From 82a86b542bd17f1260bbe21a53ff40b2b99669eb Mon Sep 17 00:00:00 2001 From: Maya Berdygylyjova Date: Mon, 14 Jul 2025 16:27:38 +0200 Subject: [PATCH] update the new SCIM docs page --- .../authentication/README.md | 4 +- .../authentication/ldap-connections/README.md | 2 +- .../authentication/recaptcha/README.md | 2 +- .../authentication/saml/README.md | 2 +- .../authentication/scim/README.md | 132 ++++++++++-------- ...stration_authetication_scim_index_page.png | Bin 0 -> 53476 bytes .../two-factor-authentication/README.md | 2 +- 7 files changed, 82 insertions(+), 62 deletions(-) create mode 100644 docs/system-admin-guide/authentication/scim/openproject_system_administration_authetication_scim_index_page.png diff --git a/docs/system-admin-guide/authentication/README.md b/docs/system-admin-guide/authentication/README.md index 1a237ed39fd..f1097456fef 100644 --- a/docs/system-admin-guide/authentication/README.md +++ b/docs/system-admin-guide/authentication/README.md @@ -21,4 +21,6 @@ Configure **authentication** settings and authentication providers in OpenProjec | [Two-factor authentication](two-factor-authentication) | Set up and manage two-factor authentication (2FA) in OpenProject. | | [reCAPTCHA](recaptcha) | How to activate reCAPTCHA in OpenProject. | | [LDAP authentication](ldap-connections) | How to set up LDAP authentication in OpenProject. | -| [LDAP group synchronization](ldap-connections/ldap-group-synchronization) | How to configure LDAP group synchronization in OpenProject. (Enterprise add-on) | +| [LDAP group synchronization](ldap-connections/ldap-group-synchronization) | How to configure LDAP group synchronization in OpenProject (Enterprise add-on). | +| [SAML](saml) | How to set up SAML integration for SSO with OpenProject (Enterprise add-on). | +| [SCIM](scim) | How to set up SCIM clients in OpenProject (Enterprise add-on). | diff --git a/docs/system-admin-guide/authentication/ldap-connections/README.md b/docs/system-admin-guide/authentication/ldap-connections/README.md index 84fec7d8373..daeae95d6fb 100644 --- a/docs/system-admin-guide/authentication/ldap-connections/README.md +++ b/docs/system-admin-guide/authentication/ldap-connections/README.md @@ -1,7 +1,7 @@ --- sidebar_navigation: title: LDAP connections - priority: 500 + priority: 600 description: Manage LDAP Authentication in OpenProject. keywords: ldap authentication --- diff --git a/docs/system-admin-guide/authentication/recaptcha/README.md b/docs/system-admin-guide/authentication/recaptcha/README.md index c7516ac75f2..4cd68fa69f8 100644 --- a/docs/system-admin-guide/authentication/recaptcha/README.md +++ b/docs/system-admin-guide/authentication/recaptcha/README.md @@ -1,7 +1,7 @@ --- sidebar_navigation: title: reCAPTCHA - priority: 600 + priority: 300 description: configure reCAPTCHA for OpenProject. keywords: reCAPTCHA, turnstile --- diff --git a/docs/system-admin-guide/authentication/saml/README.md b/docs/system-admin-guide/authentication/saml/README.md index 5b103368bb4..ed54cd6e7dc 100644 --- a/docs/system-admin-guide/authentication/saml/README.md +++ b/docs/system-admin-guide/authentication/saml/README.md @@ -1,7 +1,7 @@ --- sidebar_navigation: title: SAML single sign-on - priority: 100 + priority: 700 description: How to set up SAML integration for SSO with OpenProject. keywords: SAML, SSO, single sign-on, authentication --- diff --git a/docs/system-admin-guide/authentication/scim/README.md b/docs/system-admin-guide/authentication/scim/README.md index beb9312660a..23e9f35e5a7 100644 --- a/docs/system-admin-guide/authentication/scim/README.md +++ b/docs/system-admin-guide/authentication/scim/README.md @@ -1,78 +1,96 @@ --- sidebar_navigation: title: SCIM - priority: 800 -description: SCIM -keywords: SCIM + priority: 500 +description: How to set up SCIM clients in OpenProject +keywords: SCIM, SCIM API, user management, app integration --- # SCIM provisioning (Enterprise add-on) -> [!IMPORTANT] -> SCIM provisioning is an Enterprise add-on. If you do not see the button you will have to activate the Enterprise edition first. +OpenProject supports automated user synchronization via SCIM API, enabling seamless integration with your identity provider. Simplify and secure user provisioning and de-provisioning while ensuring accurate user data across systems. -To activate and configure SCIM user and group provisioning in OpenProject, navigate to *Administration* -> *Authentication* and select -> *SCIM provisioning*. +> [!NOTE] +> SCIM provisioning is an Enterprise add-on. [Click here for more information](https://www.openproject.org/enterprise-edition/) on the OpenProject Enterprise edition. -## Configure new SCIM client. +To activate and configure SCIM user and group provisioning in OpenProject, navigate to *Administration* -> *Authentication* and select *SCIM clients* from the left-hand menu. -SCIM client is a system(e.g. Keycloak with [SCIM plugin](https://github.com/mitodl/keycloak-scim)) that uses SCIM protocol to provision user and group identities in an automated and standardized way. -A SCIM client sends requests to a SCIM server (OpenProject in this case), asking it to create, update, retrieve, or delete users and groups. -To add a new SCIM client, click the green **+ SCIM client** button. +## Configure a new SCIM client. -![Add SCIM client. Index page creation button.](add_scim_1.png) +SCIM client is a system (e.g. Keycloak with [SCIM plugin](https://github.com/mitodl/keycloak-scim)) that uses SCIM protocol to provision user and group identities in an automated and standardized way. -Configure your SCIM client in the following form: +A SCIM client sends requests to a SCIM server (in this case OpenProject), asking it to create, update, retrieve, or delete users and groups. -1. Enter the **Name** of your SCIM client. +To add a new SCIM client, click the **+ SCIM client** button in the upper right corner. - ![Add SCIM client. Creation form. Name field.](add_scim_2.png) -2. Choose an **Authentication provider**. +![A button to add a SCIM client on a SCIM clients index page under authentication settings in OpenProject administration](add_scim_1.png) + +A configuration form for your SCIM client will open, in which you can adjust the SCIM client details. + +### Step 1. Enter the **Name** of your SCIM client. + +![A SCIM client creation form in OpenProject administration, with the Name field highlighted and filled out](add_scim_2.png) + +### Step 2. Choose an **Authentication provider**. This is the service that users added by the SCIM provider will use to authenticate in OpenProject. It must have been configured before creating the SCIM client. It can be an [OIDC provider](../system-admin-guide/authentication/openid-providers/) or a [SAML provider](../system-admin-guide/authentication/saml/). - - ![Add SCIM client. Initial creation form. Authentication provider field.](add_scim_3.png) -3. Choose an **Authentication method**. - This is how the SCIM client authenticates at OpenProject. Please ensure that OAuth tokens include the **scim_v2** scope. - There are three option: - a. **Static access token** - - > [!IMPORTANT] - > Static access tokens are valid for period of 1 year. Then they expire and must be replaced. - This is the most commonly used authentication method for SCIM clients. In this case after clicking **Create** you get an access token that should be put to the SCIM client configuration on the other end. - - ![Add SCIM client. Creation form. Static access token. Generate token. ](add_scim_4.png) + ![A SCIM client creation form in OpenProject administration, with the "Authentication provider" field highlighted and filled out](add_scim_3.png) - There is generated access token. After closing the dialog with generated token you will not see it anymore. - - ![Add SCIM client. Creation form. Static access token. Copy token.](add_scim_5.png) +### Step 3. Choose an **Authentication method**. - Tokens can be revoked. And you can generate a new one. +This is how the SCIM client authenticates at OpenProject. Please ensure that OAuth tokens include the **scim_v2** scope. - ![Add SCIM client. Creation form. Static access token. Revoke token.](add_scim_6.png) +There are three *Authentication method* options you can choose from: - For example, if you use Keycloak with [SCIM plugin](https://github.com/mitodl/keycloak-scim) then configuration form looks like: - - ![Add SCIM client. Keycloak configuration form.](add_scim_10.png) - - 1. Fill in the **UI Display name** - 2. Fill in the **SCIM 2.0 endpoint** - It must be in the following form: `https:///scim_v2/` - 3. Set **Endoint content type** to **application/scim+json** - 4. Set **Auth mode** to **Bearer** - 5. Paste the generated static access token to **Auth password/token** - 6. Enable user and group propagation. Enable import during sync. - 7. **Save** the configuration. +#### a. **Static access token** - b. **OAuth 2.0 client credentials** - In this case after clicking **Create** you get client credentials of newly created [OpenProject OAuth Application](../oauth-applications/#oauth-applications) that should be put to the SCIM client configuration on the other end. Then SCIM client is supposed to use provided client credentials to send an access token request to OpenProject. - - ![Add SCIM client. Creation form. Client credentials. Generate client credentials.](add_scim_7.png) - - There are generated client id and client secret. After closing the dialog with not see client secret anymore. - - ![Add SCIM client. Creation form. Client credentials. Copy client credentials.](add_scim_8.png) - - c. **JWT from identity provider** - In this case you have to specify **Subject claim** that authentication JWT contains. - - ![Add SCIM client. Creation form. JWT from identity provider. Specify Subject claim.](add_scim_9.png) +> [!IMPORTANT] +> Static access tokens are valid for period of 1 year. After that, they expire and must be replaced. + +This is the most commonly used authentication method for SCIM clients. In this case after clicking **Create** you get an access token that should be put to the SCIM client configuration on the other end. + +![A SCIM client creation form in OpenProject administration, with the "Static access token" chosen as the authentication method](add_scim_4.png) + +Once you click the **Create** button, an access token will be generated. The generated token will be displayed in a pop-up dialogue form. Make sure you copy and save it. After closing the dialog, you will not see the client secret again. + +![Add SCIM client. Creation form. Static access token. Copy token.](add_scim_5.png) + + +Once created, a SCIM client will appear on the SCIM clients index page. + +![Scim clients index page listing all created clients under authentication settings in OpenProject administration](openproject_system_administration_authetication_scim_index_page.png) + +Click on the client name to open the detailed view, edit the information, add revoke or add tokens. You will be able to edit the client information and tokens. + +SCIM client tokens can be revoked. To revoke a token click the **Remove** icon at the far right end of the token listing. To add a new token click the **+ Token** button at the bottom of *Tokens* section. + +![Add or revoke static access token on a SCIM client detailed from under administration settings in OpenProject administration](add_scim_6.png) + +Here is an example of a configuration form in Keycloak, if you use it with [SCIM plugin](https://github.com/mitodl/keycloak-scim). + + +![An example of a Keycloak configuration form to add a SCIM client for OpenProject](add_scim_10.png) + +1. Fill in the **UI Display name**. +2. Fill in the **SCIM 2.0 endpoint**. It must be in the following format: `https:///scim_v2/` +3. Set **Endpoint content type** to `application/scim+json` +4. Set **Auth mode** to **Bearer** +5. Paste the generated static access token to **Auth password/token** +6. Enable user and group propagation. Enable import during sync. +7. **Save** the configuration. + +#### b. **OAuth 2.0 client credentials** + +If in [Step 3](#step-3-choose-an-authentication-method) you selected **OAuth 2.0 client credentials**, after clicking **Create** you will get client credentials of newly created [OpenProject OAuth Application](../oauth-applications/#oauth-applications). These credentials should be entered into the SCIM client configuration on the other end. Then SCIM client is supposed to use provided client credentials to send an access token request to OpenProject. + +![Add SCIM client. Creation form. Client credentials. Generate client credentials.](add_scim_7.png) + +Once you click **Create**, client credentials (client ID and secret) will be generated. Make sure you copy and save these values. After closing the dialog, you will not see the client credentials again. + +![A confirmation message that a SCIM client was created, showing client credentials to be copied in OpenProject administration](add_scim_8.png) + +#### c. **JWT from identity provider** + +If in [Step 3](#step-3-choose-an-authentication-method) you selected **JWT from identity provider**, you will have to specify **Subject claim** contained in the authentication JWT. + +![Add SCIM client. Creation form. JWT from identity provider. Specify Subject claim.](add_scim_9.png) diff --git a/docs/system-admin-guide/authentication/scim/openproject_system_administration_authetication_scim_index_page.png b/docs/system-admin-guide/authentication/scim/openproject_system_administration_authetication_scim_index_page.png new file mode 100644 index 0000000000000000000000000000000000000000..56fbf7b72316cb9a570a9f49b86f2f4c7fb8deb0 GIT binary patch literal 53476 zcmeEtRa9Kfwr=ADcefzHf(CaD?gV#t*T#c8ArOMQ26t;*g1b8er*YTY*=PUz-1~YT z?tM8mMvq>r)>!pP0IH0%gem|4hXw#Z!y&>$a=uF$c|-o7 zTvesS0F~n;hmadsOHl<;0H7uw`Pmo_a{tarTH6%>z@z#5gOX9DK8Jh|Zmq86rllay zXX!hWyHWQ@P0$zNO670?0j48bA?HpYByaXx#RWKjq`foN1rI3J& znFXJ!#OHs%0l5>Tv~qKE;$va)^z>x*{KV|&V#&hB%gf8c%Fe>h&IEab$<^Dz&De{{ z!IkRY1xT2?nz~p!xmi0pQ2Z^>*u>G@O_0*v-P(-L!q|e-#LSG7$;9}R850|unK6^G z*(Ww8vrnJQxH;K)*e%#hDF0o(o3+J%*YDu^Zx|qeu>5_(!p6+{x5S@`zcBp=U2_Krq@ED$J|_J{1^~wQWF$n@ zy$nv)JhgD7$Pvz2NFtbWjJnsAYw%A%#0oKNMG;kL64XEFOdM6FBupcTVrd2vwJ1La zgZd&CiK7;km6bn6z+og%s_wn)oNhXJo;BwaD0F1+x9kUHE`ipTmX_8w#!j^m-@``y zC%I|K(qdr#lh~Z3CH_h5C?r__P^+3iW?~f6~%XpU?x{sGc+(@_^ zX8+lIg7l!~lJePPx^QVjgquyeZe2TjV~fLq8~(H-_&103>l;#`%TkOB)tg9g>C^dK zqmiBxkocAbG}Lpt4g)CPXje!}0@W*{5Q88EzC>C#6+}ve?G~*U8eEIt7(-gSO|O^q z0gKSs0VL<=3oR#gEt&oyR#^dC<6rztd{;M|@DPI_$}M_-9vUlifM5zGYmgiAVFvI)B3E#lr2qIU|(k z0ffr%{Eaxn5c_EJ%7BT-TPJyiz>V%tRu7rNm49^4t2qXMH-j&dnHQp%);jA^$O7>l zpWeDOiwo(OCK*%M543A2rm?oGH_j+q;{&2^&(e=xIej??5!QTN7Q_e6U;X^tKhoB7 zPtTR9Cw?$zJnge5k@iCvFErQ=3<%+P$kr_Q;IDlx9OA<%X>Xktd6MQiaFhJv{HJ$% zy1ikKYbpFl5+kWvD!a&W_X&35D2S7a z&vYze{5G+peRs=d-^f4W?vO$Qx9fijxM4Y-=SMGZC99yY@bDPXMP05S}f~vVy>-E z`J@BJ?O++v-rmq;rH0iyE@R~1m z^J@3GRGk4ZbiU#15A%Xt*P5x$bUfZ5#2O;RxQK(opH@l_De zgsoaY|93Jwf}Y=z2)*n2N%c;;sUk$!qF$2LCz%5Q=}SqpyBcvGNP!{l*&C|kVcwRd z6Q{oo#x{o+mf5f^yh+&YXNo%AOb*=bL|Oda569!z!T_DcHJ^w$?>L(;47tAAQr5N3 zN?*@)=_b1i;dQuNB}$WM@2|Fr$((b!#T<^-1UK4vqE!#p+9@ArSt1H@e0Y90#>*RN zfUfw%Tn_=tB-s^O=TH6V|{&M(NT3p@EQLS^iX{Dh3~w=ORPP=vcn?UXiIk7Z^r%e zi-L+09=lJ&v5QD4yn{8Is=R=N=S@C={rfKKkX!wzwu`x`V(IyjLT~Pk+H?_Lo*y6A z3WwhKGd_^^WgJ^v$1$oBF{1&t6Lb79R6W;v6-h)#zCk2g2+OV6coL)vd^V@O#?hPd zgBny)P5l9yCB{e&77)3I)-8{*%_!+d?N;J(s)mvC?!gt5c2_ngGXJ)>&x6isF0<|V z&bJli-Q=y0G*EyzyXlT9<=0G$x{CPH3Z&uNDjkNe@nll*r2#p$<83U$>%PdwvMUKK z0iI?Kt}WjJa{84-Q_aunM$dsGGj8xW(ve+9qrhsoSUdv>5hMWhX5VS&)WD9X0^wPY zCM}8pu!6}H+$JDp7dq18T6^bpv=F~@z^3v&;1BshGlR6{3g?a6_s5z(AOCR9Cv$|o z)rCEkGC84pFI^sXa+DE|H=;^YY4519W48^ZR=9CBbd$8sb`<#y=9y3%vK80i%DdRF zKKo?v7i)2V+?r6FWjV$6L}(;!#ynlwc<7z>2z8C_f3gp1m=TSqZIA)Qb5ACdhi(#C z!pSWaxPl(tSH1$OPz9giyIse#(^^50eq{B&Te_%N8UzOG{9F>Uo|okFlC$~4B(M9^ zyj+l%|pPmaV4Xe%)uLKCw?vfxO!wb}|# z*_FzR`S~`2lV%e1WLIxrBRCH0y$DtMZ(5#WZzu&tY6I-k9BRwZvGrDV`c3G}X{8PKm%)$le<^L4In} zTKndx~YcPU2kSyP8GY)BLT!vgIw%7m;LOOIjMsNR5b```aByQrTN#`+f>UpOgfrVBAl_pkIN;0F>CLcCKm)<1c9Z73I0Abs<-MRnW zXRXD-cWWnV=L_WFQ+~Py&ja*=c&`3D;r8@2te174e@>JTQh#>n1Dx&%5AAWo~WUo zCF6Nrk_3vI%e&f#)NtBE4E`}<<6Ou?w~C+-ts_IZA1X$21z^R<1m;p7Nz(lngT?~{ z`s}|rH{VU2R&m^CUrG%w?Ngt{$`2;{JxyATo1b`@lrHT-I+e#0)hW+Tg2Fz8{4vcH ztFs&PyO8Sut$76oDPD|_980fbItx6B+~@D(s5RA6a6F}0)dA5g1F*9BGVji{y)j_W z`zab^zj(E9^@M16&^fW-z;xcItrq`9-p7-Kful4w)GuRlh>NtT5_TJOW1QBy9Z{u6 zY;5eR3kVb+OG|rE#Rt_-7_4;$cKrJ4%zi`aTUIJZzEr$bzG3ZK;D@fGcy~5qd+&9* z@e?Njz&OU`?amN;NzZm~|6+Jh?k1mFuU~}RX8QQlaV@!-GNTPel0))W*kALbCriaC zM)y6R-5Tc@qF|kj7=N{;@@im=nlhfuM8!^eyeaA?>$IHT)N-Q zid=Qn~5npf)78A*A32shj;Ei0q(Y~E-5Vmt${8o`Gd zB~BmcI(Aw8z2L>~Bi5YI$=CD|1d8qb$^&Ey&U2Cuf#krR27M>zAPd12?(Wq{@~u1{ z?IcaX6JYZOe}Uz;Z5oW6V%l8qc;}xng0t^zkl>}3{t3DF$!cl-@atBQ-BTJwwmccdt6ZN#4odIiGoNBn43=sY&D{T=xtkj zt7JcamC6bG&tSpW!SyJvDtFGXNIh}G3s-bR)zM3`ne@=6uKanmw!9w?z{ehjG4?Os zq9MNTP6D$l{MjjP#(o9#pV+B1xWGYd$)?k7k#22iUZ-iT2 z;qI%iS(|fb*e2tW^NAo#jJ`cQness#p^NFJ;(QXF8CWIJB;Exqekl!l1vBO~q5^Ql zMsCyiREnElzhEkbCbzP?A`K8@7YDz@~W&1Wgd-G-l zYCCu%P-+0_1(gT7ALy4)h*Ho;)7wJ@9y~3EJT~)at`%9#4XHo7KR1qh_h-09gwfxy zNjl@z3P0mN3-v5dhR3D13*)9PdGt8Aj_#;;q@Vl-?5?x`R8Y@RHOmZYaR>-{y_eG}1xdQl220CZMN$VI6mEoy2g3GL)H%4Z_5ui{JGK46iGq*@5w&@g+Oa3RMW4d3?mD<;txjN8jq@EsUT5vh@t{9{^cG z(aDCs$I=Q>QkyDGP+Qf-^b5Acqzi!4FUMN0QaMiI z_~o|x>fBetbkLm{5#p`(G#`H?3FnA4tjDrV;&}ld(8i$w(>43&egdIP1HNm}s4;?% zSyZ=9XN7HKk{2pe?tuPWZ++j=8I}H44H`E_qypi{Uhrt?5m*$g^HWE2B}u0ndsokaAPtec=?y1C4dDPJBNn9gQwfi80mQlA#R7S!651!b9FwnN5MX| zbatmPluba13Mn~1pgZME8rV-z8n0o_dJ)V{SI(~xF2194P^>Hr@bU81Q^{4NdEYmi z#ol6-Jv)t=U9z!t&{nTp z4m!sQJ=UDMcKKpET`9oup6qFS2xi`U0#96cMz~39!A0zB8<0gyS*O&=yN^+!w;%;G z$|L1BsrlOR2a6M|Le>>ceMKJpWu)Jm7kz}9_GUbH!iMC@o>ecZbT*%IgFli+yftTO z5ZU>pX1pofqQRTtOIEf>kZdq(bt;kw&g-%(y{pSnF4N)-iO9{m6Xy;n5^!!cLiGFs z9XL$5<2!FEo$1N3YZuE-YSDG2e@L>_)?{4q=xm>&qIDT*I`8j#fI1OB0swqPCl9$E z+ERVlGjc#s@IPiaKR>AyqAd{aBlT7*pumhgD!zl#$`#qe*Ugs?5Axce|3n2*n^VM$ zck+jtr``2pRw>*L$}IfQ4Dq($j`P6z)cCysHQ1Pj(afMU?Ux#FJ(IP zTFqF_T+#Za06k}=OXKV_zpc--Bdl4+FSg@4{3}X;fRaebx_qe0hRnKoPh|p<2-d0e znO=;HcihZAv&qpg)d9aNKarP1&>$+nE6C`(gUz2=_fe#ZW9cTt{LeBRjj(xV!Xv(& z1v=~Yn&azta1>x>j}3Y8Egjq`$uqJRjz(6^3!cX%Z+X*C~-JG%@ggupwvACH_V2@q8;P4Txrh z#|C=zTl22~6Yd<8_2WYnT!5Z-ARg1B$!e>sSI+g3+Fx>xhYGcO7PCdfY%%zIMiqfzkLqeRIqS zLuk5?vLo`DH^QboXH=02*|fW2n!;_kz{Gx(J7#AFZA6i>A`+~*vu__S&}^hX?ZL?* z2j6tb7S=n`aIAd4S!XMZe;sq-qoZQL|C=PW~M5n1sOK&ikCb>+cW+1-+2< zYg4@tCCo3+yGoC_9rSPS>^tklHVvYf85A*W@<{Ns3eja+>j97^#!{+n=1HQ(`1gh(UELIKp-T?U=%6b{@TPsK200|z%9HFt6h?>(T+f6Z=(jb$Qspg8Uq4S025HOsVVeiD%aSs2 zmaG2&7~~oeK5$w1bDS~E?8S0iCpP+~pk#knN`TdEUr~4Et*i~f4YaHY3(J^1-S|p( z4ER0_CNEsdT7+)Ad`Wm5K=MRdznU!NbdRZFxHBRX)>9@1bcLjK^q zymM?3!#&zgaeR7jrh^?*@&)4?ckmY96`iju>u`1DZ1n4Sb5hKuJwK(}gC!4l1@U~0 z6^s(tXV+z`qQWyWchL`GMhsygxmTh9=Y0{*DB$?x!qaZu$uxtY81%iZ}%&B+8yQAUa@)!>a{5rs`_MelI@>=X0a8^JRG zU_ZGo>00CFjo_aWXOxIv-nKmwFAIY`ShvVG5J*!VG;5V%$c16}>Tt@! z_t!U6We5=)K|e?tbFikJj3(fQ4w|tpM1OAMqc8p##E&hAltDyPd1T^(mJ*){%tNy( zZt-y|HAAL=+IOVe4N&9BGbRLlQ`(~S)5HQ$5c+pt1e&YNa!w!SeE!0Z6V?TXohANd zU!nJqLcB>rdzRbDoAKzHUcT*HnCH=4pAlHnhZkYC2`W*H3RR%Bc&W3ou|yO0Ly|6D z+gA;UI%QZ{r9~W{+l2jW)kyntsy4Yu0 zyZYN2q-KF?tIaK~>&sWr)=FyvWW_^G4f?(WYvbBexPefDNFiuMTttEbrwmOVu*8V~ zVjszI_EXs8+Z36nT4*tePE%Yq&k8YIm!LwG7B9=)#V-rgaJZ_u`=c0Bh6Xs~@w_hK z!2g$BGx%r3woctH>Pu!6w37J6(pT5>=x=ud^8QYQm37QJUN$N*1na7|bhLmBVPCv} z!xw_|IK~xbBQ*i#Qf*YL!D_~Z`j1CC(EI2aU*oR_SCSA%m(0gk!Y-pp;UV6r9>S@g zb*CQ+f(4}DGWxfbgFK1mMTAY`trmVooQ4J-T&1w?R~G2aY}d@~%g)DI(f}L`qo3-joR~mzU ztOfJ#j!nkchf?X@wBo|YWM>#h(wj!8ed?{sp4I!5KAc;DQCi$NH6 zSWE*l+Ho{_WU~&w+>4HiOqmtOW#Gqw%@NCmUbd#$Qind$gr7to$siJkwgfHebRlHj~!mcDK zA1`8JP37HBAYpaPPWO+4PINZp=F7y3)pN*nZEi~W+{Wn>K*s%PC0Pv_)FR@3OCl`g6#QrqP=~bdABhs zDaqbbQsP+NR(3V7!g7gbgmb{Fecw^|#wx06Q&ZPZ-VoyJtuk&sy1XFZvPJJ$_8`=SY!vTjWFCN107))A zW$|w7(1xw=@!b3o=7*Fv+1wEx9XcYI23btUhyAQLPU$q(xv}hlu_roBeeFQF1UD*x z!iUq~{Zk4%UVltA{1dTg_jnBb;dcQjl@_cAP=M+(_^NnP6_R&aEt3fP8d<$*JEHf_ zSEBWVZTLIPG*q^>Bi*)Ms64tKjK;9Y>$RPbgvro*eu(e00=t=g{R}Ky6#KVOHlKs2 zetOU$3Rm(33-S%Y3!;pyR-H1&Zw9z}bS=4}!$0;z<7QTS+xWPBTXmXyEuj%0VZzwk z57(J_8^{npa(}cLS9B912=8ei-nqN0%R;U@p2d?p!WEg06{*i?RZ=7WdcL#QIc2&P zI@(QeqVuJ#R}&2Paq;PxlZoY8=py%9Yxrxoc{xsXU`n> z^cTi-XR27lXBR%QYBv$hU?>tm;jir%_DMpTFQH^F#5u0H>Lg3`2uz%VzvI)<^LA(D zyi|YLtqWUZO~g5_2OnX($A5o0X#WIXrkcEEz`|(wUA7Tm!WwW$Uk({R2VF5Y{QMG+ z=*tp|)G$ydc%aKZWo{6B0z-hWsr5h_{&oxWJcj4`3|(epP91!4@M|{jBV?N2Zrdxc z{=yKlIg9X22;q#b9d_BA6+BnvHG}uPCa^&sHJ|6DMi^b*FUrhsR#NFtklNjqLQq%4Hw$KJBtA#dJr7risp?Dt*^F3ka} zgt5n^2=^uH%`ie4r{TZd0P}OKF5SwRjU!Ng8sP5BJGo!Mx~1_>c3=tL#g0!pO=mIl zV4vK#pS$PpfL}A>lu*_C@L|#{Zll~iUZ8nnh@q3iOm^Bmyri%X+|CvelWjT0D$-&n zJ({^I(=fjOa8CW&AkH8Tx7pu-dtYMUH)}sn#H>Kn-QsL0FX+aNzk-%yPt5TJ;u=Sb zbqG1SACUy zbcmQ>#P1oQop9Q;p+?j5i(!-rovc?7Cwbfw|LACPk1FX7@es$3RbVKv2we;!Uj@PqenxdRvtn8seap!^cycFy ze$j@Tt(EPo3=aCaNgBfx|8cU`hcP3?KBX3`qHVJ$Da@;i8pB@@$6!53>*Ni3e$K{Z zrnv|RLj+kpgmqdp_1ve0Vz>*FAcJ7oj6HdLv61sz90E(-sGg@gQOXJix0*78?k^1B z2#V3{|-~`X{LrStFc-}_d z?wx3TKbil-VpfbP)1^+j%g}#;t(zZ1*gzgIykrSFE0x6_7Mga8bdQmxh`ZYSnlngX#OJg0@2yD43f1q}jACfQ}rT;z`jS zC)lgj=JHb*Ol4`STH`csF)T7Qt2$gUn4Ie}o<$wg^2X&`~! z?OaTsjV|(WQIl$lxfc%}&~V_=_R#9}ux;_q!T1n*-Ah4l7Cf?%Iw*rA+se_mF>}3= zB74>_kOwdM?Ut3qV7{Y*=F?M(DC)12^O>aGUL@4&010n8(w?vt z=&Mv$G&Wu4+m>9{q{i~HLRzDzZV`E*OISQq-L2Vu8eFmsja;cWJOY(5c$I~(Y{qxu z0_uc5usn|ABfQ^cfCwo{tmRF}Wh*PW$`(*s`6Yf|IG(cc(e#(YFK(zgrgeS%#(VY(Jh+dySlTC_*I1TU# zk62Ymi@CtI?t_&4hyu7%>ePLG6ns-i{bddP)sl>?eB3Ef9+g@( z4%HTJwiGwG%CqxCBHA2&8*p>cr3ob1!3RGHsCAbhrBz+5TnG|mr=R@|x&SJC48aiN zyU6x1T|slZf%z=|f;i*i34ZwD^Obi7vibg*ljOdGhDiE*B5%#NBAlR-fkZasr-ER|HM%4hI3z%{&y7R^@K^h_&?uMCK_)h{L`KY zGXkD}8bC=&2#@wRyy;&_IxOgaKKVCh|96O;8=7;&^UsNyj}@=A8(G8uX8^vlI^7#4 z0!bP5`MV3XZQV!%Fus*eqx_}Mzmg4}7~=cPpT(+%6bF5u?etv%2x8>#xo&Bu8z2!P zTgtVRM{ds;*aK)1g8VPq<}n}TzWhe(k4h2GjLT%L?j&xV|M-)4Wz1WD$`mX<7O=}^ zcV;YKnVedlAXRbRHsWONt*Ldaz`2KIQU6TNB{Y*ck0vLknIC^z;9Ex=ocWB_MG zJ-@R_t*eDi*J$IxlTXr~FfNfiU(DL6Is43iI8uMvFlc;T8hWr&OS4YgN|MgJE?Vy} zi2+c>#&|h^SA6ckd?G*mAPtg;XhK+?ceHTQJ{)pRGiM5a>JjIo=S^|*6@DH)NKOG- zQN7M06Ln~-&Rol)SX=YG{fEkjzni*@{}pa#F9>aNBNn7`0UQaxQS3YNmc5gsB?`PbqM1F~46VJpR%G=w1FIIv?E6r&_fW zZUADtaw}In6SGY!zk(X5T#uR=RN5)>;2n%NS~!v+n6KcHT|Qvy_hrCU2L!rhth8g^ z6&%W*+V_137}Htq2tLVbeU;*I>(ATK#3Tcf1_hu=`psl_`;YZhUyiV_*`#tm_iiV2 zWqtdH4^{fFuxLuBy<7O&Z$BRGn4UF!BQPdHR!o) z9C_vu<50fH&E^Q2K_g{{Nky+QJ*IhaOO-ocuOQVbWD|O6PNL5IN2VNr6NQ7sZ5hY% zJ8TwM9(&stu#2`QtJ=;vuHHN+eWqNlohL_<;z=$#{S`hnZ5_tN@|c;yxFJZYaQcvw zFUz|A8ITj;xneB3^Fe1uJ2 z?_gOz@U^@NtC(^>7dt`orXQ;;YJN^ZyvPbM0H@^v_gvO{@kbOXRCS6{ukN}h_+a!l z3|FL#TeK6&Gt{bVzke<%8q^@hAX`hLyH~?HS6>v*jSvc*Plu@F63@n zkK*bxU$JV~JU8E-pkNOs{$ZEIhu_&t(x%^@CdX z5(l5>%T;FA$`B(OD)Jm?(_hJtv-p#Gfa-8>X0K%-qWYzTGR=I?RrDsWihEK1-+jGy{L4Q;!+_&} zzs(??3&#dV2Q~Y<@rH5MEM#-y zt4;(&zqjq>1l_KSMj!e(-~6_CZnxp}H)z1~QF@JqBVC{R;}6vd#~5?H7u`3c_O0Y` zN$1{>KfG6$d#CyhF5?L-u0A^YJuZh-sJY^$X$WJ?Q$fr#b8uSDEwv!EgG9Ir68bU> zEkgZzf2FE{-g_BbeKq~wZe+BHFq{Qp^XSysyI$#^3HYiD30y|x$pM#V^3-@h_8AZF zV&&pNUt@QG`TjoWc5UC+>dMTO8`9jCZBXwi+E8dpthnruv^mMO$g=p_Ux}580Nf{`n&uXowe&^DvCzUwPw#2MRj&o7G&@Ts^!DZP5Ds;&d@8Thp#-uq6@xNuqQyDu zHeISzytlLCEp^^y#I5m#C zpIR<3vb`OkC%QoUywo34lH*9SOc^^2*{~L(KPuSKu9cS|K z#W#*=qRzqxv-o~b3Sh3>tL@znwu_df-3{b?jByp88!fwr)|`)%SOMNl)!$K<3!3({ zar{SI{&GvUh;^w-8~dNp zxdFn2>&(Y_y$xn>83@^`0=wulW?y$^iI~{Q!{HLq-ols$vMk0eTZ0P3|>E0TP!=Ql5L56=fVM><)qACMkLI@$zaOm>|k2_)s<8KU% zASe;N0Yy>nOn}Z~?C!zKp^M(5l!2aQw36`I*PgVuuM4By%ws;UmoCaU4eVZ3zZ4~I za=G^$0#MhOMjEAbGs$u+Ust0R&MQ7d0`05-cyRM^2dv)6MNLC#Nn}9e+*a>@pr_OQ zYsz%Q#r};O@cCYS@*B7B0PaZ@GvE$!&yNpFH_Ke%OG~||?wXy4;KfUf2OnrN5Pv~q zGk?H-()JmNq~n>+wxyKioM#)8nfw9u>hrbaOqJ*HXfk&>KPX%gvPz@g@6DmpX7CfD zK5k2h`M%K}4^ey+23U~_{!Xx0163pWWRc@eFQdFypznuJR~N67!WeltB?|t5y;qOM zmqONJuhM)0IQwQQ2VQz@PIBIWq}eC0bBX;oPrEB$@_%EA`LeRBw21*oh}(bfQ|)CX z%u%U{3~|JS%Jn{$oT!uEw8iyJEEt%XH&jN;Y_tu3PH2bq?a!2Scs*~(V;szT|$@Fz`j$>}D-Y|5L zg(AQ68GG<(=%jTuq(KAb z>8^&5GM08|2zeKHl83L`_a;fH;T{C&qQtZ3cpA51)F+8qd7!4)*p8G=GtvA z>pVlH@4N`ybn5)2&KI@-tK;RC^Ci4yq#D=W*z3LjoZq|l7|QP2dSY~XIjFk#|BYa! zS&Tvwg**F>8WM!*M>uP{6XnSD8vAQsW9O=D0LCxW#y>21@Wt6>=OfCo2JtR9`Ur%M z30c_~8RCus(Fg8`(J7t0mDV7q2e_qW4bY<~_b2^?6b+VR3n9EV(B{v?46aa_?O;fI zainZ?ypdpfS#lZ7<+OO)jTeuG&zH(%rz_%@uW?u5NveqTcuS99l6tAR)L$dK`r!_G zx7ay|?01|bIyIVUADd_XE4P*ukks#E_-kS6J!7!Jk{$0+y!dzG_Z!>k|JX=xCjVNJ z{nKGc7`gq!%+7zWqStNy=K$kBGxz`9`OSx|KMdF8>_quZLch~~ctObt3~pW>K4Da* zr?|W)jgPD7zgO9r4ESy3+aa)NXfVFd3c0>EbWu#BC@u}YQj*1{3;0>%2mqj0dtX{z zlh-2A7RWfZBP3xFhE{;6 zH^AL5yrGVnp|9c=##e&Y!<};XaV_`Hze=@SxMb4I)D`!sfa!k>H(9~FU(p@2RY=(o$v@0ef#9phZAGijvmBTq{sNITS&#H^^i7l&Z)v&HB&EKi$WM1 z$)9~xNPu;BhlN6tSO1ay&&BxJ+>_a>GeIB3ZBN=(Woh zk+8s#x&gXxP3JJ{5zUI2KlRWRB#r|pXi!!3Z1+l$@%LTm95TcH z;2g?_wTlIA(C6dJ0RsEf&UuMhGSh^kIQoB*rx^7%o#oeZFd0(6H(J4pA#b=f1m=>W zcA7RNn5dx}dZUVM#GM(({2CEf9+zCY2zFTPK%ZS!V~`lB}~$Q!l6va0k%)dAegy@PL*eC94ey^OGeuF-6p9|Qf*=p=1cfmXJj<`c0xw<6KG-EURx>BvZ-=&eka9?M!_r7 zKx%1iC6->8WFRvs@ql$2`Pe@Vo(0V7J|$%ZpA~XOBR#G{T3?v9v8?dywinE%yI9_&~dDZ zjeGxi+l0b{kHNYyvxb)fzG1Tuq9!*wo7EprlbSQ} z3ssgBi`Rb3&He=EyYs~a~kQS(ZR z;As_=C(KW^Jdj{JEmorxvxL9tND0`>#8~=qwQY^vPr8+6{Zv0KW!s*P!!^lhM6+ppQ*}!_{faU(UbTjgG?<e8g(b< zxa7ZhiKCEtD$@2W8I*_cqEV0JTX{IpXD^a;B1FvRhyIdGT;$wU zf5cW+&levQGEQf5+s2#d-IUsiH?OLnn|tr!KMJKMYZkvuIeHF8b)g+du$}Pd_c4YE~ zkJxfsXrfZ#6T?lS7CYsyF%`pOB4$(5T?T$Gw|K$)TH9id%OgDw2*nj*F;m)8%o;r* zgu_?UV64CLcK5YCD$31B zME8zpwEodr=gA07ZC>H`N(N*MSTm1h#P^-AhKH(W4}O_^AAi}(VY}*&%Kt{GK2K(4 z$=azOjdYD^uFVwaWjMjapYijLx0 zS!_&8P^jkKMUfD~n-?F$r|?VPo-Y6Fj{`4mS|PvV1h1+blL%J!hpm?yByEaFvBSnw zTkraik}6$e?CZ8W79#tt>gZQtVsu@RJg;aGzCdk zpA3vP&sM{jEKA$74oaQe@YDNxdPVaZ$n|jz#fH-d_0F=AvkmCau%7YI`=Z}RNX`^T zKsjWY#N6p;hADk|>j9h0%wCwx>N#E%Z^&HiAGP$Xt%*0cPGIws{c`;fqL0(z@6(qt zMb(erfJySsD4UA%ql%X**p1({$yK|ENb@p2G9l@^)pt&Z_BOK*uAS- z!OWIF+iyQA-VNJN^`RTif;hdVaN3t)G2Ut2!5cPUo@qGQO_&lenI57s+1IZIJR{Ndq!%_^DuNbt zR0kbuC*=B7I^%j=&a{884?*;+xqRoZ^kIx=n5k~s)JnQ8vrz`93$qapjJgCej=`msCXwxa@-0)UH3Qj_Xz#nT#6N`V^vU0Kq> zIg$3k(~-|&Etp|VYOtLX4#STRhvepI+3TV(kE14wgk#QoTU!h&@Yj5qcn2`=!oQ=zSp7jwTcmP;0mj z<)qcX#W-+ipINwQ(ZVj4l2z+)NhXt~$ESM(R+a6b9KFea5jn@ZNPv;*okFv^Ms_oh zfqoA%Vou(Dmt#eN+$$$Z>k)~3GAz<}u{KX>b8(;f`s*FwSmJXW2-ZD)THS0z3hTBrS{1#FmK%YA^sb3ia@`*ZT9-B z`9*Cb!V=tzV+S%QbwD0;hdv*eZu0n=3}i)D?Ry~T-*vI zb5fm+kYZ&a)WcEd(8SIt=;SDrbYG|qSmk%pb% zbR?`Yo6VD1VDIfdiG@}>>tvWpY8g*389b(0L>xV6kq;P(q(H5;3jhID6*oY$U_06$ z-|XQu0lQycDA_G&WKpnzW3hvi+9$&P`Z$nWB{KV<#5bDQm5pS-Jrcy3f-kGo*Ec`d zpDyyNoB9)jbX_}*G)3j(3~It{UpdK=7M#lsTAT~NLK71+F{^qRerZMDQ#U@e5?F9? zVt-8x{&slaAldX2hrMxjoi@u2jkbJ0z9ub1lLP}CypA1|z1J(+)-ju~71V6z+b1ru z_kC5r`__m|j?54|<~QMu~^iEr%a;TI^Yr zR22PBCX6z*^r&qCgNFqD>)fI4&lIfs?RJhh4Ev9gHWP+&p`0W<0ViW%$(^1>H`EE0 z`@2>`J2WDyc<~qh9OKaH&r(e(oF_%=YRmzHc~piAes(cMjn(^e7Q!$6KkjDqs_IV4 zxjU~MqE>n3;OuTtPK0hfqzi(q)gB5o-85`lVq2fv`gJ9uM&}6c#?#(jmUm`_U9F(z zFNhL8lH5-uEV%9MFf%M@G`}Kqa?vMHRkr>dtm?jFsl<&~5RW^FbxvWqBq{W?H~*Yd z@bD~YuWg2hf`%X+#)JZ$uLrvfh_P|8jFVetRtq8XxW_x){vT`eohI6kx_Pm z{L2bKz8994x>s+7hYefl8smd@QI)sm^1b!bdKr$H^-tL+)d&p&%8Wz&F|i3U;``V~ z1=Y!fDD>GA7w>tg`lZtK<5UrLxh*~~e-2s;;dmCseOP;Ccs8@L*Mkn`1dq3I0!!0#Z0cdkz20}omA6^ z0-n2N*m0JAKw`F+@#YdEr(KajRr<(@V~pZT3~@!-FR`W;w=j)hr*8^wuAbuONu{_E zQ%6*#1@bu2kWXwdYghsP)t z_kdc2UJ*54h!6@vLq<=ZZx}jYc9x?MDSOxKT`9Bk#A)eJFs#y1lVmQY`*e`R=rF<3 zv-?bkYQ&U07(L$UJ^IqsZby36#m;-5zO3nz`T4OgwEF zIbealPV^%872oGWItx`bk{lv>A8siRtbQd#iWh}Ss@ zDuN)qKSE97YciomLA^_~Hqyf#fVA=OZTH^#+*ll3DOT^B&Z0rnhZsy?nx&rVeeF== zAhO{-t^jv+$xlKcS1ndKIW6nbt;#yx0z`O{Kt$DIpAH~7accE6HyZy0oGy1nA-JhL z7^2AU`H)Q2;)RP!p#5j9u z6m)C1_*rXliT`wT2B!7Z`Usp5SwXJ;c_YnfE=<%jP>!))oD6LtnMmA8vw%vwGrmK3 z6r;Wb4eSynbmoDM>W2p<008HlAdTnU9yF>VXqcnU8h^9*wBN%$f_QLd> zsewXrK|Q!AD%>kt8yatBq=RP4rnu~N@!58lBw{(AhK`J-orGcO>tn#liJ$1UI@Jbk z6~mgzrB(*^WB+R`sX`+59rwm@eu_@Jw>rlL*eec(@JKG8ERz|YWdBq^Kf+t%V8cn% z;Olc0XPC*V-^GU9onp@ezOY>oNsG^%z?-)WDk;TDCS}=axEUTIkvGQ+lKJKOU{Us> zdZ~Q52eWby&1wggMQOqWbAD>Jg$CiC7=ZprwJAEh2@5jbc1~KUa%|}!8Lr+!jOWV# z;tVd{c3sR&Kegv@t^`7viiiU>X{~v&&WL33`bB#;Bm*qpS{!7~UUkT~B6(fWB zy{{b2VgfF2uUA1nPnf&uvtGw*AL8>j-E8$61as3WVk%f@FW;~6BDn?R+HgsPkN3iP zBoL4tc;DZINi!1?V?Z~Dcf_BV6Dq-f(wW2vQGx>$8W?|4HW?O$6OL|b6-@2Rip^t*71hTz53-XqqY=Jp@>4ftgqTFiAO>|#M zp0KH5tpRg3Nju0s08HJ6LLkn#I=!&Nv8phj9G!PMD0@8u-DHZr}=(i{lHsIocg* zFkb7xcLt^XR~T)zL3}BqYC!ok_e!%P>*N7h&ML|vNOyCehsY5ZH6$jYq#SpAQ>N!Off00PRw>a{s^&T2P?;)49V|Ml_Sf+c( zjj!o82P*~PGQdpAEuBuI)$deHs68XHXi+|c01(EZCME%R=&_NCt4UJmys6bSttkz9 z5TEF4`5-)1=**P2${QIN*Eu+#HFK4GbHD}9%AIYbvAIRXZyXdl16qAz45vJ=m0ehd zkE537CdEPt9&nZxEYbP6{iJl{Y`)S1r~Q*rRd<8@J7RPar>_kqdnOJ`(2emgoKfJ zP*yX%`cnnjj%v=*SriKwgzZ!&B}VIcZ(L~iFtz(V`AQR)TL)F18|p+4!%wk*B`%j3 zFQ0`%e?QbfRh}2M@vi9N(yDEF!t;JKf#j0Ashiq@BEsQBm`7n4`q*(DiCIvAwGV$XpQk%+dP~a z{@i{Q8hLg^VSB)b7w?!F6nZMU);l0cqRdqGc8PMbWR@Wft$Ap zB1I*vB9><(snwIUl#Lcaf!kfhg8+P^1D4_MYe4HY?CUUz(RKPiZ(UW^&pT4v$crBH z#kvx2+X)BC)gukx|Sf%Mji zAR;j{Sf9XQ^j=AO<<)T$hXhnclUgT^cXSMYKV8Ye#Y2UdNFI^y-1u~s@y3}!QMA}? z-k@DqxIgUgL4tZedvf^^G+48t=sh2juN00{r#%EPJ~zTj-2)NY$JS>0pju>% z?N9Oy8uJ4q#Q#9%k!%W(FoGh$ljDf)G?AmL%XM1PD0mP#lKDeLhPyjuv_ObE;+Hqk z!o+D*M!hw%%MRnd*9{G5#2I)33^m|t(kPG0y$nd_2(^eS>*CP?yI-wXu7j zHA#g&*ZK=@PI;;GI10ApIHN9aE&4_WVPV>Lb@8Zh>DP*0Q=9^rKjw?CUZSl3BBhJx zS|w~s!r}>mZCXJEIfh;Q@7Dt(f)&gHv%x?`0QYpoZF4d6!06{#C6kRZ|Lxf!cyA#V zSWX5BTPy4XkGh%B`q+-5U`B%fkrUN(&G2^^bLCp7OGYeA6xMc_QSMv|WB}Qh>>pkb z-zxPWQG}7M!HX6sTX7~{)H-BUmbTI9(-Zi&DQz*Z`zuqeoG2kD zR3UwF;ogIjW()$}RM`}bHs@*ZplcWy#W~^H#0TE7)AB466Fo$*0?%M4Sg{W5g2sdjKSn((;_JRMm_6pw>-!A2WgRY{ z8%Z=03g&#!`q?n+D`A4z7I>Ec=4fuzBPbfjt(M2DfVG1SJ;kVN z$(AuUmp9rIU7X>w;~}LUwu+T+{8Xw&6dDz!UOBGSB@BCIuw>kvkj=I!jC`4PAnqBY zqlL$0z^Z(ao`qjiUR8=H34KKEuGC$iZBb*?N zSxz17A~J1y62+K?_>O~K;l<_z2|$*<#wDu=#}?J%_{&rJ3a2+ie{U63UKhU1iqyJB zQL~%;*Ne#Q2QuA`z+gZL=VA=G$*{i@1VFu5E@bvjgt<#;NP16Fgn?_YFi8yi;TP=ww}uV!G>l3!K|Y5 zn{`}+nBD=2kqYhvFNDEcS(L&eIoQKQChH5OVZ-89b`#1IOcjmMOjLWbVjdC4ibKSe@b`W9}Vu`x(?e~#{Jd5VI9S?OdYlRM6RIah+jgg9U)zOMmR)?t! z3_5Kj0oq+#m(PQ*pO2RJ1IQ08BK%%&xr`gXa9#pd5^ej2A+H}s^7_-disb<&G+AQ% zb1;VwDjpo$*a);qQFn=%G$I#zTW{Ta>Rzf`YiQIgC)?i)v9~UNxxB@ zhRn#g8pXkI?pS@Tcy~an?>F)CFiWByBJSCKdtgTGa2wSarLy8flT;RyTOMx+0CDB< zHu=$u6PB)OEgBB3ft|w&;5-!jXQVr@VM!Z~IsRn(nLv$z17KT*O?&!2-GqeXBw z^@!`e5|!kHY%^c;LEB1qYoz~-!|@e8jMWC>H8TWwq`?{EjBaMr20F4JtR=kWQI?Wp zH9S9FZnS`P0QoXsYyu3z0MIbazGkwheKbB6{VaLwn>0I^>!Stob z{qdI|iPOFohh7BMIhFPrc_=zpuKj2bDyC4#zp##r6Ipa29^{pR(nX7ft+MRdc{n%^ zYk||y`TxX65z@&EUUo_De+NUk+xl@U$qZASAJ2YcIjnf&J1Bq$+o>cF&2CVO*}8`N zw$A~T8wS-!g})4!fMJ}L$1+dvc8ge+VK$NTBpU5CVBpHiw)%GjwP{!nO6Dj0M`k_R zYd%`fSJ^OrpJzeOvy9j1Jz(aV;zbzUMuf`6#&CH5G9JbJNt=81rFOAy2a-@;&>6~3 zusf96!&Q%COiS9m`#W(#1U9gC@=!O5?OTjemVjpOlsBY@w?TciqLD78qG&+xYh7BPufEDrfe59KVK z*-q0#w9G(wN>0HT0x+_yJKINi z1{5G1CnkHR=)STT;e9`&xd9%yh}eHQA|1cCMe+d-r_Wo1dc;RA3F!<@;ToBr@gAod z)pm8>8c*k!7|aw=m|$=fospM1h7qmq+#L^mX)0!>6R4=hPSQ#j9j^*wAGuT`QcmdJ zZn>%M-7AqYQtqWXCoESaB-%&MxL}Dyj>)Qx1Aw8=OnQuS4yt>bCBl32eddS%;6MhB z1Gky1jCseYAbU3~Wp!fXzni}Q`V(C}q`kk=y?Y~Q7AWJkQ+#Q@MFfIUG&E8;I+m20 zT0Fu)a(yrto#Ie_2Os2^x`2ow9fGn{!z^BARp)_7=)G4{=>@l+N}fzM9Z4j-nXPVN zm1?>u)ic|^|x)Vd57q%>ncWSVQQHN~(Vjqtb|LnvkHz-O^;OS25RtQC zrxk0Og^Rv=caH)FTukPOoSxad^V%j%&cz?740HB1=^gox=Lw7km4AfO432y@_<=9@(|5q(I|ckdWJ$AW@LgUvwbih*v*+06>Yf;YDgTy!17H82uPEQ_nhB?@P!wBb^@l%1^S z2ye2^Mx(bu`RM?EA+KR5&8SEHm9?wvKcSr1n#nLXT1=(=^Ks3L<}-`^>M}>$YWE5| zf~WGNM!TR>EGB0@wF>5COCq_eyBV*Z2j52Z>WhxyXR6LU;Z6CF#D~dH8UAt1T%Lh& z5S!)jv1G#$IgkE)^ZdAqfzjaYOIx7jO#cP(TQTUaktxm#4^33smYA?O=CswRGN8se zkXZi*V79o*@!LTC1_bf<^@Gbm1fo`NT}YrR`0@2v_K4ic#5I(u5@0^)9`BC|8pVF3 zihRjy@5Z4CdUck8BI?^g#p#Q;>YNOj!?L#+gkiGD{e zX4RQomp|H*63Y<%HZw6FN$A}ekaItcT9sk(7<8y_JbXt=J!7zamC_Ffm>v6ptB*Z(DJ#rWJ@auHt1@{>N1ONT2Jo+q=2e zwzYqh&2dN{v+|iU$)7tPNnW<3`v)^ebe&vM4=$Qc+cvovnW>$`OP+@JfX*P`|g+w}MA zTXlJ(bsI;ckd5wU^X`d$chMS%?yzmLF$Vf35%ruw#{tQE#?kvcW$owlxN+jdGjNSk zrj3@@T+AkSRLDf7c0U{0Illoc$80+ED1dk~?#x`-GRE?QanEFkTudO~Abd_qP}J^&)? zH;^JAG8y{w8fN<5VGbJP&s8^MnVA6p*^0?(&#sR7p#8_Y;Fgw|K?%c@S;W*(Q+EHIhLffibV0R+v(Hy4<{b_gHm{EBd{u^=$|!wr|^MNM*W zUMniAWFD#!PPFn1}z+(Qg?w0gIyWK;oM=Nzdi5)W| zYk8Qkg^O?l>+j#cNdQ6i?U#5oOtz&A_trY0)h881`SQY^3#IWaI6yAcL6b)ztBOBr{GxQ<{4JE z#)-dc$)H?eftp6|aX};L81^>p4W4W56>s!GThP@rrTYaCjo}EdrS`me$a_~)Zatd) z3(|k;_3DfC!v}ZS%utYo+XIF8dt5&so33Tlhszfg2>m+*>c$tOo#pkx)8;`x`km@J zy$??7aivo}!i*n1JJ5Q=&bo4(D3DV&eRXv=y6W3Z?U@#fS}Q- zpb~h#QLR_nls?Q;{D>Hs6r8|naOPM(%BRfd?b;va-vlfhox9*&X`7|1d^nZQHgJi+ zrKKzU%EQ%&XXy;SEjuQa*Mq_)Dw(xq*2~zE;BO=LXMU4CkL_I%_$RKre;%+E&1Pe+ zzAeJ?mj2uv-m^}sz6M3f{|VB@@eJGMESe=!i*I+bf`4~5b9s2pHm2_Q!Gi18%=zg+ ze6gkd<~dEg`6|54`$=Gh%B;QHXq37=ohXGF8*oeIwr@py+a5fJQa@dLL2+%Sg!&Ms^3@v9k1k1UI2(0Dg}8R>S-J4^1E4h4j8w=%K5WDvQ1@&{Lv)#Rch} zl&@03nWHY7!1j3Mh+GZrejP%=dO5?owNwNaTog);OhER!2DRA;_tz=JC{hIgG7KMP z#yK$cKzS)9yPD`(=SOW8FnEvqb}ly>V+dig-JcPP^rUMfQKBBo2TG)%Dc4L`ym9BT z;Y-y-zPHdHF85}zMHF1SDcI#xBUqEmIfJ&RDyR&fIgG`@ zXE#lril>b3vm)`Piz%G&f(P+uE_8)@ce=XMB@9`)$sOY%IuSIR;Cq#FkO2Lal$|E6 zI{1P~yby$Wnw&4?Er(O}Bq<4WAw7X*WE+2S)bbcI-En~c^2EE%tcSxgx-TkJ5SwHu z=q7!}09s_?ls0{?#egOB~(Ss#Xm=Kz|WR z*j+i0dIw=5ZNl1?U;Gw#NmjAqgZxH4>K8(=?nJOVce8DkPbhcfXukgKOQMR3*yJQEIe;;F8ULv*j1z!d0lu z_QU~Xg*ckTgWEBjHn0ryh|**`TO5f1MAJ5vK?UYedB6c2*^c3{@?_e5ITke4zixR+ zk3Jy%n@=4Q0YnlSET{WFnvS7KYt<8of6LfT@Zy}a{E63|7XG>Ri+azDJSIQhe^xTl ztJTOe5~ZeaE^W&aMA2n>+7_7RQS=NZ=J(--~AZv>YoGZvR0 z_aZBwodj#Ixh5a>)nQ`M@SP??<9Ap2xXKC?H9$kezs9qOk{ojyf-GUs(8~;yFuA^g z`by^CEIENFpYni9sZI>GF|6cv=wUK`y@gEuW8oElQ{8hn-9Y)q!L}@&xR6A6 zXJkEeHdCungQ24!f4o*s0pFyeUk!Pd67CABhCu z?<||_2^eqhX}Lm4#g|9VYgK>l1_k6GXL~oO4}z^OcFZbJALH9le~=OWeI~DevKw(d z!-6Kzzd&Gcou=U02p)~*ihq!=@o(yL2q|zZimrGh87LE-%^n}ukyEM+1G_vZR>ew%AJ#wUSI z0%g3ekVk>XJM9P>7Xn`^R57}k)41^~7Qq_QU+5Z$+2qy( z+4*7*8we!Y)P9lTU_13=OPFgmsw5bU;TE{N$CK|&dW)U27}oejH=6asnj=ydZa{||r-U90eKmR5?cL;_?CnfG|R6nsyRLM zsL~EIyHTmS)lp-fR&O}V#k1}}ERaEZVWt8ZCK*x=B>wN3VH;o#fC`tJYDxkwM=GOfKSKuqIkJ`qW^0DJL|8hohnAnsLQ_S zAhPH;764!8v;GDvEX%Vybr9FV+sWy&ci=CQm0Z(l@PPCeoRhYwt(j8l$5l%n_he@C zFdf*4R90}_QuOZd&7Gy|R>XT9sX)h0=*wdpb7_;_-%n>2Jcy=#QgwAWvMqb|;`W^2 z3mPeACLc@v2BJci+lgiYGf9=1Q=E&wZG$`bV*_#9T$KeE;KtEB_$>mj?lPuX@!5E>Q0b%Ylq5lqtF;*|tEqQfSRkZ8~ z>ffCCWPy)DF>i9Wa?ud*`R@l1e@9cyT$n-#>J*kM%zrU*``Vw7Cp=0hWhmN|!ri)z zmR4b=0sNzCkw5+&*Y+zH9y3_58?u1$A0-+BSTF5vx0fb4+L6(VLx3y*%4j(qz}vAu z0rE@$#R9#boEXaop;(HQ35NVPiT*YV6M%#yq<`VWAMtF2F#`jW1;`D&h44rKDNV#s zzx^qFTe1R;fq~Hsga7Hzoy4Ts@E;*oJ0TWXNn%u&K&xW+iQU2SK~yC`*Uv|{6svVB zz6Ha@{rjRGP2E?I3=MUq`P0nv!eg`KH3p(btIF$7bSDfA$#?oQ7rsJZ|Ka9~ok9q3 z;QSO4MKQZl==)n11HGwfTuAutKldXmV63eN1y>L#AqEKDveiH!=A|@`LqSA5WXh zdZpIRJPc-TuPJyW;nafG>!}0aTNqVO@dzwv)(!{*6dsM5B{%fwWc@_7d8#RZ`}(E_@}w?d@dLX|DN0rMZnyQU{Q2ifm%veTT1&&9tS zKnuxR;VP=IQBtN4Bb9O;POoZksT2s_JWP-52JTNJ?DQ(Q2vXE7KPR$KWpWtJ1>@K| zpHfRFkhg>U9igX5st=RS1lid#w6X*^{>!Bh*^>oZDU*bCFV#4FTqXSC$q*Y`4;4D{ z9}w*iA35rDUYJ@;Czx?B%Fn;Iga;W^yjel?ZEEC@ec|#7vzZ~~wPso>hEb*pbtRH{ zQY(sR*`vvgs83+o`rh?NHK%=KjpnFz0iW9<@eV3KqwZNj8dw}S+eyQAGpsxt9X7*; z#P2iBwjV@+teD!dvLQ(C=$hN6`b7t`Un-`E{razITr4V8vUF|urFb=4V@LuJaN`!& zNV&hsA03<#-A_|Nj%VEB^~clfgvC68TSd@}Y(~s0=0wGFz#!_uIQtkW2xdVHBnhg; zVH2*dBgAb>r)-g zRqHNw7Jao!`Ssuop2C{x=cQ+PEq5!Lwc>)MNkminq!Xny-3|qq>r-2H5tUqr{v~Jl zN39Q8HDBJ?FRfnlw+r0@g8;q`4Usi0XJ)3Dh;x(*qAlvouYsK;h5#JQh&NXhzOT^* zCk|qbHGA18jrO-?(Cw%)ch@es5w0IphJRpb>!d(sJry2m&!AL4cwXgtS;WT|;3yPy zE91U;a&;8RqgXJRRk3c$y}0iXpLf*w2^(0PpT-My@<~+<<>QCtgB$2|WiGkXfHSex zU-mysRka9G9l^=}^a(bx*4Dqd1!seJ+_v(hwvwvr?aNSNCKyM6UkTO&izKA{0QB9J zyD}gDQ~OQHThE)|UlY?Vwo-}L_X{!+ogeus3IxEQh+<-~JgL_xyEz?RIMbgpelVnH z<(2}K8hf!d*xg!PxrljKf+b)DQD_L*KHrvZW1(Zu*d9zx1cJfqY^TIiLImMcveR4x zNYtDq<05Kb!C|@D!l_j!?GELASl-WYr0;ctG(0G_+vhWTcUrze?2OcsoM`f!-SSDrH7cKPb8NTWLkM5xIKuCP6er15mM}R)KDU;FUZ1`yKG&@5nB^? z@*G#V3%?}SPaZcZa3efFpp^zW#}2mZ1=uEdKA^u`UGf36;_2xxvL6fnOaJ&!sO~e9 zLMHeTzL^OS;ukDuSC4)@ef30JmfY|%FBZZc&Rc~YDA5x9TwUUiKc3E9=xjLya#yx( zzrSB;ir6!gYwT8Z376O_D;ejIg`F0z1uD915Oa?gz?Er_4g;_g;2bVRAP^x~%mi$X zl%fFyB(#ijyW2GW+xE0Z>2%~yo4(Rox!t1#;yoK0h@Sz7TrMe*eRWK3qsJ03iRFH6 zk4Z_*m2m>RKmcBwn)ApZ55W&)K>g*!paun=0kG#$ab_P`W4kE4z6thE^5KRqWYX}G zH1gtY!2Q+47|j<2>DL>zG}-C^qd>M4fpxtm{2Q36;?PK$>m8<*^h*S59@t(Y6NcD26!SyYHe zP~LH&EuP}MTig*Q^}|)id8Xu^pd9fZpLdDC3(y5}KMFH;h~X`@!F3TF_~-wW-X^%g z@+CP|9d*CuJg6Y1Md;#InIgW(oP~%Es)IYKV~6~!WAB`L2D6FGm!jxyh&^Avb7k8j z6YjZTO_)>Y>II25W`JDO^}4)k`69#IbZ67-`!r*r=FiF?zth~Wh6k63uzRY{pdh#+E#>_~FQLdx<=wfKA|x<7XN>_vL#>Z%spNsOgoc2r=*? zFY^v?a>w95a^|p$XkWtu1f&(ySg4{jvek>}FQ2~B*hE|py!n+@Ic`#)60{Hmx6}&^ z&mmcHWOFkPD_N~^;_$EeAS^X>^~p7E4_tm+cIfl`uIv<@z76fx^>Nk}sv0W}6yBz(w_xYkH96#{8 zKZrfF^KoFH`$zPkPg6Q}BsO_@!1Az13{W3g6|}U&i)WY+l5JzD?p>$*y@>~BKkyNx zeaEz;T|s!&<{L+$J9Lf!6!ej6rUJb0O4XB47*Q=1SU6SO1n zK;Z~(|JU;)by-x%w-R;OTgM|`YK+hs+IOt~Yy|(MYJRFj77~E+i-7Z+n^P;gv&QU_ zB^wvJy$_KZ96#!)YM=*5Nx`bC7x5STUq}4>xu>TGR22g*b!ugNq-Ul~AwJ&~{P*Rl zzdsg-5E_!pKLDR@V?)>Ru~WFpV&VYAe|6d24;=(hq}PBEJupPnoWE{-xaIxVdup8(AN z@{EN6h*Sd1-6)rl&4omjB+9AVXWI@nY~X)MD;_AviB3WJlE7=b!f_!H=mLtis%-z7GmB6c)WIQ4_7)t9L=h34=#hD7jttu+5G`ij97VlKEWI>IdE({`AT- z$%ib!+Nea|04@sidPN`ePld4# zm7lY}0h{T5qFeD-+Z$FuL~uD>m(tWs;f4Q4y1e(8ZBf`bXTtAztq%~DBlWrXxHcR0 ziAjb*LH|@T^R6ge-E+Dcht%K!7FB9y=I|2#zmhwwkc zAISLsxq>r#D*=m5`vY%0+(fSZS7Zj)TB{B>0Q|=<)|Vyx!tG##OIX=5iPgZ?Dvjp((lzau+yWd*Cpw~%RR)0Rr%BLSsLB{7(p=ei&DFGX&t=@3vQI*b+|0(j9uG%E_E#%!XW5SvmkGt)G`~AZq4miG zgxl!EL1KkNoh>sMR}4bE?Zlka1a)H8Q2&u&*o9!-sU1U9lht8N#sa9$0F*55K83!h5o zykg%f-nP39yk+^?dH1eu4-#EEV4F*5Bx3XU6-H>i(^|r3zNaWQx{-X@-RRnd*7_zT zG4rlFg1hc&Pn!yp@i`OHw$LRPMFb)-hBStO4)}51B4F~kqW;pa0;TIYSN`^u(cjyz z;sGw}*KVQfcA~ZNp*JRCrUtom^BGIit%Z$kx{2tF`+(;o)5gS#w5K5qlEl|$)T6sf z8go59;@Z{U>gF#BEGkhE@sx(impX8~MkRt4lK+cr(NU!qrOJTVwv#uk*wQ6VnzX;P zKIfwTK)%!U$16xxX1!6+%|MY`*-CRJkf%j==|EAoT$!+`D$gh9maFjV;EL;YPnwNM z>R2tich71|yX#KDesZ`A-NAEI(9Kzo>-{-DASN(`H=EV#f;VniBO|@e8TX={J>}@c zCFUz2Cuel3YH;uNe=F}T8{%r3bzu^MBv=yMLvVNZ;2zvvgF6g1NPrMDxVyW<;0}WZ zcXxM(nRo8}+u{RU3Y^RL&02e{xGkocDy7v)~iC&-T0(|()1DT5K+7vrbz)hv|fgAoQ z=p+8^M)%#)v>xU)v4am+rbOD^pY%>R$}OG0`_c6yflaSqEgaibCF^9nXkd-71JjU? zbx4rg6WP&&$f`g{3ZchGt5lq?jdv+4E~YjnZ=}taPn6rPcf}KJWxgE3iDS_y-f{_o zHhWsIsC@$?sRwI0mlNM8=1%~j5`=SXC*Ava*jblQhMtBwCNz(w>_d- z@G#60nSQlKJK;V zn36-DEkXCkXlndWzq3;!715tb6+(F3DCZHDk83LFPU~lxYClf84k zG0!b0MvEApyUUceYlOvv!*lk7=9&X+M{6v0BVt1jW03}#YdE8Z{$I_lo%RZF9lavU z2iZp)Ub_>^ea_)Kl0ljJw1192TLP}zNIgN@U<3*&9ic{r z`Q=T@34^M?p&>L7yJn2HP7a>#biFIrT<*b_jKe`QC>QBIdHA=}T z3VF3ZZ1rnmoJ=ihs|@G~;vd32;1X^I3+8!)%Np|K+S3VYj+1Xr1-Oz*CV0oDbxXX9 zSY7|>My#pDG+WpmOtzr!UfG%U*P4}PEXGH;T*W7ldp?vXGw^?un~u^yQ0wIAtFpK| z-%gIzN<+Vu&G(R)SdbzL214UM(ci}*iVrqq%dN!foytuKE4(!og2dxLDs9%f9DfwU z+P!16n2DGbpE>K23Aj1V9&Oa~Cg>yb(pTFwi7(L$*-4;Zh}DbYYHyva5!F{LHH<4Y z|3F&KFP9|0Gss+24ejGfU#;W|-kz^B8B_7gs>_N~tWemqzxvBG(sEj5@oBOedsWwR z(LIsNFeg`{M5~=eci+y)siW7?zFmEGlZS)MQOT=>DeR_SJ1gl#m-nz~rA2?^(#utRT~2PWXYRN5 z*vg$wbyNxRnyFIG{ESfBS*6rrDD{{~e2{qSTM@ZCV}bo^c)@`rnvk~a;U;X~6L^Mx zmGq-8WmR{&*p;o!GSYPBr9J;t;mcJF5bAbA!2%hnO0Fy8+BcX_r3;1BTF64tk}3>h z!bl-QwXZ)!L`$2{XVgIsmb+&@H`Q*221jh}tdL!5d_D`}uzu^mB{oP)YK%R5{g{t_ zSBNV2R539Pb^zq}D52~J>*OgNf`M1m4cqDNktI4l+{Z~w#zzle24=vA3OdX5c*~bL zIaSB*`#?uuA(8A~LaF<<&k3@|{qTtUnjGY-Z zofDR4sV4O{+K(Hv>FF>#_PBBS?C2O&Y^QHMpk8RvZc)$B{3~mZ!CW;!m8U_&HQVTk zG}Mk?&Ji5cMUMDfD@znY|&o!m&6ZHpg6?_H` z9(lZHe21|`nRbJq=2j`Y(gF3nZd$v8sZzv(Toi<(zIfiYy9dqkQg@~xq?}Z?}soC~D1Z6dBUZNq^`r#!mT{owbDd2~K3owQqrzVa8Qvd)&j$bnuRi zlMrs@e( z$8s)1caGxkUet3l$Q0JJ*`1v`1^Cliw=~}GdE}9DNWb?>^b_5do7TlT??jgk+EZq3 zjOwLRhSehF%=VhD7xdbMa1CdJHKkJ^pxK_<>01CE9c;jcmfpX# zIFmXR8T3ln(W`P+as+_B_aKDoK0G}(;dPQHR(h;WRIIWs4JaHe)O>o}Q#4yTK{x?_ zh9C-Mot7`ErH+s`r=X<4s*dEVw>Atu#Vo9`9b+=#<0#T`v@EinGL-WXC{b|OxD;Y6 z&bV!^)EYf68~OYEhyP%)m`z>DR{WW68J{13UG`bdN%H#l;d&9H&+F*%OJWrQJP9c3 zEV5LYvyzIs!CvfDa2ik04t<&4eJ>vKgDO`gn>ywm5+4EwUucKr3{2`@I4BN$^;r+N zyn@@RR{PSI0tpbN?$ZXh8xNnkJ$(mAhTYr#ki9OM`FF%FbLf($w+90DbZP9K*@-T1^V{k`TS?) zCR{PZbcJbxgc2_k-z7I|#S)MyUMDAlGbT~t=;jy@*t<1^dB}c%&g7uY-ac+En#8rM zC2UT>UQ|`M(9QQ{yQw4K)_mO55lX^Q@#i+(3%kr6C%dGx!%l=8h)U~i{FIjQ#k zw@Rze3R7EE0K1dQjaf3C%=t7)%DRrsJ>VK%r)4=N+~ltK3Pf z-CC}7eSJt=e=3sZfSblmawtz&@&cLWa94?9uM!Tm4sFq_lC@+yCvYt@HM6r;e-|4& zWI(>(9n1Psdj`i^;f2^P{H2!2(r_UH&z;q7YU||KKh;uCHmw{RXlAD~L;n`3v4(bD zOn1OZC%T!%?g!0W8=-zreWxn7gOTq*52fjYIWY&%tAMoyKhGyM{tEnr#fe&pvf4_X z@(;x0XaGZEfGVvr z6X?H1?PNZ0El#A>eI6IME=IKf?(})X!E0HA%Uql3@ZqZIJvv$70B+WZ%;a;5@RlkS zapP^g?A9=^5A^W4?cxR4{G5pd+AQfxX3^y)vHeY?2C|OKrVI{adKX_VKGsFKGRip_ zT+3{PFE>Zx|4@V4QX@S7PS7B^hIC;#k~ivQi((GjO$ z+$gH)rv4*k7}78$1N@Vhd$_c|gLBJE6808vTDDzRRJn;2Hk7objM3K}=@!GCNC-;=$3Q%q1<;G}Bt#o=^ z6u8yR1U&fJ15V)mmSX_s-mpYH5#FVrGr}p+D2nf`xe^&k`7Df??kEpQEx>qw%W$?2 zDbIn5235~SpGt^~F6(KDjt^J{?{v7N=9orS8?UXAmha!zm}4w2Th7;e9Iiv(X97G> zUmk?cOy`MYMa{4A1ypMp9X&n-%hDQ zYe3!%0sC-N5kQWds(b%2+ecz)Q5IyJwg~3(oRXy)K0g}wn@JMmy7gVoFv$TKTixH? z?xDo8h2IM&kKM&Gg6@UIU@zxyt}`U9PpFnTT{579>pz4aXNI>BKwwnbEolvTCCkt(uG|{E5qj+Tn`?ZQlpgwksKF#+ay33BkXK zmh=FBlH4`c#-&_JpRZJs)C--pjb5*+Pe6Em0*ou6VW}{W8 zf5y_Lo4?p*a9wVIf7ss2Vr|2rP%DmV%omiu{I0?w8mgrb0}KzoJt5z$rUr*PmoJ;+ zHx-|a^#7zRI9Q=$`O~%UpkSt(jQLdV?hrn~g*8$6KI^i#g#l$sod&l#)X~u1tBLbW zJXC9e*NLZB1M#*^cCk-0OVQX8a^)((_|jhr1tBW%&=R;SK?FvR*Sj4IUt)bv>M>1d z0UTZs*h;`zsL=bi+W0N0BJ$JRY3gWbXGl1vo4op=XlGP`@wHZ_j|op*Q|KWexjyqe z3;Ii@d!%>Bo1eaEKacmn?5^SIvmNJ{djE+Iy#!zBs(5uDE@#o?*AU!g*pV9_NQ^GI zjo0=owcFUO5lUbpojdbvoB47mEiUi^^G+Z!zmRkFpHno7pGjHpsQiy}0=C6|R}~yM zTh?3tUf!Sy$-g$TWr~hPl(0a1Bw3qYo5u|&?QYlfeoMyZW>a&NQ7bWd)mwU$5A8Me z(1(*+X!#m`swjavN|k?(Y*`NZIz4xmE|$ZE4@G0#_$FV%b~$Z0N_`st5zMki-0<_) zQ}=Sx%|v__8>d{2`LHbxQ^vTGu!8B?Fy&}EUyzfq-&pASxUq}%kCwH$=xJGVgXhJI zG4_?`CC|Nq^WCnfF^2Rj@^c@~@P}ed(8X1w8Z9zbiLBm~Eftf&SiNBp3sCnhl6(2y z{dwm`B!(2baIL+?>L4GLFMsry_Hl3932X%u|BvHgS?=#q;B;>z7;eZg|$^3BBzXlq3S7@HjchmOAj`qSrFOq#;!7||m7IWbzwF30Owr>_soe18VapeGa^HgX@E zTA%r29XQNydWWfNkI{N3ZYivRz|DR;k6o?v7Rw&KaP37u$2P4$hP+=Mo)kL13#X{rNm?w|tNW>5 zqHLRWM<{1PpiECybxvP3$S90$jcxk)Q+qT+DDx7fF)q0_PGY-bC-R=!Dceu*gYC-O z#SS^X#w*oY19Cds%(0t(xfB*JRAEKku3Cia=$iN2(^jqzdU)W=)|4i9 zjm&W=4CQ;6zNFX5`}|y}WPH~~`@&|5)_O-->pl?O_I&2SP&((oM95u3Dc{O09`JjH zxiQg+9hVI-DsExFBGs{)mLhltBkyx0lDq3iY*6ievB&tJNiD;N^PgQmIpMdB^Tq9t z{%q-P+TO##fKV7P0PYGuQoR!q!0d#kV@NW8S(nkgdNAh%!z{0EAa$69H%%B|Y0mO||Nqn0u+Z)9iB zMk}IMB+g40y;YO!|3VrsJ=Qm+x;@n%IE%IN4>+7mB?av@C!e=T-j%MkF>=eNd| zGn@UH<>|4|^ioR^@HukA{BLKf<+6pMa}#Vsf(&!nnfJf>WhYW5mU$`hw;n+Jp*9KJ zIVO94suG6c(3x5}`#ZMw2O@chFZf*OQcI%yU1%po&kSM*!7yu6c}|?o0)mEFgUy@G;RN)OWmz zy-}n<_HcXKoT#klL|Y(nvsaSUUG)bOkt1vik^vuoI*f)pTV#8LI1urW?x0!VTueqt zUUs*U6I!)bzQlT>FO<32D`fdlCAWw@9W!$7>%Xi^x}M;DIp^znl_CLZlFl@2(#UQ4o(M%;Xj&^1&7A6m4a zEF6uqWo>{U=~&I#h@3tSzSQ}fCMQ6i7P@W9MDeGr>)m|Dcv}xnSV~%4k|@^+;0kYgi9s!T*>fHX})iiHSHc4{>t4Cw9XYIyZCre=x~>Q#)|!Ek`LaZX1v0 zm9w$vzfh*|&+eRmOMFBO{m;$VZ+Jxif|4JM9cli9Khpm1EGXVl54$#kfqf_aWyRQ< zWS*?gchqq(#CK;0O9h?CKd(jeKLR==r63jGn^00yqnHf-pi(TN=J*~iv0O(fZ^`K& z7hm$b(8U5#oeq)pfxH&#e?i?HcyzeOsVQjOsuMPmMO*Su-)9-=6{)Z-iLi)^N~?e0 ztR*cY*cGMkO+%y)%jx?d@?Ft`B1$_osa`k*)(Y7q279Z2M~PVM&!9HiipmyvmI@SjH%hf2;IS0K~RM3O}qUH?{kIN|Z{Jqbxf=6~nV4K**p;|lBh z{|2pJ8}R>^PAZ7DhElFu=Y7e-xo;&NY1`GpgRPYj5F1I+#P32D28nj&WRN@LfWsmW z?p}H})cKeg%!W$bO1zF#8ITQN&}|eyaCPIt=;J+akS0=v++x=Tk}&d53vM6q26l-k zLOeBXE1uw%<#_WsruAA3iR9h0f2xPyI6f(psih;pKmRlW3You{0Q?}pytlww>Dveh zxUCRgj5mi*8KJ-P&id^UZEBs^uqp2gogTdkDR^p?UK>gd_4+=7$sjWb>XR^J&sXwD z<+2x_O?9gisN4?U=!tbrm(ja{9db40F9a&Djs-SHdT}1BG@Sq1Q0JAlc)alDDRaZL zo++1`#Z3EqwN->y$I7c)!u(`WA?)HwWRV3X1a3bHt^Qc47R`PMQ?LSz3;Hx$89Gk- zKU@l|7xAMVAvPM8IeFMWSh0q6?=B4HMxSk#-;EU~Ky<7*&&JiofTm)1O`obaXqS*W z?{1`?$qZKhKoSRwf-q?BDb;A4A?iIVYC85avs)<)m@kEf1 zvOo!NYs&qkVEWn-N9B_d{^pWNtZUmZ=$52TmM?de{EB=D-zjgq+9DBNN30Zrz$08vL_YhmEQ@dSiu6W!5P*X5x zN+U=`v!ZD&W^>>k~w{zyB=Lh*|>EHUBTD5&U^6d)r|`>dafhn0kt*9 z`206~Ee67YF{*9m^x8=A6{JrFe6!K-nHUdwZktfho1#d^W-;&IJQh!u2s+f$66lG8 z5{JB@+!^Qhg`$wR^}>0?dC=7~w<^7XVQBi;fiA({cH6t}?#B;VJhuf24DxTTaI@{} z_}bhwG5mlG7kB`DVlRy-D!%19bjGhhp)bK%MU_LW0*jB!pF0!+dl1NjG-ZH->+51c zl4FOEE^gaWog}*MW6DF%*cWmPL7vpp-HF|HC)J0`ZCt?a?#FG_+Q57Th*{uWU;2?z#eh13@iU3D5Z)XJ38P+; ztn(h777%8vV}JwG=6_Zw(+yf52^a9uc+BpJjnV{GZ8+YVjYEwvTLVmP75Aar6|j}=eAxMD{4^mj zS19cmaN+JZ(mtU;eb;mSgSd?eX?l%l;G6Z-eSpi5j>14DcT7jam(4*X{1jD;Fjsz9 zq=v`5VTN*py0K`s1>iU&vwi?$`GiZial|9sd>55 zbyvo#QXY%k<4NAA?(bvBv5dVS=(`0koXMe^G5yzt;d(G(ZH0`Y%o`J02T7XOf>+_vOa(zBa3?z8x{2s)2;-sYmo<)vs0k(Wo5l$H!!l42&?vo) zPHEyjai_yM5mOr(i@`efHhXI=wS#Uiw4F6JvB@`CXnZYn2IN37!7zSzauLgQ?bo>P zCo;w_<@oq(*A^KRlR4V+KCapQVt)oi>nqSnC{%d3Vfg4NX5TV*zFC*kdnEudHQ9m? zc|V&cKlKavDZZuYGoN?gJ-PyQAbMC)YZPcYZHNdM$|Dp12vWHA^!`DB#V~Q$@C`lr zX5MA(`yPZPzGF=BVk_6=Qs!jQ4Xe8a^|OY<8Nxf z)?C^4$0K-bOgjStL$`jhi!6H*l}B^2E!2p^vsMeSOwpF-wQ;N(+5?T&948{@WX1!S z;aT8gZVUYBa(nirOm>cEyh#u(CIxpEA#X&xaa)7eOX#m84PyuPc>C zUE1kEwGlkrN(*uV*H%i`^2VEq_6gjN!e_AR(tU|QH6U;NC#e!KXcf?WA-j%;b-qdL z)MRHBgZ(!aYUT7jJEOw{*B7Ff; zO#VSyXtzVEYcvD;RqtTO9s2CkoXG&~#RH^srOBPn?InTS0UFT?78-N&)m{X?Yx=|7 zHlJl^wPL3FbAR#0^bBy?G+$4WdfI3v){?2D+=7)>goJsMwuLncp9C`QuMN7Q%Lv z*`JbNw7lQs@<_OeIE_*KcUv(8wIlP6@{RSR_XRmB{tL2LrG2b{$vbX$U^4SOcHU~j zJ&W0e;Ej#O&t2h_30`hr?+X+A=`vE|p$(K``0ur7O$82?BGDg^?y>1o7Mbt!0r#Pg z&H$_;JphK-KRU2oF?T03G6(l}5QFEQb0q;^m@ntV_FQ)~%TD5%nqv9@{k-15^dh46 z=&9e<<7OjM{pqvez+z;qbQ1|#cX^w8_KYCe_&ZAZ6B9pmP zsb*IAN^64sAkGc0$#F}{aTOt&oi>N=b?r5V5dF?a*5WSan&&#;d_k*_z6ss$C(@I9 zw#v)Fg=xbZ@O4)1{;grm-$v#jr1d@oP868iD^1UBwv5b9nzm}IvpL)w7*ZK6B)-3q z&nV@R()qSnKU%W8%wO`>`VFC04Tq;f;SQ<6=4!*I`j`1lFG7-USLgC67&G>L;KOj7 zQGI#3gyQutqiJEKO0TkA!@ERV1#ha4?(uEOQ$widkqr>k_WQ{FCS#+JfZ@rMem$Ou zqe_S$uB&wUoJ1GGS<)Wvk5Q6SlA{TV+|4Hc8jO0CQln%YkD{4hi*8XN`ZULzZNxLF z!$(fSr{Q0E&yfI1UN}4mOGGxGoYFtNKhYQO%n8>{e)~yc_~NfWiuU7_1cUFTNuhyZ z!T>_8fS}f}^%;=&6+}sQ)sxq*EqL=)qhl&9Ya+4$FQyGf)&tCRYurS(PM=B6%Ib_S zn7A>UQ*GD2@`TsfK|;6PZaA+?9Ag4>zpEsG@!#l0L-EFT=QHK^t^Ca_qB2Fo`8!b8 zG1<)NucwxOCMcFm5B1jzA8c6G8dE}(DscC$Lnc;`u=aZHuPHD${Zci zj${bD14i@jaIgEFMA542TPbc*h`0bOXaUHcQbQ^{#MtibJjtkZHAXK;o7NJ`ZTPxt zRI_qM4av}LHr}E7kj3{?CQfKOMb`^)?VSDmdgR)&FiB@jP7}?{b(9h{E4`+I5OA}7 z{&;dEdqTqgOG*++_Uz>fUh*`=Jvu*HdG4P^a|D7r(Q|#D=A2cj(tG{v!JQXIozYqb z&4LqAgoE=+>&cMJb<2}x+yi9`?mVQGaU|Y?ITDG5{Y0>Nz|Pil^NL53Hr;AVNFkKb9{m;kLxjvLgP=LJ_AII2CkuHedb6^% z)yZ!5+u>>(ISo)n_slBs@x}<;$-I@P4;KtN3yDfMq{A3dYUIw?^03P3UVTVEZBY$y& zlKiv$8MVavXi!bDt99i-QC$BSns2%Ux6L1_+)E(|Yoi zn@M)u@uro48LQSM^7J_UYs;RikPf{~?ws0lbvO#%#8gvnyGO5_S&~(?b7ssO*bBTm z-(8N^rrdEkF#9Vup>OQiHYrO^9vq>RD1B9>9v^E76l|?s_xkMC^PX&ZLLsGX;SsDG zu|h050#R}@xCk*(GQCh3`z4*x^NYE66$f(ycm94e0Xz7RV~0KSJkbrl^1zh!nJ37hbT6^uU|Tu2ib_s)-wPdom4j zagEYVa82h$d_R#@0heU(J&xcp;FP}krU1bfjp^;EVGH?3rZesS;Mb`^M0udvE6c0j zR(|}AuC(lAkv_vGk)F2Mm-vpzo%MOPJ-Cm$VRAM|i3&QI2Hl#G+rOO;5nO&iQdjfe z#xp2I$NZ%aWG5(u$}H8T1#43w$S5uh6_Zjq9n0nMYBWPDX6!QoUVOsT zBo;4&=~z|6U2od8I4-a%OFtn?s@~i07bJCVr(Sx$HUA)`%%-o6%{`=5IJkV$F=7nI;DyZRj2aD>s};|Mu|q{n$(+V0I!K<7Un@H! zn8ud>X4^mUgv;S#HtX^xJumVGAKH-Rx@orT;xY9+f!P=2>GIC4vGCYgj`Ln!M&aiw zv=Bw)qYYf?5ZNKCLDSEj{XaQ#0_^OEiNZ=$_hMxkmpov)fUZyibITvZ9@zS9XDYtV z-t3E7?_-2l6_Ot{oh(4jxy+NOO*$VT|4yS$;DBWKDU#hGXZ)k8fMe2Fsd>OQ<*ou- zUFgdANE!X~`Re|`C(Je>kGm5g*YED%9vyobDXx2U4QqLG@skYkoqIez!G!qNe*yKK z9s++dNKMri!m&d^EUL9cn|oaU<%MZ#P3NA|C|H*=e1~xNrbzGp>qP#2TZctgTpPa$ zQJpX-@W^(nE@0x59=$Z55Nx#)`&GIWJHgB-#cFi_a+nSUhr}QrO^qGGH{dYHE=%t6 zvY+H};LkeAhs$zIU{KiY4kEyn_;A{>mxyHSHB4K6UhC_L;15EP_%q*0hGeJ;@d-VA zZHm4GT3T%Euf3v&cCp0@IOs^baEm1C^`~_))NIyCY($- zW_hSY(PpWBQ!(XW2zd;uX=}oz(T|rsTrX6o=O%V9&nEvg-GO6?gDOwOZel@qqThon zH~j@jJO1O(@ux^inW-8q{WQ5ulJ1@Jvpn;f)rbzLb>;*Yx{)W?#b7smZ|u--b-L~P z_`{ug@n8w=+VGg293t*m9-8e6dY?M=D`KR;@BPqa#RAd6GSK60RZ45eN6u9D?WNG^ zL2Ut=q-X8UKarpV-+GsQl5C1o2U${8mKAc-^zH>0&)ZhbLl5V7BONc?Nv;CHRIBHk zapi(1&Z>LJ@4OfiC~f!Ne6QnEue%+UZ`!mmAgm*#OYdJzQbU=>S?fO&&%Q&*Ie*^R zR%}5!DdQ zQ4SL3k%VCXn3O~p9A9VP+2Ln2U8<{*O+=-5SG@<_ccE|v%k?IX?KEE^&GUdGC-0Lg zzsWzfw+D|nt)pcC7*F!vBb_rasYKflNW7Kt;Rd)RF2|elG%1wad<&+@RF*0vL4Hq< zvAOkICY)|FQc#68kJkC>7hCT&VM)$m&-rK^fa07 zu^$&Dyr5&*tA&UEeuoQ7y@JXq&ob|~fqp*QTL3) z!_KaVQi8o3%<}10sLMVO_JrY=0VEB}rTlumUL%Z7O!?tAGI6X7WWWwKOAc-G& z6_@z@-geAMpw542NZJTD*t#&97Vpf-(MS3hUydNW5W(P!)42;2#A$S>x#BCyY%t75 zE^R-&qpl|2mlG6vbGa&;fO1r)29aI!D;4aY0}ds$8<@LGoASJRQVmXVJou9Oq$~Ee zh0v;GGVC<$15LS0M!gGlzfa8H7z~;s{>=CxpbAi=d0(zG9=oC5b@C|ZUpixh*M=A? z(02LpRJ34yCxK+kez2QaFO@`-wG zf(_jkw)mtgBuVY7><(b0y!7kWqrkFK@RZd`uu$@2K3}!Mrt{PCyU_3PDE3yQ$p=5p z{2*VvMKr3udF8o0<4Eq)&HUboK*tV4*xIkK*cwHX7l8Z3S?1i|{p@4PQy}a0(By3Q zR6YvQta4WV3fJghWHuy!TjIk_-JWJ_iyHYg;8r&!jIDgHmGpz}37NxmnVYlVhq&RHu(%*iVwIWq z3Wv`($bMesoWZKNSBDpW#lLWy*Nz;z1jP}~zfHVYX5J+9;|JnTeEV9g&+HAA_n+Et zA42jii)Gp8Wg6p?<1izcz*bFhEZ(LiR%M+zUr3p5{pmfE#~_m86#(TPDWR6aOwGXh z)9V4??2K53GuN499pwq?eB}$C`Nfq!OCCyUq!n<92W0d`=mmO(kchfjYp{+Hs#1n} zQ2}nW3O|X~-PvIYz_ohbEgC*}=_VR@$Sgl@#yK<}-;YYb%~XtQ_Xp_f z0&Hh2J`YJ<$JtmMm#!Y&9B~Z6l*8s((co2YV#Ej)xI9xR3Mvm);gObqUP>oMi|Hz3 ze(l-U&TPGSR$dWer~LSovGnD2?f^ARJ}rxtRfcU^D08T6b7@9fBGJ+adV?Q}$?fz! z9hZzP!0!A@V&!(IN`Tu`(8i;nvoYS+R*x&mW=%U|t(jgi?nc;ISs}IH{^{q;SXuK! z#{}plE_igIC8$ByquTu#XFw@+*e2so!_Ij7?ftb@ijS^|HFD=rWdP!jI@hsh7xyoEs zSGu^&j&SC{<-AK_){B1He4OKfPOo4PS{w}lnrBv#663%bD?IOMOZlcTpe0K?6uI#F zCZjv&D}^HP_kIV44h^x}F7I*9KmKmVXnHHS@6g{}&?=Nn0tzuKL8e1VR#^Ei(z;jl z?M}SWW4W)zK#ArsC93P|2XU*FL`7apV2)(xKpOoAM@c9|6n032auYZ1Y$U7`N*6D+ z47c)EdYOPH>d&>W?%WsMWqFJG#~(rcA4jGdvyL0(w6-b(iYnx;5Nwjw0h6Vc}_Ggu< zQNF#06r#MF7+tdDfS1u3VafeSvv^?!sgiqYc%n;qAHkn7aBk?Qu*x5*3QbhvdA|Re z?o}+>%#Kwxf`Xe71JOyE;tvfoV9 zlcLvse)1cRJh~qw%Vq5zj#EnGxd@*w>v!FXt?g|a_u@Z&Hym$y2)+R;^ptszr>I3s zo9);Yxy;5iJwA*THFtPpoUN&`T1E7(oEIIwGP|gby)XceofXe~@G(${#|L}YEQT_Y zCNJk4;DdAdt~P=)Xuz@tplZRQ^$RSAeA1*S>a2lPa_+cESAFQ+E{D}ZqyYx3U7=|E zk!0M{4eO4L*fvV*1_9eiX>6gNAujMHqQyutfElc6->@OK4+(0PWD|Eo<=d5fr?FkO z`xt9UyG{HlB`E&HofqQCc8DZZ?3{T#Kz13cUiFfBe}SN?*?N?jpjOQN9p{IvWE^7r zIa~6LbPme9HYnR>StxIvH9?u5Uz`+@(9m@jGi9x|@EYWy zF=#tV{lJs#lD%%Ls_Iv$ zPc6*_AMo|)0#jC8eS6qrE#Ht+3-To4I)aSB9;Lco7{8q2mreqVu2~*&y2~SfI0tkS z!qB{$^!q1|w)rMj1WjNs5E0f8;gjqs?dZ$xCXY#)6(zIrZ;9|Q5bt9f74Bzk*2{en zU!px$F9VDD&EgP`%U+LYCyNCA2;i#>q5y+-<3IlxC!zIRHPU z6;3_o1T*A+)LeBU3umA13s^{LL!)s{0h!)&R8{#mmPpPGS6}U6VUS% z2MhM0qGS8&>6A%yyHRbmX>~_Mh46m}DHhX`#V30vyTh+{ijhKDCGr*P9IO! z@;v~?)RFjadjDi>vxD$I{2`2tkt(bbw4e230ugcp!~Y#zzPGRr!@A*makm4jgCyZ^ zj43gZ#Xwim2eW7Cu%ni;9qa}C^9ppg0D|+|e!EF$oC@|jt rd|CQ`nN{PTvH9P}CG!8@YY6GLH^#bxGrFX3uuDclQM~e-QQ-dvJUn0^ literal 0 HcmV?d00001 diff --git a/docs/system-admin-guide/authentication/two-factor-authentication/README.md b/docs/system-admin-guide/authentication/two-factor-authentication/README.md index f1bfcdbe855..c14d8a822e1 100644 --- a/docs/system-admin-guide/authentication/two-factor-authentication/README.md +++ b/docs/system-admin-guide/authentication/two-factor-authentication/README.md @@ -1,7 +1,7 @@ --- sidebar_navigation: title: Two-factor authentication - priority: 700 + priority: 400 description: configure two-factor authentication for OpenProject. keywords: two-factor authentication ---