From 67644ace878c4d67d1a0c48465dcc3abdac872ba Mon Sep 17 00:00:00 2001 From: Jens L Date: Thu, 13 Apr 2023 14:11:46 +0200 Subject: [PATCH] website/docs: prepare 2023.4 release notes (#5223) * website/docs: prepare 2023.4 release notes Signed-off-by: Jens Langhammer * add prompt preview Signed-off-by: Jens Langhammer * Apply suggestions from code review Co-authored-by: Tana M Berry Signed-off-by: Jens L. * Update website/docs/releases/2023/v2023.4.md Co-authored-by: Tana M Berry Signed-off-by: Jens L. * add new release to sidebar Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer Signed-off-by: Jens L. Co-authored-by: Tana M Berry --- Makefile | 2 + .../providers/{radius.md => radius/index.md} | 24 +++++--- website/docs/providers/radius/protocols.png | Bin 0 -> 32140 bytes .../docs/providers/{saml.md => saml/index.md} | 2 +- website/docs/releases/2023/v2023.3.md | 2 +- website/docs/releases/2023/v2023.4.md | 54 +++++++++++++++++- website/sidebars.js | 7 ++- 7 files changed, 76 insertions(+), 15 deletions(-) rename website/docs/providers/{radius.md => radius/index.md} (56%) create mode 100644 website/docs/providers/radius/protocols.png rename website/docs/providers/{saml.md => saml/index.md} (92%) diff --git a/Makefile b/Makefile index 49845df42..531619624 100644 --- a/Makefile +++ b/Makefile @@ -65,6 +65,7 @@ gen-build: gen-changelog: git log --pretty=format:" - %s" $(shell git describe --tags $(shell git rev-list --tags --max-count=1))...$(shell git branch --show-current) | sort > changelog.md + npx prettier --write changelog.md gen-diff: git show $(shell git describe --tags $(shell git rev-list --tags --max-count=1)):schema.yml > old_schema.yml @@ -75,6 +76,7 @@ gen-diff: --markdown /local/diff.md \ /local/old_schema.yml /local/schema.yml rm old_schema.yml + npx prettier --write diff.md gen-clean: rm -rf web/api/src/ diff --git a/website/docs/providers/radius.md b/website/docs/providers/radius/index.md similarity index 56% rename from website/docs/providers/radius.md rename to website/docs/providers/radius/index.md index 4065d5acb..4f71e65c7 100644 --- a/website/docs/providers/radius.md +++ b/website/docs/providers/radius/index.md @@ -9,18 +9,20 @@ This feature is still in technical preview, so please report any Bugs you run in You can configure a Radius Provider for applications that don't support any other protocols or require Radius. :::info -Note: This provider requires the deployment of the [Radius Outpost](../outposts/) +This provider requires the deployment of the [RADIUS Outpost](../../outposts/) ::: Currently, only authentication requests are supported. +### Authentication flow + Authentication requests against the Radius Server use a flow in the background. This allows you to use the same policies and flows as you do for web-based logins. The following stages are supported: -- [Identification](../flow/stages/identification/index.md) -- [Password](../flow/stages/password/index.md) -- [Authenticator validation](../flow/stages/authenticator_validate/index.md) +- [Identification](../../flow/stages/identification/index.md) +- [Password](../../flow/stages/password/index.md) +- [Authenticator validation](../../flow/stages/authenticator_validate/index.md) Note: Authenticator validation currently only supports DUO, TOTP and static authenticators. @@ -28,6 +30,14 @@ The following stages are supported: SMS-based authenticators are not supported as they require a code to be sent from authentik, which is not possible during the bind. -- [User Logout](../flow/stages/user_logout.md) -- [User Login](../flow/stages/user_login/index.md) -- [Deny](../flow/stages/deny.md) +- [User Logout](../../flow/stages/user_logout.md) +- [User Login](../../flow/stages/user_login/index.md) +- [Deny](../../flow/stages/deny.md) + +### Limitations + +The RADIUS provider only supports the clear-text protocol: + +![](./protocols.png) + +This does not mean that passwords are stored in cleartext, they are hashed and salted in authentik. However as all protocols besides Clear-text, EAP-MD5 and EAP-PWD require the password to be stored in the database in clear text, they are not supported. diff --git a/website/docs/providers/radius/protocols.png b/website/docs/providers/radius/protocols.png new file mode 100644 index 0000000000000000000000000000000000000000..cc60a3ecfe912c179a6dfd9eadb6ddff3c129a53 GIT binary patch literal 32140 zcmdSBcT|&Gw?0Y}1f)w*I#NUgMCmOmARvgJR2mP3?{MWf~%dFfN? z=jRg0R^H_o)avAXUgy3srR4h=%KR4c(0Az5id@0x+)tUgN-f;!uW2D#7G2?tO$X*V60YeIr!!B^RzLXfPH5d(x1o4#6kl0(*pG1I6_}K}zOrSI1vFe-h76;^CZqgC&tTg9sk>EbP>$$;( z3-tI{M+8~FymyWq!o{&J)&!OBB8d=)riT-&A|xb92G*X5aWBQk5nD=d&Xt-LjA_4lIn5dv9!nC&%p|>@q14PWX~m1~s0H zr%S9Edc7sGW>%Nz?FQptA5)1FCZp2$VPEDW?|RTTWw}!@LE6NP8H^8eLoxidr?uri zW5SmY^*J7hCh4R%G++C!LiCU8SBz+eQbgBM?-V4IH9hL&jdUhra61$Bontap4$*ON?{Jk72OI5su}drU#UiyQuC1)(FKtWZz~@nvqTEO>?gQ2p zR6ywM0`c}@H&!XF?in#tW51li-NS@$T(8laz#lcd?=H<#1MG3Fi<^k}LIgdWH0(KF zCPR|WNH+VY8s4PkM4Gaf;nMWM?p6b_Ip<|KbaNXtZ_~ee-6QAH0$=BR%j}4McA3-e zMf^<#h?Yx`XJu!!LSbQHBy820Wa8q$*kb+BcW2Rad|<;~yTKcD$FUoJ_;pjyWL}a@ zTxrIbJU)Y41wlJcvx%e8qoKOMKn&~~74zubDi!gXPm>xei6efLr;e)x`&pxWbOG4D zn)=<$?hWIwKCOXl|(Bc0vEKn0i3I8sf-$ zZ(hPoO$z*gV$Nwi_l2{FqUjmmm^bw)i@Nr$zG-LqvFrl)QN&m45v=23X&F-n=}}<8 zkzbN<=M1gOt<)@D9>BMz&Z#R7kplKo;!+zvM}K#3g|5s2)%nh%!6RbRxFvPST@dE- zMyBLU%2*|$>LBoY8F99|PzChuv8y9|L_{VcP7-o~je^OP;qLB;yyvnSHM9uygi)mO zJk^MfXRB+eU0i_VFhcfo^p+RIqODbY2 z*1?6FM|3?XXR+9s_-nO3Su)OZCKglcF1csL&W(DvZFO~~wnuTk&pkdL#t+H7DB*2J zxJoztV}vusbKIWGKj`o{`yR^_;i8me#B@(agHr{uyZLm^R$=^Tyzz%qe9l=T-7Lz8 zoQH@im;3HNGS=Mkv02~9e^kf;&SH#1cY2`sgIuYPOWKd*)FNS>o4A=o2J!eIl;DII zvTo&w)Ce9|DXUjll%HFc#_Yy{Dvy+H zF95-z@Qhu2)J-FNcA^*PK&V#O%0I<~9f?0wwHONxG=DQ(Dj>K6qpZxnYgVFn=o$n* zXA@s-#|+~XTv5!2y)_A*IO4U3eSt||3miyA+7jO#6(+I3dP|gP{E^c>C8{jry zJuSMj-8EyFIy?7(A&KKQB7sVVO6Kg{0@5qBz;zgr{yI*a9j7$mci=J+*{?iLGh44^ zXei1v7Fp5A+HJ)AO{jUAEaXH3ktJI()cvA&QL@)cki6x^9kQdn4%{T1_Kq57+{>Ug zA;02@)-f~mOHu2$eckD`;?Tp!g<3qg`)F+6R(bpmWM76J{>kC#QEc)|bo`RtAuyb) zeeD~=YTt}Bx+Ax!qljbPeMQp6t!Zb@eF1w1I(4H97Rp7eI z+{3k^X4*^!#SCfae495)KVH(jED zMOnFRjSNbOJspj}itMB1HfKjxZ}tkVS9(YtVy=8fmRVB-%6QHOny|0$*59%Be7P)6 zz4u6!nnVM?&bFZZ+W2wdUKyR2@eA3!4(s=o}#QHQeDR@#E@Nm)=_Q2yJJL5 z2O(F6-)^E^tI;mcbw^xL^L*iR$)7 z4jo&mA5BBI5ab7FASi6bn&MxK*ry@aDq@lOD-|E)PUpdkm?E~iY2YiTq_;L+9)qK9 zCCOZbT)h+Nz9o%sU-2xwn2BMB>FA5Cn1znY*f$8Ii2@)X`f{mfoIgj*o{P>)`GE&9 zH1~d6*O!Jl`qh>hkIKCFc?@^=Is`TD+$DQj!mEV2-=s5&i6#lv)RVAm3!bp`H$o#} zL7aY$cyq4or8of1dpeT2bJ51H-hLD=YH3Sss50I&`ZUEh`Jxo|P6gYmwttVaZrTqY z^g6DG=~B{iv9Md_K&@00)(&xRx+u~|%+fEUF+0@I<~f1MU5e{+Nz+-$>Z5Q~=9xG? z$Zbf_E;(WJ_g#`_a^8zcD;bJ{GsS5aIWD^o>Y*ne0sycOQO=NS-O?H2A|>nfxI0qB zD#}Y@_S6vW2-9TR_aU+Vz2eJ%u9yiTCfK?-+-}sc-fm-%Ag=95&YEipZfdnjyCh_^ zuQln0)gmtUYrNhT>7_2_! zKx0%*xSz5v5A;X?d{s2t-0&Kx@3NI=VUM}`2uqg9TD9OU6K0yFE*TU1{Pzy#-3PCu zCw&MzAoZ8c^DV8h)L!y*5E`bdqkhQBou%dC&wN_WMIYS9TKNdP zN$~RgYfB*P!MNQx5vXjukah@(YuSz$BdIs%LuoMh6;!c~c*5r#d@mV`uv@Oz$BOy| z*_BAkXAQ%8wIp|3`Ouw-6&0tx$w<7~Tr4L~(sCd6aJOGB2i|ztDd|U%Vdo`gApu{;1?H#v9M-iKizsH4_p2%&m;aQ6WTi$I{0ehcqF z_QkuE^Xuc;@|wHpK}3h;w|RQG5BuFDhB`)Y^#h3};Ck*I!v|+xC|bd+3fhajYagK( zJF)`qY$XTz=|~^oM(1VWphe4$iuecp$ z)H-8d%D29RZFl_9)`(}VU4ypvdPdrEu?_LpDt*8oOEKjV_6e2Sp5=j-a*dK7Bu=H! zS-XLj%-lwsvit)!>0&Isi$m@2K7tP3)TEb)NTp>ROD9x+ma(I&gDxl9wK!G*-sk*0 zE5MZ7$~(~YDkjvjcV&KGwb|AtL&j3=Mmb^u-0h@j@4MUhER{Q6Q~_UZyyQI~Zy5Oc z!Nk$bD*!eXbq zwRJPeRC#pj%GR-8j*=zhsenSn!`H*Z#EBYs@Je#aJj5GxQKgiTug^b7de^)-$foLNUHWpdmE6|`cCw4uJ?kc` zB9HmL(O&DJte7r`)=?&mthoB3-43F(hf+0-L&>)fA<~--fvF;(W39}Ap z$$pW@8lUK7HAf+E_7g6#d^P~wl~K|8e@*TZf56nNL@7Io-%d4BHg z=psTW9c6OwzF4o+7#t&hC6{Vi94mdJ<_DF=b z5@ytbyr++x6>e=;5O^)26&aq~miB^lnxz<0(vn`?%S5U;eKevV`32xoaLT3laDYoq zVjdrZy(=2OT30qY6loXKu$3%f7T&zLV8&N1klL|asebq(>zoXwQ987G#LCm};5abA zYOZU|u(+}sRVo6p=vHZT1n?j|fxXY&q<$Y=88H2MbD&tEjg1|JIPK`ydST{kpKh7D zR5EKla%N}v+j$wmy#QCtdh`e5tzPX zkH6B4Jzr7>V?>j-R)?{tonPgPj`sIKx35l=R85UJ*$gYTUHgQ3M6=;J4n=ZBT|%uA zlEe@gZ+^z<&tH44flpsysWH|fY3aCPudfJ-D^-0lBArpTUIymSbB&og?22QrL|b(7 z8k);IW2Ey_yD85Jf%_cWYKa@VIvw1HmFYegzQkfpjONzo!*uzr1|4mQd;=#0 zzrMuC9Ne*RVCrHg4d;i5e@ofc@mP4vscBqT z#{8yhTJ>Ta4a7S8Yu`ogc4AGf>{^F_$l+pMvrcKF@KCrVejMwWcxGNzWtz5I~P zL_T$Lz!a>9oHmksH>53F_d38bx#`;h0XhYVbq!a0TUL+GaM?%?jXpk(L!3yjtQ#k8 z_RtO+rU(s@J46>Hf}3m?CSfjh)CAP=3z%P{1tRJm_haH^ny*ziO2V6WOJ}{p?SwK> z10%O;F0!GBmS8G{iY!my^~N2uW?bfK6pL5VMXH;1wg;DdPkQ`xW%=cYoAQa>B==-) zp1ExO5D0@~Y;hsitVQo(x%YgPg>{Z<_KjGaL+a|bC#t+cZP8uxAVKqYhkTpHV_n_5 z^TjnYvBS;1oI8rWGhwN3KK9e!-8Je+Vsl@6bY;Yqapo$6dvOl%YNdCdJQzqFBM+6PJ6;f2Hiq z`!=0zli@oKDaIyguAeDz2-mFX%@%Ix*Xp>W#xzNfnd-~T*yD=yr6v5g@z;P(V=g>1 zr`#PfurL9)9k+RVwGZh!{mos}Zc}S?&d?o0W-|p<4IS=?6R}U+MxLzOmC*UsGD9Lv znyK$SYAK(szr)jO)vD_Zs$jZrb}nv+=i4R6Pl(Dkv=2-1CpL@t*NR&%avQ7jv57f7 z(uTUDkk)paWd|uSFUuy0jr-!|)hI_MAh3K-68|=XNlUbFXT`q_?K|~-LrJop_IS*iJSbOgqNOi7Z#vv!5coRhOl_hDV< zCcp?++?inA0qu{){YcpHV+mL~oz#|egSzrxOB9JQ6&9aI2b_ytoD9R^iM^537Ykg6M-~^^EBXmvH z-nNIOgh1$Za$fTSRY<o}!v$zZX5qi6D%W%8 zbkHR?5&X1s+@kXJ${tdI(N&!NQICHwPToRVbtb)!(w~9C|RFoBK1Q*1N;p*W(&n=F!#r9z7RP`I?0nEO-xhkm61VfH@w@J=A$!lw;)@8 zcxu+)TS}D8zd}|&2+*xDmb+u7I{|~k$M3jjtFFFr`;xn zn-`m_-c_p>BO~`P_=%6o>5GdG@V%0drRs)AmV7J|+Cj~nQ>cDlQJkIK&?IxfxbU?n z4>Pp>if&}pPvQ+ZnZ^t{{Y^H$bq8$2V5G%9n~>q_Ua-P}yFsyoDvqz$N)fcR98E}t zr9cVK%kRotc+y<0zeOOf>=wPYYa!R%*%t$*nX5{hZ#?jGxvt#hzia9;PrA>u8Gma3 zX(gzTOF{VBnj^lx!1JXrux>_)CfplrL}m<~`hq$MQ{Xq-wV#DoVK~$uYnI;autRVJ4J)H> z;Qmc_u%rIt+1!PcR7pscGKV)1&$#12TPl>08?J?59i2>9T$#fZ*(63`Z{-KYt!91& zhld5_qP;Ud(r@y68CJWXOpiiBN<6<<55)=C7|Hjx!9=6o*L-1VWxkUv$}C?)aN|mY z+K5_QeS^!2x(eh=$1NkB>Y$oli*I$iBOk6Vj?w&D^3={XnCXYX-p}YWlF|Up^Vn=1 zaTeFyzE%pSaLn~L$Yrv9@bc@Px=>%~ijqo}IL5Zo&7n|h*iu>Uao-+somH?x;gixJ zjIBVgm3R5eObWo>8AvqSqtN@u>~$;FmzTdRx~l(dgXI_t=Ek*KaKPol$T2LNs`53H$pJjB2himIh#!@&g_&@EXFlEi=(HiHu16F(4jT<^Tl<~ zZ{seB&J#IBuKV}m>MRadip^@iN^$<$%~}c6ReNB~o;q^inGD*9?%qC8JNs+4o>BhV zT;n}mhlsM#nnWep}wdG+h)gZ?`FEN!2APF+jYY!s!p9(__N#hU}vs z$HoK?>pWd(Oe|_)tXY@;?U_+GlaZ_|tsUZSzOu9>#!EI|*7H;^vUlTx7_qO3ANQ2C zwtfnJmdITwrXY5sZj$2t%aHycKwmy6Xy+61$D#Ea;PLp~;yQl)q>a>aG{o%XQKd5UW8$+$IK2D1Ue_K-wdR4z9K z9O+Oxu7QwVT3L8;a;?)H#!fxI7P__GrSxUu%SK5{>OMOhT&P=uHM9~22u7XUMtKe@ z{=(FpWipbsk57~9SESjS{qRKO{UGzyC<*(>S1TX-avoK3rIc48&z7v*g+43y+eKI_ zeXs#YO~LYM~0;b+4K`Q!G^c6LK- z29EK#u@28376K4>bCJek*5|+6%KexqH2*30t3ULr1NBkZGXR)M7|%;x1b|6k;X{gS zrC_;iRbMGv759~~N!TS_hte6z1J&-wQMFYbrJXJ|`#W^ruwo{Fyr}!RglMG0yi7ok zk6#YGOz%^ZMM6KOk4@|Yq88kaXU6T9CcBlEX!1iW$BiXk?Bh#UTut+U)tboJr?@P= zIC5o-k$p8f9kQ_O%8ME71p%eTT88hgO7prhkoF(|XJDZ^HqVIXEnfq1gNewMl@ z49I1!k<_s&JV3QC=K6znpR+#m#g^#c+pcEG`Q;(BQWE`6)vsgi{pWQRBf3NAi6B^y z(pZ66ccve^f#kTQFKvQpVMy)!-KYx$479|ZcZ~O`w@~<%hJE9%7hxV{w1P0d8zr2bpKFx z4&o)68>betB`5ihl5_YchA@wui=ICy$o?vI|Mi^>^sD^l+JeABCoo}wyeTIW`5cOM z>>x5oT{HMH1Sk@_U$(j}cLJtFk8qb~E?~J7VoJ!(N9<%h>_0Z3 z=mI62eiRXAaI+NH)Y_e!)%!7^odR~^so_g_pFM{{I=PDH*5JhpJ)&ogi0Q?GFExRw zS`4g&Nbo;B+eN!?uUh=s3qTIxpaHMU>T)|wTJLo9fA^>T^(Tanb5?kxZ$H~PCrH_1 zKor?Mebxi|)MIGGGYkaI_Ka)hR#%yk!why@sAj`?O8(4=`0L}9z^{2pyowPTPd%84 z=E`J9CJT7X_kB73ahAVN9?0c&+4gMTqhucQGdB?%@kEEhXN|y|6#qEO-zN9Tjpm@b z&~hV#|KGOTLHyTV{yxk9(iZIn%x6#={O^Zmb@|?+f`)O-^bxbVM)exb%}`a<5h=`I zTY3cxPDAyl#hw%Y77BrOR>%c z?Vz4+fg!3CpF>Nfrt`v)vSOxN-(DgcWYjA#hffoxogNFj3Sl&D-tnHnIX)70z4X`5 zpT^pgRCxUZ$WzX}_h5xQf z*zu36k*F+G1*Z0eM){gfla+TtX7Kt3CKz&a1X-sZcWTtqap%Shz~zn?bap84*KZRo zSZ&>S<#&9WHtO5l1uZ?8hk*6lJ<2n0f3^i8?y;NPil-W>DvR1g^e_=`=`T@_kjfuz zaZQERLLZDwO-o2F5ka(97opPP_=6{v6LWw#`$3fl(+z6Ryh`@#H{|%;m5-gbcSa%; z5-O5Z@_d0E{ZK<#DhFG}=?j}X-#S_q$Qd$=|FYTQ+ZgTAmKu}U#ge~pU7rl0n<{30 z2%Q$Qk1N?6Xo9NUUh&kyZ8jXUPKnvZmF!FJIK2EGNJfYmh7q8+$ZwZ0gPrWv@{9Ll zICGo%eHq}w{TeRp=+1I~RhNA!VUH*e?KIJicDqL4LR>LLG$QZFY(q3;@Qb_!ryRJo zWe;gwKbOUEpT*H`I^FZJ%}0uKI9_}OPZ(yf<>92x4r_;6_Y@=c#%Q$7o9_z1HF08w zYh{bIu{^3abuxM|c4*Od`1l=3WuD7pX|Wr3!j2zyw)mb_i?2@Wa`&gc&F?MMQPGr{ z?$g;Bp)20-LLO%{VvcSctwJ}hPJC9+&^)c7z*p_2lYnbt(y9aPOgXbPoAmlCeVt8$s zd2yBHsU}2-*Nh0y&sPiATy)<)ResNow7kR;KIDWtO{*MtQl!DHJ(qD5#iYcn)&fm0 znB?K7pxBs36ySY9zrD}zjDcd0IM(S?0IY;LAGY}g<)HU8jWyOghhRwHEKe3PwlZWW zke}qkMUW7~MJJdeCuVS@-#d;l<+h4Eewj-&)B-7ofhMk&L(;3qO`U+28m>I5J_g8^ zigUcftnMY}Z_5|ZtlXqgEb}QGDHWeQd?zB8oLoZcu0_Il-oDY?(*JPQh)D}pogV6~ z6@9uf*a4dSkX3wM=cc()h9ZE{;uMekIt*+TJI*#>bQe11pBT@ZmS+=bjWIXUTUe^iOFD;`!Sy^Q})(g9GE#W12s zXWFYx&6IqkB<|$i++@I`nu&00b5~f5 z0E*IvBRR}RQ@74Y$|f%L0o`zrc5!~7C1&FCb;SwF@b7Dxwu}Q_DmQm!hKVA)IxakF znvq55EENMowU?Yf3jLI7wTg)q1QA1Ou{Rn80d~8|-;m_UPIkMXTRXEkSC970$!8R1V!N@FKUMwZG8 zy;Ar_M2c^3_Pqi*0~q#-m5NecF)#kMmL!%EAnQ=H6oCW_twm`~@X*U!xDA{;kmTjT z4oW_09xfTA5UeHlYK4k5+J=OKc7(trBZFA7d3X83j$LP997_86xjw(!JU+F8uOlla z>638rLvneOp5$yhGPH1gtOyXL^|2S%DZw;oR_nK&x&Xn(zbMuK#8m|iaocfnz&u_l z_9X>?VWIiAsH>jkC|~QBN&=W3T3~@12!Lx$h}>^N^pL^FN@-S_z_{uMwgFX4Bzc2U zo$sFxOsDs=bj}#(Fm-V{gb_m)X5~|nPl1z7EzZmRK0*)S70kqu0l3wN$z1ffF?Ted zokj;GI|cgSU{O77Hd*-WZ_~roMnc+-uya6@9Hj^}-7KAd7jqElJKQ&C>jfNwh{|`V z%K6!mGgHU-7+NaKkm>)sr3O=t`1>4O7QDL&7Gle4b=1#%U;uOg9>2x(Yu3K>Ds1s)mbxTe#nP&LFww$ref(nUOqSLwOOH89c#?LkA>rDLBnf%RZhwj zkgk)xod9M?w=Qi1ro29v>x%n~r5)tciBLGG&wXhB18`4@jz3OCwI*|jfE^a{U)jLmFHY5;3QS?j3;i_kUfYXDqej}vId_ZT ziEFntqNhI;&FWSYU3m=>33Yl|o2gY7urWVVvqB7sLAro_L@gO0_rN~nxYwgE!K-8~ zsqWa+6)&l@qBOYCgOrIBCXz~x^SW>P@2im!EXwFtC3TDh-#QFEih-Xm*FZSEUKF3W z6`)dTQdGhtHRgsr;>9I28;|1m_f^z_c0P{k`)IfF!$*&r{yd`@amP~!25 z%Yq?_x06* zOQ5O2uXI?9_tf(5$%>eHC~XBOw0uTp+9-ZVtpc`0|Gkn>$TiP|xs+q2odN~HsaBKF z83X^i&j?}UDH){piI}yUD;Fcz5cC}rf2$88Y~S;Fd-P#k^yMRNu`A}s`!WEvRP)P-_T9A&%OP|50RtO1G~b6ESz7O zLS`!I`!Aw?9$UZi4&5mT(c^10vP8$G-&o@C&UKyDZHo@(atLuDh0G=%tK_eE(T?jQ z;QRE)VpmQ>g{`9EWA$PAEs_TZv#Zj!xs5C>^l+AM8;N;?*j?TIp&9Ohg2VKmL*gI0 zhIaQ1?gqgnf%?`mE*4ZOIo>hxDPwu{kU`Zr$81cwF){ z-mQcLLQ5SVN(|@_caWlO_O0CW#pkVt$7u;&$WhPRvNM_GEyR+~`S}orRPJTLre^7w ziffKSX*cfx8H3l(mzr@PY2bvkyA%3H<%H{RyHe)B>r3=w+-;{IcotZi zuJerk)2SFxs}*HvVGRwTh(gUACnqK1Q)|wDVPo}a*rKjCg{=BSGq<3n_s?VV@fQRa zn2+6>*Uwe}Mr-(w#b4`kb9JaW=jRD0D!3qma%JXTQdfU&sbV?0M@aznCM-h*8T`(_?VOtAJ!y&Hsb_$ z(1+0%6X$%&IR%)~@$~KKv{U^$9$C-MF8I zxYLS~b1r+F2!9QonSxvyHU#`ZTn3t*q7(y~LOX;Q0Mf405Ocyi;GS8?G)I~T5)NSS zjnQqhX6RNpI}jZhk9dn*ZxWKpBR65cf1X4*XU=?_m@r9P@ye(UVG?y@cAWOFNpKJU zagy#Zqk9T}PNH|j7r#lEMDoa0L;9a5(cqlt7$+f25&>NqzeAYBXeK+t;`dG-ddb2) zz@9qY(Yl5N8c{A!-tqePuHGw;1n-L)pZL67bf=B5&~OC;-!J>!TTiU0JcEwL3@(>{ z7!$E6N%v?7Fps@2atAAMMT^(mLGZysFHH{o+^vxx&m*i@eYTG;$zPr|au$Gm@O}QF zngaKD-k>&dWm1{27>CoVQ_`)_EzAwPu-xQ*gmOW7wc-2vcjfAa-*=CtmC_fS<=fV` zb-w-spLksG;OM52>9H*?b+~b0f)wwgTMyumNJC;*4fyv4HN9lRJfuuxVn+ZK#Y<@S zW0Bt35$VYGdvt^avbwhsbAtU7-9S^~kBTat@)pHcZc$Z5MV!Y_OY|=a0UqhNJ2K#+ z2H5!Co}=sLO9|N|4}sc{gL=F&YAvpk%o-3jgHil7o0!FyU}f{l)WBXAI}@%3u!azd zdFT3g`KjTo2r@&}mfEFF4e$VjlSngtXC`k*XNir3Qms_YXq*VTHJHAw<(5@+ImEWy-> zI`&l-j8x$ypSx&%y*KB-VH@td&Azq_|1;Z2BeUYu57pYj z-2xCf-|;V_UUv&L%asuI8s3G2+~noif;WIXsDQ$!>f^kw+r-Ee{K}oKZBR4R4Fu#M z;st2M3blj02udR{E|hD7i|^31H@3yKVaQ*96D(-nz&vuF?X?2joYxZNz-zwnH69}4 zQ~OGF!25KayThlWUJj#ex0gBt67i}Ws?gajs7s+!P#gDdptRkulp0Z^rFPK(7 zH#bgGH|HItQ=tAv+NAcVXxKerZ3hZI!bI2k>>230H8>`NrgB0?ZxvTji6^Y;g<6rB zF&os^li;G1i-hl>wo|zunnh_I?|l4;X98}4*OogyK!64@X^S32a~GLnozYB8@C^Zt z?jR{i0ll2j#X#*fkq31_jh~@$kMMl?M`{nQgqAr3^k=BV<_)efdp0f^t?jHR_^fpF zIifddj+$IK#MZTT)Ax9WMyi4aDp@}5A6if|6qV{A#qY?i0E}8lU_N+>85$s`|4m|L zj2!=iwaFytwJ-Hob?4%!h(^M`o-xkG*B>%{&c+ zSidz|G-e1;L9SDPqV>I{<~3G*8gcsI{XbNgea%m0Qn(5cxwH1;Yacd>1Uq+wi~J@Y z%B475fCwvAOi@4tVupY8J?KRIm>AYu=xby!g(n$t2c!U`e}a!d1VnG zv(L$Sk=@vwH|YCP^J@w)1Sv-wnmKU}??X39h`3vjiire(@;Dwo-aP1Lb76+laVZ*q zve@InlSXKRo4V}&zbGC3U&}33Zp_j=b9852BErV{+)rPCmUahtM*&)~GeT2f?yZ5Z zKz@Aeb`Sxo=dgEEhUy110Lj`P%obnEDxtF793B2iDgXwH}cS$wdfC}Gv7(BWYQ<03&8YQStr1Vl^Se_ z&L#oEymmX}#`$dMTZTT1aHy*Qv0r;Ibd(CnEW#Gu6G)-U(h(r7Y^md7zX@PXpiSk% zsZas~e%C2=-UUeLb*kwzvi5;kxR4Cmj2I=*ungJ0-W6{ral$F5fWGy!5dPlKVovrV z;CO2+B;Ms*xHWt8U73z>UGFS_(SFN3G5R|-y>)h^fAJz!6`=DJn4RtE4Fax!XD9UF zmJ7i|TG=bhdvcYmfPZ&)a<4pzdvOb(cktiz&WAeu+c0uF`vwYnmIP3PU*UQ^X9p+k zf%L!J{&dJq0a#SQRCMKp_-~Gai%g>%IR&0G)a3OY9}tHs`S(qD^`Ozt5A-IM6y$?j zT|RZo7f>IsPNe%-Z+Guz4Gi}My9R#ks$61v2~{7xgtG1H-IVl^pSt}fZl3}vwmN;N z?vqr>zd4W`*l2*T#aGZ-dzV`sK)s!j2M13YBJ0Ta7O#d0m`^c-7a9N1wR;xH`^g(082)|C&fZ>ot@QCa4v6V=aw|sD2RZ9A1 zr9p+wopj*ZFljk?H`M6F6|?&MG<2m_tf2vj!e#8BBIWCMn?MTC3P?>zxdXGB3PAh@ z5(aJ!+G<94$OlPdZM(O?+>7&@T&k9$yBvrKQD1s#&W^Rz1DoA_a$OdUGf49Kx>Cm+#L%xpKAL~aMVi$A! zhw;hScl(PqET3S`9R<>G>w~Arm?wJYp+L-Qo0pFZzOf3T`F5RL#?rHa=lJAd-I0?a zKT}I8&=kH|eNb=7P-)k0fUEb99G)h_SfOiQufCg3s@Nzim~ovt&rxNFM9|uj%L@jDw=fUs&FclddV;^>wEzX>@Dts;Aa$+C8s#(xgup=^UKXq&6QJz)`hlf z*DoGgXzmz{LDIepB57v(I&4PJKdM6kx^Z;WQ-QVPuFdhF`Dv_$$TaBLX}bece|>-P z>9xyMjSM14ox-ZM@y(jTjhp9%1`yW{kbM`6SzA&c&v;yv&vD~@RAhBBydu-#gXvQS z-`sE?@EIJPu29@W93n&&+|){_79WkJ{Pro0Aub?lWJ=I z*$WT^T<{Xzfgc?N$*T_8rR>8uS37;rS#9awVu@=F9aD?6;4?i~h2e{F`He~wxynPA z!2Sw^Y-M7rs?$bpZ{j;b^q;!jWCHmIiKq!`W4-`Le}}g|CxZ9iJB#X}w(D5zYE;i~; zjj{^9j59L$dGEc&uLQZseJO?;IFS}8_+5$l<09pdr26$7#RyQtWSd}b49Fsc4-naz zg0LkNZcPP({^#XLE%Y_ZU%iVGOZ zd3O%;f}ci&(n0z1?RBDm2cwx+q_pefp#wztst%8I;GG0bGh!$1TfTs--vLEi5ef%H zE$7rEF9E8X8}Bt46p$IT3qZV~U!ORGFoQ~HAS&vbLG_axe&?hQfXsfpuqH{K=-)BY zXyCmqtt(JC5wZkALT?_lt1|vKHM<9lkPo}2!qEHgE3<+#of~C_J_;kW8Q{(U1qRVZ z)3-Ulr_uZGrkP)SzbFm7-++lwcDc6&^>SyQ*Y(F;I8ElLq8cHTwz#hUsT1L&{(q$t zrED2Z_4E-qgm*`x|>gG71R^R8#&ji;>sqtKbPBty<{AqyufSzLGW1o{Ijv zZ=@fqk{)20Xm(Z>@_IppS34}13yj76k{nqHlH)&cuK$BSWtyurvj8d?0Pi&>fU18( z4BPGdl(=r5=^UZ)Ar48%F4~MVE0}(f2wj5eSXA5MDM_H3qGa-Br;Xm<3L$)F0la&# zYxF;O)d3@%H4*xK_woGc!bsyzpl9wk=dL7d?CS2A_dyRpZ&0i?wN6(Lv&HxlXNTQ> zGtE`&ljdUT+QSnDPFqopx(fbbN1tFFZ+J4c8~m2|7#I6&0~DT^sJj&q2HbuP0`<^6 zB7*~s@)sh2d{FSpOyhed5qkpNgT2gXQVcx!Htj0g2nb7!mlKp(MbkmuF3ulmG=5be z>@^0P4`fCh(fdG)j^9_<%~2q*Dc-|hTh&omb&CUP8*S-}fUfsn3wYJ6aMe~LYhA0t zGY=jGdV9^!#cxS5BI&w_4SsoM}%Isv3UvA^?0)`pJil21V2FUN!Gi-jU7+{*5J7IU0S! z_0OSy2}@j%w2?uTosJXvI`5qotg9bxqq3C_161vmlQn7qWr+dq)|N`y`>LtJsa>Hl zU%#%)NmYm`FIQHo?|ql{)Zuz_n;4L@=oAn=sXRK7str8VtVKIG>lnaFfouVq4Dw|v zeAZmfD5vw@aHPYhf9FNjL3$6Axw!JKg?2tCbR6+~j2drB_Helruz=N7csZgPzmvC! zADq2v;}Ja9rJ7%@mQL9@N}aQwYQlR5c8pVi%|~e#nhQCx?{44zl&3@Y+s?1{|0-a8 zO#bj`7;!w?_c#v?=nHLO3bVGArjM2K<4DwWUA~LO10}5JKT24UG^>~DS_^*yd#;V* z1pckt;I8{2diTG0#v(6-it*MXGXpf4Tw>0!#<&!>qL4n@-?8#Saj>=dNe zjlKu6syJOj8-X=iKyE|8eCV#y)v0Bq>JH=pXLwdzwF)iha10ja%^j?5Bg*~5PEuv%gln|_%tw=t z3nnL?{Q@i`e{@mHKJdmUSaeSW(9t5jPb|_orz;Nzpk%SPozP}6%<7Rn%?dP1*eJh; z5}I4ygYpXTcw3vD;UcpiSIk}QIl}*ZMb%$@yFd$#RyPO5w<$q|QS&h0WH0N|3 zc#YL)J4MgIqvQX(mrQ|>CpYl#j}2t@2-?Q7IpC??l8>OL*Z&7_e()cH$p0=l|8>r- zof@64fH?AtQl?IVmZtwGwg>>;_gCHPZ|=9G+z*f@RZ<)_;K?2x5GE?HE`N6>n1PXO z!ZV;&_O~&qlK)S8UmgzC+xXq0Y(+?-5Z@w%ELp}@mI|Q=VQdMBu?~ea6+%KK`&J@l z846?UB6|pp!Pxh0$TAGZc<<5jt>@eKd7j_bkSX3a1R68lJy&+LB z#_i@Y%y`u;mqz%Og!i``&p#VgrGC@Z!~A)-qsfRh-p`7_pOR~v*xrRZ$yh35>v?T; z9M0r<)N2~A39($>wVapQZV$0;DMr=cmvLh=9s~+FST1uor)P|Tl#|eVeJ%O75vH~C z&&WSR@1d|?|7Vy4>laApN6%&(L6r4e7OAVQj?x@&@yOJnX&-$V1+Tvme)S{m1>VG( zIV{T4+T~v3t~aGlbMsQ2-W|_hNrnfc>D)~?W$z9x7@nVAL#}^H{)3GWzJE1OH8*9_ zVx8gv_BwOUNp3{{h(ne3%SRr^OfJbF4#Lwo;RV$uHT|g3!Bx9eYDD{xLLP$hMCIwc zD7m9}%*q)$DCnPJ)U-r3VBDL-YRC@_y3u+)(Tew>9q*>(>#*PxLW20IL6-Dgf(Q|t zB%>hfl{mF{rg(!C*Lk}+qwu)4z(CwJ!+SA%QTsz%4LUKqV#Bd;!FikITZCIJ)uO;| zp|N|HII?N^yOY@bv`ISZez{chqIML?^3#m;^;r(lFKNM|la!&Lo>W1AE8Zi6?fFTaQm8pS|-EFTALPe+_q~U~|bs%*0Qa;TujmWbYhP)YJHK zmvEFOL>6+yY^9oC(^!NJ?(rN^A%z!=P=d&t%@>eHJ`J}lczMx~(dM?mnJ!=66q-~T zN!*SY$Zk3(t{!DI5Lg+J<;?NogP%^$)hK4rg$I6%#9EWR%v0{faYxKx^MOXYH3TiM?ehBgfP0LWom11WC}|{^1m6 zA!bsYWP?UDsUNy>Mm{XpR(K{lOZ!@GK&hSxH1*_#w2**=jP`CbEat9TLM;uxQ!o!Z z_JtP?328_4kNwI@t*&aI!7I|}8OfdfIDGV*-zafHO#WF*|Mmo7LGlR7$@I>_q;0;G zbvBwJ`Z<{k7jHfax%UT9{SM;OQ)OIVeAe9apz?JY3yq<%6PpLlr0_Vw06MKq3}W$W z46uLOJawJTg|v#SbcfDNEoW1`&JglfOF-m9PT(ruY9uv=niuSOomswCE7mLK#BfK? z^oJ=4xD3N0NTUigPU7mWm8_MvEF_POM{&36=ZYf-GDa!)44+2930`}yBh8mz4AW2m z9ZezNqYplOb@Gy(;eKmHkqxyS2#$mpY(2Y zx%(joRG~O*tQQ99Uk=5H6GM^0*&7G{E#k`Y?}@9wl2ufLvHPyr`&3o$V+-}rbksPF zYW!o@=IQqyTRgQ6i(xAccb-hQlj(3op)>$Y%*4h6-%LrCu?)RTdlX3bU+s zS-?e$NJlXLN021ot+S}YSmTz_%*hTIi8U4}`CjA_>_}NMZ%_m$i`5vrNZpOW6SKJG z%jblYt2jK3X4ysV#Q9x68q%dC=&@(ci(b+xF^X$Aw&0113cUFVpQa}zVIpxab(vt_bU@Ze$Fpe@LI+IG7CW^)WdhYIkgfFII` zkAK#~2aJ6~yTCHEenW2-rm_WM&7W2^`Ar8e<{!@=%7Y}zdlwwAk)_9mqA1QFp+S7X zTjpV%>p=1{)nFG)bh-8AQ3*L`hA2Vu^cmk0PE9kFi0)@r%9N6QGmqItMSg&UIJVd| z>x&}_b--#vsrB&&|CjmsdQQeI;H2{nIOQqwSmmTSk0wvcCY0v$HuR0JI2b#gv(I1( z*_-hm>Zf?8_YD)pw|!rc&r#r#(&owMRz3-j8jk2qz+;bTQRDidY1LSIh!>70dxs_c zmabU!Tn_)dSh#OMht2${6Ic@bgH<1_fD2E``7jA42iLkCKtdmPM|?iWCC|;)Ou92u zxX(%W=GIa&HcRRG%emQBeA+tQQ9CzH2SH-)`3Z0nYdD}6XJuHZervLC(m5KS;5Tg# z$tq}eea{-MbHT4(|6JL-D^V+cw|PD$+ImLzX&f!6rK^@Iew0-*^MK@I2sI+N+d9U% zpb65Zo7Gl01{%WzX3MbUugS8}BQuf?8lJVXU(#ToG`hS!^PZ2os`HF*_Owa7ys1+JlvmgPo>m zamz9Ky4gw$t%Ui>*!6tSjCm`$g~m(>8bi!V%9zU!D$8?TGOnC?JxvfNvfaU5;nYR* z`%8GgvZK#6&w7{v98oOt83#(gXVgw)`25M8-OKw2?ucm*6h<}=H>?=KH^iAM zTU$ox4U5}^7CY_vAk(ZCBDYJ&JvS5?8UtV%)hK1tT0m1@AjW0(d`-GRf{M&wrDVf) zJxF`SR{ZK|xyVj`q~Uc^yD3P*A-5%HLS#7g#2HZjw#1lwm*DnpFbw? z9}p6|RnW|-1?2|s8cOw}gCuyMKHF%yy}oc63*-i5d2ux#4Ph+&8Vy`>5dEF^dfdBV^=c+N^DMp1N z`hwg^K0IA5xtGp_b9(OPg7mmoC8nhuS~_u@PqGkg)pBL9NZdCI-XW?pWa6qPE_%ts zw5FR&1TrmY6Aa}EeQ0481>-NrR`*?&Tk83H95(pBEjSL^RO*M>+)rhv1dcAXoqGwL zww3^pJo{;RXT@FbRfgFCQFF(l4|~BKHziSd*37efpk$^dDPCpl9zWAbzF)jA|5|Re zpG+6?T?TjjPs2=q55IVKH&Ai59I)*j{-riSS^k^j3DpJ`5`wL@g4cK+3`e$R{s&Wz+^0X8z&?Ft7*6ax3m*Y@Ucz<`r9 znsIavyd3t9Y93E37v&+ZSw)5?0SWNCt0~LGfA4wX&K(jzE_|I(WZdMwvFqZw)^(*|U}Se4nJ)jIJICd--Ax#F4-K z7}BD`;J*h%vzh%ew$VhDf{gF3!Sw9mZHP6Q;RC)(p%2R31n(g~Z`;NxO4%deOInzO zqZo1c`h*aX;IW>c3oW=*}P4_4B9v4=?x6Px{Yw)?4;oI3l(Pr{@lp6ykH`7E_Emh&G zGqT=e06Xnn{1ogKc`g#6&GzJ6x8o||oj7+nk{f2PgE27Lw1ud0Z_|*o=QtMK;HWl z&uKLyRe(L2SV9<+K7kMokiqc1!Gbf6?&sK_@86EFbC68=7+kJkjQ1dd(nSF# z8nUFSQTN#|AdaI#M{KXq{rY!Jjqjg&7Tq0DH(KQe$tc)!&Oj&T^r%ow-;~{j6LdIJ zpP&fSC;i12x^kL76tLE!RK2YSD?#_c5UdKlJw%BUPq1BTRbt1X&-9;+BD*n?U;~`&s}Ra}40;75UMgNy*`$%( zKjjOaP?y2(vgAqC6c#V2suvCxb3Je9ouWr4uS49x)NN(6Rlc1WJ1a4~QcX|RFAIQM zOxn#^S~OMZTxxuCLv$m-&tdykcYp{O-<#`?9Z6mxSEvj!+&4`+Ze+|$en}JROUd7= z*5Dvb4rv)DO{OQ)n(Y6l#sJ)#RJGzMnDh zG7QVdv_>|Uy*%VoCDtbxe=UG=(HN@sDSYbBu{|MwmVH=Oz7_y$%```yK&a2W|HW{y z&^452|3*uG3ZuQvK9ZeH_D4pt!K3JYjkBalyjw+*+3cfHiNThoQ=k@LWH+b7jUgQPzjtYgk>nzv-%(BMHw$%snwJPZ{Xn-ZU-@BzBuhv5OP@;GJIW zFXS!8jN4JdoD7v&z*nHS5*-ot`M%fl!fq-oWR((DthuE~7qo2;5z|Ggcse?eH3t&I z)-M}Xx`!>3$&VFF%Tu!Hyu$_NYPL#cJX=Yv`fFbhvu(`WhXqU(z!c@R|ChNaswK$| zCKJGv90bN46#Xz0O|>IoA84(Jch-lPj+mO`WQq1F$LHW*qNJ5z9rwzm{1&u92ymLX5=5;IOieyX9qpqY>PH6XIVT{mtBDe&ackaKYsy#EApEu(X>)BTmJ7V5`>g~I;|+B-yFW`P6s>i zH&^@1ZKy8#%|z}&+g`G8_iri^erawnCx1J93FQAU8G%hc-|Ckn{!I^k=7I7V%-Z#B z)xX~z=;TM#R9cj)3qQL?X4LkP` z4^d;^kSN;7o7;N{eq|57rM)O+2UtqkK|%_fILsF?K85NMo$X*>1fBNhyG*LIxuYjI z>VQs8d^!*Ko}?vOsLnV`VEJSYS7SECg!R{w1cPzE|Bp)&E??|k7w_f;HKK0Hg~NMJ z4p4lQ3zQ0sR|}^;v#fCpiGENGPuhy#nuj0$;R9RSoD9BL3sv-PPV@wu2UW>04aJW> z8BJA>qWej{Ebmp|sHpMX@mF(Rte|{xYUp zLuW+j2%dteN}soI%~6W))p7J*`8%jKFg|!jTrVAypeuwNWYU|uvgeqW^T;SY_p!q^_8{AUu?CGq!3REj)WIUC9pV|_OJN{m*FT-5rDb|dx6o%26@WJdU>q|v^5 z!rScciA4XW45gYNYwNiEvN*zk^qJTFRE)=bXLY$-%TAC@>ROvHF5x9VTbtNJlz98c zR~J_)Mk6mM>bO{|QI^9y;R43?AHd7t0^Q(^0uCI;P!DBttk(>^yD}V8{tUK9yk-3C z1l*cd4j20?69(K#_#-7RIy1Md^c9qxATaOn38dDVZw$5$G9{ddx~!8d{b;<0bcj;6 zG^w;j&(=*AEs@(Tgsq%a00KMJk!1mS63ZN7VBwV!xxD_`;F(9O=LH#q9no29ikS}D zT>~>Ac_Bg0WkVbiK~Zz6w@!@Tp7qzZO-<|@Ca>;=c)4TLKND_D6UvuR0@j5iqG{UR z2Td3z;dUtMC~3P;_q8gE$o6Zy!5eYuZu0?sV69&-!s%C^Uj?NCUnRp)$;1E@h-)4l zY}oaO348w4&xZ?-SXVj=y=9{@Og4UuoF1-p#m%A5rjB2P1sy;x+DyO&f>OrGKfqbT z*!Kdcgb|&a{M;T7^Tz!c`I^OUyOvV}3sOp)OygYf6liIX{;8#5M9N zr&bJ}r7}qrGbCtd2QCW#&aVb)DyZL-p)ldd{PS7mbH;(!L)_PV#2RFkh=y@;+U*hHfGP(jj(j%wxxm8Tp`Zm^>J z9(*h~9o!#~5OX#}N*WF^C%-9MTUS|IB0nu#OTFC1ai=@tFqH&;Nq5;G{2Ilw21}2x z&wW(BpR0S;x13qkero*nHRu$~{>{8?KaH?qT?XT3h57Qvq*nkFQLnq;qn{GXxp$2C zW6+oBRMPiO(*yt7o5*yvtXCeE$_r5&cQY@X4h!KY>OsVe)+ubE)e6&bCA?K&xug^a zi882Kh|v_Ym>QhN(;Ik#r+K3u^HXAm9J_@&Cw2>c8PEAN!3GAt-4agMfl`y8F>jrP ze=G(zq$(9rp%n&3!>Hh+zMQ6%SU;XLc0(F8ZP_Esl2nQ*k+{PoXQULUy#OvY6N-y1 zctUw$861OE6XDSj0n_;yWZMlGu;wZ_13ODv{+z&jN~AHHN~xn~HzkIKn-+ie={{u^ zKQG?dx(jsjj4?QeqCl#wWNc!E5{?2xqMB{|I`x)WDT(5(Lj{T)bqWK=n2sOmTwL!?X>bo>*SYa1O8l|g=SuO0`0j7DmN&59S*!)N|F>AI!V)-*2OQKnrELV0 z-Ez4}gQL7|i>vY7!9*b;a#2WZT?G9OakA@MdJp)yBO{*#9}=F}o-FvO^$|P!K2}q^ z-dsCexwB1CfC_;>I689WGaP?aqj^M}C8&CkH;BQd>x~Yojr#;-1^hSH#yw z34_!VcOb0iqo!r{77u~rgU2g-6`(DPU^ zF$^3T_7oi_v;(BtY>IHKf9<^dcJcd)3Ybp*<7QAcQz({H1cUDNy0jF*aeE^Cp zwjp|*8)OZC)12lu%Qb{jC!e&7b!?NQ>ev$5+nHeEtadELYe+J2hU8d&r%Wy0Sktm7b`6Mhlz$`vj{vFA!C{UiclmMuwqxi+?F%M6VMR6|RsW*6H zUk+LX!abB;0F2hzzNj$zOaG-D?V_ceU_CdVR=Za0gNiLCz!fx$d;`tmMe6PQuJ}@d0u;J7 zT=CxY-40l`(pu2-nE=@4yh3N|tF4(A#V;8JpD~eU@i#M`D)Z6iGUC)k2{ufRtt8}_ z1>3Ec81dx0XE(ZdX4Pd0Ix!>rP*#p%dBtDsXZ6(Ru|KkuUUGraqfeFOc!UP8d@sGa zsin}wt{&wzN_ky3oj)fu7LY;^c&=th`{n?ErCR2fQ9HZRc zES9=wy8uBfI}yknMSTY@LVsrBD{Qc1n?cBmW32VRT2!ow?6k zG22-6{i5ig3lBvjY ztc%k1=1hN(Hhs=Z-zh!ouv;YqQ?w~;pMOfki_XINEU8*{|IXTXql|yOe3x=jxJMs7F4bARUwda4iO>*7XeGMxW=dnO6A;)m)I7?@ZJxtp1wB=Ov zWhnDMa)2dYIlvl7Nap}@J&^?&En^>l4a9Wj$Ne%$Wf`*``frccmNR#c6j+*(SdVyL z|7{N`M;ypC`OpB&tCM~-@qG&HC^TI8a~9MK=O4bB>Mo2uL}OT%D%-j6afYs~mK#CIP=UT7v9^$mPO?sWxoeaXX9Q?M6|3_^6EO|V3D#23VBPhmNcvGyz zLf#_^#_SO=X5W-MTi@5Z6Ll(|uAXY>vk#>Q(bD`#- z2J~9PT#i(#euXS3dwCZ@!&Y*=3~<7zehbQ`##jlxz{Jzyl8-Bf9utiVLDW#bK0}lN2A7kcKFoH zBIspT)yRdG3c^$2la6M^K7h$^fOk;SQ>6=DMLJ%t6?9wk`<|cX z*5HsQ=qOPD5P-yMe8Ba13iYq0*jVI?SRKWGG7m1W$5^Vff%%>7*+MhRZxBWaI0LZ% z<%QT+aguxQZIx4x9438_qFp0Z*PQQZWZS+KY83`N>0dAo_F@x%(m$DYRv&%LNul3C z(GonzX@Bz{^l_?wg#43BxN3EDb`)%H-53>zjQrNHx>b?dcjNm1)r!<@gRy?QY5!98 izWvDKojcB=$%v?J*6MwvSn@XTM_o-@6{&1-|9=6J+!pEp literal 0 HcmV?d00001 diff --git a/website/docs/providers/saml.md b/website/docs/providers/saml/index.md similarity index 92% rename from website/docs/providers/saml.md rename to website/docs/providers/saml/index.md index 73788168b..d4192f42c 100644 --- a/website/docs/providers/saml.md +++ b/website/docs/providers/saml/index.md @@ -2,7 +2,7 @@ title: SAML Provider --- -This provider allows you to integrate enterprise software using the SAML2 Protocol. It supports signed requests and uses [Property Mappings](../property-mappings/#saml-property-mapping) to determine which fields are exposed and what values they return. This makes it possible to expose vendor-specific fields. +This provider allows you to integrate enterprise software using the SAML2 Protocol. It supports signed requests and uses [Property Mappings](../../property-mappings/#saml-property-mapping) to determine which fields are exposed and what values they return. This makes it possible to expose vendor-specific fields. Default fields are exposed through auto-generated Property Mappings, which are prefixed with "authentik default". | Endpoint | URL | diff --git a/website/docs/releases/2023/v2023.3.md b/website/docs/releases/2023/v2023.3.md index a83961627..f2f5ed36c 100644 --- a/website/docs/releases/2023/v2023.3.md +++ b/website/docs/releases/2023/v2023.3.md @@ -13,7 +13,7 @@ slug: "/releases/2023.3" authentik can now provision users into other IT systems via the SCIM (System for Cross-domain Identity Management) protocol. The provider synchronizes Users, Groups and the user membership. Objects are synced both when they are saved and based on a pre-defined schedule in the background. - Documentation: https://goauthentik.io/docs/providers/scim/ + Documentation: [SCIM Provider](../../../docs/providers/scim/) - Theming improvements diff --git a/website/docs/releases/2023/v2023.4.md b/website/docs/releases/2023/v2023.4.md index 2925a4ce4..9102c2970 100644 --- a/website/docs/releases/2023/v2023.4.md +++ b/website/docs/releases/2023/v2023.4.md @@ -1,10 +1,38 @@ --- -title: Release 2023.4 +title: Release 2023.4 - RADIUS support slug: "/releases/2023.4" --- ## New features +- RADIUS support + + :::info + This feature is still in technical preview, so please report any Bugs you run into on [GitHub](https://github.com/goauthentik/authentik/issues). + ::: + + authentik now supports the [RADIUS protocol](https://en.wikipedia.org/wiki/RADIUS) for authentication, allowing for the integration of a wider variety of systems such as VPN software, network switches/routers, and others. + + The RADIUS provider also uses a flow to authenticate users, and supports the same stages as the [LDAP Provider](../../../docs/providers/ldap). + + Documentation: [RADIUS Provider](../../../docs/providers/radius/) + +- Decreased CPU usage for workers + + Previously, authentik used a method to ensure that the worker containers are running correctly called "pinging", which would send a request to the worker and ensure it was processed correctly. This however used a lot of resources every time the health check ran. We've switched to a simpler method, one that will reduce CPU and memory usage (only affects Docker-Compose). + +- Configurable authentication flow for providers + + It is now possible to configure the authentication flow per provider. This configured flow will be used when an un-authenticated user tries to access the application the provider is used with. If no flow is set on a provider, the default authentication flow configured on the tenant will be used. + +- "Stay logged in" prompt + + In the [User login stage](../../../docs/flow/stages/user_login/), an admin can use the new "Stay Logged In" option to add additional minutes or hours to the defined `session duration` value. When this "Stay Logged In" offset time is configured, the user logging in is presented with a prompt asking if they want to extend their session. + +- Prompt preview + + When creating a single prompt for use with a [Prompt stage](../../../docs/flow/stages/prompt/), a live preview of the prompt is now shown. This makes it easier to test how a prompt will behave, and also shows what data it will send, and how it will be available in the flow context. + ## Upgrading This release does not introduce any new requirements. @@ -28,22 +56,42 @@ image: - \*: load websocket paths similarly to URLs (#5018) - blueprints: allow setting of token key in blueprint context (#4995) - core: Add unique constraint to user UUID (#5004) -- providers: Add ability to choose a default authentication flow (#5070) +- core: extend Postgres configuration (#5138) +- core: fix app launch URL flow selection (#5113) +- lifecycle: also migrate before starting worker, trap exit to cleanup mode (#5123) +- lifecycle: don't use celery ping for worker healthcheck (#5153) +- outposts: run containers as non root (#5212) +- outposts: set Kubernetes deployment security context (#5163) +- policies: provider raw result for better policy reusability (#5189) - providers/ldap: fix duplicate attributes (#4972) - providers/oauth2: fix response for response_type code and response_mode fragment (#4975) - providers/proxy: rework endpoints logic (#4993) -- providers/radius: simple radius outpost (#1796) +- providers/radius: simple RADIUS outpost (#1796) +- providers/scim: add missing default fields (#5108) +- providers/scim: fix error when user-group m2m is updated forward (#5082) +- providers: Add ability to choose a default authentication flow (#5070) +- stages/authenticator_validate: fix stage not working without pending user (#5096) +- stages/identification: revert is_active check (#5183) - stages/prompt: Add Radio Button Group, Dropdown and Text Area prompt fields (#4822) +- stages/prompt: Fix dropdown invalid choice (#5046) - stages/user_login: stay logged in (#4958) +- stages/user_write: improve error handling (#5136) +- stages: Add ability to set user friendly names for MFA stages (#5005) - web/admin: fix error adding users to groups (#5016) - web/admin: fix error listing blueprints with missing metadata (#5041) - web/admin: fix error when creating bindings due to hidden inputs (#5081) - web/admin: fix inconsistent display of flows in selections (#4977) +- web/admin: fix ldap form when editing scim provider from view page (#5164) - web/admin: fix prompt field display (#4990) +- web/admin: fix sidebar avatar not loaded (#5184) - web/admin: prompt preview (#5078) +- web/admin: show warning when adding user to superuser group (#5091) - web/elements: fix search select inconsistency (#4989) - web/elements: only render form once instance is loaded (#5049) - web/flows: fix authenticator selector in dark mode (#4974) +- web/user: rework search (#5107) +- web: only show debug locale if debug mode is enabled (#5111) +- web: remove more until (#5057) ## API Changes diff --git a/website/sidebars.js b/website/sidebars.js index 882ac3454..9385a4099 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -54,8 +54,8 @@ module.exports = { "providers/oauth2/device_code", ], }, - "providers/saml", - "providers/radius", + "providers/saml/index", + "providers/radius/index", { type: "category", label: "Proxy Provider", @@ -240,13 +240,14 @@ module.exports = { description: "Release notes for recent authentik versions", }, items: [ + "releases/2023/v2023.4", "releases/2023/v2023.3", "releases/2023/v2023.2", - "releases/2023/v2023.1", { type: "category", label: "Previous versions", items: [ + "releases/2023/v2023.1", "releases/2022/v2022.12", "releases/2022/v2022.11", "releases/2022/v2022.10",