From 77c630f45ec8cbbb74e3025f7eff25035ca0e02e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rodrigo=20L=C3=B3pez=20Dato?=
<rodrigo.lopezdato@flagsmith.com>
Date: Tue, 11 Feb 2025 14:54:22 +0100
Subject: [PATCH 1/7] Improve SAML docs
---
.../authentication/01-SAML/index.md | 116 ----------
.../authentication/01-SAML/index.mdx | 200 ++++++++++++++++++
.../authentication/index.md | 7 -
docs/static/img/saml-group-mapping.png | Bin 12687 -> 40548 bytes
4 files changed, 200 insertions(+), 123 deletions(-)
delete mode 100644 docs/docs/system-administration/authentication/01-SAML/index.md
create mode 100644 docs/docs/system-administration/authentication/01-SAML/index.mdx
diff --git a/docs/docs/system-administration/authentication/01-SAML/index.md b/docs/docs/system-administration/authentication/01-SAML/index.md
deleted file mode 100644
index 334391eb575f..000000000000
--- a/docs/docs/system-administration/authentication/01-SAML/index.md
+++ /dev/null
@@ -1,116 +0,0 @@
----
-title: SAML single sign-on (SSO)
----
-
-:::tip
-
-SAML authentication requires an [Enterprise subscription](https://flagsmith.com/pricing).
-
-:::
-
-## Setup
-
-To enable SAML authentication for your Flagsmith organisation, you have to go to your organisations settings, and in the
-SAML tab, you'll be able to configure it.
-
-In the UI, you will be able to configure the following fields.
-
-**Name:** (**Required**) A short name for the organisation, used as the input when clicking "Single Sign-On" at login.
-This name must be unique across all Flagsmith organisations and forms part of the URL that your identity provider will
-post SAML messages to during authentication.
-
-**Frontend URL**: (**Required**) This should be the base URL of the Flagsmith dashboard. Users will be redirected here
-after authenticating successfully.
-
-**Allow IdP-initiated**: If enabled, users will be able to log in directly from your identity provider without needing
-to visit the Flagsmith login page.
-
-**IdP metadata XML**: The metadata from your identity provider.
-
-Once you have configured your identity provider, you can download the service provider metadata XML document with the
-button "Download Service Provider Metadata".
-
-### Assertion consumer service URL
-
-The assertion consumer service (ACS) URL, also known as single sign-on URL, for this SAML configuration will be at the
-following path, replacing `flagsmith.example.com` with your Flagsmith API's domain:
-
-```
-https://flagsmith.example.com/api/v1/auth/saml/YOUR_SAML_CONFIGURATION_NAME/response/
-```
-
-### Canonicalization methods
-
-Some identity providers require the service provider to support canonicalization methods that are not allowed by
-default. You can see the methods that are enabled by default
-[here](https://github.com/IdentityPython/pysaml2/blob/88feeba03c2f891a31a86cbb24b210070aab1fdc/src/saml2/xmldsig/__init__.py#L67-L70).
-
-You can enable additional canonicalization methods by setting the `EXTRA_ALLOWED_CANONICALIZATIONS` environment variable
-to a comma-separated list of canonicalization method URIs. For example:
-
-```sh
-EXTRA_ALLOWED_CANONICALIZATIONS=http://www.w3.org/TR/2001/REC-xml-c14n-20010315#,http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
-```
-
-### Force SSL after authentication
-
-You can configure Flagsmith to ignore the `X-Forwarded-Proto` HTTP header and always use HTTPS for the ACS URL by
-setting the `SAML_FORCE_SSL` environment variable to `True`.
-
-## Attribute mapping
-
-Flagsmith will look for the following SAML attributes, in order, to uniquely identify a SAML user:
-
-- `subject-id`
-- `uid`
-- `NameID`
-
-Flagsmith also maps user attributes from the following claims in the SAML assertion:
-
-| Flagsmith attribute | IdP claims |
-| ------------------- | ---------------------------------------------------- |
-| Email | `mail`, `email` or `emailAddress` |
-| First name | `gn`, `givenName` or the first part of `displayName` |
-| Last name | `sn`, `surname` or the second part of `displayName` |
-
-To add custom attribute mappings, edit your SAML configuration and open the Attribute Mappings tab.
-
-## Permissions for SAML users
-
-By default, users logging in via SAML will have no permissions to view or modify anything in the Flagsmith dashboard.
-You can customise this by creating a [group](/system-administration/rbac) with the "Add new users by default" option
-enabled, and assigning your desired default permissions to that group.
-
-### Using groups from your SAML IdP
-
-Flagsmith can add or remove a user from groups based on your identity provider's SAML response when logging in.
-
-When a user logs in, Flagsmith will assign groups to a user based on the `groups` claim values from your identity
-provider's SAML assertion. Each value of the `groups` claim should correspond to the "External ID" of a Flagsmith group,
-which can be set during group creation:
-
-<div style={{textAlign: 'center'}}><img width="75%" src="/img/saml-group-sync-external-id.png"/></div>
-
-For example, a SAML assertion with the following `groups` claim would assign the user to the Flagsmith groups with
-external IDs of `my_group` and `my_other_group`:
-
-```xml
-<saml2:Attribute Name="groups">
- <saml2:AttributeValue
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">my_group
- </saml2:AttributeValue>
- <saml2:AttributeValue
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">my_other_group
- </saml2:AttributeValue>
-</saml2:Attribute>
-```
-
-Note that the claim must be named exactly `groups`. Some identity providers like Azure Active Directory or Microsoft
-Entra ID add a namespace to their claims such as `http://schemas.microsoft.com/ws/2008/06/identity/claims/groups`, which
-must be mapped to the `groups` claim that Flagsmith expects. If this is the case, please notify Flagsmith support to add
-the correct mapping for you. Or, if you are self-hosting, add a claim mapping like this one to your SAML configuration
-from the Django admin console:
-
-
diff --git a/docs/docs/system-administration/authentication/01-SAML/index.mdx b/docs/docs/system-administration/authentication/01-SAML/index.mdx
new file mode 100644
index 000000000000..e8cc0c5f4bf6
--- /dev/null
+++ b/docs/docs/system-administration/authentication/01-SAML/index.mdx
@@ -0,0 +1,200 @@
+---
+title: SAML single sign-on (SSO)
+---
+
+:::info
+
+SAML single sign-on requires an [Enterprise subscription](https://flagsmith.com/pricing).
+
+:::
+
+SAML (Security Assertion Markup Language) is a standard authentication and authorisation system. You can connect
+your existing identity provider to Flagsmith using SAML 2.0, which lets your users log in to your Flagsmith organisation
+using their existing credentials.
+
+SAML single sign-on also lets Flagsmith use the existing user groups from your identity provider. This lets you assign
+permissions to your Flagsmith users directly from their identity provider groups, and not have to manage group
+membership from Flagsmith.
+
+## Prerequisites and limitations
+
+Make sure your Flagsmith organisation has an active Enterprise licence.
+
+If you have preexisting Flagsmith users that use other authentication methods such as email and password, GitHub or
+Google, and you later set up SSO for these users, Flagsmith will see them as the same user as long as their email is
+the same (case-insensitive). All Flagsmith data including permissions are preserved as long as the email addresses match
+between SSO and non-SSO users.
+
+Users that log in using SSO can only belong to one Flagsmith organisation. If a user tries to log in with SSO, and they
+belong to more than one Flagsmith organisation, they will not be able to log in using SSO until they are removed from
+all other organisations. These users can still log in using a non-SSO method and remove themselves from the other
+organisations if they choose.
+
+If you are self-hosting Flagsmith, TLS is required. Encrypted SAML assertions are not supported.
+
+## Setup
+
+:::tip
+
+If your identity provider is Okta, use the [Flagsmith Okta application](/system-administration/authentication/Okta)
+instead of following these steps.
+
+:::
+
+This is an overview of the steps required to configure SAML SSO:
+
+1. Create a Flagsmith SAML configuration.
+2. Add your identity provider's SAML metadata to this Flagsmith SAML configuration.
+3. Add your Flagsmith SAML configuration's service provider metadata to your identity provider.
+4. Optional: Add external IDs to your Flagsmith groups to map your identity provider groups to Flagsmith groups.
+
+You can manage your Flagsmith SAML configurations from the Flagsmith dashboard. Click on your Flagsmith organisation
+name in the top left, then go to **Organisation Settings** > **SAML**.
+
+You can configure multiple SAML configurations if you have multiple identity providers. In most cases, you will only
+need one.
+
+When creating a SAML configuration, the following options are available:
+
+**Name:** (**Required**) A unique, URL-friendly name for the SAML configuration. This name must be unique across all
+Flagsmith organisations and forms part of the URL that your identity provider will post SAML messages to during
+authentication. Users must type this name when clicking "Single Sign-On" at the login screen. It cannot be changed after
+the SAML configuration is created.
+
+**Frontend URL**: (**Required**) The base URL of the Flagsmith dashboard. Users will be redirected here
+after authenticating successfully.
+
+**Allow IdP-initiated**: If enabled, users will be able to log in directly from your identity provider without needing
+to visit the Flagsmith login page.
+
+**IdP metadata XML**: The SAML metadata from your identity provider. This typically includes information such as your
+identity provider's public key for SAML assertions. If you do not have this metadata yet, you can create the SAML
+configuration without it and come back to this step later.
+
+Once your Flagsmith SAML configuration is created, you can download its SAML metadata by clicking "Download Service
+Provider Metadata". Add this file to your identity provider to establish a trust relationship between it and Flagsmith.
+
+### Assertion consumer service URL
+
+Each Flagsmith SAML configuration has its own Assertion Consumer Service (ACS) URL, also known as single sign-on URL.
+Your identity provider will post SAML messages to this URL when a user logs in using SSO. The ACS URL for any
+SAML configuration is as follows, replacing `flagsmith.example.com` with your Flagsmith API's domain:
+
+```
+https://flagsmith.example.com/api/v1/auth/saml/YOUR_SAML_CONFIGURATION_NAME/response/
+```
+
+## Attribute mapping
+
+Flagsmith will look for the following SAML attributes, in order, to uniquely identify a SAML user:
+
+- `subject-id`
+- `uid`
+- `NameID`
+
+Flagsmith also maps user attributes from the following claims in the SAML assertion:
+
+| Flagsmith attribute | Identity provider claim names |
+|---------------------|------------------------------------------------------|
+| Email | `mail`, `email` or `emailAddress` |
+| First name | `gn`, `givenName` or the first part of `displayName` |
+| Last name | `sn`, `surname` or the second part of `displayName` |
+| Groups | `groups` |
+
+To add custom attribute mappings, edit your SAML configuration and open the **Attribute Mappings** tab. For example,
+this mapping tells Flagsmith to look for user groups in a claim other than the default `groups` claim:
+
+<div style={{textAlign: 'center'}}><img width="75%" src="/img/saml-group-mapping.png"/></div>
+
+## Permissions for SAML users
+
+By default, users logging in via SAML will have no permissions to view or modify anything in the Flagsmith dashboard.
+You can customise this by creating a [group](/system-administration/rbac) with the "Add new users by default" option
+enabled, and assigning your desired default permissions to that group.
+
+### Using groups from your identity provider
+
+Flagsmith can add or remove a user from groups based on your identity provider's SAML response when logging in.
+
+When a user logs in, Flagsmith will make them a member of all the groups listed in the `groups` claim from your identity
+provider's SAML assertion. Each value of the `groups` claim should correspond to the "External ID" of a Flagsmith group:
+
+<div style={{textAlign: 'center'}}><img width="75%" src="/img/saml-group-sync-external-id.png"/></div>
+
+For example, a SAML assertion with the following `groups` claim would assign the user to the Flagsmith groups with
+external IDs of `my_group` and `my_other_group`:
+
+```xml
+<saml2:Attribute Name="groups">
+ <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">
+ my_group
+ </saml2:AttributeValue>
+ <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">
+ my_other_group
+ </saml2:AttributeValue>
+</saml2:Attribute>
+```
+
+By default, this claim must be named exactly `groups`. Some identity providers such as Microsoft Entra ID add a
+namespace to their claims such as `http://schemas.microsoft.com/ws/2008/06/identity/claims/groups`. If this is the case,
+or your groups claim has a different name, you must tell Flagsmith which claim it should look at by [creating an
+attribute mapping](#attribute-mapping).
+
+## Force users to log in with SSO
+
+You can force users with specific email domains to always use certain authentication methods when they log in to any
+Flagsmith organisation.
+
+If you are using Flagsmith SaaS or private cloud, contact Flagsmith support. Make sure to mention which email domain(s)
+and authentication methods you want to allow for your users, and when would be a convenient time to enforce these
+restrictions.
+
+If you are self-hosting Flagsmith, you can restrict authentication methods per email domain from
+[Django Admin](deployment/configuration/django-admin):
+
+1. On the Django Admin sidebar, click on "Domain auth methods".
+2. Click "Add domain auth methods".
+3. Enter the email domain that these restrictions should apply to, such as `example.com`.
+4. Select the authentication methods to allow for this email domain.
+5. Click "Save".
+
+Email and password authentication is enabled by default. You can disable password logins by setting the
+`PREVENT_EMAIL_PASSWORD` environment variable on the Flagsmith API. This will hide the username and password fields
+from the login screen. Note that this not disable password authentication for
+[Django Admin](/deployment/configuration/django-admin#email-and-password).
+
+## Always use a specific SAML configuration
+
+When users click on "Single Sign-On" at the Flagsmith login screen, they will be prompted to enter the name of a
+SAML configuration. If you are self-hosting Flagsmith, you can skip this step and always use a specific SAML
+configuration by setting up the `sso_idp`
+[Flagsmith-on-Flagsmith](https://docs.flagsmith.com/deployment#running-flagsmith-on-flagsmith) flag. The text value of
+this flag should be the name of the SAML configuration to use.
+
+If you are using Flagsmith private cloud, contact Flagsmith support once you have created your SAML configuration and
+validated it works correctly.
+
+## Canonicalization methods
+
+Some identity providers require the service provider to support canonicalization methods that are not allowed by
+default. You can see the methods that are enabled by default
+[here](https://github.com/IdentityPython/pysaml2/blob/88feeba03c2f891a31a86cbb24b210070aab1fdc/src/saml2/xmldsig/__init__.py#L67-L70).
+
+You can enable additional canonicalization methods by setting the `EXTRA_ALLOWED_CANONICALIZATIONS` environment variable
+to a comma-separated list of canonicalization method URIs. For example:
+
+```sh
+EXTRA_ALLOWED_CANONICALIZATIONS=http://www.w3.org/TR/2001/REC-xml-c14n-20010315#,http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
+```
+
+## Force SSL after authentication
+
+You can configure Flagsmith to ignore the `X-Forwarded-Proto` HTTP header and always use HTTPS for the ACS URL by
+setting the `SAML_FORCE_SSL` environment variable to `True`.
+
+## Troubleshooting
+
+If you need to contact Flagsmith support or an administrator for help with SSO logins, the best way is to record and
+share a
+[HAR file](https://support.zendesk.com/hc/en-us/articles/4408828867098-Generating-a-HAR-file-for-troubleshooting)
+from your web browser where you try to log in to Flagsmith using your SAML identity provider.
diff --git a/docs/docs/system-administration/authentication/index.md b/docs/docs/system-administration/authentication/index.md
index a2d08b8242f5..e29376eb1943 100644
--- a/docs/docs/system-administration/authentication/index.md
+++ b/docs/docs/system-administration/authentication/index.md
@@ -5,13 +5,6 @@ sidebar_label: Overview
sidebar_position: 1
---
-:::tip
-
-Flagsmith organisations can force their users to always use a single authentication method. Please get in touch to
-enable this.
-
-:::
-
Flagsmith supports a variety of authentication methods for logging into the dashboard:
## Supported in all versions
diff --git a/docs/static/img/saml-group-mapping.png b/docs/static/img/saml-group-mapping.png
index 61d9938a68b78056ec472a16aafb2f29e020d694..e5ab2a8a3507ea083f797746a1bcf0c0a3ec04b1 100644
GIT binary patch
literal 40548
zcmeFZcQl;s+BPnt*U^Fyy+zazg3*a?^j@L|LG;n16NwT;qKp!vx9E)C>xkZs-Wk2~
zn>_E@&)(m=zwGb--`Z>4%Nnz0uKT{u>#WCloD-?0Du<8r7zYIf1z$m4Mgs)}9f*9r
zi-m#wtDk5~i-JOjq97xw1vc4DLx+-TQ+1ivH;^SfLL-$`2V^%SJhFXAMD$=Qc0b{j
zqMAekajY5uO(u>2J14uLq3JmFI?c-CV0WRess=JiE55Wp5PAQt(RKZspt-0H3jtpE
ze4`I&KTn)+Up!VWhPL;+TukTE7J)aMo=F1rPZw{RM3G)OlgHarR-LzzRNN&@$^cX1
zJn@S<k|?qS_~qs=#ybC%FLO<P;mbcrvVdV|^6&p}(J5m~>?$X)1u`im%S2|D`&I90
zBA}TeLsWuJbs?&3`Pj?d@!-Sd!mx)k?(4LVe;iv_{OPff@Bd18@4Twz|JCLG&X3I5
zUw41Lq0|O<iBI9PjKRf;b#)LcRG8biso=411}xY+8K|$p>C5mj?bRQ*id^%K?mfbT
z*}bo7M{sp0t)adj?Qlh@K&#iGeeNMPgpdZPWxhe?b%BWMh$J!8U;_OB3a@MjjQ(-U
zNKw!+U`Z50bE)}DO&Uv5pVKPL)jBh|Zzm9UGj`0YAVTuI4v9O4!i6c{^d<CG4fnRm
z5S54Q#{WTv$OT&zTS)oqUDoR78a+WmZ@c2$Y&Gk=yz9|ma_mO8pNU0?x*$A~sC&eA
zQZtc>e_rQ38Ut=%t@BEsRpMuoEE`{KS2p(oQm$X4%-}Y%lP?7w1e3#+wi@=_pvTy;
zD1W?UUZD>2!c1$6+Go`}*lb5SyuTVCLTbJCZ<ud`D{WDYBq+ORD3jtW7#<MQ{oxvJ
z`!T|kX`gi=d<PLTwu>x2^0I3^{&2JpEryDaFe~PbtL0_!|MBa{Wg`aA=-wr7?<ss{
z`m);lS)M~XVe@d>mHecZFB{Zuw;Sh$E+p_D77#@3tJ4gxmc9vTqTHD%o}FnY=@r%d
zA^!s^LQ6vV$IT<<B7=<z_^oFQNbN}Ax7AQA>enq1Yx27;@i_lTEAF506%AA2Kj~ap
z%btkm+WMg3XC?)PNcX$8obK}j@mS=k=1a+j$o!|Tsz;&Vl$k=^WQkdn>B@&7jfjg(
zc8vr92fNH=%Bn}7zcc?q;7EyK(Y;$*wu&U@F6j{VTL<D)JtKsTDIR1;v2p|cEU3Ud
zS-LL;M%fJ0+Dln_#5-eKt_Ew$DJ<G!$>?%Q|LIxpSy2c<6zCum;{RaN>JSuk7+Z5l
z>Yw#3_C38sYy2eYpU*_168Q<f84hMvssHdm$Tj}MP5!&a|0&=9Kgz>uEUjm6*3)va
zRr=`dms}>5Z7oL<{VMC=-TCvFJN?d|PKpZ~E;93xF022evb-N!I`S*l&e9sZhiIGc
zOPJ&V;;#n9nc^GWE<aEUd1x#ikgzIl+AUw5raZS=2i_i#_Qoq5zp9cR0mA72#S|mx
z(HI)xmy40{Kdr85>fSB=G-`5DLE1mlQ%$C%+~-!YLFh;F+geY9jSA|Hllsy`&QF}{
zT*RI^L3MgIgpi&lR<_^YS!DfG7gupT_c_M&WMq8qS`4Sid~~6DT~S9A`Q#~|{dKuT
z=jY_{XK2%oZep)DH%nJH16Y|=Q(r#Mo80*P(wSk>t@+Zi{Ot_X_`X3QxF+XaCi!<h
zoS{#D1r55-fT=2*W@@0DRt$?N#E9N|X(F@xb)EZ8wWGzG<{?Mag)P1f%a!z5)IkCD
zHnh*rty~n+p66Klt=lSC65TRjC%>b@FnRB>|3Zrf2xfy>`YQ@o-42gW=Jf04$Ti1Z
zE!vJ|e_k-24Vis8#q%%vCNaheutkUYobUG!2;o{?mo)onaA{mH+v=5uO<EApigLAg
zE4%wakRg3*u_CP_`pN8$kmtcdyoWJnt>0bO4!2UU@OZG1bD@L{0nJ2n6#PNg*DAk{
z76Zc&$?Bb$heN5N+~o-<DfE5@>GMmOD?{@QpT!&=M^Xu@=7pVI99nFRxkk+0+&?r+
z^5A4T9{pzI@aj?Pao3=s%ia~fLOxWnDClh-3oKsYuUv<LGZ0-#r*FF|<>aD3hl4Y*
zuaR=M{E8Upc_2zhk~?@f&2mP-9M#NXrP#Do9fNfy5#$v#>a%crO}Ki~sr31!nH1+p
z*o11D*t6SkmEpmb23Pq-Rc}+&DCMBs(OZo-UI^cRamj(PBoUQC8y}s>drW6N>a4@?
zox1S05^_5@>%8~Eb~fA>OE{Q6kew;MK7%s%1)CSnZg4L8=pKou_wNXK1hL9+foa=t
zf2EkM5W+%4?g>r#x@FN@Nm9<6q`MS;S}KeIMZjr{Xnl@;VLLB2f0ZYi#1GG`7mHZU
zhYfyayynxWNN%XHw<H4Q4&6vr@69ou+G{5+%bH^EC3uPbb&L{BtZ=7RzM*^54l&;o
zHUMRaXU$bcrqT_rlbh;+*G|A9LqwL>W#`S2$x0bEuW7AY;*HPd*QUv)yKSYCe59;L
zxBQ<%CnNUa|HVgNumGN-!{T#cJ@3s(j2XjwPFz}jKd;_r4gpBd_eJuc;^#`i_2Y9=
z9Yv#|DATgou|4Ub;h_OqZyvX0n|RZwLl?878CywE>5g8tirL*ollGjaP99h9Pdyv8
z_A3<!CG(dflQX4zQFbgyzs?=Ic(DO_Hrxxb`2D$e8=h!s88Oh$I4e#P0rfe6xa|vR
z?aw!ZTH~A5f2#pq7yywA|HkU+VLP8y&JvYWf=He#vyGBa<JZ|JR-BpTgL1w+hpMmS
z7B-HT^N;}>2f2S@K~&F`mKs&xrvFQx)*=`v{}k*v1666d+?NwQ+SRX+zn(Y<ee<No
zaglSh>02qxL9eu4B6iLb9!t<pa}nxOB5#kWLkL>Eo;#WJ@X7{qnRw;D=eO7E-_c{q
zAFecJm%$J99LZ5(z9yuZ=)N*Ugn0HOKGW5{n0z6syDFqo5@Ja5XkF+*M9af4P;A8p
zm;BFcg=|m_3__j7(7W6nwQ+S`R2Q`x)9kSs;Hk5;K{+Cd9UuqM7{%<6^x`0vJ4Je?
zcLZ&#su1Bq>BZ;SO5bOByO$3p1Q1Sz@M)uR?(7MaFaUT}T$+Y^)$P=pkX9@qobVyk
zYPloQVJ8!}R6Am22DlzYYu5Btu&CM_?z>WzWIXRR1QRA0*g4s9Eg01Mtl-tw6>}f*
zee%JqFZ|Qmxc%gKvT=e|&*>N894Z^9J&Tgbg!cjZWTCaCF5^E`6Qzn}aY{Fq>$^`M
zR7BGfcCe~K)OX|2+4-%mx*pR5iENq5RGXmRi&tdRzfP*G4dN3nXDbk6Vv@)F&YJ>x
z=mFHNBz1MpPEq9IC0Bmw3+~*zH=SyA{*3UPd>aCgy?lc<qLSdQ;j(|VX7PSRyf2A0
z*S81?47RTgm*9YUpVoUjr>f0!Yk2voQ>XgS2*fsG_&=>Jg`Tt>k6fhH7)wjn)5ITj
z&HABj+<Goo)^`JAIoK2N_j#N4yLDPg@;$vhu4K-`T~*UXbN5#W*K89P=XDF7WGg*i
z--CSgq3OaqhIV7xG_TgFQiy-eQHj@>uh9(YF`T4Q+I5F>yf@1QrOY^Qr@>9A7S0$q
zhE^bchQ~E41(Wi7)B9|^;*B%c=o?LrXFdwVtY1#HMqkeCpq-1ft^AK)LzXpJtiN^f
z?q=tee&vac3REvn>PU6Zjy_A=<A{UvT^j~lpzHa<?emTBoU6qqsrcd`n=L`pNh$ck
z?ftgO9DL!4gP<$msQ&CR3xFzaW2Z%24((Ff><$3@b+9jr>Gt^jd;qN$gXw#DD?F+J
zb}~h~UlVo#j??u0Iwgrn8=879K)?UBzm2)j$n~el)b`<J=lfsY7N$RBh>R1qhL`Rw
z506Y&5pgRI2<5oNxDNzN3R8Y7o?k=FI72FLA^g&;;%b|oGtQu$*<0mfrh)xl4Ldtw
zyl-F_dZ{+pqNR+hr+wWvDe>i8qmu+Z8ZhK!=a<g?lSK0*j(css&aZm|`@&b}2;NJ_
zR*<)=lPIC~=3>6F_Rl;iyjI@!T)jBmlgpl`HP*K*%yy=(FM|7;6Z?}AG`78~a0b><
ziWbugzD`u9`52?~57@9psQ-{rPh>2KNU8k<i*tnUOyizrKGaqWH!R3NbJ@A`yh*Tk
z1i$mzOC(?0vs*iTICqv7&_6<EzxvVY6J4^d&LnLKrqiYCAx}hAC^;|9`%jY8rTSH=
zO1lIEA~b)c-}KCI8AL~8z{FhWPp5l&zx#0J2wKzmm81N{No~vFp57}H6sm$Fbpuxk
z5h5Vbx94^@cz$9g`}CM~B<%;=oZC4E)~7!AJ>?{Us=aA^DPwsWI^?p?*H0k27m4Jn
z<W->dMl9~;-GRr;j*T&|#X}m$+GusRlZJaf;qNRgS@b6GHo|~uNadAf5~;kD2p#1f
z-Lfuo3SR0oxP#VZo88vDm7Ukw^QjAqy4mtLXN11%j`E~1`9l7b8u1zF_IvvtqSBwK
z8dmR3oP#WCZ7c%x%il)6UXwb9vaXm!lK-sjPDzU2WYmqe$#EQHKT0s)wxzEVP^N-h
z6V2^RJ_A{j{0b38kpYo@lW|s;u?*a33cjz;@d@I4c(iQOw<*d=3{BB3F)79QV&bmy
zVCPz@325h-c+#)+FJ<lp!|za&R`7g#b<6d%mfqT3D`f`G(%$THn*6Ao?xkp<z{#73
zCXbAL2q&HP%X_=6r-zDySY71JEUaZ{3zITWjli#4NFGi|dp#Mr@Mxmeh2ZiuV?h+*
zyVC)cuNRsI47RA>id{l$U@M>CLN0S|fw3F?yJ#SAwpOXpt5*e>0``uh8tfc|3!iy%
zgIFg}$!3dFym!EMT2EQml$w_WI)<?zEN=%VQ$^8XiG_k}ac)(*fuw}G2NT65N1w^u
zZc=&?fi)JYi5qV1Ea$0}6JhKLoLuA260yh5#=b4umyae*lc7|I83pbg1UOEb)O&=f
zDS>}3KNw4qxcNfN)t~5M%2;_?<DJQKn?gHBgC%;+Rsghbjs6QixuXLlz$5X;l1Q4*
zuG#=TnBdCR(I=0HTaTMbSgjB}r6-pFFk-nkGEIZQ{yuZXkLE+f2d+Ia7czD?Z&-f@
zboUkLV#a260S!iw-c$<Isd;laY}a)?t~*tK$`@e^p7ua2GFGp&C@lzZrl5U5!On+M
zrrv(01eC-?YHqwa&~!R;`|<JUGWS3z8pXMpm3)+l?G^vo?n7?A=FK?+xqUrOrpYj&
z#d_M_D`o5Pdym=tOxXG3$+%0!DFGid*h6RKgAxa{<<jx8?sosz-TQtfb@ZLuDKRN*
z&M&^lmp+X7J715;L}SQ-M<SL@f}7mD%5v0~>H*y*h&b_4*IS+9X}YMS+pK_(QZErE
z!TOD2^vc$i`SOlrKze0*CmmL@FJXdP6w<hf{iCC5*fdU4>FNtUX*2$8w`0L!hues7
zc;sOV-y^DytO6HNnFTlYB5W!Zpb;IEc3uDUB=6`(qIUS==^}=2i9lTOLI5&chXl4W
z5>c)CY_~cj&xAa78eacor}UVN%W2nk%{dU0?dvqDh2~?!sz6{KqDR7v;f7<ULf;Jx
zIn}$FPYP!h3&*q`|G=EMA>m!;vG?Weg+<iSoM^_ZBn6cKYyxnOR4W9#1Qr}-Pc~`%
zfXXSt9UXVoeUNesmky`Bi0}s(P-s~3GueWR^KNhIw#K*lUFcbu<oG;fo4zC8Ge{fo
zN*o~eEaB;oyL26|0mv`|lhibnw*?k+>#6Z$=t|P70Llbg>-$l9ZNH7)GO_1lc?sJw
zLS-HyrK=qNdb)%o9_%Tb<HGDlwZUyP*7+m)sS~Ks%&+k2uhVY>-zsf>d7nOS0sAap
zwLkQkt9>wuji>BgSSC-}7UU_Ph?BGWY0`9Ja+`jQ2(J`&OwP4sp<cOid2cG{n07?_
zyNUyJp#>2G4;e_C8O;C=h@Ve=st2wXD&4zjCT*<s=!t*<vw0>zxUj(AJ{Ya0`%d*7
za<Jx;cb8jqkHkFzU}>_olB#nz=lRU2yMx~ApYtQrS?6)TyCQbCT2RhjU^p!v{pC0Z
z5$TkYgj<OI0b^}I<|ZK&c)T%Kd|*+F`86n16&>{Ofo(W|7g_H~3AvnPbKGr_C)Kdx
z7-W^@j7zbDv+#4TnMW6864!fnL4ZJwVhvk`?;{O#QdWV)s48e0mm{5(HN_;yNPh^y
z2K|D<*2Zjo?&f|fRp;A-!XeKpEZ(PMp3m@D9M8o_jByt;2*OiQV$8A1x@IR*gQ1sG
zO04n#(19*uo=08YgIjV*=;HwmUXZol+S5;sr=L;;*CrS5)FuxOuJ}&o_v6>;74hLA
zFaE_Ku6`Q?c9GBdEn~cm@5ZB<4^X`vB`8-YZX<;y7Jxn4Li5w$YjH9b2cXQMfcL~)
zr}rA&W9?FEaJ(%U5SMI#8*ui+R}@61aAk-qmN(&uuM|uX4AkMlsz8|R^1b<(sx9>C
z^&K&gzG!-FE5ybsmpiN$$mrvKsTGykMfWPJ9>|f$z8Cf^`c%8J$5j*Wpx-6u!%Q?R
zKRh=rBT`7ZL*P=Q{IFE}dzQUpCJ|7DF;BuCNA5x~^nICh2yNRgj#05X)#+uF?k0@B
z#YZRm{A{PA4|6#{knAcvR>1=6d&uiIA)7G^_H^hF*poaVr^#@l9p|7IzJ&K@zO{B&
zjw)WKYve`_?S}P}ExZK>{Uzz{*U%jQT7fV`-M*h(Elm*6l%FoA4OBScz2<V$@$|_f
zoc=7Cu^|UTuykko@2W=PD-nVjyxg>CIKS~p@Y;q}aMY|rCs+-;bwuwSIw<0EZS(wH
z02{vvhBlXJ+u;rLb|`!}%)@MgpX-NN?l~~z^Y>(t0o_Co*frLf3#~xm2C+;r2~ITJ
zmUW%pZz#ff)GZ!dK2dXR<H$`e%?Qp?L28vfJ8E`?q)eQ9z#~MK(?{=Lp2i2y4jG0?
z*H5ZiARIgSWv7CR;PJhLPXUgJ)5l*n)4wGlAP!+CGiCd7Wzk>-yTNaEgRL=Q#amGW
z6m*}t?=J;!K^5Hs>GK-g@L!l`_}Jt9X1jc%$Cc7W^EnKyuO-Py+;6Ow0{;g6etnk6
zCId=R(Zu(tgjjCsw5P1H_w|?N^%YvOB3e@%dN$t!c!2NWk{uK@)bQfSntp&JeVBK(
z85z*DCtc1UZ!WG!=_L|fna5*qZ!c{5N;D2A0cP0va6Xnod0}FUR2x6zObeDlx5yxf
ziHoWr;*B^{&_>h;`XeWAzTBYP8q5OGfO|%g9~j^~u|(crVl+bx1F9RkS|OyOsM6fQ
z)26D<dHirn3hzWwH}s|J10DTdZCb>N<1cxr4)ks86|ChH5l4#-Cc73@6Z^*XkLDL&
zSTz!~hkJP^>(Q0~{KIaXA)Vnxp+)e^%PqOU4J)!>(b8tI;O=^tpWYu1tqA~+5I!h=
zF^|Uv?P=6<UDuue@=T-;OoLe2^HNgb3m=}D2Zt^$cKKpM*mlE`>SAa_wHT&Uo?zg|
zNLe7<c81sebV+5^EY44b&cxF_X_<b!hviAm&(FBKz@)E{UaWj^`(zr^#8n?t4smie
z;@*?jThbGJo-#I$p7`-n2_a({q#z!w#UbCjYzttfS8bcAw)>$mQH#6oVgII)Rhn+E
z^emO-XBV~8pi*?%nc1zdNRv@ey+F}5(Q(k?%u5sK*{*os>35If<eeUxLj6v75zP8g
zwh)gsr@)7#LU8Z4ZBL=t$}IX-cdH*ZoC1xI=^yx4#3M9@DmZo<g03Bdu#QMH6a=KE
zW6jCcFHD~CTGd}9U<Bfsnd?;GKrYi^%)gNf-NP_)CMdILC;Q5vZE?n9^&nP(!aRtd
zq=PVbAp;MxDju;|{0_9n7l#QhFL8pUc*5T84yNKj76ht$20tj)@_^CsbY+P?UiP<-
zZfm0+OzWC@a1(?cwtQ~`zd*~q2uTF(Jo@CmnUO157V-{T+KeTl!6R%8?P6qQrq+KY
zjKJsm;KDY^rXY7C|8%MEcrDPD7QHK0^}#x)?@+QdX=efa)a+~J))=VyeM|5=*~H+n
zeP#?CE=oe3RVKd7&%c&ycvvNo!RIOV1u-x{tJzie?%uPc<_(cDPFvRD@Ch^c3Ka!*
zwvKNfzIjdqT#J<^MUUh%Zu$Y-JJ=L$?Gmr9YlFz)ZEk;&;{~F_2H33>$=Ap>fA108
zdb1WwQ+<xRLj#Z{QRjetZAJsFddMCsQfTyMYj8`6;<qh|hoicD_i2(p@9Opj4aMzI
zJ{j4wjkvm~l%~D4m;-eaT(?!%#Trpf+{&kXQ5pAtS!g&rrCGT*w|H7XU!azhyRnVL
z`m|?qov$cJ3#3}vEv6X1@ncWfGdk7f8bjU26CX~bux;;LcfkJcg_#os%5#I0bKdKP
zn7_gbc!7?B_-1oQ%OrA;1>6HXdKj#Wc7&mi5Am4NYLA^Q&~G<zOrOPuylh$BX~Q6f
zI3oC~yyFep{cbtI=JA&meTFzOs7~0sgG_P3W66Xspy)6NyRIEZic!8bP!%19;htc#
zw*vy&7f-%QiS{!lb6FZhDaH6p8pT1m-!+4C8E7U_za|p4P45+y7)W;@(``~8gNl8^
z#Hbe;;4s1VV0s$BCw<zI*kC+aEFgZJOB^40*jyTbQxxAU27wWzj}8Jk0a$@EHU6ND
z{j9j(UK~t}^x|#pco1uz)yR&18j+ns;FJo11u|*Z_>!%&r8M%i6voiU$Mf>Ce~=>9
z`ggjcZPICM06(z;D?}uPcC~3DII_=-*zW#1&Zz+Wi>yWmKAm59zX&3{dDgjGNlc>G
znbYF!NiR*+-FVn47UJWmj&E544|*q1l{|uM-jv|)_-Ffs>jV}QF;0q_n71uUB+$(8
z4JX7p;{1~00kw`k<|QV@^`)7ER;$je^8V8ohf5?70r6eHK}(YDTB%{V<iMtn`qHp8
z4ic$AjI-?w++K=f7Vy4yVs>}H=_fHfFNQeoqiflItGz36chyeGMv+=}hbv7)$NHm7
zRTWjn2wU`{wFz^lf`r}#c#4Eh>Fg>_%yA8TOFyE=)flO*9(4u7kJc9ry!gHv+37fu
zu?FQ<ncK=Af4jZg5V-VMi1D_|*QU>X%dXs?WcFzn8oxJm*x5~efb>{F_n}HUb;)76
z@~Vm3^x7Xt*~uNG(za1n!Y_$|dj+*C)P?X!qvE{vecJ^zko}#ZFS%*Y#yrVXrGAe2
z(_X~AIfZJ|%KtQ|rKDPt;6k@4m-X_vMJAkya^-nGG_s?MEkyBJW1Y6QAk!e55^8;S
z$&RV*&;pzBZFuw(Zr<=u-?ADn&3c5Q&3(2;eyCpp;tK$q;OF*348|N->qt4z`gIKa
z%7=gBw>77nYxvIj*wiaC4GW^#bZ4^mcCm2wY`}i+1l?IMvF55T(Y_vE28TJ~-ZI8k
za8rtVjXe7vyRRrHSMZDZ*VpI&-~u$E!G=w!B=_Wy_2vGSd=lKY2@SLpg|;fDlCrMQ
z<Rv1&_63{J{$GmMDWV9MAXXN$d5)z;=|nkNcHwpw)ilnAd$GKGh_E(JV|h)5J-hmi
z0~v(ic%XDu1tIfQZPKJ&E2qb>9!D5BSbs`WA{FekJ!h!%pg%o`bv??f9UwfW`l-L-
z3Yr+zEIre%h&cHYJen*{Lg)d`<F_UQE{Q(i#sLMx!>M!2VsRi7u^y|1QVRuTKQm}}
zhGPU<NuE*wG;BLwgWt4ij@s!+j_Jz#fUzL*`iI|e0@|bSLfE3Ir^bteeDruNMg9th
zMyO)aGukiSWzPh9H3%;8WgE8AJa{yhCENO>REUPVR+)LH$gcD#zmMF3(=B{u#+?#Q
z47{Zrq0tFq1(M4ZvSEXXypvx9SU=H5qM7VWwgc>7hQ2mF))&!KydKHa!bj<1%-KP?
zFS4I_6~`?Kb8u85ZK?EA#u;NK8L)VvuBl1ato5_Q-@R{{0917iM8{7zH3otsLbK5*
zfOUukeFBxN8C_O}9TQOS6JWb8VIt@u#48qx4SCc4csrD*+6y;eM8#(v^)we=_javR
z*o{i3NS@v+*P}{8x1`F>myQsmL@<!8kT5Aj>r;x&Z^vm60#(A2`&p48&^h6n>J47+
zPf-%{zn_<w*T-cAuVV(=>;xep7gv*jQ)XMO=2scVMA7)%vR~8Swu6}KoNk9*p9~8q
zCIIsoC9<TPKf|!X)^#IEz94Ju;Cq_5UnETv^NhtPBe>w1-GhL!%emKgX9$_}+pv$5
z=)$i(5~HQtqc=YP_HFXmFF6fXi}g}oH1l`Cxm#UVYqyRLmfp|BV$sS`)QziALJPh1
z?FUBNM|(vHHyr27b$<+AnFw0wewwX3kjduj7CuFE96r%rbA|ez@$ZOr@`Z!19Ur=L
zc~G#|GBUK=$rFZ<PfwY)p<+V_&XpE9^;nu6Zj@?>zJ$7`mYu9EQO?*i=H1G_K?lh=
z(QgRiT}sBWCj1M7gP!>}PE#y$_J)3tOP8Ld-Y==(>z%tqryKbB*+p|ig?BM=%@?!?
zL#)NC3|rAsqu7;-ild1T8_EHLCo@U#NVMbcU7*Pg2`$;7VPvyTQJnc*tMuSkadeRV
zAzFjifi`+n7YIAgoZy%gSe5hyr#tVy9l93TVFQ5CWwk;>zpngsOrg%~V5zzND=(#*
z9n>4Sf>WOHx1yq`9($s6@jnKC%}Wk+2wTj5Tx!j|FFPzrE%6A-9akDN9O9_N<W>hq
zwJAQ0A=ctKwXWUY1uE@Ed$x_F!0QfL=qW|KzBo>l^a&qLpV100oW3I`LVol6L&8!-
zbX7@QqQbjcuTU7_@0i>2;CK2s;(S8G-?b*Xn7@a4q-^bZxF;7y&Q^bn^me`jT0*`j
zwUA6>W(WIBA?lT<VBy9MNv+WLKMuHiKlik7i`8&4tRj!CpNP7(Lap^?1gh>(lUTWM
z9QQcG^t@U)dvS^`(HwqpuZcI6!*Fq0Bfc8m`OK)>2j_PiV<M06<3sKU(N67Ag?Ib*
zs(Q!<n6!@rS`{sJF&sOy?mUAVojcBKs@uZU-e#&|#_K}(!tVHQu0bG$6rBbR<kd?l
zf<Ef$pYq9L`ApgctMwyWnT*|5g?%Yj9YQ<SP4{KkB|)z|G8-WF!d_QK##q=ob-viQ
zk7(AF5FM|6`ZULt%qhQI&}3?ZA;Znfvrm(#<jcGkDw#(P-<-V~SkzxW@QQgobu+FG
z$-O*U9}C3+?B9(RRC%j*0ntG>a|U`3oW_-s*w_!Xh2J9^A$d}g+zlOdLgF0Sp>frl
zKSm0IaLD?bo>KB<Yj&sUhFU_Lwd3&ZG~cF0X||GVv{=-b*AZ{GK94`zY|QUEN+Nz8
zv%S9D9g_<bn8AT+eWDMaAb%)lZ}vD0XTxf24uRrkpv@8PnVWAC1KUFbVIfAXZ!=(W
zss)N`ira`vr6lgcrqA^S2|;8fl8jm3hh@~YEuS_P%n+2uJ<~1ikF)5uN;&!vsQ1zG
zT6F+h$qDJLV~otZ=sF&0%krp=VOv}t=DrBR^t2$N2b()!;H77jzR>%Dw>AEl9NB1Y
z^?CWlsKG;8wSc{SHgQAFv2&h_Gms?uf1+fNG%`v?dK6t^9EwyKbdJod03c~S`3^3O
zDPp(G;2}tjjKE!;wr7g!d_aLN7h~N|o5aG&l3s7^sdp>1hQ?By(TAkKw1wlMEz4no
zv*)FaM_Jy19){ul-`SW3BIRu;(B%*vLOnj%gcC^8PM;ZB*xe{>XY5uiL!RVFfw8o5
zya<wnbzEwYU%9F#i-;|Fb8r`6iEKkU{?@sRVI*2?@E+4Ay3g+5v&w0xJ^Fc7R1#Od
z=;njQn%mu#AJJSYtQ>yWkjzGbpqZEu9RwPhJ&`<glgoJ7y*FL3W+8oEYsYP?PrJ2$
zF0J7_zfC*c$4_z_i;eJavQosv?`nmT^m5XaGfygEaU?vG4duhb7Jwp9KD0tQ^~h=h
zRnAsRb`06aesh3^G{Kn)F|?({wArdy4v>w@4*ScX+)`cxQN6||n5}Q%5s|_*`Dv{W
ztBkgmkAm6D&?-oP#j>8j*|PO>DO$iOd<||pF_$6f@S%7^m<-teg`FL-{Nj?W*x~j3
zLcZ~M^@oP>hZE6+1+_FU!7{o$H6*~+nuFN#5>&v1z^;qQP+IeV%IoT#Q9ksbQu`Kc
zB~#fbHRayp*4Y!xQp?q{wBqPirH}{!koU{IYN}S&k+0z4cr^A05+v?Cv2mVE`<Lg}
z17Im4Ixx2TBl!~Fk*QJljGFlKHusVF8%FW*1YkqJk>N@53k4M$8nQb8SqrHWBnl0m
zJ1)v9b-&XeQ|d+H9GkR4L|X%O$jsc=%Z2^Hd06U8_pUFZBeRu`zk2r2*$8BQK^B6$
z-^BeI()giV5^9)@6Euze+mQg&iH-u`>F@I>oWdBw(*v%WzAH^2H}a3@Y(@`8MLR2O
zE(pqyoZf5|WdmcNNB)JW{0>@pzq`bskk?LE_6_j+^Zj{GLmDjp>7UkL6s?qMy?XQo
z<w_eh)E+mJ(1lz*e>(t}a1?0jAwxUp%0L4}@CD2H=cI&rTEs*bqq?tvT1nDY0&y>8
z&TnpG>^ZQ$_x)~(cok;hG=Ny1c;ig~kv97_R=0SXtv|qI=PWkl*xUV9%g5)jbPolT
zNf}+^hT5+R+4?@}@q0!4Xza%n&Ojvmo3<#xO^px@{I0_w{jymwL;oQu%lq>mX_Bd(
z!Sm18wmxWKbkVUSv7IGDFS`o8#a?!)BI9V@DuFrz*_bIgcIKQwwq^RhaBNR-(oDq)
zl4jlua^5b{0hJq(okfijE#5So)<_|<EhR)q?%>Fpy=C!{5wFyXwypG`1j&UG9TU^z
zA1zWc*bw-8dlJHLJ-D9wUhnkqC&}4srBh$6>HL*Vh6n~CMRG!@j(Z-~On9?X@7Xq6
zCchM<p+eScSjxZ<OG5IyI`O-8-OTF~Y8u#+WosK!uOv7xCSe`wK>|=Gwa8i(sTS`*
zw`PZmm#+N;HEZuT*1`w3chY|=M=ufz-4%4P4$xU_@MHst$0w0+LvbI0O}57icB`Gr
z2?(w+cNsqdKEd9ZsA|7Mq#2C6Edk@>XH^k+L;lzf(sZ(7&Jmv`k~*iP;dh2w*hQf@
z_2eWc9u6YEw~n`0MKtEmRD=flND}%z)_<v^mrq!+%kG=D`&rUh)yJd^@RADSKVS*E
z2O_9(8VLS}on46a!C9Bvb^NMtjjTvQj%L8;hPA%cpY<f~!9I7(vf9O><wN9TbD!wi
z%3;q+$tvTGM5*c1-lv&K<E!JC&0viy=C;kIt!Lv!y=W+Qae_3zlMLO-NtD@^?99*9
zdl)ivvNf_<_7nd2NYS_!tPl<hc2WzCgsZqnM*hN1e4WIvK&+6=?_4&?RBLhK0i=-`
zGOo=F>af_lymoC262XMJwMg6UPL(r#TmGUP**-8%X7m9FL8btvXl15C-!&STlw(`$
zOI`(h>YO2j(m9vDBE>y=i8-0NaEvg=4_a91j$zWq8BdxKzvwTc{pD9kz?bKfGU`Vt
z!#@YJP<VTKBwW05JOEAIPb%uRNc9}=Z?v@Ij#b89nMmrrTeiBw-m6+FJv8@2(jK!!
zz2oz4SxneMEbrG#4}a4BgQybNBTc7)3yH%dk^2ucJOCM%8sZ~PVF&MTzw?LdC4)rk
zC=m<If8av?cb)&r=fC>%?==4Z+Qt9VF3^a9-`g^TUj4&y{WBo^^BsgN-9-NA1`P?(
zAC>Gk6&w?ltCdf)%k7t$Sn9(+e^LUE>D|?Um#94sg!kQ{kkvo$^S=o45sqkV;8!(d
zYrcP@s{i{19R^7ToHCd^U6b|y_Tax44BUM6KFG$+P<<%;Usz^;F&F<{&79`}@?pS-
zLhk>4nEy)VzdG|rYkJ3uK=OmV5b(^q;N}$Z)z!b|qdIPogA~!op&+??k*tqFHZpNG
z&3~ip|La9uSPOFUYHgwMT5;1CVB1BSh)FEyXcS2+4(W*A3s{N|ve9aCdFk;7Lkv_S
zc`vw;CgLeQPe6sGOlQ`HhWt8pb5<sNOLuPf;~z|%?m5wWUDmtdwipzk=wY|%tJYD|
z>}kS3I4Oy21__wzJ!iPMsOVGhm6P!_$)7&SM34AA1LnS?%0#I$K=Eq116x}aHnk+C
zj{{kX{`%xkNu7)UYR@z_At?DC3rSbkC1#4C-G8Ei!1L_b{XY%xZyzO(+ynULqI?eO
zCGs5qY1c<)<fs?%Go1?^$6Pq21sAJo!XGw|f~J?pwp{WM3~n3c1AYp!0gqVC{;y;C
z``@_e7UWdG+LClwg<MD5?=vN4Rs@t7Ya;M;p>I?Fa0|MhL=xo;q?}oo=_nr_WrEeg
zkI`X>?EdP%sg(cR$6xznc=BNNK!ygne{8w{)+2COt~vq_RR1>RPd6ALLJn)`WK(G>
zKUN#bj%;_YCk3{XaZ~;6_aku7?u6WAe$&WpM}K@lmfdop^xYS{cUA7WbM=0PE^9q3
zAgeyWiWdL{`-0)!CW2Q8yjeC^?`{a`Pn339?_tL#331xzFTwhK*fJidq(DZGP-Fz+
z2sl&y$0!ZpA(q>ndB#9;g9LjLH>c?*O6rH!)Tg-@);Tk%M7gFh1S3Ue^LgU*Lv(;Z
z5zqa;)XOMlP)VvrHlm-26cu%2$TR`gaGE&2BT%1aTqYr=f7bpHP}!sTTRwDG0Aw^P
zw^wN8Grz3x{D%nyQb@cH+K88RyjimOxn8rl7X0I&hdgc8+xQk+(?;Pw(}L;#7}om%
zz2e3{Q4Mh-;?nH-((^86q{-eiaphV0?v-C6ld^nF2b@c)IE)iXW3E={Bkj%6`P5gy
z;3zfSaFCJk^fHX!Cy5&;sDG5Y+2Y(J-yru}M+`Zr`lec0BUh1f<Oi4r2```#BOfpj
zp*@L|%@=W>e+vHrTALyQ=y8+HVOVE?iw$@Lo&GU6yE+xXn(e>09rs}$IgPfONUZJF
zIg%LF6nEp5ek|Oip}pPP8bGLYP_nmr%W`nxM?(s{jh;Jr!e#VR3P}$P&z6TMd)zc>
zL@Duapb6ZS%WezU=7aPaElXB=)7sBgFQWoJyV;KRq&Pv>p@$UymXiy?Ydh28@}WPO
zEoW-YcvCTQL8$6U$g!#jV-Xw(QGa^l-<<jm6jU>2Fu@a1^;e(L*+m3OhEanAeHvOZ
zT@H_|E*&lj<34af1+MWgH6XBfC4Up(?9P<O{+%KFq$7j#N>`l2PLdK5ro9m(#DVzB
z?Vl4IEC$f^2i$49SO$ElbC;F~7|7mw{-y)`n=NDYEA?qLCvr|y?ud+w(cNArQL?ci
zBqQmoXWzWf`RbZ^;%eWx{d4y@wS2v5%Yon)%6JL>--BG{<e!6VI*x1({<cuw_Y!*8
z5V8e3HlMR6h^JtaCKqiJHVu=XR)fS_Xs{9Oo&LZ8f-SW(!ju<?`lI=4yu_`=q4=Ym
z#e^-AFu5Kwsa8IzvWihQnGB1V2S<C*&?B93oac^U@!7aigWDAT>)J;C0@L`Q-1aKt
zYL`#G7q+YliR__oO`D~bJEL|G$~4Fx1Yr7i={iN0iB#B|X_0^UM+rPSIC8A>d^GcW
zH<M=AiKI90z6hc;p_m3Rv)AA5dL?+A?X#FUW6#M%14-gCjay+=RT$dUcXw>hc#EV`
z3!l>$e7pW>>~p4&WAKStl^X1D$Alb|sTRFK4vfq+V7KihluKu8)M-?A8#g;^YBz~9
zUIbjZ*)mCAxqYVdzsU$I6c0egCu*Uy^f{=zQaLOGYNe@!#0%z!PFcV~ux}L`Yu`9P
z3L{Jk)TcJ0n@Gy$+RQ0ca?<Fb0W1LNV5x;&l+#m~k2OuMo4t;|6eRn}JhxKjrX)*&
zPa#S7YZtwm-u@sYmsal`_F(c$O4=E5mlJU$Tetz{n*w(|Sn%sTd;5iFus`x(NBn~=
za;D<c^HETOrilA`5nWEZCM92<{fpwsQ7)5uj{E!r(+QjBN(Bi+vvR>N&&ReZju5}3
zZ~f#;p)H4guI70q(RHn^H~Gqxsi_PHRoisW{PmyV?~Et3`l0$biTPfr<>Fl&=BBqB
zA)vmO1=Ko=O9{R4JN7{5Wf{q6N}9&-@dHEO$qF04E?z2FSo^i`+mWo|o1Y%R{7zb+
zE023%kJljzGUMq{LT1SwCHP27S%WS7?Y7NP9x#F@@{CNnVs^P#at9JR`*pBolp|1i
zB9v69CgLVIlk2f<0kl4ZkC~B({AeAw8D!b0l*>W;4x0M>^^~4uIj#kyyIAjKKUsYg
zwR0Y|xb2AqCwnxtplp+2nT%>Guox6W_Uy}}j|Kr_%G*uG;~t6cd>gp@PHZGYO{79X
zDGW=roWJophfHeU+m1iJ%&0nY)G&ut<M%&Y(?%-VMX7cD;3yB0HJ+5M*g0Ynl_LR`
zq~Hp95<%Og23Vc1cT(E$pl$HCMgxT`O%#|Yl(vScq^#xjeX_%AQ@aL<jV;wfii$~O
znC%gFw=hmrULp*7oXp#YO`A;I&0iP4U><$F^SQ`-t4saPH_0S;jN)#@oChz<c}WW0
zN<O`W>(F7j(#i7INMilFk98($YU{@!L-}}&Du-@tqEn==?cY5h@3mvD{K}iWlL7wK
zHc~8YUn-<4UBTi((k)zNw`lyhSySoie3uQ^--wGO*Pk(f_Ck(Fr@chKy<Vf#`o(+)
zvd`fjS2$?s`DO`5ar7#Px5Ns>cMCU|t+Gwrdn`ds`@;VN&BGA+6DPbZ{cr(Vh10$@
zBXK_aFa~*mjPu}%PZ0S-9+6V3h)q*G3VLLdQIpFEda`<@vCM`{wXUI6lc|kZ0k3E^
zZHC6pbH`&hYEDvQ*V1NQWG7rT=bAZwXH_O!os#i?ZP8=<;efcKdH{*-i|n0DyB_U%
z;+`ISZ$7_Yxf<}k4HkU4)L{K2{*>aRd;@0s_M6W&{mau`aiajtA=BDT4~n*J%(HC{
zuk?P(%@gMSfM3TQp1r;YBrNh7F?$nBnol(@tY*1x-JckUbVG3(^<}%LTJiqD1z03k
zD=L;~0=AlW1S1ucfgD-15j7xV#{UjQAL07VIub<mTH&f+_#@A<lruZnz}b>hAxjU=
zb7`AAur=B6kdFCfo!>_EBl$tz!-S-7<>%U+uHYwJ+Jt8tV-NXclz_w1Y85k^^o><E
zBm*Dw9SYB@^w8q)P*qBHr&r6b2vG--S?Fmw0{(caP?N5_ND~%#H0X(Y!b|(YiA_|v
zs@zzmaB_W>8&e5M%xx_3uK2QNHU5|kqY#JhbZ5GCulA`a>{lBA?^qiBd@NtHuQ%SN
zG9uD{Sm3JcG4NRUj5<U18AS+r$W6Nvu@oVcUbNc@$=FdzE*%OEX9p^jTMt9e?vG1b
z`ticD6kiSvskL5xht=B!Vq|$VLF=jnXCTdlo9U9!_By};aPXtq34GzX*|xHF$5zDI
zjgQW)P%#kWoEDf3@><Iwx7<H*ey(QB3TXPws#MTON5ZT{R&h>CiX~fyWS}c`!%#mA
z=;1GfBRMFe3}jGuSL^<QP%f<SuYxi!5GED7B3=Uhqh>!@Ot?`_TbI*ydb=GOw&r4A
z6eLX2^nV?7Enp)k@xgNFal%r+E94DkmaDeOF&T{^gDEA0beJ6>nhOc9=sN3~@1bn5
zazC~(gL2a@!t7U&8+wDWp4@)5h)m#oTBLy2-Xro)4S#;M7q%Xp;7EJcT(ZdIhZ!@G
z-daK8yI7*59@X77@r<bPbVKyC>iwl9?ChhZ*VR+bp>Iiqo3109l7SykC5Ih<{fL4y
zKfpT%(+8N`o|ELN_Gh+tpDZ4V9u<9!UKHdUn~UWp$A}r9tNXdL$hb)rL{*Ewv)I0O
zUGLaV`+T=w;VQMgZ}!p7d+LUXo#hq6$A!yw_HIl3u6P}nHXJm)2%7E}J7aVhHT%P(
z%vjPqox;IXGTI@2PK#x2gU=o{Hw*jmO8D!Y#P4Hltom^!9o;puUK89syJ$pNFE-@Y
zT#Sl2Su9>J-5H+QSly}^?@x^LE>_3-@H_5SVgHW1r{DiA?!NAjjWBdhn3_=VBKDuE
z3`}|d@;sb2$FHU-83ULN|77#RUjABDTYbh*{-RQUQ6a{^y%NbDygWDAO6Fanr)AJh
zFWJkHoUbwJmIm$~b<%MTwXuAphOhUArE?mW8(?##RjKjV%;*KOW~62E3|yzXoorXx
z4h4G7_IEzBFSok9`NnmKk<Pd(0DG2mV)Gs2{BupA&Y0|{kMp%&nqI7qW0}hkDQ>jK
z;4<^nJ+Vs(G5_ZBXJeFEzrO4>RMJ_UTJyD$O>j6QYdtr@7T4jf6Y)Gyg!#9-6G&s_
zv9+!0=RD3VmF=4tZet4(0Y^#61hqCeBJvJr49Si!+^2y_6b|c_U9UsRdcR{foIW_r
z@0D|?LSVGwEO@5-j~UI>+zoePWD!E&(Jx3;&Q*GsKXMes@3f(-)-G1-;sjCzX*aUa
z;>!FgAnSj#G^qDxqGNJ$0ZRo5AE`yT^DRy5?SN*^W77kSOE=I!udo(Z<W4+~r9x|L
zg3k@?&2}E1`USIAjwAW?_AlOM0!?eSUQmf;gln;Bw!Ofpth+lO)Tr;Ea-7W6uehoz
z#BCY{z^~ar3JsO00Nh2k^Xf<V^!ut>3lkG71b04q3r_RuxJdx_Nsim0;?gQbHNW#)
z5IPOCA~!mY92a;XAZ|qX%-^K2@wKRQ(+>Zgycf08_-&>sG6c{xrMqwEm;xo_jjl(}
z4dl=G!RFF$Palm$uN*dZpVKbXBU<nxTff)6nXYkT$HKa_2tRj!_8k2e2?IFNytLtk
zxcRQ`bKe2WJ?4d)?hWtME`$$SGYJASED5J-vEZ$bU&y)pn>|unB}4-acMO6!?Ej^g
z%4BW$Xir7>gbw?X)H}Vq8pwCBk-f8(&6ztA+fy@=S>6{{WuJ=l&l`YAxHNLEs9ut-
zR2<G(GGfPfnQyQ^B=P&zL=&i=S(^@i<!r==9`kFJ9<l?Js`=3@4=oH9J~4fP#ma54
z&&lb1x_k4j^37Svch^tvLW7&rh15SZ>97rZ0YvFL=mZ%%_#^CesD!<<aKa%4=z1Z!
zGi#bfCZ%<6=gSRs&0iUy6zX>)`eR(*w!4cTEP&R1oAuI>RM;M$ZCeDAs2E}yF;!dg
z&JVp?O#&x0n-1%~jzt0`Jk(7kXnPhb?q!L~<;YCb=qP+#w^r-DF8kZ@WhaMc#pmkz
zSS%{{I=Gq7$o*C(K61Be`cOV|viO>Nv2TAf@gi7GFhs*C%>KzFu+~wpu0=qXy<>P%
zQJXvhip48uB4<%s{qB>Op{LVrvXm6yXyPd^$)&$2z7hS!U7c0K<QbBV(6&MZi2-a2
zmKbcZnQnY@-N@0qOuq6FuXGZuNfMf<BcOaC8QK6E<;I&RO+EM`++sSJNlAz^lF9SL
zAM{qgX5g$-Ms4wlKeEyV)cuv(pZ=~z|IgI^HF8AjF+F!qjX4ubDv^nDa{<DvFcis>
zDBDkC51^OY-FrK_?x4}2j(hv-v)5?jddf-lN31CSIxzFzuLw0i5I6sh*P0#wFvMV9
z#GjpW(SCJ;2@Nm8qfE9Ux2G@^0?xjy4}rI$6M{l^?oW3#O6vfkvpj8NT~W?Hd?Y~!
zPuI<xyiA_vqmzpq=#4JydPQYR$K2IRjI}!K%+>Q+NQiZ!FRE5Q2@;~Ez2mX}Jn0+4
z{A_aE?B1`wDhW9NML1D2gq4D@6ouM<SNe*(m5erCr~M}R{1nY=<y7}AsP*(cFX>Yw
z`9Z&|J>H(hh%&bjzWZBUiOm{bWCMPlg%f>?NfAkpsbIkj$r0hLu-+tGPOWKsh3FeR
z)o|WRvnO|P+_P^%ls|Vonlwn5J(_(!DTkX>G%OoPhsJP2S@$OG>*0Q-(*0}EMR4r0
z4OM^%MNj`IZ4m3ls{fV>=L91e3bf+)XJi8N#1rIW78^Y<4t8{vw8s}m&2H=aMcnPs
z>ctSj2q=L{cn|190;yHPBx0cVd#ZAL_ixz3<uBMG@ZVtzidK?PO@Shu9xq!PHp>&|
z21f(H>A+J8lOR?ps{q5pV3>A~2^>GI+j+OFNf^`Y-N5R6C5dzK9^Itn<>P~G#5=Iy
zwD!-E`Ax>@O0Pl!i&y)<y4ZIYLn3^rNYLo9q<_3l7%it-!ZEu;0FJF$V)AoY8IHu;
zu1PTBaLg0aGEs1kKyB5<ruza;d>E!nEjl0>*m3bKrALqM8_uEC5X=w_tRH0$XD8~(
z#&LR)CzGp<I7w{EY@5Y*=h7lgeLPZA=un~4dbbHtaWqLl@<17XFyKpmzXC~R20w1l
z=OcX{G`u$$%bo!aHMp_>KT4jf_vmi#|GD1qz+_41PX2*<y`5j0{pnWj^X=tV+FFXJ
z_63*?X9!eOlit@D9t(I|G(Xq53r6LY(=&j<N)0|3*U|_Xe>1RMo4?^*aIs*){Dt}n
zj#uPjfq`Tf{=tUp^vBv;vkHtO*$q}(!W;J|=I;O=<y?p^$V<BntwJq<Jf%;+nHe$<
z{yLPn|J$LACb2%|$zXriUv2ErUfr&Q;4sN98%SGf0An5DWeE#~Jjb$b<qdhmphaSi
z_u(6uk7OYV_-)bG>Oeg_^{a|O<+xcj4^}z=Lk-cLvhk*>e$aAuNK`C}efm=`mae?`
zdw#S9yu?wPp>MQoyX3Mu3$}NWV)$kk3wV$WEZs29<nKUT&N|XT3N^DQsHJK2F;=57
zGg~}U7CwULibAi4cuoA$E8nmi&s5=zkxG4yi$5aQ&Uu3Fq=vP<dx=}{Zv2VlW>dc7
z-cxXxrAkn}|Hom{u~hbnx7ktlm&?J_saS(yPo|F>QgYLgEZF10Ln#S*23VGi<fr*9
z_h5b^dGZG$m9D|ha*K?w*?3O8zoEdSVSV$McS20~$u$#@k}@Q|Bj1RmJ`lWK%{k=<
zKVRq2GrFf(<ZIa8n{bU4fUoBBRd3PV(1Q&cmG7tTQog_Q_}Hwt_v0rL#kv*2Z1(Y`
zJWBL$e)BEinYNL&G9KFpjN?i7h$iLa2Ve}R#abzHt?x)KyNusoXN3Rs-|#+)R=zwV
zA0&ZnW)1h$h?wy)Ljc_omhg*^Tt?+5CMf~MhIWRv=nj%6!JZ_*ao^B@6+JB1JQPu@
zb?Qs|9o0!SI#LF?jehQRPb$da7_K7`fYHcnUF9UT0Vxr$7jdQ}>zqZ?6~&Y!uQosI
zbftc5#ex9j2@V!E-EEN*FnOd4`Q0eS<uqZaf`I<#*7CX1d-R_rTSC2XAoTk286~ug
z{OF0L<5-X;m*FrOM5Q+w25SK8y46IHDWNu{G4|mCUT29g`}%8qdRUUatfB}=$ydyE
z-}mxr_Q2R4tDHji2fX~v>6dEnFT&pp*Jf1Qm_0!UavvvYgK`z7;UV#fnTO`?M~w%9
zt4iN^+`p^_n5=mjUogQ6n@glW&aOHUs5s|lH0j<T!QqyBWXtX<y{<~`-@&$5h!dUn
zopcdc$lsutU9QvgD?x?!!>t|}5rQ<|W?LRI9PK4=H=dcb{Um}A9I${Lh0AX-346!%
zU9DP|*Jf~u7zjUfAlXMBcHCCXK4d8ax>A!hm-<rRwjuHnjraRTv<xwvtQJ_s@H)Rq
zlRyfbUwAtqA2tCoDpq!gpl}Wur{5f5t8Jv38U$w)<fa@Wtu18I4kE?uE?Dc>+L<q;
z&sSOH)@f(^izUPEvRP!}dVq5WIW!~81;x{=St7hmdyn}P&-@xnN#eG|K_T@67iyw<
z|D;YK?)zAhY-M=vp>GET;hqMhj37WTp+Ezqwnif)9(O&Ogub?9n`GWGWAdg{dX>m8
zA1u2k`{XmQSG81yMh=w;9)MK7TiDzT<G;Z#fjt~x>)xA$n{wfdzM3>inO>cYJbwyW
z@vLU#aQecp53TkU!zqdAUKqi`u*lr6rK&_OQFFP5)dwRqkpacV1yN%ybnKEwQv2$w
zbnbSlq0gL<9NKsSbgQG)p`}XuNoUnAfB}-Aj+{VkjukJxdFh$#kn_$SGK^$D@qtb4
ziAf_O9szm9B7y*ze%cq+DdF)i+P!LZ?8gE?f`QcaJvlprMMA)HC*z%}manJ2VDaX~
z`tNslWL#QmkB06P13n(`xg2F-4a3EZv&}>gE*0ioz|p!w!2S#Ia8?<mh$Nm>@mDmK
ztYL1%2*s|0XE%3;RxIHgm?~8ArCfoo;INwCvkG1#jR$IJ>7-tYwn!xOSNLC$t`ZK!
z<YKYTRTqikveY;(d^stoHw|;M^;@5aoU*d~CuSP=O+pVj+MD`JlQW}U0If0iIr<PR
z95&E?%=az*i%KE6SEqRwTB$rKwp5OdNX7cF;ngjk*H)-+v>FvX7h9=Hq33AKqDs6J
zI_^um#bY}AXifX7qd>;4-YEsXlN+_-X<J8NZd)SKqJx}<f;ubJcA1JM97q0=?eX|$
z?KLE_Ck%RelsH3q5y&`@50A8HELKp%rKUuKZJ#FhPdsUOxMq!Sx2rmV=K!w<m%s5s
z{+vzy$<~C)f;}~2zPdt^@&BXit%ItHw?9y&kp}5538lNcyBnnA(A`J~2m(?f-CZKx
z-O_QS58d7UHaEQY{@!~t{&7ZTn9bSWSnE@(Z}^AI)FnrYUw1@SDCExfu3lDppG_T?
z<<6rYF6qb8P4}4DWmA-Dm90!NuYD2ts?5vk@C_V~mx^(8u~BK$RU2x>YBDm96!|n<
zqG8uOr|2|BNpxC4z|-ENPr&9LN2dn_2!9KN`50gj)+hG1(Jj_A>7}&yLlCD1qCn=k
z9G3E@kXAn@&7haZy>p}gM^eMw2PLUw*c{01bADHWYv}yjG7V$0BJnTvlMPk6C=PD{
zH#9l+aH6XmEvdO?D)iq>ws3SPK+5<6UZ1t&C^vdcLk#VW7iMK1Yiy!M%i$Lu_Aw1w
z=SF}3IKh9jmUR-DKI1Sei(4%seNZB?0!JSajN%*wa|*3N{(Lf}$O|s0d^5i@7S5_z
z(tEGVuO2sgE=$LtuZ`5)G4)G5v58m7%8}ll54!@eCg6cGMRLt1FC5&cZ=-~m5~hn)
z;r8!bSVPC(WE7Ak)|ady95d$A*JKL%D8>i?0@ivC5kB;Xt0SQoLu{@ZhW3b&Xndvr
z7K1*$9pCjV_&z1yh1z5EAbNImFeN$kTQ^oC|LGYNSn9#^6zb9m2u<=*z((zQ#z=`m
zw<`>Fh1J++Pt22v8+a;jZ)$5UGK{9*`e~Hpx9w*C?)ZJzGRD)9wIWbzGp<p~D`#x9
zRlt`)&qB8kD^DyB$|3O&V>4WTe_BR6n9=!0I5jHy^-(r7Ciw$^l52u~3Rkmk#q5u_
z40O5Gc^zUdh^i@qQ~O^oI6){CiIc^fZO-KOKXXX6ceN!Y1A#QReUzk^G?Y1zVr|GF
z1Lvc3*>R5{!$r=A6oKBs?Een5ybv^<U4+F<A<F2m>atbQc`U6GvlY`TC(k;;+55AV
zD;$J5|LaW#I(nOOc3RPaEwZRcVFt9>(F5saOhM6;vg@GDJ2dj;hp`M^$p~DAGNDlJ
zd)2B>X|4lkHVi%MUOeh0GurNlbGT;y%Ie-yf<hbHA)Y222q3_tfE|uYYkzjV#bKX4
zCvb-nZ(ZFsm0{o7TnAo*@3TeD*$F857{j5J3)}}lH?p_i`+hpkWt-^@zy0c}=0&Zj
zy=hn&zPOyH+H|ST$RXQ5ZVBs<T_A4LMr48hAlp-^pX70~(vHurv?k0#K~}4rsfhV$
z{yo!RkONKg$O5S-7VpIj+HCIHLR12+k8-3jmJ~_?#b+b;D6CA%dOBy>oIg=4G$4!U
z&$tR-hTLEbM+Z`QZ-+bWGiE)LPo8LqYYIP9+`0|7dtlw;FzHc)9TvasB@TmBmTVfX
zbZd4gPR1Ek4%{9e+2IPKd871(3P$wYL~<+pke$xU`s9M$4ekfxHrsbrh)a`x$LjO^
z^73~h#%4&#enaQB&nBM9=W<3%r?wU)d<cOD)=T(d@6gP&mp2m5Kp{7ZvrjBE)A)-2
zvl{M)Ze9G~Z(mjr(c|s`#2IC;ZFBazVbEweD|Y?T!$Eqb;%@Wn%!3p06*0f=JH>m+
zW#4s<WH!4p2EwOr07JQl8U7|{yE7oBWJRnx7`D+ZvX8!3dh26476yF3XQ#`~&KK`s
z+gkB2m_sf+E<5^iC)yo^U1Czvh@5^uPboE?=xeL8UaW)v{Pzj#g@aq`#6ufkM({D0
z!-;RcKC+%DlBo7D5VQUlQ}N`{cd@$>MNzqjp07#D?u2M>A&)+XKKWI42_e~!Q45v9
z*;b7yWK{zWbZ1X2GGh%QCwy3>PpR{*jCDP}DHdD~Cz`7k%oX_6f)B%lK&;r3%4vHi
zx5x3Q&6Nn`Dx7_NQ!F|}9s<)HfB5h@vWXa>8eyiEAX+3^DO`y8;PPy1wD>u?F_Xtb
zP}#HcpG)j2R_-(&RbZoMaH>g2og~Z?Cid$0+<B7&0wcQVH>OFOf8MIG3bY3y`v`EI
zShmq5LfL7rQDxKqIGN3A<>ue^A0{@qPmOf5<$;1~>2D+@!0IabMBr+c00f1d_eK5?
z<kup9_@T32p=V&&)1vk(W&A>s^7v&j%OUBnsJ_!D2Ngcr=wg;+Idd6hiB^VEffBw6
ztjcdM=#abLk8L~z@40G$+;%K<LGqst%S~crFebm{wnxTS@Jm;lKxf8!fmU{HYF^V#
znS22vPl6{gg18`7NTi}+>tMR4=W>geT!cnZaX(Bj_g4_|3Vis_8%8)c0SNy_^5J-E
zyYRqgkyoQ<uJ7EAs11}+Om@a1Et@0QR`FUKtrzm^Kj>pZYC}%kFP?=TiO%6%@Fo#`
zCvMr=eF)Y)I^I*4SaA+8edX^4Vod{gB*=isF*&WWSdR9`RjB8h2wv$Q%xw#zi;XTy
ziY1S6RcHB;#eVTVhT8)T&Mdko59^h7s->&(Ck(bYyuMelzSAw)3wi<7j-Jg;58Foh
zZjlysh)a~~P%iR+SyK!pGC&ILX%L;ktg(IG-QB{XK6`YdBL{9Lx9=)_L!zsh%IB9h
zj5PIiH=UQm%<-5ph(8b@WGY~}P0?k(EmQ$)c^&#T)02$g;mzkK+dCMI={(ntt@?kp
z8UpXWj-+0a@=Eq8CDWZ~r}I&gN#$_`(=r2SF}=KhZO8k`DcM#Xb)+UuCjK!~vL1g9
z(>fxx<+OKhDnQy;&9@8pnF!T(cQ-Jd;^$JJ_F_kvu!NjAd6QaiMvjr)2seZlJ=~Ql
z@gtlj$Fl%t4sjuL^X6+pdY>m$^!AU4SntM3TuvTFGOu|UIK?0}p)coH#CJcrN@$p(
zM5J~nAY>^-+QreT)Rb=*erDe(ol&oLo_anzphepA^z(MU`MG4!4wI?k?C<lYhvOa@
zd;$LyvT35Obe5J+!o1}q#0xtn`WbN9r0qzvMZRgXEAZT?h6}ZcTo?VM?5I@kDelbm
zRq>VsTq_LIy-{CR`A#FwxO?SLm9nRK;b?+rqWj%u+VqU-_mRd70-kI8G}4#Bmmlv!
zetua20g+d$n1ZKq&?Zd$Ld_mG)10_0Ez>kgndJfzQQ6M`3@=wdrUyEf<#TcNgS31z
z3<J$RGDZp7=63IRJhjDLQrKz*3Q+|XDZH#Cw(Sq<K6QQst^g0R*(#}&<5zY8g!LIp
z2*8L-v|orCTC1-ty%%JyQ2&a}UzJR&)fz|^f*8u>?}>mQ1FMi0!?mpS+<q%bLIV2n
zHbk|BygyZ1U8aW3wrN$yTUdjlrL^z+b)!BnepxN?*!fSHPH2=5(QhV(63AQa7CcP@
zo}L{vs_0IBZ<-VPNY21@wSN2<f-(d+$S*A35|Sv5p*Evd-3r{TIQfzEWwMCzK3Wiv
zv;EEY4IIbn5V+f^!W!y6NEyA|!e6uV{uH)ltPyg$+AY=8RK*dNhrwT}`GGQC63rRq
z&9#$fWhW9+my|MG)rVqU#$%V)B=M_uClS1rJ;_Kz)kw>RyNO9Oc*0pOHh;uAeNZVd
zTa?oe9MbBDr=3nXC00(?`es(^cN2=tlbTtI+`HCY!VM8}``m*3GAsRxYM;NAA-3!*
z7q|S`uWS;pJo%xfUH4_&<t;~V+pJz}<v3uhk@dZ<&~JRlQ*Al3oUDl4j`kDWe+>l+
zJQjna9!L@JQ?`So0l|e<F{Wv$I$nyQVab*u;)qy#w;~5zIE(wQ#}quhPSP+L%DuS!
zqV5kGk(}42tsi|Dd}b|)&k@mZY=JyzG7I#Vo9F8slDbXyqqm45kcN@MS!CVJtr!z2
z|DMnkRw+Jf{zKnRXX}ifvd=Lr4Uz>4i{AYdKXFM2)kA!NUupM;kG<;La~^Dc%^a5e
z9N)%C9G=TV6@;hY-11BpzSj{Nhq%|+E@)(~mD*5>>Mq-#1PY=O-eKKyHD8(%^I^ud
zt88FfgY#pqvVOKPC?>LgMm}B<1A?WDBVmk%#M;wng(`JOiy&$pNi>zynj{o$CCa?U
zBc^|)Pohd4#bE0l9}}d%#}XC#`9Hu`j+m+-O8~ra&2hr(a`S(%*DYE;(vuL|h;9PX
zRb|fvJM7%Zi$t|KLb>8c^!$!+mW@4lvgqmKzW9VDgoHun%8U(&k52D1^;!*+0rqji
z_*pZ!uuJc_#evYoLIBm+rTY$6{d3;mt5=-pg+1-h5csQy0Svwvbe<X9ZkhlwuP%Wp
zG}yYUv^D^HXTL;1zs9vj;b&R~NiI~DAr3{Y#ySb|A=idg+BltS@~c;5jXpWWJ=>hg
z#-gSDID#@$X6~a?yT!GH9RdBKGtiP2zd`KzQ*1QmM*WRRwc*<XGbm@_XP4LsJ26?3
z!lmpcm0I5guM^MNGFdh^GU80Yvw1A47t3sum{R&R5}YxPVe#$R#;ozFR5VG_Oo?OH
z(9FKs6Ic9F+!y#HwwS*<Bm_dBk?szq)cc!X^<r!R{w%;4rjGq{0XrKhxMk06IiexR
zmPPeMye&zzH#4MCFa99x!sh3j3@d0T3qUR4!|<u*g|BJXd9UT+QV@lbz)U#!w8~-K
zHAEA@qg|p-d&o=E0yEa+pp}RL?bGDdLh+$p^{_8!QGz)n|9W?JndAE!woT(%Hmd4p
zG=dqlwCmTa_lhovpIwPxbX5N;e%OGAO?O&T`LET0`SP$8hWE|%4fUK<-Kf<rB^vY$
z`4R0T7KgC)*?7PYSMqxL3Y2>KRx}^Tczy}&_Z^L|nogF@V2O-j9e}Z<_BNgYGw0a%
zV~)5ZVxh|>l7GrZ5F2hF3W%Lkqk{X>a&1O6@&OkmCEpvYM&E*sSE)Vibz7xrOs{KR
zclQqg_251!<)B~*B0;HcVR4o!6|x5AYLtzFILRVXeE;7S6T$?nq1EA}^1uJnWBc;_
zK@S)j5X{f-(TI5pDD1)a<}CCHbQPDi4Nj);vco$`ueEu<#0G6Qp#(?+)LAn#89yQR
zM0uT-h6a<-x<TcBmBp^U1~zlpz6+3P&?O9CS22?))T%Q-(#`X4EkH5-<wjP?0P6V`
z#+Nb8@+XB9KO(Z09INpRp#Ucie3GET!f)2Z&p<+~O^ljpn7iG#5JV{Yoal6RF}P^F
z?Yj@TC4il}8tz43Az=SEK0tVbg4u0L|5hSDjZVKPtH$nf<B6nEa&Y2buMBu`!qZgf
z6G4U9b*9&X$vl?XMr54++jg5UNnj>F*cq9xZ~0@0h3F)P+cr(uJo>ol063Sh)DQkC
zvBWJ^@OI90;+8fFh-`@Mc3vM_W-929A(e~9jc7b`8U4X6I+RFn->eDLz)2AtgpGp1
z5Nnv86LkJ_q35(R{hO#mZ9p%>P?=b9boYA?-{<(r&-zwJD+ye}gAlZ{F!O#W3;<1z
z(&mDjNN#!lz0Cd=+yD3=?)49x6VWsea(l8WHu%&<7?c+GGusb{KyFfkQEsMg^t+GV
z_;4eh0OYcCshO-ERJK%nIQzI2&|0?d5>ia5zcl)d@BEULL!VUV-VF%sTJuitBi-eM
z_<5T=Thv#SEf>?KghX7ry915y;Jqwe=K7O;C+6Xy*Ue6Vy#kO|thdbuh&{eo+VvRT
z9i;z%D?Ynk5T29Oy_y+d%|k`k4k(rrByJ9qxB9Un$#r7QEM$&oiEBB9Dd6*o(<k~+
zQ0c-4wfq=}u|DXitBnIZWRFUPLEHb9BDesoEXI5cdH`Q=IHG;ulXk22FEfAo@$4VC
z^uLr+p2{BpmFU9up<VzjKumY+UJkDRJ+=Sm1KAM93oRyxV+uRwZg7Xtf?<3jsNZT9
zJ@#$?=Ue`X?NaKJp<*^mx98TTnnX19f%<d?ou^3O3mx3YSWAC}eapdk>O?<1|5`iK
zvx~V&pK<9&9pxZPAP9B?Qs-umJ+F}aqR)AO=_BW2m)hZV+=#t|7Tk}@<2Fga+tk4D
zh#0K(|7xNB`}GRDQlaa>jHUZr4TGz3|4=BV(Pqn5Y0C%HIgfZZx@^nPOYI{n#(*ZX
z3R->$DdlO8;=T72wf$h&_WeDR<!R1m*hY2*43e=KL{R6Hx}<~<kY^H$jbt%rh)$~=
z(k1be;xp3j-gY0S!xFgzm**NoqsO_8OfrR6mb)Wz^k-P0mBVXJE4XRYpbE95;pb2P
zVL3XDQi{`{(cm!&_n!>4|1o+57Ky%8Z5*W<-%KRlSm(7@Jd1t*U}PEz-gN@BJ%ckm
zKncz2y!aMu^`hZ54ZFmCdvsd!6NkUvc7>W_uYG&Zq60TQPbPTYeo1u4c6rZ5B$o0|
zy;@sBTyJDUG>^|wP>X&`-2O`Xd|iT)kj>F--z0WvzC`M11z^PFj}3MO`Z4|Nb8h_X
z-OJQkXT+ZL1-}n~4#TAuNoh36=r@xSAnWe2-;Z8WZ8hv@NK^kALzM&{21FYDzb!|?
zP~;TAJ5Vyxm@n6u>Aq_~7eVTdHz^CF!2^<+4ci+ZTAxXARYU46hf^fZHiojFp1<lh
zIx8q<2vQa)KaFKmR;-Jv)eNvtW=jPm3mnU|{r*KAIS8t3p*mgfj|cFkfi?3|{l`Q`
z6?F>*5@M^}_boHZR|kBMJFnK18JM8WOF}MJ!hv&Zj+df)?8+9WSiLQQKmOKw&I3Y9
z{N$jYiXqtUb*M_5VSn&~OafAT)p8RZFF_^7!MII2uZNwggT-?o+t4bRh}T!1^iK4t
z<(Kc%Z|0Vexwrp6hYI6A4iy2D8VKUW_0dWahG|=zlab#cJ;jEZOqb|M3lN*`JDD9;
z_F$eq#u(YADcwgq2DDmJu)L@li3mDehFKZ#Wa7`m*?xK84h&}?zKcw3p1e$S<FmGn
z<rj7TFsJT289>#$C>RR)a^;5~GMRsFAsu}%#w+ssKLytRZdKVAv2xWg&N{48FzL)V
zjbi#s0Q4lRJBgq#o|QTJ87kUuu#umPmWI*~=D__QU#8k(+k&C_nOBV)9j~;aHE~2Y
zU$lD{4qJ3eLjeZcR!VA{=5sgcx<GLEonYj{!Jk&GrfYoqAHggL>9FcKe}E=QIy(r~
zHPKxigf`TTCAt+73!Ml4ghB7o&E$MLq_JcM$U*Zu&b`c}SM2A5r>5FcSoHk0AL0*g
z@4wU+gFZxH@hj=EJJ1$EDgBo>_uoqJf7qGi{~^?5gjFJZdYP2bEfr&3#RM#+I0^~Y
zmjwFM4t$bf_opriVnI^CSuvO_Pzr{UUA_zL--&&W204uJH#)=Vh%D8ZVuOqVF3ppl
zN2s)L`<2q-<dQ0-Gq#;&gKkcP)2@IiFfiv0uDcOEQMg(!3fSGL0t|$Pzm3ZO8m__-
z0p>^YfL`t7tM*fD&h<C%Ldl3u7xe$$BL0-0q>G-TGZPZ%;)Ww(Gp_a84+eN%za?yS
zyRReTJ$zBQW)4vPQ+(Q$09*jfz4!-xfWw_o=YlUV$nru@Z8ZE}_eEFAtI0><gC+na
zS8R^w)foEd;k3F&tpRgZ1c<}MRP*Im!RHvAE<h^*oB%Cm%3c$h{`9$ksGaGLsiSk(
zNNT;=@l$XdotXDv+$|kVp{KwWAZXP6C?C(8X!iS?V%$3~Rd&_}luTY1P28F?<$@5y
z?r(n}u~-|!U#8R}Xs(O0zSUsIZim1|h7+|{wyl(@>)|3Ff^&m`=y9&!p<kd1T(+2I
zW6dPqv=dnz{vv;Qi{TY86p@fdmofia?<*+1-%%^YbU?)DMCRe2RwIj1#3d&Mg6RZY
z4e#E8kHF#AO)q|e2Yjz5P(OYCwFtsLLJhzh)+(|wyt2QwOP2fXd$AMy`_{P1m(L-V
zNZD)jc(HY#fDWbsIO*O2zbw|1J}Qb!j1W33CZ06u`2!FG?oJ$fA#e%ON&;%cGoJhL
zjOXLk+!tBfFWXImdZ@$!kYS@Qo%Qu#nC>Sx6OZGic+uYX!$7!&+5Gc79~v`V$w8!1
z4wc)N0*%+uSqO6KL1wRE6Nso~<GxDAQSnF(@<hT=2b&F2;EU@BJ88v!W#oBY@j4Gs
za8uCmKw}dS=uW%$^X+n-@u~F3?h|x7YBdd$9yIyf;;z@=ng2DDS1y|5zLyQGwmT_Z
z)dicU1ipHmC>6xa=YA$X_w;DbkYd>MR#S;MmgN!Y*XDvm;0KL8c6&-fPKPAPOB?AJ
zMY~HuAQcC_tm<PM|Jlq%)$1tJl^qof{@kEmvDdD1)@ggx;~potahJ97zwY*RVhMP)
zgSJ~F<nos+TdBRy%$yzXQ$AH}OA||f^KfsH3gV{@16qu5Qy7zAh)#>NKb_jIa6z_V
zO}lSVdhWa#`NH*p9Iv18?1z8DTYl3!{I$D(okU~}FoOF$%B{CXv{r`PZokn5@Wsc+
zyiwzz!=iy{6ms9ySzFUoGCbFuc-$Yf0>w~cX|&vRxLtxw4^Q;!9pr|Ung`Ej_Al$u
zWhNd@PL!ksL=Dwurhn@7&ql-J%{_V?^U)@PxG=)QmH0D6xiaNbIcw8+Tom1pmT4SK
za#+@blGoj)WC8+1qZJlhXM;|b8A@A1mJz46q$^)jUZ7jqCbRiy-mXtu-zqe+VE~aZ
zaro<D)>Q)xkS*K!rs|JN;r(h<V7KYafFqsT^9!9BU)2lU$6i20PwlbFs_Xjberh|I
zLLI;SqBCUG`U37ve8uNt@<*4Fpi1Oqu?kfAaFw}In{|Zqqz%I=DL!{Q-)5C;b9TJm
zE<H9T7#r#a61Um;h?ueRL63o9`tc#p8}4A`$!?rzGM4w|m4|z?6x3pR>Py=yEd28I
ze}R^H?h@L}*n<uJifM!~;Qp2$x{19(#r35wGsxrlx2LOzAIgzo>%&cjJA)!Vn>HZY
z$-(8Zy`aLs>lOE+TaTPizj1$Rk#$syNPWXD{ove*x%(%#9cN~~*0wAyE~<-I9~cN>
zKJ?p57ccFimyAv&FN*~FzS6K>CWY1st@zA<ug2NcThbz+LFF9#S$H&~Ig9A~?Pg?W
ztJ{(cmetUogLp<@ya}UBDZz)M#h*P6-O}7$vjO!Af+cDO-fq_0_(=U{D(6>sD|V?|
z3A3aD8yI4%%;mb*rirov%Z1|zfsKmmb<V(vmToU-<H*F2A}HU%@W*nTmVvR-fECOJ
zL*QJo)FAN&*HbS4ve4^CHZ><g2DS}n98wbF;FboGLCgecq;Q`n?I%>e)%-4>#C@An
zVo_d0Wbt=FK%LgxSyD@Q$+mj=yHe8P3;7E8kOc9ztKr28AQd4jkHLRUdMA@#5`e{E
zyFXo&rMgiqKCJ)r&RDitNYn}9(!jX&8?E^!cG7$@W340m9Q|L80kTmn;S!H^O=4>E
zAsX|Q?=vLXsG{$P4368iCOOQP5aNo$8bRx<OyALo$n$cxw#WUK^1Sm;?3<H~7~@7W
z(Y^%;UVlB%uGa=agO2ejf88I?1xPPf&I)5vNt3~Ql$~PojZmTER&O)q!~QWpFT8z=
zN1oQjff#tT;E(`P%_m8{`Kbb$E1K+opA?`ZiF$y4l)`&<&O&W9God(T2Wp>CeB+Z)
zIj1~s3uk?n8y1p}B4qpay`Dk-Oy>Br61c&CB#gMvsr?6|r|7`%@0EFG($6hGv>k3j
z5gsMQc=Hv(hpDaK;BEi;hHQ+v8K(tc>BbsrBNLGQxRyrdm1q16Kvg}!RTz2&qkMwQ
z5HR}JIwlMi`|cIS(eK7{-a{ViII5;bloTj@se(#Gz}57ApVKZ8uC`R>xFS>1iebfW
ziH<|aruh2S`dTub)81q-f@5CfOU;28ADAbiz%i*UqrO4E-Ct}=@mBN=uJ8MyE3Qkp
z)$fZ<eT}b#-uYDjxo@i5Ie9IRXY=`2MZW{9$*-cf=WcTC7q(&S7cCM))`j~KpQjQ_
zSKazqO28mSJ@<n+9EClZZKV_+JLqhzpl#DHSi^O0D?1iaXoT=+&s4{nCApuMTlF+$
z0n-zS4Q(1>0;6=|9_iV^6dJFel=?|X{FPAqbM{_L+m4%`xS5J$e@;jjQpxKCq3iXU
zx$}I`ap(N!o#EA8&=c@oj<1W&!L{Ih8sPQ1AoIFT&k^+KZFN5AsT@K{Q8uFSR56YT
zN67FbKV1=0+_lgi12T2TyjucE;@z5o31dT*G|!ZkCC+%Xmk=Bp|3?M;rKa+wk+!<(
z7{9%-sUV)oVpVJ_$xxpGBN*=(fJe~c;_Z%%waieYQ7SzxXEJ{nF%|6R4hy)`iKAAa
zXDUe|wg&-5O#VnnUBG5O@@p3aS7MB%qxSa9N!uzMBe#^p^&oJu(AdC|kH;mCOd-*Q
zCkcx*86##m9YBY5OPSv-cG!H9y5gTH)sgvS?suZf{cByqBH&F%Y<9ojUptL-2mI?i
z?A*F_P_p4f?b~!H6r1sB_`n2bA4;MJBK!U_hwtA~xf}+6WcwxTpAokTgk-VATkQ0S
zf-4NJ2}qz`H91i}5*TTxuPxpp#g!`m0AWO_E_(`?7;tzT&M`?pN*t`z=@y2jTK&lh
zRt#XcwnxMVlp^o*;YNfK9l(Ax*ed~A`RUgYzaF{l=E!Ra>LznK$C|l#{Efr@B+yA2
zcLr>a;nBb@4;?m*u5FeKkCiy7T`St<$vo<290CdEvQ3xxIWc}Kvl<l?=NtG&vM(xf
z>Cb)2v&=cw0vb=o_Ke|v=m*PmcXjew9Af2xy5-ede&wkg3V1vnPM&FM+#UhE-tuJA
zWRAAIks%z0DcpV)$OJ5-mPzg>L|GNq)BGH@hAgPOvy_|dy1mZPF1gXvvaddwo|z4@
zS4Qd8flhm1V8-eg2xQau5?jO*?D#z7+R1a>4t22Hoop_-s`-omD1Lw<hK`n>)?qNJ
zO8|51yDCG6M$KH)>W?oZHiO#=5<#5Ox!;G3%MFzeH2S0ZjITPp@L1e``L?<yV#X+0
zOZ`G*|7Ek%RJ@)1Df1qazv_6D^lESsHqyM+d*XHH6pZ1wELVx7D+U2KqjHc=lXE${
z16ZRHyTZC~Y;U@V%CFgD97HT+UPq(?#@Gshe8xoDA#fOdu55qQ;<D-DfRFtxo(<(7
z+fG7Ud$ar2F+V1qeQICdl<%iR`Z8;NB=BV)E$#X(QR2Zv2~^|*kGp4?n;7#*tvWZ^
zYrc5m?~T=6Xjo2vw>crBA?1EDaQaImvGZnS^Sw7=Gar$Vn9HxRnOcA0)-quOW0w!y
z^_PNWYu+CqcU>T3rY{zXc#INAn;sjVNi{21^d0@U9MrXV{U(2d_*_=9F*I^|5c5s1
zpMsKf&{r`U-WiRZm0avDFJFE}HT(u?490vndyjojqmUvVQCvGy^bk14(ZrZR`c3%5
zJ9IUevGw+c0s@NBFF0`w1Yk`jp7hL>iC?b(?<;?9D);u^o+g|P=Ic%<v|x=(dEtE{
zw(uPNB`}GMITp@(Mf$m}f0kHCy4HK7=7+mgzwY5)kP9l^0y+x1G*VcW<L#LSPq9DT
zHo3{;FRu!N0UE{B_X6<9;7rrza5w^D5pGejT+@3_pF`9n@-+1#H$?I=26={7qB+B)
zO{4-J&d7r&F8jp<eu*I)#mqXJoX?y-U-9@PkT9iLR%)CBOCxtrVslkXy25m8=5l*v
zOMfo-K%{4q{pu?G-gM40$fryC`maGWm0HJvg#Eo5Z<w@P$8UnR+Dkz%ngG`P2rrZw
znHhZ)EdI#iloIG}1vbA?C<b@Y4Vkk)rbF4W5|P-?ng-iW0_0KcI}0Twdm+{pK{PO<
zeX<?h94K1aTUti5M-6~4a)@bYH|!=$UWQ?Dp_h_!nmj+??5mgVxM=xA5^GD5I9qIH
z4DmI4a|tk#0H;?T(%a=s{WC*@LQvmXTj&TL^p$8@&7(<*y9&YeE9n)<HznTdNySz_
z*&Qh?(!x)G(8Y>};Z?1zs!-Z^h~HkoqT;OWpE3ys1lcR$srT$dU9BM<POWJyt@_RW
z27GKP?~Fq+o0UnyA%Jp!8$Q~s4222WaP*s@5FZ)02`Ylt57X|5%8lOb%yZq*xWu8_
zrMgHQezbu0(bH;vp6dN`Bo&P4WBI+gIO#?emD$&$5@{~_KHP<#1?hYNDk}lIi49(w
ztsN{-bXQAl?oQnBrCv@SwIL}XNVhRUilFWHN3Zp-8=lg;Rs@1THD<TE^KQ}G6ov$=
zo~P%4Eol!|jyp8x^Vy(Krk`Xh)gUFh07fX<R)6i6ZMIR;3M^(pzpFHQ!kivoxyCpA
z!S^VSqM1^*@P^#(;aN$HpAn-y5#ivQYT;P?qg`&setTVVR=<m$u8mlNato=2%r#W_
z&Q^Q|TWom;I`Y{(s9*kCZ@}4ciat?2C~A6M{TOyK*KS$pxG8gjzsDlhBJ~M3gBXF^
zOo=udHgJC-3H`9i(_a{>>c>lE<*?M2?|=N6BOlp<O7@5JohyitT+5RgEY`{P!<C2g
z-w=y%+Pha1401;~cXHfBZd;L6fdIB%@2uSw^@SjI=gCjlO{lK91A-Ymknk7<HrwpN
z_rCTQlN$c<h3#UjAcnA@|0f(w=%cJ_iB4_HJ`e4wKg#1Kj=|&vgFuc-<t|MVA}UOD
zRrj6uVMd{&&fyVZzIcHwY0Eb6g_aT1)LLvSs+HMwe+Uw8Wx_16&raj&2OxOel;NH5
zG(L+(#FH~xmHX(1iePh1cPAnZjW~6<+^p41cGw41Q3T!~v_nF}GR_4GfeVHial|T@
zN6bTaapCFrYK<9B%^0FiOIh&(qbM-#@|7)b6@8td-bgW|)!N&O011Ms5s@ug8c2kW
z5en+y_kVtT`Y~}-y-ZR#ujl1Flrx9b#Q?3y${r+Y>8Xz;&A{~<UVlMRpw@J*IOG$C
zAsMYeB4-rNb7V{UShdjA{<39Jg+PoQB&CjPj3rtxJZPm{7vjBiYqIKq9B$0B;;&Wx
zDHS7Huu!=0dZ;#aC#KG~d4RGm#g5#4+xK38fw@wbeTouOr@!RF7;AH2v9wa}<kKt5
z$>1u~pNyIfpX@!&x{PG`GHCGGTFA`hu&;Uh(JxD8><W(c_)8BMA;N%4-K74hA<*8;
z0vLv{r(r!&k?L<Kto->KYBnYqp#mGr(I-b9F1lQ$HRa4}yDnpljMGAMOznh#<;0~}
zxvmE6WEy>$T4ycQY;eFCeA6s71XiwfP0WhI#pCvWuf;7S*J7mB%$yD**$odigK`t}
zS3?~m_iLuFcO&m-dY;{1@3z6t*8;m6?jC7_QlkZ6`!_FGKa{{KrSb8Hop!zMszo%z
zoOYO1Jeh=JVj&Y3y8j)_io4ZI0;7}guJf1*1i4-WhWpi2gYV>>T6u0?Bl3&Fm_$Gj
z^Y*#ylCVLXu!;7)&eZuI1+Q(BvlNe*xnak4-i_Y=1>@G<zHayd85b|Hd>-TTBIYAV
zBon}~uRUBjo<Pm7+?JoVPM)RJs%<+EaMX5tw$GB_3&F=NjxTD*pZJueS>pQx<aF)v
zz6-J7sV`U$p@KX_tveH0=Ny#nvDJgo#Mh`tmQHMa=!o{{?b&QuJ#gdz7leepo1={+
zPMJqux%5+l4~INLggdZ#ngP->bn0$>Sm%sc4q~?=Pp$W>Z2q0Q(4r?y6nqn<&FT=b
zF&eAzyp+c-Cj1HgPG?M{Nj#7v5obZ<hH$YkQcFPLULT!$wrr&gmK(w8>V*2N)^^39
zki7eKqf@UhQ+EGXXk%O`rY@Nic11I8coiY6wJ!p9XoQr2gBA>4Ky_<DZ<oi*MtwHq
z1_f;lr?M?Rp$nWR(N+%gaC4ZS(P*Z;rlj;VL7uWgFeg(+?V=MroR@0T|0y0R71^Ff
zWFIe6!r!s|7zPsY={`F_1sy)9qbi4_lI^iq3Uy97RXsn8oy!MNp5CL#wQ`~Wqp(oz
zQBAlFRy{fBZb9FFI~`mtgE|ll-oS_!)xHg<%YJQq*l)1!M;y9u*>;4nFVLjIqp#vI
zO;VsjI27?i-Mu<$H8`NVywQD7pQ&?&7YDDS*MFx!GheiEQrFD&&Ge(hqfvM)?chi3
zuw31fo(KDp1v1XuWfr1ycaK`9q1>krd*iIYLLfm8mkFZL<hU=T-g~AYP4NFR<e~v7
zPgC7}oK)d4%j?g9;9G|f{a5tKB4XC8{tCI#&PB&aDXzDj)g<z1uNU~}u}O`s$wq8|
zC9nXaa+9tg-9wY5<^_B3crsxK8Nm};RLMGXGyIL~5gv<9O^K<ErFyF3F!8jByPm~J
zHv9EwgpZ<&Z@W*XdfAM201O7SiKN+e{TQ?s{$kOrFf?WvN>_BHcB_3nAS!A##I^Y_
zPZ-^DE~1cL5!vJ^t>=!U=76?6F`ov<aqP(GY%xY}J((A$km@1b`QSwbZvRz0eXA}D
zBSeSPrc*H$SOpgz>(0frB`(XVA69gYfctaF{IlJnxFGi|B&~bi7jXwYK;_*l>k7pn
znl!JX$8D-3LPpw7<)3B}k4nwqmLa_C{-V&d^~}}~#V&hSzzwh+(Nuwepyw_{uHQ4K
zQSZ6<9tb{2B+%$uY@KBWqlP#mY+W&r!ROI;tKeCQOP;XjQ0Q;96D@9S$|I|vTxg(i
zB{|nn)bbfE>&s4)9D7O^Jw~wmC%oZ46Vpy%hq^Zo=vixw2O>-08GD5P0LP7T(q-@-
zsdd<6Wmp}bpqizBqcm@TU`G{lxW<V%B1*!fBT|F=>axTQJzvn+2ojS|`g#!#zsuu3
ziq74PI+z2EP(UWspGBoTkK6xaWFb{A*RZBsq*C+lHfA(z@*89TaA1aFQ8?*IdCHZw
zvz@<deR_P09q2<+o0RFZwMxh+*~^>O2Y@>tei0@8hbw&hdOZ*3t3U~eGlUa{D0mJj
zVUhxC&zT|$^N4bKWTDNzDlFZ}D?5@EMkL+@aa(Bwj^Xmj%jHpyw;puF#<1YcN~SMD
z6s!l2@_AgFb{sfp>aF!e2q<k9%azwsX7a<FPJ||sU9cy_y5=ktVrs@rAJ-gU#(>jh
z>lLA|NZ1Z?7!3?&o=^8GV%4kNM7vau1dFJ>29h@Gk`1Z@6PgAyr)a*qM{QjWI|wi8
zmXF|Ys<&Y&#M<VQiIlJP4_<d^ZbL`5t_dV~W}=d!0Bbb01@sE`hN-kJg_D{Hj~%Py
z*$;50IT&w8TjL?tL+DwzZ+q|yJ8F|wqaISAqoMmvyAa%HyO|q2aJ9Z$m9XBw-`35W
zp!PIzLhmPw>oi8m{zG6@Hr1dZWk7>vPVe}v3(Y|w=dUam33AlVbqy5w%FUf+X<2L_
zAWwx#MM3GgMj&Pl-80de+A>RA1o^VA0Knkuswzmh98MsOa<X9WfUSloj+y(7Rbs;&
z5MUEA@2?QJONLgdigxbrZX}il)(S-Ub5_i!@jdla>?5;=gb4_8R|N-<+&@IuA##L6
zJ3OAPC*-$$UDA}%W^(gmkkxD&#y|{LAx2)j7V@R$F0hrinbCagNvw&HuIsKDIUheF
zvAn{lsbgkobLx9Zw9P3(dkE47kuxFYNP>3et5?MLGU6iY;dU@4!1=L&Cuz|NVCG^m
z_y0-L{6q?MqZ(1be#2^o9VCA!o5$I09iAYv^u>UuyDXa2wWJUCQkDA6@HERZ>~>O_
zb}op*gcL^A6a+4!)fi5?wE1dmL@}8`Ua^KGkW%r-Aksbz<~4>vib^B~-5*CCo_q$=
z=cHfQ)3pSLC>jT*gz(fh-6D(37;}$Rnt9ethEL@<JSuFM>BAUSRIK`qi8von_rDv~
zis~4UP8jlG2RTLu<=28RQ4-TsSA=Y*bvf;qD?nK}I3;@82Bn%9c$acc3}lOwGN<@k
z9r_5A$a>qXUGIC~xL$*SWy1SWiAWhGF+qA8$D-A}6AS#YkE=@-S9q~{R<I@pww}I=
z5tA^x!eF?s=_yyQ!x+9WUG0sX>zj=8#B-eMOtlep%7k2hhP^-Y(8UMR)>5t0bMalx
zTu#Rj65*TXumjV3EdEn@(Zeyf5;?w<p{&(0z*oB27e#oN@tHQt6L1t#v-;mVNi~G3
zTSVo*pPjW{w2$ifnSM!)Fr=@|2VOUqUV3K-JL(7%qSW$JB+8IR%SHS+w(D4PV$^MV
zUBbW+^hxh?O4P+L-J)p&xXc(vN&mk8+Tn7p26}0?UooRNlWx|+P7&O4YY=$<X1hmR
z9Vvr0Dd-oSy|Inrx=XXmGoX{ZgC){$Kwx(-)htdMedT$z3x6qS0KW}SbrSwU0M28{
zb+Xkw@cbvDhKTHwt5Dvf4x!SIP@yHh+SqrOAnP|b6lfSZe)|QJ1#?n&mIYPldjS+0
ze@JdHd5!mok}Jj8!fjr#a4jfd4(q80N+}jBx_NX0zkHH~?am|+dwFM)LqmOAG9R5j
z7S6t))p)R^z*7p&h+d6)%>8e*U9<YVPxchQ?sMHKY-ode=`~Cz25ZBo=VBK83zkA1
z-_8^AC%d{Bp*VhhwNq)0L6EWWo@7?oW?|mJ)zT)!TKcj}C{vAtft1_l@PWL^;<u(S
z_^KunMY>qZn;m9>v`z2G31gw(5sN=+0XZ5B^uPBllqwmoqjj1gUaA~cbSH|itxO>o
zH;8NZt<|YqCHsj(b|Jh0Zq}v|kS|-R=sha;6MG4vS@%qv%b|`t3CmF~h+!OtL0M_A
zdm{7QT6^t6KLN`ncQ+rsCAoM2%qR~`abc!xsZm^(4!X@G1qop9(lVMt$k=%s9lff!
z3gppWH5jdCrSqT5-5QU*9z%DGTlb1ML%%|}AQ1syWI%_4aEKFMA*c`saaJ6^pj_MB
zp5+F-T>4;FBUJ5s?~^qICet*6?74b_=OxbKsRo4x7tEO;8Upcbl>|L)BO7glJqsUw
zKDKR!ID8iz&k804h}EahtPF~b76D*ZA)3HHiU3t=HAV(IHh#8!@Rx~n`t->uD4UIo
zU@FUEjnJVrH$8badPy>G_&Y~rg#&^JRcZ-zxNr*J<kAw<8dBR=rDP5zk88=SPS_9`
zkfna!WG*6F51vu9=sy3ANmNR<w$V_6(ohioI<;Iul3xZ-{L%ig9J{`vBi~$VySRJ6
z`t(_njeVN?&OwXyrf;Pw>u!Bp4?d;#_Ya2B1yRI%Lp}3Rk1Iay=iH95DN%3j@)o*T
z_TS47aTBCvO?*K_U`Mx69>XTyUIMNL_Nd&SnM*2`q{FUd^+*{F1x6z}+75ya^LSo-
z0m}$0b5ChsEINKrc$x@=hRqaPkJ9aRuRU?550Bg_B)`cs={B}wLJT}CGbeUbEMMAt
z40Ky>IEKWi<}0c(*qHD)+>&AHg2T3~itxX@?C&+m>M^*Hk%b-@x&oo?|75ugmeaKM
zpoigXs4Y!kTCWWiKE^m;2Q7mq^TAn;QQar_o~xVjQ|C++K{S1t6(J%4mo_YgPM)G6
zz17{~;xJ0<ufhhtZYOj6z6>JhDUvwA2}t8DPgNxMow4X^QXa<LHt+T@j@mi#F@3sl
zTD4iaYyJ*MnR;H**u;F`0GH`^A<MsVzi?=nvJp-o>_Q)vNRR?W&lN!{9;J5tNrOy&
zK-2)3j1e$C!Uus1dC&Z<BWc77Dapoz5=v2pTT($jwVb#6nxw25J~zIuy~7iI0|F(V
zPM_~ymhE2HZnabu_Cdd8vevYEZiU-mID!5hfbCo$6DB{ZRATLRTuCY^f;iKA$rG|<
zB4v6*t&lw!^y8a38KzLx3z<<he$G|)y!X*<nS(bdobV$sdO$n&B|{Lw6Ryt8lZhXg
z5J;{0xc-(Kjr(2r29iZ|(u2d+WNIhFkJ53UAdn^CzdjR5W)57WTZB<kQ^LH@Vymx|
zRBW)<Dqq^s?#8N+m?k`&DsNR}iMHyI1m+~S6d8q|*C}z-cDa4BV0WaWU?APSy|SAA
zm0PA?E%GoU-y?^SpyB9DdT+AdhhcA#klTTjn15ctTcEGU*WC}-Ipz2X4-61iO$GEJ
zBK(#LD5K$vlz7LG)yzDL?(cD&ZZ>o(HCg^VAxR3!Mt(XRdPBPrf)qj9xL5_&9$W;E
z2MbN}+vRJ;tJeFv4%qyUi2}^vIHt~O0KjD}3-AEfk|nnLMupzFl+6`;rTAHLI}+9%
zWMwK9aYW%dB4dWj{ev*E1u_Qzn=nC_LJ)o%$Q{I+v7j-9(m<VVQ;-NSH-*-Ucs#;&
zbe&kWZ_=Ao?z=-n>7?&#Jj6IrOGh)=lK>jymI%(Mi0=|Fi?9bW%+RCAO%9DXjqswr
z!6Aj*{F+^5yYG&@^j=;oafc`X(A)((M)D)MYnL4Y%|eoz)c#Snz42c1yqXiaqG;X+
z{S$^{zD*?X<7$uC9c%P!;^>LpKXmf_hk%7jHuLCEAXWcv-{CMt6h+Gi?7YuCo8ZaL
z!?K%Q@KnH5pM~EKOc;`N$C=3|W^w+gRID#phE=DAw_T<-Md9)_FmIPPiWobn5aZ%8
z5y8<k&<&P1lm{+c7(MvT{g^C&g^r>TDRIIYOsn$AO}l&V=apOQM^g51kzBk&-TbyA
z5w2*ff#5!Vd(jVl><V5d*MF!yO<K38VV~L@XJKNv@nd~ps72p=FQZk;SD*wX{l3&e
zn)64cpztK&b`@VPCHg+uZZSyYC2(F^Q8?YObjk|N#8DQA{K^apd3Q>~M*X(K=_@b@
zWM>iy0l;Pq&9eP#^ezZ_b^GMi753DlR@U!HU9GR(820Y1qrC@bK|lSIH!ACj+pBJX
zUCa58T?+^}{&&|>!pO@~r#V;&2d6kHru+6Qr8Dd-MpgXwxhBPFI4+1Hq^FL=jzFiI
z))8-&VBbp?^#8F8c3qcz^Iku)Ek#E7r^p`jB;TrinvhG{SW5a;uko`l_0T?V#?Av0
zSE_(~Fn$9G`I?Tz1W>K_<izZ$Cm9;dH~wPd;9eO`(%MoW&8-in`~dLR&PNZQ9n*W#
z;cTW(U6x)A%6#j%vYJ$_vk?$Dve8g_yL&&&j3RG1{1D;3+<9n?7T;&*aZg~ppall8
zeP@atn|7;B!ueUz-Jo*HM$<Vp|FB~`IiD+f65@i1D%(>LHLRa%b8CXJgBOZ2Dp2uS
zU(AXT4!-tLB6w~#T!_hB8FhcAjd-@;E!+_pWq5nAl*tl#2OrXh!J&D&C^Divjam!e
zbDvWp#wRW$Zi~gQvcg%7d31W#;hib5LBe7#F^+)frbCH|fx*vWpFNql*;Coxn1N<%
zdZ>Lo%{{`u?K^|scZ~I5C<4sgJ8e`O(Rp|nnkhZAn7D?$v_9oSW;_yx&VM_kSzMT!
z{Mcfd3lb|8?q7GOLQe%m>Bxt3Kvk{#l=fGlNfwR%r^Y;N+UAdJp=6G6xY~$x7W0S^
znPi4QfZ-I+FOV2_;lzNG8g-;>mH45sD|bB{K}Ltc?LBEg#LS>|+fCOg!gg*YGZf*Z
zD0xF0B-g(Pzdz&3j^Gp7l1JCTlWK{larzkw{1za2aO?MYXw?y$Ic;e5=r{d}pZo|!
zXO`_pQ;fqDx?jo~rhU5-6#4Q>`n`m<n&<@g8<f296RYPs2S0a){<a%YG+Z1Q+y;vU
zPKTZ1VFa*F6dXg1=bmOI+HQsej*n5ZIQb8^<3D{<(+IwO3K`VUQeUUm$5OaeBd|v+
z!N?x8X?oI)ml|qgX{1IJnH=S<zH_R)wU<>rUj&j6LXtE~_8*I<EHB2=V3Zz+Ml{CF
zVBJic-K@$(j@}qrKSA2u?$Lr$3a%6nRLDJ_?r)e>YvegvCDS5NOVWbXl3y7C1XXuO
zr<WM7&=XQ8p7l&O{KdBt?4i)+-sN(2sY3Z&O$wWLcW=_}C$VkzlSr)I!o40%QH>f?
zalzscu5SB2$d*7TMftGmRb_EX#Pk|_>?`V?f1nx%tHFG*PWL$=6oHMlo!%A~FatrB
z0ctA(nUGks8gERV$Py^PUywI9MW>NzfW0wE=sZ7ANMO$9&&?RdpA<UQUZcnf+OA7)
zhOMxIF?76C9i!WqBYha{V8f)KJQ`#X>mEwbHU*qX!0dGO)@3?VxP4sxcaDDYX@Xh;
z>wTW1#X_CuyRO#e2PbW37Dq%GP7tz3fRp!IT1)<Ez>`#!{)PJeY*9+JR)V9RDulfr
zE@bjuIUiDVZ>HYz_DBbs4B7X8*6mXNw{9nY#R6m9jqZzXg%_0IUdX(AeDhmDyF|G<
z_F%r+DAE}}Q4d*^KJ8<Xc^JDkH&v`5isd^P3<N+3LeV<0e9_ki7zBZY*s)`w<2T#O
zEC#JCsFQuGCJ(2D0Y1D#VsBp(MnH!{0|yR!pG@q-tI$7BmP|iXmyB*?Qwr^S$A@bw
z5F(@yCR<H5#p9Sw)DmA}K_jw1iL`2@8HGd5t#~T<3tbi}l1qNH&+E(W%T<Hu=Lo**
zfrVN0l`a)<zWA|iiDIKQwN{SEE+BFq|8>{s8^a3YS+l$m1*y9v@A;=y)63f6{Wog{
z0Nc57!$bocgctpq0)5N1nNg*(PNLa<D7j9m5+1xf%#;saPgBW!^tvmn5KCF@-8SD(
zscfAk!VaQ=3(-cIAb4$D07T`bkT-Ru&KJIDZ$jNpm+ny$>Dam_16BHr+e@6R>~KOe
zQ@t|-xywfW>@Wg&^aF;Yn5FkEbz{!rkLSnrgti#S$I$q>5W;>_8h>o|%GUudQLFib
zgU?TlQVB&VWd2ae9M*a4R<nv+3K7<*N@@<cps*=?CS%8#Pp=JmA^A`M4ehy$DRIFf
zc|p=y8zX4}j7;7=_ZLlm?HF*CT*$v5p?=a6?bvv|!zJH-)9DsG?QUQwmX5|hjNynH
zLo%-yxqS606<bkdeMo{WADO8w>$4%kb;D8Y9x9_J;s(%VusKH0!=0~P50+M%B}C#r
zPl^_LRiLPjiTMmhc2f3(s_;$h`jDA+&Y@PZ+CeA!-N%CZ^~2jr*DV95h)JYz9hBlP
zU4qiP|Jx;m3j+)!jL|&C3S&lja}i%J+2&SoFxKi8jF^=BG(kv%HJUGr<UBbH>w1Go
z{o;I--hNFN^nzbAPA)JfZ=Q@KYl?X>8vQN0V*^Dkj=i)GF6jPL+#-P8xHHLV`gb*4
zT0x_8OEw=)ZgMDML$PyFpUO>8OvUa_28mVH5iOC$kKu4xbX}y4;c``BJ}Zm~En%yh
zvTb1o%&dxcP_~AnKMb1%qpGLAsuVa2945Gy!0xlh2*sk^L-5Et06ZHZSUT~H)cfd3
zfY&+}C8#A8^5xJenw(waccAIq*Wj^^$8vt21S?g^ajISd6>3k>jX>IF+eD9gM^H+u
z5KiD%V}s@yY~9w$`zEyp0r_1h&~1ot1;cbsZ`=FXGB8CPVtC_RH4vG`Rdnc<ezz8W
z*I{sv{JmQ$+PhCgp)YN&S~h0X?vibgztAKF$U7iqwFxRwXfbRiIecBuCvI1Y#7S|D
zkXBx#_0<P&B&P!kDx<NWQor?Gp+=KXhABeJD`8^I^$>rc4O!3XoGCh;a<z29YB(n6
z&GC2XZsPD2q&$twZZE04y_}peye1fWM>a!@>aCVE3s}JKCMA|f3)9*jr;m#bbT1^c
zt}JFhB%1@V-m61^d?|dys;fqXr#Xu64-xzyh@r!55o+(Ku)Vwe`M`^iY+g<Fe-9tP
zKOga`Eg?g|!;sJGWD_%*5+UPByhmE$?i-(JIr=0SWKN9~8lRQ*UaTV|3qcbw<A2}I
z^qH-ab0gb7sYhwM=w?Y`G#~&U9kum+`gk)u_&lIN{Zkmvy<~US0VVd4h+<)4orX%G
zL|w4C?miVhsu+Ua>)F7#I#A6=`WSWkGgFNHX>-G2XvtTJPnLX9k{!@Epf>Y=9=55v
z-siz;RSlx#Ev!78xY!Bdea9~LCQq(zL7O)B6$^np<a-D@u^yEDrHjoYkjgn-OFdN#
zdP6NtwkT)|Y0&_H@OIlGwcNNGEB&$Br+q*eR!c}2*wl{xGnWFQE-_+CL`t-b(RzHk
z7+6ZQ%{ld+3HISD2NX|=y~sz2Pw@J^o^a->BVW@}M(1MiukU!MW!D!Wc#eu0syX~H
zYH)}>8vm#RxBgG}_D>f;_$Ca5Lei$PwOIXwP#Jgi0|4HFYu(9*j+cH-*7k&AKu-)3
z2eG7FcPNmiQYu@z*$PTlq{E0x0K2wmAZ+CSpgaGxLjYogSC)pc*Cjiy=VKbWp1Ix}
zrl%7<Bl$|HY(`Chhzl@IPoZ=?NF0fpyDt6aiI>`CKlwuhh&RvY*5^%m1533kePnNY
zE@}mB_QeX+&NgI%y|n`}1Pl9PJod(_n?6plDGBZD;7lj;aQ~aI{kIbXCRw-?RlsZ_
zF0qMa7>zJViW{3}V0iuHH9GUsoXWcA_8s+|ep4^i%q>w=)VC5ptL>&wYW>jKlG2<&
znlk1=8hbQ)gZp8qmfaG!^B<NqW|b0ZonKTU21u}DS!<h+zd*)6KTODcylx9_Dj>Is
zXVhy|d?BX_NoU)A8YJZ>8W~3~PhgY-&XywFfZa1aW;;{UW^eJGS3|bZ{jsSc@{5H8
z5>Dl}sMPv>g2CLdi|=RVasm%|EM`i;K#UD>NBkJ7z<sd8UP|599hz@sB2br5XR9DS
z_+KV(G6I#?IRDSHR0Rn)mRy=22X<%Fiayv(9Z=rZXvAw*`7=%?cK{Vro=Rl&ujla?
zL5$XnTMg@Cm<i|O@19i3swciwij-&+p_mPTQviZSd51`)m?nKf^F!o+N%4QZ-Wp8d
z*8bLewBcG1nA-FXHxD4B&UCl5a@<hTK6t{ASvbu95(DpugHJaG;|JABuzZ_btv5y%
zd8nl7z`<Nz2$J^T{Q9)J^RGZ4goJD&Em07*qb#PUE8=2%fRS>4JjNr8ayu3iRWSZr
z{$QCT)4vY4{}{pk@hCmgP%mN<K93)>B<VE&&)7|;O;+K|v$F1M2VOZcFZ7%%_AMeR
z0?Hg0o=W~*u4r{<E^uYc|2;*xE?@y(49URfZ(%EWP@N%NU1r`z!IBC$_SADYHlF}Z
z=G@R2_`&~la=+>{;4utr^^5+`2QHo8vhbM;T4cewh7%d)&O2zWeevZR6L(;MS3IAr
zjMKwHOu$>^#CO=fzq3==J4|Nt^qB^UPM&itCLZaRzti`|Peh~Q*qiL;)$pZ0D4TtN
ztEk<WGSW)Ezl#O#Gh6rI{WE_PJ;iIjqWW<*2jx3vuedxDn8^OV4`5|IA29Lx9=IDZ
z8G)eDy(!918!)BdA`5|cXBme)vD8P;qljp9m;$;&=BbCJ0v<IhK>Z=n%5&a0;uE+J
zNZ=`G1B7J|p9dZ_TA+f^b>3&h1O=?nfIG;=61b@{ux|=89yKjpz`YSeE_iI3mj60k
zEBYy9mx+*l-5!nk9r*k>!NGv@&hGN~b8~F<KR!A-xgz~s+>Ux+y78Q?2E5K-hQf@`
zML9?tV^FuFfVNr`F_pi&GZlCYj8?7j!Xwu8|1SLnt*L(%@_z#GUJKWsDKfwlO^~LX
z(b!F%51yTkF8X-se$@S*@7M27e;>cQELP5cVocBy53w_qh?P1RaR`h|7t6-e)7PH@
zZkkYuyrd%Z{#Wnp@A{fwjRP0COj7%5zo^CtUqW$UI;c|c?+|z|<`S=;OO7}nUj#hE
zk6TK7srPIzA(aH#^9hHZ-+-rcOh%ylgL8AOSJgdNy*oj+_vY3ID=*!8`s=IoB$boN
zlRnA&yWGu@>BQ@Oj|Z2Q{y*6}+Z<H+e0n0>-_AJ?v=?M^y8esIn|m}mzF3;z$ud&}
z4bFA}?+Z`|HifR-d<|S3!1Mq2ebJq(W{E#+{~;i4h!)%^Tm?0u9m{>@c%&Y$4_5J4
z>$jg5qkmbs!s+{-f{*&KcRp`CF7%pdK5*_BBi7*}9i1!-Qttt8_YhL`(O4O3T$cRc
z3&*^OFL!sBZ+%hu{hh6D)uMUobLSa;EGhEE3_qxdfH~)Zi@@7Yr#}TA%&Zk{yKjl-
z+#pk(uJ?_=J=2etgA!Qx^g}NGZyKED3)oBIGzU~bc!8^m{h^tD9rHlvbws|>xR}{n
z(4=m6gil=m@7l|^1wBK*e^a05@o?#swoeBv%<%;89Yu!XXZQaHuRAw;`xi&x<u4vV
z%c_DNS$|P160zZ31x<T4Pab^nS@cgOr1E1y{jIB)cQns%_rg;?@qh~V>A%0fKN*{P
zYES9sZGN%tYyDVG<uCJ?=wq%~#67=By{xIK>gOlXo$KB#!XE*7OafMu)oOi!S>{f@
z*sl14mv!V~?@UzYfB1QxkmGyJsir=;d*$yQKaN-`gpvrrSyL{MNx&R<W#jTYb3UpD
lE^3+NGWE90waNt_>x-5-O!PZ{aux#+c)I$ztaD0e0sxLieS!c0
literal 12687
zcmb7r2Ut@}w{{flQdATKDGCbGn;;0`fCAE`h)7jBNKtwTU_+!vklrE$h=7PRkrq^>
z2O?GJf)I-I&_ewep6@&7e*eAybI-qdOm_C3*)y|d&AZ<9&NldlrZUZ8=EDdCf=1=~
zH5~+kN*m6x2lv9~=uIjY_@cIv*N{gb3eZP3@9u-&92VDgG!O`%3kbx+rwGJ4TzWWx
zK)4Gd5L0&$2<dnPg7JQGxwZ`4*l(_;d=0U)`}e8}_Y#5Flj@^q;HGoeljFXNv$dUr
z6^EPmeJc(x$NLDx<?wJlBbOSEqnqC@`cU&9dW8PTy!kD`e`U?&?v=GJ^_DLxf8?47
z>|Lj<XVC?W#9t>xTdDS_9@gi-Q1a->PHB(*akH179iC(h)Sa?295-t_B6eWPPM9+J
zBEICyNBP=VYK{XUZ;$r|Wj+gjLU;WRmt?}Z+^F8b024PFsf$W44kfGE(|vo&@izS2
z!nr45NUyVpKF8mwY)+&eic-o5oQ^KL{7A@C;Fe;}sf)pfF4XDw9%STYaN08;_=$$w
z_-xqa^U@K~*^K*siR#EkcZqj7N&45w@fq|8oA!QHHy$Lj%D4@9;IN*kD-9Y0lW#R=
z{M&M0HI}keen<06Wbc_w*PCwcS6k!bRbPs(sxkj4VHqk>uWiDf_?6F~G_x)Kxo+Ez
zJn{UDm%`)cKjJ?G3$hqz)|H5i#0p~1$i{hJYd^N0O3sinyQG^d9-7`pba4JdE3mzL
z+SgNk3TJD4Y2^9Dr|vSzFR~G-r<o`2N6j9X^g80jza08U3uE8X%rpCx#UnQEELHpF
zH7>#2?QwR|)Z0T$_e?|}1XxwB$?JLb&J6VE>h|Cd%x}?+Msj0N^PhtJ-@T9FZ7M9Q
zy%>_tlUv~69J+7pzI)J9`FHaB(xl9P?K3je);>c&j(z={=di$giRX_Scp79_4qp8n
z?QOU^?CF!@7xf3WzR$5^NNbBNY9_U?sA$nDuL}DS`hd8Ted7MX-IEuT-#;g<k*vEX
z{3j>Iso;C<$SQfy?gdfy-A|5x_T&Gn@So58hfn^GV*gt+o2CguWv}-KDx}@uVK`hO
zemH^dU*~_F1QLS&yc?)My863Vpu$=5zfRI#P<AWs)@eZf>x9P=`R5fL22u9kxBkn?
zRDL35wtIC&gHYZ-dpdOHX1?aO7M;<4b&2}gDG%iNal6n)5>qF!$)@7=H^)M$sRQ+t
zqj9Dl{FPXNxn;3aeM4$f6O$8Rjh3zr&9)`udc{mTe(8;*2~4tvV2()qn<Y1w*2SD#
zapdB_Zt~!rH#00hE95UZ#QSz<k5$+gOVP%3cXZ_DOKV8f7jU<@Q~kV<?`Y!Jb<vEj
zt7Bz#kx{2z=1!qhPPx+P3A5!X=vLJ;Bywz&=qwu>lkeSbn>~A4b|oWWTgAEf>(c4a
zya%@FugYu2b8{y*z9n^uNOwt?zp76_vq-z^>IZd@+)Bck1of(Z7RmnlI%Q38l1z#(
zVvt-Jrh2k#)K0VWWRurE^-R9b!btxsYb#Z$BKj9Yh00HhS-csmO4X9us*KV1TKDF|
ze3z4IX1d3oG9uRhddBpQ5M4}nMZZ&>fr_r2M%h*tF2nm(&b_B1-QqI0+hzXP(QB8v
z(Ju29X@4h7)?3mTF5P>7#pKC)&w&;y=lykgwBx={BD=*L->Nk5{w_U)Emtc<1=#
zBa`oU(HF*gy8YklnKsfYBT3aaztu1``>jaqC|+@F9(JK&Ax%6W{oIddO9WGK1PnJS
zUeX$*5vwD31fkNqhAqQneXca%I+wyl>Z}P8Xik-T{sVH>?w8%gtk=1H+|RdA5wDc!
zUdZhj%X%@jFx4NnAS3Azj}=cg))SMs=TUKc<MpuJ#)e&yW4HPEBeckhey-3xR%Qu;
zNS#;WwLkszi`Wph^hsF3uS+JC)p@=SiEQIY-)1JUo--b}P|t=1!Z+c|^16iq_AX*8
z@(KBs?hP&RJtU^>OSubgh3X83li1J{wIN#3I<N6Fndymm5uZ)9ZwD>Hq#I>)jt$Wy
zb#z@3Df)x-^PWWC8L*aYRL@?aAW?RUX-&U5Ip6KXb-NH5a)Kl6%a%_}KV@IB-4k?X
zH4huxY9}pBX>M=Eis-j(4{mgc)GaCHDwFtL&)x~U>AoZO!OXvB(yh$7dQwF&#}4Mw
zMgc4tIxyL06a0IP**99_3H3CBrM^v;nNGsqRkQ3xS4_tFh88qMQzf!mB-p6UR>Imp
z%#Vl-eShQKAbhJ^`b$x7Koq4{>8MkkD7&N=E<NXMB-jPIecA#n&7ML@b+;#*6^~cj
z%9&AGZAeKHeQRE&9!<8wx5pCZtW6{>rWczvU$(U6Tv{WbVoW%l>cDb~UhdJusq0NB
zR;+GVL7Xghk+AyC>JFZ^vd`Iv$>Qp|6x)LK?-jol_;$QPyYG^;qj^}*nbux2tdfg%
zc+aeD*VM&yJ6zae#$u&z^OIMwNSRXFTjCiLD7MeQ4aGmJMUHWbV%kVd?Zn&DnsrPw
zIAW@BMEO^wAo+olBsqaH@$igqyLt*%Jfum?Z1uZ1&AaXuw3P7<p{ba3_sPPHuWWc4
z`P1!+4lCi?L-=p2TCL^%PHg#Az9PPLHpWh?ljC_ZWLd`mA`_Ov5_BOkh&w5WJ0Cwa
zS{3Z7e<fVh7l-;2s??;&3-TXR7f#oG|FvB(nx6PsQr0bHs5w=;s;!9$yTRqJ!D3Q=
znmkb)Tpl4<H65Q^#4k$L&Nr(0@dXM6HD9tR2{0zHBwebW>e5JX05{ZHy{@?9HIQPg
z=Zaq(Nbb@sSpF$GG_XEc9oMN%A)tEXE=ifp-l{5J|MZ}uBW6qY1QEsHXd|!!wyruM
z7FN(+`UKU|d(oord7A(IO(n;;&D|$Eaz2Y)T_36Q-~L=BW(Mw))S;M`EIRarv<LZk
zQ$H7n|A@J=?Ra$6Uw3EiO@fF=(OVYG>EEN=KAtdlGvCRr?hB^Xz~O{zER1t-;dDjE
zvVYU{F_((TSkqJq+oNq$_nFnZ;a;r`GPg$RUO|U_y>&}8hn$bYs*+==Ob5YJ)@*Jq
ztZR6*=FMhr#jPsoxIO_ha=i(0bv3H|{jn!CV=m?W8Z|G2RDXGsuo03o`O59)o)MZ!
zr%a1b4!2B^W~^1mDwAHk-FYe0iYC7Bj~I%0N%`<d<U&B^pFt$ng@pa`RYdycS{80(
z;9Xx!d0mzmyX1#~omiIj3)boqK{Ae;RT-@$H<3EtK^k8hd|XvIONoiz;x%_1{u}3n
z0c)$~Kxcr9?2zx1Hj*2qvZ$ooW=Y9$6=n<9tRZ(E+WR!@HW}U>BtUg??wNpx4RI|D
zWrP$nb0_iyNNsxFl@T4<4N1@Wi6|dz;LwX^&L54KA^#jg93a(eObi_j-Q;+(;Oa}y
zntffYLgmVov4?KMKSO8R0xD;nm{TpowmK!kh(~{iz<`*70UK6BEC5E)_mn)t8oIIY
z=z>wsRL@_&r!5$B`?6Uk4K-|Bv^8peQ16_MEVwPUg*?;3;b{~*+^bB(CU>v>viPuD
z+2jI5Ez}>~oblxWRZ8L9wQ<$k(Ra2(J^XPwgSL)rsY~C(Au2iDNk)&G`gN(qeF7(o
zUG<@8Z~;)e>iatGR4>M^HZM%D@ZDn_VWem<3v}A8uSQ8rT0j`)sf{hAX>?9}P|-uy
z%-g)~6J5KVe~ViPeXHKNwqZNFap6~ZWASoC+eOt;{h*=;wvV-(yQXF|83){Se(~w2
z|0V;5Bj3o4zHQrw$H*g<=k>`|xPX#X=HI;Hf1n0`Q;vVgG+t2tA{~F7{LMaI%iSb(
z?DDaXIwH=bqTMXwqs}A30r-CS`xDWCg7bg+qX89gw5Z2HBB=_;60THvceiS_8Htad
zUvJk_&1*wW+Lx49R}We2my@f0@q*q*28n!ogC|zVto3SN&dpqg!;1Ir<#yS#GBfM&
zFjRQV6dLCFRQWf@3LFmnOe8vwx2DVuR$(b>s;Zk?Tl?e<s(hB0e|@W3t+zO#nyIre
z_ujEDYu;t7>16K-pR>Wi!6qgq`ni|H#B|ecbar-54^|}+EAQ4kV-zwq$m?!sxE`o*
zSD5LI{x7UDn&EIQg*;wW`dUAiqCK)k+mU$W@ZpKcsjl2xd4{z+%O4+66&s?lvQkni
zx`L*a4YzoPRC=|NyAkt2VhQSp14pWNHmbdo@^A1we)7b-qMm!5Lh;*L{+5!GGRSx6
z@L?E`fPet>=HkUhtfEPoOD6GsTxp2EzrRtbli&7cS>@fhQo_CNH)TG{IbHU$p0mjc
zX={@>40LaFG(#cnd%1fqQ9$tPyAHXT{xaRcR`Oguw^r&``^m{4KR5(TwYBASdwY9r
zo0{W<7{4F>IF~|sYgR3I@N<?%l7wR~*TK&rC;5sEXR7mV(c?E4)qIjM7@>oYIS!)P
zWYaJ5>A#_;KFh<?U|&Le^e9|biR!X9srIkpIA|8Iwd^_M$9-^bZCqj^vpoIg=4Mn>
zRIGr}g@X#--evXMUJfIh6mmjB!r8NDA9K9c%OMa5pFe+wPXa-`S6udOe!f|OIXHC#
zfv}0$p|H!-pF4Ms$K}xD`Nc7{5<`K53aYA2r9=LF&_-c?^|m2BbrWiJZitb3cxkd@
z(5NzC2PvmoT*j#!G0&QHiH{+qtxa2+14fDq5KU@X5{*&K+_XLN_&!X1;-cBkvYB{b
zKJWSSf$ta50h?5~O9&Kgf)@SLuU~K2kARmM8ul)ZHSd$Z{9uF{6Q7W9nw3=}yt2_U
zDnBhRFPynNI+`K3%TQlGHX$Lq&357!r<j<Sq~tf7zGkD^FJG<&Dik>Mh+^9sSUd(r
z$y=wHnWf#Q7<TrbW@pEpMmarr^em;cD_Yb}a(#V$!i<xXbJEORI;G2gW^N9Lli_S<
zJN)>@&6_13^%2|gg!&zs<J7~Q*}7yayioOKJCO(-ou9w&O*%n6yuSQPhCJyeP0_(=
zri46y&cx0>RB|tl<6uloOy!~PmEJ{Qedov9IX^M75sCY^_1NA=t7dW>T+EW+4yK`@
zIZ1uj&8^dhL@raLXfOV8?-aFsp1$vN-AisQYWY{O&$r9RW)8ZitSm1ds$O)`M<9?j
z1Z9onM$1JqS(k_5RH)+Mtm6>gg#PLJx(|hU0=+ZV9JfKCEZj}c$>Ei!$M0<WQj*ym
z^DA$vYiedW)1wK>0^~?eWor2ko^z>0!nkYb5%KBDJX3J^HrwdAx-Va-oxhV87e^Dc
z(r&10X*E}$_J;1Ad?+VMcK7u39T!d=?CtB@Cx2a4wYSn+Y-ht7a04J<V<c1vJTEaR
z=^|M+VB47fX=kV2df2fipZ>s>7Znv1Tg%DG4XV>)k_=EJGMVhVG|?7(g4=fbdj)1L
zHy@wwe<?=wl9}Al-UMfOBCNFAMb<6hERr&!>@(`_?j@BoeT7y>N^U&nm>#Oe<c~w0
z<J5P(yw>X314f${Z|0d+CB9eSBq0!(yQCt+Jn`4<?d=LJ&R4J2{H#Z36VY|D2gAMI
zK&kSRYr<_nJHb}@#$^g3_Z%DuoMg(zM!r#L1T(R*v5~F?g=Fzq=eAD{SQ|dzO{(x(
zI2Wh}0|*ERNTs~KTkSed8*baCn@T}B?fZcypxj0l(Lu^2H7zYz6OAvqZ{?ewq#mB`
zDcU4!opr8xMiWip<>loe-{wCxh`xF2mhynJtE(&73i;a{Kl@-le@#rxx1s=T1^`JE
z(hN%MyI_3=S>vm>W}NLy4D<AxgEH(|+}+)ad!gqYp^3@K8S>OmKD~1pQ)QlhwVW&$
zU`qcKT<5J}$<(j>>a3r2w@w~ACT}!3Ir+(s27z%TVK3yCmE9iP6g0ypn~f_^unYrk
z0tzoW1p-5w9j*yle3oL^`RWx%xKa^{;u5IP_Wk=>S_09gMsvq)tSJWWux;~@{U~E`
z;yTwhy1~L`DS+gi8Qd2x0Hm_Y`sn>-l%?_Jg`f4gIXNz_t|f*u{rzWB-fXsuM{MJV
zF*|uirR{DiQA*0n5GabQ!y&A&vSzAHOifLhTUhLqf3?9aedP*#hdv$)IO5}MzL4PD
zQ)mU91=l!6omN#faE08)Eph46P5P%HA%_#MySBSO-4v~$W9^&y^^1>(=Z8jWm;IPl
znKGKK&Bv+#!$Q|Bvo?AUZEfxQ_l4^`_WU5mQ20+Z7g{w#^y_iR^2awdsba7vHv1l7
zMUrc6;Aaz{$<#c#71b#k7ZY>n@r%?{%@abVm9`~@Lsh=q)r8rr^&a`ARZaQVGV02(
z*qWauyUr<!G0a1HOf!Yg&kj~?1njH^h`c|7u_N{2{We-tU{D6{9eO@~`~%RL<6vZD
zWQFHkmh1XBCLqgK^ziRvd!@8`LC|k~^InNzpu(rQ;a90E5GPV(yca`-@UIBU*ko99
zSG?wbG{x{``zFsdqLSYE|5!#XNuJ-jI2lQyWk)8*#3(ivR#)%ThB9`(7$cF|y`Gxp
zn{ki<F=T~y547hWO-~YQ&C{xPY$a{!r6BCTdiC&GlBDw>L2eU1GqUb_c*Jf;jOI$C
z)`T6$wzoDe=k597+KhsTI?;yhe8(>B)_^4wsbFOpmqjsqtT$s4ztWYbI=i_=&ko0@
zq%1d}`bwSUycfB)N&?1PSpg49p)aKNZ`3B&kY*%u&%5R)hK7dBL{#x4K!%SL#9TOJ
zWo4HJlo?BoJiei;OWs-?Y8Jx~^AMXN3FyUoQcIHE^-c$g`nozD<<47XewRc<<bz+7
zPe3%T@?D*%j0@-l5L?T10e;evr4hY1PQWNOGE)9(d0=2*^a@a#*#}d^(nGmji7_$D
z@~ii6m^uIoG&H=hLHh4pyL<Pnv)Svh!?d)q2X3GR7O`Jo;i4}z+LuU(i+@$a@^Mm}
z`+=j}%+){i`2O(cefG*(Sy|vlO4tI!JhlWhwjym00+~xtris?c&PeiLY(?FAYkZ9Q
zEFWKJYD8GryvUjL+&)gScX8F?{@7k}2TqIp%w$j$d};k_+SN``#*-)8N<T81p%!ZB
z<mO|19Uy9%q*9=j37yZ|+y2b*sR;>bJ+=&?)>+#TKYsi;$)|6Sr;i3i=R;I`l8n||
zHA^|RxbOXtwQ)gmZ$FxdLLv|bqF>)p{cl3r|E0S9S^U3N`iK!DPwukEJK6D)zcs>-
zQU92h1{|_3>KVSzFGC~{j?yx~Q&1y>Teoi~q@?(f2nlIvX^Mh6w{GFuY@Y=Mowm4o
z^{SMV)UGpVc~lHcx;3%iFDoni_SVFAWja9#n~;>0<UFRI+coCmt)7wBU*U;PeP3ES
zJ~|p56XW-lPe4dW4z)I4&zjla-w&R#h|A2(1SWJuXvC%LjeahwX>`=m*w|Q2P0h+`
ztPQK|JcQR+cw1R1Gk$AssQR0&_{_}AWtdCEkC#^X#YGpDsFmrS6RfOxI@#(MI?Q8z
z7DfWORJOLZ!U`<vBUGZkP~C8F;Fl%QeNc-N9H{WjFD}-L%9xzA!`w?vOpM~1gf`eZ
z%&L6Ot3;`07WU1A6<iIXRf&p@j9icxT8T6Bm-63St7q*8?En7VU>o=qj$1R?!0XuD
zEpXMCs3;vHBR&-!7Z(>jz0OBe2be4%UNMJXIKO*XIXFzOE&M!m=+Iw%7PD!+9@W|1
zEg>v?f2#9ho<3MCS3mdX$VjSOfTo|z0Xnv@;NUWk8ABZ%9k7J5@&O{ssnjSBjB2lH
zL7`Bh3AAi7*Xcq+Ld2Oh?0+9X&|n-F4?&Z)b#>dDWa8M^7;|`?b<x=PIOG6VfZLrq
zbNci}aCe9fp`m<yd{_dvN;^biR@xxd%yfc{ICDpPyB=>>s;uv`XU`x+{QP~a&JOhT
z_5E5XhEQ|%>|GZZ9c-JWrKPQSBG^}?E+jP6!rUCX3VpeEkB>D0ya95D*RNlPg@qLq
z6ab@*Q9a4XSZYH|g##u*n;%;flbqb&-Cf6Y#dqb661Jzp(^*T4ZiY+C*`vZFDx<ty
zI#1u|_U%R{0Mu7X*t=o1wY97=Uhm$&@1F4>|LALPf9%Q(o{H2Uv9Pj+hlgi6;kvu^
zv2F1%9mdAVQBlVk8I>tvi{Yx7<*wrqs+moVjl&6ZFq@HF*@cBs(&Ke?b<ktLIcQjx
ziHYe2*F_15_r=BHz{zE0Q@Xup`^#i~SH9HM4OVz+MRDbJ`E0H|C@~ypZ$GD^<L|#s
zAcS$L1ktf?FVwSR)6;p#VEfFhETs41wM?Db`g$8n%g(N@^W5CuIy=Ew)6)*B)}FKd
z+PPiI5oZ>>d`7+;0uIqJ$s@!j>l3{`43-D)d0kVOmi8!u0JC|M_vV8KfL^-|*xf93
z9_qFgzkT~Q<S=0&A?b{oc9#VN^0Kp4qA~!_>uYQMcD7cdAO8CF%Pw$WU;v~vdwZZb
zs!<tNJZFVruwV<FY&{VX5rz$0qszG6CDdVw2XBB`0$*BN^J4DHY~_a8I(f2InHz{!
zP<%X79n*P%R7!hC$9WYX?Ld}$OP$%t%zZKFt|qaerKKfUQy0%Rim_ubizk*TDp7iR
zdR!{)z!SMtdLfQ}dU60<TU1okP1;09C(1A{mg}N`Ksfqi77kZmU+*guV}l2_pz5HN
zDwAf}-P_AcL_we2_LwOt?XNmzcvDG935Ale!XIH2oR`(h)&oDfnXMNl64yNDQYKU9
zk(--)UM0PrHV9i-C<>#KmQEBQxk)=p^g-)fDmi(1nOM)2>D$R2;4t%cqC?OlFf9O#
zy!<0B6$ag==4LTbQGYSAwo-6-xQ3=?L}=(sE<1Dca}p8~0s<}O1z)KS8w@7w4#m#S
zjyXIlJ^gXi&|sBsm;Lhe^cyafI3Y8Mq!!*7UOv9u^73^^l{$$q>ltmfTq-`xQ#aMs
z)s>X$%3Q~}RG3enhS8-FAe;c}WIS=gb>iz;G!7}o?p~b&=~ZvZy+uM?TpUh6Hz_gE
z+}ymdu<$iz4j2Or4WJ=|p!})$!-o$U85xz8$sUDo-wKL}y>t?Z<O-%cr5lIS#PNZ3
zBO;s}9W$Reml$4R)^KtXbocJ=0>xO5_oj-<p;kLE#F}`5R&E!tp``Nc2sYU%H|Z0{
zk8`PnL`1}LWoKkqJ|ZYr83VTqD~OCdrV<4l2mrzEay;9O3&6e}Jb1txGu54E6isVq
zpqr;JR(JfwiOJ(N;AuBLt7&TbQx-G1R9aeEAXK=~oUy{=@yPPT8+rP=^=#~1j!sT1
zUaASs4i4(66o49FU^ty@TO(M<Zk90JE3*Rts4#X|nzi+SBoh-8kWMwBroWxNqY|~a
zxY+OH3Esg<0K-o$ufKlHGexloD;sc%QC;4oxQ5n7MMrZ1mBn7<<uwm8!J`t)(k5KW
zAby=!VP<0bC`AJnz+5073#~o3<IR9JW1`%+@G@9X^(P&wu*ZSy*k&u<v^pbM+Hgye
z^PNXU%KKjnZb--|d3ktVJ+Mc!M=pF9G3<iu81UKH_>6|z<ui+z{+Dy_n#Ul$-kgM~
z9vK;#;C7HPjq8{k)x~ejRsgglf8BM#V6ma7NSNZNDAAz~%INqwkfsY<T>Og%b|4Kn
zbK(RUA_m=nY*I^XYASx7rVJ7j@EM;fwmI08{?{hpe{h0-_(OE)fN+93V1x4yt+y2w
zeU_rbVqk|e_zRH63YiacA{(6tD<LUY#;({%B9Ysq7M3qa#M<a1I<pf9%rN7^0UP}6
ztP?6KuDz#wU?BV_)TZC9O%xiTYehljPgjbgf6(kh6!Rhi0?|iB*)=a!rXe2c??WWe
zv0EqGBM`PXcQ-q6fZm2D5thi0+52}d!R@coRB&m{;e)Z@8EQ);D*i#v9s~-Ndz^t`
zX@0my3tt8%EhrF~s}Eh+DOSUL-P%~~>+SW&I3~1^0I7Lmny3!YZl>lJR8(yA6xr-F
zGUw#x8W|Z)K7b?<2&|)Ho=oNY_wP+V+#d#+s-~s}H3FUmf*3L7%D4W00(beqEGQ5F
zG)pThJ`Psa)>-e~eVy?jmhzuIbB13)ASE$zvCP5GZ|is?N>^8xj!ovWD@onLf|Hfu
z4-yp&`dYT$sZ*zX)TgJX^>VvTg$9a{T*^A_-PP2ZM@qZ8yDx;Kx7jXvRbEGWP8Jn{
zvQ}h6+(!2C3J9E3EXc{Rhv2%6-wfz0uu%5!SWy;oD(wR%0|<B80uoM!T9Du}b)YZm
z+8J-&s58|5_;ClumZ{Uz)uq^|o~^gOu@Ut2>GO00J-uu9`aV3s>STvKe@?Hs00vy7
z0V?3!|KY(SD;sNTkLmAcL(;3Op?WpZ3VlYZkU`YU$fytS2e@2?Rr9G#om~!6Wr}`J
zmq3U3n$tiP3$8pwD;SqsSg6BLo1J|zuGy-<;F>nSkPwcI8P}mQgazFPbzUM#1K$df
z0dlpudWL<YM;4u}DhBW$1slhscjgXi;yPwL`er<~T{~cWz8A4=6I%hiYyBq-sjBK4
z8&$T;!<4Wxc4fwb-T^W7+Z`i7Lr@PY29Q!xW$~=@@f~9>5LJVMg07@!QZ`144%CmY
zZh+)hj~5_4*HBk~o_<+eoGT!cEW1KcfRu6X-o1bqHa0k(kWK;V%a?gV%&n}>TkwmE
zi%U!Qj=6yQxc};&=_^HxKt^(mp8k$#Lch~0NO+7)OxJO5c|t&w3@ZR3;9`s_r2@>4
z0!~DUwF(2OwSWJ9q~Ch<Afpui4Ka-@XGSur_V+U|i0^T*4!g}C`|#mIppy%(y)z!@
zurPwB^%}}^z)4azK0bba?Zt+SGk87%NhXwfldZKG6t(*+y~#^UZXO=**K(7S&us6;
zcr5mbw1aIEOv{9?I0pv@0RFgKrVeF&`5wAHtN;jerq0C>^J~|h>gQU8O}dqXONXYv
z*5mEy=$PE7^^Ie)fHM>T>N$*<j7;){XHTEr;GkC&5f_hEs9RgRY-Zp0-ccseYwnQe
z!iZu(zz!gr;S?c342T6zHbdw}(_sL=#j+i@=O9z^^nWmZ3yZHKXD=0%w`cY$?OL)c
zNX?5siR^MdOV{zluCA^}j~*5O01{wp4h!YR4f>XVA0PMl;QYzYBf;kZi92Y4TD5-x
zQi;S*&&>raPj&5!7zL3Oh%}Q0gbom$M}u`4YByHrDvSlS830{WIzYFo`TUv5Vt9BM
z<qFND^CY&AfDr_zUynN=<F~HIP#YY4C=pjymZ1CxrkR$GE;QW>9-W%XhJJp|Y^7oj
zztLfX%+u!!83{bXxE2jm)90n2NqL4I?<7M(j{}kz=GgaMd)7KE1?eZv!}I*qC@U_V
z$F$rn*!qM2);g?@$;#}U90js821MP62wF;XL_`D-PD?;atf<-j`}b{ZY(SRh2>~y0
zl}=d_xFRAleE)Ko5@+Dipc?r{B#?NdQ)WQ{PUra@mVtoSIYfx8{P^?)G>EC^QF2-C
zfK&D*y^uyi*r+owF!=tAh6Q9kV0SU9V<0J^W{+F&1FPcae^Xi-w_eW7!eZCzjHf8&
zcH#ZE67eynRX$zczA+v@9+jBb#H6O7L38wIr+o<(71j3kHY5?`nP3^Rw%}<NmOc<j
zc|sNz77X)N+B4PCd308ph^WC0t)T09`jV28N$OePiQsS0zt+~)=g*%5Ml90*ETBS;
z7x&FTXadFLcMdtfsyHYFnSYud@9In+uFF2(tXfk{T|)z;yxguSXc&}?kaRE5t!mGR
zu+2g4aM}V?jiuF9&x!#*KfiPyaPn9Yc#DEFWCR9}Qr5wB1gB3N%d&Iq)XM($i_&<t
zUWS9?A?@_8RC&(iq_B((Y@k3=`Yq2WE+vJPo}Qkaop|d*z>Ytg9!k*2)KoJ#+0+4~
zX`)q}0x1{Rpk&PkW}?5Pv2k*GTAb-9%s539!xQ2;HwgPEs@Jc-YPjw^2up}&|5XKr
zz3h1hoPkJ!Ct*@jGI8L5;CpaEiA42Kj+YGDU?>~7CJ>zj&zD~ny*eeyOOv|mEHTeE
z*Gk{4o;N#o>=>j(gJ^aniYH_Qh#at9n*B8m4bMN_p;s&@E{?YL+FTPMqSz`dMH42j
zfFKA*0)E?0lR3#E%(4GNq$k<Z#s+|0xNh2`qGtH3eTfzZIq>1ZPhd`dv%$(F?B*vX
z-{q+oo)EX8hb`7v5hu|6X60DZA3fTW$i&RtB&O=>TEr6qD+cNLaXh&*@;xBD_i9Xi
zZKT`XGjr?Z_lFgHeSH-b_tlCfet;D~!y>^?dM;AOQ{8T`($H`)JQvc!SRZwWxG+UZ
zk$3Q%km|D>J2w2l{KjKk^R(^s2S{9Oj;p?umzT$BVMwg!+zO>qS^=G=Y8ezGF)Y?a
zx3l#Y`-EUtZrtDqF$enHXbHZ5Lb2_Ru$NE;ywS7o{yKIPXeF2!4sff*pUq53bA)&y
z^1{B0Q^1(f;o-sQA3ziU9`drWb7%-nki_)#^Z;T_iP?lX_7>ZLyd<;t9C^>jISgfu
z=0s(WnI#E)oY4<=UmSm}=Kf-Rm`G_~3I?NP)(5SC+X3-hbjIxS2o|L`Nz>wa({O?S
zK(ywm@8skJ(xk;3pdEm_92|G*BUtzB*%M8vT(!g#fZ}t7q-)}^IMj_8Q4Dcw_3|}<
z3ZR>85Z<Q57s_CT7^{=6xRQ?Un390EMys9=SpSKZYY$y-;jCloE3!dX5{0<9M!_$B
zeai<G8&Xwi|4lD9x24sg0J)(^w~7IPQZ`RhI$BzY?&L05fg$Mzuz98B>f*v<@$}iV
z_QcZ`ohPJ3L>}yH`>|m!TDAZ5U7c;ykumiZN{WlCr;8YH8pp-f7pk2lYiseRyvobV
z1JMoEZ90$7wNgrJ*bo5~CIU<#q>G4=!`)+k{P^)}yN47vH#cf(>I~fOae$iI>*(^X
zRWawu`}XbgULuc;jym+cZ`lwLP>UP(^ze8K5%OnUcxTWTA&q;GeuRFn^b97!Ruq1<
zRVeumL=GSw@+YddR*afZgT9Lo5{Tp5zGu<_^ZbvfUA_8*CqzR-<F|i?HtvSl6N-^T
z6z$u$rDSB(rGn9KAvI`Mg$SY@m$O-_35gMS3U^4lX}*x4Anl<;!;+)xsIw&{C6MR(
z*Y1Gh-MPatP;fS2E`nW76YV+uy#Ru&&wPvI(AO`Un<#At6Txqga(l654q#h9&(F_8
z6k9mCZX7%7lQr}>a<$WkADj}?H>1xRqoSgMY66M8Qfvri^K7$81CxMWw+3dWtfXYC
z=kMSUW`2I)(%vIqklGC6M^La2JYR2(EI*Tj#}8T;wcTn=5VIjzi<OuJ(X#ID6R7#w
zmY^Z;nwoMcGX|Hkva$*jp;)+#HXH*w*WM19EC5G=|CUc_AM2@8?;-SbgJ4ppl&Ryr
zz3GjqxaJB`9Au;^w{qv|tyuhWfY>J(p~cqvGKh2V==3WJsM$jn)1X(mUF;kIv36^<
z0R;}M%Nw&Rr?9d@1JE*LuHz8FJ2=UWLyT3X0c4T}P`Pj98Q{=fULW4QyTMQ!8ygFB
z599;=TtJD*b8_W(M<me(pvux2WW0T=$)MQe3e*pvWME;E9LUAR1ztn0)ws}6?*2<b
zK>^}DZ0NyCxjV78w)XMk$8Y&&px*<ZDknbCX#xoWL@+>G9xSN%amROnlMLMHY-^J*
zMUaopP-20AW&Zry(eV-#bc^o6X2C#0Jrg!^8a!@tc^#6=^<ZZ7gv3ySeCfU7($doR
z?}3*!!OLd>JKMmSb##uK5O3YQc|OGa!Gi^0rm*35O?%0kO2+F8p0bx6wA9ViggHRd
zC9jQ@83y2ss}OI!f>a@H@PxqJGuR$KejN7D?G7*Z!<slF<pLsA@6ZsY{UHe8DJh^x
zL^I(jB$jfu;_7P5`ipDYyZd_-zu9*1tGaLq&ag#UexQT%)7RSPi_{&xy{eu+U_k>R
zkHoK`W>su$CqT@f^o4m?7`D@9V3+e(Pe8xbT^bCKzP73S4D<}xtgzi*e!vRPIxod-
zg&Z{D4KSN1=P!Rc3p?>k5s&}@cW)!W3V>-9kMykHCLQa0cb95l^0QQmW~NRfH>{u>
zy&TG*E^~3r&|Y=V-ln#SkIvqw6n9mV@{oztle^JEHK=XOrR_&PPY7TVZj0F3N|OEX
zWxUYs%mkaRf6D9CLNzY3NL?#NjyTsybL0p%)fIi#5MxvK{X0|jSvh|GFdHPKDeUZ8
z9h0f|<C<eqQZ!a;sSh0R^{lSpMqS;5@W<#Y=6@r9y1af!dNA0kv`^Nb8!h6ozGUZr
ztZK6$xy72i?MH%rW;FXwBD&FX{rLkfjGXOw0k>e>FKqs`otCXt$`KDFT`j7bd4lY>
zu=Yu+%5-k)_^9)U`QXC4ckk%7dM;6p08!J)?P7PEs2sYH)S@K!^{1>@0I1A<+t(XV
z%}wYU)UGQjAKm|CHUF3(i4dQf8Y|RL14-I$MlWR|$T&bt1#9^om(fY|BQ*rd5?N1J
z&GvGm-@EHG?uIdKZEa7VQg3b|e{hoH8c?tm)zHxJF?;uQ5J+q1BX2kTJF|t#koe|_
zAzt0w^HF(!0^R(xy}LQ^@5|0Sh|PeB+1ad}kP`_14$$H}Jy&fKDf4&hAVGeIc-goF
z$v8?E!4De=ElHA#X0J9YMcI*r%UuYBKRGEKa$Xt)|7-YK-8^;b&uR#STI$2AAQ}AA
z7gGM?C6+&5WqC)v$?k&ttoOF)!|sbOPF4mg)*2cJUN}F9*t_RAV)r%WJ@AJJvO`e+
zK1U#SWeRw+KI$1__tlu=@Xz?wp1(`J+WYU4RNAko{(X+X?pBi5y{e)D-?|nqR#r}~
zw$5&22b}8Q!g)7E12@aNZdTH82fh%Z!lL2=!j}YurSwFFr7uZJi-_<E3rh<N=PuFi
zcJJ>Bj?R{L*53c`3ccCyW1+&a-4?98?5w4)Iy*SK=-$6;VTBN(OWM2JpW}bsRD=>*
z*4D08ZV0i<c^~kcaF^+?yEp8-tQ-uk**QYz?VOzum&K*@boVR#_cFKtE+Zl##^7{|
z8_ID0^_-ioRxVea9pN!<f7(P)Q1EY?@HHg<)hRbSYinsO7dt3<*KM~+k<#4FEATM-
z-G{+{J@}8|?4xaHgL{nszV|=$SJPOH_}_~BXLo7uGUq@M=6^rszxMX;UUvK_{QWwV
NilXMVw+eS2{~z%Y!Ak%D
From 0b18db673a2f599b4230365c4599566e480f4bfe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rodrigo=20L=C3=B3pez=20Dato?=
<rodrigo.lopezdato@flagsmith.com>
Date: Tue, 11 Feb 2025 15:23:16 +0100
Subject: [PATCH 2/7] Broken link
---
.../docs/system-administration/authentication/01-SAML/index.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/docs/system-administration/authentication/01-SAML/index.mdx b/docs/docs/system-administration/authentication/01-SAML/index.mdx
index e8cc0c5f4bf6..001cae5df4b2 100644
--- a/docs/docs/system-administration/authentication/01-SAML/index.mdx
+++ b/docs/docs/system-administration/authentication/01-SAML/index.mdx
@@ -150,7 +150,7 @@ and authentication methods you want to allow for your users, and when would be a
restrictions.
If you are self-hosting Flagsmith, you can restrict authentication methods per email domain from
-[Django Admin](deployment/configuration/django-admin):
+[Django Admin](/deployment/configuration/django-admin):
1. On the Django Admin sidebar, click on "Domain auth methods".
2. Click "Add domain auth methods".
From 1cd73a6ab81badf383b4afe2eccc2f0548345d7b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rodrigo=20L=C3=B3pez=20Dato?=
<rodrigo.lopezdato@flagsmith.com>
Date: Tue, 11 Feb 2025 16:22:00 +0100
Subject: [PATCH 3/7] Separate docs for enforcing SSO
---
.../authentication/01-SAML/index.mdx | 26 ++++-----------
.../authentication/index.md | 32 +++++++++++++++++--
2 files changed, 36 insertions(+), 22 deletions(-)
diff --git a/docs/docs/system-administration/authentication/01-SAML/index.mdx b/docs/docs/system-administration/authentication/01-SAML/index.mdx
index 001cae5df4b2..41c2918be6d5 100644
--- a/docs/docs/system-administration/authentication/01-SAML/index.mdx
+++ b/docs/docs/system-administration/authentication/01-SAML/index.mdx
@@ -142,30 +142,16 @@ attribute mapping](#attribute-mapping).
## Force users to log in with SSO
-You can force users with specific email domains to always use certain authentication methods when they log in to any
-Flagsmith organisation.
+Once you have confirmed your SAML configuration is working, you can prevent users logging in using other authentication
+methods with any of these options:
-If you are using Flagsmith SaaS or private cloud, contact Flagsmith support. Make sure to mention which email domain(s)
-and authentication methods you want to allow for your users, and when would be a convenient time to enforce these
-restrictions.
-
-If you are self-hosting Flagsmith, you can restrict authentication methods per email domain from
-[Django Admin](/deployment/configuration/django-admin):
-
-1. On the Django Admin sidebar, click on "Domain auth methods".
-2. Click "Add domain auth methods".
-3. Enter the email domain that these restrictions should apply to, such as `example.com`.
-4. Select the authentication methods to allow for this email domain.
-5. Click "Save".
-
-Email and password authentication is enabled by default. You can disable password logins by setting the
-`PREVENT_EMAIL_PASSWORD` environment variable on the Flagsmith API. This will hide the username and password fields
-from the login screen. Note that this not disable password authentication for
-[Django Admin](/deployment/configuration/django-admin#email-and-password).
+* [Restrict authentication methods per email domain](/system-administration/authentication#domain-auth).
+* If you have a private Flagsmith instance,
+[disable password authentication](/system-administration/authentication#disable-password).
## Always use a specific SAML configuration
-When users click on "Single Sign-On" at the Flagsmith login screen, they will be prompted to enter the name of a
+When a user clicks on "Single Sign-On" at the Flagsmith login screen, they will be prompted to enter the name of a
SAML configuration. If you are self-hosting Flagsmith, you can skip this step and always use a specific SAML
configuration by setting up the `sso_idp`
[Flagsmith-on-Flagsmith](https://docs.flagsmith.com/deployment#running-flagsmith-on-flagsmith) flag. The text value of
diff --git a/docs/docs/system-administration/authentication/index.md b/docs/docs/system-administration/authentication/index.md
index e29376eb1943..f010c8fa6680 100644
--- a/docs/docs/system-administration/authentication/index.md
+++ b/docs/docs/system-administration/authentication/index.md
@@ -15,14 +15,42 @@ Flagsmith supports a variety of authentication methods for logging into the dash
## Two-factor authentication (2FA)
-Two-factor authentication requires a [Start-Up, Scale-Up or Enterprise subscription](https://flagsmith.com/pricing).
+Two-factor authentication requires a [Start-Up or Enterprise subscription](https://flagsmith.com/pricing).
## Enterprise single sign-on (SSO)
Using the following authentication methods requires an [Enterprise subscription](https://flagsmith.com/pricing):
-- [SAML](/system-administration/authentication/01-SAML/index.md)
+- [SAML](/system-administration/authentication/SAML)
- Active Directory (LDAP)
- Microsoft ADFS
Please get in touch in order to integrate with LDAP or ADFS.
+
+## Enforcing authentication methods per email domain {#domain-auth}
+
+You can force users with specific email domains to always use certain authentication methods when they log in to any
+Flagsmith organisation.
+
+If you are using Flagsmith SaaS or private cloud, contact Flagsmith support. Make sure to mention which email domain(s)
+and authentication methods you want to allow for your users, and when would be a convenient time to enforce these
+restrictions.
+
+If you are self-hosting Flagsmith, you can restrict authentication methods per email domain from
+[Django Admin](/deployment/configuration/django-admin):
+
+1. On the Django Admin sidebar, click on "Domain auth methods".
+2. Click "Add domain auth methods".
+3. Enter the email domain that these restrictions should apply to, such as `example.com`.
+4. Select the authentication methods to allow for this email domain.
+5. Click "Save".
+
+## Disabling password authentication {#disable-password}
+
+If you are self-hosting Flagsmith, you can disable password authentication by setting the `PREVENT_EMAIL_PASSWORD`
+environment variable on the Flagsmith API. This will also hide the username and password fields from the login screen.
+Note that this not disable password authentication for
+[Django Admin](/deployment/configuration/django-admin#email-and-password).
+
+If you have a private cloud Flagsmith instance, contact Flagsmith support to disable password authentication once
+you have successfully set up an alternative authentication method.
From 489e1ef0ee5fdb2236e8d63a40b523af2a8b16ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rodrigo=20L=C3=B3pez=20Dato?=
<rodrigo.lopezdato@flagsmith.com>
Date: Tue, 11 Feb 2025 16:27:37 +0100
Subject: [PATCH 4/7] configure configurations
---
.../docs/system-administration/authentication/01-SAML/index.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/docs/system-administration/authentication/01-SAML/index.mdx b/docs/docs/system-administration/authentication/01-SAML/index.mdx
index 41c2918be6d5..736f51f76162 100644
--- a/docs/docs/system-administration/authentication/01-SAML/index.mdx
+++ b/docs/docs/system-administration/authentication/01-SAML/index.mdx
@@ -51,7 +51,7 @@ This is an overview of the steps required to configure SAML SSO:
You can manage your Flagsmith SAML configurations from the Flagsmith dashboard. Click on your Flagsmith organisation
name in the top left, then go to **Organisation Settings** > **SAML**.
-You can configure multiple SAML configurations if you have multiple identity providers. In most cases, you will only
+You can create multiple SAML configurations if you have multiple identity providers. In most cases, you will only
need one.
When creating a SAML configuration, the following options are available:
From 40320ea6e43c41cb93882a45c4b25bcdfae8ee8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rodrigo=20L=C3=B3pez=20Dato?=
<rodrigo.lopezdato@flagsmith.com>
Date: Thu, 13 Feb 2025 13:53:51 +0100
Subject: [PATCH 5/7] Update
docs/docs/system-administration/authentication/index.md
Co-authored-by: Matthew Elwell <matthew.elwell@flagsmith.com>
---
docs/docs/system-administration/authentication/index.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/docs/system-administration/authentication/index.md b/docs/docs/system-administration/authentication/index.md
index f010c8fa6680..11a2e47c538f 100644
--- a/docs/docs/system-administration/authentication/index.md
+++ b/docs/docs/system-administration/authentication/index.md
@@ -49,7 +49,7 @@ If you are self-hosting Flagsmith, you can restrict authentication methods per e
If you are self-hosting Flagsmith, you can disable password authentication by setting the `PREVENT_EMAIL_PASSWORD`
environment variable on the Flagsmith API. This will also hide the username and password fields from the login screen.
-Note that this not disable password authentication for
+Note that this does not disable password authentication for
[Django Admin](/deployment/configuration/django-admin#email-and-password).
If you have a private cloud Flagsmith instance, contact Flagsmith support to disable password authentication once
From 0de3426baff42d23fc5415b77574591dd98b4a4d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rodrigo=20L=C3=B3pez=20Dato?=
<rodrigo.lopezdato@flagsmith.com>
Date: Fri, 14 Feb 2025 12:57:53 +0100
Subject: [PATCH 6/7] Improve SAML frontend URL explanation
---
.../authentication/01-SAML/index.mdx | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/docs/docs/system-administration/authentication/01-SAML/index.mdx b/docs/docs/system-administration/authentication/01-SAML/index.mdx
index 736f51f76162..9434167ec974 100644
--- a/docs/docs/system-administration/authentication/01-SAML/index.mdx
+++ b/docs/docs/system-administration/authentication/01-SAML/index.mdx
@@ -61,9 +61,6 @@ Flagsmith organisations and forms part of the URL that your identity provider wi
authentication. Users must type this name when clicking "Single Sign-On" at the login screen. It cannot be changed after
the SAML configuration is created.
-**Frontend URL**: (**Required**) The base URL of the Flagsmith dashboard. Users will be redirected here
-after authenticating successfully.
-
**Allow IdP-initiated**: If enabled, users will be able to log in directly from your identity provider without needing
to visit the Flagsmith login page.
@@ -74,6 +71,17 @@ configuration without it and come back to this step later.
Once your Flagsmith SAML configuration is created, you can download its SAML metadata by clicking "Download Service
Provider Metadata". Add this file to your identity provider to establish a trust relationship between it and Flagsmith.
+<details>
+
+ <summary>Additional options when self-hosting Flagsmith</summary>
+
+ **Frontend URL** should point to the base URL of the Flagsmith dashboard. It is automatically prefilled with the
+ URL of the dashboard you are currently using. You only need to change this if your users will access the Flagsmith
+ dashboard using a different URL than the one they are currently using—for example, if you are connecting to Flagsmith
+ via port forwarding or a VPN that your users do not typically use.
+
+</details>
+
### Assertion consumer service URL
Each Flagsmith SAML configuration has its own Assertion Consumer Service (ACS) URL, also known as single sign-on URL.
From 9224f79aa904df24b1c706347f60844420745e38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rodrigo=20L=C3=B3pez=20Dato?=
<rodrigo.lopezdato@flagsmith.com>
Date: Fri, 14 Feb 2025 12:58:42 +0100
Subject: [PATCH 7/7] Links to "contact support"
---
.../authentication/01-SAML/index.mdx | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/docs/docs/system-administration/authentication/01-SAML/index.mdx b/docs/docs/system-administration/authentication/01-SAML/index.mdx
index 9434167ec974..8cc91e711717 100644
--- a/docs/docs/system-administration/authentication/01-SAML/index.mdx
+++ b/docs/docs/system-administration/authentication/01-SAML/index.mdx
@@ -165,8 +165,8 @@ configuration by setting up the `sso_idp`
[Flagsmith-on-Flagsmith](https://docs.flagsmith.com/deployment#running-flagsmith-on-flagsmith) flag. The text value of
this flag should be the name of the SAML configuration to use.
-If you are using Flagsmith private cloud, contact Flagsmith support once you have created your SAML configuration and
-validated it works correctly.
+If you are using Flagsmith private cloud, [contact Flagsmith support](/support) once you have created your SAML
+configuration and validated it works correctly.
## Canonicalization methods
@@ -188,7 +188,7 @@ setting the `SAML_FORCE_SSL` environment variable to `True`.
## Troubleshooting
-If you need to contact Flagsmith support or an administrator for help with SSO logins, the best way is to record and
-share a
+If you need to [contact Flagsmith support](/support) or an administrator for help with SSO logins, the best way is to
+record and share a
[HAR file](https://support.zendesk.com/hc/en-us/articles/4408828867098-Generating-a-HAR-file-for-troubleshooting)
from your web browser where you try to log in to Flagsmith using your SAML identity provider.