KEYCLOAK-6566 Initial commit of xPaaS documentation (#343)
This commit is contained in:
parent
ff4d8436d3
commit
23d48bb12c
23 changed files with 4105 additions and 0 deletions
2
openshift/build.cfg
Normal file
2
openshift/build.cfg
Normal file
|
@ -0,0 +1,2 @@
|
|||
pdf_mono_font: "DejaVu Sans Mono"
|
||||
pdf_body_font: "DejaVu Sans"
|
5
openshift/common/attributes.adoc
Normal file
5
openshift/common/attributes.adoc
Normal file
|
@ -0,0 +1,5 @@
|
|||
:productname: Red Hat JBoss Middleware for OpenShift
|
||||
:productversion: 3
|
||||
:productdocsemail: xpaas-docs@redhat.com
|
||||
:imagesdir: images
|
||||
|
16
openshift/common/common_admin.adoc
Normal file
16
openshift/common/common_admin.adoc
Normal file
|
@ -0,0 +1,16 @@
|
|||
==== Environment Variables
|
||||
|
||||
|===
|
||||
|Variable name |Description |Example value
|
||||
|
||||
|`*ADMIN_USERNAME*`
|
||||
|If both this and `*ADMIN_PASSWORD`* are defined,
|
||||
used for the EAP management port user name.
|
||||
|`eapadmin`
|
||||
|
||||
|`*ADMIN_PASSWORD*`
|
||||
|If defined, an admin user is defined for accessing
|
||||
the management port, with this value as password.
|
||||
|`passw0rd`
|
||||
|===
|
||||
|
0
openshift/common/common_basic_info.adoc
Normal file
0
openshift/common/common_basic_info.adoc
Normal file
25
openshift/common/common_clustering.adoc
Normal file
25
openshift/common/common_clustering.adoc
Normal file
|
@ -0,0 +1,25 @@
|
|||
Clustering is achieved through one of two discovery mechanisms:
|
||||
Kubernetes or DNS. This is done by configuring the JGroups protocol stack in
|
||||
standalone-openshift.xml with either the `<openshift.KUBE_PING/>` or `<openshift.DNS_PING/>`
|
||||
elements. Out of the box, `KUBE_PING` is the pre-configured and supported protocol.
|
||||
|
||||
For `KUBE_PING` to work, however, the following steps must be taken:
|
||||
|
||||
. The `OPENSHIFT_KUBE_PING_NAMESPACE` environment variable must be set (see table above).
|
||||
If not set, the server will act as if it is a single-node cluster (a "cluster of one").
|
||||
. The `OPENSHIFT_KUBE_PING_LABELS` environment variables should be set (see table above).
|
||||
If not set, pods outside of your application (albeit in your namespace) will try to join.
|
||||
. Authorization must be granted to the service account the pod is running under to be
|
||||
allowed to access Kubernetes' REST api. This is done on the command line.
|
||||
|
||||
.Policy commands
|
||||
====
|
||||
Using the default service account in the myproject namespace:
|
||||
....
|
||||
oc policy add-role-to-user view system:serviceaccount:$(oc project -q):default -n $(oc project -q)
|
||||
....
|
||||
Using the eap-service-account in the myproject namespace:
|
||||
....
|
||||
oc policy add-role-to-user view system:serviceaccount:$(oc project -q):eap-service-account -n $(oc project -q)
|
||||
....
|
||||
====
|
10
openshift/common/common_datasources.adoc
Normal file
10
openshift/common/common_datasources.adoc
Normal file
|
@ -0,0 +1,10 @@
|
|||
Datasources are automatically created based on the value of some environment variables.
|
||||
|
||||
The most important is the `*DB_SERVICE_PREFIX_MAPPING*` environment variable
|
||||
that defines JNDI mappings for data sources. This variable must be set to a
|
||||
comma-separated list of `*<name>_<database_type>=<PREFIX>*` triplets, where
|
||||
`name` is used as the pool-name in the data source, `database_type` determines
|
||||
what database driver to use, and `PREFIX` is the prefix used in the names of
|
||||
environment variables, which are used to configure the data source.
|
||||
|
||||
include::jndi_mappings.adoc[]
|
99
openshift/common/common_eap_sso.adoc
Normal file
99
openshift/common/common_eap_sso.adoc
Normal file
|
@ -0,0 +1,99 @@
|
|||
This image contains support for Red Hat SSO/Keycloak-enabled applications.
|
||||
|
||||
==== Environment variables
|
||||
|
||||
|===
|
||||
|Variable name |Description |Example value
|
||||
|
||||
|`SSO_URI`
|
||||
| URI of the SSO/Keycloak server
|
||||
| -
|
||||
|
||||
|`SSO_REALM`
|
||||
| SSO/Keycloak realm for the deployed application(s)
|
||||
| -
|
||||
|
||||
|`SSO_PUBLIC_KEY`
|
||||
| Public key of the SSO/Keycloak Realm. This field is optional but if omitted can leave the applications vulnerable to man-in-middle attacks
|
||||
| -
|
||||
|
||||
|`SSO_USERNAME`
|
||||
| SSO/Keycloak User required to access the SSO/Keycloak REST API
|
||||
| `mySsoUser`
|
||||
|
||||
|`SSO_PASSWORD`
|
||||
| Password for `SSO_USERNAME`
|
||||
| `6fedmL3P`
|
||||
|
||||
|`SSO_SAML_KEYSTORE_SECRET`
|
||||
| Secret to use for access to SAML keystore
|
||||
| Default: `sso-app-secret`
|
||||
|
||||
|`SSO_SAML_KEYSTORE`
|
||||
| Keystore location for SAML
|
||||
| Default: `/etc/sso-saml-secret-volume/keystore.jks`
|
||||
|
||||
|`SSO_SAML_KEYSTORE_PASSWORD`
|
||||
| Keystore password for SAML
|
||||
| Default: `mykeystorepass`
|
||||
|
||||
|`SSO_SAML_CERTIFICATE_NAME`
|
||||
| Alias for keys/certificate to use for SAML
|
||||
| Default: `jboss`
|
||||
|
||||
|`SSO_BEARER_ONLY`
|
||||
| Optional. SSO Client Access Type
|
||||
| true
|
||||
|
||||
|`SSO_CLIENT`
|
||||
| Path for SSO redirects back to the application
|
||||
| Defaults to match module-name
|
||||
|
||||
|`SSO_ENABLE_CORS`
|
||||
| Optionally enable CORS for SSO applications
|
||||
| true
|
||||
|
||||
|`SSO_SECRET`
|
||||
| The SSO Client Secret for Confidential Access
|
||||
| KZ1QyIq4
|
||||
|
||||
|`SSO_SECURE_SSL_CONNECTIONS`
|
||||
| If true SSL communication between EAP and the SSO Server will be secure (i.e. certificate validation is enabled with curl)
|
||||
| false
|
||||
|===
|
||||
|
||||
==== Example
|
||||
|
||||
.Creating Secrets and SSO/Keycloak-enabled EAP in "myproject" project/namespace
|
||||
====
|
||||
Once the SSO/Keycloak server has been instantiated and configured with the
|
||||
appropriate Realm, Role(s), and User(s):
|
||||
|
||||
. Create Realm (e.g demo)
|
||||
. Create Role that corresponds to JEE Role (e.g. user)
|
||||
. Create User with permanent password credential (e.g. mgmtuser/mgmtpass). Add
|
||||
all "realm-management" Roles. This User is used to automatically configure
|
||||
the SSO Clients in the SSO Server.
|
||||
. Create User with permanent password credential (e.g. demouser/demopass). Add
|
||||
Roles to User: JEE Role from #2. This User is used to authenticate access to
|
||||
user applications.
|
||||
|
||||
Copy the Realm Public Key from the SSO/Keycloak console and use as the value of
|
||||
`SSO_PUBLIC_KEY` below. Set `SSO_URI` according to the location of the SSO
|
||||
server.
|
||||
|
||||
....
|
||||
$ oc create -n myproject -f secrets/eap-app-secret.json
|
||||
$ oc create -n myproject -f secrets/sso-app-secret.json
|
||||
$ oc process -f eap/eap64-sso-s2i.json -v APPLICATION_NAME=helloworld,SOURCE_REPOSITORY_URL=https://github.com/keycloak/keycloak-examples,SOURCE_REPOSITORY_REF=0.4-openshift,CONTEXT_DIR=,SSO_URI=https://secure-sso-demo.hostname/auth,SSO_REALM=demo,SSO_USERNAME=mgmtuser,SSO_PASSWORD=mgmtpass,SSO_PUBLIC_KEY=XXX | oc create -n myproject -f -
|
||||
....
|
||||
After executing the above, you should be able to access the
|
||||
SSO/Keycloak-enabled applications at
|
||||
http://helloworld-myproject.hostname/app-context and
|
||||
https://secure-helloworld-myproject.hostname/app-context where app-context is
|
||||
`app-jee`, `app-profile-jee`, `app-profile-jee-saml`, or service depending on the
|
||||
example application.
|
||||
|
||||
Note the `app-html5` and `app-profile-html5` example applications are not deployed
|
||||
or functional.
|
||||
====
|
18
openshift/common/common_https.adoc
Normal file
18
openshift/common/common_https.adoc
Normal file
|
@ -0,0 +1,18 @@
|
|||
==== Environment variables
|
||||
|
||||
|===
|
||||
|Variable name |Description |Example value
|
||||
|
||||
|`HTTPS_NAME`
|
||||
|If defined along with `HTTPS_PASSWORD` and `HTTPS_KEYSTORE`, enable HTTPS and set the SSL name.
|
||||
|`example.com`
|
||||
|
||||
|`HTTPS_PASSWORD`
|
||||
|If defined along with `HTTPS_NAME` and `HTTPS_KEYSTORE`, enable HTTPS and set the SSL key password.
|
||||
|`passw0rd`
|
||||
|
||||
|`HTTPS_KEYSTORE`
|
||||
|If defined along with `HTTPS_PASSWORD` and `HTTPS_NAME`, enable HTTPS and set the SSL certificate key file to a
|
||||
relative path under `$JBOSS_HOME/standalone/configuration`
|
||||
|`ssl.key`
|
||||
|===
|
86
openshift/common/common_s2i.adoc
Normal file
86
openshift/common/common_s2i.adoc
Normal file
|
@ -0,0 +1,86 @@
|
|||
The image includes S2I scripts and maven.
|
||||
|
||||
Maven is currently only supported as a build tool for applications
|
||||
that are supposed to be deployed on JBoss EAP-based containers (or
|
||||
related/descendant images) on OpenShift.
|
||||
|
||||
Only WAR deployments are supported at this time.
|
||||
|
||||
==== Custom configuration
|
||||
|
||||
It is possible to add custom configuration files for the image. All
|
||||
files put into configuration/ directory will be copied into
|
||||
`$JBOSS_HOME/standalone/configuration/`. For example to override the
|
||||
default configuration used in the image, just add a custom
|
||||
standalone-openshift.xml into the configuration/ directory.
|
||||
https://github.com/goldmann/openshift-eap-examples/tree/master/custom-configuration[See
|
||||
example] for such deployment.
|
||||
|
||||
===== Custom modules
|
||||
|
||||
It is possible to add custom modules. All files from the
|
||||
modules/Â directory will be copied into `$JBOSS_HOME/modules/`.
|
||||
https://github.com/goldmann/openshift-eap-examples/tree/master/custom-module[See
|
||||
example] for such deployment.
|
||||
|
||||
==== Deployment Artifacts
|
||||
|
||||
By default, artifacts from the source `target` directory will be deployed. To deploy from
|
||||
different directories set the ARTIFACT_DIR environment variable in the BuildConfig
|
||||
definition. ARTIFACT_DIR is a comma-delimited list. For example:
|
||||
ARTIFACT_DIR=app1/target,app2/target,app3/target
|
||||
|
||||
==== Artifact Repository Mirrors
|
||||
|
||||
// Define required 'bcname' attribute for maven_mirror_url.adoc page
|
||||
:bcname: eap
|
||||
|
||||
// Include the Artifact Repository Mirros section
|
||||
// (MAVEN_MIRROR_URL variable usage information)
|
||||
include::maven_mirror_url.adoc[bcname]
|
||||
|
||||
==== Scripts
|
||||
|
||||
`run`:: runs the container without any changes to the default
|
||||
configuration, this means that the standalone-ha.xml configuration will
|
||||
be used.
|
||||
`assemble`:: uses Maven to build the source, create a package (war) and
|
||||
move it to the `$JBOSS_HOME/standalone/deployments` directory.
|
||||
|
||||
==== Environment variables
|
||||
|
||||
You can influence the way the build is executed by supplying environment
|
||||
variables to the `s2i build` command. See the
|
||||
link:https://github.com/openshift/source-to-image/blob/master/docs/cli.md[s2i
|
||||
docs] for more information. The environment variables that can be supplied are:
|
||||
|
||||
|===
|
||||
|Variable name |Description |Example value
|
||||
|
||||
include::common_s2i_env_vars.adoc[]
|
||||
|
||||
|*_APP_DATADIR_*
|
||||
| If defined, directory in the source from where data files are copied.
|
||||
|*_mydata_*
|
||||
|
||||
|*_DATA_DIR_*
|
||||
| Directory in the image where data from `$APP_DATADIR` will be copied.
|
||||
|*_$JBOSS_HOME/data_*
|
||||
|
||||
|===
|
||||
|
||||
==== Example
|
||||
|
||||
This example for the JBoss EAP 6.4 image builds the Heroku Java example
|
||||
|
||||
----
|
||||
s2i build -e "MAVEN_ARGS=clean package" --loglevel=5 --forcePull=false https://github.com/heroku/java-sample.git ce-registry.usersys.redhat.com/jboss-eap-6/eap-openshift:6.4 test-jee-app
|
||||
----
|
||||
|
||||
Later you can run the application with:
|
||||
|
||||
----
|
||||
docker run -it --rm test-jee-app
|
||||
----
|
||||
|
||||
This will run a container and deploy the hello world application on start-up.
|
39
openshift/common/common_s2i_env_vars.adoc
Normal file
39
openshift/common/common_s2i_env_vars.adoc
Normal file
|
@ -0,0 +1,39 @@
|
|||
|`ARTIFACT_DIR`
|
||||
|`.war` and `.jar` files from this directory will be copied into the `deployments` directory.
|
||||
|`target`
|
||||
|
||||
|`HTTP_PROXY_HOST`
|
||||
| Hostname or IP address of a HTTP proxy for Maven to use.
|
||||
|`192.168.1.1`
|
||||
|
||||
|`HTTP_PROXY_PORT`
|
||||
| TCP Port of a HTTP proxy for Maven to use.
|
||||
|`8080`
|
||||
|
||||
|`HTTP_PROXY_USERNAME`
|
||||
| If supplied with `HTTP_PROXY_PASSWORD`, use credentials for HTTP proxy.
|
||||
| myusername
|
||||
|
||||
|`HTTP_PROXY_PASSWORD`
|
||||
| If supplied with `HTTP_PROXY_USERNAME`, use credentials for HTTP proxy.
|
||||
| mypassword
|
||||
|
||||
|`HTTP_PROXY_NONPROXYHOSTS`
|
||||
| If supplied, a configured HTTP proxy will ignore these hosts.
|
||||
|`some.example.org\|*.example.net`
|
||||
|
||||
|`MAVEN_ARGS`
|
||||
| Overrides the arguments supplied to maven during build.
|
||||
|`-e -Popenshift -DskipTests -Dcom.redhat.xpaas.repo.redhatga package`
|
||||
|
||||
|`MAVEN_ARGS_APPEND`
|
||||
| Appends user arguments supplied to maven during build.
|
||||
|`-Dfoo=bar`
|
||||
|
||||
|`MAVEN_MIRROR_URL`
|
||||
| URL of a Maven Mirror/repository manager to configure.
|
||||
|`\http://10.0.0.1:8080/repository/internal/`
|
||||
|
||||
|`MAVEN_CLEAR_REPO`
|
||||
| Optionally clear the local maven repository after the build.
|
||||
|`true`
|
34
openshift/common/common_security_domains.adoc
Normal file
34
openshift/common/common_security_domains.adoc
Normal file
|
@ -0,0 +1,34 @@
|
|||
To configure a new Security Domain, the user must define the
|
||||
`SECDOMAIN_NAME` environment variable.
|
||||
|
||||
This will result in the creation of a security domain named
|
||||
after the environment variable. The user may also define the following
|
||||
environment variables to customize the domain:
|
||||
|
||||
|===
|
||||
|Variable name |Description |Example value
|
||||
|
||||
|`SECDOMAIN_NAME`
|
||||
| Define in order to enable the definition of an additional security
|
||||
domain.
|
||||
| `myDomain`
|
||||
|`SECDOMAIN_PASSWORD_STACKING`
|
||||
| If defined, the password-stacking module option is enabled and
|
||||
set to the value useFirstPass.
|
||||
| `true`
|
||||
|
||||
|`SECDOMAIN_LOGIN_MODULE`
|
||||
| The login module to be used. +
|
||||
Defaults to `UsersRoles`
|
||||
| `UsersRoles`
|
||||
|
||||
|`SECDOMAIN_USERS_PROPERTIES`
|
||||
| The name of the properties file containing user definitions. +
|
||||
Defaults to `users.properties`
|
||||
| `users.properties`
|
||||
|
||||
|`SECDOMAIN_ROLES_PROPERTIES`
|
||||
| The name of the properties file containing role definitions. +
|
||||
Defaults to `roles.properties`
|
||||
| `roles.properties`
|
||||
|===
|
99
openshift/common/jndi_mappings.adoc
Normal file
99
openshift/common/jndi_mappings.adoc
Normal file
|
@ -0,0 +1,99 @@
|
|||
[[db_service_prefix_mapping]]
|
||||
==== JNDI mappings for datasources
|
||||
|
||||
For each `<name>-<database_type>=PREFIX` triplet in the `DB_SERVICE_PREFIX_MAPPING`
|
||||
environment variable, a separate datasource will be created by the launch script, which is
|
||||
executed when running the image.
|
||||
|
||||
The `<database_type>` will determine the driver for the datasource. Currently, only `postgresql` and
|
||||
`mysql` are supported.
|
||||
|
||||
The `<name>` parameter can be chosen on you own. Do not use any special characters.
|
||||
|
||||
NOTE: The first part (before the equal sign) of the `DB_SERVICE_PREFIX_MAPPING`
|
||||
should be lowercase.
|
||||
|
||||
===== Database drivers
|
||||
|
||||
Every image contains Java drivers for MySQL, PostgreSQL and MongoDB databases deployed.
|
||||
Datasources are *generated only for MySQL and PostgreSQL databases*.
|
||||
|
||||
NOTE: For MongoDB database there are no JNDI mappings created because this is not
|
||||
a SQL database.
|
||||
|
||||
===== Datasource configuration environment variables
|
||||
|
||||
Other datasource properties will be configured from the following environment
|
||||
variables:
|
||||
|
||||
|===
|
||||
|Variable name |Description |Example value
|
||||
|
||||
|`<NAME>_<DATABASE_TYPE>_SERVICE_HOST` |Defines the database server's hostname or IP to be
|
||||
used in the datasource's `connection-url` property.
|
||||
|`192.168.1.3`
|
||||
|
||||
|`<NAME>_<DATABASE_TYPE>_SERVICE_PORT` |Defines the database server's port for the datasource.
|
||||
|`5432`
|
||||
|
||||
|`<PREFIX>_JNDI` |Defines the JNDI name for the datasource. Defaults to
|
||||
`java:jboss/datasources/<name>_<database_type>`, where `name` and `database_type` are taken from
|
||||
the triplet described above. This setting is useful if you want to override the default
|
||||
generated JNDI name. |`java:jboss/datasources/test-postgresql`
|
||||
|
||||
|`<PREFIX>_USERNAME` |Defines the username for the datasource.
|
||||
|`admin`
|
||||
|
||||
|`<PREFIX>_PASSWORD` |Defines the password for the datasource.
|
||||
|`password`
|
||||
|
||||
|`<PREFIX>_DATABASE` |Defines the database name for the datasource.
|
||||
|`myDatabase`
|
||||
|
||||
|`<PREFIX>_TX_ISOLATION` |Defines the java.sql.Connection transaction isolation
|
||||
level for the datasource.
|
||||
|`TRANSACTION_READ_UNCOMMITTED`
|
||||
|
||||
|`<PREFIX>_MIN_POOL_SIZE` |Defines the minimum pool size option for the datasource.
|
||||
|`1`
|
||||
|
||||
|`<PREFIX>_MAX_POOL_SIZE` |Defines the maximum pool size option for the datasource.
|
||||
|`20`
|
||||
|
||||
|===
|
||||
|
||||
When running this image in OpenShift, the `<NAME>_<DATABASE_TYPE>_SERVICE_HOST`
|
||||
and `<NAME>_<DATABASE_TYPE>_SERVICE_PORT` environment variables are set up
|
||||
automatically from the database service definition in the OpenShift application
|
||||
template, while the others are configured in the template directly (as `env`
|
||||
entries in container definitions under each pod template).
|
||||
|
||||
===== Examples
|
||||
|
||||
These examples show how value of the `DB_SERVICE_PREFIX_MAPPING` environment
|
||||
variable influences datasource creation.
|
||||
|
||||
====== Single mapping
|
||||
|
||||
Consider value `test-postgresql=TEST`.
|
||||
|
||||
This will create a datasource with `java:jboss/datasources/test_postgresql` name.
|
||||
Additionally all the required settings like password and username will be expected
|
||||
to be provided as env variables with the `TEST_` prefix, for example `TEST_USERNAME`
|
||||
and `TEST_PASSWORD`.
|
||||
|
||||
====== Multiple mappings
|
||||
|
||||
You can also specify multiple database mappings. Consider following value for the
|
||||
`DB_SERVICE_PREFIX_MAPPING` environment variable: `cloud-postgresql=CLOUD,test-mysql=TEST_MYSQL`.
|
||||
|
||||
NOTE: Multiple datasource mappings should be separated with comma.
|
||||
|
||||
This will create two datasources:
|
||||
|
||||
1. `java:jboss/datasources/test_mysql`, and
|
||||
2. `java:jboss/datasources/cloud_postgresql`.
|
||||
|
||||
MySQL datasource configuration (username, etc) will be expected with the
|
||||
`TEST_MYSQL` prefix, for example `TEST_MYSQL_USERNAME`, whereas for the PostgreSQL
|
||||
datasource it'll expect beexpected with the `CLOUD_` prefix, for example `CLOUD_USERNAME`.
|
54
openshift/common/maven_mirror_url.adoc
Normal file
54
openshift/common/maven_mirror_url.adoc
Normal file
|
@ -0,0 +1,54 @@
|
|||
// This page describes MAVEN_MIRROR_URL variable usage
|
||||
// It requires 'bcname' attribute to be set to the name of the product
|
||||
|
||||
A repository in Maven holds build artifacts and dependencies of various types
|
||||
(all the project jars, library jar, plugins or any other project specific
|
||||
artifacts). It also specifies locations from where to download artifacts from,
|
||||
while performing the S2I build. Besides using central repositories, it is a
|
||||
common practice for organizations to deploy a local custom repository (mirror).
|
||||
|
||||
Benefits of using a mirror are:
|
||||
|
||||
* Availability of a synchronized mirror, which is geographically closer and
|
||||
faster.
|
||||
* Ability to have greater control over the repository content.
|
||||
* Possibility to share artifacts across different teams (developers, CI),
|
||||
without the need to rely on public servers and repositories.
|
||||
* Improved build times.
|
||||
|
||||
Often, a repository manager can serve as local cache to a mirror. Assuming that
|
||||
the repository manager is already deployed and reachable externally at
|
||||
*_pass:[http://10.0.0.1:8080/repository/internal/]_*, the S2I build can then use this
|
||||
manager by supplying the `MAVEN_MIRROR_URL` environment variable to the
|
||||
build configuration of the application as follows:
|
||||
|
||||
. Identify the name of the build configuration to apply `MAVEN_MIRROR_URL`
|
||||
variable against:
|
||||
+
|
||||
[subs="attributes"]
|
||||
----
|
||||
oc get bc -o name
|
||||
buildconfig/{bcname}
|
||||
----
|
||||
. Update build configuration of `{bcname}` with a `MAVEN_MIRROR_URL` environment variable
|
||||
+
|
||||
[subs="attributes"]
|
||||
----
|
||||
oc env bc/{bcname} MAVEN_MIRROR_URL="http://10.0.0.1:8080/repository/internal/"
|
||||
buildconfig "{bcname}" updated
|
||||
----
|
||||
. Verify the setting
|
||||
+
|
||||
[subs="attributes"]
|
||||
----
|
||||
oc env bc/{bcname} --list
|
||||
# buildconfigs {bcname}
|
||||
MAVEN_MIRROR_URL=http://10.0.0.1:8080/repository/internal/
|
||||
----
|
||||
. Schedule new build of the application
|
||||
|
||||
NOTE: During application build, you will notice that Maven dependencies are
|
||||
pulled from the repository manager, instead of the default public repositories.
|
||||
Also, after the build is finished, you will see that the mirror is filled with
|
||||
all the dependencies that were retrieved and used during the build.
|
||||
|
24
openshift/content/before_you_begin/before_you_begin.adoc
Normal file
24
openshift/content/before_you_begin/before_you_begin.adoc
Normal file
|
@ -0,0 +1,24 @@
|
|||
=== Comparison: {xpaasproduct-shortname} Image and Red Hat Single Sign-On
|
||||
The {xpaasproduct-shortname} image version number 7.2 is based on Red Hat Single Sign-On 7.2. There are some differences in functionality between the {xpaasproduct-shortname} image and Red Hat Single Sign-On:
|
||||
|
||||
* The {xpaasproduct-shortname} image includes all of the functionality of Red Hat Single Sign-On. In addition, the RH-SSO-enabled JBoss EAP image automatically handles OpenID Connect or SAML client registration and configuration for *_.war_* deployments that contain *<auth-method>KEYCLOAK</auth-method>* or *<auth-method>KEYCLOAK-SAML</auth-method>* in their respective *web.xml* files.
|
||||
|
||||
=== Version Compatibility and Support
|
||||
See the xPaaS part of the https://access.redhat.com/articles/2176281[OpenShift and Atomic Platform Tested Integrations page] for details about OpenShift image version compatibility.
|
||||
|
||||
=== Deprecated Image Streams and Application Templates for {xpaasproduct-shortname}
|
||||
|
||||
[IMPORTANT]
|
||||
====
|
||||
The {xpaasproduct-shortname} image version number 7.0 is deprecated and it will no longer receive updates of image and application templates.
|
||||
|
||||
*To deploy new applications, it is recommended to use the version 7.1 or 7.2 of the {xpaasproduct-shortname} image along with the application templates specific to those versions.*
|
||||
====
|
||||
|
||||
=== Initial Setup
|
||||
The Tutorials in this guide follow on from and assume an OpenShift instance similar to that created in the https://access.redhat.com/documentation/en/red-hat-application-services/0/openshift-primer[OpenShift Primer].
|
||||
|
||||
[IMPORTANT]
|
||||
====
|
||||
For information related to updating the existing database when migrating {xpaasproduct-shortname} image from RH-SSO 7.0 to RH-SSO 7.1, or from RH-SSO 7.1 to RH-SSO 7.2, see the xref:../tutorials/tutorials.adoc#upgrading-sso-db-from-70-to-71[Updating Existing Database when Migrating {xpaasproduct-shortname} Image to a new version] section.
|
||||
====
|
929
openshift/content/get_started/get_started.adoc
Normal file
929
openshift/content/get_started/get_started.adoc
Normal file
|
@ -0,0 +1,929 @@
|
|||
=== Using the {xpaasproduct-shortname} Image Streams and Application Templates
|
||||
Red Hat JBoss Middleware for OpenShift images are pulled on demand from the Red Hat Registry: link:http://registry.access.redhat.com[registry.access.redhat.com]. To update to the latest {xpaasproduct-shortname} images, run the following commands:
|
||||
|
||||
. On your master host(s), ensure that you are logged in as a cluster administrator or a user with project administrator access to the global `openshift` project.
|
||||
+
|
||||
----
|
||||
$ oc login -u system:admin
|
||||
----
|
||||
. Run the following commands to update the core set of RH-SSO 7.2 resources for OpenShift in the `openshift` project:
|
||||
+
|
||||
----
|
||||
$ for resource in sso72-image-stream.json \
|
||||
sso72-https.json \
|
||||
sso72-mysql-persistent.json \
|
||||
sso72-mysql.json \
|
||||
sso72-postgresql-persistent.json \
|
||||
sso72-postgresql.json
|
||||
do
|
||||
oc replace -n openshift --force -f \
|
||||
https://raw.githubusercontent.com/jboss-openshift/application-templates/ose-v1.4.9/sso/${resource}
|
||||
done
|
||||
----
|
||||
. Run the following command to install the RH-SSO 7.2 OpenShift image streams in the `openshift` project:
|
||||
+
|
||||
----
|
||||
$ oc -n openshift import-image redhat-sso72-openshift:1.0
|
||||
----
|
||||
|
||||
=== Preparing and Deploying the {xpaasproduct-shortname} Application Templates
|
||||
|
||||
[[Configuring-Keystores]]
|
||||
==== Configuring Keystores
|
||||
|
||||
The {xpaasproduct-shortname} image requires two keystores: +
|
||||
- An SSL keystore to provide private and public keys for https traffic encryption. +
|
||||
- A JGroups keystore to provide private and public keys for network traffic encryption between nodes in the cluster.
|
||||
|
||||
These keystores are expected by the {xpaasproduct-shortname} image, even if the application uses only http on a single-node OpenShift instance. Self-signed certificates do not provide secure communication and are intended for internal testing purposes.
|
||||
|
||||
[WARNING]
|
||||
For production environments Red Hat recommends that you use your own SSL certificate purchased from a verified Certificate Authority (CA) for SSL-encrypted connections (HTTPS).
|
||||
|
||||
See the https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.1/html-single/Security_Guide/index.html#Generate_a_SSL_Encryption_Key_and_Certificate[JBoss Enterprise Application Platform Security Guide] for more information on how to create a keystore with self-signed or purchased SSL certificates.
|
||||
|
||||
==== Generating Secrets
|
||||
|
||||
OpenShift uses objects called `Secrets` to hold sensitive information, such as passwords or keystores. See the https://access.redhat.com/documentation/en/openshift-enterprise/version-3.2/developer-guide/#dev-guide-secrets[Secrets chapter] in the OpenShift documentation for more information.
|
||||
|
||||
The {xpaasproduct-shortname} image requires one or more secrets that hold the two keystores described earlier. This provides the necessary authorization to applications in the project.
|
||||
|
||||
Use the SSL and JGroups keystore files to create secrets for the project:
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc secret new <pass:quotes[_sso-ssl-secret_]> <pass:quotes[_ssl.jks_]>
|
||||
$ oc secret new <pass:quotes[_sso-jgroups-secret_]> <pass:quotes[_jgroups.jceks_]>
|
||||
----
|
||||
|
||||
////
|
||||
==== Creating the Service Account
|
||||
|
||||
Service accounts are API objects that exist within each project and allow users to associate certain secrets and roles with applications in a project namespace. This provides the application with the necessary authorization to run with all required privileges.
|
||||
|
||||
The service account that you create must be configured with the correct permissions to view pods in Kubernetes. This is required in order for clustering with the {xpaasproduct-shortname} image to work. You can view the top of the log files to see whether the correct service account permissions have been configured.
|
||||
|
||||
. Create a service account to be used for the SSO deployment:
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc create serviceaccount <pass:quotes[_service-account-name_]>
|
||||
----
|
||||
. Add the *view* role to the service account. This enables the service account to view all the resources in the application namespace in OpenShift, which is necessary for managing the cluster.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc policy add-role-to-user view system:serviceaccount:<pass:quotes[_project-name_]>:<pass:quotes[_service-account-name_]> -n <pass:quotes[_project-name_]>
|
||||
----
|
||||
. Link the secrets created for the project to the service account:
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc secrets link <pass:quotes[_service-account-name_]> <pass:quotes[_sso-ssl-secret_]> <pass:quotes[_sso-jgroups-secret_]>
|
||||
----
|
||||
////
|
||||
|
||||
[[sso-administrator-setup]]
|
||||
==== Creating Administrator Account for Red Hat Single Sign-On Server
|
||||
|
||||
Red Hat Single Sign-On does not provide any pre-configured management account out of the box. This administrator account is necessary for logging into the `master` realm's management console and perform server maintenance operations such as, creating realms or users, or registering applications intended to be secured by Red Hat Single Sign-On.
|
||||
|
||||
The administrator account can be created:
|
||||
|
||||
* By providing values for the xref:sso-admin-template-parameters[*_SSO_ADMIN_USERNAME_* and *_SSO_ADMIN_PASSWORD_* parameters], when deploying the RH-SSO application template, or
|
||||
* By xref:sso-admin-remote-shell[a remote shell session to particular RH-SSO pod], if the {xpaasproduct-shortname} image is deployed without an application template.
|
||||
|
||||
[NOTE]
|
||||
====
|
||||
Red Hat Single Sign-On allows an initial administrator account creation via the link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.2/html-single/getting_started_guide/#creating_the_admin_account[Welcome Page] web form. But only if the `Welcome Page` is accessed from a localhost, this method of administrator account creation is not applicable for {xpaasproduct-shortname} image.
|
||||
====
|
||||
|
||||
[[sso-admin-template-parameters]]
|
||||
===== Creating RH-SSO Administrator Account via Template Parameters
|
||||
|
||||
When deploying RH-SSO application template, *_SSO_ADMIN_USERNAME_* and *_SSO_ADMIN_PASSWORD_* parameters denote the username and password of the RH-SSO server's administrator account to be created for the `master` realm.
|
||||
|
||||
[NOTE]
|
||||
====
|
||||
*Both of these parameters are required.* If not specified, they are auto generated and displayed as an OpenShift instructional message when the template is instantiated.
|
||||
====
|
||||
|
||||
[IMPORTANT]
|
||||
====
|
||||
The lifespan of the RH-SSO server's administrator account depends upon the the storage type used to store the RH-SSO server's database:
|
||||
|
||||
* For an in-memory database mode (*_sso71-https_* and *_sso72-https_* templates) the account exist throughout the lifecycle of the particular RH-SSO pod (stored account data is lost upon pod destruction),
|
||||
* For an ephemeral database mode (*_sso71-mysql_*, *_sso71-postgresql_*, *_sso72-mysql_*, and *_sso72-postgresql_* templates) the account exist throughout the lifecycle of the database pod (even if RH-SSO pod is destructed, the stored account data is preserved under the assumption that the database pod is still running),
|
||||
* For persistent database mode (*_sso71-mysql-persistent_*, *_sso71-postgresql-persistent_*, *_sso72-mysql-persistent_*, and *_sso72-postgresql-persistent_* templates) the account exists throughout the lifecycle of the persistent medium used to hold the database data. This means that the stored account data is preserved even when both, the RH-SSO and the database pods are destructed.
|
||||
|
||||
It is a common practice to deploy an RH-SSO application template to get the corresponding OpenShift deployment config for the application, and then reuse that deployment config multiple times (every time a new RH-SSO application needs to be instantiated).
|
||||
====
|
||||
|
||||
[WARNING]
|
||||
====
|
||||
In the case of *ephemeral or persistent database mode*, after creating the RH_SSO server's administrator account, remove the *_SSO_ADMIN_USERNAME_* and *_SSO_ADMIN_PASSWORD_* variables from the deployment config before deploying new RH-SSO applications.
|
||||
====
|
||||
|
||||
[IMPORTANT]
|
||||
====
|
||||
Run the following commands to prepare the previously created deployment config of the RH-SSO application for reuse after the administrator account has been created:
|
||||
|
||||
. Identify the deployment config of the RH-SSO application.
|
||||
+
|
||||
----
|
||||
$ oc get dc -o name
|
||||
deploymentconfig/sso
|
||||
deploymentconfig/sso-mysql
|
||||
----
|
||||
. Clear the *_SSO_ADMIN_USERNAME_* and *_SSO_ADMIN_PASSWORD_* variables setting.
|
||||
+
|
||||
----
|
||||
$ oc env dc/sso -e SSO_ADMIN_USERNAME="" SSO_ADMIN_PASSWORD=""
|
||||
----
|
||||
====
|
||||
|
||||
[[sso-admin-remote-shell]]
|
||||
===== Creating RH-SSO Administrator Account via Remote Shell Session to RH-SSO Pod
|
||||
|
||||
Run following commands to create administrator account for the `master` realm of the RH-SSO server, when deploying the {xpaasproduct-shortname} image directly from the image stream (without the xref:../introduction/introduction.adoc#sso-templates[template]), after the RH-SSO application pod has been started:
|
||||
|
||||
. Identify the RH-SSO application pod.
|
||||
+
|
||||
----
|
||||
$ oc get pods
|
||||
NAME READY STATUS RESTARTS AGE
|
||||
sso-12-pt93n 1/1 Running 0 1m
|
||||
sso-mysql-6-d97pf 1/1 Running 0 2m
|
||||
----
|
||||
. Open a remote shell session to {xpaasproduct-shortname} container.
|
||||
+
|
||||
----
|
||||
$ oc rsh sso-12-pt93n
|
||||
sh-4.2$
|
||||
----
|
||||
. Create the RH-SSO server administrator account for the `master` realm at the command line with the `add-user-keycloak.sh` script.
|
||||
+
|
||||
----
|
||||
sh-4.2$ cd /opt/eap/bin/
|
||||
sh-4.2$ ./add-user-keycloak.sh -r master -u sso_admin -p sso_password
|
||||
Added 'sso_admin' to '/opt/eap/standalone/configuration/keycloak-add-user.json', restart server to load user
|
||||
----
|
||||
+
|
||||
[NOTE]
|
||||
====
|
||||
The `sso_admin`/`sso_password` credentials in the example above are for demonstration purposes only. Refer to the password policy applicable within your organization for guidance on how to create a secure user name and password.
|
||||
====
|
||||
. Restart the underlying JBoss EAP server instance to load the newly added user account. Wait for the server to restart properly.
|
||||
+
|
||||
----
|
||||
sh-4.2$ ./jboss-cli.sh --connect ':reload'
|
||||
{
|
||||
"outcome" => "success",
|
||||
"result" => undefined
|
||||
}
|
||||
----
|
||||
+
|
||||
[WARNING]
|
||||
====
|
||||
When restarting the server it is important to restart just the JBoss EAP process within the running RH-SSO container, and not the whole container. Because restarting the whole container recreates it from scratch, without the RH-SSO server administration account for the `master` realm to be created.
|
||||
====
|
||||
. Log into the `master` realm's administration console of the RH-SSO server using the the credentials created in the steps above. In the browser, navigate to *\http://sso-<project-name>.<hostname>/auth/admin* for the RH-SSO web server, or to *\https://secure-sso-<project-name>.<hostname>/auth/admin* for the encrypted RH-SSO web server, and specify user name and password used to create the administrator user.
|
||||
|
||||
==== Using the OpenShift Web Console
|
||||
Log in to the OpenShift web console:
|
||||
|
||||
. Click *Add to project* to list the default image streams and templates.
|
||||
. Use the *Filter by keyword* search bar to limit the list to those that match _sso_. You may need to click *See all* to show the desired application template.
|
||||
. Select an application template and configure the deployment parameters as required.
|
||||
. Click *Create* to deploy the application template.
|
||||
|
||||
These are some of the more common variables to configure an RH-SSO deployment:
|
||||
|
||||
[cols="2*", options="header"]
|
||||
|===
|
||||
|Variable
|
||||
|Description
|
||||
|*_APPLICATION_NAME_*
|
||||
|The name for the RH-SSO application.
|
||||
|
||||
|*_HOSTNAME_HTTPS_*
|
||||
|Custom hostname for https service route. Leave blank for default hostname of _<application-name>.<project>.<default-domain-suffix>_
|
||||
|
||||
|*_HOSTNAME_HTTP_*
|
||||
|Custom hostname for http service route. Leave blank for default hostname of _<application-name>.<project>.<default-domain-suffix>_
|
||||
|
||||
|*_HTTPS_KEYSTORE_*
|
||||
|The name of the keystore file within the secret.
|
||||
|
||||
|*_HTTPS_PASSWORD_*
|
||||
|The password for the keystore and certificate.
|
||||
|
||||
|*_HTTPS_SECRET_*
|
||||
|The name of the secret containing the keystore file.
|
||||
|
||||
|*_JGROUPS_ENCRYPT_KEYSTORE_*
|
||||
|The name of the JGroups keystore file within the secret.
|
||||
|
||||
|*_JGROUPS_ENCRYPT_PASSWORD_*
|
||||
|The password for the JGroups keystore and certificate.
|
||||
|
||||
|*_JGROUPS_ENCRYPT_SECRET_*
|
||||
|The name of the secret containing the JGroups keystore file.
|
||||
|
||||
|*_SSO_ADMIN_USERNAME_*
|
||||
|Username of the administrator account for the `master` realm of the RH-SSO server. *Required.* If no value is specified, it is auto generated and displayed as an OpenShift instructional message when the template is instantiated.
|
||||
|
||||
|*_SSO_ADMIN_PASSWORD_*
|
||||
|Password of the administrator account for the `master` realm of the RH-SSO server. *Required.* If no value is specified, it is auto generated and displayed as an OpenShift instructional message when the template is instantiated.
|
||||
|
||||
|*_SSO_REALM_*
|
||||
|The name of an additional RH-SSO realm to create during deployment.
|
||||
|
||||
|*_SSO_SERVICE_USERNAME_*
|
||||
|RH-SSO service user name to manage the realm.
|
||||
|
||||
|*_SSO_SERVICE_PASSWORD_*
|
||||
|RH-SSO service user password.
|
||||
|===
|
||||
|
||||
See the xref:env_vars[Reference chapter] for a more comprehensive list of the RH-SSO environment variables.
|
||||
See the xref:Example-Deploying-SSO[Example Workflow: Preparing and Deploying the {xpaasproduct-shortname} Image] for an end-to-end example of RH-SSO deployment.
|
||||
|
||||
==== Routes
|
||||
|
||||
The {xpaasproduct-shortname} templates use TLS passthrough termination for routes by default. This means that the destination route receives encrypted traffic without the OpenShift router providing TLS termination. Users do not need the relevant SSL certificate to connect to the RH-SSO login page.
|
||||
|
||||
For more information on OpenShift route types, see the link:https://docs.openshift.com/container-platform/3.7/architecture/networking/routes.html#route-types[Networking chapter] of the OpenShift Architecture Guide.
|
||||
|
||||
==== Deployment Process
|
||||
|
||||
Once deployed, the *_sso71-https_* and *_sso72-https_* templates create a single pod that contains both the database and the RH-SSO servers. The *_sso71-mysql_*, *_sso72-mysql_*, *_sso71-mysql-persistent_*, *_sso72-mysql-persistent_*, *_sso71-postgresql_*, *_sso72-postgresql_*, *_sso71-postgresql-persistent_*, and *_sso72-postgresql-persistent_* templates create two pods, one for the database server and one for the RH-SSO web server.
|
||||
|
||||
After the RH-SSO web server pod has started, it can be accessed at its custom configured hostnames, or at the default hostnames:
|
||||
|
||||
* *\http://sso-_<project-name>_._<hostname>_/auth/admin*: for the RH-SSO web server, and
|
||||
* *\https://secure-sso-_<project-name>_._<hostname>_/auth/admin*: for the encrypted RH-SSO web server.
|
||||
|
||||
Use the xref:../get_started/get_started.adoc#sso-administrator-setup[administrator user credentials] to log in into the `master` realm’s administration console.
|
||||
|
||||
[[SSO-Clients]]
|
||||
==== RH-SSO Clients
|
||||
|
||||
Clients are RH-SSO entities that request user authentication. A client can be an application requesting RH-SSO to provide user authentication, or it can be making requests for access tokens to start services on behalf of an authenticated user. See the link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.2/html/server_administration_guide/clients[Managing Clients chapter of the Red Hat Single Sign-On documentation] for more information.
|
||||
|
||||
RH-SSO provides link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.2/html/server_administration_guide/clients#oidc_clients[OpenID-Connect] and link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.2/html/server_administration_guide/clients#saml_clients[SAML] client protocols. +
|
||||
OpenID-Connect is the preferred protocol and utilizes three different access types:
|
||||
|
||||
- *public*: Useful for JavaScript applications that run directly in the browser and require no server configuration.
|
||||
- *confidential*: Useful for server-side clients, such as EAP web applications, that need to perform a browser login.
|
||||
- *bearer-only*: Useful for back-end services that allow bearer token requests.
|
||||
|
||||
It is required to specify the client type in the *<auth-method>* key of the application *web.xml* file. This file is read by the image at deployment. Set the value of *<auth-method>* element to:
|
||||
|
||||
* *KEYCLOAK* for the OpenID Connect client.
|
||||
* *KEYCLOAK-SAML* for the SAML client.
|
||||
|
||||
The following is an example snippet for the application *web.xml* to configure an OIDC client:
|
||||
|
||||
----
|
||||
...
|
||||
<login-config>
|
||||
<auth-method>KEYCLOAK</auth-method>
|
||||
</login-config>
|
||||
...
|
||||
----
|
||||
|
||||
[[Auto-Man-Client-Reg]]
|
||||
==== Automatic and Manual RH-SSO Client Registration Methods
|
||||
A client application can be automatically registered to an RH-SSO realm by using credentials passed in variables specific to the *_eap64-sso-s2i_*, *_eap70-sso-s2i_*, *_eap71-sso-s2i_*, and *_datavirt63-secure-s2i_* templates.
|
||||
|
||||
Alternatively, you can manually register the client application by configuring and exporting the RH-SSO client adapter and including it in the client application configuration.
|
||||
|
||||
==== Automatic RH-SSO Client Registration
|
||||
|
||||
Automatic RH-SSO client registration is determined by RH-SSO environment variables specific to the *_eap64-sso-s2i_*, *_eap70-sso-s2i_*, *_eap71-sso-s2i_*, and *_datavirt63-secure-s2i_* templates. The RH-SSO credentials supplied in the template are then used to register the client to the RH-SSO realm during deployment of the client application.
|
||||
|
||||
The RH-SSO environment variables included in the *_eap64-sso-s2i_*, *_eap70-sso-s2i_*, *_eap71-sso-s2i_*, and *_datavirt63-secure-s2i_* templates are:
|
||||
|
||||
[cols="2*", options="header"]
|
||||
|===
|
||||
|Variable
|
||||
|Description
|
||||
|*_HOSTNAME_HTTP_*
|
||||
|Custom hostname for http service route. Leave blank for default hostname of <application-name>.<project>.<default-domain-suffix>
|
||||
|
||||
|*_HOSTNAME_HTTPS_*
|
||||
|Custom hostname for https service route. Leave blank for default hostname of <application-name>.<project>.<default-domain-suffix>
|
||||
|
||||
|*_SSO_URL_*
|
||||
|The RH-SSO web server authentication address: $$https://secure-sso-$$_<project-name>_._<hostname>_/auth
|
||||
|
||||
|*_SSO_REALM_*
|
||||
|The RH-SSO realm created for this procedure.
|
||||
|
||||
|*_SSO_USERNAME_*
|
||||
|The name of the _realm management user_.
|
||||
|
||||
|*_SSO_PASSWORD_*
|
||||
| The password of the user.
|
||||
|
||||
|*_SSO_PUBLIC_KEY_*
|
||||
|The public key generated by the realm. It is located in the *Keys* tab of the *Realm Settings* in the RH-SSO console.
|
||||
|
||||
|*_SSO_BEARER_ONLY_*
|
||||
|If set to *true*, the OpenID Connect client is registered as bearer-only.
|
||||
|
||||
|*_SSO_ENABLE_CORS_*
|
||||
|If set to *true*, the RH-SSO adapter enables Cross-Origin Resource Sharing (CORS).
|
||||
|===
|
||||
|
||||
If the RH-SSO client uses the SAML protocol, the following additional variables need to be configured:
|
||||
|
||||
[cols="2*", options="header"]
|
||||
|===
|
||||
|Variable
|
||||
|Description
|
||||
|*_SSO_SAML_KEYSTORE_SECRET_*
|
||||
|Secret to use for access to SAML keystore. The default is _sso-app-secret_.
|
||||
|
||||
|*_SSO_SAML_KEYSTORE_*
|
||||
|Keystore filename in the SAML keystore secret. The default is _keystore.jks_.
|
||||
|
||||
|*_SSO_SAML_KEYSTORE_PASSWORD_*
|
||||
|Keystore password for SAML. The default is _mykeystorepass_.
|
||||
|
||||
|*_SSO_SAML_CERTIFICATE_NAME_*
|
||||
|Alias for keys/certificate to use for SAML. The default is _jboss_.
|
||||
|===
|
||||
|
||||
See xref:Example-EAP-Auto[Example Workflow: Automatically Registering EAP Application in RH-SSO with OpenID-Connect Client] for an end-to-end example of the automatic client registration method using an OpenID-Connect client.
|
||||
|
||||
==== Manual RH-SSO Client Registration
|
||||
|
||||
Manual RH-SSO client registration is determined by the presence of a deployment file in the client application's _../configuration/_ directory. These files are exported from the client adapter in the RH-SSO web console. The name of this file is different for OpenID-Connect and SAML clients:
|
||||
|
||||
[horizontal]
|
||||
*OpenID-Connect*:: _../configuration/secure-deployments_
|
||||
*SAML*:: _../configuration/secure-saml-deployments_
|
||||
|
||||
These files are copied to the RH-SSO adapter configuration section in the _standalone-openshift.xml_ at when the application is deployed.
|
||||
|
||||
There are two methods for passing the RH-SSO adapter configuration to the client application:
|
||||
|
||||
* Modify the deployment file to contain the RH-SSO adapter configuration so that it is included in the _standalone-openshift.xml_ file at deployment, or
|
||||
* Manually include the OpenID-Connect _keycloak.json_ file, or the SAML _keycloak-saml.xml_ file in the client application's *../WEB-INF* directory.
|
||||
|
||||
See xref:Example-EAP-Manual[Example Workflow: Manually Configure an Application to Use RH-SSO Authentication, Using SAML Client] for an end-to-end example of the manual RH-SSO client registration method using a SAML client.
|
||||
|
||||
==== Limitations
|
||||
OpenShift does not currently accept OpenShift role mapping from external providers. If RH-SSO is used as an authentication gateway for OpenShift, users created in RH-SSO must have the roles added using the OpenShift Administrator `oadm policy` command.
|
||||
|
||||
For example, to allow an RH-SSO-created user to view a project namespace in OpenShift:
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
oadm policy add-role-to-user view <pass:quotes[_user-name_]> -n <pass:quotes[_project-name_]>
|
||||
----
|
||||
|
||||
=== Binary Builds
|
||||
|
||||
To deploy existing applications on OpenShift, you can use the link:https://docs.openshift.com/container-platform/latest/dev_guide/builds/build_inputs.html#binary-source[binary source] capability.
|
||||
|
||||
==== Deploy Binary Build of EAP 6.4 / 7.0 JSP Service Invocation Application that Authenticates Using Red Hat Single Sign-On
|
||||
|
||||
The following example uses both link:https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-jee-jsp[app-jee-jsp] and link:https://github.com/keycloak/keycloak-quickstarts/tree/latest/service-jee-jaxrs[service-jee-jaxrs] quickstarts to deploy EAP 6.4 / 7.0 JSP service application that authenticates using the Red Hat Single Sign-On.
|
||||
|
||||
*Prerequisite:*
|
||||
|
||||
[IMPORTANT]
|
||||
====
|
||||
This guide assumes the {xpaasproduct-shortname} image has been previously link:https://access.redhat.com/documentation/en-us/red_hat_jboss_middleware_for_openshift/3/html-single/red_hat_jboss_sso_for_openshift/#Example-Deploying-SSO[deployed using one of the following templates:]
|
||||
|
||||
* *_sso71-mysql_*
|
||||
* *_sso72-mysql_*
|
||||
* *_sso71-postgresql_*
|
||||
* *_sso72-postgresql_*
|
||||
* *_sso71-mysql-persistent_*
|
||||
* *_sso72-mysql-persistent_*
|
||||
* *_sso71-postgresql-persistent_*
|
||||
* *_sso72-postgresql-persistent_*
|
||||
====
|
||||
|
||||
===== Create RH-SSO Realm, Roles, and User for the EAP 6.4 / 7.0 JSP Application
|
||||
|
||||
The EAP 6.4 / 7.0 JSP service application requires dedicated RH-SSO realm, username, and password to be able to authenticate using Red Hat Single Sign-On. Perform the following steps after the {xpaasproduct-shortname} image has been deployed:
|
||||
|
||||
*Create the RH-SSO Realm*
|
||||
|
||||
. Login to the administration console of the RH-SSO server.
|
||||
+
|
||||
*\https://secure-sso-sso-app-demo.openshift.example.com/auth/admin*
|
||||
+
|
||||
Use the xref:sso_server.adoc#sso-administrator-setup[credentials of the RH-SSO administrator user].
|
||||
. Hover your cursor over the realm namespace (default is *Master*) at the top of the sidebar and click *Add Realm*.
|
||||
. Enter a realm name (this example uses `demo`) and click *Create*.
|
||||
|
||||
[[copy-rsa-public-key]]
|
||||
*Copy the Public Key*
|
||||
|
||||
In the newly created `demo` realm, click the *Keys* tab and copy the public key that has been generated.
|
||||
|
||||
[NOTE]
|
||||
====
|
||||
RH-SSO 7.1 and RH-SSO 7.2 images generate two keys by default:
|
||||
|
||||
* RSA key, and
|
||||
* HMAC key
|
||||
|
||||
To copy the public key information for the RH-SSO 7.1 or RH-SSO 7.2 image, click the *Public key* button of the *RSA* row of the keys table. Then select and copy the content of the pop-up window that appears.
|
||||
====
|
||||
|
||||
The information about the public key is necessary xref:sso-public-key-details[later to deploy] the RH-SSO-enabled EAP 6.4 / 7.0 JSP application.
|
||||
|
||||
*Create RH-SSO Roles*
|
||||
|
||||
[NOTE]
|
||||
====
|
||||
The link:https://github.com/keycloak/keycloak-quickstarts/tree/latest/service-jee-jaxrs[service-jee-jaxrs] quickstart exposes three endpoints by the service:
|
||||
|
||||
* `public` - Requires no authentication.
|
||||
* `secured` - Can be invoked by users with the `user` role.
|
||||
* `admin` - Can be invoked by users with the `admin` role.
|
||||
====
|
||||
|
||||
Create `user` and `admin` roles in RH-SSO. These roles will be assigned to an RH-SSO application user to authenticate access to user applications.
|
||||
|
||||
. Click *Roles* in the *Configure* sidebar to list the roles for this realm.
|
||||
+
|
||||
[NOTE]
|
||||
====
|
||||
This is a new realm, so there should only be the default roles:
|
||||
|
||||
* `offline_access` and `uma_authorization` role for the RH-SSO 7.1 and RH-SSO 7.2 images.
|
||||
====
|
||||
. Click *Add Role*.
|
||||
. Enter the role name (`user`) and click *Save*.
|
||||
|
||||
Repeat these steps for the `admin` role.
|
||||
|
||||
*Create the RH-SSO Realm Management User*
|
||||
|
||||
. Click *Users* in the *Manage* sidebar to view the user information for the realm.
|
||||
. Click *Add User.*
|
||||
. Enter a valid *Username* (this example uses the user `appuser`) and click *Save*.
|
||||
. Edit the user configuration:
|
||||
.. Click the *Credentials* tab in the user space and enter a password for the user (this example uses the password `apppassword`).
|
||||
.. Ensure the *Temporary Password* option is set to *Off* so that it does not prompt for a password change later on, and click *Reset Password* to set the user password. A pop-up window prompts for additional confirmation.
|
||||
|
||||
===== Assign `user` RH-SSO Role to the Realm Management User
|
||||
|
||||
Perform the following steps to tie the previously created `appuser` with the `user` RH-SSO role:
|
||||
|
||||
. Click *Role Mappings* to list the realm and client role configuration. In *Available Roles*, select the `user` role created earlier, and click *Add selected>*.
|
||||
. Click *Client Roles*, select *realm-management* entry from the list, select each record in the *Available Roles* list.
|
||||
+
|
||||
[NOTE]
|
||||
====
|
||||
You can select multiple items at once by holding the *Ctrl* key and simultaneously clicking the first `impersonation` entry. While keeping the *Ctrl* key and the left mouse button pressed, move to the end of the list to the `view-clients` entry and ensure each record is selected.
|
||||
====
|
||||
. Click *Add selected>* to assign the roles to the client.
|
||||
|
||||
===== Prepare RH-SSO Authentication for OpenShift Deployment of the EAP 6.4 / 7.0 JSP Application
|
||||
|
||||
. Create a new project for the EAP 6.4 / 7.0 JSP application.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc new-project eap-app-demo
|
||||
----
|
||||
. Add the `view` role to the link:https://docs.openshift.com/container-platform/latest/dev_guide/service_accounts.html#default-service-accounts-and-roles[`default`] service account. This enables the service account to view all the resources in the `eap-app-demo` namespace, which is necessary for managing the cluster.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc policy add-role-to-user view system:serviceaccount:$(oc project -q):default
|
||||
----
|
||||
. The EAP template requires an link:https://access.redhat.com/documentation/en-us/red_hat_jboss_middleware_for_openshift/3/html-single/red_hat_jboss_sso_for_openshift/#Configuring-Keystores[SSL keystore and a JGroups keystore]. This example uses `keytool`, a package included with the Java Development Kit, to generate self-signed certificates for these keystores.
|
||||
.. Generate a secure key for the SSL keystore (this example uses `password` as password for the keystore).
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ keytool -genkeypair \
|
||||
-dname "CN=secure-eap-app-eap-app-demo.openshift.example.com" \
|
||||
-alias https \
|
||||
-storetype JKS \
|
||||
-keystore eapkeystore.jks
|
||||
----
|
||||
.. Generate a secure key for the JGroups keystore (this example uses `password` as password for the keystore).
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ keytool -genseckey \
|
||||
-alias jgroups \
|
||||
-storetype JCEKS \
|
||||
-keystore eapjgroups.jceks
|
||||
----
|
||||
.. Generate the EAP 6.4 / 7.0 for OpenShift secrets with the SSL and JGroup keystore files.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc secret new eap-ssl-secret eapkeystore.jks
|
||||
----
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc secret new eap-jgroup-secret eapjgroups.jceks
|
||||
----
|
||||
.. Add the EAP application secret to the link:https://docs.openshift.com/container-platform/latest/dev_guide/service_accounts.html#default-service-accounts-and-roles[`default`] service account.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc secrets link default eap-ssl-secret eap-jgroup-secret
|
||||
----
|
||||
|
||||
===== Deploy Binary Build of the EAP 6.4 / 7.0 JSP Application
|
||||
|
||||
. Clone the source code.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ git clone https://github.com/keycloak/keycloak-quickstarts.git
|
||||
----
|
||||
. link:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/development_guide/#use_the_maven_repository[Configure] the link:https://access.redhat.com/maven-repository[Red Hat JBoss Middleware Maven repository].
|
||||
. Build both the link:https://github.com/keycloak/keycloak-quickstarts/tree/latest/service-jee-jaxrs[service-jee-jaxrs] and link:https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-jee-jsp[app-jee-jsp] applications.
|
||||
.. Build the `service-jee-jaxrs` application.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ cd keycloak-quickstarts/service-jee-jaxrs/
|
||||
----
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ mvn clean package -DskipTests
|
||||
[INFO] Scanning for projects...
|
||||
[INFO]
|
||||
[INFO] ------------------------------------------------------------------------
|
||||
[INFO] Building Keycloak Quickstart: service-jee-jaxrs 3.1.0.Final
|
||||
[INFO] ------------------------------------------------------------------------
|
||||
...
|
||||
[INFO] ------------------------------------------------------------------------
|
||||
[INFO] BUILD SUCCESS
|
||||
[INFO] ------------------------------------------------------------------------
|
||||
[INFO] Total time: 2.153 s
|
||||
[INFO] Finished at: 2017-06-26T12:06:12+02:00
|
||||
[INFO] Final Memory: 25M/241M
|
||||
[INFO] ------------------------------------------------------------------------
|
||||
----
|
||||
.. *Comment out* the `app-jee-jsp/config/keycloak.json` requirement of the `maven-enforcer-plugin` plugin and build the `app-jee-jsp` application.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
+
|
||||
----
|
||||
service-jee-jaxrs]$ cd ../app-jee-jsp/
|
||||
----
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
app-jee-jsp]$ sed -i /\<executions\>/s/^/\<\!--/ pom.xml
|
||||
----
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
app-jee-jsp]$ sed -i '/\(<\/executions>\)/a\-->' pom.xml
|
||||
----
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
app-jee-jsp]$ mvn clean package -DskipTests
|
||||
[INFO] Scanning for projects...
|
||||
[INFO]
|
||||
[INFO] ------------------------------------------------------------------------
|
||||
[INFO] Building Keycloak Quickstart: app-jee-jsp 3.1.0.Final
|
||||
[INFO] ------------------------------------------------------------------------
|
||||
...
|
||||
[INFO] Building war: /tmp/github/keycloak-quickstarts/app-jee-jsp/target/app-jsp.war
|
||||
[INFO] ------------------------------------------------------------------------
|
||||
[INFO] BUILD SUCCESS
|
||||
[INFO] ------------------------------------------------------------------------
|
||||
[INFO] Total time: 3.018 s
|
||||
[INFO] Finished at: 2017-06-26T12:22:25+02:00
|
||||
[INFO] Final Memory: 35M/310M
|
||||
[INFO] ------------------------------------------------------------------------
|
||||
----
|
||||
+
|
||||
[IMPORTANT]
|
||||
====
|
||||
The link:https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-jee-jsp[app-jee-jsp] quickstart requires to configure the adapter, and adapter configuration file (`keycloak.json`) to be present at the `config/` directory in the root of the quickstart to successfully build the quickstart. But since this example configures the adapter later via selected environment variables available for the EAP 6.4 / 7.0 for OpenShift image, it is not necessary to specify the form of `keycloak.json` adapter configuration file at this moment.
|
||||
====
|
||||
|
||||
[[directory-structure-binary-builds]]
|
||||
[start=4]
|
||||
. Prepare the directory structure on the local file system.
|
||||
+
|
||||
Application archives in the *deployments/* subdirectory of the main binary build directory are copied directly to the xref:standard-deployments-directory[standard deployments directory] of the image being built on OpenShift. For the application to deploy, the directory hierarchy containing the web application data must be correctly structured.
|
||||
+
|
||||
Create main directory for the binary build on the local file system and *deployments/* subdirectory within it. Copy the previously built WAR archives of both the *service-jee-jaxrs* and *app-jee-jsp* quickstarts to the *deployments/* subdirectory:
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
app-jee-jsp]$ ls
|
||||
config pom.xml README.md src target
|
||||
----
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
app-jee-jsp]$ mkdir -p sso-eap7-bin-demo/deployments
|
||||
----
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
app-jee-jsp]$ cp target/app-jsp.war sso-eap7-bin-demo/deployments/
|
||||
----
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
app-jee-jsp]$ cp ../service-jee-jaxrs/target/service.war sso-eap7-bin-demo/deployments/
|
||||
----
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
app-jee-jsp]$ tree sso-eap7-bin-demo/
|
||||
sso-eap7-bin-demo/
|
||||
|__ deployments
|
||||
|__ app-jsp.war
|
||||
|__ service.war
|
||||
|
||||
1 directory, 2 files
|
||||
|
||||
----
|
||||
+
|
||||
[[standard-deployments-directory]]
|
||||
[NOTE]
|
||||
====
|
||||
Location of the standard deployments directory depends on the underlying base image, that was used to deploy the application. See the following table:
|
||||
|
||||
.Standard Location of the Deployments Directory
|
||||
[cols="2", options="header"]
|
||||
|===
|
||||
| Name of the Underlying Base Image(s) | Standard Location of the Deployments Directory
|
||||
|
||||
| EAP for OpenShift 6.4 and 7.0 | *_$JBOSS_HOME/standalone/deployments_*
|
||||
|
||||
| Java S2I for OpenShift | *_/deployments_*
|
||||
|
||||
| JWS for OpenShift | *_$JWS_HOME/webapps_*
|
||||
|
||||
|===
|
||||
====
|
||||
. Identify the image stream for EAP 6.4 / 7.0 image.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc get is -n openshift | grep eap | cut -d ' ' -f 1
|
||||
jboss-eap64-openshift
|
||||
jboss-eap70-openshift
|
||||
jboss-eap71-openshift
|
||||
----
|
||||
|
||||
[[eap-new-binary-build]]
|
||||
[start=6]
|
||||
. Create new binary build, specifying image stream and application name.
|
||||
+
|
||||
[NOTE]
|
||||
====
|
||||
Replace `--image-stream=jboss-eap70-openshift` parameter with the `--image-stream=jboss-eap64-openshift` one in the following oc command to deploy the JSP application on top of JBoss EAP 6.4 for OpenShift image.
|
||||
====
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc new-build --binary=true \
|
||||
--image-stream=jboss-eap70-openshift \
|
||||
--name=eap-app
|
||||
--> Found image 31895a4 (3 months old) in image stream "openshift/jboss-eap70-openshift" under tag "latest" for "jboss-eap70-openshift"
|
||||
|
||||
JBoss EAP 7.0
|
||||
-------------
|
||||
Platform for building and running JavaEE applications on JBoss EAP 7.0
|
||||
|
||||
Tags: builder, javaee, eap, eap7
|
||||
|
||||
* A source build using binary input will be created
|
||||
* The resulting image will be pushed to image stream "eap-app:latest"
|
||||
* A binary build was created, use 'start-build --from-dir' to trigger a new build
|
||||
|
||||
--> Creating resources with label build=eap-app ...
|
||||
imagestream "eap-app" created
|
||||
buildconfig "eap-app" created
|
||||
--> Success
|
||||
----
|
||||
. Start the binary build. Instruct `oc` executable to use main directory of the binary build we created xref:directory-structure-binary-builds[in previous step] as the directory containing binary input for the OpenShift build. In the working directory of *app-jee-jsp* issue the following command.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
app-jee-jsp]$ oc start-build eap-app \
|
||||
--from-dir=./sso-eap7-bin-demo/ \
|
||||
--follow
|
||||
Uploading directory "sso-eap7-bin-demo" as binary input for the build ...
|
||||
build "eap-app-1" started
|
||||
Receiving source from STDIN as archive ...
|
||||
Copying all war artifacts from /home/jboss/source/. directory into /opt/eap/standalone/deployments for later deployment...
|
||||
Copying all ear artifacts from /home/jboss/source/. directory into /opt/eap/standalone/deployments for later deployment...
|
||||
Copying all rar artifacts from /home/jboss/source/. directory into /opt/eap/standalone/deployments for later deployment...
|
||||
Copying all jar artifacts from /home/jboss/source/. directory into /opt/eap/standalone/deployments for later deployment...
|
||||
Copying all war artifacts from /home/jboss/source/deployments directory into /opt/eap/standalone/deployments for later deployment...
|
||||
'/home/jboss/source/deployments/app-jsp.war' -> '/opt/eap/standalone/deployments/app-jsp.war'
|
||||
'/home/jboss/source/deployments/service.war' -> '/opt/eap/standalone/deployments/service.war'
|
||||
Copying all ear artifacts from /home/jboss/source/deployments directory into /opt/eap/standalone/deployments for later deployment...
|
||||
Copying all rar artifacts from /home/jboss/source/deployments directory into /opt/eap/standalone/deployments for later deployment...
|
||||
Copying all jar artifacts from /home/jboss/source/deployments directory into /opt/eap/standalone/deployments for later deployment...
|
||||
Pushing image 172.30.82.129:5000/eap-app-demo/eap-app:latest ...
|
||||
Pushed 6/7 layers, 86% complete
|
||||
Pushed 7/7 layers, 100% complete
|
||||
Push successful
|
||||
----
|
||||
. Create a new OpenShift application based on the build.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc new-app eap-app
|
||||
--> Found image 6b13d36 (2 minutes old) in image stream "eap-app-demo/eap-app" under tag "latest" for "eap-app"
|
||||
|
||||
eap-app-demo/eap-app-1:aa2574d9
|
||||
-------------------------------
|
||||
Platform for building and running JavaEE applications on JBoss EAP 7.0
|
||||
|
||||
Tags: builder, javaee, eap, eap7
|
||||
|
||||
* This image will be deployed in deployment config "eap-app"
|
||||
* Ports 8080/tcp, 8443/tcp, 8778/tcp will be load balanced by service "eap-app"
|
||||
* Other containers can access this service through the hostname "eap-app"
|
||||
|
||||
--> Creating resources ...
|
||||
deploymentconfig "eap-app" created
|
||||
service "eap-app" created
|
||||
--> Success
|
||||
Run 'oc status' to view your app.
|
||||
----
|
||||
. Stop all running containers of the EAP 6.4 / 7.0 JSP application in the current namespace.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc get dc -o name
|
||||
deploymentconfig/eap-app
|
||||
----
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc scale dc/eap-app --replicas=0
|
||||
deploymentconfig "eap-app" scaled
|
||||
----
|
||||
. Further configure the EAP 6.4 / 7.0 JSP application prior the deployment.
|
||||
[[sso-public-key-details]]
|
||||
.. Configure the application with proper details about the RH-SSO server instance.
|
||||
+
|
||||
[WARNING]
|
||||
====
|
||||
Ensure to replace the value of *_SSO_PUBLIC_KEY_* variable below with the actual content of the RSA public key for the `demo` realm, that has been xref:copy-rsa-public-key[copied].
|
||||
====
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc set env dc/eap-app \
|
||||
-e HOSTNAME_HTTP="eap-app-eap-app-demo.openshift.example.com" \
|
||||
-e HOSTNAME_HTTPS="secure-eap-app-eap-app-demo.openshift.example.com" \
|
||||
-e SSO_DISABLE_SSL_CERTIFICATE_VALIDATION="true" \
|
||||
-e SSO_USERNAME="appuser" \
|
||||
-e SSO_PASSWORD="apppassword" \
|
||||
-e SSO_REALM="demo" \
|
||||
-e SSO_URL="https://secure-sso-sso-app-demo.openshift.example.com/auth" \
|
||||
-e SSO_PUBLIC_KEY="MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdhXyKx97oIoO6HwnV/MiX2EHO55Sn+ydsPzbjJevI5F31UvUco9uA8dGl6oM8HrnaWWv+i8PvmlaRMhhl6Xs68vJTEc6d0soP+6A+aExw0coNRp2PDwvzsXVWPvPQg3+iytStxu3Icndx+gC0ZYnxoRqL7rY7zKcQBScGEr78Nw6vZDwfe6d/PQ6W4xVErNytX9KyLFVAE1VvhXALyqEM/EqYGLmpjw5bMGVKRXnhmVo9E88CkFDH8E+aPiApb/gFul1GJOv+G8ySLoR1c8Y3L29F7C81odkVBp2yMm3RVFIGSPTjHqjO/nOtqYIfY4Wyw9mRIoY5SyW7044dZXRwIDAQAB" \
|
||||
-e SSO_SECRET="0bb8c399-2501-4fcd-a183-68ac5132868d"
|
||||
deploymentconfig "eap-app" updated
|
||||
----
|
||||
.. Configure the application with details about both the SSL and JGroups keystore.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc set env dc/eap-app \
|
||||
-e HTTPS_KEYSTORE_DIR="/etc/eap-secret-volume" \
|
||||
-e HTTPS_KEYSTORE="eapkeystore.jks" \
|
||||
-e HTTPS_PASSWORD="password" \
|
||||
-e JGROUPS_ENCRYPT_SECRET="eap-jgroup-secret" \
|
||||
-e JGROUPS_ENCRYPT_KEYSTORE_DIR="/etc/jgroups-encrypt-secret-volume" \
|
||||
-e JGROUPS_ENCRYPT_KEYSTORE="eapjgroups.jceks" \
|
||||
-e JGROUPS_ENCRYPT_PASSWORD="password"
|
||||
deploymentconfig "eap-app" updated
|
||||
----
|
||||
.. Define OpenShift volumes for both the SSL and JGroups secrets created earlier.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc volume dc/eap-app --add \
|
||||
--name="eap-keystore-volume" \
|
||||
--type=secret \
|
||||
--secret-name="eap-ssl-secret" \
|
||||
--mount-path="/etc/eap-secret-volume"
|
||||
deploymentconfig "eap-app" updated
|
||||
----
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc volume dc/eap-app --add \
|
||||
--name="eap-jgroups-keystore-volume" \
|
||||
--type=secret \
|
||||
--secret-name="eap-jgroup-secret" \
|
||||
--mount-path="/etc/jgroups-encrypt-secret-volume"
|
||||
deploymentconfig "eap-app" updated
|
||||
----
|
||||
.. Configure the deployment config of the application to run application pods under the `default` OpenShift service account (default setting).
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc patch dc/eap-app --type=json \
|
||||
-p '[{"op": "add", "path": "/spec/template/spec/serviceAccountName", "value": "default"}]'
|
||||
"eap-app" patched
|
||||
----
|
||||
. Deploy container of the EAP 6.4 / 7.0 JSP application using the modified deployment config.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc scale dc/eap-app --replicas=1
|
||||
deploymentconfig "eap-app" scaled
|
||||
----
|
||||
. Expose the service as route.
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc get svc -o name
|
||||
service/eap-app
|
||||
----
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc get route
|
||||
No resources found.
|
||||
----
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc expose svc/eap-app
|
||||
route "eap-app" exposed
|
||||
----
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
$ oc get route
|
||||
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
|
||||
eap-app eap-app-eap-app-demo.openshift.example.com eap-app 8080-tcp None
|
||||
----
|
||||
|
||||
===== Access the Application
|
||||
|
||||
Access the application in your browser using the URL *\http://eap-app-eap-app-demo.openshift.example.com/app-jsp*. You should see output like on the following image:
|
||||
|
||||
[.text-center]
|
||||
image:../images/sso_app_jee_jsp.svg[RH-SSO Example JSP Application]
|
||||
|
||||
Perform the following to test the application:
|
||||
|
||||
* Click the *INVOKE PUBLIC* button to access the `public` endpoint that doesn't require authentication.
|
||||
+
|
||||
You should see the *Message: public* output.
|
||||
* Click the *LOGIN* button to be redirected for user authentication to the RH-SSO server instance against the `demo` realm.
|
||||
+
|
||||
Specify username and password of the RH-SSO user configured earlier (`appuser` / `apppassword`). Click *Log in*. The look of the application changes as detailed in the following image:
|
||||
+
|
||||
[.text-center]
|
||||
image:../images/sso_app_jee_jsp_logged_in.svg[RH-SSO Example JSP Application - After User Log-in]
|
||||
|
||||
* Click the *INVOKE SECURED* button to access the `secured` endpoint.
|
||||
+
|
||||
You should see the *Message: secured* output.
|
||||
* Click the *INVOKE ADMIN* button to access the `admin` endpoint.
|
||||
+
|
||||
You should see *403 Forbidden* output.
|
||||
+
|
||||
[NOTE]
|
||||
====
|
||||
The `admin` endpoint requires users with `admin` RH-SSO role to invoke properly. Access for the `appuser` is forbidden because they only have `user` role privilege, which allows them to access the `secured` endpoint.
|
||||
====
|
||||
+
|
||||
Perform the following steps to add the `appuser` to the `admin` RH-SSO role:
|
||||
+
|
||||
. Access the administration console of the RH-SSO server's instance.
|
||||
+
|
||||
*\https://secure-sso-sso-app-demo.openshift.example.com/auth/admin*.
|
||||
+
|
||||
Use the xref:sso_server.adoc#sso-administrator-setup[credentials of the RH-SSO administrator user].
|
||||
. Click *Users* in the *Manage* sidebar to view the user information for the `demo` realm.
|
||||
. Click *View all users* button.
|
||||
. Click the ID link for the *appuser* or alternatively click the *Edit* button in the *Actions* column.
|
||||
. Click the *Role Mappings* tab.
|
||||
. Select `admin` entry from the *Available Roles* list in the *Realm Roles* row.
|
||||
. Click *Add selected>* button to add the `admin` role to the user.
|
||||
. Return to EAP 6.4 / 7.0 JSP service application.
|
||||
+
|
||||
*\http://eap-app-eap-app-demo.openshift.example.com/app-jsp*.
|
||||
. Click the *LOGOUT* button to reload role mappings for the `appuser`.
|
||||
. Click the *LOGIN* button again and provider `appuser` credentials.
|
||||
. Click the *INVOKE ADMIN* button again.
|
||||
+
|
||||
You should see the *Message: admin* output already.
|
32
openshift/content/introduction/introduction.adoc
Normal file
32
openshift/content/introduction/introduction.adoc
Normal file
|
@ -0,0 +1,32 @@
|
|||
=== What Is Red Hat Single Sign-On?
|
||||
Red Hat Single Sign-On (RH-SSO) is an integrated sign-on solution available as a Red Hat JBoss Middleware for OpenShift containerized image. The {xpaasproduct} image provides an authentication server for users to centrally log in, log out, register, and manage user accounts for web applications, mobile applications, and RESTful web services.
|
||||
|
||||
[[sso-templates]]
|
||||
Red Hat offers multiple OpenShift application templates utilizing the {xpaasproduct-shortname} image.
|
||||
|
||||
For RH-SSO 7.2:
|
||||
|
||||
* *_sso72-https_*: RH-SSO 7.2 backed by internal H2 database on the same pod.
|
||||
* *_sso72-mysql_*: RH-SSO 7.2 backed by ephemeral MySQL database on a separate pod.
|
||||
* *_sso72-mysql-persistent_*: RH-SSO 7.2 backed by persistent MySQL database on a separate pod.
|
||||
* *_sso72-postgresql_*: RH-SSO 7.2 backed by ephemeral PostgreSQL database on a separate pod.
|
||||
* *_sso72-postgresql-persistent_*: RH-SSO 7.2 backed by persistent PostgreSQL database on a separate pod.
|
||||
|
||||
For RH-SSO 7.1:
|
||||
|
||||
* *_sso71-https_*: RH-SSO 7.1 backed by internal H2 database on the same pod.
|
||||
* *_sso71-mysql_*: RH-SSO 7.1 backed by ephemeral MySQL database on a separate pod.
|
||||
* *_sso71-mysql-persistent_*: RH-SSO 7.1 backed by persistent MySQL database on a separate pod.
|
||||
* *_sso71-postgresql_*: RH-SSO 7.1 backed by ephemeral PostgreSQL database on a separate pod.
|
||||
* *_sso71-postgresql-persistent_*: RH-SSO 7.1 backed by persistent PostgreSQL database on a separate pod.
|
||||
|
||||
Other templates that integrate with RH-SSO are also available:
|
||||
|
||||
* *_eap64-sso-s2i_*: RH-SSO-enabled Red Hat JBoss Enterprise Application Platform 6.4.
|
||||
* *_eap70-sso-s2i_*: RH-SSO-enabled Red Hat JBoss Enterprise Application Platform 7.0.
|
||||
* *_eap71-sso-s2i_*: RH-SSO enabled Red Hat JBoss Enterprise Application Platform 7.1.
|
||||
* *_datavirt63-secure-s2i_*: RH-SSO-enabled Red Hat JBoss Data Virtualization 6.3.
|
||||
|
||||
These templates contain environment variables specific to RH-SSO that enable automatic RH-SSO client registration when deployed.
|
||||
|
||||
See xref:Auto-Man-Client-Reg[Automatic and Manual RH-SSO Client Registration Methods] for more information.
|
631
openshift/content/reference/reference.adoc
Normal file
631
openshift/content/reference/reference.adoc
Normal file
|
@ -0,0 +1,631 @@
|
|||
[[sso-artifact-repository-mirrors-section]]
|
||||
=== Artifact Repository Mirrors
|
||||
|
||||
// Define required 'bcname' attribute for maven_mirror_url.adoc page
|
||||
:bcname: sso
|
||||
|
||||
// Include the Artifact Repository Mirros section
|
||||
// (MAVEN_MIRROR_URL variable usage information)
|
||||
include::../../common/maven_mirror_url.adoc[bcname]
|
||||
|
||||
[[env_vars]]
|
||||
=== Environment Variables
|
||||
|
||||
==== Information Environment Variables
|
||||
The following information environment variables are designed to convey
|
||||
information about the image and should not be modified by the user:
|
||||
|
||||
.Information Environment Variables
|
||||
[cols="3",options="header"]
|
||||
|===
|
||||
|Variable Name |Description |Example Value
|
||||
|*_AB_JOLOKIA_AUTH_OPENSHIFT_*
|
||||
|-
|
||||
|*_true_*
|
||||
|
||||
|*_AB_JOLOKIA_HTTPS_*
|
||||
|-
|
||||
|*_true_*
|
||||
|
||||
|*_AB_JOLOKIA_PASSWORD_RANDOM_*
|
||||
|-
|
||||
|*_true_*
|
||||
|
||||
|*_JBOSS_IMAGE_NAME_*
|
||||
|Image name, same as Name label.
|
||||
|*_redhat-sso-7/sso71-openshift_* or *_redhat-sso-7/sso72-openshift_*
|
||||
|
||||
|*_JBOSS_IMAGE_RELEASE_*
|
||||
|Image release, same as Release label.
|
||||
|*_dev_*
|
||||
|
||||
|*_JBOSS_IMAGE_VERSION_*
|
||||
|Image version, same as Version label.
|
||||
|*_1.0_*
|
||||
|
||||
|*_JBOSS_MODULES_SYSTEM_PKGS_*
|
||||
|-
|
||||
|*_org.jboss.logmanager,jdk.nashorn.api_*
|
||||
|
||||
|*_STI_BUILDER_*
|
||||
|Provides OpenShift S2I support for jee project types.
|
||||
|*_jee_*
|
||||
|
||||
|===
|
||||
|
||||
==== Configuration Environment Variables
|
||||
Configuration environment variables are designed to conveniently adjust the
|
||||
image without requiring a rebuild, and should be set by the user as desired.
|
||||
|
||||
[[conf_env_vars]]
|
||||
.Configuration Environment Variables
|
||||
[cols="3",options="header"]
|
||||
|===
|
||||
|Variable Name |Description |Example Value
|
||||
|*_AB_JOLOKIA_AUTH_OPENSHIFT_*
|
||||
|Switch on client authentication for OpenShift TLS communication. The value of
|
||||
this parameter can be a relative distinguished name which must be contained in
|
||||
a presented client’s certificate. Enabling this parameter will automatically
|
||||
switch Jolokia into https communication mode. The default CA cert is set to
|
||||
`/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`.
|
||||
|*_true_*
|
||||
|
||||
|*_AB_JOLOKIA_CONFIG_*
|
||||
|If set uses this file (including path) as Jolokia JVM agent properties (as
|
||||
described in Jolokia’s
|
||||
link:http://www.jolokia.org/reference/html/agents.html#agents-jvm[reference
|
||||
manual]). If not set, the `/opt/jolokia/etc/jolokia.properties` file will be
|
||||
created using the settings as defined in this document, otherwise the rest of
|
||||
the settings in this document are ignored.
|
||||
|*_/opt/jolokia/custom.properties_*
|
||||
|
||||
|*_AB_JOLOKIA_DISCOVERY_ENABLED_*
|
||||
|Enable Jolokia discovery. Defaults to *_false_*.
|
||||
|*_true_*
|
||||
|
||||
|*_AB_JOLOKIA_HOST_*
|
||||
|Host address to bind to. Defaults to *_0.0.0.0_*.
|
||||
|*_127.0.0.1_*
|
||||
|
||||
|*_AB_JOLOKIA_HTTPS_*
|
||||
|Switch on secure communication with https. By default self-signed server
|
||||
certificates are generated if no serverCert configuration is given in
|
||||
*_AB_JOLOKIA_OPTS_*. _NOTE: If the values is set to an empty string, https is
|
||||
turned `off`. If the value is set to a non empty string, https is turned `on`._
|
||||
|*_true_*
|
||||
|
||||
|*_AB_JOLOKIA_ID_*
|
||||
|Agent ID to use ($HOSTNAME by default, which is the container id).
|
||||
|*_openjdk-app-1-xqlsj_*
|
||||
|
||||
|*_AB_JOLOKIA_OFF_*
|
||||
|If set disables activation of Jolokia (i.e. echos an empty value). By default,
|
||||
Jolokia is enabled. _NOTE: If the values is set to an empty string, https is
|
||||
turned `off`. If the value is set to a non empty string, https is turned `on`._
|
||||
|*_true_*
|
||||
|
||||
|*_AB_JOLOKIA_OPTS_*
|
||||
|Additional options to be appended to the agent configuration. They should be
|
||||
given in the format `"key=value, key=value, …<200b> "`
|
||||
|*_backlog=20_*
|
||||
|
||||
|*_AB_JOLOKIA_PASSWORD_*
|
||||
|Password for basic authentication. By default authentication is switched off.
|
||||
|*_mypassword_*
|
||||
|
||||
|*_AB_JOLOKIA_PASSWORD_RANDOM_*
|
||||
|If set, a random value is generated for *_AB_JOLOKIA_PASSWORD_*, and it is
|
||||
saved in the *_/opt/jolokia/etc/jolokia.pw_* file.
|
||||
|*_true_*
|
||||
|
||||
|*_AB_JOLOKIA_PORT_*
|
||||
|Port to use (Default: *_8778_*).
|
||||
|*_5432_*
|
||||
|
||||
|*_AB_JOLOKIA_USER_*
|
||||
|User for basic authentication. Defaults to *_jolokia_*.
|
||||
|*_myusername_*
|
||||
|
||||
|*_CONTAINER_CORE_LIMIT_*
|
||||
|A calculated core limit as described in
|
||||
link:https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt[CFS
|
||||
Bandwidth Control.]
|
||||
|*_2_*
|
||||
|
||||
|*_GC_ADAPTIVE_SIZE_POLICY_WEIGHT_*
|
||||
|The weighting given to the current Garbage Collection (GC) time versus previous
|
||||
GC times.
|
||||
|*_90_*
|
||||
|
||||
|*_GC_MAX_HEAP_FREE_RATIO_*
|
||||
|Maximum percentage of heap free after GC to avoid shrinking.
|
||||
|*_40_*
|
||||
|
||||
|*_GC_MAX_METASPACE_SIZE_*
|
||||
|The maximum metaspace size.
|
||||
|*_100_*
|
||||
|
||||
|*_GGC_TIME_RATIOC_MIN_HEAP_FREE_RATIO_*
|
||||
|Minimum percentage of heap free after GC to avoid expansion.
|
||||
|*_20_*
|
||||
|
||||
|*_GC_TIME_RATIO_*
|
||||
|Specifies the ratio of the time spent outside the garbage collection (for
|
||||
example, the time spent for application execution) to the time spent in the
|
||||
garbage collection.
|
||||
|*_4_*
|
||||
|
||||
|*_JAVA_DIAGNOSTICS_*
|
||||
|Set this to get some diagnostics information to standard out when things are
|
||||
happening.
|
||||
|*_true_*
|
||||
|
||||
|*_JAVA_INITIAL_MEM_RATIO_*
|
||||
|This is used to calculate a default initial heap memory based the maximal
|
||||
heap memory. The default is 100 which means 100% of the maximal heap is used
|
||||
for the initial heap size. You can skip this mechanism by setting this value
|
||||
to 0 in which case no `-Xms` option is added.
|
||||
|*_100_*
|
||||
|
||||
|*_JAVA_MAX_MEM_RATIO_*
|
||||
|It is used to calculate a default maximal heap memory based on a containers
|
||||
restriction. If used in a Docker container without any memory constraints for
|
||||
the container then this option has no effect. If there is a memory constraint
|
||||
then `-Xmx` is set to a ratio of the container available memory as set here.
|
||||
The default is 50 which means 50% of the available memory is used as an upper
|
||||
boundary. You can skip this mechanism by setting this value to 0 in which case
|
||||
no `-Xmx` option is added.
|
||||
|*_40_*
|
||||
|
||||
|*_JAVA_OPTS_APPEND_*
|
||||
|Server startup options.
|
||||
|*_-Dkeycloak.migration.action=export -Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/tmp_*
|
||||
|
||||
|*_MQ_SIMPLE_DEFAULT_PHYSICAL_DESTINATION_*
|
||||
|For backwards compatability, set to true to use `MyQueue` and `MyTopic` as
|
||||
physical destination name defaults instead of `queue/MyQueue` and `topic/MyTopic`.
|
||||
|*_false_*
|
||||
|
||||
|*_OPENSHIFT_KUBE_PING_LABELS_*
|
||||
|Clustering labels selector.
|
||||
|*_app=sso-app_*
|
||||
|
||||
|*_OPENSHIFT_KUBE_PING_NAMESPACE_*
|
||||
|Clustering project namespace.
|
||||
|*_myproject_*
|
||||
|
||||
|*_SCRIPT_DEBUG_*
|
||||
|If set to `true`, ensurses that the bash scripts are executed with the `-x`
|
||||
option, printing the commands and their arguments as they are executed.
|
||||
|*_true_*
|
||||
|
||||
|*_SSO_ADMIN_PASSWORD_*
|
||||
|Password of the administrator account for the `master` realm of the RH-SSO
|
||||
server. *Required.* If no value is specified, it is auto generated and
|
||||
displayed as an OpenShift Instructional message when the template is
|
||||
instantiated.
|
||||
|*_adm-password_*
|
||||
|
||||
|*_SSO_ADMIN_USERNAME_*
|
||||
|Username of the administrator account for the `master` realm of the RH-SSO
|
||||
server. *Required.* If no value is specified, it is auto generated and
|
||||
displayed as an OpenShift Instructional message when the template is
|
||||
instantiated.
|
||||
|*_admin_*
|
||||
|
||||
|*_SSO_REALM_*
|
||||
|Name of the realm to be created in the RH-SSO server if this environment variable
|
||||
is provided.
|
||||
|*_demo_*
|
||||
|
||||
|*_SSO_SERVICE_PASSWORD_*
|
||||
|The password for the RH-SSO service user.
|
||||
|*_mgmt-password_*
|
||||
|
||||
|*_SSO_SERVICE_USERNAME_*
|
||||
|The username used to access the RH-SSO service. This is used by clients to create
|
||||
the application client(s) within the specified RH-SSO realm. This user is created
|
||||
if this environment variable is provided.
|
||||
|*_sso-mgmtuser_*
|
||||
|
||||
|*_SSO_TRUSTSTORE_*
|
||||
|The name of the truststore file within the secret.
|
||||
|*_truststore.jks_*
|
||||
|
||||
|*_SSO_TRUSTSTORE_DIR_*
|
||||
|Truststore directory.
|
||||
|*_/etc/sso-secret-volume_*
|
||||
|
||||
|*_SSO_TRUSTSTORE_PASSWORD_*
|
||||
|The password for the truststore and certificate.
|
||||
|*_mykeystorepass_*
|
||||
|
||||
|*_SSO_TRUSTSTORE_SECRET_*
|
||||
|The name of the secret containing the truststore file. Used for
|
||||
_sso-truststore-volume_ volume.
|
||||
|*_truststore-secret_*
|
||||
|
||||
|===
|
||||
|
||||
Available link:https://docs.openshift.com/container-platform/latest/dev_guide/templates.html#overview[application templates]
|
||||
for {xpaasproduct-shortname} can combine the xref:conf_env_vars[aforementioned
|
||||
configuration variables] with common OpenShift variables (for example
|
||||
*_APPLICATION_NAME_* or *_SOURCE_REPOSITORY_URL_*), product specific variables
|
||||
(e.g. *_HORNETQ_CLUSTER_PASSWORD_*), or configuration variables typical to
|
||||
database images (e.g. *_MYSQL_FT_MAX_WORD_LEN_*) yet. All of these different
|
||||
types of configuration variables can be adjusted as desired to achieve the
|
||||
deployed RH-SSO-enabled application will align with the intended use case as much
|
||||
as possible. The list of configuration variables, available for each category
|
||||
of application templates for RH-SSO-enabled applications, is described below.
|
||||
|
||||
==== Template variables for all RH-SSO images
|
||||
|
||||
.Configuration Variables Available For All RH-SSO Images
|
||||
[cols="2*", options="header"]
|
||||
|===
|
||||
|Variable
|
||||
|Description
|
||||
|*_APPLICATION_NAME_*
|
||||
|The name for the application.
|
||||
|
||||
|*_DB_MAX_POOL_SIZE_*
|
||||
|Sets xa-pool/max-pool-size for the configured datasource.
|
||||
|
||||
|*_DB_TX_ISOLATION_*
|
||||
|Sets transaction-isolation for the configured datasource.
|
||||
|
||||
|*_DB_USERNAME_*
|
||||
|Database user name.
|
||||
|
||||
|*_HOSTNAME_HTTP_*
|
||||
|Custom hostname for http service route. Leave blank for default hostname,
|
||||
e.g.: _<application-name>.<project>.<default-domain-suffix>_.
|
||||
|
||||
|*_HOSTNAME_HTTPS_*
|
||||
|Custom hostname for https service route. Leave blank for default hostname,
|
||||
e.g.: _<application-name>.<project>.<default-domain-suffix>_.
|
||||
|
||||
|*_HTTPS_KEYSTORE_*
|
||||
|The name of the keystore file within the secret. If defined along with
|
||||
*_HTTPS_PASSWORD_* and *_HTTPS_NAME_*, enable HTTPS and set the SSL certificate
|
||||
key file to a relative path under _$JBOSS_HOME/standalone/configuration_.
|
||||
|
||||
|*_HTTPS_KEYSTORE_TYPE_*
|
||||
|The type of the keystore file (JKS or JCEKS).
|
||||
|
||||
|*_HTTPS_NAME_*
|
||||
|The name associated with the server certificate (e.g. _jboss_). If defined
|
||||
along with *_HTTPS_PASSWORD_* and *_HTTPS_KEYSTORE_*, enable HTTPS and set the
|
||||
SSL name.
|
||||
|
||||
|*_HTTPS_PASSWORD_*
|
||||
|The password for the keystore and certificate (e.g. _mykeystorepass_). If
|
||||
defined along with *_HTTPS_NAME_* and *_HTTPS_KEYSTORE_*, enable HTTPS and set
|
||||
the SSL key password.
|
||||
|
||||
|*_HTTPS_SECRET_*
|
||||
|The name of the secret containing the keystore file.
|
||||
|
||||
|*_IMAGE_STREAM_NAMESPACE_*
|
||||
|Namespace in which the ImageStreams for Red Hat Middleware images are
|
||||
installed. These ImageStreams are normally installed in the _openshift_
|
||||
namespace. You should only need to modify this if you've installed the
|
||||
ImageStreams in a different namespace/project.
|
||||
|
||||
|*_JGROUPS_CLUSTER_PASSWORD_*
|
||||
|JGroups cluster password.
|
||||
|
||||
|*_JGROUPS_ENCRYPT_KEYSTORE_*
|
||||
|The name of the keystore file within the secret.
|
||||
|
||||
|*_JGROUPS_ENCRYPT_NAME_*
|
||||
|The name associated with the server certificate (e.g. _secret-key_).
|
||||
|
||||
|*_JGROUPS_ENCRYPT_PASSWORD_*
|
||||
|The password for the keystore and certificate (e.g. _password_).
|
||||
|
||||
|*_JGROUPS_ENCRYPT_SECRET_*
|
||||
|The name of the secret containing the keystore file.
|
||||
|
||||
|*_SSO_ADMIN_USERNAME_*
|
||||
|Username of the administrator account for the `master` realm of the RH-SSO
|
||||
server. *Required.* If no value is specified, it is auto generated and
|
||||
displayed as an OpenShift instructional message when the template is
|
||||
instantiated.
|
||||
|
||||
|*_SSO_ADMIN_PASSWORD_*
|
||||
|Password of the administrator account for the `master` realm of the RH-SSO
|
||||
server. *Required.* If no value is specified, it is auto generated and
|
||||
displayed as an OpenShift instructional message when the template is
|
||||
instantiated.
|
||||
|
||||
|*_SSO_REALM_*
|
||||
|Name of the realm to be created in the RH-SSO server if this environment variable
|
||||
is provided.
|
||||
|
||||
|*_SSO_SERVICE_USERNAME_*
|
||||
|The username used to access the RH-SSO service. This is used by clients to create
|
||||
the application client(s) within the specified RH-SSO realm. This user is created
|
||||
if this environment variable is provided.
|
||||
|
||||
|*_SSO_SERVICE_PASSWORD_*
|
||||
|The password for the RH-SSO service user.
|
||||
|
||||
|*_SSO_TRUSTSTORE_*
|
||||
|The name of the truststore file within the secret.
|
||||
|
||||
|*_SSO_TRUSTSTORE_SECRET_*
|
||||
|The name of the secret containing the truststore file. Used for
|
||||
*_sso-truststore-volume_* volume.
|
||||
|
||||
|*_SSO_TRUSTSTORE_PASSWORD_*
|
||||
|The password for the truststore and certificate.
|
||||
|===
|
||||
|
||||
==== Template variables specific to *sso71-mysql*, *sso72-mysql*, *sso71-mysql-persistent*, and *sso72-mysql-persistent*
|
||||
|
||||
.Configuration Variables Specific To RH-SSO-enabled MySQL Applications With Ephemeral Or Persistent Storage
|
||||
[cols="2*", options="header"]
|
||||
|===
|
||||
|Variable
|
||||
|Description
|
||||
|*_DB_USERNAME_*
|
||||
|Database user name.
|
||||
|
||||
|*_DB_PASSWORD_*
|
||||
|Database user password.
|
||||
|
||||
|*_DB_JNDI_*
|
||||
|Database JNDI name used by application to resolve the datasource,
|
||||
e.g. _java:/jboss/datasources/mysql_.
|
||||
|
||||
|*_MYSQL_AIO_*
|
||||
|Controls the _innodb_use_native_aio_ setting value if the native AIO is
|
||||
broken.
|
||||
|
||||
|*_MYSQL_FT_MAX_WORD_LEN_*
|
||||
|The maximum length of the word to be included in a FULLTEXT index.
|
||||
|
||||
|*_MYSQL_FT_MIN_WORD_LEN_*
|
||||
|The minimum length of the word to be included in a FULLTEXT index.
|
||||
|
||||
|*_MYSQL_LOWER_CASE_TABLE_NAMES_*
|
||||
|Sets how the table names are stored and compared.
|
||||
|
||||
|*_MYSQL_MAX_CONNECTIONS_*
|
||||
|The maximum permitted number of simultaneous client connections.
|
||||
|===
|
||||
|
||||
==== Template variables specific to *sso71-postgresql*, *sso72-postgresql*, *sso71-postgresql-persistent*, and *sso72-postgresql-persistent*
|
||||
|
||||
.Configuration Variables Specific To RH-SSO-enabled PostgreSQL Applications With Ephemeral Or Persistent Storage
|
||||
[cols="2*", options="header"]
|
||||
|===
|
||||
|Variable
|
||||
|Description
|
||||
|*_DB_USERNAME_*
|
||||
|Database user name.
|
||||
|
||||
|*_DB_PASSWORD_*
|
||||
|Database user password.
|
||||
|
||||
|*_DB_JNDI_*
|
||||
|Database JNDI name used by application to resolve the datasource,
|
||||
e.g. _java:/jboss/datasources/postgresql_
|
||||
|
||||
|*_POSTGRESQL_MAX_CONNECTIONS_*
|
||||
|The maximum number of client connections allowed. This also sets the maximum
|
||||
number of prepared transactions.
|
||||
|
||||
|*_POSTGRESQL_SHARED_BUFFERS_*
|
||||
|Configures how much memory is dedicated to PostgreSQL for caching data.
|
||||
|===
|
||||
|
||||
==== Template variables specific to *sso71-mysql-persistent*, *sso72-mysql-persistent*, *sso71-postgresql-persistent*, and *sso72-postgresql-persistent*
|
||||
|
||||
.Configuration Variables Specific To RH-SSO-enabled MySQL / PostgreSQL Applications With Persistent Storage
|
||||
[cols="2*", options="header"]
|
||||
|===
|
||||
|Variable
|
||||
|Description
|
||||
|*_VOLUME_CAPACITY_*
|
||||
|Size of persistent storage for database volume.
|
||||
|===
|
||||
|
||||
==== Template variables for general *eap64*, *eap70*, and *eap71* S2I images
|
||||
|
||||
.Configuration Variables For EAP 6.4 and EAP 7 Applications Built Via S2I
|
||||
[cols="2*", options="header"]
|
||||
|===
|
||||
|Variable
|
||||
|Description
|
||||
|*_APPLICATION_NAME_*
|
||||
|The name for the application.
|
||||
|
||||
|*_ARTIFACT_DIR_*
|
||||
|Artifacts directory.
|
||||
|
||||
|*_AUTO_DEPLOY_EXPLODED_*
|
||||
|Controls whether exploded deployment content should be automatically deployed.
|
||||
|
||||
|*_CONTEXT_DIR_*
|
||||
|Path within Git project to build; empty for root project directory.
|
||||
|
||||
|*_GENERIC_WEBHOOK_SECRET_*
|
||||
|Generic build trigger secret.
|
||||
|
||||
|*_GITHUB_WEBHOOK_SECRET_*
|
||||
|GitHub trigger secret.
|
||||
|
||||
|*_HORNETQ_CLUSTER_PASSWORD_*
|
||||
|HornetQ cluster administrator password.
|
||||
|
||||
|*_HORNETQ_QUEUES_*
|
||||
|Queue names.
|
||||
|
||||
|*_HORNETQ_TOPICS_*
|
||||
|Topic names.
|
||||
|
||||
|*_HOSTNAME_HTTP_*
|
||||
|Custom host name for http service route. Leave blank for default host name,
|
||||
e.g.: _<application-name>.<project>.<default-domain-suffix>_.
|
||||
|
||||
|*_HOSTNAME_HTTPS_*
|
||||
|Custom host name for https service route. Leave blank for default host name,
|
||||
e.g.: _<application-name>.<project>.<default-domain-suffix>_.
|
||||
|
||||
|*_HTTPS_KEYSTORE_TYPE_*
|
||||
|The type of the keystore file (JKS or JCEKS).
|
||||
|
||||
|*_HTTPS_KEYSTORE_*
|
||||
|The name of the keystore file within the secret. If defined along with
|
||||
*_HTTPS_PASSWORD_* and *_HTTPS_NAME_*, enable HTTPS and set the SSL certificate
|
||||
key file to a relative path under _$JBOSS_HOME/standalone/configuration_.
|
||||
|
||||
|*_HTTPS_NAME_*
|
||||
|The name associated with the server certificate (e.g. _jboss_). If defined
|
||||
along with *_HTTPS_PASSWORD_* and *_HTTPS_KEYSTORE_*, enable HTTPS and set the
|
||||
SSL name.
|
||||
|
||||
|*_HTTPS_PASSWORD_*
|
||||
|The password for the keystore and certificate (e.g. _mykeystorepass_). If
|
||||
defined along with *_HTTPS_NAME_* and *_HTTPS_KEYSTORE_*, enable HTTPS and set
|
||||
the SSL key password.
|
||||
|
||||
|*_HTTPS_SECRET_*
|
||||
|The name of the secret containing the keystore file.
|
||||
|
||||
|*_IMAGE_STREAM_NAMESPACE_*
|
||||
|Namespace in which the ImageStreams for Red Hat Middleware images are
|
||||
installed. These ImageStreams are normally installed in the _openshift_
|
||||
namespace. You should only need to modify this if you've installed the
|
||||
ImageStreams in a different namespace/project.
|
||||
|
||||
|*_JGROUPS_CLUSTER_PASSWORD_*
|
||||
|JGroups cluster password.
|
||||
|
||||
|*_JGROUPS_ENCRYPT_KEYSTORE_*
|
||||
|The name of the keystore file within the secret.
|
||||
|
||||
|*_JGROUPS_ENCRYPT_NAME_*
|
||||
|The name associated with the server certificate (e.g. _secret-key_).
|
||||
|
||||
|*_JGROUPS_ENCRYPT_PASSWORD_*
|
||||
|The password for the keystore and certificate (e.g. _password_).
|
||||
|
||||
|*_JGROUPS_ENCRYPT_SECRET_*
|
||||
|The name of the secret containing the keystore file.
|
||||
|
||||
|*_SOURCE_REPOSITORY_REF_*
|
||||
|Git branch/tag reference.
|
||||
|
||||
|*_SOURCE_REPOSITORY_URL_*
|
||||
|Git source URI for application.
|
||||
|===
|
||||
|
||||
==== Template variables specific to *eap64-sso-s2i*, *eap70-sso-s2i*, and *eap71-sso-s2i* for automatic client registration
|
||||
|
||||
.Configuration Variables For EAP 6.4 and EAP 7 RH-SSO-enabled Applications Built Via S2I
|
||||
[cols="2*", options="header"]
|
||||
|===
|
||||
|Variable
|
||||
|Description
|
||||
|*_SSO_URL_*
|
||||
|RH-SSO server location.
|
||||
|
||||
|*_SSO_REALM_*
|
||||
|Name of the realm to be created in the RH-SSO server if this environment variable
|
||||
is provided.
|
||||
|
||||
|*_SSO_USERNAME_*
|
||||
|The username used to access the RH-SSO service. This is used to create the
|
||||
application client(s) within the specified RH-SSO realm. This should match the
|
||||
*_SSO_SERVICE_USERNAME_* specified through one of the *sso71-* or *sso72-* templates.
|
||||
|
||||
|*_SSO_PASSWORD_*
|
||||
|The password for the RH-SSO service user.
|
||||
|
||||
|*_SSO_PUBLIC_KEY_*
|
||||
|RH-SSO public key. Public key is recommended to be passed into the template to
|
||||
avoid man-in-the-middle security attacks.
|
||||
|
||||
|*_SSO_SECRET_*
|
||||
|The RH-SSO client secret for confidential access.
|
||||
|
||||
|*_SSO_SERVICE_URL_*
|
||||
|RH-SSO service location.
|
||||
|
||||
|*_SSO_TRUSTSTORE_SECRET_*
|
||||
|The name of the secret containing the truststore file. Used for
|
||||
*_sso-truststore-volume_* volume.
|
||||
|
||||
|*_SSO_TRUSTSTORE_*
|
||||
|The name of the truststore file within the secret.
|
||||
|
||||
|*_SSO_TRUSTSTORE_PASSWORD_*
|
||||
|The password for the truststore and certificate.
|
||||
|
||||
|*_SSO_BEARER_ONLY_*
|
||||
|RH-SSO client access type.
|
||||
|
||||
|*_SSO_DISABLE_SSL_CERTIFICATE_VALIDATION_*
|
||||
|If true SSL communication between EAP and the RH-SSO Server is insecure
|
||||
(i.e. certificate validation is disabled with curl)
|
||||
|
||||
|*_SSO_ENABLE_CORS_*
|
||||
|Enable CORS for RH-SSO applications.
|
||||
|===
|
||||
|
||||
==== Template variables specific to *eap64-sso-s2i*, *eap70-sso-s2i*, and *eap71-sso-s2i* for automatic client registration with SAML clients
|
||||
|
||||
.Configuration Variables For EAP 6.4 and EAP 7 RH-SSO-enabled Applications Built Via S2I Using SAML Protocol
|
||||
[cols="2*", options="header"]
|
||||
|===
|
||||
|Variable
|
||||
|Description
|
||||
|*_SSO_SAML_CERTIFICATE_NAME_*
|
||||
|The name associated with the server certificate.
|
||||
|
||||
|*_SSO_SAML_KEYSTORE_PASSWORD_*
|
||||
|The password for the keystore and certificate.
|
||||
|
||||
|*_SSO_SAML_KEYSTORE_*
|
||||
|The name of the keystore file within the secret.
|
||||
|
||||
|*_SSO_SAML_KEYSTORE_SECRET_*
|
||||
|The name of the secret containing the keystore file.
|
||||
|
||||
|*_SSO_SAML_LOGOUT_PAGE_*
|
||||
|RH-SSO logout page for SAML applications.
|
||||
|===
|
||||
|
||||
=== Exposed Ports
|
||||
[cols="2",options="header"]
|
||||
|===
|
||||
|Port Number | Description
|
||||
|*_8443_* | HTTPS
|
||||
|
||||
|*_8778_* | Jolokia monitoring
|
||||
|
||||
|===
|
||||
|
||||
////
|
||||
=== Labels
|
||||
|
||||
=== Datasources
|
||||
|
||||
=== Clustering
|
||||
|
||||
=== Security Domains
|
||||
|
||||
=== HTTPS
|
||||
|
||||
=== Source-to-Image (S2I)
|
||||
|
||||
=== Known Issues
|
||||
* There is a known issue with the EAP6 Adapter _HttpServletRequest.logout()_ in which the adapter does not log out from the application, which can create a login loop. The workaround is to call _HttpSession.invalidate();_ after _request.logout()_ to clear the Keycloak token from the session. For more information, see https://issues.jboss.org/browse/KEYCLOAK-2665[KEYCLOAK-2665].
|
||||
* The SSO logs throw a duplication error if the SSO pod is restarted while backed by a database pod. This error can be safely ignored.
|
||||
* Setting _adminUrl_ to a "https://..." address in an OpenID Connect client will cause *javax.net.ssl.SSLHandshakeException* exceptions on the SSO server if the default secrets (*sso-app-secret* and *eap-app-secret*) are used. The application server must use either CA-signed certificates or configure the SSO trust store to trust the self-signed certificates.
|
||||
* If the client route uses a different domain suffix to the SSO service, the client registration script will erroneously configure the client on the SSO side, causing bad redirection.
|
||||
* The SSO-enabled JBoss EAP image does not properly set the *adminUrl* property during automatic client registration. As a workaround, log in to the SSO console after the application has started and manually modify the client registration *adminUrl* property to *http://_<application-name>_-_<project-name>_._<hostname>_/_<app-context>_*.
|
||||
////
|
1245
openshift/content/tutorials/tutorials.adoc
Normal file
1245
openshift/content/tutorials/tutorials.adoc
Normal file
File diff suppressed because it is too large
Load diff
13
openshift/docinfo.xml
Normal file
13
openshift/docinfo.xml
Normal file
|
@ -0,0 +1,13 @@
|
|||
<productname>{productname}</productname>
|
||||
<productnumber>{productversion}</productnumber>
|
||||
<subtitle>Using {xpaasproduct}</subtitle>
|
||||
<abstract>
|
||||
<para>Guide to using {xpaasproduct}</para>
|
||||
</abstract>
|
||||
<authorgroup>
|
||||
<org>
|
||||
<orgname>{productname} Documentation Team</orgname>
|
||||
<email>{productdocsemail}</email>
|
||||
</org>
|
||||
</authorgroup>
|
||||
<xi:include href="Common_Content/Legal_Notice.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
|
95
openshift/images/import_realm_error.svg
Normal file
95
openshift/images/import_realm_error.svg
Normal file
|
@ -0,0 +1,95 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
viewBox="0 0 594.66669 62.666668"
|
||||
height="62.666668"
|
||||
width="594.66669"
|
||||
id="svg2"
|
||||
version="1.1">
|
||||
<metadata
|
||||
id="metadata8">
|
||||
<rdf:RDF>
|
||||
<cc:Work
|
||||
rdf:about="">
|
||||
<dc:format>image/svg+xml</dc:format>
|
||||
<dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||
<dc:title></dc:title>
|
||||
</cc:Work>
|
||||
</rdf:RDF>
|
||||
</metadata>
|
||||
<defs
|
||||
id="defs6" />
|
||||
<image
|
||||
y="0"
|
||||
x="0"
|
||||
id="image10"
|
||||
xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAb4AAAAvCAYAAACcwK+7AAAABmJLR0QA/wD/AP+gvaeTAAAACXBI
|
||||
WXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4gMMEwkf2IR+1AAAAB1pVFh0Q29tbWVudAAAAAAAQ3Jl
|
||||
YXRlZCB3aXRoIEdJTVBkLmUHAAAMfUlEQVR42u3db0wb5x0H8C9TfbT1Idmks+fWERlRA1JA3cIb
|
||||
XKlmU0hbShSHqhRWNYBoqTKspCAqUDqStIHKCkqK0wiUkgSlkKRJQXhIJa4WswlSFV7UaBWsgqRx
|
||||
g/BEiUScCHsJZ2nsBfjmP3fnMzj/4PeReNF77p57nt9zd7977s5NgiFn2wIIIYSQNeKJIlUSjP8c
|
||||
wX8nb1A0CCGErFoJG36Lgd9nIcH5a81CWncXEjdtoqgQQghZte79+COulZYi4Xtg4YXpaYoIIYSQ
|
||||
Ve8HnQ6/ojAQQghZSyjxEUIIocRHCCGEUOIjhBBCKPERQgghlPgIIYQQSnyEEEIIJT5CCCGEEh8h
|
||||
hBBCiY8QQgihxEcIIYRQ4iOEEEIo8RFCCHlU/efuXVnr3b13jxIfIYSQx9u/f/kFVQcO4K/ffCO5
|
||||
3uednfjQYoHnzh1KfESe2sZGDAwNUSAesOzt2x/Y2M16PHinpgYF5eU01nGMP7m/mlpa4LlzB+d6
|
||||
ekST3+ednXBcuQL39DROdHRQ4pMrt6gI2du3h/zdTyOjo8jevh1VBw6IrrNrzx70ORyrNuY3pqZQ
|
||||
tHt3SEzmOS5u9ReUl8saB7F9ytn+cXKhtxc52dmwtbcjOysLRbt3Y87rjSmO4fFabTEi9+dat5Lz
|
||||
urKsDE89+SQACCa/trNn4bhyBQCQrFKh9M03KfHFglEoUJCXx//d730BAMMwokmBYRj02O2rNt5J
|
||||
LAtWqeT/u7mtDVwcE9/+6uqo60jtU872j5NJtxvPp6YCABIZBnVmM5JYNqY4hsdrtcWIxN9Kz+u0
|
||||
jRvxl/ffF0x+bWfP4vLgIJ/0DtbU4FmtdsVtfmItDRCrVKLObA5ZNuf1YltxMfZXVWFsYgJ9Dgfa
|
||||
P/0Ub+/ZE7Ls4okTmOc4NLW2Ymx8HKxSiZLCQhSbTIJ1HD14cPHiH3ThD2az21FsMuFCby+mZ2ag
|
||||
CxrMgvJy5BqN+NfExGLdRiNKCgujlgW76nKhobkZXp8Pm9PSQsqmZ2bQYLXixtQUklgWdWYztmRm
|
||||
8mX1TU245fFAp9WiobYW69RqAEBDczN/d7cpNRXWQ4cAAK+9/TZKCgsx7HRi1uNBRno66sxmsEol
|
||||
3//mtjZc+/lnvPvBB1inVqPVYolok9B+B4aG0NHdjdNHjwIAOrq6MOl2Y391NSr37cPw11+Lti3a
|
||||
PoO3F+tDuKLdu1FZWorDLS3YkpmJxro6yXjK6WOsYydUR0dXF0ZGR3HN5YJOq0WrxYLaxkbYTp9G
|
||||
EstK9i8QB6F4BcdIqp9S9QuNzTzHoaC8HK0WCzasXy8rxmKx63M40NHdDY7jwCqVaKqvDzmfAoLb
|
||||
OOl2Y9cbb4Dz+3F5cBBenw8FeXkoNpkEz9dYtpVqj1ScpLbrczhwobcXnN+PSbcbySoVmurrkZGe
|
||||
LhmbWNott57gdkc7x2JNfp8cO4a79+7hXE8PzvX08OXJKhU+qqkRHFdKfFF4fT4cbmkBAKTo9SEH
|
||||
efPJk+A4Dil6PZRPPx2xjFEo8E5NDbw+H/JzczE2Pg7ryZNIUiphzM6OWF/zzDN8shUyODyMyrIy
|
||||
cByHHrsd5rKy/1/cbt6ETqOBuawM8xyHd2tqkJGeji2ZmZJlwaoOHEBjXR22ZGbiqsuFkr17kb91
|
||||
62LZwYOoqqiAISsL0zMzeKemBp3Hj2OdWh1S1udwoKG5GdZDhzDkdGLO54OtvZ0/SQJu3b4NAHwi
|
||||
3LVnD8bGx5GRno7KpX5Vv/ceLg8O4tSRI4KzELH95hgM6OvvR5/DgS2ZmbDZ7bhw4kTItmJti7bP
|
||||
YFJ9CE88ff39sLW3I3FpNi8VTzl9jIiFzLELrqOksBAjo6MoMplgyMpaVv9iGaPwforVP+fzCY5N
|
||||
IsMgx2AQTPzRYhweu81paXybm9va0NHdLXjTcuv2bTAKBayHDmHW40H+rl2oLC3F6aNHMc9xyN+1
|
||||
CwV5efw+l7utVHukxkFsuzmvF6fOn8eFEyeQyDCobWxE/tat/NhJxSaWdkerR6jdsZxjcpNf47Fj
|
||||
uBf09Wa8k96ae9TJ+f2w2e2w2e0R79Y4joOtvR2dx4/zySp42djEBG7dvo0ikwl1ZjN/ZxP8qDJ4
|
||||
/WSVSvRR55DTiS2ZmUhkGOQajXAsTeWDbTMa+QtEQV4eP92PVhaYMSSxLJ8MN6Wm8jOHqy4XAPAX
|
||||
R51WixyDAZcHB3HV5QKjUPBl+bm5GB4ZWVxPo8E1lwsjo6P8dsECF2YAyEhPx6Tbze87Gqn9AsD+
|
||||
qiqcOn8e9U1NqDWbIy5M0doml1gfwo+h6ooKvg1S8Yylj3LHTk4dK+mf1BhF66dQ/VJjI/YoVijG
|
||||
Uv3esH49X0+OwRByUyZ2Xq1Tq5GsUoWcSzqNJi7bRmuP2DiIbTfpdkOn1fLxyEhL47eRc0zIabec
|
||||
elZy/MSS/LRLk4aA32VkxDXprbkZX7JKhUtnzwqWZaSnR9x9Bi+b9XgWD069nn9/xSgUuLW0PHz9
|
||||
wAEsdEdrs9sxODyMvv5+ftnI6GjIrC34gpDEsvz+o5UF2qrTaEKWBfcjvCxFr8f0zAxm9XpMut0h
|
||||
HzSwSiVmPR5sWL8eDbW1aP3iC8x6PBGP88IvYLG87J71eET3u06tRhLLIjsrC8NOp+BsJlrbYnkn
|
||||
KacPwSehVDxj6aPcsZNTx0r7JzZG0fopVP9yxyY8xlL97nM4cHlwEJzfjzmvVzIW4W0MvzHl/H50
|
||||
dHXh1Pnz/DvOQKKQs23gsaRUe8TGQWy7FL0eN6amMOf1IollMTI6yr/ekHNMyGn3cuqJ54dqASfP
|
||||
nYtIqH//9lvoNBrsfPVVSnwPWmDwbywNypzXC87vl7wTGejpiZidzHm9uOZy8e9NAGBgaAg9ly6F
|
||||
XBCCD7jpmZmIi6NYWaCt4cnQ6/PxZdM3b4aUTbrdSNHrsU6tRopej87jx0VvDlotFlx1uVC5bx//
|
||||
/igesZXa742pKQw7nXg+NRU9ly7h9ddee2Btk9N2sXjG0ke5YyenjofZz/tx3Ej1e8jpxIXeXpw6
|
||||
ehSJDIMhpxMXe3tX1NeSwkLB9+ZyLLc9UtslsSyKTSaU7N0LnVaL3Jde4q8V8TomHuaxFZz0/jYw
|
||||
wLeneOdOtH/5Jf/OD0Dckt+aetQZeMcX+ItFdlYWWKUSF3t7cbilBZX79gGA6NehV10u5Lz+Ohqa
|
||||
m0OW9/X38+8EA3IMBoyMjvKfnjMKBTq6uvhEabPb+btOqbKATampmPV4MDY+zrcl8KhpU2oqOI7j
|
||||
f+c1PTODgaEhbDMaF8v8/pDfgAXu6Gc9Hr59KXq96Ec70WYcQo9HpPYLAA1WK2rNZuyvqkJnd7fg
|
||||
DFesbWL7jBepeMbSR9ljJ6OOlZAcIxn9FJopio3N4ZYWWT+3kOr3raWbwESGwTzHwfaQv5Jebnui
|
||||
bdfX34+Ozz5Dq8UScuMXr2NiJfXE4xwLT3of1dTgDwaD6NeeNOOLQeAdX4DQC3AxiQyDU0eOoMFq
|
||||
RZ/DsfghSEUFthmNgicvo1CAUSiQHDYbs9ntaKitjVjfkJWFweFh5OfmgmEY6LRa/ndYxSYTf4cn
|
||||
VRasqb4eDVYr/7FN8PP5VosF9U1NONzSgiSWxf7qan7WaP34YzRYrTjc0gLO78c2oxF1ZjOmZ2aw
|
||||
v6mJb8O7b70V84yqsrQUtY2NSGJZXAz7QEVsvxd6e6HTaPhHnJVlZREfhUi1TWqf8SIVTzl9jGXs
|
||||
5NaxXFLxktvPYGJjM7+URIt27JB1HIn1O9doRF9/PwrKy5GsVqPYZHqov41dbnuibafTaLCtuBiM
|
||||
QgFWqUR+bi7/QVy8jonl1rPSc0wo6f1m6bG60NeeCQkJML3yyorGKeF7YOGF6Wl6lvkIMRYUYNBm
|
||||
i7mMELL6NLe1YZ1azT9+nfN6UbJ3L1otlrh/9PEwtJ45g398911E0gs2cf06n/yKduzAGyv4H5D8
|
||||
oNPRO75HdWa6nDJCyOoz6XYjO+ijLq/Ph3mOi3ia9Lj6c2kp1CoV/vjii4JJL3jmN3H9Ona8/PKK
|
||||
90mJjxBCHmFVFRVosFrReuYMgMVHxo11dYK/N3wcJSQk4E87d0ZdL23jRqRt3BiffdKjTkIIIWvF
|
||||
Dzod/esMhBBC1hZKfIQQQijxEUIIIZT4CCGEEEp8hBBCCCU+QgghhBIfIYQQQomPEEIIocRHCCGE
|
||||
UOIjhBBCKPERQgghMSc+xXPP4d7SP3pJCCGErFZ3x8bApKQg4dZXXy24P/wQ3E8/UVQIIYSsWk9t
|
||||
3oxnP/kECQsLCwsUDkIIIWsFveMjhBCypvwPAIOSpxH0J/gAAAAASUVORK5CYII=
|
||||
"
|
||||
preserveAspectRatio="none"
|
||||
height="62.666668"
|
||||
width="594.66669" />
|
||||
</svg>
|
After Width: | Height: | Size: 5.3 KiB |
297
openshift/images/sso_app_jee_jsp.svg
Normal file
297
openshift/images/sso_app_jee_jsp.svg
Normal file
|
@ -0,0 +1,297 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
viewBox="0 0 745 287"
|
||||
height="287"
|
||||
width="745"
|
||||
id="svg3481"
|
||||
version="1.1">
|
||||
<metadata
|
||||
id="metadata3487">
|
||||
<rdf:RDF>
|
||||
<cc:Work
|
||||
rdf:about="">
|
||||
<dc:format>image/svg+xml</dc:format>
|
||||
<dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||
<dc:title></dc:title>
|
||||
</cc:Work>
|
||||
</rdf:RDF>
|
||||
</metadata>
|
||||
<defs
|
||||
id="defs3485" />
|
||||
<g
|
||||
id="g3489">
|
||||
<image
|
||||
id="image3491"
|
||||
xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAukAAAEfCAIAAABzhc/FAAAAA3NCSVQICAjb4U/gAAAAGHRFWHRT
|
||||
b2Z0d2FyZQBtYXRlLXNjcmVlbnNob3TIlvBKAAAgAElEQVR4nO3deXAb150n8B9ugBdAUiJBXYRo
|
||||
2aJPMZJjU7nMHB4x8WTMzMyOmdqqNWe3aovz19C1f4T+j/+F+WvlP3aHqa3UULNzcHZmdyhnnJFm
|
||||
kgyUy7RjJZTjgzpMkToskJQogCcANtD7xwOajUZ3o0GCwHvk91MoVhN94HX376F//fp1w3bq1CkC
|
||||
AAAAEIS90gUAAAAAKAJyFwAAABAJchcAAAAQCXIXAAAAEAlyFwAAABAJchcAAAAQCXIXAAAAEAly
|
||||
FwAAABAJchcAAAAQCXIXAAAAEAlyFwAAABAJchcAAAAQCXIXAAAAEAlyFwAAABAJchcAAAAQCXIX
|
||||
AAAAEAlyFwAAABCJs9IFKJosy5UuAuwSNput0kUAAICiCZC7IFmBHaIJLaQyAABC4Dd3QcoCZaaE
|
||||
HJIYAACecdrfBYkLVBDCDwCAZzy2u1g/cuAYA8Wy2KYiyzJaXwAA+MRd7lIwHUG+Atuhjh/z7ATp
|
||||
CwAAn/jKXUzyEs0oZDCwHSwpKdjBBekLAACH+MpdjKgzFaNhACvUWYuSlyBHAQAQiAC5i5KgsAHN
|
||||
vybTwx6nm47kpylKNoP0BQBACBzlLro5h26+YjGJgT3O/PEtNpuN5StKG4xu+oKcBgCANxzlLvny
|
||||
MxXlr27igiQG8uVfGNJtelHyGGQqAACc4zd30SQlP/jBDypYGNh9+vr6WJqiSVmQvgAAcI7f3IVB
|
||||
UwrskPybpZG1AAAIgffchXKvED17fX9lCwO7wHuPLpBeWozEBQBACLzkLrqPb1FnLcqIcpYKdjHd
|
||||
dhfS67SL9hgAAK5w+ntGajoZDMC2aXp8I8YAAETBS7tLPv0biHCAgRLR3GmPvroAAKLgN3dhtCfE
|
||||
SF2gRDQ3RWuetAsAANziMXcxe+gc2l2gRFhabHSDNFpfAAC4xWPukk91zaii5YDdRTd9AQAAzgmQ
|
||||
u+ReM+I3efG77NFvh4gomkzVj80WO/vxOlfPkaqew9WhGmfAbSeiyHpqcjE5fnt17OZqIm11xf0u
|
||||
e8+Rqu4DVR0N7qDPEXA74ql0ZD01FdsIz62P31q7urRRVOGVUUzHD+9ceZjU/ehXH6kZ/XwTEQ3/
|
||||
Lvr6bxctFrhSNE0sSF8AAEQhQO6Sg9/UJbdsxZTT77Kffa6x71it5v1QjT1U4+o5Un32s6mBdx+c
|
||||
+2TFfDkeu22oo37giTqvI+f2Ma/DzhbVfbBq+GTj5GJi8PLixU/XrRY+99/hkw1f/3FEvwRb3QIV
|
||||
hJQFAEA4wuUuPB8St9I+1FrjDHcfCNW42L9TseSFu2szK5LXYetocHcfrAq4HQG3Y/QLTV1B75/+
|
||||
YsFoOc0+x4UXWzoaPOzfeCodjsSnYsnIeirgtgfc9s79Xja2o8Fz4cWWjjdvX1lUN5+YFD7n3+6D
|
||||
Vc/vc7+zkDBdLZnvPZWBxAUAQERi5C5i9HeRVQPWyul32ye+cTBY5SSimeWNvl/MX4rENdN85+nA
|
||||
8LONRNR3rC6aSL/27oP85XgctvCZA+0BNxFFE6mBdx+cu7GsO1nfsdrBpwOhWpfXbtNvJskvfPbf
|
||||
uJT2Ou1EdPaz+06/dVdnfYrfAhWE3zACABCUGLnLJp7P5ovvlzP6hf1K4tL5z3fm1lP503zv/YdT
|
||||
0eT411qIaODJwPjs6qXIet5ymljiYrIcIkpI8venYt+fin332ca4lDYssMGzjGdWpJmVje5D1Z1N
|
||||
3jMHfBfvrmk/QJCeSQAAIDTen6ub95sAfL+KKefxOldPaw2bvOfH9+bWUkZTnp9dHfk4xqY8+/y+
|
||||
/OX0ttVaWY7yev3XD648SBZR+KzBXz8wKkaxq8/FbjIPNgAA4BLvuYuWLHP9Kqacg8/Us2nHZ1au
|
||||
PEgUmPjX99nEHY2eE/Uu3eWMfbJccDlbLHzWlQeJ8ZkVImoPuF85Wm08ZaV3hMU1BQAAAQmXu/D9
|
||||
Kqac3Yeq2LQjH8cKThxLpFnSQETdh6rVo7pafNaXs8XCq0YNvJ3pLzz8WeOml4rvCItrmsU6uxh1
|
||||
eUFXGAAArgiXu1T6lH3LTRe5r2avnfV0IaKJuXUrCw9/mulf0tXiUy8nVOsqajlbKbxq1OzyxujV
|
||||
GBGFal2vPlpr2J5R8X1hZU0BAEBAwuUufL8slzPoyyQukTUplkhbWfhU9olwoRpX/nKiiVRCkneq
|
||||
8LnvD75zPy6liWj4uX0edr+SwZScvgAAQGS4z6h0NE0XpgLuzGWIaCJlcaWiiczdQwGPXZllcznJ
|
||||
tNFy5P7j+W9O3o9/5h9Vz881Kfzmv5lGi7k1aeSj6MAzDcEqZ//j/jd+93BzgtwpAQAASg7tLjtz
|
||||
Ql/yiU1mISKiuGTceGNxY5qUJ2/U0K8fsKaXoWcbc5pexNpNAAAgILS7lE4x7S7RuNKI4rC4UuxH
|
||||
jii3qUZZTrDKabScgV/MKcPBKufgycYCBTZsd9kcjiVSQ7++P3y6KeBxDD3b+PrEApEmy+F4TwEA
|
||||
gMiEy10qXQATssGwnsiaxAaCVU6/yx5Lpgsunj19johmljaU5SvLCXgcHrstkdL54DeuKNd0qLXW
|
||||
lcld8htUjApvMOrslYeDJxsDHsfAM/XDlx/krAKaNwAAYMcId82o0reoWLyBpdCUc6tSZDWTdnQ2
|
||||
e60svOtg5p7q8N019XJmlpJFLcewkCaF1xuVkNJD7y4QkddpHz69P3fKSu8Ii1sAAAAEJFzuwver
|
||||
mHJeuJV5Xkv/k/UFJ/a77D3Zh+demF1Rjwpnn83f/2RgW4U0KbzB+29MPmQZWP9T9c0+h8mUfL0A
|
||||
AEBkwuUulT5l31qTht5r+L3Mo3J7Hqk90eguMPHn9rOJJxfiVxbiusvpfcxfcDlmhTQpvPGowV9l
|
||||
OtMMn27KyQsqvi+sbAEAABCQcLkL369iynl1MTn+yRKbfPz3D2faLfReLx+t7X+6gU05cCmSv5yx
|
||||
qzEryylQSJPCG48691FsajFBRH1PBDr2eQXbTQAAICDhcpdKn7Kbnc3LxZaz71/vRlY3iChU5554
|
||||
5egLB33503znVOP4Nw+zpZ797YNLd1Z1l8MSiFCde+o/HXv1cb/ux3ns1PtYnVJEq4UvtF6Dv8w0
|
||||
vfQ/Xa+/cN5eAAAgMtxnVDrZsnkdtu9+vslkwvDttYuzK0QUi6c7x26G/zgU8rtDde7wHx+dWkyE
|
||||
76zOxDaIqKPJ291aE/A62FyjHz58LRzRXWBCkrv+YebCt450NPkCHsfo7x0c+UpL+M7qzNIGW1TI
|
||||
72qv93S2+LzOTLY6cW9d26CiDGg2su5kKudvLE/Or3c0bS7caEpuybJss9nYX6Ox5S8VAADoEi53
|
||||
4fiQmC2b12kf/Ox+kwm9jvsXZ5bZ8Gws2fHXN0a+eqC3PUBE7Q2e9gaPZvpoPDUQvnfuo6jJMudW
|
||||
Nzr/bnrodNPAyUav0+512rtDtbpTTtxbG/z53KU7q7qF1w6bj8oaCEfCf3JUNRnfewoAAETGe+7C
|
||||
zoY3/+f5gGi9bLltG7F4+ttv3Rn61XzPsbqeY3UhvytY7YpL6ciqNLkQH7+xNDYV031wi0ZCkl//
|
||||
+dzwuws9x+q6QzUdTb5glTPgdbBFTS0mwrdXx28sXc3+LpJh4YtsdyGiS7dXw7dXuw5XF5ySZ2hc
|
||||
AQAQgu3UqVOVLgMRkTpBYcNyVjqdTqfTf/VXf0VEz/67u2JFhN3ivS8nieiVV16xZ9lsNmWAodxU
|
||||
BmkNAAA/eG93YTaPHAKezQOfkJoAAAhKjNxlE3pRQOkgZQEAEJFwuUulCwC7C9IXAADhCJC75HTX
|
||||
RbsLlIiSteT3bgEAAJ4JkLsQ+rvAztDtlgsAAJzjMXdRGlq0N0gT2l2gZMzvJ0I2AwDALR5zFzV2
|
||||
CFEymPfOpCpaHNg9NImLksoAAADn+P09I9zCCjvKlkv9fgVLBQAABfH4bDrKfTwdG0in07Ie9bza
|
||||
C0wAen1y87Gn0pFxDxgkNAAA/ODlmpGma4v6h/GUvi+6s6gnwwEGdOVfGNJtdEHiAgAgBF5yFxPm
|
||||
WYvS9IIDDJhQJyXmGQwAAHCO99xFfc+R7ih1Cw2ACU36QqrcRT0BAABwjt/cRX0VSZ2gGL1Puf1d
|
||||
cBzay4wiwejyEPrqAgAIhN/chUxbVmx6z4DBUQcY3UjI77Rr9CYAAPCMo9zFlv8kurxOu0Z5jPpf
|
||||
o2tMsHeYx4BRvmKe8QAAACc4yl2MGHV50c118ieDPcgkBowuDyFsAABEIUDuQnoXhtC4AtuBu6AB
|
||||
AMTFV+6i3PxsMg0eQAfbp8l9jYLKqG0PAGCXEesUjovcpajDg3r74rgCxbJeP8WqyQAA26E5nnL+
|
||||
BVjJ3GX7J7ucb1wQF0ILAPYyzm/grdhvMZpnJ3xuLNgjEH4AAAyf1zcq0+5iZVsofXL53HCw+xTs
|
||||
/gIAsJtYPE/j8OH1FchdCh4YzK+64XISFIQgAQAoyPrD6HlLX8qdu5gcVDSjtnnui1NnKAhBAgCg
|
||||
fvIIGScxXKUvXNxnRLlHEaNhAAAAKBXd56VxlaMY4SJ3URIUNqD512R6AAAAKEg3HTH6jR3+05ey
|
||||
5i66OYduvmIxiQEAAICCzDuSqn/5WP1v/kI4yWkq3O6Sn6kof3UTFyQxAAAAW5N/YUi36cXol4/5
|
||||
wcuz6WRZ/sEPfrCFGQG2w0rNRLxBqSDeoGyKSjv6+vrY9JqUhdv0pfL9XdQVta2treA0ADtH098e
|
||||
YEch3qBsTFKQ6enp/Juluc1amMrnLmT8ALqt9dXFFwGomVc/zc9j6d4liHgD6xBvUDbWg40K3QKd
|
||||
H1c8Jy5UztxF9/EtJo/NNXncC3rAgHUW66TmJCOdTus+ZhfxBuYQb1A21hMOTXKs2wlXM7FRp11O
|
||||
2mM4bXfRrb1WbkFCVYd8ujcBUl6XNE3wsMMJ4g2KhXiDsikYbMqwemx+/qGeQDMxnzjqq2syrGmk
|
||||
UQ+QcT0HUKirtPqvzWZTn/KqybKsHE4Qb1AUxBuUjUmwqXMU8064mmBDX93CNI0uuomLEc3sqNtg
|
||||
RF2B1XVbGVBXe03gkV7eTIg3MIZ4g7IxCjYNMk1f5Nybovlveqnw70ib1Mb8xCWdTmsGKK/Cl6X4
|
||||
IB7dw0Y+dWSa5MqINzCHeIOyMQo2u92uDKgnlg36u8h5z3SRjZ8BU3GVb3dhNNVSU29ZspLOUt5U
|
||||
hjV1G5UcGPUZCamqt91uZxWbiNgAq97qcw51dCHewArEG5RNwWBLp9NsmI1VMpii0hducZG76NZJ
|
||||
TR1WanIqlWLDbECp9qTKeCqxEsApm6pxXl2NHQ6Huj6zrgbKsUSJJSXMEG9gBeINysYk2JSshUUX
|
||||
G1anL2wgv2VFlPSFi9xFQ85rR1Vyl5SKJqdRn6AAqKlb6e1ZqVSKVfJ0Os2OK5St2+y4ouTHmmBD
|
||||
vIE5xBuUjVGwORwOh8Mhy7LD4VCmlHNvJtJteuE8ZVHwmLuQQaPLgwcPdCdWTl8ACmJntKlUioic
|
||||
Tic7kLC/pLpPVZblWCymuwTEG1iHeIOyUQeby+VSsl6n00mq5hl1BqOZXaBI4yV3yT+fUKcvbJdU
|
||||
pGCwi21sbLAAczqdrFlVOSNhrfQAJYR4g7JhwaakKbbszfnsTfPERYgkhpfcRUO5sstqtZJLEtGz
|
||||
N/ZXtGiwG7x3bIGIkskkOylR/rIaq/QzIMQblALiDcpGHWyUe/+R0ugiRHZirvK5i5zbUVfdbU1W
|
||||
3WG02e6CC75QCrIsS5KkblNlvRBkVe9IIsQblAbiDcpJkiRS3SzNKE0v6r4vRp2oOM9vKp+76JJz
|
||||
5eQuqNxQIslk0uVyqeun0ncS8QYlh3iDskkmk0SkZC2s364az3mJFZzmLow6ccF5CZScJEnKSQlr
|
||||
4WM9KFOp1GbdRrxBiSDeoGwkSWIpC7vniP1VrhmZU996bTS24vjNXZRNrNxnVNnywO7DjiWsStuy
|
||||
j6GkbHd91rAPUCqINygblrs4nU71LfdslJX0hX881hZNlxel9SU7upJlg91EkiR2RqJ+EiVl0+XM
|
||||
RIg3KBHEG5SNJEnqxEV9MCXVI3QrXcyt4zF3YTTbOr3546uo3FAaynMOlSOK+ilh2akQb1AaiDco
|
||||
G81DXCnvkCo6fnMXRn23EQ/Xg/0ue/RPjhBRNJmu/4dbuqOYjh99euVhUnchr7bVjJ7eR0TDH8Ze
|
||||
n3xIRH/xXGP/o7Xqd8x57LbonxzxOmxEFPy/t+fi2offHK9z9Ryq6jlcFap2Btx2IoqspyYfJsfv
|
||||
rI3NrCbShhvRZAXVnx5+Mdi5z0NEMytS148js6tS/hYwMXE/cfriPStT7ijNc0vT2ce051ygRLwh
|
||||
3kqE83hDsNGuDrZdk7Uw9sKT8EG4jT7cUW994pHry2ygr63GyvQ9h6tY3b7w6bqmbvtd9r/s3Df1
|
||||
zYPDn6nv3OcJ+hxeh83rsIVqnD2Hq0ZP74v80eFXrX2KLr/LPnGmhdXtqdhG58V7rG6LSKnb6gds
|
||||
MIg3NcRbSeyaeEOw8c8k2HYHfttd5DzZEZUtlsFw3r/dB3zPN3reuZ8wW4icGb6ymJyKbbT7XUGf
|
||||
44Um76W5uHkp2HkMEY1cW1Z/bmu1M/xiMFST2a1TsY0Ln67PrEpeh62j3t19wBdw2wNu++jpfV1N
|
||||
3j99+35xK0jU7HWEXwy2+11ENLmY7Pq3SGxD55QxnpJHri2blH9qaYOHpnF1XLFKzvrhc9S/CvGG
|
||||
eCsbBNvuDTb9g6nIOM1d8jeu6h1ODiayUf2Op9Jeh52Izp6qN2g81FnIyPWls882ElH/ozWX5tZN
|
||||
StDsdXQ1e4komkydv7OqvO932Se6g0Gfk4hmVjb63r6f/zXxnSf9w59pIKK+R2qiydRrlxetr2Cz
|
||||
1zHRHQzVuIhoYiHe9W+RvObZzS3w2mX9H5/iironuPF5MOIN8VYa3Mcbgm0XBptusrIL0hfurhnp
|
||||
btOcN+VKv0xKQkREMyvShbtrRNS533umxWdxIaM3VtgbPYerPDabSQGUptexmVX1+6On9yl1u/Nf
|
||||
7l2KxPPn/d4HsZ7wHJt94HH/C01eiyvYWuWcfOkAq9vhyHrXv0YSKbm4jcPVKxtX6svA6tMUjlYE
|
||||
8YZ4K285EWy7I9jUiUvhA6touMtd8om4fQd/m+mSdvbZBouzxDbS47dWicjrsPeGqk2m7H9M1aaa
|
||||
dbzO1XMkM1dPeD6/g5vi/O21kWtLRRXveJ1r8vcPsO+O8VurX9Y5KdklBG1QRbwJSsR4Q7AJSrhI
|
||||
MydA7qLFR1arX5KsK4tJVlfb/e5XWqstLkGprv2P1Rp9+vONHnZ+MBVLXllMKu8PPuln847fWlW/
|
||||
r/savJz59ulo8JwIuM2LdyLgnvh6S8DtIKKxmyvfCs9vceNw9WJltFKZ+Sgq4q3ojcPVS5R4Q7Bt
|
||||
beNw9bIebCITMHfhJDT0S7I5auDXmWuiwyfrLS7k4qdrkXWJiDr3e1urHbqfrpyXnP04pn6/+6CP
|
||||
vT9ybangKsQ2Uuzbh4i6D3pNyvb8PvfENzJ1e+Tq0rd/Pr+NjcPViyj30dfK37znYXNRVMRb8RuH
|
||||
q5dOvKl/4JebeEOwbW3jcPWyFGx6sScSAXMXLgLDoCSqUbMr0uiNZSIK1bhebauxuJCxm5la1/9Y
|
||||
Xf7yPTZb79FM2+nY9Ob14GaPg7V5EtHEfMLKWoQjmR5zXc15F62zzrT4wmdaWNe84d9F/2zi/rY2
|
||||
DlcvxJtMhHgr/07kPN4QbFvbOFy99gZO7zPaHQYvL/YerfY67MOnGsZumj00STFydWngCT8R9R6t
|
||||
fv032n7yPUeqWGUbv7Wqvn8v6HOwgci6lHNfn7Gp2AYbUO451Ai4HRdebMmuyIPvfRCzslhlXvnV
|
||||
NpMJen4aOX97zfoCwQrEmxHEW8kh2Iwg2MoD7S7bSGkLjZpbT41cXSaioM/Zf7zWykKuxjYmFxNE
|
||||
FKpxvdCs7Sfff7yOzTRydUn9Pnu4JBFFk2mLKxJNZr4FAm67ec4eWZdGri6XPt/nZz+KUs5CoxBv
|
||||
YuxHbstpUoy8UQg2TndisUUVlojtLpXdObLBsP6oocnF/uO1Xod9qKN+5OpSIqVbuXOMXF0aOb2f
|
||||
iPqP116KbD4Lodnn6Ar6iCiyLl28q8nrTUpV7IpkhuOpdDSZDvqcQZ9z4qUDnW/djSULnvRsznv2
|
||||
I7NTmalYstL70TrEG+KtnCpYTgRb4WXurmATmIi5i0hiyfTQ5MPhU40Bt2Ooo/51ncclaY3eWD77
|
||||
XKPXYe85Uu1x2JRvhL5jmY5sYzdXNLPknGdYk3M2oyeekjvfujvx0sGgz9nud0+8dNBaDc/Ma2VN
|
||||
oeQQb1A2CDaoIFwz2mqLnOVRZz+MRRMpIhp43O932QsuJCHJ47OZZyH0HN68BbH/sWyb6tSSZpbI
|
||||
WuaBB0Gfc/MjTF/tdW42y8yyZLQWs8tS5z/fjaxJRNTud4fPHCi8cE72kcWdiHhDvJVzJ/Ifbwi2
|
||||
rW0crl57g4C5i2gSKXlo8iEReZ324VOWHpc0cjXzeCXlGvDz+z2hWhcRTczHr2Z7oinm1lOsEhJR
|
||||
536PlY9gLbREm33ydc2uSJ1vZWp4R6Mn3H3Ab/nsByoC8QZlg2CDShFwV8lyhV8mJTEY9caHUVZD
|
||||
+tv9zV57gYXI8qV762z6rhZfa7WDZHmzI9tUTHeWC9mLxP3H6wqugt9l62nN3I544c6q+VrMLm90
|
||||
/vOdnBrusm1l43D1QrypXoi38u1EzuMNwbangk1kIuYulX6ZlMR41OB72ac5nWq0si6j2R+O7z1a
|
||||
47Hbeo/WEFFcSo9Nr+hOP3wl8zTJntaaE/V5T5PUTJwtw+SDxJUHec+pzCve7LLU+UNVDf/6QY/d
|
||||
4EdJ+NlNFnci4k0mQryVbSdyHm8Itj0VbCITMHcR07nry1PRJBH1PVbX0VC45XNkKtOVvb/d39tW
|
||||
43XaiWh8djWvM3/G1djG+Gymm9v411qasw9FyPfyker+xzPP2B6Y0PuleD2zKzk1fOKbhzwOIZ/G
|
||||
uEcg3qBsEGxQfshdymcw+yDt/va6ghPPrkgT83EiCtW6hp/NnEmMTC2ZzNL3s3lW/UK1rolvHnoh
|
||||
e9FX7TvPBMazD2U6+0H0kun14Pwidf3oLuua19HoCX/jIGo4zxBvUDYINigzAe+Rruz1PM1VT4uj
|
||||
iIjo/OzK5INER6OHnWew6UxW5+wHD8e+0kJEwSonEUXWpEv3zB7XGEukOt+8HX7pUKjWFap1hV86
|
||||
OBVNhu+tzSxnzie6D1UFPJlTltFrS69NLBS3gkRXo8nON29P/MHhgMfR2eQNf+NA11t3N8+WstN7
|
||||
HbbvFvoR19ezX3a8Q7wZQLztiArGG4JtrwWbyATMXUQ2MLEQfumQxYnHZ1fjUlr5Lhi9bnZewsyu
|
||||
SB3/dGvk8029j9QSUXvA3R5wa6aJJlIDEwvnri/rLaCwq7ENVQ33hV86mFPDiYjI67QPnihQvYd+
|
||||
s2jURAylgnhTIN52GoJNgWArAwGvGfHTE6qoUTKRTJc+XQ9/umZxXRKSPDa9+aSmkY9iVooXS6S/
|
||||
/dNI+/+ZGXz3/sRcpkt/XErPLG+Mz6z0hSPBv7l57prpY7ALFe9qdKPz/G3WvtrZ5At/Q9W7TZT9
|
||||
KEo5zXcH4k2U/ShcOYvfTQg27nbirmY7depUeT5JVrXRsWFZlmVZTqfT7O+5c+fa2trYv6lUKpVK
|
||||
SZIkSVIikUgmk/F43OVyEdGzvyl8PRXA3Hsnl2RZvnbtmtvtrqqqcjqdHo/H4XA4HA4iYuFXU1ND
|
||||
iDcoBd14czqddrudEG9QUu+dXCKia9eueb3eqqoqj8fj8/m8Xq/b7Wbfci6Xy263O51OW9b09PQr
|
||||
r7xiV7HZbOwvQ0Tsr3qgsgS8ZrRn7l8HLiDeoJwQbwAWCHjNCAAAAPYwEdtdKl0A2FMQb1BOiDcA
|
||||
C9DuAgAAACIRsd0FJyZQRog3KCfEG4AFaHcBAAAAkYjY7lLpAsCegniDckK8AViAdhcAAAAQiYjt
|
||||
LjgxgTJCvEE5Id4ALEC7CwAAAIhExHaXShcA9hTEG5QT4g3AArS7AAAAgEhEbHfBiQmUEeINygnx
|
||||
BmCBgLkLH/xue/S/Hs9/Py6lI2vSRGR97PrS+ZsrmrGvtvtHv3aAiEY+ePhn4YjJ8v/u9w70PuYn
|
||||
ot6Ld//++lLBz6Xsb8FPLsRHPoxeurumO40yezSRqv9f18zWsPhZ/G5776N13a01Hfs8AY8j4HFE
|
||||
E6mZpY2JufXx6eWLt1atfNze8Xyzt+/xQGezL1TnCngccSkdTaRnljcmIuvhu6sXbq0mUjmHMZNd
|
||||
rzERWT/9jzNGY4vdTTsXtKyyTN5PjF1fGp9e1qxvwdnzaVbcaMZoIhVNpGaWNyYXEuG7q/n1FEz8
|
||||
5Vdb+h4PsOHQuRuzyxsmE5dkF2gWcnZy8bVfzJlMr8QhEcWltG/kqu7S8r/QNB/UMTZ95X5C9yOU
|
||||
SjF8+f7rby+YFAZ2iIC5CyenJQbF8DrtoTp3qM7d+5h/ciHe/eatubWUzlyy5RXRTGk8l9dpb6/3
|
||||
tNd7eh/zX5hd6Xnrjs7BwNqiip3F47ANf66p/6mA15lzFTLgcXTsd3Ts9/Y/VR9ZlQZ/NX9uKmbt
|
||||
U7mxA/Hmd9vHug92t9ao3/Q67UGnPVjt7Az6BjoaiMj7P6dy9mBRJdGbeIu7aceCVqksPW21M0vJ
|
||||
nrfu6B8qtrziBjOyjC1U5+46WD3Q0RBNpEY/jg3+at4oeSorDopgwuOw9T5ap/zb/2SgwJG7JLsg
|
||||
973eR+te+7lh7uJx2Hraas3KYBIhuf8On276+pu39T9mC5UCSkrA3IUzcSk99O595d9glbMz6OsM
|
||||
+oioY7934j+E2v96eie+EzWfyz6662BVx34vEXW31oy/dMiw4pVUc5Xjwh8cYZ9LRNFEKnxnbWZ5
|
||||
I7ImBaucoVpX16GqgMcRrHaOvnggmkydn97rp7nhP2xVNtdEZH0isj6zlCSiUJ27Y5+nM+hjuYXX
|
||||
YdONnLiUHvkgarL8qYc6GQAPu8akz8QAABlZSURBVCm/snTs83QdqiaiUJ07/IetodEbsWTaZPYt
|
||||
rLju5wY89o59XrY1Ah7HQEdDT1uNYfIEWT1tterEt+/xQrlLVgl3QbDaeeZItVE7bu+jdZrUfMu6
|
||||
W2ueb/a+MxcvydKgtATMXTi5HpwtRjwlf++9+5qRZ45UX+hpJaJQnXvgRP33Lj9QZtscsLgicu6U
|
||||
pp9LRC+31Y7//mEi6m6tOdHo1n4R6C2qcAGMZ/E4bOFvtbY3eIgomkgN/Cxy7mOdlpUzR6qHP9/c
|
||||
sd9LMjd70KJSl/bPOxrY93VkVeo+P5v/Te1x2LpbawY6GuJS2mjXv/Yzs2s3+ba3m3Y2aE/s84T/
|
||||
KMROxIee26dzSr3lFS9UWfxue98TgeHPNbEWoPAftnb87bT5RZAdx3ftGDhRzwbGrsV6H/MHq50v
|
||||
HPAZXaEmKtEuyC5kajHB0uv+pwIXZ/Vz6/6nAkQ0cW+tY783k8RoNqnJF5pSWinN5j37xebT/zCj
|
||||
u2KGC4GywH1GO+LirdXBX2a+gpUrr+Vxfnp57FrmsMTOaHfU6IsH2BFxZinZ8bfTukdEIrp4a/Uz
|
||||
fzetbJO9rP+pzLd/37/d1T3FTKTk89PLX/5/syVsruN5N125nxjIZiQ9j9SaT1xasWT6jcnF9v/9
|
||||
CWv3CngcLO8HXa21rs6WKiK6MLsynE1E+p+u384yi90Fox9HiajnkTq/W+fgpZRw5IOH2ynVzNLG
|
||||
hdkVIupsqTpzZMe/RWELBMxdZG5epkUa/2SZjcyexebOtZ3lF9oUE/fW2figz1lssYsqyfGAW8nM
|
||||
en54e3Zpw3w533vvwflPliu/49RrVPZ4C9W52IIvzq5uvdjFzFWC3bTDQXthJnMOHapzl3DFLc44
|
||||
u7TRPX6LTdWx33vmSHXJd3oF462ELyXtHnn/4ZWFxNRigoh62mo9dtuO74KskfczSUlPW61RCeNS
|
||||
euzqktnnWhg1mO0OfPZLQbP1qvROMVu7XU3A3EUQkVVJGfY4bOX86GBV5lKg0eX/Uhl8dh8bGP9k
|
||||
CR0FLFIuxpctKvjfTXFp8xu3zJWFufowOXY10xa1zYaEXazviQARRROp89PLRDTyu4dE5HXaex+r
|
||||
KzCnBRZ3wezyxsS9NaNpWAnHPzG8Z826K/cT458sEVF7g+eVUqwglJaAuQu7lF7xlzq/1ZsgWOVQ
|
||||
xidYx4X8a6tmyzeYrNDneuzUezxT0yburRU7e1Fr2nWoir098v7Dyu+R4nZfxeKNna0SUd/j/iLL
|
||||
XPy+K8lu2vmgba93s5HRRGqzsmx7xYuaceR3i2zCrkPVJd/pFYy3Ur1eOOgLVjuJaPyTJfZOTqqx
|
||||
o7sgdyEsZ+psqWqtdeqWcOR3iznb3HqRckcNXMpcyhz+fJPxDq38rjEu224mYO4iiJ5HMgnE5MJ6
|
||||
eT7R77Gfaa2Z6D0aqnMT0cj7i1cfJnfu45qrnOyDiCh8B89usWr0o8ydMiNfPfAXX2k5kb3xZ4cI
|
||||
sZuGOvezAXZKXRHKldaAx9Gava4Hiv6nG9iActVmbk1iEdXZUnU8m31uh8VdMHY1FpfSlNf0wkoY
|
||||
Wd24dKc0UTS7tDH60UMiCtW5X30iUJJlQqmIeJ9RpQvAaK535jrTWjP8hWY2PDa1lDNx/hIKfpDe
|
||||
XAGPQx54UneOmVjy7G8fvPHbxWKLbVgAvVmUK1OR1Y2ExMle2QGlXrPv/fp+zyO1rEdh/zMN/c80
|
||||
xKX05EJ84t56+M5q+M5qLGFwk7CFXc/0vHnrfLa7VQl2U+mCVvO+x2HrbPENfnZfdyjTRXfo7QWd
|
||||
j9jSipt8rq6EJEdWN4LVLiIK+pyzsQrdbcRlTfI4bKwb9Uws+c69zZOxkSuL7IaA/qcbXrukdwtY
|
||||
SXZBbiwlJHn8k+Xe4/6+JwKv/2JeU8LRj6LaDzL6N79IeUE7+PP53sf8Xqd9+PNNY1OxzUtRW6gU
|
||||
UFIC5i6c8Tpt38n2JyCiYLWzs8XHjkyUTSPKXKSZpY2ZpR3/5g14Mo12UaNjLRg4PXbzu19oGvhM
|
||||
Y+Y5Lk57Z0tVZ0vVwMlGIgrfXh2amC/VuSNXuyngdcivGSYffRfvvhMpUyOlrmgiHawmIgp4HIWm
|
||||
3Vv6nsg8z1C5h5EZ/2SZ3U7ce7xOP3cpksVdMPL+Yu9xf7Da9cKhKlZTeo/7WQmVZqGSmFuTRt5/
|
||||
OHCyMVjt6n+mXv+EECpBwNyFk+t52WJ4nfbhLzbrTjI5v97z5q2ElM6fi+RCK6K5Xps3HJfSA+F7
|
||||
6jkCHkfHfm/Psbquw9Vdh6vHbyx9681bVhe7lZIYTLPL7Myqvf7zuaFfzXeHanqO1XW2VLEbmJmu
|
||||
w9Xhw0dHriz+2U8+1S1JXEqf/Y1ZQjz1IJ4TaXlLKE7pgtbIxL213rduzxol3Ftb8SLLoPnIioU0
|
||||
l1Wp/5nsHUZXcrqSJCR5/MZSb3sgWO0601p9cSbvmSsl2QV5C7l0e5W10PQ/XX/p9qpSwol7a7Ox
|
||||
vAvlms81KZLeqKG35/qfqfc67UOdTSNXFjNNL9YrBewMAXMXvsWldGRVmlyIj374MKf5uvQfJH9f
|
||||
7wzD77GP/0Fr1+HqnmN1/70r+JrpD9BsRzSR+a0D5cweipJIyec/WWZB4nHYWN7Z92SAtZn3n2iY
|
||||
Wky8oddoF5fk101/z0WNq90Ul9KD2UfPeZ2ZVWbNTgMnGwvGalErvgWbbVTxlPmUe8rxendHk49Y
|
||||
ZpCXX468/7C3PUBE/c806OQuRbK+C0Y/jA4+t7/nWJ3HYQtWOzOPdblS+naRWCI99Pb88BeDAa9j
|
||||
6HTTjkYgWCdg7sJJjpstRjSeqv8fHxc7t9dhs7gi8Y204bVVvSXE4ume87OR/nav0z5wct/Qr+Zz
|
||||
+k9sre+C3nBkJXMTeLDa5bHrP71+NyjLaiUk+Z176+/cWx/61fz4y0e6j9YS0fAXm99QNzNs6RJ7
|
||||
CXfT9oM2Lslv5Dac+D328Zdbuw5XD5zcNxPbeEO3WWXLfQuKmdHjsLGskdgDDioVzvxVo/5nMr10
|
||||
Rz94mF88pQmk51id323X9tYqyS7QW8jIlcXB5/Z7nfbe437WbBmX0mNTMZP+UoWLZDDq7OUHg5/d
|
||||
H/A6Bk42Dr+7YLaOUC6VPxXbU5STCa+zwEMslMu9W+imEEukJ+czv8Gxc4/WnVuTZrLNs12H8ejJ
|
||||
0kik5N63brPbKLxO+/Mtvm0ucPu7aUeDNpZI95yfjaxuENHZL7eU5HaVrVH6qEXjKcOrV3tSb3vm
|
||||
wYYjLx6U/9tT+S8l4eg9vq1niBe1C2aXNiY+XSOi/mca+p4MENH4jaUdOoNKpOSht+cp00MguBMf
|
||||
AcUSMHep+N3z+bfRW56FfUcTUXuDx3xKpQNEZHVjC5+rfFCw2rmF2S3OEr6duee2/xnjBzzw+eI4
|
||||
3mLxlPIMmFCta7v7btu7aaeDNhZPDfw003Pr7JdbCuyvLe/oQlP2Z3+pJ3x7pfS7leN4M3+daa1W
|
||||
UpOCBk427tQu0FvCyJUHRNR5oIqVMNMXx8rnFhyV9/4bl++zitB/oqHZ5zCZsvKvvUHAa0YiU5pD
|
||||
Opp8fk9e+2pWc5Uz5HcTUVxKX13cyoNQla+buLSDd5cMv7vQ91Q9EfU86j+x33tlAT+4WmJKb5Xt
|
||||
2OZuKkPQ/v3V2PCXkiG/u/to7fMtPvVduOVxvMHDOm3QzvSZEFf/icwFo7Gp6Ex+N9is3vZAyO9u
|
||||
b/Ru+XtgC7tgbCo28uJBdntRZHXj0u2dfXzR4M8io18/TETDXwqGb5f+V9ahKCK2u3DzKr5ICUm+
|
||||
cDPTgXfwuf1Gkw19rolNc+Gm3q//FPrcZp+z80Cm9XXqQWL7xTaa5eqDxNjHmSetjfe0tta6zJfz
|
||||
3S82v/xIXeV3nHqNyh5vx+s95hO01rpY10id3belUm1zN5UnaIeyPwA5/EW9n4/Z8u6wMGNrrevC
|
||||
H4XYVJPz6xdvrpR8p1cw3rbz8rvtPY/6iSgupft+dOf1n80ZvYbfWWDF7z/RsCO7QG8hCUkemVyc
|
||||
nF+fnF8ffmehiM/d0qhzH0SnHsSJqO+p+o79PrOFVPa1NwiYuwhOqeSDzze9+qTOsxr//FRjf0cj
|
||||
Gx765Xyxy/d77OPfamXDmgdJ7YS+f7nDzsZCfvfkq4/qrhERvXys7uP//Ojg8007WhghTPzHR/7l
|
||||
j0NnQjW6Y483eMK9bWx4cn69VB0vtrmbdjpoiejch1HWJt91pGb7vXws8nvsf36qceq/PMZajKLx
|
||||
VM8/zZbno4XQl/3xxZzHsukZm8okx0rbiUXb3AWv/fu9z5y78ZlzN964XI7HaA3+LJNh93c0lOHj
|
||||
wISI14w4SSxlg+ECLt1eOfvewsCz+4lo9BuHhz7ffOHmsnJc6T5ay+owEQ1eundF5/cEMp/lddq+
|
||||
89w+9YiA19He4Ok+Wqv82l//v97JK9vm7N/9kv5jaZjwrZXsHY9ma5pIyZ1/fSPc29be6A14HaPf
|
||||
OHz2KwfCt1dmYsnIqhSsdob87q7DNQFvphdnXEpxswdJlmXdv+qBkpfW67R1H63tPlobl9ITn65N
|
||||
zq9HVqV4Sg7VuToPVHUeyHSnjUvpvh/d1t34BfcdEb3+s5z7jbe5m0oVtHnDOYZ+OTfye4eIaPhL
|
||||
wS///XQpVly/sgS8jmC1s6PJp7RvEdFMLNnzTzOzSzv4MxqaSGPUo9Rl5oFywWj0g0XzgsUSqQs3
|
||||
l7uP1ga8jpeP1Z6/ofyMc0l2wRa/bA1mMVlagQ86fyM2Ob/e0eRTvmO3WqQdpxts+d91NptNFrOL
|
||||
jIC5CyfbeRu16bWf3puJbZz96gEiCvndygmrIi6lB37y6fd1L/pmP8vrtA+/0GL0EdF4qu9Hty/e
|
||||
zH9U1Obs5q0gXoctM3uhNZ1blTpGrw+/EOzvaPQ67QGvg7Uza8zEkgM/+VSnSJVjs1n4yeJSx1v4
|
||||
1mp3Wy0ReZ32riM1XUd0GmCmHsR7f3jrynxuvwHL+46Ihn4xpzlR3uZuKknQaodzfX9ycehzzcEa
|
||||
V9eRmueDVe8ov2205RW3XFlGP1gcvBTZ6fv8KxJvW3aiydve6CWiyMrGpVuFu5KM/m6R3dvff6Lx
|
||||
/PVs7lKSXcBL6kJENPCTT8PffiRnMm52mZqlYBOZALnLrtwHb1y+PzYV7XuqvvtobXuDh53vRuOp
|
||||
qcXEhZvLI5MPDH/UxlhcSkfjqcn5+Pj12NhUdAtL2LJESn7tp/eGfjnX2x7obqvtaPIFPI6A1xGN
|
||||
p2ZiyYl7a+PXY1xlLUbKEGxf/8ebfo+dNb10NPlCfrey92diycn59bGp6A5tq23upp0IWo3hdxZY
|
||||
ejT8QvDLY9MFp9+aaDwVTWS2dvjWqqqRoNx4/nJT0lPlepC58etL7PcButtqm6udc6uSycT87IJi
|
||||
Xbq9Gr61onvKwTmeg20LbKdOnSrPJ6kbptQNWel0mv09d+5cW1sbG06lUqlUSpIkSZKSyWQymVxf
|
||||
X3e5XET07I/xE6+wXe99bUOW5evXr3s8Hq/X68qy2+1ElE6nNzY2amtrCfEGpYB4g7J572sbRHT9
|
||||
+nWv1+vz+bxer8fj8fl8brfb7XY7nU6n0+lwOBwOh91uZwnNzZs3X3nlFbuKzWZjfxlSpT6c5ECc
|
||||
trvkbx3VO1y20IGAlJqp1GH1qOwg4g1KA/EGZWPLlT+2IqUqIU5zF8rb9JvbGlUbSkQdV+rzDFmW
|
||||
2QkxEeINSgbxBmWjCTbzVEZEwtwjvTs2N3BF0zqqHoV4g5JDvEHZmATb7sBvuwuj08SK8xIoEfXF
|
||||
Xc15cDqd7XaKeIMSQbxB2RgFW6XLVTL85i6aBi673Z7t7YvKDaXhyLLb7Q6Hg9VwImL/ZqdCvEFp
|
||||
IN6gbNTBxsJsl10z4jF3UTauelvb7fZUKkWEqg0l43Q62WFD6XKvdDvYvC0O8QYlgniDslGCTd36
|
||||
ojm2VrqM28Jj7sIoW1Zp+2K5y3tnSvDrdABEpL5dUH0eLMuych6MeINSQbxB2WjuhVZaX2i3dK7i
|
||||
N3chVWcXh8ORaXQBKB2lerOKzQaIyGazpVIpQR+VDdxCvEHZaHIXpalvdyQuxG3uormhi216l8u1
|
||||
sbGRTCbZA+ukrFQqlU6n2TPu1D/ZsGt2EmyBEgDqKGKBpNRqt9ut/pedCrOTYJvNJqkkk0nlYYmI
|
||||
N8iHeIOyKRhsTqdT9zF0u6nLC0e5i7IzKLtv2C5Jp9Nsryi1l03P9pbT6dSt2wBMfvVmYcNqtcvl
|
||||
YheG2V8Wful0Or/HlSRJiDcoCPEGZWMSbE6nkwWbpn+VkrioByq9HlvBUe6ixk5HlL1CuT+7qrTE
|
||||
sIrN6rb6dwaUhVRwFaCy1GGgVFGlp6RCfSBRjiUsY85v+UO8gRHEG5SNlWBT0uX8phfaFcHDae5C
|
||||
uRkla1ZVEhdb9rYj9RkJe0ACzktAQ6muypmH+l4P9YAyMXvOaSqVUs5UWI8rxBsUhHiDsjEJNiWD
|
||||
UXcMV46qlS54CXCau6hzScqmmU6nU9M+ls6SVTQLgb1JEwmaxlWFQ/WwDSKyZ38bT8mP2XA6nUa8
|
||||
gQnEG5SNlWBTZzDq93dN+sJj7sJORCgvg6G8O4+UplTlpIRy9yuAuo3Unr2tQzl+aM6AlYlZUx87
|
||||
nLCWP8QbWIF4g7IxCTYlg1FyGk3WInr6wlfuomQtlPt8F8pWdVaHlatI+X3v2Szq1Af2Jk0MKJVc
|
||||
fYKiaW5VJlMOGKzTFQswxBuYQLxB2VgMNnVLjM3gmpG4UcRX7qKwZfvqsn/t2R8EsGXvPJKzv7yq
|
||||
W7eVhZS94MAL3WDQnOzmU8+uHEUYxBuYQLxB2VgMNnvejxmpJ6hIyUuI09yF8tIXymYw6kpOuZ3X
|
||||
0JoKRtTnKOrqTXl1nvIOJKQKM8QbWIF4g7IxCjajdHkXJC7EYe5iy71sJKsewqNbsSmvKVW9qHKW
|
||||
HLhiFAzq2ssqs5y9G18zsW6iTIg30IN4g7KxHmyaAcoNG6FDiLvchYzTl+npacrbbeb/AlBeFc3/
|
||||
V9Z7SqlyING8afIvACHeoIwKBhv729bWRrsocSE+cxfS67TLKvapU6cotwKbVGbR9w1sh8XAUIY1
|
||||
hxP1v4g3KAjxBmVTbLBdvnzZPMUREae5C+WmL5R7kVgzmeYdnJoA5bWjWplMHTnKbflG0ysQb0CI
|
||||
NyijLQSb7vtC4zd3odxzFN33zecCKIqSHCPeoAwQb1BOuyxyuM5dFJo+RxbPPHbZroKibCdING8i
|
||||
3qAgxBuUTbERonvJQnRi5C4au283QMmVMEgQb1AQ4g3KBhFCRPoXWQEAAAD4hNwFAAAARILcBQAA
|
||||
AESC3AUAAABEgtwFAAAARILcBQAAAESC3AUAAABEgtwFAAAARILcBQAAAESC3AUAAABEgtwFAAAA
|
||||
RILcBQAAAESC3AUAAABEgtwFAAAARILcBQAAAESC3AUAAABEgtwFAAAARILcBQAAAESC3AUAAABE
|
||||
gtwFAAAARILcBQAAAESC3AUAAABEgtwFAAAARILcBQAAAESC3AUAAABEgtwFAAAARILcBQAAAESC
|
||||
3AUAAABEgtwFAAAARILcBQAAAESC3AUAAABEgtwFAAAARILcBQAAAESC3AUAAABEgtwFAAAAROKs
|
||||
dAGKc/ny5UoXAQAAYNeSZdlms7G/RmPLXyoNkXKXtra2ShcBAAAAKqzy14x4yOAAAABAwfmhufK5
|
||||
CwAAAIB1vOQunKd4AAAAu5X6ECzE4ZiX3AUAAAAqRYiURYHcBQAAAERKX7jIXQTaXgAAALuMchRm
|
||||
A/wflLnIXUiELQUAALBb2Ww2URIXqlTuoknxAAAAoFJ0Exeej9SVb3dRNhkAAACUnyZx4f+4XMnn
|
||||
6rKnDivDRDQ9PV3B8gAAAOxBtlzq9ytYKhO2U6dOleeTlDRF/a8sy8pAOp2W9ajn1SwEAAAALMrv
|
||||
k5vPbrerx1JeBsNDQlO+dhd1K4vyL9sE7P38zcGmUU/GwyYDAAAQVP6FId1GF54TF+LktxjNsxal
|
||||
6YWTTQYAACAudVJinsFwq/K5i5KdGGUwNuMf4wYAAIBiadIXUuUu6gm4xVFfXSVBMXqfcvu7cL5l
|
||||
AQAAKs7ouGl0eUiIvroVbncxaVlRt8dobkcCAAAAK3SPm/mddo3e5FNZcxdNd131m+reuLp5jPpf
|
||||
o2tMAAAAoGZ+xDTKV8wznoqrfH8XMu7yopvr5E8GAAAAukyOmEaXh/g/yHKRu5DehSE0rgAAAOw0
|
||||
Pu+CNlfu3MWoKYVU2wtZCwAAQDkVPOZydVCuQLuLSfqiTKAM40G6AAAAO8F6OsJV4kKVumZUMH1R
|
||||
T7nThQEAAAAjHB6IK/Y70hxuCwAAAFDj82Bd4WfTsQFcGAIAAOAHnymLgov7jHQf31LsXAAAAKCx
|
||||
Kw+pXOQuGmJtQQAAAG7tykNqxfq7AAAAAGwBchcAAAAQCXIXAAAAEAlyFwAAABAJchcAAAAQCXIX
|
||||
AAAAEAlyFwAAABAJchcAAAAQCXIXAAAAEAlyFwAAABAJchcAAAAQCXIXAAAAEAlyFwAAABAJchcA
|
||||
AAAQCXIXAAAAEAlyFwAAABAJchcAAAAQCXIXAAAAEAlyFwAAABAJchcAAAAQCXIXAAAAEAlyFwAA
|
||||
ABAJchcAAAAQCXIXAAAAEAlyFwAAABAJchcAAAAQCXIXAAAAEAlyFwAAABAJchcAAAAQCXIXAAAA
|
||||
EAlyFwAAABAJchcAAAAQyf8HCczehfvYrTUAAAAASUVORK5CYII=
|
||||
"
|
||||
preserveAspectRatio="none"
|
||||
height="287"
|
||||
width="745" />
|
||||
</g>
|
||||
</svg>
|
After Width: | Height: | Size: 20 KiB |
332
openshift/images/sso_app_jee_jsp_logged_in.svg
Normal file
332
openshift/images/sso_app_jee_jsp_logged_in.svg
Normal file
|
@ -0,0 +1,332 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
viewBox="0 0 748 290"
|
||||
height="290"
|
||||
width="748"
|
||||
id="svg2"
|
||||
version="1.1">
|
||||
<metadata
|
||||
id="metadata8">
|
||||
<rdf:RDF>
|
||||
<cc:Work
|
||||
rdf:about="">
|
||||
<dc:format>image/svg+xml</dc:format>
|
||||
<dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||
<dc:title></dc:title>
|
||||
</cc:Work>
|
||||
</rdf:RDF>
|
||||
</metadata>
|
||||
<defs
|
||||
id="defs6" />
|
||||
<g
|
||||
id="g10">
|
||||
<image
|
||||
id="image12"
|
||||
xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAuwAAAEiCAIAAAAtSBDyAAAAA3NCSVQICAjb4U/gAAAAGHRFWHRT
|
||||
b2Z0d2FyZQBtYXRlLXNjcmVlbnNob3TIlvBKAAAgAElEQVR4nO3dWXQb+X0n+h8KOzeApERCKyG2
|
||||
WmKvolvtbspbsxN3RLuTNJ1k0vSZc29zZs65Bzn3IdSZB1NvfDP9dNUPd4Y+c5xQcSZmbjI3lJN2
|
||||
JCdxIC9tdluyqXYv1NISqaUFUhIFcAVAADUPf6BYqA0FslCoAr+fgyMVgVr+wP/3R/3qX/8qOI4f
|
||||
P04AAAAAdsNVuwAAAAAAW4EkBgAAAGwJSQwAAADYEpIYAAAAsCUkMQAAAGBLSGIAAADAlpDEAAAA
|
||||
gC0hiQEAAABbQhIDAAAAtoQkBgAAAGwJSQwAAADYEpIYAAAAsCUkMQAAAGBLSGIAAADAlpDEAAAA
|
||||
gC0hiQEAAABbQhIDAAAAtoQkBgAAAGwJSQwAAADYEpIYAAAAsCUkMQAAAGBLSGIAAADAlpDEAAAA
|
||||
gC0hiQEAAABbclW7ABXE83y1iwA1wuFwlJwH8QYG0hNyAFBTSQz2IlAhktBiOxjEG1SOYsgBgEQt
|
||||
JDHYl4CZeJ4XQg67FjAHQg5Ake3HxCCDATNJ4g3hByZDyAGI2bsnRn97RsuHcskPeRWjiOd5nXMC
|
||||
aNPZy6IYcgA7k42TmJL7CexIYDvE8eNwODTCie1UEG+wTZKQ054TeQwA2TeJ0d6j6JwToCS2q8jl
|
||||
cuI/xViACTsVxBtskySQ1JIV5DEAZN8kRo14F6I2DaCHYlIi2XMg3sBA4pATwgzJCoCGmkpihD2H
|
||||
cHAseV5tftjhFHcS8p2HsI+R5Dc6O/8QbyDYWsgBgIQtkxi18ZWkkseUzGZgh9NzTw5h1It4+Iti
|
||||
aCHeoCTtkGMxJgk5xVOZSG5gh7NlEiMnT1mEf7V3MwACeQe+4pGxYr+LzrQGQEx/yKnlMQA7XC0k
|
||||
MZK9xfe+970qFgZqz1tvvcV2HuIjYyoE3l/8xV9Ut3hQewYHB8Uhh/ExAGpqIYlhcLALFSK/8BXB
|
||||
BhWlGHJIXwDkaieJoeKTRy9e313dwkANuPTkA1JKWeSpDOINDKEdcgAgYb8kRm1EgrTZ41gZjCAP
|
||||
LYfDkcvlpHkM4g2Mo9b5Jx8Zgx4a2OHsl8RoUEhlALZNPg6GRNlzFQsGtUoecshUABTVQhKjfBkI
|
||||
9i5gEEm+Ih5lKZ7J9HJBzdIIOWQzAGK1kMQw0m4Y7FPAIJILXOV3iyFCvIGR1EKu2uUCsBx7JzFa
|
||||
dxXDkTEYhOXHktt1CL+mJMxUpdJBDZKEnPAkrlQCkLB3EiMnOp1U1XJAbZHnMcLzhTmqVjaoSYp5
|
||||
DABI1FQSU60xCgE3F/9mmIji6WzzxFy5ix9tcvcfrOs/UB9ucAU9HBHF1rPTi+nJO6sTt1ZTOb1v
|
||||
JODm+g/W9e2t627xhPzOoMeZzOZi69mZxEZ0fn3y9trVpY3KFeatJxrGv9hGRGNXl/7svYcam/jB
|
||||
l9sGDjUQ0cBP5/92drXd54z9aYfO9ygWmXrw3WvLW1iwXJIjYOWdSoXj7S+/sHvwcCObDv+v23Or
|
||||
GZ0LBtzcwKF6FhVBDxf0OOPp7OxKZupBavLO6oXP1iu6uPnhJC45a5VM9z/evfI4rb2t0d/GT/9m
|
||||
0QoBqSvkAKDGkpgiZh4Z8yrTpQTc3JmXWoWdkyDcwIUb3P0H6898Pjv0/qOzn65or8fLOUa6m4ee
|
||||
bvI5OfHzPifHVtW3r270hdbpxdTw5UW1Hc92C7OFD4EvPLZmO8tuYWvaO5JKlsTLOQYO1Qt/Ro40
|
||||
nf71op6lRo+3RI42SqIi6HF2tzi7W7yRo02x9czw5UXFOt3m4lULJ5WlRl9o+dq/xnRtyzIBidwF
|
||||
oKQaTmKqlMXo3m5Hgyvatzfc4GZ/ziTS5++tza5kfE5Hd4unb19d0OMMepzjX2rrDfn+088fqK2n
|
||||
3e88/9qe7hYv+zOZzUVjyZlEOraeDXq4oIfr2e1jr3a3eM+/tqf7h3euLEoPSY0qTP7TKPEhFH1c
|
||||
8XT2zMdx+UxsVycURj7D1IOkabVcendSyZL0H6wXZxKDhxtOX36kvYgkKuLpbDSWnF3ZiK1nQ35n
|
||||
uMHdG/IFPc6Q3zX+pbZ4Onvu9pqBi1cxnJSfJ+rbV/fyLs97D1Ilt2WRgEQGA6BHrSUx1RmjwIsm
|
||||
9G034OGmvr4vVOciotnljcGfL1yMJSXzfOu54OiLrUQ0eLgpnsqdel9hv+V1OqIn93YFPUQUT2WH
|
||||
3n909oZCh7bX6Rg83Dj8XDDc6PZxDkkhjSmM/g+heM5Uhj/1nsJbe+NgXX6fEd9QnME0ui4SqWS8
|
||||
DT0VYBMTN5cHOhtDftcr7T55HQl0RsXJff7R463drV5JlW1z8eqGk/z5ZCbnc3FEdObzu068c6/k
|
||||
GqwQkPi9JACdai2J2WRmT0z5Y3HGv7Rb+Jbv+ae78+tZ+Tzf+eDxTDw9+dU9RDT0THBybvViTHom
|
||||
aPxLbWxno7EeIkpl+O/OJL47k/j2i63JTE5SSGMKs4UBSbzmQbbo7j/WvPbHnDFYHQ2unjYfEZ2/
|
||||
uzr6weOBzkYiihxtunhfdTyKOCp6//ne3IryAJoLd9cu3F371nNB4ovKv+3FrRFOhenZlczsykbf
|
||||
/vqeNt/Jvf4L8k4UnduyfEAC7EBc6VlsQvazA+Y+ytnu0SZ3f0cDm73/X+/Pr2XV5jw3tzr2SYLN
|
||||
eeblXfL1sF1ayfUIj9O/enTlUboShSnvk9c5c7VqU14A7WCrZAkjR/PdMGOfLF15lJ6Jp4mo/2C9
|
||||
l/WoyR6SqJhbzmiv/zsfxM/NrRq4uIXCqWD4V49UN1TWtkwISP0hBwC1lMRIscMy0x7lbHf4+WY2
|
||||
7+TsypVHqRIz/yp/aUZ3q/dYs1txPROfLpdcT6ULI/oQDPqshG903vTalBe1evE2+GQjEcVT2XNz
|
||||
K8TzbMfvc3EDh+q3X6HVXbzi4VRw5VFqcnaFiLqCnjcVPzc92zInIAGgHDWcxJj7KGe7ffvr2Lxj
|
||||
nyRKzpxI5dj3LxH17a8Xv9S7x69/PZUuzOaHYOBnVa3alBeggI1OULrEuiKPV0J+dmpmstDbMfFp
|
||||
fnhKpCuguMg2o2Kbi1srnEQvDf0yP3x49PPqnTHb2ZZRD/0hJ3oVYMeq4SSmYodK5R4OFj/afRzb
|
||||
LRHR1Py6npVHP8ufxe/d4xevJ9zoLms9lSuM9AjSqI+rWrWp+KaqEW+Rria2+rGP4+yZ+bUMq4Ke
|
||||
dv/RJpe8QoWoiH62Vu7mtr+4tcJJ9Pzc8sb41QQRhRvdbz3ZuMVtmRCQAFCOGk5izH3o3m7In/+W
|
||||
j61lEqmcnpXPFG7SFW5wy9cTT2VTGX5rxTaqMOV9CMbOZk61ViPevJyjP9xARLPLG+/NJ4Xnxz7O
|
||||
DyWJPBXUqNAtRIWBi1sinIqfH37vYTKTI6LRl3ZJRxRZJyABoBy4OsnobZXabtCT7/6Np7I6CxlP
|
||||
5a/vCHo5YZHN9aSlVxttliVyVP7k9MPk5/5+ztjCsK1t/q/zw9c+9ORFU9Y/Qq1ACQePNLFrgydu
|
||||
LInXP3lrOZlp97m4gcONp95dEC+yhQqt7uIVDKfN6fzz82uZsY/jQ8+3hOpckacCb//2sXRb2pFm
|
||||
r4AE2BnQE2P08ZPhM2ssQkREyYz6Ia+eD8eowpS1Kp1zVqs2S36A2h+pQY/I00G27rGP4uLnUxl+
|
||||
8tYKEYXqXCf31xn8oZm/eOXCSfb8yK8esc6YkRdbizpjtrkhAx8AUA70xBi9rVLbjSeFQ0+nzkKy
|
||||
H52h4gNcYT2hOpfaeoZ+Pi9Mh+pcwy+0SgppVGGIxHsC3cepJebkN/+3/oGv0SU8GvR07/IR0VRs
|
||||
fU72o1djH8UHnmwiosjTwQu3N38waAsVKmb+4hUMJ6XpRCo78quHoyfagl7nyIutp6ceFG2LtOvR
|
||||
VgEJsDPUcBJTpW2V2m5sLX/rsFCdK+DmEulcydWzO48R0ezShrB+YT1Br9PLOVJZhQ2/fUXoMKeO
|
||||
Rnc+iREd8BlVGDGfk9P54SfZqAs15Xyq1Wd0CSPP5LthxmcS8pVfvLcWW82E6l39nY3iihNXqFpU
|
||||
aDBw8eqHk8r0mSuPh19oDXqdQ883j15+VFRI7b4QewUkwM5Qw6eTKnb5wPYuW5hfzcQKP0Hc0+7T
|
||||
s/LeffnLVqP31sTrmV1Kl7UeeSGNKgzxfDyZX4/PWeJDkB58G/GpVrxaTY+3gcOF65J6Q/z/3SV/
|
||||
hOrzRyADhzevtRFHRe9ef7kb3f7i1gonpdpJZXIj7z8gIp+LGz2xu3hO3fFgeKTJNwEAOtRwEmPu
|
||||
o5ztnr+dvzdG5JnmkjMH3Fx/4Q6q5+dWxC9FCzdQjzwjvUpFfyGNKoyw9+pq9mqvpKs5f/AdW9W8
|
||||
G2y1qlKxDObG28kD9UKOUtLQsRaVqChdofLHNhe3VjipVM3b04/Z+iPPNrf7nRpzKgeDoXWtuhUA
|
||||
0KGGTyeZ+H0gOUQrZfTSw8GngkTU/0TjsVbPlYdav6w7+oXdbGL6QfLKg6If0hPWM3AkMHrpofZ6
|
||||
1AppVGGmC3927/YF3A61Uwntdc5wk4eIkpnc1UXtAoumrH+EamgJI8/mzyVNXEvMygbECAaONIWb
|
||||
PF0tXnHFlVWhcmYuXtlw0myVw+/Oj7+2j4hGT7RF761qzCl6STRl/YAE2BnQE2P08ZOOma8upic/
|
||||
XWKzT/7+gfyxoNLjjUONkeda2JxDF2Py9UxcTehZj0YhjSpMKsOfL9x9dfi40k1ReSKeRl7K77ck
|
||||
R97b/1QrW60mxlvAzfU/0UREyUxu8Mefnf7Fgtpj9FL+J4Eiz252e0iiokN+/5Xix7dPtL1xqNHA
|
||||
xS0UTuq1c/bjxMxiiogGnw6yAdS6KtGEgASActRwElOxk9YKp7H5crc7+ON7sdUNIgo3eabePPTK
|
||||
PoXxB9863jr5BwfYWs/85tHFu6uK62HfxeEmz8z/efitpwKKm/NyNHCkSShihQozeil/Z/fhz+9S
|
||||
LMmfdzdHns/vt0amHhj+qVagZqsQb4NP53/xceJaIsV+clzlMXE1zuYcOFr0aQ/++B4b2hJu8kz/
|
||||
x061qHijs+GT/+OJ4c/vkoTE9he3RDiVip/hX+Sv3Ys816zWNMpaoTEPAChHDZ9OqsK2fE7Ht7/Y
|
||||
pjFj9M7ahbkVIkokcz0Tt6J/Eg4HPOEmT/RPDs0spqJ3V2cTG0TU3ebr62gI+pxsqfGPHp+KxhRX
|
||||
mMrwvX83e/4bB7vb/EGvc/z39o39zp7o3dXZpQ22qnDA3dXs7dnjZ7dNI6Kp++uSD8eowly8s3bm
|
||||
14+GXmglovHf2zfy8u7zcytCMfo6GsKB/PCF4Z/NX1lIKq5kEy+asMx3O8/zDoeD/Vv8gmGbEPon
|
||||
xtntYdQlkrnzs8t94cag1/lGZ+O5ws8qpTJ8zw9uRf9DuKvFy6LizFdCLCrYNU3hJnfv/nqhTpMb
|
||||
vHhD21zcKuHEq0wXnLuxPL2w3t222TTU5pS+ZG5Aqoac6FXzSgNgMTWcxJj6NcP+97m44c/v1pjR
|
||||
53x4YTa/p5lLpLv/+sbY7+4d6AoSUVeLt6vFK5k/nswORe+f/Tiusc751Y2eH9wcOdE29EKrz8X5
|
||||
XFxfuFFxzqn7a8M/m794d1X+klGFORW9P5tIn3l1DxGFAx7hQFmQzOSGove/+8FjpaWL8bzytDUZ
|
||||
VMJju33sk4+tbly8o1BTEuMfxVl1R55rPndjSXh+fnWj+/s3Rr/cHnm+xefigj5n/+Em+eKzifRQ
|
||||
9L4Qk0Ytbolw0hE/Q9FY9E8PiWbTrEd7BSTAzlA7SQw7WNn8uxo9MbrmLD5m/eY7d0feXeg/3NR/
|
||||
uCkccIfq3clMLraamX6QnLyxNDGT0HOvjlSGP/2z+dH3H/QfbuoLN3S3+UN1rqDPyVY1s5iK3lmd
|
||||
vLF0tfA7NYqMKszbv340MZMYfCbYd6ixq8UT9DqJKJ7Kziymz99aHvtgMZEqffsQotJH0lWk/CvW
|
||||
RhD20xNKt4eRm7y+lMzkfC6u71Bju981X7hTCxGlMvypf4+NvLswcDTQd6ixe7cv6HUGfc54Mju7
|
||||
lJ66vz55Y+lCYdyJ3DYXr3446Yifi3dWo3dWew/Ul5xT5worB90tAIocx48fr3YZyiPOVNg0X5DL
|
||||
5XK53F/91V8R0Yv/7qlaEaFWXHo1zfP8m2++yXEcx3EOETYDz/Pf//73CfEGBrn0apqIhJBjUScJ
|
||||
PyrOaZDfwE5WOz0xzGZ7ttixO9iXEFTi9EUK8QbGQY4CoFOtJTGbcNIajFN6R4J4A0MhdwHQo4aT
|
||||
mGoXAGpLiZ0K4g2MhjwGoKSaSmKKxvbiyBgMIj6dRGq7FsQbGEdXyAFAjSUxhDExUBmSAZVCuox4
|
||||
gwpRHMMLABL2TmLE+xJeciiMI2MwiDyDISKO43I50cW9iDcwjvZVSEhrAAT2TmLEWMMWUplLJ7NV
|
||||
LQ7UDsnuRHFfgngDA8lDDokLgKJa+O0kXI4IFeUoJn6+iqWCGoaQA9DJ3je7o+L73bGJXC7HKxEv
|
||||
Kz33BKA0mlI8ISb8YI1amCHeQA/FkJNgt7kjlXNM8j8BdhT7nU6SDH+R7FFIqUmzecSzodmDInkH
|
||||
vnzvQkQcx5FSIAnRiHgDnRRDTt4NgwwGQJH9khgN2umLcHCMZg8a5LkLixk9ffuIN9gCeciRSioD
|
||||
ABK1k8Q45Fe9Fr/kUP85ewAxyU6FRHsU8QzyeBNmRrxBWXSGHABI1EISIz7BJN5zqD1PxWMU8O2w
|
||||
k6lFgsZ5Jck84ngTv4R4A0XbDzkAENRCEkOax74OpXvJ4LsAGMVIUDz8VXwS8Qbl0hNykvRFcTQM
|
||||
AJBNkxiH/NZ2shG+agmN+E+100+wc2jHgFr8SPpg1E4bId5ATmfIKeYxajMD7Fi2TGLUqA2LUUx6
|
||||
5LPBDqQRA3p2M4g3KJfOkMNZJAA9aiqJIaU+fBz+wnaIo4g08xXEGxhCu/8YAMTsmsQ4CteyasyD
|
||||
O4zB9kkGuKgFlVrvC0C5JHkwQg6sxlKJtc2SmLIarWQAZgWKA7VM50kiYU7EG2yT/n2DpfYisNNI
|
||||
vt+qG432SGK2fyyCNg/bpzaiXHFOU0oEOxGiCyylupdh2uAHILXTFLRnMBPGK0B1IeTAsqrSA231
|
||||
nhg9H4owoBJ9+GAOhByYrOQQGYCK0pk9m3+bcksnMSWbq/aZOZxpgpK2EySIN9gCxAnYkf7bjpuc
|
||||
x1g3idFo6pKXtnlogiMbKMnAIEG8gR6IE7Ag7VtOCMzMY6ybxKgRt221aQAAADCK4n2wrPAbtzZL
|
||||
YoRMRXLTDrUMBpkNAACAfop5idrP+FQ9j7FoEqOYfCgmLjqzGQAAAChJe7Cp+OeWxX/KV2JOcmPR
|
||||
JEZOnrII/ypmMMhmAAAAtkZ+zkixM0bt55ZNY48kRpKdfO9739vCggDboaeJIt7AKIg3ME1Z+cfg
|
||||
4KBwj3Jx7lKtPMYeSQwjbrGdnZ0l5wGoHMkofYCKQryBaTRykZs3b8qvta7usBg7JTGkfnuxrQ3s
|
||||
xTcCiGm3Q8lPIyleZIh4A/0Qb2Aa/cFGpa6g1vnTK6axYhKjeBsYjbujatw2BqNkQD+djVNy2JHL
|
||||
5RTvpop4A22INzCN/sxDkiUrjtiVzKw2wtecHhorJjEa5KmMYjPWc+ES2jzIqf00kmT8miR42H4F
|
||||
8QblQryBaUoGmzAtflWeiIhnkMxcFfZIYvR0rihesiSeIPUGDyAQt23xvw6HQ3wQLMbzvLBfQbxB
|
||||
WRBvYBqNYBMnK9ojdiXBhoG9ZZB0wyhmMGoki6ORgxpxSxY3cmFC3P4lgUdKCTQh3kAd4g1MoxZs
|
||||
EqSZx/DF11RXvTPG6kmMnmYpz2ByuZxkgmQt35Tig/0o7j/kxJGpkTQj3kAb4g1MoxZsHMcJE+KZ
|
||||
eZUxMbzs3jC8+r1kKs3qSYycpH1KGjDLWnIFwpPCtKSRo7UDIz5GIVE75ziOtXAiYhOsnYuPQsTR
|
||||
hXgDPRBvYJqSwZbL5dg0e1VIZcrKY6rFZkmMYuOUNGahSWezWTbNJoT2T6LUpxpvAizKIeq3F7dn
|
||||
p9MpbthsOIKwUxFiSQgzxBvogXgD02gEm5C+sOhi0+I8hk3I+1osksfYLImR4GVdrEISkxWRJDfi
|
||||
QxYAMXEHPleQzWZZa8/lcmwHQ4VGznYwQqIsCTbEG2hDvIFp1ILN6XQ6nU6e551OpzAnX3wJkmJn
|
||||
TNX7YBh7JzGk0g3z6NEjxZmFAxqAktgxbjabJSKXy8X2KOxfEl3myvN8IpFQXAPiDfRDvIFpxMHm
|
||||
druF9NflcpGow0acykgWt06k2S+JkR9hiPMYVjdVKRjUsI2NDRZgLpeL9bgKxyisAx/AQIg3MA0L
|
||||
NiFfcRSu7WdPamcwVshm7JfESAhnf1nzFrJLInrxxu6qFg1qwaXDD4gonU6zwxThX9Z0hbEIhHgD
|
||||
IyDewDTiYKPiq5aEbhgrpCna7JTE8MWjesVj3HjRdUmbPTE4KQxG4Hk+k8mIu1vZSAVeNJSSCPEG
|
||||
xkC8gZkymQyJrrVmhM4Y8fgYtYFW1U107JTEKOKLFSUxaOVgkHQ67Xa7xQ1VGGiJeAPDId7ANOl0
|
||||
moiE9IUN8hVDT4wZxBkMjlTAcJlMRjhMYX1+bLhlNpvdbOSINzAI4g1Mk8lkWO7CrlRi/wqnk7SJ
|
||||
r9xWe7XSaiGJET5r4eqk6pYHag/bqbC27Sjc4JIKg/xZnz+AURBvYBqWxLhcLvEV++wlPXlM1dm7
|
||||
MUiGxQj9MYWXq1k2qCWZTIYdo4jvcUmFvDk/E+INDIJ4A9NkMhlxBiPemZLo5rzVLqYqeycxjORD
|
||||
z23+9CtaORhDuHGisGsR33asMBfiDYyBeAPTSO4KS7JdqsXVQhLDiK9RssI544Cbi//pQSKKp3PN
|
||||
f3db8SWm+0efXXmcVlzJW50N4yd2EdHoR4nT04+J6L+/1Bp5slH8jDYv54j/6UGf00FEof91Zz4p
|
||||
vYnO0SZ3//66/gN14XpX0MMRUWw9O/04PXl3bWJ2NZVT/RA13qB469HXQj27vEQ0u5Lp/dfY3GpG
|
||||
/glomHqYOnHhvp45K0pyR9Rc4U7wRecuEW+IN4NYPN4QbFTTwWaX9IXhSs9iNzb69JnR7mb9M49d
|
||||
X2YTg50NeubvP1DHGvn5z9YljTzg5v6yZ9fMH+wb/Vxzzy5vyO/0OR0+pyPc4Oo/UDd+Ylfsjw+8
|
||||
pW8rigJuburkHtbIZxIbPRfus0ZuR0IjF9+og0G8iSHeDFEz8YZgsz6NYLOFWuiJ4WUKL1S3WCrT
|
||||
sj/79vpfbvW+9zCltRI+P31lMT2T2OgKuEN+5yttvovzSe1SsCMbIhq7tizebke9K/paKNyQD4CZ
|
||||
xMb5z9ZnVzM+p6O72dO31x/0cEEPN35iV2+b7z/98mF5b5Co3eeMvhbqCriJaHox3fsvscSGwkFk
|
||||
MsuPXVvWKP/M0oYVes3FccVaOxu9b6ExWIg3xJtpEGy1G2zKO1MLs30SI/+URc9YZK/CqzX0ZDbn
|
||||
c3JEdOZ4s0q/osJKxq4vnXmxlYgiTzZcnF/XKEG7z9nb7iOieDp77u6q8HzAzU31hUJ+FxHNrmwM
|
||||
/vKh/PviW88ERj/XQkSDTzTE09lTlxf1v8F2n3OqLxRucBPR1INk77/EZD23m5/AqcvKP3RlKeJh
|
||||
4+pHxog3xJsxLB9vCLYaDDbFrMX6eYyNTycpfrhFT/LVfmiUhIiIZlcy5++tEVHPbt/JPX6dKxm/
|
||||
scKe6D9Q53U4NAog9MpOzK6Knx8/sUto5D3/fP9iLClf9jsfJvqj82zxoacCr7T5dL7BjjrX9Ot7
|
||||
WSOPxtZ7fxxLZfnyPhxLPQpxJT5VLD5wsdAbQbwh3swtJ4KtNoJNnMGU3rFajI2TGDkrf9Bqhn+T
|
||||
H7925sUWnYskNnKTt1eJyOfkBsL1GnNGjoi6WwuONrn7D+aX6o8uyEfDCc7dWRu7tlRW8Y42uad/
|
||||
fy/7Epm8vfqqwmFKjbBLX6sE4s2m7BhvCDabslek1VQSI2WNPFe5JAVXFtOs0XYFPG921Otcg9Bu
|
||||
I0ca1bb+cquXHTHMJNJXFtPC88PPBNiyk7dXxc8rPoYv57+Gulu8x4Ie7eIdC3qmvrYn6HES0cSt
|
||||
lW9EF7b44Vjqwcqop1Vbo6iIt7I/HEs97BJvCLatfTiWeugPNgur6STGIjGiXJLNl4Z+lT9vOvpC
|
||||
s86VXPhsLbaeIaKe3b6Oeqfi1oUjlTOfJMTP9+3zs+fHri2VfAuJjSz7GiKivn0+jbK9vMsz9fV8
|
||||
Ix+7uvTNny1s48Ox1IOo+O7awr+yW25boqiIt/I/HEs9FOJN/PPClok3BNvWPhxLPXQFm1LsWUhN
|
||||
JzGWiBCVkohemlvJjN9YJqJwg/utzgadK5m4lW9+kSNN8vV7HY6BQ/lu1Ymbm+eM271O1h1KRFML
|
||||
KT3vIhrLD6/rbZed2C44uccfPbmHjeMb/W38z6YebuvDsdQD8cYTId7Mr0SLxxuCbWsfjqUeNcH2
|
||||
VyfVhuHLiwOH6n1ObvR4y8QtrbswCcauLg09HSCigUP1p38tHV3ff7COtbrJ26viy/9CfiebiK1n
|
||||
ii4LVDeT2GATwiWLEkGP8/xrewpv5NF3PkzoWa2wLP9Wp8YM/T+Jnbuzpn+FoAfiTQ3izXAINjUI
|
||||
NkOgJ8aUJLfUS/Pr2bGry0QU8rsiRxv1rORqYmN6MUVE4Qb3K+3S0fWRo01sobGrS+Ln2W0riSie
|
||||
zul8I/F0/usg6OG0s/jYembs6rLxRwDWqUe7lLPUS4g3e9SjZcupUQzZSwg2i1ZiuUW1qtruialu
|
||||
LfEq08ovjUwvRo42+pzcSHfz2NWlVFaxlRcZu7o0dmI3EUWONl6Mbd5Tod3v7A35iSi2nrlwT5Lp
|
||||
a5Sq3DeSn05mc/F0LuR3hfyuqdf39rxzL5EueRi0ueyZj7UObmYS6WrXo36IN8SbmapYTgRb6XXW
|
||||
VrBZV20nMXaSSOdGph+PHm8Nepwj3c2nFe6/JDV+Y/nMS60+J9d/sN7rdAhfDYOH86PeJm6tSBYp
|
||||
OvLQp+j4Rkkyy/e8c2/q9X0hv6X8QCQAACAASURBVKsr4Jl6fZ++pp5fVs87BcMh3sA0CDaoHJxO
|
||||
qnxnne6XznyUiKeyRDT0VCDg5kquJJXhJ+fy91ToP7B5BWPkSKG7dWZJskhsLX/jhJDftbkJzUdX
|
||||
k4ctMrucUXsXc8uZnn+6F1vLEFFXwBM9ubf0yi1SRzorEfGGeDOzEq0fbwi2rX04lnrUhJpOYuwm
|
||||
leVHph8Tkc/FjR7Xdf+lsav5+zUJ54lf3u0NN7qJaGohebUwbE0wv55lrZGIenZ79WyCdd4SbY7k
|
||||
VzS3kul5J9/Uu1u90b69Ad3HQ1AViDcwDYINKqSma4Lnq/zQKInKS29/FGdNJdIVaPdxJVbC8xfv
|
||||
r7P5e/f4O+qdxPObo95mEoqLnC+cSI4cbSr5FgJuR39H/mrG83dXtd/F3PJGzz/dLWrqbsdWPhxL
|
||||
PRBvogfizbxKtHi8Idh2VLBZWG0nMdV+aJRE/aXhS4XbQx1v1fNexgu/Xz9wqMHLOQYONRBRMpOb
|
||||
uLmiOP/olfx9Kvs7Go41y+5TKZm5UIbpR6krj2R3wJQVb2450/OPoqb+tX1eTuUHUKxTTTorEfHG
|
||||
EyHeTKtEi8cbgm1HBZuF1XQSY09nry/PxNNENHikqbuldKfo2Ex+AHykKzDQ2eBzcUQ0ObcquwQg
|
||||
72piY3IuPyZu8qt72gs3V5B742B95Kn8bbyHppR+sF7J3EpRU5/6g/1epxXv8wgM4g1Mg2ADwyGJ
|
||||
saLhwr26I11NJWeeW8lMLSSJKNzoHn0xf2wxNrOkscjgTxdYOww3uqf+YP8rhRPDYt96PjhZuMvT
|
||||
mQ/jFzXPGcuL1Puje2wcX3erN/r1fWjqVoZ4A9Mg2MBYNX2JdXXP+UnOjOp8iYiIzs2tTD9Kdbd6
|
||||
2ZEHm0/j7Zz58PHE7+wholCdi4hia5mL97VuBJlIZXt+eCf6+v5wozvc6I6+vm8mno7eX5tdzh9h
|
||||
9O2vC3rzBzHj15ZOTT0o7w0SXY2ne354Z+oPDwS9zp42X/Tre3vfubd5/FSY3+d0fLvUT8ieLnzr
|
||||
WR3iTQXirSKqGG8Itp0WbBZW00mMnQ1NPYi+vl/nzJNzq8lMTvhSGL+udaTCzK1kuv/h9tgX2wae
|
||||
aCSirqCnK+iRzBNPZYemHpy9vqy0gtKuJjZETd0ffX1fUVMnIiKfixs+VqKdj/x6Ua33GIyCeBMg
|
||||
3ioNwSZAsG1fTZ9Oss6wqbJe4ol4uvjZevSzNZ3vJZXhJ25u3vpp7OOEnuIlUrlv/iTW9f/NDr//
|
||||
cGo+fyFAMpObXd6YnF0ZjMZC//PW2Wuad9ouVbyr8Y2ec3dY12tPmz/6ddFQOLvUo13KqV0diDe7
|
||||
1KPtyll+NSHYLFeJduY4fvx4tcsgxYu679g0z/M8z+dyOfbv2bNnOzs72Z/ZbDabzWYymUwmk0ql
|
||||
0ul0Mpl0u91E9OKvS59zBdB26YUlnuevXbvm8Xjq6upcLpfX63U6nU6nk4hY+DU0NBDiDYygGG8u
|
||||
l4vjOEK8gaEuvbBERNeuXfP5fHV1dV6v1+/3+3w+j8fDvuXcbjfHcS6Xy1Fw8+bNN998kxNxOBzs
|
||||
X4aI2L/iiYqq6dNJtXIdPNgD4g3MhHgDqPHTSQAAAFC7arsnptoFgB0F8QZmQrwBoCcGAAAAbKq2
|
||||
e2JwqAImQryBmRBvAOiJAQAAAJuq7Z6YahcAdhTEG5gJ8QaAnhgAAACwqdruicGhCpgI8QZmQrwB
|
||||
oCcGAAAAbKq2e2KqXQDYURBvYCbEGwB6YgAAAMCmarsnBocqYCLEG5gJ8QZQ40mMNQQ8XPz/Oip/
|
||||
PpnJxdYyU7H1ietL526tSF59qysw/tW9RDT24eM/i8Y01v+D39s7cCRARAMX7v3t9aWS26XCT9JP
|
||||
P0iOfRS/eG9Nu9jxVLb5f1zTeoflLxLwcANPNvV1NHTv8ga9zqDXGU9lZ5c2pubXJ28uX7i9qmdz
|
||||
O8fL7b7Bp4I97f5wkzvodSYzuXgqN7u8MRVbj95bPX97NZUt2p9pVL3EVGz9xN/Pqr1abjVVLmhZ
|
||||
Y5l+mJq4vjR5c1nyfksuLid542oLxlPZeCo7u7wx/SAVvbcqb6eg4S9/d8/gU0E2HT57Y255Q2Nm
|
||||
Q6pAspIz04unfj6vMb8Qh0SUzOT8Y1cV1yb/QpNsqHvi5pWHKcVNCI1i9PLD0798oFEY2JqaTmIs
|
||||
cqCiUgyfiws3ecJNnoEjgekHyb4f3p5fyyosxet+I5I51ZfyubiuZm9Xs3fgSOD83Er/O3cV9gr6
|
||||
VlXuIl6nY/QLbZFngz5X0anMoNfZvdvZvdsXebY5tpoZfnfh7ExC31YtowLxFvBwE337+joaxE/6
|
||||
XFzIxYXqXT0h/1B3CxH5/ttMUQ2WVRKlmbdYTRULWqGx9Hc2zi6l+9+5q7zP2PIbV1mQpW7hJk/v
|
||||
vvqh7pZ4Kjv+SWL43QW1LMpUFiiCBq/TMfBkk/Bn5JlgiV24IVVQ/NzAk02nfqaaxHidjv7ORq0y
|
||||
aERI8Z+jJ9q+9sM7ypvZQqOActR0EmMxyUxu5P2Hwp+hOldPyN8T8hNR927f1H8Id/31zUp8OUq2
|
||||
yzbdu6+ue7ePiPo6GiZf36/aAg3VXuc8/4cH2XaJKJ7KRu+uzS5vxNYyoTpXuNHdu78u6HWG6l3j
|
||||
r+2Np7Pnbu70A9/oH3UIH9dUbH0qtj67lCaicJOne5e3J+RnSYbP6VCMnGQmN/ZhXGP9M48VUgEr
|
||||
VJO8sXTv8vburyeicJMn+kcd4fEbiXROY/EtvHHF7Qa9XPcuH/s0gl7nUHdLf2eDahYFBf2djeIM
|
||||
ePCpUklMgYFVEKp3nTxYr9azO/BkkyRH37K+joaX233vzScNWRuUpaaTGIucMy4UI5nlv3PpoeTF
|
||||
kwfrz/d3EFG4yTN0rPk7lx8Ji21O6HwjfPGcmtslojc6Gyd//wAR9XU0HGv1SL8RlFZVugDqi3id
|
||||
jug3OrpavEQUT2WHfho7+4lCX8vJg/WjX2zv3u0j3jI1qJPRpf3z7hb2xR1bzfSdm5N/ZXudjr6O
|
||||
hqHulmQmp1b1p36qdVpHbnvVVNmgPbbLG/3jMDs0H3lpl8JB9pbfeKnGEvBwg08HR7/QxvqEon/U
|
||||
0f03N7XPj1SctVvH0LFmNjFxLTFwJBCqd72y16928prIoCoorGRmMcXy7MizwQtzykl25NkgEU3d
|
||||
X+ve7ctnM5KPVOMLTShtJseWPfPl9hN/N6v4xlRXAkbA1UlVduH26vAv8t/FwtlZc5y7uTxxLb9/
|
||||
Yse4FTX+2l62a5xdSnf/zU3FXSMRXbi9+rkf3BQ+k50s8mx+NzD4L/cUDzpTWf7czeVX//85Azvw
|
||||
rFxNVx6mhgqpSf8TjdozGyuRzr09vdj1/U9ZT1jQ62QHAKCoo9Hds6eOiM7PrYwWMpLIc83bWWe5
|
||||
VTD+SZyI+p9oCngUdnNCCcc+fLydUs0ubZyfWyGinj11Jw9W/FsU5Go6ieEt89As0uSny+zFwnFt
|
||||
8VLbWX+pj2Lq/jp7PeR3lVvsskpyNOgRUrT+f7wzt7ShvZ7vXHp07tPl6lec+B2ZHm/hJjdb8YW5
|
||||
1a0Xu5ylDKimCgft+dn8UXW4yWPgG9e54NzSRt/kbTZX927fyYP1hld6FePNwIeQf4998PjKg9TM
|
||||
YoqI+jsbvZyj4lVQMPZBPjvp72xUK2Eyk5u4uqS1XR0vDRfGDp/5SkjrfVW7UrTenZ3VdBJjE7HV
|
||||
jDDtdTrM3HSoLn8+UW2IgFGGX9zFJiY/XcJgAp2EE/amRYX1qymZ2fzqNbmxMFcfpyeu5nunttm1
|
||||
UMMGnw4SUTyVPXdzmYjGfvuYiHwubuBIU4klddBZBXPLG1P319TmYSWc/FT1Sjf9rjxMTX66RERd
|
||||
Ld43jXiDUJaaTmLY6faqP8QZr9IMoTqn8HqKDW6Qn3/VWr/KbKW26+Vo4Gi+yU3dXyt38bLeae/+
|
||||
Ovb02AePq18j5VVf1eKNHb8S0eBTgTLLXH7dGVJNlQ/armYPezGeym42lm2/8bIWHPvtIpuxd3+9
|
||||
4ZVexXgz6vHKPn+o3kVEk58usWeKco6KVkHxSljy1LOnrqPRpVjCsd8uFn3m+otU/NLQxfxZztEv
|
||||
tqlXaPWrRr1sNlbTSYxN9D+RzySmH6ybs8WAlzvZ0TA1cCjc5CGisQ8Wrz5OV25z7XUutiEiit7F
|
||||
PWD0Gv84f33N2O/u/e+/s+dY4XKhCrFFNY307GYT7CC7KoSTsEGvs6Nwyg8Ekeda2IRwQmd+LcMi
|
||||
qmdP3dFCGrodOqtg4moimcmRrDOGlTC2unHxrjFRNLe0Mf7xYyIKN3neejpoyDpBp9q+OqnaBWAk
|
||||
50SLnexoGP1SO5uemFkqmlm+hpIbUloq6HXyQ88oLjGbSJ/5zaO3f7NYbrFVC6C0iHDSKra6kcpY
|
||||
pFYqwOh39p1fPex/opENP4w83xJ5viWZyU0/SE7dX4/eXY3eXU2kVK4x1lH1TP8Pb58rDMkyoJqM
|
||||
C1rJ816no2ePf/jzu/rC+fG8I798oLCJLb1xje0qSmX42OpGqN5NRCG/ay5RpWuULNmSvE4HG3M9
|
||||
m0i/d3/zqGzsyiK7eiDyXMupi0oXjhlSBcWxlMrwk58uDxwNDD4dPP3zBUkJxz+OSzek9qe8SLKg
|
||||
Hf7ZwsCRgM/FjX6xbWImsXmWaguNAspR00mMxfhcjm8VxhwQUaje1bPHz3ZRVMgnTC7S7NLG7FLF
|
||||
v4KD3nyHX1xtpwsqTkzc+vaX2oY+15q/H4yL69lT17OnbuiFViKK3lkdmVow6mjSUtUU9Dn5U6pZ
|
||||
yOCFe+/FTOq2VBRP5UL1RERBr7PUvDvL4NP5GyQKVz4yk58us6uRB442KScxZdJZBWMfLA4cDYTq
|
||||
3a/sr2MtZeBogJVQ6CgyxPxaZuyDx0MvtIbq3ZHnm5WPDKECajqJscg5v0IxfC5u9MvtirNML6z3
|
||||
//B2KpOTL0V8qTciOacrm05mckPR++Ilgl5n925f/+Gm3gP1vQfqJ28sfeOHt/WudislUZmnxlTm
|
||||
rZ3+2fzIuwt94Yb+w009e+rY9c9M74H66IFDY1cW/+zfPlMsSTKTO/Nrrcx45lGyKNJkayiPcUGr
|
||||
Zur+2sA7d+bUMu+tvfEyyyDZZNVC2pJNKfJ84bqkK0XDTVIZfvLG0kBXMFTvPtlRf2FWdu8WQ6pA
|
||||
tpKLd1ZZn03kueaLd1aFEk7dX5tLyM6hS7arUSSll0Z+OR95vtnn4kZ62sauLOY7Y/Q3CtiSmk5i
|
||||
rC2ZycVWM9MPkuMfPS7q2TZ+Q/x3lY45Al5u8g87eg/U9x9u+n96Q6c0f+xmO+Kp/M8pCMf6UJZU
|
||||
lj/36TILEq/TwRLQwWeCrDs9cqxlZjH1tlI3XjLDn9b87RgxS1VTMpMbLtzLzufKv2XWETX0QmvJ
|
||||
WC3rjW/BZq9VMqs9545ytNnT3eYnliLIEs2xDx4PdAWJKPJ8i0ISUyb9VTD+UXz4pd39h5u8Tkeo
|
||||
3pW/PcwV43tKEqncyC8XRr8cCvqcIyfaKhqBIKjpJMYiWW+hGPFktvn//aTcpX1Oh843ktzIqZ5/
|
||||
VVpDIpnrPzcXi3T5XNzQC7tG3l0oGmOxtfENStOxlfw15KF6t5dTvkF+LTDlbaUy/Hv319+7vz7y
|
||||
7sLkGwf7DjUS0eiX298Wdzxs6TS8gdW0/aBNZvi3i7tSAl5u8o2O3gP1Qy/smk1svK3Y0bLl8Qfl
|
||||
LOh1Olj6SOz+CNUKZ+s1o8jz+SG94x8+lhdP6BTpP9wU8HDSEV2GVIHSSsauLA6/tNvn4gaOBlhH
|
||||
ZjKTm5hJaIypKl0klZfOXH40/PndQZ9z6IXW0fcfaL1HMEj1D7lAkXB44XOVuBmGcEp4C0MZEqnc
|
||||
9EL+9z4qd9Pe+bXMbKHntvcAbmppjFSWH3jnDrv4wufiXt7j3+YKt19NFQ3aRCrXf24utrpBRGde
|
||||
3WPIRS5bI4xjiyezqie2dqSBrvydEsde28f/12flDyHzGDi6rbuTl1UFc0sbU5+tEVHk+ZbBZ4JE
|
||||
NHljqUKHUqksP/LLBcoPHghVYhMgUdNJTNWvwpdfjq97EfZlTURdLV7tOYVBErHVjS1sV9hQqN61
|
||||
hcV1LhK9k79kN/K8+o0irPmwcLwlklnhXjLhRvd2627b1VTpoE0ks0M/yY/uOvPqnhL1teWKLjVn
|
||||
pPCrQNE7K8ZXq4XjTftxsqNeyFFKGnqhtVJVoLSGsSuPiKhnbx0rYX68jp7tlnxJ9vzblx+yhhA5
|
||||
1tLud2rMWf1HTajp00l2JnSQdLf5A15Z12tBe50rHPAQUTKTu7q4lVusCt87yUwFr0kZff/B4LPN
|
||||
RNT/ZODYbt+VB/i5V4MJI1q2Y5vVZELQ/u3VxOhX0uGAp+9Q48t7/OKLeM1xtMXLBnZQZcZV2Ffk
|
||||
WP5c0sRMfFY+ZrZgoCsYDni6Wn1b/h7YQhVMzCTGXtvHLkqKrW5cvFPZ2yAN/zQ2/rUDRDT6lVD0
|
||||
jvG/8Q5itd0TY5lH+UVKZfjzt/KjfYdf2q0228gX2tg8528p/dJQqe22+109e/MdszOPUtsvttoi
|
||||
Vx+lJj7J37ptsr+jo9GtvZ5vf7n9jSeaql9x4ndkerwdbfZqz9DR6GbjKBWqb0ul2mY1mRO0I4Vf
|
||||
nRz9stJP1Wy5OnQs2NHoPv/HYTbX9ML6hVsrhld6FeNtO4+Ah+t/MkBEyUxu8Ed3T/90Xu0x+t4D
|
||||
VvzIsZaKVIHSSlIZfmx6cXphfXphffS9B2Vsd0svnf0wPvMoSUSDzzZ37/ZrraS6j5pQ00mMzQmt
|
||||
ffjltreeUbgL5J8fb410t7LpkV8slLv+gJeb/EYHm5bcmaoSBv/5Ljs+Cwc80289qfiOiOiNw02f
|
||||
/Ocnh19uq2hhbGHqPz7xz38SPhluUHz1aIs3OtDJpqcX1o0anLHNaqp00BLR2Y/irLu+92DD9kcC
|
||||
6RTwcn9+vHXmvxxhfUjxZLb/H+bM2bQtDBZ+8bHoPm9KJmbyWbLQm6LTNqvg1L/f/9zZG587e+Pt
|
||||
y2bcjmv4p/lUO9LdYsLmdrLaPp1kkVSTV5ku4eKdlTOXHgy9uJuIxr9+YOSL7edvLQs7mL5Djawx
|
||||
E9HwxftXFH6yIL8tn8vxrZd2iV8I+pxdLd6+Q43CTwxGfnxXVrbNxb/9FeXb2zDR2yuFCya13mkq
|
||||
y/f89Y3oQGdXqy/oc45//cCZ39kbvbMym0jHVjOhelc44Ok90BD05Yd8JjNZy9Qg8Tyv+K94wvDS
|
||||
+lyOvkONfYcak5nc1Gdr0wvrsdVMMsuHm9w9e+t69ubH3iYzucEf3VH88EvWHRGd/mnR5crbrCaj
|
||||
glY2XWTkF/Njv7efiEa/Enr1b28a8caVG0vQ5wzVu7rb/EKPFxHNJtL9/zA7t1TBX+qQRBojfklc
|
||||
ZisQziWNf7ioXbBEKnv+1nLfocagz/nG4cZzN4QfkTakCrb4ZauyiMbaSmzo3I3E9MJ6d5tf+I7d
|
||||
apEqTjHY5N91DoeDt+QwmppOYizygW+jWZ36yf3ZxMaZ391LROGARziEFSQzuaF/++y7iieGC9vy
|
||||
ubjRV/aobSKezA7+6M6FW/J7T20urt0v4nM68ouXeqfzq5nu8eujr4Qi3a0+Fxf0OVkXtMRsIj30
|
||||
b58pFKl6HA4dP5hsdLxFb6/2dTYSkc/F9R5s6D2o0CUz8yg58I+3rywUjy3QXXdENPLzecmh8zar
|
||||
yZCglU4X++704sgX2kMN7t6DDS+H6t4Tfkdpy29cd2MZ/3Bx+GKs0rcJqEq8bdmxNl9Xq4+IYisb
|
||||
F2+XHm4y/ttFdmuAyLHWc9cLSYwhVWCVHIaIaOjfPot+84mi2SxTZWK6gs3CaiqJsXtlKHr78sOJ
|
||||
mfjgs819hxq7WrzsCDiezM4sps7fWh6bfqT6AzrqkplcPJmdXkhOXk9MzMS3sIYtS2X5Uz+5P/KL
|
||||
+YGuYF9nY3ebP+h1Bn3OeDI7m0hP3V+bvJ6wVPqixoRg+9rf3wp4OdYZ093mDwc8Qu3PJtLTC+sT
|
||||
M/EKfVbbrKZKBK3E6HsPWJ40+kro1YmbJeffmngyG0/lP+3o7VVRt4HZrPzlJuSpwqkibZPXl9hP
|
||||
EPR1NrbXu+ZXMxozW6cKynXxzmr09orisYfFWTnY5BzHjx+vdhmkxH1W4j6uXC7H/j179mxnZyeb
|
||||
zmaz2Ww2k8lkMpl0Op1Op9fX191uNxG9+K/4gVnYrktf3eB5/vr1616v1+fzuQs4jiOiXC63sbHR
|
||||
2NhIiDcwAuINTHPpqxtEdP36dZ/P5/f7fT6f1+v1+/0ej8fj8bhcLpfL5XQ6nU4nx3Ess7l169ab
|
||||
b77JiTgcDvYvQ6IcyJxkyPY9MfKPSfSMJTvvwIaEJio0ZvFLhUnEGxgD8QamcRSTv1qVUuln+ySG
|
||||
ZHWw+aGjjYNBxHElPvLgeZ4dIhMh3sAwiDcwjSTYtHMaC6rBS6xt8bmDvUg6TsUvId7AcIg3MI1G
|
||||
sNlCLfTEMAq9rzhSAYOITwBLjoxzucIYVcQbGATxBqZRC7Zql0uvWkhiJH1fHMcVhgajlYMxnAUc
|
||||
xzmdTtbUiYj9WZgL8QbGQLyBacTBxsLMXqeT7J3ECJ+y+EPnOC6bzRKhjYNhXC4X238IA/WFoQmb
|
||||
F9Mh3sAgiDcwjRBs4v4Yyb612mXUYu8khhE+YqFbjCUxl04a8JN4AEQkvtpQfGTM87xwZIx4A6Mg
|
||||
3sA0kkuphf4YsskArFpIYkg0IMbpdOa7YQCMI7Rz1sLZBBE5HI5sNmvNu3GDfSHewDSSJEbo/LNF
|
||||
BkM1kMRIrgdjdeB2uzc2NtLpNLsDXqYgm83mcjl20zzxz0PYpbagEoQAEEcRCySheXs8HvGf7OCY
|
||||
HRY7HI6MSDqdFu6+iHgDOcQbmKZksLlcLsX72tloWIwtkxihVqhQSaxucrkcqx6hGbP5WbW5XC7F
|
||||
Rg7AyNs5CxvWvN1uNzt5zP5l4ZfL5eSjsjKZDOINSkK8gWk0gs3lcrFgk4zBEjIY8US134cCWyYx
|
||||
YuwARageKv7RV6FvhrVw1sjFP2UgrKSKbwGqSxwGQlsVhlUKxHsUYafCUmd5XyDiDdQg3sA0eoJN
|
||||
yJvlnTFkh+CxfRJDxTkm63EVMhhH4WIl8TEKu9ECjlRAQmi3wrGI+AoR8YQwM7uDajabFY5d2Kgs
|
||||
xBuUhHgD02gEm5DKiEeRC3vVahe8NNsnMeLskgqJp8vlknSd5Qp4EclKYGeSRIKk31XgFN20g4i4
|
||||
wg/yCYkym87lcog30IB4A9PoCTZxKiN+3i55jL2TGHZoQrJUhmTXKwm9rMJhChVXMIC4+5QrXAwi
|
||||
7Egkx8TCzKzzj+1XWF8g4g30QLyBaTSCTUhlhORGkr5YPI+xaxIjpC9UfJ8YKrR51piFE0zyEfts
|
||||
EXEOBDuTJAaE1i4+ZJH0xAqzCXsONjCLBRjiDTQg3sA0OoNN3DfjUDmdZNkosmsSI3AUBvayP7nC
|
||||
bw44Ctcr8YXffVVs5MJKTC84WIViMEgOf+XEiwu7EwbxBhoQb2AancHGyX44STxDVUqun+2TGJLl
|
||||
MVRIZcStnYpHuqGjFdSIj1rE7ZxkjZ9kexQShRniDfRAvIFp1IJNLW+2fgZDtk5iHMVnlHjRXX0U
|
||||
WzjJelnFqzKz5GApasEgbsasVfOFi/klMytmzIR4AyWINzCN/mCTTFBx2Fg5hGycxJB6HnPz5k2S
|
||||
1Z/2nwAka6vyP3ml+58KexTJkxp/AhDiDUxUMtjYv52dnWSfDIbsnsSQ0ghf1sKPHz9OxS1Zo1Vb
|
||||
vJKgonQGhjAt2a+I/0S8QUmINzBNucF2+fJl7VzHgmyfxFBxHkPFJ5Ils0mewcEKkKyLVc9s4sgR
|
||||
rupXm1+AeANCvIGJthBsis9bWS0kMVR81KL4vPZSAGURsmTEG5gA8QZmslfk1EgSI5AMUNJ5LGKv
|
||||
OgNjbSdIJE8i3qAkxBuYptwIUTyJYXG1lsRI2K4+wHwGBgniDUpCvIFpdkKEKJ9eBQAAALA4JDEA
|
||||
AABgS0hiAAAAwJaQxAAAAIAtIYkBAAAAW0ISAwAAALaEJAYAAABsCUkMAAAA2BKSGAAAALAlJDEA
|
||||
AABgS0hiAAAAwJaQxAAAAIAtIYkBAAAAW0ISAwAAALaEJAYAAABsCUkMAAAA2BKSGAAAALAlJDEA
|
||||
AABgS0hiAAAAwJaQxAAAAIAtIYkBAAAAW0ISAwAAALaEJAYAAABsCUkMAAAA2BKSGAAAALAlJDEA
|
||||
AABgS0hiAAAAwJaQxAAAAIAtIYkBAAAAW0ISAwAAALaEJAYAAABsCUkMAAAA2BKSGAAAALAlJDEA
|
||||
AABgS0hiAAAAwJZc1S5ApVy+fLnaRQAAAKhZPM87HA72r9qrlS5DbSYxnZ2d1S4CAAAAVJadTieZ
|
||||
kNMBAACAftXdNdspiQEAAAAQ2C+JQX8MAABAVYh3wVbYHdsviQEAAIBqsULuIkASAwAAAGWwTh5j
|
||||
syTGOh8cAADATiPshdlE1XfKNktiyAIfGQAAwI7lcDgsksGQ9ZMYSdIHAAAA1aKYwVRxT231JEZM
|
||||
+OwAAADAfJIMpur7ZXvcsZfd2FiYJqKbN29WtUQAAAA7jqOY+PnqlOf48eNV2bAGIV8R/8nzvDCR
|
||||
y+V4JeJlJSsBAAAAneQDeOU4jhO/SrJUZof+dpK430X4k30W7Hn558LmEc+GE08AAABbJj9npNgN
|
||||
U8UMhqyZxGjQTl+EzhhkMAAAANskzk60U5lqsVMSI6QpaqmMQ/03wQEAAKBckjyGREmMeIZqsUcS
|
||||
IxnYK2Qqas9T8ZgYpDUAAADa1PabameOrDCw1x5JDGn2tYh7aCQXMQEAAIAeivtN+QhftSerwqJJ
|
||||
jGRsr/hJ8dBdxYRG/Kfa6ScAAAAQ095jqiUu2qlPpVk0iVGjNixGMemRzwYAAACKNPaYameOqr6T
|
||||
tVkSQ0rnjNDdAgAAUGlVuYham3WTGLXOFRJ9cEhfAAAAzFRyn2vmTtm6SQxp5jHCDMI0btELAABQ
|
||||
CfrzEpO7FSydxJCOPEY8LFs02gAAARVJREFUZ6ULAwAAAGrM3xHb4FeskZ0AAABYXFV21lbviWEU
|
||||
b2EHAAAA1YU79pZB8TYw5S4FAAAAEnbcpdosiZGw1EcJAABgX3bcpdpgTAwAAACAHJIYAAAAsCUk
|
||||
MQAAAGBLSGIAAADAlpDEAAAAgC0hiQEAAABbQhIDAAAAtoQkBgAAAGwJSQwAAADYEpIYAAAAsCUk
|
||||
MQAAAGBLSGIAAADAlpDEAAAAgC0hiQEAAABbQhIDAAAAtoQkBgAAAGwJSQwAAADYEpIYAAAAsCUk
|
||||
MQAAAGBLSGIAAADAlpDEAAAAgC0hiQEAAABbQhIDAAAAtoQkBgAAAGwJSQwAAADYEpIYAAAAsCUk
|
||||
MQAAAGBLSGIAAADAlv43N7IEIt65BrkAAAAASUVORK5CYII=
|
||||
"
|
||||
preserveAspectRatio="none"
|
||||
height="290"
|
||||
width="748" />
|
||||
</g>
|
||||
</svg>
|
After Width: | Height: | Size: 23 KiB |
20
openshift/master.adoc
Normal file
20
openshift/master.adoc
Normal file
|
@ -0,0 +1,20 @@
|
|||
include::common/attributes.adoc[]
|
||||
:xpaasproduct: Red Hat Single Sign-On for OpenShift
|
||||
:xpaasproduct-shortname: RH-SSO for OpenShift
|
||||
|
||||
= {xpaasproduct}
|
||||
|
||||
== Introduction
|
||||
include::content/introduction/introduction.adoc[]
|
||||
|
||||
== Before You Begin
|
||||
include::content/before_you_begin/before_you_begin.adoc[]
|
||||
|
||||
== Get Started
|
||||
include::content/get_started/get_started.adoc[]
|
||||
|
||||
== Tutorials
|
||||
include::content/tutorials/tutorials.adoc[]
|
||||
|
||||
== Reference
|
||||
include::content/reference/reference.adoc[]
|
Loading…
Reference in a new issue