From c3a3d9378ee8a101dbdff6f823cfe50582401359 Mon Sep 17 00:00:00 2001
From: Jorrit Folmer <jorrit@nanowolk.nl>
Date: Sun, 24 Jan 2016 21:23:33 +0100
Subject: [PATCH] Added SAML authentication support through ADFS

---
 README.md                                   |  81 +++++++++++++++++++-
 adfs_claim_descriptions.png                 | Bin 0 -> 22120 bytes
 adfs_claim_rule_group_membership_admins.png | Bin 0 -> 9042 bytes
 adfs_claim_rule_group_membership_users.png  | Bin 0 -> 8988 bytes
 adfs_claim_rules.png                        | Bin 0 -> 9075 bytes
 adfs_claim_rules_get_attrs.png              | Bin 0 -> 10969 bytes
 adfs_rp_endpoints.png                       | Bin 0 -> 8999 bytes
 manifests/authentication.pp                 |  59 ++++++++++++++
 manifests/init.pp                           |   4 +
 manifests/inputs.pp                         |   4 +-
 manifests/params.pp                         |   3 +
 11 files changed, 148 insertions(+), 3 deletions(-)
 create mode 100644 adfs_claim_descriptions.png
 create mode 100644 adfs_claim_rule_group_membership_admins.png
 create mode 100644 adfs_claim_rule_group_membership_users.png
 create mode 100644 adfs_claim_rules.png
 create mode 100644 adfs_claim_rules_get_attrs.png
 create mode 100644 adfs_rp_endpoints.png
 create mode 100644 manifests/authentication.pp

diff --git a/README.md b/README.md
index b4c51d4..2ab0710 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# Deploy Splunk into any imaginable topology.
+# Puppet module to Deploy Splunk into any imaginable topology.
 
 This Puppet module can be used to create and arrange Splunk instances into simple, distributed or clustered topologies. It does so with the following principles in mind:
 
@@ -250,6 +250,65 @@ node 'splunk-cidx1.internal.corp.tld',
 }
 ```
 
+### Example 5
+
+Enabling Single Sign-On through Active Directory Federation Services (ADFS) as an Identity provider, on a search head:
+
+```
+node 'splunk-sh.internal.corp.tld' {
+  class { 'splunk':
+    ...
+    authtype     => 'SAML',
+    idptype      => 'ADFS',
+    idpurl       => 'https://sso.internal.corp.tld/adfs/ls',
+    ...
+  }
+}
+```
+
+And then on the ADFS side:
+
+1. Add a new Relying Party Trust, by importing the XML from `https://splunk-sh.internal.corp.tld/saml/spmetadata`. Since this metadata is kept behind a Splunk login, you'll have to:
+
+    - first browse to https://splunk-sh.internal.corp.tld/account/login?loginType=Splunk
+    - then browse to https://splunk-sh.internal.corp.tld/saml/spmetadata, and copy/paste the SAML metadata XML to the Windows server. 
+    - import the SAML metadata XML from the relying party (Splunk) from a file
+
+1. Add 3 new claim descriptions for:
+
+    - role
+    - realName
+    - mail
+
+   ![ADFS claim descriptions for Splunk](adfs_claim_descriptions.png)
+
+1. Add new claim rules, using the new claim descriptions created above:
+   
+   ![ADFS get attributes claim rule for Splunk](adfs_claim_rules_get_attrs.png)
+
+   ![ADFS map admins claim rule for Splunk](adfs_claim_rule_group_membership_admins.png)
+
+   ![ADFS map users claim rule for Splunk](adfs_claim_rule_group_membership_users.png)
+
+   The rules overview should look something like this:
+
+   ![ADFS show all claim rules for Splunk](adfs_claim_rules.png)
+
+1. import the Splunk Root CA (/opt/splunk/etc/auth/cacert.pem) in the Trusted Root Certificates store of the Windows server,
+1. `Set-ADFSRelyingPartyTrust -TargetIdentifier host10.testlab.local -EncryptionCertificateRevocationCheck none`
+1. `Set-ADFSRelyingPartyTrust -TargetIdentifier host10.testlab.local -SigningCertificateRevocationCheck none`
+1. `Set-ADFSRelyingPartyTrust -TargetIdentifier host10.testlab.local -EncryptClaims $False`
+1. `Set-ADFSRelyingPartyTrust -TargetIdentifier host10.testlab.local -SignedSamlRequestsRequired $False`, otherwise you'll find messages like these in the Windows Eventlog: `System.NotSupportedException: ID6027: Enveloped Signature Transform cannot be the last transform in the chain.`
+
+For some reason the ADFS side doesn't like the AuthnRequests that Splunk sends, so `signAuthnRequest = false` is set in Splunk if you use `idptype => 'ADFS'`.
+And on the ADFS server:
+
+Logout doesn't work by the way, throws this error:
+
+```
+Malformed SAML document(Assertion) received from IDP Please provide a diag for analysis. 
+```
+
 ## Parameters
 
 ### Main splunk class
@@ -354,6 +413,21 @@ node 'splunk-cidx1.internal.corp.tld',
   Optional. Specify the SPlunk version to use.
   For example to install the 6.2.2 version: `verion => '6.2.2-255606'`.
 
+#### `authtype`
+
+  Optional. Specify the authentication to use.
+  Currently supports 'Splunk' (default) and 'SAML'.
+
+#### `idptype`
+
+  Optional. Specifies the SAML identity provider type to use.
+  Currently only supports 'ADFS'.
+
+#### `idpurl`
+
+  Optional. Specifies the base url for the identity provider.
+  For ADFS IdP's this will be something like https://sso.corp.tld/adfs/ls
+
 ## Compatibility
 
 Requires Splunk and Splunkforwarders >= 6.2.0.
@@ -363,6 +437,10 @@ If you have version >= 6.2.0 servers but with stock settings from a previous Spl
 
 ## Changelog
 
+### 1.0.6
+
+- Add SAML authentication support through ADFS as IdP
+
 ### 1.0.5
 
 - Specify IP to bind to
@@ -416,4 +494,5 @@ Initial release:
 
 - Search head load-balancing
 - Search head pooling
+- Managing apps or inputs on Splunkforwarders, see principle 1.
 
diff --git a/adfs_claim_descriptions.png b/adfs_claim_descriptions.png
new file mode 100644
index 0000000000000000000000000000000000000000..646f740c15c0e1a000c8f69243782c3acc4094ce
GIT binary patch
literal 22120
zcmb5V1z4NivNlYC0u>}ci)+x*;_fYJfMUg=xI?kxZiPaC;O-?@Deev}1b2#SaSQJL
zg}(dU=Y0Qn_CEX1mFvo*^URuOt-0r(nFPO=m&ATd`WOWT1zTDQq=bTkW`Kh7;3F0)
z@(4L^`)3psH8yF`YZccAh%`(qvI!Dj+?2_ZtJ0q~&QAsm^<O?9!B=}r9jf!RT*8=1
zNb$=elU5g@aPVaOYs|0WIn<sMhd=Os*nE$fQ#o^rNt^KUI>l}58HB$+<`8~&E$UfD
z)qON4)VkazM7iv_FCoMm0zrOU>jAd6hql!*_d7z)2;xI8@8gkB^&=`uj1$?yI{Nwh
z6A*6Nu=^h=;K=>Y|FG-2XV_HRz-k0QexksRw41iT<T<b~7X)lI!Fg+6e_Jk8kvdos
z+i}LnKxJ!UrqJP&b$_h|oIlAt408f<3wt~svWUBjJ+VGhb=<w`xvMfGmORiho9tQp
zkyio)0%Ze$>3dgIrt4N1UPV(r0;+RGv(AFr6i;q0^xLuHRW%%JHS!0mY`b=vT{L{m
zsA;_qM$Uu=uBe($5$h#Q>!|Bi^Y(*8{RQy^0%pKH@64H_I`yT&=SUqA3xfS^;N!jD
z&mE_WR*1acKUOPWbm!2Pdsq(;)9DwU>7ueWp|t%zBmZ59^n=K6mz7coq(t;G{!DNG
z`TA!Wy(+Q;#CMO?x$w1Rf;lq9$0PECVIGOKlAMmQNWCrKb!KLxpsBQCvkdEM^^UfM
z__mC=&mRP9G}80Aw_C7<#S(?a#{H9QtH-ST7ovhgAkOo0E7|J^FmyoFl2Oe)c~@2(
zB)d`JuWeb~FCx6ByH=-Mv}TyAV^^h<fa}CydUo}Z_dqKh0O;TP$|@jTAE5x^hMl)|
znlN*e1NzffVMpIWq=5E=A&KrDsyeF9mS?6DyJ^~KgR&kuC;GcWJ7q*#?$o_OIXrq1
zW5p|E0Dxk$f@m<4Wk9r}VwkxaW)|5n;wQ%-aOoQ_?SfZ~dsaenvYlGztXPDZKiO<b
zBf{I~+C+~JrWTKz1BhuEheFJ2(w==emGGG3*h+t<Y0fRT33X?tJ#+&#O9-8uMmtE#
zn;G^DhRb=RQ*F?W`X!cdn_PU_jm>bY&UdDtM$WQR*w-8OTR~XUhi<Qa2=`JKFYFtu
z#;4su!MMIj3e`beM+#F}V0ztnVdux>t7HI&MGmTU{VNvdI^H=Wp#764v|&=fkfc1u
zG1XPX?l1KuF0<IxwzUk2L0p?}7v&_hhUI#p=B)#cnRH+0Ag9($O?<R9rPL!3ZrFyd
z>VSH(DTQJ@Zs;KI=)m{nLt`=!e1(mBM&VueR2UOmH&@EdF4^|4utR~j$X6`c2v8>K
z>wOGc$6UhZX{l|<XApMs;yPHsgLKWk7*{pgCc`UY83ueII+)`-Ws?MvB3B8UR^%#D
znNgE58f{VJ3<u3}9B*)v;a`nHg!s6ZVml9MXlZGecz@a4p9FzO?^g`K;?H*WpY15{
z|8qjN5Rj+fxfj!`CyqP^-zh3?o*xGYA)O4$5U?|x;!0+JZ(#hj`T{j60C~(8-01OJ
z#d7{apcagd-2Vy?Y64bGY*JXj<@b(@0DC%xL@pD5Zf9Q#n=CfDUUj@NaWNIh&|?nU
zvy~N{?-@u(+)Mvq&I@b#_PNUN+~1?^<ih!tm%TuS(Aa52?h#uJ168r}{YCnOWCyD%
zPBr#3o1dIs9<Td9<I_+x=x;K}5uIqJskxdTFx7m)f42@}Bu(oeAWFN{)Qx_f5$XRd
zUN8mTx5CpZDB-59LHfh4KNAt0y3UO_BAz5OO_#P;Lkh<rEjuZHA)4mQa`A;K_H&$7
zt?pBGWj`CZf;!hA@1dktQfJCmb<9?Hpc<|qFWMcSZt@=N%_8lT*;1WRT(TSYxr7XM
zuSGBLN(2UYfPxZO3P^L9lm)WB^nPb4g3tmEhzMmd^z1r{Tv=5#aZ=t^liwB+j*ir|
zAIj!v-dX>?_&J+jP1)yJQDjOM%m<UEy0GIXRa`18jRnyr<Hs5-KDt?mzCjJcLP05|
zAXALB%OK-8+i&zpT9>a%4oz}yA9L0b9ZgD{+bfuI-@DsN@v~sgEF~-mE<`VPE{fPl
z#GGTKE=hC~Rb*H1HUh(>;Sd78l*t*wcta5EX<u{y4|3R5QgYqq1nvAch`?DLpg*%=
zz(-n_p6mgNz7`MchP@n6B+Gqz(Y!V~Q?T{DT&sbv!Fg|G%hPn4r3lku!6Kq*as*9N
z^kvb7d!h4NKA8Tkbq(3@Q)35_kQj)mvCqoTM;sPTS<>_qJ88G^MoLTF+#Hy^Hg9xL
zGIlW0^2Z9q^tEx`cc<J_srhIK-}eZI_@qfkpAy7H3Yu~-a@;3m!vaC+q{AOxBV2&Z
z!!mOH`~^n48J!hBv3KQkom<3i%S*@<S$cy;AcD`A3xUZenfxrl&cr?PeN6R$ep9s%
zQ(7ItAg-TX1PMjipW_jFuHI2hV$%~#4SC;5wBm>^z$bPC<5%Q2x=txANzd*lCbuE#
zHl#dO!+y7GQ&#q3s?1{W2u&wI5br21_a)Up+97g!j1||0nI~vppD<1tEQOiV+A#~(
z6~bb_lygm3t_HhG#v65Y;+weKSizh7r;?@NnZPyMYBUs-$>}iS1NQDgAnEACCj&Q{
zdC?>dSz8x=#cfavIM+n-iH2MTbQr=}${UjO9RKmUN0DaW%}3DGY9IlW-)_ov`Ps~y
zOzP!x$@sP;f-oz%oUUcO0o6MBO~YGo6k8Mo1%=%>Y$H`76)bz(Y#Q44D`xAvz4O^-
zL0=MA&!NH5VCFg|-{`gXTm>yQLCs5q)?4%#@2IoFE-o)?P=g9kVb;njVwq}+Zr+qs
zF%WQ8m}mxDpS|-?tJkv}*ZHW6oad7mVdfmryB5=*P2W>XxcdcRFR7kqSbs}X<ymz?
z!Ec4rA{W;}W|}xKmo+ir8E6m}PWI8;&P7?yb?ef!bI3!evlFmHVX03bgBaq-jXF=Y
z0HL4|E184N${%Wq9$$;=sHwiBLcRl}9Bx>Hg9K3C&Gh0E@}hf(<AI6%@dcB=9D%Ga
z{{DwoLRe84^4&idWeC#ge(#x3vH=m+6z(=4FZcTxq_%19a3VQ^Twuhl-*r86uT$L=
zxvWr1y^48$LBuX~h$a6>GQan<0e59CMDMM09+7o6>^3iKm5teYxp)Q+*Eck56BZFM
z<Gq!M{_qJLIf}(hgC>WnA}Md@@+f_U_H|9uRcqQxcJz;&%**Qm2g7Ic%Xden=;<Hs
z73L-lQ&0iknnk&f-dMJ;6QT&`+-n<G9}a=i_5kScgWu)Yy8_pqugsn!E(yjUchjkz
zeMiRI92R7ZurR7IO1v!G@LxgR=2#a)#N=kzgCX05$RYgrH3_+>+VMHz=hI1iEzlZ>
zO*T6>C(R&O3UGQA7Q|Zns_Aw&C}ff`4{%q<nlM$yRg~Jr+rQ4>4${^1Nrkbnk9UP;
z>uMBc-diob9^9921N7VQZrZjE?@<hsLXGMM1#uf1IruX%8_OM3%F%O8WH&{*+S}FH
ztG}Jz?@@M1CarQNJ*YkBE-3p5vX|_Fl8sT8Y-L+q{z_%oi4#6-9Tn;lQC@ZkaW{wx
zDG%E@U_w60S8@pA#?$7v;T&hL^d83wo|s5nq}FS^R7+Ntb9kvbMagNqnTnk;IIAe+
zqtmStk!j))l8~SlM=7E(2yGbCe6E@34fh5<j~$zyDhAT_0%yRU2Kj*`V)YV)w)`;~
zRdz0=Gi5THnsMB6M{m2YB(!w3newcRJcRF~YJC`4+1Fw(e!LRmh4=4my+&k6?VKYo
zZ&xQo&m$Na8Es1!mm|dF-@WVU=`rNA^9<8S-?aFS|9o9qBx|CUIo_ru)y37k$YJ2~
z&DMpaf<j5luJo#X7uXt<0L(NZ-v(=E8#6$MpTJILA<wB4zv$JLl^Z~EH=BZJT`tyJ
zYF~!^(-4oW;aX!rKFAbC-l8~nQyyh%ssOj9(DD4LpNp!O{NVr*fz}<N=6b$`=F6UP
zC%weTNIY`#m(N2LGDPKeah8{tO*l#1pkZNQ;o%HaJ*)OI4CU7FdWDB+a_bn|Z=O^{
zte8<b7i%LVY&EGaFTW62mgApB>cs8PlT`s^3P`DHVTYHWM?P$qS;L8lm=hntj$6(B
z^#XogWiM8=K1j}09(j^rg)`k<;A!H`Z9+D)tav|F2qqx$;+_&Vo-%Jy?es&O&0ko6
z`hQ!#`=w{nu>j_~ky5#F(v1p*4afrngMyA+g`<OMqc-5d1dK&ebkU`yrC+~(g~LG%
z1XH|*C)lEMIbWR&9E}pyRuR(`tvSxYE3LfA_4-Z6-{eloIE3YSJIZX}U+hh1rTj}q
zf4fb8YaEyPRe1{DSqk&B6j7=<NYPDU%>3u;T_TM_hgrtoV%IGeRql3g-CAh2@j=)M
zFm7El*Au8ny_u{p2M&@;4ni5-=IrY<jPd}>OH1ge4>AUc9)F?3lqQT86n5GobR!IH
z&!&)m?e5{hr6*Wn4G&?_u0NvHp_*2I*40qys(#igSME}*<D5zMX7e&?48tYik)$=;
zyCUQR#YIQ;0&jKLc@K=vbUqI|h%V5}&_91~!0e(ZlozAevAOh1)=Za$t5@@+H}G_!
zbKGJWLhuA>+AxjTAr84jfXbu-s$IG1MmscfA@BI^-S|xf?y(q-?QQe7wUp~<>3M;e
z)45MkaWgHF$A^c9M@LVdJ|zqW<@HHX2L=R0Iv*b#C>D$r7Z;O|kXVtGasRr*p$F11
z$!V1_+|6xfTp!H_rO4*A3i14O`R;EMQE2uwY;t0v=BC!2l`k~EShRw{Xzs9*=(4cX
z8m_)B$u30ASsUb3i(WI#?L~8PwCaIhv+roxw5>)_<ea>0)&jWdQ|r>J&26x9>rEZE
zcU^NOM3E&&dU0CCk#CGiU2M%aK{Ea=^1Ej}B>UI1j_2SBzn5*zy+y_E(n1@@SFLhn
z-sGo&W4n#*>$LM#a`W;E`lWE*<tX`y|K8p%7&d?D*HsO8GS=*#Hp*pq$=S}r0@Ll0
znx0pNH|UUXt5CA5u#(fU5G22Qn8ge0hUT-bIq66~d<5c*d4_xsm$Uk&1FwtrFst|Q
zs{`OJwQlXKF4CGi$~ChE&Pgs~S{1?wK3KPv#a7Gn+#6-(yxP0Ur`$^cNZb|&;y;tS
zq+ddy)k(Anm<jIZ2Uq?^Q`eY~7m-5xh}UFF%F5EzAFDnb3W|z)d*10f6!!@2VKDN3
z%u%Vg`l>Rd-pc57zEJM#r{wJutZ(e8+`SPt`RkXFSHvXO=h4N*9-Wo4&c{d>W`vV4
zWn<8b<Grkwz6-AlkBB?z#q})fYcL)53vr`d&EhqTAaTeZ`#zCW(`WH2$Shp)!4DAH
zy@okqZArCv6}k}xX?<RcZ9tvG)YQUZ^R6dr7)S?}n035mD`?$!vdyw|_WZER$fxXU
zOQP+Im6XS>xv0hYkuo;Vku%qZE4Myz!ii$FPsFeWX*H>4Nz>}EyctBv%!Zai#6JE4
zF%H~owPIFgKD{cTy#LbG@|Uhw%x-qE>a5QP4AO)9SQx1ceHaBDfevRF(zEyV$;wcN
zHvn2{R|LMrIIcT%)gSVUJe*BOrF28|0GB=MJO?yLhc7A1W(r^H?R*2zZY-3JH`wHu
z$w_(2z$Lfxd-*HQO#45vB`qo)?-o)RS%X$Br%p0v^(y-ohanO7I7k}xjr?N7t&D#L
z$v}a4Q#?y%%#xT}5iV<&TosNqNAW!;WJx~X9VxawKx7>^I!7-`woD{H##0t)|5oJi
zsBym>56#BO6C{%N&fs3E=HP`r+yzjHAtiIuX60&Te5(3vkDjm6gT5re3%hKi7?+8d
z`wpF@6RX%wH8%0wh}KxV#u_M8?#vAqVH7LA)8ncGdb+HcUID`(cX~(4NI@uJ=jR+@
z{050&@&yf^Kj8`~;6A)ZQQ+dHB|TU?D`mWoUBrQ?_gDXkNRT1I{kHEPx`kBbe&_4G
ziILJa*s$74*F9r35fw-wzPXzR+_X33Xtj9&7cmFq1;|^?@1rK<UH7tn+wm;zXrF~t
z>Ws4}%t?!8XAt}mD-L{4S5*IE#;ECIzu!Q)lskO*=(w*|YsK2&5^yQ-;4c}5Zn<W9
zPAGFll`lm;62$e^nVpg;))|dtQ}lR<mVSC%@Rj7$$A6V;Z4dR2{=&uJ!YdW_)Ih=E
z{SR=*f`G;*S3`Q{_JZ=J_$f<x2s>jQg-~kZNCh4BQM{X%&xxkD|Crtz@0bfGVp;&D
zCD2~Azf!Xzq(Mk<y_e{$;u`<S%Akh9ZSAr~IQQ+sQxp_)_!gOGz085w=>WVY9Hw)0
zEm^^CS<FjEM=b4PME6C3z{@b8Iq<d1La?S6!YCzi1rG=Uu@Vplh`yvYl;#3G=EIM|
z!}43EKX{Xhw^ZjR^k!bZu{|$ufce)^pTnWE;0+J!)w$d8cOB&C#97tpY*1$|FS_o7
zebczMAlQ-jjxtH2<0YuD|C}DEFLY;z8XlSL3x%Mc^>1rg-W6zr;a<LyI&L#RAdx?a
z%<1Ckq@&>wu8b49CwbA9K{bfWsFf?VA8ctl6xzvKW?*BG>>cL;2c11C^pQ+(G%+9&
zJGjU=@-yOV*Uk#JufB9NU3Vn0-J!ONk@uvZzP(9lUE?LJrX%iW2O_gS{uLP%3xbu|
z2u<v<J?z%!@ulOS1=31TV81zHAi6Zm`0=Irq62dWVWZAO6qOrP$d2u?s+2v|;CqH<
z?_ifWUg97?jD~4){wp||P8uI5pXyb7@GB*(7cI<IZ_<&Mt90rq`E(-XWa6%#3-6d-
z1_B7C1A*|li2>>Y57vos2<SOzm&rQqpK`&TEbeo3m~zt6l7IgCWG0`3A&homh#vld
z(lSs(Uv0oIUkUk$Ee$aF%}SD%SaY-J*t(VV$g3*~iuq(xjg-P--7QPaD(^=mQST!N
z+aJzLqQ5>AN80YxU(7wQ6S{F`Ox@cK=`v;_+OEm<V5c>VZ7+Er*bc$#7M8+%dn<*M
zp4JUnfGb$f@;f`gTufl@4vlr%O_Me5Wgn<Y#yj1&jYLik(pQ6ZjX?||xk9r)#Gpn#
z6-xe{QQlf8(uQzeZ(t-U_sdX#fx>5z>9&L$_hdmlV6<48n^)Yub-Yg$CoX4)M$Fr%
zmcH~HY78D~lxVT)eo~t%AAZb1>rW{`E2;;ln_4K`SO?_%fMR*V7kJRpbHp`pfVs04
z&jvhR?+Oq{Nrw2LV1Erje-3O-r|5wo^)`gFiSgGu?{u|F)zrj3x!JnzI(oG&>V*&=
zSwva@8mxOgIwW~}wATfpp8QBS!0gsIV+taz24f!jRJ_4_n=h#RM@j`Fu#$_BGAu&u
z@U{SRo@DxNd@)G=`0my+4pYzV^fpW9jJ`o8I@?X{*eRG!TFD?7Afy*f2cB(5-i~|_
za+47F?p_oKIo$h=Xkx`b$C1+z981RmLmr_E2JlJV+OI8l4(BR}t<lDa&`Lv@kjIh3
zD663o6}v{CM&$W4ushA#ik#aV{vgw97(3unU=UJ@Cg#|De}AQt6gX9MqKZ=}@@0E|
zU7g07<O^d4V29#Q3)P<FGKCQbxP0vWqaK>V_nJ2>VT-deat(Ie7Y1EL>F#bV!1kjy
zpJ-AJ+Wx8awyIimA3ABH{(EhYZ_XAlP2p361>H+Q-P*6}bS+safPyJL5l}|=wasLD
zW_DnGVmL>VEJI9pbueJB=}gz5^sFM?cu~cEXFpy?EZTG7@p(=~fxnFM4IF|JEFQes
z_LkV|l$zu%tIdMw-6-G!pCjgM1!9F9ZZ_~<N$D9l<g7ZDI9YgNE|JQaI#HX%inXM9
zqsY#rl*7Zk!lbtk5)go5_rsHQ<4so-D`Zm}Z)7<oSWRt&f)0Fb!+0+v`gU_yl@~be
z>w37-{S=(af2F;g$48ccNxINnx@l#qUqQlO$stn8G1szd^}R)O3KMGn*^uxGrRy!t
zmK!H%L#Ae_AWU~hQ(Axy+(<7S*z7PpPf449IL5j~mVR+)nL<2_X2=T+_de_^qSDjL
z*m9`m-Hg8p$FY^eE|gPKXFI7X{Ltda2$m&@c#q4(F1Mz3&Dm`V3Xej*b`|YbLe=K`
z*}+L|%C*FIpiIUWK9{<olk{z#+?G|H?X*a@aJ;kNq-_3DL&2-j%ndeiZkiKVf<My5
z$w4b_NVp@j$mUT<Vnm0WE6<|X-^Q^81KJ^2kV5#7I+at=Aoi;;wbWO--(E(XAiwpi
zOApQBUXc|gE)?!-lm>}d7Eaj)!nyI~k`&dH9s~mzaqreWZjTnFHLQ!J>nW5Nr$%f=
zUyevWJ{D9J9ra3zyIZs!xn^IuR%*~M&^QTtWzrdNmRakO*!+u_qow)!_wVT{;1l57
zyb|ki!4Yt<rts>x46WNH4r#p3g_6a}1V<tCZ~HfGF1RjS^#$^ugOARTlFPY==4^2s
zbnHad&Ds~fV7Eg?J&uk@I)lz$Lp8L`6u{<Y^1`H4J}WosxQ$$ucSUWuX&ZMp6EAR^
z4-q$#4ZAYV2}lo}x*l}1(<;0}KZo=BA#vIJ66IB+rj_rW9EQFzsFvmD!36V|9JDgX
zm3M5LgZsmm5c=t6jjyOI?9TJNtxd~Mn*4AdpcFKRvuW@gUsvXb8=fCUU_+q0&TbFi
z{`5B%BHOXVeu(IbzbJxJitB)ES9{St-1UmM5G+qJk7=%2W12Bxfe$&j{6ccTcDuv|
zhX{!y*JhKE#+^%UY9xlIFaqUgcocCI3e67MF;*$bs*xw;D%f3T3fjdn#S`BR8FDY`
zD)O=m)me0>irOaeV9OxvGF$Z8?@zPwhpz==c(w272m<k`-Gc!VGWfttF3J);*9Wbx
zkHyQwy*jAD+3EyGqCbA%Wa+B&0_}B3#?t#Cl}mT;E$hFfJ}V|-XP?y#Bd3}Tl6D=j
zLdfsj(&RCx0RVV3)ZnKq($K_kM4jrTEX|e8+<`4mFyPV45H6Uzj^-Xx)H5@XhUEhx
zgwmTYp@1FU$9rhrTjA?fbGtD}NdEDq^aU7!C4J{HFtuw0YE=7847$n!;`~qrHBJWC
zNLZ=vK0VdoIwLr#k8ZJCtA8;78GZad2d_~XDXi`-UMZq%EmHKnXh>$CB-05toOBz?
z0n>t=q62NhuUGpzBeLW&y!+lVC^0@*^0{Ff(AFp7q)j~)jTG4mYWqSVgh~$%z{s7L
zFUlM|-CcB1DPcJ|18_7y1v_rDuWi7qEY)j?qgr-9efIkx$b5~T;)^!3j+S1PnCS&u
z6qSFTZ7;sSQ_(T+eSW=9U|x}NyVE*q*K+c^p&QNCb4RUnP&i2{4IR>QR+467VCahU
z*m5VCJ$#XhR2dfOan{H<;!=B}2O(Zgn76iOm_(Hy$pJh>e|3@fKJ(%O=UW2wcR8rE
zhD$hR_wN7up<SvblnJ@!ZGxJwU?stU4s1L-9m6X@G&Sy9t2g0<gSdCnAAdmJ`jwos
zu9`84Be6qB&k*#NqX-;DtdAKVv>6x2YnSjOgagw0TO`*a6`@Sxv+_vIq@%ObvV7`g
zoKS%Sp5rkuQ{NR+%$ILVM(=4oXmNCQ`egB4ECnEtyB75IrrNP_vfK7(xG1(PVm($@
zQ8wq(S`o1nwopSA44*m>sV>rkPAg7_4gwelo%q&*D6kmRF;aR9*xW6V&bW_q+G@)F
zIS@7Lg7~R@mxT6XPf;ve@?2)-5lm>`jT#jpSv(2^iFrsV|49tgdqNH{Vn>({cD|-V
z_ubWgr{IQXfoP2aeQl?|H^RL;C$>9|F|)Zjzr0k*sHl>zLAW@&T7J~GF0XgbFEJUr
z%+X5*=!9?*bM(s?^|w5s4gt{LKOTB6cRkt>X2i$nuFmkCuQR20EYz!jsNm$_qgP>#
z=(sY~o@V;SO&akqx#cO1xP(-2lp8Ss{r!h<bjTtJAeqDi(?(&H;7zQ;BaTv*W5EG0
z1?d;_QQ6U~wYRgOhPozB*Q=u8J)1h7CZQa(Ev;9`1(jPOy7eK0>;q{LzgFXWP0DTL
z*QvMt$-oOO-VbFYQLNu~h=U$oq{J~zOD23cM+6*|ak|iCJk;s!jX~iM1{#I}+YThm
z>K(+fIDfzsKdURIIfO>ncE8(}dML6<2Zk@ViretFuGEr#!$GUme{>UaH}~q6jC#=v
z4;VO>Kt-<I;B0J=J)_n0#oNhy<s#lGL)4l2V8nJD3lEK*){%q()Tnf1^4vc$AVdD#
z`m-p9VP-g8+)qe{1l%`u4lo<cX8&xErxDi>E-vW7`9{cLY54pcxYy$TJ1z6Zmcn}j
zbhp={=C&VawkJ02ltHZMOPmNeNaBEaa|Z9qSrEIE>waf{gnkiK9dU-+oRz$=#8;Vf
zc6)K2j6q+cz#Xn%^EJVi!n}crbu>yl-kZW>oN`<EuBAqd3Myvo^G)M|^%0uuxCES}
zki*72tGMq{!N(4J-mP`^TdhheS`D?w!&j8b%SwRJ%bb?3-$JXR=bgzfg05+te32@n
z-~%7yNwCw7P=wgb?BIIrd;i|kadF)rmJhQS-VEy}TCK4u`ie;@bZl;)vSLZ$?mzdr
zG$)Sx^y>Mp)FzU+icGpq&WxHpec!+436bK#@Q~P6)R{WLeXxu#-hT6v1=HsBeu&^(
z((-V~mA2cPJ$9F?NX4H>+rLv<M>DhoXV;`zCJ_PZ9m)7Kk0cmDa1ZfY815N=o?}>V
zg-B$zZS60c*XB6aV`EDc(rKN?8K{saZVMndX~h&yn_Ds^TI45;Pzg=RfZoDmVhbw3
zs#<*Qp`s1iW!vLre`4f%e}rcZu6#6ntNzQKT;DVBw-FQmE`4l3u^kqXAsiV1J3pyj
zD8BwU9G*Q8lLDZTyX6CvbsTaUI{*6RffgAU!V(79p+#k<op?pX`JxgRxlXq{#a|9U
zWFekmKb@A<1>Cr?DwaYM3A}{TFx*C;cK;w|B?JbNTUKigVSX*T#(5}&4>MhNNne6W
zsYY+p(2f!t_h;2>yPMu{0qsjNmkv1$4L!!@YqbOBE?19|h6OGnE1u0_BBR}#-iYo)
z`_2bQGZ`1k*zSIk2~tlFy)LBCZeVu1dJ@uMh8d|1CB9C1*6`5F^N7M7A?j`9ha5=T
ze6HAj0)}=Y!C2u;h*=p?$=ZeKmv?;I8EBCLxvNW@Ok6ruO-tkgtu|iYuyF|2xr)hI
z#r|54nf*~MsTb#Vm7BjJ>bgMF@@dx@-FN4EzQL~_C>|9`MORLEKT<*l2S&DHp5Et=
zDyJ0goDH^W7u@&fR{Z#yoeP%D(q*%EMuE6O(`d4@;J<v*ef++3Tvr@7<!8(+-!GTX
zDW*hY1n#@F7F1g+=JrLg4M6C4xs0Jv=`Zo3!jOSK(v86(3tqz$ptib%Wank`!?s8*
zk&{Dj$&mG+J35|Fz=2ES^~YDN`@N9;%NlR9VO(ysiw6ug|K-m3uiSVvui29d=qD`u
zbBsV{M|)8M#+5$LE6~5UNpZla%xya1)~KMrnT46?w)As(`UxD{sS{xLS&^@vV1r;S
z_t+pbF$^MH7s)7)ior6s^l0!^O@PB18OiW&>AP+>uQP1!8lxp=lz(a+vtCbj)P{o|
z!{Xn+I!4sQQ~Z?I6xX`iYDyop&0`!OOmt0hMcso*V+BgKWiZ{_@ZaB7Z*cocvNL=a
zFMRx)4d?$49-NT_mR~DEkK<DSVb_aEK!kbhwxMUej>yo{Y6@SbKWK+E{s!aV?B&79
zNxrC=WsJ?#-p2m;=#Ob*rxPW;-tQ+eUIGh}m02<dAgCS9JVzUa0<^*PtAH?dpb5zQ
zlh#|8l{>apmuKFA>2`#d0@3?%)HS^h9qF;QY);GkFV^1>8ZfkrVPo(46LTas2WL#z
z+9B3Jdp)3&HCKl^_cGfP!zxkTqKFeD5#CxB=_P1_Lq-!W8cfMGSqC7F8Qj(T;fd*N
zzy^=6Nr+5L0A4#JwJ*HP?P-a@>%Cq6x|AlOj!;1F9_4C*(ab>M*tPd`%;A@!5WJj(
zvv5LDKIU65Ggm4&<md62q|Ua3giO{mvrwWJy+$IvMol(#u0J(RdciCVz$F6W`kW-A
zew#1LTr`~h7>Cy0D9gX}ZM0c;<^X8@`!=+9Hn3MBl23hNm{A*ed`dPz;88RI4#P*d
zfPAbI>6oE6w+QyD(oiIII`sFqoCtpjb@Y&_8!8!y5MC(X{nd#>H^NqAc`9CUlXEn0
z2!Cb&W`8ghW#WmU{u~QI%f>>?@h?v*DLxbWa2S?e)XAo7!X!)m#35^BiqB>DQGGpj
z5+>@M*~R{@YW`eX;x_@G1oN}(tQj1f=Yj(DTT9<U_FZ>^AQx+v1H~T;`D!Sytl33s
z<_wfH1rm>Vu8!YR{iY!Dd-REOA74*vYMuF2SeKZ({k>^uoKB4coY&x42M3b#J|{nf
zB(4?&uZMzf7kr8if3pnE`&4c>gC2_wky8@1anb6UAIv!2wS13&FNX2MECtZ5!2#r+
zOgB{g*y6N8b{MBgtOiiAM#pC(By|^BPj?N^F`jLxyVSiyP$pvF&&eg|D+o63{MPTk
zv;G!xC<@AcZe^Rmub`?dGi64O%&rxZ7tZ77b@qmtQv$%TGv7BT)@-QCi%LZy0Q&yn
z#v=}nm%u|7cdmUE-)Ii)&xpa-{3Fdf9B#zkhQqbppMoj&Ba{oXAis=nUu?%C>A;Ze
zsoxKyG@X*@222$z3murl%)sfdVpyXst^E`GhLxg^ZB(+d6c{EH0M?3MGhQR#nnvJn
z_f0UbX?E0*=848gww9gMf=cNrn7kGzG&9kO1cWVpLho^PH?BtyHb@MO_#AUF^YN8^
z0SZ}l%{8%6O+n?Z-@&SL@PJhVDimum)s|N2$w=`<K{A@ByL}LI3?S?tIL2O4aGDb#
zL!DUed(%pA(T3AroFoQ$Upqs8e!bDD5J7QFNrl4smDc=Sv65IX$cJ)fs2<WE<?kz{
zERs<T@2XABwNY9Q{Gy+X*|#Q22jqv?dk@II;{PT3JtgnEH8>l*_BV<^wBglI9-}Yz
ztNS!rf8r}xx(h2Nhh{fg{~`wmH;|NyUc8W?NyVnod&8tjBV0gek%5K7$}jq$X7FVK
zHD<2HY<mf(5?*q0b6JeHNzM0_T|bV8_2?cW-PWB@NSZKqr7D2@yIwAA3}LHws9Mzx
zxgV_bO}8oBs)R{0yi|+C(jV>11(YSImrZZci;0$FY4t9qt9nYiDnW4Q=^EZIk>KkD
zDxSf2ZX*gEQd{`nX_0a7XY2n?VM6wM%s`aptRaCo9B48~5cd_7`Eyx#)6M?HBIA&$
z*v-tB{AJOppDr<&^XJn=;Tdj90qUZ_X|#Tt;rD-Mgf<;?SSrxEl~R*aluW#{-ypdo
zm%`nZNA>ZZWd^U&lHOd!-X@!E!g=p>%c|Ven!}aPWsL||J9AMYV`8}{c*SpR-~68*
z)J5-@XZX`@PVO9k@-_R4nnF|KLe$d5qL_5QK4?(k?0Tz4y8iOmHVPoa(ba#nRAMA#
zH}%D)%>g+SoUp*ZL;L}6UAgCCvTGl^Pd+$o5)V&Zdl=)86fr_5@rJ!gz@Qglw`DQJ
zQJBdRS($(1;J-@YGJ=h@D;{i9`FKUBA1zYZ9QrNPlPBAMy|5S*rIgE^C6;YM(;dJj
zKRJEG-(hxApton4%O`9Rw`(|Loq_)jPJ2C`j+M4<Zw+?Ds$CxXr{TIC=E5!vFh6(4
z{aicT3Y{la#~`Z+;?=57{Rz2!2traL47AOw(3Y_3jh>(=A!{()wI*R^?v+Te;k%4i
z#;Zn86=nfZ8L9aDgtR(!8^RujT(GvE6hZ$q!vCJ@Ww|6DHi{uCC&K6}?T6TmCE(c0
zt{Ez!8=v)krv6RkiSPS{n5$1dINg}ba5bMC`I=UkMYH&?BV4}9yl&()EuXf@IQD<3
z<Thrm&{LB@$`Rfp-~#NS>wsK8-jiSt21tszt&K;Nlqj4CXr(yzdP@e?<YJ676ci*}
zeo!mY+hW-lr4^4;(0mMhla7&j$zi#!N&|NEj{gBcJmP|>IHo^)8npTd%A6h?^;Kg{
zSo!UR6Fs;xMH;FBzL`X#6EeEaS-#NH7T%;7pvXWj1uPbh|15c>54uYnx-Oow{=zYf
zPYeKiSo}`p7;Yys>et3w@h40)E1Z(=PKN+wOh8wpr0IaR1^enUZ#YDW1gddOL;F0_
zrh7?XHFTYHK1lrECyqmYLYQA^wnS_&^><3PT&AT1b3e<e9G4goPn;eHUL_A+kKk%j
zlXzMic~?Yl3VR%evcuAW9f0us!|aU4Ev1@4&v(j|m*=Lpij^f*A!t2G(2a_=&soWX
znD(a);<o_GHy;ue&@>fss<5)Gz$^G(^JTqJ>(XB!IxmX1wEMAl9&WpQl(fm+A0zuP
z#8^fq2~Z>C!Q&0P!Q)u>?Dqt}uhPPfT_#;JS<@e!=$pW^oVOM2G!l+2$LjBo>yPnW
z&tMT~#9jQ?aO}8y%qW|)swEBmb_O6BC!SbhddN)lTNNae>LNz*#4q3n7Axw5wolz=
zo67CSwp<O79m+NVfw{J#4018;5N%qF-_Iu=3>wvbFIvmx<#|D)F0`Ao)&KlVdbgt{
zzpW7$u=z5uDKpL!s=4EgmNbEPI?_Y)DynJ85-R`-T$)!+9}?=D6E#+Gr9yoNb^YHl
z7)dZ)!J`f!H1fp^cX26=hmQ8W<IiS;_5%$U77rtM(4s4Mb`6>DswIBIxIB9YA+fL8
zus;$hKUH_yUE_U0BPrzUc=Ei&v*67)oTKJoh?(7~g}J(i)p?8;_Uk0Mr~f2M(Y08+
zF&nrnjkpH%;Mib*3nQ>KMr1Z5v7_L&LpfCY9d(craa7sZblTy%1Xe3VaW*P3x}Yu-
z|8b?!&#h;`H~fPs5ZC8N%@?Gjhm2=D*&y)B-%JT9bn!2tG{B{OobbhZyr*Z>Je6V$
z<(=-XztV^Sn00n2Ar7Z9+j!-j$uh?9nTA@eF>i9W<Qbbh@*Ryv_cJ=+G>?H8=r}*W
z*iD7#9p85me?UbE4c7%RM_JQHu`hKHYZA+j$E!Vy65uaqG_i2VYuR`ydUn`BxZx=u
z%g*(0iBz24Ryp~OD+p6|4Ab=bXgb%*V9;-az}=6D5_QlG0vEUxle$y!nltR(ew<UD
zbAaiK_e~T7kjb!2*f*R^)oadYMQi7#Uu5z=);!t^pNJgIumbm;hB&NXU6FTA{}xvi
zUG7;tJVFllPtjtF?`3vsBFuTTjvASu$B9H%E9g1yX#uJfv{v9Sfs0BkoY(7;gD6Sr
zzP5p+IHy>^{|}~lZ~r$;<Gjy*BQK-d0sQxxMUvuu&7u!-zH5HbvefP-S(f%vGRZ`C
zrR||XbsEFpe5U1JC(gPc4`08!+a(TGHk!JM--}DrT1VpSeG<s<e=1<~(HOCV;ibfi
zFGBy3Dsn|uFOu6z|3ztWunkg6`t~-cby_iEjV1y}shA7L%hs_YyXzn{*^W`fIq%Kc
z9NkUCiT-(=E{`Cw;c<w(uK-Ca=?4Qy@VNd>&2fPTSglMLu-x_IHDQI35Pv-${Jjm{
zSE*EZnyHfS&Pw)zxZC?`lpmgnemM(6xh`7%cdnTAgk1$oRdlaY0tZ22!m%RE3zP+S
zNZxWC#uSqX3}Lw^_89OOMg>#$CHT}jsaVrgt?<zK=@&UOF0_>XADLmBeqo!pPG-tC
zC*94dP)GrIav{vK%M>IFB@i3(ilgLnpMpZ_9$>DyM7NUvu;RdEz7}R7#u<bVE8{5a
zzr-<-b*-Ai2ZjJbos5i>noCcpV8@5)vcGx0UaJ?qL57DQ@jg@dutIv>$@2ELve&>k
z!(92o@M2NEUsd<kR!(!g>UKhpF=#~u#Lc3Rj><<s?{$bz9F^8L2+_b;qkd=xGC$Jk
zggku5+$>c5&Jey2)wq=ay?iq_!cckW(*pc!h*sch2Jer{9c3v5O)LasDa-w<TkXwb
zp<|b>RifisRNMIxXD=0wpBsXV;yrf<FIqHzzWhYcw4LZvIE5)-QXPY5+R3gp@cQu}
zWHME_IGIO}t64|fD^OR^so+*eyCx)}iHl^|Ea;&mPX_J^!o}|zC>&79o`F#gBmW2h
zld%4bQhIxl{NtDJmNj2UfuMqegXF=s!1Qo1*CV~|2M@jQ8|(-TeAWcvxg1oqYsn=^
zgIFKm3upaOAGiq=(vxWHBQIaGT(iXT2&y4N@LSXhznQ6tNOy}xvK$m-7=KpH%<*qI
z;9C+7KX0<Pj&IT319+C*DASIG$Du?-!biw(ww%(rJO)`KWiv{Z__XN-GIuo1I*wlk
zWT*pP+0EY+^+)1)yf{YR_5$tpaNNxFv1T8{l4WLYrbKjmS9Wh}KRzT-A1x+SubP{k
z&3!Lp!QMcz6AoyO_J>^2xh&6&8q5blRBTK6D)D3GvEP}IqeC4!%^6sNDnX|qB{X=*
z92u+1>Z2zA*)RzVCn)aaPRhTk%+hWq*g4;5a4C~sD@R}j7r2(#==}7;vSm7@V7=4e
zqL!Z7WsOI=ZC|<6k?^`@2hegR(QMIIm~&C>_r33RZa99PJCLM+l9kB%Ba%_wp!<}X
zd++X%vwugmnC1jtq!XyNPZl@o6rgBh5*+e--sY??{NVL}f?v%be4sN1@Que$wN`HJ
z6Tb8hD@v#Wv2BomqVe5WF{(F7P^^NTXH^ebUG+Lbw$Np}7iI%qUd)uCy%0b_g34YB
z<h^a9Z8HYXO}7U&l11f1P@r8-THb?Ck=X^s`z3Vog^he6bCJ@0m5>d5s)1`=PXJt^
z=ED)U8}PQEcyp@ZAP)wu&&V9m=u?0HHpf)FMW^SWwG%rRzLSJrvXV9k(GI#0HCuCU
znES>WH?NB<SIvIZ))ocJT9r&I7_b^@btGSuqx`h@FuiBa$m%oqykg&_X-*oIC*+rb
zW^H%3I~5?n5&!K~>a;`P^#z`=>X1(V>8oG#qM{`Ty{d(#{Wq#<C3R^iYx<Kc1r%Yj
zf-TVwoV3nHh(Yb3<6P4hANr5_AIHgKe<YZvD51$0n}R0pJX`MqoC<_j{q%!*cEl++
zngt>YdrZi3_)Xy3i}F40OA@mN3ZcqqC)Pjc0f*GH9ePS!(1TUzkzV-^&iwJANPX%4
zFFM5#T`BoDllZr3J35O9_J35_^9G%Y`f%uE>^|DC#$QA|PHKl-57XUkk>$reBC|Wp
zHq<0Z_g#Oe{W>UnuK(V1BcFP`8`{i3I?yy)NhTRX6*#+<pKvCmBrJB#n6C+iaQR=1
zeSl`GHnTgx8<n^g(wh)-?f<y*X~F+cHAjNZDIxT$wIK*A6d)7#_Xz$K7cv7^0sxso
zKI(+LKjG`%StmkSr7UIxb#J45a)TQVg%?Ye$?X(vnw}@E8Uc7$?0TGSnJtNen?Fdt
z0$2K&*IZ}J{J_EcE->lSfIp;q{M;cDLCV^)PB^I}CTxtP5N98S!h7o0K(W$Lz{N9U
zjnt4`E`8gk4_63J7Mb8nP}e&iujQOf6seplH%S3ptQecZh#$|ky+(-lp&;ve^7Rij
z#UJ<eV|EiHJ`TQ-WejYkMJ$_`K>$-E^8P733B<$Ud@-+G%{XB^at<gp?GQsaOk^lM
zmd(mKh^eV@21S&TSycZYPySzfWmwM1hcTO!PM3TE7`hc=gcf^lJGj^YfrIa84=;#A
zRysMI*Vp7OaKnD>=kDVJ4ec5N00O%Bz(6zjAr-BX=4F#z%1}s46V?4l--rGC%KfPN
zh8HNg|GJnM@VK-i`8Cpsnojings4~rL%V_k4=S0J4MFP4-YQgg2I9>M87Q{hdu?2T
zZSHFhpn;G)l2z5a0MfKhoWQAU%xJ-loOMXuTM-)dRiUYvopD--#h&`k9Gb^6r4i^G
z>&8zFGSBb!KGjsTBh2wFW%`Uvb1jRNRWzL>JAcsxGj0#exB93V5x5DG<~GGv=_SH<
z+TDLDKEM8x?g1i_s6EX!m;Pf^T>uz9qpb^GDKjO4$IO<jkyxH)E<w8}KgDBF5=W$z
z(}Rz19=}L_k@_O)PEkq%k4|NfK`NUYNifU}Qa7nmk7@W{cip|&173DDbwFkb5IyUp
zfyAx~)15zb@r*bOuUgVPat_0K{7`t_BhkT8e)Z!^bCi#ySz!pSOEXP@+MMAp8_>W=
zJCNrTlfs`Q8Rv`pVw3OXR#x#zU1rX3NJaaTxYe@s)iT{0?Z)4Q<tACr3_+163U#=P
zVzDmWkn1WLZ}7^U;<<}E;(^_*X-+_yDSsqWIZprEbDnue$zVWm2XjYIeyF{$4VS>&
z#*TNIAoi*0!uKMNK-|Swef4?IDJ%m+CLN$%BAMc=dF8)WLZ*6+`jNGBv{g@nsDb>{
zu(#_@R#!1jVE;m3c|)WZct#Rb7f1i%Gn@M#hG7UVz5G}C(r7|o0Jd?j&pL*29{1W^
zAur5M?OHfZ?WU;sd0p&}7wsfbFjuzahoMcu%+9N!00~ao0Ed=ftaTM#FnrFswbu)r
z&<#-mp@3KFSMRC7YbdeGf6@&>$4m@Fz4-B1+tR#{1RS)H;!J6|cC+^blKL#1X&8l|
zsnRz=%)>E%?oLSUbF-#Jei8kVYBSIK4VQ|}<bH1xl?LJ{Ql<q7PzLEy&w|E#;wvLQ
zTB3vqKoP5PD#8;q!#)mu))Utj)Hi)`pVpLyc2$U8VlhI0s@M>C!B7^We_&#}T$(<F
zYnu2}w8Bw6Cz?}se4Ob^3!e5-6OGlu(j!X_)B0@H5PZ+SZgNm%C_y248l>hzs+p>s
zKIOgxarcHtrr=xzvy^?xNjPR$2BLt7f(PRmnD#yAR3oe{kozRyeeaapTvWF8<|8=!
z$UMI)Qk8pLk%pT48+@mjU;l$~|J7mj=ky;cpg&E1(VG-OC7B|6lNc)d-|(UH-}V8F
zP#S>l$po^Xow5BPi9#xVX>>OB#S!osr$1o1>((HwFG<n$bJo6X6xoI0?uhQ+mwTVR
z)g!=O*Znvhmeq|bVRJItdqu&VPIVhIng}4d{WN04rCHZ%Wj$Ic!Yp97+3+_VA(pSm
zP>*THjrqTOCBbC=?Bsy}j+bDBHaH-dOYnCPZ)3(e`g}>ndOOnf&4_+Q_?(y*(8b-h
zNt|YTrri|?u4Y&QOz@3B-hXD2?7xDWK~vDvB^}J%@*gBY)L!)|xTCbhGwp@f)!fs@
zpv$T&M`gk~D{;jg=YdG}=SOx|RYY<@JG8^t#Q<h8pi&G-(RdyZqTm?ia&{==2qWk$
ziC4wTt0DOP@jx#;9u8@5C=g-RV+TKd?;eay<T!<jRb&0Bt}y(Y9s~SH4*vT0q-Y{y
z*r-5MB_%A%(iJMpj?|wtPs_QIpyn$MGg%eA(T_Q4g;joEfiI90fmO3%f|g&8{6UZr
zXrqvxDxVJg@{Wc!E@y$P=26jk!`;2x#2EYENs*ASB;1E^IuG(zTV`=k@;5^+tFS6{
zG}g0_MROrDM&}M;!4Fk!zGbNxe9{kz0k$L-HD5^-e+9L(+J`oMbvWmq<lyfgOxY38
zFqoVFLP=8N@%hl>0%t?WQ1&9bZe5sL5PL@x*>(afN8=!rO8I)2`40MSO*!_4P1KD=
z52sY7^83m9?9fa$xpYT9C@)*<i)m+Q>0f!IDaM8=lG>R`ufd+5^=kXlKj#%)g3w)y
z<G|)Nm96XQ*N#u_Z5sgo_bI_1Q&3|CHCuA`2>c<*FvM@fizyT^m9&rsxOm6~&688|
zM)s!$<eGqu-ya1t^DwM&U+<$ea8{cZ>v(QBrxPcgYtg!;91VSY5AjP7)JC_;^zP<+
z*Y?0NrX;oRUA1N0S$R`G{pn*gJUv*pP};kp$KZlwTtFRH<w?e*;FN=7AbRZF8M1Ps
zOR+5dI*;+$&qtFr(UKldGHm|5rJ?@>-1t%eJ7qev0e4};x?r`s&SZgsy~sE&p_mLn
zUCZ*KVMgb1rSyv*5I863tRpR0{~@{p!qr8Wr>SfHiy<fR@B+@wTTW!V1f5UjyzN##
z;@O+r9q}?blB((EiKlLsEIz+V(M;ZPY9*mg_S!cGOX(z}u-$drocjlJ4a6dLV;5CV
zyAzQvTg+AGA7+O%Uw*UnvN5-)T(UZNW8zk5=2kfIiinNBz-r2z9utTfXMhVal*O1$
z@CSIYck;1NldpYErD<U@H9O>_Ep&Su6|w$+n<<nRIj@Et2n$zyg{R?zgOAy1Z)%jE
z19|TR-`Z8zyd{ZhD2n0=zn#J%oQ*{`d=Yu1$c%Ce#UeWa@dmCKXq^Kaq2?}%Pk)nG
zXE4)q(LMwC0*?M++3|nXD6+w*HCxas0DPzqS}v;l5Kx-Y51I7y#2Z<mv<%<D-zhUa
zh36KK&%a@C&LlL##x(P)Fcf-krL0y|y=UTK$<knfELxI8kqYds_sx<_OFB8EA$Wm?
zrl(2vLA%BtW8UuefO{Mvc`iElr=IimKWMXkcw-nU>F6(r)CxY+h_m7Iv&%9gre%rj
zE_t~^FXLHW=9~plEhO*b!b9amDa>-C$r*%1)*Aw-UC&+rW8LPRtrykZ-&G;Zm#9Jr
ze8WObP6c{Ijr{C4%Hcm5u}f3>_3nAf-!>BMIk(0xc~&L-$ifdBsRkK2lXo7AcYWEt
zstCd<v0Kwn%px>?phfyKWPdDf-F-srProiQnEwapAYlTTuev{u#EZXR=?`$k!~XA1
zg!@$4Kbo5mJ3)iEVt%|=n+vS66lYqv%_+kB9TPTA*L^X;_o=c!?YsYPzd;2Fz>KB)
zl~HkHdA6IJH{;(AJ)a};lH*SG$hY7NXApZ@H>S+C=aTK}eXgLyMG|EyQoU}++x{pd
zFM9#ybnydJ=v_k;Ak&~oFaOocKJG4`XV*fLh``DtAFH=whe{nZGckudO^+k8>{(F(
z#!AO_@_)*&JpV&80?84N7MCoB2}qtEjEJl|cOBUyJ#K8}vxUOP4&!!wMbzU|WVuWn
zBTzkp0sXqxEFMbD$h=PD@ec?1(wFRWFZTOTP(S&ikWrIAPFtwaWFmrYp$64^6S4Js
zM5W~?<WtB{EJ#-oeR1*(_pGa|YU%26pH25KDuBtGYW7#8g<40aNkXmZ8^r5<+e%nq
z*#;t)rgA*&l7U6yGVTv?AubW@L)73(D%$5IpF~hQ1!nK73P?gg{jaG{D4>i_qRTrR
zavTWVFv@%~tm~YOJC8#}{J=nxN}>I=b1avkKOqDlSKr#8IP<iqis{Q$2A`SONtt~c
zF(cE&d?*7=SOqzgpBjBKdyV<oq`Mmi?8p%<MBy|Z+5?51emIf-7BhnjaOj^v$aEIg
z)p>2YGPLGUIV>+VBFGUJ$#q0!F7MG9_Akyqxdp7P^~fJB_ZawS{PB^a|0|M-h63D{
z4w<S+I8v@RlB1IFg<`#UFSrxQ+`HSS1g;V(X6@P`uK9tk3zw<*5BtMJg6*@emmws>
zhcr8S%@eCW;SjQH&(8!ixN?Nsl=~${w>J9P*Qep-FJdg8y<i!X00{<<G?itRITj!_
zC-ybv9Mqic5qOUYEb-**W5QMhq<+0trfO<fHhJ;-PYj}wl_Bh~-8nIlcbQrwS8vji
z)uyG4W*IX!Cgb(0V4RHuh-w%GtHlE1o0;YX1h_Src!T@ueRpQdOgU&XbwjXHN4f$o
zd*{|n&m+MHS*JU0;olYq4Cl~L1x`QbbR<`>#IPPAQ$T&f!Axu6{b_SOtp8}L>O02!
ztEq~;4be+@pXP@DxcpBNh@3#$Mvmxb`k-4(0*TT&;%bI=o{eD9Fp+VDzkvOGCXr85
z#74r9-X}|4Fdcit%<NMt_6gIxC+DItVh$gFL*FxeAhObiH*m)Q^TJ;hAb91o-?L}*
zt#*WXn3Wa<IGw;ePk28O^}YVx|0397!4ULddBSQEfS!uqY!j?2FWU;)aXQ2n!slXa
z*2uq}c4rxSSxizQD5?Pk0Ps2Z5HzA2%DF<CqQAeH6z(Orh4HNKQCd(d@cq6n%Ywln
z+6iuyv~Ru`j?WIMxT`rRf4zB$EWfkEIL56+E`HNi8x)do^)<`d{rtl>|7C|^R5r!=
z736$?ALb*3evW<`L(}MLXY&ZmZyhJj(MZ$;3B!rKyMic@$Bl@5Qg-H}CVscv4zVyX
zEE0UJ)7oO}ofM*W<XQ11XQp57K^OTidpnZYq~d8^yKwTK+qG<?7?_U_r_$JzSO2`U
z*8iY2ae<c~7z~J6xSGiM^A82%KP8PGV@~AW9}02*w}pRsus#hAarxuJ@qzP-DL@~A
zql0DhUwKpxQNe$C_iXt%;wbLZ)3)`X4DpnkV_Tx!@T(%s1vyIBWy=~t@3n5wA54%|
z%6kWuO8&2ZX#7>}-~}$dbgENXJ3e9O`N_M}6(eWFaB48!zQ~Yo1rB&u?PEBdj#1>=
zbA6$Y>3eP+nN3+P@vQkxHpTmH-)9f`C7>G7|E7_+58}B6R#d~~T-Ro$p5{YId?U*H
z+wL7RIq(h3zOioRBkG+0)5w*8L%F^2sT7mKrwu8Yp-36SSi)Fp8Y5&$T4ZTxh(WR>
zW^9ouW39+msLWNCtQE>$7c-W0WhsTEXl%)tZ1;>?_ul_~{@vR=^UO2n`M&d>Gw;0L
zd(L@(@9(_=yE1)XSX#@nPXV{uuE9^)eSl>NCOTh{yesfJ^SAhslK0QinMGXAug=}4
zTvyFu!N#Ju8YD3@N0T$)Rs1f2@j0-UL_@42L!J^&=u;4vo7g1fz7E+NF!q?V`3HH(
zZ|rd&v=;IW&E4S+dp^D!)UX{<xq!27aDhxtG;x_nwe}rwFmSkjsi~x)rJ4UhcVPea
z-kK2$2!DG-P@8-4?qHDjwx{R9F!HRz;o8*Po2PpP4?P&Vu(En5;~8^4X~i+GV-|tg
z5qup7b3_{Q-nmuCS3i2xa)l^iK1^W|>jJC~togC8zW^<Rq#e!I@Bg|zJaLUuh+viz
zwJh$+$<77cTJPY?5!&>#;H;cWk*f+MO6X8hLu^1&J4L)2KfcHyK`@NM?TM&UajP8p
zs+p1b9&F~+yNZ|xP4SaPSedK7#BhR@Z0(19VK)xVE1>5*e<Wa+O#L)R<r)3gE$|fO
z9Y~ALG2zSouef?$b!TlKott{i^1k-jL|<9!CRvwN%R!fgUaO*6cCjCqroohn_Xk;=
zJ9=z(<emYC9hX~-TNc&_DI$P^+J$mOE-7?<VD}8e)zE5QAy(^=%Xx&9|H!Ok(u|Fm
z#^K^|+-xP}Ub^75W`GGHkTu(xM;%zQN{C{*52M8hX3os5=d<TH28i%iE|fX=PaEu1
z{1O}7eQ5*Y*fq&iD5~^Afvyn|w^^h}d?IBgJ8JVY_k&Y;#+Dw@>WTL@&03+XMh1TS
zdenoO!_et1(ry!^J6DThwqY%p^|aVx81lK8qFaM5@V_g?&?-{3rUT<f0dQNoGi5Ws
zxelRrW9)O%a%N&r_G6fqlT?+UP3aCvXOvMR>Pu`DZxZ6yBuP2q*wY^6(;W3l0^QFe
zMRcDX^+kz}dNJm>XQ^LCp>{`+cE?CU<fhcarR3t}bmt<`wzwnfODyzHtRLcjsy#>=
zx=@~Vp1T<QX$yBtXDI!8S`3>(ok=y@Swk}$=u}NTKH_~oM9sS~(7kSK`S{`A{0h3a
zYSgNCe43JcTX=iULKvQxc2qk4aKlu;yMXCKwsA}yP4;7xuuz_jR-w{!_U^&Gm72Pf
zl%_IMDXmz-^HE3KKqk^~Sei#1b4$aDXQb_!aHh<~aqO_;&8-U$gmk?#7ddwKv}YQN
zI8y8~)Dqwd++DT`z^}i7uirPVOVqSR)OUFG&oIefd^L21+TYn}>p%d6w`Y}>!LLdG
zS9)6f`UI%&rO&O0GahO7jnQ9sZ!pB-baiDi?D6-_SWsJom_wbSL*12g`8F-I_MtK>
z5`X+14OR6`O>=~BrhT2pPMtfNqfItXZ>+5!oiDu{V5|M+tk)(a(KH=?8wZQ`r|m{(
zF1Yr0C0%HV|5#fd524;fX@)@m0ueK5FM3x7ubnPgERd@-+Q4}Q;v)~vpF?L-eby}_
z3`-Mn4S9>nH&<wxdBJ2i2IV0^GXMXL;@^r=UU~m%r#e7){Dzb>#h{a05y?e<?Q<3H
zUzL{#Y(3t7HD8C>^)=~z&!orA7uKtR$;EajZ9sTNM8GiZzG*45+VWXY`N=0FbU)Jx
z+fbAJuDfq{d7upU$%b(wrz8A{SzpIOp+}2clLgWKBWUcZTq;$HGZL%wn#Jz|O(`)O
zJ&bOdv`__B8?@;2LNcAIwW_VQm@U4;E3K{rzz<2|dlKXb1?L;lLlhljFSeBI4yxi`
zbD;0eR#C#;*ewf^>e1u6Qtnx9Ql9Q(!oB)E(rBXGkNqOCjtN<ZR^FUt#Oy7Ji+zNe
z_GDmabOC~)^w{PE5C3NCYOm?2G{A5}N@;330HvCjdowsKN*cY<1#;RZ<aYy{mEj)p
zhFF;#U*~YbjD}>2!|WTgcUPc6YGJ@dF?9O&W}TNaA6ZWaL!LfBku_7qJISkr+>C|E
z#+-bul;M2SX#hy4^RtB8R!z(hZt6UHq8M8vRqL$fb2283(Bl<d>g7vxBKv0@R-ub2
z;BgN6^F8XfDSRUJo!rTFuu+-tM1O)G`@?DoS)(ATbrHJNiCg^&7;^4^fYf9>?kYM(
z_X<?-xpQ{1zJd>5tj)<F;~kwYs~}>c+L0FM%z3vH68l$JPhD4!gg<N&e;qgJfjY|j
z--ElmHXs1?Tu`lpexvwHgttaa#$meH@t<MV_Ri6119u;ZK{eA)rh?4Q8sM3_9Zb)_
zh@8}}Byf$ve`G_d0kQ7ILx;AJ@q@WOWffJktp}6%T6?i_o&gIVjAlsjFZR{A4jrM1
zL8Igs#>=#;7w!jC9^*##WVee=+>0se7`m8%S7_ddvP^j958kiOPJ|XUCPZ0HsvwGe
zpA?Wr%cq}IQTK?oF`5@h_2XLMx{BB@m(v=WXx_d!5U7Yb^>7!O*s<RLjKqtNCglGB
z<E@H5-|)+foTZ-=&kF%xBwvZ?kTm;=z;@5IBNWLt_J^LB_pUq!xD3|d1$}R6&ayFB
zGnw%nBK+>$PUjr^W7`#fdx#cqsrNli@xZqX6->u25GtNqBY!zEkQ^<q^-=H~a7~ql
zG9hmhBldM@FGinP0}T?EPVUK`{Q1fm0>L}p#fE}y&X58n{KF>w`|tNP$0uFgxpd6W
zy_a%B6gXu6Xt}P#HlN$EeA(yIaejA?-Cc?YfK7{WlF8@K$zEd}2(j?nryZ%+i+tJ&
z6fm!Q4>Tr)1<8S>IILsz7ZL2kdKjij?VEGB!+N=k=dTfVcoF#AV)ik<SX)8#+O-ss
z)Aq1KC%2dNEtzxnUf&sHkH&I*M4O#dcL(HjMliIux<+Wp!xK<9xRHXk!O8;Z*r#7n
znkMA=&+L+Y9)9uu1Q@$@b=<h8#>>U&Xr0duv`L+7lOlj#0#vhT%J^deuUILx2VUhB
zVUxPvc3Apk@ht@$T_B(ENeoXX4pgvo=XNixDD!TTIPSK!)_Mn0;7WEWuuo*4T0vm?
zZ~w>i(~?-SzG-QVv~$@200o9pGdnguA9BbwO%XM&Q+#OSvKfKO%Kfm^+?R`|hIFD4
z@K7asvhkJ)hDlZMWH2&$ozUBAnoMRZBEZsT!gfvprEs=hovF8Dv9HgR!0*4fwvE<j
zbE)K3YQNL-g+j#<s+G$Py!JLsW=wiWOu=&R=d^okq69#>h)!WWWGHwfc@0q60kiZu
zWrAFu4jIYc%c92M=U(y(Kh%xCR#)xs%Yax+W}y}ZS*l33n>eB3j8jo*r|n*6z0C#J
zN+Xf7pnZZkAghhZ#AI?@S4H`CCnY7}`Jy`e>{f#c5}?+^-^MF+Nydk*zz|s}u(!g)
zyIRgmKtf<<^h7*`FIdW?9Wxdr&YM_pn=_CO3RUPMU2tHQ&UK;~1cecXssyMCP1YHA
z)CHOFmJOtz9P=>PrH`zclqle9QN4f<n^z+q3dM)XsuJP0F+h}18_fhR0aa{)FbH~c
z4^%w@EsGKWm*Bnm;uyr+`Q++n27E9nDd-QafO~lZ;=tUMP9RApuyKCX{6z4B1Yj##
zY4=<37!{SxBnfD`m1YW4N=S;5%VQl!=E3aEKH^hB9kSP{_!G-uN{Zlq#yKkW@$e<D
znL$?^Ohi^A0;t_Q)C<V|$%Y<Mlh+4#iPuN(>XLvz8_&%DDd?Yf{M8rsG{Lp5=<At4
z&(kFEa_~4ree?jC*OTiY0qT43>CIcu9<MS|+dB@2!GJQVK!FgvBq;gu?faR!RiJq6
XB0JMUMc0iBdcX|#AH?PDwGaIr&Y{;q

literal 0
HcmV?d00001

diff --git a/adfs_claim_rule_group_membership_admins.png b/adfs_claim_rule_group_membership_admins.png
new file mode 100644
index 0000000000000000000000000000000000000000..8147783258c98fba3049896ae0c1a580d92fcc09
GIT binary patch
literal 9042
zcmch7cUTka_HHPOpnwttrEfqWbVBb4A_AdkkS;wSz4xjpNS7vrDk=e_Ne8J)4_$ii
zH54HfY2l7~_St)%-#z!a_n-UBm&uozZ)Vo4_P%R93DZ<pA|;_A0f9iI$`9^60)g-a
zfzRVB_`s15>5Jb$AeP(8_wH(W;cbqIQaqQt6*O>hZ^e(qKw(Rfr#>u+pNokHS%vNR
zlrY=f<|JfK271-*@!1e>uFttlYNsmO=WJmo2Td3R#d{0;=hrU%vE<DpVi4j)V_>!h
zil;egV`LFJEVaFv+U2~+e=TJAr9lUFC0=swaZZ}n3j@tdALW%sV?R<%j<v70%f1ln
zP!Q}l5v`@$BbR&lgD^#Ad@^A2iQ(k*T{n!?spopkbjUm50n#MWV$$)=S%UZP$(`O#
zzf+jwxur6uHYC&1KDlyyx?O=WY8MqjKc?R4>obT`)>2nS2}zyxOr!2DCw&87#s)t~
z+O?41e&2^E#xj{7TSDpENM|lTcUU-+8#@26o@-pi=|r!i|LP9%TO3Twq|XalVR@Fx
zKB)Q5k@?G6Gs-HAs|Bp1zrAt?83!99@uiP&SI{5uMLdUH+*~1oHa`+f6u-A4prSDS
zoqs(yufXi?o4{n<SDMex&;NK3n}2^kxFL+N@Ss3aim`ReCwVhEjrW=ri|72UVsEb#
zgBIJ6OLCl;$E$~B+vJuZQP$r0W_R9La7t6WmhMcl*c*ivn4DS2N42u%tIdU`^`n`o
zG)=J*n`By*4|CNg<mG<oBW1)KnOEx;oI)KyeR;HA){Xk@wp&c~$*|tCFYiBZlxLFS
zoFMAvaS)BD;xBuIFQn^(i1^FWV56l0&=PWZ@+ea;81GSyI$L%>1Af~`;<`dQOe<d^
zvV>dc;Kkc?*0-TPNpT8mHAe2=`Ys2q>FNgzir7C924@<1*cKp@l{PHC23+OkkXxP2
zb|sx{s3?uTq<LeQoLQd||7$VVVCYNX_&(F}S$43o86ojp)=65-)>(1ju(d2bPFHeU
zQ9sW5(i;o;@JMDb;kkv`#g%w#8Y&Hx&y_3-ih07<)&ZcXH?QSJ*Q&+LcP--Xbz_&6
zQNwy8up71Bnkyq{HT@bkF#Q#QA$u(c7BFT1HyZplo8@c^`MQ8m_qN7!{(?l9;pHS7
zpW)VcWy$zA7W$3L#8+Gt<B6q9(w|2)a6!)*d&#$aq0Kt1^Hqyif;8`Q--JGVM%>Hz
zoH<_GBaS#F&5sAe4nCSn@x)rZCmqV?eGMBliQ0Vq#zN&(FMp?KuI4<jLw7U(ZK{lL
zz(9PhLL2Kbu2+!K?uc5s?iC#;Mpp<a=BV|Q7;oMdL4<Vsq(73rD{waSP51qEsf~Oc
zpJByV;`Z4xlM{>L=uXh{ub}YCipD2w#5j6ZubVLD>v*8vV~0=-EN(w3ZT&1wIc~oi
z*e${0SjFR6JCUr)E^Nwig1?Vgsl;}DjAdP~d$e@ZDuotr4yGt81_t#K0wYKeFG#SS
z?9Ul+4g?IbL85=pT8e6zAY{#QLOEz}KU%WITBq!DD+!FKl#*6<IOQk7GP!;0JOmfj
zekFGyHj3I0bmT3!Q{`SiZQL_db4$HH`{V$thyOB;M}dz?cdxn$KOp9goQJ-wJBDCW
z)t$|<@Zet5Q=@W$3Y_0zx@t<H<hyrQ4IT8<?E@shs+Gdw-dn>rER;vpYS1}?!-WX=
zvgIjVq&>#9B*K%8YVYRBH)7@D*pqcwrXW}(b0nuaFwCtI1>TEH($UzlBJQ7%bVCJ7
zTdPU-?Shr!x5RssVrS}&Ty{KcrTQMF&*aTu-87n$x{P<Of8S{=EKJqDcclF41mqPV
z5rFHu8_9R|{Bo9r;+*%j0PCnAB-p}FMF~HYr1Ydqp|LOyS^ds4M%_Ht=B^us*wq!e
zUiibMS6tkB<{9l1wL3c$RjUuKekWJBRP6Wciw#|_UAiFEw|k=x-`rH0(X~`3xnpfe
zT)&lPp{NFm_q7NMmsd+GG8VUs;{L&QpO0@E$v@Z?AvM@bX-Z|o0kc7Ed{;l1Z!iJB
zXbLhde(#yGFGiQWc-^=CDBXHH!Mc5)!jHeXBdqV~s@wjRdoO4?1h4xlXzp(hcykkd
z%=YQf)GEj&qAL+le7sku%&OVD;@6Nc>aTr_zj)fR{fXVe=?i7&8+lXIYeXAj`BJ9@
z<@7TZ?F7(Duqclvw`Lh}+{<G?ES)u&A=1RG^272--dlB3@AgY)n-qRd_N12m;wW8D
zbjS^1eat1aT)%)s2PEuzK-rtM`s?(Ynb*Z?GTt#O8IpHrBwY6dL;jEze0DcPGj~Z>
z$($mQMW{pz)fxNhzVa>VCyz98$;M<|-o1mvP4C{eAg<T2TA1I<mH^x4e&%-Vb~vv#
zn}(eFpMBF0gHi}(6L2o~vZ69xZFe_a&3(a=k-WEHqWbE?Fwd7ON+9hW*f=FNYy5V4
z*!=gfdrJl{FmXN`5+)ZLBXAQmH{GsFp&&SBX1xol-YI-#G~`)38BV5$U@rIC*X7G)
zNkIz=jc)qLm8bwy(xAmy*KLZ_Cs^?vSY#^7azKx}%toBXi~c6FqWy!>wK8iXhiNQH
zURt1NA6KJ9PejDb^GL&FTONY8RU(x&skjf$qoj#3L=^bR$^#Fs4vAfD2pi}EUTfvu
zBD+<7AOZ7Ni5~F5ns4T7JuoPKK#lUj5-)N8Yw2A{SBcBK!8W=qb8A6R3RX9!?|VYz
z(QEz`>1_+cE<#QeI-TOrOkM=l+jI!p#Q5K`&T=ex@4YM=G#{p>l_(&?(W;^sdv^;a
zkN*C`o#QisuB6}%Ckb9_RkJ*?>=3)SOS3I?F9J$E*|fu3<gTeD+KJq98P^pFu8+}+
z@bP;M*>G3gp|NZm<Ehom%;abC$#C1yq0H{y-%+YH^=~RXUT|5vXO4McI1=%$<8_)s
zX%~OzQlESrB>WvmcpU5@rQ*Xl;-@5&EZ1&E`=`w}_My7F4<TdqYeAhYyJ|}{;qiX2
z_Kj(_+?%c79;bHuGBlB0?NhU?&qR%tQFMY)r&KWnpCF+-+pNfUtb+kp%t@)VmhxR#
zNqMvSmJ4X{IiJdU?)jwJ_&iRtmc|iTe~RD{98Vbj{P?iQ!FrgkrkpXdR(IEWcf-XL
zx08HA`+D5Wm8$v4JLiXSU8?=-UU!fZOpzp1gdL<2s%x&|6@R?FT^}JyEOw<LBl`<)
zCCmaY^Y!|`0bkEERUQ+=gYc6^+l`yhQ#feS{CX57&d_L2eU+<oh{$xv_)*iHRf-eC
z-p_yJJoj*B|H2y1<d{^3AS!`8qitg*;uQ{ZZsl6ISfz&>2QG}JV&S|4)x4d{ceaHj
z?n0ffuzU#)5U6<}lT_x=k@vP|N;w0TR&{l}v}`P4F}{;%@uSYv?Lgq!zE-XQ=s#%6
z;+9mM8{%N+*Y5`zRQ$RQCzJCz!qb^OQz|uw%9*C%D=$$gWc;)LncYmfKpkbIfwv-6
zcTpa7huv|=iErl9f;-+%I1@Z208Q6lzkiL2^3zIY;9)f&0(c59D>xAB8TU|anGPAr
zIA~IlA8V)b$sy4|-$<88=fIe#?J*ZsaqfjL%4qMSmx9359h!Jarl&c0w!Iptc)44_
z;)||s+9KIxS?>#H^+@<7o<h^FeeJlJ9;61rG-hpS7dMo6uA*bj*QZ0V&n<f7-^+{2
zlTUp6wql*`pXHG_`|!rrYL13v`nc2<r-p4_VGZ8QUC5WJS0|$6<S*}2OT^D%34^2V
zWe_lp5B?y1t*3Z_x1ceB|BIM{-oii};GY9c2#ltU1Y!^{5ct55LxO;ziE3?><PYo`
zCo$^+all2Xjsj>`oF1R+W^thj-@;V&=TnI1gc2a|fue$|xre;7Km2d;ZcuwO6xsYy
zb%OxKZsu@?#?jqqE(#g5_Pte4kh>nRb>V@BrYz+e+-lT)wVQrW^V08Ky20@}<NXWJ
zL=Qe~Fmzdor4)8xSH{0l;5hNd%tbQW^OpGAMm-bN?=pj?W6O6sLU{(Ayf&RI>F$#`
zh+h44S0<Hur#~{{Dtc)0tC|oil_X-rp7rt(a0-Hxf)^P-LQQ>bRqTm+nwW-kJq;b$
zu4)|5WdY&Hu7IdCQPT<zpeA8J3;Q1cy8bt<><h|Xgl;AA88`SH@42I)^_PM);B25c
zC|(e>2NVRY_dYf|>cyRG$=6g+^UaoHnhyeS4SV0sM$ij#i>*S%&ZHo;TRo#j1DxP+
z^s1Slqtm9q5i~H^`&E9WAemcZObNE~twECudPp{^=rM}!lS%NdlW<LrIbku2+C&+r
z9CCq^RlRKRvy0!#_Lp<1&7;MW^8=wD)oE5+8uqM33NB8Po)dQQ&&Iy8xY`De9vJr2
zP9v@rlFkGK-d4hzB%2+Tv`@G>#-wkpUUn-a*F+t@K&~$6N8VKHMNQgzstQ+6KY*ur
zIM|7_?0ZdRrd|~n$Qd~zxnCA>1umm^8YcO+UfQE7Q_UWJ<t;2qY(C^O!&8l2y^>yU
z*`c@IuCu6K;XxKxM#ByQ>!ZXjJxrQ#V9fMZV<%UQ3<zPPaninXF4D~dcVOk=gGZ+s
zqt0HnFD^eVPF`5Y^ckb-vh)myo^rscmbU2_Fg7IyDBN_N2Mcz!_r%U9(7^yjqs!-H
zgmh8-06DCF3lrvHX9Xe9SF<I@bK^4qc#8QJnDlYF<E*9(Fmj+n*=yS5$Edn)G*iRu
z;(!$&+_eM5^V69(2!4BWvIgMMY>oEQzb$Hy@&B8xe?<W2|A+wHXFrV%xJ7X>uSX`7
zPNJE&$Y{2};$?jchK7uB?EzV{LtI}#69EI+vDi`R_hg-v+OMj7&3}+z_Nqjn%j9J2
zLJR$E49brvN%M%^CuqqcVpv6QPlieRHE}Wyi(o!!=%WnFJl?d?w`v^Q^j=)6Bu{|!
zRX5M)CFRKm3{dUul9-X}G*26mHMjB`+MT52O*;qD&!s?gR#JS%X8KY_WcX2){MV=t
zerWbZX|$Z|y0DV1@GnibDv4$Y+h4?ZJ&pdT!oPK=E#Y=j+%Cli|Kupe;N+-*OSdTu
z{?hvFp?`0tRiMKYBuqm{HtKe}--R)Jv#@fUaXdz|z|Ly;WTuO#@>B-CQ=o6V5H@4q
z<k6iFru*u^xr+zop)$@Or;))bsdV!$&FE58V{<<Qp2mm0(=v5f;b!c3l*kZbeOz`f
zCF_4}x+WG&Gl3IgkY2eC-?n$1pI*cjwzeDNNI&)10)9D?LHSLH166KLwyVWEbTowx
zrtOSPCs=#cwjaH*%hifpMH_XU+D^E74mpbr-3~~pI9nY@(k?rMXBwnBcOMrsSKUsD
zE$d1sn^3T!4(dsSI7GVl!3A-RPDg2z-1~<V)Z8U9qB0r{A1oIN-ju(Wg&|M!YEN13
z&D5P3%J$*%qq&;q`O9G9Rp+B_j;Vt8MPkgKNMgK`i2d;2HMHwx*UvtV*z%YVI2W`g
zi)21L%%JUSeciW2#UTFi(7}jwJy4{W!HvvL-^N(cck{e_^&t<=TSmr{I^I|3^||?W
zU6a&XT!(mOkF6C1EHwyKWbs&DVAddV-(G9%l%|^yh)Gk9Vek^<I5g5Y5M^L*xE{Q1
zc@X_EPrhLzb>==sYi4E>y=W5{a_nQ(SOdLS9iI`v^w`H#1@;U{u1v{0$S@oz^`2s3
zH38>PJRI38tZbH7z4}QI6cTTK`EQ<W;{Pk(18)5vFu?VY4G0iW0wi$DNNV4g0?7Z%
zz$Yyh4AKpTM(N1c8n{cl9aU=&z5K=>nQ!AD*sugXFjP;=_!!mFs>9PhM-#7fr3uRk
z_b)EG77C#mkF@JQ-@U^i3SP|fVBea%McP!x4S&*WLG{)7;15nHdN(VoryO;v6&NLi
zXV(bRi}9mGew=jBdr3!Sc1D9hBS0cgP<2nys;FxZKIBo!PKR0g?Kl{<plVW+h@iYH
z4z5BV177$k<fWG+L|co?O!4wl96M7fY%7h<*I6r=&jr@vDgZj8zm5%Fh*81g7%W<B
zUVi%R{(a<6sQVM`Oc4Ll$hm|RM6}73V~|wpM*T$%rvL{y?Fmw5{N3TfbLcZD1k3^E
zh=*pujzy=ke~><pKg*^pK?&Alsb`1RyqGJsG3__R1=^O>N0XF%QyNFe5%{C9(5$2U
z3l|t}A)H3m*5?`xr*uth8Wblel8}lf#`5f_FxUrPwe`3P<SE2Pahh!XJFt%8jg%?*
zYaMD8<T{B;`O>r;gE5VV+0#p^#-}CFFKlS7JDtO2Iqi8enYP797n3p>4@%EtR48?`
z)5EGu<NyqGokr~(1)iSUygDe07IBdFI2@Y{aG1OI1di&`8FZ;sMtVUL^88ctq-%S5
z;rnbEk@YQ?v852D)x{N^N{xZ;mubmxjBowN8YP3%u+)@v>BA~UwZfNRP1N2->6^r`
zoNi%wcp0{CJ+{0<bJfA<MOI)>0#_N4xD2&Rqj&&rpm)YR@U$4Kvb}F87&Xhs*H}JD
zKN`~)-L}lB!xO1G_|>^rOxW?t$f98uEG-hc{Nwf@i*P#Tb#i=?TKW-k#giF4@x~lC
zz#!v^+ye&|A=NKr;DxuT-{}uNs>r8E<l@vCtk$QkfU`B2ptb1roO*^Zsty84l8*aJ
zZ&w_Qiown%iwkwo<?sjaP3OBv8+~;#9#8DYJGT>ciwNsKpM4uO^50UeaMLL}d=3fD
zf%%!%^$i82n22>}%3K>Lc>r7O<7^d?G*1z&`-}*GR<^T3f1+eSD}J(xupv99On{tV
zH%g$>s5M*jXl9Lg&!k5sJ>;rLO|}fi9l=&%xUZ<=$G#tDLs_00Ry}4v_EaEX^aq$%
zCS+FP^O0SlHS=TDo+ck&?WHx#yT~zsa|IF+a)4>GVYQ(ggMM#eb1B4UmF{AW=$1nW
z*e(cgzc1e24x_LBK~a9f)}Mj=*X%!WE#xQ1bGzlSV`y04AWjWn*`5<fL<7mJ+H4wr
zx6Rs=-Q_z80)6nck|zkdd@Lz1O!t|f??;L<QUr+q&ktzGwo;@DW4fB1Zg`%y31sWR
z4f5BkW{X1r>LwY^*)})vps44-S&LdHG(Td>XcI+dA_kMZ#jeK3&PRn!J_$2o41!j8
zKSc{6R@{fUQKKnd4k@LW=*TBZ6z`dILT~jmbh<4HP?`Bj6_Bo~PA+qWU0&f1!mgx1
z&_goA27*==Ik9T`+vT*5)Gj`TxFK0H|GKd!acn_?ewpijXdwnoqke7(ygs-2dXly{
z8}?dLO@K%-zPqT&?sT19)7M(>bQYu@$}4tpYD|N>GC!y+Shg=AlUVGdJRNE13_H_;
zX(LQk1}|1nMgh4O#AO55jadMheb>(n0u*r2I(|y%nzX}BaM|fig7v7tDhU^##J95=
zOqZlL+KufOW!7i>O{4#`Mk85T6>Y{J2%oEITnKq2um*vj5XSy<CXbw{^DFVS3OpBS
z2?B_tP<~R(W*>e6G2-*g4(HXx+^6w?wVm<NL)v$da!4^^L^$`5BHY8QG4Mv!(MP)R
z7+tJOV`|8K^P=|QlIgKcoX?b1*?C=YvY@GJi0NA4L$(C#@ca8rj~-VYF>t{vmW}FB
zk}v)cF)*;NWYp_Y9Lt#3Ud;mXSl;uv$GL9hK;8+nEu<{5wrZVXQnMRzVoyqhWWkWA
z4NZgSaRkkKtqWZM2M7&BK6JzZmkqoofm1EaOjmAbM{ZVfR!+Xj3luG$7O>N^fN+4(
zT8X!pS8qh4ByDaa{s{Uy@E-B;i*Vx<?UaLT%pLZx9u<0z*b*QW#CU!-bP2?ofUq)h
zz<d7OeyfQXf!{kp+86m3LSg>J;Q)C0iBSJe-G6EQ{FGcKVD;i+QNyuvCFkPD1qMM+
zEfcUqbTNaw<#K)kO32I1mY^N2sf~hX%o?13vC={5Cy!XZ*dW@S|Cn%!4}hIjzm%-w
zg4QG-{2~jAm-7MUz5LpCuSJ6QVvfk2rJ$b2!%@w?5H%Zc(ayL8-kOr^nXB&7wOx47
zmUm%9`_aC|(zZ1cig;nG<9&9_ABay*FXx&o+?WwT-vflCb7?Quy(p&pOvr|6&{j=K
zRPDH0uyop8vRb-#-O`*p65}e*)5{5$=~de5>O5bO5A-YvxCAOf?rBZ_4ubfwZ7V7U
zi4YEL^j2@RC8w*ANnn<1E+a|M5wbT6wwSe)sM&aZd~|t75Fp$anzEFj%$|HXHG(%&
zJzbEk4kTiOPJz2TwXpR#vnSPAw76{ccIZhK=m!>d9Q*wJ;>M3bnRE@gmS!X5M9n#L
zcud?AyC=MKfAzu}MK|Irz9oO5x!8UaNu-HNT!wg_*8oMKEX3RW)5+Anb2}*@Dg_A0
zaeuEWgP`Z*#^;4V4b^*$39)*BoWWmJ0g@!(*0gB1G8#GLNGKE!T`rTbz9V~*7=y!E
zQjm{6JQYi+NEHn{p5DPNr=|-3%zlq8ZK&<t6RiCK3?5t<<ABQp{^H>KJ&EyLB`+ri
zvoWt5?%brr=r5WPb3=H^!L}rJG3dRu;^Un3WLq=()GV0nai_+KZ9*6WBIWtu%=3J_
z$C0%+2dk4G^-b9yis5z~M@P%V3uH@HAcHF$gSq~>uzd);h1uo?HNOCp{!J8FMb*l7
zVxFvkXG<Fg9Qh^@0vL7Map8vTp1C_Yii_{Hi+>~RJPcj_1WoCzGGj%;0XGs-BWEDf
z*k9V&aiQ?UraT64<bYkh7D1Z;aWDM<;~1>(qqPtO7z;a7w2R8}>IIJQo&n0kY<u$o
zQbZB?$N~c3MuJ~5?ayGbhG??=)ZNdmX~zoxEa2BqO*WuJO~;P@KZXo_$h0K2PO)Qe
zD<(feEDdOj90TO9REQ2G=-y)8sVqfQoDgML3<FJa!ZT7?w3_Ex*_}sWAhZ^>a&y*`
z_?%5=?_0bJ4zpq?AzK?;;q$}O;ny1FuFblww+v}JD{5q-Hx@QDX`{AU4~)5wL=*W$
zj2}7(zbE~~fUv>#zkz7X>Xqr=wzXM5Pk7>JQHzOOGQH&rCYWGBeg$9cSvGbPOo>a~
zNPuX!GJ{qDfCm`M$12O-4kMPyuB2}cbx%0zyWK>E!%?XC9O9-^n3Wdl^In*6S(jG+
z!USelZTaMy2x#^Dcpb@*kja<ny5zm%?Uf28Xcer2m)Bb&)n;_{OD<&-^2{6cgRp5}
zfBo5f{{`Vanau?2PIe}jHY;v;xyR7B)~VT|$;c@ofV727eZ!c(OL9mb<xWiW!76Ws
z?G)%!#b1f)Pv0Nf#jKK6dxvPEs#ZyW6bGcapN4x10l$TPO8nhAm;qV`)T=&?ll5N5
zD_IKR!+lrLglNj!xkO!yLRDNhQ0D=R=8^_pZPPzpeQ#dHMWg+SkyT1L5#o7N;<^u`
z=<>!H&V|v|G9j<XqR7@?oj!Eys4Cy6uC8dc&AViDY9|#pBM2)w9W%H8T-Dxt=t^KU
zAPh(YacH48f5?tqOzF^&217~jeBE<!;F-pm(<S|G0eI}FCGT}k^qn>b4o;eTo(>G@
zi}3&#uFtD4?VZ`8JhsbGdQXeo&HSu(1lTQmrhqk$3o6@@S+KV-Y%#Kw1TX@%n0Tp9
z^kFz8qX9RC2rnPuB0xOH)~1eT)UE>XT%S712jBM4{#D=~{Vwo>pkHeI@!wfDZvyy?
zVeD4mUb?)J2;nV*zS=qR+8^&4qJwgPe@HR~wf+KB;)Gw@Z{=#D1_=Pl^cOk+ZLB{j
z{=XVpf5AtPJLIq4*Po#Mi#WyqtoQ$eLj7LwiS6&rvA^yGLOl9ADE-+z`?X*M$cO)I
zwEg+8|IXJ^{_zUGI&r@rru?&m@lOQ&*TZxHsev2+Zv+Qk^S{)4wt&?CK+}H<{_h6h
ze=aal`!DzUA8G$DX$k<Te>M~U^Irca;|TwMGS2(|OXCa{XOfA2-#_0J#ku4g_kAz-
zzK=LrqSRy)ful4k*LI=e5Xeu`2JC)D0H6&Zl0U#A05(L3cH>05)l5EV2yd6gO(dDM
z`Uyx2Po{+UuiMJ@3ZDz02@QA$^Sh=ccNzU~tFkh;GX3-sXxI5YxXndN^)z(3t2;C)
zDZ<#>ftQgJ%mHUtO)5rREODtHX9kjaOCZomrAs$C;0?WgpI~Lrbdq)*?;$BT;Act<
z?2$kEWHoj*a$#NSM(Cl2e%*qd1OB2?mb3P3>#UGUT3b;ubLw~xc*RAvL=m2GZKQC?
zmx18g=q)#^3L+E$P9zKU!Cs=KC&j{iA{ko96t8Zn;Ne`u!L*1<BNQ9npgfKx;%3g_
zNnY#gG3`?kcxvc2uY4_vbf%Vm=|)?MI#R_-d$lQHy&0g@*D|QpyxH>FfogV2P?wcc
z-BbYMoscI^->$(!uQPmM6Fu9wU!h}s`mHvbQP#(iAO8)(N$r}QP1`|#x3FN<pe#Sa
z3{iw!;5ACmtkOgsTYc)!h%k~4g(3)z{7=3?7Nu{)_bUXHVsrYJK0F%Xfp41i8fYJH
zukAs5#?^gI*g3#J`9*UeG;5{rcezW;@xmV!aOuABsq+!T=ziOyCwE(T>ThQT<?eXD
zoS0P%gr`SI`4|_a4;OXn)e}hGMK)PsUC!Ybb~9&!x@0!JihbFz=?k?bU+4CAz3<$L
z=o)buUS+PJm@Vd<klon_1<Bqy+wqp8M<P?mVLIKqIZM-Y=rbU(u?KhM;8u|<X<ruF
zZ-h<ku`^|)7PRf@ZLd6QBv=T0gu1y&gZ=7qF<~{&4Wu~<KJ*K~x6;G^;ag}oiK!+w
zbop@cs>g&>Dilvn;Xi`xzb7R&^uDd^apvq9X0!oURWFf+2O`7=4K-GXIK}ud($de-
y2l@ASvw>bA*gzBAgdj`&CK$+s4FpWRxzXW$yJ-AxEx><eK+1~h_lo3Ap8qdqVAELu

literal 0
HcmV?d00001

diff --git a/adfs_claim_rule_group_membership_users.png b/adfs_claim_rule_group_membership_users.png
new file mode 100644
index 0000000000000000000000000000000000000000..28600b61357aa435eea69a3662c428617cdeaaf7
GIT binary patch
literal 8988
zcmd5?XIN9)whaLb7El8UN>NcDAT9I`3L+8#4G2g_LZnNPF2w?f0s^6g7O@1RDoF2w
zlmLkmI?@azbcE1b-bT+k_niCg{l53}eS5K4du3(SImaAh?L5=h)jE3U^dS%kbX5DA
z#w`#CED8J>9s~m=Z_~(~AkcZTwuZWa55sJCF*{ftq*kAIa82l1Owv{6sVDsRy$P&#
zBNt}ISiA2O$$_j)as4*Fj3C_O`2Zz&H|2SXUOY1h30A|P|MBm$+xG%N2uL11#jlA)
zX=6afMXsW~kqzQ(4^Fw98!^8<uVz|Mb?dlGJ$u$65p%7I<e%$&W*xrrqe;oplqo9}
z>pFqprO`u2P@FIZUFJ&|cuB+J-N!R`y-&JqEiSFO&?kDl??{&2Fv6rK6)FeHw6jQv
z2e017f_c?Pr2WHRSoa6yoTq=Uc1_>U!m>lz@q9(yY`4XG>+r`NZE3BXDtwg8j(ede
znD{(~S@W3GbW}KkvXs*5sp7mL^YzEMC_Rm#B|F%Tq8+Rs&M)}2NEx%lPG2~W7%2`2
z2Nkv2(p-l9+HF7I?%R4_S(dRLQ4Q0?X<G*fwOiTamIC60h#ad&Y3BveNYSj!dm4|x
z+cc=)@r-s37^~al8)_*-wB?V)8T&G&827QOq)}Y(la0`WZ42$PdN`f-B+;IiIp_EX
z0>C!hcCZ-X+*2Mfq(8r>I43Nl`EpF2UZiRGEt828(^IR}sJu%>eQ8~pb<4%DyDdr@
z`5S8tu8&MXtlwFhxAG)(VKK{^0($&`*Fs72xqme4@Vz7*a_rq95KkRk8bc}cg?$TS
z7jf0(5&)y!AHgq=#jwd43G;=rVP4^oi?-kHMeM7WqamNP3+wUg#yDmzAZheZ#d-NC
zn~B$hjLMK{^H8{^m)E|huRJPktuGS=(2}+`)hG9TQrL$pi08awPDCFxR!cnmIgumw
zSx#dmwbh`e%`n#SAh+%(U}Ftqo_%?J9CJ2_53+qGNtE<q)wUCQNrxXtdIU#uRaUaT
zgbqhJ-1FGd&CNK^#XkV&AH435YxbgvKfO3bUDAR{1n&>6iNvqiz6MX-!h$Id6Q^Mk
zBLQ{E@SnBc^V8wy4FYs2AjJ8qM1E|CZQ)Lsz}Y(X8@N^vzn$i*BQM~j<@GCD%9xlb
zO&{3L*SL6^>!g8|bnf+#mtXPnu$z$Q1xS*u5Lvw{86JN0=%lAlh8X$f2}cgDE{&8{
z+pXr-M&WHfEDPuJp{h}wUZj@ZEQ@*4+u;$nP%wFlA8Mw?60a$m3^$e)>dI7uF;6gI
zJPYs0X!FCx_-ZRs4%}aQDcd}8dfNY+weMEF1$P_+(^CdEXUCvQ_=#=BYd?jOG|qxS
zsk9*$Bf<r3zaJO^5pzL1x(&Di&#{u)v8mdz7f`Vm<l}yoxZ~K$b5Cn``a(4=+;HW`
zK?H;4$C3=Aa1fB>ARsx?%%3?3h`<D-V9AHa{><H&O+Fm^L;Q$_M|Ns+>6m!UVWWW{
zTv1?yhlXMHH3mh=!y4FxJ0&*iu5FzPBR=&9?qd%u2b%T{?sUV`o{uq^XIrXbFX{{S
z!<NC1E=C`|G`eOCw#{5Yl&aL#7@%x=?&x)eQ#8*YW{9Yf^0)mJd_om<6A2StluXHw
zwx(~AdM&us6Fi5|IROfYp*u2$E+xeJz7myFl|Cq&bCwxmX)l*gzsC}m<t43Y_75Yr
z60e~g70wZTd{>qO6F_;@S5TY1aXp`CT&iwT{psWY&Z(i9i)${WO|(nhQ)$!6dTUYv
z<=ZPP4D{W>feL#~PwbN{*5J}CGPRbgalP=X>#=MEQ+o4gV$Z=OdG)4D&kOgn&gRrA
zEe{G|o(cP{O-h}7e^Nsrq{xb8T!~#Xs_b*DG{rZ!dTUqI%|GfBh%RpM6Mu>$w<!eQ
zBY*eY4Nq>QNyd02lJZtRwkiJWVEXmjT}<NTS_xT#U5!(l@eMsKk6dk*mpap!C9A7i
zB<JAA?J`0?zqQL|Suo(8KP;nu@Ce7Mf?uX~bi+*rmXF>6BN&P<#tSZ1e?am@>iP>W
zU9D&}jj|9J<40L0%>|ycX7^WjvcryOeu?m_JAMXXaFLjz0iJLoP<4EVQ1N2oHGqNo
zU*3NT9^(XMvpZyBXLj4-W$u-4+*!7o%vLHsB=8robjn$iBw$$XPYI3j%=~sbcU;mA
zO|vC<o7E9T>kstySnW@{8}T61iR0#*VvAQtn7H3OPK`Y{ChPcY`0%&-UFMLu8K{tZ
z<4WDEHnW>-%!wsQ2#4*#r`Mw%Nb%p4zYNhqCUZTzhkoMr?c&Ol>EInc0U-rx_LFG!
zgs)qk{5+zT*^(bav)f?JvpvzmJ!yp_&0=}+f_&--g;%%c;WpFHCJ9HXg0IW{cm@??
zDS2}3&d`Y$_nE9#2<RIUyvb?bFdQt{YZ^70Wuosh^BGqQT$K0W+CLu`>s63koJ^~^
zL`IuEzVFQ8GdsFKQUXQc&ziZ2`!frwEbC;(+Ye8k>H*2|$Wui>_Df@FgvK&^hm&bv
zU^xkILV9nWyVVuy8L5&&ndnh2c!}Terd2KFkgCciMOs>(miNG{0s>z>A@FIR_8!vT
z@Hu-f7{eC%NiDKyG=-zuEL+lAR3Xs4WK;I+`CO9H&FGpnW{fn0IOmW?h{k*@=x9Hr
zRx<PMC@d>f8XUy}%=q#Fu$UfgG<;a#oBbsV5iLdmxA;`Z!K(-Razd5ftoDV)oZM_u
zNH*GK<Vf$+FytgZzLkq+=j<X}czZ<8IPA4zaIqwWA(I?iav>oC;n2cw^7BT!&ZK}p
zDxq8a$d|7ZMM<+yi$5@}TW589m#MP^3MAAdDV^Oi?C`8)V0>L4r+br4L{M^LXUE0Z
z^}b_G8JEJ%5rsvu8O@taZ>cZ8!{9K^oR_u{uLUDsUqG;F-bCAir(0GJUil(0yos15
z;-reZWmvq#Dy(5{0TADOo48XkR}-&BLRV0TC6>r<rjOk=QqM?fk6y&Y!jHlSM-fW5
z3!z)JL)tJ+ZQRDOrqh?QT8t*Hoi@9i(q<ydWbk$0_g1oe_p*Mfy)r#cs;@pF-3jk7
zBIIvGCuPgK+pBPRfB1p?IsNANQczQ;YDl|7*deW-&zdx~Sw@!Bw}e}zct0CI-gn%+
zVeG`FnXdCe`>Q%-aW5b1&xq|c7UhJOJaT-9K9E|r%xYz}60xc3IJFO!!|fnnsX?x|
z5azn^$~oTl4#>KT_g39SD$oX@;#}q<3qsoXTlM4PbM7Thd@>jBH}sExe>YQCHqE|B
zf6&=EBV6N^l~(q<h5lFmf~}3`UNEt4+PO176h#evc=bqTRQHGNk1F$)gt;#`CoEir
z!>IZ*VO>W|ZlL0dlyCz4)rF1QP6Zc8;Dda1c>`vbv27+n=?LXUq51LtBHv=o)cwLA
z+CrVKm$(wsJGLIMBtCKzE@%nG6fc7@B8pwuEseV(t#`BZRql1EVklQQ7>xDnlP!as
z_C_F3#(0^(_JyK$7S25iP9fTVfEnn>T<j~wi-?HjKF-<f4RPy^s2855r@l+95>jAm
zFn=vk&iIJs^ane-?Euqfj&@GVH|G6lg{KLm#QIyo-)_X&Lk`|$`oxgZIYbW}EVp<E
z8tJc$o{)>(jw0`<DdbHtUJ-j_+B$Y&4Loyn{OK0cdCKsTU3Gb@qf6ln<&MLnM+MpF
zm)Z+3ar*mHG^Gw<_0E=c_hSsZ`_eXDq>~x9Z<vDg`9T2l{6#*0(NK^Yz%|og48bsl
zS8x!J02T@){4$|dQ9P)v|InuYel^T_o#xu39u@e&)M0icSRV&59ZP2({V0fti{QvT
zleKDIvq7{U=oMR1GV8uNe;4youW?{Ken*}UXMV%&>#CHWfPP!)mLr`34Yf6zAK85#
znKZ&lR33-S4dC_YQkw!_=T8Pl#zR$4#~`y&DUl|qDtpsxZ3*XbDfi1kr68v%Dm=_S
zvGnXhDV#KxLE@B)O#Kdg<!GRcSm0$z*P1IBKmW4G&_=sVcv{-{_^t~>U)Kl<zvvA`
z%v;wM6d%uv6&{4G=<x|qT^@qLR*Xn+u%r;lCB}uJP8pak6Oe!<sEZT*WBNL^n_+W_
zVwN=l8%rxmNWXocW;AoK)@%5zSEUgMr3>))S646=7PWoVZX4A`0`IG<%K|ZckqhQg
zyux~7xAQI%Bv{y4jf5e=urJc3*KZwdnOX30Y7!_l+F0bKK+}hHkzhF@tT=Isy{!u?
z4pZf=K!N+LFh4|X%e$z?<^FcQKfQQF#i)yI3nE0~ph?u5wDF570;P_LLo!hOwdLNP
z#Tp}Gcg4iZwyuG(8Px)^(|-IXuA<fNHBEB#nIw4&eh^Z~x4MJvQi{a=)S>`?=l<;0
zIo*LyDaX5|=MtL9^8?=j{PpZtpUc4X3zJ|RVNNwS*QDDqc&S7BIEspOxz?cv2Rbc&
z6xpQB1ZHX9b+mjstW08bRQ2Z5d#l`Ig-PJnH1;3KB4ZW|fX*VG?+#&iWR4_4y<&AQ
zAqZSTq(v>ICOq4f4Z-0UuFb0=lJWLjui(B9%=5=2Zl~<PRz^A;y<jz7lSRHe#m*Q9
zo9eo6u!+JdB;MS+_GSkhd742GVfNrue^xB^+`XAjI@GW-Zn2mz2>ZUaWT=JvNaFje
zcMUz-DQDQX?Cpd|a%z~L3&DVqBf*om_(A$Ow_nCQUYfVHG|`qQR_n|S+We>S_bKhE
zu{}2cT;osg2#(y#O~vKx%(r+>!UruMx>pvGqGKx^EWW)*xhHw8E%mSYd?uaa>Ak5d
zM_uX3|Jm8**%B9m(!neVy<{D<7d9WzRrHGp?Rr!(dn1fQ92eJ={c%tL&qr{;J{X9;
zgX1z$)S-p^s0@(aRb}jxLPiMBd-_Zx@f(>~Z54}+z(t2UQSM2rq)#Ku$_W3_U5?Ro
zdrl{<A8CoD3EjqunXBSAw)_H;usH%Y0X5vu;#x~Pa1D<YT^*C@T1rwV!;59A*W00t
zrLl`ArlnGPW7`IMQyd7^x`?OtySLNUcV-Ln6yvr8k{6o3%Jb5D*|c&VuA)}?*dEVi
zpI)dA=o3;!O<Ni|UPzy;KH5hpCu%q~`czGv)KPplo36$u7MoTSaaN?jg;O4$2K%xC
zv%H+^Y@tJ6@v@w<cBrA=9U+oECi5dxd%IRECGHb$=tQk;)U{{8r1@BDw@s~5*5Gsd
z@~Q>jB5%!Srg?;C+VJ^7dYioj<cmDO+~1OhO_T#N<$UsHi>p*SEh^tckuvgsO1pQi
z6&1<ghuDJpd6cNz1?Sf|lQ9iQyx|<Q_{;}sJe%u_2L%X5x@DPvhqJ7oR_mDrj_5Sj
zh{Uc-Tn^fbTgx!z)QX9?V~dn-`w`-9PLyKZl(;d@Y;d=Cxku%IolNxIT$6WjB9{uo
z&7da3cMofGWCnLWd2AYWrgCV`aw~hMr$DjKls$>r4`p33opdJ)<;m2(!tR;~Lb*4|
zf-f^bmDi&3`Il<NmR)&o3#)YfAW930mTZV$Hp_s23pejypt<Y!M(wheXI@dHh6qok
zC6&R$-}EAO(wd)&HNHg}uH_~RHRjaJ&3zJ`m`gGDwU}EIw_NziYSdJVol~?MD(=|u
zTEJ{lx%^v(n&0fUf2<{<$#|w+?qf5G^urOoGp|_%<6!crzuR<A=HH?H53B>=?!zG@
z_*WG8(L4X;O056`2&upf!lQ-V89<KuxDDNVYj=iNyUEB`E@+%RPj+#~cC22PNBMo<
zY_Aitmc?mtj=Je%Mc`NP6%@P8u<`4dj+Xt^%C(JTJ8PwGuD2MjA}kby%pSzFe|{ax
zs-t<Gpy%wA5VMQeIc`6oqJ}Bt*${*ox>jnkyWeTqa705(8Dwr?mT*v44D4(SZa`^X
zL$Y?w#i9}SP*zOWcDTKP;uL%XfukS}Et21IWZiC5+kbBxa?Awhb%QW8^1gK|6|$(r
z00LIyjryX|I}qBwcX8L<vmo*XjNy;Swm1Dc{2xJZb4XyH3zktIXDX*drh6FL=<^ez
zU^_O?2YL_VnecDnuYe2x1U6ASCMr_P!Z#uIE<A>?M5tZQw`+!cEJbdMPkc^_J78`~
z?G*~t7lf3d6l&IG?4OOKqibdDoqTnZg_O(V%wTlX(J%SQ`!ZX&g-9C+{z-k@?&$hb
zgzk5C&3iVi@)<*hDqPfbZA{>5yx8pg!!co11iy?rCi{ZCQkBwYG_iOMF8`4;nz4JJ
zQ0coKsb=`3lGz+>r=Bd!NcNt!xFMmUk0V?9azs-@l)|QjQ0a$}6=mfkQ8LPDun^eX
z=OqIVHy#nhGJm>L5W(O_3Dk~CrWlooeQS?2OVUZ??&3+t48f3Wv@m<$ThdEC?X(Q|
z1jT0fHh<q|WyBU=X8pv?j23<BP*uAzH641ONLF4|cB#y@gIA1H_@>1n%d|Kk-_E^c
z4Nk+JI%U~6H{X=Fwn>>2GIDM=T|49LNO`vrYNZ?%(ku)SM6~l75Br9R;@KYi4x$_6
z9joA&uctYM5J$eeS(hRMK<b(~(QZmuq{3;}oHdFQ@*IpV3hhtO7oj;wIjpI-G2uUX
zj&sjr{2sO{Q@j?MZ%Mp=C|h8OOE#v;-NBh9l)}qr<j4bNtEBd-39gZjoCI3~o5~ZO
z9*a*4z6VSkE-voMt+vLGKKuX+!Acfm`LkN@wq-&UP9`oT^=xolM(NTR3j#3-&yZ#C
za#7a`o3pjNZ7~Xx#88-KkPD9xX@>0~l5lg}{^R%S6DlLD$jg|~{@qmQ0%pLQmay4H
zYcus*@$9*T!|FqU&(O@OC_FFsM3K((<ZIoxB|oM=4@nwwa@sSl(Gdm){3k;}fQz8*
zIra<)T<g4(8Uk|$;Xldm)u6Jb_bZ?OoAm;o`!Bi{_ix1Qw|6@OZu~pPjT<_%m80iE
z{32kqC6_h_*m_H+XIZrRm#HVZjpOWiHu9MxX8@A2qIg-FdlN#Wq}xB=<9HR?$t-i%
zEPAMO_5;n84{52LFS>>uHUOf53wUjQh9cB7KA;^%@k#C8oxWcjy)$7w&4g>%VW4QX
zeI}=TQObl%fq2W{&OC*14CZuea<|ost{#+*S2f0W@|q3X`1DIivSfJ>SwhApP$`$Y
zStn;>5uW?v28ghc4#jsp%;x08^xNCUC1_UCy!aBE=k#{8UNk=+x@ZrUYrsmT>0v04
zh%?FFLWt_D26X9d34x`65>S9l0k|0M6Xs2`Y1Lk!tPpHJz!%R`i``QDoWck!!2nuf
znadDQ!&&7%VS~fNc3{<Q0%zU77-O!d{yb4U0blhkk?0pV3+fReZ7xk$?+%dkq)z+h
z?;(kVdsw_Iw|&6e^io=t2NYm-z&_-$0tosSmDb0ND7)5)C^f*U6^w#m8Spv?6e0-O
z+s3^ou>#B4;j-=FoMR9Rvs$N6y`+BgeS#4Da&?<IGUEihv)>aK0{}P0hWa?Iy^Q9`
zX&hA1&3EJc@Nka1t*XuVrh6&8qbb0Z$AUt2p+2KYr0g_rMSOIBY?X|g4+r|tk$Qa~
zCfm<{Ap>S;I-K3R#9|#W)MJsdqt#>M@z}~QkEV~&#~G-%3K=MDA|14TSO{x64H$lu
zagw<qF5+&AIe|ypXR{PfaEOw)-fc!N!X^e#3^=sOEq*lA<HL8!Zhe}I=>uWZsww-H
zGq6#z1<F4Y)NP@_JPhJ76V&7LU24M<To2X82#=B3t;ID}(&a-zsXCXw!|oNmg$p8t
z6&cpM<n~tO_sZ1W#{kg^2}Xj^%t(d3<pYfR|8C(s)M(W}ve@nhX)teN8B2d{(KFQ4
zjNMoaDj5moI$#CR%pwCLa)no^8-8XhI4R&NG9nTwb>3hkoI}o#=dc<^x9m~ViZ3K_
zAP}R#%3BTxLZCN`eC(+n->qiVeA&;#fu^~f@2k6)dV_Xp(X?k?bFVRG@t33vQ?*5Q
zhyyq0_`FOR8Ikydy%|f}H0!_v3Ig{7vWsidpEE`RB(%)9c}1a_PZE2z!^StV(PK?V
zWxm~sbx7BRNZajb>Pu?&P<LjDhw@V2tWJ!(dAtcK<FI55_Q#cVd0`!{UbU0KOa|Iz
zD2KhVdFSV{p8oztRo(nmx&gy5t13z%4AzlZctqJOd~yZ~JZ8Xm5c_=e{_ulDZ<@Qd
zqQ_hKjz@T;U1_oWZhuvXH?5+XTh1_etr3t&(QMz#&qUSEkv5n#lxE}Kn-7YS7QY{8
zLl>O$R@hy`*xXr|Se8vjbhsMX@~B~YP9}a|=>;PG&fD>!`e{c}Gj}Pd40Rm@kdA*-
zkklaB8X%t(s0F4zp-8_6`N2iMeL;{k=MXG{W(F>8z!ZbFCrec}n~_R9`DdftP?O?f
z^v%JM-I>Hv$33ISZtpr*s4$bbSAD9nPY`h#uojE8(E`=YyjyxBk=+gDY_uoQDw|$P
zypj(1!qUFhp(l!KjD~4m)-M|Syk5ao=^I3Uz8xSAc1%rH?K6U8bF|gL#1bzNyIdA1
zbn?uipA2s0WKV@i0y8qXm~{*2HNsd!<i~z~evO>Y&WzHLWJi3Ld6L%1Y4rO`gLpKs
zr>nAy;W69BLsXow>r3}4OWf|~IpFINau-!m*98&7QX;G>s!HGDg3R1cEKsDcGyq_9
zN;GWfAR4+-2zUW$k$SX{(*(B)Ip*!IJwc_@nKVpsUe-Lb1RUV_?^<pF{`Q_2R$iak
zq>gC{0Y=XNFcRPjRE3PLN$x#9fo&{J%%s-3jP1Qn`j@WxSMG1R#$M-7g)=2SH{1tE
z8h=rh@&W2pD*YTt_boi;-PHY{clmN@_m4-n3fuBE$r|rzI!BKu4hqWxfH<}K0_(of
z>3L6UDOTB4kEAj@mqJC`y<NTCW=Z#zo&dDGiGc)vudcgPGdXwFC~UxfR&1VbQ(2o6
z@NqH1rr`LTA)w|`!b;%28-#y^1DV(`d%_LfdxUWnrH|i+ce~X{BS-+}B-m0wsrAYT
zQ{3wN;g*(m3%<d@#LoGue!-!3PjBhxIDUJu&oU4TZepeh0#`%Z46e8>to+QkQF?T=
z4)cc#WbTCmW?&0YFbmx2=ceg|{DDO!&Umm~TrH6e3o7%VPlZf<-P$w%gsC(Yh8W@f
zc=YSyBB0)>GXiADF_19YUfDO#!e0c0@6x+I?4A0_%doO(4)^P@1i|}fsQryuwTDwn
ze;NF~)EwL|-2c5*&ie%+f~2;YQ<X%sz=iGui`8ut`W;vF`So$9dd2t<nHSD``}hI2
zt%g||d%x!$$jxD771SuQyyitr49xI?gHj@aBr0afT3xnlp)6bQ{0+s;(kpsc3<0Qq
zv*<*C`L)fYGUJ)3CO99ydH=-t=<Am$0+O-kT5lN|CscR$Z1Wn1>}mc_yH3%&_c00e
za<(FEaoI7Yc8_57CJ9qC#h5`dAk7B0Vu(Y1A`W(hU-Yib`cU_Pj|-zL0N8@0I%R}1
zml&z4xvYp2icmyHPjlr&-7K)X(;l!7&!k5lswz23#&$T4bj&0|Srz}}W7iPQO&NFX
zoP%NY8$saL&JF8(2Q)I*%H66S12LweY6>6XquCZyA*qfT&BZeTT|w^et;es(@H;we
zmprI*HP!mNTnFBj{!O?8b%FFt``q3;(D_#s`F*bQn-f9*b>j1n3Z&%!(iTwsA5IB=
zb#~{!v;`Eu{p&RCcej6y#_@ljIQ%*A|LD4aZ`<Ga^JMPd+WOzX`&Wg$y;sbCF2_G-
z1{{w312O)@37qslLHw__fZ|^#WdB&N-&6neU)lnS|Lf-T{J-0r9nom&$@Ch_-2qG2
zl^IS88DbW^c2vR%2SBx0$>bQUTo4)ufG}{&0K6L5++X@oK%ajvE;S%<&xhuJ@bl1T
zg)Lh`tUoFhZ{5M|$++hs^IXUQ8T1szX6@=WBbL5SWTgmTuVI$n(qKM?+XSZy_#%up
z_C=E=ZP~mn3~05>?tT8?N_4;%D1DI#)q4kDycKF00$Z`9PKj0Y*LP@c%f5y)qoKR!
zq7Pr)CSw!V1q^U;q84~IF)5iDq92EM|MA_*ysgOOf%)8_vAT07=klkme7(&eHSWjx
zJ~s4Ic@)-2Cf%t?usk5rVY$ckAPGTtXm(`n`1jA6``9m`y03YN3<O{Xm@b{!;5ErD
z`_$}Rf@`c9;FT=)o#Z+HiO>1xG)N1@!IuV$-_0gGTY*CGo}27SuE{^H--?#i$9)qv
zz91xK{c&0z{l1)w>Mhct*G+eD5v}<dpHdJo*3m=c32+q$CqOpCCTAT+1Ml6py{|g=
z>|qNm#2+`2m%K?lind=rbaKG)TZe}r;_4`6y$4Eu=&Jk8h{C0remO4gx=AhEH#~&b
zWQAVau-?)am<&Pi^8j*A^G*6X5z|y)<(yqg_rL}2vs>{?*~0f#m1il2`{=liLXNGV
zhBH=KzYQ6p1Xydudh;E$+zr<n(a*F-i+m+^yHrzT1NXIQcN9;Squ;O9KHE0=zHM+)
zNhikLnGkK-d1&-XSj)SyAC!AmKhr9>j0gOyuwI7#Hkc-_yLqq>AgY{t{5%ujPFM4-
zHs-=LoYx`8h}s6^Cx*ivjC7Xpj+?l++0%Ee?Nv+ePYVIaroan?@(`FZ7|@EqFGI9}
zXufxQ*6d!%EJ(Utn?8o5nE`r^{2$Tb4=2O@!=<(@{U7Kvoju3|5?^{ahYWVKdUW^-
zqXp=-ViET$tE6Vn167c?p6!a=9afNv5(H!i21znl@q@&HtRE}rp5@W}HDduK8Q@nh
OAZ<-ujr_}2kNyV;D$@}F

literal 0
HcmV?d00001

diff --git a/adfs_claim_rules.png b/adfs_claim_rules.png
new file mode 100644
index 0000000000000000000000000000000000000000..4d62c3c215b6410b6459f375f5dc2789bea95520
GIT binary patch
literal 9075
zcma)hc_5T)`~QeYk|JcCO66opO36A@_G}3urYPBkY+)WEC1lG|mQf5LdzNfdgb<Ul
zj3wqE%h+XX&v<6Ok8{rVea|_+_x*j(ANM@>c3t;<-S_8nUDxwWgpq+3=U&0R2n2#t
zNBhb(1cHf<K<tv<vkUGqH;i#ZAjA}PuBc!4W13H8esNsqK=|BBpnOkxrLW67*WpUn
zVL`$W{9EZ7;A}H*y#@psn^%ntyMrfxLhd#`KK6I+xZ!28-gxpN$%r`Z<J`@X&2RAC
z^nm@x;nv<gd!9~QaK6JaXj6FgX6$SmIgp1MdF7ZoJ`;VMJAwszgxQgya)27g;<UfX
z%<xCRgA4{Q<XvSWBYzJleah+2<}Rr)c7LJMe4<U}>Tzy%kXg{DH_o-Yc-ta{uQn6-
z*0S52?{0%KYNTr=Pf_NrwO8loOFZlRLVmJVg!3nI7Tu~hPNU3zTd%(xIk$e9L5avQ
zfAR`YC9OA29`sGVbEB%-=dpfF(bsmPpz*=LbpE6a&&+Ps*FasY_VJnNVOQ+3amj$v
zm=}gv>?M|NqVjdwEnqn}RSf;kaOIA1V^xQVyk$9#(Dcw>vnsC=eAEOvTrnNmEn&2)
zT-v@SF;#!<&1A1z#WT7uP41c0akr{uA=^McXw2w~zs*cyB8@%6YOGE~nVj0G=fTNK
zZFQust~6MG13c4A3T`_ld@bPi_xZWHrl4x=wBkSPUYwlkQf=F?@g>ysUWS)Y;Md;3
za=kg`)B5YLEZzC@6@z0bWTN!@r13ud-bmiCTMp7Bqq(EbDH*St%B^`*RsvoF9*ocT
zeK10iOdA@*W9xgt-H?wa&~Y?9EmGf*=%d$vP+asKVPj=6%8+Ddb6Up=1HQ=cidm}O
za2o7PhAyCtBvqcPcvAe0-U_0+xh|&^&qrV$wCtZLHtp?t!nX7w6WuKx?xNc$Ub6OU
z_Twa+1hBp-M+jJrA4$cIBSRrf>f&7yps&{}*QhV9JI0Z%n68m0^eCL5XO!7_X19?>
zNzcjrM?qg_%T2Y7jXRyP4pb<EZGdOgz}}J;0a??#qp0_M7sd_7-ELescK=@O8wN<z
zT#Qq9E8gtujw%JZ{hglV%Bkb)rgl$?l+JOHG}!eF4IADCJ#P}xbwy70yRBtM8qzZS
ze(?KS6dIMF#y(0{EE0XIjQW_mxiXJdJJemK&Rv0eyVM1w-|p`{+ZsD5bzR&tu1Rq7
z)}Bzz9vo*TGK2e;^eyrCs7z#`qvniQjqciKn~IOSqKL{Nyv9nF=bmGRE^oJ<pkB_(
zM4$G3<m6gM_i9W;CC}x}uj{W%xj!eZ#h<^C<h<P%$Wsi4TQ5geYk#7fQ#U+6hQ-uP
zoyb0>9-DnZ6Sb$%7?~n6VcWulIB~lD4EQ>xMXT_f_)M^-l-gCV6`!waF{#1R0uu`7
z#8%}pJA&HQIsl4<@WV|ll8)}&*>)cW)_r>2y(+M+^Pa>EBql>j0iHdARE69EqAxBI
zr%R0bLb5P-gnh~tz?DsPsvV#vF@Xr?e!e$rMtr(7cK5UNyrLM)cc!$V`{C)pz$NDv
z9@V5)RuzEdO~EfPoAG0#watw&jCpxo$_uNP(*oaYyJwvVrZWLg(BLz=O({FF!p#Y<
z^LEx@Mr-Cq1ZISk_*CMn)SxI-Eu1xztEqatb$_K6$|XzWn;~*H>=z7Zi>B5dryMr@
zaxss2%wNSxf^Xb6{g+B2NA0?dN`URQ+P*3q654a5^yM$c_(XQ3DhC&zRKf(TB}Yl>
zi5Tdy74`8*C`PU^H07Xu)qRb+>G|0kRFi;2A8laA0co9*&^KWYG*x{){q_wjtxyx`
z*<SiBk4W?jG4Su~VEJ;O``iW?qJF)~qmfNL@6&!y^&|vNvF^1r3IA*g760NgO7K(9
zBLM@xW!w0d0hUD(%2nTy7;kW<^}~*53xY&1UW?u^&AY9t!?|vyA>u7jb6h>0=aT6Y
zbrj#Z8pkT`4`DI=(G40Q2U+LtTXnCqBdK8zxp~+l=O+#PjNge|AF!PfVc*|<8MPU1
zZoU#O>2mR5*E<6wRB{J4fPsGTPK{+ZO@f-fSB9?osX_brrG~64OdbtyKSqm{ae@gy
z_Cg#`*Q9yi?WL{=1k0^o_Bt8FAd2{eetC+J`n;R_TkJDu^1E;pWqg3GhfwR+w<`zP
z!xc<n`$%QJ1u~t15GfeM=ou*P{5%_?n9riVfbrsZecfoEJ9wgvsuzD1fBcUJ1?oW+
z4kvh&`kwp{eO%{IALp#xdCHkx@@)asx7L?h4}8QSMqlTCUw=RAN}!4I=A$i;d|()_
z3gsy`IW(4cam>wr%#BXj7tecVO9P<>GT5wkQ}Bw2Sj?~bT)_6q>FseMWAGl<bqr1S
zrZ76V4&1o&=tF>4ojN6X{3GkPn^$8oY9JG(czb1ReSIuO=-a0WdQKT?zo2l*?TLg?
zL1c>#kxLs@GDps)*4ozAbX6tDjYPf{sKsO>V=+FEQ2e}ylISST7s78+rm+kvKQOp2
z##dfmA(JzF;poUkdEc0cxO)`e+(i$)rsns8^WZ{D%QXp&ik0<9mLZh`eW>|D%}bQ?
z_U4!}Y6l5}e=x8lv?yhdvJ=1lVsN*JvaiDFXx$r*q@_e$j?FERfwDRBdur;H?;|6R
zpGpm320pB$tb8Ad<WIy@<uq2G;pF1z5xhl``DFc!z=qp=Mdcu=l6>oJH=Tpo?^Gn<
z@O$ljl5NcfpR2wqWE-39uL2XO1+iJ+(FIWD)xCv>`;N(;zRY}$xa8)!anTeMYLo+R
zq?q|YCwnT-NjFyzdG(`&#-y_BRkiV3v(<XC*gaCBhi$~5t_$c7YBBAOuzf)bJNA{X
zckErR`k2q4r1v?b--w>CL27Z|mgU70Xf5uwHA?b}yra#wW}y$+_3p{jBc0Az+nL>#
zH+7yh>XjuB$p>?sl$9z3`#8Du(#&!a10bTct4n>gnc~8DVa_S&tf)2-IWnnN{gf(M
z<8Th0$>kD2a*tmLG<sI7gJ165sK__p2XL0G8P6YzxX<h#a@SY!;g(^ypwis+iNRam
zg6?|@Zr8Bz{yda+3R=t>yWUl2A9y3BU%8M}JC|(#a#N(RI_-i&(jL;Q5>A=ucP;w^
zh}iFwdfM`Vn%U^MY(F!82jiEor;5<*ZjR2)-fxP1BmGsTO<x$uyR?{m@GySr$Icnr
zY~QdTIuUsHm-a*Z=0Q>mGPI{vxxA^V@qLoxqzwS3ke*49AJQJMwH&ufx%O%-hr03o
zaZJu!bCeGLbNznp`XAe}?f}WX{dG_@KPjTfx~@+SM~-?jyvu%k#l$&GEB5s5n_^eP
z?9y)k;<C3Zp6*m<zSPQpm@lU<ClS5c$O6`4>LV(fDa~l*(Y{1e=RoL(kgA#86N}Fn
z!TKw{_O)`SRVPl|3AK*CPiyONg7>*?3(s(#_(TE23ArLkmY?3+gizgiW`M6&krII0
zf<`QTt+md^Bq_wT|7t77ayy>}Mr-e>De{l0ws|B(V5JG(9-mGAHS`=^)*Z9~WHZu>
zG$#}GbM#o&mClj(&VwQ7RnUiTs<8-}6HFC@G?toj7qbxLxoL9rb|l<!hAA64u*MA2
zj=_o$efAj%Y+I*On-U585np5J0GxUvQY0Y+BAAM1LLjtJ2*i=!TFeLpk?TKoFkBF@
zLqNdp0iI7m&AUmUmAx2a0hR+IX5y;fWqgu=ks+T_4gv9~79W|;M`=LxYUe{wn~&W|
zCSMj1we%)~_HTr!A&=`|J&Ag~lEYt&=x(rz^Do!a0h;Fhu9xaND42rf5FKZ23DR2p
z>(#;fm1-)XD}PQW$XCSzOpn&aS80J9+9)DWETo=qEnzyw<F{<)G@*gE#+X?rGk@s+
z#J|C|)-HSFkWGP2?Z~z73rP+AL3h6`P_EV;cxnCZlYB_hSV@x4v8Yf>zsIThYi<@}
z<|Y@!eEJB1R;4|$1?gZflZ!#n{VKUq%i=1%U$V?KGY^`2ylxrA$K5go144yQzO8)!
zB2xWfwC>_V2Ok${;cK@t_SISkj7*N@uiCl>;`)w%->;1))P%K$+148q;~rAJn42qD
zc{fT>i(7x?^W1l~z8&Xalq}UGE_20xPCepyFU>nIwrN>l<)MWQ*R8{ED!y76Viy&I
zp*+Jy;*{d^3~NXE{I1lFv|Bo0r?KddGwMEy*=Zl<q_A;=E7z$!qMAD4tNqq(I=Kc9
z4H~5zIgxsMF6Z{tcGtDkMcx$kk%@mTcEZaMEA`{>tQpQHSv>u!X8xStx5LpF<N3l9
z8dv#4ZD-&A9FiM$u_`amZ5YrAMc0KzIB4)rlN^qxY|L_cI=Y(rD_Rn<#DG8_PuSqg
zb6vYtI`s@1qeH1A3&CW1GR_Y#rDc_Yy#y{4-pQ)H@R%nX^*sA=+^kRnap0hH23oE}
zC1Mdbaheme#(nY)k7)*4T>M57oj#ddvie}34r6ov$46y>mTbJNi~_s-KH?I^?#X5O
zz#rFNzFAA)>5`^qlifAK($;-HKM6dlPjTN}BB;aF<l48~f3D=LHy9oxX^IXuxEkci
zU!<Z7h=vINzCtX$<w&cNL_v~U;C47+v+-Ss|Jk(K#r##}-<K(7rSxQb#+*2wfGzxB
zM>p9!6_a`>b@F{hr+lF9m90x%v6!mYWS!4(^T1b{hNJn_W`ebOs<UJt)4XBO1AbPN
zE^s*Hfa!f>OwBj#k|WSDF3*%q?+)*Qxg+&0ozaBn=et5I&Zd<vIvGrPPn(Zn3O1uc
zsd!gq)1t6r*P=we8iX$&JgD=OidNO{7|r4!qRID|!|u!!Ds{9;YG2Am{+V`Imj6c2
zzYrJ&3;kOV2xOE%DEj6^4BqfvyEcP?KvZ^WWFsjI9>hnp51FvHU}StLuYInCh(A!I
z2gYIGXDl3=PX<$&i7`}EeeFRso?)Hwl3dSF%y56FSS98=K4Q{p?O-QcRf8Y`FRy!~
z+T8PR2sxwyOZNmh7E4m@;>ZhrE5Z~K2OklCG!}z4Y#@%xmx)lY2;!1J?snjYoGCbR
zmz-YVUrc|8Eexhw`6qD4z?(tqU64MHbxvXl+He~*#tV}NIFDA8mYr9HeK;JxtIs*<
z@k0CiJ(>8%Y{wmC#jW}_y+f$O+cLOo?-T^eN>9hW`>CK|ism`ba$!Hbe=DCM(VI)x
zQ4NP?u38*WygpIBw1!VHB;tMe`Qk^k&+CR^Vx!TV+IVg)N1JCE+^250?{d@w3fUtB
z$LoZ(QMDMdmbrj;(n!QTuYkS}cqynaJ>aK};ZplLIpCd)xDftiEaq--+Xr4+8<}xn
z?!mL1D{CK5?;#TE={-a=TADQ*|L{HQC+oAgjrO5q{;oF0Zrgj+L20(N#hys$2V-;t
zbbfY{!sTJZnvHeeywP}Sa3R}i)++2%jQ?7(giAq#C;wGPYpLct?L+q_NC=|)H8=K^
zJI#|+iMW1t6MpSEA=RTAhD*kEQB?Gv1`>Mxtm4+1udjI>lu4xtdTKeDeLrE+K>T{W
zVJsn<8M)eTdzD_J_KG~mb?OyQVvK(r2Ghx*#_fiLLBY0@$!UR1+LzS8Eyfx%92fZG
zVZWb2d`#VGXfuX)!+~H2UhuRSS}GJ*7b-ax!&N0;#Ra^7lgN6;`R7j&nw>+M(2oID
z%k_mY<4YhJzTR0^Ezmi9@<MtG;^^E7XILxBXyIYB$j08rE_Xe!Rg0Z+j}${~O7fgn
z*FkB4^(oGkC!vX~Fc=dJW84iNj4XDimu=2RueM&GL4|839*oQ$d*)k(ZW>w6ucX&>
z^G_r{*Rwp8r%Sw$O*XS=Sh*w0dx^boUN2e2vZC92W}tIu)?&HeS?PD3ElsY2S8iM*
zNiE4(qOa5>ZSEKRc>Qa0(FLPx7CyM_1#Nu0qvVh0^ZUQCQ_wGbD}LEN8GpZA;iuER
zz!&fVkp0ewK3?ba2zeTxj=808x5%`~I!Me*wRf7*AFid>v2<pQKm;N(IX*2c*6GJs
zKAUFVDF_Z;OGPT~jk&keU3!LzfyTkq;rdwIfbKcHp^yN`gOfGFT?hXr|5G3Q#pZq=
zb5?HxCL1fHYBMp2ZYsZ`Kgc&ayo-fWr8H3}$DtF@A|F`Su58wHHr|$lJMEICR)#cJ
z43Rw+qdJx7D_JnJ;wL_d9ST%l7SW~I*{Fd*RYpBhk(T;H>l<Lu2N<zN8)o(2vxKZH
zStuJP4&dX_Vgz#)MO`1<8iIl^La+WjcNQ_C=w5fSUSwcR45EQ!hY>DlnB{)}fa%{@
z_-mCOK?J_j+;vYHi5kjI(C*X4N-=)tw3>HSM6#1E?)wU8wuet0f+5tzMU?5-oH*q<
zv4V`L$S9F*_~MmGtFMseI}pdN<F^}Tuo%>1B3mtxO!shpUC%4NuaiE5TDx*G=foJV
zE(#tu99)}jH3`eDkjprKn^5*v(*-aW4CwCcKkvwQiM$;4Y<WHsbcxQ~UToNAJb%>c
zf@baAH>DzWSJ^#|&VB@HICRp8_Y|rS*D@_*tf&Z4_eq8~td-T*C)=Tw_7KXn3H^Q=
zTMOCS15m`TvcuDP=es`N%Z{3sCZd?Kft*F59EUAOY18K<Jy}(itYMPyq&2WuTZ#6a
z)49^G`=fqHv^*%o((Y=2X1l}aF^C^QA;&J(=1=8TJV=fekPXi!KMOkAMJRhpTnfM_
z1qml(GAt+H6VgSwGf}WoP%CuD_-#zCgKFU<RX^1{no6sLnM?!KF-aOpQ<k@f+(iko
zu#DYTc!gW=3Os5sGq;v5n8QNKh0PU`m}^F`lurW*OG^s1%@l*U6B926O|Pt{Sp)0>
zQG*0+%J0@75m&Q*<NwYp9UKYZI6`5lGr<`m5uX>r45xo^ry5wr1!svni6^4O8s-9{
zq;@NO<aYnXplZf=OWJcQ+Bp5PqBAKasCoJ1zR2d8qPjh+31=qzZghO-h^6}zWgZ*T
z^}7YV^5&C!LQLa??g=aiT|N3-#xomGRbVgP2}0R`&q-F)1QA6%QnhicmcI2>uW{}L
zj62FkJt53@=*0BG$j0hRcMem)w-$%-{pMe9LgLQXY~++)vih2H{uFOl5I^uFKqT-?
zvXexp3}e(vPK1(dXi-F(Ss^DUeKWXZSn|p|X`iF0X|aV+msK{fOB>I=RHtvxD@Pit
z8J)ehM*2l0uT)59czvi!Ld|t)@;iyEF3UHO$>Oba7PX-4X1-O@+z|JW&P>9L1vid7
z-95CapS@D20g5+rVh3NnZXQP#IB|){_3pRfHM<<G7}RMzx`v&h&4#dD8`{93!*3=K
z)%^7?O0oy}$W7o>Nt;$5eiMI0C6K*R@{=@H$D}C5lI}Ob!hvM^&x5vlV12tTrYB$C
z$SERoLq}#og;MpsoFdRR4C7cEe_}LS_<=lkoA)6La6)LhA`U}_UBor=5$I=wun&%0
zyOl%MZw)C+vKIt(stvFgQ`J9@Ec(Ha>G?GP@?vRH9-_a$@_O8|VO4y$GwgQ@m)52m
zCNmE^=;6T+k+bDCS;KkKud!jT;$-9=IbKNS(*c9{t{?8Sg70OTRL8itRFouqO6cN#
z^sdFl#V&TYaxdmI+uV!qYHI`Tup&FEuiSs){e5fme#<q<TsfASGI2k1+^ByBh;AyD
z9?{|cd{h&}?ZlyE4C1%4A!Ci8<McqLZ1lei#Sl(SwDJFUAz~2}wph$RE7>R}BG(b<
z|14OT06647C@7|2svhbe6yVtJ#{RF-|KBJ5@DXU^gbwI@=m>;8dHLU`0-uoco+FUZ
z!zy76foE{sfRapK4xzS=08|{(0LU)SrxTIK)WC_w7=Y3$q|{(l>g;O@;ZPTY;Yrx#
zpN8_@7{F`E(0eOxa%rLVmJ@Ijpm4z|JvPuHb$N47tUy-x4lWXZhxvo#T(@B%5*lP?
z(gwam5yl&}KphU4scduz$_un>2sCi}5jFKG&plCcEt!4<K}7m8*2Z?^MGhB9zGzKs
zUu*t3X)RV>xsdVG-k<0!#)B4k*NX-(BeWR{dNdgUtkPBp+01+!N0VQVP8(6a7@)Vc
zeJUu?TDE?v%bTEwQrkl*_UYd&@*pgVCL`<L*e$;hZ%AF8GCBkq7U-bV{9xiNH00fz
zna^!dItukgnFB9iBs3Z_3YoLas{#SrS)jFu_5kD{>%veP%VkUzVY}S7$=%MXs-9Z`
zCeIkjzt69bCa2fY6Pl750%o=scxd=P^x!zr!lidepS&tXFD^u{SYv<J19a(;W0n}?
zEEO!OcdPC42QC~M4EflD&-T*m1!oIq22aBv+brPwudrmqAc$CD3ftRes<`1_F8D7r
z_=6H5B|3jlfrxZonAdS5av5b&$m#q3s{d^S6~8{@?6t80&K2vy5=V1UPC=)Won2jn
zKuT_EYATIJGcUS%3f>$`2EA1@Kq^t!b?E)6bc3DQcE3PzS5KZhb7qGjQ4!SK9?DzV
zpo<wyg~L1)cL#^J570aHNQ!SUY_4n^eSV2Zd4NV^VGbO)1*X1wHD%VeEip@<>P!uI
z_|VL(ZPJs-b>I?M<u+2|GFW!$^|#*M-hqL`zQ9CF^q@;+K|w)QR@MzEO$xcx?g^DS
zES6qPXJ%$Lo-@h2j-$<yiqYlvo%yB(dmmr=9z<c=a}?sWs&t8%C3kn1I`-tCmKvzc
zEV1;>@A$$(*O3};<BhCwb6?nx?79lvWK2y>>24&Swyp`Ht&hmU;xdp2q=zHYN0KqY
z_j`~efUyX(7w-f|ynnf)zcMozz|zA`LWqhK`q0KXCGRuvXO)j?U&s#+RNYh0#vs-T
zkZRB@n-Lyl>Mh3ns`u~u--iC$r0@Sj;;-F**S9lj#7Ou}_dl2k<o+iGf7;(4I)Gj9
zUjJ`>u;9`^nzds-_8-qw`hPd{zvuTi9cqx_zmE2ALw{?kLFxbKkgCAe(fX0f=r9jq
zQ~lX+>ue^K4|`ChA@yjq>1DwIXU<c%E*mbl`r-TL^$&zo6^__CN$pMx10zHSmpiG$
zE|qQasZ{b&Xy<zxkqZt{N1&cv@JBN^SN`q2>QB`aMQG`{v+`XN%~Zc03WM^rMMUl{
z9QH`+CP|oB4BViw{kiePE*G#i$X%VZY$;Cm3TG3`HBVa0J;s%m85+tgDm*PRMf-Lt
zhHH~)O69T|XhOeh@v~0o2}U_Sbu|Ysssp*uzpAvZrprPT%$Q&u!hu-2@-(dA`~rhO
zA<TWL*`Si3l|bJFy6`gd)qwC|YVJ04u9&g6KDsY%<-9d(hxUef#V}7c-r#;Mp)74l
zmCQ~A=02XCTv&goFwFz0Bv*`ly;+9NQCJe#Ma2HBN>`2;{^Ao<$=Met)O}UNO{H`-
zA_}Dntp(4q=w&P_kXv){qW4uwuGEqJ*YMc-wA})EJ!!N1m?+36x9=;g8}bD@?VX+7
z%G>a8cvL|D)NQ~0d^IQ#oMR#}TMdtRGR7Em>{*qRsi=E<w1J|n)k8NK0bqHoQlKr#
zdz8|H`V_bXTLZ5!hcW<EOj&!<rgoIeG!+#$d@M%)WMozO4`c7L<6^E1ryqsxJ~{zy
zq%X0!ul6%bQjk)c@1ez4bp~GJ=UB1<%H>h>U#a7P2D@wG)WKEr_gX)W25FLT3`<q%
zw@O@=bA$pbl_8(E9g6U(FW^-bN?y@1(`)-?P1RmbDZ@L&BVEtmMRjrzf!WV-iVp3$
zLfOchYqcyF{&LTgc{=d>A%EYivqV7Z4+Q-QOmJvq`A=Zl!4-q)zmCZM*OA-*bp+N1
z2*T@a!%qzS#i1Pb$BtD>xo|_9A@Y|!{R``V>gBCdI&Jb?22Wdgn@U|p>M#todSR<|
z7*E9FVR*yt6o$9_UHJJ;or0Hv8*ooDCYJ845aii#699j}sOtBzqy4}Tv7z)k7C=qv
zcE{BW`UX}-MFkBomJK0HP}c~KQ5{Qv09f!;^rAxMmddcydlKHPPYi+foj<G~jjwPn
zi4xE|ZY9Q3E%yLTK~8UdqZocc1u#k(6;nhmBH)Hws;P`Ve*eSGQ7h17x~44gMCOIo
zj`+Cml44u(ZI1>-VKj?R54RFj127LugT`CFtbv0*l4yAst|a<|I;hv&e}b~a;TKFL
zNp2)7oOYHk3z|VQ52f44JnF>KU!WEkn`0*?T<=5%h&cMX%3E#?cM0jDs%Ht83^{&1
zN+jbmyiJkzDqL+%{ewMZTT!dA@{|N3S=h0Sz(#o@|Dhkt9|9GxO>4Xh$E4Bkj*u*2
zxO<H-8aRTA7Tu%X&rDlCs(Oi87Eu)-(|kAIbu3h*bw4uH99pDOmI^XVp~|QpnWYzT
z>m~j4K=h1|K5DapE)^gZz-XXjerSSo!*v3Kox^q56T{F?!s@D5KQMGl#8JsV)VCGB
zn2nw~%qw{d88OqOt&Q~GE{~r3CI^3dU7IlxLe*oaYop*)98M8Jsi|dDJs_Ce8E_pV
zUrc4bPug*Te}cu|t0>kZ5b)lFO#=~p1o83MYDF@W!>wJ710Snq7L#trou6{z4F00n
u$B;twl99n6lMxCr%ccgwKfg)}9Spp2V$Z<v4>;x`bTkaE6kWRY=zjnWYOs<3

literal 0
HcmV?d00001

diff --git a/adfs_claim_rules_get_attrs.png b/adfs_claim_rules_get_attrs.png
new file mode 100644
index 0000000000000000000000000000000000000000..936f0952124f3fe38ad09f7cf68a5a6816ae865d
GIT binary patch
literal 10969
zcmcI~cRZX=*Y_$BgpeRg5+r2xwkvv15UjdFbb{4u^xhMq_tgn2O7s%Fmt8d$A&BVF
zqWAVJzx#fk-+jN&{eIqmUS_Yk=FD8@TxYKDoH;XdLRFMxi3w>40RRB8+^d&r001@^
z^LvetjiKbGFN^>HtXXm|CDq-qHl}K09?Fs9{X)KlW{vNH{G{i$8T<F_Hup%|USdV1
z0yr%1VL=V=tLs6}UGw!{muk$8nz8%+dGF4>T>5A2amnmgVgOT5l*#E4ni4QEw>A5x
z<#cZ+`}C4RxLF;9MGpr=Lt+U4NL)XYSP0-15WtA$*6R|Mjl&cWPt$hokhu2N8_UE~
zTn+AN_gd_JQrGCY`b@Egi0ak0P%5{O=y0y3@UWL`p@k9F);{LGfhKD)<&1Cv29V<+
z$XfTVre+Hz4;gfvG6a$ymke<hzJSg@dxan)M3Pe!#>5hAEK4ebx?HBm#&U@J&U>-y
zv^1H}`;OjEj)-bC9(Fj!BpAz=_q_RSp3SabOLiov$KeTs!YIVfU7Wvi`)s-XxO$Yd
z7uiaH|63l>g<d@o7FAwBj#k3LdOSQI96f_JlsEeGAq-}u^cpSm6}4(SZQa2Mh2J6Q
z-iRV}=lQ+v1e5jxhu=b2-!clRY4?&>l@VH#%_b=k@CS4k-eVl2UF$AtMC%a5xT*``
zCHg`AcSvQ`2cvYPI-}&GyfUcznUcQhlQoED(eO7ZJ&_-)uXZj?>bYUKFa~;fmN>k7
z$=(l1e(NlbrTb{rE}K)owz63zSJf3H-EuDv)53GWiL}98Rq&`91P3wYIR2E#9DJ}g
zFD*=+x$|k01HRmX_X;TRi;NV`_8QdHn|RwjfPV0c^wOcL`sMZ%nkfA4rcT&{!ud(1
zn0K37#gCx7OClJd!R7Mo(U53l)kRqTN-56pn63W9aR*D0Pj3lx6XgyHc0^vpY`L=O
zFo#iYE|QFaSSV$9Ob<b1%tPrq+)v<sADYPSBAsv<(K~_DCODYPZ@QFBp@#&C3%G&H
z->&<!ABV2QeMz<>E>5$s=z{{7kMlCb`{(@L`uP-qwMe+mX8X0R4#l9CWPtr?W-<T@
z7l7iu?FYibq$~&klQ6`8(D%WBc!KL>DsS-8^t*NVvW5|JN}(>vj5W`GMYY%C#VEM)
z;5YjRu-*xMuB~U~S`N?j2!hHL5+cc-|G2m!@)oPv+!47q>hW;GSKf@;iaB77?wkAo
zX#*CySoZf7-q4K%4-ct9yN7Y-Q25g!d19Zz6ll0{LD3%jFn(W#d;bdr;p^?g(S*?Q
zNCcLY((RWlo34apmSSuZrSwTZKN^P850sdSa`fE(_(Fs6Bp;N`SM4je^@UGtJ!wPP
zR6A-lp#b_>{-Q8=td}y_sD4lnepf>5wW*Y_f$99VvZ<8Kj~b24?N<H54IX3L_xqR4
z2USm^D%QWvjSkK|=S<}h$ZQ*AK9tY1wi&JEeo#rJ6!@@LX-NDLuG@L5XbM{}(W@N&
zEN3b_CI;L4)DNmMzLp3M)3>bqyqAkD`*`4HD%E5W%)%&=IXB9$m$%`*KC^s+Jx9&@
zit8Cmp9Cq^yX?8q9vSq9q3vx=4--LyJ70q<LdO>T44n}s)mrBsOKkx%M)Ta3TUzk#
z>CRM_XJEmgo!qFgx^iJ&5sRUYaxft&erw1D)r|QOZ_UA7jar?4xx0^4QY==4`rN2G
z{Qb*5q*|J_4vPpW+{d?q$p0Bo2M%jn!f2!)D#qH-*~TiTf_v#H%sJsqs+-$^b)=LX
ziDhCV3<K`9WQvYwt(X_d?Vrz1ct1{fSJYz#g^OTRZ@1WT-rukv8>FS&HcKiaDQs#r
z?4M}W%FDXt0oG0@p+22aVgU;dzbG?tWIo*+f-v?)d5CzrOWrZ2xW|=7Slfx_I&$-)
z2OeLd3X&pX^NKX0Z~~;e*o_o4XnW>@tCUS+U2~a=A<bathx0oPqdWd_@^W|fVO1;b
zsKwN!HwN|o8Gg6oKC+T|u_rW<()R1?7AuLXNh;utkcdh|qZW_VQWzgTQ_%cE+jHxq
zYG9%khUMEm<<$AY2N@Gc2i^M_!bI_VX>;ht(q>}P3{LK7Kj`D89H&LzC=W7iJ}PrA
zwzvu8V@n(|GpKJ!p6ngvJ^Wa`S{4p?$46UUA`?Ht%Ai=E6j|INNJwUW(e2teg%|nm
zWJNt#ZEK3iADLb6*rI-Uv63mpo<zRe<Dx&FSgY%r8?|+oQsSs+JAb60FW848rpVxl
zI7(0xvXwo185ebz6y$*3Tnws`hzr7HYu4UpA#)F;_1q!onT&<rqu&mxluzZt0=>A!
z0l&hYr}Q)n)L|mUnbTPknFhXhcU?_5osFE2lu4A1W|{p>Y0<P%*#wc;&KrzQN7lkm
z_#pWe4^c<4I{70{pO?~pr)1l=_|Y|oB1>cGf9GrFk#Vjeh5sZ7tY;^?WTy~BDkVTB
zg`d5GZ+1f+IC(m?uS;a^XO}^ee$E&&cO`Y$|C{eKLQBHfd*$~waxh*{-6*!NulO^Q
zu>_9SyTpE=fh|G3z4RrRVZkG923vo=&Ks0*4prc``XagV3o;^OhK*Cd0E9JwIa<r+
zAqs<Er{G`BMtqG&@-z%u-E&t<llyh7E99S-c}4wdV}1LWHo*xl7o*(n2RmMFVR8mH
z+;6$yn01&K3f5(cuYd1z2Fe-u)93qBWtnSMVy##ll~~&HU8e5!Z+caK`;_ll6X=-g
zXB1m`@F)h`XqD6GpTn79nXXFun~LcL>TmK6UO|UUMtiY}Ms-i0myRz`_r#DB;8oc^
z{UYfgx`B9K9RILKBH?xPR_zlT7o*FL5W??CuhvG35ndNfe1kTb$ebqyx3L4ic4tHu
zj~UMPy9X|gyx$MGeB>Ib6tC$iZWjCc%E$a*WPxqgi!Yl@EVbJWl^tdbB%qRAEvFh*
zfq9MqU7+RiP#y%ZVd!Wony-QV%IHO~B6%XsX(P!v&5BEF`3A|Ka1lDKBKz6?8aBt(
zcOH8}L#t_xKc<AxL$g<x;M*u<_26RWmOD_kQ$T*G3)5FH*cX>e6xyT<nliX}W+Rb0
zlYCW{jW@{qlp#}QcV-KMWAdfl8$4vx$<tI9zc;vA>e2$9B>JwCFl@9_<8jP8WK8Ev
z0gc18w0twRz@2rk*+S_@yRFA|mNLvMcHvBsW*C;VByRoLAM8H9b8hjIv6i@bZ^J@g
zKTyqywnAg?1m<F4o+OsXZ({vJaA54`5F9c#<_N62B*xbX5i6=vyL)h~<?L}K0jr|w
zkqGm;i&up;JK8`*Xl2MhQ=$?X3x>Zw^+_Fu)h>zKTuY%XVlnV7jc~LA5`~7@Ni2G5
zka>z#jOQv0r18Jv^j5O_J><S(K2r8$X)q|d{*f(bW)i0v8{6TJ;AJ9)G>g)&RjYHi
z+u<M`ci|+hfpc}Ub~vdN{u~4Yf6_tnWBi`=QKY~2&sX?Q(k!sVQC`jUSotAfOyv;-
zholwL_Jb#I59xom!<97*pX>V_V`j$nJ_%Yfe+R&){jW&ejJARY*F(u&#z>HNkeoYf
zi2)Kgx*y&PF-&V^9<Zh%dwWmH+}|G2&V24RF(>XqB~4vI(cNztFUZ>YG-w!m4icjJ
zxkC(ZU*3%HqlFC1gC|vr_-3r(?V6GgXaX!-{VYLdB(y?;t_b{3M5GgsK9WkA?>!{N
z`(<9|ALeca56ju}9;1>ez*=U?eUoL6?`^y_7`dRH10W)c&TJx$&`{g4jk~=SG>01>
z^mO~j{d^X>s{U};Me|yHlBD9t+7`cZfG-ZVU(o;Q6XgEgJHWkh8ouBIOtCRZ0zUu6
zqid3sYkI2jy(S)}xb%Ch$av_dtT^8&g(<cQVoYZ)g}_fQfkiE5>(OA!BIoSvRYrP~
z?WNm=kDCGC+Vi(k=k$>rp7VI~ybOpY@gg4!ADR;alfJuVrf>#~XOjH~<#fiyx4ehG
zI3U~!+@Da3T|)ON)9W4f0+^u}V;`8I=T6P4jAxZKWAncjqw~<8nb^5JApj9Gn!%K{
z`z9TxLJw)h(r+G06x9Yar&21LU)q+aAo3_|KRqe0(?xj2c<jzs^xSG~F)KVORYQ0L
ze=qGTzxU-0e-jL)Y+MI9sZf;#oD<^%G_oOz%MSp$;D2$OZY#n8DhN%=%qzMOBdU<{
zKF~!94yJqP^KX2s#drcgoKFyb@2Nw6<y5kVfJgME*jYJ{dkM=w)sv3Bu8e-BmRkX5
z1O`^?YlQy%G5&sJ!+ymLh%c~9wJk37L|qk%jz!j4D>XT2=9IIw%mIBU03YKm3YB;f
z1=SbH2?ZI6Nd?xOqq_ut6wFY5PEoV4RQE~e*ZK$ngu?)C8Mf=*Tjk0AzR?Ku@(WYe
zkH;>!ttc;?oKc{dGMz#g>~>di^1BuuUtJ0^I&44CGfF9da4^Vu&nj~UO9Bp%fM;Oc
zeC$S>8E&GE?V1A$z`r|=PUip>;C1?k??@>Av&9xR7&5z&@;+u!1^*>Q!u*qmw_b2k
z_L<tld@nf1$hfUc28YewTNKxr*9Fzs&JJ$<31i>rI}ewaQsCjQHH~>8hv<{86rwZl
zI}a+PiI8C<(<BgY_u0ug_c}D}A$eaeJTRmV)Q*;+NQO643f`5bbl7dIn$6Y6FXbW8
ztKJM}m@wxJ(g1#uy_!lWSk5ekWUIh^T|bU}c!5yJg>>$rI)7`zta)j?2N)SR&ZhY7
z<A~GlwOK#T^wwFStXRJs@1L*1UzWD#^vD>v<M4V4hI%^KDVrc?`pUHPb157<N$dSG
z*!uj#>XTqCF@EX^=J(35=h6H4N}h*t(UfR&-cvy`*GCB~`qjs7zg_|N=_Z`HHV)E@
zz5)W)d5h!&a{nN@Hb0?)?j_Sf6o4KvcS_;BqT@rWP48?+zMb2e4HPGYCZ00+v)m|8
zm$-;}NuA2bu4132kmw18chGynR3$EY3qG?JtyF%86yI;Uopnd&^7sA-n;zpUVDBAS
zkd<j+q~Wwea?UsNDv(iw2FgUg=gEp_14ZH!U=`Sn7+*$r%mUTPH(>OPI_u8TIRpA^
zVtRVJ@R!lC;rNI;o#bI`zBw<=%N8u2%kJm5|G1hSxkRQp)y4`CI2;NH{AlA3Q&I0~
zaF5%ablsC`3!uQ)?GMNvL!S*#k3NZ$m3#}kw51IkMa5rp`2rdKU}~s$By7r_b>3Dd
zD0rZCMI%Nu{{qe{kXS$;+qhe(GSR$#?vo1Z<n@xe^#s?EQu_5)&*}~W7^N-BAEQe7
zo{lFtb7Ll0bKwoS-_E7%!k<5XGO7pb8!&&u6=IlDcmoz!mp3?WvSF?!8j>_@bK-M5
zRLmoMYw=lpr|(cM-VO(uvIHQWCD^T<3NV5J_BCv;S3ej`OIQz;Ok|7TU?^9&%bPr{
zWQjjhi?h2JW=dMB0s;1x>R_0?UhVkc`^sPHC=A#o3OnyE2`0%a#VvN!xjDiPi6r1D
zbbb?aFP@XhewB<RVN##A$2P@|#y<SU@H|d-ojroO{|itBK@Kpa6W0LSq~Xdf?_g#S
zR6I6dgN&)rOlee$=3CU1LKcJt&?@F!ahk#+q|k9nzBz4#S+`}uC(V>J4aD`#EX+%D
zHg$+G<C7PBwlTRjS?QFBcfkCk0(t#f;L4%&qWUGF^gREWFuoFgjGDv!8+TTUY@^oL
z57xCCZ6mOlq3>|)=cLAF_}AGFHq{zE@@`1cnFh{VHmnNH-a-_mZ!AH$%+N%NP$w@V
z1&?zsZ9n$cV)jXcYFl@^6ev@P04PSI3iiH%h#=VqPI3E(CTj`jEC4N!MX~fe{Y`}j
z1N_uj@p37Krh@KjlCigfL3xBKDk>+79YPACQwjYSeI`UIK!UiH0A@!y**-_gX`4{Z
z#~O)YVL}r#_Z<p$duh#N$M2kyKW`RBBqSJCvG<9xi(++IX{5GGEfkfN%}@3?Cwf$I
zoUHT5sY<{ZAtRK?aM!j0KPG+0uu4W*V9HM1v#p$bW{`XnbiO;uWcAw!tqRx~vILDv
z4!}l#4x`K%(OUb7*ss;aG0}x{y2`kH8W|2K?v|CNW9YaeIM^$eUdAY+pd<0EB;6Lq
zO4l^IxWb>Dr<tJ~otKtL6zy*s%LZJP(D(&9v5j#$5u^G&ka}e<vCMq7@gh`lDbSTE
z9D0&k+RL-6dWt^6>um%T5cU#3o(0L#PIq~@dZbB<rshYvtP0i_%fR-$WE2eiJOZ~1
zJ?;1@xyJiOgiCwO3N{)_iK0VIW5at3J@)A_-8A2qn~!c(78KB*c)C(A-gQOrfkQ?~
zRoF?ql0Cyu0`Xz#@rP2Sv6<Ql%0UC<$onnE-Vx1AI5(j2Hm+aAR<o1wrv;}o>$B;)
z3T5#RvrE>zbC_?RD~4_djPV;3wKLE?CzI*4bK=Z~yuzTaRm`QTL{_IDa_jxO4rI`6
z%!Yw{rEg;xd(%l60R;wvy;o)17oXiO<;Ykuqo_<dvt)hji6I<==Bg+<ehhCizgTe}
z;t|G^&v3DyVji7AxELO+boDybJ>p8x?#{b(APGd`>R>b$H*w`qX3^%9bTE@j8ZaXK
zF$#>SDd6M<&~QPK0d@64Z410UZX2yWm{FQVpo&1{)5-xA?&p`kczbq8gAuP72wGbC
ze)kVtH*WEh%f7@PLH`>f1((5TCTB7tlH+ReV&Z2LUKT_VI}1X=C6+$AnP;@L)u><P
zU4*5r0$+Z~5L05eJQn<PYoH{?S9)a>i=zq>99+$CdW$6Xoqd-T7kR0HmEVKcKmsT)
z&6ve5qHBifPTObnGw3(L3Z7L5zkN37PW^NL0N$@=UGJ31OLbv{gha!;D8`oE^f&!6
zyw4r(kFHuipF!ciNlY;R=nF^9dgPVUW5(ghG0w9)E6A4WTiP%TpdBd~C{;lxheIZ5
zm1r%e7Sw1ayMZ7|v}7lzKeYanJ~cPZCaZYQ(h+Eyr>Qa!G`K|U=t%Vhr?_w5(hoEi
zPM47-*CeDq<LZetXqhw{!t{`P$0Fw|leG(v%ui-}i%CA`(`oE$pn?NIR!0X0-d&JM
z5<61hPyK%BUHm)<r`BCHM9!Dg^;-q9Q-xDzNz0eknL-wg090<Kvc1(e747|iT2oHy
zXUEUu7zbYnEqXR6L@-D{h2V=TJ?-^I?2`O+NL7EFu620vz41j69*W$xi;=A@HY+lo
zE#cP@TwQfuwpRfGi3QeKJh(4mimZhsM9ml+cJ(yYM$@SvI>(Y1gj1O)1uKC0$GkEw
z>p7iK_RlNbL6OtxgyIlCR4gkr7Gs8#2}ViYAAQ4dzyCx?R<GD?C;@6>ynr$Ieew1|
zc={o(ko10qOW1dP%&xB_And@-3ODNK1&&VW``&}8+i$qYn4z%dWEG5Q_MKSFhGaqf
zKo0RBEEMiv|BuED|8j5!p?~*tuD#%20{?J^F`m+m7lhaY{N6~7a9EJQ4}P7nmYvEG
zqOaSR5dAy+%TNG!_?2r&l6Ytt{?9eH2P^$0ko<DazNa4Vnj_J&RvKE#@k?FB>`<Ka
zd)Rm0u6VYY&<ru<UeDe(R7@`R!WZiA)wEt#_LfPwzqEVt;n$J<vV)qmqw0@6dOE`>
zhm1{KlGuqmwh=O)5-h^4NHn#i#ioH1`Gu&(V0kAtpgIGqfgaqiAl@Rt4A|0m%{QG>
z)a$HZ9H=gEDdZVe+|Z_T{E7$Hie!(sl&7Ket)3$MGe0@dZE*-vo1kA&mk6Wi%4bg7
znG46>e1yku-+8|W=h4<zUXCL>_zDrEgHU+&)YtPu>o~eeH^Jt1qzGkiXZo-?FG2&j
z&dz$~u-Ktbe>$Y~tM0>Fj(nT&s62ef9x&OUVse^=Q4&X4+kpm4!H0K;l284s#^p4A
zQ`yh|W;GC+{=j5SO<`g#bjawLyYnl&6~TFlR}?pi;j4*w2iBC#f5!zMh#V)^PBXKX
z#17qiJOoMP2j^GHs#&<HWCw`hN8XuG)m@lz`lja8?AzzJn1MW5blk|f*cSPY#Q1<{
zHuT8~iaHr}K<C-y?yUl!ICyFIr4A&WFrL6tn_If{TA(=90R9%Zj;d0KBXlJea|S((
z=srgU;h~-o=p1z!9T9VEyxdA%=6N-`?`Zlq@0qD%Fq5Q+;*@JhgH?)aPhQ=<1CAo)
zy>`eN>SZVof6u%0ewj}^Eub!C)t&+*m%!7H9IB~o%{WhgbMIq8C@t(sBzCF>I$qab
ziH<F`vXNboNb;$Xc2=M+(LY<C?QgFpa-}!o<TRTexJuYdYr$0nYPlQRd?xCwaDw~+
zemS*Q<i*|iqhEPR`5h1SLuGyAhxSVR09RN%Kgw2%`E#i0HW{`ewqI=Cl1w)xyx?O;
zZ!L9tez8s#`>~*0G0WhN!acn9{xvY`ynjL)<KVM6VfiJS3Y}y79h(Yuaql+m0HR;Q
zIU78Ew(hx=*#XBR1G&i+bvR#bex**4<F9n^%0N2v5>56VH)%C9Fp%z$@UvGGvp8FV
zL~E7$3h4@EEz8*ZOe)ypkQESw1=2|`$+YR`8&0+Ony~vxA0O?uJ0ZK=y7Ov2F)QJQ
zx^UbyL-sO$>?O;4yvpEY5Ufg}s}8hCI=mP5*)X0)%30-oH?lK!L4P438IouUN{@ng
z6=XN#TI3Rhy`+pL@Sug0ll1v=z#+gs5atrGl@l(%_zqZaZDpzOvgvb;Cl@jywS5Yd
zu8#vr)$vS?lmfD`XD76JJp6)WlP5EakkGfXt`SQ3Xnxi=F&r`<{~g|Iq6LgY=6+8A
zaqIEL5IeP{$&HdW@}^xiKRq|8>v%;&{=3<IysoluB+G;Yw+zL++~>f{s)MXc7=7H`
zDnF5f#4tdwE<>_NW!=I!15i7`gyzGFy}4_lG9kdPx~p%-pOqgq8-E}*-47Y3+prs9
zX|w>P+^A=tDTk)hTKyTunU@K9oaoftI^20npb$2ZDGv-*!M3A+8w~-XDj>kj0b#rc
zGw-^k&(k4iGfxybUBI+sA4d$M|7=)g8Gng8Y#VDl*W<{RW1`7jRnXk45<TK^bX=x2
zO<UT4lXp?yRo1wC;^FZ&6v_J-ZYyT^CC@bAylhnFaoy+f`v(Cg?LvvxeY^SF%SEbE
zc_+g8Qo8}hHjiBr;`f>lydHl11fRe6*2iM2kLnG9PFe&+nn|>3olm4Uk_2L@YxE^>
zMXKlab29;m1Y&j41e7jyS~bMvP2PNU#)Zt)FYg&qXc)pXPqljWaLAq;zD&mi0mfPU
zED+M%y;KIx^)<6M5df-QS{!YUPt0W5ffA8#=x%A8kiXHZf1PljX$c1j7_?XUy80<M
zkJVjGj_%&JNJkK+*SUaXlwh=RVh((|&NKf&KQTTp4pQ~`k{IB5Ki9;Ap1PI#?nZ!z
z#K)AcXSuOrAVa+rj9}?>%RyYwK_;?a;V>@LpgZct8a?_A$PfHz8$X1Wlk<{e$ixE!
zF0qHkO)i<Mn<n#CleU92B2tJp6M&h(_Pxdo2+@QI2;Ps_`hGkq0tAE?FFQ<U+YL>M
z;DVL@YW3^hG&v&gJw%R<dRv4c8o5}>Gk$v)zKiSUwJv-m1DS31LNr~df+84k1Uj&y
zvRKX)s`jH<wis|Ok<EI#Pl)iaNICJFpu`%)ODd`~q2#3B4VvBGb=u%>qzv52g}{u<
zB;f%9A%6tyj{5+7kBGKe<0h$sG!R#{#zKY*dw3N@h8=BhLqYHe$v2oS3(Nzg>Tm$_
zO(P%xWx|IinLywNdK~NxysjQwP>Ky#GJPt?iq>~?k#h`)gokbJY{V||CLl}Q8Ii?(
zqq<us2SwvJ=K8AonytG>G1n6;a~w$Wnk(k&cft%E_&GUIb63h}pLid*%{xxFXF`*R
z<lb7*mZ7UVd6|cogjnfSvvGV<0-!UF-R9bH1dr_&jZUCnM6LKt`8>~wr~W-<Q+u{R
z@Jj8j-w7;5pHlk=h2mWR_||%=MKR%I(u*N82I+{CN54G4ibZ!=zHC;F$~j`ULfUHi
z;}XHX{kbf)ZpQul+K1l!EI%RIl<0wdyytiKKba0NdgZ|vdF1w;1S5mK;>PcC$?Yxk
zK<^0erfU`js!a*Y%V(-$KT~4ZyTztg<Jhfn>{3)aaG5$hfg`#POEI7<n3zt+YKDqy
z&q7d1@PcQwB(L_d?Kjrgr83Oa{JSC-*X(i_q{t~W^Gm!!?eQ#om+Z1i^7HelPaDfJ
zdz*RC=k?pLoFBh*ju^TjIN%xdOwsUp_6xXLk0vQ`FAHZ=ft>P-w;AaY9QO@D2sD~I
zL@~6<OkjvNo0AIMB)-qE46jOB`2<T>Go6TS53+!TT~Mjc$htqzjhF29^3eS*=GC(@
zz+1|hZ06znTh@zDc?-N3jnrj|ocW%N6dzEqqbjw`;*ZllxXK<n{u(zs)<IsvkFKhB
zyBb=?y7;gK7KPJ~2>%eveh}dXho3XiU&bgG@bE#=MMKH1r@m;MpOC$^fGw~d$##K*
z4^9Al!<Cy1U<mBTO(p<<jevlDTt7HBnIYyT2oAth!RkjLr85%~=9<>lnbR5|v{x)#
z0~Y}B$%0dX%XwgLjg9*|MaZ~^Z~=QOm?r@+%!f=SxV~wJ0RCdydVK?4GO)@xU3aOc
zDoF&`nE`FI^G*-J*?GjM?8hY}n8p^t59QL{0=35d*xH3t<i-tRVby7H^Y`n4aBiqr
znh9dl<>SG^*QZ|V!GpYAr9+Ix#=swQ6~j^7ajSdPy|LBxKELYBYeX^xJ1oDg_&ZFL
z>RM7l`Jesv>;l!U2tLw!Gri?_C_&N$A9**`T1D4@cl9OrfU#l8;az#2{8aRB^}Cz)
zs=s9?A<1%4R*bZXBNXG+nu#g9%UzS7f*uX)+dr#1icS9zPgHTIa#H!!+YZsly&HG9
zFfjVZh8NK=gv4{QVMur(tV?<NZ2}Sw|Kk|P9J5x~_`BNW_!w=gCk=}^w9h;4eL79k
zy}4GsA?lMM7vo=PC7$vJ>QuaxAE`FQy&2~6m3^O~e{luQxU(PT);oi=w3y4)t}-VW
z?%}S(^_7nPM&-5hcy<C(2%PfihQ)e(UmJp<xKdoCg>@fX3-;pMniG_ZpnP5eXHjHB
zdijClI&<%DP)Kr#>pmV&ZXbY+puP!Rn4j&Gj5tC+qU;Ri5sx{EE_zc#x4@Ii64s7s
z?TgP6;`yN_kY^KY0RmC7%<I0H1&PgC-nkdnQ|9CpZOcWk3T%?EMcz{Z8zJOoi^isu
zfAP~-T>y0NV!q|B)8gh0l#XXae!1>pfOHLuYZPF?u>EF}LnAh;A8v+4Z0=1-!BP}K
z=r91FHR?H;F_5ntVr?A`Pd39|h6DWE{~MUegnt1G0LJ<sv|g-^c^y0S4<#zMmFigf
z2A`^N$5q{)rRt{GpDbKlIl~|tQRUWFY!&?y_I&x>SDOBKjm<b2=K}afz`8go2B>m<
zaB<j3yiOwzETw4}j`$33RG<P!V4dEB?ZUz?QxgrX2yBAa4%52B;o1{1TfDMaMeqM<
zWo8r|g!`%Uw%-(dzf2{*u`#G9jX?E$ADe?wC2felQP(KKhC7*H{EuuhGPU5@Vc**;
z298e7#XOrKZsZt=`O_SoU-e>%vrohQaaF%b=qW2JgZJHy#J_nPBV>F%<JL!0<$i>A
zis&&3en*tL_TyR|G4%6tqeUYagO*7iqh12@34MuaB0SX<J!tOlZQxqQ0OEMkGlG_k
z$Tmb5lqJklJ+$*XG_qO#d?K&o^KLQ*zG<N|0&Y&8eAdbz<+YCCHcEl-`?#lRX6_t^
zcSCmVq}rXCtbk234%OnIIQ59}X#P06YZbO+ljXP`y7!utO!oXy=wHlSUg8hed}eP5
zOpo5CrgPnG2*_-I4jYk-iG(|*he=fhG!|9q+5rvNVF62L_h24ElDV#MZz&F%9T50L
zS>l`_Q_a{KfzZt4+1kHars9UJtsQW`EJVLrWiy`&`SclIj3f>2h<W2*(1mk6T)NFJ
z2=N;EWsNJBTqKz!AjBJ3TKB=l8)sri-TuCGnOTRiooy?@Z()1f{?7$+aSMe02n1^P
zNE+`eMa}eE?Sr#198@lZnG7?}sWOvgK~O;;e-H~9h5!u&QSUkQ3?=ZKnPq{hA4H+4
zjQfv2LAt4o;|tb{+%b8`V^dH!)h7tbB%DVEp0hqfe736ZW%(#g_PbD!1~c>)h7J0F
z5H(7TS*?->l5;Ub>8?3LRL}E42P?i#i8ahn9Dyi2cIXGRWsv6Huch?kJdkAIo_Q}Q
z{m=RvpxcRTV=-iSUSv0opvI$a$s1^HPwSpZ;36^)y}muMrrmJ6qY2Myb6-4yAL5u|
z``!)$U9XdG*2n+Q%>PCw%#;pgj^m+oJ=fiQWZcb)W;*Qn4EU{!ptHk7oJjvO*yOK+
zB}}K>gr59MhS`mU-<(9L{B?w4aviaP+p2MsNg!^HRYqBEVpg30PGiIr<c2W&xaofn
zY=L_IQ{*)l%nlJIVYZ*LAe(<>|6A?9wEJ6wQCbX(f8}yh`yXXoJ2wA8O!a>V!TC=z
zFo8S&%VFF<nDgfSTOiMWEBc>Q!Ie<>Usd_PimAf90jBT%Ctm3PlbBEck7Cf2`+F-3
zfkVw#C!hC%`j#b3J@Vdn#1oi$h~{{}+2v8{`PUe|!6!NyL&r9y3BJMYV`j9IkfOrz
zDJZieWV3zXQ&p*B^`4iz;;wW2>VyiyRH%uC$xHB}qrx$Rt`OqDF<qXk@t}Jlk%bm^
z?3hyX*xlRpL;=GOrInKCh)NO&MvLp4o`dpU6wvyEY=j5XZ>PJKLFSZS!k?-j>|@{G
zVo19*3iZteZE7{fv(TD<eZ!~A6=XK~<h*bHvfX2>v9hs)*!7;?E{Tm-%=RYXo_bAg
z{xDtRdSj+n(Rl<58ERC*ZHvA!Rb_CzVp&8R?kK`nY`COtq@evVQXi4#=lJB3?ZLW>
zMP{OX-`CP}KImY_OauOI;-kh|;SaM$6OQ>1>E^K+V@(8}3c|^e1FFS4|J3mV=pu=t
zSmckg)wj5K7OtM1mLG+S9v1~#h`q-Cm0E?QHLE}t!}X;zS5-FX#mR6t$Jm8><V9Q}
zfry#*P=m9#m<+t8#86WIV`5+u%YjLq_Zs=UUZcXdbJs|zjDYyK=cd&l#lFMZ;`xS8
zR}GMA%+pOT;H_tnY}KesG4vq?d)_Jhr<pv(*Ay;Sg9TPQ_Af*9?Ft^%Y4K)SC)8_A
z4WGAIw{kD*b(>%RjI~Q>DOWPZ&K&qSMR!u^KBZaamRI#aQ~_=&PKN16xEZ?}yL298
z>2!`|m8SKFUS}#E+Og7Tfz7#ewdAUL!K;YG%a|wPM5+knKZ`kRZ`=RfGNi88wi`=z
z-+574LL@;Y;-YrflJ;1bzB>ofloqRKBuA$+;mdXn9lsmsG%=H5tX}RltZuM1lLdK{
z3z1DX)8Uh4f#UtUdH9b80851#z0z{AGgjJC`_MR?XZc5p2mCaO=i1a?TYn^#akwfF
pQ*mwgyD=uUJGtYANNskB{p&Se{Xk796ce%vkdsz=St4Z^@L%hacOw7*

literal 0
HcmV?d00001

diff --git a/adfs_rp_endpoints.png b/adfs_rp_endpoints.png
new file mode 100644
index 0000000000000000000000000000000000000000..ed3beaed7c002c21c9a43ae5d31f615284e89a45
GIT binary patch
literal 8999
zcmc(FcT`i`w{DO_P$7tblpsX}6a*;-P&$$XX;KeD=+d@yMT&F~kQR_GK?D-%Qj`GF
zL8J+Yn<}A+H0c7;+YQHa&i##d-+1Hx_r^$e=K9v&YpuQ4H@~%K){M};s{%U<KMR3C
zV5)bJx)2CO8u>eR`V<*K?kkT&AUrFoNF{wQiX~h}T)!ecYNq9V<LA<+vR@)*J``Vu
z5^0=*-h6qB{r2Je83RQWR3bymT4mF*POc@b=yjJ`7#O9NU%j6jOGgO_yiXKS2%u=>
zJC(6#XRc6Nt$U<lnQ$KgX#^k;Rv4t1IvNTI1R)SnIK+auvKkj_fe4hNAmo2o+OI>v
zAz$1*jyYAv+&}!xk&zki5+2GBs?TsJUOgOJY3(=B*nV%m+`ejevBDIJb}-N9$N&|Y
z2+Zuvou0-LIR1c2uUd|LO)Jl#fOCPM#hj6_)*~B75b*Y!GGWCQCloWzvZo8ScIz6b
zK5XZ>-ka)@M<2!2HrZt|Q-+AOCEk>w(?mx#>N>&l%Z<uj8eG@GB=I#&%DqprW<v(c
zpRQ#KTvT4ws<LXK5ijn3PzWy6$<>}I$^##Zis8(->}zDUt_jP`uCMogx?FHq8XMOX
z-<JRJn<~_F;jVgg>k76=c~yWp&+PPhuK*H&=$Lh=)UZpI9i2YoXO_WJVnTS$s`Uyk
z+{s-=DdSjq4w(3Le7lRUcibJPw_txK`JTgsd!zv(>w3xh`hh-j_o3DLbQL&gmp4I)
z9+A&nsPZPLCQfdc6@Uy0&en*YZ|bHE5K+?BBr0gjSuk!C@YZxDvJN@1Eu%L=u%@{R
z%hC;?>{H7zF$<z_BVNP#hzGuT`>nA=y8QV1+{z{nO_(=HW7p(*Tct91Z$-yt$uCs(
zi`u6f8df3df{lQ2Fe>$;2Yb)q*khj%o2zeyO>?6Qy(J}Z%j4nC-#qGE)p;e0?j2)K
zR@&2KJMUj++=gbN&|yV8jGIt!4}_hqfCxLXsL@A4e#*|J=`~`HstggYB(6twK5+$|
ze^y3?p(vwlL6aC1Whnq*hJCxj0&B!m7$O?+p)cN5Q0{16%5hS_92ctgj>g)8yhaGs
zcR;)~$lHPc*BE=n8)eWBYm|d}d_MT>bTRCMv!Ks=)}whflg7lRvpLj5&l!4^=~{Yy
zxB5P02GHm!Q;j;_SC)kY?`iCL$%St@dCo|CvbE<5re+HHT)`BV@nWFyNOk-SEa9OI
zw<__Z_?OYS+d1iab#rAmWy9vHJNhC6RdTMnFg1UE05|nnXWCcXXNvlpA`CihE3wxd
zO(n9`(#IH`1m|dOOlG5VdeemLV-ykg>zT>Q`Lbj1?zgC?%g|uVth<M)dv-P5j?S+u
z@TNpvUl#mRJnkE9=SR|`Wa(ZH7o<#v!Xur|6y4L}9%3*wVrt$jLej!ygb_QberTXX
zvPIs&EeFK%XI-y)aa5%KbIC+K)bCxA@C>HIQ8%x2C5ZnqgLm_tV?(cEGtHETJNK&U
z?r(}dyH&?*e{~HQd@ybOCLe@1IDXBgVQ|zNzx@6FmC0PkWe8~hDLnYbAH(_a?;EFX
zsMNSi(?(TA8svkYX0ZesbhNa~qJZ>4{jrVVs~BZs?9_$Wk}E+~pW0|s3W^MskH`M7
zH+fBsZembJ?9C-Mi!LO6w2_tY-f^1r{ZtCB5|Zq-E<YShOQk+FRN*<ygWIZA2~u2P
zaZr_g+}Iw6NO6b@f*`z2v!~uwyePb*rwsG4lw#Br7AKCDR==X=AxQ|7i^f)qYtVSq
zL=4&81ecC3&@ZX_RUUF)udS~;+Uc^Yp-ZgOye=ysA*<qV(rRqKOn3T68cP=c3PZ*4
zYp?l6d|~@ttnu(=+zl6#B<ku{ZI?)!6Cz9Lp6ZAv<qte--cr-CW;<&ko=Y~ASX7Qh
z0`I@B1o{^I`~&0_P&y;H={)X03BEFU=5OO8>N9SFpZDgB0J?B~d#>TOl5w<~^6uYz
zu~Z@%JftbkUx9s5fOpqq&V41d<Poj(H6+1pj4&Cfg4m$7GsjSKF`d>s)q9|qD{Yn2
zs+K0?cwBZjT`C12kBW!%6jrdY&{kPaj8G@O%Aob#{eZWV#V%gwxi;Z(PMo4-M;^|F
zj#A&+j`ey_fB5EU*dGqlayTH6Ic1EIkFNdAXil`cdh3JY2pZKdvgMKX#|aefvr6`Z
zNj8>J0bDSj&V09aEojB{N9*k+uN$0gFMYWBaB`=f@pV31DKBVPR;{d#M={@hIl?IH
zugVL?12xo5D|~tJ{cLv_mV0<ev4_cIA6aiZFD&7>tw}sc2+(czIOf|1j2^ort<2=R
zHO3=5Pdthbtgq)d=Q;ChWk8|cPZRI=={L%)@9Jm2x5bNL5U%D0?av(SX)$1XGk}zh
z6pM0WV-=~R!aomNg4P%^sGqkkF9=&<m53O_jOq7<x*X>uFT;~78J}s(y*w&V7`T-l
zqo4KpeyY#lc(PhwCb2Q}D!$`fSas1n<e_E{rxwEX{5Mst2cx{WKV2)1SMR>a@19V3
zdW$jP+n6;@cr`Z_pb4FI*k~~1#{GgSPiXaBz_l`BP5kfUb@muxe4V;JjKYd=sR-Mo
za<vX?o#CGBui`HXoC+n>2g0%z@+o`}Lb4UYkgfu&iqM?s<7zqFYu(-^;-Xd_hacQL
z=0#Ti{ntD9J5P@&B*zS<#iPFR^E&J^U&lIh{cLOBusYuQ^@lt5ZP+E;PJvo(1u3?K
zqOe+wBx)d6t^hhlnY#^daeUYY)(P$If=@z5o${}hj~o*SQD!lDlX>Tk7<AbN0DL#)
z9VYDUcl9n!z3;`F4;&_J>c5NiIoY}$$l;1I=A!EILN5_5YX>bv!D-}fXK<6OyYy><
zh&#_-e?*H0AI87HV}w+cA#Wb}8K9w^l2Q^s<F%gnNAb+aV)jF)Y_H=jN0$Dv?tS3n
z&uHH~Orjmh)d$b9@@eg{E_BR5hLc5*gM}u^MVKEf_IVfagmnJ~er@G_!B{I}cg2n;
z#}Dik(m^Rx2Jk&_XHW;uGB?xfR+%f3SCi5seL*$GH&4t)T!-{U!5vC3T>b0#l@k;A
z!c30x5o4xY|9FuwOLWsMckhcjylo8F#xcFzk5;=|-VaRBgZKE3w-9&J>(MLi6DkQt
zh7C9Rh(!a*BvFi<M8qsX<(*D}@8X$ixe`KQL4kvg!L^oi)*<CB>f!v;jx6z;eo;xS
zNo=zWNrxk4DD8XiZb3jO6H~eRQSl8#+mt%%tP6Dgp7vTWUX|DsZu|0Pz&kfCB;=GB
z<d4IemL>v^pC?b?`lvo0h@5Ts>=hY?7r@~KNUV`LK*bQr(m`Vvd0{zS-)m}xPCRl8
zbxNBE3B*%eg$LrPAWSet5W*zf+w&^*>wCIp#m9w@<d*nbN?C^1Wp-GG;G*Z)PHV5c
zakb{tnSKt(mTzh8KTue1zTl+bWIiGMNFsxFDwlff?!G-@^`Ja0e|ky&lTMPdtxcAH
zH^I4c^IrHJcfkV)i|T=fre-}?`92cWRWf1Nk)lnEz8@Z58Se{~`?7S436{(nF#UEd
z=_N_!R%Bik<*rAd$P~K(9LmJ09g#sd<T)W?bUGxoGRWKKxTFMFl*q1R(M7CIUU+}n
z=PvT-(+|5<#2%aRM~}-W!uXL&yp{hC$rM>dkhxc%Kh|C$lE0sNI1&AEu(-F{qEk|N
zdwB}<p+)vz<*I)cyXwYwE*jq|P-$|>ktc3|?}gCi&{H|KUwm<PH)~Dr-U<ypQZXB7
zk=Omg<j*Y-k<iGBV&o2bk*`qla;j2WfO~D9&{8cXeTz_yQlER7JgPVCV;Nv{b;)ay
zZqF}^R^xeFf-g`ito|g#(k+OnRSe`+*%vG-d~SZh7M~O!W_oRH$sTIgWswMqhRy^d
zkW3NL=2(;UoWM|X^`O)8>3DY+ew!)tC&PY;nN1lCU0)`|A34<@nN*yU<;&|DmhUOZ
zcb1fP(w5Sv9M^Z7zNX)}<WcL{iKe=7g-+}GIt96F2|Q)<jK-vUy}MwE2i>!uv68<!
zMXjzX9sbN*Cti*`WeCB<oaepG-cYf}`$qGl0A_nuHz&YiW4|3T_e}DgN82@cW#heQ
z|JOx!aniQ}6)4Y2_E1|{^`?G{7hsXKYBOdjMo-W;m*TkRjHVr>XYc7C^641~lB;Im
zv=Cv>5Wtr{jO@IJuFbywBd#!Vur4)`g{f%l+U1(IqZ+5U=o!SLoQj`MMVP3TdA&p>
zeAA|$z7?An5`fFPwW&fLq#;<&kThHhfjg5O7c{e{#`MZAzB_jR#1S%fhJp|sCQw$Z
z;m8ADqfHhO?H`+aBL3&d3YPxLfy1YjDZZeVv>-N=G7sZsE@N$T+_~>poM^dN$6Q-q
zH=7u`B|G@HF^>5^VVC1=?~hpKKXwl$Y83*$^Vj@cyt3jZ8)&uR?HWaqyeN7UR?lR7
zyxEZ|ETX+tA%Xhto10qJ-w$KCL1qDm?6#%t^D}cz238a^&<LjJ)V+Nd?Lg`SMPR4#
zN6d{o&xi;K&q#C+qd8QYQ-!vaq}@`=r1Dj4`CN@h&<9agN{e4hZZA#O6xv1|5;8AM
z$pv?1FAv>C+j&lY7Qq}`83_r{Pdd&JHY_|Q0%LZOh!Za-dobCJGl59xi8E7N#qggv
z^NB~J^bmiW;uMhvT$#W|_aLiPuwEu`B`{DN<zP<1bdAIr=^z#1`R7g+B@>KE6J)~P
zkg+QnxfzeLtOJj3+IOejlrmR#`J%nh_2e0pRRE;9ImSf^fBe2-{`E-zj~m6?-z;c^
ziu2y~C}lNO7gX0)w(seqK5>Ks>erAy{$FKf9X5N+8ypLOU(H7|iy1D!0fAm~wafWl
znpC-r=|R7{?LuuitgAf)uwlycXTYN_k(%Ayqc*PDTzdH8!3e+RC8VAYliykV!?}{@
zp#}q-cpEHpx6UANu)o>lawetw_N!BGY5a>XX=j<qCVu1Mtp6g@1AdyJ0p+vSFBWAs
z$!nX*(@+$^pI7{;J_x+aI0woXzFT};`u;P#h<@wT@Lca3e>gslIBa_M$8BQIYkF8i
zPa!>4a1AKi=z6U@2v8a5cBBPeMNWC8OTZtxa<3&u7=7bU?m;4qDsVKdioML5ImWt7
zc(IO|%sCayFrX-R@us_xZo8Y@@t4?z6b6qzk+17glsbtGZ0!@YA%G4OJ`}iwVG0GV
zBBStE_qdN0Fia?&r?-h$BX1Mwg(LCw!Y37fRfZsCI3+z}=N_>}JsFjA_Q<_|6Xt0c
zX_is%v{Jv^kil+3hy3nl=@&5kXrXFv`{-y*oNimB#Lz{<gzA&4<I;z3zhdnkmz@RQ
zd!D=8wr}-zf-B6&*@3^c0`tP62&tE0+S|7YIWH|rS1I_;tX93DdGkUj(57q}-=8$J
zH9ygCWV||Mxow-ZzamOJujyB;P-2)KRK|WUoH-PL)x3yg<==hWc{hs1tIf|BZrBGd
z^&=5$5pSI{?UM%d#?C7bl!d;NdAQ(d>U!Hk>siOuj(2Jo%B$l`)kQD5x%v+GI+BX+
zU6D5`P-8r!TBn)J5}|}q!#&oS%gu_eovshY(`y>(t=`Gh6V+c`f2h)_UdD`P%V?vF
z9Uw+3W5m;6L^5CGtG!?ACC>>7ff@{~s5N^8t%a<31=6)dXbsA%5C~z&pRzytS=-xl
zI)WZvzo-3cV<MpHFn*mPBBv+*E2~*dl}%Nw5(IGI!R<}I*1+gVIEYckRDX*<t=<_X
zfvG8kSDbkx{3t`{10eJW>q~2G-PeEJK5=x&AW;H-3gLc1F@K^<=v_=#DnI^K#!HqL
zg9YzwpWuh*faPM|rCsDk$8{~lyA>YXbbSTBmdz`_a_5(g@%ROclnBh0rY5pX-iAtL
zz_I2gYO0u#SzY~%*0{T5O}tP$U5_TR&srv&zvk{ODz;RFaRh%=N#Rvw0(D(qC89E?
zcx*xHV0Umx1(mq)ara;~<HJCKv#dJp`#*i=*A-3&Pa_*Ehm*pvEw!g5+a!ktIjlF)
zw0pLJ+k*6?x%17%mqn_~Rdm9cQQQJ#;w=iC1^;3mnTN>z`E3CKfed_R0lhFEA0Lti
z)Ya8JA?JS-u13oL=Ih_2UEYeQ7+W#FWu{-Uzbsl`=qyR|(&3_Hv!Ni1Wg6F;*4gDf
zow<3|OjTd}u!Pa$gZ<{_k@E8C&9Pcl7jCraNZ*UF@7Xi`H&fo$odRzo(6ydF+JeUQ
zpJfeX{h=IcobNBVoL9bYo(k}`ji&Mk+74NRYpbWVYE6xBrVWMOvO4yxp)w}Hk4(E*
z>}538Snx$!#3L&B02^I4O=aS(17SuOO%>oF%*=6o^wR*7xw}*?{(+5OF5N7B7}-4X
z%K08QCR`FG6~#5E)E6AtvU6@kKRd!XZdz^elvBZ@2Q6_MvJ725=H4!@U6<<ebheM?
zduD?J5uWM1@xe>U{lb3ka7%CrBjnz=DPFb23d4La^zK{1<-dHZjvI@wH}stsH<FAz
zL{8~ejo7M^MIe;V;|C4hCsLqy^C@iWY7Z)4(a3okil2ARW=#*M1bA$_2XeH9mdp<h
zi$)kpp7dCX?UaZk6C=8Qm$jV0FB*qz_pXqjart%SiCu?CLT;T?@)e9n`YV8FxzjoA
z;2lhM02|CUJ<M*?K=P=Zrkl^RKag#Dj3@i230~~mr#tM>^Z}7^+`H#D#(%&yi*w#G
zX^SW#!g|fC=$-iR54)1BSdEzhVWeJ9dJp)EQ{re|cg382k{17@^3GV7UrcMD!#jRj
zEkvz^-6gx)?m57|*DbF+16W#DCJsbESr!;HAK0+~9)sU|yg6YYX2M<VM{9$2$Zpir
zdehwZe78e6$L8u56DdkMNTRY}ffUEZ?#GGjQ_u-_o{i#!H_7INpuHvO5;fvR=0?&{
z#q;68+_PKVfxEZMkc=w#xx)r02<M^vxNkkXBH_<9?ehm&9nUhPR3}MM_S(fzx!k!;
zAXO~>8vnTy;B&(@eS&?E@pNTZgiHkV7R$wa`l4;;a6CZuw;Yo-8FdLm_6M?0;8A3m
zo;fbnR8>9mf8qXbM<9#zS+Ka|U)f&v`Z_B2s?$<v_Tl#X;q=H!#Hgi!x8Ghx)qcgX
zzq9Kt`ZaI>^)+$w2m2Os|Inre9Zc?JUSBr);%aP*e*o)BYIfI#aPp_9&4}5a`_YF;
z;~`7(I^i7TalEcpR9su3b$qlrAuarjBe`;=rkS41A#m?3XlPB5FLme>U>2o$O~R{<
zC<}Wt4|w2Ih#ghVP%-BWvmbcjsAf2;lXaO!r~Q-arSc9_EzQo$TcqAr!siKUNf>5+
zq=bAgA?CqJH0_GUsl=(6<P_Voa7m*`E?J8=v2(<1hHh%@phuPupKyE0S`c$z4VLoX
ziD;9#Qrck{WPGBjs;X6wcAq1y9*OG=JDSC$25G2!QIkj!wy!28&-Ro@Js8$NM7Q#&
zK6&<%)Y2D>X-%EP;zN_j8fqqFZ=X*CV|G@d|EU@-X)~rp6z?B)M|WOB%G4*a$rN#X
zstJ}(uvz?7@x{<~XuiTfhfn9ch7>rOud4Ty$w~%XxP3D+SudQwrzjUieM57|*}dt5
zG?kA#)#`J9{fv?+X4zCJ${aos<6Rg>#E#yz$6fhP>aLZDAUKr~FpYpi7F69?(Aiul
zU@yts6sZ$lfj8_g-GzbVRruPcWB$bW_~6^b#Kc7UB0;432_=4)gnt*vi}=-QPBQi{
z6HXRz@+v;!yj^lpq+saKgLUFhsWht35_D;nLP=4j-RBIf^lFatHXhS{;gyeDA_++!
z9Zt^A)c8Hvx$}=2E@V&kx7@Pw5hhP_^i67x=`5)MOW<){llG)RL57-){qoU0et3tN
zXU-Y!VF}EMqV{zTmAnEMr8(MI)L;bHXX@I;QM<RDo(UY?CT>OyHYgILo3kEICW}97
zFvVM5V(BOb@lz9AoGGiy^w_L|9Q&=e-Iw6wTaRnV5=?yX-sqr|4p$#%6n$K(la6a=
z&Nq2r#N98LVsP<R&*i4t?d)x6+r{1}xch3xk>mB#cid7`@d7{0v`2gI<(_BmE^g7K
zHW5kai~%!kHbbQnN|xq{ShE6e&!Td))f!)?_1IMpdQFieu2y=dOZY#N-)D*3yy`%?
z0HZ;`8x&X$i|p<z!jLy=bm*}EZ#fhh$E<HU`TlT_Rk^Ge;4pvBLj?RW|4a;N>^n3c
zfll*&wlJ_oL)^Mm&{zEwxLH{FZcW4#D6S$vySP`G1w!W-uoU;ud!j$y_^-`s4ZF<W
zn|P}35?At?4lkDItazI^5Z)?Q^TN{6Fthx;rmUyDN}o^vPOf@YfK$kg@YyjQ_Z!={
z;FQH3dt?>+xwRIa!ylT2sR?fllR+A%1Fl)u!9)*_AX_`(qc?LPebJg}ZkY1{4JwnK
zZqFnAd-CZE-j6f3i}j$j{EN+{$ii`Nk96tMLdNcfMc&z#A;7oF#C?bjpH7`#@~bkm
zt3v+IpDxf*7ThJ=O$JIa;t?lSR22Lp;B$adh@-B0d8>uqm-iowYT2I4y9s$IGr$L0
zO>@oU6I?bIMXtdrR$a;l!ucCi^vcj*l@RvM;kJTE;~&o9JY}dF^4sUK!qVuFQL`ch
z+LS!N7@Ehhtw=Tf^VF<seBE5?>J?drq4<kTSQ?w9GzBKqM(tfikO`(ud}3=GN&e&j
zwmHDR1|*Uh@>g6!#skU0N+$3RLIsJ0X8w)+9lKDRAd3GT&*1R?fzY2^3cY%Qois&`
zd43~*{BN88-66&QX#Ot*1NlFj|Bd|bNB{q+d8PkxKU60OX_F$df^+2(&0zESYov`!
z@{tuZ!9xnBD#p)_I<Jvf$<I*${?9>pmC1>+v&LM$N*1L@oEfu5vCnCM<Y>@Vh{SC_
ziHFt8kz+~JqRas|zcEqiGr8tF({dn<W(=r}K)FTFO2f%>QcS2S(IW%f?%uK|<p3Q7
zxmNGr!^R#^${C{#wnE^j8#nfQPN8JTe?i&&2Mx&Pb3xK0EzY3%sEV3%k<h<MV}kvQ
zIg!xUky{_eQ^#(`DC_i#?fNiSiq=V=4iKa0u0IrnQi(e7i8?^^3g)UeK2_=qcb$f|
z$Wz~r@_lWV3i}b5Xj7WpJh@{}+}T-p(afpy(=|(9E3G>J*#hYNU?>=bh~j995_z)U
zNaBiPv~L#ZYZW@!;W^XANVX6QM1FQZSK(+G31Bw5TllI(zrjUdCLENcgb+Gp<0Eag
zls*da;5FZ-^rF{v9&S|Ce*n@b0zvCn))$01$}@k3&plse?k#wnKZF-YQ+|a+^Rt~X
zLSs2~hT~Rci;7`G1L86a1PaG9=stb5>Vie=Y)GDvlSx8PTNMWxrb4?ZsXoZ!le@$&
z%+sGd2P8`tL@vOip{18ti)0tC2(xXz3q>Klmf~EEP4766bdkGB=sr0S3j`#3P{H|R
zYm}OjK!Kn_Tg5=hd!z&k2)Y@7uwwn7U+o|ea*=!{B-%s$zwHXSfA&xzE?+;amUhie
z_)c`Mt;NKdE1mK83<Zx?PK_<s#hxcvA{v28D1n09;z`TDfBpig2?OyJu)9LbkG`iV
z=Eqlt=%S4AS9yHZwVIE-8^|YmPVN2*v0NAjItd1gPiplBnt<y>-AI$S<G|TGuP%uR
zCbg!S5O((N%FoRJmR-}cq~MUf``Lq{UGv3Y(D!)KUd`ANu`8(dWbXd*?YWfEai9zI
zutkW$#LSxjGY?T*h=<&8HHO-o_j&c>7{}z#Z`SdMb4|D&LS2k{s&aPX(=V?GZXy#G
z5X%7v1y@5r_)Ef!`>>zf_h#3aJtikmZ1ZA{x&%hQ!Vw17qy*dgpC9U3Ay{yu_#{hQ
zz>|;ZuVuxCqB4!ulpM}vn56z3ZdmafO|{oG?_|#Y^;64F6vN&FTJw#q34YQPL>^>u
z4&@<Wpz`_7!9dWle{V-Du)OeYG(X|1No#gyxXfF#)T!O{9=?wlYteh={6$tt`%nFR
zZ^|=ASrE5o0ac}3q(-N8zKQlgn*O$<=W;jb%gyT40XP%%pA2#{8|~RD37DfWZ5nfE
z<Auz1U9My1Q-tMVz&o11%&77LT2GaM=tzNHYy@T#v@w{J7Qr5#m3-x2+QP=)Rr^Ro
zO8P|d4J0C4qrZRp^9tHw5GW>Itp=0trR&^H5bGSw1dE};paFatBg*h`lA<np^86$|
zp;A}w4#|!1WE&_YUwvQ<lR#@3^<>Off!1gd3!*W*umX%`U9T+k_QH$aJm+DO57)BJ
zXPsMDQd+KX@z0Ob)W$-OIoM!3-HOx}#O7y>z+w}SOSLCSDhi7RAp|iMtC%oQ6mCI;
zHUfcU18tQ-vBUAz&Vu}Opb*H{F}lBqd&23H>fdbsodiIp=U<5dl~jZx>XVcJMQZfa
zw{PFxAHEF*F;u^=qx>g#z(NcCk1hXX!@Z<U<-MoY@ksvHAn+RrP}pkkMDM><F_R=s
z$dMI;U`h1<Yd{zl3$hcC*>8!6J{c&QGTNYX^26G|4(mm8jyas5{b(roD@!DCZ_4&Z
zK+Z#gX7l`G&Q*i$2KJtX7|`MwI^nb0KplL%*U!Op>plY3g8tF~@)9jsr}JX4P}c6%
z&%Ez--J<$SuMvcea{~w+TFt+<d9&SJ$lYcY>dN8w4HDA)*t%a|HjUC188b^_(h))N
z7@H+kx**PICgXaVUFGFOrG${J4_`RoW>g=t!aOVy4YwTPz+UXwQ?RzVnN?jgZZ~m&
zIsH}f#}O%92!Hli#)rG-;)ablBZ_s-WTCRC2^4OKBFU-xm1aP-&&a^}S`DwMfw2_k
z=7RYLy)2P4jsiRhE%`SH6g}W{#h8LhLfSz6Ai#gvip^oe**@sg3#gjX<u%E<;+jsL
z>|(vOx_}`8<B{O?nLl%RbR5S4BZK*fVbmjx6^8dZP4;|CY<)DeHZ}+Mv2tP?d}Q4O
zkRv~y{T*AybHAKm-trmcr?HtT_)I2ps7-!fWcwyX`7TN2r4v`yiTtoGAG><Tl%q%d
zTOv;83gJH#0g93omdC^{K)7j@l{!q<LIb50m0Gxi&Ij(VBCN5fGJsi=xf^eUh~ihE
z^oJhM?yx=Qjp8S7_s63W$c8GjX0OxlEC3;lb-6s`Gn3IGit>Fpic$z3_;(gTDc}Nm
ZaSvnJnjj=WASb{;R8e=4#kVbj{|l)V3DW=o

literal 0
HcmV?d00001

diff --git a/manifests/authentication.pp b/manifests/authentication.pp
new file mode 100644
index 0000000..a7c9fe9
--- /dev/null
+++ b/manifests/authentication.pp
@@ -0,0 +1,59 @@
+# vim: ts=2 sw=2 et
+class splunk::authentication
+(
+  $splunk_home = $splunk::splunk_home,
+  $authType = $splunk::authtype,
+  $idptype = $splunk::idptype,
+  $idpurl = $splunk::idpurl,
+){
+  case $authType {
+    'Splunk':    {
+      augeas { "${splunk_home}/etc/system/local/authentication.conf SAML":
+        require => Class['splunk::installed'],
+        lens    => 'Puppet.lns',
+        incl    => "${splunk_home}/etc/system/local/authentication.conf",
+        changes => [
+          'rm authentication/authType',
+          'rm authentication/authSettings',
+        ],
+      }
+    }
+    'SAML':      {
+      case $idptype {
+        'ADFS':     {
+          $attributeQuerySoapPassword = 'unimportant'
+          $attributeQuerySoapUsername = 'unimportant'
+          $entityId                   = $::fqdn
+          $idpAttributeQueryUrl       = $idpurl
+          $idpSLOUrl                  = "${idpurl}?wa=wsignout1.0"
+          $idpSSOUrl                  = $idpurl
+          $idpCertPath                = "${splunk_home}/etc/auth/idpcert.crt"
+          $signAuthnRequest           = false
+          $signedAssertion            = true
+          $redirectPort               = $splunk::httpport }
+        default:    {
+          fail 'Unsupported Identity Provider' }
+      }
+      augeas { "${splunk_home}/etc/system/local/authentication.conf SAML":
+        require => Class['splunk::installed'],
+        lens    => 'Puppet.lns',
+        incl    => "${splunk_home}/etc/system/local/authentication.conf",
+        changes => [
+          'set authentication/authType SAML',
+          'set authentication/authSettings saml_settings',
+          "set saml_settings/attributeQuerySoapPassword ${attributeQuerySoapPassword}",
+          "set saml_settings/attributeQuerySoapUsername ${attributeQuerySoapUsername}",
+          "set saml_settings/entityId ${entityId}",
+          "set saml_settings/idpAttributeQueryUrl ${idpAttributeQueryUrl}",
+          "set saml_settings/idpSLOUrl ${idpSLOUrl}",
+          "set saml_settings/idpSSOUrl ${idpSSOUrl}",
+          "set saml_settings/idpCertPath ${idpCertPath}",
+          "set saml_settings/redirectPort ${redirectPort}",
+          "set saml_settings/signAuthnRequest ${signAuthnRequest}",
+          "set saml_settings/signedAssertion ${signedAssertion}",
+        ],
+      }
+    }
+  }
+}
+
diff --git a/manifests/init.pp b/manifests/init.pp
index a448db4..3f40c8b 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -84,6 +84,9 @@
   $useACK       = $splunk::params::useACK,
   $ds_intermediate = $splunk::params::ds_intemediate,
   $version      = $splunk::params::version,
+  $authtype     = $splunk::params::authtype,
+  $idptype      = $splunk::params::idptype,
+  $idpurl       = $splunk::params::idpurl,
   ) inherits splunk::params {
 
   if $type == 'uf' {
@@ -126,6 +129,7 @@
   include splunk::deploymentclient
   include splunk::passwd
   include splunk::service
+  include splunk::authentication
 }
 
 # ISSUES
diff --git a/manifests/inputs.pp b/manifests/inputs.pp
index 4f603c6..f5721fc 100644
--- a/manifests/inputs.pp
+++ b/manifests/inputs.pp
@@ -29,7 +29,7 @@
           "set SSL/serverCert '${splunk_home}/etc/auth/certs/s2s.pem'",
           "set SSL/rootCA '${splunk_home}/etc/auth/certs/ca.crt'",
           "set SSL/dhfile '${splunk_home}/etc/auth/certs/dhparam.pem'",
-          "set SSL/ecdhCurveName ${ecdhcurvename}",
+          'rm SSL/ecdhCurveName',
         ];
       }
     } else {
@@ -45,7 +45,7 @@
           "set SSL/serverCert '${splunk_home}/etc/auth/certs/s2s.pem'",
           "set SSL/rootCA '${splunk_home}/etc/auth/certs/ca.crt'",
           "set SSL/dhfile '${splunk_home}/etc/auth/certs/dhparam.pem'",
-          'rm SSL/ecdhCurveName',
+          "set SSL/ecdhCurveName ${ecdhcurvename}",
         ];
       }
     }
diff --git a/manifests/params.pp b/manifests/params.pp
index c85e679..a5753c5 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -30,5 +30,8 @@
   $useACK      = false
   $ds_intermediate = undef
   $version     = undef
+  $authtype    = 'Splunk'
+  $idptype     = undef
+  $idpurl      = undef
 }