From 019f62863b5ec8ac16fd56cde015988a4be3a42b Mon Sep 17 00:00:00 2001 From: Aleh Zasypkin Date: Tue, 23 Feb 2021 08:56:56 +0100 Subject: [PATCH] Simplify anonymous access & embedding docs. (#90409) --- docs/settings/security-settings.asciidoc | 2 +- docs/setup/embedding.asciidoc | 55 ++++++++++++++++++ docs/setup/images/embed-kibana.png | Bin 0 -> 37243 bytes .../security/authentication/index.asciidoc | 16 ++--- docs/user/setup.asciidoc | 2 + 5 files changed, 62 insertions(+), 13 deletions(-) create mode 100644 docs/setup/embedding.asciidoc create mode 100644 docs/setup/images/embed-kibana.png diff --git a/docs/settings/security-settings.asciidoc b/docs/settings/security-settings.asciidoc index 408337a12db36..15005b3494e05 100644 --- a/docs/settings/security-settings.asciidoc +++ b/docs/settings/security-settings.asciidoc @@ -264,7 +264,7 @@ You can configure the following settings in the `kibana.yml` file. this to `true` if SSL is configured outside of {kib} (for example, you are routing requests through a load balancer or proxy). -| `xpack.security.sameSiteCookies` {ess-icon} +| [[xpack-security-sameSiteCookies]] `xpack.security.sameSiteCookies` {ess-icon} | Sets the `SameSite` attribute of the session cookie. This allows you to declare whether your cookie should be restricted to a first-party or same-site context. Valid values are `Strict`, `Lax`, `None`. This is *not set* by default, which modern browsers will treat as `Lax`. If you use Kibana embedded in an iframe in modern browsers, you might need to set it to `None`. Setting this value to `None` requires cookies to be sent over a secure connection by setting <>: true`. Some old versions of IE11 do not support `SameSite: None`. diff --git a/docs/setup/embedding.asciidoc b/docs/setup/embedding.asciidoc new file mode 100644 index 0000000000000..1b20baf66913a --- /dev/null +++ b/docs/setup/embedding.asciidoc @@ -0,0 +1,55 @@ +[[embedding]] +== Embed {kib} content in a web page + +Once you create a dashboard or a visualization, you might want to share it with your colleagues or friends. The easiest way to do this is to share a direct link to your dashboard or visualization. However, some users might not have access to your {kib}. + +With the {kib} embedding functionality, you can display the content you created in {kib} to an internal company website or a personal web page. From *Dashboard* or *Visualize*, open the *Share > Embed code* menu, and then click *Copy iFrame code* to generate an HTML code snippet. You can embed this snippet in your web page, and then add analysis, images, and links to give more context to the object you're sharing. + +image::images/embed-kibana.png[Generate an HTML snippet to embed {kib}, align=center] + +NOTE: Embedding of any other part of {kib} is also generally possible, but you might need to craft the proper HTML code manually. + +[float] +[[embedding-security]] +=== Configure security + +Embedding content through iframes requires careful consideration to minimize security risks. By default, modern web browsers enforce the +https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy[same-origin policy] to restrict the behavior of framed pages. When +{stack-security-features} are enabled on your cluster, you must relax this constraint for cookies as described in <> for {kib} to function +in an iframe. Refer to https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe[iframe] and +https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite[SameSite cookies] for more information. + +[float] +==== Authentication +If you're embedding {kib} in a website that supports Single Sign-On with SAML, OpenID Connect, Kerberos, or PKI, it's highly advisable to configure {kib} as a part of the Single Sign-On setup. Operating in a single and properly configured security domain provides you with the most secure and seamless user experience. You can read more at <>. + +If you want users to access embedded {kib} by skipping the login step, and Single Sign-On isn't an option for you, consider configuring <>. It is already natively integrated into the workflow for embedding dashboards and visualizations. + +If you have multiple authentication providers enabled, and you want to automatically log in anonymous users when embedding anything other than dashboards and visualizations, then you will need to add the `auth_provider_hint=` query string parameter to the {kib} URL that you're embedding. + +For example, if you craft the iframe code to embed {kib}, it might look like this: + +```html + +``` + +To make this iframe leverage anonymous access automatically, you will need to modify a link to {kib} in the `src` iframe attribute to look like this: + +```html + +``` + +Note that the `auth_provider_hint` query string parameter goes *before* the hash URL fragment. + +[float] +[[embedding-cookies]] +==== Cookies + +Regardless of the authentication type that you're using for the embedded {kib}, you must make sure that the browsers can transmit session cookies to a {kib} server. The setting you need to be aware of is <>. To support modern browsers, you must set it to `None`: + +[source,yaml] +-- +xpack.security.sameSiteCookies: "None" +-- + +For more information about possible values and implications, go to <>. \ No newline at end of file diff --git a/docs/setup/images/embed-kibana.png b/docs/setup/images/embed-kibana.png new file mode 100644 index 0000000000000000000000000000000000000000..f3b0f542361fd31c59eb4d5fcaab03584a2937b8 GIT binary patch literal 37243 zcmagG1yGzpw=D{R5G1$-4U8Wy{ zB=V@ z`H9noMS|Y+LL4=UnHy6P@k{S0W2S{)7J)(Tc|<@xPFI;Fsb63g1A|zP1TO-cfRz7> zM~^bG@5Gce(WwvPO}%8-H+Hub zFFFLK*fh{YBR66%FcH=UN)7B*Fm`X^Fz%g>-|*6OQSS3Oc6~uLOyK4wAn<8kpw`|N zOjx#BrenWxcjwxwWUDEif8(zdq%{6#l5vkf{#8&>VL?$~QQ`YSCPAfR^ZDapY>EvJ zFjYHaqoyx)z&~O};x!A4DMf~K%lQ*wcKap9ccW|zmY`ZTwYzqS(g{KbZh_3%{qcPW zPqsFJ)jx8*K}!6LcWAs;ol?^Z>}S)qRJ z<)*O6C4Z9n=a+)Bwj&MnK^w=1zx47)uU!Pvu;^dCO4cZpcl-K&7pyxv?ywz@izBHb z<|m53>f`Tht&Rh^Mg5c?Sz$MfPS^H;f{6I|Qn!_*vAOx;A^Ih9nn)K+o@nj(INh!h z+?MX2)miZ6PIJeddiWNY$cLgS5&1Ad>?Zkdpwhu&U6hTDHH#z4ezdf#?w-yljpo-m zpy?+51@+sOpA1HHif@!p^n^8AE??EzEqCs7nIjhHl`>HX)R_LQ=)7++qoDG-u|%BZ zHjbhDwd-MzDj)yYQC!|45z~uFB5>~>&#L?Hx8dk~tfIHOkXSCV{FuJ|FFCyo-h{q8 zU|)8Vco~m(9#uNil8Xuhq@~XeT&c{Pv30t%gWs7fFT^3=+)Y-)5PtZ7o?yktSsQKo z$c%=Cm1lnP9j?UMo|E~QUNnCQYai@<|MsLB zq}QYv!0_&QF8c_+LPASPyyiqli?xQwsaoW7%_&Hpu3WtC^DX?FM$kbMN;o%&=f% zg@`uGb^dE>I6&iElkF?vbW$;U8ONkG93u9I@3`G4#E`2}fg122RlhSO=OMq;Ybpi6 z07{_8%gudD{MB=n!xJx*CvQjSYX{YRwtS8+_XsF}mm_-fI-*TD?^ZurP6U@~yCRG= zYhdU3o}#I$s#*?6N=kA(_$!xuZ*YcUC39QGmOBssr`u5)CZ^D+>|RdGF1I3$V!27W z@YB;%gT?E#OE)XA?=zFL)qDcFJGz{><1jbpW6!To?O0PDfAA+0Mu#2S1=4<$OIO-V ze`1Ry&O!wYv&i|YEYO9Ub=TJG!E_O)_`Lq_-nTs53*{o+&o|iyInM*O zOae?0+TTBk4M`!0b))_|KH@c#YV!)eiLaiCH3X_n5GYe_19uOwm8 zT=LtBc(6Ei?%?~LrdsAwu-v4%S6548hE|^^yLQuuL5{VTM{()h^V|=DFIv1g_AuQV z8XV4gr*#(FpEpJ9far3?`&9`m^zv)DdR*%rmS#IUOX>WSE*-+N^Hk+x6apS*JyT|W z7EPrYPd+m#dK17j4Xp$}ecJKnXI_PRY+qx3RUEDvO2@ymeA+QcZk-9U6!rQP&5u@{ z4Cg7zbKJfT2Ug|TiwsuVkRW>oaK1LPBM&;IHyL(eQ_IU~A^5%3Km&pR#A2{*>n*#? zzH?HER&)A3m&kfI$x}D*7Fv1VwafXpz#|851G#nw%Pkjj9NK1K>Jo2?lHs(R_-zjX zO5xv}AdhA~9(m_Z<{I#9Am9r? zqvdKDCUmAO2jZ9nGz4PT{`$gbQP`~DVzX!>9MS}g?D|O1U~)r=Vx~I?(`@ze-uHsv z=gKRd73|kM9;JiX+PSf+;Y3ZQO9#yM{s8`8vwh3Q7x2+~w%Tr34$60oZRRDOu_CP1 z?m`QlEz40pN%#7&i4WyF1wts`epe)VAxRm@d8Djdj#HW<$!DU^76_O~zETGD+qZrc z+Psxci*$LTH-DRSuMR-&?o)GK`X zYvA*~WdS^!f&1Y?z892I6)HRsh52 zVV(QIV}3kKzEqzwY0g3|Y<}#el)Ll9*NXD+z?>ZB7wA5Mx5^Q9aY+Ck*uYI~cTOv=2dk8OfyggW zAoDGTARq__&sm7*w#OdPJBb)c0j`4@g>m1~LNd`*ysch2pX7Hlg$Ru8att3w-VK9V zg6;g`JP(LwQ*7EK`t0C=IEI&+WdkjQxV>k^yKuq1xz9l^=>HqAB_12diTdU;lpVKj zh1r7o2qDfAbOXe$d3u)EB2cxM^OceP_$UBO-CzT6lzzZ=J=2?I5(4$HcZ=ct?B1^6 zBYN@-A9dB+I9)8Ad~gTmrTW)0xmWE1d#tVq+jv2pVecTAJh6%+xO?^;e7i@AA@m4S zEN2w(dxc5vuZqUAKkcQsnRUmearwEkv`8X;O8l`R#jdLc02jl?R}jrRHZ*o~<4+or zTPp5gb6|*niYx_X00_y@#f>>s^lfY!C-PrOkpH6hZXR`hO=##V-}q<$cHpGz ze9VP$#r{9*!JvZcKzA@Yr}#k991_e0O!rXgPg9p8G)YkCYduN(Oj;c$qT+~s!r9`Il?h~k(npCxGTtZHhs*jgC0iPF&JW=l3*y_H?Zd%?~o?~ zei%8}C7qxfYxc8F=Hmm!;m z{~-Q4Q!$g**6gVpcto`@=gv+mvYg^l^09z2JrZt)%K+r=mdjf&k|RYqaP=5F*VI>-%)Z;x<9$637ACkf`p3DV$k4^kGH!lSJE91VE)5lFYyPae7!79d%}6d+%{unP&tOq0XHi~+WYB4raV_3d z@*}+{C90uCjNgm0+y{B~hK$=Cg!Y!PV4B&JakFbt@}x0=#k*qt1^GfJF%!`3Lia^2P{^tBzi z0p>A*h#l4t)mQrNnWgrGcW%Z=zJ1+y8o?ZKg)d73GDazR)clKlF32d+mXOtmHxh;lK#*<#!0K0 zRcTh8U#*F&CB%$f9YL$PRB<4aL7o-e;gOdAIFxmzYL zRL|yb!OS*E)7A&x6Izpo(a94Lr8}k-NU7Ej;HBQ)F^1aSw-q#5CM9E@MHcN-NSe+= z0Vz3dr2i-B*<{)?2+xNWOUv77_Mc(?>A`&X`X_B&qTrewLoH>5Huol;)qCf-LMj`NAnPWuyBcZfHaQWm{BDtb+<8SLHQYnbqlD!Ig7udcZbH#vZOf!7S~#??A7ixX zyKCh}PUx+3Qv$}!!avrJcsST3yzv+XW#JDs@PE7Js8llr;=v0R-!Y8Grh(k2+V0Wr z^JJg-cA^yJpH){ww&^8DDd5p3yORC|(vh;pX12+?P+oii5K3lNBu2({*~m?8zI$o- zHn!gMT6TVswy$|_O|bzctn2dr;)~J`!Tf}C*weL2vT62Wthvi-GJ=ARZ#?d>+=Zm* zpmCA*ZT%$K+o-JMax%LJl+<4WK)0uZ;bYYixr^HpG6WGQX&)O9b;vI*SDe)zQ9CETVKfo?&ys1|3=|}9hrcVn zVr(xk4PEw4Un#@#qg6QPYC-%4Vp1xW>j{zNz8D-&X}N%EjjV)L?qiqiIX!K*Bvj){ z`$wE=;u9ji{7;1T??Ocn-?6CJHnwls_i?-PSn_>P3Xq8Uo%7|$SJ3tVH|_V|>1Md+ z>b?=1)N${QO~b-C6gB~2t}W3_{rwMFJo}{nkn$cLNKcjjLHMa9I-wKuRCUyx+D_D2}KcnZPTh9=E?XR+~p!xwkdZuI9inq7p;fqoTyV*N0-cQ z<1ZBE3I48}m5y;!9{kvdj|;t6{$1m3@z~!krd7)RONZhTh*M(zoas|;Ps-xic#QjY z?rN%>{86Hieq1b_@HKe6sij6OIj|<&cbDY~k=rIyxt>3Y+(e!nrrD4Bk1^I?TPI&* zc|jvryE4@#AZZrAcU;o=L7M5ldjFtnDDun#+c8W2U0JN)Xdg<;rx~wFEi?ARqS3{{ zc?%~_){z{?3q7w07=D_;&QPfZWwB1G<#Ms(-ccWF7{^&(lHk<2D?PQW=~EnP%I5Qd z518csak-M;D|)bmYS;32013syTzV(x#q4u(J?VCIc+Ji#+B@r6rpZ3$rjkHPdv;-OvQ{6& z2gF}`@vJvZTd13}=>s#jU0r>{-|IkLd-bPpi?Np1)~03R4_lQ+;dky$s$z9bU;rAh zt#@JH`8T@J$NRD^n;wqRb1mmJ6h}Q->jnOikEpmBqF`GIG2OW3y3}?1T@aA74E0gE6u|ERCgwn}DG?KRo2Vm%9zf(X2fX|!J< z%Nuh}F)`DeoH%U9`*Z@vT01r|kczaz{#a7rSsL9knaer)g?;e!*(C;Rq5yX zwmpq7+4gipU`-l`Gb9$7R%|>=wE}&ErCPhF%6UvLmFX?-;G%xC$V8Zyv87i(`zH*q zZdP~RuH0^OQ%9Y}on!WDg~B`sA^b4ki; z2Hcsm%O@;AE|Z1I{CZs%+{>0y7Sn`y?7jl}5^F-R;xcXfE}%k`zi~*{Btti?f&k!_ zsn=Q0B`h=v{urui5fg|D5$y9YZlG_(_8y&DKtV!4b1Z}24IArY`55=`x!~{fb~lDd z4_tM<-=}pn*Qb36cuTY~NP^r#$&2gbcxzo{!b7Widav35_C=hrH1}0Idh;uPvI?(q zhIr?!4mUm$lh8`9crxFO9GF;*a*_tme-V2s~X7utdCE;N?+w39EJPpGLM^$ z_z3JTw;Lq_-Iw)RwSM@6$Gp+GU>ew(eLHIyUO4 z24sA+5W4809r0;YHwb**YNR+OA-T5XQ+Z$iIHI{U%}4~+8%z&K=(}}YoT@v{e71x~ zp7}f4VJHk->p?<712hfG1~vip=)M_16p1%a^YX4{)U%l(jG?oY{|O^lNXeXy%9{ zSYrJ0VyRhky-`hDHE!aC21x#Q_V;U*$%tTx@QpcKjF~_CgEISHLIM@B^6G#FCDpP0 zi3rxH(~-~f?v|jBM-nd!d8>~|cjL&@Ku77!?HtR&a9SiCnJ zt@lQY6v6LH!$=x|)V!@}z7OG~O?Iws`ih-eP<0kVrq+Pz%(sNo5gM)5l0xlqGtjn@ zCUT|2*?yqAq2bJ>8!>F4c1;PFlu}XC4cUYCAt^L~!3vllvAKCmn5WU0Hl2Ha0d0En zrTcE>klw_rW)VC*e6&VfISzK^Pt9)T70w5z!>_3olBt`T2h#+To`YDam`@WbhS*9Uz{_{pi zCv1f994qjLCmYF6*uz?#P#rRFL6MZv53Fe&H)R!c>hqvtf2>#16ar~%?y2>;pYj-d3)`-~LYgTQ}NKf!ZTz5RT#s5bUt?!}g zP-Z`rEkH)HdTH`~uC;{u{-M&eNKI;MO?nMWfyYAgp-!R|>qSSRBB=I6%P9b-k(m~o zg&4Y|9~keESjmcZq7!@jE_LcDH~m@$1RA`{&-?SP8~GZG*7D8C#v8;rtm|@)cX)2%E*T1L7fMThkVT)w-FK9X7oivBMVrXI1)^QwNzCY2>*<*(X{4*h@w{e@!-2Jrs4uJKptJ%|_ofrOgh?x#;Y^Ucc(I8xo;QWwrR5j2D$b zjbpi7l8Phu$l}vRcxLw;w_i5Qxe$obCCGXuf)7SONnWLnqVR5MS*+p_K z38m*w$vi@h#dNQk`%zQ)8<7qE>*M8wZ6^$LfxbZ+{amHi-mmB-N_|SpnpF_3Eh%63}Xt`4i z624nS?scwzxAgq{<;uC3vGlmb)+K|_J+yMOmutJ#mC9ZJ`}a88K>9dVH9Ey4!eaHw z1_zoHQ)Z3Q5&H~Uxtq1!U1<}O_r&bF8@`hw9sT_w>)nBxgM9q_U+QeMQjS_$TWu*l zJv=gJ$xyMe&7pNiHmj8}Nf|y8Pd?rg!pDzDuiQOO?Tw6$O9z$G1&061#_+q`BXfzu z$C~bcCP-DfUl2hzZ*Gv)pIYKY>+Cl3L4$=_*|(pkb2TfCVj0$rtA~2#`MYQ3?q@9+ zEUP4BV@Q(evK7xIJ-nCqUp-_CI-CQ~(Eh6BkJ@ki?SBoMF9%ckEY_s^KHkQ3DrGFB%@6_?_XDDsz|%n=W7Xkg|w` zDuH^5W>1^<9iryd4mq_xc^<14!ccTWbR<(h{((^mUN+6F zW(j?8|}Q`$zAPL0u`H^ca3*Fi z`p<+@tJ%+sa?kkHsqAq%mhy_e67+n{33hR@z4qwKxtwsrF2hd731*RV6a8^mlgD*H z*MG!@ujuayb9@r{NXY#4?Uk;-u+Y+E?EYjkF`%FQ28ovL{6&+Oul8+UVR?A$gTUq+ zR6kRCme8J^p#jG8^Cd?6HXw0&iFoGK{>siq%0+r%Q|I)7l&jQQB7jzDJdHlZXY*cionL1eamw#f7YjH;(eZIaB*>O z;P8nm)39IN%?>oZts*FX=IJC-n{=#N4;SC`s00_jS{V2uv}v~lOpBJ& ziio6R5VLbQPFcUFrBy993xC}$DCms)&U*kUTj^iTcY4;7rRd`uJJ#vN-3Qos3+Zke z-kSFv=8J!EL~grf$_u|P%5;l~^u0v56dQfKJu5w7>02kB=1rs9%<7fSi!KTwbY(iN z=wi8YgoWz0=;kA-h-;TgTs5|<{btR7KBw=@n+IxBMS3{bINN;G+_}CpxP3akVolmf z^k_|IHybrM9W%dyp7>gf7ljYs0?~Sm&wWe2y{#4g5LxwjN93De_*8IxK*k-w0 zI-JeUvhK%)-nach+%_tro5TwD(zydT(9Ju*$5qYp-<(^|q%L8dI_-`u3SD2yJP~#2 z3b=OlZ0j;RsW5yX6-f~eYJY+!%+0-F0+sx$F#P<6)9rU{ zY8Hdn#g$ImgB=Q|Hat$BR!+ZbnItO5UorInG#FRLHk?_*}}iH&QW%#Fdw}ftp=0q)#S4DygbR&M-0{|_W&BNdSC1$0C z<;Y8*Mp2oNas#DRYX4_xm8_d+j?EQ#@GU;Igq;k%{QoYv`v24%hYYn)Q~6x8GmGB_ zFvJo-NVqF$TQI(V`<{#5gf1TZ!tqk#YcKQ1@Go`|3~~#VKb{|@y7zw6qOc?D`^V^n zIh2NVv%OZY@_69^$j(h{BV#F7pS9nQqC$%zbWO8p4G<6vIaf?Z{l>t zXIZ#4zkxUTDq7t(XV31tRh-#=Ahk{S=Y2K-TYDJ?qhfwxaAHSdx&<82zn@bP!Unu|C zQRh7Z+Q!v8A1snzDDb&-3T)yPnD$Ch(fgo!Q?k~)EZ#jCxuHIKYGB2dQYjo99sYJ2 z{52Q@@ID9WW&bMken!O<)U?3WMM%MoIe9w(ssD*NG%(B3f^-i=(e$eq0gd`m?Uz(* z?X)fT!T2BPa*Z)4gk)t+DR~)K-3~}7R_n-lu3GHZ<@ZT8G0M*PfGi#Mf7!_YLp=U} zmD>GJJKv0|b${Y~;8lUK%aOu(F~ZYZF02Uo(U@6mnrrpJ)EH;czss@Z=sNR5p3Q5y zHYx$~2GWr80V$qTRPVjpoI~TQb+W`E(zyJ?wKV-vvqoK5`L&w$Z3ect4z;6yfGaK_ z!pI9%A2Jl>aa1|;C&$5zcIv`};8%~_Y7K-0pvlB0IQin}O8;3M@ZIoW$Em>m(&SR$ z=eOJ?MvWzYj@YS6q zU-o5Mf$^b#Gu!sudnzA;gSj{w91zI#>=a&t&EIWC?_F-|MSl&alA6i~#C;ETzJEUj zD`y_O?nXb-Iiu&8Q-~7XdxryaMmW9P=stXnZhY+b?U$8qIvRB3wENKj>H;kJSgsk` z4tCLSX#sK|tFZXPM0$yDA;+;2$}Ou2^Jb*5&)}jLPKUg_T zZF)95w;Q^M>?&j866Cn(QU>0Hr?NpuX|1_Y30n)kVS!<))HMLv6f5hI3&{J!9zj_^pBD7~+<4oq z62w14xja<4<~hFtR&SbR>IZ0Aq|=M26yW()WnsL9mw@msYZmUz&eJt-v50jJgAANH z%P3Sq9ukL`a)l`7pUjvq_lL09B+TBogdtGzzCtLI{)?nim&gT(_nVsb1lbxHe}`2^ zr?)DsANTcVjsU4yr=1M!tuxev>X(vD=@;-mZf(oE4L)c|S0ZYxt2aD5+@u?_wTUFr zLw~lQOt0n6fb1&m@0=mKQ{z27KkuskCF00t%5Vx=rMr75Qz)pZ7jyG|`u3(PO_OaY zBv(#WBean(XP&2e_K(&}b~;xyljE{MmYX}$$MlGn)mElaZuXe$+mI(7w3Bz4TJG$C zAmr7$i>}Oj-q-UeH#sAmI;@7I07@6DC0TC8+>AKAAz+p&7v%P66qGun)5?=Z$y>Inkm zhs;jtW|I0H0%f1pjCnz}=Sqg6+op+Db=el(aD_#$2%1?M_)aMuEc;}?CYn8YgzByz|>RS^8)W*owx2TqXMv4fMsN6SUxNy;}E92TD5K4XhtYM@m z1@2g^_UN**&hEFT?W%tjFPniI-gxkF*2p4^)-rSh)h3ltuZH2ULJizjH2xH+C|*m!VxPx*E^Q4cMjNFCar8$P;($L@5R< za&rM{TRau&`ol43U#pLI(7W8N4iR&}jniryjjmKwKI1kwaiP?z$yAz~S#fls?U$B! zH1AAm9{Ax457hjstaG~AVdiXVei;^=XKI1JHyqTSF?xB)ad zy+)xBkc?Ey&z#&BLri~u>9G@K$EE9a&K9BV@>BJs^v6)0iS4K4I0{Iig89qhhUs*sjkJ5 zo|K^g2|66}0r)R|Lk>D4e9*lxg~LG4oewJYdAgTfo$(nR7a$W*GBv3Er9Gi}#JvV; zxP2$i>(q+!aPgA-_|q&qBlIJ8{6$9`*tmN=$kgclBRZnX6ujR3UdXithg&JFXaF@( z`{KA=N-}PXg<}Pm&2lK-uECp~<1pg)<_;~g+ivy*{zOz+E`EZ88HM0#-PC>si?1(y zD3#o`Y=P3XC_8*X6B1DL^_EF?#)N(3aaYAn^N`N5s8u+#DI?V_^kg>n$%Qvj;oMT>|uXT9@ zOT>_!E5Eg5Wp5Lz%PgjrXnTGp0U>x%*YV!t@`1=TuQM$)%R%UU^5$%|?QKW)#_)}M z4r`mqzN31{w{EDh6s~6Dy974<_3F`GToU)l*}e#m0CP1rpp;uU#dmR_3*7dvVkj_N zTeHpR^|Oz4@OjyoZGIz3hX8zCVnc`@;?@+R(l z`-&smVs4DHzo*k*`o>|~D!yEEc=kf1ds*20!UX-SB4;rNmCsd>XSizK+v-D;?aKjA zZ8N=$iBfd6ro6OE>Q>uH<1w<};NTjqnH&eCwq!wkKMZ2FGtHDTfEo*<&mjG~dDL_^ z698*)J$d{E?WE>Sycv1g8#`lMsPT>NR}*a}^Nts1Iv1 z>36+oaA8d>-|@9x7UAHC0-kybH>avHogDpIjQ6iVW3>Y1GQYa*J>M3}Dtpo>_Ns4p z9P{jrU4P`vk^e~A?o8<-%eN0fg(r#z7hr9zdLMiQSy|Z@&Ra!@0L7}eU;@9s*AN_o z*xmdbg3#M?&AHjvDwnqKasFZ#EHvL5=G-n?rWvl!sGokgLQ;VYZ!KWpRx~~x+eLI+ zhvNdt<{30_wd%?P{j4BoaZ7YdHPGJmWF}-H_W{1%m+?mU+LoMx0^oFBJ;8=>Qd3#F zF+M78)@tZ=G`n#ipkN*jhQ^7~Q)wHn-?Q68ARQJp3Uo`g^3pTlIUC`?qM~13@TUTm zHgbgWUmoeJ^~VOY$G$)%J(=B7i{!FEErS{zf?xU0$luP+&ZgGlV&=`>2=V+$)iN8B zCRga+abxm2Cc53FS%a) zWRP^n?FpYRvbd1rAGMKW6(}%yn!brrYia0tASP5x*#tdm76|Bm9e8Z<<8*}z^CtWu z{8>r4#U{XXN(U*Ic=A)z()K1Ak*14YPWY~I1q7K3r+6yZuyjkeDD+2*)PP}p$`Fh0 zTzL(E)@%5Zfojg_=0&g>b5XmQ#G7z zdT{>z*3mw4Js@^iEndPfad2^E7qOJ{EJ3|JJ=qMQinEeZBdJ&$>U*|3UXL6A#g(br zeJdd$mB;9MbIJjQ0mh#yj4!b*M~K(}fujQ~?&aZloTVE5*}%VDxaAeQ7A0AxoPp^` zs<5=e;RAjR5PcdPHi^ixb~D+BcJyDuVwP2;^^gA1MS}ts+xWtmA{2br+~&7^4(Zp4NK9wQUw3&6_%# z?Z>}dQ}GSO70)K}Jm9CMrdd8{Vj$2dCw0o!S1NON#DqFEVBlWwsO7X1>Mb! z8^8jR=rno#EBxLyh(knOrTTSD>UCUdjUWz`Mr&JSfIbFq{Cg^H#NQOUue#Zkn&wq7I z`+h5LSSA|jRV0q%rjHvt5Xn7ZS=%PLZVZg>nME+CPm>k!$4>)inZJW<5gzk}-qZlp zOZ*98NqL27+K<5PWdg-dYM`%*pQncshe`9^)tg1TRa&xW;+;4JQZ^Y%c zP$BmF929Xr+|{$xOgwyFzV(hG$_ZfF9H2_Cu||N(0jW!mm)RqJVPUwURLT$!3XfLG zv@B^=ZfGOL=hBWZFLj*nPCu-dS~0HMlAz=l#h)t4eUar(3Jwe3)q`BKMZ2rWx=I`2 z4O#YDvisJ3-;S?nf8}uOa`>R#Me2+kZ*OSS$7I<0 zYgyRU><49`j8;-bJ$2l0)YM7#^q6HkinkjSpt;@h?r&|WzBYl4;7z?7CAk!k^8lzX zC|YFjpMd)9z|V!!U;7E;U55G#@>}Y;lmdgEI0Q%_@!kZd+!k?6Ach)UI&p$nqja{v zf9V%4gYvx&5>D%!l%#|Sy>w1pKAP#?Ag+{2G2Ju}xY=V+PneHEKhP#|STluY&80TP z+QqyR%V)T8=UYEI5Ytq6r+T*Y`UGn)b9VhWr*Cl@(OAH^=_k(5NUIr@D<*;E2Q76V zRN`do1!V-OHNiHC#OHVwUrM?@QA+-Y0Q^^2l)SS+0bgPX!1)Q#vX(plp6@dRi?eMn z;6j~gWuC7%=>88^99|Q$`~bA}MrY<&z!HPQ!;m_9=1H)zUA?^JHxk49@qzwQ00Jq? zl2oJor4#)jmQP#T*Af*QV535jC5$_;t8_FI@-FC2EOIlzc+@>HO|R@UNCWsIj#0Mm0m~H_;h9U*C3} z`PuD3jeTBw{B)u3}-Ds?%4RSKWsB!Q%lnBVK*8l)?1HUy} z*zozSSKc=|n*c~^YIO=?@!PWxO(7amBBS^e3kZO+rKO{*3%5JN#@0R(FV|m9hdZVM z$G;vaKT-RawiXdH0!*?QB$n#&rv}H50N1_)b?59!uAp6}b5WXn3*3n_($nK#sY^^C z21Jzk0|DR~nS_MI0*m!T1ET(Lnx(hb-k7SMo8{}s+I_iM`nzg_bv$TO8&Y8P?XEM= zqH@|b?ulX=qL|x_?n*je9M4hHWTQ2eNZJ)GM&nKN_plCAXHP!)?dqCkl~z{(yAqis16t803Q_jWAZSjo)&&0!cXnRv`X6 z((Q+fO&H_$N#Bp3@|qR)Xu02|(qg!o4Cu%tVvL=Dd2o#(4Ro$XbIE z($dwJcZ6Qt#^~~GDM3HF_A0^oi;=#Yy{vj94|GS1q9a9wt7pB?@+vnV5i5P{Y4X`B z29GtUBKh3-Ac9*SnYcvnqDvQDCT=T9GHM$DpUAwHTtdQW~t$NnQL;<+1)ojrxgKfDM zUN|dIto9n(44Fqye`+_Zv0h9@c=~d=zwBS8E3lBdrl7!mHj`pppj(VW$Q*0FFeR(g zN;Cv4@x&o``k)qaJoWt(((Ri5Kx8~?^7(n#Xw~EF@XQtF!R&SqP)7^kaKLMSM4Bn| zbT3l?bi}wp(*D2B&fre__IgKPv4w;)%dgHl5WU~Xu_$cyd&x8;X z5^{gKsf?V~+;Ii%Ocn5s*Hd;z%2Y@~C<0+VW1{ED*)G;x;UfQcEx_Ye2$t;_^eR=@ zGlE&8d_3H8?c1%Yyq$rI9;SK!ce01+#`ieR^`9!{fcARl91pnLCh# z09UQ0p~gToX3Aa2udc=ij;6J)9{CxcU4myLojZ%Md9*EdPMWvr9Ut#(YLmRk<5}dk z`zl(UfbW;-L~Ijrb=lE2BXVk|EBGye*G6;Hg z)b73!%5LU!+vcp>+EkmES|ms0OtIetbq`z+r_%8xWBs_2clmGxF!NFL+KkgwUOSVZd)Nf;@r_misw4?B2_mf$5 zQcArzq&5#_k;e#b~%v#3P z{SX&&5y#Zkr@8N8#azx-v&e5N9BJ8fS`;|g+3)4y>-q!Oyc!yIK`WIt4a~9hjQvCX zYWbyip&=pbOYlqWtk5i#Mn_sKN+F}_`;N};ucdevYEOVfZkxW_Bd<}Q!)O~O0`xeN z)^1Un0i;ZTdJLSlhy`DAIbUH@)Xwh!$oEjxe(oFnTSZ?F1A(i^&595fXeY#;Z)D|17Jpl^mD|FQ8+0AAV@bsjyr1hGk}T{%je#JGu+)*RJXyzxKY)l494+LFo*85-kq(!0}e+8Rk29| zf;90EJlY1xJ|0jf^+#uZf+XU9vG&$cRd#K^D1v|j0!sHor!*p6QqtYs-JQ}BqS7sm zq;z*nmvonOFJb}fOrCe|bG|e7IAeTg?CoC;Slnx^`=0ZPUtII{UD}9li)%_x$Org) z1jX;cd?kzNvVIQmsCaM9Mwf1v+DO7;W4RUF4~Ag^eAs~?2{;M7Pv&0r#|ZpFvN)OT zm&OU*TWUmrVh|U&^h5rbAq9VGbP+V$DdlN-f9?jC%4OHne9~g|mSerFa`?`c8I&Yg z8S?#6W3e4S#%^Y>!KRmzk}^DQ30-P&i$cNqeQ|5S0W9f}wX&7Qy`JtjhBUJ2AGccR zQaSBA4z)PO52os@J|;nS4;ndA9(rf*8;rT^?aN&c7QQ9vdm=pz4cPI!rLPu(MN+S_ z6oN{iqV+t-O}C{m92skca7g2#eY@k6nD6PMX~$%Lt5G+u|MF>?ThHL9V96I~r60Pt zO#VkZQg#pur&u%0hb~@)Y)}A=jVq*9mLh1j$f%N<0Sy@92>Yj^V(X&Rlsu}04{@Ji z7AI}FxkY!ZUji)5tJ7>zLa4rm$p8IOq`KD{sf>t?N~f0Rf%?MTTj^^~;Kw)yz31O% zMZYn;cn%+e`_D^J_`T+f$I8L3?{Ggm`c`+-iQN}6_+%i1hoE;dHra@1A`r`u%pYXZ ztG{|L{jmx&D_IH%-e$|iHw=Ejt$1A&5GL=RCzNarC1H?}k;yVM^jz5R&7Ax>MIrir>OpVgC^}McB_$(M4 z_U0PVPZwb*HiqgJ7yq94%8CN@*|g@&wu*eXV6a$e3@m1_OpSbv&?YG8>Ag*U*Y^sz zs1I1FN}HRJ#iMZgw~RY_djku84$9GN*wY3nIQ>0+oyu*Kz6m|Qyfi%XZ~-_N2NvyE zP5pKf1Hp%+(WC8XojmET#XoI8b_1 z3&_#H#Kpo|Wv;B%Ea!fViY;0k?54^nM!5pb0wOlzxSho+Amy!i)uV8tW-2X$3yO|W0 z?uF)9c^E_`a@dhOqXK2bZ`{f6)1q7I&T+s-{r=w>GLE88&BuDkzfAbce~E3Ze|rqt ze{IzA|Jtb2|Fu#7AN_+-L;#S;baqiE^PL@rtisumNoxO=CZp1y!9Rc8d+!R*PYnHLOdnWO^H zHv|MJ<^&#@p+d7wZ;$xgk^W(3{_+eVToJrUYQ1kJhs7wbtoW!tM-l58~d)ySVs ztc~{3(;~)yoFz8P8}9=A)qaPB>FCUl@hQVje)^e#;J5mgV4(g-1jr zqdB*Yb|U%0$>GfkjP2RuvyhPVIt5sb8xbChZk|rP2FV|el<1`vuPH&l?cZvV*l*DS zD=K2e2*}CFA+xs^yU2zUUANDl-yj%DSFIgoa6>U9B4Dgm7mu+Z*i!mH4$X$=&X_cB z-ukWXkCiX`D3@t~#P-g1X_$MJ$#~$`w+~BBO4VvZxc9XVLMLrPiH#R+=0KNwG(^a4 z9pSOkBAdY*oGS@ihn^%Uwi~HD-r2y!cm&BG8L3)eCIB6jhSjecU!{@}z}9J}%XHFW zh3@{D@!k}~7hCTNy#b{iTT_E#nKcfyiaZ#3yxfi`k@?}1TFLBWy@CR?s>SQ#bh&;N z6Wj^dvtX@ia}uCe&DN@>!PveDxv5Ze)te=AqfYN!c9=S{>V;@O`@TD$NU!O}s9u8O zs)Hv`qSjxmBlWTB``2VCTUlZyZj&O_%1bc;T=JgH&GB!BE&Rg`DSF@|7_t@>MTQkK z0HeWw2~a4-#XsmG)1SyTj{np9@SG|`mqL*I6Ofs?Fw!K3goHrLZGf-`}lY&p$a~J;XVE;i zMtQv*v?7`~<4(znp2qjx7f`%dc!I4y9Czw&9GPQSsa>gAYMGk2ek3PB`SRsUO*ay` z*6XBS+FT{o?pMZe<@&D*!N43Kv!xLfyoDQ}RS3h|$bS0crt(~!>c<(M~;*lZ4vI5YM4zUaR0;zJV9c-~P4K3->YgX!;=NYV$Lbey{PPR(4R1UXeV3zRa)t~^o8oDQ<{DA%qHBp|K@0_p1 z49FrU96B6T)wa_r+70_I$9Qm@Q$1E;14gZT9OhHi{Wi8xtGCPgJ}K*z{g`i@cQUuj zADk#z+NZzC9cWAWSjBN+|Xjc8YWHdH#eIk_Ot4<`(MVd76Wb#aAWl&BsVKxo$PZFxjf$Yx|S{G z&cd}l_^0@JAK#0AkX#-9S-d=(*$UmeRKDg+8iC&Ftav&2)*Z8;(hkk5_mKr0lY>x% z(HEWLS(y{hsFNBiT&)!h1BGg>)e99Wj_(`n z<62vMS5^SPgX2-1@-cy7@|TDnI>{Yhlq5?}?l;C%Iq#M;hEJcKLH4{Z@Ft4QRQLr1 zNR7&rZI+5i)rwWUr)LJ-!Fp3HaHWryz=O8j`?o!Rj=lEbls*#oEt+tnvl($6qedO4 zki(+WnDdFP3O7C)(7SRTL2knaEvW4J$4g<*8B9DrGqawT(Q^`(-0aco6aA%7FT!*f$VHE zlkCl{Bf^#IHvYa$F{rdS@&Eq)J19a?awX6x6i8XnN$=7ygi@tOEJ`Y^hQ?~F=i@&; zKu@Rs91Ul*NBsK5h|PfCahi?bxs$TE4w-F3K*Q(%9uXmxS)`c>64AFE@hZe9+^HIA zG5%J5&q^0=kZvp5R?>KDv&@ElD375?R8&;wGfNJ0Ew>i-y*gd~Ed(KHvV$3VHYjo*KO4>G&$>Nf0eW$COGfjr1*-H!`6MjTacAV_CVr zjn2dmyYHt8M$PZTPlW!${#F*|7M8T~)6)+c@shKV`?T>=9W4D6I9jN4PcAgiCl?~B zpnvggnK)Gr9p)E5@6u*;H?1(=;zSKzVLq}D19uNSaa-9JipG7LdO9?Akj%bE*#`9| zAbR)syyG0l=JfpBcsZ5&zQzitshq>&7~W?-dv{c&)KkfSp(gT~!?pR?%7d?<6EC=@ z#=9&;`244Dk>!8BV?nnDRbJg6fgqE^e6;bTbL;Hfc&IM{g!UZ7YBDep zul=DdYO_BW6s|1um3AaCL^CFb4GJWGc)Tz1SKp>~$Cf00jgRkXsla>Y$i*K73i^q* z<%|0!KLL{!lF_Q|60(LdY$J{GJfG!$tvzLG9{&xhdSm0m3ub*3N~S{;vyVwNV|Zs;XrGA# zL&HFnYw+eGb~tGPq?0uZUu+WI(E@)sm@ydH^;=EoTzMCr|H748RV`n;_IIgn+lwsU z6^Na_Up|MvekRzfHD1{`U?Z7AiN=44khCSUy%sVc>*}Tiv%nmSxI3aq7HI0l`Y^84B9e_GrlPM9+fhg;1;DqJy`Ac)K z*4GaXx|1uj9CvK#`eTtf?noA6_~_+m;B@LAyPB@j8a>b6tg<|QTJ>KQ??<<*YVb(= zLbC8H07l-H&XqMjegQiAh)-e?mHyp{u672M#yq28nVaD_HZM_|yEI&I9Vu>9>!#%* z($~gql?z;@R|o{+L!%N;SCV6kG_#3Yz1?#~Z>w}0eG>q*Hc@Kk1HHqI3hfF-fj{jh zYfj+^cnv^aP$cE*lxdc!Lz^VxHtiMx$@>)N&@b-qeMt%gmX?ny^yCU$v&7AMZZGgs z_^(jqL(@Ckh5gTWuWMJGlDiIf%meH=o8}H)zb2K=-r7`njsJI!?9N|zSyrp4F$Uh# z+uQl}w;IaI#BmlWz*N9(*RpS9#YY=Xhwx-6q>mmfLpO{avz2na0Yltx)LIX{GM(AK z^1a_P1>tOX>oeJF)f`RSYkQR<#eb^XlY6H3sKy$tglp++B&G<%m zXH;hZuX<-)PP%OpXP(S)XdIuo|9iHXSss0F-6I&z2VxL($hA(y?`n=tG^O_ z@RThUWx{35T_qW7z>rX>mzRS}WY+0r;X7V_#Tei(G@2=}%gVyf4-be=*@Dt=ZEv|$ z_Bi9-NLH^6NwCxgRmksau995s4i0v^h5Ca@cJvy)wvn>WljrkrcdTZu#nIZionJ{` zcc>;+=w`eAR7N)wkOC>e$HPv6Yqg)2EX$7_(zbYack})-w=HW-(5Z!_9W2?yxw=uK zl`3ijK3R<-#V?Hpax&E|czktoS7pGg&@aRcR=Z^LyRrNde^GvG^br~m@kQ#nS2iS6 zv6-2f(aFafoDd*KLIa6ebw-t%fQRT?%Rc$#+e^5JY@h@R#2*K|-t`9f+w=NJ1`o_y=G=DR#R4lc84Qe!W zai!D2-I2?mS!`zeNl)uT7mXRfdEx4B({g}!OOU8PkDh~o`;p^gB7;aSk{gfb-vI#+ z-CS>+Fm$i9SizJYz`2~VCO{=`H!9btr!4A!*&LQ}@)tXPZH$Kd-$8B zZ}BI^X5Cc90ktYCK?&LxDlI0>vL>;q*c>|aV1=K>K_XME_?(<-;&S@TpoG0pylf`& zbjco6Y5T`vg&!0ITvKLC5AT*U<_cjmrkeB{PvT#U?Xvsi?K2rDUnz z(R?XNV^b~Ghe=cTcd6{6&~9#FPJj=?LP$OP@e z4c0iVBgpe;DyZQ?rUt~^jD z(QAZtm)k}lCRs1-}a?5oW+oYBH1!hWUd`w{oclffpQ19zuYR-5~gfy9@` zz`Ivjxn4t%r%FwSjSUVo(b@73iKW`DUkctXoSicY+*lp3a5~Jdtbh7rWTa7~olB0# zqW^n88+AP%d}Uqtt?S_54gL>E8r_thJA1TKx{sGC3eNW*98-sm%_}wk3OPPMJ~qc? zPVU{3CUe>7k?xCuEw#x5&ZpTO)_c#xk<8-<4}?TiH184-kkJ=s=bMi3o{G94M1-kY z19E2~t9MS$^K7=@eIg>iAazU)ag1z(+`JSKDL>oxxKx|e(?hl5W0CB)f@~r=QLqd+ zuhr+a7I&Z@?xD@9_sc-KIyk+682r?|rH8AtgC?k#rRLjYiEc@}S=sp1!f%&NLV^?1 zJfCju<$5UxGzwE{e?DW;z61;9E=HSgcoxhKTz?JO;|nJGp*1Dp%lgOxN{_T5jdEv- z8*CNYfbSDxuPJ7MKL;b8+kx~Pdh5KlwpwGU4;N@Qq@e@|*Qc-Jhm5XNC;QU}&rzd! zSS5ks{LzO}xol_mpu5opZ;~m;yY@E-h@TL`dAtwbgGr2?i+m0RvC=OrXzjqK1Op|^ zh6;cjFS()NJsha@3Etfc_%Gk`HM<|xUSB~@PuK3Qh|m`eT3n$y#-N}INf(R)7{qg= z8!Y^_*zjh)bqz{KC#OaW5>B~X>D;@gQL9-2D01z7k!B^ah1eKq4r@a~ z_0~&xP~X4y{jD!Qk~(vGHrW5yqu&WUa#7LI)5p2kly@c&goE)?Ey{OxE5GN*U8YNP z7`yu!KiE^OA8ldVT6BWcH*#9{p9)~F>F?go&hMr9DbHeM@dDY0?`;oZ8^*4kV`E7j z9dJ-@aTGk`p3_ght!sQuu6}WI4Vr|1Dr^kwS@Ca-`#vl!>F&*VusU2G#sawfu$7&zJAy#1s za6xRw)A+zP$@T0RBD)*$o>{H7SKEO>~l%eM8;RY4bR_QK(44 zk;RrpAe0spzj~SbtDU=C0xPxPM=`KJ4Is)`6wskW78`OBzC=OU0EXcZvRK*KufIV1 z4bmp?1;=k0gbf!dwW74!uYUb$$FZ@|D`WfMg$*y^1?yqbj>%lDr^Q=IeTCj*F5 za4K&a1oy39oM{4I8=|V3xRNWjT4gM{rHz}1 z>n^{znqoq~P(vuD6#$f}!Jn#NyHaoG?6v-BZf(Qt@&e(Uoj#jsp6SCe&BN2|@c$m} zJ2}Re6rmusw$yk5DhavS4%K6G?nrF<`;ONyLNQ}$pR9KPU80nXRbplRNAFWQJJsR0 zT$o~|sMkwJ^7OBqXXT|`f5QBPEP);qbKd`3K8iv>qkAVdXn|#5A^O$YLXhq53EQU8XE8j_ar;pV<(cI z?)}j(?%J0bhuowqh`4j$ESHN@9)4b6xWGUK`Sd}nF7|TgmDD#2?B?oE{xP(vOXl(s zd_ey4Lw(u2<^ChaX!#32AE(onYNwVKX38*T{!`llFv|o zeZepwf2MXJ8h#|gGskbua0b2K}$HMBcYGnn#J%j*z;#Y*)!1#BcB8** z^;$qk2!u104n$;R067j|3m8Q+m(Ti|;ShtV1@8V)*TKhbT1>sMnn6dxA+GT>RB;qbp;F>Q>waX zbp>y7ClG_zAIk!0;>wV}bQ%I_v0c4yuQlL-WRv8N0Ipc5KC%yn`eu*~=2ETvPc6W# zU6n)O0WV0Bd5-Hro<6%HiPs+@4k_$bDEgP?X+RWZO_8-+IJ!WLn|M-aG?iodvWJ|J z$vxG(^GUQ+REmX=Y98hK{|Xajg7ksxhXPt?o~i)ys*hbd{4}n8F(h(7l||59K$A$k zXtFDRWHnn?+s&^=DngYW!kHE!DX)b65h>vbs0EAgNC?FLqU*h`#kVJpd-r zDrC6N8TPpl^g0p?bj1<^aeW^}+3g8SXy@uZ1L5O}= zZg$Qqx5X+5`p=&|wQ9)1pqZX)hhZ9wrYcze^#U5xo(}R{&2}T1y2Ga}GD0IS{|r3r zM&E4)L<9u(8oLi4sLZQ%zUciLjwp~L{0=}6An3gqv`~40c4~1sAo2vb*2N2XZyEMQ zL*p~}0xT~260jMt2M$?i*xc@Haar^}g@^M2t#H1_nEiZ}5V><|&gw~?k$Y3NE{&ucf1u#Y%07ESWFQ3-Pm?}HRF zd)kGc`TBwB8mu$hj2d)$#n|@c<(8@5V`*UQG0*OQAI9h75LZ%EMa-R$QdGp$sL-dr z_cUz^3*kyzeu07lgdsUpF!mSZ>ER*uSW|8!YD(j(IAB=>2Ea+jQ-_pHy;oCFrlA2Ut|1dFRQVjtEh+Ng*kmZQN<7uIrqv>{x>@d-YLmI&Lxu&P!cf)J}Lfzk4Y1S7>aS*xe)xew3vh56W{YS{$q%$R~sJp!xa zDV_OnIzmT;l1Va$he*MGoIZeFKy@z*J-(^7hYR!zP}U&+kUz2*%vxm`IZCay9lNQ_1p;B`rhU*E zvHmCN-ytx|uk8H{(!Xc_g_J#O?6n^UTW0PDBm{;(esEzS@~3ByR?If5$G4ojsN~LJ zoN4bXYqWXKoAMv7-%|tkuD*dQot~N52W>g(i3x6y>d0ryABJ=u!Y8V(q9A6Hv80DIo+AP+8tom%0?;HWj zj6S4Mp*0qj(X3Qr&%xV1odM#qYtcmwLG|9lAH$~?vhY26c$|sy*MYWUX*s3YWUZPQ zU#p+I=LGHeP6f8L)>{Nk{HFK66QLc){AAPE(zu)3yUwXs6#?+G;_ZW<#A5Kw5X!=r zB6z_FXuHt`wJ5KjGLkEPFiJo-9W7P>&VppIy<%tq zsVX^(Kfx)J*D@Lg+HuYAh9m&|7MN$4L$V+w27YVrXyT5fAxOc`KpYSJ|D*%_`1EE8 z*nIy9MaAn`3PBRq&{FNGzxAiy<68IoURB4o$FY={io(; zK-mT#Epl5e1xma+Sl`{XsmQ_{6<%m@NkMF8fjb>xOt>-YsK&lSgeEQbus^omltp$`ns@E9f4qNb+)E8kQ4rd79O{JP&zD`*jPJyx=JZziy zF7M*2vv;4mLBNI)EQDjmQi5XZ?$Lc{ov+q1xG{PoaR!}v;4=7X3qdkNznGTg zf80H$AuE}&4rsL=@irg6k3>H*_yGV$Y)18vPO;SyS+`Kn!zZQ~)!kt2uvT+aqR$bc zeMngr1+RJhVn&%d80dd%#KsZ;9=hky-q`&qI2`cJoQ5{mJdSIufK)*?97?onx%+6* z)CysT0}vHZteQRwhj>OyrGZ2;<(XjIKR5tIu18NT-kL)k!UlZZjafhJkbBzoa6Ie* zigC7Gdiw-x!9Izh5wk~L5!IPC9M;-!S3M-boYuRj3&!pvrz}R#eGhQqu<4Z}gdXR_ zqy`8;CA8hjMrJf3Jo}NH)Z(ehdUh`$_rv1&bGQF--*Eb=`M}?A!SjH&0>>@D|4_^p zHVAsQ$0?F!E zp>~!Ew-XuIC(55nt-l2vsNQtV)7=FhN8!T#v?ps9D4Ww~oa2*Od?J8L%3i70*Y;|c z@v1M2Dt}K1>G|;gh+jDLXrp?6kFH4(`ZZod2CsuBZ@ygBU6p-Yo)ol9z3X_&EAuD+ zfAdPHHg)UmPY<(uff&n$U1OuYkKVceBeUrKa($vj8BkJ-m7DXpJ5T;l z3>tS@yAfM{RKkYVtJ{>)__Wh~mKS-&Y1-(K+utolcO_L&Z3oYyTPtOTphEc8dn9-(fn8 zlD3;v?^TABx&7pXbfdJSNWFIDeqEX?6K+ON-iJ5FSafR#kBYHkFV1dwyxtM#roF}s zMoleP%OP}h;n;}lA8{uOOLcY`Jt|NNF4XernQ=!?Y3^1Qsb5&JEK!p_4zRQ7|0p{d zk)+N@{(SAYz{q*V(MidP%@UszPnMYhB&)l5-8RF z4nDA7Z8=F{lZYehX^fYutI8oViblZRgOMRcb>xg_NH{n+!36-c<@HY03wX6hFd&uJ zwzmzb3CeUn$noE;s_7yEilSK@CUr!)glqj5&r%Dr2{<`N{*3zVs^lNLiDl@rf$15v zre7yorgm2>RyV_$9^n1E%MyPCjaMH?!T+51)S+Ww+# zvsNsP8#3`=yIxj!3#toxFT>jXqQTkm%dI6TFTZOkmoSyxE;4DejF_kDV}O2_Sx><& z?#ujPP`d-EPJh@|wNp4B6JsKZrzws*4bLq;CwWhR&QD{1^jMKn~ z=8iF^SPAr4n+7V9Fy}k1Cn~Mgr?+&rMY{MjA|qP*LZgzvW4pP%F@&%L&L1KP%gQpb zv9X0nO1vS<3e3tPlQ4nAIK;)9lG6{0>gs}{xi;+Gdre&j>&`=ODkjT*6xI8rgE&pm zRPI7^$O8pzzwPKV=;#%gOcOFxMBukDz3 zbu%ISc==6By@YFKgs(AY#0Q*dRI1+!QPSA_HtBZQsaI~h#~BQ@2N!%|;FFW_b8_vM zF0y;IaEOS;Mv@!S>2)JuaNceU&D!3&p~+=h(&3rF>)maeaWNfP|s&f6^HwbpB)9|kayd!L6pziTW! zJO!Ww`#arelR6YjCe)cXs4`z|;n1}I&@k?n5n=NUvNk#(^)0mkxH7H4m^&%i=#k21 zK@*eB&k9n*TLP2V82<(5gwn*50!uU$MY-AiEgay_ zoL4jastw6^S#(X;0{ykhZ%|ok`bI`Z1npSghfN`ytZdu<2l>wW>WGh&??qEnoaxb(6EDb+x0(6k%3yXtL&8618|TlC?KGbub> zuzO2->UJZF-io;$2P^3qass%>U#_-(U=p5*q2HdeiTL(u5L! z)2W>-a4eR0UHmnGmf78hrQkr_mBQyh{(ywG3l(>pTC<~ z{mJ2K_BfH=)q$SszQX7?WjEgwJJ{R%G-ygizqc|%1a7s((v89k9zU9yDo~jLe7UWs5xUw(xo5gWg(x77~jUH~7Rif)?NjCKV)v zk?xM_t({Oxa;VCmv<3eKLWVd&*w;YefF}lZ$qV)6i%W~iT{7hg`?ucLB=KUBv+wPBwiV$?8%JbEhcFP>pxFfID(uR$ zOy)^b{wde%m(23bEcf%fnJ7dfc=w&WTjG5ATIRU7eTB!4T78v$we=7eX3XpW%WPbPbKqM1Q$`wS!Z4VHj z%$|N))6?bOJnDM8V2C4#b*7C>LS$sd_PvI!l2g)(pEp`yD@Cf$GT$tnv~%xgT5Qu# z60IPO0FMPX@s3)_9a?o;@)oPZ>~Xv0Vm9Lw0@bmmgg){b5H-U$#^@tDb%pl9iD>wo z-vRzGpA-ueSXMyn1TE{FE}e=taKDe0Rxv-{+g0Ily?Ft)xar8ktG!|e2_QH5zB-m9 zlf+!;lLiF+Yh;Rnf5y0wZAD0NNMgzlo^UldZ-^%e1_s8Tveon>H{94P+3;&1`+{e+ z+9-_17Yy-OC6EUEHKTfY0f4T~M$?exrv3s;I+%v%dp_~r9d;|^edQYm;3arWUyAp7 zQ0-=S67Y@|dz0Juk5IB}J&$gQMV8~O&si7iHCY0H=T)Th_|>Z-o9^fQweL^-=PxlvYiKH#jv?c;t)sL z2v9$D`$_P(@O5y!Sqf|&xf6NPSWH>?_ujKp|O-(edHW4No#G*Ep#sP)h^^wMgI{gSsy+G5cv}z< z5a#M(aE0<2eY3MkYin_E&zD|T(OWox9uRDUc+j3{*1J<5ACtycBtIG~MGwSrW58u+ zXM+d1cHekGz)ZOv`_XiZtH~oELy0on zC6;9IQOzvAe6FD89W*!h{t0KVZu=L*6NFtNKzR{SS04Q?0QD48WC;hv@==|JKV0{| zL$)JxPJ6Jnd7L)3j_l68c5j>x7as6tY~CT+w(HzJ_}<=EW3Z-FxrZMBO)JoteMBRO zzmk8}b!*DoVz57%;s)eymIJKXb(W)5W+(}oTfd8; z^M^ht_&<92)RA;7110c4ft(ILyDJq-%PDaQ`#5Z|fA)`ki|s863JyaAV5S7TAwYRl z%xO0np~LNvO&9r))@>qEzkE)L6?avAlANqLY;TX@+cTCSM=czdDtCNLA5RM07&VqF z$yH`DXU4nsy3OuT(d*X7j;+gJW?=689HsE^ij{fPz4Lk$7WGj<-E{iJVrUPL$6*nA zXBK98vx`9))z~9I7s;FMCp25^RU9=9&UnjH9sGfo@HSngfXLzCPuWP#&p1{~q_#(M za&U|%(~UPXbzFdx1Ui}M=Z)U^8Y@&#$DN&pZ%WC^{#z+o&;0iEE?DlSF3~@n%M@(& z!F)|HIB6zyx=>Q$WA>cG0OBMON zv1dc!si~_c*VAL_r+b>5oQ$0LYGt|4uOce>`g`U9;%vq050TA3KieMr`}(r!P$V{k z(>OlH(@7{RzmbIT*k>gHXg0fB5)=~Ce)VeDh*8^*BYbAR6+wyXn@VlkPRuIkaK58Ig5C+cMf)fN0;DBo?e}TEoPa*Y&Adbf0JnI-l zZ7|cp)0a%EAh3Bp<8(mE*RT4|CKW&X8xM>z)mWX6P8Csc9!NLAqa9OIV|+jxqWbfm z6OdZ@3KiURs&rpLS?SAWLpqYi1qR<{FlrndNRYCyEP!Q577dNQULgsq_t3{>(v=kz zr5H(Ff$fk2PAQ!S>-XbBIGq{;-3W8C9&fEhcVE^Mho8Y)*F7~9ECgE`s$XTuBG$PB$VP%sLn?-;F>>X#~md`v4-&0+DufLxg@?dcqZK1 zNsya4JgDY*)is?QWy@UY`KyDiT1_O8)(Nt*58we0WOXd?qQ* zDL{BEeW5lp-|M0ejgU9Besy0u9Kw>P-9I}U?y%$634~*8$K7L}qhfPa2mb-GFf<@t zXmYrHQXLj^9o#~i&7OiU9B}^*quLobYgWJ(TRpe8jDwI2dgJh%ZDB|8dsIW=r-H6V97-yMrhn;!;L4A5uzuGIkm`Ka^A*jY@)&P>`7_3S3@ zti|OSBBIt9~r&!7b&oUa@fb{Hn7SDlCE?!Ne9wrK0G>%!T#M$#};U&&1=s>Mtr zD41vRM~g(HQvxU+oH4kOPu}>mXJ`tmIxQu64*yBd3nrs4kOlAT>;PeN&&UWuTuD$) zv1MvlLGg8K341FV(ulv2vZ&5~E|JHdtO^)xon&BaVn7O}JvR4X@^~c%$nw<0`#9ni z`msKr9&R-h@=57`d5Ogs$-MA(rIi7T0l{H~ajan^mcTZRBBYtbaWn%~ur{3EzTKAX$m+?oj#HV=&sQ z+{IJ&HE|8Mt5I4AoPYhl>46%YqiO6}87JZw^1)c=#`-m&A{{!wmI{W1N&JBnOVk>B zk!lHS4fEl>cO_3H#0uDSc7?~)LrQ-`L968&I;3>Q&$q{ot{>rVdiC|x-5JONydk8e zkZL=gBU}oLy&rU%WxQi!D{?eQDF96ud6* zpUsmxL5geuCi3lzc)cGI8REYTMV@!VFK|DqG|OVQo`YjHKJQJoz3nksSMtTB2B?2- zlO{O%1sDuOUyx7AJsq5x{&mTSo|FL5v)bIq`w#QSd3aJP?b3U%9RtBd!md%3SyH#F zL;d1619%w>la_bPkgV7omu=xhS0COHxAs+^Z{?^Mf?I@wD+M(y3JDZmMI75>l6ncc z;()n)Qw%@UB-D+na94d(5#@WOLsyOz15tohn{-sW!j3Tk8tpkf^ZcI;b9mbFB??~V zK_mZgFK7dfgHy7H^xaZa_=l&fILy42Nc;F$bMK6y6Dv8lJGSJNNPjeRAzm1H@5-Mp z!@WUf^w!Rwm$XyCW16kE4(qjUtlUQvz`tbHctuGXD|T;y_bw81EcD#%-@JFZrQwS7 zTHH-IWvf0P`K=3Wp`WGYG_k8-h#x$$H?UX4xlAdu)MFF6F!2AL7MF%~rlr#6e=B|7 zG(W1;qWh{x)=H$ksh1eC3r<7Mm<+1l$Caxtj~Tkj8M8HGp%qZBvr=6Mr#zXawzo#j z49J0l8^eYetE^gw1T2IUeIA(`FJwqS@h$+0bteb(FU4X@)3}Eu`e~8RGWlU2o_%Rk ziA|<|JI7UntAKOqJm>KBv1 zYK?wyS*8+iaxz2d{t-23wPNfCQg5RVRR%4B!2Ci5FE=gs?xbYQo>H}ADs;$Jpw|v) zx3U?xEeaZ9Q_P@Ule(mFmiha;?UnoEW^gE;gtsP^a`*hvPtU1>nKz%;QR@rZ@ z(5 zUle`L$>=)51l7C>wWL>ceIpj)0%*wxf1h(_Rw7$IQ=kk$`x)Av^qIR&NESx+MY$jl znGboUXDTnhSSPa2%y)jWg4d#=cl`F?AzIrf{b}9hK{+69eRWJDdG6a<4F~XJ0kugy z?O7(i2kgEp1?hen6f5P2#Hv^%f6uS{!%FYM1>GViO4GBtAK7&j)}>PAdc-tXD~R9< zDUBy+5`(( zHl0f~f$Z&CoNNy_gw_1q8v7lbq}2e0PrFmk)fD6&)sI44%P&UM^4MaSHGae4N(`Ru zcWeE1k9w!|yCe6LPDYrKk7J%6@4Y#^U*hA)`9qSF6lwFdt0`Kckfqd2j@RwOWjn-8 zvRt6gVQ|WX8>zb7L#+u+ITRYxMK+v{?Z35il!L!$a6XeDrc8~e;uZWXG37D8T9_3p ziFq!9pkJmR!QviP;6}WYF4+T=sEu^BBJ4uQ~M|toyY&%pE)h7-y_YBg=T<3x{q4Y5zb0b>kZng%XzQugShcH;E?e=_IpX2XtOSsyLqR-)Kv( zNre`VP~vg3DeMOVm9`u1N$ZEH=F$B>4}QHyynrZPwy2mYie`ZmBEz6%V)!ze04%Z~ zyb>mynRS+55R_}g5j14a-bxv-3oz&yu!(u#>t@{i^Tm3Xwa)bhI z%gx0}^ZK-Ru{%az;j!D9`4$7+5aWXZ#-h92&~26HiFo++p0+GSduEG7#t&aB(%`J{ zZ-uBnY$vfU=obM(4=gbjhcxHv6t85UISi-EnNjEmOsfH(L#P;I;#L=t^8Id%0+Iz9 zR3Po!nho9VDL)IPfETV;%;T)-ZQ#e7)W+m5D+K+ecdd8F!5H*~SBm7DKOVyD14dBkOP!*D`HP zIkgv`Bi2vFbvhV-Kh(G4Q8%vljCJ?$jmWSyX-S7~7w7yEcz;!kxcIK_dVBK9#{eI4 z!Rk!;?sMA9F9J4in0PgEH_t9=64p2Ex13e?oy$M;Z=RSn<+eo6s^rnEza?#oTW3p; ziOyHqhI_>O-Xv5%FTOo1!gXspM6XWLBIe1^J9-(|1akFKJf~Q+od@d zNRyxU`Y|e+!Du>+h!mx$fWTh_*Vah zF1ZgHa1GNl-=|lOGsilUl3jEP)31%1EUHl`Hrvc(6bpq@aL=f%y|x!1l`s7L3?1*e zo@!`PF}CbX=m~gd5^rJE7pH3}U0%eae;*rt>9wYGtS05`J(ikOe6@($ z-QKM)0h^@jOWe1=!n4+)#DDf~qK{x(yIZhelFo0gzBF)CBrt`xW9FaCn&t(W6kI$P zxUoH#Bo;+j@v$*}C1*#OQTMpcui`}VyQiLUGHlAk_J$w%wFuqrVS{yID$~9%JMT|e zg6=TOC?QOWwaJah7k^;S`KwsctZm-yQ;R*4pru-v-)?y|P2=vz$k1jM)>acl^z_(` z6B H3~qXjAQQ6f|4Kbc9_8MZu1^`U9My#44c`=SZ>KgQ|Q3x3;?@Vs2wBE1kit zOmJUa`-1dIhMQ4DOuM4uoEO7)3);ug z#sHGVu6}#80{x%9zSj#XnywjS7zRdbkpapA@m{x&GO{O{pAefl{Il5^pT54^r%>%r<~nvW7@_I;D_drDA#962Lc84U5&8KXy333@-lqzLgrJ&)(E-4blexsB{0)BejH%37yXk36;!2 zqD%DV%2?6NNSs_QW#i#ro^Ng&^^F`xPV^!Mi-@ans;Y^oseK6xQJPyN(#U-&r=qBa zD6X_MtaD$FedeAo8b}+rkg(e zSjdf{-_<1d>eoLV#Ay1YzxJrvMp-Wf7ka8NpQh`BnF1%eYsW@B;4FsVpaQ`rg)E>z zQ^5`uW{GP}%fZ|rpD26onW_jtt{rk9cFl8r2;X+hEI^a0`C)^oD&Fai&b+%Wy2Z4( zE31Z$+Yb3~o=*I@^w8c~9rLZac;g0^?vs@=+QyilR<}@VFs)3~jckdQR~Ce-UDrY= zM922y=Z9%J5jiUIK9;Z#!N8OCaq?Yuw&63>e5cn;Kl5V7wY$pIYP7Xc^F!+r>uNG~ z^@Wz8EhEDmd{Y@2cJ;eSw(gnrd>)xeFo7|i-4z`%nGY>vMiFqm(K5()r^Dw_6RS9Z z(oBvb$x_Ko=B|iyr&m#DgY(OZ!)lbGbqLZp{QX8W*zhr-EdwNiF$fY_C z&C#elrwF2ek8=y&RJ;<_4*DmWi~=5vB$iW8ln#mT(6NmD`bO!^`;;vr8O#DEJHMLq zTCplQ!aTLIL(}>{LI0#La~8j*Sius$+ltae4Pqrdzx>eCj2Iz|8Z>VIp{0Lh?$P$O zhY03qi1z~d#xl~z%PHSH!aXza6CZYM!?_ZFfS8ZCM%C1EnJn(9J3b`UPyV=P%uTOB5Px7Xyu6o`)Utgju!}F5(5#do%q-?KK zDL7Bw#QNd6xrC)G5d$5VYu)#As_^x5-rScjZwcWeJnKVc?P;o;k^Wp&9?{7?DOzYM zoP++6B|IU$BZ~|T!U)mo@Qyi^s*@%f^qG;aPdP;XPGSDb_|V^kOv2;1t8$ZeK~qHp zlO_sGY%p})Wj^$MST%Il#%%p8sS3`fw~mUoV@IFNebHoDS+;=wPc4RUBAg~&zOXJ* zw1|QNEtoSD6majtEuS=G_wXv{pPDRT8`*X+7`Pw+^A~Q9JQf@(yjiupBA-6Z#_}7c zKEkrT3}2$c=WJ})FU-s>)sy{2SiHUYjKqS+2{p0c4Lh_oH8pMGBsvtjO-p0i>zuJW zNh-b=ZWnXC=w_{#&!6O6s=HT5L-W0f4)A(Qs#}RdNf}VmSXNk%?6G6%w1ySC-?fyK1ibPppGjshb=JIBtbdwRd%hY zsRI?VtG)%Z&x!|);avERaP8$U2U$0hevuHjHXlt4~3HRY_QZ{Dw#8J}0OE*`%ALV9KKe+7vJcKV?<-CbQM7J`P#>gn#T zTh_6o?=@VOFxAPwPtu|tEnB}L+Q!T&v(AFJ00PD1fNRCjT0sXIS}QP-x4x4ylesaI zx2$1(h^5nJE{>u1YJ z3+3>0f5MtaAFoqEprfONJHPV{3=GU^@d*GnZXEWFQ8nG&UHHu6%TWlLyX}~eTP6S; zK60qxGT+{Rq;6SSbJO(`rZ!bB3tMZ^f`}1`ckG{zT_6*RKEInGM5rU0)04&pV?!3R9a( zcW9+xSB*`=jA+W8D2s#u_m<5BX63R>{Dj6t6brYDiPd(Qq`yz@(pF;uTQNRC+JzEX z-_`<(6+#mt2sFabzy&k__I~gvuxWixxD#-ObD6jn-57&k|7Hb-pL-!&iHc7a!1Xr{ z;n?xxcx|+HFfosL^FE3~p-^|9H{W~#o7HX<5rT3=KBDxET+vSdI5joy;v`_UxJX#Da^YC#(=N*1b@B zK&jXf?lMW@z$HMeT-F&FO1VG4X+d;I#_F#44hw+1PesIgf~ZO(v^HaXGZTz)7tL4$ zr3gd{*0>85dOw*3ockp0J2xh}%DC@=hcWzz=f_HR0RdRG@{u$8Ee}2L3-r&pugjr5YptjN22xQpLfm%9YK)|Z4;4ZhV!IE7Pkvz zTG))$U2kF+5$`6cpK+47PHg5FAmhr2TV%JM!LURC8ITHK!Vt`yWS68eRjdWz1%?3Z zeq)a>y5h!aq4B7+h7R&GFy7k#HeT4YIoCJ0Z0Pgo`#|5g>M(2eEZp(k+wqfo?ybAu z@e}W3>&x4!H;iFHec{Gyv2fufK42?FG~Lf5A=Y!ENYmpEIII*bj1z4{-QrzY z>GZ_o zzu9EVcu~Yqly5aZzV=C&a&4=-SS;eE>zCC%zEM8C=yH@#m2vOS?`!FJFgM+>3}3tD zW^tDYb;zdV0+C>6<4f606Tja3wypPpgDlua!j1S3Q4h;F)g;L|$)qOwk0Ra^K)v3U zfD_+Hz?p!^3u24~c>%ZH#X>F?>fJ6rNrj?M{=x%Q-` query string parameter to the {kib} URL that you're embedding. +If you have multiple authentication providers enabled, and you want to automatically log in anonymous users when embedding dashboards and visualizations, then toggle *Public URL* in the *Share > Embed code* menu in *Dashboard* or *Visualize*. -For example, if you generate the iframe code to embed {kib}, it will look like this: +You can also use the *Public URL* toggle when you're generating permanent links to dashboards, visualizations, and saved searches. -```html - -``` +NOTE: The *Public URL* toggle is only available if anonymous access is properly configured and your anonymous service account has privileges to access what you want to embed or share. -To make this iframe leverage anonymous access automatically, you will need to modify a link to {kib} in the `src` iframe attribute to look like this: - -```html - -``` - -Note that `auth_provider_hint` query string parameter goes *before* the hash URL fragment. +For more information, refer to <>. [[http-authentication]] ==== HTTP authentication diff --git a/docs/user/setup.asciidoc b/docs/user/setup.asciidoc index 54bdfff8e0bbb..ba848681689b6 100644 --- a/docs/user/setup.asciidoc +++ b/docs/user/setup.asciidoc @@ -59,3 +59,5 @@ include::{kib-repo-dir}/setup/connect-to-elasticsearch.asciidoc[] include::{kib-repo-dir}/setup/production.asciidoc[] include::{kib-repo-dir}/setup/upgrade.asciidoc[] + +include::{kib-repo-dir}/setup/embedding.asciidoc[]