From 27a5e80d148aa6527106f124dd174e48b3ec3210 Mon Sep 17 00:00:00 2001 From: Craig Slingerland Date: Thu, 1 May 2025 11:32:04 -0400 Subject: [PATCH 1/2] NBE SAML SSO Page --- .../netbox-enterprise-saml-attributes.png | Bin 0 -> 19895 bytes .../SAML/netbox-enterprise-saml-idp.png | Bin 0 -> 23671 bytes docs/netbox-enterprise/nbe-saml.md | 90 ++++++++++++++++++ mkdocs.yml | 2 + 4 files changed, 92 insertions(+) create mode 100644 docs/images/netbox-enterprise/SAML/netbox-enterprise-saml-attributes.png create mode 100644 docs/images/netbox-enterprise/SAML/netbox-enterprise-saml-idp.png create mode 100644 docs/netbox-enterprise/nbe-saml.md diff --git a/docs/images/netbox-enterprise/SAML/netbox-enterprise-saml-attributes.png b/docs/images/netbox-enterprise/SAML/netbox-enterprise-saml-attributes.png new file mode 100644 index 0000000000000000000000000000000000000000..74f01693da3838538b82396628f24f31d4a496cb GIT binary patch literal 19895 zcmeF3bx>7Z!0zc(LQ15Ol18Mv1f)d?=@#j34k;Z9NOyO4w}hm0cX#()ysv)Wojc#$ zx&PgmJ9BW(0Q<1dK6|b8{GR7o2FS~bKSgw`6cHhnx3(}eHZ_2PqWNYPE+++}fZZ9Eg+w(%{z){*a~cje?Hu~I7@Sa= z7(^)~-8kj^x%ite!$o3rWY`bY*U|TGVl(xso$J zYjI<;l33mD-FyN&nB1q#c8;zjid6?))3*9y4&!?!I10Mg+Yj^9p$oVrc)ph_)77 zZ%zXhNkbVKC|d9w2@2ZJ7zz$Ng9cwOz!&&vQeggm2L?3-_V073*~cFyIFy`2K?y=h ziVA&jgx*U)jKS_auSVyhRcNCOXc?31^wGt|flVWS+u^~bjYdO`@I<@K=l&P;%U(7z zl()f~Y`SPM@`Ba_R!z>R`4$JJF|odLiK^}!PWIW^`E_;IdnnlhTx>YcWTnYr$VvY^ zd@*uVemW)MLSth5dB_R&dcE*M^7r`XA@~h0gC09TJm5c$c#r!VK~xa#-$x(?sX?j) z?>p?j$A_1tu>XB+a(N2qSEypk3Tb~|%_9=N^6zhAc#hUCogG_-r+?b2Y^!(jK#=F=+O{&V;(ejb_}$eYYaW( z%gk*)y>xG$(Ng?@ry@N@i?h4Pw=;cWG4P5xF#=s{V)}aa_3(PX7XDhUMtPduWW$d$ zp32;@9L-@(H%QXl?N4kMi%mmzyLFVE;f-n{s2-?yjUP;`Q^D zsZA}DaTWN{?oYZ*T^0pcch~BtRijzEHzb1~Q&#!Y_6o&aPWxDL&1=iJxt?%llO$#4nh9`NTx}MR(IAmM-)p4y+ zzv|XPXSh3q*^Z3KTLa6Xt&Zef>x%{fIhDAw0k%A)5(45l-G%$Ij_A^F^#`4yR|7M@ z2NbiK{=Mpve4fFPz8eb(dnUKn;wO7;nliUOj;&T9bD|Z~$&l?aRrXOCs*QRZ2{sP0 zH`Z8MH})n}QF6^{pVMbMARiAPs+}k}u1SUjA4_rQlxNV?#>-$Ya(1Y%(3{jZsfz(ecyP%lJY)t&ShkEcty-9X|CUV#HmdR>hB)wOmjROxOhrkgaL?rg_o zv|HRTe3=qT9RDrw+bm*z?3T<`wK2@msEEix-aC9(V1rR*P4xu6KR3x`y8!;aj_x4N zbP&yaC5j8OoD5M<&Kr<<@u5mH`a!4fM{!jIy2<9enwZPcUakEUQN(T+YP`$Wqt|xy z|BO5ND!36P-20@aHupP|SfT@}E$X)eWh~~D(*_gVmmZ8+d0X~Es?16a zM?O__$n46hPS&q{Jr66wSTmU^`(&%Jk;q=!Y{Au928|ME7}R`pqSl@2yMwD|r=B^O}@e zNEK|tS>^yjl-XpCs`>j{5-j?cG^jk>eWD3O>zCgS21*(0$4Xg}`>Uh7`mNpxKlRq& zzWu(VCC}#9%svy!S0Y4w&eZU+WQ=;uX3*x{^kR3`bd=F8-9q8}v8(EUKGX5psPT;s zs`+D4Xbp#A6U5|`plb3|OUZv{lQKWSX%JfrDTrsC(6jDV4~4jC^tE;7 z@2Xa#yq&HpFpn@QP+jXjI2ng*Oj*c&BjsOg)?#|ozoo)AUg>k=V;zwB`6MipB4OoZ z$ZdP7^5Wi1T>UbCZ&eq^-?*jHTDbb_k*P0nd0TO{j=@G;j`>IRhIT27K`Y#^@cjH4 zLqWR83&C2t?OIyx!J`auAAac#7+ELtS!D996|mKt)f=we-{Yb3Hfzqkcy8`nli|Ei zmmrq9LD@XTb|GE0VQ#WhKy#%>w!GFEW>x>jZl8Jl)8AJUjy)Oa8M8}rf- z2Txn6AC#tLL1r!6N8K4~RY%R^HN39SJBtg{3-o0cbE1S9MK%oB8T7XERw5?bxZ0G{-VZG|Cf#++1GwHdmD zU*%y52Fu^@jHbN@e;t}9#4~=;QLFkz@bbMpJ~#EhqtY2}9}e-yb4AQ% z%<9{ee|7MXrVAt(k?_zVx1G_*C?~dZt8JZ`45>;Vf5Uu5ERYujS>3U?OmJZuyg}YvRf17CD`(t_mGP?uy!51}x+#>-Nn`( zYwT9*b`|SL=~@?bEy)hIl3SPF{PMrES7n9vTZo=KOMdR@h`;pw0@^&%eg6V^QsY^) zl>mc155@X4zBv0k<3=GC6r})p1Zbb0)*w^(Ow9xLsune0THG{7-1FJg-NPPHfuFT6 z{k61BzHq~!dnpt*9#~{I{I+SHkZ*UlRYJ4x-CeWqmH0DL1_{11SQ4wgfY4p6@bpBy zLblm{Ysq5(tS+IJE_SRKQsCUFeSgh1pO#r zhoPeUSEf!$rp(fzP6cRGKKoa0dd`xitf}ue(2afgqg;D^JR*Hxw-&_*{t>$S7~y5% zJO}UCaQ+5`qSKhigx2T0-7f%^9{e*|laG!hW7Si5z(fAsAt8qmA7Cq*9= z|EOsiESUGWy>RvBw14Dwtq2gc|Nk`pkG~p%YqtB>J=DpQ2n43u@fJ-^O}iG&cR-1C z;*MuXMz|Vtlfmr3da7@cgTrKjVX@V8qFry%AKB{t+m-JALK7@yqKS%{g@Y7Oqd8X2F`5DH^{0)okKLE#_og` zr1E0kWiXD-C}76$WWl1-Fqi$> z?vk$^4`pHs9@}yPclyOm*I(RQxFc-f>g@NncY?*}82ew+pokM%iGB+dzI{Oy&EQ!P zYhi9!CVZJ*t|}beTe?PSAe1JAkC$zI+>8l3!HU`}HZoIs+zk zqV0FLvoYoQ4%_Rk>=_+DB11X;D}7>L{Wc$DcFRRUy|cHq7EM=%ACk~SN!5@dqwia3 zi{+B}o0^A}A(u;jNJp1PD|d^bJEh`b#N*W#S_dPGG47Cgr;V!}6&6O-vW`pM%@pqf zt!8&kXe4+Y_onk{6SsM{i@6E&nk59aI@?^irh}%N;4zvX(p2A-HJvEcvjzz%hH?~M z3g9uHcf*@N|0wcC=buczzrQ(XqzpK3;XOPZmFq4S?|$B9Y>^DPcd|7f$&hR+94hj9 zLc%{Q%d_`pp{uBN{Y5;Vi@n5%5esrgA$^6#!aQU1tu?`$&*68sCxh_w`)3nc)iwiM z-EkZi<{Qb7CJqN;hgmCJ&E?2fimor8vwevqvgv23(r$$*mMlJxu85zn~X3AG7O*^nSok-$y znLcQK*e_*NuNk7d2!@@pXl}II8UK~s%^SR2vi3vm1zpe0LG!}%(}&9y^o7CZyK}Yr z{kk33c^o>WOQD3Q^Sg^_Ry?op^_VZ7=JTbD z=7h zXA2_rdi=PyDfpwM(cYI3ogcj+wYW3ih-n` zIq+51dQHCK^@@WlrFXV7QC(O)KaD6QaI;%}4({FSl~s?v)#Ech2V~~?6>iI*cNUV? z5mgMIDt=ZoBn8?QK)n0?wxRfPh@dt@I37Z8hsUA)faHe{S$6KA4jBm}_loy)X}H<1$B)iLwf2Lm zU$f-H((-sOC`}L~<>LrHqE>Bg=CWJrhxvfzpqkuWd` z##>zUqgPDLw`E+_A5VGVx~o19w;}d?wIZSu6>8%Z80ZW4Kx6RB}^PdiWT%o@{%qpo?omZ00c>IK(uNnXBDJ#qtNcQVdE zgjRGL%l+;A;(-d9H9XJvl;J^l-cbwTWFo;o?PmSa`A);p(b}Jt6j9U=PmR5?+y3CP z62h^&Uw<&5=n9sdyT!*D(Ws)WU(vrw9|zjY@Tw5bzMj-7|INFXE4SIn?q4FP<<6Y~ z%OtQ=g7R;!Hj*#QqMC3sblSga2DHe?@^t-Tb3D`rGtu2@6IyuSm8z*hs%E1zzdM<` zmc4KZxn=9Cb(qKoCzdNe&gCobN>cYwy%)G;zu0GDPy;K_`7c}OkVOsCS;}zUlEX|% zlj7YV@{mp5{|u!@P)5+NV$*#+Ad0dxk>KEIeot)b*X3ok7Nz{Qp0A87cc~Xw3frM)8jA+gKxZ#M^Vxs+vSq%4rE?fl$545Gf4x`1o@e1@@@1|c>;9@$ zUZ7UF9#GDp{s>(8G9Yjx>9wL5|L8L=-~|g0Gz;_nE0G^@5gbCG#$0nvO? zERX)z^QDvmhx8nO-1;k;PaZ|{E!}U}zlQSvgQro92*-c5igmLVt#!<|^_@~`_ZP=P zh11FUnp9sG7K!_1>KqUi3S+oTnx@_ePs?70a<(NoE+gNZ3<{Vnws@MH@mgL3-H`6G zDG1k#<(VlJJuSmAr!R1SnGPucqkW_+j6{o(SfN+A)-lA{zl_2X=%ShY;-3A;8o;V}zUYlUeZ1D^cDCPmq3LoyWmKq`En79Fq&9^vaI5{ezR1MA z$(?Pt|h6EB;fU0587)k(7A89K>X36E#|-wpL+7n+{C(S}M!2 zkIJeK_jiTXYi#Xpg8~nx8uj*-Kx9q`T#Tz(>?uos%=_?ag7DOmTwWdKR~#E%wHrmI z0ogYRl`vwyUGRp(E=$W=-f+2H+d|Ac198~(e`4_LmbAOhKPn8R!cRDB$;>)l99s5U zBb}iF_l_2EPXmB3WJbspCwA(PFrxIH`g+WAkmR%;YyXqXZ*nC}z&r?-0VVp%MayNc z@;>gbert#G@!@U;lFt57@$pvAS_kRiuAiiMqm{YeT~7h&iXGM6dbrfSS1~Gka#j3C zlqK1^VR}}QVN7$=g*+-FN$SMNL2{uaELqOhYK8vT)G%LmKEwX!JEPfQ!|ONadnOC+ zH)ct+IAaq(pO0+8W+zy`OKQ3VtLO~4ANKpwldX#t(%)V+U5+VhUAap(;xVc}pJV-) z-1=06WZtB>ad$o5BD4Tk0h*g;0#3M|;n&qme43Lkux_o*u-N<-LFd!&SCz=oqOyT^ zE6b_fs96c^W7VRXpjK|q{($SqEKPf|F&LJFsYT^2&a8|^%sWZ!eyPKAd)QtGRxbBt zaUDUR{&ZSIpgDmaECf1y{!O2tk96$o&LsD1V*+;57)b1lX?X}qFwFyyGvy3blWkyS z<#@2xbXXY74=6mOo^K)hA%&(+@u9sgF8`;~qw8f!-i(@6?0uiKgjELw^4+4dBe z{SSWKV2dZ$TrLL{0!(RgOQ%0cgnpVTlk9%I<=!T6)PZI8sKYEUr93jWO~~9%H-|M# zEv74so0|Odp@mc@fvPmU*{kNb7V7)KknWC;3zK{OWYC)+3tangAa+IYmtOQ-i=|X- zgmG$2Z^PrMYxffc?*tz_N--8A_#XWt35WfF!RRG^u7@pzG;#wVRHUb=J>r6Tp%%gdE8tfhN>>!+lTg7x|~bwD;gxM(A3;2_SDX(ky+)Qelb zgs@jjktC4aiawf$iv`HRU&>E{NjW@TKjgukNPPhgF^<6{Z@XvZ9$o8HHWrkVU=?>2`~XI2 z1Nj;PkBzqvhY-Rq6joVY=L8&SAQwcePXolrkn$O%D9D)%%UEyruUJ-U6hWInA^sE0AO0HlQgaG$Ep_msC% zgA?tiUu~lT2^!|G!L`<2KmYkbWqMh-L)H4nFsKy2fgyz-D6rOgfeFJ`R|o zTCX`tlb~M}41)OxZ9S5L2OOUM9<0G%g3;kTB}GXwXmYQ-kDG7ydGbHz|EPBLyQ%ff z70{obv>lbXv#PTZySqLcjdN*h>>V}wWbVI;Xg~ciN%4{;*=3(g52kCj88H0}m;(<^ znDJjqk1U0G!YKy(lPwiH* zl*Q#~Uo$9PO_0DyH|@Gg;7(ILLq`gh`<;<`iJ;Ts{BU=1=Mz|*TtlR5viv^%ZOEmv zz>%Ly(g(K?cW(kq4T(H{EZ4T4LA84OJv%FxsBi6X?@aEY6f6-ty3f{s#ov_j)iPyz z+iDE*ZOyW(9Ro}CLymmwi#MOO3n=7a!b|+#@WMfd#haD|aM|Q2Lp@)dES7l!%TMka z4S*|G0oTg_+Kh=`{%hIDl|FoD;KQ850-Gl9qlC?{G4^ySF(n;<+lB4pv>zvjpeIR@ z!-!#~%#~yw2GSKB?s2a^Rm+;LG9!@1x!UT#X$s?vPC61lB!%|tV1w(6w`raN-T^_> z$&^vDlR+$2?)8iD8i3@Th}eEj&kLUMico!*O>PZr<3G_R%aGH7o^@OaVXciiUT5|! zOA_!`6^W%X{Q8{8=inAoN+iBtbo^{KqNlNs`{3cnj@WOXl+IKUKW7u@A}Dep?-a^s zP-4vFhD0zKm#DC9t%xM1j8!d2RH8lFmMerVqd{~_ndR4Q8K+$Y7OPh*vC@5JlO?Ij zJ_&LY_1unVFxt$qU2~MNKk{#P5TWgHNq2Qy+PcCBO5wjH^6heJe~bvNsX?@`YPaQX z-6KW8a+<5NOYaMqHf-CdCh$M(dWx~1oL4*?W(A$%UlT)^PEYUJQ}2})k7E@so2*mX z!kGK*rT8_A2fU9uhL|8jwqzzBMBR2+?5&ot{j8O^$w)?ka-GJlm&ML*xSk(L{mSbo zJH88j=ZCWX{iXoG}N8B$wfVAFqvGC8V|AN z(Weg3UTMD?+9yNppj)5H3ba1OypEE)+|Y`_THfGX=lx+A86v%&v}$dA<^qpMXU6j+ zPDR0;*nJ##4H{2G$SW2n*`SWD(5u%!dBp+ek^xS-qSMZ}qi-dK6XjOj)Fi@RFbi(; z<&zIFoI!LICRECio}{*l*veJJ&sP2E!f+IIVAb-P-nzoNu@K8)?niAI+RpBpg34N@B# zB>Db|{78&PeGaG8`PbBTdi1dW|8M-yu7_tuq^~HsjvVii4-uez`>o9A>5)vSy{vfi zG7`vbsZU;}t{ABUlIw8~^?4st^J@O#|C++Tco2BF9YsJRtWg?-%?5JwO`RW_Xi5fh zq$m$#&Ok7%!0n-kkmULKjK$3FTt!srzNiS}SEzd3p_L{@wO#CUwu&=A5SWb@sQ#np z@w8kOb~p63!Jw%RbZcb9_B18?PY&SzA31re;5VB9TeqyRYPuKQ z=f4JkcPSLpM~ZTMQN@F-Xtu!rqmoNXC=N7Au=<)Ry;}A`Hv1U7qjEOmk&dFe?K~PD zC0}4)i!QM8U2bJ3^X>u);24#P(t;CBfkPTUn1q3mNrz zcP*GPrEj1eK6=TBM7H4$YSPL4bIHxX zy>-0@WHc6i)k{}=dE$Gw;?C!MdYF~aTK2Ud_$X9@z zD*hsah249VWMs1#A=(Pb>$d6z_xNlSEGp^4BADx+z@0gmBRzUTmdFn2eU-f`3AtK} z-UGyNF;)A+CFBKL@5L~1)q4T;9qcq(F16+STx$25G0sk0zrh~wo+>vIHzr*C%5~Du z>XzJawI2U6Uo1)b`n@@_k3GRU3UQ=Wd@V&kBArq}37N>(=Xx9~w|5r{7C^`Z#`v(S z$;YF)ZGRIdJ~G3QQc)i}=v)Eln#LW>E? zA+W)*S%o~@EYPSqW&xLG3WO2M-N@GqM#*l5z|X1MI9-j9%lbt_>&Srqo))!+=%1x% zD8)0;c{_K!R8JftrH%ne<)ZruIfyqJmqy_zl#meOf|!~nxotNW5wW0-6T8Ymg0lLm z97vy6B;GfvP#=ml=R$dpC5rtQ<({?)iV}7LnY*(2!?H67;c$m$_1jm~Ffz+amVpibJ9k$O^6yYCQ4ERUEetKA#k>g)Fy7!~v+!UtmbZ3eCZE*CnwrDP!Jtyo zLWiwFA0r1+DkB1BZ9!~=@IVD2JDPDW4ySDFjc)1P=7)QQCZM#b0Z&C(^2UXeZ?)%FS(nZxo@ao_V97)y2%vJ}zyl-QOS`y1L~xsT?poh9iV*M;sgAmxKb zatZ7bSdBu9@wyq`lD~8CR%yG^!II5C+epaTJgIkl@^F`v9{Nrlu)2c#M2VaGqY$)$ zISm0`AD??K36I$C>fA@JfjBfNK0=IwX7((Va6E0^pb!5dz4LHog`^RJ45!#!@{02Y ztBfT-(q2MUaJX!|19UGLmrx>b2Jjye^?Fg4u|soA2Wo{DCLsH>wa6TcH+t2=C{tJq zkcUQr4c&y>TENzCtfma2#kK~nH%3L=(%^_9)nHQRzSepn8Wb4vCUIJ&LCmMyDWlb& zu~VC5G zwU`Yx^`=|~;@hRzO+ATCW%CHnhXH|WrMf%*y3Y*gBY~)mPl`kFRftuI-dj2FbBPovyV z0fxDHldV4amB4(nvTC~0#3jPK1}Xookir3(MlyMLpy1AUVaP}4@JBBCqPTU6-=84l zPn06(Q?(yy)lTFW#ekF_HDs9h+ANXB0U%bM?<((j^``y{M4d6wLz~%-{!En}`$-){ zn|I$6!M&ki3^IXA;57{*N{Cb2mCR$c(AohD^#$FRX+*OIu^`+esXTTWs;-Bw5Q1Wy zZaXdrX1*W^#eDZGo^|Y0Uc2^Zo*$tn?m+NFta`FspXHeK7)tDvK#~6wNz~_%WVX|& zSFA9mvdAWhZ2+mRO`m9xa!mGM{*nXcPId5HO0wXe@@)#O|Mq;UVuu z$x)d}$JQV)8zFQ~8L0PCJ?mnntRsS z?Oc;Tzhzd|bz5{G7=No`#zN|T*ow$Mf?NIs_F@_-pT*uC!;!TWJ`ywaogQS#7jHaE zMMDh@*{A1wj-iso?N=l<41DZKtCn6KBFQl$8gH5}RIb>{?%8meoU;$W0A=4mWQVcC z4_Bbz?7p|~;afaqi*(pPJTn*`2rBQ(25VT8fVN?#1%|$4$_vBQ#dB>zir%?SyenrG z=mImX3-mMymzamWUk{N9w3#oC14h9UxX!vs+=Z_tPfqZ#dq0?QM`ArtU?eqFuz$~E zDhtg342PJ>Nj|K5j4f{br;aGAOHlz3In1Y3%IIK$>;l|w4a za+vTCqcQX49j0qx{XtWG*fiDa-|(iFCp`}}j7^`UWH)%uR@Ty5Ye}Ca!$-pjBw#AZ z_e^AR4_2|i;ZLi!03o#&guH$#fDF@<6Iy9kWnhx~XNupDd1=~k)o4`O^^<&SA9nxO zEg5}$Dk1;SRtP7tuKi(j*&u<=1pJwB4mFnjER1*sCyIy_oS5fF()t7pdKwz$OGQk3 zbBx@O<hzwy#yOzyF|>p>F>&HK&}_tEmgE*~^DW?o=H2snBz*%WqkS1W#$k z#C}=%{`#n+DLZ!1?ly5=4g>w&L`_0rBHfNfp1A~vB7^0XA2bseI+k4>)*CANDt7DQ zlt_x`=q-oCMHfTLkCRe;71C==&2X1{Xb5?i_Ic9DRVn-;Jo?YxI#EJBxqw+8YMZ7o z{ICp*QvPLegMyD(?wc{6i2F5>XUCIZc;tNX80;UKLu}m2_eet=-}TIw~w_9{yP zSU<+284MF|;px17x)F4uDz6nBEs}`r&s0FtbwWil>KB_`JKpAl!1V@ZsH$jg7H#P+Ql>^Q@S~pwuv^cwNZ-F0QP1&<+Of zNgA)zV{nsFfvoRqkXk|V>EhqwDQM(NBnt-YeU)fN>3#JllOYfP1ringlNp7%KWPss zDySj-^omZQ{Ts2cKc+IjEX3{pypAV5DX9S&s-{=o-pDxo+7|>-ZTcpfE`5W#0Uv(l9QmT$X*P3+&<4@fZ=EWmL z;(LNRNryX--mVu~W%>b)KuEJ&%s03iPdP5PqYG4kA<2_B4eAJHLn%V`9hl;iSaQ5N zko&9br-YoAg-M9Az@0X>MJMtXlzbM$<4|+{zA84LE?6*5dX&beQ7>=wwgs_<>bVU zFd&ka$4bY|Vw*22Yi&VG0~WPx#bdVym*Eq3W*7m-Kr{qc^I{uq(092O3r$NV1CXo_ zxZ`J7Wx}z%PRDhON^9VTEue%(Xal)>Tb@$kw$wE+>I+RKitP7mH>N?_V}?j*>2U{u zt*R4Otza$DwiaoX*c0H%%&44z8K9~@Wv9qZ0Gl)mSI4$#)>-JVIUpsNeH%t>X0zU3 zYF0fr&RDleZZh9c%k%|=L0y5Xz%#4_R5>~Ca$uI7gLw*PV5Pr}b_MpQJ%F;uU`L<8w8T?RU_D09^%``59?_~Am9eI! zI0lzqMH`$#!yX7a-0eV7Vqp@jNG6~TlEwxKD_Y*;5_8~B^QkpDSCY`naW26<&=1S} z6Iq1Ix=;Y1Xoo+8{NF#g8d16h239S91E`H2h^*% zz*}}GRk!NIQ7Si-SxEkhM)al9Wa4~ch>4}WY>LXpkpL*Bsdjb zpasIC#?|jqk1@yvdYC~V%N1ayBeVJvuJrer@Ax5~%i$}xhO!@*cLDJsE$7os1)5b* zO1ru83Lu(*I~fI~mdy=ZMslF)EI8;9BAvj3OmOm)vF@=o7Tw1eBeJaI4YXf(^a(IN zA8TSL4G@J3v;>;?`(LwTwKhgP8woZICgE59?gQ!-Q-<+kYbS)kc)^GXk7baP3~~I4 zR-vvR@Ce`I&Fgy3XKmzob_&XGMG`@nr|=O0o!At_lO;re%*G4VI0TO7ArE)%mO{pY zb+%i}IR2Yy!f092vCC{+y?QCR%Ed{EU@(3o@P^(F7ePA;{0UqLbDq752o5Zrdm(1N z$MV?M9q%2dt2dvvyHNSIbJ81@u_AF_pocuaoU3=Z2pkIGnE%WhAqqGCLon~07o>Xi ze-bGBY2$4CQVdrkQX!SI(E)s31xurWgsmueU1W^gY#Q_@Z>W=9%PdxCHX{k-#D@hy zVo+c_nx*N9zV(}_21y|g-}U+8Ry8R91z#&3KJXv5z-l@P#%4D&|NO?0p~!e4J|$!< z^e+N>*z-W{Z#Po|e09{(_KVuqpD;@NLw--Fs{r^_1?)$-db}5Ib_Q-l!}r;8BRLn) zw4&b^PFWa2{9Fy{iM7cV{-rwm+C@T}dLTxHBrV74g&)RJ54%Zj%v%aWPg(ad+>u8) zVTs*`3EVT|w)nuP14vdF1_hbe17(_{U__N&bnZ>kcy7Bdkw%HcHJ&*VR{1-k@$6>L z%wf*2W>LtNDvCB=3`Fb~Jh@MZ_rNk24jq|miL&IM+2nCbJjZck+HO&$ah)<}4ld)O zq_hI(dVNqdOsNUEJM%$h3>Znojj{ZJ`Y_jeF;Oox0dWXnU2-i(&UO>KvZ!7A;p1|2 zUq3qH>OKLLZfhiVv{4f+3Wq{2cw?3S%~i4};-+eaUWK3Gqf3^C!(+ZhrIx(#G!nU5 z_pm#aq|TGJ4t+27d|!$8o^XN(o)2)V`H<8QHRg!%gH$x*(;npQRRrmOp%7sJK%wvb zs#n*uQ^f0I;PT*>Q71$VCff*U+|Q=^5y#c+mi49C8bzIMrSdCyq4hF&4w<*#wtBzz z8?pzbNdX51o40xFMAwn=q^SDOEy^FckJCieR*TUxs5R%8ANw631Th0Ex0sm(ua%v> z0(S-O6ZFBhN}YR0KuE6F06QZm?ItwttnyqCWx)rb{DIvq`hFYxDP%wu?|7EP9P}d1 zA_e*_nCXyvCZ8^~OoATOzQ)r6OJRN1I6V*-+@Y)hL+j0(rhf=byz=vK+9ZlBV7$9L zDr}E4QqiP|9EJAcd+|`hEoH^uhz_D zI*->*20ys3=J$JK^QXEN%v)GBeK7+p`({2@K2coxF8w!;Wvk@on28b0S<4zsOE<)5 zsT#(yMiKr3d?8@ytiuM;DQmLIRD&Rpdg*?_vi)geCZ+=^Po&o&eQL9x&CWKf9tWJ^ ztzH=4c>EWCMayZKq&n?stGL)B?HGka%jme0EoJ%+poT^fR3X2@1yYZ)29RZ|XY(^PhMvtuD6X|8PY>OSbA^mIyzHeGzOf)bjIV{{> zDtTBXSB2oT#onB(1~pL-rS$V~cqqSHrn~)cAxlfOrhNV8F35?N_;U}t8T~U#GJI8B zC?U##cWdyl9?-9mUc7{s{roY;5ea*ViJ$WgaJ2oOcdj;9wV_h~{01Gih-NQ_!KtV| zWz|g-a?K*B_q8q4>aj(#Iql_cn_hDzPAO49!WQBZVoyM&WsgV33wu}2+$ubo zEtkye`89W6Lq%0AG5eq_3agsyELD?6A8s?+M_*sHWwljGJ6}?zwY*m+ANK{tx&*=# zgmEbB@eM2y3%tD6@dT1x`$;AB>AuY%l_JGx1U=i1 zp>H+nOzE$ZFCbIF!{}|Nk21ZNVH8=I(1N)XDuuy74oM3xiEASlRFhMFt}Wkov_u}+ zN-A}u|1lIJGXx;36!%Q6I!2USdhxJQfNBcS%Uu{0%<10|tt{sF83)Xp*y8fon{>OA zf+Z;_Efppc0}!JPgyG#&Cne)kxqW5AwGO--2$!S>msckto%S@685R9&#b5Zqy?c!@ zJG}d%WjC3=W2W@7y?c=44pEFsrMvWfy@x~bB0>Gvog!4N8dwwbPOd_XV2M=v@Y5hqm?}ohh$GbwS!Oj+81*UW@cdOt?tO z+gom8PIKpw>@5|zad8+c1F}o^32`)MLrl<>CJSGn(h59V?54Pk03ez{B`6qiE%imV zmkfryWFI*)*Fa}ZAoM?XimOb(q1bO1?9}J*{@r`-nLr6R)krIm_HP3*^Krk-mgTs{ zU)D7Od&YlGDQ5@%Z6I!eZ9DSZ33hmYF;x{{s`dF;?(*MOBllyg5zS~$><{W%{{X0) z;AWRs^QQa-<`-6#0Yq*k{x1pF5C(wQvD+pHkPgSd<_DfVkiYe>(`IW__Zn}|cLu9~ zo_CIXpu_J%aQA@3l6GgIx%p#JgQ3dhe+RP8oR83~#qu%ty;uqOMHJE@5V~8>h=U#4 zU(reSW%3@;8T8+#&`CkL{i23h=COek|4QJI=v+^J-KBu-7SF-9n2iGay=jnobx&!! z?5&+JfsH@JkXtJPKIaNhSL&{svsZh}77IWzl>ZI@R0T+irh#dz)v`163iGE7%wx?_ ziLk=qS`l>58Ur31biu^_yi5&;UZuiQpx3yU5g}XlHspmW`L~kCHr@c|$`b;x7sT!E zYy!Oe%$55X$Tc^wk+GrgG$4t$ADK4k}Xv$pQk-pLKOUi?_}_w&WM6(FATS1+LA#DY(ticC^` zMdW(eiu+F&`j(W_VP8ET6jeiCemoOP`3zH#6XO~y*d0P(^cX5scY)8`;jNbTN5xWI zu^9kOjU&=n-aSz~X7G2i57L9u=~fWO=Z#k8fr_3z#xWdp$1NY6~$)Vs0N-xYORSYG1 z2~eN9rKTf9V9|bQHeGRKpyR9yg)%(+S?@hAFZmr^_CJ+I9N$AnU~MQ?M8Jr}K?izb z_05{s@8Q1sO(xL#RY)Gma?khP+XQBZxYrFsI!h-TArP5rJcTBl+I$#wBI6|Xi~1zk zK(`AiN^l}s;)S{41rWjsg?3R2^c!#BY|u`Wt+i+uk6p7j zMQX;a)P|Y^jF3QwGq!K)v1fwu+tV1y0me%bJ0FIsSK8O}=>p|UwhAAa3Ihdscs@{5 zrmrZF!aqufml))M4Vg#AvM&$CJcn3{LgQO8CU? zk=9vpW0{&BwREg4pSV zBgGTV%CHd-*fYBOhe;?JO{ia9C$GMsI=)NHbP4+$9_ECDh-$Du{ib`PMpajWi29UG%0(Su^}bz zbyHASkni<(wNxrQWUoX9R*DwI%Enf~2XVZi`l@s;zhvio-(y>m3Z`HZfXJK96u*B! zq(rxFBwLQ8Sa79XjK*6C7xEd&QXg~*pduKz3c8SdM3J6Tq4~$aS5dt*RnE{vI@8w< zQahVG^JtSN1h*pw^V>tbAZR6PHPcex1p@`bwG7U)QMM@|k0UqGx16^foNZNqhU;I0 zsN$NYjwRt2`Ja-m!-HwDRWcFzMh=Fwpb(z&cs3f4PQ6 zyw&rdUhXw=iJSC}^_IL^Y;)7IVP9a#90vPtzv|xIpC0*70@mbvfE@|fA{p6evzP9z zQ{~tBKc8&pb-?c3!HPS9R@a|p%>$kw6jSSQHJYVpu0u>D$G-b9^=emvYr=p_=$7=y9+4+IzdjVqLqxpD=|*ji3bQ%O$lhNg?-Giy7GD_3sC*}v>o!A4wf?@MM*kdF+b z#J&0%oA9B&Jg56W(2ebTv08Ihw99|s>VE>V{F%c%?B7|4)t@`3kSSHq=bj(i8U7Ic^UocxFSI<7y2RT{!PYA1YtwP zo|a?wgL<08+7D>s?-O|X9c4uq$Q`)F>4u|c`j~-ku3zzsFMQlG_%G+y5?|KI{l4pY z-BZJ5YKHYIO{m72WWIcqkJ|46LcPROnSIMQr#|FK5w^!8#5-P&y$?9@eYu!k^~VJT zT#Nr`O392$8MqLbIaVe5lr}owMzC|sN&7x3My8~}i~zSPrb&Z@rHM8{_oBCWhI_k_ z8LK*jHpBB;nlbiI4q`{AAh=QgG{u|zvzwou{9IVj?4Kzl=x=bGaC8l@gyj7k+xKp- zv<;P+kaW^M!)e5~=v~@!I|My0Vxgn-Oik^|9q=4-1uNA03J!RN1^&~5|6p*ku>bQ4 zc1zaP|2)6)2lM9Im-C$~S7fdz$=`c|#M(%|mP|J^66$zOkKj7@b!BJe?b&1WXU)mm zzrjDv$?W?PwYA>P+{2Wd!L$9d^Qi|uX-?0@#?*wy1jo+Om&VliU6*>(pR=b-OCC%L zY`BE`Znsk*z9qx6pB5S2W5;H>@%LdLDC14y@@IJ<+xy_R{S4AQ>hilRCOE2)IpW{r z6`x*)1wj5jWKx+;WUG7VKa)Jck(c@VIA^=TT%dCA?+fx-YGf~=4)M8$c-(*Q$^t%R zd+D2^ZCBO78G;op3suIdBkMJ2koVqxa@YvA5+%-PfJ(MkT-E`}r z5)B8N8~vXy_pmSK(!#!0txx~coL?9C4F>gI`FY?kDm0L5bGS2H& zCECmtHJ;OUMA1B63oY6Y|L;d+B4O0LvWJQK4)`iOHRd{&>FymW1eN-Z^>+(OyY3)* zMVE*oc^ijHIroQXKk-%5_qj3+UbRENk@sq{;1i^r=o^ZHRyLAzk{F8ceM)Y_s0=G z-A8)-hw1+Is+BEHMyKz>NF7=^4o2EOngxhjIpU>eIUpH47wX3|>bNkpdc>JqJpY%mt!nS`7($SaB|7@$3^lFs04kDP( z=~t7}Y&gdosO8y4)%5T7ouZ4=U5#_!+m0gpk2NIS)6`sQ46F)zJBA@>s|hcRUfM>+|5wOuPtQ z51C_*zq`kM=%EHN<-_Vp7XS03Tu7UkKX+N+CZS0cgFTH-4 zQ}*_O0jrq3^|9{~U+lWKmyNQZAZ4@aJEDWM;3T(NmT`#2^_xuK3<(*eqez# zwkX%NwRX)j@M|6)n%;FjHK0>&>(MYr=22I)@YHBsrg^K0EFHZ1_x(NoIu;Vpw||gv zYIc$LIo!!vRg?+xoyzEdsWUlSTNxf%%zp_#> zMz1@g+hF8U4GT3AgWRpYM#vSaA^3z0HI|yWBU%hfqkdpZazF{;^AA#EflfeQBy8 za#;e_{Q{3QV@R&mq$oyFBj6oRjXZP09rthlMHGR0Z2de+z6oZ@bdF}X7isX6$36^N zz_J#o$5@I-S@qR@xl6d=jn36_UQF+8*CuPqf>qy-Xsrs6&Nf|D6%&#bT)y(sJ}5i{ zS^c$XrXxtsD)w?WrOOP-vf9Apxd}~{hLRy4zR8oT&EMAt`-BTh3VITi`$io~!v^ua zk>qSg)(j`Er~1!Q&9lJPB8<+nfY|8I;dI)odWp2?A>9O1xWdHQjl6cgaya^!eWv)& zr=fwgZ2cc3Tkd+P+mz~t&6M?uePW;Zpl~Uyxi~v{~)lV=jhz%&9m4(vyq0&aH)%<-;Q}Q|8eflfsq37ocD!=pkeCYxg7xcaV78> zA!5)gnzxAS#Qx4_9pYjw^2>cII z5x225q)))^EqCnPydcO`&yAhz1o3?F-TaU4<(~mAA!})nYs<&^`2Bw&pCt4ar{G&g z5>5N-|LrUAB#;Z6tVQ=p`K7Uv&l(~JuzD|72k+M3z{v9QzKpC$WJKcSHkNyVt3RJ# zU%PU-V@e?pAeIjYE~D8%Z4DXO>Y+?ihOEDVB}|4A3x9^|j^3qxjHQ1Sj6~J(@;I8qUP61{zO}e~o6i~G>QB<`VlscB<^Ml+rr0xXyA=yF zbPTa$~KDHe&vZDcB_aP~KOInNEZkEgvi>$k>ji-PY{>fZdbI`nCF z@00B1zDZ=p;KuoQjgTM`v0E4rLL8H4*_VN63c$+N$dn>Z961iP%=8sXbLqN0(?+iG z8d|s)pL02>kk9%kOFdA1wm&iP8|+{U#mB3kLXG{7*e1cv5uGoY5v|0+M5Gd1GRYvG zy<=bfd}$U0K%QjC4579%{m*G)L}nr4FVde+iP9r~1s=T{GmYeK0a%{_+7*OHN}|Z* z>*n_ppl3T4&%>=5#A<#n2_}t6e)h(CXKk~3E{3oD`eW2JDg(Z{)1B^rP(ujKGe|dg zl|hhZB*^|IR*wMOZbgx+TP@6K;_gej%y$+8l%wB?i=bO8D2v%x0yzX>QNyv#4Wbu9 z1z%P_60i0OD>z=B;Hx2^y?iY@WqneFlWgTI zs(WSJM_2h1U{5)anYJW6HKKt`$mld4&PHmJF#8-WB$cazkz%w*FeP2{;|$SpHGKMVyT z&t@Ze*Cj7Nx@fi;E4e@F)Ino8IxjBK2@;_SZt2BjGgX{}jS1mNfc4nDmQpMkIlTdT z(4n~qg>;xjk9NqZp7H|tpA?M890G$OJ@K7zLx%SG~ZG+LL$pC1ncdQ zw+N^EpH2A(Z{SCKge;5?hl_j|^eM^7I?KUspLA8o8I{gWYv_2`CFT4 z3)gs+V`dSa27C`m@2qWDPB;NFrvk3GY3tEq9**a+(c4!vNf6d0Ic)T^RKQ^1L`qo$=*uMi~r9xDA59CP75p` zMxvDNh1}|RT>EEGB^0n1B6bZ&i?}4&5!>ZLvgBgVf7|8vZ;`|cZ5*!^RpHxd-A+?QMEpyAh*f z+5bdiKS;TXEV+w>DmGlt-mGN|hg{Xf(ExOqdqP{oBQpK^Er|E zN0nN-mp9&VR?VUQus<_NEDD@#vU7MI?G1C84^YP_7eN+Ts;{R>v|1b5Z44T#^@(l|HFIvDr z2;s%BdacQDv#yVdbpHm8AEbd8M#yb#m>Y1y@8%U$AW2cGbO3Pwpbeb%JK-i`5EFD; z8D#q=wpNgBJ5pFNEMKAc&t%97hG6Ja#E-m(Gk^jlt@l14Nf&?4up|Lfj9rGeO~mnGXLSf5oU<3=`7$xwuGJ8 zfa`Vw9WM@s9R>+{=60#$M!6J(53UYx-g7Sep^TZ@R@T^)q{=CLhI?OKAgRJrNLC^` zA+A5`V**^oP1p#qZwc_IB1J(;*8-pu!y=%kB8t8K3@Ek&a>~(}l_Gy@T3PC7KHdos zC?OzXvQD2X4^O{xKLe@2%r=^d)c5!gK8CUjGK8ne`1B}qem3tm29%}@RBX7=u$Hft zNB||en9K@T#OB29Sbo3?<#6}$a?SM!Py3Jq7N&9wd`&0-cS5RwFY)-yRq^8yqGlnn z%;WXLdZE906&9{XyF7+G zJs04?_TH77@v5(ki-iB8fqr^yE#hdAy&sR&? z@Nt!PvS45?kwBkB*+Ph%2&nG}j*n>HB4sp0OI{=3gx;Rb&6LV=|)=hRN|G+B7`8mTP7=0|iI3#BAG zMakEG3HT?7iKzlC+5c=WiQ!H*1s9X3%X|DEyp5-W^0XP<1^C)>Aw>B4_7w>^!=ukq z?YZg|8vV{xtt?Bt*GteX0Jt$>kQ2Ed^8S%(XFIsgl<|>t3?SUO(*S`NC^8JNt|*4< zTKstmxZwgo1&Cmw`?l5L?bi{T^#>%7qYqJMgAQT@VVbM6)%X-mUHP^7zLuXkLa5%c zKE55a6b5768G^mo2I)`;P#HK+0ULJ2N5m@=Dsw59U4T-LSm>$StJ&2~IMk+~NgY`j zrPi;4K!TXrJjQ7@d zlWMXz&=p#MG-%dx9pSUpjAvO1Sz@mf3!7to={wZ4Qw4Xd_EOm_ z((#LIEh&Wl0OjHCJ+leH=Z42$92_Kb9Fp9ltY8WrDOXu->2N->qrxxD2dTGf zOXA`wU9)M6Y*!_3k3gdtb5)LH5iq3X_M2I)j+1qNqI!XCuI>i{Az2nXjO2q*3lN-k zMd0ljs~e#8y-$OZM7RfcIR&Qr8$h=9xtYl{N%0zs6uw$mbTxv#=PvqzkXriWA5+%C zHx`@)#jJP1!?t3?5biU4O%YSa8fsyO|XmOPKW>DA8*N{$cNG(T<5%fzQNHt5Q^Jm zun_av+w*oN;(ikk0y`n2AVaoJzd)X2PdvhNf5cwL9ZvTeJ^Uzm8G&%FRbl2P-jsYS6?PA^g zH5KELl|AmgntnLht5Bm9pt|YXjC`!>fPj=z;C4)gw5ZJy7CPvjBhfu&>U*vdQK!^% z?!WNTL}t0GCSB5W29t&1ZBmG6LI!6QE=P%VrX(gllYn-H-FFI}rtu|U`AG0Q%gm>9 zgrnsO_^@jqDg2zwvf?G5=V?53sl_sHzd=>2;b0SH?KO*h4aG$n^I^r2s4xdn#p8vm z#fabdlL1@XHWpi~(M)eh!;dOSN?T}iC#NNwcpJ&}F$xBU);q$mAqj5ibP@+W`l`0x zBL{xzW`=9)tVSJced;_T_qjOqnx%~d}L13d)1|8mygvi6(;Q_ z2utH}8%q?UW`3u>`i#kWNxHE1_0FlEtKBx!F24wm!a_0!S<#$i3$E{*_LeBIEX4BYtTtHX?=exjBFSZxcYA4GN>xVTG$6+@>u-))c|Pp zq{=K_1541rX&Y7asCaH@9-S;LadlF#Q!9$PhyPI~bMIl?vrM0(tvh^R+HNV|*n03a zSguY*JjRih=b8Q(-_?yXeyrCj|ghs3W| z30m4ETlh$m$#;cyJIaKaGp^b8I!lzsBV2Rh@`|AYS9*D;c{5}po!8TND`&)7;jI;2 zk~E~e7B!(;hBw!)qvdlW*1|Uhrj-=#(yF9%Nz&uR6%fN7@MIXwUi+0}lW5RXBX6?! zYIMBxAf+wrZXRpRFW0ZJUNOGcOWV5RR2nozjUr2KDsU&Az7*6GREkej@oU<(cr{vY zK(_i)#m{`FyUVu~&L%wQ@`=XMdsP)@Nu(P+^5P~BxB|NPiZ9Awr!`H*A*{xnTKoWD z4l3W?j;9k9)2rlGy_+K#0d=}h{&a!N(dsv#AFKMpw@R))kR^60P#L6Hd^PaO;ME{J zX)?<-{N*>c7hQ>L!k)E^M;W_GQJM>6SXL8TbZuT-G)JX-;mB^b^mYslm!yI!weNPk zF;QAHN*0%dF+t4UuPLy&ZepxdE!$u>7}vx0PT{DpPDx^-lF2W3&;#hVI;pb@Mp7_I z(aP*-uE=QL;-c~dJ*j%hr4X|ho{4NP`o`nk9?=$ra7Rs&1v)Og>aR3lVR02-FAf@7 zJBTuWGC0i9BAkRmExhWD@l|j8pmk4taET3{?kn57HIGEwn>?p5y- z9#~9`{I`kyb-dlROfUxydVpx%JAC5ov|&2Qi%_XGNtvInI@ZykJB-n!8hN#AYe)C# z&$R!xdyk{^UX$p``$e)iTdo>KHrK~4N{T}<_=QRz*!9u%Si3^5latbi4G*dIIAkT0 z!jR&bX`9t`Osw6n9+FP5Z`p3%l8`42S(A`>Bg>dnJY)0mL{*vFA4w>>*k88k3XkW1ol;hrAPaotx0M!2h(+~@ zYw0A_ykeV$-74Pa7iKW(Y(?e6Qm1`jHykF5VVVux!scyd&wFdeSU>(e+)%DFK8FkY z96FtBIKkQ?3M?A18a+#(i_bZ>DNk&?-3OA8GIU%^a{P6UCn|MTl_Xeiki&K~FQV=9 z;>AqOn7B0b^B3ke#)Q$WN4L$x;OB!Kn|}OcNybrm@(*eTRtFk zEh3$4-1oZul)f#7I_BrZ>VhG48Szr)*-i56yXYB~INM}z`jJYyS$@hxyHwTRe}>rQ zQ^(nT4Zp*37%z-mddW5&c~a!eW6I25d#OFTJ6An} z*z#_o9|W3{Xg*uwG0vX)K^*w#HzAN4t?)U-TN%GnO|T>3KKDDXv`VWweEI+{=yD>y z-JWdKaxtk#zSHU&K?x$hLonmOZ+qXT}|GH*QHWd|cKr$RU>W`cquY)W^Os{hWOn7V}z&^!o$e zk)>g^tioWv+>qoO=ZDTTnavxgTU);(-`D=QVN~R9EF~re%QMDac^$NH>Q{ZmnfAwq zu9*Ze>vlreT}IBnI+Uy{E15<}yOft<-81gU5%i|_{<<~kd3X{mJ_0t8Vj;nkp;Q`1 zwRr;?8$o?wpU3)pbXQ(wKcVtb_sPC_=nbLQ$j7Cf<}~YJv1}ybLMW~}$=0aI{qhI1 z63j1(+iY!EUdh&AguXU0SH2ZoFvweS*!V{t1vI^SH1aVywIM z6x3(W&n{Bi!j}d)y4$U(X+F24hHshklV{YA=B0ikl92D>XwHZ^+>w}Hd9o#ttIw*M` zx2#^{a5qZId0Z(|@PTOML3upAux!TDrPnB0&2L2aG!mgZ)U4G`E_}?~`}>dh*1Qfc zXiG0FD=6SGS!)wjMfPnCRwF=Iu}%@t>1-31cuzg0i+nAR9~pD??PPsN#vSgAEK6~f z^BGZgIouV2Gse&xYLP3+_a9G~8;*oIi5Wy`ZYgG1Fb4>zdbN zcVDX#&Dl>`>4PN*d;A_Hr}=6>a!ZI*E{lwm;(@8VJtTumc3U)8b@*<}P6yYg&+pIc zfDz?$eVBA1vlzd@bMt^3b?hlVmLn7|q7Mo8MgkL%DX$bQ*s+eV2*rNUbTW1{=?o&^)0vibyG*G6V~UV$2kj|XVBQ`;y` z&RMsHCCH;ni7jr$iYTVll%!oZn17&{=Nk3;Kr`IjG&B5x#&aE;Bh$L(u%g3~ohcz4 z<`?1DJxbWfS83J6l@zbdETEO_ibJ(EN%Ox#Pv`A(T?5dWY3P!iqBu7@dxOM-=!yhQ z>=sMtX4+L*ONprj^()q#N@u|X+KhIyE9-WMKYjI;11#Qjv1zmT3UyxV@Da`vgucXJ z2@IW~T3kkrXdtAXvSoZbgUk6SVIY6@je|{U!P*x-Ew$e(-C=D?AJ2dPl5;$7Y+rJ(sMsr`0J^cyqD3f7OR!#rCFckmmbJ)CXGvW&Z4vsNj&gcVV(fv|x;H!ftYkDtUi-u# zZVMrS?qf93C)v8X-Vdu=F74$*Os{4p+KTASvge|@6LzNNK1TlhP_pCHMZn!T{-I>; zjn{0!ZRd$Y5{exZdO_KB<$D2?$fV;-+y&I^u;B=I$(|MxFR>=}>@Q;p#qvbC6JPcPm8)Tc z9_-mId`J0T4JJ?s<8bLQ#>T$%jrQ^2>n0>N#cW_!cX2vbQg3cM-bKH=`mdH|C581H zFJrAfS??w)GW$J0xc^<1ERd>TbdI|dQg{EA0kgbts+pXOZw-S_vE{g6KBbfegj{A% zd7B4}wR-UzkKg^Pj(wC107}Qz--PXN81o(ieF76mbg?mN3DEe7%{rp+fto>TSnKh5 ztnwoQd=q#iu*rzvWSGeF{f|TvkAu-OW5?R*`0Pgc$lLCYY2H=-S16gq3BzZne+&Hn zY$M#v2K@Z?;CnPb;ZT!sT0AJwj+NW^SL@3o!D@#*4K3UMM-}?_W-OX!Ko7KCN9BqB zpBMgV!w@qN85w%VBmYCeVeC)QFwH2Z=yd2^paEqa;W$)Z)NXYWN(aYEopH~*5U*K} z@BqX3I=!~hTiem{&DX?FSL6S=UMBS>@cXc9)RO4o=urj68DG%EeEAi*HN(+JA;E`& zuN}#8F;#iT@|_8iU*{^K__rmWGi5@}$N*E{*8-^Q(c@TcMPPsGzk|Q-J#HBt@$1h$ z|ART>nI2LKS0TC3>uOS4&AlZztj(eFtOe0JdK)U;^i&_}aM*2)|I^ zi0ASF%6H;wj4#G(>LOj$YHy6?y_jOz0@M@=O5neJYr|RL^Dsf^;W9|9i5kz3Kc%Nu z-|Egl&W7^=(F1P~`*=@5Pv*P<_*D45-i*f>c5XGMBz^tDz8kD}*b~a+XSGzWIZPRI z0G#7xW*G7O^BKLOioQzbgiE7YJH3C&NEfhMK#hF&w9LL$>|iVpw?8Da0J+GY!LMuU zC#PFRgtdk(=l89rbrlThF__^RBELcZ7OvsMe8sM{G6!fb^^_jKijQHHqsmr*0^S0e zE77~7%>9o68L(`rMKN@=_RQfviN1h*U^g}PTu3MwQsbF;KJELDcA{aj;d@r0R_YuPphspa-2F&Ath37|%_!_;1y@Ab9f!M4? zSkZ2;IIodl@5#GZDKU&;XpZXwu>b2ocz`!fnY2#}P1u=XU-Zk761&}*%xz@l_I2n!i=l9R*>1!MNK4lYc$)B- zc|0HBFM|Q|%+^TPl?K{()aOP10##gy4WP>xc9~?klFE%QkMYhYmB)swXflgN3|!Te zVqbNv1yMOfa#vbumtibB#b5>`JGIN{D%AoSKgb(jlqZA0eNc%*%bZG)!TpKMsfNf5 z>i*DEo1+hR7H)^?vQ*`7(CWt~Q5zvo)g||S1Z35Kyq0$2{o=4Qw==QUnk10*-Y*5v1g<5hO{@3Uc0LWy^u3QCnRR-+C0fbNOO zvNy11m1~8y_XtfC+=JIuLL%IUbvX<`C4*<54G(^l0!|~CqT1&`&m+PZTXcZ@)1&Y9 zl`Uz$KEgQ|`Nr2Dn8PaTEjt-Oime(JH7e%|bf)oA;A9$%IRf^Ns82mUeZ?CX?hj+} z{WL)sO$}#B11mwh4-}%%F!~)Lj4g^J)ai;ijd;&R91dQRQ96$zLUlz$UWiiS+E!7T^h|0M$;Wtv@9gX$Jx=1?}4&{Vr}LsZ6FTZ#-~8`gj4KkG7t54k+`W8jT(r znV~sb$-Ovulj+<+GXrE`KIV%3aa%kbPE!$kq`xoII_bj~&l6IG?b(Iin6VmBJXDup z=~%)zsSLolvtw_oQ`n+#pxsf-Hqfmw+qdOR3{QEW58BjvJ2#EYWC{0i8!Nny&c6I% z*41BA>p6*fceol3XFa(1%&oo*D$v!ae@H9!9MkxPdg=-MZ&f7M(`IHmEJNnD?Ogp< zsO^D%Is@vRN?Eq%-edp~X5CB1ZV+Z2t-%ef z+ci1o9lZ=JskUbry&f3%@)=G*CD1<#oDgwvul*^5+yhtDZ&Wv;f;Y+1e}I`Yy}Gp) zx5<@GBP$P`GH~QZOob==>_h$$*{s-UdbX0s-nl_v&N8JyH@chH4myqUjyYfl`Pq?G$%n9-a%PFSvl*IJC=SGm3K+GR zJI%!;EFDISyzP_04tHj@$Y~lmw}bB=rX)r{Elc|_ii0v1ZU-d~+oyPHFn}X!x&W+D z#DrYM0rmpG@qjBv6&$5weh@R$E|0^1Q{&Xt&h1HFs>t;3pS2Tr*t2I+4~vQB zbaX>IQ$RURE0CutFdjS!InF1G(!GYc>gim9xDW5!-9h)$zY{1P*0a5~nb$-s)#g}h zGCMk>mW#J|aWZ{TKpsjh0ZN=U>R5mA6>^Aq^}sXB_rMyZ6E5TyyK9g;3cL%pBlPKf z`-aQ34y)p1RiFE7-jOIcJxfO5o|w^zS)iy*beAY&o$Mf%g}P!XKSG^*epzfzR5>=> zn%)K(U7r;A{=UGts|r$GcMI<+NLx`M9-{h92zl$AYP71xH`q}68~HsZ4kBtxx;_MgCBkhPv zW)O17IW~PDsD74|^xlt(yzaAU-(j|>@PS}fV(zO5@7s-(KN%Z$d1S{ zncg!{f<;x~MLOC{F@_w>;p-taVRUU8WEzpsj>lo0tx(!9tqay?u0R^zT8;3FK1fMW z=;1U?rW+9Zt}3ul{|TuT36I56i^O&~oc6!)g=-1kk_*FaLANqgKb+fctCL!4;e6`| z)c2}lNXS5Vf_wIG)+{zt>G($L_BK1C0@)_rj4Iv@N@4i!BT)7>t5ah%xZfju!SrQr zB&A5vq&YI#o~X~?bpuFQg1kHoSTWp`>PESlgh1$K^)V%rNEfP*r>xwwfaYRGwLNr6;#HK!Q)WJrA?I@?d8|b>06<> z8T+>+3**1}*)Q{S^1RFWr+>aVh;U9BC#mULj2C z(2UvxIt-JOApCmJc|_Oi66sQ<76}(JWd~U;u}AkK$e5f{+R|r-6mBrN_1|lDC7gqG zJnj}EY8CJy;cfid`o<{|c_=!?gdqRjvtaP+sD~^7V6mcfPSb2jCc%ZHclImUTS%tu zlMlV*-*8FjtybDZc!XQ@_;k>Vbz4nyhBqBjN^>HdVuF&59;JJBs^8Y7t0t-Tpz%9c zyTXoCw^VPlyB+f2U0E1j!tUyn+vt{Ia~_>zap-jlS7PDz22DDea1&$m<*c9pPc-Y) zhmzwO4`bxaHQOrV+TvMyf#X?*^y-EWQ%PQ*k(SBR910}MQM-mo7UVA#MN%UZG3GLS zEXLF{p#vh}1^nJ|A;YJ~0`bOMWW>~bO(6%c#)L0dzui@l)#uU&LN0>R&<6kzT*x5oG_~KD3cuWCa^~$ zQ@)`%YUwAyE*H)4mY&s*Lff4DMlTH3&Cl+HK=vS-QFl!}VYKx6X06@d4s+=<_^D0I zKRuu$|CyIcLd?wF=1JbCWbm1EF1Jd_pIs2=9>@YTEMn+2r-B)sXOSzSF#y0%iYZS3 z%a;g(yMYwNo6aGTUmP1f7kRNv{hqi;XymqYQJ8WYlc=Q%9B@r|0D)JfbM)#DLzKR# z?<<~&41>~F-P~&f3iOg4&m%Xl#NQB2La{?tG)Au>;Oz#j3qFc1aY8=BN*E`qd=|5l!Bh%5<%u~%FV$sOUyg=s{*oYlD%%WU)Ay4tS2 z@dBFm8>?fY%Tw;w`{>GI4GAlH-j13a$*@jSiIy!B7aHe22<&`Nf$Po)DSEyo%{Bl( zC~dAIN=J89(WITxDF!Yy-qY4P3LSKtO*UEa45N`nyXq8ZvL>b~nH$6+lfU{kxvS-7 z!_E8~`hfd>T;a;HiIdb%Xmc^xu+HpZOA&&euHWFHz7DIjJWJxT>w-%WhwkShOep0x z#@#GoG zPR-!?irKdN=d%jKot$3hS2ef(DRPo21+FfgaL4|*66KsujG5jhY_MxZC}W{jq+mL z(%XF)nMRc18y}bW$y)Y&_J4Q)N{5wiXHB~GA(hX=a%u&f|3d;?NN=lA>+=TcK+qZJ zVed9E;6V?31TlYJqLP2l0#n&!B0(xya4B65NoMs|Cf@&g5635 z{L>gjEATR}A_)#nC`6Zi5V~B;@mdYs=>OhMV7{KyeVlr^x~q#F+(<}P>%YyxMCMq) z>a1-SH z>X*d@Tg0w^E%+}kjvk5HIjj`k8U0ERH}rV z^KNHE6G z+(-c12OP!dPKKm+$Tdox8>&KM=9NNIy=z}5W#zYkm-+3-v>VRoH$-zbxT3 zN7n9S&y^EH(4tn5E5g`Q%wPE!p0n3S^DgZH@{n5@@;wH_j?x25=`drZTBeGW2B1w5 zJ$FaU-M@B34Fc;kH%3?+&JLrA_Y5$)iLM7P1!GtYW9dvpLo12+==m;Zgip}Zb6~(^ zL%=y08aCLt+~hUOQ^$0}2Oe{a4$?qlMFB zS|2Jh3}t-;31R;}aFuVqk!e5i0nFvyTk+?=CXlI~IloQUF-HRcr@Y}I@b~Ywe_whP zhtp=q)K^*hw5(%DPmFI8!`E>?H}JFA z!HvD0Ay)-sRX~Bt!vTplO;DncAzzZ!& z_WZ{t|Jgy7eo(;*rvT#+51@98fl(HNQg{@G&y{FEu3>8X>$WfyxSgmw>ppBv$A@Qo zo=mT)CSVT`Xm(3?xqHX(PFm=UKF(}RVb0?K-bOpsNjmk;9>5G*pKw*E%fdtIByKj+ zaN!YAL)8I;iknSY%yBCFcLp$EYf-g?UALeWYRHZQWqink`_eBrr#qyg`bClRtcRBN}G!wnIp7 zb!^d-pF`=;GGSMzOsE$c7I3zVzIt)ESVS+swOSc(?W zkZ0e1LnKLM7DkT)oq#od0Vh?2f+J?8B!YD(z@ELgc+{pM4vytWe%W5uxvyI2is7PK zfX~d5Da9uwmv$3wbYCI~VlgXM0@%4O)J+!phe28L^xgy<@(jAP(9VT0_CBPv(IJ3Pg^oS@EsLi8~IjuTj!5y`+qnOBq{>pgIQ_SMO1&o1-Y@lQ& zDk%{k0cLMGn>c&>wb|Li+TVBdAgpg_^kSGY(Uu|K%A%?@W_jmkT>0^QfOVWWqIML) z%tG$S)*&wu0BLW|}8I0CMcJ<4oTtlRY6TrsG5L`QabViJWQOa{GGvETy)72Lo9N=o;%l1%+DYcC{g~RLst6#0h@vRkSAIYZwWre zdj|xA9xbe4gdJw77GQ9n`oXuW!SOC#{)=j6MkAm;XR511?pT$6uCEpQmJEG?ewtW! zXg+>qCx06mI7TSzsGAwP!HldS`&e$IXrvT1vSg4gvflR) zLK8FDV(g}|OVMJDNMWp#CD}s83?k}glo0B@CeQP}y~p$M`7*~bpRVgTuj@F^>-?R+ z|KFi`7g8HMd{rUFQiTO}ke+#474c3aRfW#A3(mKGtrRpIfM)

kM{T`nnAv7c%} z4JWP{xLsAbA3~e>J8qpat@WL*U2G)*ZjPOCD2RWaZV=#^3iD?c}1{(QIXkuFy}3*f8QlT}NeBZE8~ zm@tnWjL--qo94ogUnfSqk8VuigFpUBy!|%{(a4P$P%RdB_d;?(JE+S zco7zm&B~_N8FPHD3_FEI#0yFX6pO|#-9+}pO8a0GG#IAUa;eDSc1dhZ?BKN5HgE*y z)}EunjW-xZheJRsZyNx5j3!UdrJBsZjrpOP@=sOvI`U@*Oo%I@>WJz}o^Xl~EL~hs zN(2Yf6@T*=)w8)j*H8e23v{JMg#d`GjX; zf_xf-)2EpKVBy>?1!%^LoINabYu5hG&o#$C+(YAz4ImbEsQ5=^Z!H$_`3fJZX&$1? zgj*i|m%X97{*zRFx|3KA%>~hD(9q(vw7o|n7qo(k$z4pS{fQPyBTLyhPFf* z6>kFORyBZ3}(PAcMRnpFR>U3t<$+HSiOr*mclrbKN!5S;;Sia~TSyvCvIao_QhT{nz_Z zfPWtxfWL;U*u5eb)2mlKfl1Wn>0hh4?J@|2lKgZzat=nL96NUKr(p3Jo5%Sup>gu;Cb=!g}eyPB#g_9@hmFNh2A0wBg{a!6t|pnR+aqo0Hx z@m7~ogI|O>5dcsI6Jo=iz@AjCBzI+P(28%~((~rz5|j;^b7V{ppG&h(eFa2^{1@*L zszbY?>SUGer3EeMhH(j*U!!)*H87pp-J6NDA|Qs|`PjL2s#?~G(6qQ2OH;Qjn--wt#;JzsdaMTad`9k)Fnj;-ZulF+^r}gtE9yg&6zH}?!t{%wXA+)(`2@@8dj&mD7tloz^c+ePtAzAlyLu%ZeUWdKPNiVD&nK zkZ{K50fjil5a%)xxb8%P4n=A(-bSUgYSA3W>lNAs1IBCuTPU`PfAOC z$4|q41cSH*UQ0%A(ZA^*jMYrHS~{N+X4Ti}G;B4faPO;=CQ~Q7^k?m=FjY9sdt7E* z@}?F3q8d1oja=FaNwVadY`9i3EPe} zc_>#sKeRl=DvPx1H6t&}-%tRwZ#--ZHkOwhl<>dPPelmeB&LQevpTzsCoWD}s}{_V zLpn6tkks@yNBnGs-3#g+e^nn8$~#{kh0yJe7g3e z)hC?aplja)n&VW;$fS8w*w?$SC-7kkOj> zN$XxcH3@ZFo{B*TWks|E-f|^DOGgZb7r++6Z9Yn)d#H-jq#_W#7vz-Z9@N99v4V(haF!{aOdcxJTaa-Rj!Ze=H>OE5-m_jha_`y1ZivH4a)WS|IbMV>=gKEZ z8xnVG@;H5CU0<@`^>aJwji{Cgueh~p755bG!`Zp=h+oF2wNM2*HBdp|Ojuns2hW|Z zt3RGaa~QOL5MCqPZH;pH267!A@q13RdY|NQ1+@k1BK3MAXYLVNe?V5NB62Cq=-|kx zF-_O(XwUWv6ZG5h@PLqlyUWzQ%-&Xt0rBtmhCHbG6G=NdBWbu(TW}qA-MtZOhb+e# zWshMc;_Mn%w^Xp}pz8;@N*~>ZJjkBvEHtHomD+#a&A(gB9p<8Ue8@V`ZUZ#AOp9iVe-iVm<&#CGz zHEfwHt+DX1BVXg6M_d(e@XQqtd&{2Op&RM^U?Hlxyrr$QpQ80R)aML}RhW_~1CYFf zcOIIvgdK2?^=P-bH$L%1RhN$>m8Fru>RjB+Spp$tU zah@7YC_Hf-#>N~54*DRcYpgDvxxRTulVodcVF4%hV6EkdjAO$O!J;idYJAdbOsk1# zRfNiuAI)2w?5a&VmOR&8n}t4c;0L%h5ZEZ?af=OV1+~<%7u`uCCn3iuD(=W&NpPP| zMiG)h$_Nfn@e-EU9sw^)fEJ7{zE~ zI%RazGRu35&4LdNzjVbahr{IQ`~mns88OV9^&ws0ZS7cNU-dFU%#?;z@y5d5Cx*Y#C zHreGqM+a}|j|=FyOiiZooPSMO+V@;z+aeCJfEHS1w}YdpvjukYUlA&W{nVQC4g?8t>t79QOjg8``XXvJN8lO z!;>*P?3=eSHfD{N?392G(6dBNfSH0>jShenl9+d`KuqBmGdnB!zu5AtX)?y@0SQ=L z`-PVPnG#|U>J8Dlidq6_>C$AqUw?x=KWn-HMpK2oU3QIAF0M&B10&pCHe?61vc%@e z4>g4>0!^jTUk(Y1>%8U+veCJa{4Zfrj~x?tFkxx5@?vk;|CM7XvB!51e=ui2t98BP>p!#s}hu^PsApv+OVS0Y* z`!B@)ueK#{fY5aYpSKT_|3w-lfhYB!HyZmBq_gfCuxb+Xm{n12b>fW0W3wx9{{uss BS_S|B literal 0 HcmV?d00001 diff --git a/docs/netbox-enterprise/nbe-saml.md b/docs/netbox-enterprise/nbe-saml.md new file mode 100644 index 0000000..e0aedeb --- /dev/null +++ b/docs/netbox-enterprise/nbe-saml.md @@ -0,0 +1,90 @@ +# NetBox Enterprise SAML Configuration Guide + +## Required Information + +- **Entity ID**: This is your IdP's Entity ID obtained from the SAML metadata +- **SSO URL**: Your IdP's SSO login URL +- **x509 Certificate**: The Base64-encoded X.509 certificate used to sign SAML assertions +- **NetBox Enterprise URL**: URL For the NetBox Enterprise instance + +## Generate Public and Private Keys +These will be used later during configuration and can be generated from anywhere. Be sure to keep the private key secure. + +``` shell +openssl genpkey -algorithm RSA -out saml_private_key.pem -pkeyopt rsa_keygen_bits:2048 + +openssl req -new -x509 -key saml_private_key.pem -out saml_cert.pem -days +``` + +## Configure the IdP +Set up the IdP using the public key from the previous section, and the ACS URL (based on the NetBox Enterprise URL). These steps will vary depending on the IdP in use. + +**ACS URL**: "{NetBox Enterprise URL}/oauth/complete/saml/" +**SP Entity ID**: "{NetBox Enterprise URL}" + +Example: + +![SAML Settings](../images/netbox-enterprise/SAML/netbox-enterprise-saml-idp.png) + +### Configure Attributes or Claims +Setup similar mappings in the IdP's "Attributes" or "Claims" section. Names may vary on different platforms. + +``` shell +"attr_first_name": "first_name" +"attr_last_name": "last_name" +"attr_username": "email" +"attr_email": "email" +``` + +Example: + +![Attribute Settings](../images/netbox-enterprise/SAML/netbox-enterprise-saml-attributes.png) + +### Capture x509 Certificate +After setting up the IdP, generate a certificate in the IdP (this may be done by default). The x509 certificate can either be downloaded or viewed in the SAML metadata URL. This certificate data will be used in the next step. + +## Update NetBox Enterprise Config +1. In the Admin Console for NetBox Enterprise, navigate to the **Config** tab and scroll to the bottom to check **Advanced Settings** +2. Apply the following into **NetBox Python Configuration Overrides**, replacing the relevant information from previous steps. + +``` shell +REMOTE_AUTH_ENABLED = True +REMOTE_AUTH_AUTO_CREATE_USER = True +REMOTE_AUTH_BACKEND = 'social_core.backends.saml.SAMLAuth' +SOCIAL_AUTH_REDIRECT_IS_HTTPS = True + +SOCIAL_AUTH_SAML_SP_ENTITY_ID = "" +SOCIAL_AUTH_SAML_SP_PUBLIC_CERT = "-----BEGIN CERTIFICATE----------END CERTIFICATE-----" +SOCIAL_AUTH_SAML_SP_PRIVATE_KEY = "-----BEGIN PRIVATE KEY----------END PRIVATE KEY-----" + +SOCIAL_AUTH_SAML_ORG_INFO = { + "en-US": { + "name": "", + "displayname": "", + "url": "", + } +} + +SOCIAL_AUTH_SAML_TECHNICAL_CONTACT = { + "givenName": "support", + "emailAddress": "[](mailto:)" +} + +SOCIAL_AUTH_SAML_SUPPORT_CONTACT = { + "givenName": "support", + "emailAddress": "[](mailto:)" +} + +SOCIAL_AUTH_SAML_ENABLED_IDPS = { + "idp": { + "entity_id": "", + "url": "", + "x509cert": "", + "attr_user_permanent_id": "email", + "attr_first_name": "first_name", + "attr_last_name": "last_name", + "attr_username": "email", + "attr_email": "email", + } +} +``` \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index 653791a..139a60e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -113,6 +113,8 @@ nav: - Entra ID: - Microsoft Entra ID SSO: "netbox-enterprise/nbe-azure-sso.md" - Entra ID Group Mapping: "netbox-enterprise/nbe-azure-group-mapping.md" + - SAML: + - SAML SSO Setup: "netbox-enterprise/nbe-saml.md" - LDAP: "netbox-enterprise/nbe-ldap.md" - "Administration": - "TLS and Ingress": "netbox-enterprise/nbe-tls-ingress.md" From 8d619c2f7e1225405bcd8c45da877ca21c0e1aa4 Mon Sep 17 00:00:00 2001 From: Craig Slingerland Date: Thu, 1 May 2025 12:03:26 -0400 Subject: [PATCH 2/2] NBE SAML SSO Group Mappings --- .../netbox-enterprise-saml-idp-groups.png | Bin 0 -> 11050 bytes docs/netbox-enterprise/nbe-saml-group-map.md | 49 ++++++++++++++++++ mkdocs.yml | 1 + 3 files changed, 50 insertions(+) create mode 100644 docs/images/netbox-enterprise/SAML/netbox-enterprise-saml-idp-groups.png create mode 100644 docs/netbox-enterprise/nbe-saml-group-map.md diff --git a/docs/images/netbox-enterprise/SAML/netbox-enterprise-saml-idp-groups.png b/docs/images/netbox-enterprise/SAML/netbox-enterprise-saml-idp-groups.png new file mode 100644 index 0000000000000000000000000000000000000000..27ad2ca374eba2780ff1197f79124d55ae814970 GIT binary patch literal 11050 zcmeI2Wl$V#_orbPf(3^lfk1G#03n0BI|O%!V8PvkOJHz!2rfx*cXtxp-Gl4DdEY$G z)_&Zr+HYHR_f%I;-`c0oxqkQQPz5=0RAfSA7#J8-NeK}p7#I*CaPEls0{HFxl}ZT% z1FK^pEUX|YEKI8K+1AwJlL-tA%~$J~W+^yDj39YKA%y_-kofMfNFiutXrxZ85PW+K z$rIiC)Fi~zi)sx;ZoM`k1r!p}>lcERV^XzPV0ilW0ZobA!HWYi*&JQ`t#uZ&Bo7!L zb?gpAn4**)@yW7u^d(kOJGg?^W8nl5R_?MC6T9$HD~&F#TX1GKN7RctBNKvDi4jBH z^80S~JakVZF3l~5#RWA!l`1;woGan6liWY-+%kELPifA+4sO26tk*U_4SF9pnAhjB zA=sRQ+dsM?kuA*ZVmJM3rq#x-0zGlaGr=o~!=J$sN~+&!s8$(*zc#evBfsz`uTr%4 z4RI<>u26+P7#Fs4o)tY#s}SRDNl10UVyTbWubG*fr`hvkAb@%B>dDhAe@ z%S2t$R8|&-4md}Ifep5R0Rv~S!14S{fJc)B`sWIWFbnRVa~Q|xKV@b)Ghtw8MI=Q8 zRa{{Y(-D$zx@W$O#yUjBPEzJ-LrF<IN}OGgMRJm@d^-`0GA#wyYN_5_0jju42ziS)R7xQeW}^Jbvehpt() zUqfFnM;|jUXC8K3m9SAikE_cD6zbXBOiq2=*Cj94pLu6Hklu(UnM#*kYn7(4$D2Ar zXSfrAU2QOrYsD|Q#zLFKo!m6d)VMK{(Iv(2^;jP9bPc`#arcFZ-r-A^QjH;@TbUr0 zWD<+a_Wrxwq`+WqW1(a18Mj~8_wy)ckK1M@hX)a88&$0V-R8>^HSBu7MHZ$v#n5|u`awb+%I#GM& zUC7}21CKsGe)hHL#IC;M+5vGg2aRps9Rjo6-ULGllqp4MyJE@vC**xi)0yFm!q0cI zA3dQ|3Kf>_(N_QgS(OxWIPD90B>Z0DVm@|C&PUC~aVIaEr)pGP z$>L>_eKcFNJ;seA&+k@GJe63~lr%2ZO$hE*C5u%*l%0F=HZC;bGI4Mpg+iAp>ekJo zqL1UHM|7JCGjlD5UryY_Gi=3Ngx}dLUHRfLCutX;_hE-t#4B2_)Qb=E(efWQQK9tW z#;||md;L3m&*W-cd}FX5K7YH8+`oY&e#I;M4U?vq;1(l4^{h=G%ESr7!@ODIM!#WR zuecL!!B@aS1kxy1;&Q6ik6)klT<6Bpxq;jc^JQY`M1`h9^!PBs17$G-pTia06spwUvo4 z-155?VkN!EaKgD=Iyb#tjmxi&!#~Q|ZL}zfkOpw`QyJ{FzQa4B6Wz#pndYwD)BIK1 z>6-S!e%6O&$NGNvn_N#8l4!1Zi!ocC16sQC=>V_W)#Ri;mMNlbI~lhDNp~bm z9BU1|Qv&tIilX~3A)zzvFC?a#Hdw+k7J@?p7ir7t7w&abI<9~nlRJ)&2sx+{aB^NCT z!YQB--|D)(8vKrTew;F_mSA+P>IJ^fmLT>FsEuGfP1KQHv~rvmDj% z#no6S_vgn6-rYs2)O?ZYZ)tLS&c90-!Q@aSa5((N?eN|0L+%2C`xiNcU@vi-!4ju; zmhhiD<<-u)Ij%xwGOptplLyucQ5%+lMrGDrum;ZA$8Mm~G&H8|LcAB#G7 zHhmfw5$g zjVY);*$i0GWc{%eG4~(h2A0TwF1!jLu$Oew8@3XyBX3!9?YGwTA@W`GYoAYaMKH3F zPng;-IqfYIrGpFLqKH${kH}LATg5Qp=y13ulYXx~#l)gsn#I6)x?*{n&oj$&^O+(Z zzJ#n4Z|m2dY$C_9e?2*rH16mS&!l~V^C(yOTgLLA1l|dIb#JyjSqjW4GPL)~uL#rw z^jWi?!-jw-^@$z3z3|$~DdLkO{H6;hNRLZqBu2Na#=<4^gXvRH|5FXZ)~7nsOXB7- z^v;1*x+F|BrJ5Vc{Wr4Xzv{OO1d5AwSF__gy%}jB2vc6?$0tdbgNd{WN?GQ$R?y!W z!?yDw;u>XZxYedIpSm;aUZIJ(dcSn6>}r!z)X{LeXWW7mETqsmgA?c)+onN5=;c^l zp*+P5kj;3lHXEm^ZI{I_?@?^NZ$mjy%2Cx@Ry1J{SWZM|teY9`qWM&CPNR@{Dsxuu z69$ynJhza_RuU9W@neFdPF-^(kjvQ9xYmi3S9j~<=t-1U(t)*+PH@&kL{XitTT{A3~ZL(oa@MUb?po-5zf1&ubqKT--r+ zFyNe2+Wq?)WoU5`3B4|h5wGN$zwH{Ic=W>C)8H4~zZEVdnH@#khgsvrAmu7od-GGY zQwJ(QONdvoFq?o5)+2*q&8!}}R!;EQ{!}lh?N^cm8)O#s`D@wrWA&$xu+=19PI9I` z_8%J&dcM`+y{l|&tT^PZu%g7#eyd=bWiF5`tR2J*QhR|TM!pNB? z9J`KW79U@4(1h=qdJu6zy10>P8f0r=wBi-cq~y1gxBNuxuP=XXcY#jvOoO`8^0#Xn zP1>G#3;rbG2MhPwT3vma47EgP&o!M1S7mH{bn4^?KYLgX!x^?MPm~zWawxiEEW`N% zR&;%XVe7vlBVmRcgUsp|U{`o8J?<(-t7^AQ#O18T(ieG=9RrCDqM4nx8z zw6|0piSToC9Aj7`)`mBE{S&&+>T;JEb^0bP1okeXx|F>oYg^xpGE14ob;lr%|T{)y(O6K88h&_p9K2*GiXE4Rkl~q2blJLm3EuuOC_t! zNo}t>z9D;dZ!f zhQU`j6fT!}w=IV^n8t`f6vsv*LE7nH6cGG6w!QzGOn_li|q9m8&gXZ@QnItXCxNbci}g5Z20EQoNW{ zBjEg#rwg(=>l6xH(dZjj#%yoj!uNT`SyDc%6U*_ovmOJT&wW`Iz4;F@!V`63?vkZA z(UDSazJ@E3EPbTvj=j3mP`oY}V-J+d71ycI@p zb44&h5?&_mnRgd%ygMAOe9ci>0x@q5g*AEm)_3O=iG}YGUVLVduN^I|Y7nV-saT?z z6?iSZg0@@O^43rFy`F6o4QfU>K9SDgatpoT4Xrlyld`m;kJ_?5%b=-Nu`9Ssx^~w` zfsl?KEJ`_P1wuGZO_*Z0&`U1hyXeIJ1DQp3aywSg% zuNJoIZbTRH$2kf$Wu2xd+#am+mfDB9&A=t{mOKiv!!BZNu|m%>;xye?O%%?Tt{Bas zg{=`i$z4Wll&?71fCF}o)LV(qtugSoxSdm0G@-d3iK~Lo6yhN9YR0v(u{QzaPu*Ef z<^(H&T^zeofO#*KMyV}%)})Voy}8&oTO!YD2C^S;Hz%jm3+N(|>wJT%9P>TCXnIY9 zjNeSY^;0BP$1*5~Ma1Q-ri?p(50nbG?*Dc;6HMU&~AynA!46x7jMxv*~)6#(|U`(2vPqYfUe#y zTkSdwk88X;CM9cq@epCdn4_CvHE?g)NlB~96%-fiXB49ByA}wGKd6A2yB@kME={)d zlNPU4z5A=+G*V-2QJf<4>n}oJlTKBcu*U5lt<(-oOSm{(H2DVT7t9Xoy%Xx(mbuBA z^-x{f!O7{npjgE5j|}+=^ZZJM=qDu4zAhvf+(9Ij^JgK%q3tEdwVdNaXk%|4aW<4V&V8XeCv9%Bg(+Me3^Dt7xCS2K!S8;$u+M_U+rMx@(3ev*+ec z@chi_2_G9+2Hyf+;Xeh@3v@a!f^mDCC@=9>6be!bh>{mwyV?J9i#4DTh3+2CcK^|o zMbDZNm!DbgZ;fnO-!L)rRy{uAzbX_Q4}%+-wYJ^;S2vQ@A}Nd`9$pO=lK;13zbve* z988t_Ca%9V0yzPtnf>5>Z@6ws@}>7TWK zYRmz{3cS4AoP3rl&#=HpDiz8xc8B4HL%kkuFO-^G?fVlLwepN)Nd2w_NXu)Z@2-vq zdm>+VuiA;YGs^Qn)aJ<~vnfHaB~}!Xvb?nGKT|5PiiW?6Py667037GniZ!OPAM93q z(|A2T4#d;r(eh)jG5N7f?}{8bX=fnd>Myr=ojqJFOGgoXNQ-*KpsqkAmqv53KkFj3 zjfT{P2eQxiO5^v@by-oMiKUd@I(O%Lx_9VL=l-dzS?SDaJx9^{cw6FlILD#>vu*$O ztFHwK!8=n&I;WL3KVUM%#k$Q6ICLr!1@f6p@61M^xbz=)_>D98eOmIQ6Xh&t%MTry zT-IK}W-<_NeZ4*3C3n~!i4R1=PN8@Nwpw^dG1TS|Am?GY^gVM|msiU^gTN$;&AaB_ z<2=0HpU4kC-x((#z;3j(InY%i-MjEesz?(isfI_{%D{Kc>5jjX!N{%}ab9Zwk9z zM>BXQ>gK%S*=bZEUX|s6lw%!|^nEKup*_+kKYrpI#cp%^_ur7U- z2Az(&L#E=0r54 z&#d12p+P1cqFQJ$biERQzHzkJc#Hq?yeN7wkvTDnm|H4eDqcH$(;EZvy3`!XprN$n zeP>O;VF^80YUUo$(y1|x6mSSyF7voLn%kbQHjx(W1$}Tk%VSWl6!=)CNjaSQKCwit z!qNo%uAR+fKq3ek*SIg{?b)AE{{8!t=~YihJHTw?fq6<5%B6!fnS#KE*nSG;BuNsr zmeW#L6cSnUujj04OowZiiApPU8Vjgj>>y-#o=Fy~Rb+U>n^!16q@Xl!zgtenYSfro zI9#^}AUJU^*E^TE0oyJg z@M!19)N*Md=P?TSVK}ro`-FQ!2@D$N6gUZADWwx6fXAEXxH|z7HR%XMnz<>8=JmLo zS{JR*Z7y}R0e^)tWN+$6VQyMU;&H29UuyP1%O~Z6whr0fU0Qo-`hnnyq!XE@=L_XC zor``)sV?M8ClYblOqdQOWnbAY)Mfv(7m6@uyhwCJ+zR5UVV zzdb^{U#G-QB%8usby+V6YNrBBy0_k8+tI`0^0yhWx!IQO!LKU9w{!7(S&V7s$9moP$&k@@AYJIh_yZ@)(Y={6`hmm}xcm8T=1-{JEviDt?Oe*Ja@pY+2jit#(Fo}2NLXjLn9kwlER?GeMdh}dbaJ(cU zPEYS!)*t#oI3M2`e8&cfS51UsaU*r9k4t3oH7g&0-=NdWWqGZw)6v05q*n8IS&ymH zYLAod5ubHo%ZDJNP2i#;ztCn)(m^GLOkLm{#R-&>Vc^Xpn1=4uR#le*i|L+Bn~-5x z?C#j5(AZKXHd%8QAHQwx1_kLwx7H~U`@=mFGW%^%Lij_WeTh$E@!BJp@ zBXwO~W|LjPAENrD`e6;pF>BY6R_fL{1auHZWeGO&^C?_)el~g!%RtlSYN%$It>31) zX2JHlF_Z3bK}P^5@;V?|Ug|FbQLKatMCedwAaAn%#U=n9VE}L{Mfgiz0w7p&0M7Ky zHCX=QTnr2@>dZfkN$Tf|31AgVEkn{@5R>o?d$IptNPFhAHbj8a@HJn_{L>?l!f^U0 z;~??>IE4Wqp>MWH`@d6BVOK}^3%b5wkQl(2ZDZB?|IQqkHr&7W{+~{pbQOcL3&^}+ zIDqDVSjPbYSE?t1ARSq7&Slw)I+@KR*0?|R195mHH(&#?6|Ik&0||^Jw#NWlv3cLS zx?L^0Y+fGD$1>?a+>V>CHUJMFefsBMu~F^vc$xXb=Z%m^L|1uO3SY=M5DEvQ`5$Rq zj+f%kcPFKDL_$HXqQ{~ne4f`|_iL|8L^giam_^@T%<9E*yBtXr-k%LJe?DCk?FRrY z&!~ke%MO9o1ae)XUAIt^-DX%8>~{MgqwS3n07#mdyc z03`B^s#pyGN@Vl6`~-xPsFr2`y!y;Cy{J^bseA=OMSrHxBQ1%~eH9V6Gegf$bUAEl zxroyn9#$JH^(w<49A;f@&06!f$4!5t*exbRfVaOSUe1Sa{Ql-o?x*mh^3`a_Vfm-o z^HKgM?YUYDa;w>LCteD3t2!4w_&9&S$3jfRZ+2{7yu{CXN_lU~B+qji$e{IOh*poq z8IUajkP1mqRZLr!V8D6A6m@n69w50C|XKpDn12$Y~C|2nGGQDpl-OqR4 zRy1Fxd|GbN(TBZ%ygQ~8{_@hl{R9ZeEw45?mI1Oe?u{bW{geE%y=b!8<0_%XY&1nH zWc+y9=ZQF92)-NSd5SPo(Q^Ckd~aG>OWVltEr0q(T#o(Iqu0$zCwe{r7|%%Rx5W-D zAMbp-mw=HF^~Jb2iR5q!N7=b>FxsxCgs|BK5Xv-vqP~*{qTuG-cdL(c4Nm)c0GGNi zui8mW7RbWmA}|-YU+g`T-EV+Y;z?fDIq%PuU3f(jbAKF3`>^hq#!Z2tg_z`gHm#<& z`y()Fb{cD~obPV#&4D#qdc^)gKan`M_rt|(dQ_+N+2y>gl{OciwJi|P8q#zAh^2~> z=-bwW<1r@yHn{K1@3^B-Z@21?ZKK_4)ElMr-BOj{y-k`4qy0cvdJGlJ?7YJ$FSTv+ zMS^qUioq%*zyxLMA@cQm&Cyl>O&6DqhT4)q;Q^SohX_UpIQUbN5sY@@f{)kh=)8~m zFD-smW&^m_hO?_uDEm6V1llUBK4=Q9f*usqT%d_pXjL+RXV<$A3) z@y88{mHL8Z`WMH`dUm|>YvtC%X&;oghLXweE)OS1k*pL|K(i_Uc%8qk3yDbLBmHJi zaEy5P3-QdKl7S|gjE|OZhg1xJ-DeG>Qu0w&ECN4Uwul8)ST2L7SZ}E#2<1Xnump4t z$e#hgVruIVy)9J&r%TlK9mX`W|FAJ5g>r2JdSJHq6#d?f7~+V*!yqFE;PIphq4^GC zc3C{FvY3nW*jnZBA-pEu$_u3X0I&?V-$Yb04#Xe8WUch#pSK5Py!r`&oCrZ#0L9Mn zqbSo21SPGT2kh7ZwpA`$w#9Wc>Uf~Q4p1eTJl{=Tt<|jDUA)fx!QF9d1#a9#zVtpC zsua>$3TNbJ`v(S%YKfAMWsdgC5F#|+7Py%1 zYN>@EJQz=3Xw)&bB$dEGV8WWnq!a7*XG?MbN=qr9!2^l@X-_a3-k<_zV7 z_xaV6sYF=%X$Ouca z#dxMvqbyI)=RsAAKbBhFCcj-JK>uCRpeHUkhd?rotBSL|V;jNG3Eq?eUfZfHo=$b5 zotcUs(5yc&`x2Qmm8U+Ks;h^>p62s;SfWey&y)!3`?32IM9`90pWSR{Cgw@TrF71f z861ij!JWRw$XDrmdc5K8Le`3%iJ@r>)ik+BBPW-F7mpYh&Bki z-yPV9NE_3VbY=#3%A~dz*v#1Fsr;DbbwgHp-fjX$;Q^H&u9aE0=d8-vF-s{<1h4iy zhf*icAz)*owsBy-E+XEcj+*E75#|hWera7}+UV}ck5U@BcYYA{Z)Ow>3`3t99#rSj z0hI38t^}G>n0CQGf;dArZ5}c1+6>Br^j_kyOm-xq z+I#6b_CT+NVdCUp>Z;EW#J2_cs%n_##}Sar=uWvPSA5;l%se>kO*48D^?Wh(XeUY& z9`xORAfwl59xP10IK2p`hK55jWnU+Q;o;xT)8PNZ{~A3Iy{-Yf`8%WhEXb@(N)0q+Z>TUtMo`3*=j z@n*|6*?QHp%b^ZHAFZ@l3`r|br4vEHUBv>1!NeD>iJw=w(mRQ<5Gi0iT|gHj-(^X6 zu>E0J^tuvn4~luShF7)Vlg3GtP<;@&4uPGRkLD*2D2`kM_ZEw2r2#!c=9IUUe!q#q zqc-J1`yCaigJe_$NnSa_uiKq4OT|O=zzQT7Z95GUAlNSCHg{rx^PC`)bd^*v?vAS0Ag6w~4#k392KH zWy2uXLTvquoRc~*cmj6x)QMCgzIcx-pk-m^7`{dAg+4J#4P)Sf6~B+USJ~hfXhKmH zz3shh6%_Qb-VswBB@2O`aA1{5s&0{Lh#j*+=z=A2=($-uPDMS7M>FQ&TBLnfey(-~ z?-Ni!Kj*D-lVE@=+O3hgiQe%-gML^q0U`<*o8F&SFK*3u4}G_j-098ITyHJF34YRnjEznr-{< zI{~{u4d}uGWnm9?E_Zx|cT;dVxg970@wcrX zh6bgq@+s!m26dkVkXd_Zni-RB@b7W34i(4dk5afSOHSR zta2k-LR0FUK+>Y{qR~pKYr2fRnkpezOY{?JVFPh-KNDw+B!%J691GMhJY-&BgrW;> zN2BpkfhggyF&s@XWQbS@XjF<~mU=(o)~MGysC%s7^)%H^ku?l!h;Hkcq=;auA*lhkzNo!z9*7KTe>4u`MKYLmSrsDQ94 z7ZIx80b@cKhlm~S#~FNz0lK1v;`0PlfcBB8<`u@Cos}OF4o>OF?o3(gW9N+mol4s` zCS)UcG3n1LAZzmZy1zW<5@($x^ol2n$%g`3+nH& z`PySIf%!O-Y!_}OF`icUJbJ9NJN=)KVc*vws5BL=31`)(4D283x~73ak}ysL-U>rt zLpsIj?VVZ#ZM<~iwYLiz%41aa3vc+bChvlf)XL;)?ixVf@5PUVt&hI=;TuEIENDTP3 zhIP4}=RUD8d({Ae9eOuSo7o=1ZhAP7xLd_79gTYvU9A`MIQnNq%@3|Qn`5_KuQHMn zxV;hWhY_5$sypJRGjZ9xQSNW!b+^(g50i7u*w6eFr)%`wcVEC0=F66&-(txHa%o)I z!%C0pmupBb{rk1m%3TLWjVLe%z`x!I-5j3%mLPRRy54}WMx*~JV--zif8KBY`@x+r zH%OO}@DjV&_?LxU>OWGt?e+5>(h~CeKlvI!omT>B41>aU>wi^iE0AtkRZC-t__vmv zZ`hag7eD{~u