From 17863d1d4fece02411bcdb60cc53ef264ffb70ab Mon Sep 17 00:00:00 2001 From: AndyMunro Date: Wed, 13 Nov 2024 10:09:47 -0500 Subject: [PATCH] Address QE comments on Server Admin Guide Closes #34916 Signed-off-by: AndyMunro (cherry picked from commit 205898baf35fd3f81e39e28b935b2f0eed02a91b) --- .../server_admin/images/user-groups.png | Bin 42068 -> 13313 bytes .../server_admin/topics/admin-cli.adoc | 8 ++++---- .../topics/assembly-managing-clients.adoc | 2 +- .../topics/authentication/otp-policies.adoc | 2 +- .../topics/clients/client-policies.adoc | 2 +- .../con-confidential-client-credentials.adoc | 2 +- .../identity-broker/first-login-flow.adoc | 1 + .../managing-identity-providers.adoc | 1 + .../organizations/managing-members.adoc | 2 +- .../topics/overview/concepts.adoc | 2 +- .../topics/overview/features.adoc | 2 +- .../roles-groups/proc-managing-groups.adoc | 7 +++---- .../sso-protocols/con-oidc-auth-flows.adoc | 4 ++-- .../sso-protocols/con-saml-bindings.adoc | 2 +- .../topics/threat/read-only-attributes.adoc | 2 +- 15 files changed, 20 insertions(+), 19 deletions(-) diff --git a/docs/documentation/server_admin/images/user-groups.png b/docs/documentation/server_admin/images/user-groups.png index c397b1b3f0da32464a01386e66e1e3206d077905..9cbeca601716fc7614a3962277f24c45599a5bf0 100644 GIT binary patch literal 13313 zcmd^mXH=7Gw`~v=#lqeq7OI7gzy|46R7ya4lP*$}UPFhdh$sqZXwp$YI*}53u~8!+ zB_M==^b&fNepmMSb;tOA?C+fOjr-#|bRa2jp7(jynsctXR$gdnD4(Kbq(vYQr;sYQ zbr6U{+z15K(_=^B5oT#(IQ%&5aTBR`4E_WhvwjZ0U-VSG>#6Hv>*;OjZi9H>?BZm@ z?_uR`W8>`c(8Y6+x?T=m#7}wAEq5DBPdgXqOL}%rHV8u->r29aUD9yzf*-;nmxP3* zL`9^8BrYkaUsBZ7TUaxgK_D(6khc}|e3Ir#-T`|0Lru$z?A9uWE{AIzI?gh~qW!1V zABVMXe|mP7iswt%s9dbFq2+pKL-D!WPmdfny79+tD(zgIOqCbcWG_)YdCcyqa;UO{ z&DNG)_;K`c56++=tf9G}u*YI$z5fH}-|dxCDMd!HHpdZ&PnYCU1Yp&_j1QkhAnq|A zf(`lWG}RFV;zH=7LkPsHTQ{f>h{nrl@S3qdv=E3#ZpUDsK1uxBFZcOY7r4`tXDArM zqpK7Y6cqOSxmG|xO&0zMlUb#ELpMi-qIN&sC!)`_w3EydT4IUnnQC!fYW~4AbOx@j zALR~qJ<3Z%zj*BacEdT7j6J5>2|2o1o)fJMEYefTo#-~(?nIZmoKs9<4`;eEoloSU zy~dg%`}#{Bh`Np5PL}jg!iacG-eHjsGG!8T{Lvc2cfyHyUeLT}u+pPs?U^rmtI})U zcyD*LLseaU{l7l(7&nJntX`aenRQA3+V8PQ|0?FePlENkSCCb!?b7R`F9mb;^9-t{ zQvCIbt&y5>2JCAKBomD1aNs77gv4D;Pl1W}k)ua>rKF6@NnS+tg3wj^8$oARJ*gIo zA9h|btMSo({P=N-z!7oRkuOJ(IKKU(r?zkj+~B<3{0EhMDvRc$6G zCw|~@e2VK)4X-ej;u-XA%~Knr6oGfmcxDae-Mu|ootM;Dpv8-)k1-3d0w(EL_%viwOOjc@ao2_oTQn=^RF9q4H@hAv@*Cc1d z7+!r5_i>eEDHN|JYMxlGNjY$MP_M?vO+Wvxwx-PTQ?G@=9HnqZv+`%(zTG|r(P4v+ zje$#Nr3M+N1xAF0Vc?g8{l$Z-fc<3ep*QeBDk{%ci+oonTWm|wE;JcOSjoS`8;mR}$CcWY;d4|Xzed#!V20+00{e0K8U=-@&X zik$Jv?azoNN3q1yY;tp^L&ewHQe;ga`t*E!Dh?ewq?e_^vbT;!6JF4B730veJvG4b;}vlY!7l|WTcol z&udXvQ{_4HzC->%rirTl<#|DazCttoDo?v3hYx2vldAmYaeYZvio$rjKUdZ|vvB=F zmS$?Z*Z0Zx$JzJq{ zgmMIPXCAgLR|+-T40i>)*?WslHskHvx2EMZKC1V1Fk<^Pl1)?R(VM|%qAiu_F zSH`0>jWPL4OH0=xEo%J;jH33@94!-(ZMG%mf$Idvc|w6nAI5rbLJ;jHCl>JARSm28-d!eP(A^H_R0Wz z`&KSqz!UqK-d*OpsHOl9J}%#t4`V*qA}A7$z$i}vc|ah(OP4M+O;mf$ z+rv!>Xf_qOPqYdUX^$QI7%OOzGDfEM8K~Q%$+x_kTJkJBpxwB1e8;gvGgXqvD7GR= zj_DivxG^vP>kT76zW5bc!FMF&{M!D`q8etQV(fHVf~Xp~x1f7%rW-=!x>0PVkX7R} zWL^s@v8APDWp%Y%da))woJrh%d9=ar*JB!XWGEe5??=n8&OaN!gq#rdS-O{*nVF*+ z!@CWDhqL^8l;5JxRIu*%`$N>!D0mZdpS*=0QhF0mNmlbqgjz9$hD3QI`(~ z14pQatyu|!ctCZ?ZjMXTjTDp*>6n@(jgF4?)cATJbpR=nBO4kTc!Y&@?Ck7jdkYc` z3XC}t+dgom_}qMXj=w8G)M0JNe=+A~2(6U&LXzLw^vK+c%3kr|fOJ@-9V~L-qh&Cs zM$&Ze*g06Dp+%rRM#T2}1qwUlCtz~oGd7Cy%$jdXY^#dGqExZod*7jED7Uj<1 zR&YUketX+wETeo-O=~nydb)CCu3DTx`%w7z!p$MKINdA_yHAg(D0>2n%lsTnqlP(i z=1fnqjoLh^+7KYLH&T8-8{kHorn<4A!EU_y&5;2w^NtRe`aOfaolQfCKwkaa4DaDU zLwuZI-&}tQAzhgc*+qF91dQs%F^lcBnRNJ29$sEm3dIfJ94L6XKG)w}`Tc673?>U7 z*%ZOj-TdY%&Trkmz`WKN0IMb-Fc3A<#j!rqtsEz4A@IYEidOCZDB52s_S&Ap%le(q zTRX4N9c~->?3^4nMjIbi^@QCC!Dr~{t+syuzKhAHqCRT9Ba)JkU@yD$i8_`YKRi54 z*|F71a^TGqw6w(=3#7z?qfJ~+Y;395Qp*ZaTPrqvkVY75(T6`iO%&76v6kMvdDA^# z0kgi`#P+}hduhk?2WvFHNm+&IVw9$wn?MPy7himh45U=XZnU?(?orteV!~8zq1CCJ zWQ#0j^`9$p><9$TZ+Fs6mJ%hdE-x<|0HGyg75)6GY|K_$Y5`9TbaZqI?OQbIT5Eh) zlTsJVkVs_9ie13Y#ypT+2{6U_M4W}KNzlRmo&k^q2alR&fB2BJB;_q?g0;~F$pF=o zspy^g@)FraAB*knZQ}>+NiDs$&i+~}?m@P4=Upl%&hcHoe3|HX;=DlVOI~i!YHi zPS=*@P7U0M@9OT>FS@T7xYEMaFBiVEwI#{*t}0;5y^t%A!UXoc`SJ71?{0;vV&IiH z@5LeJK8s@O7ZI$oyvS`(4GibbO}aBtK(8nqqNrjnhbKRE zTOjbkYrYmxC=857D>Yq836H5k#Wqnrwi!(u~NXQpGFaR`_-I*)FWB_bjA+Ac+ zdJncN`#qrW-c-FADPhiMA5u)p_1BHM^5nQx4?q>8_6A{_R%;WiNx3sT7w556Q6Vw4 zQaE%TGR$j3Wg@e@0CKCJ)#DWolR>KXo~q*iWlQd=OkbGq>D=1EWXfA#jOxm@@mTjQ zEf3Az32vee8?%nhSSR2taW$A6{(6oPR5%Sw?bBk;?^j*+!Dr@Yn0oL3M z(7oD{DPonvsoIp}Fm3&oM!?Y{jEk5C4=;<+;3lISHP%m)H9_L|Xq3L${@rfd}O z!&rdaUw>)2)GR++jbLaBN|yCE0PL@|+<{y)TBuoxW=dwOltm9#1~!rBCD@$Vu~U6O z44!~da6{wiqw;4r+^7b5cqAo>R+b?@sgut;FDf8aRlBMe>+%-sb{4Ae6xyhoqzfMt z{=7Wagsms9tPGpP8p$%}RjKQ~y^VTd(H`I|*JFMlUG5X%bg-@i|hxfGtXYJ8== zI8@8P%$yIgCj0wWaQnjMZgWimnS~BtoYYahD*HNa>;eNrX2Z+#kmw4K<~m zE!}%?{+rI_9d25$1HIPd8X6m`a36qRA1(}58qMPKA;0~8kA$wb@?jss&JWc3ms5yz zVNepV_1Z9z9|{RZk%yO%3D+NJMBoeV7JZSFS5g?Jj`v?$@nHV?^(#m`@o-jI<0ww` zE+_|+njH6cw=fwdF17lt7wAUp>*&W*#_lda6(H?3S23~@(RaTiMYg?OvhX`d?Wz}O zU4&+}SW>BdzYOv1Ss;f1#_Hcr^yT*N{J*#hDg5^m^K=)v26%Y8yB8ll&78fqw&qCQ+aS6e8HkjB>AzUp*H0e6TFA$h+X$MJ-N`e= zdI_*yyvT!`C6;6H6L7vxQ~czJ&2w7OPP@J(c&Z|CMhX9tO4+nm7ldxYVq(}SX@(;A z5>5!#q|wR!zVY?hDP6ctoXfBrvdg1GHVe33y05?xo1zrSI&Zq!F1^?T3W1_Z0+$=k zLmb3-#5RKr9V%UPU*6p8Q)UZfw+ZMp>;9lFYS+c?M5@vUGU{}|)_#COn!CRNSHr~9 zEVsEhY|(n5!vpBf0T2uFzNBt@mXGAt#3G(VT7MVHs*@@gSPCk`X`mEIDe+0(!vzra zcQI?tS0g1Boqbl@#0f=K%9LV>&miCRXa_x)#=~#V|CI8aehu4~6zs6-KoNk_N=Hv# zNCS4YYr$|Bmpdm9p$`IKZMTbxiYWS&QYpyzltMApE`3*Sd;01rMiCW?653uTug~UT zbK%qb4>f4Y?`1#t!g7!#!qD`phk_otb{QQya& z;u#qU@$deOVrZgXq*AMqE z06{xfSkQCc`54B)7dtlhCSpr?Mdy~nMt|`&2Vio^!l}12!dbprsm0waH4we6kpMS$b8)|8`!F_Ha1#8I-sgW_E%etAaT@56Onn}M z-;Chfil=EH2)%syvU*|bPkQ>XfFMBDKBsQd)YP{Z^d3os{^fm0yBd!zkOE(z%I$F5 z5-_V8_vJKda;q@_zvG(OgP<#)4riUAH*3E_{%ASIN$x>S(o|ohoe&#aT5_et8%5;K zmk$?$m(kMEp$RUL9)J(deL__|NkY3J%%=WDb5oP@V*No~Z=o4Qy5|IJtw6n=tCxcT z#VF)7RAYp#-}keO4!m{i*~!ib7U>>vLlke{ZiefDr_uF@in`RQ>Gah1cfNai7Ow;M z;dn(r)ldQxxSy7mRtH=wQ9zLJ3qqq+L{h0;6r^AQlpL+j<$N+SrkjHvk(8X_zx(kL z{`V_Gb6-XO%>}}AXF4GRNe{*H444*_1wkBVfq-%N_35$iz+w`JF9#582|`xS2FhKq zKYnOYd=OEG-ky>UxjX>D8DKgOd|9;HiP>0wleKU3n%R#1#gHnxdV0}H5zIMY>a;kQ zKQO8T%@7tIP5_QdDwnaS@WDb^DDE9yQ9K24(*4r=r`WyyM4p>6{#Wob8pyU!1xy>sf zFCt|(-co8ois1t(r3)zn8uWwzLZvbVCBV!p{%%Hn7BymNIol<s7Ir*jQ8|oG}M5U5uf5=UX8w8M6qr)yXywjdQU{Nsiy<^Ifr&OH*7Rz(QQ$j+bT} zHDYUY`NcrZ3mYTJp|I_-NO`F#(`K2aGZp>J!QOkjyE109i1EZGPWx3QxK=mi2;j6y ze&hnU4;@w2Ft~s6oRC{Uh_oxEM*jWV2S`Q21^GaZ0WtLI5r&2mac{0FyVnq}fQGsL zpncp}%(*H$I@-}2XR|NBf>;tW9c>9#e0grBTT@;iwA$G}|GZpH54{H=%p)(l88CMU%q~kF=Is_nz^v2xS^y~P>bDvJ-_@dHL4VSpn!Ai zykjQiy{6)XaGr~El3v4au*`PWCf>YtQ^xEx;;YXDM~cH&WcVzh2kHnywz+!iw2@Kq z8V&!xfd3;N+SvV%rv4iXtDYBc)N!QB75JX0)1G@byheE95*@Hznx%H=-UTdKp&$J# z?K-4&$c*6CXV#TTQE#I&=;XHbULcX%zTM{t`Pyw4P2I`OZzTB5w}XSE-6;mMj*9C? zdp&Hfw6jYAZ_HIvou)6&Y6?p`LPq>*fCcuHy4`Xjm3_UaGmU(lmHFWVR57<`j~~~r zbf1th(I=YlntHBB8^6Mry$VIvQ^%?-HoR>UZg|^sAy{T zb!Dm%YW=-q_)QGJ*59({0_lc6*csLb^ERACx_2Js_p+x)k79JdT2xh3mOLdZF$oE| zaoO7o0KWleuDWo^ZJl=pVEQOU+&BM-qm(O7Dwx%kp zQ-84{HO*&9p5k09dvm_uOAR2>t|KMP|_}S?o9SBBq;JEe4 zxAiR@*thrTSbBG{_4a$xH*;xh81qu+x4a=GaNC>N2OE zI;TWthw^J`d1%vghP*6oZvY~HgsvgOiPxj6ZB#O0L;nw5kjdw|#e(MtlZq9=I^I<6$ z_ntKF&U1u>hS=@*4bOtC1itQTe`{8ign17}ZuaIay4>3@KFQQ7Ey)#y2H}@0r?a{B z!}rzUm#Z1$3ec@7MUf5EQ{~LY8pHA4(v%7dDzw!=q*Y`66f`k-nx;}O3W*HkNGA)w zAg535qlI3Kq4>fsH;@mhI{PbOFstY8FfY`Mi3LjR>r#A3je>;SyG2iUqXnl{8d46{ z%cWS+H@}9S)^W|z87R80#1^odqZG;bj&=f1kp|GN`4P3ZlYM8VOUidPno~2rFfA?Z zn&s$}x`{|Y^Nk0;f0lUHb84jIf?JoqAIR3-@G`FSVT;cE^Zrbtv(r|SRATw;NDAF- zXDC}&;lW&IwB7Zytmi&FJ2hK5hz%JQ=q#I;UjKQuRxi^%BZ5`>1G*zV&Z+VgllaVw zCRPwM3>-+I`hDe8^s>wPY^NEVfzFqfs07g|K5(jY`fia{Jsr_|9nP}*DlY2_TWR2S zXN0_rohG4!GUE29BpLW7Q7($(U253L`C+dRJN_g{jVl(mUi(A^Kc+AC*HnI{E3a5Vp=i(oF4!v0$ z-O1El)&~8L!X)qx^y^F|Ndvhd;6uN*No0{O^?pVVrKL+EmCDN_t&C zK5I&SeZfw0BNpW9Na}!Bto!xodQZL)eZ$zD)KF;%?1WT4WE z7f5?ob?lv)C0G62y9zsW-*N+}l&Xl1VuU;sO;im zq9J#h$Xig_MzHRUE!LBqHxq1?P^2QL196?qb}Ki-#Y5-nKMZ?gAKT#UAyEmr{SEDTSs{$Dx%wy zrLkKl>e~onPIA6XNq)6O*L&I2#&c>1^G72_N({TZNk3@s7>HK2qEZidt>n)BsWHgQ z$*II5Z9D&YdH|RA;ZD2`HxWN*a^J55Y3o%@%DWYo=c@Dm_HoU)iF4-XwW2#;zJFDk z0<`-rBf~MypV>;^cGo`w`duD@U-E}5kfM2px-(t<*hNnEB+sDjYy(kau!p5C_^S|d zm8u=dHyra5M4YpK{gOZ0cl1b%9$}i>>6pu!J_13nL74?mA6jttMbaKWZ2*FJ4KGL} z_2y~uOQ~{cCjT9nx{=C2=dH0k1<69yJyrTArpAE$rMzU!33-Mw?9dUOovZW^uOm0L zZaaW$egD2!jy`^J>nGpYBT-ozTuEm!P$o_jT}py3(ejOB5z8O$VdC>%pMkF1t_`NA zr{@Zj#(2TsCj)}!d&OYM_kNEv08_F232-G_RaMnqdHIA(HnU#e+gj+)d+S-WS!8=T z5wo?wZqo|rt3GH?Aq=3H*2rithn{9jOvcBLTBwS=WKPZGLS;YsjNDG`ut@oLz&3h| zDRjId?6QskAe=EU$ zF#B9uS+*49rol75>F3z++TMfq>|+|ZRv<*~3}BNXcE za%rY?B~`AX{K*FGAL;coivt1!aE=YUsG90p=>6qp;$t5;kmKfw3@m1fZ3!a1K!oe_ zql=VL16*Y-DrNKdP^7C)g=#eSJE)WwOK5MV=$V0uqWkZ_V3bO331O8ah?4hQ)}o0AB!1-D$sEsw%46IhXQE|bsy_h z8=N}DCakhrzprG0F1gEbh?-EWcwIExP`sn5`CSt=NspIXMOQvG=VhEguG0D};O;8Z zX|38!4X0C#KMYTt3(7-xB;-MR6X)Qs99#YR(4k#X>m@|s7NO60Z_GG`hrUpQMcUdS z&oX#hRYfAlu&L%e3wQ*BEW)o!XL`c{b`5XC$zaXyG~3rq9S%8S2E4*3XT6Orc-h_iwJc=qL0B66by zt-k7c93gx%s5muC4Y9;!GkB*MrfL3hDe}KMhtn`fx_9T!tLntV2*k5Ii~2efVhOaj zD{+c2+H+|14BdZf{O8}RHGPW7y@x)#C1o8J7mT*Ol0i5-GYYQ`sXJ& zLRmsj$>W~#9KA0Kg|t+NN76n78E&o)HJhf2^0udjnZg_-A}0dDeF0nbP4|Mr6W2qC zN4_<@X=lInn0Gm_$e2M9-Fynm7>u#NqF!%{;@5VBH4Uf{2L}g4oMEkRP2HNCwf~mnW@^!-%uyRm^d$T~+2TM4ta{2|%PAHqJ(yUC zWd|dp&jM`*gGPyz#ej=%55p-Ghn4bc6qjZ$^g`@ORX7X=Q%H%57(3qE5~69zs~(QgLg`qi*dnM-L{`Gi(pPcAroCNubH} zqF=2KhY1>cu$M6zFb|P)CtldN#5SDW4qR(^6#fIv>I89@l%U@uG?Z=)FkoMrLNGgW z7=2KC-^vPS+s0U6QEv|JP82)LNI4nT2h~zK>o6svL+-;G-o5)1MRbSS?FS5M;T-#g z+v2Y)Q`!{KJi4XO8ikn>B=pX`_PrSquDXgL=j$iEKS*p2JUYX$-K04=OjkR-uTTUw zVkda#929T*2OqZPJ#^sJ`VL2fJ32#|Ptt=K9`JRiVF0firi4ntaNpYA=7j_rB=ny9X@=Rn}Z|sp7d!1wpRg@tFl&t~T;G8K zDOgP^grPR*G#gRe@PL5*>8D|@UiE-i4jmExxOo6%Wf;MF!%pd;QRYHmwu$WC&xAXI zSPBZI*FDbFH-d}vVP?L}v0Bb_-dZc4uYAZa59Tstp^agV@$576o?$!q9lB7nsxc)@ znM|OVm{*k}R4`!ZXF$@aUJSOI>PTIjn@~X_wZV=|A|E|`c>4G9n5w2G9L6?^cnER! zR0Q!Av6uErQpGQVEcfYnf1Qjcr@~N~V24u1FF--D+Z>LDHk)))s)`Qe4MmQJvihmO zr43;x*Vno=)iAtz*=aB@M23Bjij0f|KLFbI5>r(an;1-C>vG~cIDBU1{D>Q!%aE?J zW>1P74JJRIF#ojCmz4UFwr%GvJ(=x@0L*Mw#P?Z@wtW9)be{@wW5`z@@NP(Y008~S zm_Aj*uqNZM><)|cR%h7&o72`#Wx6nocWOY%rijrnf883r6u^W)q`3l4f)}QkXlO?9 z#L%bzF{y=BR)2o`_JX%KEajwOeNbR|SrdiPK1uw)p|pRz@c-uE>c7QY|8g-)wBS>L zWrBq{2ye|ei~~$S=tD;7=<3Rvh4sO3?TyR-(D*u`EP+&4*S~r5Nfy2(23#->E-o?* zR6(x(ahW3$Zc*!4nPdO^$J8{u0s@6M=3g;O>ZrwD>zwJ%A{iu>yFH~3eg6DdWN(xS zOnL&8#t3gbevJ_a?-Z2H-|ed20u#}|ZBH295*VI;b@93q&Y{l${J$04J`CWii!QP4?5ZO?r$(kiB|GkzkU%!&NG{8%sEe*Q+ zFdN1K`zJi0%)6Ubb|SGnl%D3M>b~m>8bsJffn@2blUFFVeO$XO&Dm;F%7na|OP!3n z(}l}PgBN7E5x=N_SqNLJQzbICAKnW-?SRj%0MC*OKazzx=_%GS6H+ za)CK<7;lz>NlMCx$qv%)&1*#@_;4^7-<}?Re+wb*>{%psl4W(Q*|&{uAH-t&WA?v=v{& zcZ2*wST{N~{t6-q^kFBV@`;sZVwNL6mop0NN>=v^v2?=!0be$7r7yP_jV}^vA;Dwv zNK)?(<)dHQUm1=`S>F3@#&noG7Rtvrn|T4*6&pAEuy>MOG~%RQUM`2;_ofeY!o9#H zlS>1S+%1CdwO#n5;Lnn=wY|dYxkl|4sd5HJ+9O`!Z&~8T{76ip*?kX+q=KZ>)$}DlqJ{YtWzT%CHc-@h^F&XwqL7BPbd=7K0a0WaQ^Y?tk`~9N=w!$BS8G`QMxdr$LE-b2t>%#%W_(seL=!tTXc^nLKagFMD4z zlY8ebF0`dfpqj# zIufn3UnjM+={Gwh!Hyr36PqcDwcK_amPB?Hb=wW3zJ9;MWNRkCJ6O0Kb7-x5-$NYd z43ulGWJZ+m-^w*V5Hs)IQ6^`;wlc2VOlm#K&~35EgXOjKLZ!O?sGMu=R~B)&r=Mwt zD|Os7B5<3Sj?lJHd zo6^sJp)P9%U+_?TqHP6V>p+E^;8J%lg@P9 zfyN<~)ky5p1Ck2@K^si0zvjAoHHHIuU5s;Pa3XKPc}PNGzizgh_j~0q+|{qaeVfPd jc}E&98T}_wS!*;z}qe|LCHi z+%bQE3eGr*@Q8r_{NwmqM&$uGydIc*0skg)lF)EchL}0I8akMwnA<^YO_?2y9ZXH_ z94#PD2ltx5kDj5(h`&;COWK`xb$dFF=sG&z&$jiT_8<1dkjOlz{i1}2{^ErTc3t{= zJXVGWE=9Wa43B#8u(Mph>4kiejv7{$q0WT3`1*>UNl6>xDjmT*$WsFQllWot{N}wr zuInLb?rvx#R7yV~8-tWWLiMF>Pq1%~2&;CD={sNk9y+1loqnGNf6=48sr~Q#_j@$D z;(w3c50NZXe~-17G6a9Gk8t=mGx+cI()@3KNr>kq8@2`5UmPywyLkV;-oY81&U|D6 zU-(25ih>;c~=TX^}^?rly|VOu*f|&Dc1*+WtEh0EG;eP9EXHY4i=iG z1Ol-r1}~0QG^^~$h=_<*S62_mlodzvR2fllaBe)3#6_^-u{iWxYD?agxkH%k20+&3mF` zIgW8?=mC>-S6-OO8|3K{|B~po38A>TjmscBy>+$zsXgl3O5d>;FVbt!X!PQLnTx~f zUovfDv(T7awctbYsinExax{+15(l=2<$6aSneGl-XVNNvkTD|t=FKA%wK z@>)2VXudz30+VJoHrYx3Nr6?hA=gvg@Qi*l&QEAqW($qpr2Gz<{UQtBD8<+aAET7p zOh;DQ&f?(XqrUuvicvgm^Zfa9oyrt!YRM^F&b^t66|f#C?d|QwzDS?_CZtbNax#0o z+yxwti;LU#;T~EXo8eu_3~Y0Ab8`1p>=;&k1s4~Wpb5%92Fni2J`aW3JseB77nKmH zAU<~LVt85*s_A@9iXjRe3Qo-E>8-G5;3f$km)zk;vpCyI<$|9m;*-izal?^adY1T$ zW=P+6r{6zM+t7k3&X5X^Ssuk7oSd9Q_(t`7&M`-HC5K2-;|H&mo?cvD;?>I8*f8C> zbB9k*aD$No7xzJ?G`+)&EGt#`f*==YN>+(G?Wj1KS-p1|y=Q zB@7G*H7;$S)VTf8=^2?W@Bke> z#7xj7vh9uhDIV|l8<+470Umm8_ZWz*dQ18XjJtGu zONO$JRnVopGcq9_*o-?LL)}&| z0x-$m*x9l0&b_~fOQ&E0+*m#0YUeQ#$3N=o>V*wwS}E@9@x7SpzxO~MzZmQglZK@K z)hfm2Y>ndsEUcnkw!8-5500*Oiejg=!~bmjJdQvLR;z_V4B!2EiK3MGVCKnMRoTGa z=GEzn90kha3<_puw7I#t7Z(>QE-(K0OuTe)4;&iZq@*N`YnW2NJm2S` zrX+0xg!8?t5|06ayLay%%b%Z|Ebbq<{>pOfs`rqi<$=t1dLHMd)TVgUfF0 z3Gh88tL%Cy{E5}oZk~@_LrMDdeI=C2%pPPwh=anzu@36b?})PM>P5;w`!hdO%iq9Q zAEVw2j%8X29ui^V+T!qipnc@4A^L3+9cz^7O3?8vq%_7KVGr9<6 zx;A7-DQY@I4Y*+T`W-8F<(EDl_(-P}ix3 z4Rw^OlkJ{5$l&@!$qFo*%;Clv*tY}B)^#RISm~4~RI(H5f{u=lcxh&)mS$>4Cj1pI zf8twGl2Xe^(4XmjS_sw@B{MVgiTf_!-pso1T#ictTPa7`m(XCwV!5!6)`W_k5)Fqt z#aabk*IOGWyA#~34>GVJtVLeNEvp(#yO*a`eVvYz$;OxaaEjfB1b(L^y!N{nM|VG6 zR@#k6x*}j{I4t8KsYR^kP|lR_1z!SQ-pRYLR1YH@Wm-{rShhSPrNEysAJH1kw{^Gp z{fLodC}9F*rW;#K^I}C2a}pbmO#bbAs9%CwesolhBInte_8U^!RH(3Km5=d1?#sBdxI7Z0)CHu=oo4T{Z4iEB?bw%ge1QJ$_eHm8xK|FdF| z`a$HZwFa|i$#Op1_H*;|GKz{_7F@r|w0WV(!zilQt%WLHF$n3$*c@|cteF_JnwdZd zv1&pqeEdw5=^}u_SF0CGlx6+;vb?VoN3D#OqW)a%!Tvr>VXWhYA(7RU^M$n!LE*=TpU&+!;%42~YjS^TRAiTmJ^eEYJvk~e1c?KkU&pP9 zge*|deKq9H3zMfS9dmAu(q!e~la8zF>m0UM`Oj%-?<_7axAN-yn6XBsM6~p4LYB9- zTDlFz;?Ku7ZdZ#*x3P3e<0lVeRcJ$BTD2n+KALEniUb%AyHD#qFZK=Un49u%C`go) z6e0iU{7E$zi@&CP|NHh4m7jztqP^RY_b!`NI~&}uI`;VVG)+5pP|nvmMtJG&6O|0f zw6&pB#g%->I;YE=u#g*4cpqhoWkp`;x2Wy)IdM`ljW z%KpCIzjN98mG5Ccu(K}yQPPzl7gRvL;w`lrsO`o4d*e*$EQQ*aP`_G8{n?{nUp+08 zc(4p}^8=Sqm$5P_Uabn74>Y_7_L%||)+1TUQjbwTHORqTY%Or1U+)uPciQ;Q(W5F`P5@#w30nge{w7bjXPyP!4LKy;SC2HKefxK#Gqu=VR@B4 z#m(i>77-E3E)s?!=(2CLu4%7F#hE59?1LrFfd64 z+DRZyt~3;ie`ZrWbL{azo8V^5ort~*mwnRKwl+q=$A1heSF&*Pi0aS(gTy=Oe>1`U zbK^|X7h8W#f=UVV|6u<9|Nq-JgRCyKvKRApW?q?w!=GsSchto8wOf^fjDn~U3;U9+-3*&LzTkdTyIhr>bIbieoF>Wblyc_>NHgG{XhkNaY0wI|AQwvw55-U%0^ z{>Ia#rb+ycsAbb~Wo84_H)pe3b2Xgb&N~qKMU6)1`}5CfXqFBR6uZL6Y7QFV4<0_G zkJ8YpwCR~DG1dgQqA!+pqdS5+NzfHjQBe`tHIb-~P=QtjL+Sq1l*al{>d@KVY*0{8 zi&X{AlP52O@tFw)U6=+Ed56>yi!Gn}6M4hGe0c!C5PRYPm(|#pouZ}`61(a<86z6$ zL(W-8e^8~)8ySKKtKE~WQMm-Jhu}f93Q5uf3EUu6HCgEl6*_9il}qHoD4Xu@V{PjH z@h*dq-{HBQo?a4IrJ}~GuXX#i!H~vFR9{~tV;BuBZGd^Icg&9;FC;^WJH)VrKL-b+ zzkB!Y`WiMg=epos4`#t>cdDehbZ4T#c&6OaX@4%>^PnMCzNv>g_YMxrwL67vZEYFt zeVtuh1hw9OOu*_EHQcA;o0d0x-5lGSE29`WN@A7R;da?w2v} zm2lBG0cQr~Y&k1*oLu;LzsaYJ|}VLoG%gV9KmzG%ohLXrt*{}{AppaxSHc8;=r{S)boyoyb6d5CkqJ)Kxk7?s z_vY((rwzZz=7%pT{LEVA&7-4b!|rKmX(;88g~sl+w$|1!!NH7C8VNkM zZ$d!=oTOi*C;aRnA`M+3Rb-&i8%`+fQ7*Q_=W+4^7`yRmcSJ|b&R8yPh4rM_c%CZe zIC@ra)6b{l0c#aWzu#Wv@$FVGK@W;<1%U0|6GB1_6Cwfvg3_|GzUMJB71jiT3q3s# zGe+Vd-thB-uJQ5lr8;g*a-lDYi6p>x)Z0u?6lgmhF1`xf_W#wPul9yBr7xO^?zcb3 z6T7we{(*tLQd5@a`d^h2O2i+nZ2nt8P{ay&2vJc{Ioc?(K0P;BBsGNg(c{O@>FImY zJkp$wVsAar?NO)zI2;vY)K6)pV#SQ|On^+G(Hb=2;7>YvVd;>`QDtgLj_cs;%$ix!}sqC`FMT;6|qF z-8sQNO9!-)iMhGs*{&v-_3E=3>s#-Ka!Vb=o2M-K6X+R$S9wgz_YG|CU%!4$HF)xZ z6B&Tw5V|=TjlS-AlbtE^6p$OYi>7o6oGewe9dN_I=29R{H!)REkKl_7Hvo_hVXzGF zs-Hi9US$+DYJYI+LxHd9vMy?n^zsriD~kv06KpdhoWt#K5eG|7d)g`IxAW^B?-~}W z7wduMGaO@`?9K6i4h)Rl5r|>d?%bU&(`@qbt|^qt%Qo%`EAcqB3hZ0(*eP)H^o%tY z|7}PPS$X}*EVNNUE%)F!q$;1Ls@-CkT(A2AyT_mL@TlphBU=DWv-rJq&VQaLJ+7Xf zDQn;-nk=X%R#5yFL`RT#n=c?f?aq}DLtmqjwy2Q2gbK1 zVi)okR+9!svh162zIyfHy4u7&!ZbiKj0Q4FCJ;9*xc)J1A7boZpI!jt*@x zXl|QNhFMzPU-$I%jEG4wRQ!QrVrFXCGtkjDI*K4vl9bH$ZX7ooi2X)CSTm*q4E*8a z!ws9)RHxfxv;wq+-N(RdHkW5+K7}KNg@xG&F+xZjgS``aOqMT#qA)wCf7>$^l>)}EnWsW3v}*VUmT&P>SnyffkSP z)>rN%A@A(w`u6tctyTdu6rxu1rJ5zq$+E(VI@g-D&W$m)g099DGi-_TY{Vg%Sp^{AkG8@*jqYc({#nav0-6pWgWKyAP0#R0d`31fC8sxrU@v0V| z`}Sk-jtpflm6eA$9j2Z*I5+@y;yEo%iA$T=Ano%~yA}Ma(|v`Vn1Nyq2Y#p37tYp` z43&*pj1$B8o&>ZZB%ekso^et~sqXOHI@CXhY3r>Q+)BC3eW@$x+-&1wJQ}mNx~joO z99j+;O(-sYi_fb0ZhEOlw7JT0W7B!?&(D;o!a_~7d#-P8_!7T~D};5342<@D`u^Q9 zn(+UAzY$WO`X3y&)0I(;4aejZrCKnkhtsyxQ|-!wy#JhxxcDPg=13Nq9(pF7`ttt@ zDA?Hc8WqyND<#t7PFE+EAoeo~hU9+*2_?t?kxCD+v2)4)z_JLXzQMuHfq~EjZfiA{ z7wY~X|K#B0{EY+YsmG0;>E5n&ZteH?^nx=nR8;B&f8#i??*Hww%b%U_e-ssdPgFN+ z9Nf_N(VaF_L7!1mRbDMwc}(U^LKGh#P4?yva#aMTh}Z?;uQKnr24VGXzVe8XQ-7nc z2G;jeB!?qkMx0^1{-AMV_CETaZ(VJz5+~PZmgGXysnAJdoBn zB~z%^hWG2&A8T%665o^;=Dh#~1yAxM@h;3g_ru1A_tyz3z2B4$^jd32XV2%M=Z|-8 zSL|q38B*scq*4kBl7Per1f*4j=YDHPM@^}ilZN4*6Zf8|M9m4`+Sb;q6-f*t&shs% zUMmgyl9PkkL>a6FeT#S*MWMbUT)N9iM@2{5z%xAJ1<^For{+fyPeqWzALiM&lH{uv zcg)g*ni$W^ADZYeB6~55v}zKQIUYQR+`Ls^302*|k&)2wLUk zQ`fDzTiy?cRUOZEwhcq7loOMlzcNSm_O%IFq@7rMn+A!!07S_ObA z!j}ps+n7j{!iLt;3@RvyceOiQ$*EMpf4$WZ)Rl)T+9&W>wwLEd^$b)v@KAm@Ah>BS z-{N#f&QBhl+Fui@;%|=^v}F%yS9{KB2nhoW0bd!qmzkN=He2T~vzq#gg2nV+Co_M` zkZ%@SjUyZD=>wYPfuQd{br5`sujGfeD~i-B^Y^A6j-LyiZ(Bo_cURjT6-C3EQYnID zdI0D0(x3Dkk=qs3yWU;X`11i%%l6-i^c6Rlg{L zygC2Nh(+`6I;!8aO}3{23JC5Sxjo3`D1QCJ{;2SoK18_*KcI#clpHv?#l&jX)+3yD zem(S4T=#0}9p3?Uq-)|50>2vMP25G-2%G83WNvF-w%yL1 zJ=mjJ5n)d!)A5AU`<2rnnh?N^OM!~wS|Eil>SF$oD1(!>rei@p9MNSnTN0dO-O=W*Ms^;HSvluZh-uPl*=1;7zY*2Q0YoXQ6LTXV<$@ zV;l|-_3Ll09)J8~HI;*ghBi_uZw+54>i23G-oxlPckiyNv)r#g(5UjkwcOg`veHO> zbq`MPWzFHVo&)Bbz-`;Q#rf{K1gYpypl0FUIctH%bSXarE%(JPf4`_ zgB3VoH@8(9K2WK0yN*C35?*HkQ}(4WS@3SL$@H5TChb=?Izl2M(39hjbC3)o^IsO^ugqtbn5<$!@Biog^u56`FT)~ z3}6ZT;0HB*2OLqOL%SI6 zdL0VJqLq!pMy`7~|7ih)u~lm!+DtX10$!gjkqL66w4rx?yrce>El<40=t{G(y}XX+ zGVl(2PZv)$%hB7=6u8U>kom9n#*jXOp|)@li6L^`nzif*f1g71g**Lrb^sC_o!~}Q zo9@nEpTR{u&Uf{8Pv6;lFOAUAjh3`=ht%w?d+pRAm%6HbhF=EEyLo>=sK(4z|A>=K z=h_&RwS|_3Vu@ZR#p=0*Nn((EuRdVhqH>6Kw6`}L`;u0F0}V7WGh13;@4fZMl}30& z!mxjwttOYxMbBVhTQ9C{$++#r%<&ou0gg2!q~EJb(8I%H_;SYD?GRdbcz9?qP>WH2 zIS4PeoX=}6YL9)x?;1u_1~r)(>-k(|C!?iB3_qiI_MGoWQq{{IvQVMUv^FWX^&lyG zN5>Ul>hD*+wGf876YNOXrq0dH-5q^)kj~5XJZ@_=dr`07SWh;lXcby_u$of0|6GtR zaj5AcVT;oYmRexC4uu`+ajOig&)47Nz1#l+8tBO~m$dmI!B@M;=JZDVEEw3u{6El?Ja z#c@l#m?aCgF>&A92j`m{4nEs6>6G&=aDu(0fY35P!Mxd&yssfV)YG!NO&i(p_!me{Z z`8Tzk$5ZwS$s%H@dctIgB!WS60;I;fsne0Qt5!cBZ;g{t9J{7dTF+!OOmZp~1XF{j zGwZqS?k2aBjPAadM@e$s*i$-aZLu4 zD+krd0QW7eu8PAeZ8zs~sjVj=OqJwVuC5+un*p)01i(Yxxw$eZ)8xm+TYF2YmXDXw z17b{jUtciram&lg4p|gM{Wl=2kQG`gzVs7q@N}VLr;itIlKfuV_;c4L#b^25_C&6H zDDel080(o#_DL+_FLiZ9`V$5x7_-}TPv%m zXAO=b*X9H~o(?2(cXV{b;}0aVdu@L6au%#T_*`XW+GKt2U;PDWdwXYu!+ug*YF#E= zTh*>DJu}CgZ6mno=;$b0w~hzJtImM(Hp|$X2{3kX%y@OqT>xtph*r-uZ>D9;gi^aB0do;~k5Cv#L&gY!b?2nGb zcjwj9f193W0gnsvibM<*tKEXjh$Ft*?j-=ad=^b_3%9-7jr_%e;+^v1k@ka$zCr;T ziJp5%mKej5qrGB}^1LNUvV;1e<6kj^+0Iy|2Hvbfx*_El9I)wA=gak>=V4hUu`jX_ zr}Z_BX}l;3l5S=C%wahuC082I#w6=|bQyP|?%eICmE<|<*mYV9{~F^TNh(M-f575u z!&n#|y>V2QcW&!vp5pZ#K!<}^(kV? zw^?r}!I@-htmK{u6zX5t#8g$1F*!`L_I8$Nv8n;?1{bB^Sewq-bmxQCM1gw64 z>N8y$x{>037sb_;Q@GZ7X(NmAjqo?K#0h452ZoFMiLC80%)axgy1Mwqe~FWVzOE;n z*~(VfNzK&dRfUdQb(ob!B=1edX316oYkbDd9X&RtlE5{HT+38Qo}tOx_?W;g2D{l? zk8wrFD$24RQ>`h{OfTelkm&6WFEtTz?(6+jV+0w7Q~epSS;H}o880tj)1>9zFdWjb zAEft-uO8w4qkk;>E1DGe?U_v91t_SEezl&d>M-gt1s*{NK9=Dh{!HPJ8nA{*#w zp7X_Vnx|KG=J5vr)+^2}!R3n*qn#>4)uMsh>O~HI>2I>_c@o))6tr zraSRmoy@`!5WR(3Jw6hoZ_w&bo%F$t_qG;@x|W&yiT3Qo7tB1#S0Z7)^ftSx$U;0; z0%{B|UHSy>-WEf+m7Vr(vRR=0d*U|}I0;r&x6 zJas$`at{z)uo=eDFG4O!rzAd0TRq5hunUE*4uQC2RcEB8_WA6;RA7ShzHVH}#?Q}f zjubFjPugaB&+<&!@bK6|d*igF2ZMv1E2N*k5PTP>7TRB2@C>t0<|LDKpMJ(k6E&l3UTxOm)SwmTV$6zFIZRx|G7W@ zo98lv5N?kAE>$D9ZH`uS&*)br_ov^4j3TxPwM&3BGzblc?p6$T60Iuf9Nvqa&SKdp=`?bm>?{eplrsb z1GCt(CU~nqq@JCOW%AY`g2ejh{CowFFCc^5D_vuqhlbhRd%+i10+XN{jvRB$`lK9V z=9}MZ>sA6H%yd)&g%?-g?ye2cGof@N;7R&Zjc>n4mdm~?q~P*HqZ585XG0noe(fI~ z&dZ!YK$_S);?mR0P_4hN6ZynGvp?(Wj=F*ZEr?Pb%c-$PQ`A^@ifuX=Je+onSe3`& zUxIsH>Ou&7g8K}_arNOR!%b*I!g}4h3@L+`keR{q)zjq2lQeV=riqWE4v!T21}mnU zXhR@-Lz`xe*9UJoiVnW4Wetq{Y^;d5DNO8L-7G144xe8Ovz0h4K@abbp1k!~d%@g4 z^us}5V!z5>5;|@#W74dQOqs8{tL{?h;zXh%?y26f=TnmBP{`WbjPQ0x`1?l1#B?6v z=19v6D^9YI1?#T2){NWm5V&2o-H+9y;GZEtJ=tl?FKTGHcMk0c)AeLa94NQO)!XGT ztq3J+2w>>Ib#=EUbLb$09(ban`f7!G z+Q(R`3QRFNF-1CU1sPID(8QvneG*Rh^U(Nuj7Jw3uf!+n$n zpQ?k1V##?W<<62>Phmyo5>hvvzLy}s2S_T$8Bl-h{1 zyK=??_xrhN`|P;*70tuwwxIh5#ZZFOh=YSo7(c0EPcQF!NL^WkeZlp#a3c|A%AnV= z_Ul|DR;(~mLD{keyqsbYHSDgTJZKf`+S-}~;BP^4qHDHcB~|%KqTE$gb$swtBHD5$ z6B}UMsakJ>CYx!=$w9I`*4`Jrz^S}@7~9G>L(r;S1!($UvbwWk!xgiu^DSEn$hs0< zLuj9JlSo6g?a2#NjNKssQX^whko8KDjrxW%vGpeEP>G&3)X!YkH}DT7kM&Zuu+0W8 zc)dLZMT#S&-AlA=O-#(dFBDXq9_LRMZj|JtcG>W78eVHWV}%KMj6G=7ua2wO;f+X& zd~IZeQ+Fo*e)AC9Q#Xy0l9bOW4zQGfNz2711WA^`&RMbsQ%#bPb3(YtC8@c2SLro? zfq>DE29fQj8p*qn5s*S-utlM zoi_SrxhNxo3E@tZyD=0M7uOD_@P1<<&1TyQgR+fe%1~Dx%ynGCEK!n#6AdT^Za&Hy zqp-|E$J1?*QJUw6v7Z zZIcbXQD0@*gVesJ5eJBIg3hY8hXeeN&S5JbJolG_YhZlNS3uwLAyEp`9N~%%q*@IC zL;-cyLnwR^7dRWG&1cT0<1AvR7$#d^RlyWwch}toNTJ)f>(;%3H^8Ovjd4Z7*bTYG z_TZ%%rf;m~1LVuCMnZVan_BxuvmIucGj@mK)MG_BvSc5edh2eUjK30@Pi&6JWWwQa z;E#zMNQpb?V}YQg?BMjvYNubtDSY4zCSp|otv2pM{RVU%}|!d@)3%ZQ!-;g z$r)T@vzC(ka7AUr>E>-t8Wax}Cw5@IPvO_tLMX`6z6hkYRiQl%LDF>P6jViPN5q7dW zog7NSW5}Gj;=K2Zh>p%2$Xp57t* z#(Bq5B3G01d)1A30YW zB$nC~Md*O;+z-VU%$KSiUF5F|_pL_(kI5~N_u)nWsTf0Dk!4LHwZ(hNQ{|CyCxS&^!v)Go-+vR)*sknKrd|a3wOwfi}>jDbSaFzisNQn^Gx7T@KWiX zF2+n}Tid5ea|QFI^i+-FLn$NU6`<1wDwN?I_3*nzA`RcEy%FmXZMW6LtB`4+8B?xO zAlt9mQP4}d^a$FvZ(qB5^ER|Oat|{8FGlb$AP1}5pXwliAOk1O8~eYt+_QIaF&gyU zz#+r^RHY8xVeEqHoxpa1qXxJuya*_@1@x^cKJ6=oRrU>&6aq@_2i3W$RNr@%_ir)Q zz2TyjdsC*VYDIQr9%jd#!$W881GDhF#tI7iFJLj3pn(N0xg}R4VJGN-f6xIdi}_KPpvAOcLp{UvZ|{* zjf>s-5p&-9h$?YiQHy6-bDrwC+jVgOo|~t7eV0m2>ce!=Pa2vRA8nJ*N_p#>v9v#c&|!LPQ<|1XlsosL*@7}w8I`a2A8d zGxiu`t#=Ze2iy%1OrG=$ja-YagaZ;=VT69u!EyTL`W3x1%!HvT2F zPk)C`Df{^?zyvjNr5qP#I2UM=0X2ixMo|RQsPj#f%2Hyw#3}M& z*Y6)5$<~6f{i{k5^6Vh`C%&v5l#kVyPEAho9{w|S{-8o#0b@2ozSsmU76@ypmcvqd zaPmk-fO3-_SxS;nG$@_!lk*1TkSBJJ#p>NT*0Zj#xqO4*d;b8`JpkK+Es0t8fwk$f zvfFu%$K&Zx6I*iJ6kn~&es@&3{OaLSQ{3@#UuKHv(B`|gc%X|FI_rnskC9i9S+aS3 z7eM5-zz$IYCC?-FCgc$*s2*M#BU3N;t>|sE3_C*`qAf?w9d_GgfMa(zUhlhQY3Dtu zP~5gl0;e0Tu~-|0q5zPt7xqLg>i38eJwwWX3?QUnXXg2_g&L+!f@ZLZy|DuAy5U#;wmc-9W(^(9J`M3V+p?gj zHY@TZC4*f*=robX5zG<_PE=&j6kJdq>El}mN-~yFoj_8J>IbAKKC|a&@`w}&R{~o? z2*`bmN;JNF{W`&F1FUP!X6%rpCRU4MaGZkM)WJCyEY%1%FHZo719`un_g|8R5 ziY!)n`|>@7MSlq!M7~f~Q^Pkqum2!1k094MT<&VOQDdyBaW8Ta!o}-A;v>4X%k)gU z3g>U39<{&FYZ{<2;7;JU%;lh0Rstd(d)K+nYC$_jSS>QwhcuU6RXo$E0oK{yi}|Ye zRTix-iku{M4XRjt=z>yQXksNBq~&#egHSyC&3#aKpV}Zo_%NS-Mx&q<7S3oc1;k!G zhb=?u&`m%U5{3=*VLHC^C<3nAZ+8V8AGtGaw>ftSPXO|rvj}KRd`rJX~Obm|?(z0pU5CFn zNu%B3%Mi(XjB16Yz7G#TBEeF~@>8#F5aF>2ZSXX5;oL~1RRx8Bc_N`=QO*UoKmZbf zlLNpfp8w{)o`*AjU^r>P?vuU_p#OM6POkU6MM;G}A|isz;@?;1eUX*9U%JOLULQDV z)>x^2u(X~mVr8>!3y{ad4*UK(R)K7~*b*He%a_m<&094A{TeC23elv=e?}@j{w~+J zR{GTO_{35GA#8^3H$4yvTCJ8>);dzrFx4EK{+f zRDyJYAQ1F8B0Yl2%TI3Q18?Nye(pX23-@LKh*e9)s<+2}yc3&51KN+EM`WWCnYF*- z{&w3cDS6cYR#Aeh|BtFW{=VDqp4~qt^#9rIqZ6F$UC;l0^-0ocb2x}rK5=PpMLT|p z&APK`YqrijtMk7;E_Jk=uX<@^!JI8El>eXwf~FdIBc;3V-sKz}oo2}=o|$ZzV3Xj= z+sJW&MqJZcJJ8H%N6i1dFj)Xch5B26Ka)a|P)F=S{|49=_j{ZE2PVV64X}sjFw+r5 z*}k8DJr#DY2LsdA^2&~EvcT!#Io9g+rDJ=iBn*Cly=t<7@&wNrHR|ZuhgYwFwo|Ff z&Kp$nm-@Gq+dDe+j;@4-=0H$v;!jNh5}N+C_S{i7H@D$hRdgV!d!%dD#+u0Qvb>5{ z1UCW*M#^Nh#6zc@xgZuYK{i0yRN5_o zeAVYQvax}P`x^D5)z~u{?&t#TD%doEzW&Gt-e1Swt7<4iU`}Ta8YV4gv&q=)+1n+h zqSU01JH`h>zb(G~DE1nN{oVTn>U8XXWtpEBdYyIXc(!J7Nrn?E02<59;aKI@C?^2B zgee|2RLc4u9eQSSQ`+%7-n3l`N$m?mvAkxD{h<6i)j;?0Tr>r=$%^{!B1aK!@BW|C zELVwC)xT59pzj|J3NP!D^8%+ov~$Qo2W5MwxZ|0PP-A1`KY?RFP7~|6p~UBX_1wOM z-DwB9^L27-XXR61pl69|g-+Org$YQU+>MT#K;nenJm-#naa@LV2s@>r=O^+zO++9g zGTSpvsLl`yqmmfY4Rq;WJmd-GC4tVXM1x6OLSpvd=bu@^j@Zs`jbb5y9Ur%XDxzd) z;-MiO& zGO?SR*DFINrly82yabvD@jqVNDukd3rwoEFduBbQ(WLyun%jJT8luEAt$vJU_H}@^ z4DD47R&@q`8vma^Z)w-($5Tg2&oj^G7bxa_{)3|=J+yHuBvf2xZZ_D@4>LUzG&h?9K3LzY z;m7OKzx{R*Gc6jUct0@j-@m^*RgnnF7!diC@9JK!sivp-oiKNuB%FaY5r)L>pMC$X z5`!rIsHrGAgfXdW?41(&SHUuO? zjnl>8E}%CvGC5hdh50}8pZRyjj+FxpDVS)CGlD2qsn=1_feK@{!r zMF!T&_Vyb!7yNhcMo2{*p1!!@=a6mG54#h`?@erHXP23kU1IBLQL}xtqG;`QTtdWj zwTxSNP2L)5D(W!$+1m25TMXQoN>TD?CJ~}P0yF<>;+gA20{2e~WAxAO+}S&XK{S{5 zglDTDWg?>;CR|ICr8GVWW*LPy>&=LU@plptILvw%M6X`G;?~9ZW0<*OdA6B-CB{;G zxCF8<6J6Xq-0`$K4cLauEjhI+FrV@A2Hu0WNh=6w>#F`;BJ5nQ@vF1+kQ1lY*0V+E z)F(feJ&UpK@vCG|I&W-zMHngxIyU6y;yK4Px&Jf&H>%V{Aqpa~?P0^BN2j)Lc6jda z2?#80EJXh3mQK&eI1$4AducAr>iO2)4G7KGU_mi2FH*Zu&<83@BP!aIo%f#*S1H$u zX-laa2xD3JbF=gRbnpX7Vs7s_rupCdVAJFNFGXdZ-~Z~fQ~e(wvS9chAF{v$%{l+g z>ZAYBXLsMms`f5Gzm!Z&KeO|nQE@+i@#05z{#%x>>Qor&y20vHN&?_XnJt^3NlIS* zm3ZEC%O^DJ+DCZlZZy9R$Hv`gsA6+wga6)J{QuQhPI@h{E!mjxWp5vpDfhGp+;tl* z)ak#M&b?b6IvVS+{*TE6212k4R^Rw_{`;OTrHJ%W6-d@m~y;Q1jtoy02YdmkAM1f z^R?d>72yt2?1-zZPRZKpYOZwkqDHWDN*%jWO-wSin}S8~{BvRnd=Lej<2e+wuPfDh z8wM~jG3T6CoB_5Vpa3|(%#n`>v~1yfcP&wOvCt!rVT!Q6fY9p_TR2`(-SBWri(56X z*=4UPO^oHlPkL9ynotF@8Dnd6+1Flon{1}qdsVF&3dlhhhVAvmQ3xr2q%Q)NT4Chv zI`2#XdZShf>-O`8kE0?Z!RG~5KqJTm@)HoP-FAI|o}nKW6%yN-fI2=VKgfzM+P`>5 zLcjjy%a|f}jFY{S6VNp*uCGfb)Cp=%YsMjCM_k{(ZyqRM2b}~{(=&#p>=CK4z7ji* zfTM)&I7$!oufkXfKrrJ17dY+VbWfM{bPSeR?i?h6mz3CP&^XW&=JUC3H|^{9*_WY0 z2()vu4pNGWrs6Xv7;_LZRFG3C@!WRAfcBVOXhR}sDEkFOV4z*YZ8bvb_G1L{>O&L86PcoaI3U!^V-ev%~V13)7+`4sUJRk*kZ$D zY;GP{S0@P84oLosEk|huT=(Tb4;VvDCzbmCR!%DI^XH!l^xOcGB&9y%P_*inhv`hC z7Awv!C7y}MJ2J23N>(Sx8Vqyzg&E6=V za5yJh6#2~!-*1Z3UZQs@PEM}Io1+aC4M2W5n_VJ3pBs4`oFOA)r0Dcy2xQI%s>0=eEW_J3E_m8kN8OEJ;YnV@y&$zp5(N0*|^c9Y$&IG9+!L zia!KW_z*_*m?Ss4>}l!f>K3HtM~+zhoVYP!BYdN?09xJrjvRT*20!(R+p~E}$%R^QcyLYx+8-2HLK8Dl03!&Zf=X+}$;E z!bx}wrE5T&Rg4t5`)4vims?{`@wu}6zZiSVsH)m1S{OvdLPSMGNwPQX=oXPYAm#Pb*?q+&8t_{ zP!u^XrKY5BV?fVjyY7x`w!^vxT1SvnsjrNxKeigo)^^=$raswfWlZ|{b9!c`_8ZNc zbTbg`Ih`G%hAQ270*E-~19{da!D^(4!2;Bc;1AV%R6=*mN>2Xgi0%^HHoTETIl9=8 z4WQ*~#l@Tn2?>K$h$?ps@r+#9u)Msy=zEP|*1epQlfz~q3n+u`1bg^#cApYicn5YLgitT3CJnSGE9O7RP27f|EpS4+=#w2B`l zPHQ*V*4MrNcaJ(e+j^+(0o}Pok$QKBJ<|&io-m3_OE4$ro%ID4h{{T)R#t3>UehNt zKL}70a3?-j-k{vP>H{*e?2Qr1i*~F2E;9`S)HHu=hv8MdVIDR%cvzw1g?3{~iMEml$FWFUD_YZdK4=W^gf9lqI%)=7}E(AI{ zIzxzu2?=EiNeaF}L8yi9M1LZV4(Ho(QBjhh?&0F%3geyJfbBp{N%?uPH|5U#``$yQ z^ChU*8PHRs70u`$ILtS|Vk&g`_wrXt$>PlhBIRr?Om}y8v@$ok?BNIJN8nxrF`^y% zL+QN(>B@qZmP~tip#l_alJp%eDqoE%0vLsxDivlyr4H!C&oUHSAD2CwcIoC9CSp zHzR{SHZ~SxVAf4S!gu$aHaOBCM@gx|`I&Bm|Dz{Qu0VTTA>-)yLTA6CrZi|nt*lU@ zoed2QxAE|_Pd6uut#liL$U5PetHZ+OtzPO+^J~+L%x%+@bA4j2+H#xm$6n)7kIuh) zsh_*2zGEQJfL^5w@*cW-tUiW!Hg`7aENiwUfWX)uS@1*H?;a;7=k2&#vRYaM*48#q z_}w+^sC)HAvofVble4Wd0nk$`YipgeQAJ;=&eqo2-ribn-^c8Q3mMPh5pr^K$&rc% zlAvlt$x;+M*ZfJIeWWRpo{rh)*I7Tqa&&T@p495hnQ3H<=sX(pX(I216IQ0oUigjx z!9=bt%hFxJkJ#UgRD(!)I(qa4wmPD+^4uC_+%+l!A^ph+5>x;F&DMQK3F1$BFWR0< zMC7vNS^QUcPDQ(ARB+%m5LqbA48;q2ak?HbF_v#!09ES+w9S~Jrduc&PW8Y;Vd+mq zoS%V985t)c*%>tLz>HuqXbYEYnV+3yf-p4hx-HGZ!on0GWjbCS5vJkn1693BD+!$e+@d9Ti>(v6}*0{?$ z9tnwh(oKke1%YfveZTO~7HSX`^Fa+NwOsBfKt&ygm{$-Jy8>sIAxQ0o2atJ&vgRdo z_b{$qyEa&8Mg*`O==8lYLsYz4IFc@~ay{<2Cs7o4nN<+-sDrBW zV}XQ(7GP1)ZHL_@V+b_V4|x6RShrx}+?<1v#`A+tptqQtqM3LYG`=P$a-Y$p(hzgG zeyOWN+hX0k8JNGZooLi+FgQ4P8xmyYh=}MwE@4wCx=WW1q3(}lGm_Yzr+;^+>-$V& zpf&f=+X$o^1Lf!FXf+i!i-t|V+qd=Q58}2fa62BdvZmEpD_S4-e1^ZwJr2pnIe6!AS_4<*fbL#3cV7h)o)t3~Du78tgaCp+io>Eok7a6MK@4oz{2r@c%d+hR zp(AWWg7-kPd!WvCVe^mn(dVKocL(A(Y~0UHxy(22+CaTjW-M8HP-H6T?oR4+)e0;xlo68< zSK;t}pXYa-bS+ki?p_BKr8PTq@W+qa)E)B|SbeTu9UL0!?y17hP$^_k>`DId<2^~4 zy-n@z%+OI|;k5uqA6YRt47@r%#0=)xIFz6m_1L4B@3%TABF{FisHqcaTUf}x)FF3r za=Msr)UJt*i%;V~#SojGPB&a=Bz>TXKoH#Oidd3F-&v~J!^EsRvv4#~E_y~u z8JaARuGPB!$n~h(g-+uLOIewcI!S2hE4+i#%ge3cxe&pke+@Fy0ou%ZW(`|40xCMl zdl!3>{dOlT&m?Hy2L#|i$7jF^PAUfFwa>L3*Q=^Fyjtr4ggvCCj9c{A4)qg_9{=XyNr!}hnQFjQWtde0qYCW^CM&xhOb*? z?c6tgMB%&ck5y+!tw%%s{h=K(Ja+(?pT+(X6cqHVn?f!Gt*I}yqYa^!Eew?L*cSJb zPg78i+qB*7SNxmiK&mDa%~?~6D{!M49(^<9&rP87FP`!w0?koJ}AR`Nz+7w_RsElE-VPldryKj+P6kClxUy z?(Xzgf)18*6BQ?2b7#Fm1-7gC-hfnn>R?ms0f&9!o5nrxm`ZKi1=EQ{(W1s(wV!j%>SePMyCBUT3s%soB5o0bl!y=D%phtp8~=3y!o%oC6n8$Mlk+hGQmrh~(R zhrkIqG%QY6?{wRjnv20blYaS<9FC1HzF*g&iK!pFdl7e`F>uV~3hudI#|IKZR%1?! z%F`DSg#|uAxMyed-UrJM;jFTKHxUR3naQcpk{>!#Lx*{z-k)eMN~nM{1cxNiMFiMZ zG(y@C2m)3NP4`1e$d?~KoIF`|2TvCrs5{^ki38jbGJrD4?|CLj2KSRqQI!JY`j3~c z1GO?iHjY0`eIIZSrmS6RpM3nX1*gy2Iq;f|&Idm;LIHV$$fJ_3xI* zZzJK`e^{XizwO5D8K#NoJyJKKlDT%te0%lECMXL!2LWB7FM@p6qi^x!!gJ$fK^I zLC3^I5{z-204R~jkQJW@(?@V~ax&>P-6}L6lYlNf;40H_jued->aj#DfT@9ohK8?; zoPJAhkwTV+w3gN+WtJ!@xW9r?i53`wjDoEO0IpEjG(u`s4_hZA=LsigIHX?aOVqWn z=nUW(Z-V<{;BuEZQX4pw^u;A0%YuC3v$0J&1O30bgyF*7zA}}B{SCZC#)$91!7mo} zZY`ro`Hs5|K5}5<50~0e96F)SXF%4LXo4g?IXnLOG|j|qe}0rJUA-)Jg583?A{!&y zamw)GrAz&`&t|WE`usWc@Pl_jy&Y1$5o!mgoo-Q+(xk<8)Jk#zq0M@S@D-DPWeV2Et*Lw1i}QMh zHXE-lQj-TwElf6*e6tDr2F(N^QBkX-9hwJaWg*`qjore-)k>)2oN~}m@86HyIyx?3 zfUiMQb90F)AtWi*gqnx{8213^9Mz`;z;RM(DC&h5L@5*?)JJw+B1Pu0Od^y1>;qI_wf zr_`pz5>GuXUTQ1aRe#HaiN2B2* zrv4M`nZ>R`)x*xte*b(w(k1w)&XgT#i=T9xMnl}~Cm_;x5oko55(t}s*Q;}VcNTXm zbAMg_^+?K1RcMJt{pSBfl)+c%-_KjjG4Q^@5pmL}c}gBC+o&~Ur0LT~N8&*)r_A;j zJ#T?*>T_M45MQ61kTDQkT*EUS4-FGX;X~>VwWTOyJj!IQ;C|FH+pBs7VLGlzz-p%^w+Phq1&8)cmy?ZSI|a&ls6Yx@}Je#w$yxi0(WU`-a3muDlb_(lRA2F{1+ zQ13nw^o_l(4yF)A$0&GDe(1M;2RsE{9L)?nF-b`ZDDGj?y4=ty+qaxLYA zsF2XDd-p`3u!DFA#;n&wMMW{ddaD-x2*9Klv9a^Oq${&@=_%T{>h0URXn+acTs^4c z*o=BU!NponR%7n1PsqaG0Mjrv#OW@q0T$Fs)zkHU%`GhnhMlpt@bx46Pkkm}WPMQ! zaDo9cCJgkYA58m=y6ump!|91l>WG1j?G^d^=eL*t#ZSoT1q7!K_++ z>kIg0?E&TfB{-6m%txAd2L#N42UPVT8558F$`3HH0~g#+fFpc~iwi0$;=lm&-tcyV zmoHx~3>VO%{jNJ>`Ji9k1qf$m$@~N7y%nE|3O<0Qs}Iu#YXIhVae?e2vt?AjryAvkD^-@lt z=H@V!M1{pxlm6Rc3J=il`wQ5VGhhfu0a7}+p$oT&h$P+J`2j+81-K3}7FNd%Ep$!< z4unmeohj(6)d%+ne5ZyNFJE4O^AR+@7$^&{g@5t`R#SMuEJq2PD3icpYM_W2@~g?k zMdkh|dK@u0=fJ5}zxStfn5zRglt2Wtw6m*6B8!e_spp^}wHt%p`hTy>`Vvs0p|29L z>uUighvivI79iNcX=cEqz!)F{teF|`M^&#gxaknUvEcQ}*oM9{W|&3tmo5ikj?GwvLtZRGHmYbEYkQq4yNp)fyCN>K3#>v{@amq5+}r#=?dcvzCWSnMv9M?KDl-#D@Nkw(rX*zt@ z=GA^I6pWg$d-NOfj|usVIWeGtT}MrYz9Tx#%{)>yO7c1A1E3ddXlMu$yY6I30)Y1N zS!^`_;{xEkhin!g9v#4tiFqAwL6lt1!-?du08nXl5H1_CYk1WI&@BN#%O+2P?!(cH z?ldgJ=1%|^2(kt6iF^%|N4RNHcfsqhZhr#N z37t#KD>rV;0&WZk+(&#`1tyaLId5sa} zfy=Ko*AnXJ?7RigAyn3yrX^inua5TDHK%sp_HE8IE~}j=K#Y)pr?Zr6OtfgdHp)dT zamAFt#?~@P@HlXwv&4yO7JNKrXoJJzL`6iX2ni!jBJ%wdGE}?E3>{2*>KhvBNJ6MV zdab3V7R`0f>1$`ziKmCx&9GuAfSO{8WI=UQ1E|m5XOhW~&dO;u@WxLRxuHA#X%pnR zAz#0Xh&9F09c)F>j^D$h5eP88lj;gxfa>n<;94)-u%q;gBp&)HZj^F|=;fq(tJ*`! z%X@=}XyjVENltikN5}8k2OqeqFb;Tr$i%V*1D3{e+|MD#8&x+si3u%48d6uid(Eg0 z{4#&>JJemJp#pia?y1AMmP>4I*}~yzQhEa z?!l3^6K?zcw)o&TBm~R!TNU!IqkUWk_C!4`zUW6L!`*~`6oLz}^WcINI+$oJ8L zfbmjCkW$Iol2x0#9Z2IuFteS0s=u&a&OVUQTTEb{usz5e4xEz|w1lU;Mg z0Mh2{8jtL}yxNbSg9u!kEuxApfW3r|hX-GyjL^LZz}jc>O$c7CZ2j-xtw&;GV4m$z zQ2F-!vgt%lNStEUOjFK`VmZmbeQ>#BNL%ZnJ<9gLPs#?6-;J)RcWF-ofb<{ z{^PXh5dFtsvlD@(eJNO^ZSs3?sZB{tQo3TAddqN5&xW1GCr@15^>{*`mv_~j)M-T= z(oC*91hP=Fn2qF9on#3PI9<4)a)-pNba1Yo`Z17C1X0y8D}$g)*!`K5l)K}FZ+gi0 zNmjr)s9qBBkTz{A?)85(i2|>j9rDmxJvMD!6V)66cJ|P-YjvQ9q2!|v;GvSe@DLtF zzX{T2g6|E;ZEIm;<|K-sfd+vLWyKYi{~JZ-@^fIc9__68_$88AvSw{!}JLTE3W^&n0|usf2wSq zFU5%A&~)aYR#w`;J@I!oJ9&ZVyLazGv*1Q^q;NYKrS&yGrDnj(=bM5~hy&u^yjnMI z#<)SoT-wJ1y}$XDOP$IzeR+x&dtR#)b85}axWT{k|JPCsCVr%`gcc~#5p!BTFTxyn z0nHfO#U5em((^ZD$JS0GoGdK49rYIVX`U}Oe_Qv>>;8CDM~g?JUJzgl_)*RH_*t(0 zaG{y(NMV=^BU4m!XKO}6q>uMWJKB(13CuQiz{B;KItfh*gg+(GD{MPtEV~7aX#wX7 znj^*WuQV&I3r_F9BJ#WPR=0<878l0_KX^D}V>W}u^R8rj$%dH|&hF!)%6B**tMKO`>*?aBD} zZ6=q0P61}95c((ScoQ5yN(tR?o{Ia)>ejgR9@BY?P5~ap_vw4hD;PMXh z1YYYMHD0gOYs}<3L3teBAY}Uj8ms|dS_^_It``<^?;Ise)`zkxto+b?esePrAL!l}3%ZZ-Zr#SjVjQcUu@~8i-RN$$Ca^vU!7VCvL zwP+32(dO7!{ZA)^E&YlCm$lX_PeH7EoA(D9v}{j+*>uh zZt9wtw89}X>N>LviU*Bjq$^N$9Ose^KWr=h;IKILi0Dn}E|O)Glaq7W2v#0-Lz(%L za+QmzpWPU1Ziz$Qa-q7Zs;cU|yUz?@X zmWJ~j4lKW;TgUZe2GtgsO^MCl@w5OaW~&*UPEF5Dli{}Ot%L^?b2*s7FCwy4tG8+Sh!)ak6- z>`RXrb=bc?YB6|!@#5C@$zJgZDR(rEP zZ@gO1jjijlHY4;vfNNy5xH3`|2WNc{ zyL!_?^gI(8q1eaI=tHe^Mf1*~JY}51!!}wP`9#G(9!AHL{RSIGS@>3IUiZWy{FLZ{ z#hhcGWxAY0xvy^Rrv z*u~LwKc&auDk4fB}3CiWxPR49^hUoc~6}{7D(yx0JEcN&+oF`XS z>S}65CDaSQK_xpaFQ^#HsTh2QF}b#8erl>~bH?5Te2jWJyb?Mz{qt#ccg=@!zOp@fCp6neRszaTdT#asEaE*(XO=nU|*~D2SW^(^9m;v`nK1XK7yr0d*o5B zzR4BCPO9#V@c1K_{Z&*HK=G*65W;6VPrxL~g*03ve${Atrd^stqq9e!_Q0s0JM!pg z12_vngsB`nx-j5n-9Y^q?y&m&EJjH$N}7rYu+5BZsM*zW*Fe*)Zj}^MH<)-MhSs@-oYXZ-X zPp!e0^2$nIPFv&W|F+0?H}%2q`ir;(->V$Yt|L>5Zu^KC{XKJMtf__ZosxCKs%2p0 z!q?c?7oc~Lq%&lDaDejnIxuf$;XhrWWnp36+_5yA{$#?aq#%0jS{o<#U=I{rmS(2 zE%^L+KSlUE{9R38JIz$Vf9mb^5dA6e9)PR)K~9B?!_UCH92_3*$~41xV;-lrRQNWD zemTU~9I>-_f4<_ha@PjQ@PYT)a(Cq?Q0GfvlTcRo*)Mf-FdgO)UGu7hx~o9lZM}8QYz7EU{Urw(j&@FfcE{?%Opnk!@#b2G}u+w&bjwe78IBuec5wRb1jI0bzPlk3Qj=wz=TYd>*+ z;`g4Nuhs9!5`Hdt6u$1=yPJACR-`i%H}TbtDM^qm9Pk?AVOt)Ujr zX&3;j_~*lwH9(~f?107YJY4N#`;f>;mEQi;?C}a`%aa2i@?Lhc)0jKdi43Yg%N4Rt zKW9}c`-95;Lk#yum%th{_y8C3B-$s(@JJKlpCG)~ufs;T4L>Px=e#Tbv~@hVt$*SEApoSg3)H$o## zzuQ3)L{1-EuC7f4VY<1n8cpM%vtn#O$*dH?M*JW&JbX~6^&+@H9Zj&~6Q=fLNE(8; zJWi^_;lUw6|DA_bKi-48Uv6$5a6Z^iRM}F%hi@RMHOdCH(U0`I&un`I^jCU^Epdks zI805YMwy*%*LvM-02e>qVCut@RtvOE490pV!b9E!3APHCmrI@Zmue_*Pd&=cnJbzK z-_E+&KB)ZWvvsYTldZHv6;TP6rbRA6(P`y7r; zwErL2Guso6p^!gk!qAS{BCT$a@Meqk=ud*p?FgxgDcDOI z_+27;)BPBkf4r`}Og0j}IT!*BNK7WD9wF$>w5%vjJcNwI!vmY?xFp39Du%~#JdHmy z5KOjR)#Tz~khbK_?cV|_*l*J+4K?J?O6g*UB@*7_9$KJW27qZ-Ea{s5Faf!~KGXel z1nl@B=pIWeinlaFDKEyu{&u$n%1|gX%|>7SV$_T%wY>2wK=|Ts=0!Q^i>zq@yn`tw zD@#GmQ`WPjqszkVT*m|)XSEs(^EWescv&aMj8)Mx+9DEYOxaVH>DeIo= zC*YUDwPIH{(1Wc;$T!zO$VL~s*xv&S`fag$6yn?i7QDW(G3wypBFIy*j&|o)_XVEX zX~4j`SE%Qiq&$(r=jtl6WxdQfbjo{)yLtamO_`7TO9sr8D$M!D%Ix${ikaz7%&$fj zozwv22z>z=IXMY{eY}~`qfTx-o2t2+C7;7I0A75fNN?hssZj&kt7!U*!zda z$B?AaJbBXfWl|+GyB$KONaAbiqVqR#N4dkrj=QM=MAvrbTI7j>Frl1PO9#4)D*HL~ zasjT`A!G8kX>R_sIwJVtu;(>CKD>XQfx6i!dvZ#Q57^9NFEb)+bE^(mT8B28G%OYx z8l;d$4$M9`HB}2<2iVNg*1A05C>h`=hY5Gji@1}=bF@&8;l0m3oucfp>0bzj6}}=W zN)7eEfqnCS`l-HPFbhHF`u`8dbKhC88ZNkwF=;Ay8$rTbH~HaId2{;#`t=w}(hDTz zaTh0fYJ=V$z0AyX>U$LH<%irO4lA>$e(oTa|+e^HdMHyPptApt(-W6r_fzKJ#X zvU9Y1;Jk4+S)dnTUXS}7s~rtd9quD-2@rw|G*KIH(i9<4Ol&OST>SF zhbnama0M*Mzzz5wR)yZtZba}Ds>WTvTU5aO7d->j^Z zZheN3v%XzY@9+N08xnnX^Wi@g4$@OGxcuZ`nvs(z+EYF>VF!Y|lk6=+G_?x2P{abH z;xi5A;HVh8OT-@Pqz>%CSkZ!&=SB_u@kCkr(3PI6XdsU}>p4E#QOdw6A;Ci(@( z#erY>a>;sZYWa3e71|6*Yy(|uPR(>y=6{DQR0p-jH;U+d8yMsLn4dqsZce`6-E4Zs zqY7~y^gZBjb(3VchyqfS6$#gYpgsg}?e(8JY%Wuq^omE{UH=n5PjEKY)t^$S*3EwN z`t`J2Zh6Z3v?EDC3i}&$f5bzFv!onwx{H@~tJ~XgFf1&{$}8Mjo*{$|+^45I-m19q zpF88>p3P{CBaStd+U~tP8|~;cai@_pXx?vS#$ZiBQ(p# zIy9%S#iZ!mKMA|(g9F@jmcY!Wq2}blW>aLQj7K3Pp8AzbPYT{BDTNQeO2Yi@*XXXE zp69K`MRH8O`v#y@E)tuw@mYHk?%Q@-7lV^|dxd{!#%a_=b0vQImuDhI@-_pvhhD1u zzL`{i$uM{0`1sBJh5+;+0;N({eQ8DL)c^fF{V}Xbs2=VZ{I%lQK0ZK4%E!x>*-b~) zdi(KGId+=X8`2;N#?)ylKj4zH|WZu+bl~YV-)n{ za?CFGs$PWHk8Lio^l;OkZJ4tZG9)6Kk2?*(&&MQ;sr>?QYyV@s;90WTh=x?P9K#u#wuXlXsXLnT$++??8X zsFVFXzl`G->9Bl1}^HsztYBfZU<8Wl7@+(3R%DHJ1bk+1+6uW86-|a5wiwK z%B=>JvD2eDG06-zAS_GQsEAb5aJmFqWFQB|p@)6}14Cb;6wN*;E-TBkociNy7VhmW z_6&{Sz(?YH*tL@8fuKEm)cK?yHfij@;?+ZOV(B(IJ1aD0K()wx;M4W!s!RDmAqwh$%lXAkPri26smrm`bAA4nca>P}xWrDSF>S3RDH`w+ zXxlylZ&By~FYh#xx}=MhK!1G;sLyEXGU%P4bv_Cc$AsrglmOI$adgu_a0VVIoR%dp zW$az=PaF(rrRvoC;sZ|jE?ALphzqtv&hcQ&ceQd#Ea

BB_uz`ze zm|?7wCoKQpK`HVg|Lzq9_YZ`U8aHPRLcWDdtxVNAvYWi@9Uqg3rDhB(rVypEG*VyL z2U4T~5KYpRay|mhCC7GA4t$PEVB{QJVqC!}XrI899iv*0r5lukATE>F>7nG~ivd>X zXP_nM0J3ryny-~0Wy-Uf5dm>Pb89OF71d=;P0f{+m2fT_DriR6Gr$PUB$ofSSW8<= zeRS+g355r*y=1!js%WHLM;}s@3~n7d9X^g0pMLw%=WM@|-l`;q+b#iC2j~WQx{Wu1 zuTl%Q>;xL9h5j@G3>q35SD<&Id8BOMk}OHVnm23M0K;`b@T6R7O9LdAe3_!WJPLYx z93Xt6$NUjll)s2#H@nYi`4DL0wKX;IA6?*$PO|-Pi&^Jg6XOdLc_~GlF&LVkKCmzs`&a+!q0HR?#Oz>->%_@HhTnb6`On700 z@0+02#lRBbDRE@eMyYtT z(z3KSG+YKL7nEt3V5CG&LE!;2v_aGVejB&BB6_|(3eCU>2%u+i14ali9=yQG8Aj5H zfx@JC?z^fZ5V$QZEgwF9oK#+h-tBGwu(*VL?Z#R)bNAYh4|H2A_XyX9 z3G{$8b2r7TFE5so*YIwfyIb_{aeVP6ZOx#i4GnA zPa^Yw!VEgpq+Vd}uXyRg_4}gDu9S)$p|bQd&{3s6=#RAB+_n&pVqXP7sovcpH>YN( z;WE&pAd>*4N^H}eMoy-JIyYq>0H!o4;0-vu$vFl77F^`nrla(tMDuJYum*uAPx(8Fc96b}!=uiki1QPOOx zZk#-k?V`&47`B762|xxNBs>c}89d<0Ww)fMVXiwd&L>SQZ>M;Zs3iay@KbtufS7?^ zAHcUERs@+8pcr$PWcvmZ*nLFjsQdmhn= zvZ>@=AkP+Di# z0H!2hK)E%~(@RsJbg-a9~!qw$>fw z6j>hX3j$kc^7-%!01DpNuMaKztfMa}<+A{*Uf1)4!~_hbQXTv}{y3WlRW=aitOvx0 zF@2WPipH$&m`!_5XRBg14Oa!1d+?YLQ$hFwi9&E>qy)UiPzCpA8X6dE4Vz@aYIgsc zg3PV&r_=St2csvs?7?5UUcD6jv$4P5Xu4NFD=#mGT(p#Xt^A=N-Cxj4lGAnJ)|B>C z!Hr?Z;Ube(K8HZV>2v8v6s&&iW-52^Nasu3TLX~b8`Pe79{s7`SocrN%t2!4 z)9Gl`Vf~^)hDNJL5N}|=ahk)8f_5tuNf90)Ve`cK=3{*YB3+Rny;)&`uhygHA)XD& z1_im3jh{^?3a~908PR5==Ee4Gacz<9BkOL@K`aAxYPx;-LQ%uGH3jg{w72pYUn#w9 z`|^T-74~xRdAukMmu*w;ddH@21n=A>IozLjNbj}KGV->@RvZr&8%b6OKz4}7C0P*o z-n}BN=EdAr z2WQ_xm7mbjO#)?nmS9#lE4_Nr_JTYQTe({s@aFE|jr(S*m*U;JUzeNg7e&ecSKXRa zUQX;)3s&=ihS**p?H}%@aGH%fC$IW(>wQFA`&7tzg`m>AU)1qmLSt&9vno^VGJ`2H zXMN+toW|G3%fe_ntJG$Q!HxF@8T&WTOHgt!lD+RV=$zY<#3n29^lXfX(|qpkj)^f> z4TTor7fbgT0RbRag}M0jOFFa}btDvd4#Lp2Y ztG}oDNnq0PpGr+c<(xg2l^*ddiz4nomXdUeOb(<7>@B=S6Ye}vc?Gb1httK4&7>!} zxY&DR;|eGOmtAGW#l`Q4yj54QXSb<3@~Rxhfkh(r?0HsIf{`;^SA!dhNps_!HSc(EtW3| zxcROKJ{AG6i~y+aa&@`WHmHWL;^X6wx^B1AspNYnB#^^z8bG@&3$G={O)n3?7juA9 z4eMuFqUKK~5DQALxV=(gq1m=>*lV*%8A63YNz!F|7cXJ!vOJI-?p(Bf?L2$s(5VFe z-LsZa{LoNGmpG-m{dZBP$kHd89Z{Xr$*qJ|^>Zf^Z)CIe4kh>_nXh}qFQrQEkDhA< zGDq`qn1kbB z#U0~cYRrknDDkV;8Kb;n`K)nKitzy*tgCcN+mv)R%yLnnCfTBWR83~MZoWd7^^m5- z7@0Pt7TWd8HX@tT^@094dXTq;g#{#Tt42{UQW=+b<2~vWgdbusmfI052b5u{WchaQ z3JVLnf(`@2^=L5#?cG81<|pK)L&a7UP)tniA~jP$>4q+rAbHsUVkz*XJHakm%E^hV zlmD0wZDIgIr;Az*{)7OWq6wLxjX~4RL4-69|L-9iTmI_-T5@vwEaeaeU`JwN_u_v2 zmVdRVH6SaCtkOVJN<+SxAf;AVSf7hM3J3hL9UU*89#LoOZ(klYcc4#1($UgJWm-|6 z&HiY0vbuW@e~OdA%IaVPZys92w0DpjXFTWnd!t#+j8EXL|ER&|0tWH(y}omAjiV^w zeJ`thA!Yl`5c}p^N?rR?m0yMNRt*=KGMTGSav!1En2$vFRateq0RRiOq%xr*PSwYo!K=%>4XLvPcW>XlFBG&kHi&rm`O}#jp=+}+u~g^A z4wPq!hzb6ajhUAiPoF+b3z)LxRNCm(Ib)lW(QvVOaOu)#HSPtSqx${%3S55kZ=Gnv z!48r=^VdoVA8G7d1dXl|XfS({r{SlJNDDbGUk>0h?t3EpNF5O21Yy4i#F}7VNA~=) zmsg&{`gjPHHE0P%Va8WMA@uG}PJ<}@hKsU}_Emt%2u;DT)_SO?Kw4axf)*vgk$@8j zI+qUK_DI{I3L9+oQhS&faEJJ|gr!)!DmCp>+QA92Ab*A@bkjcKvfGVTx)I!S69}zi{+ni-KPi=*m{`9AKB4T_pE%gW9Lpo#Ni?F(^Y#aS?7;mems=x>2WexlDtd6 zp=m~nKB#$=ByZ+2+Fj>SYmB{D@{}GYsL)3D}sY1r&1XifiJS4JMEiYguLp^Xo*p*8fckcN^nQ z9Ac&&x5xI0c)j|KXF`z^zpYL@8@Mda_S>S)-3khmW>;g8pM`~a&-!K`H2yYQd((bC zjvW`BTZPV)qh1d0Yd=5czrmTgx>f^`P7Ac!XaYJ+fu31k4{EnhUyG@oLgyHE52#sK zZih4rnVU24x$N!aqvq$)@+M<9`g_-5*m&LuC3VV@PdLbK9&&PmOOB9?j7&jN>(*Q= z$U@?Qx{jlf2LDo7M*TPuI#uH3v9Kl_RqdvBe>sMUZyU9;A6*F;~8n!cpX^pAV4$#_oZ)PVOZJjr_R25U<}h; zg+PG6lI-*6K==+o`!#(F4aIz=q|^jjL18G&WnC&D)t!Gg5W_%8Sr6gr&fU9e`z|*_ z*(9X@!h2jcbjl~sB<~^AQ!1Hr#*E8jgM(`Tf&mc&oqFjv2!aY_v0-72fFNO_B{WDi z8yt|cf(c8$HXv^x6Jmuh*V5ARZlbaR72FMnhhCjG-VGA&KGuO^tC?^<7xoY;=|6v& z%@J%yw?WDGn>_`(613KqV@AP9amR88n|x=cjMTXb2AJPsa$jIG!!b5EP9_+bdiiQYM7{wd-l% zfGsoTq%C)9`Y&g_oz!bUfBokZjT2e$vvpIAfnb2;I%U1^-Fvfdl)lJ{TjA;J>r4E# zlx~5MW@%hue{rRP>%}wSz_a_^JNA(IB+^UjmA*>kP`sd<ehjzR<9}&%PRCvxNSx z|G5^A+(!$oD{dlz)bl5jMCH+mxejItkGC<#&pz0au(kA7>TVM6QJuX{{Nq{kZuVzt z9uaTjcMAc%^WnG!o847gGUqX)#?f$=q72>Iu-*mU$!kYvQ$h43V4UICBlCB28xdwu z{Loxq(u6rXUcz@qfAZ9rmCg|KWdd)jUbC%9^!)n!kvW|)RMs1X==BoPfk)rFWh?!- z9)?dL5GAi~GhlF)vFF${hplLC>lW;3)LO(h&LQLW4rIz=c9MiJB_yO0{g1_84|$K9wzyJ1vh$IQJNMU*?fQoGzR94bVn1>XRk)sJSni#e zo6y~8E;Gc#p~aXrd{vL8g;F3{o99EM1oBa$(O3yVMOJA>vLLLt6*uS|;Y0riNc4Mq zsm?RjQyaUDT1-0ZQJY&V&xU#V&pvz-wR_~ydG99bXWnM3(T(!csW*EL+{7!&oAlTm zS=Ec#GuDGX3w@!nisLVp^ln5|#>%uD#bGkt54drv2_C#??oeG(I=S@1jGO7G*+|X0QJ`tOBv^m_%&)eD5Vjtzspj`g>Eh-%mA8+mtko@e;$5y zur-5NsmOaLsXz7@+2I@tt9xgN;=}8pDq$}Ttid8@%&4kEvgfdlMnrZ!6mOUL5dmYZ z^HVbf)nsQ}0kmYU9|}>ssrI~2ZAQ2|s?Ib#1rEqE-FK?q4!4LMXBF}9KHM=Iw9X}Bt?E%jj^M~91b&PlTy(ElzWF0NnV17g7`wjL3ufpG@HLE{S z_#EAp$A>$WOY8~9IGHw56`m6kWtnb1D-jsaUmuODtaBARam5_r*1Ti8ZBz5=hq0lA z$W~6058_>2&cXX}#W9gG^HXo{wQFxl@|K>RC~)r)ial2%!tm|gmp_e+c-gVmjv-WM zi}mmXdECQJ-{}17*Z4AoCQ28S2nKfyf^fXj9mAHC^P~3yL#%t)_%@?T;~qve@hzb= z8ToBP^Yi3^PAD^_l4pd`uVoMU%2-0S(4{v^d!9YF8On8T2rJOa6h-}iy`6bD)N32Z z$8lcED}-!KOdD}%6s3$Ui7erWD4Ic1nCvqcV@Xa_){wGRvgKG}OqQ{fVzMX8#9%B* zjA<~+$YkDUI;X47b-nMu?{m#x^T+Rce)D_g`Q6X`z3mx&!3@OT1YJ z9ea={foD@Whx(eJEjjJ)am<-u(t)hfO{)K1jhR38{N94(K3rV*6l#%#XTky(QG_U0 zVlniN%q4=?1ja&yz*q8Q2j8>cx{~&9H_Gee2BSs@-C^{((AOVFqGDPg)!wnK+JI8_*FQM!!63QEk^j z&3-vGw(3o3)osV2U@fe7ALx%r2=Bm}oeW!P2cCB6M;p*pzSH2QDm%6$djVe8J&-}b zYu$vkOx8~@vq;wHq}QKw^(xEbk{Aa9?9&Nh?eXXJHeqb`ke|X7IpWgO7j1czjC{S* z!`xGxR{`4!nQgNr7O!fUw%D;wM&MyjQE>K@9QsSlyYwR{JhC~Hn`pX6Hu0-2-;|Ga zoy;3}Rteh@@@k|>`0BMmBzVKz3-4a7<;~ZD^E=Wz6XmVf?!+Y^L)cf?Mrx2pST5w7OpnOqidym4yO0c&&cU5jSv^+t*J2~#@Vso%>bKFk@!YOg+x23Pzs$gF0LA=F;=9l9X;nOUnIfg)v`sllt^K@1#bwqQ#ovt+uwk z4|D8;E7=)k3iRb=kq6v+_yagRrEW6~84nGWR@gYdML?y)!fkB@chT3`66{>yZ9?|c zl-N4K`)9qmrXCpV*X~PjJ%qD$O0g>JIo_MMAJe>aODZxMe?9j#X84OfXIyq&Uvu?_ zjc1i{YQ*#g=nzAX`5v(@7SYg2L;mW<|tRfgAK4U1$vh@{42}Kusv0SaZ?7 z2$I$h!AUHpnDKWS9dyffnkLlv1{vzl-&c34P8dSlw3OoQlB2Y<^;!IY{pgI?A|bJ^ z0IE%f*K)$L@E3fX*K_OYKM$ZTi++o^iEo$lUy0e)cn@VwPwxiFtmmE5mT#Z#7Y13P zYjfnn)5OLtfK!XTPm2L>*bxsn!1Yz2eWx z#l`8Q0C#!B#jVlNe4s6TWpz+iRYiTbc99e?p;kjqBW7l2+ny@u;#j%!=}zic80~*) z9p}(KXb_e2#=5>|6+j8s%9EN>J86S{s)P(a*Uyi+kJh|{=2MI=ddxiuu$0uP$MIB} z_$ZXa+y*U@$q!Jnpyui_anDf*B~iW&$~-mKMwxhEd~t6dXT$vS;`p5T;~ z@lcbjU%1r;^;tagC#4EJ-OetxqbaGKv5DF9!Kk4M03 z_f;xWbhKmXWKML6n8Gs%5FtQ2&HWm`#F^rvGiZR1y$(l~?z6WJ+0Tn+uvoaXowUU5 zAWJ~p1AHAc16X1S32nK`Y0qRWL^=p|Lm>R6<|mBor(P^+X0mBDNA!F^8_J)t;xprG zhKSjS39R0Gdz5WJC;DXkFSH@%ss!;Z#;+8H8{;wswcx+|&G3P>&HYgAbyx zsq3NdFQ?yibR~{hmncb%RP5gn-$B)x4y->QM-TZ;t>r<=3P^%}T6_+kKeRDv^gYPs z0Xu+vLn5jdmGD8?Anr5CvKQZ+DusgqO~-#bh`&_YAG-(ms4p0dR!6g-*BC zcxF$CA-s&@#LGQ_(Ti<~&xJdR!`ed(Ihf<5f%$hE{}Pcu7%s=N`Y9W6S)pufzFe(! zA zU*EhrZDytOJO1QtWo`U>K>(ep#mMp2Er?WPyl&5!0Q6J^F}Z6tzx#q$tmj`pz=;#v zUE+6Wj5a=wBzu4Vs#m)u{y48s{M+cU`cW#O{1cB~>L(t*@DCpUKNB^7mGkfx$sxWU mxc{u5aQ{|6Rbu= kcadm config truststore --trustpass %PASSWORD% %HOMEPATH%\.keycloak\trustst === Sensitive Options -Sensitive values, such as passwords, may be specified as command options. That is generally not recommended. There are also mechanisms by which you can be prompted for the sensitive value - by either omitting the option or providing a value or -. Finally all will have a corresponding env variable that can be used instead - check the help of the command you are running to see all possible options. +Sensitive values, such as passwords, may be specified as command options. That is generally not recommended. There are also mechanisms by which you can be prompted for the sensitive value by either omitting the option or providing a value. Finally all will have a corresponding env variable that can be used instead. Check the help of the command you are running to see all possible options. === Authenticating @@ -850,7 +850,7 @@ $ kcadm.sh add-roles -r demorealm --gname Group --cclientid realm-management --r Use the `remove-roles` command to remove client roles from a group. -The following example removes two roles defined on the client `realm management`, `create-client` and `view-users`, from the `Group` group. +The following example removes two roles defined on the client `realm-management`, `create-client` and `view-users`, from the `Group` group. See <<_group_operations, Group operations>> for more information. [options="nowrap"] @@ -1198,7 +1198,7 @@ $ kcadm.sh remove-roles --uusername testuser --rolename user -r demorealm Use an `add-roles` command to add client roles to a user. -Use the following example to add two roles defined on the client `realm management`, the `create-client` role and the `view-users` role, to the user `testuser`. +Use the following example to add two roles defined on the client `realm-management`, the `create-client` role and the `view-users` role, to the user `testuser`. [options="nowrap"] ---- $ kcadm.sh add-roles -r demorealm --uusername testuser --cclientid realm-management --rolename create-client --rolename view-users @@ -1209,7 +1209,7 @@ $ kcadm.sh add-roles -r demorealm --uusername testuser --cclientid realm-managem Use a `remove-roles` command to remove client roles from a user. -Use the following example to remove two roles defined on the realm management client: +Use the following example to remove two roles defined on the realm-management client: [options="nowrap"] ---- $ kcadm.sh remove-roles -r demorealm --uusername testuser --cclientid realm-management --rolename create-client --rolename view-users diff --git a/docs/documentation/server_admin/topics/assembly-managing-clients.adoc b/docs/documentation/server_admin/topics/assembly-managing-clients.adoc index 1196e9fe4ca..1fef8fa0274 100644 --- a/docs/documentation/server_admin/topics/assembly-managing-clients.adoc +++ b/docs/documentation/server_admin/topics/assembly-managing-clients.adoc @@ -5,7 +5,7 @@ [role="_abstract"] Clients are entities that can request authentication of a user. Clients come in two forms. The first type of client is an application that wants -to participate in single-sign-on. These clients just want {project_name} to provide security for them. The other type +to participate in single sign-on. These clients just want {project_name} to provide security for them. The other type of client is one that is requesting an access token so that it can invoke other services on behalf of the authenticated user. This section discusses various aspects around configuring clients and various ways to do it. diff --git a/docs/documentation/server_admin/topics/authentication/otp-policies.adoc b/docs/documentation/server_admin/topics/authentication/otp-policies.adoc index b4c912084f9..20bf272d56d 100644 --- a/docs/documentation/server_admin/topics/authentication/otp-policies.adoc +++ b/docs/documentation/server_admin/topics/authentication/otp-policies.adoc @@ -34,7 +34,7 @@ The default algorithm is SHA1. The other, more secure options are SHA256 and SHA ===== Number of digits -The length of the OTP. Short OTP's are user-friendly, easier to type, and easier to remember. Longer OTP's are more secure than shorter OTP's. +The length of the OTP. Short OTPs are user-friendly, easier to type, and easier to remember. Longer OTPs are more secure than shorter OTPs. ===== Look around window diff --git a/docs/documentation/server_admin/topics/clients/client-policies.adoc b/docs/documentation/server_admin/topics/clients/client-policies.adoc index ee93466386f..1ae912e22c8 100644 --- a/docs/documentation/server_admin/topics/clients/client-policies.adoc +++ b/docs/documentation/server_admin/topics/clients/client-policies.adoc @@ -16,7 +16,7 @@ Client Policies realize the following points mentioned as follows. Setting policies on what configuration a client can have:: Configuration settings on the client can be enforced by client policies during client creation/update, but also during OpenID Connect requests to {project_name} server, which are related to particular client. - {project_name} supports similar thing also through the *Client Registration Policies* described in the *Client registration service* from link:{securing_apps_link}[{securing_apps_name}]. + {project_name} supports similar thing also through the *Client Registration Policies* described in the *Client registration service* in the link:{securing_apps_link}[Securing applications and Services guide]. However, Client Registration Policies can only cover OIDC Dynamic Client Registration. Client Policies cover not only what Client Registration Policies can do, but other client registration and configuration ways. The current plans are for Client Registration to be replaced by Client Policies. diff --git a/docs/documentation/server_admin/topics/clients/oidc/con-confidential-client-credentials.adoc b/docs/documentation/server_admin/topics/clients/oidc/con-confidential-client-credentials.adoc index 0a8eb1a1af2..ab28bb5c592 100644 --- a/docs/documentation/server_admin/topics/clients/oidc/con-confidential-client-credentials.adoc +++ b/docs/documentation/server_admin/topics/clients/oidc/con-confidential-client-credentials.adoc @@ -17,7 +17,7 @@ This choice is the default setting. The secret is automatically generated. Click .Signed JWT image:images/client-credentials-jwt.png[Signed JWT] -*Signed JWT* is "Signed Json Web Token". +*Signed JWT* is "Signed JSON Web Token". When choosing this credential type you will have to also generate a private key and certificate for the client in the tab `Keys`. The private key will be used to sign the JWT, while the certificate is used by the server to verify the signature. diff --git a/docs/documentation/server_admin/topics/identity-broker/first-login-flow.adoc b/docs/documentation/server_admin/topics/identity-broker/first-login-flow.adoc index f69427132d1..e7619f74824 100644 --- a/docs/documentation/server_admin/topics/identity-broker/first-login-flow.adoc +++ b/docs/documentation/server_admin/topics/identity-broker/first-login-flow.adoc @@ -70,6 +70,7 @@ This authenticator sets an existing user to the authentication context without v [NOTE] ==== This setup is the simplest setup available, but it is possible to use other authenticators. For example: + * You can add the Review Profile authenticator to the beginning of the flow if you want end users to confirm their profile information. * You can add authentication mechanisms to this flow, forcing a user to verify their credentials. Adding authentication mechanisms requires a complex flow. For example, you can set the "Automatically Set Existing User" and "Password Form" as "Required" in an "Alternative" sub-flow. ==== diff --git a/docs/documentation/server_admin/topics/organizations/managing-identity-providers.adoc b/docs/documentation/server_admin/topics/organizations/managing-identity-providers.adoc index 8bc5afd684b..f03caddf844 100644 --- a/docs/documentation/server_admin/topics/organizations/managing-identity-providers.adoc +++ b/docs/documentation/server_admin/topics/organizations/managing-identity-providers.adoc @@ -51,6 +51,7 @@ Once linked to an organization, the identity provider can be managed just like a == Editing a linked identity provider You can edit any of the organization-related settings of a linked identity provider at any time. + .Procedure . In the menu, click *Organizations* and go to the *Identity providers* tab. diff --git a/docs/documentation/server_admin/topics/organizations/managing-members.adoc b/docs/documentation/server_admin/topics/organizations/managing-members.adoc index d78d241b9f6..3b52c6b0835 100644 --- a/docs/documentation/server_admin/topics/organizations/managing-members.adoc +++ b/docs/documentation/server_admin/topics/organizations/managing-members.adoc @@ -34,7 +34,7 @@ There are two types of members: Managed members are those managed by the organization, and they cannot exist outside of their organization. For instance, consider an account created through an identity provider associated with an organization. That account does not belong to a realm as it was federated from the organization. -In this case, the single-source of truth for the identity is the organization and its lifecycle is controlled +In this case, the single source of truth for the identity is the organization and its lifecycle is controlled by the organization. If you remove the organization or the member, the account is also removed from the realm. diff --git a/docs/documentation/server_admin/topics/overview/concepts.adoc b/docs/documentation/server_admin/topics/overview/concepts.adoc index 66ed06dd266..0eb947f166f 100644 --- a/docs/documentation/server_admin/topics/overview/concepts.adoc +++ b/docs/documentation/server_admin/topics/overview/concepts.adoc @@ -64,7 +64,7 @@ protocol mappers:: protocol mappers. session:: When a user logs in, a session is created to manage the login session. A session contains information like when the user logged in and what - applications have participated within single-sign on during that session. Both admins and users can view session information. + applications have participated within single sign-on during that session. Both admins and users can view session information. user federation provider:: {project_name} can store and manage users. Often, companies already have LDAP or Active Directory services that store user and credential information. You can point {project_name} to validate credentials from those external stores and pull in identity information. diff --git a/docs/documentation/server_admin/topics/overview/features.adoc b/docs/documentation/server_admin/topics/overview/features.adoc index e7fdc8e887b..531f4422b94 100644 --- a/docs/documentation/server_admin/topics/overview/features.adoc +++ b/docs/documentation/server_admin/topics/overview/features.adoc @@ -3,7 +3,7 @@ {project_name} provides the following features: -* Single-Sign On and Single-Sign Out for browser applications. +* Single Sign-On and Single Sign-Out for browser applications. * OpenID Connect support. * OAuth 2.0 support. * SAML support. diff --git a/docs/documentation/server_admin/topics/roles-groups/proc-managing-groups.adoc b/docs/documentation/server_admin/topics/roles-groups/proc-managing-groups.adoc index b67444c1615..662271fb11e 100644 --- a/docs/documentation/server_admin/topics/roles-groups/proc-managing-groups.adoc +++ b/docs/documentation/server_admin/topics/roles-groups/proc-managing-groups.adoc @@ -43,14 +43,13 @@ To add a user to a group: . Click *Users* in the menu. . Click the user that you want to perform a role mapping on. If the user is not displayed, click *View all users*. . Click *Groups*. -+ -.User groups -image:images/user-groups.png[] -+ . Click *Join Group*. . Select a group from the dialog. . Select a group from the *Available Groups* tree. . Click *Join*. ++ +.Join group +image:images/user-groups.png[] To remove a group from a user: diff --git a/docs/documentation/server_admin/topics/sso-protocols/con-oidc-auth-flows.adoc b/docs/documentation/server_admin/topics/sso-protocols/con-oidc-auth-flows.adoc index cf6742cd219..5b2978d4db2 100644 --- a/docs/documentation/server_admin/topics/sso-protocols/con-oidc-auth-flows.adoc +++ b/docs/documentation/server_admin/topics/sso-protocols/con-oidc-auth-flows.adoc @@ -147,8 +147,8 @@ The configurable items and their description follow. The CIBA grant uses the following two providers. -. Authentication Channel Provider : provides the communication between {project_name} and the entity that actually authenticates the user via AD (Authentication Device). -. User Resolver Provider : get `UserModel` of {project_name} from the information provided by the client to identify the user. +. Authentication Channel Provider: provides the communication between {project_name} and the entity that actually authenticates the user via AD (Authentication Device). +. User Resolver Provider: get `UserModel` of {project_name} from the information provided by the client to identify the user. {project_name} has both default providers. However, the administrator needs to set up Authentication Channel Provider like this: diff --git a/docs/documentation/server_admin/topics/sso-protocols/con-saml-bindings.adoc b/docs/documentation/server_admin/topics/sso-protocols/con-saml-bindings.adoc index 2822e32c5b1..d5e887346cb 100644 --- a/docs/documentation/server_admin/topics/sso-protocols/con-saml-bindings.adoc +++ b/docs/documentation/server_admin/topics/sso-protocols/con-saml-bindings.adoc @@ -20,7 +20,7 @@ _Redirect_ binding uses a series of browser redirect URIs to exchange informatio ===== POST binding -_POST_ binding is similar to _Redirect_ binding but _POST_ binding exchanges XML documents using POST requests instead of using GET requests. _POST_ Binding uses JavaScript to make the browser send a POST request to the {project_name} server or application when exchanging documents. HTTP responds with an HTML document which contains an HTML form containing embedded JavaScript. When the page loads, the JavaScript automatically invokes the form. +_POST_ binding is similar to _Redirect_ binding but _POST_ binding exchanges XML documents using POST requests instead of using GET requests. _POST_ binding uses JavaScript to make the browser send a POST request to the {project_name} server or application when exchanging documents. HTTP responds with an HTML document which contains an HTML form containing embedded JavaScript. When the page loads, the JavaScript automatically invokes the form. _POST_ binding is recommended due to two restrictions: diff --git a/docs/documentation/server_admin/topics/threat/read-only-attributes.adoc b/docs/documentation/server_admin/topics/threat/read-only-attributes.adoc index 5403525a318..ef762efd259 100644 --- a/docs/documentation/server_admin/topics/threat/read-only-attributes.adoc +++ b/docs/documentation/server_admin/topics/threat/read-only-attributes.adoc @@ -29,7 +29,7 @@ This is the list of the read-only attributes, which are used internally by the { System administrators have a way to add additional attributes to this list. The configuration is currently available at the server level. -You can add this configuration by using the `spi-user-profile-declarative-user-profile-read-only-attributes` and ``spi-user-profile-declarative-user-profile-admin-read-only-attributes` options. For example: +You can add this configuration by using the `spi-user-profile-declarative-user-profile-read-only-attributes` and `spi-user-profile-declarative-user-profile-admin-read-only-attributes` options. For example: [source,bash,options="nowrap"] ----