MSIdentityTools

2.0.10

New-MsIdSamlRequest.ps1

                                <#

.SYNOPSIS

   Create New Saml Request.

.EXAMPLE

    PS > New-MsIdSamlRequest -Issuer 'urn:microsoft:adfs:claimsxray'

    Create New Saml Request for Claims X-Ray.

.INPUTS

    System.String

.OUTPUTS

    SamlMessage : System.Xml.XmlDocument, System.String

#>

function New-MsIdSamlRequest {

    [CmdletBinding()]

    #[OutputType([xml], [string])]

    param (

        # Azure AD uses this attribute to populate the InResponseTo attribute of the returned response.

        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true)]

        [string] $Issuer,

        # If provided, this parameter must match the RedirectUri of the cloud service in Azure AD.

        [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]

        [string] $AssertionConsumerServiceURL,

        # If this is true, Azure AD will attempt to authenticate the user silently using the session cookie.

        [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]

        [switch] $IsPassive,

        # If true, it means that the user will be forced to re-authenticate, even if they have a valid session with Azure AD.

        [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]

        [switch] $ForceAuthn,

        # Tailors the name identifier in the subjects of assertions.

        [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]

        [ArgumentCompleter({

                param ( $commandName, $parameterName, $wordToComplete, $commandAst, $fakeBoundParameters )

                'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'

                'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'

                'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'

                'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'

            })]

        [string] $NameIDPolicyFormat,

        # Specifies the authentication context requirements of authentication statements returned in response to a request or query.

        [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]

        [ArgumentCompleter({

                param ( $commandName, $parameterName, $wordToComplete, $commandAst, $fakeBoundParameters )

                'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'

                'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'

                'urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword'

                'urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword'

                'urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos'

                'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'

                'urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient'

                'urn:oasis:names:tc:SAML:2.0:ac:classes:Unspecified'

                'urn:oasis:names:tc:SAML:1.0:am:password'

                'urn:oasis:names:tc:SAML:1.0:am:X509-PKI'

                'urn:federation:authentication:windows'

                'http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password'

                'http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/secureremotepassword'

                'http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/windows'

                'http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/kerberos'

                'http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/tlsclient'

                'urn:ietf:rfc:1510'

                'urn:ietf:rfc:2246'

                'urn:ietf:rfc:2945'

            })]

        [string[]] $RequestedAuthnContext,

        # Specifies the comparison method used to evaluate the requested context classes or statements, one of "exact", "minimum", "maximum", or "better".

        [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]

        [ValidateSet('exact', 'minimum', 'maximum', 'better')]

        [string] $RequestedAuthnContextComparison,

        # Deflate and Base64 Encode the Saml Request

        [Parameter(Mandatory = $false)]

        [switch] $DeflateAndEncode,

        # Url Encode the Deflated and Base64 Encoded Saml Request

        [Parameter(Mandatory = $false)]

        [switch] $UrlEncode

    )

    begin {

        $pathSamlRequest = Join-Path $PSScriptRoot 'internal\SamlRequestTemplate.xml'

    }

    process {

        $xmlSamlRequest = New-Object SamlMessage

        $xmlSamlRequest.Load($pathSamlRequest)

        $xmlSamlRequest.AuthnRequest.ID = 'id{0}' -f (New-Guid).ToString("N")

        $xmlSamlRequest.AuthnRequest.IssueInstant = (Get-Date).ToUniversalTime().ToString('o')

        $xmlSamlRequest.AuthnRequest.Issuer.'#text' = $Issuer

        if ($AssertionConsumerServiceURL) { $xmlSamlRequest.AuthnRequest.SetAttribute('AssertionConsumerServiceURL', $AssertionConsumerServiceURL) }

        if ($PSBoundParameters.ContainsKey('IsPassive')) { $xmlSamlRequest.AuthnRequest.SetAttribute('IsPassive', $IsPassive.ToString().ToLowerInvariant()) }

        if ($PSBoundParameters.ContainsKey('ForceAuthn')) { $xmlSamlRequest.AuthnRequest.SetAttribute('ForceAuthn', $ForceAuthn.ToString().ToLowerInvariant()) }

        if ($NameIDPolicyFormat) { (Resolve-XmlElement $xmlSamlRequest.DocumentElement -Prefix samlp -LocalName NameIDPolicy -NamespaceURI $xmlSamlRequest.DocumentElement.NamespaceURI -CreateMissing).SetAttribute('Format', $NameIDPolicyFormat) }

        if ($RequestedAuthnContext) {

            $AuthnContextClassRefTemplate = $xmlSamlRequest.AuthnRequest.RequestedAuthnContext.ChildNodes[0]

            foreach ($AuthnContext in $RequestedAuthnContext) {

                $AuthnContextClassRef = $AuthnContextClassRefTemplate.Clone()

                $AuthnContextClassRef.'#text' = $AuthnContext

                [void]$xmlSamlRequest.AuthnRequest.RequestedAuthnContext.AppendChild($AuthnContextClassRef)

            }

            [void]$xmlSamlRequest.AuthnRequest.RequestedAuthnContext.RemoveChild($AuthnContextClassRefTemplate)

            if ($RequestedAuthnContextComparison) { $xmlSamlRequest.AuthnRequest.RequestedAuthnContext.SetAttribute('Comparison', $RequestedAuthnContextComparison) }

        }

        if ($DeflateAndEncode) {

            $EncodedSamlRequest = $xmlSamlRequest.OuterXml | Compress-Data | ConvertTo-Base64String

            if ($UrlEncode) { Write-Output ([System.Net.WebUtility]::UrlEncode($EncodedSamlRequest)) }

            else { Write-Output $EncodedSamlRequest }

        }

        else {

            Write-Output $xmlSamlRequest

        }

    }

}

# SIG # Begin signature block

# MIInsQYJKoZIhvcNAQcCoIInojCCJ54CAQExDzANBglghkgBZQMEAgEFADB5Bgor

# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG

# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCA1Z6dOQ/HsbPY/

# NZuaLJbVbRZUpO//bHCo4f4MYxSdLqCCDYUwggYDMIID66ADAgECAhMzAAACU+OD

# 3pbexW7MAAAAAAJTMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD

# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy

# b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p

# bmcgUENBIDIwMTEwHhcNMjEwOTAyMTgzMzAwWhcNMjIwOTAxMTgzMzAwWjB0MQsw

# CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u

# ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy

# b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB

# AQDLhxHwq3OhH+4J+SX4qS/VQG8HybccH7tnG+BUqrXubfGuDFYPZ29uCuHfQlO1

# lygLgMpJ4Geh6/6poQ5VkDKfVssn6aA1PCzIh8iOPMQ9Mju3sLF9Sn+Pzuaie4BN

# rp0MuZLDEXgVYx2WNjmzqcxC7dY9SC3znOh5qUy2vnmWygC7b9kj0d3JrGtjc5q5

# 0WfV3WLXAQHkeRROsJFBZfXFGoSvRljFFUAjU/zdhP92P+1JiRRRikVy/sqIhMDY

# +7tVdzlE2fwnKOv9LShgKeyEevgMl0B1Fq7E2YeBZKF6KlhmYi9CE1350cnTUoU4

# YpQSnZo0YAnaenREDLfFGKTdAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE

# AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUlZpLWIccXoxessA/DRbe26glhEMw

# VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh

# dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzQ2NzU5ODAfBgNVHSMEGDAW

# gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v

# d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw

# MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov

# L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx

# XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB

# AKVY+yKcJVVxf9W2vNkL5ufjOpqcvVOOOdVyjy1dmsO4O8khWhqrecdVZp09adOZ

# 8kcMtQ0U+oKx484Jg11cc4Ck0FyOBnp+YIFbOxYCqzaqMcaRAgy48n1tbz/EFYiF

# zJmMiGnlgWFCStONPvQOBD2y/Ej3qBRnGy9EZS1EDlRN/8l5Rs3HX2lZhd9WuukR

# bUk83U99TPJyo12cU0Mb3n1HJv/JZpwSyqb3O0o4HExVJSkwN1m42fSVIVtXVVSa

# YZiVpv32GoD/dyAS/gyplfR6FI3RnCOomzlycSqoz0zBCPFiCMhVhQ6qn+J0GhgR

# BJvGKizw+5lTfnBFoqKZJDROz+uGDl9tw6JvnVqAZKGrWv/CsYaegaPePFrAVSxA

# yUwOFTkAqtNC8uAee+rv2V5xLw8FfpKJ5yKiMKnCKrIaFQDr5AZ7f2ejGGDf+8Tz

# OiK1AgBvOW3iTEEa/at8Z4+s1CmnEAkAi0cLjB72CJedU1LAswdOCWM2MDIZVo9j

# 0T74OkJLTjPd3WNEyw0rBXTyhlbYQsYt7ElT2l2TTlF5EmpVixGtj4ChNjWoKr9y

# TAqtadd2Ym5FNB792GzwNwa631BPCgBJmcRpFKXt0VEQq7UXVNYBiBRd+x4yvjqq

# 5aF7XC5nXCgjbCk7IXwmOphNuNDNiRq83Ejjnc7mxrJGMIIHejCCBWKgAwIBAgIK

# YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV

# BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv

# c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm

# aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw

# OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE

# BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD

# VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG

# 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la

# UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc

# 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D

# dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+

# lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk

# kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6

# A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd

# X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL

# 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd

# sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3

# T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS

# 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI

# bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL

# BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD

# uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv

# c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf

# MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3

# dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf

# MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF

# BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h

# cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA

# YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn

# 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7

# v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b

# pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/

# KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy

# CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp

# mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi

# hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb

# BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS

# oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL

# gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX

# cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGYIwghl+AgEBMIGVMH4x

# CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt

# b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p

# Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAAJT44Pelt7FbswAAAAA

# AlMwDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw

# HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIHs2

# nfqgM02p59Gw3QLgFdIU8ldPSMRkAtqiqkN3EoF5MEIGCisGAQQBgjcCAQwxNDAy

# oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j

# b20wDQYJKoZIhvcNAQEBBQAEggEAM/UaRGygZCjoJYxscGGiTC3Qucn+F13rdlHH

# HjmCxvqGZZMbBm7NHee0FaFTZAg7l3a3ZPhEDP6H2YLScoZNZFH2UIW8nXRSkQxy

# 9JtR8/BW7RPHPRMqWCHATQnkBo98kYcR//EO9WRVCY21dxHzwd3avuJTxH7ifSmI

# gFxu3bG/ghSJ+e25TBHZ+xDAodB3SYkMRKn1xVD49OIIte8tC0QfRxWL/LFMTMaM

# rQOKGWEeQASm69Pfi9HQnF/HNguUrcFHU0tvc8P7YRcYatxV6EYtPO+9IYQWeC6A

# WWk0Hg1LC5zbf/X7Tt+FilU3PRDzj2IY7VvS04YauRMmos12G6GCFwwwghcIBgor

# BgEEAYI3AwMBMYIW+DCCFvQGCSqGSIb3DQEHAqCCFuUwghbhAgEDMQ8wDQYJYIZI

# AWUDBAIBBQAwggFVBgsqhkiG9w0BCRABBKCCAUQEggFAMIIBPAIBAQYKKwYBBAGE

# WQoDATAxMA0GCWCGSAFlAwQCAQUABCAe0BfS5VXHLEeZJGK92t6kKvFgyiJDLoiO

# Sh2cdPWEcgIGYi+27hLWGBMyMDIyMDQyMTAwMjk0NC4xMzFaMASAAgH0oIHUpIHR

# MIHOMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH

# UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQL

# EyBNaWNyb3NvZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhh

# bGVzIFRTUyBFU046NjBCQy1FMzgzLTI2MzUxJTAjBgNVBAMTHE1pY3Jvc29mdCBU

# aW1lLVN0YW1wIFNlcnZpY2WgghFfMIIHEDCCBPigAwIBAgITMwAAAaZZRYM5TZ7r

# SwABAAABpjANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK

# V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0

# IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0Eg

# MjAxMDAeFw0yMjAzMDIxODUxMjFaFw0yMzA1MTExODUxMjFaMIHOMQswCQYDVQQG

# EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG

# A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3NvZnQg

# T3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046

# NjBCQy1FMzgzLTI2MzUxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNl

# cnZpY2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDZmL97UiPnyfzU

# CZ48+ybwp3Pl5tKyqHvWCg+DLzGArpe3oHa0/87+bxW0IIzUO+Ou9nzcHms7ZEeu

# VfMtvbuTy9rH9NafrnIXtGbuLUooPhrEOmUJfbYz0QGP9yEwRw3iGMr6vFp3vfuz

# aDy4cQ0junbV+2ArkOM3Ez90hOjLweG+TYoIXbb6GVWmJNZV6Y1E33ZiqF9QAatb

# CW1C0p0otEHeL75d5mfY8cL/XUf55WT+tpa2WGauyz7Rw+gZZnJQeT0/PQ50ptbI

# 2mZxR6yszrJquRpZi+UhboAgmTqCs9d9xSXkGhTHFwWUgkIzQAVgWxyEQhNcrBxx

# vNw3aJ0ZpwvBDpWHkcE1s/0As+qtK4jiG2MgvwNgYFBKbvf/RMpq07MjK9v80vBn

# RMm0OVu39Fq3K5igf2OtvoOk5nzkvDbVPi9YxqCjRukOUZXycGbvCf0PXZeDschy

# rsu/PsJuh7Be7gIs6bFoet1FGqCvzhkIgRtzSfpHn+XlqZ72uGSX4QJ6mEwGQ9bh

# 4H/FX0I55dAQdmF8yvVmk6nXvHfvKgsVSq+YSWL2zvl9/tpOTwoq1Cv0m6K3l/sV

# IVWkBIVQ2KpWrcj7bSO2diK5ITM8Bb3PqdEHsjIjZqNnAWXo8fInAznFIncMpg1G

# KhjxOzAPL7Slt33nkkmCbAhJLlDv7wIDAQABo4IBNjCCATIwHQYDVR0OBBYEFDpU

# ITv8xpaivfVJDS/xrvwK8jfYMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1

# GelyMF8GA1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9w

# a2lvcHMvY3JsL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEp

# LmNybDBsBggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWlj

# cm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUy

# MFBDQSUyMDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYB

# BQUHAwgwDQYJKoZIhvcNAQELBQADggIBAIDA8Vg06Rqi5xaD4Zv4g38BxhfMa9jW

# 6yZfHoBINk4UybE39MARPmULJ2H60ZlwW3urAly1Te9Kj7iPjhGzeTDmouwbntf+

# I+VU5Fqrh+RmXlWrdjfnQ+5UlFqdHVPI/rgYQS+RhUpqA1VZvs1thkdo7jyNb9ue

# ACU29peOfGp5ZCYxr5mJ9gbUUtd4f8A0e4a0GiOwYHch1gFefhxI+VIayK677cCY

# or0mlBAN6iumSv62SEL/7jkQ5DjcPtqRxyBNUl5v1iJYa1UthyKIH69yY6r2YqJ+

# iyUg++NY/MVQy4gpcAG7KR6FRY8bcQXDI6j8emlgiUvL40qE54ZFeDzueZqrDO0P

# F0ERkIQO8OMzUDibvZA+MRXWKT1Jizf3WiHBBJaHwYxs/rBHdQeMqqiJN7thuFco

# E1xZrYS/HIUqO6/hiL06lioUgP7Gp0uDd4woAgntxU0ibKeIOZ8Gry71gLc3DiL0

# kaKxpgHjdJtsIMwSveU/6oKxhg10qLNSTQ1kVQZz9KrMNUKKuRtA/Icb0D7N1+Ny

# gb9RiZdMKOa3AvvTjFsSZQet4LU6ELANQhK2KGCzGbVMyS++I8GZP4K6RxEISIQd

# 7J3gvMMxiibn7e2Dvx1gqbsHQoSI8p05wYfshRjHYN8EayGznMP4ipl2aKTE0DDn

# JiHiMCQHswOwMIIHcTCCBVmgAwIBAgITMwAAABXF52ueAptJmQAAAAAAFTANBgkq

# hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x

# EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv

# bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5

# IDIwMTAwHhcNMjEwOTMwMTgyMjI1WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQG

# EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG

# A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQg

# VGltZS1TdGFtcCBQQ0EgMjAxMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC

# ggIBAOThpkzntHIhC3miy9ckeb0O1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+

# F2Az/1xPx2b3lVNxWuJ+Slr+uDZnhUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU

# 88V29YZQ3MFEyHFcUTE3oAo4bo3t1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqY

# O7oaezOtgFt+jBAcnVL+tuhiJdxqD89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzp

# cGkNyjYtcI4xyDUoveO0hyTD4MmPfrVUj9z6BVWYbWg7mka97aSueik3rMvrg0Xn

# Rm7KMtXAhjBcTyziYrLNueKNiOSWrAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1

# zcRfNN0Sidb9pSB9fvzZnkXftnIv231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZN

# N3SUHDSCD/AQ8rdHGO2n6Jl8P0zbr17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLR

# vWoYWmEBc8pnol7XKHYC4jMYctenIPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTY

# uVD5C4lh8zYGNRiER9vcG9H9stQcxWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUX

# k8A8FdsaN8cIFRg/eKtFtvUeh17aj54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB

# 2TASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKR

# PEY1Kc8Q/y8E7jAdBgNVHQ4EFgQUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0g

# BFUwUzBRBgwrBgEEAYI3TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5t

# aWNyb3NvZnQuY29tL3BraW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQM

# MAoGCCsGAQUFBwMIMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQE

# AwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQ

# W9fOmhjEMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNv

# bS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBa

# BggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0

# LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqG

# SIb3DQEBCwUAA4ICAQCdVX38Kq3hLB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOX

# PTEztTnXwnE2P9pkbHzQdTltuw8x5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6c

# qYJWAAOwBb6J6Gngugnue99qb74py27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/z

# jj3G82jfZfakVqr3lbYoVSfQJL1AoL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz

# /AyeixmJ5/ALaoHCgRlCGVJ1ijbCHcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyR

# gNI95ko+ZjtPu4b6MhrZlvSP9pEB9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdU

# bZ1jdEgssU5HLcEUBHG/ZPkkvnNtyo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo

# 3GcZKCS6OEuabvshVGtqRRFHqfG3rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4K

# u+xBZj1p/cvBQUl+fpO+y/g75LcVv7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10Cga

# iQuPNtq6TPmb/wrpNPgkNWcr4A245oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9

# vMvpe784cETRkPHIqzqKOghif9lwY1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGC

# AtIwggI7AgEBMIH8oYHUpIHRMIHOMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz

# aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv

# cnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3NvZnQgT3BlcmF0aW9ucyBQdWVydG8g

# UmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046NjBCQy1FMzgzLTI2MzUxJTAj

# BgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2WiIwoBATAHBgUrDgMC

# GgMVAGp0M62VvUwfd1Xuz2uFD2qNn3ytoIGDMIGApH4wfDELMAkGA1UEBhMCVVMx

# EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT

# FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUt

# U3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEFBQACBQDmCvv2MCIYDzIwMjIwNDIx

# MDEzOTAyWhgPMjAyMjA0MjIwMTM5MDJaMHcwPQYKKwYBBAGEWQoEATEvMC0wCgIF

# AOYK+/YCAQAwCgIBAAICJe4CAf8wBwIBAAICEbswCgIFAOYMTXYCAQAwNgYKKwYB

# BAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgCAQACAwGG

# oDANBgkqhkiG9w0BAQUFAAOBgQCOeuoRpB+YSSdp5+1iR3rz+GylN2eSXo3+wrMu

# hpnsYRj6ac1fKD2vsRB3nDabV+vVMgwSy1oUOauugJT0RCUOIStbYv8Lo/D/I1yk

# T0ckNsOhKI2M4jjkLTt4IFQuIRJnoN7R06kjsywAIZuE4fBtFSQZ6BgoKzUAS6k+

# Liw6dTGCBA0wggQJAgEBMIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo

# aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y

# cG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEw

# AhMzAAABpllFgzlNnutLAAEAAAGmMA0GCWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG

# 9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEIDkKqko/2U2YqYKs

# JHofl7IC1D7zsOlmqJWQczWQ48AOMIH6BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCB

# vQQggwsZi8M/dH1r4TCmyUwEGirdw6F3ogIX6fEw/bYEqw0wgZgwgYCkfjB8MQsw

# CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u

# ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNy

# b3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAaZZRYM5TZ7rSwABAAABpjAi

# BCDInVSu+tgQApNFQJ5uiatss3oXSeVOtnoGK/XdvVHxrjANBgkqhkiG9w0BAQsF

# AASCAgBsJFWRaQLFG4tXPXfVwMK5jgvR40ligCsttBAA869E+3hsmlTYyfLtk4np

# LkLoVXmWBQKT/mqrbfb4rxRUQ1pFMBOf1qG7Qc024WlmDZF/Vub0Ry6iih8dHvMz

# VtpW7cPMXTeRv5Ke13o0FWwX8hatNH712WaxNTu95FBZTWXUdrCmhqKLK77FIOTA

# 8AjLzVZKw+HpojUGH0P/CSRhnuH8iSBj2d6Hce8ZLzTvjT8aPYIyOyBrung+ncjW

# y0lwegBR1FQlyC7MgBJjKRHUz6ZoIvMEXcdK9nY4z7QDJwz1BZvPXHND64LeQhhL

# /dZBdyc5TcSouA0yd73Qe8sJk5Rbaer8Tnurw6WwBBgYxLl8m17R/NdH/2BCI958

# jSkjZMbmJwYrw+UpqI+3urIc5jH15xO2rFQtN5XTEknRciKGfPciGvjztWdTCS8N

# vq0Y2marhhXJFiHMh+O6mM8MRmPQeZ0Cu72EZ8boDmlj3A3nm2yB3ajm/kDzKeDy

# h97uscjvTK0IWzPMZzGU16SSUx6t5GzMGBcsi5NAu7I/p3M5zy3WGda5xTDcNSJG

# fp8iCq+eDypQyslrLFWeTelBklh9LdCevQq/xsJZPvF65iM9Lm6oOlqLXl0b8eC1

# iNRHG1rfNgaXgHIxhvhVux5yrjhQUY4wVb1hI/APEj46SX6Quw==

# SIG # End signature block