXpfvoREy0cWkfKal3*J(EH^RKbd(%2&#@;VV-6tc_0JOKp#hYD{4Ock|N$_Te z#^>EF{!evD;=qsQ0W7Geyc&{B&qhfO*#g_{m|5IqKmMr4JR}XdL9KbsKE*gDw>vh* z$*l0m)D&0~nzvaf3N_=bW>tMa(b@xR6Po$tCjH`9*Q|``;b7j14J$h@RVznGH##{I z3>;ni-a9!q$`lIB8;ecVocRoI@Z)dih7aT&Pl~KSt7t{`*GA>4iJ!1poG3O0K zt7QVYRZaHvsRw^r{L>%ojCv?`ug79tkyvq`>`~v3)u&ar(R2{V^~ep7zF%w}vojI^ zY8+w?_K%IDrD*bL;rmu#3PU)IV;P>mO4d1O*`5W|or1O*iRC`p=TOdWpr97>^_ob_ z)@6aN*-eS+oD+zlsp^z9-qPHy-6pwu0L$#9JDQCJl}M|oisq5%>F%rfH3I_!IUPDZ zO8IF=hq@Hu-)^y|60MzB86PB#rCRgxA(E;iCfv!U1Gm&E)j3|sgZIJnCJ^S?a?uu&<`5V5c1{?pAhvTi zqKcwIj0#95X4YT*;ZV|GKUIn?z*&}E^0sTRJ53D_vo->1Rjv00+lD>zI2E>2B0_4u z-R0;i^|@21hS1;ct6smHd;Or-_=}d_-q-4rSy-62lub?0y7tePz|>8hvcld<<0<=0 z=?YColOXbaOacY@zSQDKkn9RMmhSKujGlb63d$95$YzV{^b-hS*l>|g3&m?()ohK} z65xz&>yt%sXt%Ga$|C$V^{eu0uY8c`D&4s~v8pxqeay=$Kyiv0my?N$QE!Dyq_HNK zLK@S7fte@mPsYKqz*5FNeKMz6b{Q|#P4GFOtmXU()3;{Za#GbrOb@{0Xk+YU)s+*O zq%Ovpu23=dHq|vR*ILO8fSvVC=8EoAvA|qV%e-LU12et!h?1QugQvc*t&~vffnea< z9C-uj{f~Fel&JQ8n5dQZ-~7>4q8Nt9qw~f-DLFJ@b|iC6G)FxlvAN+MviiYYUte^I zLxs9U0q;lz@V$k)Qr1rx=yq$`R{CpbfrLVeE~<1LkyVW+_!-Rn%`O1v>S zyi8X+;UeOO{E7EIO7{>4B|XT;k<%LykrNJhx^ z52P`QKFhPv0ZPnjQf!1?@))Ie@Lr@@=`7KCjRLT0nB#XD^{8USk6GPy?D39!J$Sp{ zYtpC%*nBHDwtvxNM6_p-jS=yR5Le4ei!jc5+8pp@Yvf43HMlqA2!sGJPRSKG+TaW z^+3o!#F_Ue&Vb^ZmeWdrZTYVh`>zwQ?>(C;QAKa2!AHcqDK$n76_Y*>m_?M77zBu{ z_tBq+r@MTpBjf-{({`$JdpwlkYoAAT8wDfc8@*S`LRG&@*&Z!t)QW8&^O5Bv%Y}Z_ z{31NplxwgoX7_i~#@ry5v{ki#YOVM!?7L6DCJG@vVYJSh17#OKMvX~1C!?D06y{6` z^c5MU0vfb?58`o>lFTG@@X#S)p7(u*BtHdQem|6EP~3{hybnA49zn+Q1*0?R(L(o7 zCypgBZjaaOL-$<&hhZ?qi1S3HI=rB9xyj#;B5U0~YR6u=H}Ja2U$z_gGus0`lV?he zk*O1`(B9(FcPsGmH}y`aqz}E8Dz-DUFn7a||7Wz2vwId%oIGHu6kb!km#E0>kwm*q zJ%n;QOE&)gp3Q5dpEA0}oJ1u+u+Qxb-Tjhr|L8|W^D2Bax-WO-G?&z4`2i;y!mvUx zdwP}CGx!O(4Q(QQ*!Xq(NBz~DaA;C}8R4;e_d>S^!9@|D*x}Fk-)M99oNhBJzQ&kz z5id`*%=6YiC;-_j^nAV`Z*{RVm*o=oBGB%ypN8UD+1>zU*6oPB;FD0UDT4h~H%a=6 z{z%uv&AXXxRO?;mRBzL*{DTG$_Gw!o_VjKi-WrUztpi$1ErEd2TlX{?bwewYFcuXE z=UC%)HN_pF%RmMpcEhA*C+Ss&uhHILZ3xBEJ28-(tR}(Dv7hktB7f4+7;C!LL@$^C zr5j=yq}+OaV0{3X+!)?A6Q7tSX77ykq*lfP%B=h{D1`7(gJzs;uk6O+lff zuB^#;{7FP7Y|49nAm_o7FS5&mhNUL{eP%7Bp!J7iQG>7psSPxc;Mr^p^|^RaD4+oo zEwIl-qk^|xQz3q@&5s2&;y3-Z;Q|%nfTCQYCsfSkG5JDAedy|IQDHChMkK+_M39Y@ zU!WOtkL9*^-7n)ezbVaNAo;)X3}=YsewBc_zueA9=rUK`CDC-wfAh+rG3zGV1+;=* z55SCIbAD*?!MPB^vRBw_8L|YuUp9M@L&OwSRc|hKhA%EI)L?pm?f(GBXT}aZ*OYep zXp~6Ey}kOjKJuUOYwtgVnXtl>P{FChs92W0!b;KE%sFm!u(sj;F8#G#{LBI2GP(TJ zQdMuz54icj-Jkje59bNj7glY6sl@awhm798$<`45kCl+CY-Io;9NYVN&)gq5fgJ*s)u1SB-_HdFuXqBt_2|D^hFX5hnFsOX{`U&+LcnplSi#)fe1r?GH4)aeN<{$ng<{N5 zZWs!=)T>PbyA==koCnyKg*oG8TQk53VI^bCkTa)!fCB~6D8Rwh8e=$`PgG-t%^;Dm z{I7R@8|Mxp+D)^yd`*q`gJ-}!IdoxAniJ?os7ZGBe|Z1+H2ca2fVAw2fL~cznagua zof|zYw_^9yQm@Kw?nP8WJ?g9Zbi}Csu2LJi7rOfmBjG=*8o1WL@Xz*@cOu5yZE9an zjsAfHY=|1u8#KRuq?Y|B!%1UgU}=)CIu~35Itc;1Yg$N6ON+YZz1CCm(rS=Vv&ac2AkgzYj(@ZD8!yi&n^(_kO6O4w0$TYEZ0t~#F9YG*&s>6cQ~ z;J+MOAnbn2s)d1B5A<4SE6KLIGsyRTvb{30LJnhq z)jM}kX;I980vQZ8M`!&fRZLcc$;rEq?TI`iVlG-XZ~UD%jUIf0(^qTW&Xyyq>#wDy zd;m#zhC~<0(v-jtu}>5$(Ou8>{DV3@FOD>zrLf$DTD4fJDB>iTovEoA^OUY=#~^GyQGHX2|r~Ue35g*7@?zMO4S_4z-3Z!uj%sBy6C1ICk-&c5SSo{7t)b&nFdiXuS=8*X2~%>DZrJL`!p#qQy=63_ zFwWlRgnvvok7Xu&K2K+$k#RJ4htt?}C45|R)m$$jZ#FWk`V{rl>cOoX=q!RSLDE|C zV8ZG!@$tkB*^%xI+`6dz&{``O#5M4G$s+irGtTfFGetN+-LgJ$Ifw`2VeC=K<408i z6eJbVdot#@w$4jR@p6O-8E~2~WSN28(LLp?tgJu$ z>vEB(#*0cPbjoDxW7cZ$8>nxEX%sjG@Z1J2kvtgh)aQL zs;-sYJ61aAbi6cs1tPSugwAZXF=JWkfrkJ5E-bUF@!JU~a_nEf*r4V+Bh46lV;g$jQL7UY5}jT6Q0ON+5}&ETXZ`x7Sr0NS-C%VoCgY>{0(2a)5oNmv zbQa|87B29j5?WK*WL=up;%MYp?1#Lfh;ts1f3>HngC)+;<;bZfs#c6G&M-~$>*F%J z{LO@!$jMEc4?fYWW5x+sqqTt`&h7U{axA47Fz2#~3-WCWR()2IpQ4n1wmi z0--K?pKhcRO!jKF8UMFRNz^Xb)XkP%npkIFq=vld+-GVa4|sk(WT1ALs}S;}3d2+m z@~a##!$vV!jmibYRqnxBP45;E(k<-@JY zJjodZiS~qemlC9_MNJxrs7{2mcPfBMX)j3HG4QM1fE)_ZwK3`R<$2^|kxLI#=1`AP zkxjc~lRIez>7*ZnGb9SrNpWYU>j(4N#%4&57^EH7Q-hD&iBDqXLYh?KUfrreJ;r>w zdu75CH*rKp(Jex9Iw$yz6q_D17WjD=E$yZCJ%wugF9|8T_>Jr&5>KJ&f>cg3CF;%U ztVBir^eB?9GAOEJ9m~$5J%d`+-w;#8C!h#>xn37}II5mN-Q6BBZM^k|0^6AnzyzyD zG6@%!{9Fjw7gJE>*juW-J1?o>PJzUydh{p5H_o(N>Y$x3h z_{e&o_!)&fT(UZUw0K%Zz%qIoIHd^o611k@=M7SsntseCytM!u|6amWoK%8BRaY&r z7tL29QFL1k?>A+GtPkhumyRgreC5_w4F>WIw2G(Cl;m0>Qd_*7#D80!b7`hWN1TPmP}9fAxkuGPY1rR9FLPu)vUSpE|YvP$b4Hx_u_lhBoyB$xB#nw%R&Sh zVw0Pm-*LZ&9G@JyG*C>Md|m9^@k!ZTwKdcqf`P8*x>|8YoISZ@ZzhNlAbTp0DZu|% z@E~bNz{CY}@M4`YzTCxvXS(@Jowop0AA|OdM*_}i1B*hx!RvX?*2&uxGd9UtC(cR> zKu5XrIyFerfnm`?;xNS_Gr!mBI&+9sSsOE$xN$SNbNQz^+2(B81wVf-E$A0(cdM^h z{o!UL@$IX!gloG_*x4CZpN31Y3=a`>OfpzNJqwsmp|L@vo6`Mso0VH_-EU_hn%Hh{ zn2r{;Uj8$?o^O7`kq5egc;8!<&Z+nq|EE*4)@@L@aBIO_qU5_;Sll5pU zoPDm$)G2eROe%tRctr$|0@6KcV z{R&9xnt1tJD{P*@7G{e%349apqoQGqf7LA=xCDa2MaJI+8XGljc9bvJe39KU;0Pqf z-(7daPZ%vDOIa>YjrfkbG&I*zFMKpgHPiUquTH;duLOd?C}>2tnb;5gVDzQ99#MYy z*)pxY+vBr-nmxL1SU{M*$SZZ#-7ILOnf=Y>k9Z2J5SgUUmRlj0svg|Y<8>O1)+^1Y z63&!+)23^WTTD3RiZq-X9y%_|{v#OY$tW4s8?zj#zLFMB%STCMr5of$g^rGVwOqVN7i?2J;J#21;~8uFwKc=39D``H84X zyAo^sM=?Xi9jiE&@$1gRKhH&-O;oB8f1 z-V4{ESIX(!x`OZCJ*{t@=<8*(d#L_Kc2!`u&8hdukWOf6otyarW6iR++)P`IhAX?N zs4|XDB$nN{=`3Q3JzB3U*611_x|x|_81>$Qm|+yczn%`j&Bcjcy&`LD>@_}&R$2Kn z{^`Qp3v@{rhx?lj7XOAzm~zI6O=-FQHu}K0HC1pMJEE|y}i_aO{$2jZHB!uluAOiqHwMxmc_zO z*aph-H!~aw9XB+?4nDG~cK!pd_k4`c$ner@vz|x|o1K(YURpVi&VWD%jQ@pvzPsQ4 zWy(AHU4SAkA`(=+Mz|>%; z%QhF)6q~-IYc_KcnmBEXl`w%g=AxSHPG>W zt0{T4)cCI0C(2w-sR#LK!vaUMK!fqJtI8%*Z_iCir(=r$PVS-Rnvg}YKo*)c|@*VgAqK)s|d+KV$l0;o`DgGygVNs_bkFk6V%d>`*WsyY*|PRn$K-?PucuWsCBbSJdy*+=_0xh6 zdru66X-t9}wWL|BT2+WVi^_onJ$rIbQ&T6U8_kBgwUz}I#-N;xZX9a*y>hqIPur&Q z{Ae(naSt2f-1SUf!S|r-+UdV9Y0PcBv1*=n4AX&CR_)cND?SHmp)1Z;NwbR!{fecP z)%C|o@rphqPWW0QjXuY1TLNDr-d zHroY(%~92|MFDs>H9GIb(q?aw{HgJMZJ(U8^JOK;>7;wopb_;9^W zL}27s10(Cn0;6-kO+3d`&1zVdMw(UxZs+luu%f*B>R_;i5qDP^aZ&f-yDU7*|LM&r zMyN^dZhges>_N!J@r`NDKNEk%Grv|wb>-Ksc^=|ADW8eOJ>DPvu@bgVQ3Xxoooe&S zH!0JUdht(Zt&Fvgg~wLtG&884PArAvQe^JD#EpHz5F3QK1_##@q7>_u3b@f%$$tx@ zO3-cwia9`kwB?^xej=HG*!IhXnP?skat^@koSU(>cjE1?cTyequdTAkdyeRE=wp2lKU%w8l{I>mcFgIll%Z7-FE?_NOim0wlg{prgNT82PZu4T8Yef#rx zOpU3B8@gKQVrlOSE#z%o;?Z>hJQgY6xJ_Oh1J9Sg)_; zBkI4(u+lwPW^W-YP6uAIMDwC71p1-eyUrZE`LdfIX2&t4Q^c1W(xQK`sSKOZ+tcOO z@B^EX8S(bXa{b}tzDmr?A7_=vR!5}DnyH-xD@cIUOUr#NaJ0NK>`cF1TVMcLe2ZJl z*V)4uS%r$Bwxa54oy=I|Z1%ZmT+;s?F|Iok-C}-}zzQkVgla3L3T20rsB-+bYWIxSI)rz_P+DA7iXgLsq?_k->do-`$=n-( zG`bloH8Yj^`nM8tdD#~Ojzp&OKDf%MFoJnQDPxiSvu^N@42<-sRWEK3twK@#N>Dhg zY`6-Pdp;jMs>LjNZBKrNz-kjO?WwPgq<8rX!z1R!dYrlI7lI~o=~#w_u{9ZOHkY=g z)`7-kWo7TZr*krS?Q0tSf0js&=|dho7LvsOOdEM?=_aV4p|St1 zSsI*pS#$TOyAay7Z<8|~%XuN1v{242QjM?@bT5h?pPn`7`^henw#cJw3T|-H^5u7_ zu*A{#C>ywpc`4X&+P(mB5Vncz^SZr1j`*N?;|esVg@Y@GnP6UKag=eg{B1o+9FaJFO(M5Nrf-uE~FqHpG> zX|#PTtTHTcy~0>)EuOV|Ltx5V!v#~U;o)TQV_Q5!2RNxOX*=LJ?!Je7YF{MgU$uj z=T`^TQqEkLM@QER0Xon2s@WG#fga~$f#!bFyrDYHS;Efo=WTc6kWXgA^eY>?>FFI{ zN`of&&f%PH#CE5zJ+qrt6`7I115ohELy1(DEDD*_2NX%K`|}YB!FOfI>Km6R z*T2fblfOUg;tv;jKgU#@;RN8V@~N%i!?f7bk{uu_)!|9Rq*sBgjN9ydQbSVowNdUQ z+D1+4a_*~x^A22^y~=Gtug;OPgWkNQ1@9u`r^hk`>6QjB{^9jwx_b)$OsI0xS6R<| z>@Vm&qh!i!GIqqAuTwJ3Qt^iU|5VsK8M1@uZV^b!v=!*ETw0wVYMR(<<$|#i1)s{| z=#uAnE#-x7)q3lR_ToK4fi3~Wl{=OUZFB{@I3IS_6cW<9=e|c*mSzj>h<DZ_WPc%L$)fJz^)zr z9_SeBxQ;z+L5p2AA?tZqyen+vn_od52#QC51Eoa@rXm)YQD^sKPZ)jp>FlpjXB1HF zF~$7d_~WTyJfQGP7%eeMX|HwhOYGNl0lv+`GX2ga2|}8f;$&Ph{?=DbCT2IZ>f8{; zME8ehs}SUrE*{YewL9j5**F1M;n7A9U}RRt|C;cticTcGZkjotqim=Ob1#4IY}?|K zg2N|7`#T&gU=j6DSV^ps+8_cfl*x^jH#18qITc11=+x8{EKLfrnt@TnQojWi0sEQG zVPlq-TP8H(4^iL7=!*HDxzcK!l0aQJy0^0lYf7C6@`G7aipM4^h*}5S1gHwi$_kZH z9_#e9ZbP3i_}y>GUq;IxyFAz*ktUYx9OMd(X3M>ebXsc5EK9{*Rlb$T!LZ72$UG6| z#szS7dI$*B#v0oS?Fn=z^uWiULJycO+~)m!3*%)M-hJSHwgK ziA-F(yKD3=leS9Je*ShLmZ;@YYVP`yolRQ4evly1tUc^AiS5)g>)u2KwsM(EwfQ%G}&xPK(EI!>)XK<=* zDCIJdEv8s$IFVt%o1N!&PebGU{lQ^9Nkb{@T$J&c^6y+^oWBw)P{P3L!KPjzNjS4U zX1YJXOa@zg1ECjSF96j?q+p^vev=ym%4xZWWBA;#_U9#Q&sk9?c#NbI9E_Dm*^2hQ zsX6PUy5rG;14iZtl>JV|mJIhuT#9M;ud0RSUJI4H=SS$zoZD9s9v`(J%J-2tnJe|= zQr~6|6e|xJV3Hb^Dkr1kMcg=1L1)R6i*7QAs`e-f;qF-^!dHhA{{KXn!b~`km$sla(iB!CA z#A1#vs2sk*<6=@@=w#xd^C zM7ou5ABKBIoqKSjMm^k&h;hA2Vmyw%csi5OjD)N>%1`iv^S@C^n9fU9$VL++{_^Ik zf%f`FCv4EGEooMZXtbw{FUPFH%dAL2xu&NC<@z(md8pGGpAyC6)70zEqzwm#8WBsgi=Gn&c? z8O=kCzaRJzGrG@P6vucXN=zAth?vb1sZB+D>y(qfR$rD)f^5-q)6*q)S2 zylWA4H*SsHuwk?nsM5!}h4iOaw2EET*KTh=pG%9JkX=~1URT$i&E896fy+ol!^Jhu zpN=^Ef|MQL0i)hD9J!=%HCr!SYke06JM3MWs(luwcn4y15jU3g#&m8=Y}HXc#%h*J z6CHG-tb`~6lP=MjQm1>viWB$#@u6)04_j{?6=m1&4|}VqfPjKXgS3Evbb~ZQH`3A) zQbV`WAe}>ZcQ?|VLwCar4Fdy1%x}D(bIyC#de2^qKL*xZGuLMCeSPB-`l}TZU00;g zZ*3mh_AKmxif1IWPUW4X3N*)x(LuO;6hv>D_f_*T-JKo|0FtZy^BJXeOn~a7-kAb9 z2|y<~K1BC*J-4m+@6_S~8^{?aw2i0}0-lk3@o937uVtYuLQw!5s zR1sSh6&lEJH3@h(i#D1;NZ^_6N(TanAJ{kjYsQmLz@pED9a5_8gRtT%7V^*H=4W3j zuGMwl;vtycZ=2t^3#cW;LaCaxzEs_L8y6N9=dPD7Wh#U(k~|gM=Z&Bu_|E^mDR)1G zLij|FMrKJVKVLfiE$+h+53_R~kK@b^+W7ShtVzF+;=ArBwmq@!jPCkiH`}-KB9=ag zG<=9XbdtMNhD^Y-XWtv$=;9yC^s;2}VzhLTb8QaS6?>0}9d_^cs;5iT<`sFs+{VNL zgLS2jYBqBbPe!CaibeR*?4X8g;p+y<*@4|2Tx<# zM)mpE-E?9UB#4=bZq9x>d3gPz__ov9+y0u+Q9BXLE#efi!rx3qbH%?fH$tty_;U3V z#MO?%Twtu?Xima+%Olfv$Y930YCsWl?9QnkCkim-@U?9``jjhi#ay8Brs2d06FN^6 z7Btj0%YinM)Enn3u`qW+LWbd6z~1M$73;=)`i;Pxg-XDq1y;VfvqeBdVxxDee$L-e zLK9c880M29)!wo^#X3QULdISByf=;C)fJg9Cs9CSqK^ic6bA16zPKju&U@2NUvAh1 zFpz0~^ga3=EvW0O{r(NH;OW9QFs6^%Aag!8sUhMpD>P1o)tUjsk;sIbuV&B|FBIQ~ z4wd0cI(4j#A!kTzJ*A<`|G8$Q*|v{5aYlN*2Q-7X^ldX^LibDxm?JtAMUYy#ha2tv zXGdbt-{h^IGq{*WJqhD-J|TA@K2YJLg-(||C_J#EEg5+`|t&w~fPhFM`n4dyr3Wx#`pag90u>$pHs6lm1NrhYKq z15bxBp_{n0&sg{Xe-s_{uX-;BAq>lcL2nt^$d2rzs;_P+1(^d~}i3?^Zpo4#P ziY3#vgPcf)#mMYc^K-4kNO_E9^h?P%k}kQg1z9h zm{LP^CXXJ(eJg8-&e?ECI2qadR!8f^OPz+!&sPKx%*UZn61)t1p$<}=dY9MbjoT}% ze9bB|j9$-h)`&0q4u*>~_ov9$7hT(kuHq=Jq>z8g*&JCPt+{THK_Y`gQ{?9kyAjx2 zoe>Ca{-f=bA8lTS|iB~t>3$@lkLQ1hTi z5b;f5sifuB3#c4Zt}WK>T(M83wRN!o;&5X5ocf^gc@1+~2kF;X2{M)S1cC87*I4E} zRKa(et9C{heksey)R1AZ?B?}D#kzA__M-f>w^C+> z-jo`u^}DoFNxv;PgN|#E?^|SjjG}JA3%eozQVZ;|hg}=VtEPqmwf4Ow>;tiR*VuQ3 z(oH{jWtAF}A%~Bl9o)^7yJnKzJNhIpnTd%%O8Y$buUjuru~crk=hU)xeCoTCP63TM zMkQ3Y+l(cb(M3-+4XKp}ZvY3(@`!Sj!|IkNFXIIViZRw&yki6u6b|vO zpZoDR-`_Y`TU&E+^@*_Y2n0&E9bK5S>z8s`2A&(ZbQ9ILk&~xnqYyqjJ3G}T1MJ%+ znhXAr1l4_)2cO!+%M5&A5f%zPvAoQ(hcR1w6xWwFphh?r2p`EW${*leXN?aJ=h9f5 zl8bBcsVs7>GWVOx4lS;>6kF8~b4zx?nK)h)q_ybFtdKkX{ z`fIet8N%OAjry^BItr-BlDnSIm2t{E18saV`|Vj7ridrivFxMT%wJpIqL=9oU1QnK=zsxA!m-0A zUlQ#9dG3b9ve%v`O_`5*!Cz@zFm_0sHzbjsH!NpbT{wU?pX>(4Y$jI3)joopZ+rEo zzT<1(WTJQaAN`ZluXy47fT`+2-x_2&u3fBjU&i=DoWI+DJI{T=o2B{7hx^Z%9R2IV z`(NY#P)@NEl?rLr@}lIpSY!GPXU7>rp`-jiLC@Zy+}apXtZMRt z@_JE4&X@nzkH~%bUnrd0giMWCVRCBlM)oGzM|`>>xpb_t|sdbE0qKs z3DhUbj(9(7l*r!+1Jy}M1kRe?KNZhWvrS+JjJ?YFJ13|304cXg1?(iEXR~;jXQlc5 z!MyHcb^3jR$U&6Xauh|B-s$jem9~5e^vnypFh(`<6yErQ>~!;O#>4nJBo%KnZX>z*ojn`Y@p_NQIbT`Dy!YcvZ~Z!D6NBc*25k(;hFGgXYnm$n2~L^8pM`I$!hUc$VJ-$*mIxHi>4 zn@Ar^1`+|RQ#X%hQSNkbb~ zH|7wPxiSM*L!|J8GdO$0=%tX@ZON;Ua#Z9X$s{CKxcNokzFB*;eMRx-h zwGQz<*)GcZj}d)`kHs#&pFl2o!`^e;M$76(0W=3q)`@%{DUEb4GoKgFHwOfuLvWUmn=4nzfBr@A? zpj2_9T#3EK%7mKc4M#yWT5@qMByZgniR3DVR$PXsi^3X=(asGF&U3^>d-WKLr6_1) z%Z|YVEMWvOtx_!Ivf?7Q!U~LVl_gweInj1!N1w_YYwanyg9t*i{rcJ(BFqGQq8+iP zg>iR%Ho)>*DaN)p)hGe-1qL~47Ik4oRiR{c$j?$MC7~T#*?C)AOCAA!IjY|o-2I2I zx(t6vE0j(-6Ud3vd{VyIDE`QC=!&hL!4c*J%~85%%HbB@bSM^N&KF>5Y}XhMyGa}7 z`Y6IwLfZ5PFYte$Hau3U90#>~ShFrvDy9~g|AFc#XW(t}Qf^_yDKaSPS#@w$Clkl- z^uHWy$gPPLelE6%_saWYpqBByxe8{f1G`*}3k#ol>zen6RFJZ$&vH&};CVRXxaltK zxy0bKB???pz@1u96rzFqfHI7HXL(GXPygEsJ*9#3qogQJu+9{pN)F71lR}r4X;3oI zJcbCLH)7>a*lMw!`IU9nCpn0GoIo+8|N8~K#cV}*N&0N#jrD-yV!XHn8-0B&qta_G zZo3OF{{<5ZCQWU3`yZ?K#Bb_~`i>3du&HYfI82UP$MM8N`BnEyNOS0Wq1(^yafA$)r{?K994M z)kIMTPO2#Qrbzm`JyI;3Jlv!^+Ynyu{M{M8$dDQUfP&{$_eZ2W8CM;p@Bs;M|r6VjtukuTN zqoS0}nLdmDjgoHEU?R(Y*H9)m-LAncwQ0T6wr@!WK78mmB2+fc7PV;T8u|IbkIY7N z;F02`Y}{s7$7MZ`vz)iqL#*T73Tww^u`&O;%oU`iG@+xtev|s=ha@6a*{D@9yKTqy z%$)pvF)R!v!obpsiD?F3b;3+RV+b)l5x?5%WPz}m2A;#|@>ev2d$t*A@#TyNu z*G55BP9Wip4bz1#VfkkkRdMTvbDGT6f#PeDyM3VXO1IgBjr+L|6P~l+HHDJkiEuPX zD$ewW>t)LxY}w;wBryk|+Iq@BKxZQFl7`u~6t0e<-Ozt$@Yx76c>$y@jtJ4U8-~L| za!$7`K}H6mRLjl|15tOrCAos@6_Rdlq}!haCFsbaoc3uXC}zH?#>bcjdb*imU#|Ox z4Y!bulw)Zl#$z0W1%EYC{am{E7F@!dCQtevLXmd*o-mcRB%?2kT@AvQwUMSG5l{b( zh~#ss%0rV(jf;ny{w6}L(CojVCa)pTl5~`8c`F(W#{U^~4-~@?3A7U9l@IsxJ^{V$DI(ZW>rJwTF{?K|K4n1yEpu2X7}65i%|1<(fP zrB0e6gW&kSy|WdbK9xe9={coS7A!<9d#`eN$WX|m9=|t_#cHHGopU_3!v)=heC?Hb z#+lNQ;UWK!gu`y`5|OvDH5<1Vrk9DYAx}Zfm}CXplpyw8gaD{ zKyZfo+gOXU&pNhmnqx}=axGk`7?nD)8n@dY zNbeufpy^w9s7I^Y%Q9Vps-2OaQCs4H>ZNi?_%|`~R>YT^H(qD0& zY63o2yJuFCWlIgK;Y&&5c{8H9-gYCb1aa0>T36ZwFhi4CLpFxq^ngqg%%E1p&5hSx zwHF`j*cu$%@stB6if#6(;q2}sQOxwPN2o}>Jp~T^@@6}}At8C%Z~g%X9f{+LiTEf- zcu>EAh3a6O@_)g8lx+J5q+~A@(h!GpH0R%N9NDZjeXKR(9Ti!0a(YoGnhgr5Bjj_2 z^Xlt)d+Ealx%v8YdFqk=FD+L~{7L_e{+6vr6nPFz3m{e5J_E)(n0*D=?p$cyKWUEF zdV${IrW;VJs*j+n0cWpth>t}@|LNLvGV7N>7a4em?W(`Gz5U4Mo`wb(Xlm4SSe@-zE3m|xeK`YwuOMp<@i20@Z45g)M&SQ}=4{$brOtxa_B~U_ zNK@tMGCB|G+8|*rJ3>iX6X{hD^;{dqffscfJi3 z>=VfAoQxexp+$XNZ8|X+@1`)RF^$UIURfRE{lvu{VRC#h36V)u=6|sDQqIeUlg2@R z9Aey_1N2V&un|sAJ);lrLt(I%YFIGHK946#NAQp>wrv@|am^J|+UuOBP0x||@EJl~IXMN^KNPC7c0V<&h?9R*b`wG70#>eTKjSRmz>Pja)?W@`49ZfZR z(|$+j{LVTJ|75%9XNxlEsLEcrQlQ!Ey{=ZKIO}as_Krl(c%sqezAn329M9|`?9072 zn-OpS;+ef;AKUwLJVz8cFDvpqbMsed#~S`6(866{{Z&};(T@Ki=ZL7w2B}TJFD54l z6MjJD5YV73D@0?xp?Um@ZwSEOujfsM5c~$wjoLiFWTYn62v45DRrs<;}A*ZSRFCdLhc`S$W?dbV+y3Jrg z;t)3}kDdAHfj<2~96y(^Lr7y~u5delLuh!bzY{vDMy_2xhd?g2;`t?mkvJPskpQ#l z>`)dmMo3+O%_0qaxImvz^T=3VB+={v*f6KFm|tJ9i^}A>V~?hd=RvjanbVz$q!?11 zJ~Ju=BjF_l>fPVA9+no*_0~_}Aj=N$XyLwl2W;DH&Ay1jwu`{zmvsP)g-WY;wbi(VIoq5Y6nfrP)vIKXYFamM9y>YusFS zJZp92ngP3A!MMPbnJur1_GJN*8_?r|I9z;cN-qM}CB~l#(QLenlp1|)88$`p`2QUt|P``irNj^bZP@zVJYg` zfb{(mc|B1{{fU|BtYYTp+k(do*7jw{lJV( zi%(fRzCQJppHPXPo66Q`JbN~1w2fN`56D8R7}}YND;SpX^H0h-$&j~>aLpp!O>u#tfg+BQ}krqlNd~o z|7dK>a#<)VewoP3WuOslZ~E}-JQEAD&1Sk{F%o6p_nLK6E%TCHd|zo@MR*fQx4`+R zHI6uVg@Q znR~Dmo-2y>PjaP-+>ed1Z+nc&uw$+Z#ho(zZE&Q~B{;-=$L!BKoQiwA_tr74c&~R?MEZUit9fW9#YQHd7^!>hj6# zz0}%9Gu#P~0kR%xvtQP#_l6yb!N_*D4<>_$?^^Zg_$ zXh8T-#HtHHUH|OKVMUv!fOF~NatcVH@T1D{(ie4l)9x>@OB)rAwBY_mhXx~Rv*yMe zs0IT`it~Q#Sj>EBOGz4nPI|yKnZkD13WVo|Aa~SK^?X{J;?>1DbHBE>()!OGaRZz0 z-5Rzd5D1VKUA@ev`CR6$VU}+Z6YqZnqg|S?z!=IiRw+u zWTjL`8qX z>KA-?lSdQSVaGp~fJ4Mv9Lp{Pnys(lKc-HBsZn&i>o|tZPO}B#TD9a=&zug1Y|~mW z&t^RtUt?Vj2{|0A8ChEQmp4U=;pU~6?sH4|sE`wm! zKhs^Mbb$rY9?XJ!Iu3vD7WTWHwo2{%Y3H)nrvWF}{C1kPFUwP1P|VhCqg@jEYqLxo zpqd&>_s8*}3Zx!nq%Ar{%5}7>1M(zJ z66BB8b1X?CAD{-G^Jj@|cE*iEgfc zR->dP)F|L7KJ2MpSe)l6*|VDIOP!8$A4XicU*x$pp=;OA-AqzIuiAuR7$RayL~?wM z((Ja;&&ZP9D7OYf@N$H}*3|fM*Hxmyh41yPnpgb6B5Sl{)lPSh+cSp{U+V&4>Xm3f zn`Y39oeHc_%NYDZai)eP1-8;9p>~|i!DtuCKUyfJ-QVIge|XhFCsb|LbWOq zcQbE6+H|28mjE^rr|(1E;t_HELC;U+xM2?-j~5hLpA6gV-Bu6E`vFcuo#eKp-c5n? z)@qGJ+!nXfe7X9JtTy`1PC`PeDwCc|#@Iq8C*_m?0E0Tu$*8_&bbFm%dgUEA`)OGy z!6-OoQTNAejXT&o-C5V@)k~D1&=bETy3dU&1o(qqmvK9@qpEKgcwNF|i?l;qg*)bz zI|pl3(0FpG>K@t`I_1E}CeX)mC4f?>Do@hGwhuLQi))mb^NY;=oN_1tyLX{K-PC;8 z%V~71jAT4Z6Nzar>Oz-9#h_xO%GxPvzCtl0!GNp@rMrSMbHZ+{;`%c9QgNH4OGiuL zWJQcxGv7e?85y8~0Ipy$`W=?2CO~5$>qGxaGUYQ)&=f_$%3E5_D|JqI8w9j`A>lr{ zlv=j6l0t#wtbAe^$yD<>X|@Kq>P%a1Y0N_`W=kD_F9*l0r+#2QC*=k!rrYP+vl=@;%<$OhBKBw z+l{Nx{kW~&Lx}Z#{)%%YkFCm!2f=v(CR&DShLcfc21G!6sxA+0KGf%@ytLcZfXz%h z*6^-|ega9g2|ba(uMEMVd;8o9k?rTUduVEg;n&wTj=nr@2wHfU>++!*VNpM0sT3Q^*w?p`rT~#2SxICvlWwTqd1M5awn4i$ssOC z+vv_*PF^V)u_`$8SOE|6Q%=>mh1FJ(1|2l_=Kr+s1gool_`4H`Qs`k9;VpHS6R+B% zR;=lyl#c^nYCe}no=G&agDirEWvM#h2T1XE`m}%$!I)UxPcbt2(_6pdsSkM!?I~9L5l!0at{&)|VpUw*nk&H_Mbrj&}Nj5~RHw6xpk z%qdl9CeAB(O^ab|l&-pEr%gx;>)+(5=F>MhEk6*g?EG^_G;*P5f%i z9^Mk&l+qCxG%(Yzog#<_Appw123ig>TAlR1W_4sMixDAP3JFkplO1-!m zRvO!Jp0@U4OQ24*_FxJ7+HpVqg`$$KBMCeKWbxKyw}?}BGJY8U*!lJ$nV>#(BC9Ap z)jDH3-k;JFO2vQ@$aRYupk9>LvFGsG7v0O3v%c5(@%==RUG-p)*g1DRrdE{P|5x&5 z8+oxrED1sNqe$+r%ljmStpZ*(5j{9qE|Ju9jlU!hxB4Svg^^PMgh1ZkH5s*}7k7}h zUr1m0nANuKap}+A6G%4~`~q9N8#NS4t452A5QPk{9qOaItwO1YzU} zbl)!ViuU28LKG7?n#>#r`x=8fEY>ylXiKcuw1q^tQ{3xN(YjWY{&yN&6@7;B;h4I8 z9-kDZ&|Dl9Rsu#1hUNxO!`BWDKem`FLHi05eSM$cquHgSv&KxcmeNrJb3Rp*$HpZr ziIDB7q88z$w$toX`_DTV4{^D^_O89K3W$YN+K2&5WaN!0*`tr>WK0Uzs9=GQT+{SQ<(u;H8n<)=JgV^Mx-J9U3Ufnrt z)_309WCPv1pEiJ^j%cdVc202hQLg@(8bamng0S(VL+PL(#@X6gP^4o%XA=GXS)5?< zArLtPPgUg!?YFrZ?n|fIpJeifQ8ZEl&*0&!&BQ{P?jlPPV-Te)_rbJR5tbwtji&iH zP+&<<*(rVhrxXf@B;kv?Sz$C}e&)NV%}eUKXLG-Ibz*vjGOOnq3SC45roFCYMNlz{ zFeJpm-w`Pg*@0+0jUD|-!V{68jmYlU%iuXgPt_FY|MZYt0u{0Kmd*6@TS7DZBwcpj z|JjknJN@Eud)@+DNAvF88q!55Y1IN?%h>0t-Z8$$P5& z#5GhLp|NRL51jsTty9izTjrW&-(EJO>XaokP zkHu}-kJmKE+M?aC!3}m73~PK4@sd~{$Ll;c!!1j}&FE0{mpwnEuuATTFkh4}J|rw{ z0v?Je96D7FFTBKj&pE7xn^pu%>{31YUb0v2ILt7)cZV#U8Y^UmV#hTodDe|5o%q|? zm&~VVIJ5fieI!9VXW>}k%xr(917=PBHAo>fMb8@O@f%Gz8w?2?$)F=Wt#tLm_TKf0 z0=)g@Hz{cl;cK1$c>-8T(nX=>?LxthtTX!4^~9CCqu?07sV6gFTB$gg)jNl|wAJzH zx;270^Ve8zvNS(Z$>$HFZ$&|b%^A6U43!QZKRa@GQ{MhL)e4d@ zXES;hWMs$F9v?4A;JUvQLoI*D(g;TbGhKheYOXlsu=`bY9e8n{+)<3I4LwYCu>+Nk zpRe9aEhnYjfKC>tj|uAU@2!ma5#9rc1Nu|+oVzMW8)6dO`>??(vSoFly1UGOc|4@F zm;(L>{h5=hkD1Gbnp*`Efme1ODMrqnxON?^^ZZ3_q1$}>)KE#o=`ka=App*L5WVmS z2KAITr4({rww{A|KQM?z>f`I!kc6Cs=9-Phl@Tph98b_gu z$ehBAQsiS-dWS-%D74kRQ)wJ2=30FH%Ok;AM1@NDmgAx6X(y%*p5vy$KBeJ!rUuE| z{l(uILS4-?j$k-!ZygPV!*OSx`HnyXZ%i^TE!U#A6-*Fkc^FaG$D#c!jS}**LyTq@ z=%vq|fpULO!`Vdq67Fi!9-sy<6p;3zEh7PbQ&KsrBCOg~-vE#(5D4FHyRbsy|yPR0O)hTbi^F>4j?%`zu|{ZBQghg74n`Z1Xc;(&g#!6H)6o z`1rHk9AqZ{pS;cE|B|=4MLEFy7t-L#4$i-sh->)TBv-kS3Vm3{1o0>6^D|>obA4O1 zaDEk1bAx_VOP*C?($&`bE6Npk9d3<^rLh0^HIzhi6pvfIKL05_y<8WrvYj~IbSCPg zqVnpKU_lvY{bxj|MHj{C=#nQ{WpIjINvS?{ZN2n6o6&91fA(nI1DBdvyG9}ohtD$z z7yf$L{T&}f%58%5uS@_cDwM9C>RkyP(MN+>e@-FGLC>nAe!m#k=NpJC{U2wSr2G#m zg-|HHUWxk;1rHeFPh6|>@s|vBEg;uKc@7POaAZgNYeNnb!&vp@ad3Dk3iuJt3Kk=W=MdR5;M}0qV*>jYroS#WZ?S^w)p871;p^Q}M zw9emw5;vE%8pD5~OdOVozB)mSFWY!Ho^@a}1}ANsn|_hSlAhgaSx1JVp%iE6Q>O7zY@RD_ zTx7M&)PCm6QC$)jZa}<4)FNt9*F=li-kSS+YEJ{mqoR)j23rjbD!f>9rDGjkE;D?A z%_!xeCm*A`cXR`}u~%l)JN-xc+V~Mpsr8|epEMbvo{vMd zs5Rft+{Bqrb&8-MnIjLg$eGH(Y?!DA=nEO)llbSjkKg?$xEhOyOO(WA_mS*Xb{w>u z8c#_ip)2Dbs;^CLwX81ODVn$!qTALiBQn>F!S}qF5W1rVzS#@XGBP~CmX?-AZNAFs zVzt7ywzl|$gl4bpyd3JoM7vO#H*)SzUuG8nG{oZCehcWX6di#}g@u9WPQvG5;W~}k zbaMBNh8bpVrsL70p-C3}%C`YnLar$kx*Y0J(Z53YMuw8WdD&g5NZIJ3L%!Fb_q^Z% z`SjJQldoQPqTs#fH;X(Eiw(R+6H8-nr`TphZ_N$x5?L-A%ZZFM-r&_Rx=m=u1f0Rr z3d-;M)_;~*)>WZm2rYYi!dYNO#z4rQ#oCn!5ZOHmZkv@7&8(*WL_y(v9q1pY<|Fbl zPj>|n{)W*YDbAX+hK5E=Ow7X_eE;G?^P6!W9jpetATd&Z#QDwTZqB!o`tf1j?_O0y~uW*rhW?z=EG&C$S0)B&TyHeLtQwF}fPM2ed$1NF2^tVua{F20ipT5|L zl*d>FlsHX}4w0){>StrD&#c<5d?WEV(0mYj^*eBFyX^-jz-Xmw_3b=RjxjVAV|~(b zgC0-s?2gn*LQ=B+OkQiF2pnfs94`<-Qkd7R){g8}p`RVhVkSVJI^c5Fq*&Y4h@0=P zamLd+xx(+A3+HD$9*SYBb)608pJE0@eT~W)KtaW6TOI_>^%ZQ>xroVDX#F&qQjbsAE?I z0WUek4RQn3!R6bDaveGxsMeKs3Q4`~I1kN+gkP1QBLMko;DPC3w1_Tt1@^R~oG4R< zsuM!7+2)(is^-B{o0T2`;+`jP8$cB&&gQJIROl^-I}#|jPU7faH{|)`=4UQ93dnlj zAS3Dvb0xMoN`1%4?zg{sIASJ6I6oo|eV)>#E||_(UWKxk{>**w&~2cPt;=0@>D5uZ zb0NICOB0^!s1ZdH(Z4HF53784O4 zwsF`&WU^ia`?9sPeyQIQwT%fYHu6L?9nR}*+$oYD%O?nrdS_W#4Hja~)9UyL8%5)1 z3d)E)9ya8$pkPL9G?p(rmvy;KufHcnP9cwCm0QE66Y9o{a`5It_+)yTUIRM@CJrshaISl3&=defF{fu*tV@0JfyE(c8UH(+)bVP#s>viD!oqhII*-m@m`F_u|@a&ebu&@?# z)a=Ny?kv3~*|#bhS5ujq$ro3Y&))Giv}4-qs&9l{*Ri${rz>ixYbtlPXe1oCC55$A z6zBUX0!9wlKG^*6E3^%X#%ueC7Rs;jJ_Ofx#qBZmz^67hTZhJcIrIkCd*Zy~s9Ry* zc30-s{DhtQPs6XkOaKipes( zq+IQ#rukl1gXCs(9{#ZI)5)K5QvMNzt?3>dI~DNw4&cs8+BQ12f4wBE*5Wg z-|8{EUFB6w`$7CW-mWg%l!lak6DZi!b9HpM#zEnN=zf|9&VQtqU$eNUfr{NKP0M9`nPeypE_woMYOdHGJCrH z0(^BKHq@uEviY%-HnxTxp(NSRL&qE1qxGU<$?L`{G2kw&eBQM#YJ65fuJg_e4x(|O zWf^+ODvJs<$XeX7&Y*YqJgmVj6Wgq1I|qp}Z>z~$?2BHcW379iWHc<-^--^uefm_s za{rzcHqF}NVhjg|a|9yaGS5*|x%G`^vqUPoL@IhqjT;EMzR~A!fVAw!wXc4v=ZYwM zAy58&gw@+AX%U6>{erzhfOKyrH~(cooyXSIlho@3YVe+~#ItZv;wj zeFi@XHR|*`9*8U_GD)s^to7OEp`WDCM~Cd-S8dN!&prn6%z1O4)s8uY2%>^v&VHk# zsH@L-FyaJHryj(hY}ENB0V~qswlTbL5_o9f_wCR8N;dB(=a(GY?YpZBTEi%x%8Tyn zto+Wjw;XJAKkowiS2zxAmemuqPrc(k_k6E7Wq~%MsL%OS+b8 zbzn^UacpaMU7pCY@*xCWv2b5TLGXc~VguFx8|-myiF3FFk-g2IF;JVW3Ktmq&P!N2C1$+& zIi$B2EPh6UIt!dGFc%zb@|_3AYn@Xsev{qr{SdisSCIL>GlF%C3Rv9~_)}A3J&i%x z3bD&np;_DEl5QD4g*7!jG)Ma1gxVFngJKFDB@?*>sIPU5IjgP@Dg#Ex>*FXtvr{Tz zP2r+!SP3jvY}s9U!CcN{k5|(WmRLLsEBcetB9bL{rLRqHO&_jDMHKYwaI*L?P*&XU zX|G)PTlleTkJX!(_8Tl3C~7&~(idjI12^(IJ>?$^9Gyq*AwIdu&MCs_!k)|dEwi~U z%oj$9xckb?&pHwDKOj8)cB+5gn-lCepm_;5nCBNxbYiTe28^JLF56~pyb3UI%3ejb zj6C-b!xNi3nn^toXI*0UovB{=uOhopu>vE*8%f%gO(-$cbWd^11Q(=16{gnRXgh8i z#^B*Cb)%1CK%S`j#Tm2)V3{qN66-$Y+6uoIlbe@bH6qss(eSV^=67}D^)WC|Wn>#X za8Z=dFcgE@6tQGctMJ`B!-a`vSZ@b41jbnl9bO5)8{b)SYwC4{7zc}X3GQ0rQS(88HY=;nc)mDB*J7tMJW;kLmmR^j-Cfa4 zT=}lO>c#oN!A5(VKL(~D*0UN~iTI}a3d3e_)lzn(OQb~7#3yWx(hE@!P0G#2`K^m5 z6XK}dy*rJ;GRw;)N+1wyi)Gt?43Olzyd^+&Rk6T#_G6E%v)J;G`C1F5D2Kz7y8v5a zfT7)qMphL5cfwky_+SC&s;I)s$JR}Yex0Y8e)!x;d)I{?v%a>^Ps1br5o#jNIU%>V zkJ#>%lX9;T2+fhE;nI8-|_U__dSrFzwA-Lyk-|K$Ds0;n({1|#JSy`tkiRN zg5YrFKS-4`ouQ|*n9h-)98Hzo1XHJK>A$WmHnQ7y{gRYx?1N%sCU1xt{yD+_7P+g3 z+YIr9e*5{izA=>ZOe&(5M7Znf{CpP1t}F*Pch2Na0TD@aknsas1VUHt$=Wy6><1lO zKF1ZqM=epMBs_h@!*DcMzSw6SV(4*be)Q;$es%EFpF7adOq#lo6gx+jP_EH{hmdP% zIU3+@Mc+Je{8_E|#7^k9^HVqJZ)N{Y zrFhZ?K#AY}eKTtK-TyBp#l^n{od5a5AjQAbf`4Cp_^X!tpI`s?8_rH-7bbz@F;D+3 zS(K|hf-(t?6nEI4grWUgU3Rl{&AlcC#5jVIC>8i>=%Fl0s4Mu*1H5+6K=JG>m+Zr; z+IKWw+s5We*kVTv?K)0K;@*y>y<$tEq~W1+0-A;ejG(UZ zg?bvt2hR9{2Qa;z!@4rM?>JHDlXMZwsu!xjy7@m>TcuP8;UA~n4O_Q34}5qu*E?~K zrpAc<>%2J<3vtv8Jw`z*C4)?P(k-9Z^K*vnUsI^>R; zG%E8zLfk4F+2Er3LvCck2THHt&G4kLD|S=3ep;2q@m|OQp$gk(s=LD1meKXZ0d>xT z;{KWJ!sz293%<|g3mu{Th8epwOB}W_`X0YjY$dS+pjud|U`55Bn zt{kX*evyo%r-cD&f-wEX`0fs^}y{3EJV_rGg()y8-pi|jqx4lX z{eDQnkL`LY_pdcNYkusWLK5^Cswv>xU%Nn=TKgXIlg$WEr#XMwZgBlMsZdKM16;Sd z;fkeSOFxJ16FE3%-t@p!Citg6q63H@?2QfYBwaL_p)GWlmaQT zpY2cPy{|}4%kx56u*%%&MkFk*k43~q>|_~RG`*#xPDY#~`DM!<<~2iGqiDkNv07h- zePU!R3AEtv|GTZ)96b|H)JZxYW_CxCdY;`Hju+&C|qBlHT;V<*s7qw z^6ZDO0jbAtE7#ko%GW(elwWCBsbw#as{nKxOs;dJ_|o+N#ZxDw-Rq=eXn%&2-r>au zje4@(xo;D;Q_vV1HGwq7A!>Z!oSnd1F0_=EN6=9LRble{s9fUgK7>+h4PEfL68OEQ@pD#=8o z-H?wwX7Rtd8eorF*?=74K_4TD@!L4lc&xD62gI%0PF{?OeB81^?Ky+cZVu_V;{n!( z^8pG1CHsnddYXfzQhxD$R^<7>F7Rc2J8sP>F@c+k3cd+Q4KX*=@oJV*U6*=fCcI`l@W|8e5k zk7{83y-+1ke9~xnQjH8EXp%=o8RvCtT<6R|WUZb{rdrO%+nWVS1UyU2bS>)C$kB#! zf{^*LT_&G<2T0k^6gJ()^kUr$1_rOjK_8nB?LFELH=%bpQYIM>%l{sDep-<{UOAb} z9K(7WTul^|J)MZ*p6Eh(Z+RdgEao$1qj@%M252&rq0nljy=|DCBUSqsq?wq<nUFF*?TCQ?vvU(aXm_U*~CQbzV!_!FdV*Ji!%mHg4hzv(;^uogi z+{l!@9^uj@Zej74p^p*1)qmT7S%J?_)>vLJs{gWs?3F1!JYHQjY^k~93*orxs;a9G za#JG`#|v5*XBvOd;`hMQ&~BT@&|))69pawb3X>N=oz~TVujdOQmdaNc);R^4fQ6nRi*jY>rvm z)>c((=x@IFch9o_ioEK7R$SV+s~Rv#nLvzc9pl(N@*Uj$K|_TZKfL=F^7pM)IDh&P zh4*e;S`(-b%TAPNN!}DBdV!Q<{>&9L_azPE!UGGxBCuTdj1^fYby29e8jp$8*!*IK zx9g>g>J!S!@R@VxB?ksK>wk^nvk3ps#Ahmb-|8N*8u98e^!e!J=3Hq`OY5BLkXfoF z@?pKYmLM|lk=6dAE;dTue{M*q#mL(uKZHA1 zdU>`t?OjV_R@T2wkmzUih}uz%8jfc5k=5TAte3>+*+e`>3h}r-_sdP@#7vja@-GGn zOfBQInZX$mwMM^3|4^wWfN=Zb$P8xk7**W9eMY95`9p=n3M2vn?e{Nc%dVMaZ<7=_ z2g;T|#8L`aE63udZmoTrAw&fTqzto}W}3_u>Ce|4w^A7b5n?z3=ETI535|9<93P4x z{frU`a@EimFNFxy=t6bt7wmQcvIa~`*7DQ4FiShh<}amL9h4? z(=!rg?Pmzv`u;;QbVoV3nX42c6^-UP3+S>dCob{ zfk;V@E_avVdTqodt6gb!SDEIpqYh( zxo8gduglb$gWAQ1yKiLqpV*5*q@uvmgalM|#fEW?~F5T$$Rz2 zkL7Bu|MHTxS`sq6Hf!|$dS{#4;1XE6i=jI_?vb^NhrOS1NnfkiUDcG&m>z$~@Ac8) zySUW}grc{**M+Pc9lVOoP(^Dg*qBh|51uI&YF9}cLgL2!33Ul47mJr{XtmE+gO$bf zIisf@pw!MSk6&HSKNN1915%j#v5m5wtfLxq&PNU{o}b*i$a~QjzZQP0Kj5p>mI~SS ze*ribsNJ3=3Uy8pr+#-92kfKqp&l50h)vw7xz*J+Bfxu=AG#hH6BARsUqZ`@(HHc; z2v@zQgvVTo%NX{1|84JFxsG^*!Nv5qjBz&z*yV8wX4@#O`+fu+*+E!<@1^(stH;o@1uBfBMgP@0PNboQUv&&Jd4dU5YyAEf>}U)RSNc%6h@jg!SZuAem+8 zgBdM1+!^YcT_ORwLM2aGj~E-Aq=2}Xe{Qi$sA+)C72yp%5$F^ieqkfeS?<$yu*g9y z(kXwA`Vt?g&697%E;X>d^Yw1-#5!mN$8oZy3zyuaNwqyNtja$rED*V27x(^A59{J@O2;uSnGEPERRRz>kX1J`AdN?*-MltN>y@lDlR1-P>8Ah7g%05gnbF@X^YuKF36xJc z-N+J#Y!jZmwfYek!ttD>`6)v$DeQDS%kuKDRmQSlfk9WEYS}VPN>bJA_(+)N(uFH7 zH}-UJ`p${-R`kOsV-w$}%MouET-xU0V43ez=;RgG1O!Kc>C?j^7z=jXug&sGy{$cw zfx0^Wn6LCmx%q(a{b=Z~>BXiXq?3^Y9arzYiIwq;!la+;l;C$Y^>-mpp9&s|A4Q}+`!h- z%4aD2bZYXscxaCe90WbzJYt}(y1+SukcbW1T!*teE#fFs#5XzY>puBd(N~!jaihLb zI>k)deY!q@w;~hdC#(JTJCpqQ{?SUFfwceMuzdaaF6l<@xRstFBgy@8%#C@kEKJH^ z$(ExxV?UG)f?hx5l6)`!FouqQsy<<;WPY(6u&s}52BqV`SRj0jT5JrKTNNcMUKfqO zDB;f?c-XH(`C@>`6wSAhV?lGwrOPB4@cbz&u zx?Q(Vx~{#l%tt7RaBEDkS1Zvt0?RQ)1GCACq+pIGU z);K;jjfQ>bUeqqR8yZ=BK~^p|0a}}gm-z5~#(6Hite557T!abS2W>&A(hzgH8PjOS z&b)9cjo3lVh}$m|tm;Wmsxx%&F?&)VsIC?cX(~-4TSiH4sLbGv!O*l5qyj;xz6G~L z;kXW`Y2dVfiMjdcN+AA_qu+L_(LACT+-iSs*Z%Ja$&*qAxac3T=*?D0__=@V z1Ig(E+OjhCii1qVd9*bodb0a6-MSNJdxp&R($xL4uhq_H*%s69wP9SGQpUX;r#%jF zxT9An`<_wO0WT3S$8&}duBCu3+UH5yK`!Bmr}00C==j*PMTgqHc$UcF1op1PIn%VO zokA-3j4Hl+nU;gP^D%R!IH2lfg_okNm6eo|&SUmfm5UdJk|78@K1Eiz z%QK)v6mi${ zErcymcdwH5rDzd4mCOLK0+FZg@7t1PC<)c>RpTZK$(jgq?+uD^xcW${&DvQk(g-pX zF5Doi^{PAQ8fRc|FUt1*fl9?7QNoVVhihGVeHLI_T0_Z0Y8c%+ot52$hCu(Cqgt=j z(EcW~=)vYRP>e;#6~)RDv3**fV(k6(;WPUF`4`44wlv0fvf{P6IVS8$9A>4$8j)^Jhrb z5ofycYy_Dy4S|FYuPxNF5!F{S)P<VlTp8-hwws=ky++m6ul=W-KP(0sx*R0{p?T6RuvSChrH*PL_XW7VB^OW6!kp$9EE@ z?b(stiCH{m)0$AC^Y@FsCu*FB6VzQrcw3cbvd52qWnxT&lD)3^Vqkf5Tz<}plf8~& z{`~FV68}2(z;Y=&Tt?4xw=ts2TC&@3O&%~=-2SeOM7W06p>{vY`?{O zjhVPf3E!Ob4bdf>oe95}80QjvMkZh zRuyJ}5-1G~bXYIdNsG z??hnMvKX~|`ETP6I$~iJZL+x8?68)1%8eNLoeb_e+87*?6lonWTHM^epYe(kB0FN)T5}(gbPgQf^en?XVI*stdgPb9%mkNZ!F)(_V0JVwAt5s~+}Mh2IgnHZ290 zjsjJlq_j7Pi8O2Q7Sq_RRWvj#)rau<>mHq%L&AxYtZqG3TB9Gw$UyN z@#IGsyQ~(*e~DUr8>CE8wC5WnVO$r@tx2YY|L8TErkZvbu^NB!W}tX+AUZ`P7>WEt z?PK$xF6?d_tn-8XYe2xoYuk_o|I8T_Fz>Ylb}df>p)2zRsiwr+M-USLSN@#t_(6o5 z&G(LlFKO)`xLS|`I8oF5oPku{0VBY@*YS@IgMp#>*No(x_VKV^qWatJIVy$|P9Tlk z?VWDR58;2V0zSX{AC7<)1{<#y!~b^?y_h2g%bQF|Rh8uF)3JIlFIG02d-Q6SAJ_zf z*O0hs-t2Lp$FKLD^VAh{L1dF<@$&d$yt z_c3(7)Ya8RL=eSbar(Gbz;=y#Q5{iae3j+!WZF394kT?HReG7l&S%T8lJtqz4G#M$bFs93A{G* zcz8O~o$d!sX4j+*0__60K(C1T{#V++|Ir=)?bGFFhvQp8D&}knW8Cz3J!gK}O(Eqd7gWQQZ|=OCqodLpIn)|sMsI4p0zBjB|5i-B z{i`f5m(-bnVQ|JHB1)ac8l7O%I=QCysE)kdU|b{^ZP8L1KH%g44lwXNMZLoy!hTg3 zp{lXQI0VtiJKVKj_3bOsXT`$kmFX58&30B`uvj>j78_%iIM)5$keEGrzCjig_!owY z$t!hqE*=v8*|p+i5_JA>cmHtx=yUdFccX(hmqBzsFKE~3!K36+GbrUYx~2KKva9EAH&v}m7@AcBU2Q+MyrvLYN&`JPQ(fN_n8_Tpl@?QX=KYZ^@p+o*@Yq`Sg~GPrz=P&^JA?5o(| zuJi)4pi~Fupe8tQ-$NK>H(X8=AOPJcAo1Flg;+C24XuuPthRy#ijsfi1p{774!azhHf*}h5EbApth)3p?)m9~!C$#m$u6MvUU+azCYJe>MAT@YVr zr(i>arH!bm5}N5pxMrxHVM_q7XhnFo7IXvD)ah#`mg|;~b}`XEWa6!P_^SkZfM1p< z9=t(oYE95x>mzh;=jBfRT_R?l)EIaRJ;pn`SAFUX9tWg;iLV5;H+rZl4;>EvQNxuj z<`vv%J@;2Qklrg_wjR&9ZOo|2E;5mXtaQy<1=e!kI+=16tS%SaO|#faQ3!(Pmr7d0 zl=#5PNsgzpLvEStE%Mg2+65|vY|}14PJ{hk>bG%98EF#sHy5PCO-&gKfVGD*AdP!6OZA>TkQEu9FJ&cnv4N^|s=b zXH9U|`jH;#j#ZwRH0H~s5%_8wRNOU#lUuGnPTO2?alML zNpjkvriVWifCZXKF$Z5*m}0&!NY*G zlPyq!#&{hr$iG(}xo$lfc5@Z={(Fcv8I_U;17qEC!HOEp_+J0kvgN=eBZOhCDXbEr zf2y-1RO?plG^D6D0(fWjt~vy#b-Fe71TqC_=bpR(k_8gjT-Js@#TVC`&e|60FMfRN zab#Dw2I9IP#c9wp=#E?o=EiK;NPVZ6y^@8- z5nz)Vzw-F_Y07GY2GUGn0w{XNbV(3jeSJ&Al~DmuEkx=DcD@3096y;`GN0(~v0D8ofT#2$9{s6K!F97N$Xv}F?DDfH$)_r|WP)rP~4PpHGo>U-Ra8zjiSdS( zPx^|lX?OoZhK1`f@F>FFV&vMI9efh0TYUQS{B7|0+zTWJYfg5BS{&ElqfK|ymfkqV zYVita>D@dA$w{6S7{&z>IJ$dveLPnoAFihWDHYe+p0=W^7&mvAGpGj|KhUo?ZDuTI z5FOKSC&GAN)kCi|`TEzV3nB=s5hW+HxkMBy`}DL*YTm2>hUb>s=Jfl^YKXa!Tf6OiORWMh~8>r@VJ!yQ_` z6Q1Xy1ys5|*AI|s?KRywjNBD|%hMn3n5$g7!R2xeS9^eUoBHbGY}P9UNIRX@tpDM5 z?F9tIo!b^D6M(GtCtkv=v`tC(1~|=nX%-HS3N3-x6NX$BQOxm=b2_Ib@bYifYJ(i4 zgHMGuhweJH&}+I3c#%f;BnRGL2zQD2s`UCrYAQBo%J($%SVsTz8hQ|@YY4Fo!5KsG zE%u#dxWn$_)b7!)2OhzdDXQ{}eCYZ()exf{ngrC*D$2Szv|~IQJd{D{<*?tS=C+4f zrS1fBN6D#{rdHF1HE&p`HkcZjGxw7?6J80QlO_D{+n-eF7cufkVC7%Zcsg&7CnB?8 zEY8QC=MV6BX3GZvo?cXrW4+@9tGt-3&%~y9lCp*MRfj$HhX#1(vz8Ey%GgWe^_RJO zDx-h-jQMw&wmtY_#4{wBZG|Qz&}+z;;*_7VBtwfuhp$ zYMpd#3sHfoC2Mp|Og2_tZC>*h3dj(^7N==*$m4h$Zfk$^r~4rbY4U*Fl@d$*YF#Cc z#+i|yRpfQ9q1O<1CSvnfEqXKu7YJapIkC^LCA$XHSYb{A>l`-UZ3ry;dG1c z*!~s;nTzvMM;uAahhI1T*N1<^JqpVanKm&P!%p@Enk&e zC)s@Evyrn}<=d&)B_ZP0&MGu4pW^x&w_v>}AaFV|CA+eAJQHjrRPk2+A-?Wxnh4i7 z&NwFHc)hDLUyjiDE#IyaV#JaS?tNJAgX<_a6i)$s^-HcR#%^I{M6`x9*P%c{oC7Zr z6}M6(Ia@_%gV`t^{BX&Xje)j1Jn@_I#Rq(blJuuJ?Qoy2f z>JUomG6qta5vacSWUn>%^YMp=D&An}Ban55$Woa)&vOEE?fb#xlU2K$b&c)5G$Cv0 z2_E~ijO(Q~06Rsc$W0x-=Fmx62p9SA1!F zK4rediVw}}1YHnsk6KK6wRp@M7bxs2rxEyV7FO@-be>Q4Tjk3p#Gh65E-am3>=cea zbt>BdM7EE>Xl0nJ8D{7t!cTjBN*H>z-#T;i%!w0v$jI0IqMtWl)#3Nz-=A!@;4PNn z5)ja;-9^dw8gfB>y$Ey$qHQpR;HX!&6Eu6g`wMY6a`k62Eu&$~S|$o`AptJ`mBsou zDP+oxAGyi-P7JOTr%>|7<*q2yj=S@~kj2`_|?>L`2KMlFCr##Xwfxmu>Y@G5GqG?s*19m^&478=IbLnPa$W* zA}(^)^{a05x1YMm z25Sn2+P((8w3E4zC3ze^^OMBG2s2B38Sf{f+)nCP#Yb=Q0out?@vfhkA7wkv@B0Fg zB^D-&qeBB-`3@#m$L`Q21_dVR0BRxFWo3STX(TG!I-?*Y+B&;uSxwujIvzTp%0?F0 z#OCx^p!FARfzJGWv&m3ApC7O*w1C?&7EQW1tL*-Smdg&FTdai`Fj1N!8<$?Li(ae{scse~+Rz<3-R<2v zT>?0c6WGzM_5%E(XUI{0dF*F`V0Y_Fhnb++2X=q^?dGP7;%EH({xz_?%avcyMO=wt!kQCQzPhc)#AIRk}aNGr8+uY zhYYlvN)y*ah+#8UHFt>bK(~~ls3M@k3?i3+%KzqI-9L|SN#VPuMD;eD+rRLrqAH`No9aTrUohns!W@O!1o)Qc zqwao&`_r4v6uzcoJh5)+t`24HI2fEyqm7Vqw(yAh5_wupKu3_A6FJlAfi8?lafom; zRlK3m!Jddo+28yz2*l3p`QB$k;?--P)nO`7gVF|=hSfTTCyfd;)7l3U(-BsBLq)HS zPkjWauudy20(#)mIX@lW^v@#9=qd~%n!bU4VfS+@bp&*FbuhBq^VrNxr*y;B71dh0 zFBznb#9Up|nsCE-qu}`hkHVAf`3|0+l<%VDbIi|!tZlA6!5(QweaG9~j*3hr5pMn~ zFAQ)IXq1aPItuacmo9PBF1E&^cR+ zYFEN$8VXCYjL+bC6#+5CxZiWyqz3;2@B&HLA{!%TdNl80V|lv7 zPoLWzd$l)&AOL5L(LtJN>ySTQozKz1vwj3CshF3{#Lrp{j(0f9{eb!4U>*7Gl|oDp z9qC48_ZjqzcxHPX^0a$Q^xeKSRcFUHjFD1&(Zi%}-DEW5+&B{V1QCqxR`SgB65 zD&ZmFSZWQXli=KbOhvnb(mi$NyvfP4p0mD#p((ulK~Xb{^axq|$Wo~#5rk2g&PAKzGrJU~G zBw-pjB+W>>lG>eHnd38;=wpMCJvGH3=ycloV8VDlaMSHg}s?Klb zBbW#dysuXeVipEy5NrKQC~Hgz9=CLfK@Kb3Og5RC8H|8stv=e~CXAN716zmosD1M2 z^Af6*NTxCWW|v*4)=I@cy74D_Bi7qBJCfi*+wB<SDXA`mgjg<;v*z zXxP$JQ>SHXv1+ikpZh5_h!SDsF>FiChpGtHF*@c(bf1-sD4A>JLaF$}$LqQqBV!Lt z46GN`4xkeQOFSM}qooW!ytx%28)KQ>+o@F*A2Bqy;tH3qo+n^nhzD*eB5=CLgV+Fv^tF65ZZnp z_%eamzR=I}U#eW7Ouo9J#g39$my0rrsq$`W6mJc-dI`mQgEVY*_jb+y81>s;kKV&T zs=K?_6cn%k5Z&x@cY=!uW>rp|8?tTatK0^ps&9YD$1cA9-md(9VHow9%zmoU9Bx+!+cCTX~@%p)1n^ zCUh)w$%VpIq73~+g$uZ@M~7Vp89Y#2uj@L3wAdImA)=BkkB#@zQCe4RJ)G!zUu}Mn zEn{s?q@+H0WP+ihQtAB4SLVJcQ~%(kMz`hYlXQQXWjUy7@YuoDqM~dk?Tf-J*RFKy zhT^aH83{*%f8APAK4M72`S*S8MX05t3qBEH?5ZKCR#n`FF}?39r2yUmzKRt|SAw8v z=hCeKDVef;J-zqV;^y|hgDJ3i!)*fW4+5#xa@U?{ysbpJ;_q&*^+_%G2zVVEQ;+t+E-u=&W@)$c`#!C|TXS9T3NHKJT@1cCPo4*QFHLI>`^2gU0t3lIL zz|#Ai)|UxP(f0Rxksln_AgnWrqa{d_`nsfA5anM0-pMj!BY5ClfaD>D0XCtDiHVhk zJJ#AmfxSNWtx)2+_Y3D+#!l@WQZ0~ozMl6{j6;=JCHXy{$JGVpIn*l@U^_#rTDV;C z1nk+)Eu*8;`x^6RW`$}mV8^Qn)iC$1#d?+MfYQ#2NGoj!*25=)F7IsIj!LKW&dNdK z#u*U2{DG8*bXY!3ssE&v5{_#a$r;c{1moq9gZjjE?Ia-f!p!PwToo^uOtw^G~w^z>(YeUeBIi-sUlgBhxQR};XJt$lDtq4 zYj<35V_t2y*mjBW2ip+!RHno=Y=8B!+k&e-Gl&~A`%DW1fbl}YjhLBwv<(Nxv)MBq zze{E8GoRlI?uy!;VP!(nOEXzbm{r)c+90RoeeyCQWpJp4m>44?rI~Z-%~AAJ2CAz-W~t+s436)G0rpRj$t)G8bZ{Fvpsk>#k_aM1VWXl0uc>=>N?}e^*g! ztVIIDnf{s>Sxt~PDtBl4{U4jfDgQZQuKGm{j-Wy)qEt&Yw<5=}xeB*ip{()m2WlY= z#{$NG5ZSEyZG9=SrFh4j@-ELmX1b2hgZARRD|d{ICiLtpkTBd}r{)y(C#%Hn@WPF= z$JV3l)`<^4E8o7`pc5zx;YR|A2jnolzbL2V5IrBdm8Gj4&nM3UN9KvFjix%Qo!ROu zMKxJjSV)!EYVy$(d*HO*WFhA@>Gj%T6N&8G)iOIZeEm^bC$2Q2z;BhKC8^p~&D6>8i& z1V&`fTmEk6ME3bMXnip%n7Cqb{#HK*92`vx{&+c>@{Q$<7bS&&?s$JmkssYp_iArR z0MKwWr1$~D>vwrybBNwq_~ZaFAq@xNmnPAhC+eg}py=}tdFMLLQPfkpe}Qo@kTOS8 zZigP*Q^4O(p(A~of3uX`O-d@k#K6JbqxT+`PX#98 zZQEVSa*)W&o5GP!`SfjeEv$F!iYvLx;bQz?){iTU9{{5jIbiB4Rr_NB+ucX(Oy^ym zz?#c8EWg0lfM|Ro3a}E#W(EK+Eu-$%82zVpw>KB_{Sy&$`w`=R2~hd-J77?|ZQ|eM z|0bg4|Mfro;WZ${(2V*|#1BkEL*wbwr}ysN8yXsdJO&==J+G*wG%z?=^7H2#ZtkT3 zjOj;!Jxh}rIOt?oR#skKURqC~o<4c|o$Bpx_jU2x@!w9dny0q~Ra zu24`@Q}gt!1H24VQ=bDP0?eYH2|F=bIvRiyzoWe@LEp%z;)44W_d;_%4BYJNv0hKx-e`z|1? zvRABinhEht`jQo7=~zX-KRY#{S(f%Y?Lv~MFvaMy4)>-#S*Bi^7JP|v5{$`u`ZR8J zjbhcVY6U>Tm225G=v&0^!_EO>q&pbXN@&k$<(NMleb*pQI&Ly;jV z%>SK_U{$g^_uO_PN3P0wiewNPuUh7GQUN(SjLtHb^Rg4 zsAU+(+uKISwfai~PJ1>G=&L9zk?%Ul+=EN3ShIsj|59~F`-y#)m^iFiDXSb0C$s$a zL!kb!Xx%B_ugh0F{Te05xFIi{j=rg`{Kuq7+OZj}qH36|%WYsl$bOV0Ffq~no%yx2 zz`4jLb&lsDL|#WE_UWNCd$P=bv~lGd-ZKq=Rp8_ z{Ja%X;RNxLVfmz>6F<9XXgBKHj#TJfOSKh96cX54)GY44B_e4&auHo(gL;5R4`!#j_qL4Chr@jqCwA>R1$tF>&%a+qqIZdY!mXSvx z>$F!FF=NUM-4F0(MjVsg8n}1ogI20$dUuCAu`l>$50JzE_}=AHXc}>SvZJv#?yN!H zHAY5{?VchOB&fQdy_-xXVL?3|TlI~kc<`PaYP6S(B=q{~Y)A!Lz}Dy~O4xdRRx zkt(W-{U(EVLc~d)j{KH>;19SRW|*u9e9v=b7Xz2y_touw^{Tthebq0AQr{5dU9fvG zD)*7HmhaW3y}V-25d1wuIFQDIf9P;(6^nB?`i)LuVvCq1NC@wKLx23UlcJ- z46%pdh&2zZs=edUi57uaV1T5Z>}hM(2Lm+Y3)EhT$vX+f1G6r?`Q z;5gS1+vRoaIZ)8l&%=+7_VP~WLqBJk$C}#8*}(UJ1#w$;xqJfo%PRH`SI0lgLsy44 zFcspo2#BBvl_}BDUJc{I(LlS)jOz9UbdD`Ok;4m}{QjZtg!Y=)fkTTjqC-h3=)IU1 zO(lVk6r8t}4BQ(JAqv?Q*-!L(?MC0+D&k7tfqUC1fgJQ`L4< zN;n23S|Dw~;n3P`Q#ulstydUr+LPx=Ah#YMtvya$-AaiN^?MUKS)UhSTQC3AwI+|4 zb-hVhbxui6S-GIT>)65JxO|AgYKz`?Cpg6>5OnXG$pU{lPt*S0c=eQSC5f-Qa1(p1 z`4Ck$!ov^D)&130L0MM~ah)SqC&L0XU8-^?BP#SrrJ`K>%8=QdbNdh#v&PnA-Ph;4nR@_5@O6p?S^ zH6Hs{7t}>&n=hX#E~HZGBhG&B*F~Y)Adg<9>%7oz}hOiIyI@mLr+4P^omT+g+`%QMObAOM$N;EjH zP;c#~z61!Q%&l(u75GDxb&ZeVL)Q}d0=GqDOYjVq?CQw#CFBujmW})mdy-wHeYUIe zBT0@JMT~%9n%jDtUQIXWL{#KeWxZWnwS$Sh+$QySMK4j7H_;YP*MO~9NFkrOW_@`0 zF@==>k9VDY>2mQtA#IwI#q#tgY)1tF+@XO4uWkM~ovuYVp60nK7mt=~P=Unoy%DZj z7XI+G#8DKVGsZ5tRFAcer=~uS(?tqOXF8bZy1W{u_-_en~nGxrlQ4wll-#b?0Cutqr$$W?iNe&-t7YT)! z&2R}N!?ePr^D6VXKrdWy1h9VIG5)CXhb^Tije30e2-+mN!|7e_{qdhNMba@M|^q+y%(-$TCoKvNmpdI^B%)_3X&G467_?mT`fqD15M-WWP#A4s8 zzv6jd`$R{GvL3-7!)7eDkGHf&WI1K9ul1EAr&2OvXBiz{9JxnZsT0jw#M-|xl~>16 zH6OLnn3X`+|Mu=v&JIbAH|{O9`cnGr`F!ZBwCxq^&P8RBmSF6FXJ0Wr$1C^TZt#l| zOdjeIw&R!OXXl2Hh`vrP;%hc0FFW()E;(O=nr5G@r*R>tYimB><>}OR9i4K4lm(n6 zL<*&^i$(dkQ|rOr0tiD43?Tz4(f2A}b}ri^_dM2wn`%-9w8nyKh=I|WbyXd4*3>o*1g$oGlPxMPw~SPSvJBAIt`f#O7V}O8sDmP zcMB)TP>ub2W1kgFJ(?an2;l^fS6}VRVik(20eiCYaiy1oW%tKg*qXpxgfG^?7*{5f zaqUGArmkiEo953}EfiIIhmhw~!@1JxGd2TB+kv44d#UmCmaBYb6&JT5&s@jTooIVA zoZfMUPiEesbY&D~UF)8lzhNu_*9*^_4i~$Bgtpo&_fFl^hZ(bMJP~%k%$e1{;jT8W z;(g+k>w-`D_Kkki1J=PxEiW5k@Y%1*RPAJZc$BdiT+oXXSsL&t7+>2Bf7PnF%d4mU zaDql`D*NG92M@|)ZPCXN6&5azwQ+*w-sjVMt(Sv(ySC`>RUDYN+8J){xCSZ}(H|9t zdMUrz)Gop5X24@L!Ejc_3x_UydCefME^uZFjfH{X*>%rRc$Sou1j!P2 zayoAGBVcA`t`a;dsFS16)}9KX5!qbzkiLmiQ`sQb1{-aVnMPli}8^n56Uv<3`>+dI95QPLnTkdr5p>1${4P&cDAE ztLLExN!Id3_mq=Yk)2QrCc7g6Cg!P|mE9SQ@!Csz`6NNR(gdBJs>T)jN(AaE;D*ng zLuSJ2uPIYew%SQfKepoFjzM`!l!{^B$cWdx%T2#X4JxkOc^5u8@%>TybcES7k8Cx+ zxjW{?b-Hjmf<9zBHO%!`)}92c>?Z^vFFH8Bai3o?5PG^>7fh}E`rz#vae{T>O?U<; zw)B*+KH~gIG=0*UgeXaZOYlVoMKV5bKNaOx&-N`%h$y+p5?f&0RQz z@NM(t7WFIj25ZRG%rqfe$m#QS$n0X6Jy?UCf>yY;ys|^BZj8Ulb$m`?6cM*lJq%nZ zN}h;EkyQqhPay;Mw`3mITTfiA(1m?tA=9qbus(Rd({l*;9Xc&jhfvAbOtocHq+KJ& zcsN;eYh-K)4xBpBY{s4|)A+ubYf>)|$9j`TuSqBf2slA_bRfj%4vnx!;^=!>SU@ z7zbO6A8D>j9@yiIf_|EZes`N(pgyT=1#RojCMg{e8yGC~zy&I7W|FM>vg9a~m6d5} zY0ZfWeS*fXFlrca$e?!t!pFEOuf=yAzj^(#1SN>Yd;32B$T_@lxAL6YI#csCr|#98 z%zwYG_$%Q>T)(WlhynE(FH@@1Q4;!_co_mC}Xe@sSX^}f}&b-p~`%W=Ez8Ou6ySJ!K*%EP1$nTig{ z@x>dT?0pR0g9_wwO-4^J!?TDE?<5U*)g|d{QFEPUT@Hr3(NWj#zu9bXhV3_#>Gs`xysuHTH5R%c;X?G^XB4Hhp8p1 zT#08Y?Ybm(I5@*-;+Zz48R@|53=PSWAI8tS>2Ikg^71Gq2f?iU>BvuM85xGAra76J zVszwI?c0CN;@xHhdAIi};q2<9uO;rQWmBt&)3Z!yXeWM7<9##RI)|S&C1c#Bb?to2c^@2yM-XdFkEdJ4mlgCwUWnQG zHHF@j`m-D3u2bV)j};QTI zTRefkmGMSjyakS6Sfmq6l!<=9NJuN~fW&-8V2o0Rn#d)D|Htpx-R~3~YPA=r*zy(C zXp-e@l2-zn(3gwX!gCVTZ-Y(l<4@I-d%l*c3IyxwtsFBA6zkiKdl*S<$bXBZqnh$6 zo9xI-mN5}Z?V!nhvSAVSyL0aG82moo#*jY%6l~r3I=x~ABCuiWbW$a-xpCm<*m_@G zC~`GzV~bZcDRZGPX?-&7T~~fy19%J&bc{QrSK5ymj!p|tkA*yUHo~KilEa+z!IWi+ z3g)!@R|-cLGz6Q{Y)>-}UtLR{a?j86q6?|anDBr-9FI!Ky;35S8rZh=N)(a=bLGHl zYC@iur~T;?Fc=H~+=9zf2U=QM(DFd{xO|N~!XrLY=)~xIS+C#=fOWQjtACXBWTl>g zi0BIWH!!S+L2N^lYjqMT4WZ6n+)FwbRNg^j&A!6fRl$a#&eYKCF#5p=3to36<|C zi}f-v5F3J9IZ|g#*GN3HEWlGqj$GkRDx4Ad*LH5FASo>^oh=W~;R<9iQ8XhVA>roc zHZoeezXS=8Iyk#Tqg4b11eox4#etAT0EPyF9+2Gtsws57O8bXTXjk*{Y$ds;rw6j^ z6B`@*QQ((4;Gz95{MW?_ki=%Uwz`dgp~BD!OqU2%qB%{72aSZ6`uk&-5dkzmc)!g7 zL>zphGE5I^fAU}E9BpU(LKPAz~K zTXwpEtkxJbW+kZ(fz1` z!ouiUFJnGv@5%uuCucQuL)_@j^n-unxfDg}`B_=RzpVf2)up0bbo(caGp96gTf671g z_nrQ~g!ljd(T3#2bosjqH&rEBavK&+OBRe8XO|}9lN#4oe?frglfO$%^P=!@?qaIw z;6O)Y=g{i#5JGg{yYpYC8?@xF6&bqcFU*+KdWIpfoFwTYM~80chD7n$h0e^ulU~6)k9hBo*gjuSIW>I z-LXIHUu}Bz#K;3vgq4vX-Z(^l-T5X2xw$X>D8%z%l^FN z8&jT=^2(AuB+|fbtt6(V-;pgU4exBC4=gzCw28!(cym{S}(BkXMqa9gu zOzw$P+Vh;Lx2F@y4A)X^YDH@^Gg+uCFh&7KTgc?m4D<)ld<&phU2Gzr_R?`AXa2eJffr89h9f^si}Za ztgI#stn@w;K@CypR2?9ELs2#|@a)7UyQndV+Ss4QY;}!OB&jrUnwRZ*rPrbgZHMS| zFi5kGCV%U=!nyT#C4kM11jen%V1ENM4@-qdutsr}7n??qCUiuP47?#err@>v4c3)U zxJbsP-P#cQLQUMBk8zapjhei9pk#eTV7)UpV#Sm1th1fE3^!WXMP0g7ARfW-v>*hv zo_X)A%a&dlQ(J$Q4+>1z%`Jl!CsB>yV4r`_Ic6aELO$aSd&$SvngskJXz`0RGYtrP zYbkOjyN9XBYg7BAb9v|n4_hYEmZbZm!};N$P}WJhh?BL}RcE%N?X zEc|k5v0e9ULRI_npoyw5;0FK@@gk$Etc3l}x6{6m?rMRujWl z&Nn;QVh~p~o#$(x^#8*mFb!Fn?x(x^s)n z{W!S?5p!q~BlsTT3g#EeOtTW|E3uf8<)czo4&Ij_sDi-#>~0JRC$4FZxX>R{%LisD zfXI=7d8U80;{T}byTh95wmxlGKtKgVKtx4)Q+h{0Kny(;=_1mlhR_3whyn^yLkA)B z5_&Hp(tEF=cS7%>eJAn7``(#5-^_f^%$;Y}A3Wr=UC!BSt-bee{nkXEGu=RrpMtS* zF3KZe9F=f{8P{0j%wRQ(?ANPRh~9bHP*WK9DWklztAKfR?~)NijD!Qrhir-I2EM`N zp{|9jUI=@NFDP%dF!zT0#N0vEI*jE61%aWKqL{8yTrso1B}ZcN-sS*D7Xapwn$7%DrGZ3%E$XzbK_QxINLl!lj9WA(`70 zDYekwiyAB9rUNJDcTDQWb62u-L)m)AH zjClWEd_J4~9?HHH7aWYe#ME+lP!PWqapAGey=^@icKH|G>^hB3zl>(2=Ra&fWJ(-X zQrp1Bn*pG$XXK7R;^k2hdV)@uKQuYNiy{5;`YV)~g=JdBOBL`wBfNsrfjP5p&|Ugb zv+Gv}x0liH!_*Rjzgt|WCdSvPoL7=dR#nTt^x$k??Odr!X08I_YuWcoh=xcZzO1^0 zo3t&SnaR?oJD;vvdiv37q2Gox+1qmR?~8jVWMbRuUF||A6P0Tkmpgp{#?9Z=VB`d{ zfbbxeJ3H#a{RO)2CC65WDD&M}5*TVj6%6KM&=nlT^bk75W$YgAYN_mD=mir(&K}iv zvAtuBjOowGm20C-k{_ih?Sq4&!^ex+g`(>V7=B|Mv4r!yEvq%WM$;)`dI_AWEAI|n zcY{R}%c#tl!6S1Gr#qktQLB;c+PT)F#-V3X&Q1Y-Tow?9^Q>e~oy614TLHY(c2f)Xr&j76zQH4&7pnF1x%_W{Pvh%o zshdIx$2lTJ#7t|+ruf-yR`_YNck)dg_GprV3m|xfE0L&(bbt3PII&TJM)I_YKV+`% zW9y-L_k6DvF&&DO;R!%e{97srN$Hmm=I9yoB&6N|%|%H=HI?v)jhx6f(3X`^_4-o= z39k#fDuIp+pIUh3Wt1=t1LLd0z$PRE^TS^oBpQC{2$Ww@>=zOv1VhZ|{>tjJ*BdpB zVg5HV6oks&lIO4VStB4z6h`? z6ms$OAdB^!c4*Ur!o0f^TNi>;I%0i5et z6)j~DRMk*%c^)FUeciS5d*bbqr~?^PQLb`C(zA}w{x4(7N%iAbcwKwaDaIs3imkq7 z@XpX}BXpHmR2!KM^F4A1Q>5Q}UU+)2rjCUDbuIqEw6cWB=2^;N`fV||`@Wzl$iB)y z<1~m3Ai{L3&?cyT`McnA=d#`dX-&8b0a7`w2*wAMUa6E711ZH88eEdK3axFelgFa4 zyW9FX4Vtn;w_bM|nOeS0dBngb%FZO3jTpMAsB^{DX$VjUOT(gGuM|1Yd6bi z`W5~r2GUsTU<7pW%cDE;cZn#i>&Ob^T4UUR{pupC`$68wh?`7}$Hfj;gM-X< zlRAeHZ19-{3g><`q4Fq;Z=TVZ^BLXy;~GFZu3C~inl^NQnj4!}_5K0eE%?QjR6=W{ zwu7?3gR(FpdaY)i!s}{Z(>+@c14>7?N@#+!#}bQ24v*bj>{aQLn%&-u%e+r)I22jI z3jh}*5(I7(dBU!yY1D=rz8*T6&UUsYpr4BPk zjlp8%vNGxtu2^12AGXC#8Kq|G#5AmY$3~ItY-j2WS!P{!1IU8Wwm_2IlxJkWAno;w zBEx}GpPc)sy*{MC7`a(N!&{DM$+`G*Y?FIUk1t-lh?^M$4U2yTD9oa5^S8)QZz<%M z`quz+<}&9wJ9PoLv)*v*bn=(&0cMglS+m$2qKoZ7-e^F7WfeF#tE#ylZG3w>St0t`iWsMT+E;;mgz4ph z^r-uP0X4ctA~5Wlk9(CBKaAz1Cos;dyzJ~x#Iq-SO0aT9VfOnqkbX&!j=AJdQ#IfN z;!_H8n3SleWl!u3Pwi2TI~}Q=JwJngM!%r+#+MSRqM{78eB(|HFiw{iM1oj&f%$ys zKdf+sXD0ng$WrrWazPL_D*;Y^l*=h6;*fmUpPi9ROV@?YIo$@rfPSBs@&*2i_6^sRI8 z-*}PwU(Wz+jI4hebMD-KpOor%+y1NM3%I-g*%1LZrUvH`+D1uwbI?i7-yopMzH!!p zTEuu?1cyk*Ieb14b}c`@Zu$IF08z|>rB(PXSzc38F*?VeW0~Q`P-+S8(isBn{pw)l z)5FM?-pFd&CA9xX+)4}X@)_xk1cgW~odo}Ti>)|}8}@L#no>n77)l3E1xx#uVs{sD zQh@JE4lRrQL1!)^M_;P5NyfRUS!Q(V)5DP19{WWQw*Bk`sR_9o)Tv%DmzTw(Knj$PM9#(z`NdeU%mTdA_ ze%3tu+~A==Q80ipn+nZsExF~#jLhR z`=OOaZ&q*Ww^AWPf?*-z$eLc|UZHfl(cHIU;sRLgQ{_zqbZ#54ce~T<8D{q#FBml$%bY(yJ-0dd4)|u z{sRr^WrIx6s?l*+tx=P{CZ5`_&I*UI(MqrJ)2X14i*OQrC~6KpzH{sq@U{ep+ycsY z=lD%RDu(;>fJ%2YdDq%gr}RGL1@H_%z_eoNlL`L$+L)-iu*=9L*jCZpyT8Dh&UKp6k6-!rd!-a!1pD- z`Jo-nji4R4Yux#~;`flBL-Le?5aVUO(}RUtTM+T+{W+Kk`)Sz~jk77%I+1d8YVhS; zYX^nMbiBolsoEF?1d5irTt2Px=x!S{Es?3I0|RgAf9~^A(4eC_V0clpv(#ga^wx1Z zIM%hXyOM-$svg$*+jhlV1CX+imq6?hW0`A!_@VZTX7B5c&@^n*0{M+#aI|Sc1w}rXIRpZ~h!#dH%R{ zST^aSaQ^v|o-2Eg-Ruqb*2vfF`p#`~Z`X>Sp(lYFKdmXS9fA0PcypkXa3_&3)sH06 zrS{--&PIPV9Sq*!KI`%Dc%`3}ka6-@;*qv;b(S7RXm4HY*tp>magPJqMLqzZMA2Ha zY)+0nn06Jcp-44an@Sxpobv*cy51khQayY_vhj#onI=f=&~4-5$d`xFWzdsX7O2QD z0gc_uuws^v8JE5x+mSa{g}_&deh=tYEXNH_l-}S2QOw*?qzK_~0s>2f^(z?l&N@UmCVp7rks z9sh5cks^Ny_G{;|nyWgg&lW1*{rm~o#J}YKprQC*nz8<#<4Kq$BD%ikN60cz6GHDP zrfD(5bhMl}4%HppHF*XuOz0M$5!L+lP9FR6_sdF+jFxIt#}esYFW_+&F8lOCIM&-i zhTs#iu-Jk@H_>$dS))i}etw0jbU7}VjRy{RD`<$hE8TBzfro7EU&dUf9?p2Ok<8Ft z@e9Pa$+EcZ*M0EnsCc@PwLooAPED$-axgJtz{}_f)NV?E%PF&eXha_f?(V&|licTbrv!4EuQHX`K471(s~0N8d#kk&k`H;?`5+rGmp}he zPhV1~IgnOhxRmVy9v|)WT0dS0ck8IDLxt->T&oIw3zx%+5i0gu&=-#ct9+@BMG9qx zNK{?GzlL2Wx!3MV z+q=5t={d~IosN*nH~xy-#RMgao)&)^O7s51b!zelcbsORMO0F4QT*mdEFd~r?ipC+v3MJ{EQX&%fFyHy@OZ`nxN zW)F#DfSaVn5EQGiO{OfXT^<0(2y#A&$3)M&i(&aV(ev**snASh z#ew?)g?^%^0LpeaCto(qpGS1-khh?A^#72&@9Qo;{Qk6+`B0Vz=fhMep+O?QOs zj4b{hjPHqJ1O4k@eARIOIDz&Ea&peK4B5C2;$a)c#bkb;w6o7s$rPUyI<JpLTPXNQ)PaOl#+nG27lA_{ zP?JudH?QY*eW=w8JM|=8_*P5{Qd1u>2w)b%z8XB)zHEG13-M^HyJ;pm=z{W5nq-Ef zXr)^T3gG7px&z=EhxYB2rALPd{eDhmvxf>wWSd-3nI1lpI|-=rKQb zUh;*Ypf3ygO#(?$i?R&0d{zRR64T{p?a<@E)0U4`QB!WC@0E{sb>3Z?9jb)TN(M0k z8>2c)rJ?m}$Gbg?84j@>59nd^>|@)@d}F#1_#N!h!aj`NJ`7zif;N3Wi!%rc+jA;B z%Y+r53R@?@1LZ!Q@m^YdSWpvbr@vq)^N8dtvp}S6z``AYft7iyIT~mm*=ThL1U^Mj zfHJn$;;Ge6Z3sQH%#5OVzJjtX5j(X9TBEaz>CN|UligM>K5}(-r0E3tKvY#j7d>9k zi14H?l#>3sH@v?x(~*MoZ|$W`N=?ix$MZ`oPxoZ_ukgrqDB+HNGTvyIEI9Q5|>j9wDdNmsxet0d5-YO7?F zCHP!{EPg_MD0()(T!P^k+FVAqG?eq)^E~sDl~{of!bM3(?lf_%>syQfLuH&T?c`b6C~fvf zDdAIO+5PhZE z0xDI3i9Fg}UY;QBxi$YlQ>t(XUS`lQ$(9Qb^VRU`cUrFbwB05#Tn>aLhMb{t=dVSD z)}L0H?>60y{n6;ja`yI=bO62OVkbsBeLkjhd9J(gB9aiym_gX_W311U;+mQb%MOK~ zKc6MqbApcR2!;ZXvgo^qhaCC>-O8HwtLtiI>_-8nxhL=HSd59F-z|RQXxSkGr9Pkm zwm9^Paaxwy8=hC2Pqp0_6U$X?ksrm7;mZRl8G+vZNiB^-D8lE;dh{qg>Fzm0S+f4I z4C8Iv0`7d9B`ydax)c|K}>_xtE*lSX=Lqy%3#5mUUY9zgI zl#keRS|lI+|D+{)%7P1K!yZ3(?%y5hb>?CHd$zNg-e7qQWt5%MtzXEMGC#zjAh68_ zI`knwK$LBy6j$TS092 znUI;>4z|_?!kN3(E5{yAr*l$?AaNP5m#xM>>diCHw6B$~#~qb&|J8^e<>Hh5(1f%I ze)n~8a%y%4$zs1K6OD+%SUqVeSrs=O6q`UwNX9p=ueoax8zuj^O~Sx<&@6nn-y;n7v~F=q?nx+p=_0iT z2DFg`FlODy%g{EI4=%#JzL0N5=ym~YL2_ERr#YdMgQDtkE$O~No(Qq9Ed26@!gHnq ze-??Pk^zUZxvm(G|@6+buK5c+_x zd=$6+m~j%lHb>OmE?Qz--}{cnf0pX{0jH^sE@=Av)@4SS>{H%X^+!DATs$AAljV4l zd=*)v9?yOIe4|U52FuDC92P_SuQFY~|1+PefRfsIqbv-b*jqnyTCqI5r6}>@=W9-u z>vv%m(gA~C?R(+IdgJl|rkm75;A%z}i&y)7XwT?{&QKY!&qr-b&`;MpPc+2A)Jie!zY8P%sMWZzIuuhTo3KDU$_M8F&ijhwxg{x1bzk}_9toZDplk3&ab*@Xo`2Ikmr2n4vF+Mu zb@f)o8WUzo9_&}^3^eGSL*n$<^0v78krfCgt*{YF3*p)gJzb5kaj=}tXk&t1c~rn* z)=_rFT2s~GKHIXV4R$Fj9<@-iCrFn<#CoT9ce_L38hNw22D<4kX0}GtHC??B)mPxQ zxCPbJ80B=`983s1P6W{_#&Oc?94Yl7`7RHA1Yb@`GM?X-C(J&qQB2VnD`Mo}ZKZ)7 zho2Xr8XqKE#ZvT|@(He1D!^pqqfU;C=68`qMC6`rEJgiEyK-qLOlz(+oFz(RXLY#qtEbs4_s=bo2FxdtiRni&eZF$P04bh@VKBULK6S z33EVtxF5>+y2l@D=B-b9dV1Pmzl)pGdbnxpEe_5~1ruExS!IQF%rc>M!)0BS4h7i! zPIYBpUbn~!jVG*OAXmiXicqYpK|>T9OXuVQ0JJ`LzxiR$^7dRtsG94C*vg(BLq%lv zn!PBC-mkd)pt0grGIUmE=1l>tfq16;#wF$*31R@)>3PQpLE_freHgG$Id^{pfm?ie z6bry_fz!W&aVGnllgjVfDFXOqU^!_@7PmS1TsZCj-pwFNrN`W?iS)A-2DNssULW>S zk9#7spaz80y+I#|$w^7QuzvaH@aH>%P}y?RS9(ZVF{U(7@hVCb2w}kvwi`w|Q>3)l_wK7gAi*Y5oM>OW1@qN-7IZ!oHV+HFjyCPnj4R_@8qVXb1pV3FQ zH#g&7!9L+h*CK`Bwgbe5aaSx&L$7Pyy;2bG)A(q<#X$R>uq$!Vs;EF+aXZZ1-OQFB z+kq3RKAp0Kd_|ToHA+u)YrsOhrkj$R9Kf0QV_)^Wt(qEeioy!Z2TGT^rwoa};dc(K zzH2$lf!f?aY^h*HwM*?*=%J7i*=_w2kK-~+>&u!Sm8sxk3Uy;1MnNfS4y9vukipZE-G;1SOQ{NYfMaSaYw2PDWKh}BhK>o0gAXM+uVo;6`L2jyX5xCL5!NI?3ROSa_OblQCaBQV zhd{d8!`ZzxokF+v){oU=1t}ftH{;5-^E~tQoL}#Hh+#5J9OFc$^5JB$;GHNj^mV>H znwNtam|}_{LVaVE|SAv z#A9!B2U$-(9k&uJ`qpVIDr5fS$iuyIcgP47hHgC`{T!=p{PlDBl5f$HGll-z}t6a zgjs#GG%uZrc56@}2(x*R+eX$m!s0HLvfY%PELvM%IM%AlIR`d_W*CnZ+DrBoEu|B- ztd_Y#bur(b=$n~+HxCT!TaU7KU+Yriuwp`vk+);VZ-IVSCEMaxODdM7T1<$U+fIj? z0Yxu&1=%H6^Qlj3T75j+pVTtym%du+$`XQ@Pbm@GRrmGC^}|s+PvxDBS|t2@;pUV< z`H)W^Yww$8zpOrb6p34t6HR^?B?xU|uGkJ|BI;WiEnRNhYSuR&zYcE?pUD=fT}s7> zY^eFC{XXi~R9;o@~&iv*k`ABS*P{+|h!Auo-olulkl6&cR zsrd9*^{?eZjsfnSRtnqJmUD;t(J{k1`6~gF*sZPjL?88~-ZYEi>cr)UqngE9dIgSB zgomEODGPmjg`n7Am5bRjn^Mc|EL4oTeQklQ)Iq89ffQX&vVU{t_zl~WWopzfc{Nh8JFx_H)VC*3=ql2^tZYiw^mH%-9rj< zE$_;({7gzev^r?=6&aegsxaIYag;kQMq^Su9HuLmf7b2w*5>!*=gsSk~^sKpd8vg-;bjrSi`*_w>7tWI3l{=0!7 z3G8KZFJc#9$~>*AZMzbs(8jVN`nlIh|E2{Jc*(qGhT2$es-XuuLes-fm-S5bdWml?DZmncOPT^5iq>5iuq{p4)#dBuid)cO@xA#!MK+-26p(hc+`ClY2Gd7(Q|Q}f`YyNkx4-LL1ZQzK6YGNUbUAmMeKfPk>5=D z;bN3YsLo+skcG9*ja95=G{x4aQn@hA?)3Z1jo69B!p(7{-WEE4mf`e5IW0_ja!Y?& z+n7qDO;5F7czwK@ix<{goK1B%gl)fRlQse@2Rk?dG_8_yW#!Z!IRRx z_2}KO+^_#LrJBm(QL%zksnpMaFCcu6IM!34QZ%qHF-eeVtxCSaMW3Hq%w+G`(CSP! zYPmU92O<{-_M3j4z5V6q;CRJ0t%f*tVNo*g^F^3Dzc0+9mc;<4F>Rj-LVX3;otC;; zJoXzsA^w%^LdqD$eHYs}SRpcrO#Y6?%y6=Lldh|GpYo3D6t!I6P6Kr$OM5#$<=*O5 z8SF<%4ekZ1*+_Z1EqChNdy+8gNhDjCOydYN}x zj@t<-_fF{akg(F^G?Vtv-`NP*F#oKJ4Sj#>V#h_wlM1JG)xzq+6Aw^3C3jBzN|S7W z;+#I8t(?_y*%cFOB4+Z@Vh8>4E)s?vi=nZHu)$x8bnxwtmPL=cUlAJfS4K2AbVu@X z-gXV6%%u3_s5C<2qTu?foR&+et(dPJtS)QUDtV2{^$A>dsg4iOyU+;g(CS{4_Me3)>9eH=p4vpY*St}A9xzs-TL z+VApcXSRrGjk7zYPW-@=G#&|7)&YF0>Z|~$&oj?wS=5~-Lr zJesuMl8BGyt+}(S&OAG+%-$-(S7>{;X3p^^CL~z!rW(#kPhe%<6Qnj5+!xiN1>W-* zk%?AxRU=O42X8)c`hKtF@HKI6e2I+ovnu7!!qk OjI5Nxvuuf1p8o+cuL*eo literal 0 HcmV?d00001 diff --git a/keycloak-realm.json b/keycloak-realm.json deleted file mode 100644 index 7d15a42e..00000000 --- a/keycloak-realm.json +++ /dev/null @@ -1,1794 +0,0 @@ -{ - "id": "devon4quarkus-product", - "realm": "devon4quarkus-product", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "defaultRole": { - "id": "6425f4a1-c4db-4d11-b7c6-c994de2870c5", - "name": "default-roles-devon4quarkus-product", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "devon4quarkus-product" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [ - { - "name": "builtin-default-policy", - "builtin": true, - "enable": false - } - ] - }, - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "4d7ee156-38be-48f6-9bbe-7b9d3ea06921", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/devon4quarkus-product/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/devon4quarkus-product/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "f667a8ec-f3d0-4b50-8c4e-c11d5eeddb8a", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/devon4quarkus-product/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/devon4quarkus-product/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "42e9ca66-95a4-493e-84c1-cb2f7ffc9aa8", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "ac10be4f-6567-4a9d-a506-3799641c4ed5", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "ed146823-8742-4570-ba3b-629de870fcc4", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b9170390-279b-4056-83b9-27e4a76de22a", - "clientId": "devon4quarkus-product-cli", - "rootUrl": "http://172.18.0.3:32223", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "http://172.18.0.3:32223/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "63cd1721-1a5d-4cb4-bf44-62dd9fac1468", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "fc20bfa3-3e82-42c2-a044-9eaa25475bb8", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/devon4quarkus-product/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/devon4quarkus-product/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "9064444b-db4a-4eaf-8587-599a116870e1", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "86f0de28-ca18-45c9-b2cf-c4fdd97060a0", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "78b1f674-1ad3-44fe-876f-5208357bec70", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - }, - { - "id": "b052bdff-0959-44d6-87e8-cb33bcb05f25", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "fc66d3d9-e339-4e04-b699-35396a2821de", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "9c64ff98-4806-4294-aad1-c7c3f68b68ae", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "bb2055fc-87b5-4eaa-9d2a-ecae66523ee9", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "e9adedcf-fe16-42e9-8b52-8860dc821c23", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "283eb5ad-4517-4c75-9115-b0f22e66e81d", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "fad65129-6f6f-41c6-a022-5036d64378bb", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "11e519fa-e2f8-4a67-ae7f-cb72c21497c6", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "3bc2fc18-6e5c-4e37-b2e6-c36281cadbb6", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "acd957f7-8e54-4db0-9018-93984bbe272e", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "95ed9602-97ec-4a1d-b237-9a2a172486ae", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "e0c53a32-11af-4cb6-8796-a8fe0a6f4d4d", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "0d5d5ce7-7282-49c7-8ef8-dfe665daf8c1", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "390283e5-2cf6-471a-8994-a19a365496a5", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "id": "ed45c7b6-e55a-43e4-a668-b0d593a523b3", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "d2774896-9ca8-416b-9afe-a477cd96ca0f", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "d703d57c-9d4d-4360-956b-675f1c7e094d", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "d94effd9-b8e2-4f95-b21d-05097a78f6b0", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "b972105c-de7c-4810-8204-1fbdbf6eb32a", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "12480587-c1b2-400e-a7dc-cab6347262ee", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "652a36a3-8323-455a-b0df-c517f63a3c03", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "5a54a6ca-415b-42a3-9da7-fc88290ec983", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "411b5e24-3a59-499e-a241-9e4fcfc5f2c6", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "04a62c9b-a4e5-4a14-98c0-f269dcfbc21a", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "82a03fcf-e51a-43a5-8a61-12842517b480", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "7457dfa2-b244-4592-a321-133970b76dfc", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "7888cadf-da14-48cc-97bb-c9a784ef3eb3", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "8065faec-a944-4df3-b8db-048124ad3304", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "e52ca998-e4d3-439a-84ab-ba33548aee8a", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "7ae107b4-37d5-473c-9ae5-b0341c597d6a", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "a5bfbcf9-5959-4886-951a-3cedae51a02b", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "44944612-aa38-449c-a9f7-b16a0d6f4599", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "05e01092-4fa9-42ab-b974-820bff7bb0e4", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - } - ], - "defaultDefaultClientScopes": [ - "web-origins", - "email", - "roles", - "role_list", - "profile" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "phone", - "microprofile-jwt", - "address" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "085a812e-c177-4653-9b19-5a3b7521436a", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "7205906c-1666-491d-a841-c0777c318fb8", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "4a088175-798a-4cdb-aa72-c749e7dbc9b5", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "c426fee9-a81a-4aa1-be1a-0c36d4d533b9", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "saml-role-list-mapper", - "oidc-address-mapper" - ] - } - }, - { - "id": "e47db9c2-deb9-417f-815c-24819e15043b", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", - "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper" - ] - } - }, - { - "id": "d5baf6c0-0ed0-435f-b009-3677d630faf1", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "889a97ec-8bcd-409b-939a-8d0bcc79cd45", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "686b7cde-8151-4058-9776-c2848e077a6d", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "8b4aba7d-56ab-4b95-a6e4-50f78f53f082", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "f37936f5-667e-4278-81a0-5be6b5c6c30b", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "33a8f061-c812-4de6-9b9d-ac86d065d573", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "b9506abb-84b3-428d-b9b7-fa12c1f8129c", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "22a4d4fb-cc3a-48af-9c5d-22106304c01e", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "5f11d9fa-b452-451a-83f0-fd4f8c3eb5ef", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "19cedaa4-3219-41c8-a03a-d2c14da8e94c", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "dc12ac1d-3236-4e59-bc97-ef409bfd0236", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "4470def2-4d22-4676-89c2-46e9d8a1f737", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "7e224a0d-8138-4175-b72c-38e812537afb", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "34b882e4-eb03-428a-8520-eacd1ea4ddca", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "5580510f-feff-47f2-8e69-34c0593f68be", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "9534ff03-4b54-4321-b0a9-ff4b307f6791", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "6ffae7d6-c26a-46bf-a434-2d106e1c1670", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "bda796d0-fb48-4d2f-a394-43fec701000e", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "97eb18a6-810a-403c-8b07-ecccf5782113", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "95d1f57f-02b3-4a50-94c4-1ec94dedb474", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "9136f39a-f291-4bdf-b756-39a58be7b7e9", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "eb678ccf-3b43-4768-8c7e-516b20d9120c", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d2c9c213-2830-45a3-9e0d-ad4ebc531a41", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "2c7ac5d5-771e-4832-9603-0bdba91b033b", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "6ad306a4-c63b-45db-a772-b5aec34cb260", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "bbd12372-13df-41c1-8cb6-b1aed28a8e1c", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "7b5313a0-ab33-4dd7-a8a8-9217db672615", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "9eb9e03f-6ebc-495d-8c8e-7156ed90874b", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "oauth2DevicePollingInterval": "5", - "cibaInterval": "5" - }, - "keycloakVersion": "13.0.1", - "userManagedAccessAllowed": false -} \ No newline at end of file diff --git a/src/main/java/com/devonfw/quarkus/productmanagement/rest/v1/ProductRestService.java b/src/main/java/com/devonfw/quarkus/productmanagement/rest/v1/ProductRestService.java index a7166e81..dd6585d7 100644 --- a/src/main/java/com/devonfw/quarkus/productmanagement/rest/v1/ProductRestService.java +++ b/src/main/java/com/devonfw/quarkus/productmanagement/rest/v1/ProductRestService.java @@ -1,5 +1,6 @@ package com.devonfw.quarkus.productmanagement.rest.v1; +import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed; import javax.inject.Inject; import javax.ws.rs.BeanParam; @@ -43,6 +44,7 @@ public class ProductRestService { UcManageProduct ucManageProduct; @GET + @PermitAll public Page getAll(@BeanParam ProductSearchCriteriaDto dto) { return this.ucFindProduct.findProducts(dto); @@ -93,6 +95,7 @@ public ProductDto createNewProduct(NewProductDto dto) { } @GET + @PermitAll @Path("{id}") public ProductDto getProductById(@PathParam("id") String id) { diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 28d89657..8cc78725 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -43,5 +43,8 @@ quarkus.micrometer.binder.http-server.enabled=true ryuk.container.image=testcontainersofficial/ryuk -mp.jwt.verify.issuer=http://localhost:8180/auth/realms/devon4quarkus-product -mp.jwt.verify.publickey.location=http://localhost:8180/auth/realms/devon4quarkus-product/protocol/openid-connect/certs \ No newline at end of file +#access control settings +#to enable role-based access control based on JWTs, see the keycloak_authentication guide in the documentation/Keycloak folder +quarkus.smallrye-jwt.enabled=false +#mp.jwt.verify.issuer=http://localhost:8180/auth/realms/devon4quarkus-product +#mp.jwt.verify.publickey.location=http://localhost:8180/auth/realms/devon4quarkus-product/protocol/openid-connect/certs From 6686617eff1b45aa8bf7d0075aa0c131c822eb98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20G=C3=BCnther?= Date: Tue, 21 Dec 2021 14:35:32 +0100 Subject: [PATCH 3/4] spelling mistakes --- documentation/Keycloak/keycloak_authentication.asciidoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/documentation/Keycloak/keycloak_authentication.asciidoc b/documentation/Keycloak/keycloak_authentication.asciidoc index 02cea3b4..5764518c 100644 --- a/documentation/Keycloak/keycloak_authentication.asciidoc +++ b/documentation/Keycloak/keycloak_authentication.asciidoc @@ -16,7 +16,7 @@ This guide shows how to enable role-based access control using JWTs (link:https: The `docker-compose.yaml` file already includes a configuration for the setup of Keycloak. Use the `docker-compose up` command to deploy Keycloak in your Docker environment. You can also install Keycloak on your local machine without Docker. For this, follow the instructions on the official link:https://www.keycloak.org/docs/latest/server_installation/index.html[Keycloak website]. -You can access Keycloak by browsing to http://localhost:8180/auth/ in your browser. Open the Administration console and log in with the default username "admin" and password "admin". +You can access Keycloak by navigating to http://localhost:8180/auth/ in your browser. Open the Administration console and log in with the default username "admin" and password "admin". The first step is to create a new realm. A realm in Keycloak is used to manage a set of users with their credentials, groups and roles. Click on "Add realm" and then select the `keycloak-realm.json` file from the documentation/Keycloak folder of this repository. This will create the `devon4quarkus-product` realm with some preconfigured roles. @@ -25,7 +25,7 @@ In the next step, add a new user. Click on the "Users" section in the outline, t image::keycloak_add_user.png[Add a new user] -After this, open the "Credentials" tab and enter the credentials for the user. The newly created user is now able to authenticate himself in Keycloak. By default, new users must enter a new password themselves the first time they log in to fully set up the new account. So open http://localhost:8180/auth/realms/devon4quarkus-product/account, sign in with the new user and enter new credentials for him. +After this, open the "Credentials" tab and enter the credentials of the user. The newly created user is now able to authenticate himself in Keycloak. By default, new users must enter a new password themselves the first time they log in to fully set up the new account. So open http://localhost:8180/auth/realms/devon4quarkus-product/account, sign in with the new user and enter new credentials for him. == Enable the access control in Quarkus @@ -111,7 +111,7 @@ $body = @{ Invoke-WebRequest -method POST -body $body -contenttype "application/x-www-form-urlencoded" http://localhost:8180/auth/realms/devon4quarkus-product/protocol/openid-connect/token | Select-Object -Expand content ---- -Finally we can again test the delete method. Pass the "access_token" from the previous response as Bearer token in the Authorization header of the request. +Finally, we can test the delete method again. Pass the "access_token" from the previous response as Bearer token in the Authorization header of the request. .*Bash command* [source, bash] From 4c8fc90028daa563e999d981d044adcee23a07c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian=20G=C3=BCnther?= Date: Thu, 23 Dec 2021 14:42:31 +0100 Subject: [PATCH 4/4] changed keycloak documentation --- documentation/Keycloak/keycloak_authentication.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/documentation/Keycloak/keycloak_authentication.asciidoc b/documentation/Keycloak/keycloak_authentication.asciidoc index 5764518c..6bbd8214 100644 --- a/documentation/Keycloak/keycloak_authentication.asciidoc +++ b/documentation/Keycloak/keycloak_authentication.asciidoc @@ -52,6 +52,8 @@ mp.jwt.verify.publickey.location=http://localhost:8180/auth/realms/devon4quarkus == Test the application +Now test whether the access control work. Run the application with `mvn clean compile quarkus:dev`. + First, try to make a request to get all products: .*Bash command*