keycloak-aplcache

diff --git a/.travis.yml b/.travis.yml
index ecb0930..8275e00 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -3,6 +3,8 @@ language: java
 cache:
     directories:
         - $HOME/.m2
-sudo: false
 
-after_script: 'misc/.travis/after.sh'
+before_cache:
+  - rm -rf $HOME/.m2/repository/org/keycloak
+
+sudo: false

broker/core/src/main/java/org/keycloak/broker/provider/IdentityProviderMapperSpi.java 4(+2 -2)

diff --git a/broker/core/src/main/java/org/keycloak/broker/provider/IdentityProviderMapperSpi.java b/broker/core/src/main/java/org/keycloak/broker/provider/IdentityProviderMapperSpi.java
index 44fb65d..b0ac20a 100755
--- a/broker/core/src/main/java/org/keycloak/broker/provider/IdentityProviderMapperSpi.java
+++ b/broker/core/src/main/java/org/keycloak/broker/provider/IdentityProviderMapperSpi.java
@@ -10,8 +10,8 @@ import org.keycloak.provider.Spi;
 public class IdentityProviderMapperSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
-        return false;
+    public boolean isInternal() {
+        return true;
     }
 
     @Override

broker/core/src/main/java/org/keycloak/broker/provider/IdentityProviderSpi.java 2(+1 -1)

diff --git a/broker/core/src/main/java/org/keycloak/broker/provider/IdentityProviderSpi.java b/broker/core/src/main/java/org/keycloak/broker/provider/IdentityProviderSpi.java
index b507e55..3348bd2 100644
--- a/broker/core/src/main/java/org/keycloak/broker/provider/IdentityProviderSpi.java
+++ b/broker/core/src/main/java/org/keycloak/broker/provider/IdentityProviderSpi.java
@@ -29,7 +29,7 @@ public class IdentityProviderSpi implements Spi {
     public static final String IDENTITY_PROVIDER_SPI_NAME = "identity_provider";
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return false;
     }

broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java 8(+4 -4)

diff --git a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
index 1977bd3..a4fe1cf 100755
--- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
+++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
@@ -180,10 +180,10 @@ public class SAMLEndpoint {
             SAMLDocumentHolder holder = extractRequestDocument(samlRequest);
             RequestAbstractType requestAbstractType = (RequestAbstractType) holder.getSamlObject();
             // validate destination
-            if (!uriInfo.getAbsolutePath().equals(requestAbstractType.getDestination())) {
+            if (requestAbstractType.getDestination() != null && !uriInfo.getAbsolutePath().equals(requestAbstractType.getDestination())) {
                 event.event(EventType.IDENTITY_PROVIDER_RESPONSE);
-                event.error(Errors.INVALID_SAML_RESPONSE);
                 event.detail(Details.REASON, "invalid_destination");
+                event.error(Errors.INVALID_SAML_RESPONSE);
                 return ErrorPage.error(session, Messages.INVALID_REQUEST);
             }
             if (config.isValidateSignature()) {
@@ -354,10 +354,10 @@ public class SAMLEndpoint {
             SAMLDocumentHolder holder = extractResponseDocument(samlResponse);
             StatusResponseType statusResponse = (StatusResponseType)holder.getSamlObject();
             // validate destination
-            if (!uriInfo.getAbsolutePath().toString().equals(statusResponse.getDestination())) {
+            if (statusResponse.getDestination() != null && !uriInfo.getAbsolutePath().toString().equals(statusResponse.getDestination())) {
                 event.event(EventType.IDENTITY_PROVIDER_RESPONSE);
-                event.error(Errors.INVALID_SAML_RESPONSE);
                 event.detail(Details.REASON, "invalid_destination");
+                event.error(Errors.INVALID_SAML_RESPONSE);
                 return ErrorPage.error(session, Messages.INVALID_FEDERATED_IDENTITY_ACTION);
             }
             if (config.isValidateSignature()) {

connections/file/src/main/java/org/keycloak/connections/file/FileConnectionSpi.java 2(+1 -1)

diff --git a/connections/file/src/main/java/org/keycloak/connections/file/FileConnectionSpi.java b/connections/file/src/main/java/org/keycloak/connections/file/FileConnectionSpi.java
index ec64192..5929a0b 100644
--- a/connections/file/src/main/java/org/keycloak/connections/file/FileConnectionSpi.java
+++ b/connections/file/src/main/java/org/keycloak/connections/file/FileConnectionSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class FileConnectionSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

connections/http-client/src/main/java/org/keycloak/connections/httpclient/HttpClientSpi.java 2(+1 -1)

diff --git a/connections/http-client/src/main/java/org/keycloak/connections/httpclient/HttpClientSpi.java b/connections/http-client/src/main/java/org/keycloak/connections/httpclient/HttpClientSpi.java
index 510b164..01cbaa3 100755
--- a/connections/http-client/src/main/java/org/keycloak/connections/httpclient/HttpClientSpi.java
+++ b/connections/http-client/src/main/java/org/keycloak/connections/httpclient/HttpClientSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class HttpClientSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

connections/infinispan/src/main/java/org/keycloak/connections/infinispan/InfinispanConnectionSpi.java 2(+1 -1)

diff --git a/connections/infinispan/src/main/java/org/keycloak/connections/infinispan/InfinispanConnectionSpi.java b/connections/infinispan/src/main/java/org/keycloak/connections/infinispan/InfinispanConnectionSpi.java
index f76c070..a4db87e 100644
--- a/connections/infinispan/src/main/java/org/keycloak/connections/infinispan/InfinispanConnectionSpi.java
+++ b/connections/infinispan/src/main/java/org/keycloak/connections/infinispan/InfinispanConnectionSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class InfinispanConnectionSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

connections/jpa/src/main/java/org/keycloak/connections/jpa/JpaConnectionSpi.java 2(+1 -1)

diff --git a/connections/jpa/src/main/java/org/keycloak/connections/jpa/JpaConnectionSpi.java b/connections/jpa/src/main/java/org/keycloak/connections/jpa/JpaConnectionSpi.java
index d565357..61eb816 100644
--- a/connections/jpa/src/main/java/org/keycloak/connections/jpa/JpaConnectionSpi.java
+++ b/connections/jpa/src/main/java/org/keycloak/connections/jpa/JpaConnectionSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class JpaConnectionSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

connections/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterSpi.java 2(+1 -1)

diff --git a/connections/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterSpi.java b/connections/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterSpi.java
index c9bd8ee..eaddc27 100644
--- a/connections/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterSpi.java
+++ b/connections/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class JpaUpdaterSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml 22(+20 -2)

diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
index c1b385a..2d9c38b 100755
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
@@ -19,7 +19,7 @@
             <column name="AUTH_USER_ID" type="VARCHAR(255)"/>
             <column name="IP_ADDRESS" type="VARCHAR(255)"/>
             <column name="RESOURCE_PATH" type="VARCHAR(2550)"/>
-            <column name="REPRESENTATION" type="VARCHAR(25500)"/>
+            <column name="REPRESENTATION" type="TEXT(25500)"/>
             <column name="ERROR" type="VARCHAR(255)"/>
         </createTable>
         <createTable tableName="AUTHENTICATOR">
@@ -28,7 +28,7 @@
             </column>
             <column name="ALIAS" type="VARCHAR(255)"/>
             <column name="REALM_ID" type="VARCHAR(36)"/>
-            <column name="PROVIDER_ID" type="VARCHAR(36)"/>
+            <column name="PROVIDER_ID" type="VARCHAR(255)"/>
         </createTable>
         <createTable tableName="AUTHENTICATION_FLOW">
             <column name="ID" type="VARCHAR(36)">
@@ -94,6 +94,9 @@
             <column name="ADMIN_EVENTS_DETAILS_ENABLED" type="BOOLEAN" defaultValueBoolean="false">
                 <constraints nullable="false"/>
             </column>
+            <column name="EDIT_USERNAME_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
+                <constraints nullable="false"/>
+            </column>
         </addColumn>
         <createTable tableName="CLIENT_SESSION_AUTH_STATUS">
             <column name="AUTHENTICATOR" type="VARCHAR(36)">
@@ -107,6 +110,19 @@
         <addColumn tableName="CLIENT_SESSION">
             <column name="AUTH_USER_ID" type="VARCHAR(36)"/>
         </addColumn>
+        <addColumn tableName="IDENTITY_PROVIDER">
+            <column name="TRUST_EMAIL" type="BOOLEAN" defaultValueBoolean="false"/>
+            <column name="UPDATE_PROFILE_FIRST_LOGIN_MODE" type="VARCHAR(10)" defaultValue="on">
+                <constraints nullable="false"/>
+            </column>
+        </addColumn>
+        <!-- migrate value from UPDATE_PROFILE_FIRST_LOGIN to UPDATE_PROFILE_FIRST_LOGIN_MODE then drop it -->
+        <update tableName="IDENTITY_PROVIDER">
+            <column name="UPDATE_PROFILE_FIRST_LOGIN_MODE" value="off"/>
+            <where>UPDATE_PROFILE_FIRST_LOGIN = false</where>
+        </update>
+        <dropColumn tableName="IDENTITY_PROVIDER" columnName="UPDATE_PROFILE_FIRST_LOGIN"/>
+        
         <addColumn tableName="USER_REQUIRED_ACTION">
             <column name="REQUIRED_ACTION" type="VARCHAR(36)">
                 <constraints nullable="false"/>
@@ -158,5 +174,7 @@
         <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="USER_FEDERATION_MAPPER" constraintName="FK_FEDMAPPERPM_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
         <addForeignKeyConstraint baseColumnNames="FEDERATION_PROVIDER_ID" baseTableName="USER_FEDERATION_MAPPER" constraintName="FK_FEDMAPPERPM_FEDPRV" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_PROVIDER"/>
         <addForeignKeyConstraint baseColumnNames="USER_FEDERATION_MAPPER_ID" baseTableName="USER_FEDERATION_MAPPER_CONFIG" constraintName="FK_FEDMAPPER_CFG" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_MAPPER"/>
+
+        <dropColumn tableName="REALM" columnName="PASSWORD_CRED_GRANT_ALLOWED"/>
     </changeSet>
 </databaseChangeLog>

connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java 5(+4 -1)

diff --git a/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java b/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
index ed6844c..dab99e0 100755
--- a/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
+++ b/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
@@ -43,7 +43,10 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
             "org.keycloak.models.entities.ProtocolMapperEntity",
             "org.keycloak.models.entities.IdentityProviderMapperEntity",
             "org.keycloak.models.mongo.keycloak.entities.MongoUserConsentEntity",
-            "org.keycloak.models.mongo.keycloak.entities.MongoMigrationModelEntity"
+            "org.keycloak.models.mongo.keycloak.entities.MongoMigrationModelEntity",
+            "org.keycloak.models.entities.AuthenticationExecutionEntity",
+            "org.keycloak.models.entities.AuthenticationFlowEntity",
+            "org.keycloak.models.entities.AuthenticatorEntity",
     };
 
     private static final Logger logger = Logger.getLogger(DefaultMongoConnectionFactoryProvider.class);

connections/mongo/src/main/java/org/keycloak/connections/mongo/MongoConnectionSpi.java 2(+1 -1)

diff --git a/connections/mongo/src/main/java/org/keycloak/connections/mongo/MongoConnectionSpi.java b/connections/mongo/src/main/java/org/keycloak/connections/mongo/MongoConnectionSpi.java
index f391dfd..9c5c532 100644
--- a/connections/mongo/src/main/java/org/keycloak/connections/mongo/MongoConnectionSpi.java
+++ b/connections/mongo/src/main/java/org/keycloak/connections/mongo/MongoConnectionSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class MongoConnectionSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

connections/mongo/src/main/java/org/keycloak/connections/mongo/updater/MongoUpdaterSpi.java 2(+1 -1)

diff --git a/connections/mongo/src/main/java/org/keycloak/connections/mongo/updater/MongoUpdaterSpi.java b/connections/mongo/src/main/java/org/keycloak/connections/mongo/updater/MongoUpdaterSpi.java
index 830aaa3..ed92458 100644
--- a/connections/mongo/src/main/java/org/keycloak/connections/mongo/updater/MongoUpdaterSpi.java
+++ b/connections/mongo/src/main/java/org/keycloak/connections/mongo/updater/MongoUpdaterSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class MongoUpdaterSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java 9(+3 -6)

diff --git a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java
index 551d0e6..c8097f6 100644
--- a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java
+++ b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java
@@ -6,11 +6,7 @@ import com.mongodb.DBCollection;
 import com.mongodb.DBCursor;
 import org.jboss.logging.Logger;
 import org.keycloak.connections.mongo.updater.MongoUpdaterProvider;
-import org.keycloak.connections.mongo.updater.impl.updates.Update;
-import org.keycloak.connections.mongo.updater.impl.updates.Update1_0_0_Final;
-import org.keycloak.connections.mongo.updater.impl.updates.Update1_1_0_Beta1;
-import org.keycloak.connections.mongo.updater.impl.updates.Update1_2_0_Beta1;
-import org.keycloak.connections.mongo.updater.impl.updates.Update1_2_0_CR1;
+import org.keycloak.connections.mongo.updater.impl.updates.*;
 import org.keycloak.models.KeycloakSession;
 
 import java.util.Date;
@@ -30,7 +26,8 @@ public class DefaultMongoUpdaterProvider implements MongoUpdaterProvider {
             Update1_0_0_Final.class,
             Update1_1_0_Beta1.class,
             Update1_2_0_Beta1.class,
-            Update1_2_0_CR1.class
+            Update1_2_0_CR1.class,
+            Update1_3_0_Beta1.class
     };
 
     @Override

connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update.java 4(+4 -0)

diff --git a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update.java b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update.java
index f05e79c..cc7a2d2 100644
--- a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update.java
+++ b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update.java
@@ -53,6 +53,10 @@ public abstract class Update {
         log.debugv("Deleted entries from {0}", collection);
     }
 
+    protected void removeField(String collection, String field) {
+        db.getCollection(collection).update(new BasicDBObject(), new BasicDBObject("$unset" , new BasicDBObject(field, 1)), false, true);
+    }
+
     protected void renameCollection(String collection, String newName) {
         db.getCollection(collection).rename(newName);
     }

connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0_Beta1.java 20(+20 -0)

diff --git a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0_Beta1.java b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0_Beta1.java
new file mode 100644
index 0000000..ba9d616
--- /dev/null
+++ b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0_Beta1.java
@@ -0,0 +1,20 @@
+package org.keycloak.connections.mongo.updater.impl.updates;
+
+import org.keycloak.models.KeycloakSession;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class Update1_3_0_Beta1 extends Update {
+
+    @Override
+    public String getId() {
+        return "1.3.0.Beta1";
+    }
+
+    @Override
+    public void update(KeycloakSession session) {
+        removeField("realms", "passwordCredentialGrantAllowed");
+    }
+
+}

core/src/main/java/org/keycloak/representations/idm/IdentityProviderRepresentation.java 55(+50 -5)

diff --git a/core/src/main/java/org/keycloak/representations/idm/IdentityProviderRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/IdentityProviderRepresentation.java
index c456355..1e74002 100755
--- a/core/src/main/java/org/keycloak/representations/idm/IdentityProviderRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/IdentityProviderRepresentation.java
@@ -29,7 +29,26 @@ public class IdentityProviderRepresentation {
     protected String internalId;
     protected String providerId;
     protected boolean enabled = true;
-    protected boolean updateProfileFirstLogin = true;
+
+    public static final String UPFLM_ON = "on";
+    public static final String UPFLM_MISSING = "missing";
+    public static final String UPFLM_OFF = "off";
+
+    /**
+     * Mode of profile update after first login when user is created over this identity provider. Possible values:
+     * <ul>
+     * <li><code>on</code> - update profile page is presented for all users
+     * <li><code>missing</code> - update profile page is presented for users with missing some of mandatory user profile fields
+     * <li><code>off</code> - update profile page is newer shown after first login
+     * </ul>
+     * 
+     * @see #UPFLM_ON
+     * @see #UPFLM_MISSING
+     * @see #UPFLM_OFF
+     */
+    protected String updateProfileFirstLoginMode = UPFLM_ON;
+
+    protected boolean trustEmail;
     protected boolean storeToken;
     protected boolean addReadTokenRoleOnCreate;
     protected boolean authenticateByDefault;
@@ -75,12 +94,29 @@ public class IdentityProviderRepresentation {
         this.enabled = enabled;
     }
 
-    public boolean isUpdateProfileFirstLogin() {
-        return this.updateProfileFirstLogin;
+    /**
+     * 
+     * Deprecated because replaced by {@link #updateProfileFirstLoginMode}. Kept here to allow import of old realms.
+     * 
+     * @deprecated {@link #setUpdateProfileFirstLoginMode(String)}
+     */
+    @Deprecated
+    public void setUpdateProfileFirstLogin(boolean updateProfileFirstLogin) {
+        this.updateProfileFirstLoginMode = updateProfileFirstLogin ? UPFLM_ON : UPFLM_OFF;
     }
 
-    public void setUpdateProfileFirstLogin(boolean updateProfileFirstLogin) {
-        this.updateProfileFirstLogin = updateProfileFirstLogin;
+    /**
+     * @return see {@link #updateProfileFirstLoginMode}
+     */
+    public String getUpdateProfileFirstLoginMode() {
+        return updateProfileFirstLoginMode;
+    }
+
+    /**
+     * @param updateProfileFirstLoginMode see {@link #updateProfileFirstLoginMode}
+     */
+    public void setUpdateProfileFirstLoginMode(String updateProfileFirstLoginMode) {
+        this.updateProfileFirstLoginMode = updateProfileFirstLoginMode;
     }
 
     public boolean isAuthenticateByDefault() {
@@ -106,4 +142,13 @@ public class IdentityProviderRepresentation {
     public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) {
         this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate;
     }
+
+    public boolean isTrustEmail() {
+        return trustEmail;
+    }
+
+    public void setTrustEmail(boolean trustEmail) {
+        this.trustEmail = trustEmail;
+    }
+
 }

core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java 18(+10 -8)

diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
index 6ff027c..3443f4f 100755
--- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@@ -18,12 +18,14 @@ public class RealmRepresentation {
     protected Integer accessCodeLifespanLogin;
     protected Boolean enabled;
     protected String sslRequired;
+    @Deprecated
     protected Boolean passwordCredentialGrantAllowed;
     protected Boolean registrationAllowed;
     protected Boolean registrationEmailAsUsername;
     protected Boolean rememberMe;
     protected Boolean verifyEmail;
     protected Boolean resetPasswordAllowed;
+    protected Boolean editUsernameAllowed;
 
     protected Boolean userCacheEnabled;
     protected Boolean realmCacheEnabled;
@@ -264,14 +266,6 @@ public class RealmRepresentation {
         this.codeSecret = codeSecret;
     }
 
-    public Boolean isPasswordCredentialGrantAllowed() {
-        return passwordCredentialGrantAllowed;
-    }
-
-    public void setPasswordCredentialGrantAllowed(Boolean passwordCredentialGrantAllowed) {
-        this.passwordCredentialGrantAllowed = passwordCredentialGrantAllowed;
-    }
-
     public Boolean isRegistrationAllowed() {
         return registrationAllowed;
     }
@@ -328,6 +322,14 @@ public class RealmRepresentation {
         this.resetPasswordAllowed = resetPassword;
     }
 
+    public Boolean isEditUsernameAllowed() {
+        return editUsernameAllowed;
+    }
+
+    public void setEditUsernameAllowed(Boolean editUsernameAllowed) {
+        this.editUsernameAllowed = editUsernameAllowed;
+    }
+
     @Deprecated
     public Boolean isSocial() {
         return social;

distribution/adapters/as7-eap6-adapter/as7-modules/assembly.xml 22(+22 -0)

diff --git a/distribution/adapters/as7-eap6-adapter/as7-modules/assembly.xml b/distribution/adapters/as7-eap6-adapter/as7-modules/assembly.xml
new file mode 100755
index 0000000..4a34435
--- /dev/null
+++ b/distribution/adapters/as7-eap6-adapter/as7-modules/assembly.xml
@@ -0,0 +1,22 @@
+<assembly>
+    <id>dist</id>
+
+    <formats>
+        <format>zip</format>
+    </formats>
+    <includeBaseDirectory>false</includeBaseDirectory>
+
+    <fileSets>
+        <fileSet>
+            <directory>../../</directory>
+            <includes>
+                <include>License.html</include>
+            </includes>
+            <outputDirectory></outputDirectory>
+        </fileSet>
+        <fileSet>
+            <directory>${project.build.directory}/modules</directory>
+            <outputDirectory></outputDirectory>
+        </fileSet>
+    </fileSets>
+</assembly>

distribution/adapters/as7-eap6-adapter/as7-modules/build.xml 89(+89 -0)

diff --git a/distribution/adapters/as7-eap6-adapter/as7-modules/build.xml b/distribution/adapters/as7-eap6-adapter/as7-modules/build.xml
new file mode 100755
index 0000000..d4b4beb
--- /dev/null
+++ b/distribution/adapters/as7-eap6-adapter/as7-modules/build.xml
@@ -0,0 +1,89 @@
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2012, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+
+<project name="module-repository" basedir="." default="all">
+
+    <import file="lib.xml"/>
+
+    <property name="output.dir" value="target"/>
+
+    <target name="all">
+        <antcall target="modules">
+            <param name="mavenized.modules" value="false"/>
+            <param name="output.dir" value="target"/>
+        </antcall>
+    </target>
+
+
+    <target name="modules">
+
+        <!-- server min dependencies -->
+
+        <module-def name="org.apache.httpcomponents" slot="4.3">
+            <maven-resource group="org.apache.httpcomponents" artifact="httpclient"/>
+            <maven-resource group="org.apache.httpcomponents" artifact="httpcore"/>
+            <maven-resource group="org.apache.httpcomponents" artifact="httpmime"/>
+        </module-def>
+
+        <module-def name="org.keycloak.keycloak-core">
+            <maven-resource group="org.keycloak" artifact="keycloak-core"/>
+        </module-def>
+
+        <module-def name="net.iharder.base64">
+            <maven-resource group="net.iharder" artifact="base64"/>
+        </module-def>
+
+        <module-def name="org.bouncycastle">
+            <maven-resource group="org.bouncycastle" artifact="bcprov-jdk15on"/>
+            <maven-resource group="org.bouncycastle" artifact="bcpkix-jdk15on"/>
+        </module-def>
+
+        <!-- subsystems -->
+
+        <module-def name="org.keycloak.keycloak-adapter-core">
+            <maven-resource group="org.keycloak" artifact="keycloak-adapter-core"/>
+        </module-def>
+
+        <module-def name="org.keycloak.keycloak-jboss-adapter-core">
+            <maven-resource group="org.keycloak" artifact="keycloak-jboss-adapter-core"/>
+        </module-def>
+
+        <module-def name="org.keycloak.keycloak-as7-adapter">
+            <maven-resource group="org.keycloak" artifact="keycloak-as7-adapter"/>
+            <maven-resource group="org.keycloak" artifact="keycloak-tomcat-core-adapter"/>
+        </module-def>
+
+        <module-def name="org.keycloak.keycloak-as7-subsystem">
+            <maven-resource group="org.keycloak" artifact="keycloak-as7-subsystem"/>
+        </module-def>
+
+    </target>
+
+    <target name="clean-target">
+        <delete dir="${output.dir}"/>
+    </target>
+
+    <target name="clean" depends="clean-target">
+        <delete file="maven-ant-tasks.jar"/>
+    </target>
+
+</project>

distribution/adapters/as7-eap6-adapter/as7-modules/lib.xml 282(+282 -0)

diff --git a/distribution/adapters/as7-eap6-adapter/as7-modules/lib.xml b/distribution/adapters/as7-eap6-adapter/as7-modules/lib.xml
new file mode 100755
index 0000000..3d9438a
--- /dev/null
+++ b/distribution/adapters/as7-eap6-adapter/as7-modules/lib.xml
@@ -0,0 +1,282 @@
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2010, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+
+<project name="module-repository-lib">
+
+    <property name="src.dir" value="src"/>
+    <property name="module.repo.src.dir" value="${src.dir}/main/resources/modules"/>
+    <property name="module.xml" value="module.xml"/>
+
+    <taskdef resource="net/sf/antcontrib/antlib.xml"/>
+    <taskdef name="jandex" classname="org.jboss.jandex.JandexAntTask" />
+
+    <macrodef name="module-def">
+        <attribute name="name"/>
+        <attribute name="slot" default="main"/>
+        <element name="resources" implicit="yes" optional="yes"/>
+
+        <sequential>
+            <echo message="Initializing module -> @{name}"/>
+            <property name="module.repo.output.dir" value="${output.dir}/modules"/>
+            <!-- Figure out the correct module path -->
+            <define-module-dir name="@{name}" slot="@{slot}"/>
+
+            <!-- Make the module output director -->
+            <mkdir dir="${module.repo.output.dir}/${current.module.path}"/>
+
+            <!-- Copy the module.xml and other stuff to the output director -->
+            <copy todir="${module.repo.output.dir}/${current.module.path}" overwrite="true">
+                <fileset dir="${module.repo.src.dir}/${current.module.path}">
+                    <include name="**"/>
+                </fileset>
+            </copy>
+
+            <!-- Process the resource -->
+            <resources/>
+            
+            <!-- Add keycloak version property to module xml -->
+            <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}"
+                     token="$${project.version}"
+                     value="${project.version}"/>
+            
+            <!-- Some final cleanup -->
+            <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+                <replacetoken>
+                    <![CDATA[
+        <!-- Insert resources here -->]]></replacetoken>
+                <replacevalue>
+                </replacevalue>
+            </replace>
+
+        </sequential>
+    </macrodef>
+
+    <macrodef name="bundle-def">
+        <attribute name="name"/>
+        <attribute name="slot" default="main"/>
+        <element name="resources" implicit="yes" optional="yes"/>
+
+        <sequential>
+            <echo message="Initializing bundle -> @{name}"/>
+            <property name="bundle.repo.output.dir" value="${output.dir}/bundles/system/layers/base"/>
+            <!-- Figure out the correct bundle path -->
+            <define-bundle-dir name="@{name}" slot="@{slot}" />
+
+            <!-- Make the bundle output director -->
+            <mkdir dir="${bundle.repo.output.dir}/${current.bundle.path}"/>
+
+            <!-- Process the resource -->
+            <resources/>
+
+        </sequential>
+    </macrodef>
+
+    <macrodef name="maven-bundle" >
+        <attribute name="group"/>
+        <attribute name="artifact"/>
+
+        <sequential>
+            <!-- Copy the jar to the bundle dir -->
+            <property name="bundle.repo.output.dir" value="${output.dir}/bundles/system/layers/base"/>
+            <copy todir="${bundle.repo.output.dir}/${current.bundle.path}" failonerror="true">
+                <fileset file="${@{group}:@{artifact}:jar}"/>
+                <mapper type="flatten" />
+            </copy>
+        </sequential>
+    </macrodef>
+
+    <scriptdef name="define-module-dir" language="javascript" manager="bsf">
+        <attribute name="name"/>
+        <attribute name="slot"/>
+        <![CDATA[
+            name = attributes.get("name");
+            name = name.replace(".", "/");
+            project.setProperty("current.module.path", name + "/" + attributes.get("slot"));
+        ]]>
+    </scriptdef>
+
+    <scriptdef name="define-bundle-dir" language="javascript"  manager="bsf">
+        <attribute name="name"/>
+        <attribute name="slot"/>
+        <![CDATA[
+            name = attributes.get("name");
+            name = name.replace(".", "/");
+            project.setProperty("current.bundle.path", name + "/" + attributes.get("slot"));
+        ]]>
+    </scriptdef>
+
+    <!--
+       Get the version from the parent directory of the jar.  If the parent directory is 'target' this
+       means that the jar is contained in AS build so extract the version from the file name
+    -->
+    <scriptdef name="define-maven-artifact" language="javascript"  manager="bsf">
+        <attribute name="group"/>
+        <attribute name="artifact"/>
+        <attribute name="classifier"/>
+        <attribute name="element"/>
+        <attribute name="path"/>
+        <![CDATA[
+            importClass(Packages.java.io.File);
+            group = attributes.get("group");
+            artifact = attributes.get("artifact");
+            classifier = attributes.get("classifier");
+            element = attributes.get("element");
+            path = attributes.get("path");
+            if(path.indexOf('${') != -1) {
+                throw "Module resource root not found, make sure it is listed in build/pom.xml" + path;
+            }
+            fp = new File(path);
+            version = fp.getParentFile().getName();
+            if (version.equals("target")) {
+               version = fp.getName();
+               version = version.substring(artifact.length() + 1);
+               suffix = ".jar";
+               if (classifier) {
+                  suffix = "-" + classifier + suffix;
+               }
+               version = version.replace(suffix, "");
+            }
+
+            root = "<" + element + " name=\"" + group + ":" + artifact + ":" + version;
+            if (classifier) {
+               root = root + ":" + classifier;
+            }
+            root = root + "\"/>";
+            project.setProperty("current.maven.root", root);
+        ]]>
+    </scriptdef>
+
+    <macrodef name="maven-resource" >
+        <attribute name="group"/>
+        <attribute name="artifact"/>
+        <attribute name="jandex" default="false" />
+
+        <sequential>
+            <if>
+               <equals arg1="${mavenized.modules}" arg2="true"/>
+               <then>
+                <define-maven-artifact group="@{group}" artifact="@{artifact}" element="artifact" path="${@{group}:@{artifact}:jar}"/>
+                <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+                    <replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.maven.root}&#10;        &lt;!-- Insert resources here --&gt;"/>
+                </replace>
+               </then>
+
+            <else>
+            <!-- Copy the jar to the module dir -->
+            <copy todir="${module.repo.output.dir}/${current.module.path}" failonerror="true">
+                <fileset file="${@{group}:@{artifact}:jar}"/>
+                <mapper type="flatten" />
+            </copy>
+
+            <basename file="${@{group}:@{artifact}:jar}" property="resourcename.@{group}.@{artifact}"/>
+            <!-- Generate the Jandex Index -->
+            <jandex run="@{jandex}" newJar="true" >
+                <fileset dir="${module.repo.output.dir}/${current.module.path}" />
+            </jandex>
+            <!-- Update the resource entry in module.xml -->
+            <define-resource-root path="${resourcename.@{group}.@{artifact}}" jandex="@{jandex}"/>
+            <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+                <replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.resource.root}&#10;        &lt;!-- Insert resources here --&gt;"/>
+            </replace>
+            </else>
+            </if>
+        </sequential>
+    </macrodef>
+
+
+
+    <macrodef name="maven-resource-with-classifier" >
+        <attribute name="group"/>
+        <attribute name="artifact"/>
+        <attribute name="classifier"/>
+        <attribute name="jandex" default="false" />
+
+        <sequential>
+            <if>
+            <equals arg1="${mavenized.modules}" arg2="true"/>
+            <then>
+                <define-maven-artifact group="@{group}" artifact="@{artifact}" element="artifact" classifier="@{classifier}" path="${@{group}:@{artifact}:jar:@{classifier}}"/>
+                <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+                    <replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.maven.root}&#10;        &lt;!-- Insert resources here --&gt;"/>
+                </replace>
+            </then>
+            <else>
+            <!-- Copy the jar to the module dir -->
+            <copy todir="${module.repo.output.dir}/${current.module.path}" failonerror="true">
+                <fileset file="${@{group}:@{artifact}:jar:@{classifier}}"/>
+                <!-- http://jira.codehaus.org/browse/MANTRUN-159 -->
+                <mapper type="flatten" />
+            </copy>
+
+            <basename file="${@{group}:@{artifact}:jar:@{classifier}}" property="resourcename.@{group}.@{artifact}.@{classifier}"/>
+
+            <!-- Update the resource entry in module.xml -->
+            <define-resource-root path="${resourcename.@{group}.@{artifact}.@{classifier}}"/>
+            <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+                <replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.resource.root}&#10;        &lt;!-- Insert resources here --&gt;"/>
+            </replace>
+            </else>
+            </if>
+        </sequential>
+    </macrodef>
+
+    <macrodef name="extract-native-jar" >
+        <attribute name="group"/>
+        <attribute name="artifact"/>
+        <sequential>
+            <if>
+            <equals arg1="${mavenized.modules}" arg2="true"/>
+            <then>
+                <define-maven-artifact group="@{group}" artifact="@{artifact}" element="native-artifact" path="${@{group}:@{artifact}:jar}"/>
+                <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+                    <replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.maven.root}&#10;        &lt;!-- Insert resources here --&gt;"/>
+                </replace>
+            </then>
+
+            <else>
+            <unzip src="${@{group}:@{artifact}:jar}" dest="${module.repo.output.dir}/${current.module.path}">
+           <patternset>
+               <include name="lib/**"/>
+           </patternset>
+           </unzip>
+           </else>
+           </if>
+        </sequential>
+    </macrodef>
+
+    <scriptdef name="define-resource-root" language="javascript" manager="bsf">
+        <attribute name="path"/>
+        <attribute name="jandex"/>
+        <![CDATA[
+            path = attributes.get("path");
+            root = "<resource-root path=\"" + path + "\"/>";
+            if(path.indexOf('${') != -1) {
+                throw "Module resource root not found, make sure it is listed in build/pom.xml" + path;
+            }
+            if(attributes.get("jandex") == "true" ) {
+                root = root + "\n\t<resource-root path=\"" + path.replace(".jar","-jandex.jar") + "\"/>";
+            }
+            project.setProperty("current.resource.root", root);
+        ]]>
+    </scriptdef>
+
+</project>

distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml 172(+172 -0)

diff --git a/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml b/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml
new file mode 100755
index 0000000..694fd45
--- /dev/null
+++ b/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml
@@ -0,0 +1,172 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <artifactId>keycloak-parent</artifactId>
+        <groupId>org.keycloak</groupId>
+        <version>1.3.0.Final-SNAPSHOT</version>
+        <relativePath>../../../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>keycloak-as7-modules</artifactId>
+
+    <name>Keycloak AS7 / JBoss EAP 6 Modules</name>
+    <packaging>pom</packaging>
+    <dependencies>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-adapter-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-jboss-adapter-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-as7-adapter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-tomcat-core-adapter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-as7-subsystem</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpmime</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpcore</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>net.iharder</groupId>
+            <artifactId>base64</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <version>${bouncycastle.crypto.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-antrun-plugin</artifactId>
+                <inherited>false</inherited>
+                <executions>
+                    <execution>
+                        <id>build-dist</id>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                        <phase>compile</phase>
+                        <configuration>
+                            <target>
+                                <ant antfile="build.xml" inheritRefs="true">
+                                    <target name="all"/>
+                                </ant>
+                            </target>
+                        </configuration>
+                    </execution>
+                </executions>
+                <dependencies>
+                    <dependency>
+                        <groupId>org.jboss</groupId>
+                        <artifactId>jandex</artifactId>
+                        <version>1.0.3.Final</version>
+                    </dependency>
+                    <dependency>
+                        <groupId>ant-contrib</groupId>
+                        <artifactId>ant-contrib</artifactId>
+                        <version>1.0b3</version>
+                        <exclusions>
+                            <exclusion>
+                                <groupId>ant</groupId>
+                                <artifactId>ant</artifactId>
+                            </exclusion>
+                        </exclusions>
+                    </dependency>
+                    <dependency>
+                        <groupId>org.apache.ant</groupId>
+                        <artifactId>ant-apache-bsf</artifactId>
+                        <version>1.9.3</version>
+                    </dependency>
+                    <dependency>
+                        <groupId>org.apache.bsf</groupId>
+                        <artifactId>bsf-api</artifactId>
+                        <version>3.1</version>
+                    </dependency>
+                    <dependency>
+                        <groupId>rhino</groupId>
+                        <artifactId>js</artifactId>
+                        <version>1.7R2</version>
+                    </dependency>
+                </dependencies>
+            </plugin>
+            <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>assemble</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                        <configuration>
+                            <descriptors>
+                                <descriptor>assembly.xml</descriptor>
+                            </descriptors>
+                            <outputDirectory>
+                                target
+                            </outputDirectory>
+                            <workDirectory>
+                                target/assembly/work
+                            </workDirectory>
+                            <appendAssemblyId>false</appendAssemblyId>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy-resources</id>
+                        <!-- here the phase you need -->
+                        <phase>validate</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${project.build.directory}/modules/org/keycloak/keycloak-adapter-subsystem</outputDirectory>
+                            <resources>
+                                <resource>
+                                    <directory>src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem</directory>
+                                    <filtering>true</filtering>
+                                </resource>
+                            </resources>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>

distribution/adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem/main/module.xml 38(+38 -0)

diff --git a/distribution/adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem/main/module.xml b/distribution/adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem/main/module.xml
new file mode 100755
index 0000000..06a24fe
--- /dev/null
+++ b/distribution/adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem/main/module.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2014, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-adapter-subsystem">
+    <properties>
+        <property name="keycloak-version" value="${project.version}"/>
+    </properties>
+
+    <resources>
+        <resource-root path="."/>
+        <!-- Insert resources here -->
+    </resources>
+
+    <dependencies>
+        <module name="org.keycloak.keycloak-as7-subsystem" export="true" services="export"/>
+    </dependencies>
+</module>

distribution/adapters/as7-eap6-adapter/pom.xml 21(+21 -0)

diff --git a/distribution/adapters/as7-eap6-adapter/pom.xml b/distribution/adapters/as7-eap6-adapter/pom.xml
new file mode 100644
index 0000000..08808f8
--- /dev/null
+++ b/distribution/adapters/as7-eap6-adapter/pom.xml
@@ -0,0 +1,21 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <parent>
+        <artifactId>keycloak-parent</artifactId>
+        <groupId>org.keycloak</groupId>
+        <version>1.3.0.Final-SNAPSHOT</version>
+        <relativePath>../../../pom.xml</relativePath>
+    </parent>
+    <name>Keycloak AS7 / JBoss EAP 6 Adapter Distros</name>
+    <description/>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>keycloak-as7-eap6-adapter-dist-pom</artifactId>
+    <packaging>pom</packaging>
+
+    <modules>
+        <module>as7-modules</module>
+        <module>as7-adapter-zip</module>
+        <module>eap6-adapter-zip</module>
+    </modules>
+</project>

distribution/adapters/pom.xml 5(+2 -3)

diff --git a/distribution/adapters/pom.xml b/distribution/adapters/pom.xml
index 8c13893..f0070f8 100755
--- a/distribution/adapters/pom.xml
+++ b/distribution/adapters/pom.xml
@@ -27,8 +27,7 @@
     </build>
 
     <modules>
-        <module>as7-adapter-zip</module>
-        <module>eap6-adapter-zip</module>
+        <module>as7-eap6-adapter</module>
         <module>jetty81-adapter-zip</module>
         <module>jetty91-adapter-zip</module>
         <module>jetty92-adapter-zip</module>
@@ -37,7 +36,7 @@
         <module>tomcat6-adapter-zip</module>
         <module>tomcat7-adapter-zip</module>
         <module>tomcat8-adapter-zip</module>
-        <module>wildfly-adapter-zip</module>
         <module>wf8-adapter</module>
+        <module>wf9-adapter</module>
     </modules>
 </project>

distribution/adapters/wf8-adapter/wf8-adapter-zip/assembly.xml 1(+1 -0)

diff --git a/distribution/adapters/wf8-adapter/wf8-adapter-zip/assembly.xml b/distribution/adapters/wf8-adapter/wf8-adapter-zip/assembly.xml
index cad94c5..205ade3 100755
--- a/distribution/adapters/wf8-adapter/wf8-adapter-zip/assembly.xml
+++ b/distribution/adapters/wf8-adapter/wf8-adapter-zip/assembly.xml
@@ -19,6 +19,7 @@
                 <include>org/keycloak/keycloak-undertow-adapter/**</include>
                 <include>org/keycloak/keycloak-wildfly-adapter/**</include>
                 <include>org/keycloak/keycloak-wf8-subsystem/**</include>
+                <include>org/keycloak/keycloak-adapter-subsystem/**</include>
             </includes>
             <excludes>
                 <exclude>**/*.war</exclude>

distribution/adapters/wf8-adapter/wf8-modules/pom.xml 25(+24 -1)

diff --git a/distribution/adapters/wf8-adapter/wf8-modules/pom.xml b/distribution/adapters/wf8-adapter/wf8-modules/pom.xml
index d79e42c..cd3f3e3 100755
--- a/distribution/adapters/wf8-adapter/wf8-modules/pom.xml
+++ b/distribution/adapters/wf8-adapter/wf8-modules/pom.xml
@@ -40,7 +40,6 @@
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-wf8-subsystem</artifactId>
-            <version>${project.version}</version>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
@@ -132,6 +131,30 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy-resources</id>
+                        <!-- here the phase you need -->
+                        <phase>validate</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${project.build.directory}/modules/org/keycloak/keycloak-adapter-subsystem</outputDirectory>
+                            <resources>
+                                <resource>
+                                    <directory>src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem</directory>
+                                    <filtering>true</filtering>
+                                </resource>
+                            </resources>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+
         </plugins>
     </build>
 </project>

distribution/adapters/wf8-adapter/wf8-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem/main/module.xml 38(+38 -0)

diff --git a/distribution/adapters/wf8-adapter/wf8-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem/main/module.xml b/distribution/adapters/wf8-adapter/wf8-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem/main/module.xml
new file mode 100755
index 0000000..0e436a6
--- /dev/null
+++ b/distribution/adapters/wf8-adapter/wf8-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem/main/module.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2014, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-adapter-subsystem">
+    <properties>
+        <property name="keycloak-version" value="${project.version}"/>
+    </properties>
+
+    <resources>
+        <resource-root path="."/>
+        <!-- Insert resources here -->
+    </resources>
+
+    <dependencies>
+        <module name="org.keycloak.keycloak-wf8-subsystem" export="true" services="export"/>
+    </dependencies>
+</module>

distribution/adapters/wf9-adapter/pom.xml 20(+20 -0)

diff --git a/distribution/adapters/wf9-adapter/pom.xml b/distribution/adapters/wf9-adapter/pom.xml
new file mode 100644
index 0000000..33f4d58
--- /dev/null
+++ b/distribution/adapters/wf9-adapter/pom.xml
@@ -0,0 +1,20 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <parent>
+        <artifactId>keycloak-parent</artifactId>
+        <groupId>org.keycloak</groupId>
+        <version>1.3.0.Final-SNAPSHOT</version>
+        <relativePath>../../../pom.xml</relativePath>
+    </parent>
+    <name>Keycloak Wildfly 9 Adapter</name>
+    <description/>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>keycloak-wf9-adapter-dist-pom</artifactId>
+    <packaging>pom</packaging>
+
+    <modules>
+        <module>wf9-modules</module>
+        <module>wf9-adapter-zip</module>
+    </modules>
+</project>

distribution/adapters/wf9-adapter/wf9-modules/assembly.xml 22(+22 -0)

diff --git a/distribution/adapters/wf9-adapter/wf9-modules/assembly.xml b/distribution/adapters/wf9-adapter/wf9-modules/assembly.xml
new file mode 100755
index 0000000..4a34435
--- /dev/null
+++ b/distribution/adapters/wf9-adapter/wf9-modules/assembly.xml
@@ -0,0 +1,22 @@
+<assembly>
+    <id>dist</id>
+
+    <formats>
+        <format>zip</format>
+    </formats>
+    <includeBaseDirectory>false</includeBaseDirectory>
+
+    <fileSets>
+        <fileSet>
+            <directory>../../</directory>
+            <includes>
+                <include>License.html</include>
+            </includes>
+            <outputDirectory></outputDirectory>
+        </fileSet>
+        <fileSet>
+            <directory>${project.build.directory}/modules</directory>
+            <outputDirectory></outputDirectory>
+        </fileSet>
+    </fileSets>
+</assembly>

distribution/adapters/wf9-adapter/wf9-modules/build.xml 82(+82 -0)

diff --git a/distribution/adapters/wf9-adapter/wf9-modules/build.xml b/distribution/adapters/wf9-adapter/wf9-modules/build.xml
new file mode 100755
index 0000000..e33da10
--- /dev/null
+++ b/distribution/adapters/wf9-adapter/wf9-modules/build.xml
@@ -0,0 +1,82 @@
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2012, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+
+<project name="module-repository" basedir="." default="all">
+
+    <import file="lib.xml"/>
+
+    <property name="output.dir" value="target"/>
+
+    <target name="all">
+        <antcall target="modules">
+            <param name="mavenized.modules" value="false"/>
+            <param name="output.dir" value="target"/>
+        </antcall>
+    </target>
+
+
+    <target name="modules">
+
+        <!-- server min dependencies -->
+
+        <module-def name="org.keycloak.keycloak-core">
+            <maven-resource group="org.keycloak" artifact="keycloak-core"/>
+        </module-def>
+
+        <module-def name="net.iharder.base64">
+            <maven-resource group="net.iharder" artifact="base64"/>
+        </module-def>
+
+
+        <!-- subsystems -->
+
+        <module-def name="org.keycloak.keycloak-adapter-core">
+            <maven-resource group="org.keycloak" artifact="keycloak-adapter-core"/>
+        </module-def>
+
+        <module-def name="org.keycloak.keycloak-jboss-adapter-core">
+            <maven-resource group="org.keycloak" artifact="keycloak-jboss-adapter-core"/>
+        </module-def>
+
+        <module-def name="org.keycloak.keycloak-undertow-adapter">
+            <maven-resource group="org.keycloak" artifact="keycloak-undertow-adapter"/>
+        </module-def>
+
+        <module-def name="org.keycloak.keycloak-wildfly-adapter">
+            <maven-resource group="org.keycloak" artifact="keycloak-wildfly-adapter"/>
+        </module-def>
+
+        <module-def name="org.keycloak.keycloak-wf9-subsystem">
+            <maven-resource group="org.keycloak" artifact="keycloak-wf9-subsystem"/>
+        </module-def>
+
+    </target>
+
+    <target name="clean-target">
+        <delete dir="${output.dir}"/>
+    </target>
+
+    <target name="clean" depends="clean-target">
+        <delete file="maven-ant-tasks.jar"/>
+    </target>
+
+</project>

distribution/adapters/wf9-adapter/wf9-modules/lib.xml 282(+282 -0)

diff --git a/distribution/adapters/wf9-adapter/wf9-modules/lib.xml b/distribution/adapters/wf9-adapter/wf9-modules/lib.xml
new file mode 100755
index 0000000..3d9438a
--- /dev/null
+++ b/distribution/adapters/wf9-adapter/wf9-modules/lib.xml
@@ -0,0 +1,282 @@
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2010, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+
+<project name="module-repository-lib">
+
+    <property name="src.dir" value="src"/>
+    <property name="module.repo.src.dir" value="${src.dir}/main/resources/modules"/>
+    <property name="module.xml" value="module.xml"/>
+
+    <taskdef resource="net/sf/antcontrib/antlib.xml"/>
+    <taskdef name="jandex" classname="org.jboss.jandex.JandexAntTask" />
+
+    <macrodef name="module-def">
+        <attribute name="name"/>
+        <attribute name="slot" default="main"/>
+        <element name="resources" implicit="yes" optional="yes"/>
+
+        <sequential>
+            <echo message="Initializing module -> @{name}"/>
+            <property name="module.repo.output.dir" value="${output.dir}/modules"/>
+            <!-- Figure out the correct module path -->
+            <define-module-dir name="@{name}" slot="@{slot}"/>
+
+            <!-- Make the module output director -->
+            <mkdir dir="${module.repo.output.dir}/${current.module.path}"/>
+
+            <!-- Copy the module.xml and other stuff to the output director -->
+            <copy todir="${module.repo.output.dir}/${current.module.path}" overwrite="true">
+                <fileset dir="${module.repo.src.dir}/${current.module.path}">
+                    <include name="**"/>
+                </fileset>
+            </copy>
+
+            <!-- Process the resource -->
+            <resources/>
+            
+            <!-- Add keycloak version property to module xml -->
+            <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}"
+                     token="$${project.version}"
+                     value="${project.version}"/>
+            
+            <!-- Some final cleanup -->
+            <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+                <replacetoken>
+                    <![CDATA[
+        <!-- Insert resources here -->]]></replacetoken>
+                <replacevalue>
+                </replacevalue>
+            </replace>
+
+        </sequential>
+    </macrodef>
+
+    <macrodef name="bundle-def">
+        <attribute name="name"/>
+        <attribute name="slot" default="main"/>
+        <element name="resources" implicit="yes" optional="yes"/>
+
+        <sequential>
+            <echo message="Initializing bundle -> @{name}"/>
+            <property name="bundle.repo.output.dir" value="${output.dir}/bundles/system/layers/base"/>
+            <!-- Figure out the correct bundle path -->
+            <define-bundle-dir name="@{name}" slot="@{slot}" />
+
+            <!-- Make the bundle output director -->
+            <mkdir dir="${bundle.repo.output.dir}/${current.bundle.path}"/>
+
+            <!-- Process the resource -->
+            <resources/>
+
+        </sequential>
+    </macrodef>
+
+    <macrodef name="maven-bundle" >
+        <attribute name="group"/>
+        <attribute name="artifact"/>
+
+        <sequential>
+            <!-- Copy the jar to the bundle dir -->
+            <property name="bundle.repo.output.dir" value="${output.dir}/bundles/system/layers/base"/>
+            <copy todir="${bundle.repo.output.dir}/${current.bundle.path}" failonerror="true">
+                <fileset file="${@{group}:@{artifact}:jar}"/>
+                <mapper type="flatten" />
+            </copy>
+        </sequential>
+    </macrodef>
+
+    <scriptdef name="define-module-dir" language="javascript" manager="bsf">
+        <attribute name="name"/>
+        <attribute name="slot"/>
+        <![CDATA[
+            name = attributes.get("name");
+            name = name.replace(".", "/");
+            project.setProperty("current.module.path", name + "/" + attributes.get("slot"));
+        ]]>
+    </scriptdef>
+
+    <scriptdef name="define-bundle-dir" language="javascript"  manager="bsf">
+        <attribute name="name"/>
+        <attribute name="slot"/>
+        <![CDATA[
+            name = attributes.get("name");
+            name = name.replace(".", "/");
+            project.setProperty("current.bundle.path", name + "/" + attributes.get("slot"));
+        ]]>
+    </scriptdef>
+
+    <!--
+       Get the version from the parent directory of the jar.  If the parent directory is 'target' this
+       means that the jar is contained in AS build so extract the version from the file name
+    -->
+    <scriptdef name="define-maven-artifact" language="javascript"  manager="bsf">
+        <attribute name="group"/>
+        <attribute name="artifact"/>
+        <attribute name="classifier"/>
+        <attribute name="element"/>
+        <attribute name="path"/>
+        <![CDATA[
+            importClass(Packages.java.io.File);
+            group = attributes.get("group");
+            artifact = attributes.get("artifact");
+            classifier = attributes.get("classifier");
+            element = attributes.get("element");
+            path = attributes.get("path");
+            if(path.indexOf('${') != -1) {
+                throw "Module resource root not found, make sure it is listed in build/pom.xml" + path;
+            }
+            fp = new File(path);
+            version = fp.getParentFile().getName();
+            if (version.equals("target")) {
+               version = fp.getName();
+               version = version.substring(artifact.length() + 1);
+               suffix = ".jar";
+               if (classifier) {
+                  suffix = "-" + classifier + suffix;
+               }
+               version = version.replace(suffix, "");
+            }
+
+            root = "<" + element + " name=\"" + group + ":" + artifact + ":" + version;
+            if (classifier) {
+               root = root + ":" + classifier;
+            }
+            root = root + "\"/>";
+            project.setProperty("current.maven.root", root);
+        ]]>
+    </scriptdef>
+
+    <macrodef name="maven-resource" >
+        <attribute name="group"/>
+        <attribute name="artifact"/>
+        <attribute name="jandex" default="false" />
+
+        <sequential>
+            <if>
+               <equals arg1="${mavenized.modules}" arg2="true"/>
+               <then>
+                <define-maven-artifact group="@{group}" artifact="@{artifact}" element="artifact" path="${@{group}:@{artifact}:jar}"/>
+                <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+                    <replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.maven.root}&#10;        &lt;!-- Insert resources here --&gt;"/>
+                </replace>
+               </then>
+
+            <else>
+            <!-- Copy the jar to the module dir -->
+            <copy todir="${module.repo.output.dir}/${current.module.path}" failonerror="true">
+                <fileset file="${@{group}:@{artifact}:jar}"/>
+                <mapper type="flatten" />
+            </copy>
+
+            <basename file="${@{group}:@{artifact}:jar}" property="resourcename.@{group}.@{artifact}"/>
+            <!-- Generate the Jandex Index -->
+            <jandex run="@{jandex}" newJar="true" >
+                <fileset dir="${module.repo.output.dir}/${current.module.path}" />
+            </jandex>
+            <!-- Update the resource entry in module.xml -->
+            <define-resource-root path="${resourcename.@{group}.@{artifact}}" jandex="@{jandex}"/>
+            <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+                <replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.resource.root}&#10;        &lt;!-- Insert resources here --&gt;"/>
+            </replace>
+            </else>
+            </if>
+        </sequential>
+    </macrodef>
+
+
+
+    <macrodef name="maven-resource-with-classifier" >
+        <attribute name="group"/>
+        <attribute name="artifact"/>
+        <attribute name="classifier"/>
+        <attribute name="jandex" default="false" />
+
+        <sequential>
+            <if>
+            <equals arg1="${mavenized.modules}" arg2="true"/>
+            <then>
+                <define-maven-artifact group="@{group}" artifact="@{artifact}" element="artifact" classifier="@{classifier}" path="${@{group}:@{artifact}:jar:@{classifier}}"/>
+                <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+                    <replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.maven.root}&#10;        &lt;!-- Insert resources here --&gt;"/>
+                </replace>
+            </then>
+            <else>
+            <!-- Copy the jar to the module dir -->
+            <copy todir="${module.repo.output.dir}/${current.module.path}" failonerror="true">
+                <fileset file="${@{group}:@{artifact}:jar:@{classifier}}"/>
+                <!-- http://jira.codehaus.org/browse/MANTRUN-159 -->
+                <mapper type="flatten" />
+            </copy>
+
+            <basename file="${@{group}:@{artifact}:jar:@{classifier}}" property="resourcename.@{group}.@{artifact}.@{classifier}"/>
+
+            <!-- Update the resource entry in module.xml -->
+            <define-resource-root path="${resourcename.@{group}.@{artifact}.@{classifier}}"/>
+            <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+                <replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.resource.root}&#10;        &lt;!-- Insert resources here --&gt;"/>
+            </replace>
+            </else>
+            </if>
+        </sequential>
+    </macrodef>
+
+    <macrodef name="extract-native-jar" >
+        <attribute name="group"/>
+        <attribute name="artifact"/>
+        <sequential>
+            <if>
+            <equals arg1="${mavenized.modules}" arg2="true"/>
+            <then>
+                <define-maven-artifact group="@{group}" artifact="@{artifact}" element="native-artifact" path="${@{group}:@{artifact}:jar}"/>
+                <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+                    <replacefilter token="&lt;!-- Insert resources here --&gt;" value="${current.maven.root}&#10;        &lt;!-- Insert resources here --&gt;"/>
+                </replace>
+            </then>
+
+            <else>
+            <unzip src="${@{group}:@{artifact}:jar}" dest="${module.repo.output.dir}/${current.module.path}">
+           <patternset>
+               <include name="lib/**"/>
+           </patternset>
+           </unzip>
+           </else>
+           </if>
+        </sequential>
+    </macrodef>
+
+    <scriptdef name="define-resource-root" language="javascript" manager="bsf">
+        <attribute name="path"/>
+        <attribute name="jandex"/>
+        <![CDATA[
+            path = attributes.get("path");
+            root = "<resource-root path=\"" + path + "\"/>";
+            if(path.indexOf('${') != -1) {
+                throw "Module resource root not found, make sure it is listed in build/pom.xml" + path;
+            }
+            if(attributes.get("jandex") == "true" ) {
+                root = root + "\n\t<resource-root path=\"" + path.replace(".jar","-jandex.jar") + "\"/>";
+            }
+            project.setProperty("current.resource.root", root);
+        ]]>
+    </scriptdef>
+
+</project>

distribution/adapters/wf9-adapter/wf9-modules/pom.xml 160(+160 -0)

diff --git a/distribution/adapters/wf9-adapter/wf9-modules/pom.xml b/distribution/adapters/wf9-adapter/wf9-modules/pom.xml
new file mode 100755
index 0000000..55c4c94
--- /dev/null
+++ b/distribution/adapters/wf9-adapter/wf9-modules/pom.xml
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <artifactId>keycloak-parent</artifactId>
+        <groupId>org.keycloak</groupId>
+        <version>1.3.0.Final-SNAPSHOT</version>
+        <relativePath>../../../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>keycloak-wf9-modules</artifactId>
+
+    <name>Keycloak Wildfly 9 Modules</name>
+    <packaging>pom</packaging>
+    <dependencies>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-adapter-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-jboss-adapter-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-undertow-adapter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-wildfly-adapter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-wf9-subsystem</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpmime</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpcore</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-antrun-plugin</artifactId>
+                <inherited>false</inherited>
+                <executions>
+                    <execution>
+                        <id>build-dist</id>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                        <phase>compile</phase>
+                        <configuration>
+                            <target>
+                                <ant antfile="build.xml" inheritRefs="true">
+                                    <target name="all"/>
+                                </ant>
+                            </target>
+                        </configuration>
+                    </execution>
+                </executions>
+                <dependencies>
+                    <dependency>
+                        <groupId>org.jboss</groupId>
+                        <artifactId>jandex</artifactId>
+                        <version>1.0.3.Final</version>
+                    </dependency>
+                    <dependency>
+                        <groupId>ant-contrib</groupId>
+                        <artifactId>ant-contrib</artifactId>
+                        <version>1.0b3</version>
+                        <exclusions>
+                            <exclusion>
+                                <groupId>ant</groupId>
+                                <artifactId>ant</artifactId>
+                            </exclusion>
+                        </exclusions>
+                    </dependency>
+                    <dependency>
+                        <groupId>org.apache.ant</groupId>
+                        <artifactId>ant-apache-bsf</artifactId>
+                        <version>1.9.3</version>
+                    </dependency>
+                    <dependency>
+                        <groupId>org.apache.bsf</groupId>
+                        <artifactId>bsf-api</artifactId>
+                        <version>3.1</version>
+                    </dependency>
+                    <dependency>
+                        <groupId>rhino</groupId>
+                        <artifactId>js</artifactId>
+                        <version>1.7R2</version>
+                    </dependency>
+                </dependencies>
+            </plugin>
+            <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>assemble</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                        <configuration>
+                            <descriptors>
+                                <descriptor>assembly.xml</descriptor>
+                            </descriptors>
+                            <outputDirectory>
+                                target
+                            </outputDirectory>
+                            <workDirectory>
+                                target/assembly/work
+                            </workDirectory>
+                            <appendAssemblyId>false</appendAssemblyId>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy-resources</id>
+                        <!-- here the phase you need -->
+                        <phase>validate</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${project.build.directory}/modules/org/keycloak/keycloak-adapter-subsystem</outputDirectory>
+                            <resources>
+                                <resource>
+                                    <directory>src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem</directory>
+                                    <filtering>true</filtering>
+                                </resource>
+                            </resources>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+
+        </plugins>
+    </build>
+</project>

distribution/adapters/wf9-adapter/wf9-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem/main/module.xml 38(+38 -0)

diff --git a/distribution/adapters/wf9-adapter/wf9-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem/main/module.xml b/distribution/adapters/wf9-adapter/wf9-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem/main/module.xml
new file mode 100755
index 0000000..0889b93
--- /dev/null
+++ b/distribution/adapters/wf9-adapter/wf9-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-subsystem/main/module.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2014, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-adapter-subsystem">
+    <properties>
+        <property name="keycloak-version" value="${project.version}"/>
+    </properties>
+
+    <resources>
+        <resource-root path="."/>
+        <!-- Insert resources here -->
+    </resources>
+
+    <dependencies>
+        <module name="org.keycloak.keycloak-wf9-subsystem" export="true" services="export"/>
+    </dependencies>
+</module>

distribution/feature-packs/server-feature-pack/pom.xml 10(+0 -10)

diff --git a/distribution/feature-packs/server-feature-pack/pom.xml b/distribution/feature-packs/server-feature-pack/pom.xml
index 6a51d96..a737427 100644
--- a/distribution/feature-packs/server-feature-pack/pom.xml
+++ b/distribution/feature-packs/server-feature-pack/pom.xml
@@ -49,20 +49,10 @@
             <version>${project.version}</version>
         </dependency>      
         <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-wildfly-extensions</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
             <groupId>org.wildfly</groupId>
             <artifactId>wildfly-feature-pack</artifactId>
             <type>zip</type>
         </dependency>
-        
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-undertow-adapter</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.keycloak.subsystem</groupId>
             <artifactId>keycloak-server</artifactId>

distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-services/main/module.xml 3(+0 -3)

diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-services/main/module.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-services/main/module.xml
index 598d5dd..00d6162 100644
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-services/main/module.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-services/main/module.xml
@@ -36,7 +36,6 @@
         <module name="org.keycloak.keycloak-forms-common-themes" services="import"/>
         <module name="org.keycloak.keycloak-invalidation-cache-infinispan" services="import"/>
         <module name="org.keycloak.keycloak-invalidation-cache-model" services="import"/>
-        <module name="org.keycloak.keycloak-jboss-adapter-core" services="import"/>
         <module name="org.keycloak.keycloak-js-adapter" services="import"/>
         <module name="org.keycloak.keycloak-kerberos-federation" services="import"/>
         <module name="org.keycloak.keycloak-ldap-federation" services="import"/>
@@ -50,8 +49,6 @@
         <module name="org.keycloak.keycloak-model-sessions-jpa" services="import"/>
         <module name="org.keycloak.keycloak-model-sessions-mem" services="import"/>
         <module name="org.keycloak.keycloak-model-sessions-mongo" services="import"/>
-        <module name="org.keycloak.keycloak-wildfly-extensions" services="import"/>
-
         <module name="org.keycloak.keycloak-saml-protocol" services="import"/>
         <module name="org.keycloak.keycloak-services" export="true" services="import"/>
         <module name="org.keycloak.keycloak-social-core" services="import"/>

distribution/modules/build.xml 43(+0 -43)

diff --git a/distribution/modules/build.xml b/distribution/modules/build.xml
index e7ede69..fb8971d 100755
--- a/distribution/modules/build.xml
+++ b/distribution/modules/build.xml
@@ -46,11 +46,6 @@
             <maven-resource group="net.iharder" artifact="base64"/>
         </module-def>
 
-        <module-def name="org.bouncycastle">
-            <maven-resource group="org.bouncycastle" artifact="bcprov-jdk15on"/>
-            <maven-resource group="org.bouncycastle" artifact="bcpkix-jdk15on"/>
-        </module-def>
-
         <module-def name="org.keycloak.keycloak-broker-core">
             <maven-resource group="org.keycloak" artifact="keycloak-broker-core"/>
         </module-def>
@@ -71,10 +66,6 @@
             <maven-resource group="org.keycloak" artifact="keycloak-services"/>
         </module-def>
 
-        <module-def name="org.keycloak.keycloak-wildfly-extensions">
-            <maven-resource group="org.keycloak" artifact="keycloak-wildfly-extensions"/>
-        </module-def>
-
         <module-def name="com.google.zxing.core">
             <maven-resource group="com.google.zxing" artifact="core"/>
         </module-def>
@@ -315,43 +306,9 @@
 
         <module-def name="org.keycloak.keycloak-server"></module-def>
 
-        <module-def name="org.keycloak.keycloak-adapter-core">
-            <maven-resource group="org.keycloak" artifact="keycloak-adapter-core"/>
-        </module-def>
-
-        <module-def name="org.keycloak.keycloak-jboss-adapter-core">
-            <maven-resource group="org.keycloak" artifact="keycloak-jboss-adapter-core"/>
-        </module-def>
-
-        <module-def name="org.keycloak.keycloak-as7-adapter">
-            <maven-resource group="org.keycloak" artifact="keycloak-as7-adapter"/>
-            <maven-resource group="org.keycloak" artifact="keycloak-tomcat-core-adapter"/>
-        </module-def>
-
-        <module-def name="org.keycloak.keycloak-undertow-adapter">
-            <maven-resource group="org.keycloak" artifact="keycloak-undertow-adapter"/>
-        </module-def>
-
-        <module-def name="org.keycloak.keycloak-wildfly-adapter">
-            <maven-resource group="org.keycloak" artifact="keycloak-wildfly-adapter"/>
-        </module-def>
-
         <module-def name="org.keycloak.keycloak-server-subsystem">
             <maven-resource group="org.keycloak" artifact="keycloak-wildfly-server-subsystem"/>
         </module-def>
-        <module-def name="org.keycloak.keycloak-adapter-subsystem">
-            <maven-resource group="org.keycloak" artifact="keycloak-wildfly-adapter-subsystem"/>
-        </module-def>
-        <module-def name="org.keycloak.keycloak-as7-subsystem">
-            <maven-resource group="org.keycloak" artifact="keycloak-as7-subsystem"/>
-        </module-def>
-
-        <module-def name="org.apache.httpcomponents" slot="4.3">
-            <maven-resource group="org.apache.httpcomponents" artifact="httpclient"/>
-            <maven-resource group="org.apache.httpcomponents" artifact="httpcore"/>
-            <maven-resource group="org.apache.httpcomponents" artifact="httpmime"/>
-        </module-def>
-
     </target>
 
     <target name="clean-target">

distribution/modules/pom.xml 37(+0 -37)

diff --git a/distribution/modules/pom.xml b/distribution/modules/pom.xml
index 0830aba..c4fffdb 100755
--- a/distribution/modules/pom.xml
+++ b/distribution/modules/pom.xml
@@ -36,51 +36,14 @@
         </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-adapter-core</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-jboss-adapter-core</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-as7-adapter</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-undertow-adapter</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-wildfly-adapter</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
             <artifactId>keycloak-wildfly-server-subsystem</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-wildfly-adapter-subsystem</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
             <groupId>org.keycloak.subsystem</groupId>
             <artifactId>keycloak-server</artifactId>
             <type>war</type>
         </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-as7-subsystem</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpmime</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpcore</artifactId>
-        </dependency>
     </dependencies>
 
     <build>

distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-http-client/main/module.xml 2(+1 -1)

diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-http-client/main/module.xml b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-http-client/main/module.xml
index 1d35246..7739aa3 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-http-client/main/module.xml
+++ b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-http-client/main/module.xml
@@ -14,7 +14,7 @@
         <module name="org.keycloak.keycloak-model-api"/>
         <module name="org.jboss.logging"/>
         <module name="javax.api"/>
-        <module name="org.apache.httpcomponents" slot="4.3" />
+        <module name="org.apache.httpcomponents"/>
     </dependencies>
 
 </module>

distribution/modules/src/main/resources/modules/org/keycloak/keycloak-saml-protocol/main/module.xml 2(+1 -1)

diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-saml-protocol/main/module.xml b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-saml-protocol/main/module.xml
index 655a8c0..45512ac 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-saml-protocol/main/module.xml
+++ b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-saml-protocol/main/module.xml
@@ -16,7 +16,7 @@
         <module name="org.keycloak.keycloak-login-api"/>
         <module name="org.keycloak.keycloak-services"/>
         <module name="org.keycloak.keycloak-forms-common-freemarker"/>
-        <module name="org.apache.httpcomponents" slot="4.3" />
+        <module name="org.apache.httpcomponents"/>
         <module name="org.jboss.logging"/>
         <module name="javax.ws.rs.api"/>
         <module name="org.jboss.resteasy.resteasy-jaxrs"/>

distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server/main/module.xml 7(+0 -7)

diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server/main/module.xml b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server/main/module.xml
index 9a7229f..fd8e190 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server/main/module.xml
+++ b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server/main/module.xml
@@ -9,10 +9,6 @@
     <dependencies>
         <module name="org.keycloak.keycloak-account-api" services="import"/>
         <module name="org.keycloak.keycloak-account-freemarker" services="import"/>
-        <module name="org.keycloak.keycloak-adapter-core" services="import"/>
-        <module name="org.keycloak.keycloak-adapter-subsystem" services="import"/>
-        <module name="org.keycloak.keycloak-as7-adapter" services="import"/>
-        <module name="org.keycloak.keycloak-as7-subsystem" services="import"/>
         <module name="org.keycloak.keycloak-connections-infinispan" services="import"/>
         <module name="org.keycloak.keycloak-connections-jpa" services="import"/>
         <module name="org.keycloak.keycloak-connections-jpa-liquibase" services="import"/>
@@ -36,7 +32,6 @@
         <module name="org.keycloak.keycloak-forms-common-themes" services="import"/>
         <module name="org.keycloak.keycloak-invalidation-cache-infinispan" services="import"/>
         <module name="org.keycloak.keycloak-invalidation-cache-model" services="import"/>
-        <module name="org.keycloak.keycloak-jboss-adapter-core" services="import"/>
         <module name="org.keycloak.keycloak-js-adapter" services="import"/>
         <module name="org.keycloak.keycloak-kerberos-federation" services="import"/>
         <module name="org.keycloak.keycloak-ldap-federation" services="import"/>
@@ -61,8 +56,6 @@
         <module name="org.keycloak.keycloak-server-subsystem" services="import"/>
         <module name="org.keycloak.keycloak-timer-api" services="import"/>
         <module name="org.keycloak.keycloak-timer-basic" services="import"/>
-        <module name="org.keycloak.keycloak-undertow-adapter" services="import"/>
-        <module name="org.keycloak.keycloak-wildfly-adapter" services="import"/>
     </dependencies>
 
 </module>

distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server-subsystem/main/module.xml 1(+0 -1)

diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server-subsystem/main/module.xml b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server-subsystem/main/module.xml
index e877fe4..21f917e 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server-subsystem/main/module.xml
+++ b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server-subsystem/main/module.xml
@@ -46,7 +46,6 @@
         <module name="org.jboss.as.web-common" optional="true"/>
         <module name="org.jboss.as.web" optional="true"/>
         <module name="org.jboss.as.version" optional="true"/>
-        <module name="org.keycloak.keycloak-as7-adapter" optional="true"/>
         <module name="org.jboss.metadata"/>
     </dependencies>
 </module>

distribution/modules/src/main/resources/modules/org/keycloak/keycloak-services/main/module.xml 4(+1 -3)

diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-services/main/module.xml b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-services/main/module.xml
index 55a5518..0ee8056 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-services/main/module.xml
+++ b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-services/main/module.xml
@@ -36,7 +36,6 @@
         <module name="org.keycloak.keycloak-forms-common-themes" services="import"/>
         <module name="org.keycloak.keycloak-invalidation-cache-infinispan" services="import"/>
         <module name="org.keycloak.keycloak-invalidation-cache-model" services="import"/>
-        <module name="org.keycloak.keycloak-jboss-adapter-core" services="import"/>
         <module name="org.keycloak.keycloak-js-adapter" services="import"/>
         <module name="org.keycloak.keycloak-kerberos-federation" services="import"/>
         <module name="org.keycloak.keycloak-ldap-federation" services="import"/>
@@ -50,7 +49,6 @@
         <module name="org.keycloak.keycloak-model-sessions-jpa" services="import"/>
         <module name="org.keycloak.keycloak-model-sessions-mem" services="import"/>
         <module name="org.keycloak.keycloak-model-sessions-mongo" services="import"/>
-        <module name="org.keycloak.keycloak-wildfly-extensions" services="import"/>
 
         <module name="org.keycloak.keycloak-saml-protocol" services="import"/>
         <module name="org.keycloak.keycloak-services" export="true" services="import"/>
@@ -78,7 +76,7 @@
         <module name="net.iharder.base64"/>
         <module name="javax.api"/>
         <module name="javax.activation.api"/>
-        <module name="org.apache.httpcomponents" slot="4.3" />
+        <module name="org.apache.httpcomponents"/>
     </dependencies>
 
 </module>

distribution/subsystem-war/src/main/webapp/WEB-INF/jboss-deployment-structure.xml 4(+0 -4)

diff --git a/distribution/subsystem-war/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/distribution/subsystem-war/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
index eed0b00..816245c 100755
--- a/distribution/subsystem-war/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
+++ b/distribution/subsystem-war/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -26,7 +26,6 @@
             <module name="org.keycloak.keycloak-forms-common-themes" services="import"/>
             <module name="org.keycloak.keycloak-invalidation-cache-infinispan" services="import"/>
             <module name="org.keycloak.keycloak-invalidation-cache-model" services="import"/>
-            <module name="org.keycloak.keycloak-jboss-adapter-core" services="import"/>
             <module name="org.keycloak.keycloak-js-adapter" services="import"/>
             <module name="org.keycloak.keycloak-kerberos-federation" services="import"/>
             <module name="org.keycloak.keycloak-ldap-federation" services="import"/>
@@ -63,9 +62,6 @@
 
             <!-- Exclude keycloak modules -->
             <module name="org.keycloak.keycloak-core" />
-            <module name="org.keycloak.keycloak-adapter-core" />
-            <module name="org.keycloak.keycloak-undertow-adapter" />
-            <module name="org.keycloak.keycloak-as7-adapter" />
         </exclusions>
         <exclude-subsystems>
             <subsystem name="webservices"/>

docbook/reference/en/en-US/modules/direct-access.xml 7(+4 -3)

diff --git a/docbook/reference/en/en-US/modules/direct-access.xml b/docbook/reference/en/en-US/modules/direct-access.xml
index b21f82b..e7a189b 100755
--- a/docbook/reference/en/en-US/modules/direct-access.xml
+++ b/docbook/reference/en/en-US/modules/direct-access.xml
@@ -3,8 +3,7 @@
     <para>
         Keycloak allows you to make direct REST invocations to obtain an access token.
         (See <ulink url="http://tools.ietf.org/html/rfc6749#section-4.3">Resource Owner Password Credentials Grant</ulink>
-        from OAuth 2.0 spec).  To use it, Direct Access Grants must be allowed by your realm.  This is a configuration switch
-        in the admin console under Settings->General, specifically the "Direct Grant API" switch.  You must also have
+        from OAuth 2.0 spec).  To use it you must also have
         registered a valid Client to use as the "client_id" for this grant request.
     </para>
     <warning>
@@ -12,7 +11,9 @@
             It is highly recommended that you do not use Direct Access Grants to write your own login pages for your application.
             You will lose a lot of features that Keycloak has if you do this.  Specifically all the account management, remember me,
             lost password, account reset features of Keycloak.  Instead, if you want to tailor the look and feel of Keycloak login
-            pages, you should create your own <link linkend="themes">theme</link>.
+            pages, you should create your own <link linkend="themes">theme</link>. There are also security implications
+            to using Direct Access Grants compared to the redirect based flows as you are exposing plain text passwords
+            to applications directly.
         </para>
         <para>
             It is even highly recommended that you use the browser to log in for native mobile applications!  Android

docbook/reference/en/en-US/modules/identity-broker.xml 16(+14 -2)

diff --git a/docbook/reference/en/en-US/modules/identity-broker.xml b/docbook/reference/en/en-US/modules/identity-broker.xml
index 6eb5320..75df2c7 100755
--- a/docbook/reference/en/en-US/modules/identity-broker.xml
+++ b/docbook/reference/en/en-US/modules/identity-broker.xml
@@ -299,14 +299,26 @@
                         </entry>
                         <entry>
                             Allows you to force users to update their profile right after the authentication finishes and
-                            before the account is actually created in Keycloak. When enabled, users will be presented with the
+                            before the account is actually created in Keycloak. When "On", users will be always presented with the
                             <emphasis>update profile page</emphasis> asking for additional information in order to federate their identities.
-                            If disabled, the account will be created with the minimal information obtained from the identity provider
+                            When "On missing info", users will be presented with the <emphasis>update profile page</emphasis> only if some 
+                            mandatory information (email, first name, last name) is not provided by identity provider.
+                            If "Off", the account will be created with the minimal information obtained from the identity provider
                             during the authentication process.
                         </entry>
                     </row>
                     <row>
                         <entry>
+                            <literal>Trust email</literal>
+                        </entry>
+                        <entry>
+                            Allows you to trust email address returned from the social provider. If enabled then email address returned by the provider 
+                            is marked as 'verified' in the Keycloak user profile. This means that email verification step is skipped even 
+                            if "Verify email" feature is enabled in realm settings.
+                        </entry>
+                    </row>
+                    <row>
+                        <entry>
                             <literal>GUI order</literal>
                         </entry>
                         <entry>

docbook/reference/en/en-US/modules/kerberos.xml 4(+2 -2)

diff --git a/docbook/reference/en/en-US/modules/kerberos.xml b/docbook/reference/en/en-US/modules/kerberos.xml
index c4ff1be..3a858a1 100644
--- a/docbook/reference/en/en-US/modules/kerberos.xml
+++ b/docbook/reference/en/en-US/modules/kerberos.xml
@@ -200,7 +200,7 @@ ktadd -k /tmp/http.keytab HTTP/www.mydomain.org@MYDOMAIN.ORG
             <para>
                 For quick testing and unit tests, we use very simple <ulink url="http://directory.apache.org/apacheds/">ApacheDS</ulink> Kerberos server.
                 You need to build Keycloak from sources and then run Kerberos server with maven-exec-plugin from our testsuite. See details
-                <ulink url="https://github.com/keycloak/keycloak/blob/master/testsuite/integration/README.md#kerberos-server">here</ulink> .
+                <ulink url="https://github.com/keycloak/keycloak/blob/master/misc/Testsuite.md#kerberos-server">here</ulink> .
             </para>
         </section>
     </section>
@@ -234,7 +234,7 @@ GSSContext context = gssManager.createContext(serviceName, krb5Oid,
             <para>
                 Credential delegation has some security implications. So enable the protocol claim and support in browser just if you really need it.
                 It's highly recommended to use it together with HTTPS. See for example
-                <ulink url="http://www.microhowto.info/howto/configure_firefox_to_authenticate_using_spnego_and_kerberos.html#idp18752">this article</ulink>
+                <ulink url="http://www.microhowto.info/howto/configure_firefox_to_authenticate_using_spnego_and_kerberos.html#idp27072">this article</ulink>
                 for details.
             </para>
         </warning>

docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml 11(+11 -0)

diff --git a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml
index ada2a89..dc8e440 100755
--- a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml
+++ b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml
@@ -80,6 +80,17 @@
     <section>
         <title>Version specific migration</title>
         <section>
+            <title>Migrating to 1.3.0.Final</title>
+            <simplesect>
+                <title>Direct Grant API always enabled</title>
+                <para>
+                    In the past Direct Grant API (or Resource Owner Password Credentials) was disabled by default and
+                    there was an option on a realm to enable it. The Direct Grant API is now always enabled and the
+                    option to enable/disable for a realm is removed.
+                </para>
+            </simplesect>
+        </section>
+        <section>
             <title>Migrating from 1.2.0.Beta1 to 1.2.0.RC1</title>
             <simplesect>
                 <title>Distribution changes</title>

docbook/reference/en/en-US/modules/proxy.xml 196(+130 -66)

diff --git a/docbook/reference/en/en-US/modules/proxy.xml b/docbook/reference/en/en-US/modules/proxy.xml
index 3a17557..b38fbbb 100755
--- a/docbook/reference/en/en-US/modules/proxy.xml
+++ b/docbook/reference/en/en-US/modules/proxy.xml
@@ -182,106 +182,162 @@ $ java -jar bin/launcher.jar [your-config.json]
         </section>
         <section>
             <title>Application Config</title>
-        <para>
-            Next under the <literal>applications</literal> array attribute, you can define one or more applications per host you are proxying.
-            <variablelist>
-                <varlistentry>
-                    <term>base-path</term>
-                    <listitem>
-                        <para>
-                            The base context root for the application.  Must start with '/' <emphasis>REQUIRED.</emphasis>.
-                        </para>
-                    </listitem>
-                </varlistentry>
-                <varlistentry>
-                    <term>error-page</term>
-                    <listitem>
-                        <para>
-                            If the proxy has an error, it will display the target application's error page relative URL <emphasis>OPTIONAL.</emphasis>.
-                            This is a relative path to the base-path.  In the example above it would be <literal>/customer-portal/error.html</literal>.
-                        </para>
-                    </listitem>
-                </varlistentry>
-                <varlistentry>
-                    <term>adapter-config</term>
-                    <listitem>
-                        <para>
-                            <emphasis>REQUIRED.</emphasis>.  Same configuration as any other keycloak adapter.  See <link linkend='adapter-config'>Adapter Config</link>
-                        </para>
-                    </listitem>
-                </varlistentry>
-            </variablelist>
-        </para>
+            <para>
+                Next under the <literal>applications</literal> array attribute, you can define one or more applications per host you are proxying.
+                <variablelist>
+                    <varlistentry>
+                        <term>base-path</term>
+                        <listitem>
+                            <para>
+                                The base context root for the application.  Must start with '/' <emphasis>REQUIRED.</emphasis>.
+                            </para>
+                        </listitem>
+                    </varlistentry>
+                    <varlistentry>
+                        <term>error-page</term>
+                        <listitem>
+                            <para>
+                                If the proxy has an error, it will display the target application's error page relative URL <emphasis>OPTIONAL.</emphasis>.
+                                This is a relative path to the base-path.  In the example above it would be <literal>/customer-portal/error.html</literal>.
+                            </para>
+                        </listitem>
+                    </varlistentry>
+                    <varlistentry>
+                        <term>adapter-config</term>
+                        <listitem>
+                            <para>
+                                <emphasis>REQUIRED.</emphasis>.  Same configuration as any other keycloak adapter.  See <link linkend='adapter-config'>Adapter Config</link>
+                            </para>
+                        </listitem>
+                    </varlistentry>
+                </variablelist>
+            </para>
             <section>
                 <title>Constraint Config</title>
-
-        <para>
-            Next under each application you can define one or more constraints in the <literal>constraints</literal> array attribute.
-            A constraint defines a URL pattern relative to the base-path.  You can deny, permit, or require authentication for
-            a specific URL pattern.  You can specify roles allowed for that path as well.  More specific constraints will take
-            precedence over more general ones.
+                <para>
+                    Next under each application you can define one or more constraints in the <literal>constraints</literal> array attribute.
+                    A constraint defines a URL pattern relative to the base-path.  You can deny, permit, or require authentication for
+                    a specific URL pattern.  You can specify roles allowed for that path as well.  More specific constraints will take
+                    precedence over more general ones.
+                    <variablelist>
+                        <varlistentry>
+                            <term>pattern</term>
+                            <listitem>
+                                <para>
+                                    URL pattern to match relative to the base-path of the application.  Must start with '/' <emphasis>REQUIRED.</emphasis>.
+                                    You may only have one wildcard and it must come at the end of the pattern.  Valid <literal>/foo/bar/*</literal> and  <literal>/foo/*.txt</literal>
+                                    Not valid: <literal>/*/foo/*</literal>.
+                                </para>
+                            </listitem>
+                        </varlistentry>
+                        <varlistentry>
+                            <term>roles-allowed</term>
+                            <listitem>
+                                <para>
+                                    Array of strings of roles allowed to access this url pattern. <emphasis>OPTIONAL.</emphasis>.
+                                </para>
+                            </listitem>
+                        </varlistentry>
+                        <varlistentry>
+                            <term>methods</term>
+                            <listitem>
+                                <para>
+                                    Array of strings of HTTP methods that will exclusively match this pattern and HTTP request. <emphasis>OPTIONAL.</emphasis>.
+                                </para>
+                            </listitem>
+                        </varlistentry>
+                        <varlistentry>
+                            <term>excluded-methods</term>
+                            <listitem>
+                                <para>
+                                    Array of strings of HTTP methods that will be ignored when match this pattern. <emphasis>OPTIONAL.</emphasis>.
+                                </para>
+                            </listitem>
+                        </varlistentry>
+                        <varlistentry>
+                            <term>deny</term>
+                            <listitem>
+                                <para>
+                                    Deny all access to this URL pattern. <emphasis>OPTIONAL.</emphasis>.
+                                </para>
+                            </listitem>
+                        </varlistentry>
+                        <varlistentry>
+                            <term>permit</term>
+                            <listitem>
+                                <para>
+                                    Permit all access without requiring authentication or a role mapping. <emphasis>OPTIONAL.</emphasis>.
+                                </para>
+                            </listitem>
+                        </varlistentry>
+                        <varlistentry>
+                            <term>permit-and-inject</term>
+                            <listitem>
+                                <para>
+                                    Permit all access, but inject the headers, if user is already authenticated.<emphasis>OPTIONAL.</emphasis>.
+                                </para>
+                            </listitem>
+                        </varlistentry>
+                        <varlistentry>
+                            <term>authenticate</term>
+                            <listitem>
+                                <para>
+                                    Require authentication for this pattern, but no role mapping. <emphasis>OPTIONAL.</emphasis>.
+                                </para>
+                            </listitem>
+                        </varlistentry>
+                    </variablelist>
+                </para>
+            </section>
+        </section>
+        <section>
+            <title>Header Names Config</title>
+            <para>
+            Next under the list of applications you can override the defaults for the names of the header fields injected by the proxy (see Keycloak Identity Headers).
+            This mapping is optional.
             <variablelist>
                 <varlistentry>
-                    <term>pattern</term>
-                    <listitem>
-                        <para>
-                            URL pattern to match relative to the base-path of the application.  Must start with '/' <emphasis>REQUIRED.</emphasis>.
-                            You may only have one wildcard and it must come at the end of the pattern.  Valid <literal>/foo/bar/*</literal> and  <literal>/foo/*.txt</literal>
-                            Not valid: <literal>/*/foo/*</literal>.
-                        </para>
-                    </listitem>
-                </varlistentry>
-                <varlistentry>
-                    <term>roles-allowed</term>
-                    <listitem>
-                        <para>
-                            Array of strings of roles allowed to access this url pattern. <emphasis>OPTIONAL.</emphasis>.
-                        </para>
-                    </listitem>
-                </varlistentry>
-                <varlistentry>
-                    <term>methods</term>
+                    <term>keycloak-subject</term>
                     <listitem>
                         <para>
-                            Array of strings of HTTP methods that will exclusively match this pattern and HTTP request. <emphasis>OPTIONAL.</emphasis>.
+                            e.g. MYAPP_USER_ID
                         </para>
                     </listitem>
                 </varlistentry>
                 <varlistentry>
-                    <term>excluded-methods</term>
+                    <term>keycloak-username</term>
                     <listitem>
                         <para>
-                            Array of strings of HTTP methods that will be ignored when match this pattern. <emphasis>OPTIONAL.</emphasis>.
+                            e.g. MYAPP_USER_NAME
                         </para>
                     </listitem>
                 </varlistentry>
                 <varlistentry>
-                    <term>deny</term>
+                    <term>keycloak-email</term>
                     <listitem>
                         <para>
-                            Deny all access to this URL pattern. <emphasis>OPTIONAL.</emphasis>.
+                            e.g. MYAPP_USER_EMAIL
                         </para>
                     </listitem>
                 </varlistentry>
                 <varlistentry>
-                    <term>permit</term>
+                    <term>keycloak-name</term>
                     <listitem>
                         <para>
-                            Permit all access without requiring authentication or a role mapping. <emphasis>OPTIONAL.</emphasis>.
+                            e.g. MYAPP_USER_ID
                         </para>
                     </listitem>
                 </varlistentry>
                 <varlistentry>
-                    <term>authenticate</term>
+                    <term>keycloak-access-token</term>
                     <listitem>
                         <para>
-                            Require authentication for this pattern, but no role mapping. <emphasis>OPTIONAL.</emphasis>.
+                            e.g. MYAPP_ACCESS_TOKEN
                         </para>
                     </listitem>
                 </varlistentry>
             </variablelist>
-        </para>
-        </section>
+            </para>
         </section>
     </section>
     <section>
@@ -333,6 +389,14 @@ $ java -jar bin/launcher.jar [your-config.json]
                     </listitem>
                 </varlistentry>
             </variablelist>
+            Header field names can be configured using a map of <literal>header-names</literal> in configuration file:
+            <programlisting><![CDATA[
+{
+    "header-names" {
+        "keycloak-subject": "MY_SUBJECT"
+    }
+}
+            ]]></programlisting>
         </para>
     </section>
 </chapter>
\ No newline at end of file

events/api/src/main/java/org/keycloak/events/admin/AdminEventQuery.java 9(+5 -4)

diff --git a/events/api/src/main/java/org/keycloak/events/admin/AdminEventQuery.java b/events/api/src/main/java/org/keycloak/events/admin/AdminEventQuery.java
index d7b5fe4..50b4e63 100644
--- a/events/api/src/main/java/org/keycloak/events/admin/AdminEventQuery.java
+++ b/events/api/src/main/java/org/keycloak/events/admin/AdminEventQuery.java
@@ -1,5 +1,6 @@
 package org.keycloak.events.admin;
 
+import java.util.Date;
 import java.util.List;
 
 /**
@@ -71,18 +72,18 @@ public interface AdminEventQuery {
     /**
      * Search by events after the specified time
      * 
-     * @param fromTime time in millis
+     * @param fromTime from date
      * @return <code>this</code> for method chaining
      */
-    AdminEventQuery fromTime(String fromTime);
+    AdminEventQuery fromTime(Date fromTime);
 
     /**
      * Search by events before the specified time
      * 
-     * @param toTime time in millis
+     * @param toTime to date
      * @return <code>this</code> for method chaining
      */
-    AdminEventQuery toTime(String toTime);
+    AdminEventQuery toTime(Date toTime);
 
     /**
      * Used for pagination

events/api/src/main/java/org/keycloak/events/Details.java 2(+2 -0)

diff --git a/events/api/src/main/java/org/keycloak/events/Details.java b/events/api/src/main/java/org/keycloak/events/Details.java
index d1ef4a5..5564ced 100755
--- a/events/api/src/main/java/org/keycloak/events/Details.java
+++ b/events/api/src/main/java/org/keycloak/events/Details.java
@@ -25,5 +25,7 @@ public interface Details {
     String NODE_HOST = "node_host";
     String REASON = "reason";
     String REVOKED_CLIENT = "revoked_client";
+    String CLIENT_SESSION_STATE = "client_session_state";
+    String CLIENT_SESSION_HOST = "client_session_host";
 
 }

events/api/src/main/java/org/keycloak/events/EventListenerSpi.java 2(+1 -1)

diff --git a/events/api/src/main/java/org/keycloak/events/EventListenerSpi.java b/events/api/src/main/java/org/keycloak/events/EventListenerSpi.java
index a16ad46..a3eedd1 100644
--- a/events/api/src/main/java/org/keycloak/events/EventListenerSpi.java
+++ b/events/api/src/main/java/org/keycloak/events/EventListenerSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class EventListenerSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return false;
     }

events/api/src/main/java/org/keycloak/events/EventQuery.java 5(+3 -2)

diff --git a/events/api/src/main/java/org/keycloak/events/EventQuery.java b/events/api/src/main/java/org/keycloak/events/EventQuery.java
index 9a555ca..8b4885d 100644
--- a/events/api/src/main/java/org/keycloak/events/EventQuery.java
+++ b/events/api/src/main/java/org/keycloak/events/EventQuery.java
@@ -1,5 +1,6 @@
 package org.keycloak.events;
 
+import java.util.Date;
 import java.util.List;
 
 /**
@@ -15,9 +16,9 @@ public interface EventQuery {
 
     public EventQuery user(String userId);
 
-    public EventQuery fromDate(String fromDate);
+    public EventQuery fromDate(Date fromDate);
 
-    public EventQuery toDate(String toDate);
+    public EventQuery toDate(Date toDate);
 
     public EventQuery ipAddress(String ipAddress);

events/api/src/main/java/org/keycloak/events/EventStoreSpi.java 2(+1 -1)

diff --git a/events/api/src/main/java/org/keycloak/events/EventStoreSpi.java b/events/api/src/main/java/org/keycloak/events/EventStoreSpi.java
index af5f59f..256b7e4 100644
--- a/events/api/src/main/java/org/keycloak/events/EventStoreSpi.java
+++ b/events/api/src/main/java/org/keycloak/events/EventStoreSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class EventStoreSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

events/jpa/src/main/java/org/keycloak/events/jpa/JpaAdminEventQuery.java 23(+5 -18)

diff --git a/events/jpa/src/main/java/org/keycloak/events/jpa/JpaAdminEventQuery.java b/events/jpa/src/main/java/org/keycloak/events/jpa/JpaAdminEventQuery.java
index f9ea14d..94906ee 100644
--- a/events/jpa/src/main/java/org/keycloak/events/jpa/JpaAdminEventQuery.java
+++ b/events/jpa/src/main/java/org/keycloak/events/jpa/JpaAdminEventQuery.java
@@ -3,6 +3,7 @@ package org.keycloak.events.jpa;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
+import java.util.Date;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -88,28 +89,14 @@ public class JpaAdminEventQuery implements AdminEventQuery {
     }
 
     @Override
-    public AdminEventQuery fromTime(String fromTime) {
-        SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
-        Long from = null;
-        try {
-            from = df.parse(fromTime).getTime();
-        } catch (ParseException e) {
-            e.printStackTrace();
-        }
-        predicates.add(cb.greaterThanOrEqualTo(root.<Long>get("time"), from));
+    public AdminEventQuery fromTime(Date fromTime) {
+        predicates.add(cb.greaterThanOrEqualTo(root.<Long>get("time"), fromTime.getTime()));
         return this;
     }
 
     @Override
-    public AdminEventQuery toTime(String toTime) {
-        SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
-        Long to = null;
-        try {
-            to = df.parse(toTime).getTime();
-        } catch (ParseException e) {
-            e.printStackTrace();
-        }
-        predicates.add(cb.lessThanOrEqualTo(root.<Long>get("time"), to));
+    public AdminEventQuery toTime(Date toTime) {
+        predicates.add(cb.lessThanOrEqualTo(root.<Long>get("time"), toTime.getTime()));
         return this;
     }

events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventQuery.java 25(+5 -20)

diff --git a/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventQuery.java b/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventQuery.java
index ffbf619..0210c1e 100644
--- a/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventQuery.java
+++ b/events/jpa/src/main/java/org/keycloak/events/jpa/JpaEventQuery.java
@@ -11,9 +11,8 @@ import javax.persistence.criteria.CriteriaQuery;
 import javax.persistence.criteria.Predicate;
 import javax.persistence.criteria.Root;
 
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
 import java.util.ArrayList;
+import java.util.Date;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -68,28 +67,14 @@ public class JpaEventQuery implements EventQuery {
     }
 
     @Override
-    public EventQuery fromDate(String fromDate) {
-        SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
-        Long from = null;
-        try {
-            from = df.parse(fromDate).getTime();
-        } catch (ParseException e) {
-            e.printStackTrace();
-        }
-        predicates.add(cb.greaterThanOrEqualTo(root.<Long>get("time"), from));
+    public EventQuery fromDate(Date fromDate) {
+        predicates.add(cb.greaterThanOrEqualTo(root.<Long>get("time"), fromDate.getTime()));
         return this;
     }
 
     @Override
-    public EventQuery toDate(String toDate) {
-        SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
-        Long to = null;
-        try {
-            to = df.parse(toDate).getTime();
-        } catch (ParseException e) {
-            e.printStackTrace();
-        }
-        predicates.add(cb.lessThanOrEqualTo(root.<Long>get("time"), to));
+    public EventQuery toDate(Date toDate) {
+        predicates.add(cb.lessThanOrEqualTo(root.<Long>get("time"), toDate.getTime()));
         return this;
     }

events/mongo/src/main/java/org/keycloak/events/mongo/MongoAdminEventQuery.java 27(+9 -18)

diff --git a/events/mongo/src/main/java/org/keycloak/events/mongo/MongoAdminEventQuery.java b/events/mongo/src/main/java/org/keycloak/events/mongo/MongoAdminEventQuery.java
index c614d76..612294e 100644
--- a/events/mongo/src/main/java/org/keycloak/events/mongo/MongoAdminEventQuery.java
+++ b/events/mongo/src/main/java/org/keycloak/events/mongo/MongoAdminEventQuery.java
@@ -2,6 +2,7 @@ package org.keycloak.events.mongo;
 
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+import java.util.Date;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.regex.Pattern;
@@ -74,28 +75,18 @@ public class MongoAdminEventQuery implements AdminEventQuery{
     }
 
     @Override
-    public AdminEventQuery fromTime(String fromTime) {
-        SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
-        Long from = null;
-        try {
-            from = df.parse(fromTime).getTime();
-        } catch (ParseException e) {
-            e.printStackTrace();
-        }
-        query.put("time", BasicDBObjectBuilder.start("$gte", from).get());
+    public AdminEventQuery fromTime(Date fromTime) {
+        BasicDBObject time = query.containsField("time") ? (BasicDBObject) query.get("time") : new BasicDBObject();
+        time.append("$gte", fromTime.getTime());
+        query.put("time", time);
         return this;
     }
 
     @Override
-    public AdminEventQuery toTime(String toTime) {
-        SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
-        Long to = null;
-        try {
-            to = df.parse(toTime).getTime();
-        } catch (ParseException e) {
-            e.printStackTrace();
-        }
-        query.put("time", BasicDBObjectBuilder.start("$lte", to).get());
+    public AdminEventQuery toTime(Date toTime) {
+        BasicDBObject time = query.containsField("time") ? (BasicDBObject) query.get("time") : new BasicDBObject();
+        time.append("$lte", toTime.getTime());
+        query.put("time", time);
         return this;
     }

events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventQuery.java 25(+6 -19)

diff --git a/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventQuery.java b/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventQuery.java
index 75165c7..47efa6a 100755
--- a/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventQuery.java
+++ b/events/mongo/src/main/java/org/keycloak/events/mongo/MongoEventQuery.java
@@ -4,14 +4,15 @@ import com.mongodb.BasicDBObject;
 import com.mongodb.BasicDBObjectBuilder;
 import com.mongodb.DBCollection;
 import com.mongodb.DBCursor;
-
 import com.mongodb.DBObject;
+
 import org.keycloak.events.Event;
 import org.keycloak.events.EventQuery;
 import org.keycloak.events.EventType;
 
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+import java.util.Date;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -59,31 +60,17 @@ public class MongoEventQuery implements EventQuery {
     }
 
     @Override
-    public EventQuery fromDate(String fromDate) {
-        SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
-        Long from = null;
-        try {
-            from = df.parse(fromDate).getTime();
-        } catch (ParseException e) {
-            e.printStackTrace();
-        }
+    public EventQuery fromDate(Date fromDate) {
         BasicDBObject time = query.containsField("time") ? (BasicDBObject) query.get("time") : new BasicDBObject();
-        time.append("$gte", from);
+        time.append("$gte", fromDate.getTime());
         query.put("time", time);
         return this;
     }
 
     @Override
-    public EventQuery toDate(String toDate) {
-        SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
-        Long to = null;
-        try {
-            to = df.parse(toDate).getTime();
-        } catch (ParseException e) {
-            e.printStackTrace();
-        }
+    public EventQuery toDate(Date toDate) {
         BasicDBObject time = query.containsField("time") ? (BasicDBObject) query.get("time") : new BasicDBObject();
-        time.append("$lte", to);
+        time.append("$lte", toDate.getTime());
         query.put("time", time);
         return this;
     }

examples/admin-client/example-realm.json 1(+0 -1)

diff --git a/examples/admin-client/example-realm.json b/examples/admin-client/example-realm.json
index 3ce2eaa..5676c55 100755
--- a/examples/admin-client/example-realm.json
+++ b/examples/admin-client/example-realm.json
@@ -3,7 +3,6 @@
     "enabled": true,
     "sslRequired": "external",
     "registrationAllowed": true,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

examples/basic-auth/basicauthrealm.json 1(+0 -1)

diff --git a/examples/basic-auth/basicauthrealm.json b/examples/basic-auth/basicauthrealm.json
index b8b2acd..b17e7d8 100644
--- a/examples/basic-auth/basicauthrealm.json
+++ b/examples/basic-auth/basicauthrealm.json
@@ -6,7 +6,6 @@
     "accessCodeLifespanUserAction": 300,
     "ssoSessionIdleTimeout": 600,
     "ssoSessionMaxLifespan": 36000,
-    "passwordCredentialGrantAllowed": true,
     "sslRequired": "external",
     "registrationAllowed": false,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",

examples/broker/twitter-authentication/twitter-identity-provider-realm.json 1(+0 -1)

diff --git a/examples/broker/twitter-authentication/twitter-identity-provider-realm.json b/examples/broker/twitter-authentication/twitter-identity-provider-realm.json
index a450ead..691fd61 100644
--- a/examples/broker/twitter-authentication/twitter-identity-provider-realm.json
+++ b/examples/broker/twitter-authentication/twitter-identity-provider-realm.json
@@ -2,7 +2,6 @@
     "realm": "twitter-identity-provider-realm",
     "enabled": true,
     "sslRequired": "external",
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "defaultRoles": [ "user" ],

examples/demo-template/customer-app/src/main/webapp/customers/view.jsp 2(+1 -1)

diff --git a/examples/demo-template/customer-app/src/main/webapp/customers/view.jsp b/examples/demo-template/customer-app/src/main/webapp/customers/view.jsp
index 04a54bb..440a9e9 100755
--- a/examples/demo-template/customer-app/src/main/webapp/customers/view.jsp
+++ b/examples/demo-template/customer-app/src/main/webapp/customers/view.jsp
@@ -33,7 +33,7 @@ Servlet User Principal <b><%=request.getUserPrincipal().getName()%>
     try {
         list = CustomerDatabaseClient.getCustomers(request);
     } catch (CustomerDatabaseClient.Failure failure) {
-        out.println("There was a failure processing request.  You either didn't configure Keycloak properly, or maybe" +
+        out.println("There was a failure processing request.  You either didn't configure Keycloak properly, or maybe " +
                 "you just forgot to secure the database service?");
         out.println("Status from database service invocation was: " + failure.getStatus());
         return;

examples/demo-template/testrealm.json 1(+0 -1)

diff --git a/examples/demo-template/testrealm.json b/examples/demo-template/testrealm.json
index 92643aa..9b83dfa 100755
--- a/examples/demo-template/testrealm.json
+++ b/examples/demo-template/testrealm.json
@@ -6,7 +6,6 @@
     "accessCodeLifespanUserAction": 300,
     "ssoSessionIdleTimeout": 600,
     "ssoSessionMaxLifespan": 36000,
-    "passwordCredentialGrantAllowed": true,
     "sslRequired": "external",
     "registrationAllowed": false,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",

examples/fuse/testrealm.json 1(+0 -1)

diff --git a/examples/fuse/testrealm.json b/examples/fuse/testrealm.json
index f1b21ee..ed112bc 100644
--- a/examples/fuse/testrealm.json
+++ b/examples/fuse/testrealm.json
@@ -6,7 +6,6 @@
     "accessCodeLifespanUserAction": 300,
     "ssoSessionIdleTimeout": 600,
     "ssoSessionMaxLifespan": 36000,
-    "passwordCredentialGrantAllowed": true,
     "sslRequired": "external",
     "registrationAllowed": false,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",

examples/kerberos/README.md 6(+3 -3)

diff --git a/examples/kerberos/README.md b/examples/kerberos/README.md
index f594fa5..80e1ff8 100644
--- a/examples/kerberos/README.md
+++ b/examples/kerberos/README.md
@@ -40,7 +40,7 @@ is in your `/etc/hosts` before other records for the 127.0.0.1 host to avoid iss
 
 **4)** Configure Kerberos client (On linux it's in file `/etc/krb5.conf` ). You need to configure `KEYCLOAK.ORG` realm and enable `forwardable` flag, which is needed 
 for credential delegation example, as application needs to forward Kerberos ticket and authenticate with it against LDAP server. 
-See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/main/resources/kerberos/test-krb5.conf) for inspiration.
+See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/resources/kerberos/test-krb5.conf) for inspiration.
 
 **5)**  Run ApacheDS based Kerberos server embedded in Keycloak. Easiest is to checkout keycloak sources, build and then run KerberosEmbeddedServer 
 as shown here: 
@@ -52,12 +52,12 @@ cd testsuite/integration
 mvn exec:java -Pkerberos
 ```
 
-More details about embedded Kerberos server in [testsuite README](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/README.md#kerberos-server).
+More details about embedded Kerberos server in [testsuite README](https://github.com/keycloak/keycloak/blob/master/misc/Testsuite.md#kerberos-server).
 
   
 **6)** Configure browser (Firefox, Chrome or other) and enable SPNEGO authentication and credential delegation for `localhost` . 
 In Firefox it can be done by adding `localhost` to both `network.negotiate-auth.trusted-uris` and `network.negotiate-auth.delegation-uris` . 
-More info in [testsuite README](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/README.md#kerberos-server).  
+More info in [testsuite README](https://github.com/keycloak/keycloak/blob/master/misc/Testsuite.md#kerberos-server).  
  
  
 **7)** Test the example. Obtain kerberos ticket by running command from CMD (on linux):

examples/multi-tenant/tenant1-realm.json 1(+0 -1)

diff --git a/examples/multi-tenant/tenant1-realm.json b/examples/multi-tenant/tenant1-realm.json
index 8140b51..9dcaa00 100644
--- a/examples/multi-tenant/tenant1-realm.json
+++ b/examples/multi-tenant/tenant1-realm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

examples/multi-tenant/tenant2-realm.json 1(+0 -1)

diff --git a/examples/multi-tenant/tenant2-realm.json b/examples/multi-tenant/tenant2-realm.json
index 2cd0e61..643d550 100644
--- a/examples/multi-tenant/tenant2-realm.json
+++ b/examples/multi-tenant/tenant2-realm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "updateProfileOnInitialSocialLogin": false,
     "privateKey": "MIICXQIBAAKBgQDA0oJjgPQJhnVhOo51KauQGfLLreMFu64OJdKXRnfvAQJQTuKNwc5JrR63l/byyW1B6FgclABF818TtLvMCAkn4EuFwQZCZhg3x3+lFGiB/IzC6UAt4Bi0JQrTbdh83/U97GIPegvaDqiqEiQESEkbCZWxM6sh/34hQaAhCaFpMwIDAQABAoGADwFSvEOQuh0IjWRtKZjwjOo4BrmlbRDJ3rf6x2LoemTttSouXzGxx/H87fSZdxNNuU9HbBHoY4ko4POzmZEWhS0gV6UjM7VArc4YjID6Hh2tfU9vCbuuKZrRs7RjxL70b51WxycKc49PQ4JiR3g04punrpq2UzToPrm66zI+ICECQQD2Jauo6cXXoxHR0QychQf4dityZwFXUoR/8oI/YFiu9XwcWgSMwrFKUdWWNKYmrIRNqCBzrGyeiGdaAjsw41T3AkEAyIpn+XL7bek/uLno5/7ULauf2dFI6MEaHJixQJD7S6Tfo/CGuDK93H4K0GAdjgR0LA0tCnB09yyPCd5NmAYKpQJBAO7+BH4s/PsyScr+vs/6GpMTqXuap6KxbBUO0YfXdEPr9mVQwboqDxmp+0esNua1+n+sDlZBw/TpW+/42p/NGmECQF0sOQyjyH+TfGCmN7j6I7ioYZeA7h/9/9TDeK8n7SmDC8kOanlQUfgMs5eG4JRoK1WANaoA/8cLc9XA7EoynGUCQQDx/Gjg6qyWheVujxjKufH1XkqDNiQHClDRM1ntChCmGq/RmpVmce+mYeOYZ9eofv7UJUCBdamllRlB+056Ld2h",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA0oJjgPQJhnVhOo51KauQGfLLreMFu64OJdKXRnfvAQJQTuKNwc5JrR63l/byyW1B6FgclABF818TtLvMCAkn4EuFwQZCZhg3x3+lFGiB/IzC6UAt4Bi0JQrTbdh83/U97GIPegvaDqiqEiQESEkbCZWxM6sh/34hQaAhCaFpMwIDAQAB",

examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemAdminEventQuery.java 25(+5 -20)

diff --git a/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemAdminEventQuery.java b/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemAdminEventQuery.java
index 6b3a5da..c636534 100644
--- a/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemAdminEventQuery.java
+++ b/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemAdminEventQuery.java
@@ -3,6 +3,7 @@ package org.keycloak.examples.providers.events;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.Collections;
+import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
 import java.util.regex.Pattern;
@@ -112,18 +113,10 @@ public class MemAdminEventQuery implements AdminEventQuery {
     }
 
     @Override
-    public AdminEventQuery fromTime(String fromTime) {
-        SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
-        Long from = null;
-        try {
-            from = df.parse(fromTime).getTime();
-        } catch (ParseException e) {
-            e.printStackTrace();
-        }
-        
+    public AdminEventQuery fromTime(Date fromTime) {
         Iterator<AdminEvent> itr = this.adminEvents.iterator();
         while (itr.hasNext()) {
-            if (!(itr.next().getTime() >= from)) {
+            if (!(itr.next().getTime() >= fromTime.getTime())) {
                 itr.remove();
             }
         }
@@ -131,18 +124,10 @@ public class MemAdminEventQuery implements AdminEventQuery {
     }
 
     @Override
-    public AdminEventQuery toTime(String toTime) {
-        SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
-        Long to = null;
-        try {
-            to = df.parse(toTime).getTime();
-        } catch (ParseException e) {
-            e.printStackTrace();
-        }
-        
+    public AdminEventQuery toTime(Date toTime) {
         Iterator<AdminEvent> itr = this.adminEvents.iterator();
         while (itr.hasNext()) {
-            if (!(itr.next().getTime() <= to)) {
+            if (!(itr.next().getTime() <= toTime.getTime())) {
                 itr.remove();
             }
         }

examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventQuery.java 25(+5 -20)

diff --git a/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventQuery.java b/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventQuery.java
index e60b055..eccd62d 100644
--- a/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventQuery.java
+++ b/examples/providers/event-store-mem/src/main/java/org/keycloak/examples/providers/events/MemEventQuery.java
@@ -7,6 +7,7 @@ import org.keycloak.events.EventType;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.Collections;
+import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
 
@@ -77,18 +78,10 @@ public class MemEventQuery implements EventQuery {
     }
     
     @Override
-    public EventQuery fromDate(String fromDate) {
-        SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
-        Long from = null;
-        try {
-            from = df.parse(fromDate).getTime();
-        } catch (ParseException e) {
-            e.printStackTrace();
-        }
-        
+    public EventQuery fromDate(Date fromDate) {
         Iterator<Event> itr = this.events.iterator();
         while (itr.hasNext()) {
-            if (!(itr.next().getTime() >= from)) {
+            if (!(itr.next().getTime() >= fromDate.getTime())) {
                 itr.remove();
             }
         }
@@ -96,18 +89,10 @@ public class MemEventQuery implements EventQuery {
     }
     
     @Override
-    public EventQuery toDate(String toDate) {
-        SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
-        Long to = null;
-        try {
-            to = df.parse(toDate).getTime();
-        } catch (ParseException e) {
-            e.printStackTrace();
-        }
-        
+    public EventQuery toDate(Date toDate) {
         Iterator<Event> itr = this.events.iterator();
         while (itr.hasNext()) {
-            if (!(itr.next().getTime() <= to)) {
+            if (!(itr.next().getTime() <= toDate.getTime())) {
                 itr.remove();
             }
         }

examples/saml/testsaml.json 1(+0 -1)

diff --git a/examples/saml/testsaml.json b/examples/saml/testsaml.json
index 7cf4a8e..4d9e7d4 100755
--- a/examples/saml/testsaml.json
+++ b/examples/saml/testsaml.json
@@ -3,7 +3,6 @@
     "realm": "saml-demo",
     "enabled": true,
     "sslRequired": "external",
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

export-import/export-import-api/src/main/java/org/keycloak/exportimport/ExportSpi.java 2(+1 -1)

diff --git a/export-import/export-import-api/src/main/java/org/keycloak/exportimport/ExportSpi.java b/export-import/export-import-api/src/main/java/org/keycloak/exportimport/ExportSpi.java
index 208cc6a..bcc91b4 100644
--- a/export-import/export-import-api/src/main/java/org/keycloak/exportimport/ExportSpi.java
+++ b/export-import/export-import-api/src/main/java/org/keycloak/exportimport/ExportSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class ExportSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

export-import/export-import-api/src/main/java/org/keycloak/exportimport/ImportSpi.java 2(+1 -1)

diff --git a/export-import/export-import-api/src/main/java/org/keycloak/exportimport/ImportSpi.java b/export-import/export-import-api/src/main/java/org/keycloak/exportimport/ImportSpi.java
index 90cb6ac..f6f5968 100644
--- a/export-import/export-import-api/src/main/java/org/keycloak/exportimport/ImportSpi.java
+++ b/export-import/export-import-api/src/main/java/org/keycloak/exportimport/ImportSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class ImportSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java 12(+5 -7)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
index 5d58438..c7fbe06 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPDn.java
@@ -2,15 +2,13 @@ package org.keycloak.federation.ldap.idm.model;
 
 import java.util.Deque;
 import java.util.LinkedList;
-import java.util.List;
-import java.util.Queue;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
  */
 public class LDAPDn {
 
-    private final Deque<Entry> entries = new LinkedList<Entry>();
+    private final Deque<Entry> entries = new LinkedList<>();
 
     public static LDAPDn fromString(String dnString) {
         LDAPDn dn = new LDAPDn();
@@ -18,7 +16,7 @@ public class LDAPDn {
         String[] rdns = dnString.split(",");
         for (String entryStr : rdns) {
             String[] rdn = entryStr.split("=");
-            dn.addToBottom(rdn[0].trim(), rdn[1].trim());
+            dn.addLast(rdn[0].trim(), rdn[1].trim());
         }
 
         return dn;
@@ -62,14 +60,14 @@ public class LDAPDn {
      * @return string like "dc=something,dc=org" from the DN like "uid=joe,dc=something,dc=org"
      */
     public String getParentDn() {
-        return new LinkedList<Entry>(entries).remove().toString();
+        return new LinkedList<>(entries).remove().toString();
     }
 
-    public void addToHead(String rdnName, String rdnValue) {
+    public void addFirst(String rdnName, String rdnValue) {
         entries.addFirst(new Entry(rdnName, rdnValue));
     }
 
-    public void addToBottom(String rdnName, String rdnValue) {
+    public void addLast(String rdnName, String rdnValue) {
         entries.addLast(new Entry(rdnName, rdnValue));
     }

federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPObject.java 1(+0 -1)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPObject.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPObject.java
index 587a81f..b7e6c0e 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPObject.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/model/LDAPObject.java
@@ -1,6 +1,5 @@
 package org.keycloak.federation.ldap.idm.model;
 
-import java.io.Serializable;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.LinkedList;

federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/query/internal/LDAPIdentityQuery.java 11(+5 -6)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/query/internal/LDAPIdentityQuery.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/query/internal/LDAPIdentityQuery.java
index 1d62a3c..b3fe0f7 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/query/internal/LDAPIdentityQuery.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/query/internal/LDAPIdentityQuery.java
@@ -13,7 +13,6 @@ import org.keycloak.federation.ldap.LDAPFederationProvider;
 import org.keycloak.federation.ldap.idm.model.LDAPObject;
 import org.keycloak.federation.ldap.idm.query.Condition;
 import org.keycloak.federation.ldap.idm.query.Sort;
-import org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore;
 import org.keycloak.federation.ldap.mappers.LDAPFederationMapper;
 import org.keycloak.models.ModelDuplicateException;
 import org.keycloak.models.ModelException;
@@ -34,10 +33,10 @@ public class LDAPIdentityQuery {
     private int offset;
     private int limit;
     private byte[] paginationContext;
+    private String searchDn;
     private final Set<Condition> conditions = new LinkedHashSet<Condition>();
     private final Set<Sort> ordering = new LinkedHashSet<Sort>();
 
-    private final Set<String> searchDns = new LinkedHashSet<String>();
     private final Set<String> returningLdapAttributes = new LinkedHashSet<String>();
 
     // Contains just those returningLdapAttributes, which are read-only. They will be marked as read-only in returned LDAPObject instances as well
@@ -62,8 +61,8 @@ public class LDAPIdentityQuery {
         return this;
     }
 
-    public LDAPIdentityQuery addSearchDns(Collection<String> searchDns) {
-        this.searchDns.addAll(searchDns);
+    public LDAPIdentityQuery setSearchDn(String searchDn) {
+        this.searchDn = searchDn;
         return this;
     }
 
@@ -96,8 +95,8 @@ public class LDAPIdentityQuery {
         return unmodifiableSet(this.ordering);
     }
 
-    public Set<String> getSearchDns() {
-        return unmodifiableSet(this.searchDns);
+    public String getSearchDn() {
+        return this.searchDn;
     }
 
     public Set<String> getObjectClasses() {

federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java 186(+30 -156)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java
index 552d298..03b23a3 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java
@@ -56,7 +56,7 @@ public class LDAPIdentityStore implements IdentityStore {
         this.config = config;
 
         try {
-            this.operationManager = new LDAPOperationManager(getConfig());
+            this.operationManager = new LDAPOperationManager(config);
         } catch (NamingException e) {
             throw new ModelException("Couldn't init operation manager", e);
         }
@@ -71,11 +71,12 @@ public class LDAPIdentityStore implements IdentityStore {
     public void add(LDAPObject ldapObject) {
         // id will be assigned by the ldap server
         if (ldapObject.getUuid() != null) {
-            throw new IllegalStateException("Can't add object with already assigned uuid");
+            throw new ModelException("Can't add object with already assigned uuid");
         }
 
         String entryDN = ldapObject.getDn().toString();
-        this.operationManager.createSubContext(entryDN, extractAttributes(ldapObject, true));
+        BasicAttributes ldapAttributes = extractAttributes(ldapObject, true);
+        this.operationManager.createSubContext(entryDN, ldapAttributes);
         ldapObject.setUuid(getEntryIdentifier(ldapObject));
 
         if (logger.isTraceEnabled()) {
@@ -108,21 +109,20 @@ public class LDAPIdentityStore implements IdentityStore {
 
     @Override
     public List<LDAPObject> fetchQueryResults(LDAPIdentityQuery identityQuery) {
-        List<LDAPObject> results = new ArrayList<LDAPObject>();
+        if (identityQuery.getSorting() != null && !identityQuery.getSorting().isEmpty()) {
+            throw new ModelException("LDAP Identity Store does not yet support sorted queries.");
+        }
 
-        try {
-            if (identityQuery.getSorting() != null && !identityQuery.getSorting().isEmpty()) {
-                throw new ModelException("LDAP Identity Store does not yet support sorted queries.");
-            }
+        List<LDAPObject> results = new ArrayList<>();
 
-            // TODO: proper support for search by more DNs
-            String baseDN = identityQuery.getSearchDns().iterator().next();
+        try {
+            String baseDN = identityQuery.getSearchDn();
 
             for (Condition condition : identityQuery.getConditions()) {
 
                 // Check if we are searching by ID
                 String uuidAttrName = getConfig().getUuidLDAPAttributeName();
-                if (condition.getParameter() != null && condition.getParameter().getName().equals(uuidAttrName)) {
+                if (condition.getParameter() != null && condition.getParameter().getName().equalsIgnoreCase(uuidAttrName)) {
                     if (EqualCondition.class.isInstance(condition)) {
                         EqualCondition equalCondition = (EqualCondition) condition;
                         SearchResult search = this.operationManager
@@ -148,12 +148,12 @@ public class LDAPIdentityStore implements IdentityStore {
             }
 
             for (SearchResult result : search) {
-                if (!result.getNameInNamespace().equals(baseDN)) {
+                if (!result.getNameInNamespace().equalsIgnoreCase(baseDN)) {
                     results.add(populateAttributedType(result, identityQuery.getReturningReadOnlyLdapAttributes()));
                 }
             }
         } catch (Exception e) {
-            throw new ModelException("Querying of identity type failed " + identityQuery, e);
+            throw new ModelException("Querying of LDAP failed " + identityQuery, e);
         }
 
         return results;
@@ -263,6 +263,7 @@ public class LDAPIdentityStore implements IdentityStore {
         return filter;
     }
 
+
     protected void applyCondition(StringBuilder filter, Condition condition) {
         if (OrCondition.class.isInstance(condition)) {
             OrCondition orCondition = (OrCondition) condition;
@@ -278,7 +279,7 @@ public class LDAPIdentityStore implements IdentityStore {
 
         QueryParameter queryParameter = condition.getParameter();
 
-        if (!getConfig().getUuidLDAPAttributeName().equals(queryParameter.getName())) {
+        if (!getConfig().getUuidLDAPAttributeName().equalsIgnoreCase(queryParameter.getName())) {
             String attributeName = queryParameter.getName();
 
             if (attributeName != null) {
@@ -351,6 +352,7 @@ public class LDAPIdentityStore implements IdentityStore {
         }
     }
 
+
     private StringBuilder getObjectClassesFilter(Collection<String> objectClasses) {
         StringBuilder builder = new StringBuilder();
 
@@ -365,6 +367,7 @@ public class LDAPIdentityStore implements IdentityStore {
         return builder;
     }
 
+
     private LDAPObject populateAttributedType(SearchResult searchResult, Collection<String> readOnlyAttrNames) {
         try {
             String entryDN = searchResult.getNameInNamespace();
@@ -382,7 +385,7 @@ public class LDAPIdentityStore implements IdentityStore {
             NamingEnumeration<? extends Attribute> ldapAttributes = attributes.getAll();
 
             // Exact name of attributes might be different
-            List<String> uppercasedReadOnlyAttrNames = new ArrayList<String>();
+            List<String> uppercasedReadOnlyAttrNames = new ArrayList<>();
             for (String readonlyAttr : readOnlyAttrNames) {
                 uppercasedReadOnlyAttrNames.add(readonlyAttr.toUpperCase());
             }
@@ -398,18 +401,18 @@ public class LDAPIdentityStore implements IdentityStore {
 
                 String ldapAttributeName = ldapAttribute.getID();
 
-                if (ldapAttributeName.toLowerCase().equals(getConfig().getUuidLDAPAttributeName().toLowerCase())) {
+                if (ldapAttributeName.equalsIgnoreCase(getConfig().getUuidLDAPAttributeName())) {
                     Object uuidValue = ldapAttribute.get();
                     ldapObject.setUuid(this.operationManager.decodeEntryUUID(uuidValue));
                 } else {
-                    Set<String> attrValues = new TreeSet<String>();
+                    Set<String> attrValues = new TreeSet<>();
                     NamingEnumeration<?> enumm = ldapAttribute.getAll();
                     while (enumm.hasMoreElements()) {
-                        String objectClass = enumm.next().toString();
-                        attrValues.add(objectClass);
+                        String attrVal = enumm.next().toString();
+                        attrValues.add(attrVal);
                     }
 
-                    if (ldapAttributeName.toLowerCase().equals(LDAPConstants.OBJECT_CLASS)) {
+                    if (ldapAttributeName.equalsIgnoreCase(LDAPConstants.OBJECT_CLASS)) {
                         ldapObject.setObjectClasses(attrValues);
                     } else {
                         if (logger.isTraceEnabled()) {
@@ -430,74 +433,19 @@ public class LDAPIdentityStore implements IdentityStore {
 
             return ldapObject;
 
-            /*LDAPMappingConfiguration entryConfig = getMappingConfig(attributedType.getClass());
-
-            if (mappingConfig.getParentMembershipAttributeName() != null) {
-                StringBuilder filter = new StringBuilder("(&");
-                String entryBaseDN = entryDN.substring(entryDN.indexOf(LDAPConstants.COMMA) + 1);
-
-                filter
-                        .append("(")
-                        .append(getObjectClassesFilter(entryConfig))
-                        .append(")")
-                        .append("(")
-                        .append(mappingConfig.getParentMembershipAttributeName())
-                        .append(LDAPConstants.EQUAL).append("")
-                        .append(getBindingDN(attributedType, false))
-                        .append(LDAPConstants.COMMA)
-                        .append(entryBaseDN)
-                        .append(")");
-
-                filter.append(")");
-
-                if (logger.isTraceEnabled()) {
-                    logger.tracef("Searching parent entry for DN [%s] using filter [%s].", entryBaseDN, filter.toString());
-                }
-
-                List<SearchResult> search = this.operationManager.search(getConfig().getBaseDN(), filter.toString(), entryConfig);
-
-                if (!search.isEmpty()) {
-                    SearchResult next = search.get(0);
-
-                    Property<IdentityType> parentProperty = PropertyQueries
-                            .<IdentityType>createQuery(attributedType.getClass())
-                            .addCriteria(new TypedPropertyCriteria(attributedType.getClass())).getFirstResult();
-
-                    if (parentProperty != null) {
-                        String parentDN = next.getNameInNamespace();
-                        String parentBaseDN = parentDN.substring(parentDN.indexOf(",") + 1);
-                        Class<? extends IdentityType> baseDNType = getConfig().getSupportedTypeByBaseDN(parentBaseDN, getEntryObjectClasses(attributes));
-
-                        if (parentProperty.getJavaClass().isAssignableFrom(baseDNType)) {
-                            if (logger.isTraceEnabled()) {
-                                logger.tracef("Found parent [%s] for entry for DN [%s].", parentDN, entryDN);
-                            }
-
-                            int hierarchyDepthCount1 = ++hierarchyDepthCount;
-
-                            parentProperty.setValue(attributedType, populateAttributedType(next, null, hierarchyDepthCount1));
-                        }
-                    }
-                } else {
-                    if (logger.isTraceEnabled()) {
-                        logger.tracef("No parent entry found for DN [%s] using filter [%s].", entryDN, filter.toString());
-                    }
-                }
-            }  */
-
-
         } catch (Exception e) {
             throw new ModelException("Could not populate attribute type " + searchResult.getNameInNamespace() + ".", e);
         }
     }
 
+
     protected BasicAttributes extractAttributes(LDAPObject ldapObject, boolean isCreate) {
         BasicAttributes entryAttributes = new BasicAttributes();
 
         for (Map.Entry<String, Object> attrEntry : ldapObject.getAttributes().entrySet()) {
             String attrName = attrEntry.getKey();
             Object attrValue = attrEntry.getValue();
-            if (!ldapObject.getReadOnlyAttributeNames().contains(attrName) && (isCreate || !ldapObject.getRdnAttributeName().equals(attrName))) {
+            if (!ldapObject.getReadOnlyAttributeNames().contains(attrName) && (isCreate || !ldapObject.getRdnAttributeName().equalsIgnoreCase(attrName))) {
 
                 if (String.class.isInstance(attrValue)) {
                     if (attrValue.toString().trim().length() == 0) {
@@ -514,7 +462,7 @@ public class LDAPIdentityStore implements IdentityStore {
                 } else if (attrValue == null || attrValue.toString().trim().length() == 0) {
                     entryAttributes.put(attrName, LDAPConstants.EMPTY_ATTRIBUTE_VALUE);
                 } else {
-                    throw new IllegalArgumentException("Unexpected type of value of argument " + attrName + ". Value is " + attrValue);
+                    throw new ModelException("Unexpected type of value of argument " + attrName + ". Value is " + attrValue);
                 }
             }
         }
@@ -526,10 +474,10 @@ public class LDAPIdentityStore implements IdentityStore {
             for (String objectClassValue : ldapObject.getObjectClasses()) {
                 objectClassAttribute.add(objectClassValue);
 
-                if (objectClassValue.equals(LDAPConstants.GROUP_OF_NAMES)
-                        || objectClassValue.equals(LDAPConstants.GROUP_OF_ENTRIES)
-                        || objectClassValue.equals(LDAPConstants.GROUP_OF_UNIQUE_NAMES)) {
-                    entryAttributes.put(LDAPConstants.MEMBER, LDAPConstants.EMPTY_ATTRIBUTE_VALUE);
+                if (objectClassValue.equalsIgnoreCase(LDAPConstants.GROUP_OF_NAMES)
+                        || objectClassValue.equalsIgnoreCase(LDAPConstants.GROUP_OF_ENTRIES)
+                        || objectClassValue.equalsIgnoreCase(LDAPConstants.GROUP_OF_UNIQUE_NAMES)) {
+                    entryAttributes.put(LDAPConstants.MEMBER, LDAPConstants.EMPTY_MEMBER_ATTRIBUTE_VALUE);
                 }
             }
 
@@ -539,80 +487,6 @@ public class LDAPIdentityStore implements IdentityStore {
         return entryAttributes;
     }
 
-    /*public String getBindingDN(IdentityType attributedType, boolean appendBaseDN) {
-        LDAPMappingConfiguration mappingConfig = getMappingConfig(attributedType.getClass());
-
-        String baseDN;
-        if (mappingConfig.getBaseDN() == null || !appendBaseDN) {
-            baseDN = "";
-        } else {
-            baseDN = LDAPConstants.COMMA + getBaseDN(attributedType);
-        }
-
-        Property<String> bindingDnAttributeProperty = mappingConfig.getBindingDnProperty();
-        String bindingAttributeName = mappingConfig.getMappedAttributes().get(bindingDnAttributeProperty.getName());
-        String bindingAttributeValue = mappingConfig.getBindingDnProperty().getValue(attributedType);
-
-        return bindingAttributeName + LDAPConstants.EQUAL + bindingAttributeValue + baseDN;
-    }
-
-    private String getBaseDN(IdentityType attributedType) {
-        LDAPMappingConfiguration mappingConfig = getMappingConfig(attributedType.getClass());
-        String baseDN = mappingConfig.getBaseDN();
-        String parentDN = mappingConfig.getParentMapping().get(mappingConfig.getIdProperty().getValue(attributedType));
-
-        if (parentDN != null) {
-            baseDN = parentDN;
-        } else {
-            Property<IdentityType> parentProperty = PropertyQueries
-                    .<IdentityType>createQuery(attributedType.getClass())
-                    .addCriteria(new TypedPropertyCriteria(attributedType.getClass())).getFirstResult();
-
-            if (parentProperty != null) {
-                IdentityType parentType = parentProperty.getValue(attributedType);
-
-                if (parentType != null) {
-                    Property<String> parentIdProperty = getMappingConfig(parentType.getClass()).getIdProperty();
-
-                    String parentId = parentIdProperty.getValue(parentType);
-
-                    String parentBaseDN = mappingConfig.getParentMapping().get(parentId);
-
-                    if (parentBaseDN != null) {
-                        baseDN = parentBaseDN;
-                    } else {
-                        baseDN = getBaseDN(parentType);
-                    }
-                }
-            }
-        }
-
-        return baseDN;
-    }
-
-    protected void addToParentAsMember(final IdentityType attributedType) {
-        LDAPMappingConfiguration entryConfig = getMappingConfig(attributedType.getClass());
-
-        if (entryConfig.getParentMembershipAttributeName() != null) {
-            Property<IdentityType> parentProperty = PropertyQueries
-                    .<IdentityType>createQuery(attributedType.getClass())
-                    .addCriteria(new TypedPropertyCriteria(attributedType.getClass()))
-                    .getFirstResult();
-
-            if (parentProperty != null) {
-                IdentityType parentType = parentProperty.getValue(attributedType);
-
-                if (parentType != null) {
-                    Attributes attributes = this.operationManager.getAttributes(parentType.getId(), getBaseDN(parentType), entryConfig);
-                    Attribute attribute = attributes.get(entryConfig.getParentMembershipAttributeName());
-
-                    attribute.add(getBindingDN(attributedType, true));
-
-                    this.operationManager.modifyAttribute(getBindingDN(parentType, true), attribute);
-                }
-            }
-        }
-    }   */
 
     protected String getEntryIdentifier(final LDAPObject ldapObject) {
         try {

federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java 6(+3 -3)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
index 0a9f4dc..fd88f39 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
@@ -451,8 +451,9 @@ public class LDAPOperationManager {
     private Map<String, Object> createConnectionProperties() {
         HashMap<String, Object> env = new HashMap<String, Object>();
 
+        String authType = this.config.getAuthType();
         env.put(Context.INITIAL_CONTEXT_FACTORY, this.config.getFactoryName());
-        env.put(Context.SECURITY_AUTHENTICATION, this.config.getAuthType());
+        env.put(Context.SECURITY_AUTHENTICATION, authType);
 
         String protocol = this.config.getSecurityProtocol();
 
@@ -468,7 +469,7 @@ public class LDAPOperationManager {
             bindCredential = this.config.getBindCredential().toCharArray();
         }
 
-        if (bindDN != null) {
+        if (!LDAPConstants.AUTH_TYPE_NONE.equals(authType)) {
             env.put(Context.SECURITY_PRINCIPAL, bindDN);
             env.put(Context.SECURITY_CREDENTIALS, bindCredential);
         }
@@ -512,7 +513,6 @@ public class LDAPOperationManager {
             context = createLdapContext();
             return operation.execute(context);
         } catch (NamingException ne) {
-            logger.error("Could not create Ldap context or operation execution error.", ne);
             throw ne;
         } finally {
             if (context != null) {

federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java 30(+9 -21)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java
index 580a556..4ebde77 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java
@@ -1,8 +1,6 @@
 package org.keycloak.federation.ldap;
 
-import java.util.Arrays;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Properties;
@@ -12,7 +10,6 @@ import javax.naming.directory.SearchControls;
 
 import org.keycloak.models.LDAPConstants;
 import org.keycloak.models.UserFederationProvider;
-import org.keycloak.models.UserFederationProviderModel;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@@ -37,8 +34,12 @@ public class LDAPConfig {
     }
 
     public String getAuthType() {
-        // hardcoded for now
-        return "simple";
+        String value = config.get(LDAPConstants.AUTH_TYPE);
+        if (value == null) {
+            return LDAPConstants.AUTH_TYPE_SIMPLE;
+        } else {
+            return value;
+        }
     }
 
     public String getSecurityProtocol() {
@@ -46,21 +47,8 @@ public class LDAPConfig {
         return config.get(LDAPConstants.SECURITY_PROTOCOL);
     }
 
-    public Collection<String> getUserDns() {
-        String value = config.get(LDAPConstants.USER_DNS);
-        if (value == null) {
-            return Collections.emptyList();
-        } else {
-            return Arrays.asList(value.split(LDAPConstants.CONFIG_DIVIDER));
-        }
-    }
-
-    public String getSingleUserDn() {
-        Collection<String> dns = getUserDns();
-        if (dns.size() == 0) {
-            throw new IllegalStateException("No user DN configured. User DNS value is " + config.get(LDAPConstants.USER_DNS));
-        }
-        return dns.iterator().next();
+    public String getUsersDn() {
+        return config.get(LDAPConstants.USERS_DN);
     }
 
     public Collection<String> getUserObjectClasses() {
@@ -70,7 +58,7 @@ public class LDAPConfig {
         String[] objectClasses = objClassesStr.split(",");
 
         // Trim them
-        Set<String> userObjClasses = new HashSet<String>();
+        Set<String> userObjClasses = new HashSet<>();
         for (int i=0 ; i<objectClasses.length ; i++) {
             userObjClasses.add(objectClasses[i].trim());
         }

federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProvider.java 9(+4 -5)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProvider.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProvider.java
index 2168282..7ad05d3 100755
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProvider.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProvider.java
@@ -106,7 +106,7 @@ public class LDAPFederationProvider implements UserFederationProvider {
                 proxied = new UnsyncedLDAPUserModelDelegate(local, this);
         }
 
-        Set<UserFederationMapperModel> federationMappers = realm.getUserFederationMappers();
+        Set<UserFederationMapperModel> federationMappers = realm.getUserFederationMappersByFederationProvider(model.getId());
         for (UserFederationMapperModel mapperModel : federationMappers) {
             LDAPFederationMapper ldapMapper = getMapper(mapperModel);
             proxied = ldapMapper.proxy(mapperModel, this, ldapObject, proxied, realm);
@@ -263,7 +263,7 @@ public class LDAPFederationProvider implements UserFederationProvider {
         UserModel imported = session.userStorage().addUser(realm, ldapUsername);
         imported.setEnabled(true);
 
-        Set<UserFederationMapperModel> federationMappers = realm.getUserFederationMappers();
+        Set<UserFederationMapperModel> federationMappers = realm.getUserFederationMappersByFederationProvider(getModel().getId());
         for (UserFederationMapperModel mapperModel : federationMappers) {
             LDAPFederationMapper ldapMapper = getMapper(mapperModel);
             ldapMapper.onImportUserFromLDAP(mapperModel, this, ldapUser, imported, realm, true);
@@ -308,8 +308,7 @@ public class LDAPFederationProvider implements UserFederationProvider {
 
     @Override
     public void preRemove(RealmModel realm, RoleModel role) {
-        // complete I don't think we have to do anything here
-        // TODO: requires implementation... Maybe mappers callback to ensure role deletion propagated to LDAP by RoleLDAPFederationMapper
+        // TODO: Maybe mappers callback to ensure role deletion propagated to LDAP by RoleLDAPFederationMapper?
     }
 
     public boolean validPassword(RealmModel realm, UserModel user, String password) {
@@ -399,7 +398,7 @@ public class LDAPFederationProvider implements UserFederationProvider {
                 if ((fedModel.getId().equals(currentUser.getFederationLink())) && (ldapUser.getUuid().equals(currentUser.getAttribute(LDAPConstants.LDAP_ID)))) {
 
                     // Update keycloak user
-                    Set<UserFederationMapperModel> federationMappers = realm.getUserFederationMappers();
+                    Set<UserFederationMapperModel> federationMappers = realm.getUserFederationMappersByFederationProvider(model.getId());
                     for (UserFederationMapperModel mapperModel : federationMappers) {
                         LDAPFederationMapper ldapMapper = getMapper(mapperModel);
                         ldapMapper.onImportUserFromLDAP(mapperModel, this, ldapUser, currentUser, realm, false);

federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java 42(+36 -6)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java
index c020f51..5c1bf6e 100755
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java
@@ -94,12 +94,42 @@ public class LDAPFederationProviderFactory extends UserFederationEventAwareProvi
                 UserAttributeLDAPFederationMapper.READ_ONLY, readOnly);
         realm.addUserFederationMapper(mapperModel);
 
-        // For AD deployments with sAMAccountName is probably more common to map "cn" to full name of user
-        if (activeDirectory && usernameLdapAttribute.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)) {
-            mapperModel = KeycloakModelUtils.createUserFederationMapperModel("full name", newProviderModel.getId(), FullNameLDAPFederationMapperFactory.PROVIDER_ID,
-                    FullNameLDAPFederationMapper.LDAP_FULL_NAME_ATTRIBUTE, LDAPConstants.CN,
-                    UserAttributeLDAPFederationMapper.READ_ONLY, readOnly);
-            realm.addUserFederationMapper(mapperModel);
+        // CN is typically used as RDN for Active Directory deployments
+        if (ldapConfig.getRdnLdapAttribute().equalsIgnoreCase(LDAPConstants.CN)) {
+
+            if (usernameLdapAttribute.equalsIgnoreCase(LDAPConstants.CN)) {
+
+                // For AD deployments with "cn" as username, we will map "givenName" to first name
+                mapperModel = KeycloakModelUtils.createUserFederationMapperModel("first name", newProviderModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID,
+                        UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, UserModel.FIRST_NAME,
+                        UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, LDAPConstants.GIVENNAME,
+                        UserAttributeLDAPFederationMapper.READ_ONLY, readOnly);
+                realm.addUserFederationMapper(mapperModel);
+
+            } else {
+                if (editMode == UserFederationProvider.EditMode.WRITABLE) {
+
+                    // For AD deployments with "sAMAccountName" as username and writable, we need to map "cn" as username as well (this is needed so we can register new users from KC into LDAP) and we will map "givenName" to first name.
+                    mapperModel = KeycloakModelUtils.createUserFederationMapperModel("first name", newProviderModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID,
+                            UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, UserModel.FIRST_NAME,
+                            UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, LDAPConstants.GIVENNAME,
+                            UserAttributeLDAPFederationMapper.READ_ONLY, readOnly);
+                    realm.addUserFederationMapper(mapperModel);
+
+                    mapperModel = KeycloakModelUtils.createUserFederationMapperModel("username-cn", newProviderModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID,
+                            UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, UserModel.USERNAME,
+                            UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, LDAPConstants.CN,
+                            UserAttributeLDAPFederationMapper.READ_ONLY, readOnly);
+                    realm.addUserFederationMapper(mapperModel);
+                } else {
+
+                    // For read-only LDAP, we map "cn" as full name
+                    mapperModel = KeycloakModelUtils.createUserFederationMapperModel("full name", newProviderModel.getId(), FullNameLDAPFederationMapperFactory.PROVIDER_ID,
+                            FullNameLDAPFederationMapper.LDAP_FULL_NAME_ATTRIBUTE, LDAPConstants.CN,
+                            UserAttributeLDAPFederationMapper.READ_ONLY, readOnly);
+                    realm.addUserFederationMapper(mapperModel);
+                }
+            }
         } else {
             mapperModel = KeycloakModelUtils.createUserFederationMapperModel("first name", newProviderModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID,
                     UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, UserModel.FIRST_NAME,

federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPIdentityStoreRegistry.java 6(+3 -3)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPIdentityStoreRegistry.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPIdentityStoreRegistry.java
index 97f347b..c737266 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPIdentityStoreRegistry.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPIdentityStoreRegistry.java
@@ -24,7 +24,7 @@ public class LDAPIdentityStoreRegistry {
         // Ldap config might have changed for the realm. In this case, we must re-initialize
         Map<String, String> config = model.getConfig();
         if (context == null || !config.equals(context.config)) {
-            logLDAPConfig(model.getId(), config);
+            logLDAPConfig(model.getDisplayName(), config);
 
             LDAPIdentityStore store = createLdapIdentityStore(config);
             context = new LDAPIdentityStoreContext(config, store);
@@ -34,10 +34,10 @@ public class LDAPIdentityStoreRegistry {
     }
 
     // Don't log LDAP password
-    private void logLDAPConfig(String fedProviderId, Map<String, String> ldapConfig) {
+    private void logLDAPConfig(String fedProviderDisplayName, Map<String, String> ldapConfig) {
         Map<String, String> copy = new HashMap<String, String>(ldapConfig);
         copy.remove(LDAPConstants.BIND_CREDENTIAL);
-        logger.infof("Creating new LDAP based partition manager for the Federation provider: " + fedProviderId + ", LDAP Configuration: " + copy);
+        logger.infof("Creating new LDAP based partition manager for the Federation provider: " + fedProviderDisplayName + ", LDAP Configuration: " + copy);
     }
 
     /**

federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPUtils.java 30(+10 -20)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPUtils.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPUtils.java
index 37e110c..396d997 100755
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPUtils.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPUtils.java
@@ -34,7 +34,7 @@ public class LDAPUtils {
         ldapUser.setRdnAttributeName(ldapConfig.getRdnLdapAttribute());
         ldapUser.setObjectClasses(ldapConfig.getUserObjectClasses());
 
-        Set<UserFederationMapperModel> federationMappers = realm.getUserFederationMappers();
+        Set<UserFederationMapperModel> federationMappers = realm.getUserFederationMappersByFederationProvider(ldapProvider.getModel().getId());
         for (UserFederationMapperModel mapperModel : federationMappers) {
             LDAPFederationMapper ldapMapper = ldapProvider.getMapper(mapperModel);
             ldapMapper.onRegisterUserToLDAP(mapperModel, ldapProvider, ldapUser, user, realm);
@@ -45,40 +45,30 @@ public class LDAPUtils {
         return ldapUser;
     }
 
-    public static void removeAllUsers(LDAPFederationProvider ldapProvider, RealmModel realm) {
-        LDAPIdentityStore ldapStore = ldapProvider.getLdapIdentityStore();
-        LDAPIdentityQuery ldapQuery = LDAPUtils.createQueryForUserSearch(ldapProvider, realm);
-        List<LDAPObject> allUsers = ldapQuery.getResultList();
-
-        for (LDAPObject ldapUser : allUsers) {
-            ldapStore.remove(ldapUser);
-        }
-    }
-
     public static LDAPIdentityQuery createQueryForUserSearch(LDAPFederationProvider ldapProvider, RealmModel realm) {
         LDAPIdentityQuery ldapQuery = new LDAPIdentityQuery(ldapProvider);
         LDAPConfig config = ldapProvider.getLdapIdentityStore().getConfig();
         ldapQuery.setSearchScope(config.getSearchScope());
-        ldapQuery.addSearchDns(config.getUserDns());
+        ldapQuery.setSearchDn(config.getUsersDn());
         ldapQuery.addObjectClasses(config.getUserObjectClasses());
 
-        Set<UserFederationMapperModel> mapperModels = realm.getUserFederationMappers();
+        Set<UserFederationMapperModel> mapperModels = realm.getUserFederationMappersByFederationProvider(ldapProvider.getModel().getId());
         ldapQuery.addMappers(mapperModels);
 
         return ldapQuery;
     }
 
-    // ldapUser has filled attributes, but doesn't have filled dn
-    public static void computeAndSetDn(LDAPConfig config, LDAPObject ldapObject) {
+    // ldapUser has filled attributes, but doesn't have filled dn.
+    private static void computeAndSetDn(LDAPConfig config, LDAPObject ldapUser) {
         String rdnLdapAttrName = config.getRdnLdapAttribute();
-        String rdnLdapAttrValue = ldapObject.getAttributeAsString(rdnLdapAttrName);
+        String rdnLdapAttrValue = ldapUser.getAttributeAsString(rdnLdapAttrName);
         if (rdnLdapAttrValue == null) {
-            throw new ModelException("RDN Attribute [" + rdnLdapAttrName + "] is not filled. Filled attributes: " + ldapObject.getAttributes());
+            throw new ModelException("RDN Attribute [" + rdnLdapAttrName + "] is not filled. Filled attributes: " + ldapUser.getAttributes());
         }
 
-        LDAPDn dn = LDAPDn.fromString(config.getSingleUserDn());
-        dn.addToHead(rdnLdapAttrName, rdnLdapAttrValue);
-        ldapObject.setDn(dn);
+        LDAPDn dn = LDAPDn.fromString(config.getUsersDn());
+        dn.addFirst(rdnLdapAttrName, rdnLdapAttrValue);
+        ldapUser.setDn(dn);
     }
 
     public static String getUsername(LDAPObject ldapUser, LDAPConfig config) {

federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/AbstractLDAPFederationMapperFactory.java 5(+0 -5)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/AbstractLDAPFederationMapperFactory.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/AbstractLDAPFederationMapperFactory.java
index 33ace78..75e77f3 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/AbstractLDAPFederationMapperFactory.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/AbstractLDAPFederationMapperFactory.java
@@ -36,11 +36,6 @@ public abstract class AbstractLDAPFederationMapperFactory implements UserFederat
     }
 
     @Override
-    public List<ProviderConfigProperty> getConfigProperties() {
-        throw new IllegalStateException("Method not supported for this implementation");
-    }
-
-    @Override
     public void close() {
     }

federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/FullNameLDAPFederationMapper.java 9(+2 -7)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/FullNameLDAPFederationMapper.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/FullNameLDAPFederationMapper.java
index 109b0b0..7466778 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/FullNameLDAPFederationMapper.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/FullNameLDAPFederationMapper.java
@@ -1,24 +1,19 @@
 package org.keycloak.federation.ldap.mappers;
 
 import java.util.HashSet;
-import java.util.List;
 import java.util.Set;
 
 import org.keycloak.federation.ldap.LDAPFederationProvider;
-import org.keycloak.federation.ldap.LDAPUtils;
 import org.keycloak.federation.ldap.idm.model.LDAPObject;
 import org.keycloak.federation.ldap.idm.query.Condition;
 import org.keycloak.federation.ldap.idm.query.QueryParameter;
 import org.keycloak.federation.ldap.idm.query.internal.EqualCondition;
 import org.keycloak.federation.ldap.idm.query.internal.LDAPIdentityQuery;
-import org.keycloak.mappers.UserFederationMapper;
-import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.LDAPConstants;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserFederationMapperModel;
 import org.keycloak.models.UserFederationProvider;
 import org.keycloak.models.UserModel;
-import org.keycloak.provider.ProviderConfigProperty;
 
 /**
  * Mapper useful for the LDAP deployments when some attribute (usually CN) is mapped to full name of user
@@ -35,7 +30,7 @@ public class FullNameLDAPFederationMapper extends AbstractLDAPFederationMapper {
         String ldapFullNameAttrName = getLdapFullNameAttrName(mapperModel);
         String fullName = ldapUser.getAttributeAsString(ldapFullNameAttrName);
         fullName = fullName.trim();
-        if (fullName != null) {
+        if (fullName != null && !fullName.trim().isEmpty()) {
             int lastSpaceIndex = fullName.lastIndexOf(" ");
             if (lastSpaceIndex == -1) {
                 user.setLastName(fullName);
@@ -130,7 +125,7 @@ public class FullNameLDAPFederationMapper extends AbstractLDAPFederationMapper {
             fullName = firstNameCondition.getValue() + " " + lastNameCondition.getValue();
         } else if (firstNameCondition != null) {
             fullName = (String) firstNameCondition.getValue();
-        } else if (firstNameCondition != null) {
+        } else if (lastNameCondition != null) {
             fullName = (String) lastNameCondition.getValue();
         } else {
             return;

federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/FullNameLDAPFederationMapperFactory.java 2(+1 -1)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/FullNameLDAPFederationMapperFactory.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/FullNameLDAPFederationMapperFactory.java
index d0d6230..e26cd66 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/FullNameLDAPFederationMapperFactory.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/FullNameLDAPFederationMapperFactory.java
@@ -46,7 +46,7 @@ public class FullNameLDAPFederationMapperFactory extends AbstractLDAPFederationM
     }
 
     @Override
-    public List<ProviderConfigProperty> getConfigProperties(RealmModel realm) {
+    public List<ProviderConfigProperty> getConfigProperties() {
         return configProperties;
     }

federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java 92(+53 -39)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java
index 084b255..2a78169 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java
@@ -1,14 +1,11 @@
 package org.keycloak.federation.ldap.mappers;
 
-import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 import java.util.TreeSet;
 
-import javax.naming.directory.SearchControls;
-
 import org.jboss.logging.Logger;
 import org.keycloak.federation.ldap.LDAPFederationProvider;
 import org.keycloak.federation.ldap.idm.model.LDAPDn;
@@ -97,6 +94,9 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
     // Sync roles from LDAP tree and create them in local Keycloak DB (if they don't exist here yet)
     protected void syncRolesFromLDAP(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, RealmModel realm) {
         if (!rolesSyncedModels.contains(mapperModel.getId())) {
+            // TODO: debug
+            logger.infof("Syncing roles from LDAP into Keycloak DB. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getDisplayName());
+
             LDAPIdentityQuery ldapQuery = createRoleQuery(mapperModel, ldapProvider);
 
             // Send query
@@ -108,7 +108,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
                 String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
 
                 if (roleContainer.getRole(roleName) == null) {
-                    // TODO: rather change to debug
+                    // TODO: debug
                     logger.infof("Syncing role [%s] from LDAP to keycloak DB", roleName);
                     roleContainer.addRole(roleName);
                 }
@@ -120,12 +120,14 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
 
     public LDAPIdentityQuery createRoleQuery(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider) {
         LDAPIdentityQuery ldapQuery = new LDAPIdentityQuery(ldapProvider);
-        ldapQuery.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+
+        // For now, use same search scope, which is configured "globally" and used for user's search.
+        ldapQuery.setSearchScope(ldapProvider.getLdapIdentityStore().getConfig().getSearchScope());
 
         String rolesDn = getRolesDn(mapperModel);
-        ldapQuery.addSearchDns(Arrays.asList(rolesDn));
+        ldapQuery.setSearchDn(rolesDn);
 
-        Collection<String> roleObjectClasses = getRoleObjectClasses(mapperModel);
+        Collection<String> roleObjectClasses = getRoleObjectClasses(mapperModel, ldapProvider);
         ldapQuery.addObjectClasses(roleObjectClasses);
 
         String rolesRdnAttr = getRoleNameLdapAttribute(mapperModel);
@@ -143,11 +145,11 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
         } else {
             String clientId = mapperModel.getConfig().get(CLIENT_ID);
             if (clientId == null) {
-                throw new IllegalStateException("Using client roles mapping is requested, but parameter client.id not found!");
+                throw new ModelException("Using client roles mapping is requested, but parameter client.id not found!");
             }
             ClientModel client = realm.getClientByClientId(clientId);
             if (client == null) {
-                throw new IllegalStateException("Can't found requested client with clientId: " + clientId);
+                throw new ModelException("Can't found requested client with clientId: " + clientId);
             }
             return client;
         }
@@ -156,7 +158,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
     protected String getRolesDn(UserFederationMapperModel mapperModel) {
         String rolesDn = mapperModel.getConfig().get(ROLES_DN);
         if (rolesDn == null) {
-            throw new IllegalStateException("Roles DN is null! Check your configuration");
+            throw new ModelException("Roles DN is null! Check your configuration");
         }
         return rolesDn;
     }
@@ -171,10 +173,11 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
         return membershipAttrName!=null ? membershipAttrName : LDAPConstants.MEMBER;
     }
 
-    protected Collection<String> getRoleObjectClasses(UserFederationMapperModel mapperModel) {
+    protected Collection<String> getRoleObjectClasses(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider) {
         String objectClasses = mapperModel.getConfig().get(ROLE_OBJECT_CLASSES);
         if (objectClasses == null) {
-            objectClasses = "groupOfNames";
+            // For Active directory, the default is 'group' . For other servers 'groupOfNames'
+            objectClasses = ldapProvider.getLdapIdentityStore().getConfig().isActiveDirectory() ? LDAPConstants.GROUP : LDAPConstants.GROUP_OF_NAMES;
         }
         String[] objClasses = objectClasses.split(",");
 
@@ -190,26 +193,25 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
 
     private Mode getMode(UserFederationMapperModel mapperModel) {
         String modeString = mapperModel.getConfig().get(MODE);
-        if (modeString == null || modeString.trim().length() == 0) {
-            return Mode.LDAP_ONLY;
+        if (modeString == null || modeString.isEmpty()) {
+            throw new ModelException("Mode is missing! Check your configuration");
         }
 
         return Enum.valueOf(Mode.class, modeString.toUpperCase());
     }
 
-    protected LDAPObject createLDAPRole(UserFederationMapperModel mapperModel, String roleName, LDAPFederationProvider ldapProvider) {
+    public LDAPObject createLDAPRole(UserFederationMapperModel mapperModel, String roleName, LDAPFederationProvider ldapProvider) {
         LDAPObject ldapObject = new LDAPObject();
         String roleNameAttribute = getRoleNameLdapAttribute(mapperModel);
         ldapObject.setRdnAttributeName(roleNameAttribute);
-        ldapObject.setObjectClasses(getRoleObjectClasses(mapperModel));
+        ldapObject.setObjectClasses(getRoleObjectClasses(mapperModel, ldapProvider));
         ldapObject.setAttribute(roleNameAttribute, roleName);
 
         LDAPDn roleDn = LDAPDn.fromString(getRolesDn(mapperModel));
-        roleDn.addToHead(roleNameAttribute, roleName);
+        roleDn.addFirst(roleNameAttribute, roleName);
         ldapObject.setDn(roleDn);
 
-        // TODO: debug
-        logger.infof("Creating role to [%s] to LDAP with DN [%s]", roleName, roleDn.toString());
+        logger.infof("Creating role [%s] to LDAP with DN [%s]", roleName, roleDn.toString());
         ldapProvider.getLdapIdentityStore().add(ldapObject);
         return ldapObject;
     }
@@ -231,9 +233,9 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
         Set<String> memberships = getExistingMemberships(mapperModel, ldapRole);
         memberships.remove(ldapUser.getDn().toString());
 
-        // Some membership placeholder needs to be always here as "member" is mandatory attribute on some LDAP servers
-        if (memberships.size() == 0) {
-            memberships.add(LDAPConstants.EMPTY_ATTRIBUTE_VALUE);
+        // Some membership placeholder needs to be always here as "member" is mandatory attribute on some LDAP servers. But on active directory! (Empty membership is not allowed here)
+        if (memberships.size() == 0 && !ldapProvider.getLdapIdentityStore().getConfig().isActiveDirectory()) {
+            memberships.add(LDAPConstants.EMPTY_MEMBER_ATTRIBUTE_VALUE);
         }
 
         ldapRole.setAttribute(getMembershipLdapAttribute(mapperModel), memberships);
@@ -278,23 +280,6 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
         return ldapQuery.getResultList();
     }
 
-    protected Set<RoleModel> getLDAPRoleMappingsConverted(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, LDAPObject ldapUser, RoleContainerModel roleContainer) {
-        List<LDAPObject> ldapRoles = getLDAPRoleMappings(mapperModel, ldapProvider, ldapUser);
-
-        Set<RoleModel> roles = new HashSet<RoleModel>();
-        String roleNameLdapAttr = getRoleNameLdapAttribute(mapperModel);
-        for (LDAPObject role : ldapRoles) {
-            String roleName = role.getAttributeAsString(roleNameLdapAttr);
-            RoleModel modelRole = roleContainer.getRole(roleName);
-            if (modelRole == null) {
-                // Add role to local DB
-                modelRole = roleContainer.addRole(roleName);
-            }
-            roles.add(modelRole);
-        }
-        return roles;
-    }
-
     @Override
     public UserModel proxy(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, LDAPObject ldapUser, UserModel delegate, RealmModel realm) {
         final Mode mode = getMode(mapperModel);
@@ -321,6 +306,9 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
         private final RealmModel realm;
         private final Mode mode;
 
+        // Avoid loading role mappings from LDAP more times per-request
+        private Set<RoleModel> cachedLDAPRoleMappings;
+
         public LDAPRoleMappingsUserDelegate(UserModel user, UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, LDAPObject ldapUser,
                                             RealmModel realm, Mode mode) {
             super(user);
@@ -385,6 +373,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
                 if (role.getContainer().equals(roleContainer)) {
 
                     // We need to create new role mappings in LDAP
+                    cachedLDAPRoleMappings = null;
                     addRoleMappingInLDAP(mapperModel, role.getName(), ldapProvider, ldapUser);
                 } else {
                     super.grantRole(role);
@@ -415,6 +404,30 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
             return modelRoleMappings;
         }
 
+        protected Set<RoleModel> getLDAPRoleMappingsConverted(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, LDAPObject ldapUser, RoleContainerModel roleContainer) {
+            if (cachedLDAPRoleMappings != null) {
+                return new HashSet<>(cachedLDAPRoleMappings);
+            }
+
+            List<LDAPObject> ldapRoles = getLDAPRoleMappings(mapperModel, ldapProvider, ldapUser);
+
+            Set<RoleModel> roles = new HashSet<RoleModel>();
+            String roleNameLdapAttr = getRoleNameLdapAttribute(mapperModel);
+            for (LDAPObject role : ldapRoles) {
+                String roleName = role.getAttributeAsString(roleNameLdapAttr);
+                RoleModel modelRole = roleContainer.getRole(roleName);
+                if (modelRole == null) {
+                    // Add role to local DB
+                    modelRole = roleContainer.addRole(roleName);
+                }
+                roles.add(modelRole);
+            }
+
+            cachedLDAPRoleMappings = new HashSet<>(roles);
+
+            return roles;
+        }
+
         @Override
         public void deleteRoleMapping(RoleModel role) {
             RoleContainerModel roleContainer = getTargetRoleContainer(mapperModel, realm);
@@ -438,6 +451,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
                         throw new ModelException("Not possible to delete LDAP role mappings as mapper mode is READ_ONLY");
                     } else {
                         // Delete ldap role mappings
+                        cachedLDAPRoleMappings = null;
                         deleteRoleMappingInLDAP(mapperModel, ldapProvider, ldapUser, ldapRole);
                     }
                 }

federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapperFactory.java 74(+56 -18)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapperFactory.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapperFactory.java
index a5eadd9..2d6d24c 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapperFactory.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapperFactory.java
@@ -1,25 +1,33 @@
 package org.keycloak.federation.ldap.mappers;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.LinkedList;
 import java.util.List;
-import java.util.Map;
 
+import org.jboss.logging.Logger;
+import org.keycloak.federation.ldap.LDAPFederationProvider;
 import org.keycloak.mappers.MapperConfigValidationException;
 import org.keycloak.mappers.UserFederationMapper;
-import org.keycloak.models.ClientModel;
 import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.models.LDAPConstants;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserFederationMapperModel;
+import org.keycloak.models.UserFederationProvider;
+import org.keycloak.models.UserFederationProviderFactory;
+import org.keycloak.models.UserFederationProviderModel;
+import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.provider.ProviderConfigProperty;
+import org.keycloak.provider.ProviderEvent;
+import org.keycloak.provider.ProviderEventListener;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
  */
 public class RoleLDAPFederationMapperFactory extends AbstractLDAPFederationMapperFactory {
 
+    private static final Logger logger = Logger.getLogger(RoleLDAPFederationMapperFactory.class);
+
     public static final String PROVIDER_ID = "role-ldap-mapper";
 
     protected static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
@@ -40,8 +48,8 @@ public class RoleLDAPFederationMapperFactory extends AbstractLDAPFederationMappe
         configProperties.add(membershipLDAPAttribute);
 
         ProviderConfigProperty roleObjectClasses = createConfigProperty(RoleLDAPFederationMapper.ROLE_OBJECT_CLASSES, "Role Object Classes",
-                "Object classes of the role object divided by comma (if more values needed). In typical LDAP deployment it could be 'groupOfNames' or 'groupOfEntries' ",
-                ProviderConfigProperty.STRING_TYPE, LDAPConstants.GROUP_OF_NAMES);
+                "Object class (or classes) of the role object. It's divided by comma if more classes needed. In typical LDAP deployment it could be 'groupOfNames' . In Active Directory it's usually 'group' ",
+                ProviderConfigProperty.STRING_TYPE, null);
         configProperties.add(roleObjectClasses);
 
         List<String> modes = new LinkedList<String>();
@@ -59,7 +67,10 @@ public class RoleLDAPFederationMapperFactory extends AbstractLDAPFederationMappe
                 "If true, then LDAP role mappings will be mapped to realm role mappings in Keycloak. Otherwise it will be mapped to client role mappings", ProviderConfigProperty.BOOLEAN_TYPE, "true");
         configProperties.add(useRealmRolesMappings);
 
-        // NOTE: ClientID will be computed dynamically from available clients
+        ProviderConfigProperty clientIdProperty = createConfigProperty(RoleLDAPFederationMapper.CLIENT_ID, "Client ID",
+                "Client ID of client to which LDAP role mappings will be mapped. Applicable just if 'Use Realm Roles Mapping' is false",
+                ProviderConfigProperty.CLIENT_LIST_TYPE, null);
+        configProperties.add(clientIdProperty);
     }
 
     @Override
@@ -78,18 +89,8 @@ public class RoleLDAPFederationMapperFactory extends AbstractLDAPFederationMappe
     }
 
     @Override
-    public List<ProviderConfigProperty> getConfigProperties(RealmModel realm) {
-        List<ProviderConfigProperty> props = new ArrayList<ProviderConfigProperty>(configProperties);
-
-        Map<String, ClientModel> clients = realm.getClientNameMap();
-        List<String> clientIds = new ArrayList<String>(clients.keySet());
-
-        ProviderConfigProperty clientIdProperty = createConfigProperty(RoleLDAPFederationMapper.CLIENT_ID, "Client ID",
-                "Client ID of client to which LDAP role mappings will be mapped. Applicable just if 'Use Realm Roles Mapping' is false",
-                ProviderConfigProperty.LIST_TYPE, clientIds);
-        props.add(clientIdProperty);
-
-        return props;
+    public List<ProviderConfigProperty> getConfigProperties() {
+        return configProperties;
     }
 
     @Override
@@ -97,9 +98,46 @@ public class RoleLDAPFederationMapperFactory extends AbstractLDAPFederationMappe
         return PROVIDER_ID;
     }
 
+    // Sync roles from LDAP to Keycloak DB during creation or update of mapperModel
+    @Override
+    public void postInit(KeycloakSessionFactory factory) {
+        factory.register(new ProviderEventListener() {
+
+            @Override
+            public void onEvent(ProviderEvent event) {
+                if (event instanceof RealmModel.UserFederationMapperEvent) {
+                    RealmModel.UserFederationMapperEvent mapperEvent = (RealmModel.UserFederationMapperEvent)event;
+                    UserFederationMapperModel mapperModel = mapperEvent.getFederationMapper();
+                    RealmModel realm = mapperEvent.getRealm();
+                    KeycloakSession session = mapperEvent.getSession();
+
+                    if (mapperModel.getFederationMapperType().equals(PROVIDER_ID)) {
+                        try {
+                            String federationProviderId = mapperModel.getFederationProviderId();
+                            UserFederationProviderModel providerModel = KeycloakModelUtils.findUserFederationProviderById(federationProviderId, realm);
+                            if (providerModel == null) {
+                                throw new IllegalStateException("Can't find federation provider with ID [" + federationProviderId + "] in realm " + realm.getName());
+                            }
+
+                            UserFederationProviderFactory ldapFactory = (UserFederationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, providerModel.getProviderName());
+                            LDAPFederationProvider ldapProvider = (LDAPFederationProvider) ldapFactory.getInstance(session, providerModel);
+
+                            // Sync roles
+                            new RoleLDAPFederationMapper().syncRolesFromLDAP(mapperModel, ldapProvider, realm);
+                        } catch (Exception e) {
+                            logger.warn("Exception during initial sync of roles from LDAP.", e);
+                        }
+                    }
+                }
+            }
+
+        });
+    }
+
     @Override
     public void validateConfig(UserFederationMapperModel mapperModel) throws MapperConfigValidationException {
         checkMandatoryConfigAttribute(RoleLDAPFederationMapper.ROLES_DN, "LDAP Roles DN", mapperModel);
+        checkMandatoryConfigAttribute(RoleLDAPFederationMapper.MODE, "Mode", mapperModel);
 
         String realmMappings = mapperModel.getConfig().get(RoleLDAPFederationMapper.USE_REALM_ROLES_MAPPING);
         boolean useRealmMappings = Boolean.parseBoolean(realmMappings);

federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/UserAttributeLDAPFederationMapper.java 12(+3 -9)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/UserAttributeLDAPFederationMapper.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/UserAttributeLDAPFederationMapper.java
index c4c3029..dd139b0 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/UserAttributeLDAPFederationMapper.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/UserAttributeLDAPFederationMapper.java
@@ -1,18 +1,13 @@
 package org.keycloak.federation.ldap.mappers;
 
-import java.io.Serializable;
 import java.lang.reflect.Method;
-import java.util.List;
 import java.util.Map;
 
 import org.keycloak.federation.ldap.LDAPFederationProvider;
-import org.keycloak.federation.ldap.LDAPUtils;
 import org.keycloak.federation.ldap.idm.model.LDAPObject;
 import org.keycloak.federation.ldap.idm.query.Condition;
 import org.keycloak.federation.ldap.idm.query.QueryParameter;
 import org.keycloak.federation.ldap.idm.query.internal.LDAPIdentityQuery;
-import org.keycloak.mappers.UserFederationMapper;
-import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserFederationMapperModel;
 import org.keycloak.models.UserFederationProvider;
@@ -20,7 +15,6 @@ import org.keycloak.models.UserModel;
 import org.keycloak.models.utils.reflection.Property;
 import org.keycloak.models.utils.reflection.PropertyCriteria;
 import org.keycloak.models.utils.reflection.PropertyQueries;
-import org.keycloak.provider.ProviderConfigProperty;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@@ -55,7 +49,7 @@ public class UserAttributeLDAPFederationMapper extends AbstractLDAPFederationMap
         String ldapAttrName = mapperModel.getConfig().get(LDAP_ATTRIBUTE);
 
         Object ldapAttrValue = ldapUser.getAttribute(ldapAttrName);
-        if (ldapAttrValue != null) {
+        if (ldapAttrValue != null && !ldapAttrValue.toString().trim().isEmpty()) {
             Property<Object> userModelProperty = userModelProperties.get(userModelAttrName);
 
             if (userModelProperty != null) {
@@ -124,7 +118,7 @@ public class UserAttributeLDAPFederationMapper extends AbstractLDAPFederationMap
                 }
 
                 protected void setLDAPAttribute(String modelAttrName, String value) {
-                    if (modelAttrName.equals(userModelAttrName)) {
+                    if (modelAttrName.equalsIgnoreCase(userModelAttrName)) {
                         if (logger.isTraceEnabled()) {
                             logger.tracef("Pushing user attribute to LDAP. Model attribute name: %s, LDAP attribute name: %s, Attribute value: %s", modelAttrName, ldapAttrName, value);
                         }
@@ -157,7 +151,7 @@ public class UserAttributeLDAPFederationMapper extends AbstractLDAPFederationMap
         // Change conditions and use ldapAttribute instead of userModel
         for (Condition condition : query.getConditions()) {
             QueryParameter param = condition.getParameter();
-            if (param != null && param.getName().equals(userModelAttrName)) {
+            if (param != null && param.getName().equalsIgnoreCase(userModelAttrName)) {
                 param.setName(ldapAttrName);
             }
         }

federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/UserAttributeLDAPFederationMapperFactory.java 2(+1 -1)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/UserAttributeLDAPFederationMapperFactory.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/UserAttributeLDAPFederationMapperFactory.java
index c0b9d79..90dd21a 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/UserAttributeLDAPFederationMapperFactory.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/UserAttributeLDAPFederationMapperFactory.java
@@ -48,7 +48,7 @@ public class UserAttributeLDAPFederationMapperFactory extends AbstractLDAPFedera
     }
 
     @Override
-    public List<ProviderConfigProperty> getConfigProperties(RealmModel realm) {
+    public List<ProviderConfigProperty> getConfigProperties() {
         return configProperties;
     }

forms/account-api/src/main/java/org/keycloak/account/AccountSpi.java 2(+1 -1)

diff --git a/forms/account-api/src/main/java/org/keycloak/account/AccountSpi.java b/forms/account-api/src/main/java/org/keycloak/account/AccountSpi.java
index 2c9843e..3d2072a 100644
--- a/forms/account-api/src/main/java/org/keycloak/account/AccountSpi.java
+++ b/forms/account-api/src/main/java/org/keycloak/account/AccountSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class AccountSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountBean.java 2(+1 -1)

diff --git a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountBean.java b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountBean.java
index 242225b..2032370 100755
--- a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountBean.java
+++ b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountBean.java
@@ -38,7 +38,7 @@ public class AccountBean {
     }
 
     public String getUsername() {
-        return user.getUsername();
+        return profileFormData != null ? profileFormData.getFirst("username") : user.getUsername();
     }
 
     public String getEmail() {

forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountFederatedIdentityBean.java 57(+52 -5)

diff --git a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountFederatedIdentityBean.java b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountFederatedIdentityBean.java
index 1c779ba..1f0290d 100755
--- a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountFederatedIdentityBean.java
+++ b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountFederatedIdentityBean.java
@@ -9,13 +9,17 @@ import org.keycloak.services.resources.AccountService;
 import org.keycloak.services.Urls;
 
 import javax.ws.rs.core.UriBuilder;
+
 import java.net.URI;
+import java.util.Comparator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Set;
+import java.util.TreeSet;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ * @author <a href="mailto:velias@redhat.com">Vlastimil Elias</a>
  */
 public class AccountFederatedIdentityBean {
 
@@ -26,11 +30,11 @@ public class AccountFederatedIdentityBean {
     public AccountFederatedIdentityBean(KeycloakSession session, RealmModel realm, UserModel user, URI baseUri, String stateChecker) {
         this.session = session;
         URI accountIdentityUpdateUri = Urls.accountFederatedIdentityUpdate(baseUri, realm.getName());
-        this.identities = new LinkedList<FederatedIdentityEntry>();
 
         List<IdentityProviderModel> identityProviders = realm.getIdentityProviders();
         Set<FederatedIdentityModel> identities = session.users().getFederatedIdentities(user, realm);
 
+        Set<FederatedIdentityEntry> orderedSet = new TreeSet<>(IdentityProviderComparator.INSTANCE);       
         int availableIdentities = 0;
         if (identityProviders != null && !identityProviders.isEmpty()) {
             for (IdentityProviderModel provider : identityProviders) {
@@ -49,10 +53,13 @@ public class AccountFederatedIdentityBean {
                         .queryParam("stateChecker", stateChecker)
                         .build().toString();
 
-                FederatedIdentityEntry entry = new FederatedIdentityEntry(identity, provider.getAlias(), provider.getAlias(), actionUrl);
-                this.identities.add(entry);
+                FederatedIdentityEntry entry = new FederatedIdentityEntry(identity, provider.getAlias(), provider.getAlias(), actionUrl,
+                		  															provider.getConfig() != null ? provider.getConfig().get("guiOrder") : null);
+                orderedSet.add(entry);
             }
         }
+        
+        this.identities = new LinkedList<FederatedIdentityEntry>(orderedSet); 
 
         // Removing last social provider is not possible if you don't have other possibility to authenticate
         this.removeLinkPossible = availableIdentities > 1 || user.getFederationLink() != null || AccountService.isPasswordSet(user);
@@ -81,13 +88,15 @@ public class AccountFederatedIdentityBean {
         private final String providerId;
 		private final String providerName;
         private final String actionUrl;
+        private final String guiOrder;
 
-		public FederatedIdentityEntry(FederatedIdentityModel federatedIdentityModel, String providerId, String providerName, String actionUrl
+		public FederatedIdentityEntry(FederatedIdentityModel federatedIdentityModel, String providerId, String providerName, String actionUrl, String guiOrder
 				) {
             this.federatedIdentityModel = federatedIdentityModel;
             this.providerId = providerId;
             this.providerName = providerName;
             this.actionUrl = actionUrl;
+            this.guiOrder = guiOrder;
         }
 
         public String getProviderId() {
@@ -113,5 +122,43 @@ public class AccountFederatedIdentityBean {
         public String getActionUrl() {
             return actionUrl;
         }
+        
+        public String getGuiOrder() {
+            return guiOrder;
+        }
     }
-}
+    
+	public static class IdentityProviderComparator implements Comparator<FederatedIdentityEntry> {
+
+		public static IdentityProviderComparator INSTANCE = new IdentityProviderComparator();
+
+		private IdentityProviderComparator() {
+
+		}
+
+		@Override
+		public int compare(FederatedIdentityEntry o1, FederatedIdentityEntry o2) {
+
+			int o1order = parseOrder(o1);
+			int o2order = parseOrder(o2);
+
+			if (o1order > o2order)
+				return 1;
+			else if (o1order < o2order)
+				return -1;
+
+			return 1;
+		}
+
+		private int parseOrder(FederatedIdentityEntry ip) {
+			if (ip != null && ip.getGuiOrder() != null) {
+				try {
+					return Integer.parseInt(ip.getGuiOrder());
+				} catch (NumberFormatException e) {
+					// ignore it and use defaulr
+				}
+			}
+			return 10000;
+		}
+	}
+}
\ No newline at end of file

forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/RealmBean.java 4(+4 -0)

diff --git a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/RealmBean.java b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/RealmBean.java
index b0a5eb4..05a84c9 100755
--- a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/RealmBean.java
+++ b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/RealmBean.java
@@ -46,4 +46,8 @@ public class RealmBean {
         return realm.getSupportedLocales();
     }
 
+    public boolean isEditUsernameAllowed() {
+        return realm.isEditUsernameAllowed();
+    }
+
 }

forms/common-freemarker/src/main/java/org/keycloak/freemarker/ThemeSpi.java 2(+1 -1)

diff --git a/forms/common-freemarker/src/main/java/org/keycloak/freemarker/ThemeSpi.java b/forms/common-freemarker/src/main/java/org/keycloak/freemarker/ThemeSpi.java
index 94db863..9e97cb9 100644
--- a/forms/common-freemarker/src/main/java/org/keycloak/freemarker/ThemeSpi.java
+++ b/forms/common-freemarker/src/main/java/org/keycloak/freemarker/ThemeSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class ThemeSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

forms/common-themes/src/main/resources/theme/base/account/account.ftl 8(+4 -4)

diff --git a/forms/common-themes/src/main/resources/theme/base/account/account.ftl b/forms/common-themes/src/main/resources/theme/base/account/account.ftl
index 7c349df..d2a6af1 100755
--- a/forms/common-themes/src/main/resources/theme/base/account/account.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/account/account.ftl
@@ -16,11 +16,11 @@
 
         <div class="form-group ${messagesPerField.printIfExists('username','has-error')}">
             <div class="col-sm-2 col-md-2">
-                <label for="username" class="control-label">${msg("username")}</label>
+                <label for="username" class="control-label">${msg("username")}</label> <#if realm.editUsernameAllowed><span class="required">*</span></#if>
             </div>
 
             <div class="col-sm-10 col-md-10">
-                <input type="text" class="form-control" id="username" name="username" disabled="disabled" value="${(account.username!'')?html}"/>
+                <input type="text" class="form-control" id="username" name="username" <#if !realm.editUsernameAllowed>disabled="disabled"</#if> value="${(account.username!'')?html}"/>
             </div>
         </div>
 
@@ -104,8 +104,8 @@
             <div id="kc-form-buttons" class="col-md-offset-2 col-md-10 submit">
                 <div class="">
                     <#if url.referrerURI??><a href="${url.referrerURI}">${msg("backToApplication")}/a></#if>
-                    <button type="submit" class="btn btn-primary btn-lg" name="submitAction" value="Save">${msg("doSave")}</button>
-                    <button type="submit" class="btn btn-default btn-lg" name="submitAction" value="Cancel">${msg("doCancel")}</button>
+                    <button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Save">${msg("doSave")}</button>
+                    <button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Cancel">${msg("doCancel")}</button>
                 </div>
             </div>
         </div>

forms/common-themes/src/main/resources/theme/base/account/applications.ftl 2(+1 -1)

diff --git a/forms/common-themes/src/main/resources/theme/base/account/applications.ftl b/forms/common-themes/src/main/resources/theme/base/account/applications.ftl
index 78bde00..27b916b 100755
--- a/forms/common-themes/src/main/resources/theme/base/account/applications.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/account/applications.ftl
@@ -77,7 +77,7 @@
 
                     <td>
                         <#if application.client.consentRequired>
-                            <button type='submit' class='btn btn-primary' id='revoke-${application.client.clientId}' name='clientId' value="${application.client.id}">${msg("revoke")}</button>
+                            <button type='submit' class='${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!}' id='revoke-${application.client.clientId}' name='clientId' value="${application.client.id}">${msg("revoke")}</button>
                         </#if>
                     </td>
                 </tr>

forms/common-themes/src/main/resources/theme/base/account/federatedIdentity.ftl 4(+2 -2)

diff --git a/forms/common-themes/src/main/resources/theme/base/account/federatedIdentity.ftl b/forms/common-themes/src/main/resources/theme/base/account/federatedIdentity.ftl
index a9cf321..3a18805 100755
--- a/forms/common-themes/src/main/resources/theme/base/account/federatedIdentity.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/account/federatedIdentity.ftl
@@ -19,10 +19,10 @@
                 <div class="col-sm-5 col-md-5">
                     <#if identity.connected>
                         <#if federatedIdentity.removeLinkPossible>
-                            <a href="${identity.actionUrl}" type="submit" id="remove-${identity.providerId!}" class="btn btn-primary btn-lg">${msg("doRemove")}</a>
+                            <a href="${identity.actionUrl}" type="submit" id="remove-${identity.providerId!}" class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}">${msg("doRemove")}</a>
                         </#if>
                     <#else>
-                        <a href="${identity.actionUrl}" type="submit" id="add-${identity.providerId!}" class="btn btn-primary btn-lg">${msg("doAdd")}</a>
+                        <a href="${identity.actionUrl}" type="submit" id="add-${identity.providerId!}" class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}">${msg("doAdd")}</a>
                     </#if>
                 </div>
             </div>

forms/common-themes/src/main/resources/theme/base/account/messages/messages_de.properties 2(+1 -1)

diff --git a/forms/common-themes/src/main/resources/theme/base/account/messages/messages_de.properties b/forms/common-themes/src/main/resources/theme/base/account/messages/messages_de.properties
index add9daa..ad3f459 100644
--- a/forms/common-themes/src/main/resources/theme/base/account/messages/messages_de.properties
+++ b/forms/common-themes/src/main/resources/theme/base/account/messages/messages_de.properties
@@ -80,7 +80,7 @@ totpStep1=Installieren Sie <a href="https://fedorahosted.org/freeotp/" target="_
 totpStep2=\u00D6ffnen Sie die Applikation und scannen Sie den Barcode oder geben sie den Code ein.
 totpStep3=Geben Sie den One-time Code welcher die Applikation generiert hat ein und klicken Sie auf Speichern.
 
-
+missingUsernameMessage=Bitte geben Sie einen Benutzernamen ein.
 missingFirstNameMessage=Bitte geben Sie einen Vornamen ein.
 missingEmailMessage=Bitte geben Sie eine E-Mail Adresse ein.
 missingLastNameMessage=Bitte geben Sie einen Nachnamen ein.

forms/common-themes/src/main/resources/theme/base/account/messages/messages_en.properties 1(+1 -0)

diff --git a/forms/common-themes/src/main/resources/theme/base/account/messages/messages_en.properties b/forms/common-themes/src/main/resources/theme/base/account/messages/messages_en.properties
index 7eb971b..f783b49 100755
--- a/forms/common-themes/src/main/resources/theme/base/account/messages/messages_en.properties
+++ b/forms/common-themes/src/main/resources/theme/base/account/messages/messages_en.properties
@@ -96,6 +96,7 @@ totpStep1=Install <a href="https://fedorahosted.org/freeotp/" target="_blank">Fr
 totpStep2=Open the application and scan the barcode or enter the key.
 totpStep3=Enter the one-time code provided by the application and click Save to finish the setup.
 
+missingUsernameMessage=Please specify username.
 missingFirstNameMessage=Please specify first name.
 invalidEmailMessage=Invalid email address.
 missingLastNameMessage=Please specify last name.

forms/common-themes/src/main/resources/theme/base/account/password.ftl 4(+2 -2)

diff --git a/forms/common-themes/src/main/resources/theme/base/account/password.ftl b/forms/common-themes/src/main/resources/theme/base/account/password.ftl
index 40acc6e..abea25d 100755
--- a/forms/common-themes/src/main/resources/theme/base/account/password.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/account/password.ftl
@@ -48,8 +48,8 @@
         <div class="form-group">
             <div id="kc-form-buttons" class="col-md-offset-2 col-md-10 submit">
                 <div class="">
-                    <button type="submit" class="btn btn-primary btn-lg" name="submitAction" value="Save">${msg("doSave")}</button>
-                    <button type="submit" class="btn btn-default btn-lg" name="submitAction" value="Cancel">${msg("doCancel")}</button>
+                    <button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Save">${msg("doSave")}</button>
+                    <button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Cancel">${msg("doCancel")}</button>
                 </div>
             </div>
         </div>

forms/common-themes/src/main/resources/theme/base/account/totp.ftl 4(+2 -2)

diff --git a/forms/common-themes/src/main/resources/theme/base/account/totp.ftl b/forms/common-themes/src/main/resources/theme/base/account/totp.ftl
index 9602100..4791992 100755
--- a/forms/common-themes/src/main/resources/theme/base/account/totp.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/account/totp.ftl
@@ -56,8 +56,8 @@
             <div class="form-group">
                 <div id="kc-form-buttons" class="col-md-offset-2 col-md-10 submit">
                     <div class="">
-                        <button type="submit" class="btn btn-primary btn-lg" name="submitAction" value="Save">${msg("doSave")}</button>
-                        <button type="submit" class="btn btn-default btn-lg" name="submitAction" value="Cancel">${msg("doCancel")}</button>
+                        <button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Save">${msg("doSave")}</button>
+                        <button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Cancel">${msg("doCancel")}</button>
                     </div>
                 </div>
             </div>

forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js 8(+7 -1)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
index 7a0ae1a..cc3092f 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
@@ -984,7 +984,10 @@ module.config([ '$routeProvider', function($routeProvider) {
                 },
                 mapper : function(UserFederationMapperLoader) {
                     return UserFederationMapperLoader();
-                }
+                },
+                clients : function(ClientListLoader) {
+                    return ClientListLoader();
+                },
             },
             controller : 'UserFederationMapperCtrl'
         })
@@ -1000,6 +1003,9 @@ module.config([ '$routeProvider', function($routeProvider) {
                 mapperTypes : function(UserFederationMapperTypesLoader) {
                     return UserFederationMapperTypesLoader();
                 },
+                clients : function(ClientListLoader) {
+                    return ClientListLoader();
+                }
             },
             controller : 'UserFederationMapperCreateCtrl'
         })

forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js 14(+7 -7)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
index 8108df9..d5c7226 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
@@ -230,7 +230,7 @@ module.controller('ClientCertificateImportCtrl', function($scope, $location, $ht
         for (var i = 0; i < $scope.files.length; i++) {
             var $file = $scope.files[i];
             $scope.upload = $upload.upload({
-                url: authUrl + '/admin/realms/' + realm.realm + '/clients-by-id/' + client.id + '/certificates/' + attribute + '/upload',
+                url: authUrl + '/admin/realms/' + realm.realm + '/clients/' + client.id + '/certificates/' + attribute + '/upload',
                 // method: POST or PUT,
                 // headers: {'headerKey': 'headerValue'}, withCredential: true,
                 data: {keystoreFormat: $scope.uploadKeyFormat,
@@ -290,7 +290,7 @@ module.controller('ClientCertificateExportCtrl', function($scope, $location, $ht
 
     $scope.download = function() {
         $http({
-            url: authUrl + '/admin/realms/' + realm.realm + '/clients-by-id/' + client.id + '/certificates/' + attribute + '/download',
+            url: authUrl + '/admin/realms/' + realm.realm + '/clients/' + client.id + '/certificates/' + attribute + '/download',
             method: 'POST',
             responseType: 'arraybuffer',
             data: $scope.jks,
@@ -906,7 +906,7 @@ module.controller('ClientScopeMappingCtrl', function($scope, $http, realm, clien
     };
 
     $scope.addRealmRole = function() {
-        $http.post(authUrl + '/admin/realms/' + realm.realm + '/clients-by-id/' + client.id + '/scope-mappings/realm',
+        $http.post(authUrl + '/admin/realms/' + realm.realm + '/clients/' + client.id + '/scope-mappings/realm',
                 $scope.selectedRealmRoles).success(function() {
                 updateRealmRoles();
                 Notifications.success("Scope mappings updated.");
@@ -914,7 +914,7 @@ module.controller('ClientScopeMappingCtrl', function($scope, $http, realm, clien
     };
 
     $scope.deleteRealmRole = function() {
-        $http.delete(authUrl + '/admin/realms/' + realm.realm + '/clients-by-id/' + client.id +  '/scope-mappings/realm',
+        $http.delete(authUrl + '/admin/realms/' + realm.realm + '/clients/' + client.id +  '/scope-mappings/realm',
             {data : $scope.selectedRealmMappings, headers : {"content-type" : "application/json"}}).success(function () {
                 updateRealmRoles();
                 Notifications.success("Scope mappings updated.");
@@ -922,7 +922,7 @@ module.controller('ClientScopeMappingCtrl', function($scope, $http, realm, clien
     };
 
     $scope.addClientRole = function() {
-        $http.post(authUrl + '/admin/realms/' + realm.realm + '/clients-by-id/' + client.id +  '/scope-mappings/clients-by-id/' + $scope.targetClient.id,
+        $http.post(authUrl + '/admin/realms/' + realm.realm + '/clients/' + client.id +  '/scope-mappings/clients/' + $scope.targetClient.id,
                 $scope.selectedClientRoles).success(function () {
                 updateClientRoles();
                 Notifications.success("Scope mappings updated.");
@@ -930,7 +930,7 @@ module.controller('ClientScopeMappingCtrl', function($scope, $http, realm, clien
     };
 
     $scope.deleteClientRole = function() {
-        $http.delete(authUrl + '/admin/realms/' + realm.realm + '/clients-by-id/' + client.id +  '/scope-mappings/clients-by-id/' + $scope.targetClient.id,
+        $http.delete(authUrl + '/admin/realms/' + realm.realm + '/clients/' + client.id +  '/scope-mappings/clients/' + $scope.targetClient.id,
             {data : $scope.selectedClientMappings, headers : {"content-type" : "application/json"}}).success(function () {
                 updateClientRoles();
                 Notifications.success("Scope mappings updated.");
@@ -1151,7 +1151,7 @@ module.controller('AddBuiltinProtocolMapperCtrl', function($scope, realm, client
                 toAdd.push($scope.mappers[i]);
             }
         }
-        $http.post(authUrl + '/admin/realms/' + realm.realm + '/clients-by-id/' + client.id + '/protocol-mappers/add-models',
+        $http.post(authUrl + '/admin/realms/' + realm.realm + '/clients/' + client.id + '/protocol-mappers/add-models',
                    toAdd).success(function() {
                 Notifications.success("Mappers added");
                 $location.url('/realms/' + realm.realm + '/clients/' + client.id +  '/mappers');

forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js 6(+3 -3)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
index f60e20e..53ad7ae 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
@@ -597,7 +597,7 @@ module.controller('RealmIdentityProviderCtrl', function($scope, $filter, $upload
         if (instance && instance.alias) {
 
         } else {
-            $scope.identityProvider.updateProfileFirstLogin = false;
+            $scope.identityProvider.updateProfileFirstLoginMode = "on";
         }
 
     };
@@ -645,7 +645,7 @@ module.controller('RealmIdentityProviderCtrl', function($scope, $filter, $upload
 
         } else {
             $scope.identityProvider.config.nameIDPolicyFormat = $scope.nameIdFormats[0].format;
-            $scope.identityProvider.updateProfileFirstLogin = false;
+            $scope.identityProvider.updateProfileFirstLoginMode = "off";
         }
     }
 
@@ -663,7 +663,7 @@ module.controller('RealmIdentityProviderCtrl', function($scope, $filter, $upload
         $scope.identityProvider.alias = providerFactory.id;
         $scope.identityProvider.providerId = providerFactory.id;
         $scope.identityProvider.enabled = true;
-        $scope.identityProvider.updateProfileFirstLogin = false;
+        $scope.identityProvider.updateProfileFirstLoginMode = "off";
         $scope.identityProvider.authenticateByDefault = false;
         $scope.newIdentityProvider = true;
     }

forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js 118(+69 -49)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js
index bc723f3..92e5db2 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js
@@ -14,23 +14,23 @@ module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, cl
     $scope.clientMappings = [];
     $scope.dummymodel = [];
 
-    $scope.realmMappings = RealmRoleMapping.query({realm : realm.realm, userId : user.username});
-    $scope.realmRoles = AvailableRealmRoleMapping.query({realm : realm.realm, userId : user.username});
-    $scope.realmComposite = CompositeRealmRoleMapping.query({realm : realm.realm, userId : user.username});
+    $scope.realmMappings = RealmRoleMapping.query({realm : realm.realm, userId : user.id});
+    $scope.realmRoles = AvailableRealmRoleMapping.query({realm : realm.realm, userId : user.id});
+    $scope.realmComposite = CompositeRealmRoleMapping.query({realm : realm.realm, userId : user.id});
 
     $scope.addRealmRole = function() {
-        $http.post(authUrl + '/admin/realms/' + realm.realm + '/users/' + user.username + '/role-mappings/realm',
+        $http.post(authUrl + '/admin/realms/' + realm.realm + '/users/' + user.id + '/role-mappings/realm',
                 $scope.selectedRealmRoles).success(function() {
-                $scope.realmMappings = RealmRoleMapping.query({realm : realm.realm, userId : user.username});
-                $scope.realmRoles = AvailableRealmRoleMapping.query({realm : realm.realm, userId : user.username});
-                $scope.realmComposite = CompositeRealmRoleMapping.query({realm : realm.realm, userId : user.username});
+                $scope.realmMappings = RealmRoleMapping.query({realm : realm.realm, userId : user.id});
+                $scope.realmRoles = AvailableRealmRoleMapping.query({realm : realm.realm, userId : user.id});
+                $scope.realmComposite = CompositeRealmRoleMapping.query({realm : realm.realm, userId : user.id});
                 $scope.selectedRealmMappings = [];
                 $scope.selectRealmRoles = [];
                 if ($scope.client) {
                     console.log('load available');
-                    $scope.clientComposite = CompositeClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
-                    $scope.clientRoles = AvailableClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
-                    $scope.clientMappings = ClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
+                    $scope.clientComposite = CompositeClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
+                    $scope.clientRoles = AvailableClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
+                    $scope.clientMappings = ClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
                     $scope.selectedClientRoles = [];
                     $scope.selectedClientMappings = [];
                 }
@@ -40,18 +40,18 @@ module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, cl
     };
 
     $scope.deleteRealmRole = function() {
-        $http.delete(authUrl + '/admin/realms/' + realm.realm + '/users/' + user.username + '/role-mappings/realm',
+        $http.delete(authUrl + '/admin/realms/' + realm.realm + '/users/' + user.id + '/role-mappings/realm',
             {data : $scope.selectedRealmMappings, headers : {"content-type" : "application/json"}}).success(function() {
-                $scope.realmMappings = RealmRoleMapping.query({realm : realm.realm, userId : user.username});
-                $scope.realmRoles = AvailableRealmRoleMapping.query({realm : realm.realm, userId : user.username});
-                $scope.realmComposite = CompositeRealmRoleMapping.query({realm : realm.realm, userId : user.username});
+                $scope.realmMappings = RealmRoleMapping.query({realm : realm.realm, userId : user.id});
+                $scope.realmRoles = AvailableRealmRoleMapping.query({realm : realm.realm, userId : user.id});
+                $scope.realmComposite = CompositeRealmRoleMapping.query({realm : realm.realm, userId : user.id});
                 $scope.selectedRealmMappings = [];
                 $scope.selectRealmRoles = [];
                 if ($scope.client) {
                     console.log('load available');
-                    $scope.clientComposite = CompositeClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
-                    $scope.clientRoles = AvailableClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
-                    $scope.clientMappings = ClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
+                    $scope.clientComposite = CompositeClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
+                    $scope.clientRoles = AvailableClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
+                    $scope.clientMappings = ClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
                     $scope.selectedClientRoles = [];
                     $scope.selectedClientMappings = [];
                 }
@@ -60,11 +60,11 @@ module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, cl
     };
 
     $scope.addClientRole = function() {
-        $http.post(authUrl + '/admin/realms/' + realm.realm + '/users/' + user.username + '/role-mappings/clients-by-id/' + $scope.client.id,
+        $http.post(authUrl + '/admin/realms/' + realm.realm + '/users/' + user.id + '/role-mappings/clients/' + $scope.client.id,
                 $scope.selectedClientRoles).success(function() {
-                $scope.clientMappings = ClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
-                $scope.clientRoles = AvailableClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
-                $scope.clientComposite = CompositeClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
+                $scope.clientMappings = ClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
+                $scope.clientRoles = AvailableClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
+                $scope.clientComposite = CompositeClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
                 $scope.selectedClientRoles = [];
                 $scope.selectedClientMappings = [];
                 Notifications.success("Role mappings updated.");
@@ -72,11 +72,11 @@ module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, cl
     };
 
     $scope.deleteClientRole = function() {
-        $http.delete(authUrl + '/admin/realms/' + realm.realm + '/users/' + user.username + '/role-mappings/clients-by-id/' + $scope.client.id,
+        $http.delete(authUrl + '/admin/realms/' + realm.realm + '/users/' + user.id + '/role-mappings/clients/' + $scope.client.id,
             {data : $scope.selectedClientMappings, headers : {"content-type" : "application/json"}}).success(function() {
-                $scope.clientMappings = ClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
-                $scope.clientRoles = AvailableClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
-                $scope.clientComposite = CompositeClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
+                $scope.clientMappings = ClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
+                $scope.clientRoles = AvailableClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
+                $scope.clientComposite = CompositeClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
                 $scope.selectedClientRoles = [];
                 $scope.selectedClientMappings = [];
                 Notifications.success("Role mappings updated.");
@@ -88,9 +88,9 @@ module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, cl
         console.log('changeClient');
         if ($scope.client) {
             console.log('load available');
-            $scope.clientComposite = CompositeClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
-            $scope.clientRoles = AvailableClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
-            $scope.clientMappings = ClientRoleMapping.query({realm : realm.realm, userId : user.username, client : $scope.client.id});
+            $scope.clientComposite = CompositeClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
+            $scope.clientRoles = AvailableClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
+            $scope.clientMappings = ClientRoleMapping.query({realm : realm.realm, userId : user.id, client : $scope.client.id});
         } else {
             $scope.clientRoles = null;
             $scope.clientMappings = null;
@@ -110,9 +110,9 @@ module.controller('UserSessionsCtrl', function($scope, realm, user, sessions, Us
     $scope.sessions = sessions;
 
     $scope.logoutAll = function() {
-        UserLogout.save({realm : realm.realm, user: user.username}, function () {
+        UserLogout.save({realm : realm.realm, user: user.id}, function () {
             Notifications.success('Logged out user in all clients');
-            UserSessions.query({realm: realm.realm, user: user.username}, function(updated) {
+            UserSessions.query({realm: realm.realm, user: user.id}, function(updated) {
                 $scope.sessions = updated;
             })
         });
@@ -121,7 +121,7 @@ module.controller('UserSessionsCtrl', function($scope, realm, user, sessions, Us
     $scope.logoutSession = function(sessionId) {
         console.log('here in logoutSession');
         UserSessionLogout.delete({realm : realm.realm, session: sessionId}, function() {
-            UserSessions.query({realm: realm.realm, user: user.username}, function(updated) {
+            UserSessions.query({realm: realm.realm, user: user.id}, function(updated) {
                 $scope.sessions = updated;
                 Notifications.success('Logged out session');
             })
@@ -141,8 +141,8 @@ module.controller('UserConsentsCtrl', function($scope, realm, user, userConsents
     $scope.userConsents = userConsents;
 
     $scope.revokeConsent = function(clientId) {
-        UserConsents.delete({realm : realm.realm, user: user.username, client: clientId }, function () {
-            UserConsents.query({realm: realm.realm, user: user.username}, function(updated) {
+        UserConsents.delete({realm : realm.realm, user: user.id, client: clientId }, function () {
+            UserConsents.query({realm: realm.realm, user: user.id}, function(updated) {
                 $scope.userConsents = updated;
             })
             Notifications.success('Consent revoked successfully');
@@ -197,7 +197,8 @@ module.controller('UserListCtrl', function($scope, realm, User) {
 
 module.controller('UserDetailCtrl', function($scope, realm, user, User, UserFederationInstances, $location, Dialog, Notifications) {
     $scope.realm = realm;
-    $scope.create = !user.username;
+    $scope.create = !user.id;
+    $scope.editUsername = $scope.create || $scope.realm.editUsernameAllowed;
 
     if ($scope.create) {
         $scope.user = { enabled: true, attributes: {} }
@@ -237,17 +238,24 @@ module.controller('UserDetailCtrl', function($scope, realm, user, User, UserFede
         if ($scope.create) {
             User.save({
                 realm: realm.realm
-            }, $scope.user, function () {
+            }, $scope.user, function (data, headers) {
                 $scope.changed = false;
                 user = angular.copy($scope.user);
 
-                $location.url("/realms/" + realm.realm + "/users/" + $scope.user.username);
+                var l = headers().location;
+
+                console.debug("Location == " + l);
+
+                var id = l.substring(l.lastIndexOf("/") + 1);
+
+
+                $location.url("/realms/" + realm.realm + "/users/" + id);
                 Notifications.success("The user has been created.");
             });
         } else {
             User.update({
                 realm: realm.realm,
-                userId: $scope.user.username
+                userId: $scope.user.id
             }, $scope.user, function () {
                 $scope.changed = false;
                 user = angular.copy($scope.user);
@@ -266,10 +274,10 @@ module.controller('UserDetailCtrl', function($scope, realm, user, User, UserFede
     };
 
     $scope.remove = function() {
-        Dialog.confirmDelete($scope.user.username, 'user', function() {
+        Dialog.confirmDelete($scope.user.id, 'user', function() {
             $scope.user.$remove({
                 realm : realm.realm,
-                userId : $scope.user.username
+                userId : $scope.user.id
             }, function() {
                 $location.url("/realms/" + realm.realm + "/users");
                 Notifications.success("The user has been deleted.");
@@ -304,7 +312,7 @@ module.controller('UserCredentialsCtrl', function($scope, realm, user, User, Use
         var msg = 'Are you sure you want to change the users password?';
 
         Dialog.confirm(msgTitle, msg, function() {
-            UserCredentials.resetPassword({ realm: realm.realm, userId: user.username }, { type : "password", value : $scope.password, temporary: $scope.temporaryPassword }, function() {
+            UserCredentials.resetPassword({ realm: realm.realm, userId: user.id }, { type : "password", value : $scope.password, temporary: $scope.temporaryPassword }, function() {
                 Notifications.success("The password has been reset");
                 $scope.password = null;
                 $scope.confirmPassword = null;
@@ -323,7 +331,7 @@ module.controller('UserCredentialsCtrl', function($scope, realm, user, User, Use
 
     $scope.removeTotp = function() {
         Dialog.confirm('Remove totp', 'Are you sure you want to remove the users totp configuration?', function() {
-            UserCredentials.removeTotp({ realm: realm.realm, userId: user.username }, { }, function() {
+            UserCredentials.removeTotp({ realm: realm.realm, userId: user.id }, { }, function() {
                 Notifications.success("The users totp configuration has been removed");
                 $scope.user.totp = false;
             }, function() {
@@ -334,7 +342,7 @@ module.controller('UserCredentialsCtrl', function($scope, realm, user, User, Use
 
     $scope.resetPasswordEmail = function() {
         Dialog.confirm('Reset password email', 'Are you sure you want to send password reset email to user?', function() {
-            UserCredentials.resetPasswordEmail({ realm: realm.realm, userId: user.username }, { }, function() {
+            UserCredentials.resetPasswordEmail({ realm: realm.realm, userId: user.id }, { }, function() {
                 Notifications.success("Password reset email sent to user");
             }, function() {
                 Notifications.error("Failed to send password reset mail to user");
@@ -541,6 +549,7 @@ module.controller('LDAPCtrl', function($scope, $location, $route, Notifications,
             instance.config.debug = false;
             instance.config.useKerberosForPasswordAuthentication = false;
 
+            instance.config.authType = 'simple';
             instance.config.batchSizeForSync = DEFAULT_BATCH_SIZE;
             instance.config.searchScope = "1";
 
@@ -556,12 +565,16 @@ module.controller('LDAPCtrl', function($scope, $location, $route, Notifications,
             instance.config.debug = (instance.config.debug === 'true' || instance.config.debug === true);
             instance.config.useKerberosForPasswordAuthentication = (instance.config.useKerberosForPasswordAuthentication === 'true' || instance.config.useKerberosForPasswordAuthentication === true);
 
+            if (!instance.config.authType) {
+                instance.config.authType = 'simple';
+            }
             if (!instance.config.batchSizeForSync) {
                 instance.config.batchSizeForSync = DEFAULT_BATCH_SIZE;
             }
             if (!instance.config.searchScope) {
-                instance.config.searchScope = "1";
+                instance.config.searchScope = '1';
             }
+
             $scope.fullSyncEnabled = (instance.fullSyncPeriod && instance.fullSyncPeriod > 0);
             $scope.changedSyncEnabled = (instance.changedSyncPeriod && instance.changedSyncPeriod > 0);
         }
@@ -581,6 +594,11 @@ module.controller('LDAPCtrl', function($scope, $location, $route, Notifications,
         { "id": "other", "name": "Other" }
     ];
 
+    $scope.authTypes = [
+        { "id": "none", "name": "none" },
+        { "id": "simple", "name": "simple" }
+    ];
+
     $scope.searchScopes = [
         { "id": "1", "name": "One Level" },
         { "id": "2", "name": "Subtree" }
@@ -754,10 +772,11 @@ module.controller('UserFederationMapperListCtrl', function($scope, $location, No
 
 });
 
-module.controller('UserFederationMapperCtrl', function($scope, realm,  provider, mapperTypes, mapper, UserFederationMapper, Notifications, Dialog, $location) {
+module.controller('UserFederationMapperCtrl', function($scope, realm,  provider, mapperTypes, mapper, clients, UserFederationMapper, Notifications, Dialog, $location) {
     console.log('UserFederationMapperCtrl');
     $scope.realm = realm;
     $scope.provider = provider;
+    $scope.clients = clients;
     $scope.create = false;
     $scope.mapper = angular.copy(mapper);
     $scope.changed = false;
@@ -780,10 +799,10 @@ module.controller('UserFederationMapperCtrl', function($scope, realm,  provider,
             $location.url("/realms/" + realm.realm + '/user-federation/providers/' + provider.providerName + '/' + provider.id + '/mappers/' + mapper.id);
             Notifications.success("Your changes have been saved.");
         }, function(error) {
-            if (error.status == 400) {
+            if (error.status == 400 && error.data.error_description) {
                 Notifications.error('Error in configuration of mapper: ' + error.data.error_description);
             } else {
-                Notification.error('Unexpected error when creating mapper');
+                Notifications.error('Unexpected error when creating mapper');
             }
         });
     };
@@ -808,10 +827,11 @@ module.controller('UserFederationMapperCtrl', function($scope, realm,  provider,
 
 });
 
-module.controller('UserFederationMapperCreateCtrl', function($scope, realm, provider, mapperTypes, UserFederationMapper, Notifications, Dialog, $location) {
+module.controller('UserFederationMapperCreateCtrl', function($scope, realm, provider, mapperTypes, clients, UserFederationMapper, Notifications, Dialog, $location) {
     console.log('UserFederationMapperCreateCtrl');
     $scope.realm = realm;
     $scope.provider = provider;
+    $scope.clients = clients;
     $scope.create = true;
     $scope.mapper = { federationProviderDisplayName: provider.displayName, config: {}};
     $scope.mapperTypes = mapperTypes;
@@ -844,10 +864,10 @@ module.controller('UserFederationMapperCreateCtrl', function($scope, realm, prov
             $location.url('/realms/' + realm.realm +'/user-federation/providers/' + provider.providerName + '/' + provider.id + '/mappers/' + id);
             Notifications.success("Mapper has been created.");
         }, function(error) {
-            if (error.status == 400) {
+            if (error.status == 400 && error.data.error_description) {
                 Notifications.error('Error in configuration of mapper: ' + error.data.error_description);
             } else {
-                Notification.error('Unexpected error when creating mapper');
+                Notifications.error('Unexpected error when creating mapper');
             }
         });
     };

forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js 66(+33 -33)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js
index f192516..763d57f 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js
@@ -197,7 +197,7 @@ module.factory('ServerInfo', function($resource) {
 
 
 module.factory('ClientProtocolMapper', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/protocol-mappers/models/:id', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/protocol-mappers/models/:id', {
         realm : '@realm',
         client: '@client',
         id : "@id"
@@ -364,7 +364,7 @@ module.factory('AvailableRealmRoleMapping', function($resource) {
 
 
 module.factory('ClientRoleMapping', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/users/:userId/role-mappings/clients-by-id/:client', {
+    return $resource(authUrl + '/admin/realms/:realm/users/:userId/role-mappings/clients/:client', {
         realm : '@realm',
         userId : '@userId',
         client : "@client"
@@ -372,7 +372,7 @@ module.factory('ClientRoleMapping', function($resource) {
 });
 
 module.factory('AvailableClientRoleMapping', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/users/:userId/role-mappings/clients-by-id/:client/available', {
+    return $resource(authUrl + '/admin/realms/:realm/users/:userId/role-mappings/clients/:client/available', {
         realm : '@realm',
         userId : '@userId',
         client : "@client"
@@ -380,7 +380,7 @@ module.factory('AvailableClientRoleMapping', function($resource) {
 });
 
 module.factory('CompositeClientRoleMapping', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/users/:userId/role-mappings/clients-by-id/:client/composite', {
+    return $resource(authUrl + '/admin/realms/:realm/users/:userId/role-mappings/clients/:client/composite', {
         realm : '@realm',
         userId : '@userId',
         client : "@client"
@@ -388,28 +388,28 @@ module.factory('CompositeClientRoleMapping', function($resource) {
 });
 
 module.factory('ClientRealmScopeMapping', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/scope-mappings/realm', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/scope-mappings/realm', {
         realm : '@realm',
         client : '@client'
     });
 });
 
 module.factory('ClientAvailableRealmScopeMapping', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/scope-mappings/realm/available', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/scope-mappings/realm/available', {
         realm : '@realm',
         client : '@client'
     });
 });
 
 module.factory('ClientCompositeRealmScopeMapping', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/scope-mappings/realm/composite', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/scope-mappings/realm/composite', {
         realm : '@realm',
         client : '@client'
     });
 });
 
 module.factory('ClientClientScopeMapping', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/scope-mappings/clients-by-id/:targetClient', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/scope-mappings/clients/:targetClient', {
         realm : '@realm',
         client : '@client',
         targetClient : '@targetClient'
@@ -417,7 +417,7 @@ module.factory('ClientClientScopeMapping', function($resource) {
 });
 
 module.factory('ClientAvailableClientScopeMapping', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/scope-mappings/clients-by-id/:targetClient/available', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/scope-mappings/clients/:targetClient/available', {
         realm : '@realm',
         client : '@client',
         targetClient : '@targetClient'
@@ -425,7 +425,7 @@ module.factory('ClientAvailableClientScopeMapping', function($resource) {
 });
 
 module.factory('ClientCompositeClientScopeMapping', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/scope-mappings/clients-by-id/:targetClient/composite', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/scope-mappings/clients/:targetClient/composite', {
         realm : '@realm',
         client : '@client',
         targetClient : '@targetClient'
@@ -460,14 +460,14 @@ module.factory('RealmSessionStats', function($resource) {
 });
 
 module.factory('RealmClientSessionStats', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/client-by-id-session-stats', {
+    return $resource(authUrl + '/admin/realms/:realm/client-session-stats', {
         realm : '@realm'
     });
 });
 
 
 module.factory('RoleClientComposites', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/roles-by-id/:role/composites/clients-by-id/:client', {
+    return $resource(authUrl + '/admin/realms/:realm/roles-by-id/:role/composites/clients/:client', {
         realm : '@realm',
         role : '@role',
         client : "@client"
@@ -559,7 +559,7 @@ function roleControl($scope, realm, role, roles, clients,
                         $scope.realmMappings.push(role);
                     }
                 }
-                $scope.selectRealmRoles = [];
+                $scope.selectedRealmRoles = [];
             });
     };
 
@@ -670,7 +670,7 @@ module.factory('RoleById', function($resource) {
 });
 
 module.factory('ClientRole', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/roles/:role', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/roles/:role', {
         realm : '@realm',
         client : "@client",
         role : '@role'
@@ -682,7 +682,7 @@ module.factory('ClientRole', function($resource) {
 });
 
 module.factory('ClientClaims', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/claims', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/claims', {
         realm : '@realm',
         client : "@client"
     },  {
@@ -693,7 +693,7 @@ module.factory('ClientClaims', function($resource) {
 });
 
 module.factory('ClientProtocolMappersByProtocol', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/protocol-mappers/protocol/:protocol', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/protocol-mappers/protocol/:protocol', {
         realm : '@realm',
         client : "@client",
         protocol : "@protocol"
@@ -701,41 +701,41 @@ module.factory('ClientProtocolMappersByProtocol', function($resource) {
 });
 
 module.factory('ClientSessionStats', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/session-stats', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/session-stats', {
         realm : '@realm',
         client : "@client"
     });
 });
 
 module.factory('ClientSessionStatsWithUsers', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/session-stats?users=true', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/session-stats?users=true', {
         realm : '@realm',
         client : "@client"
     });
 });
 
 module.factory('ClientSessionCount', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/session-count', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/session-count', {
         realm : '@realm',
         client : "@client"
     });
 });
 
 module.factory('ClientUserSessions', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/user-sessions', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/user-sessions', {
         realm : '@realm',
         client : "@client"
     });
 });
 
 module.factory('ClientLogoutAll', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/logout-all', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/logout-all', {
         realm : '@realm',
         client : "@client"
     });
 });
 module.factory('ClientLogoutUser', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/logout-user/:user', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/logout-user/:user', {
         realm : '@realm',
         client : "@client",
         user : "@user"
@@ -748,28 +748,28 @@ module.factory('RealmLogoutAll', function($resource) {
 });
 
 module.factory('ClientPushRevocation', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/push-revocation', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/push-revocation', {
         realm : '@realm',
         client : "@client"
     });
 });
 
 module.factory('ClientClusterNode', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/nodes/:node', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/nodes/:node', {
         realm : '@realm',
         client : "@client"
     });
 });
 
 module.factory('ClientTestNodesAvailable', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/test-nodes-available', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/test-nodes-available', {
         realm : '@realm',
         client : "@client"
     });
 });
 
 module.factory('ClientCertificate', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/certificates/:attribute', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/certificates/:attribute', {
             realm : '@realm',
             client : "@client",
             attribute: "@attribute"
@@ -777,7 +777,7 @@ module.factory('ClientCertificate', function($resource) {
 });
 
 module.factory('ClientCertificateGenerate', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/certificates/:attribute/generate', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/certificates/:attribute/generate', {
             realm : '@realm',
             client : "@client",
             attribute: "@attribute"
@@ -790,7 +790,7 @@ module.factory('ClientCertificateGenerate', function($resource) {
 });
 
 module.factory('ClientCertificateDownload', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/certificates/:attribute/download', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/certificates/:attribute/download', {
         realm : '@realm',
         client : "@client",
         attribute: "@attribute"
@@ -804,7 +804,7 @@ module.factory('ClientCertificateDownload', function($resource) {
 });
 
 module.factory('Client', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client', {
         realm : '@realm',
         client : '@client'
     },  {
@@ -815,7 +815,7 @@ module.factory('Client', function($resource) {
 });
 
 module.factory('ClientInstallation', function($resource) {
-    var url = authUrl + '/admin/realms/:realm/clients-by-id/:client/installation/json';
+    var url = authUrl + '/admin/realms/:realm/clients/:client/installation/json';
     return {
         url : function(parameters)
         {
@@ -824,7 +824,7 @@ module.factory('ClientInstallation', function($resource) {
     }
 });
 module.factory('ClientInstallationJBoss', function($resource) {
-    var url = authUrl + '/admin/realms/:realm/clients-by-id/:client/installation/jboss';
+    var url = authUrl + '/admin/realms/:realm/clients/:client/installation/jboss';
     return {
         url : function(parameters)
      {
@@ -834,7 +834,7 @@ module.factory('ClientInstallationJBoss', function($resource) {
 });
 
 module.factory('ClientCredentials', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/client-secret', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/client-secret', {
         realm : '@realm',
         client : '@client'
     },  {
@@ -845,7 +845,7 @@ module.factory('ClientCredentials', function($resource) {
 });
 
 module.factory('ClientOrigins', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/clients-by-id/:client/allowed-origins', {
+    return $resource(authUrl + '/admin/realms/:realm/clients/:client/allowed-origins', {
         realm : '@realm',
         client : '@client'
     },  {

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html 23(+18 -5)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html
index 2b86f09..a3710c8 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html
@@ -110,25 +110,38 @@
                 </div>
             </div>
             <div class="form-group clearfix">
-                <label class="col-md-2 control-label" for="ldapUserDns"><span class="required">*</span> User DN</label>
+                <label class="col-md-2 control-label" for="ldapUsersDn"><span class="required">*</span> Users DN</label>
                 <div class="col-md-6">
-                    <input class="form-control" id="ldapUserDns" type="text" ng-model="instance.config.userDns" placeholder="LDAP User DN" required>
+                    <input class="form-control" id="ldapUsersDn" type="text" ng-model="instance.config.usersDn" placeholder="LDAP Users DN" required>
                 </div>
                 <kc-tooltip>Full DN of LDAP tree where your users are. This DN is parent of LDAP users. It could be for example 'ou=users,dc=example,dc=com' assuming
                     that your typical user will have DN like 'uid=john,ou=users,dc=example,dc=com'
                 </kc-tooltip>
             </div>
             <div class="form-group clearfix">
+                <label class="col-md-2 control-label" for="authType"><span class="required">*</span> Authentication Type</label>
+                <div class="col-md-6">
+                    <div>
+                        <select class="form-control" id="authType"
+                                ng-model="instance.config.authType"
+                                ng-options="authType.id as authType.name for authType in authTypes"
+                                required>
+                        </select>
+                    </div>
+                </div>
+                <kc-tooltip>LDAP Authentication type. Right now just 'none' (anonymous LDAP authentication) or 'simple' (Bind credential + Bind password authentication) mechanisms are available</kc-tooltip>
+            </div>
+            <div class="form-group clearfix" data-ng-hide="instance.config.authType == 'none'">
                 <label class="col-md-2 control-label" for="ldapBindDn"><span class="required">*</span> Bind DN</label>
                 <div class="col-md-6">
-                    <input class="form-control" id="ldapBindDn" type="text" ng-model="instance.config.bindDn" placeholder="LDAP Bind DN" required>
+                    <input class="form-control" id="ldapBindDn" type="text" ng-model="instance.config.bindDn" placeholder="LDAP Bind DN" data-ng-required="instance.config.authType != 'none'">
                 </div>
                 <kc-tooltip>DN of LDAP admin, which will be used by Keycloak to access LDAP server</kc-tooltip>
             </div>
-            <div class="form-group clearfix">
+            <div class="form-group clearfix" data-ng-hide="instance.config.authType == 'none'">
                 <label class="col-md-2 control-label" for="ldapBindCredential"><span class="required">*</span> Bind Credential</label>
                 <div class="col-md-6">
-                    <input class="form-control" id="ldapBindCredential" type="password" ng-model="instance.config.bindCredential" placeholder="LDAP Bind Credentials" required>
+                    <input class="form-control" id="ldapBindCredential" type="password" ng-model="instance.config.bindCredential" placeholder="LDAP Bind Credentials" data-ng-required="instance.config.authType != 'none'">
                 </div>
                 <kc-tooltip>Password of LDAP admin</kc-tooltip>
                 <div class="col-sm-4" data-ng-show="access.manageRealm">

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-mapper-detail.html 7(+6 -1)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-mapper-detail.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-mapper-detail.html
index 0b9c144..f06d032 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-mapper-detail.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-mapper-detail.html
@@ -47,7 +47,7 @@
             <div data-ng-repeat="option in mapperType.properties" class="form-group">
                 <label class="col-md-2 control-label">{{option.label}}</label>
 
-                <div class="col-sm-4" data-ng-hide="option.type == 'boolean' || option.type == 'List'">
+                <div class="col-sm-4" data-ng-show="option.type == 'String'">
                     <input class="form-control" type="text" data-ng-model="mapper.config[ option.name ]">
                 </div>
                 <div class="col-sm-4" data-ng-show="option.type == 'boolean'">
@@ -58,6 +58,11 @@
                         <option value="" selected> Select one... </option>
                     </select>
                 </div>
+                <div class="col-sm-4" data-ng-show="option.type == 'ClientList'">
+                    <select ng-model="mapper.config[ option.name ]" ng-options="client.clientId as client.clientId for client in clients">
+                        <option value="" selected> Select one... </option>
+                    </select>
+                </div>
                 <kc-tooltip>{{option.helpText}}</kc-tooltip>
             </div>

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-default-roles.html 8(+4 -4)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-default-roles.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-default-roles.html
index 5a27f56..732aeea 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-default-roles.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-default-roles.html
@@ -17,7 +17,7 @@
                         <select id="available" class="form-control" multiple size="5"
                                 ng-multiple="true"
                                 ng-model="selectedRealmRoles"
-                                ng-options="r for r in availableRealmRoles">
+                                ng-options="r for r in availableRealmRoles | orderBy:'toString()'">
                         </select>
                         <button class="btn btn-default" type="submit" ng-click="addRealmDefaultRole()" tooltip="Assign role" tooltip-placement="right">
                             Add selected <i class="fa fa-angle-double-right"></i>
@@ -29,7 +29,7 @@
                         <select id="assigned" class="form-control" multiple size=5
                                 ng-multiple="true"
                                 ng-model="selectedRealmDefRoles"
-                                ng-options="r for r in realm.defaultRoles">
+                                ng-options="r for r in realm.defaultRoles | orderBy:'toString()'">
                         </select>
                         <button class="btn btn-default" type="submit" ng-click="deleteRealmDefaultRole()" tooltip="Unassign role" tooltip-placement="left">
                             <i class="fa fa-angle-double-left"></i> Remove selected
@@ -55,7 +55,7 @@
                         <select id="available-client" class="form-control" multiple size="5"
                                 ng-multiple="true"
                                 ng-model="selectedClientRoles"
-                                ng-options="r for r in availableClientRoles">
+                                ng-options="r for r in availableClientRoles | orderBy:'toString()'">
                         </select>
                         <button class="btn btn-default" type="submit" ng-click="addClientDefaultRole()" tooltip="Assign role" tooltip-placement="right">
                             Add selected <i class="fa fa-angle-double-right"></i>
@@ -67,7 +67,7 @@
                         <select id="assigned-client" class="form-control" multiple size=5
                                 ng-multiple="true"
                                 ng-model="selectedClientDefRoles"
-                                ng-options="r for r in client.defaultRoles">
+                                ng-options="r for r in client.defaultRoles | orderBy:'toString()'">
                         </select>
                         <button class="btn btn-default" type="submit" ng-click="rmClientDefaultRole()" tooltip="Unassign role" tooltip-placement="left">
                             <i class="fa fa-angle-double-left"></i> Remove selected

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events.html 4(+2 -2)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events.html
index 8df1629..2540603 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events.html
@@ -52,13 +52,13 @@
                     <div class="form-group" data-ng-show="filter">
                         <label class="col-md-2 control-label" for="dateFrom">Date (From)</label>
                         <div class="col-md-6">
-                            <input class="form-control" type="date" id="dateFrom" name="dateFrom" data-ng-model="query.dateFrom">
+                            <input class="form-control" type="text" id="dateFrom" name="dateFrom" data-ng-model="query.dateFrom" placeholder="yyyy-MM-dd">
                         </div>
                     </div>
                     <div class="form-group" data-ng-show="filter">
                         <label class="col-md-2 control-label" for="dateTo">Date (To)</label>
                         <div class="col-md-6">
-                            <input class="form-control" type="date" id="dateTo" name="dateTo" data-ng-model="query.dateTo">
+                            <input class="form-control" type="text" id="dateTo" name="dateTo" data-ng-model="query.dateTo" placeholder="yyyy-MM-dd">
                         </div>
                     </div>

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-admin.html 4(+2 -2)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-admin.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-admin.html
index 8469d71..cb32dc4 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-admin.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-admin.html
@@ -48,13 +48,13 @@
                         <div class="form-group">
                             <label class="col-sm-2 control-label" for="dateFrom">Date (From)</label>
                             <div class="col-sm-4">
-                                <input class="form-control" type="date" id="dateFrom" name="dateFrom" data-ng-model="query.dateFrom">
+                                <input class="form-control" type="text" id="dateFrom" name="dateFrom" data-ng-model="query.dateFrom"  placeholder="yyyy-MM-dd">
                             </div>
                         </div>
                         <div class="form-group">
                             <label class="col-sm-2 control-label" for="dateTo">Date (To)</label>
                             <div class="col-sm-4">
-                                <input class="form-control" type="date" id="dateTo" name="dateTo" data-ng-model="query.dateTo">
+                                <input class="form-control" type="text" id="dateTo" name="dateTo" data-ng-model="query.dateTo"  placeholder="yyyy-MM-dd">
                             </div>
                         </div>

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html 4(+3 -1)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html
index c826a16..9a2a28f 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html
@@ -8,7 +8,7 @@
                     <caption class="hidden">Table of identity providers</caption>
                     <thead>
                     <tr>
-                        <th colspan="3" class="kc-table-actions">
+                        <th colspan="4" class="kc-table-actions">
                             <div class="dropdown pull-right">
                                 <select class="form-control" ng-model="provider"
                                         ng-options="p.name group by p.groupName for p in allProviders track by p.id"
@@ -21,6 +21,7 @@
                     <tr ng-show="configuredProviders.length > 0">
                         <th>Name</th>
                         <th>Provider</th>
+                        <th>Enabled</th>
                         <th width="15%">GUI order</th>
                     </tr>
                     </thead>
@@ -30,6 +31,7 @@
                             <a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}">{{identityProvider.alias}}</a>
                         </td>
                         <td>{{identityProvider.providerId}}</td>
+                        <td>{{identityProvider.enabled}}</td>
                         <td>{{identityProvider.config.guiOrder}}</td>
                     </tr>
                     </tbody>

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html 19(+16 -3)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html
index ed3b063..d2a267b 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html
@@ -59,11 +59,24 @@
                 <kc-tooltip>Enable/disable new users can read any stored tokens.  This assigns the broker.read-token role.</kc-tooltip>
             </div>
             <div class="form-group">
-                <label class="col-md-2 control-label" for="updateProfileFirstLogin">Update Profile on First Login</label>
+                <label class="col-md-2 control-label" for="updateProfileFirstLoginMode">Update Profile on First Login</label>
+                <div class="col-md-2">
+                		<div>
+                        <select id="updateProfileFirstLoginMode" ng-model="identityProvider.updateProfileFirstLoginMode" class="form-control">
+                            <option value="on">On</option>
+                            <option value="missing">On missing info</option>
+                            <option value="off">Off</option>
+                        </select>
+                    </div>
+                </div>
+                <kc-tooltip>Define under which conditions must user update his profile right after the first login.</kc-tooltip>
+            </div>
+            <div class="form-group">
+                <label class="col-md-2 control-label" for="trustEmail">Trust email</label>
                 <div class="col-md-6">
-                    <input ng-model="identityProvider.updateProfileFirstLogin" name="identityProvider.updateProfileFirstLogin" id="updateProfileFirstLogin" onoffswitch />
+                    <input ng-model="identityProvider.trustEmail" name="identityProvider.trustEmail" id="trustEmail" onoffswitch />
                 </div>
-                <kc-tooltip>Indicates if user must update his profile right after the first login.</kc-tooltip>
+                <kc-tooltip>If enabled then email provided by this provider is not verified even if verification is enabled for the realm.</kc-tooltip>
             </div>
             <div class="form-group">
                 <label class="col-md-2 control-label" for="guiOrder">GUI order</label>

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html 19(+16 -3)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html
index 8d9bd9d..d2aaf4e 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html
@@ -60,11 +60,24 @@
                 <kc-tooltip>Enable/disable new users can read any stored tokens.  This assigns the broker.read-token role.</kc-tooltip>
             </div>
             <div class="form-group">
-                <label class="col-md-2 control-label" for="updateProfileFirstLogin">Update Profile on First Login</label>
+                <label class="col-md-2 control-label" for="updateProfileFirstLoginMode">Update Profile on First Login</label>
+                <div class="col-md-2">
+                		<div>
+                        <select id="updateProfileFirstLoginMode" ng-model="identityProvider.updateProfileFirstLoginMode" class="form-control">
+                            <option value="on">On</option>
+                            <option value="missing">On missing info</option>
+                            <option value="off">Off</option>
+                        </select>
+                    </div>
+                </div>
+                <kc-tooltip>Define under which conditions must user update his profile right after the first login.</kc-tooltip>
+            </div>
+            <div class="form-group">
+                <label class="col-md-2 control-label" for="trustEmail">Trust email</label>
                 <div class="col-md-6">
-                    <input ng-model="identityProvider.updateProfileFirstLogin" name="identityProvider.updateProfileFirstLogin" id="updateProfileFirstLogin" onoffswitch />
+                    <input ng-model="identityProvider.trustEmail" name="identityProvider.trustEmail" id="trustEmail" onoffswitch />
                 </div>
-                <kc-tooltip>Indicates if user must update his profile right after the first login.</kc-tooltip>
+                <kc-tooltip>If enabled then email provided by this provider is not verified even if verification is enabled for the realm.</kc-tooltip>
             </div>
             <div class="form-group">
                 <label class="col-md-2 control-label" for="guiOrder">GUI order</label>

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html 19(+16 -3)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html
index 73427e5..623bcf0 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html
@@ -70,11 +70,24 @@
                 <kc-tooltip>Enable/disable this identity provider.</kc-tooltip>
             </div>
             <div class="form-group">
-                <label class="col-md-2 control-label" for="updateProfileFirstLogin">Update Profile on First Login</label>
+                <label class="col-md-2 control-label" for="updateProfileFirstLoginMode">Update Profile on First Login</label>
+                <div class="col-md-2">
+                		<div>
+                        <select id="updateProfileFirstLoginMode" ng-model="identityProvider.updateProfileFirstLoginMode" class="form-control">
+                            <option value="on">On</option>
+                            <option value="missing">On missing info</option>
+                            <option value="off">Off</option>
+                        </select>
+                    </div>
+                </div>
+                <kc-tooltip>Define under which conditions must user update his profile right after the first login.</kc-tooltip>
+            </div>
+            <div class="form-group">
+                <label class="col-md-2 control-label" for="trustEmail">Trust email</label>
                 <div class="col-md-6">
-                    <input ng-model="identityProvider.updateProfileFirstLogin" name="identityProvider.updateProfileFirstLogin" id="updateProfileFirstLogin" onoffswitch />
+                    <input ng-model="identityProvider.trustEmail" name="identityProvider.trustEmail" id="trustEmail" onoffswitch />
                 </div>
-                <kc-tooltip>Indicates if user must update his profile right after the first login.</kc-tooltip>
+                <kc-tooltip>If enabled then email provided by this provider is not verified even if verification is enabled for the realm.</kc-tooltip>
             </div>
             <div class="form-group">
                 <label class="col-md-2 control-label" for="authenticateByDefault">Authenticate By Default</label>

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-login-settings.html 14(+7 -7)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-login-settings.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-login-settings.html
index 1a1b90d..34679ae 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-login-settings.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-login-settings.html
@@ -20,6 +20,13 @@
                 <kc-tooltip>If enabled then username field is hidden from registration form and email is used as username for new user.</kc-tooltip>
             </div>
             <div class="form-group">
+                <label for="editUsernameAllowed" class="col-md-2 control-label">Edit username</label>
+                <div class="col-md-6">
+                    <input ng-model="realm.editUsernameAllowed" name="editUsernameAllowed" id="editUsernameAllowed" onoffswitch />
+                </div>
+                <kc-tooltip>If enabled, the username field is editable, readonly otherwise.</kc-tooltip>
+            </div>
+            <div class="form-group">
                 <label for="resetPasswordAllowed" class="col-md-2 control-label">Forget password</label>
                 <div class="col-md-6">
                     <input ng-model="realm.resetPasswordAllowed" name="resetPasswordAllowed" id="resetPasswordAllowed" onoffswitch />
@@ -41,13 +48,6 @@
                 <kc-tooltip>Require the user to verify their email address the first time they login.</kc-tooltip>
             </div>
             <div class="form-group">
-                <label for="passwordCredentialGrantAllowed" class="col-md-2 control-label">Direct Grant API</label>
-                <div class="col-md-6">
-                    <input ng-model="realm.passwordCredentialGrantAllowed" name="passwordCredentialGrantAllowed" id="passwordCredentialGrantAllowed" onoffswitch />
-                </div>
-                <kc-tooltip>Enable/disable REST API for login/token grant access</kc-tooltip>
-            </div>
-            <div class="form-group">
                 <label for="sslRequired" class="col-md-2 control-label">Require SSL</label>
                 <div class="col-md-2">
                     <div>

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-detail.html 8(+4 -4)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-detail.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-detail.html
index 0ba6cb0..aa21bd8 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-detail.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-detail.html
@@ -64,7 +64,7 @@
                             <select id="available" class="form-control" multiple size="5"
                                     ng-multiple="true"
                                     ng-model="selectedRealmRoles"
-                                    ng-options="r.name for r in realmRoles">
+                                    ng-options="r.name for r in realmRoles | orderBy:'name'">
                             </select>
                             <button class="btn btn-default" type="submit" ng-click="addRealmRole()" tooltip="Associate role" tooltip-placement="right">
                                 Add selected <i class="fa fa-angle-double-right"></i>
@@ -76,7 +76,7 @@
                             <select id="assigned" class="form-control" multiple size=5
                                     ng-multiple="true"
                                     ng-model="selectedRealmMappings"
-                                    ng-options="r.name for r in realmMappings">
+                                    ng-options="r.name for r in realmMappings | orderBy:'name'">
                             </select>
                             <button class="btn btn-default" type="submit" ng-click="deleteRealmRole()" tooltip="Disassociate role" tooltip-placement="left">
                                 <i class="fa fa-angle-double-left"></i> Remove selected
@@ -103,7 +103,7 @@
                             <select id="available-client" class="form-control" multiple size="5"
                                     ng-multiple="true"
                                     ng-model="selectedClientRoles"
-                                    ng-options="r.name for r in clientRoles">
+                                    ng-options="r.name for r in clientRoles | orderBy:'name'">
                             </select>
                             <button class="btn btn-default" type="submit" ng-click="addClientRole()" tooltip="Associate role" tooltip-placement="right">
                                 Add selected <i class="fa fa-angle-right"></i>
@@ -115,7 +115,7 @@
                             <select id="assigned-client" class="form-control" multiple size=5
                                     ng-multiple="true"
                                     ng-model="selectedClientMappings"
-                                    ng-options="r.name for r in clientMappings">
+                                    ng-options="r.name for r in clientMappings | orderBy:'name'">
                             </select>
                             <button class="btn btn-default" type="submit" ng-click="deleteClientRole()" tooltip="Disassociate role" tooltip-placement="left">
                                 <i class="fa fa-angle-left"></i> Remove selected

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-list.html 2(+1 -1)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-list.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-list.html
index 316704e..010b29e 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-list.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-list.html
@@ -33,7 +33,7 @@
         </tr>
         </thead>
         <tbody>
-        <tr ng-repeat="role in roles | filter:{name: searchQuery}">
+        <tr ng-repeat="role in roles | orderBy:'name' | filter:{name: searchQuery}">
             <td><a href="#/realms/{{realm.realm}}/roles/{{role.id}}">{{role.name}}</a></td>
             <td>{{role.composite}}</td>
             <td>{{role.description}}</td>

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/server-info.html 34(+31 -3)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/server-info.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/server-info.html
index ff818a2..c0d6600 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/server-info.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/server-info.html
@@ -14,7 +14,35 @@
 
     <fieldset>
         <legend collapsed>Providers</legend>
+
         <div class="form-group">
+            <h3>Public SPIs</h3>
+            <kc-tooltip>For public SPIs there are built-in providers, but it's also supported to write your own custom providers.</kc-tooltip>
+
+            <table class="table table-striped table-bordered">
+                <thead>
+                <tr>
+                    <th>SPI</th>
+                    <th>Providers</th>
+                </tr>
+                </thead>
+                <tbody>
+                <tr data-ng-repeat="spi in (serverInfo.providers | filter:{internal:false} | orderBy:'name')">
+                    <td>{{spi.name}}</td>
+                    <td>
+                        <div data-ng-repeat="provider in (spi.implementations | orderBy:'toString()')">
+                            {{provider}}
+                        </div>
+                    </td>
+                </tr>
+                </tbody>
+            </table>
+        </div>
+
+        <div class="form-group">
+            <h3>Internal SPIs</h3>
+            <kc-tooltip>For internal SPIs there are only built-in providers. It's not recommended to write your own custom providers as internal SPIs may change or be removed without notice.</kc-tooltip>
+
             <table class="table table-striped table-bordered">
                 <thead>
                 <tr>
@@ -23,10 +51,10 @@
                 </tr>
                 </thead>
                 <tbody>
-                <tr data-ng-repeat="(spi, providers) in serverInfo.providers">
-                    <td>{{spi}}</td>
+                <tr data-ng-repeat="spi in (serverInfo.providers | filter:{internal:true} | orderBy:'name')">
+                    <td>{{spi.name}}</td>
                     <td>
-                        <div data-ng-repeat="provider in providers">
+                        <div data-ng-repeat="provider in (spi.implementations | orderBy:'toString()')">
                             {{provider}}
                         </div>
                     </td>

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-detail.html 3(+2 -1)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-detail.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-detail.html
index 35b5645..1dcadd4 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-detail.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-detail.html
@@ -25,10 +25,11 @@
                 <div class="col-md-6">
                     <!-- Characters >,<,/,\ are forbidden in username -->
                     <input class="form-control" type="text" id="username" name="username" data-ng-model="user.username" autofocus
-                           required ng-pattern="/^[^\<\>\\\/]*$/" data-ng-readonly="!create">
+                           required ng-pattern="/^[^\<\>\\\/]*$/" data-ng-readonly="!editUsername">
                 </div>
             </div>
 
+
             <div class="form-group">
                 <label class="col-md-2 control-label" for="email">Email</label>

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-list.html 6(+3 -3)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-list.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-list.html
index 681a658..4498988 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-list.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-list.html
@@ -9,9 +9,9 @@
                 <div class="form-inline">
                     <div class="form-group">
                         <div class="input-group">
-                            <input type="text" placeholder="Search..." data-ng-model="query.search" class="form-control search" onkeyup="if(event.keyCode == 13){$(this).next('I').click();}">
+                            <input type="text" placeholder="Search..." data-ng-model="query.search" class="form-control search" onkeydown="if (event.keyCode == 13) document.getElementById('userSearch').click()">
                             <div class="input-group-addon">
-                                    <i class="fa fa-search" data-ng-click="firstPage()" type="submit"></i>
+                                    <i class="fa fa-search" id="userSearch" data-ng-click="firstPage()"></i>
                             </div>
                         </div>
                     </div>
@@ -45,7 +45,7 @@
         </tfoot>
         <tbody>
         <tr ng-repeat="user in users">
-            <td><a href="#/realms/{{realm.realm}}/users/{{user.username}}">{{user.username}}</a></td>
+            <td><a href="#/realms/{{realm.realm}}/users/{{user.id}}">{{user.username}}</a></td>
             <td>{{user.lastName}}</td>
             <td>{{user.firstName}}</td>
             <td>{{user.email}}</td>

forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-user.html 12(+6 -6)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-user.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-user.html
index 9314e7a..0b0a499 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-user.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/templates/kc-tabs-user.html
@@ -1,8 +1,8 @@
 <ul class="nav nav-tabs" data-ng-show="!create">
-    <li ng-class="{active: !path[4]}"><a href="#/realms/{{realm.realm}}/users/{{user.username}}">Attributes</a></li>
-    <li ng-class="{active: path[4] == 'user-credentials'}" data-ng-show="access.manageUsers"><a href="#/realms/{{realm.realm}}/users/{{user.username}}/user-credentials">Credentials</a></li>
-    <li ng-class="{active: path[4] == 'role-mappings'}" ><a href="#/realms/{{realm.realm}}/users/{{user.username}}/role-mappings">Role Mappings</a></li>
-    <li ng-class="{active: path[4] == 'consents'}"><a href="#/realms/{{realm.realm}}/users/{{user.username}}/consents">Consents</a></li>
-    <li ng-class="{active: path[4] == 'sessions'}" ><a href="#/realms/{{realm.realm}}/users/{{user.username}}/sessions">Sessions</a></li>
-    <li ng-class="{active: path[4] == 'federated-identity'}" data-ng-show="user.federatedIdentities && user.federatedIdentities.length > 0"><a href="#/realms/{{realm.realm}}/users/{{user.username}}/federated-identity">Identity Provider Links</a></li>
+    <li ng-class="{active: !path[4]}"><a href="#/realms/{{realm.realm}}/users/{{user.id}}">Attributes</a></li>
+    <li ng-class="{active: path[4] == 'user-credentials'}" data-ng-show="access.manageUsers"><a href="#/realms/{{realm.realm}}/users/{{user.id}}/user-credentials">Credentials</a></li>
+    <li ng-class="{active: path[4] == 'role-mappings'}" ><a href="#/realms/{{realm.realm}}/users/{{user.id}}/role-mappings">Role Mappings</a></li>
+    <li ng-class="{active: path[4] == 'consents'}"><a href="#/realms/{{realm.realm}}/users/{{user.id}}/consents">Consents</a></li>
+    <li ng-class="{active: path[4] == 'sessions'}" ><a href="#/realms/{{realm.realm}}/users/{{user.id}}/sessions">Sessions</a></li>
+    <li ng-class="{active: path[4] == 'federated-identity'}" data-ng-show="user.federatedIdentities && user.federatedIdentities.length > 0"><a href="#/realms/{{realm.realm}}/users/{{user.id}}/federated-identity">Identity Provider Links</a></li>
 </ul>
\ No newline at end of file

forms/common-themes/src/main/resources/theme/base/login/login.ftl 4(+2 -2)

diff --git a/forms/common-themes/src/main/resources/theme/base/login/login.ftl b/forms/common-themes/src/main/resources/theme/base/login/login.ftl
index 858e075..e3a3456 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/login.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/login/login.ftl
@@ -49,8 +49,8 @@
 
                     <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
                         <div class="${properties.kcFormButtonsWrapperClass!}">
-                            <input class="btn btn-primary btn-lg" name="login" id="kc-login" type="submit" value="${msg("doLogIn")}"/>
-                            <input class="btn btn-default btn-lg" name="cancel" id="kc-cancel" type="submit" value="${msg("doCancel")}"/>
+                            <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="login" id="kc-login" type="submit" value="${msg("doLogIn")}"/>
+                            <input class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="cancel" id="kc-cancel" type="submit" value="${msg("doCancel")}"/>
                         </div>
                      </div>
                 </div>

forms/common-themes/src/main/resources/theme/base/login/login-config-totp.ftl 2(+1 -1)

diff --git a/forms/common-themes/src/main/resources/theme/base/login/login-config-totp.ftl b/forms/common-themes/src/main/resources/theme/base/login/login-config-totp.ftl
index 94f264a..f1effe7 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/login-config-totp.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/login/login-config-totp.ftl
@@ -23,7 +23,7 @@
                 </div>
 
                 <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
-                    <input class="btn btn-primary btn-lg" type="submit" value="${msg("doSubmit")}"/>
+                    <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}"/>
                 </div>
             </div>
         </form>

forms/common-themes/src/main/resources/theme/base/login/login-oauth-grant.ftl 4(+2 -2)

diff --git a/forms/common-themes/src/main/resources/theme/base/login/login-oauth-grant.ftl b/forms/common-themes/src/main/resources/theme/base/login/login-oauth-grant.ftl
index 30d55c3..2d596d0 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/login-oauth-grant.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/login/login-oauth-grant.ftl
@@ -54,8 +54,8 @@
 
                     <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
                         <div class="${properties.kcFormButtonsWrapperClass!}">
-                            <input class="btn btn-primary btn-lg" name="accept" id="kc-login" type="submit" value="${msg("doYes")}"/>
-                            <input class="btn btn-default btn-lg" name="cancel" id="kc-cancel" type="submit" value="${msg("doNo")}"/>
+                            <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="accept" id="kc-login" type="submit" value="${msg("doYes")}"/>
+                            <input class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="cancel" id="kc-cancel" type="submit" value="${msg("doNo")}"/>
                         </div>
                     </div>
                 </div>

forms/common-themes/src/main/resources/theme/base/login/login-reset-password.ftl 2(+1 -1)

diff --git a/forms/common-themes/src/main/resources/theme/base/login/login-reset-password.ftl b/forms/common-themes/src/main/resources/theme/base/login/login-reset-password.ftl
index ec327c2..90a2b6f 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/login-reset-password.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/login/login-reset-password.ftl
@@ -23,7 +23,7 @@
                 </div>
 
                 <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
-                    <input class="btn btn-primary btn-lg" type="submit" value="${msg("doSubmit")}"/>
+                    <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}"/>
                 </div>
             </div>
         </form>

forms/common-themes/src/main/resources/theme/base/login/login-totp.ftl 6(+3 -3)

diff --git a/forms/common-themes/src/main/resources/theme/base/login/login-totp.ftl b/forms/common-themes/src/main/resources/theme/base/login/login-totp.ftl
index ec07935..b085eeb 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/login-totp.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/login/login-totp.ftl
@@ -11,7 +11,7 @@
 
             <div class="${properties.kcFormGroupClass!}">
                 <div class="${properties.kcLabelWrapperClass!}">
-                    <label for="totp" class="${properties.kcLabelClass!}">${msg("doLogIn")}</label>
+                    <label for="totp" class="${properties.kcLabelClass!}">${msg("loginTotpOneTime")}</label>
                 </div>
 
                 <div class="${properties.kcInputWrapperClass!}">
@@ -27,8 +27,8 @@
 
                 <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
                     <div class="${properties.kcFormButtonsWrapperClass!}">
-                        <input class="btn btn-primary btn-lg" name="login" id="kc-login" type="submit" value="${msg("doLogIn")}"/>
-                        <input class="btn btn-default btn-lg" name="cancel" id="kc-cancel" type="submit" value="${msg("doCancel")}"/>
+                        <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="login" id="kc-login" type="submit" value="${msg("doLogIn")}"/>
+                        <input class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="cancel" id="kc-cancel" type="submit" value="${msg("doCancel")}"/>
                     </div>
                 </div>
             </div>

forms/common-themes/src/main/resources/theme/base/login/login-update-password.ftl 2(+1 -1)

diff --git a/forms/common-themes/src/main/resources/theme/base/login/login-update-password.ftl b/forms/common-themes/src/main/resources/theme/base/login/login-update-password.ftl
index d201616..d13729e 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/login-update-password.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/login/login-update-password.ftl
@@ -31,7 +31,7 @@
                 </div>
 
                 <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
-                    <input class="btn btn-primary btn-lg" type="submit" value="${msg("doSubmit")}"/>
+                    <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}"/>
                 </div>
             </div>
         </form>

forms/common-themes/src/main/resources/theme/base/login/login-update-profile.ftl 2(+1 -1)

diff --git a/forms/common-themes/src/main/resources/theme/base/login/login-update-profile.ftl b/forms/common-themes/src/main/resources/theme/base/login/login-update-profile.ftl
index a534073..f80909e 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/login-update-profile.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/login/login-update-profile.ftl
@@ -40,7 +40,7 @@
                 </div>
 
                 <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
-                    <input class="btn btn-primary btn-lg" type="submit" value="${msg("doSubmit")}" />
+                    <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}" />
                 </div>
             </div>
         </form>

forms/common-themes/src/main/resources/theme/base/login/register.ftl 2(+1 -1)

diff --git a/forms/common-themes/src/main/resources/theme/base/login/register.ftl b/forms/common-themes/src/main/resources/theme/base/login/register.ftl
index e560cf1..63d8c22 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/register.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/login/register.ftl
@@ -116,7 +116,7 @@
                 </div>
 
                 <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
-                    <input class="btn btn-primary btn-lg" type="submit" value="${msg("doRegister")}"/>
+                    <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doRegister")}"/>
                 </div>
             </div>
         </form>

forms/common-themes/src/main/resources/theme/keycloak/account/theme.properties 11(+10 -1)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/account/theme.properties b/forms/common-themes/src/main/resources/theme/keycloak/account/theme.properties
index 971b6c0..69a79ec 100644
--- a/forms/common-themes/src/main/resources/theme/keycloak/account/theme.properties
+++ b/forms/common-themes/src/main/resources/theme/keycloak/account/theme.properties
@@ -1,4 +1,13 @@
 parent=base
 import=common/keycloak
 
-styles=lib/patternfly/css/patternfly.css css/account.css
\ No newline at end of file
+styles=lib/patternfly/css/patternfly.css css/account.css
+
+##### css classes for form buttons
+# main class used for all buttons
+kcButtonClass=btn
+# classes defining priority of the button - primary or default (there is typically only one priority button for the form)
+kcButtonPrimaryClass=btn-primary
+kcButtonDefaultClass=btn-default
+# classes defining size of the button
+kcButtonLargeClass=btn-lg

forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial.css 1226(+420 -806)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial.css b/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial.css
old mode 100755
new mode 100644
index 0d53c0b..c55a66e
--- a/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial.css
+++ b/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial.css
@@ -1,119 +1,127 @@
 @charset "UTF-8";
-@font-face {
-  font-family: 'zocial';
-  font-style: normal;
-  font-weight: normal;
-  src: url('zocial-regular-webfont.eot');
-  src: url('zocial-regular-webfont.eot?#iefix') format('embedded-opentype'), url('zocial-regular-webfont.woff') format('woff'), url('zocial-regular-webfont.ttf') format('truetype'), url('zocial-regular-webfont.svg#zocialregular') format('svg');
-}
-@font-face {
-  font-family: 'zocial';
-  src: url('zocial-regular-webfont.eot');
-}
-@font-face {
-  font-family: 'zocial';
-  src: url(data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAIg4ABEAAAAAu3QAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABgAAAABwAAAAcYseDo0dERUYAAAGcAAAAHQAAACAAvAAET1MvMgAAAbwAAABGAAAAYIQKX89jbWFwAAACBAAAAQ0AAAG6bljO42N2dCAAAAMUAAAARgAAAEYIsQhqZnBnbQAAA1wAAAGxAAACZVO0L6dnYXNwAAAFEAAAAAgAAAAIAAAAEGdseWYAAAUYAAB84gAAqygVDf1SaGVhZAAAgfwAAAAzAAAANv4qY31oaGVhAACCMAAAACAAAAAkCPsFH2htdHgAAIJQAAABYgAAAjz3pgDkbG9jYQAAg7QAAAEIAAABIHLfoPBtYXhwAACEvAAAAB8AAAAgAbsDM25hbWUAAITcAAABXAAAAthAoGHFcG9zdAAAhjgAAAE4AAAB9BtmgAFwcmVwAACHcAAAAL0AAAF0tHasGHdlYmYAAIgwAAAABgAAAAbfVFC7AAAAAQAAAADMPaLPAAAAAMmoUQAAAAAAzOGP03jaY2BkYGDgA2IJBhBgYmAEwj4gZgHzGAAKZADBAAAAeNpjYGaexjiBgZWBhamLKYKBgcEbQjPGMRgxqTGgAkZkTkFlUTGDA4PCAwZmlf82DAzMRxiewdQwmzAbAykFBkYA+wIKtAAAeNpjYGBgZoBgGQZGBhDYAuQxgvksDDOAtBKDApDFxNDIsIBhMcNahuMMJxkuMlxjuMPwlOGdApeCiIK+QvwDhv//gWoVMNQ8YHiuwKAgAFPz//H/o/8P/9/1f+H/Bf9n/p/6f8L/3v89D6oflD2IeaCr0At1AwHAyMYAV8jIBCSY0BUAvcTCysbOwcnFzcPLxy8gKCQsIiomLiEpJS0jKyevoKikrKKqpq6hqaWto6unb2BoZGxiamZuYWllbWNrZ+/g6OTs4urm7uHp5e3j6+cfEBgUHBIaFh4RGRUdExsXn5CYxMCQkZmVnZOXm19YUFRcWlJWXllRheqKNAaiQCqY7OxiIAkAAEf0TzwAAAAAEgH+AiEAJgC/ADAAOABDAFMAWQBgAGQAbACtABwAJgDeACwANAA7AFoAZABsAI4AqADAABwA+wB9AEkAdAAhAGoAxQBVAAB42l1Ru05bQRDdDQ8DgcTYIDnaFLOZkMZ7oQUJxNWNYmQ7heUIaTdykYtxAR9AgUQN2q8ZoKGkSJsGIRdIfEI+IRIza4iiNDs7s3POmTNLypGqd+lrz1PnJJDC3QbNNv1OSLWzAPek6+uNjLSDB1psZvTKdfv+Cwab0ZQ7agDlPW8pDxlNO4FatKf+0fwKhvv8H/M7GLQ00/TUOgnpIQTmm3FLg+8ZzbrLD/qC1eFiMDCkmKbiLj+mUv63NOdqy7C1kdG8gzMR+ck0QFNrbQSa/tQh1fNxFEuQy6axNpiYsv4kE8GFyXRVU7XM+NrBXbKz6GCDKs2BB9jDVnkMHg4PJhTStyTKLA0R9mKrxAgRkxwKOeXcyf6kQPlIEsa8SUo744a1BsaR18CgNk+z/zybTW1vHcL4WRzBd78ZSzr4yIbaGBFiO2IpgAlEQkZV+YYaz70sBuRS+89AlIDl8Y9/nQi07thEPJe1dQ4xVgh6ftvc8suKu1a5zotCd2+qaqjSKc37Xs6+xwOeHgvDQWPBm8/7/kqB+jwsrjRoDgRDejd6/6K16oirvBc+sifTv7FaAAAAAAEAAf//AA942py8B3wc13kvOmf6bJmdtr33BuwCW7BYgCgECIAgwQaSYO9dLJJIUSRFVVqiaDWrWVYvsWM7snw9s4BkSY5juVzHTnLt+CWRnWLHyYsdb4pv4iQ3V77m8n5nZinL13m/381jmT1tZmfP+cr/K+cQHMFcm6F+RKWIQ8TNxAXiLuJ+4gniOfQi0eIJomioB6rVlh1KrS0kUVzaJhIDdLE1B+UWhRtWOAgXbkBQlkP8CmfRkLl2KyTbiovjoYBQXEr14Va9t2qk2PbS7RfMMbdT7aWnHjOLT4ntpbN34eLSWfPpSw8+a9YetGo3HjdrN5o1/VJl6fIls+Gy2YD058s68a6xU2rrOyXjMCouHQ0QYzDyqGScQUXjNldbv00y7oCOc1bHtop+TjKuQN+T0PekZDyNivq9laVHzG7jBeg4vFNWlsiZ+bnNKW/TOHNUVvQVTf02+Y0ta4/feOCWC9Cq36G0zp4/2Ww2jSvnZOXzqj2QLS733Y27npRft1263PvgY1AhjFQIbvc19T65FY1n4Qb9gvI6QxSqzSE8+HZ5cdnpcwP4i556TFYWz9x65RHcflY2nnwanv7gs3D7zqZ+XF46fPTk3fdCX1+/WiNihFsjuRLKeqqVei2Z4GpcMlOvNaA6gOtsMgHVURRB1YrVlkkmRMThQjaTLSEY4kLeykC14mU5kXLjgojcmtfj9URRhkSaN4Pb4DbWUxuoeDQ20dDguxKNbrO3BgWPW8Nf1dCs12CQH/0X5P+WIfTbxj2S7F/pYgLUzsHoHXJgfyC4nGJZGy0k+Og7aUkcnLDTlXiwN3SuJKQZD8uFuURPyE16XM7BUMazZiOtDsRp9PIbKEihjMw7bKocjbsDbndAVZRP82GnZvNHVcXukGWHXUlyPM+h2neRv/O3332j8/OcPO0OVHY1RHJqwOXqTbmdYsjHMAghZlZz2FxuSnOU74j4hNQwh6KIFkUGUZTAsZywdU3Qe/6nz0p0BblQjmUlH+NUj+EvdvfyvLDWafMcsb5UccOXEjRBXJtjRKpGzBDzxHbiLPBSy4M5KM4AO2AGYsjrl1G4IP3Wsr7yXWOtp62vlYwhoLqNclvfKBkLUNyhtfUdknEDUK3oISQgy3PQOrRWVlqBehwT3cJGWTGYdBMIjAECe12cXr3+6EmTOOTaKAkL5PFGKLfGwZKzRZSAJa9hQgBSGEX1WrZE4pZRchhVMIUAVUBDMuFCrIvMeGtjCC8s3MfAisu1hFvVKiPIC3ePAYlUcRuQnB3BLe5jn/7y/rB45sYtL96/Adn//KXjt/HfPM0iCjGokvWV8qxw4B77+mGOEehFwRX0KIFPe1gbz1B8z3Fuz58NMGydOcGg6u7db+3e6QzFxB3lvnLS8cB9YqKEHj/2yX0VxCZDu+749E4n+/QfFiN1kiaRQ4j6HA4pGaMDOSQ7HMUer2JH54sugXUd+KnrZN52jrqLpW/t7UX39vZ2bu/tff2tcPit1816uPP/oFK4lyAIEq8b9c+wbhTBEcuIFrQVlxBNcLS1WEu0WUY6j+XMEiXhmk5JBg1rw5k1Q0BFoq/fLcdlFf6jf+PRvy6hf+vY0b/gq0kbq6mvU1XCQYSJLFEm/s76Ht1RbcXgO4wy0AjChayzveQKEgjkootpL9kjZjGaq1YNu7ON9D7zJRwSwcPX9oPcGgi8PfrMzz5LuIs2nZB09I7ukPTsO2+Pfuxnv2E2xkqiHnqHMcrUe6IuvsNA/6LdkVWLuigtusQyFELSYjAUgwJ0RcwuaImaLTAmh8dQhCGGSiU07kB20RUMRaKxbK5c+sAffTxgOAigSWcY02Q2BlLLDcToVuOVCAlUWEQUF1eB0hoDWY9VT6rVBhBqCcreUdSoDdSTX0FvVHbNhV3h3738+bEXEBp78/LXI6GZuNts+N7/2Fi4g3Tx5dgd030b7eTpldTF1OrTa6883/neSZR9/sr9m1bthcqfkuLnqXDyX8jpfpKHJbbWeSX1JWqQ8BBF4sPW/LcKeLFjNGGDxY4VsMqKhYViK4OZlMcXCV8yoNxaNNZwkjVUovFQySEAWfSY6scD6scjGSlg0qzUNnrh04Mnw+sHcZ+SDQdMip5VDJ7FkyPB5Bge4F1MNCBD80ikk4kRkMgi6ZapUbpaCZs8KTdkEK7x3/ociiGa2XPs5jWUq294puF9/nrllh0//K3PdX44SZKLX2f23nDzrPS8M7tquPPzzmvd6sxpxP7l1c7i1wkbzMEC9TT1CNChhwgRKaICFL+K2EjsII4Qf0m0ypgmZ6otGv/qYbjo81XDK7RbCdywCV/2kN250MVqK4jnxEtjYlzScuVhUPPjVUOzt/VkGf4h/ahJrryXaADP8JLhBIr1VpYki4l8lcWK5OSLRo+3vbjCLK3ytvVVZWMFfEiSsRNY7IB5s3EMZlRygp4NJ6qDq9dv2ob1ZU8F5jGYBGm4YhWWjAs7sHbdKRtbtuNpzmmgTu22Q4dNqViXLW0FM5rIeIFP8cwmMnK8lkmwDZCNUcRlVHNMGJkqra5grWeqt/+4PdEYJWGlOFU2G8wnZ/yBdLqW/iw5mg50xgNpcvTVv3v1EEfR/a4+Vybkz2RCgTTji3m9svRWNhhI43ov1H0xJ+nzin1fg7vTtcz3kRMeFOj8C1xXod/o7IZP9Pdnnnzymzy5jd/6i78IpjL+3wsl0wEqAw+TZO/V3w6m0oFfaXqUqqYFctvVReQIZDKBzr/CQyxeWEMNUnVY/2HiuLXuht/ZNmneGAQZVFXLPGCsqonukL7MJHIViLxa0VXJqMFqiEDnI/BZU2HqeX8ZT70oGxjhEIbqh5VJQlGvyjrR1AcVXTQ1U2MA/zW1E8wgB0tg4o1qxeqwunAH/psEraXGM1gvcWw41Bhct2Hf3du2l0rl8ubOtki4XBnMR6LRqN+fd8USmtvr7i9Nz2z/zi23/ABd4erVzfPVGpo4vmfn5GQyNTK8f8+hXcHg5rHl0bjN5vX4/T2S252OlYqFfDB4/xVUu2NsdGyMsHQ5OQw6wUWoRJzIg0ZvOfAcpQHa5nFBZtstL54sFVowuxhRDsRzwaR3yUWcA/IGApZhfgRX2yjCpywBNWrBRAaDwi7jxy2qwXTYiMvxhuYBdYwBGiheVtE8lQEgzrEedKhnbKyn81zPWBz9e0f4pNN2l81pXorBTCCQmaUUPOAXP4Xrx8i923Cn4HT+4m9xZ8Bc7/9BbyC/TniJILGOaMn4JyhsWxcr1ssHQde4fTINusbNtXVHBekhc8l9gJB9kuHv/o4wfPp9gI1dsqo5rR9S/5Uf4q664/VqvfuDQiXqd0rBYKlzw42dj9zYOV4KpWnuf733IvpBKRQqdRKlYHpoKB3MkDTxvi7+Ccx7lBghLhKtAH5PqQEWSBJr4mWW9O3FIsi8RK8LI6SPmq/L+tstlsDCmXUKRZ2VjCa8cdXbbjWruLUZE4rGGDQ1WRAltOYJZPO9DROlLwtgMlarzaZJpwNjiAUojBEUZvks5/GKJC5QGcaUBd5GJgtICpdULAtcyALWMf9/HbsaqjWT071DdxbWDW61FRMuf579BIk+Pp3vvy04sn0vudAUzaaY/7Hyw6c/Q05Drbxy71v77cFcPVzs680sRiOkk4v5yc85cpl8Mvxqn8vniPmvbnCwMDYxPX/jRzJDhEWrs/TLVD+RAV6eIjYQ14hWCs9bATDFDJbhq6vGNNPW11RMbabPVg0VlrtJpSRY7iZYX2M2XNTXVZfGROIFzO/zZd357pLHEtNE7F3ZyHrai0EPFtEsAFa2bAQ9WOPpcehc6tWI1TCwt7wUt0qgCteDqF9ZMdYpINArrXXr8fSvWwPKdf06XFw/DSuxEatJLNRpXlGjqanlWKgHYWn0QlPvlQ1fBET7+jjUZVihZgFkChYvOiXr0aZuU1psMILFzpis+5v6NLaygLFqA8MIG0KWAQS0ySUjyATCbg0wMbpur1hGUbbEgnzJsGoE0O1AiWQZIN8qkHHSnay37hwoSDb16L2fOIYGpvaX61vTnoHgSPkTD9335k1nt5w7TlO85AiKKT6b2X7/hP3AsuFp7cD5abL+jco3v1lBW67kSuEwurRnx5WKcnBk11Q44VeHtOL2FdvvO3hmat/WWdVpV1VsxTAOtBf947rTiDzx4in6hsOVb+BHEAgzBj1PvkXcAMixRWKKD1bXVgEQHhPbb/R6Y1xzZmPKCxx7vGycMIGoXG9UvW4tyWEK9qhAqWUS7MTMCOq2i2AURhHgsEwZGwbQPhCFaUliU8FFql71Az34DlMaUyLCdiMUsxlsO8Bf8j3SFohzldfYG53CnBaQ/CL1Xxmby+lAnH12g2RnowJNUVTzHlLwyLyXO0bdzf+ew+UMqBRFUz8ihZKmiT+3+b32zKZjgXwk9rWY5LDnRfIVN0lqPEKq03Vb5yn0/Yj6VK6q0iTjJpGbJ0lWkT1P/UbMzlPYzFBJhPBwzpEQv8Z1fk6hvwrBOyCKpDV4DkeSshS/+k2vS/as/u3v9c1Mr0YfX1Ow2SiSQNeuXVtFfQr4B+S6lBmlGwOgjhRvCn9GENjFnMhkTGuJzCKnGHf3OgYW7P7nMsgxJBXtXlVQN0yfVG2DlYnBWppTQhG68EicfNOjirKgMh5HeLLDndwqs7S7fMTrSvgSLKXJblEgeWXFDc470GcO4CXWCOraXZSdooheop+oE02QgFPELLEGOHozsYc4AAjtOHEjWJV3EPcQ9xEfRl0Ma5RBA83su1ipVCzqcIaKmDpGQJ1vOnUFN2tYxHPpanVpF0WcBTA1eQ5at4LcNMZOw9BNbHupVCE0Z7G16uCdcPNSSSS2g6Sd3nsb3L9UHzD71h69hPvqVt/c4btx31DT7Ft/w724b8jqmz9xGfqQ/oAplMtqu1UZGIIWvSwZJPD8FBi6U5LRh4qL1cYwcH1laSZAXIY7V62dh3GGEwbMSAYYCcYeKO6RjJWo2Fq9biP+yn3W0INHT+BH7pOMHTAsBMNCkrEfhh06dhIPu2gOW7zpzkuX4Qv0i5IRhjHhMi6dhTuKUCtKxu1wx10fuh9/a6/aNh6Enr4pEDQ8B7Jn30pQCtrWXdjgDu0AOeRvGhfD8BlrGmf3w2caa0CvXK2NUmDlaO7qMoRt7whtFQHIm61y2l2tZ6v1ZL37v4GtaWxV/1p7FXck/zM91E7ESfG+uItv8K64TwnIDoYaoBiHHFB80LrzavPB7p+ZVau2Pd39c2c6k0mXr9c+nUmnM8xD3T/3UFxYK8qSJPUqkYjSK0m84HekHR4PXPwCb7b/4j3jpps85zyX3DftiMcvxeNXL/zf1i1dP8uEge/CRIn4GNEKYtujp7rE0oQAq4urS2lL4aeDWGOkEWj0XKXlwFDAbY5CetmkMAqAKVjkPKydTzIBSwS0j1wxEhLGOHpCMrLQVwDECjRn8BSsXLCp+2Td3jQSEVhtRy9GrW5QPW8ILskXjcVNm2EEVd0YhdVNgA9IP1vH1oIJdRKZdN3bMLvNYYD9f5gbyn/2p5+9vA0+Xzt/4TXyj7ddzg3lfviZn7126vXFUD4XRp86+5ufvHVnrrA+nMuFO3vO/9Znzn2+kHsznM+Hv/D6hddexbKAuva/4He3yf3EBLGW2EX8DtEaxrMDrDrtaOsbK61xzPi0DaDnOJ4amIxiS8Fc7ra1l2Jz4wpodts2GB+D8b0VIwg23Jw5i3NObLTuNqcNgQpHksHBlEz62/qk5Xrq87SNPfCJwH5tOV0KVrCcvGRze4Pj2C85qSyqWngUFxfk12O91eGV60wENTcNmpxzhTO5vrrZHZN1PInZatfBlDGdklmw9OPuJMtVMXry4guo3gjpHaWuOxOz2BwGVYPnGKvpRgmgF8tEyPfdmCRzjunP9TUHy5kBXz0oZAW06l9EGyVPxm4u+/aO9W/qy1IUQyYjo6PZ7adO7bzlFDfurldjY3sDow/vuUhS1cLq9YnQZCRbQfcF0yPRYn+14O/zV76W61ve3zfaT9b+dHD/zJjbc2TZimxPD0UzZC5aUS/s2HXnh7gxKWmfGL57z4VCbU8ymB3NheOxRrEw6NVqsH4I0zbFAm3PEm8SrcJ1v58xBCtWwLazvWzU7GAvrDLXYQTWYUQyMjDpvbAOvZLRwFTqbRurux4e+z+txs4cUY9LevIdwxV6T+9/Z1F09avFFlxjD8QeSLKirDSJJdEVT/abHhn0gbI+HkBGZgQskEBkfBIvTq/cYgpDeHEbimGvYfIv1DAEbkx3ITAWZJ7r8FdkXIjNZGslEpZvQC2herbr/MWg4X3/sok4sMtRRFkYc+CV/S/9wWc/3LtOyjGSqqoiy1I2BIgAMYx9jLeh5aV0Xg6xtkZp3ZE7b77zhYyTIUG9S7bhYfR7Y7ffMPG1+z7zl4XIi2o2FQupHA8IAAXCpWLNU0Y2qVd0jW/uT3sntwR7Jxbv2nfxN26eLLlkJsXYOdp31oROhOvaVupPqQRhB426HvToEqHPlZfGTMtWH5OWRh2EDKXB8lLNCjH0lPVMFa5IP1g2DnVXoPhP37JWQJH0wjuGV35PT7/DLGa8abX49mjonx6GXjt0LuaVAiwKXD+4KIo3nS9Yi/I6lDPdirkshDE2CvMeHR7BizEotwY27MWlHmUp2dec32QKIlIZSNEehWTpVKYBuMTLeRvW1YPXI4udao0sjgbAFbAb5/W4UMWbSWQ5toy8jUqEAShTosdQhMPO/hKpTLyFCMR/adXEW9eIzv/80hdWcgEWHsdGeE/D07e6KcY2LrM5L0ITH2GhyaXNidkQGSBpRKMUo+Wej6C0CvzJ0ZRDUYNayOXLBylV9EiazQngy+X1ROUwqnzgS+DzrIJ4tEPcTnLkducOHuXy24vOyYXcDudWaNoKHaw6LHD+I4DpHlUYW+4CzzpE1e+ySzyLSJZijVOIpjjWbpdku1NmKYbiQWaai32I3Er0ECuJQ6hJtBQsJHM9IAWDnOXaeJ1ANMMBWq4aGWhaZ7rhD5s2O9KIcVh7ZPl1GavGmIpkyaUR+6HmkjA1LO01cYVxxCKMr7zwjz+57nzteUeEB+jkO29/5dl//GezlcbUAs/R2XfeHjlgDWV0rmQwLA9topENv8fouXfe/mr2HwomCdHSIkVjEoLrB0mIpNhsl4Q+D2Uumyv0fMD3iuC9QasVm0aEwV4vxZPHXO6SDZsAxHRI0XuBw4MK6LqJFdCQkcftdpfH2zs0PL95+348llf0TZjxq2ojWw2iYeTmTCeN6YbJNqBcaWCDKVNE9UaSo5J2lExj543X03XeZEUEUgIbCPhvo9bAtAn9DS9QZhllzFiEm/WCZFhzfGVyzfHja/7k5FAosjBVzWblZU6PNur2eIODkSO3c09zp27kyHsUl1Ko9RZVSeNpzs5LNJ0IxpPBeIpz8nGp6E4mFbXH0cN7OD4a95XtKgJqITd3Pvqv5zofRcdTv62VK+Pzp+KJhj+hqYlEpRZNpFqODkKnO48sVeL+IUEIOlRN4pzDko+h0w4XTXqiDuXHm0YjKZKOuJJb5jZLIZb1cEwl0ajmvJ5RzaQ3sLsfAxkvEXGiQLxCtJzYo5zG6KRghQ9wgNSIUe2WgDWAeeGwx1TUnAIoaJECDVA0NYDsauuyZCSBvLKW0Z2VDB8oAZurbfRgp3JSVl6nNE80JuKl8snjAss7nF57IBg2la8GVKIHmnpBbtkdHiw/0srnCZa3yT5zhOnTMN0WXiQzXgGVkGkBQ1VF2QET1niuuzWfObH5/uDEi+j1zr8lOh/tfO34U+lLO+OxvyBn0dXf2a596M1LfQceOnDgIXTh2Ef3zo0/jX6nc/xbqc5LqEo+eWT7ncJX0R+g0tXXHi+Wt9111ysPHdg/M42NHJaQrm0if5/qAaksmX61AWIZ2kC0KDxzNL4QePpkJxGA6RvC09dg2kuMI1voAwxveYFYW7E0iFk4wbT1dGXJr1JJZ1FXqoYfxkYjuGZEhfZiVU7yReuK9JGyzrxrSID5uQr2zGFPtFAxHNDgkIwcnmK53crmMEbKpgFO5bK4mEsI5loUYMAAjB2QcNTF6INin6mm9VDFGJLbxjLQ4WTFGLWkwjsTPx+3pEJJ1AMSA9LBkCPvQdGg4UOWFhU5oBYX/fhKEXoA9AJBy4o/8IFgihNWVG3qOXnR64tEsWukkAVF4QlS2BzpHwA2d/eUNNwx1ICOcAwHBsEeUeMUk5axEwP+J+tJt1dtxF3AgEkw+tV4Nt5Adcu/4a1XvQ08hqtn3ZbbQyK/MNH5m87f9OZ6enKaD6Ee29597FbH4qK/82UereM7L9yW7TlcDobKxVjk7p5R8vjVoQ0bKPK+nh749986/4O8ORhacaVaRfZtW1G6t3fr1q33lUr3raig8sR9W3st3pmjPktVia3EDcQ5YjvRWsCyeh/Tbq3HQHe4vHTcgaOeeroM/5B+vqyjd5e2m1LZuAALsB3hSJOIUcv6fTBPu5r6sGwcOAZ0f1zRnUD9sn4aiN6TMQVTXaRcKDNKjqFRxgOQcwwNRBDrAsIvkWWUACM/AvgmzkbIKKqMUo24yHAYhoI4S2QGWE8URTDuKdFZFsWv30Oxtmz99O8On9s8KctkaqChqrSz0Lt8bE1y/J54vNLgeF5g3CiRlSXa1d+/Mj51YrxXFhC6+kdUMJ93uWhXJhplUUoaXTW/ekRR14aX3ZdOlcbqiGVoWqyPHBnkg6vGp1QPqFwB+bMZUWSVvlR4xYzvoQPfuyL6N2xY5fUO3zQ3JDpJTpNljrKVawB8i5NTfh/TnM0piESClPDZR9ftWJh2ewqjYQkhZFOyweG9w0XNgdhynaLKl/rSNoGyySiWILlwYiSRQGtTAz4RIVL0DWBMW7j2VWol+X2QdYQ6ABMYRR4s7DVzcnBYGFoilvzHE1SiC6TzvMjt4509DnI0EhV7DoVVZ02UPseRzHmX3H/x2PZgwBafX9ZDTsmu8w7pDcnV41Aju+MxMT8JI21HaCdzHn5YfsW0329LHtl/h2k3rqJ+QlVMPDdMmP7rpZqJ4UwvMHrXcHhNpi7iAK0Hd5gu36JDVpYowUYvs/zWNWkUxSJIElEsQ2nXtVg2U8+YOuv9v6Mk1nndjAkL2nLs5R8j6ceXL/+4808/BrTpKBTzst9FAq51ZHKlwd5CvJwvh9NuwUExYrD2qd0Tw+svhBBLOt54/77Ll9Gp5Q6SRPnUwJqLDoalKNqmuvuzlezypmZjEzl/X59DKubXbfeEbtvAqHQFZKgAv385/TUKxyS2EieI+4gniOeJ14mvEn9EEHJmoGHFUUHUu1k3lOFfKl3xcBoLmhU+WZLDfi22CAogawZZiiiVxgEWt8ftwaq+lskC4h8Yxh6vDGj9TJ01JwIsNECctHdAadAM6zWVR9V8QtZtRm8sA8CL3a/4C3H4JqN6GdNTDjP8fzUeefDzS2QW3lPjEohj7DmwB+wiae+zK6tU9Di6wnKILiwwPPJu91YCPMNylLPmRDTJI4rufLfznYP9jVNA4qwdUcjJMxwPC8Zm4rTbQ0lFpFF4HJr8eRPtv8de5Ds9HQ3t2jwxlSOdtfyynCPpOT6+ZffmtYd396ZQsQcxgUamZ9tedPahKapx6r3VC8un8shZLbw/dNPaI7tLyfeHokMhl7bN5+zNyGzBRiPyBUZApEDKyyWHuCxK2ijaQU9RAmvvsVMgIT589c8e4GkkOmCMQxVItLoAVIEQK9gZNys6B3Ko/pWFtRenHyT3fflvc1OC5uMojdJcL5Nrb6GP1L+7YqE4nY8zNLma5JfNf2z3uRsme5szDclWqHVW23IRRRGkJPr7Xxm2/plfGRaiyfNk7DEA1mjz1f/2LGPGY5AppyeoGqEA11veRpKrVs1UBfOCdLVsaKhImN4Cg3WYIW0Bxetghpj/k+4s53WjV9ArnY+86nxhv7hp54J0eIn6yS98929urJusNXu3vDA8Pv0GPJ2/du2aTu8jVwBvq0SQSBL9RJOYIdYRi0SrByuG6apR5tv6sooZ+tG5qhHi20uEoycKOr+yEqA+wbdbWmoUOwBp2WwemINmGpq92QnTK7nehFwOjykkXKCw6YohQE2Q8E/BCt0PtVhF95sBfb2nYlSgoWI6LPV6xchDLS9hoaIPVYyVUFsp4VCovrpirPC0jQ2mFz4r14ZRHf7LWjKLfXfYdSdbdQq3u7Uk1KtxqMcbeOz7o3Al+X5XtxU5ded+x+Kkc9L5V1A4AH8rThRzdn6IHPq6Scek40dO/YtOFHV0fngSj6qhW5z3iFc74kbxW2LnL6HWeVhEX5wSp8TOJK7xzimx3+x8Wey3Gr4LNXPdN4OMHSGKxFGiFceuuJAFaR3dLAgoL1IOiX8f6ypmFA5M59S7OltZiloo1lkxUyGiKSAOJWD6GOJQjEDRkEIgjxHBeHImPJUwPPWmazhkg1PNQBIxGkajbgbjVq0bzamnoXBkdqyKDqOjjx85Mjte6TwLzHK4Mj4LtVVHUOdZKCLi8aPFRTAoofHxo4VFxJFgdi4WoHJkFVQWQYsRjJmX8xPAIQqRI0aBzrYSZ4iWhCnNVm1twb97o5XfaGqZtJXp4JzcggOlTqC8uT6zOAfFwLBZDPAA6reVAaAAU0wChDPGp+HH9s0BfueInlpjBOO1wDCAN9UTiV/P18KaCH4rZ2blwVU1xeVAzNtN3bNC4KBycSsOkWOF223Figs3NQa6kXLVdKzBPFlaam5q2Wf2HX9zeOPuT/gUlnoU1R4FTST7vS996tWXtBLLuyj2rgcevJumXDxje+DZZx6y9dncJ2656bjPztiEGy7ffYs6lT45enrd0Vt2o7ErWH9dOfTG1Oz8gc0zXwfG96OhIeSX/Y6xcedrkpNsDJJO2cmPjtqe8wvVPqffqTH1hq3zat/gAvaP8Viu0K+DXFlNbDZjGvcTjxMvEJ9C3yJao1jK7AIkeB8u3AnW01N47v0U8Risgw1LHhzPWHreDFW2eOxOy1SN41R7sZ8/DgT5ye5InLQj4EsS0+yjD45qYCWcrhqPOtv6ucoStRE3GJQI6/Vp0wUw58I36nOSMQU0uwAm2YJk3ATFs762ftbKGH0Eio9IRgigxRMBYjcMf0IyDkJHA4Y3JOMZ6PBaz/FKxsehVjOHGb9lGQYjF386aBoGQgk78xgsdJLR96Bo2KLvvT3y+n+nTS9AUlpMJONqsQXXD3gBjHgC+/UEWzyR/KXlPwXEZUyvAzK7aQGbiezE5MYNVgppa/y2i9gYvKJ8nk9lRncdv/M+3PGI3IrdcwmbEU+EsLdALvTi5oPyuM1f6tf27nvquRc/iQn1GTAs9Ffgix+9E7h1397b7rmEBz4IA2uN6bmphYNrX/k4btmovEGwTG9hw4u4Rsl66brJ6a0OVBuqV6tWsOf3l7zMAs4QSc4NJB5FA5XGdXcjp4FGF5HpdCiBHMyUTVsVJ4iZeEEDIIKZopHEeYwlM2tRJL3XbdeM13I3N6r4GZl07f1vRN2IL1i6ONhr4Y8DY6NF5vI3memf4RiiyiT6+icn+5vLyC+JFBmOkszKjzUowNB+d8a3Ym+92PlF3hW7NXH+RnJ6zxkmHhBcfKLJLAyle/tXHx7dd6K6eubiX6ymIoH6wv7q5r2rnnts59u9qyrVlaVUj/9kc+hoLO+/smrlg2iwlEn09SXSZeJaJZkq9a2oio310vBMsxdNjm5NzdPIngK5FqZjy/dPrxlCIYo8coal6HwaXlQRHXunymvdXz2hMDYlSaaql3bIcUcwrU2Uhk/3BDZ8beDgTJ9NXLcxM1IY2D9ddXpTK+/iwBhLp/r67u4tl3tHV0z9Vaanb0WljN5LVvpT8MM7X0/dPFasD20ydT95bTX5c/LbRJYACz2KjXOT+WymoM+ZHCObUr77scjJBLCfw0qJzANPcIAJ9ERTd8gtQMGYDE2LFnSj5RqyRL1b48zwPCw6DetbBIurG112eO/atO6O1+5Yc8Mjs5SNTY6m5xBpI89Xn7fLvF/OBD2FLY/ExvYvnD+/sG8s0zq5U7RJkl/ibWQ8JPsZyYXjTPS1DRRBlUGXHSP+vavNRi0Pw3b8g1jsZjjCtVv7sJyYdRJuYN5ZyXCz7dasGzsBZucFGIt7m7U4i5MmmLbelJB+g4kkesDc6JGMNPziYW+7NZzG9ww3BLBjJWPBXjR2w4DdkjEN0sBv5kcs2v3TMFUHVCIE33WgvGQ3S8Zx/Ig0TFJ/U98tv8HWmqPz249ghjqgvK64Z9eu34krdtmQV2Jl2hyFsbmmXpON/kmY3lnF8IO20d2y0bMAzL0dm8YHcLo4zDRmvQjp1kSOG0aeDyYGY7WK/XWaGWAxuRDwhsktJkqv1xpJ1q1Z+VoJ4MmapWCs0FjN1Fn0a5vXnuzZNl+lbbzGB9koWT9DFpLnVmTlTVTveXS55HxczUwWHQ2PuCpwadNIeXuoQDJfRiTPOPrGfd6xks1OZ1aURtfm7tdR7ciWvy73aIVVfU4v1ixBLkSuTF2dHdntdcn1C7RITT1eeDQ3P9cXcQvuuaFhsLdPq7NKX4x32UuOpBst31Tu3TlHeRwgKJP5Ic+rVszxFmontZPoBW0PVG3ua6jDwi5m7HX++rWEr0gfK+t97xoNqW2MY/neJyste8aFPSxGxg4V0hPDArReAuGbT2Lgq7JW8ryZU28qaSzwGjj1olGrY/8BstLysY5n03heobGb7ZZNIKQFmts2RvaWSbLUWw73bypGE5Vppw3Rw/2Zw7W+M6HIhfzQzdk0epqqBzfnyEqokM+S6JiirJjbt+UKKmgetH68b1adKyeTDkfflmDfQLE4OTz4OZdr+Xi8RLlcU2Mpjwdd98H8jZlrVSQaxCmiFcackTQxjoV3Biy8Uy6EAdkslc2Qq64Cgh40uT9uZiEDPMbaK4uJ20pLxilXWZy0U2nqftngPXjKygVo8DT1AVmXusmYwwjH/bBxGUFRigJxHU9kUkB2cZz2BhXSSoczs+HevvT95U9EEU8yFE2Tgiye5kWeItGblzofvfQ2olJ+dNCfTPo7z/tTKf/ncPFz/vvRzZfe5vdPkC5GtGs+edrlpFi7LF4jLr311suVZLKSRDOVVKqStHL+zNwzP1El1oKseJFoaRiCJIS2JSNKAgC+KQ0EgL6nasxxbf1wZWlwzGzYVjUGoWG+cl0oBLQ29vbhRMnlUFwuGet+mdaP3Y0OrW3y+7rlsvJ5LVFiB4dWzmGVm9sBGnl+0/7Dpl93bEpWxkVHIFcbIoZnVq7btHnf/i5o/NVEym6+ZIlsWDTYTam0fBcYFQJQrJk3cGYDJlXs/jVvs9Tkf9STzWTSs49++ztPzqTSqdTMqp279+/bte3xVdtj0WXLZldu3LB61ejZaGTo/KufOTsci91RyI/vzE/aJZc4KSuxHmXUnUgWJudRfNPYruyE3SU7J2U5XlTGPIlkbiqXR+P7d22fffzxmR3bjhzdum16Jf7Cx1uH1s2tHloWjkajw6c/u3nl3OCF88Or59bPFAorkz5O2Jr1+wrRlNs9PzuzaWXSywtb815oSWvufJ7g3l9LO6xmAui7SowQ08RHiJbNzOLkuzmbFcDtU4M2jNunuPZSyG0WQxjCz1ieJM00EictS4+DJVuJg+UOWBMXLdgoORBJZnv6aoPDo+ZqTYHwXuIIMW9GygflluwYMHNH3JYvtyK/zqJYqbbMXML/wwOFNSKOeWc1Fm/igYqI1F8WvAMY/+BPvPkmy3KeLiT6gC+qeqzvDw+4xNe+kVWR01P81FNzO9bdfOfNj6ya1YZ2fuHE1tVXpm55qvqkS121ZXSE3758b1VZd9A2u6zx5q+4pZ4/t/tVTzLUQLTjANl7//bcI1d/vjX0mZe13yA/tONKc+vezjdi/Rx15YZ9f/7k89WXdzHX5ckUzPlp4hLxCPFSN6t4k73dWoELQ6Bhg1iqPGgZjA+a6QgPHgXVqmI1bF7O4Ms5LJDPHD3Hd69I/0hZr7xrrNXMnTL3wwqkQc/eb+rZ+wmhaDwKTWsrIJP9u/dhmHG//EZwsLxsy44P4WVIYxBCGA8OAV+lt+++/wPsY2XbZutdXqpixuny1Pt8ZeYiYJVnjqh4RNChHjZZIEXGDRqzYmFKzGX1GvAOdoAmTPCK4StI/nqjVjUz8fBuGo5FA/AttWwCs6RLkJXwbpcHOVxJe0GwDWczXMBTT+2LFex4f4wUFEPBUjZ7YrVa9rr8ThdNkRRFkyzpYkXWzrAkz4Vd/mYsndkarTMKbw9QlC9y14zPKacZmv08ouzItivhZ8ia29+bGkFkRHShazlF5ASPy+0d9qtuGzxNKiHG4XAONJ7bNtQTfG2+UI+JVHVDb91DIorjRVZQGURSDGdnRcVGBytzdUawawdIcrLu8yNeitrDyS/k4h8mlxCrhTwbbHaq8xcUkjeTmhvrXcJGh1AHONNFTBAtCpkW9hJnkgLOQsYt3SrSJdPbz1guBEbC22uWnBaslE3XyjJk7UZLdXelPf6Hjz/+h+gp8+N5fOn+I7pxOvKymR87SmwivviB7FicDmusAyynVJaGrXTYYbG9NGGmwy5NdHNhN+NcWGOjp72Y3YjzXwlPWyfKOCEWb9ZigfRwKmzQTFEzPDCs17MSwJ2VCWtm1LAbgTRthXWYNIPyEs2nhldgwlyJ88l0j7yk+CJR1RQgw1hNxn89w3UCZ7j+/8xtNUkNWzyVqhXABbI029zafya/lSS3TKzAKa4kOZgIkjZcaCaC/7kc13KfmeNaKzQlZd0psppvStYabaRupIZhjdYQtxKftCKChgpyOochGo77GWHQw4NYPpiXk/hyK75sMw2Sc6bW9YOI8Jv2uz5ZMUpgk/dV9JIZ7TOl93mcfOjHuzWpeDKbGzSXoSS3RpefxbPsBIh35IyV8NQSNm02wV5YlZU3OEKIlg6bUDwpG/EzGO7VLR8NTCjIYksFW3xft/SsKa+B4b2jZHfasSVbRl3R4mZdUISlozk0MIZwUAr/hz4OhIgZSU9mR6kxZMau6rXfe+nFQ4eCuV5PKj06Ort6ZCyZXr/+xmqZ9jZXvHzDHuQbXHWoR2BJxsULnqLNnvV5GRox+L9QHByuSIiiVcUx4HanRpzOPE8j1u4oulyJ+MmhhbyfJJWRsSFF8X/lib84deKja1f4herY3MREMpVKjy9fc3bzRjVbdt96vHMzXb799vF81q02tvj9Kw5LshYK+zSVpjxO59BArXLw8snRPE/emvP5RT/L8gM+b3NlzJ/w98YHbHatHpvoz9ltuYlMkGF6kqA70LXOtfXob6kS4SFmursmCbGtaxXT5DQE0dqS4C3r9LuG7Gu3ZHMDluwGG8teadHmZmPaI5ghXZ8pIjiMfWQMfupxN6yMWwb+cMfJw6FIJHQYtQ+HI8sOdbxPsm73AvnsPMxVKET7fPNXDy8U2BBhYohZ+o9MuTFGbCFuJO4iPkf8KUHUax/cpeIZA1FkFTGYBf7DuwRKqPHrAMzMfdC8mfqvATdMNY3/ELG5NSvtYhSnXpt19Mv7ccI6PMD9Qbqrd/nbvB+3/n99n0Wl1x2LuOXNs+cG873BgIMWBdveJ2MuiRM4++jW+Ye/e+FD7WfvsJ3ZeTYcfebwTmQ7s+tsOHLoEz2ZV5xKdLa3FAzOxWVXdG1PTyI+G2J9TtHhCLlsFJScDmdQtH+EsjECY7exguBmKLQc8TY1kaj2bzyvcBIr2+0cr/IMaaedC8PJpM/PMKJDSiFWkFVlsi8sUDzjEgSOlXiapN2emM3G0Hab+Ngrb99S8gYDpWhe5Cg6V/BEojmbSFPqwvjwxcMTa56pHFrWT7nmV28XhINQss0vqw8KM+FIMjke0zhtNJaIxWfiqt270W9jacEnSRzvg4cLXknmZgWaJGlFoSlOYFmKvIFhnA6J4VzBe7ck49UyUgSGhLe38RxKpLz+0d2qjUG8/QGGsdlFmq7HC7Lk80kcQ1qvLzpCngCJOMGKrayiR6kKoRArfrkbFAdVdNb6XKJkvPtziermuqqm1aVYVhdZseIulAwKg29au0+rA4040pQoimfIbFJG6EebX0ORzptf3ru381vld8rfeIP6Sefhi/+zk3R0fn7H7RPIPtm5ycw3vbae5oD/nIRMFIg9REvE76NUrT3+DvMFluJ+kQIVGXdaaSsisKLUXuRFJJobYbHph1NVZJyJQoHg9EOhVQiFsTyNy0uSK5XNW8lstff5ByARJVflYSRjW7hacUOlZkYjk4160iMx04MN0FXJJmo0fnDxB7zYLN70g4fO3LMSoR+Q5IcPLo/F632x+FWBfP7qQXQ2qSbKH+s8h+568pkbSXJPrIMn1oyZvsOMkD6iHyy7bcRZ4m7iDeJ7xL8SVwkCA0HTEh2lTdQNpUQZgYEOEFvjstghhUset8Ul6Zq15we/PY6gWm4Sy92ewZumq5ZGAFvL4zU51o3vs8bhJqyewazFg0SykcFbsrs+Fvhm04EAT4ZH1sy0WEtogFyBQr2G2bUOwgXGkl4OLAaqUat7AE9i34xIWrwN3A5zSVszzFoyBxuGOBZsfinp8ylyiScdvCjbQwrL+Ioy3vaeYHIel53hQ5wSjFAMing4SkYHpFzQlmIE1lGzM5omJASZLeRKPUM8ZSM5kvEcWxsLIY7RBD7JJDwBl0J58umJQdomCCwlCgdIP+tjKJeNKaosTQI6pmne7aOEMQ4hko8A37K13yftio9FguoTAHCyWhjxnIdyqW555hucjGhW9ZciiYK8a4JU+LCLE1wrsnWXN+5EWnKa9+4WueFAOSEyaODPSgjZ0aHDgTv9JN2XZ5UE73ChQVtwpG5DuXwoSCO8/SJmE6Vlc4imRF7x+HdcHIbGSjbAwQ9y2D1RL2t359YCaHIG+ESQDQBCDp8JF8MU4wnktZFkQBMdTjlAcTTp8EmJggORyMYw7lSPTFKSlkG8kwoON7lYNR7iKUR6KSfliogpxhHhEixNscni6p6kL52ZuMEVk2Z7SNL9VMU2l48E3FNV0If/fu0b9BfIe4lnia1E626sDy88XK1am97o+U1VXDZhz3NlPfGuMSa1jabU1j9caSWaWBcmsFX0PDDjWAJ4sLfvYRPJ9N6N80wnL5v5vZRl8VQstYOJKEJhVwzb1UElMguUPkSarWC84MQ9072Ft8g0gPLevxsfMWFSLVCgSHk1846us9BUL0mwhCjcazkosGEExrNLtNOMTfTY2JgUsGkOVhREKjNI2ji7ze5gQxRywQLw4swIm1ESms/FYNoAC4gOCC6JVVG5TIqCi5c8NKMFYi4hHYpqNJWUk4MC6bM7EOvkNHImn6sGgm6PJgdUdmKWDighp9dF8c6JUGbtXat6ju6iJN7OkAs8TQM9IpxhqilxZn4DJQkiD1/J3KRKq0J2p50JKYhhHbzi4zgtVrB5vYrWIyNW4gJo9BCTVNwUR5IkIm08y4WHwuUpBxmTwsBmEq+Qy2s1b5yH12fsG+m4IpF0ZUr00fz4TPO+L7JxJRzs7svdBDZ0lthIrCZaEbzyfVTXUpnC+YKbyjr5rrEeFjw3X6no6yVjEJbZC/XN8LmeBNmbxZ4HPYLdEX1QNY8LyWQxCjCXbsBb8WJHsIQRScJakZKZ2xGhhhFeWCxmcAJP0oQtJAajHF58mB2aVUghkV+RyQ3kATse//SBysuNe3cwbLancmpvkLIpf0bzFN9T7ZOkgdU9XhazM8O7IqnhjE2IBBLZIM2wPKJQVHXHcxNNzrt8eBqAoh2hrY9+cqHTfrySohzislvWCrF9lUY/N7Er50bFbTdt3DBaTi+k0+nKspQfidrYuNdXujuf70kFsIy3mTHFAMzdLHEI0Np54iJxD3E/8QDxOPE8mrN2ULSqeEI3sO3WMaxnH64unTM3LOnPVaytz3ud7dYdeF/UTc8Ai53GZupTVeMU29Yfq+BNE7vLSH+hrC9/d2mV5btfJeFEYOMmta3fZG4r+m3iBAEvhNwE9J6QjIfwMTOqeczMM7j30V/2Pmrtt8gE2npGMhS8iQlMlBfh88gqWTHqB0Fv3iQbx07B51lF39s0HjohK+MOfkN194Xbbr/z0uUrD1inzSzu7H/4cVx8RjEeeQyGPyrr5aa+oBj5nJnra4hF+FSU1yXN7Yn3mqbmqQ3wMIEUtdAqaeES9orop+Vxp+/wCc9tF2+/8+4rH37wUeucG+OWJ+Huc7Jx9gnT7jGTjCw1GDGPBAH91aj3WRpHpEANacD9OGHIVH34P5CReTgN3laYzMCIhFczHb/dGEMW7/DgcCSPUt6P2OEtT9gTnPA2uDGEH8ZhYcU16t6BruU/oF0/7sb2omMk3/foqoXns2ov71IjDoSCiYSqlpUgQ63x04UwvXwykd+689ZbUioodjtVXwYKDEVKfRL911xwtHjnwMRLuRU7HfagWmnOjQ/vqMZtr0fdnmjU4/Y7GI5jHLtJRNeqnlDYE/R6gv0NFIj2RKM9fp5meCfz7QcT275V7K+vnUl9cRkbtvc66WotrEUVmWYRcjo/u95PqopQldMjvJ0OqYq6rnzgRYQUBe1winsL4eRgz+ybf/2M5pJGygsXX7qI5vDTI9MOzsbPkhRbq3EuhulfTpGa2bHaBi/ltPZOU9fWUfupMmC4IPaxmPvVJaBnMwvZj0GbtaVbxHuiJMODt5hI1pZuj4i3QFFYR/ilLp70ygMWzpE4Np7A0MgydrFMoC7oD31p+jdfebLznY/cpA6R5DNbtn38iYnEx6kvuvvqd/xb5xf336nTmxdeffZ5gbjuG8T+WB7QboRY6J4tJfqrVYxuccDB3KOo0u0lm8DjuLyNhheOmk5YQa1UsDeIt7xBLnz2gN/8DQG8Hd3fNmKmyaddDwFT9QqtuJMgxXCJwEUyk1p7ai38W0R9xjsffuDLv49OI8dL79z9p50/OQQdjcE16I+/ZHT+cPErH34AbXznpc6/dh75/U+gnu/dfX1f+p/B+weJTcSrRMttHhtixRABSoDCdctCscWZm9SthBFuGW7mKGgum5p6c1n3vWss95uxAELCPiS8US3kb7dCPvOwrBmwX5dbcUQbtKZt5q63HmhNS+ZpC1haLCesPO+0/AYFMIZrzGMetSm6AwdZYvggIF+gPrj8lynf2KFJAD92M/nhP7ZhM6rp5cfJjSUae5IqEQpzm5nliF2ceOc7jqCXcFD25ZvXTqZ6voo0e+jlm1eM9Oa/0vkHIf39yMznKrvmK8Nbj2wdns3kaj4l6gvmXZFLs6WF9f3rT59ZX2qEM3Wf2xXxhPJk8uaXC1znH77SXxsevfnlGI+0r5bLyzt/nu856iltGBhanwrLyWA8hoM3mYFgo6LkZisTG+K+YjqcE93xdNyduJ6Xtoz+FpUi+gDRm35m6ziXCMZHnkQG46OIOev9ZaOCzaQITk+j/WZ6mrmhzDw2Cz5GkAdvRwC0TntNjxr227Ac/o9lWTIRiegPzF/yacFkbOuZ+mhtJLkbuZ7jnjx2cvWW2dD87EzfmuELn/77+7+zkTqB9s/RgvzgDiqCEjcuXzF89kE+7j/65HqlZ0e/EF09GD/0+289upmwX/vna1PUemod4SWiRJkYI9YAzjtM3AR2yTPES2S/FXnS5aoRsLcXK/Vtu3D2uxmNuldot2q4c0e19QhuGL6xWjUes7VbVzBRPmYlv5zG6u1CtbUCc9UC0zY9aK0SvsSwUktVl559QcPHst1QNZ5l20tM1KwdqhqM0Nb5Cma0p+i2vr+ytH612XVX1VjPAE++XNa974L5uRQwU2uXfCoRAcYMSEYQJ8ar7cV4X5AvGjFQerGyEVdxpryex2cIFKBcKBt5s8mMqq5V2ovNteMwfERu6yNlowkftYrelPQ0viMFQ1NlI62anv8BuGMb3DG/bQDuWKm09W2ScTM03gKNJ2+5GRqPwP1Hysb2gzApJ6F8i7nBVz9fMS7CmHsu3g5j9rja+p6ycQ98XJRw7EB/tmJcgcEvVvQrkvEENFyuLDlVIgwW7Svw+Dg+y6jUNPqCsrKksuFIEsfp8gUzu8FI4+S2ynCzaQyshZaFpr5NXlyxer15dNwtN8vK4v5dN96FuXSPrN/a1O9RDAXvLb7yKNx371NY6D72CABzwtnEoaIXnoVmdBQU7lPy647G4OjYQXwvo7R8/hAesDoK38I29fXyYiF/8Q6T0TPWVpuYqY+tyH4Mu4HUKtjT1XpSrXqrjSrHhlGyDnBPBcXacFflJLZNR1BSrX/weJvuTmO8z1WtgnlpbTvm4Ck4rRgGJRNqvYoPAWvU4Rl1fDyOZg5Lah7s/hpB1e5mQG+9Bje4WHpF/SB6/GB9Bc0wuNw5hcsjI8Mjry9flqFTy0reYZKzU1OpWLhWc9vE2rqeRDyfSyXzAx6vqDgn61qkXPW763W73aOKjproVGq1cCx1OpNZO4BIyiZ4D6YzqeJAqf/EifokxTDUZH37o9uvF1G58zaabpCpp59+cpZ88WOiN2K7mupLRpH/Xbf6PTT/eCKdiz+WyhdDXv8zgsMuXCXc/tHnZ4IXO2/q9tCTPjL3j99V3X/S+dtoslPO9G9xk16bzOXqKzM9pVQoEo1G3s+ZpW8DXbEckGirjplSsyJe/PunSplyKo1z00ZxrCteT/PdK9InyjjcSBhxDcezhpZbmzGxH9j0+TEfwEyWm/CDzj2R5tgEdv9hSA9U0Di1YVySHQ5VCsT9isPFxbIe3+ZqgBQKdmeyz3PT5m0Ox+G0wipHLj5yLFOYnSi5lJfApnEHS0EytfxwHecLs7b+kY0rtwTvOHbj3r6i01Zz0oFL65Yhfj5TCccO//HHn9ji9xUGIhlS0EhYYa+7e4YO/R2YBxWsmWFiHTHSzSC2DYJ09uMZMC8j5sUU1uvLZuqsMUJgZMoIWiSVL1fnTAp3q9g5jn8nZW4lw0cZBtGvtyEVH21hWqUNyty/kc0E0a+3HUseiicqA4eKR1Nb/IFEVKqf3nsseTger9a7bcmwVD+DHjua3uL34/4z4aPd/rn3205HoC0Rr1UPzaIzmodENi3feSSUBDOV8qFvQJsXmW0PW23eq3+HznSL7s7DmgeMRZgydPr9tkfgDtKuEuS1b11bRd1GVQiGsBPpbq4KR3YvSHeUcVSDMDg7yAuKaJobrdUsEDSqIjVZ+fPPXvrzS19E23/S+dQPfnIeRX70o6+Re6++3Dlv7ZWkmD1UklhFrCXmidPdTAeZa+v+yuI6WQMpud7RbpWx+khBa6PSWonLLFhCQ93yKNilq/H7rDYXb2NZX/euMe9pL66ZXwf3r8Uyu2ysUdvGJvyeqfUgCSPNNWstZIJzPsgqMmUOB1ScCKM4PveIBOmRwdtLGuaWkhGED4eLc6wnSlU5quqB9R5FWDpBK8ulvVSWa3g5lgbLW70RRe0MRd0UsQEVkuSjAoKa/ep9giCziEZkZ46DFtKrnPn23+SdwgpEA3FTHS9P0p98a+NIiD5Fk2+oYJ2Sts6nHc53eLBThUaTol2/R/HwpJ9yKmfH+35YJ0V7ua+iJGLcJM+IFI3YQ9zVb1LvnKJPXc+bP0TVu/ECDLLArsZhINM3jz3vpvHjrXQThMqIzXbTgUbJqsnRUeB3fA5npRuO1ri+ZMbckYSNK3NLBphZwON460Q3tmCes4e3a3ed/g3Ly5g0g0m4H4XBlk+YvdkazvnKJrIcTgrDR51YcesSnc3g++oWEOxueNFEOpkpcqqTEWwu3pnysDZOCEh2koQppnszKH3XLsRyPEK8gydR0kVyKi9GVckueO32XFRykWRQtLEkYrAKsFN0kGI4SQIbDXjWzblhKZBiRyhqc0QYlmJYliU5RhtLsCLcIAo8GYxFsAOCCsCb1hFLi44gQh6K0jRSAKMBHgyWgQKvGKBcJcSAAKHtDtXhUT1hV95PIX+2NOTPrwgyPMVGe2MZ0SU5eTm+0SX6uHSWkVkW3iQmB/CeN1hyGp8sQ/OCEJR9NpvoYkCKYh7tGeKd0vREmETRKZFhYjn7hBaQRBZ5FVYAzaSqoqhGwkOaEtVApUUG7A7+WH6UlRjG6fLIVCmkOW1rnftKzCDjliieZTSbgxSQFg4FSDefV0lSTNnsbspeQNQtXiQ7VSePujbIj0GeDhDjxFNEq4JBoKtqpiZdz9oq4vLQWIV1wkc3mL68rOfeXcpYR99mzD2LS8us0PoyK5HZbvnuJ3CWWw6ESaEHwMcy+fNsJJ4s91dcGH6EzOQtO45KE8YQPnav3G8evPQG4bFHCj2Z6/ZG4333uIiy5oY72qTCdIwzs3cx7WVVrMMaFCbUtJVDCGCjlB3957sv/fexyiM/+6g2vzyGKIVzcCTbh9TO//sRznXgPjvp+oOvqxdWydLEme9NTqDBk0+fPPHsCZRf/cr40XMfP79w91M/uQ2lnjhdJZmgw6PZfb71oxsQevKAoPbEv9n5zModVOcfHjl2+Ik1J0+umTt5squvJ6gxqkDcSfyMaN2KpewFLAz3cu3W7eaOF4DPbizw+qFFxgU72+4qMJy1MLxwqx9nDkDv8IKZ+jkpFBdTt/r57hXpd5V1/t2l7SZg1uuVFr8dj+MJMO22m4lh+ljFmAM8O1PB6efYo3QSA+mTR0CQZkCQZkwg3Ypn8H3xoFA07sapY9vxFtD+8T14hebkxenJWfNk4oyiT+GQy6I/cvRW09ezsBfAxNzaozgUMyzrs009peiDZkIBaEUKB0pLZD1TNY+CNeMwmpXwaW4IGyhxWLWaDWZGnpWrzV0fAzIDn1eHQ6zQjCUdMr2MHistwTQjYfFxHk3UoWT97p0uJyL99C0vDp75+Dpn1MH5HBo+lNemhXqaa8rrZ1zIKbUzDQrxgk2USUHo5WhG8faEv61IPWPM9tSm8pDicwu0JyRQCB/d6xDIsZUTHSKsOp4LIqenL04evotHdsHuB8lti1K9qjTqVNQQrQmaTRLsLO3yR8J/ZFNdxV5JouBl1wb8m1wBLii74pLLE+z8e7GG38ktqo26imJ2p+OIl4263IJI4TNdSeAhF/lVgiVkIkDECaIh1xoCyqj4NDwvwvttBeRtIHy6n4Dw8XgcSaGNnf9C93I26jFB6LzWu21bb+ezaPO996LNvPCLG3nyEpqnqClyHCmdH3S+IJL3UFTn+6nZ2VTnJJo5frzzFoVuRAnBdvUdwd7dRzFPVQkBMEIQbEm8W2qBOIDP+NtrZmzjix9fNmJxwZWN0ATeDUW3jfAQ3gt1sKxvfdfY7Wnjow2M3VuBoCbX791vEg23F7P5XNM8B8fKNYEFxMn4gLvwXk8OlEkZpRtVLwmqxjzExe3BufvZDFViUdeiKKIMYDMF63SPtWcU6vjUij6sBXEQTbQj4cxTdvG2iTrLoD5GE5bbGKbzHcYtLEe5M5O7f5dkbNWdUmjPFntAURy+yMuMLGuybEOTf29zuWz30bRvnGZtaZuHiTo8QZuHzc0iTvCNgKKh17u+/TGb65tiOzPjFkhJYJg0PPnqP0Eh8zvf/CZ5VKGYlS/7ez77m0hNcDzJu9Bt9my6nC8mO3e5bHCvxJUudL7mZlSGsy3zuUCU20YfitkEwTEf63Ek3ViOXLtGkPQI2gsrsbJ7ijBlpTfxFavKmKnlVrmb+URXMJDDHn3G28Y2N04nErxtE9oBoBshzeMUQdk8RKUfJrcNfBv+DGy7fu4f9ROqH6gvTtQBXb9BmI6BpbxlbZgiK0x1Mx2dVHupOVKjncVFmysQTXmrS03zcKXuyYlLLktBuCQjCq+QALXQb2X1D/cnQAg1JACBZWMYPvotv5sN7661TkzHu2sTUbyvC0xYvV9+nabcoM6w/TvcAIoqVGvmYRQB2fRSNfExNByheP+PzU/uDBEjuFqmURuImRu/SjgMW8t4a6NMJcL87/a+PM6N675v3tyDcw4Ag/u+FlgAuxgci71v7pK7y/s+xVukSIqkJIoidVMSrcOyRdmyKDu2JUoy7UbGYFeSJcs25UOJLSW244RNmzZx09QWnER2U9u1UxHse2+wJJW0n376X//oHsBcGAAz7/3u3/eLmzvkdtzXqHkEfOtvWre0/oYHr78J2DcB/9qHr/HgJcHicca9nd6402MRNp7eWBhYNzCwDmSe+OVjj/3yCdpC/whEW3/9I9rCnH377bOUjbp/YeF+ynYpUoq6LRwAnMUdLUXuuHgR7NwwPLxhGEOLXL0K59oyqH9VOMP2EY8Tf0k07kIzC4Npov5CFIDBfYn6blOzUcQdY7iLfeHMYakIVfIZjL7WOHMYSnHizFkhu7BmE9qhr7E05zO7i1Bh4EdQfwIHC9e7m/X1or4L6odQUR9yNxtDu5ACGJoQEHIN1gG3y0394/B5vRte/3QOXv9dUkOi12BYRLlRW7YCLd0nvSqY77r70ceMyP8ZXL4OUDRh0xoJa4vdUsM9NoSdTTQtI0UsxF2c0YoTRxYlKBkoHwYECDI5uUWjFXumfmhdOtqpQFTQnqdSRnGxUY6mIbUxYJRAGsYpsmGx/W9UwFyrRuHgS0qAMf8zSH73W4xC2yWb7F/353s+2/rFYRYUxvsqy30DNmeOj3RxtHhcAtJDGz3Hhk2SiadJu01k+dWcRbI5BQfdU4kWZ3f9m1SEMpMZaImC3uAGcIGkPWoybhJyAp2MQh+AZKkEbcpLqsfJ0qCT5z45TfIk6zZZJa3n0C6GoUB4YqdHNVGMNOwKUvGwg7LR0OzfuI7pM6ly1JrlS+TXvFnFKXA8O8UKnMVlCjADdtP2g6kCac4qOX/Yw3ta+2laYk0AkLSZtXCx7QEaUPz6qJmx4MJOQDBXW4TMBMkDcC70EmuIbcQB4ocEluH6wGImcCvbDuv3UM36/mJjP0pZ7aSbC2OCB1UxjsHZ7tyAF51scyEewotxlD88iEPqEXsTFe2jsrh1Cu5zQ4hfezzN+h4DTk+Bbtst8NkaQQ1lnlClb9gA/IJmoL5nO7I7NmwV8Wgag9NZ97vgKBOkOlfT4yg+FajVd0r1ZK2+Xx42E4BVIinr2nWbNl+v/3CpuK9TMwxGaGi0XZcEroBGwdlU+ZojA42JMuYhANeQpriP1DPlAYEHGd7juA5HRc5WC9Mm8NtwnBSow2D/9NL9+5d+mZnRuqZMLVM4Xs3U0oKlw29hWYsfOgS27kBvuka+Ax97ax02Lh20cqwlaLfb7HwEsJPdxcnJYneumk719KTSVXDv4bm+3A8U8Pnpffuf3n9am+jPfV95CJ5BBNaAzWa3B6FAYYCjVGs9Wqp1oB3G2ULwHSkreHDn5OTOyTvSPT3ojIRRC3cV6vQQEYAaHSPgtvuusNcfLCD5jFQDvIZqyYhYu9R2wizljGRJ6LiR5/YB8OLt+z4rS7e/+OLtPH3lLwSB2fWx/7H/aTjcyDteOrP7pX94CVlcTxmy7ddXt1C/pvJQd0mEE75vwcAIrruMCqA6YzyjFBJKGBllRwuCXXG68R2lqqmEWmU4lUnZQVmtqhJgcoBSqmrVabl8GVTf/RHIv/NO60/efXfntndB669AEqRb/54C5A92g+ALz7/7yitvv/jlNz772dFa9TnQ+hy5743vXvzwv4Bd4Ln+IfipiKs/YI6TUWjhZIguOCu2EIeJE8R54hXiLeJt0mSgB+orX4W2DWIfWb5owK9BC918c16VfHy2ntV0l9CsdxYbX0XfqqHh54Wzn1v+VWu2XtX0s1xzwRJGa7qFbdbXFlH1P29tLrBJfMiLGg6BsGJ9PHxZqn9S0w/Adxk/gKTy+DA0y09/VQxfKtS/oenPwDn6zGm045k7EeTet42ucw/uLIdnjcDZZUYYusW6GbeJzWe7K4MICnMDjjzXNxip/TK00/St3mZ9uDi/aWsP1MVrHfCTFfRN8GkrhqTSp+DuI0XUhX7EnNWfg2e9E0XPz7ua80ufOwK/+O1a/TlRvwAVyUNF/T64/1Kxfp+on3E262cKaOk1eJZXod3xHRTutkD1wCo+rB6gRdjIl3JIiWyVGitXra5hNCl9HLWbPjcFR8HkstvOPol0/fk7oSA4+m/g9gtLJXnYdPqeRx/75Lnnv/rWN5DouE9qPPy1N9A5X4Pqp16HksMFB9Fr5crSOx48gxLZ+ufOQrmyddeehwzwwAWid9PC6wYy1bDdNDgyOjm17sjRe598Tv/a2+j48QPwRC/X9NPPwDe+5y2cmy4hFEEVlXribrZyH2nUR+bJqlZCSWYbyZQRDEUMFVvGypoRSEXQNxWjp01FWZ9UzBlDqSEkYdS2PCm3X4/LrzhnUikZcRrkBMVSMTT/UDNcChXGtOPfnAO6U3SyHLVxCkLaoZyxMoKQTHWjUIwp0n9w2Yb+lNL6K9qWCq4dInt8gfFVW+7oUd5pULaOSChlo0BiDkyT8GcazK2EblH5IBmqZb3pGSC4suFhH9hXFq3AK/n8Mskrkqhw5AnoxZNghk9Hx+jcQXo3Q0bGZB7IUvImi0XyeW2mDqsCXWsAaC/n5GwMT46d333oyW88kc0OD2dfDeW6AoqVN33R6YnLAxutrN1T7lsuS0EotqR3NmpxkoxrKYs5F0qpr7/b6Q1M75dD+S5PMfPDL6qpUM5sMc8ODMySVCzSIUqZaGg6IE92ZEsy4CY8Xurf77UVhVIvKGU7JuVAKOAPBc4PCooUEsM0ABTFCVYZ9Lz/fuvZb35z4+bqkCAMVTfj2DpwX52hijimvNLAdzM6swSo+gAho0Ysu6YDulm3QsPaUajLKFOlSx5UP9yQZFw0bIfGE1dsyLhoWEaFUk4sUUEZ3rVKH3DCGxcAmjMmxSTgPv/IjmeftbsvXboEfN/asf+pb0XcO7/V6gY/xHhWKCbzFfh50phJYRxa/gdBvl293ic0G5NIcvvRR+yEJuEwWhi3ws0oblDhKUR/VBEQqlR9JZqwW6Ad6O4ch3YgfgT1Wwr10GU948K4+xlxgTBCCERhPp4JQVFghXsyol5AZZdwsQeBcTPGMZLRxj6lInSKecvUqC2rD0KDcrCgj7qb+iGk3OOI5SiaLPehSVaQXrP5O/nuCmYlgjORUtxeNM2YHkzloY8iWNyhcZSwqvQh8hkCigJemk9OTGE2hi0rURVBHEEXSsMmqzMU7Z5eumn3HiN+NL9334GD6LBJt5HBHke2RFd3u4kUY4PiNBacj9DGhLMpZuBJuoxJCa7XhVDXer2JtjuAakgVTXIGKdWoUxgisU1ZAKUUhsmF0/l0/e67NwAauN1LdnJ+sWuAovPVZQe60n5vvnIyGwhmMsFAWltaKi3VwLLCeFfXuP/hQpUOJRMWK0X7nCrHQRuSoVWaBps3n6r6hjZtGhreBE0SP7130u9ihOPh0P6lhRXueDKeco6DvaOFwmih9QVfIuHzJpPkb8cL8LRX3gV/04qAk62/A0GEv8TzvLDLCiirlQIf7N261fDteqidVJigoI+PanKr7QphXjMwnslrgHJGO7Zc0BWklkkCmmsMa7HaJSNr4gECqXKMVGZUrruqcpiV5jcP/6C1HOg/ePjhn//8u+BX4FctsSWCXz10+z9Tf0f/8+0PwZ8bajYQFks38W/bvXN2c9ujVMzNBbWAGuYWVCsRxoAH9SQagGG8CupFbGpaoY6xYmQV3QvHor+IUsUxuJaGa9liPW2wJHDOpq4ZGAnmC29LCCOBrmfztnrnJT0Q/j1d918i5/2BLMY8BHqgs4194EUcHyabQuHWyRhcEewyjQ3TgooxN0RrDBU86eEkHJ6OIByeijTPAsnyr3rwSNEVrojJMMYqqgwAqepsD8FipQpXGQmt3tBuF/0FmPnFL1oLWjYU6fpjuzXSlRnsBq2/tlujXTd21JGO1sIv0LFXLoWyXREeMIkfMV2RUDYfonlwT7H150xXm/9gmvwQ+vQMIRA9bY4ahIuns9Y2QZCA6mJMi2QHdbqISA4Qgi8FJ7X5Gg9RwklFpAj54ZXvkeDJ1tHXqfc//CH1JtgHvv0RnoV+YjvxbaJRQXEDO67y1tWhogG0ZzyYkYG0wggvI6qi+a0VM59dWLakYobSNqrpywT4gXbgW73a1WysBkisrt4MhexqEceU7fZmY9SOto5OQ2F7EyK6AtCqoPsHjM6m+crQHA5h2uW6Gd63rXZ4oxS4s75EGjYDwhPK5UcnN0j4mGXyaySV7ZyeXY3WVkj1OXgT+ykUZdaKfUDSyrgPow+Uo7j/rhrjJBdyTkmUGw2n8rRqaHNU9QLdiqpxh1HNKup6TzGC4s8GnvozlmFOc8NKYKIWz8Xdtjz1lafPPrIvkPUrAtM+pjX5FF6fGb1nxfF4ZagSn6wF5/oPzx3sGBzqEUxTs/F/DO8Nr0tMZDTX4Q//+4/MN/vS3jtsUXmW+eAb4HuuOZeWmUisu37MYbyhMLZqVhtz2ymHowACc/2rZ7QRt4k3mZV8HOPVLzBd5HvELGCJxgwaHJUeaPdOWLCSw27hsKXZCKCFqKk5H56hoELBj6A+h2/UmAujPaMwTgJOz4RRfVh0NXEsGk7BD/q/fcaAu4WT2nlJ77T8vl649OYvdnznOxieRBXnoYmlZOud4nyus6Bk5/PosQGXr6OV1PO1BjwK4Za8phacrs7cIl4p+BfrxkweQ72zVN807oKWUSetLRCu9KD7XDQSD2HUDA1HBOtNFPsGR6emjeIH0ahUU4Kk0eJWRaggqKjH6Gk2bjCnGigTqB0O6gUK9+IbGAcq8jzB+xdOf0uzH3NGRgo0NdaZB2I2mb778PFd9w6vyY3lB2ir2S1GlU7zLVtnlh0hwe67MrZ7I0+uP3Hx4olVZxNa9QubL3wWTL1/7+3x1u+6tBQZT/b64n67teOm9ZsPHc8O1jqtqgz9SCtro+I7tuweHdm6LQLCs9sufnBx7eQd47MExiTirp6l36AsUO7K0BdzQ2/skFEvVyc0QwZb22xhyC0Di0yMuou9VuJnhrLAohSxZ4FA0W1e6ENwbqPYjzdDsUgyDpfbg8UkIuB4VVacqteHL6cqaWqkigo7Is6yM1IGXAr6clUBUIzEvSFQNeGVr3x4kVrfenn5utbLQGv9yWqwBWz+GdBup+7n+Q9Pc/SZFUsBNTL5zn/58AutyyDT2v4z8HftXIuBt2SCFpPxndiPoImZC7oFo4nxyL7gcOkDcIIqJwCuSoF+kPv6d8AjrfG3gleh3ho71fr7/I9aS8HZSxdBf7vOkEa8PXF4/h6EXYUwDeoJTffBGZFC74MfegDWpXqHBV6ymsFt5G42FMwcowgCAgFDNEcJQ01hcj4FFd7F4PXq8MHPJhQxVrOulbDXkRykh4ATY2SjXCoNnYI8k4IKRFJwU3EIcEwZY+ACbfWePWu83tr2/rzbBkiKs5RGJ3tl5abP7ZgMSwBc+XiUpJKpjMu5GtQOpj9ZLv3h0MEl1ZCDok7RoUx3IWmx2O0uR7SrwyPT1D5TcWhqoiq16tTDOz/cC216m2gXo3O/GciWGIa4AdfADr3nJcR64lkDqVZXqGYjjAkKbc36RLHRhST9eiNEiZfzBsIS1vZ+qrkwPGVF7fHDaJxtwBdNtGOaLgRngFDQhouNKQygOrUEAahOYQDVMLyaeeybIgCEqgvDJKltPqGNKIsFncj60P+SEsnAgihLGA2CdSplOFuHANTEJTiD4fgsIrxOJ8pNczEnAqLUnBTOZ6VKeSoVm6uSf12dm6teiVbnklMa+ZI2NaVd2aRNfb/bHyZB0G4vgq35iZiTIuVALB4QhCejslS4/RBtCbkVAMxyh2934fo55lajE7RPc1cwISvQUTgZS5FkOJjN2O2Doe6gamLAl0IxuAlMwBOkfAO0JeJ1X+Ogm6ZOQv3uI8rEtnaMRdF0kW8aEb6QpW1daWhkVrCw9ouY2QLZ+JzYxNDwBT/Un6qHbneqmkQF93doIbgZEByO4vYDFFgjUAtQkFadRtMfhmQ0EPXp1ACuKKq0S71OvHfya4A5dhNgZHfGHQ8VYz2xrtqdf7L3oW1eL8m5PAnZZDqxZuihtx769a9/dLL1u6+feHeAFFSni53h5MCI9SSw3fYiT5m9ThksF8CmlUdvu+3FF2+7VhOlwzGYJQ4QBumeZGQpvGg64geMOCK0k9aduAPcZtT8GsXKC0kjTZ1r1yvP02xHBmc7Jd0fR19fkKAgg18fmd+Lph38gpLRfHkNz6ZSSpZxsyVuj8KJ6nDyE798dN3M8PiWydyS45vnzsWcADh2PXLeYT1Qoz/xy9Y//PJV4Pr5A57Wn8W6I7vym/auHktYxz7zpmYa22J3abscoeRjP3/ggTa22f+g7yMjUMYhZotRYg2xj7ideBy4jCjuQrpzYGRnXNUaj6C1zNCK3cdQOuYB44Lcja4FfrgFW/ZPGKaeFwWdkH2nO+zNeZ8D2mB1m7agGlkbudhQMZyC6oCzzYFRy/UUPLAzFYQHRrSFtHFgoojAjNFQ6oV7R3oLPGKVWBjwYoDzarHei8Eu9Bm4d9XMGI8QFxeWe4k/RZBIODe9F+5duxGqk13epr5lB9Qxu0R9P9x4RDISEbv2wum8E96OBzwIuUQQqVihd2xm7Y79R+7A5Li3SK8VlyzdtLl8wqDlK1WqBvYdSvwgHr5231osilvdoKmmFZ0uBwetM9RngIAY0BYjZYQ24tdVikb3O8ciBFN8FNpEQpVfZlF2oaTAdRlZAHCtUqomcQ4bFUcHcYo2WS5xLCsIrHXYBFiatJgBSbPAtNLE8WYzz5m2UAwQTPDPJAjbWEA6SMBx6InbTlKAdJOAIln4xG5nST/J4ocVAPiSIeGmT/B+X+9qsKa3dYIVnhB7KKrPaqtR3Jhnp4Vl72fd2ywcZ97udu9iBOFo8CTPc/u8ybU3B0wm8VtF717OZDpDVX/stljCP6h4ttksFvMOb3rTYSjCgoc3pcn7gd12P6DAFlluXaDAPZJ0z4MvTptEjv7kAevmBzZbuOriPCT3w3kYI7a22dUUqwFPrluszTpRvLHCLI57y6wiqgduWKNofFnNULBHrYstZsix46AbxxWQqiSgzdEm/ZTKRooH82hJiwx/1zuVU8my1N/R4fUKT/7jPwqCJ5qZXTpULvWPV6rROPTFzn/cEYuUtZkrn7tKrPO67Y7uz4UsFkkJhRLRJWBbe57NUk9j/KJNxM3EUeIe4uPES8R3wD6iMYW+2YNQqK7GsNLQZZ3AtdNQup5CIvcRbeFOnJlr3HkKfZc7i4IRSVpwGbPwHLoK5xZxBhaOGlsvorDNN9si6ruFehBqQCiRLbZicX6rCGeaHoUXI1rQtxr0lbch+mloX+8uIgbqnXDtXjiP7xXrR1Cw5yC8sAcL+hERbcJ9Qo84mvVHRP1luLgAt55BRw14mvr34IatqJGPd61DIv+ItGDO5GZQJZ1+121we+ctR9H2nZJ+6Fb4fC+GXnpcml/64IUX0ZR7RG5UliBaj/oZqVGdOIeWBuSF3vFnL76FbcA7T0Gbpm8r3PxN6bXevXseevgJzEF9UX7dFsxUd+3+g8+jN2Nd6M1eXsAKRkE1qcXF0lODB+Ta3S0pRmZwCKCqt2sN6BhDGHHl2Sh0ZBTzDeMcY8rATKkaPYaalEJhOG4x3UsZeSA4mKBXp2JNj0I6yKAqc8q/xEEyPkRJKRmAZ8avjYkZzW4krfr9gkDT2WiSosy5hNWqOuBEYulR2iTmoLLr7nXI4UhK4EOxzhgf2lv1+niGJc2dPXsH4lmOi7g8JknucqdFQOajMfODpMVVu7c2Hsxz4tCmoaFNPpI1BaqaqNKvwxM/NdQvmEnQX2Y6EzGWy4Y8QEhF8xzX47CDhVuimsdCsoLkDCsUlfT4XCz4o3jFC88dTydFiaIco908ZbL7/UHJbm7FZNnv6+xyOsmOwVjIBY+W1YoldXPW0Vftht9CTqsOC6BpEtHfACoSjT5qs4YDWQvQwOoOJ2jdt2nTfZtaKs/bJK9wt9Psk30M8+9eACaa/iQAra7uDmDqSiUFoZpPAcBnw1lb64NPB7JJG7CyDEtxIYdfkQWzpTt1LZbw39r1zm+28TsrdLNRGURp7koNTq0JJGCm20yZC0GD4cmoS7C2NxqY/wu51CCyMXNWpLtyPNSWePu8ME3z7UfMmgPtoqQHoXs0kjjgkOQR3F4RFbhB/bWwxCjeX4bAmpJwzCqdCIapvkRqSNk0tpVSOYMtYzoNnztq143PAIJaiOF2NBvJZQGXpbgYGlUBaMNX4dBlUM2lIdHQsIMqKHI9ELluhHxjcuvSRBmYUgF5cDJ6ak8OLP5M2WWSIm0rOr0HWgcoG01Tlt1/en/yQm4kf/5KbmCabDj8TqffSb40etOyiT4b4tzjChRvEqBVb7H3pO6Rrb7l5QJHAdprLXHWdKDy3A5yNXqR4yN4tiiPN0JMEauQtY99xnGqXcUWS2qa7qGaeihTLGKOBeMB344hlCJebUBf2TH0FbQV6gNFfYWz2ShgDscCAjZcIeozyB614+JevYAAsQQEiGWXRyensUjxjKNeRTi7CdHu6yxOTWNx1WtCSMDx2r9Cv3KpFFvFncjwEvsABk+qhEB7g2L0CBqNSi4NufQYGStFKThgjGb+DXG57U/e/h/Sy4Jdyyxm3lL+0p4pt9vCmy0nu5eiDaWX8vEU6WQtdC4CaPDgqyfee3twfMU09fGf3ny6h4q9/hEsrEd+2kNu3ngeTjMHYFpWkP8eRQKHDNj2FvH87eHhYSpuhkZZpBucvPXD92UvCx5qPTvwF3ffucfpHdpLEIt+2C/gPLERYaJEjBH3G/299T7thnBbFT+gpoDOYIzPfp2oXr1KdBJ8ex3Ux7E9SEOtQmPMab0G78wAbvoe6BOyOOY/QOPOTrPV7oskyga9aWcQmsyEmXQisV6V6lakpQ00ElSlCV0DLM+hq4DT8BQGGYuiwuFYHuXDokwFIxVC+xk1DB8STI7VG6ORc+sfeUzdfNPmQMCaObplo33yrf03fz3y2JtvPBbbsmrK5QR8YNUM9Hrz4KWn1z9yWAAmx5qNETBcP+sJheNTj9wZj29OffLKfx7/+IH1LlWI7t37+MD0qlVU8M47HYGo3cYqGQ/4Jjzku/Wz3mAwiV4Bxzl9dQXZpAqEg8jAcb6JOA792kYNRUtR2Mt4mMb2822F+vBlvQzVaazYGC6j6zSswuuEGADLw9BhsIQiqbwZX6PpGrpuUoxNFfMbdx7D5mnVgYujUUF6BbdFIxgWZbG+Gqk/ebHTXbkGC+NcLErAZTPw32jecC1CtrAI2wcDMOG2BA031LbbrlGhJMv47e+5UKBRfc/mo/h1DGvxrtxEUjna42NZp/g0/Zii8LwHkHZB4Pn4TrcMulj7A5yVoiWLp0egaN7+Y55XgWA9xkmAVGy+mpWmGNufmATnzzk265XtzBCnmByCwq2inI44uMjzgiCZQvZk649WRDjS8/6VW19yUuYow/xHG89QbEq2iWaw1WKWxHkekKJ3Y4DnBPiWZXKfxSKK3xSAzT0bMps41sZM0u14D/kTKI92EB2EkYxfSrfZxKPYxrypgOwiQo+ijueZbbjWkETkuxWiikEx0WCLXisEMUDYVIRWYMAWoHp2DhkUGP8QuXlFjIxjIGXfiHeTR4RkWRBlSHIE0CO1vCpLNm+HSEPBTAOmk+RJhmMFmaxudbkOHhcEwJImnuefvWfYkTZDWT2yPLdKVnLJkRzDWZLhHC8M71V3Bbq2TYb4vHUVa6HIWaDNmqF4AJTNyiLiDTvHw+8jUAxtctHATXIMY6vZaBO8bvNPTbvzVrPcHejkOEvMpfoC5UQI8H3WGbvbBkf421cn6Xeo7xKPEs8TXyKgb040LiJ58arW+Dy6kp+BZu15tOEPNZxirA9dcyIRi45BOzd3ja59g4Y7jhY+9cLnE1DDfopvLrz8Cbz4MmKie6NQf+yy/mkoV14o1h9BaRzJ6HD/tKifhzrgQlF/Du48V0SFBBuAIWjehP+ffgzeOdsZqF3PS6/RVvWBT7DYVtzwHJL//vLw3IrEjlvvvufiAp5jn0LtbSfvhIe/IDVOnL4bqeWX5YUD+4/dcSsSTZ+QXt22fefBQzehlQfkhVXK6jMP4wyiVK+2YSuqiGbEBu8WHAWoqAwOC1RPOki52iIL7cO46O2uC/jrwjgGJNwaRD0WVaRVbCQCVbIBvMlgqspj4C3EdAvHS7seLYky9qhHrmo0ycVw65vWnvVVDcH+MWj2GiwZXB5wQ69EfbJsohkW+pOch49RAW+332L1Rh1ad2U0ysi9/RsyXWu0OM/ZfY6gnLdnOdYfLiZyYiqcndugfq+7C0jmTF6WZ/cNB/dpzpUJVgwAhyDa492z2roxaA5abenOVKVjfSmRSM9VsiZTbiAXN/VZtvQtm+l1hLKhQ0p628TqHxRzzN6O7Pi2tLJv927Amim3aVAlGYEJTShkPJIMDqiazWoVzWZWZH1LFLGzx7Nq2Cey0EbOskpKUmLOYNxuT3T7JdZMWzvikhx2a4mM6LQDKrxquda7ZSKH2jzMYnV3Bxdh5P5Qz0rVlQyxshNIYtnlYdyqlSTT7ojbaneaTVoG2GgvdfjkSDoVoJeFslfee34kumT96CNjXd2D2eyS6Js9PT1X4zGzQAM2TVmiNreFa+NSz1IrqTKRJD7XxvILQiOSJNoZUd2xaFI6A3FEs+VEre+pAopSYia/c//0FEZgJ/N1R75Oinow8nsbCpowkd/D1XmKZJQsM0+jp3pQnHcGHUp2PoAeG3DfjWjsDIXZ2BiHMxCk6BuzGURXNwuHnQyHGmI3QTILcd1zzOICtDRx1AGxfNxlsrgr/f+17zPpDsEUCWqtI0Wwo9NkCvmyrc90gfqwpy955d8GY+sHYzlyV2epQyZzXZ3pJpXLpSK/W78hes0O3wrtixliHfGe4QMvmIxmdESqtLDWMLtNKCxLmFBjOsrnLXQZh3ShNnaiqwOVKq1HNkZ9aVFnxea8xkLrQ/ej1G0BMamjOBTi5R2VmvVRUZ+F1vYqERU2zydXzcIjO6Gq7SzoSegYIzGh+VF7Go+LAl4zOZzhruqU0aOwkO8ZHl+CRMWoDdvghL4WWofzttFZ3NPeJemOYaOmx8Ck5hbh9pLXf9tQe4s8dRhios1C2f51uDBuDQoMQfcyyVzrNxnKdQ5HR3ZOFAoeNRFduayQCQVF28pVx2fnRguJ4c7ckCncM7Eumd6wpVsLRezkMr/Zuv6DRhH6VXum9k/Bv1s6h4c78+GlHZnhVDLpVaPBgC8RT6bSe5YsifhL4a7c0FDOqYqD3dlIJJmORNMdnVDZDO4oa1bbqvseAPaB0vR0SZueNu4f+Rl4/9xQV+41UPAMQY5LXOJCs0Fg8rigC0GQ21DaNVOouy7rThdq29MBFM9Oo65McDUR+5HuBBiKqx6RGjRrw35PHNqBDUF2GG2lqC24zeJJ4rRYjJNiUklxqDdQtkI7ZTdvYpa//MCLlc1HBiaOBkkzdfQoqxxesueuu3ZM3SoLVOIk9dD3ntt6bkO+plFc62Hy9xtafx9yT6579r4Tn948FXEQ7bk7QH6OChN9BKFgZi6XCsU0176Z3OI9M4qC46kKqgquthkGb7jrpPljQ6vmvr2GJFlRyMaDoeBkgA8GS92Oo96NS29uNXcjilHSJAfLzhctlA+6RwG+015TK+Anz+wpqKq7kI6fiAIrglBlOztdTtFmmfzUCmblqVCnudKRzKSyXoq30/EZV8Js4y0MNE2jOD/3/wpfOE1Yr74JP/0dGOMYZbtGiUYKzfOQYQOgQuEFN+bFalMD25oYikKv0tB5QBre1AaWqxVQhoswYOKLLqNHEJQHAaosdcbQmjIAoLcG7wyJ3DVlgMQ7AyQqwrG+8rtXwCu/fQUEydOvnEIQSqdeOf1j+m9B/3+iqb9tffdvf0qee+8cee5H50CvlqxUklqyXAYen+KDfw6fr5XsY3pmZ3voHro6NwueAEkKkSPDyxfIIJoWXGf1FL2DbBAhIg69oS7oP/VD49LgBOrT9DSNW1QxhE9YaNbjBku0kRcNCKjqxGCucUc6LXDyuIXmApSgcLHerek5eADqhRko1JOX9YwHl1QhrIFeT3OR0O/ty7/6I6w1/Hlb3XdJ5xy/Z+qRS28OuP6haSTKY2LddEl3CL+vK5eYOgdNZC4C9UYYPSI6j3jMhKj+XuVMisMXa+fBh80cj9b94Ugsnr/+g/j/MqheJddVQ5jp8/lCdxEJxV65ES1pBs2fZDBnhUCkDQcJRWQbRT0FXbYko0aGwGJgQoE3EkEAkO11r+PvRQ/tJp/nTBGBtsvkHbTbfuXHcNstf6T4wG2DoElOXXmjOlOpzJheeuo/gefde/EKecbhVcSdzjAJX8DwrRN22WEHr3k//zvhl1d+i46ogH/asmVL6wt4GfNZE8zVl6gvku8QdijdgtCeNTrBOa5p4L742eaC6EFE8roIF0kGLdZNmk5yBvJnCHu9nNKEFxaXC3kUDPSKKhhUuKgaeW67grFgdImDl46kagh/vk7X6l657qjVVUm3mGuY59QKJaGIDmIFfBDUaAilm4RbAsEaToKjYCPnjJRTsbKmSmCArEakAEhEpJgzxty2tmcF5VvRs/b4ldwz4LZWNzj34TObwOz9wxt/85uNw/e35sHQ8uGvP9N6ZXj5ANj/DBzDV397NU9+m8oQReJjxBeJV4lvQi1NYFiuRS12TZ8paqUqL0IkcjeAqWFa1Rvw3ReVoeFMqqg5T8WwgwZ4KGqvwMKVzYJr58CO1L96Pfu/Oy3CiVFx1KWoXtuGwMgxuLVauaFtw+RXNTGWCEtql9Pt9mSm9kgsu3tFWnW7nbmax3fglpdGB/q6NI93xGb1dvTUpu7fsJ5lbL7lyze6WC5fPO4XOZ6SknEp7VZNZrrTIZGUYAaqGip0dVHA7hEyUYFnLXzAL9k5Jb5JtIVCHmgZcpzs9Lgk0W622XNuV6dJBmaGdk34RatVYLmXBJPDwcDfHWM5t4ejzTZJca8bioVsaSWSiAkfW7Iy2uXzt/5dt10GcZ8v6187fa8tnd3UOHoUfvYurdLriYZjZb//ph3n8h6XRZVklpI6JKeZVyVoOwfSKWgjR0ysnUqGi4Dhgk5nLt/JQ/M+ZOljWZp32pNxm63zD6xhX0fa5eB43pLXOmI2u90OLkSnl5yADuMfr3A7eeHKr1Wfakfdxz+0nF620i4KnC8w1cZR6qHeh/rTjpFj9i5m8ul21lilmwshH8rSt7UAqIcNflkP5pf1QGMtYPT+BkRU9qoLUMQhiyHgwYRUqoydNF8IrkkOp2gUEf6LtLyMTChoQS2Kkr4OKtzR19fx4U87+v64/rt6/Xczd1y4444Lu69v7iPLaHu99QDaccdi3y15MxUihogAAW1c3IWWMwhljCd9xChnM0Itxtg30kqDYAh1HKrYuw/SKmoOwz3wOARgJ+FzshbwHOOdEU04ZOdi1kCCZ2KWwkSv38H4BihgsSbFMsPmHXHRbrVEQjFZTYopamM8LK/dkZ2JK6ZuJpToN585Xo3bZCdN2hln0GM3S2Zbemmglqg6+llOc5fStWAyGE45nILFzsogJYuMc9Nirn+I3k1FiRFiA7xf9anCNV6wru6kbECoBTFKGnQTKig0BG0HijV80UGgumxUKs9g6DT4zWUW+ZaDjHEl0JcVlJHurVuClUJHIhhUPZKFs4kMf5OyuUKbSGDiFPILnLYmbBJZ+YBNNJXGVkYCxXBcifE06T72+BdG1q72dmr+noIWK7gzVpmhkt7p+3uKnh+DgYMrxkQGCDavJxnKR9y2cMrcBdyM00laSLnD3c22pqO3LrUzYcYOlMDYSLebYz3eQrDfRpK9N5VthUGy+Jd/mnQqtKpo/mFXSGC+OPiHMu+PLerzfrpC+Qk/1OclYpJYTmxCeId2pM9HNFDfXKiXLy/0GR2I3X1lHtq9XuLLcExsgYO1uwzNWqlWt0kNsTiFe5rl1/I9mYlZDLpDIDI5FBNAPJdwfJDOVB6Ni2RKhld3EORBYhAYgAc2koM2JuZLawNYIsMNHQaHVx6QiP7TgF7e2vvMc/2dCc6hhLvKZpOaSnRlCkrh6MlMVV776GF5zaNgr/NAf2/N4d4U6nZYXXno+t21eeM9h5NdVpa2dHUcQdnmitnsqsiJQn5LMpnPb1GA8N82VNPZofxdh7o69k8PA8HkDLq9ZlpQSGgf5B49gs/+RF/NId8yOBU250KebSMrWuu23HNq++G1gTWljnRlbWg1uR3KdJfPX3Fd+efNDiW1BT4k822Z0U/9nIoTvcQwsQRlaErX2JZRs2LDjovH+GYjhCyk/FgJkSbmmebCSAovjqB6nykMgu+VMalJCNpErqIe9kKHo9gIh5DnGFaEbD1s1Jx3eJv6NKr3RQzG5lo9JNWHavUw5oKakF5NpPJdAwigrN4h1ztRB1kepRWzfehOjkh6B7J5UrKeQCWgIalhjhp9ic4SLtXjKgpWmShxD+8Z0m5OTJ4B9R6i9ULN61wbdRBhccMbCtCkYRmk20qxuwbtnVst6xsjyUhBdSmUj7RbBMpMe0lLfM+W8a4GQzGD+8/+h4vnNnA2s0jzYPDhC/sG4uDMppKd++R57UjEFd6T8oEdDz5wcPtx2qXarcBrd3Qne+QlMvWZ0YMPl7hJsxVkplz9ras0Ay13YK2Eps+ePBWDstvIBfRTB+E9CUJPaJa4mdjc7mCKWaHxWWxMo+X1lmZjFm9kmw0rulNWdIN2p3xWeFd2c01MNVO4rLu9mEmG0NdPQ7HdMbl8K3Kqd8/Ci7+k3RKD8VqrOP4cpLGnnAfI80LN/jgofY2OlYN7oMWvGtGzctKwGaJVuMZgRGIonyrXAcoz1aVp2ZRyxaQMPx3x3ORRoku1zNX5275/+ptkZ2io4+hNLvWQ6PDJkWDY9bjbNbere2TrexZL/oTa7eEpc8fqZTHKtJKDkoW28HZedDDox8IIVkvIa5d89n+YvGfFhM/EOCwuW3T5BpfUaTd7plY8MPXmB0f+ODgUdPb1AnAYAMXbPR7QtoFqD9jwgcmUMZOKyFssQthP5ngFmBA4q8AJJorkrF4eGgUey7X58RN4LzRiH/FxgigPklX0PfHUN0RxtRJk4HobDIVOJRBGitQ+Dh2KUVxQoBF6zYidbvFQCsWdKePYRPvgj+zHgWk4QM0dNYsSSLKFv1AieeA4GqKXqdaA7OdVG00BU6bflP1KlvMrYVVu/Y4taT0JijZ39FmUYIrNXMwq8Qw9vsXcEZfFUCdgnAi8xJQdNHV9NcYlHTnr5Tw7M9RP02gb2BIsjHKpz6bokU6GAkK0zBfezLN+OeySfmOm71jH0Bm7U2EFJ+ncSfM+IGhQATEoQ01Dc4Y2WV0uxrHaQUmCFXp6lMvlRU2zTjs0sAQnpczBJw8ZTjOqSFG8F0GnM4JNdTHqGoly8RZ2j5MK+0Mcegnc+rwtScnTMul1CbRgVRTatdFFiYIFHGNILSPQhi4lrw7Tt8J7FCOmiQhxfTbU8wWUDkaJXkK35tsjXiYR0m0xjtCLSTVIoTohJOsR8hlr4BwXF1GM88BGc3mKY012hTZLJg99Fvx6OTeaGc/lTKLLTIP89OQ3vvful88Ef+xdNUQuCw96zaqoCi7STAJh38Qoac9XawNal9W3eXqp7IF22ytVOHg5K0kDmmeFYECLjIk//NXWDftcnfte2A2s/lOD5Iw/y1GkmVZIqKyFbWObg+mwPdFX7ubF9bOa2b5oQ6ykfkbVCIVYRTxtMJM2kujLJxF4GIu8+Rl+MWW74MT86CgIhPr3q4b2HK6i/n2PCP2lgj4s4vLLcYT6YvCToPRtNSrJrzF2kfUP4NrrYWgM6tl8DffoaIjvTESJMWByerJ5bXjcgBupd+MqwyquvXIh2DlcfAW1LI6+oUhcO0KXrOIQXQVBKyLa8EW2DA66J5WPehvwN738zS3vbfnaynR65dfgwpvLk2tWP5x2+LT45qLqd5jsqa6BOwZT0bDN4nMVq8HujmLH/WtWRcK9PXMrVq9atayvJ/pT9Lp0eu7r29/Z/hZcWPF1oK594sih/Ip+H2AFtfqJZeW+CcYSFkWvzUKCib7ysltrYdlOB3pX5I8cfnzt8pnenkg0Gq71zuC8ej+1E44/G5ElKsQgtFhOEpiaRHdD29uNi17dsoD69A3QrMFF4NUy11ww96YRcL7Z1FyYHEWLC5M46IpZpoYv6+OqwSs1jvKRhVrvwCCFzXCzG5PB6JOjUK739PVXr4N6witIoUhMilSQJsQZryIuyDE4izCJonKd8HLRZmfbz635hStTwnutv3yPnz5oZ9nCpzWN980tWRc0i8DFm7/8sy+blMQLx46/8MLPnn9s5bGVK49Z0r3pdC/5dP+aNf2W1pr8unV58AdX/oKWmESGpDDJPCOR5Ml098hI93by0+5Y1O2JRVvfQi9eebino6OnA+s+okJfJTPEDPEIcYF4HRwlDFC8tSiH9ZSm7zQ36/Uijlkt+IwqrZ1r0QXeuVlo870+UGhoS5/XEMajpVn/UnEhh6E1FibwZdWzY8UiiviHUBHt1wp16rK+BA78JSKiplsoGFWlBSN2fdDoljso6jvg2ga81tixAZk0O7YKqAu3fgrVYR1zN+vHCvop+LRB1F9BqM6upv4GKn6oSfLrVo8plApkEblvfVZqyIkYMmYOynBORuJnDGzl+f37DmH21FNwMq3deeuJk/fce99ZnCvbIckLt9/5sccuoN2vSAtP/cEXnn8Zj4HcITgXZw/WanoKNT+YRkZvPf/cZ1986ctfQYeGpGHJaukYGNy3/+Zjt5/69DOfWXj1NbTDJ+tbX4Ev2vkANK2ox55Gn0aWdOcGHFDXkm0+SEQ10IZswhHgGMu1t8YMAwo32mEy1phmRA6gccDFjKPQIQkE+UQZxbSoQBNjMUP1piHGSFRw2wZV1WK4qtM4LzwXg0+HXmm82+I/3FvVWGioYXZXLBLgVje3ORMu5aZWOSLRudlA1dud9LGU3Sorw5SiiFOqT2RKxXihPzoSUhQHxTtWCVEecC5L31xlxEGSIVmJlibyxaWZeIlzSSGfYBLFsN+T5DI9yZI1kaBr6XS6PDYeliQ3mM7I3YqvMJa70xWP273JZCIej+enpwJ7KdavOkipx+mwytFEwrPd5hj5r0Pd0dK5weHxvL8UttKuOJUUhD6my2NS3dG82OFOIn2jTMs2Mq3lUnPJY5lcb9WXyiUHIqzKWf19Lv+aWKDbT0YS0ZjZXrw11NERCHjTy+8uVGre48VJrW823NFxKJaMf151i96tY4t2y/tQJpmJFDFG3GPU+SzYcPOdnikXiw0bRhC2dQnt6p4A6h0bL9Sdl/W0s4k776RmXSrUPRpaycEJoBnTQTN6zzlPExv0mhMlDeg+gw/JhsYhKuzJaX0DwyP/qo2u6ugDCDM0CyTNeI4GANwmxaJOBu0rS6iAV2ovwnuM8ESizhsKeJZ6635/IOD3173eUMgLnO4+1/KMa8B5eKzK0Y6s+0s31OgUvN4uL3gPPsC/VslbcrsB2Ke13oXPs3cNx10ewuDz6adEeL04eMXsUKOqCDEJJNuxSAo6QBTu/6AYOO1BEQMu6jzfhvryX6srcaLqHDvBoPZbBnf7K9q8RAT47HwIPbZjLguUkT+nRNTSoouoDQf+Y5h3xDmPAvCcoYNRtXYEx5nrSS/QrZb89wndYs1/H+h2G1q22fPfX9wriWiLKKG9ioyWZeX63lAQbQmG8JY3L/30N7eh6DSDGggC0d9T9QAOLdMUVPi84HCquAeozkm6y4furYQIy10q9rt0rw9RyaLQKYoBqVRE0qRExBkZAgyXqDIcgP9UVeEU+D9Dgd8sv/IBONu6E/DgY3zrcRWcdrfe6wSrcl+e+NmkumZkzXfBF0FLB3Otm/5q9dNrk2t/surgKlCafm8aPFtsfasI3rK1Ttmu4TtTn4L3ykKU28iXKBNW5zScAwN1a6FuvqyboN5E19RkhnqShh+fMBZQYguHKBUNDjrpi9/rLncNfPt86+hDVLz1k2Xb124BySuXWhvAl/B7ETT9VXILsY44QeBMaR3qlWkr6iHH0wa1D/XDVV+xnRnVx6ESGBdRx62edRtpznHUHbQKtZa+SkcT2uwKdFmziIuB0KdXIBG+GoPqLfCBbHUZ2knLjWAqbaThDBGJ0LE+QgJVwgQMKS2WTOFOBu0jTJ+oVuia0bRYSlQNASytUcXMlx48e8QZ2ZGyLp3uS0QYaPe4QbI2N7EWAJau3jZzehMAqxlxaGBjJPD4LSo+cplLDngDHJUgU73Lx9cItdumHlw7ZGdAJHr0S7c6MveUrEvTkRIjuBQ4LdNLj/BMv7YGrD4TjGwcHpSYQ2rnaXgIy3vDKZutlibTyw5bBkqrwdAmz/8zubP//zn+xedAXFTgn9qfo3Ttc1T+V5+D42Szmw3kGdsqx5MhXmUtJtrUmeg1MUFfLOB30IJdJF0z8v/lp8Cfgfo74zPI/6drAaz2mNpl6d1s8V3oAIFBKW/2OEyOdcuOO0395cn+appTgmE690zs//ZiAJywKlElpGG7pYiElj98738CUBwFnQAAeNpjYGRgYADilbsVfsTz23xlkGd+ARRhOPOw/zKM/n/wvx5rMfMRIJeDgQkkCgCqyw98AHjaY2BkYGA+8l+KgYG1/v/B/99YixmAIiigHwCjBAcjeNpNkj0oxVEUwM+7H5TCGxksb7QppIiISRZsTB4ipWxYJLIrikFZZcAgUoqSzStsRilShpfPPDl+//u/g1e/d77vOefev3xL+GX6+EO3T+J9FbIIBTiFTWgRMa0irj/kiNuO+i5UiPV12M9asmUhXu0msVepuZSs3cO3LPWh7gK9C5lXTezgOyRPxVgnzg7je0j9gR7inG1W0KeZ81F/3Q2+dshqyXcjT/XTDiJryRkTG+rusJP5h7To5tGv0Ze04PPIcXiEjuQMMckeri2dx/Wq+hw9BvTXvuubXyCvIVMT9hxJZzI/qfSNqu5EykNda5x3Dv0AFsmbwF6D1xh7xvciziTzX+u5HWDnUXwbxI7gijNz6TuYLWL05C0qk7u0O+LNsX6E/sndsoNrjntMwS32DDVP6ZzuK/bMwjr2Pnd3j37xT3bSi3eW7cgsnEFTfNdIJs4fYsl30ZjO/Af0yHMSAAB42mNggAHGJUwNTJuYS5i/sfxi7WL9xObG9oD9AkcDxxEuG65T3Kt4CnhT+ObwmwlYCYoIRgjeEOYTdhPhEqkTtRLnES+QKJP4I9kilSWtImMkUyDrJOck1yO/R4FJoUjxlNIx5RSVJ6pGqpPUotR2aazQ1NE8o/lLa5X2FZ0G3Tm69/SW6N3Rn2JwwvCEEZNRkEmYyTzTU2Y8ZsfMfpnfsDhhaWaZZvnBapu1kfUKm2+2MfYK9s8ctjhGOek5nXGJcHniesTNDA5nuN1xD/Iw8tjiec3LxmuNt5X3B59dvg1+QX7n/CcFWATeCSoJ9gpuCDHDAatC9oUyhbqEdoDhlNApAFDhX5J42mNgZGBg6Gf4xyDCAAJMDIxALMYAogxBAgAsNAHyAHjafVJLSsRAFKxkxs+guJzVIH0Bh8QfoitxNm4kOKDgLt9JUBOZRMGNB/AErj2NehAP4AmsfumYOIg06a68qvftBrCGZ/Rg9QcAnvjV2MI6/2psY+NH08M2XgzuY4QPg5dwhk+DlzGydg1ewavlGTzA0Poy+A1De9Xgdzj2Jk5Q4A6PmCPDDCkqKOZy4HJXOEZEPkBMPKWqJB/jlqfCKXKEZOf017svXISx+N1wqU7UUv5injHPB6O8omdIjU/1OW0z3BP5VLhkHVlHpr6SqKvfWvDocmqBu5CsJdmCVatf0T12pgQ3VpfWlMpK+stZbeMxxh72/63C4xkTlTIz3XEiuRWjFbKnwvw1d+0TEjVVJjLX1icReyUWPe9I7kJnvaZNz7+SeAGraaPk0knGyHr6Y3br06uuQN9SRkWJS7JBJ0Pd75SRdIyJVKbkbWjuAIdk632nfTHfaRxvmXjabc7HUkJhDIbhNxRBUBGVYu+9nXMQwS4KVuy9IjMiYBfFO3Dtveh4fYryL/1mMs8kiySY+Mv3Fwb/5b1QggkzFqyUYMNOKQ6clFFOBS4qcVNFNTV48OLDTy111NNAI00000IrbbTTQSdddNNDL330M8AgQwyjoRduBxghyCghwowxzgSTTDHNDLNEmGOeKDEWWGSJZVZYJc4a62ywyRbb7LDLHvsccMgRx5xwyhnnJLggKSYxi0WsvEkJl6S4Ik2Ga7LccMct9zzwxCM5nsnzwqvYxC6l4hCnlEm5VIhLKsUtVVItNXzwKR7xik/85mgsbsvfZzUtrCn1ohHVR6K/GpqmKXWloQwoR5RB5agypAwrx5SRorraq+uOq2w6n0tdJp8zxZGxUDT4Z6zwgiVhBEM/9lZQu3jaRc7LDsFQFIVhR/WmpbdTbSUEE4PzGtpITMSoTTyHsYkhz7Jr5O1YkW2brW+N/pd630jdBwfyjm2v1KPrG8e0a4q7A+kTxrVbkGPO7YCsVU2W2dFoVT+tYGi+sIHRDw5g7xku4CwZHuBWDB/wCsYY8HNGAIw1IwSCjDEBwpAxBSYMRRF3xXgjf2h6q7mACRj/mYLJVpiB6UaowawQ5qDWwhmYZ8ICnEXCEixCYQWWgXAOVsKOtPkAmoBkpAAAAAABULvfUwAA) format('woff'), url('zocial-regular-webfont.ttf') format('truetype'), url('zocial-regular-webfont.svgocialregular') format('svg');
-  font-weight: normal;
-  font-style: normal;
-}
-.zocial {
-  background-image: -moz-linear-gradient(center top, rgba(255, 255, 255, 0.1), rgba(255, 255, 255, 0.05) 49%, rgba(0, 0, 0, 0.05) 51%, rgba(0, 0, 0, 0.1));
-  background-image: -ms-linear-gradient(center top, rgba(255, 255, 255, 0.1), rgba(255, 255, 255, 0.05) 49%, rgba(0, 0, 0, 0.05) 51%, rgba(0, 0, 0, 0.1));
-  background-image: -o-linear-gradient(center top, rgba(255, 255, 255, 0.1), rgba(255, 255, 255, 0.05) 49%, rgba(0, 0, 0, 0.05) 51%, rgba(0, 0, 0, 0.1));
-  background-image: -webkit-gradient(linear, left top, left bottom, from(rgba(255, 255, 255, 0.1)), color-stop(49%, rgba(255, 255, 255, 0.05)), color-stop(51%, rgba(0, 0, 0, 0.05)), to(rgba(0, 0, 0, 0.1)));
-  background-image: -webkit-linear-gradient(center top, rgba(255, 255, 255, 0.1), rgba(255, 255, 255, 0.05) 49%, rgba(0, 0, 0, 0.05) 51%, rgba(0, 0, 0, 0.1));
-  background-image: linear-gradient(center top, rgba(255, 255, 255, 0.1), rgba(255, 255, 255, 0.05) 49%, rgba(0, 0, 0, 0.05) 51%, rgba(0, 0, 0, 0.1));
-  /* Button icon and color */
 
-  /* Icon characters are stored in unicode private area */
+/*!
+	Zocial Butons
+	http://zocial.smcllns.com
+	by Sam Collins (@smcllns)
+	License: http://opensource.org/licenses/mit-license.php
+*/
 
-  /*
-	The Miscellaneous Buttons
-	These button have no icons and can be general purpose buttons while ensuring consistent button style
-	Credit to @guillermovs for suggesting
-	*/
 
-}
+/* Button structure */
+
 .zocial,
 a.zocial {
-  position: relative;
-  display: inline-block;
-  padding: 0 .95em 0 0;
-  color: #fff;
-  font: bold 100%/2.1 "Lucida Grande", Tahoma, sans-serif;
-  text-align: center;
-  text-decoration: none;
-  text-shadow: 0 1px 0 rgba(0, 0, 0, 0.5);
-  border: 1px solid #777;
-  border-color: rgba(0, 0, 0, 0.2);
-  border-bottom-color: #333;
-  border-bottom-color: rgba(0, 0, 0, 0.4);
-  -webkit-box-shadow: inset 0 0.08em 0 rgba(255,255,255,0.4), inset 0 0 0.1em rgba(255,255,255,0.9);
-  -moz-box-shadow: inset 0 0.08em 0 rgba(255,255,255,0.4), inset 0 0 0.1em rgba(255,255,255,0.9);
-  box-shadow: inset 0 0.08em 0 rgba(255,255,255,0.4), inset 0 0 0.1em rgba(255,255,255,0.9);
-  white-space: nowrap;
-  cursor: pointer;
-  -webkit-user-select: none;
-  -moz-user-select: none;
-  user-select: none;
-  -webkit-border-radius: .3em;
-  -moz-border-radius: .3em;
-  border-radius: .3em;
+	border: 1px solid #777;
+	border-color: rgba(0,0,0,0.2);
+	border-bottom-color: #333;
+	border-bottom-color: rgba(0,0,0,0.4);
+	color: #fff;
+	-moz-box-shadow: inset 0 0.08em 0 rgba(255,255,255,0.4), inset 0 0 0.1em rgba(255,255,255,0.9);
+	-webkit-box-shadow: inset 0 0.08em 0 rgba(255,255,255,0.4), inset 0 0 0.1em rgba(255,255,255,0.9);
+	box-shadow: inset 0 0.08em 0 rgba(255,255,255,0.4), inset 0 0 0.1em rgba(255,255,255,0.9);
+	cursor: pointer;
+	display: inline-block;
+	font: bold 100%/2.1 "Lucida Grande", Tahoma, sans-serif;
+	padding: 0 .95em 0 0;
+	text-align: center;
+	text-decoration: none;
+	text-shadow: 0 1px 0 rgba(0,0,0,0.5);
+	white-space: nowrap;
+	
+	-moz-user-select: none;
+	-webkit-user-select: none;
+	user-select: none;
+	
+	position: relative;
+	
+	-moz-border-radius: .3em;
+	-webkit-border-radius: .3em;
+	border-radius: .3em;
 }
+
 .zocial:before {
-  content: "";
-  border-right: 0.075em solid rgba(0, 0, 0, 0.1);
-  float: left;
-  font: 120%/1.65 zocial;
-  font-style: normal;
-  font-weight: normal;
-  margin: 0 0.5em 0 0;
-  padding: 0 0.5em;
-  text-align: center;
-  text-decoration: none;
-  text-transform: none;
-  -webkit-box-shadow: 0.075em 0 0 rgba(255, 255, 255, 0.25);
-  -moz-box-shadow: 0.075em 0 0 rgba(255, 255, 255, 0.25);
-  box-shadow: 0.075em 0 0 rgba(255, 255, 255, 0.25);
-  -webkit-font-smoothing: antialiased;
+	content: "";
+	border-right: 0.075em solid rgba(0,0,0,0.1);
+	float: left;
+	font: 120%/1.65 zocial;
+	font-style: normal;
+	font-weight: normal;
+	margin: 0 0.5em 0 0;
+	padding: 0 0.5em;
+	text-align: center;
+	text-decoration: none;
+	text-transform: none;
+	
+	-moz-box-shadow: 0.075em 0 0 rgba(255,255,255,0.25);
+	-webkit-box-shadow: 0.075em 0 0 rgba(255,255,255,0.25);
+	box-shadow: 0.075em 0 0 rgba(255,255,255,0.25);
+	
+	-moz-font-smoothing: antialiased;
+	-moz-osx-font-smoothing: grayscale;
+	-webkit-font-smoothing: antialiased;
+	font-smoothing: antialiased;
 }
+
+.zocial:active {
+	outline: none; /* outline is visible on :focus */
+}
+
 .zocial:hover,
 .zocial:focus {
-  background-image: -moz-linear-gradient(rgba(255, 255, 255, 0.15) 49%, rgba(0, 0, 0, 0.1) 51%, rgba(0, 0, 0, 0.15));
-  background-image: -ms-linear-gradient(rgba(255, 255, 255, 0.15) 49%, rgba(0, 0, 0, 0.1) 51%, rgba(0, 0, 0, 0.15));
-  background-image: -o-linear-gradient(rgba(255, 255, 255, 0.15) 49%, rgba(0, 0, 0, 0.1) 51%, rgba(0, 0, 0, 0.15));
-  background-image: -webkit-gradient(linear, left top, left bottom, from(rgba(255, 255, 255, 0.15)), color-stop(49%, rgba(255, 255, 255, 0.15)), color-stop(51%, rgba(0, 0, 0, 0.1)), to(rgba(0, 0, 0, 0.15)));
-  background-image: -webkit-linear-gradient(rgba(255, 255, 255, 0.15) 49%, rgba(0, 0, 0, 0.1) 51%, rgba(0, 0, 0, 0.15));
-  background-image: linear-gradient(rgba(255, 255, 255, 0.15) 49%, rgba(0, 0, 0, 0.1) 51%, rgba(0, 0, 0, 0.15));
+	color: #fff;
 }
-.zocial:active {
-  outline: none;
-  /* outline is visible on :focus */
 
-  background-image: -moz-linear-gradient(center bottom, rgba(255, 255, 255, 0.1), rgba(255, 255, 255, 0) 30%, transparent 50%, rgba(0, 0, 0, 0.1));
-  background-image: -ms-linear-gradient(center bottom, rgba(255, 255, 255, 0.1), rgba(255, 255, 255, 0) 30%, transparent 50%, rgba(0, 0, 0, 0.1));
-  background-image: -o-linear-gradient(center bottom, rgba(255, 255, 255, 0.1), rgba(255, 255, 255, 0) 30%, transparent 50%, rgba(0, 0, 0, 0.1));
-  background-image: -webkit-gradient(linear, left top, left bottom, from(rgba(255, 255, 255, 0.1)), color-stop(30%, rgba(255, 255, 255, 0)), color-stop(50%, transparent), to(rgba(0, 0, 0, 0.1)));
-  background-image: -webkit-linear-gradient(center bottom, rgba(255, 255, 255, 0.1), rgba(255, 255, 255, 0) 30%, transparent 50%, rgba(0, 0, 0, 0.1));
-  background-image: linear-gradient(center bottom, rgba(255, 255, 255, 0.1), rgba(255, 255, 255, 0) 30%, transparent 50%, rgba(0, 0, 0, 0.1));
-}
+/* Buttons can be displayed as standalone icons by adding a class of "icon" */
+
 .zocial.icon {
-  max-width: 2.4em;
-  max-height: 2.15em;
-  padding-left: 0;
-  padding-right: 0;
-  white-space: nowrap;
-  overflow: hidden;
+	overflow: hidden;
+	max-width: 2.4em;
+	padding-left: 0;
+	padding-right: 0;
+	max-height: 2.15em;
+	white-space: nowrap;
 }
 .zocial.icon:before {
-  width: 2em;
-  height: 2em;
-  padding: 0;
-  border: none;
-  -webkit-box-shadow: none;
-  -moz-box-shadow: none;
-  box-shadow: none;
+	padding: 0;
+	width: 2em;
+	height: 2em;
+	
+	box-shadow: none;
+	border: none;
+}
+
+/* Gradients */
+
+.zocial {
+	background-image: -moz-linear-gradient(rgba(255,255,255,.1), rgba(255,255,255,.05) 49%, rgba(0,0,0,.05) 51%, rgba(0,0,0,.1));
+	background-image: -ms-linear-gradient(rgba(255,255,255,.1), rgba(255,255,255,.05) 49%, rgba(0,0,0,.05) 51%, rgba(0,0,0,.1));
+	background-image: -o-linear-gradient(rgba(255,255,255,.1), rgba(255,255,255,.05) 49%, rgba(0,0,0,.05) 51%, rgba(0,0,0,.1));
+	background-image: -webkit-gradient(linear, left top, left bottom, from(rgba(255,255,255,.1)), color-stop(49%, rgba(255,255,255,.05)), color-stop(51%, rgba(0,0,0,.05)), to(rgba(0,0,0,.1)));
+	background-image: -webkit-linear-gradient(rgba(255,255,255,.1), rgba(255,255,255,.05) 49%, rgba(0,0,0,.05) 51%, rgba(0,0,0,.1));
+	background-image: linear-gradient(rgba(255,255,255,.1), rgba(255,255,255,.05) 49%, rgba(0,0,0,.05) 51%, rgba(0,0,0,.1));
+}
+
+.zocial:hover, .zocial:focus {
+	background-image: -moz-linear-gradient(rgba(255,255,255,.15) 49%, rgba(0,0,0,.1) 51%, rgba(0,0,0,.15));
+	background-image: -ms-linear-gradient(rgba(255,255,255,.15) 49%, rgba(0,0,0,.1) 51%, rgba(0,0,0,.15));
+	background-image: -o-linear-gradient(rgba(255,255,255,.15) 49%, rgba(0,0,0,.1) 51%, rgba(0,0,0,.15));
+	background-image: -webkit-gradient(linear, left top, left bottom, from(rgba(255,255,255,.15)), color-stop(49%, rgba(255,255,255,.15)), color-stop(51%, rgba(0,0,0,.1)), to(rgba(0,0,0,.15)));
+	background-image: -webkit-linear-gradient(rgba(255,255,255,.15) 49%, rgba(0,0,0,.1) 51%, rgba(0,0,0,.15));
+	background-image: linear-gradient(rgba(255,255,255,.15) 49%, rgba(0,0,0,.1) 51%, rgba(0,0,0,.15));
 }
+
+.zocial:active {
+	background-image: -moz-linear-gradient(bottom, rgba(255,255,255,.1), rgba(255,255,255,0) 30%, transparent 50%, rgba(0,0,0,.1));
+	background-image: -ms-linear-gradient(bottom, rgba(255,255,255,.1), rgba(255,255,255,0) 30%, transparent 50%, rgba(0,0,0,.1));
+	background-image: -o-linear-gradient(bottom, rgba(255,255,255,.1), rgba(255,255,255,0) 30%, transparent 50%, rgba(0,0,0,.1));
+	background-image: -webkit-gradient(linear, left top, left bottom, from(rgba(255,255,255,.1)), color-stop(30%, rgba(255,255,255,0)), color-stop(50%, transparent), to(rgba(0,0,0,.1)));
+	background-image: -webkit-linear-gradient(bottom, rgba(255,255,255,.1), rgba(255,255,255,0) 30%, transparent 50%, rgba(0,0,0,.1));
+	background-image: linear-gradient(bottom, rgba(255,255,255,.1), rgba(255,255,255,0) 30%, transparent 50%, rgba(0,0,0,.1));
+}
+
+/* Adjustments for light background buttons */
+
 .zocial.acrobat,
 .zocial.bitcoin,
 .zocial.cloudapp,
@@ -135,67 +143,71 @@ a.zocial {
 .zocial.viadeo,
 .zocial.weibo,
 .zocial.wikipedia {
-  border: 1px solid #aaa;
-  border-color: rgba(0, 0, 0, 0.3);
-  border-bottom-color: #777;
-  border-bottom-color: rgba(0, 0, 0, 0.5);
-  text-shadow: 0 1px 0 rgba(255, 255, 255, 0.8);
-  -webkit-box-shadow: inset 0 0.08em 0 rgba(255,255,255,0.7), inset 0 0 0.08em rgba(255,255,255,0.5);
-  -moz-box-shadow: inset 0 0.08em 0 rgba(255,255,255,0.7), inset 0 0 0.08em rgba(255,255,255,0.5);
-  box-shadow: inset 0 0.08em 0 rgba(255,255,255,0.7), inset 0 0 0.08em rgba(255,255,255,0.5);
+	border: 1px solid #aaa;
+	border-color: rgba(0,0,0,0.3);
+	border-bottom-color: #777;
+	border-bottom-color: rgba(0,0,0,0.5);
+	-moz-box-shadow: inset 0 0.08em 0 rgba(255,255,255,0.7), inset 0 0 0.08em rgba(255,255,255,0.5);
+	-webkit-box-shadow: inset 0 0.08em 0 rgba(255,255,255,0.7), inset 0 0 0.08em rgba(255,255,255,0.5);
+	box-shadow: inset 0 0.08em 0 rgba(255,255,255,0.7), inset 0 0 0.08em rgba(255,255,255,0.5);
+	text-shadow: 0 1px 0 rgba(255,255,255,0.8);
 }
+
+/* :hover adjustments for light background buttons */
+
 .zocial.acrobat:focus,
-.zocial.bitcoin:focus,
-.zocial.cloudapp:focus,
-.zocial.dropbox:focus,
-.zocial.email:focus,
-.zocial.eventful:focus,
-.zocial.github:focus,
-.zocial.gmail:focus,
-.zocial.instapaper:focus,
-.zocial.itunes:focus,
-.zocial.ninetyninedesigns:focus,
-.zocial.openid:focus,
-.zocial.plancast:focus,
-.zocial.pocket:focus,
-.zocial.posterous:focus,
-.zocial.reddit:focus,
-.zocial.secondary:focus,
-.zocial.stackoverflow:focus,
-.zocial.viadeo:focus,
-.zocial.weibo:focus,
-.zocial.wikipedia:focus,
 .zocial.acrobat:hover,
+.zocial.bitcoin:focus,
 .zocial.bitcoin:hover,
-.zocial.cloudapp:hover,
+.zocial.dropbox:focus,
 .zocial.dropbox:hover,
+.zocial.email:focus,
 .zocial.email:hover,
+.zocial.eventful:focus,
 .zocial.eventful:hover,
+.zocial.github:focus,
 .zocial.github:hover,
+.zocial.gmail:focus,
 .zocial.gmail:hover,
+.zocial.instapaper:focus,
 .zocial.instapaper:hover,
+.zocial.itunes:focus,
 .zocial.itunes:hover,
+.zocial.ninetyninedesigns:focus,
 .zocial.ninetyninedesigns:hover,
+.zocial.openid:focus,
 .zocial.openid:hover,
+.zocial.plancast:focus,
 .zocial.plancast:hover,
+.zocial.pocket:focus,
 .zocial.pocket:hover,
+.zocial.posterous:focus,
 .zocial.posterous:hover,
+.zocial.reddit:focus,
 .zocial.reddit:hover,
+.zocial.secondary:focus,
 .zocial.secondary:hover,
+.zocial.stackoverflow:focus,
 .zocial.stackoverflow:hover,
+.zocial.twitter:focus,
+.zocial.viadeo:focus,
 .zocial.viadeo:hover,
+.zocial.weibo:focus,
 .zocial.weibo:hover,
+.zocial.wikipedia:focus,
 .zocial.wikipedia:hover {
-  background-image: -moz-linear-gradient(center top, rgba(255, 255, 255, 0.5), rgba(255, 255, 255, 0.2) 49%, rgba(0, 0, 0, 0.05) 51%, rgba(0, 0, 0, 0.15));
-  background-image: -ms-linear-gradient(center top, rgba(255, 255, 255, 0.5), rgba(255, 255, 255, 0.2) 49%, rgba(0, 0, 0, 0.05) 51%, rgba(0, 0, 0, 0.15));
-  background-image: -o-linear-gradient(center top, rgba(255, 255, 255, 0.5), rgba(255, 255, 255, 0.2) 49%, rgba(0, 0, 0, 0.05) 51%, rgba(0, 0, 0, 0.15));
-  background-image: -webkit-gradient(linear, left top, left bottom, from(rgba(255, 255, 255, 0.5)), color-stop(49%, rgba(255, 255, 255, 0.2)), color-stop(51%, rgba(0, 0, 0, 0.05)), to(rgba(0, 0, 0, 0.15)));
-  background-image: -webkit-linear-gradient(center top, rgba(255, 255, 255, 0.5), rgba(255, 255, 255, 0.2) 49%, rgba(0, 0, 0, 0.05) 51%, rgba(0, 0, 0, 0.15));
-  background-image: linear-gradient(center top, rgba(255, 255, 255, 0.5), rgba(255, 255, 255, 0.2) 49%, rgba(0, 0, 0, 0.05) 51%, rgba(0, 0, 0, 0.15));
+	background-image: -webkit-gradient(linear, left top, left bottom, from(rgba(255,255,255,0.5)), color-stop(49%, rgba(255,255,255,0.2)), color-stop(51%, rgba(0,0,0,0.05)), to(rgba(0,0,0,0.15)));
+	background-image: -moz-linear-gradient(top, rgba(255,255,255,0.5), rgba(255,255,255,0.2) 49%, rgba(0,0,0,0.05) 51%, rgba(0,0,0,0.15));
+	background-image: -webkit-linear-gradient(top, rgba(255,255,255,0.5), rgba(255,255,255,0.2) 49%, rgba(0,0,0,0.05) 51%, rgba(0,0,0,0.15));
+	background-image: -o-linear-gradient(top, rgba(255,255,255,0.5), rgba(255,255,255,0.2) 49%, rgba(0,0,0,0.05) 51%, rgba(0,0,0,0.15));
+	background-image: -ms-linear-gradient(top, rgba(255,255,255,0.5), rgba(255,255,255,0.2) 49%, rgba(0,0,0,0.05) 51%, rgba(0,0,0,0.15));
+	background-image: linear-gradient(top, rgba(255,255,255,0.5), rgba(255,255,255,0.2) 49%, rgba(0,0,0,0.05) 51%, rgba(0,0,0,0.15));
 }
+
+/* :active adjustments for light background buttons */
+
 .zocial.acrobat:active,
 .zocial.bitcoin:active,
-.zocial.cloudapp:active,
 .zocial.dropbox:active,
 .zocial.email:active,
 .zocial.eventful:active,
@@ -214,678 +226,280 @@ a.zocial {
 .zocial.viadeo:active,
 .zocial.weibo:active,
 .zocial.wikipedia:active {
-  background-image: -moz-linear-gradient(center top, rgba(255, 255, 255, 0), rgba(255, 255, 255, 0) 30%, rgba(0, 0, 0, 0) 50%, rgba(0, 0, 0, 0.1));
-  background-image: -ms-linear-gradient(center top, rgba(255, 255, 255, 0), rgba(255, 255, 255, 0) 30%, rgba(0, 0, 0, 0) 50%, rgba(0, 0, 0, 0.1));
-  background-image: -o-linear-gradient(center top, rgba(255, 255, 255, 0), rgba(255, 255, 255, 0) 30%, rgba(0, 0, 0, 0) 50%, rgba(0, 0, 0, 0.1));
-  background-image: -webkit-gradient(linear, left top, left bottom, from(rgba(255, 255, 255, 0)), color-stop(30%, rgba(255, 255, 255, 0)), color-stop(50%, rgba(0, 0, 0, 0)), to(rgba(0, 0, 0, 0.1)));
-  background-image: -webkit-linear-gradient(center top, rgba(255, 255, 255, 0), rgba(255, 255, 255, 0) 30%, rgba(0, 0, 0, 0) 50%, rgba(0, 0, 0, 0.1));
-  background-image: linear-gradient(center top, rgba(255, 255, 255, 0), rgba(255, 255, 255, 0) 30%, rgba(0, 0, 0, 0) 50%, rgba(0, 0, 0, 0.1));
-}
-.zocial.acrobat {
-  background-color: #fff;
-  color: #000;
-}
-.zocial.acrobat:before {
-  content: "\00E3";
-  color: #FB0000;
-}
-.zocial.amazon {
-  background-color: #ffad1d;
-  color: #030037;
-  text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5);
-}
-.zocial.amazon:before {
-  content: "a";
-}
-.zocial.android {
-  background-color: #a4c639;
-}
-.zocial.android:before {
-  content: "&";
-}
-.zocial.angellist {
-  background-color: #000;
-}
-.zocial.angellist:before {
-  content: "\00D6";
-}
-.zocial.aol {
-  background-color: #f00;
-}
-.zocial.aol:before {
-  content: "\"";
-}
-.zocial.appnet {
-  background-color: #3178bd;
-}
-.zocial.appnet:before {
-  content: "\00E1";
-}
-.zocial.appstore {
-  background-color: #000;
-}
-.zocial.appstore:before {
-  content: "A";
-}
-.zocial.bitcoin {
-  background-color: #efefef;
-  color: #4d4d4d;
-}
-.zocial.bitcoin:before {
-  content: "2";
-  color: #f7931a;
-}
-.zocial.bitbucket {
-  background-color: #205081;
-}
-.zocial.bitbucket:before {
-  content: "\00E9";
-}
-.zocial.blogger {
-  background-color: #ee5a22;
-}
-.zocial.blogger:before {
-  content: "B";
-}
-.zocial.buffer {
-  background-color: #232323;
-}
-.zocial.buffer:before {
-  content: "\00E5";
-}
-.zocial.call {
-  background-color: #008000;
-}
-.zocial.call:before {
-  content: "7";
-}
-.zocial.cal {
-  background-color: #d63538;
-}
-.zocial.cal:before {
-  content: ".";
-}
-.zocial.cart {
-  background-color: #333;
-}
-.zocial.cart:before {
-  content: "\00C9";
-}
-.zocial.chrome {
-  background-color: #006cd4;
-}
-.zocial.chrome:before {
-  content: "[";
-}
-.zocial.cloudapp {
-  background-color: #fff;
-  color: #312c2a;
-}
-.zocial.cloudapp:before {
-  content: "c";
-}
-.zocial.creativecommons {
-  background-color: #000;
-}
-.zocial.creativecommons:before {
-  content: "C";
-}
-.zocial.delicious {
-  background-color: #3271cb;
-}
-.zocial.delicious:before {
-  content: "#";
-}
-.zocial.digg {
-  background-color: #164673;
-}
-.zocial.digg:before {
-  content: ";";
-}
-.zocial.disqus {
-  background-color: #5d8aad;
-}
-.zocial.disqus:before {
-  content: "Q";
-}
-.zocial.dribbble {
-  background-color: #ea4c89;
-}
-.zocial.dribbble:before {
-  content: "D";
-}
-.zocial.dropbox {
-  background-color: #fff;
-  color: #312c2a;
-}
-.zocial.dropbox:before {
-  content: "d";
-  color: #1f75cc;
-}
-.zocial.drupal {
-  background-color: #0077c0;
-  color: #fff;
-}
-.zocial.drupal:before {
-  content: "\00E4";
-  color: #fff;
-}
-.zocial.dwolla {
-  background-color: #e88c02;
-}
-.zocial.dwolla:before {
-  content: "\00E0";
-}
-.zocial.email {
-  background-color: #f0f0eb;
-  color: #312c2a;
-}
-.zocial.email:before {
-  content: "]";
-  color: #312c2a;
-}
-.zocial.eventasaurus {
-  background-color: #192931;
-  color: #fff;
-}
-.zocial.eventasaurus:before {
-  content: "v";
-  color: #9de428;
-}
-.zocial.eventbrite {
-  background-color: #ff5616;
-}
-.zocial.eventbrite:before {
-  content: "|";
-}
-.zocial.eventful {
-  background-color: #fff;
-  color: #47ab15;
-}
-.zocial.eventful:before {
-  content: "'";
-  color: #0066CC;
-}
-.zocial.evernote {
-  background-color: #6bb130;
-  color: #fff;
-}
-.zocial.evernote:before {
-  content: "E";
-}
-.zocial.facebook {
-  background-color: #4863ae;
-}
-.zocial.facebook:before {
-  content: "f";
-}
-.zocial.fivehundredpx {
-  background-color: #333;
-}
-.zocial.fivehundredpx:before {
-  content: "0";
-  color: #29b6ff;
-}
-.zocial.flattr {
-  background-color: #8aba42;
-}
-.zocial.flattr:before {
-  content: "%";
-}
-.zocial.flickr {
-  background-color: #ff0084;
-}
-.zocial.flickr:before {
-  content: "F";
-}
-.zocial.forrst {
-  background-color: #1e360d;
-}
-.zocial.forrst:before {
-  content: ":";
-  color: #50894f;
-}
-.zocial.foursquare {
-  background-color: #44a8e0;
-}
-.zocial.foursquare:before {
-  content: "4";
-}
-.zocial.github {
-  background-color: #fbfbfb;
-  color: #050505;
-}
-.zocial.github:before {
-  content: "g";
-}
-.zocial.gmail {
-  background-color: #efefef;
-  color: #222;
-}
-.zocial.gmail:before {
-  content: "m";
-  color: #f00;
-}
-.zocial.google {
-  background-color: #4e6cf7;
-}
-.zocial.google:before {
-  content: "G";
-}
-.zocial.googleplay {
-  background-color: #000;
-}
-.zocial.googleplay:before {
-  content: "h";
-}
-.zocial.googleplus {
-  background-color: #dd4b39;
-}
-.zocial.googleplus:before {
-  content: "+";
-}
-.zocial.gowalla {
-  background-color: #ff720a;
-}
-.zocial.gowalla:before {
-  content: "@";
-}
-.zocial.grooveshark {
-  background-color: #111;
-  color: #eee;
-}
-.zocial.grooveshark:before {
-  content: "8";
-}
-.zocial.guest {
-  background-color: #1b4d6d;
-}
-.zocial.guest:before {
-  content: "?";
-}
-.zocial.html5 {
-  background-color: #ff3617;
-}
-.zocial.html5:before {
-  content: "5";
-}
-.zocial.ie {
-  background-color: #00a1d9;
-}
-.zocial.ie:before {
-  content: "6";
-}
-.zocial.instapaper {
-  background-color: #eee;
-  color: #222;
-}
-.zocial.instapaper:before {
-  content: "I";
-}
-.zocial.instagram {
-  background-color: #3f729b;
-}
-.zocial.instagram:before {
-  content: "\00DC";
-}
-.zocial.intensedebate {
-  background-color: #0099e1;
-}
-.zocial.intensedebate:before {
-  content: "{";
-}
-.zocial.itunes {
-  background-color: #efefeb;
-  color: #312c2a;
-}
-.zocial.itunes:before {
-  content: "i";
-  color: #1a6dd2;
-}
-.zocial.klout {
-  background-color: #e34a25;
-}
-.zocial.klout:before {
-  content: "K";
-}
-.zocial.lanyrd {
-  background-color: #2e6ac2;
-}
-.zocial.lanyrd:before {
-  content: "-";
-}
-.zocial.lastfm {
-  background-color: #dc1a23;
-}
-.zocial.lastfm:before {
-  content: "l";
-}
-.zocial.lego {
-  background-color: #fb0000;
-}
-.zocial.lego:before {
-  content: "\00EA";
-  color: #fff900;
-}
-.zocial.linkedin {
-  background-color: #0083a8;
-}
-.zocial.linkedin:before {
-  content: "L";
-}
-.zocial.lkdto {
-  background-color: #7c786f;
-}
-.zocial.lkdto:before {
-  content: "\00EE";
-}
-.zocial.logmein {
-  background-color: #000;
-}
-.zocial.logmein:before {
-  content: "\00EB";
-}
-.zocial.macstore {
-  background-color: #007dcb;
-}
-.zocial.macstore:before {
-  content: "^";
-}
-.zocial.meetup {
-  background-color: #ff0026;
-}
-.zocial.meetup:before {
-  content: "M";
-}
-.zocial.myspace {
-  background-color: #000;
-}
-.zocial.myspace:before {
-  content: "_";
-}
-.zocial.ninetyninedesigns {
-  background-color: #fff;
-  color: #072243;
-}
-.zocial.ninetyninedesigns:before {
-  content: "9";
-  color: #f50;
-}
-.zocial.openid {
-  background-color: #f5f5f5;
-  color: #333;
-}
-.zocial.openid:before {
-  content: "o";
-  color: #ff921d;
-}
-.zocial.opentable {
-  background-color: #990000;
-}
-.zocial.opentable:before {
-  content: "\00C7";
-}
-.zocial.paypal {
-  background-color: #fff;
-  color: #32689a;
-  text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5);
-}
-.zocial.paypal:before {
-  content: "$";
-}
-.zocial.pinboard {
-  background-color: blue;
-}
-.zocial.pinboard:before {
-  content: "n";
-}
-.zocial.pinterest {
-  background-color: #c91618;
-}
-.zocial.pinterest:before {
-  content: "1";
-}
-.zocial.plancast {
-  background-color: #e7ebed;
-  color: #333;
-}
-.zocial.plancast:before {
-  content: "P";
-}
-.zocial.pocket {
-  background-color: #fff;
-  color: #777;
-}
-.zocial.pocket:before {
-  content: "\00E7";
-  color: #ee4056;
-}
-.zocial.plurk {
-  background-color: #cf682f;
-}
-.zocial.plurk:before {
-  content: "j";
-}
-.zocial.podcast {
-  background-color: #9365ce;
-}
-.zocial.podcast:before {
-  content: "`";
-}
-.zocial.posterous {
-  background-color: #ffd959;
-  color: #bc7134;
-}
-.zocial.posterous:before {
-  content: "~";
-}
-.zocial.print {
-  background-color: #f0f0eb;
-  color: #222;
-  text-shadow: 0 1px 0 rgba(255, 255, 255, 0.8);
-}
-.zocial.print:before {
-  content: "\00D1";
-}
-.zocial.quora {
-  background-color: #a82400;
-}
-.zocial.quora:before {
-  content: "q";
-}
-.zocial.reddit {
-  background-color: #fff;
-  color: #222;
-}
-.zocial.reddit:before {
-  content: ">";
-  color: red;
-}
-.zocial.rss {
-  background-color: #ff7f25;
-}
-.zocial.rss:before {
-  content: "R";
-}
-.zocial.scribd {
-  background-color: #231c1a;
-}
-.zocial.scribd:before {
-  content: "}";
-  color: #00d5ea;
-}
-.zocial.skype {
-  background-color: #00a2ed;
-}
-.zocial.skype:before {
-  content: "S";
-}
-.zocial.smashing {
-  background-color: #ff4f27;
-}
-.zocial.smashing:before {
-  content: "*";
-}
-.zocial.songkick {
-  background-color: #ff0050;
-}
-.zocial.songkick:before {
-  content: "k";
-}
-.zocial.soundcloud {
-  background-color: #ff4500;
-}
-.zocial.soundcloud:before {
-  content: "s";
-}
-.zocial.spotify {
-  background-color: #60af00;
-}
-.zocial.spotify:before {
-  content: "=";
-}
-.zocial.stackoverflow {
-  background-color: #fff;
-  color: #555;
-}
-.zocial.stackoverflow:before {
-  content: "\00EC";
-  color: #ff7a15;
-}
-.zocial.statusnet {
-  background-color: #829d25;
-}
-.zocial.statusnet:before {
-  content: "\00E2";
-  color: #fff;
-}
-.zocial.steam {
-  background-color: #000;
-}
-.zocial.steam:before {
-  content: "b";
-}
-.zocial.stripe {
-  background-color: #2f7ed6;
-}
-.zocial.stripe:before {
-  content: "\00A3";
-}
-.zocial.stumbleupon {
-  background-color: #eb4924;
-}
-.zocial.stumbleupon:before {
-  content: "/";
-}
-.zocial.tumblr {
-  background-color: #374a61;
-}
-.zocial.tumblr:before {
-  content: "t";
-}
-.zocial.twitter {
-  background-color: #46c0fb;
-}
-.zocial.twitter:before {
-  content: "T";
-}
-.zocial.viadeo {
-  background-color: #fff;
-  color: #000;
-}
-.zocial.viadeo:before {
-  content: "H";
-  color: #f59b20;
-}
-.zocial.vimeo {
-  background-color: #00a2cd;
-}
-.zocial.vimeo:before {
-  content: "V";
-}
-.zocial.vk {
-  background-color: #45688E;
-}
-.zocial.vk:before {
-  content: "N";
-}
-.zocial.weibo {
-  background-color: #faf6f1;
-  color: #000;
-}
-.zocial.weibo:before {
-  content: "J";
-  color: #e6162d;
-}
-.zocial.wikipedia {
-  background-color: #fff;
-  color: #000;
-}
-.zocial.wikipedia:before {
-  content: ",";
-}
-.zocial.windows {
-  background-color: #0052a4;
-  color: #fff;
-}
-.zocial.windows:before {
-  content: "W";
-}
-.zocial.wordpress {
-  background-color: #464646;
-}
-.zocial.wordpress:before {
-  content: "w";
-}
-.zocial.xing {
-  background-color: #0A5D5E;
-}
-.zocial.xing:before {
-  content: "X";
-}
-.zocial.yahoo {
-  background-color: #a200c2;
-}
-.zocial.yahoo:before {
-  content: "Y";
-}
-.zocial.ycombinator {
-  background-color: #ff6600;
-}
-.zocial.ycombinator:before {
-  content: "\00ED";
-}
-.zocial.yelp {
-  background-color: #e60010;
-}
-.zocial.yelp:before {
-  content: "y";
-}
-.zocial.youtube {
-  background-color: #f00;
-}
-.zocial.youtube:before {
-  content: "U";
-}
-.zocial.primary,
-.zocial.secondary {
-  margin: 0.1em 0;
-  padding: 0 1em;
-}
-.zocial.primary:before,
-.zocial.secondary:before {
-  display: none;
-}
-.zocial.primary {
-  background-color: #333;
-}
-.zocial.secondary {
-  background-color: #f0f0eb;
-  color: #222;
-  text-shadow: 0 1px 0 rgba(255, 255, 255, 0.8);
+	background-image: -webkit-gradient(linear, left top, left bottom, from(rgba(255,255,255,0)), color-stop(30%, rgba(255,255,255,0)), color-stop(50%, rgba(0,0,0,0)), to(rgba(0,0,0,0.1)));
+	background-image: -moz-linear-gradient(bottom, rgba(255,255,255,0), rgba(255,255,255,0) 30%, rgba(0,0,0,0) 50%, rgba(0,0,0,0.1));
+	background-image: -webkit-linear-gradient(bottom, rgba(255,255,255,0), rgba(255,255,255,0) 30%, rgba(0,0,0,0) 50%, rgba(0,0,0,0.1));
+	background-image: -o-linear-gradient(bottom, rgba(255,255,255,0), rgba(255,255,255,0) 30%, rgba(0,0,0,0) 50%, rgba(0,0,0,0.1));
+	background-image: -ms-linear-gradient(bottom, rgba(255,255,255,0), rgba(255,255,255,0) 30%, rgba(0,0,0,0) 50%, rgba(0,0,0,0.1));
+	background-image: linear-gradient(bottom, rgba(255,255,255,0), rgba(255,255,255,0) 30%, rgba(0,0,0,0) 50%, rgba(0,0,0,0.1));
 }
+
+/* Button icon */
+.zocial.acrobat:before { content: "\f100"; }
+.zocial.amazon:before { content: "\f101"; }
+.zocial.android:before { content: "\f102"; }
+.zocial.angellist:before { content: "\f103"; }
+.zocial.aol:before { content: "\f104"; }
+.zocial.appnet:before { content: "\f105"; }
+.zocial.appstore:before { content: "\f106"; }
+.zocial.bitbucket:before { content: "\f107"; }
+.zocial.bitcoin:before { content: "\f108"; }
+.zocial.blogger:before { content: "\f109"; }
+.zocial.buffer:before { content: "\f10a"; }
+.zocial.cal:before { content: "\f10b"; }
+.zocial.call:before { content: "\f10c"; }
+.zocial.cart:before { content: "\f10d"; }
+.zocial.chrome:before { content: "\f10e"; }
+.zocial.cloudapp:before { content: "\f10f"; }
+.zocial.creativecommons:before { content: "\f110"; }
+.zocial.delicious:before { content: "\f111"; }
+.zocial.digg:before { content: "\f112"; }
+.zocial.disqus:before { content: "\f113"; }
+.zocial.dribbble:before { content: "\f114"; }
+.zocial.dropbox:before { content: "\f115"; }
+.zocial.drupal:before { content: "\f116"; }
+.zocial.dwolla:before { content: "\f118"; }
+.zocial.email:before { content: "\f119"; }
+.zocial.eventasaurus:before { content: "\f11a"; }
+.zocial.eventbrite:before { content: "\f11b"; }
+.zocial.eventful:before { content: "\f11c"; }
+.zocial.evernote:before { content: "\f11d"; }
+.zocial.facebook:before { content: "\f11e"; }
+.zocial.fivehundredpx:before { content: "\f11f"; }
+.zocial.flattr:before { content: "\f120"; }
+.zocial.flickr:before { content: "\f121"; }
+.zocial.forrst:before { content: "\f122"; }
+.zocial.foursquare:before { content: "\f123"; }
+.zocial.github:before { content: "\f124"; }
+.zocial.gmail:before { content: "\f125"; }
+.zocial.google:before { content: "\f126"; }
+.zocial.googleplay:before { content: "\f127"; }
+.zocial.googleplus:before { content: "\f128"; }
+.zocial.gowalla:before { content: "\f129"; }
+.zocial.grooveshark:before { content: "\f12a"; }
+.zocial.guest:before { content: "\f12b"; }
+.zocial.html5:before { content: "\f12c"; }
+.zocial.ie:before { content: "\f12d"; }
+.zocial.instagram:before { content: "\f12e"; }
+.zocial.instapaper:before { content: "\f12f"; }
+.zocial.intensedebate:before { content: "\f130"; }
+.zocial.itunes:before { content: "\f131"; }
+.zocial.klout:before { content: "\f132"; }
+.zocial.lanyrd:before { content: "\f133"; }
+.zocial.lastfm:before { content: "\f134"; }
+.zocial.lego:before { content: "\f135"; }
+.zocial.linkedin:before { content: "\f136"; }
+.zocial.lkdto:before { content: "\f137"; }
+.zocial.logmein:before { content: "\f138"; }
+.zocial.macstore:before { content: "\f139"; }
+.zocial.meetup:before { content: "\f13a"; }
+.zocial.myspace:before { content: "\f13b"; }
+.zocial.ninetyninedesigns:before { content: "\f13c"; }
+.zocial.openid:before { content: "\f13d"; }
+.zocial.opentable:before { content: "\f13e"; }
+.zocial.paypal:before { content: "\f13f"; }
+.zocial.persona:before { content: "\f164"; }
+.zocial.pinboard:before { content: "\f140"; }
+.zocial.pinterest:before { content: "\f141"; }
+.zocial.plancast:before { content: "\f142"; }
+.zocial.plurk:before { content: "\f143"; }
+.zocial.pocket:before { content: "\f144"; }
+.zocial.podcast:before { content: "\f145"; }
+.zocial.posterous:before { content: "\f146"; }
+.zocial.print:before { content: "\f147"; }
+.zocial.quora:before { content: "\f148"; }
+.zocial.reddit:before { content: "\f149"; }
+.zocial.rss:before { content: "\f14a"; }
+.zocial.scribd:before { content: "\f14b"; }
+.zocial.skype:before { content: "\f14c"; }
+.zocial.smashing:before { content: "\f14d"; }
+.zocial.songkick:before { content: "\f14e"; }
+.zocial.soundcloud:before { content: "\f14f"; }
+.zocial.spotify:before { content: "\f150"; }
+.zocial.stackoverflow:before { content: "\f151"; }
+.zocial.statusnet:before { content: "\f152"; }
+.zocial.steam:before { content: "\f153"; }
+.zocial.stripe:before { content: "\f154"; }
+.zocial.stumbleupon:before { content: "\f155"; }
+.zocial.tumblr:before { content: "\f156"; }
+.zocial.twitter:before { content: "\f157"; }
+.zocial.viadeo:before { content: "\f158"; }
+.zocial.vimeo:before { content: "\f159"; }
+.zocial.vk:before { content: "\f15a"; }
+.zocial.weibo:before { content: "\f15b"; }
+.zocial.wikipedia:before { content: "\f15c"; }
+.zocial.windows:before { content: "\f15d"; }
+.zocial.wordpress:before { content: "\f15e"; }
+.zocial.xing:before { content: "\f15f"; }
+.zocial.yahoo:before { content: "\f160"; }
+.zocial.ycombinator:before { content: "\f161"; }
+.zocial.yelp:before { content: "\f162"; }
+.zocial.youtube:before { content: "\f163"; }
+
+/* Button color */
+.zocial.acrobat:before {color: #FB0000;}
+.zocial.bitcoin:before {color: #f7931a;}
+.zocial.dropbox:before {color: #1f75cc;}
+.zocial.drupal:before {color: #fff;}
+.zocial.email:before {color: #312c2a;}
+.zocial.eventasaurus:before {color: #9de428;}
+.zocial.eventful:before {color: #0066CC;}
+.zocial.fivehundredpx:before {color: #29b6ff;}
+.zocial.forrst:before {color: #50894f;}
+.zocial.gmail:before {color: #f00;}
+.zocial.itunes:before {color: #1a6dd2;}
+.zocial.lego:before {color:#fff900;}
+.zocial.ninetyninedesigns:before {color: #f50;}
+.zocial.openid:before {color: #ff921d;}
+.zocial.pocket:before {color:#ee4056;}
+.zocial.persona:before {color:#fff;}
+.zocial.reddit:before {color: red;}
+.zocial.scribd:before {color: #00d5ea;}
+.zocial.stackoverflow:before {color: #ff7a15;}
+.zocial.statusnet:before {color: #fff;}
+.zocial.viadeo:before {color: #f59b20;}
+.zocial.weibo:before {color: #e6162d;}
+
+/* Button background and text color */
+
+.zocial.acrobat {background-color: #fff; color: #000;}
+.zocial.amazon {background-color: #ffad1d; color: #030037; text-shadow: 0 1px 0 rgba(255,255,255,0.5);}
+.zocial.android {background-color: #a4c639;}
+.zocial.angellist {background-color: #000;}
+.zocial.aol {background-color: #f00;}
+.zocial.appnet {background-color: #3178bd;}
+.zocial.appstore {background-color: #000;}
+.zocial.bitbucket {background-color: #205081;}
+.zocial.bitcoin {background-color: #efefef; color: #4d4d4d;}
+.zocial.blogger {background-color: #ee5a22;}
+.zocial.buffer {background-color: #232323;}
+.zocial.call {background-color: #008000;}
+.zocial.cal {background-color: #d63538;}
+.zocial.cart {background-color: #333;}
+.zocial.chrome {background-color: #006cd4;}
+.zocial.cloudapp {background-color: #fff; color: #312c2a;}
+.zocial.creativecommons {background-color: #000;}
+.zocial.delicious {background-color: #3271cb;}
+.zocial.digg {background-color: #164673;}
+.zocial.disqus {background-color: #5d8aad;}
+.zocial.dribbble {background-color: #ea4c89;}
+.zocial.dropbox {background-color: #fff; color: #312c2a;}
+.zocial.drupal {background-color: #0077c0; color: #fff;}
+.zocial.dwolla {background-color: #e88c02;}
+.zocial.email {background-color: #f0f0eb; color: #312c2a;}
+.zocial.eventasaurus {background-color: #192931; color: #fff;}
+.zocial.eventbrite {background-color: #ff5616;}
+.zocial.eventful {background-color: #fff; color: #47ab15;}
+.zocial.evernote {background-color: #6bb130; color: #fff;}
+.zocial.facebook {background-color: #4863ae;}
+.zocial.fivehundredpx {background-color: #333;}
+.zocial.flattr {background-color: #8aba42;}
+.zocial.flickr {background-color: #ff0084;}
+.zocial.forrst {background-color: #1e360d;}
+.zocial.foursquare {background-color: #44a8e0;}
+.zocial.github {background-color: #fbfbfb; color: #050505;}
+.zocial.gmail {background-color: #efefef; color: #222;}
+.zocial.google {background-color: #4e6cf7;}
+.zocial.googleplay {background-color: #000;}
+.zocial.googleplus {background-color: #dd4b39;}
+.zocial.gowalla {background-color: #ff720a;}
+.zocial.grooveshark {background-color: #111; color:#eee;}
+.zocial.guest {background-color: #1b4d6d;}
+.zocial.html5 {background-color: #ff3617;}
+.zocial.ie {background-color: #00a1d9;}
+.zocial.instapaper {background-color: #eee; color: #222;}
+.zocial.instagram {background-color: #3f729b;}
+.zocial.intensedebate {background-color: #0099e1;}
+.zocial.klout {background-color: #e34a25;}
+.zocial.itunes {background-color: #efefeb; color: #312c2a;}
+.zocial.lanyrd {background-color: #2e6ac2;}
+.zocial.lastfm {background-color: #dc1a23;}
+.zocial.lego {background-color: #fb0000;}
+.zocial.linkedin {background-color: #0083a8;}
+.zocial.lkdto {background-color: #7c786f;}
+.zocial.logmein {background-color: #000;}
+.zocial.macstore {background-color: #007dcb}
+.zocial.meetup {background-color: #ff0026;}
+.zocial.myspace {background-color: #000;}
+.zocial.ninetyninedesigns {background-color: #fff; color: #072243;}
+.zocial.openid {background-color: #f5f5f5; color: #333;}
+.zocial.opentable {background-color: #990000;}
+.zocial.paypal {background-color: #fff; color: #32689a; text-shadow: 0 1px 0 rgba(255,255,255,0.5);}
+.zocial.persona {background-color: #1258a1; color: #fff;}
+.zocial.pinboard {background-color: blue;}
+.zocial.pinterest {background-color: #c91618;}
+.zocial.plancast {background-color: #e7ebed; color: #333;}
+.zocial.plurk {background-color: #cf682f;}
+.zocial.pocket {background-color: #fff; color: #777;}
+.zocial.podcast {background-color: #9365ce;}
+.zocial.posterous {background-color: #ffd959; color: #bc7134;}
+.zocial.print {background-color: #f0f0eb; color: #222; text-shadow: 0 1px 0 rgba(255,255,255,0.8);}
+.zocial.quora {background-color: #a82400;}
+.zocial.reddit {background-color: #fff; color: #222;}
+.zocial.rss {background-color: #ff7f25;}
+.zocial.scribd {background-color: #231c1a;}
+.zocial.skype {background-color: #00a2ed;}
+.zocial.smashing {background-color: #ff4f27;}
+.zocial.songkick {background-color: #ff0050;}
+.zocial.soundcloud {background-color: #ff4500;}
+.zocial.spotify {background-color: #60af00;}
+.zocial.stackoverflow {background-color: #fff; color: #555;}
+.zocial.statusnet {background-color: #829d25;}
+.zocial.steam {background-color: #000;}
+.zocial.stripe {background-color: #2f7ed6;}
+.zocial.stumbleupon {background-color: #eb4924;}
+.zocial.tumblr {background-color: #374a61;}
+.zocial.twitter {background-color: #46c0fb;}
+.zocial.viadeo {background-color: #fff;  color: #000;}
+.zocial.vimeo {background-color: #00a2cd;}
+.zocial.vk {background-color: #45688E;}
+.zocial.weibo {background-color: #faf6f1; color: #000;}
+.zocial.wikipedia {background-color: #fff; color: #000;}
+.zocial.windows {background-color: #0052a4; color: #fff;}
+.zocial.wordpress {background-color: #464646;}
+.zocial.xing {background-color: #0a5d5e;}
+.zocial.yahoo {background-color: #a200c2;}
+.zocial.ycombinator {background-color: #ff6600;}
+.zocial.yelp {background-color: #e60010;}
+.zocial.youtube {background-color: #f00;}
+
+/*
+The Miscellaneous Buttons
+These button have no icons and can be general purpose buttons while ensuring consistent button style
+Credit to @guillermovs for suggesting
+*/
+
+.zocial.primary, .zocial.secondary {margin: 0.1em 0; padding: 0 1em;}
+.zocial.primary:before, .zocial.secondary:before {display: none;}
+.zocial.primary {background-color: #333;}
+.zocial.secondary {background-color: #f0f0eb; color: #222; text-shadow: 0 1px 0 rgba(255,255,255,0.8);}
+
 /* Any browser-specific adjustments */
+
 button:-moz-focus-inner {
-  border: 0;
-  padding: 0;
+	border: 0;
+	padding: 0;
+}
+
+/* Reference icons from font-files
+** Base 64-encoded version recommended to resolve cross-site font-loading issues
+*/
+
+@font-face {
+	font-family: "zocial";
+	src: url("./zocial.eot");
+	src: url("./zocial.eot?#iefix") format("embedded-opentype"),
+		url(data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAEVIAA0AAAAAY9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAABFLAAAABkAAAAcc+CDZk9TLzIAAAGgAAAASQAAAGBQBl3KY21hcAAAAqAAAABMAAABUvFF+FhjdnQgAAAC7AAAAAQAAAAEABEBRGdhc3AAAEUkAAAACAAAAAj//wADZ2x5ZgAAA8QAAD7MAABY4HVSYx5oZWFkAAABMAAAADAAAAA2A/nHeWhoZWEAAAFgAAAAIAAAACQEdwEbaG10eAAAAewAAACzAAAA2gWL/3lsb2NhAAAC8AAAANIAAADSYgpLMG1heHAAAAGAAAAAHwAAACAAvgE3bmFtZQAAQpAAAAEjAAAB9XSZ105wb3N0AABDtAAAAW0AAAQSQQeQ6XjaY2BkYGAA4k+d//nj+W2+MnAzMYDARX/nRBj9f8H/DUxzmLiAXA4GsDQATKILwnjaY2BkYGDi+r+BQY+J4f+C/6lMcxiAIiiAFQCI6gWUeNpjYGRgYMhgZGMQYQABJiBmZACJOTDogQQAEJMA9wB42mNgYfzDOIGBlYGB0YcxjYGBwR1Kf2WQZGhhYGBiYGVmgAFGAQYECEhzTWFoYFD4mMJ44P8BBj0mLoYAkBokJQoMjABG1At0AAAAeNodjjEPAUEQhV8USkGlkUiIS5xahEZEqSHX6vwV/0OluM6VnOIql2gQEQmF0MlJVCQKz9vdzc6b2S/zZrBEDub4ejGQkjBBFgMGvMBBhR/LW3B5FzuYgjdUFb8oYWxpGTW4CLnQ7xt17qU7jNR9RUe8iyEy0gln1h8MGfHHjfGiz4RrPrmyXm1NbPKkzNM6BW6VOZaAZ4UGX5yjzwCeOoo8MtZ9MBJLc4o8ema7PyjoUM0AeNpjYGBgZoBgGQZGBhDwAfIYwXwWBgMgzQGETEBa4aPYx5T//8Esho8S////f8zPws8M1QUGjGwMcC4jSA8TAypghFg1nAEA45cLgQARAUQAAAAqACoAKgAqAJQBYgH0AxIDsARSBKoFFAWmBfQGwgeEB9AILgiMCLIJSAlcCcAJ6gpaCowLKguUC84MMAxqDMINhA2iDiYOYA58Dp4O4g9cD44QBhAqEKYRLhGOEdISKBLiExQTOhRIFI4UsBTyFWQWQBZ8FvIXRhfyGVYZZhqeGvobQhuMG6QcFBzqHQAdgB3WHhQePh6KH3QfpCAeII4g6iFkIjwiuiL0I4okICSAJMIk9iVCJe4mUCc+KGwpBCmCKfwqFiqGKqArRCwaLHAAAHjalbwJmCRXdSYa996Ie2Pft9z3zMpaMrNyrb2q925Vq7vV6lZ3q6VuSa2lJYEACQmQARlkJJmxZPbVyFg2ZvPCJpABNQJ7jPADbL9nMBjsAZv5nj3j5c0bjz22cdU7NzKr1TKe73tTWZkZceNGZMSNs/z/OeeGgAVHEIT3opMCEZjQ+iQS2iufYqLwN91PUun7K58iGBaFTxLeLPHmTzGKfrzyKcTbe07PafScivPYq26/HZ3c+riDenA0Igjbn8MCekZYEjaEA4IQ9IejyERsOBqO6oN+r5tHgc8a9QYN/GgNjSLK8iga9rrQWqGVcoMy+GzhRp3v0KBR2OuO+pW1ohy16ezZsufEuqZiA8lUxBS+qdtvV+KzGOPiYP/LT23OiYzKWPzlvSf6RferrbQsbvbSi45m933zM3v2DOeXsa7JDBmymvJzalVBR8qjvRmxSmlQ1QoPYywh8c1Zq75vbd1BNlyTuP1ft38PR+h3hFg4I9wtvFUQGsPkvPhFDUNGmYkq5XoDrm/UT9pGg36jPoPguilLmuFKe90oLwZhDvlhBC+4XrhUGIh6o4XGV10f+XDUYW8I3Qf9VVRmNEoO1xvyPWDPpBsMDd/eqFegA4O9Oj6RXv/OCzdjScJMYYo5e3fv6M8tkPdWctkpo8C0UHRiEctLCpL3zulLRUmRRIxkQhQiTotUlmFHouJsxk01uqd8G1MUaJTmrLk/QtjQPVeSQgl7DsEIEaQqWIoUzdBgdUUUD9UQxojoEpPT2VEXE/S2yryhS4jIJc3Crq1iBi88N0Pykq44VNPwg2YgiZokiqRKJJFSiWAL52WpM/RjREMlYsw2ROObGCtEQghTQonbseDnxbCgSIQiDC+4N6pgb/9H9Ffo7wRdCIWsUBW6wopwlXCtcINwURDgPoBoJSNXrkeDUuDTGVSGGzLshkHDj0Z8EL3LfeAWDNzkHgz69Z9sHzePIjhqGe6ElxxmfGzHM0zXzXhnUM0z/rPpnnrVqf83JacxEmXPMjz+Jpqs6Lp9zjfH65Fu65pD5RTTKXsJ7OtlvMffDNsM/lH/9rfh81+WDx9efgrPiS20dd50PeMi/0C/buu6LOtbv/kTTSVxDkmeYWx9/fKRBCpcs/0J9Bz6AozNY8IHhc8Il4Svw9j0xyoJ4tWNxsILSwU0TBrG8jmRUy5z/DXyo0R2uehzAeQvLoSgyuEygp1Am5MXb8ghxjuUZ5Af+MkhuHqMfmJ3+r86atLObwGczk6bBy1gFrgOcNW4rAXXWHpacT1H1mNN142g1pdF0mv6uq5rUc4whwsnS8V8nDZM6G0G2Xxt99wswbLRnGppRIxTy5ZMRKx4nhzoukRxpCoISVJsxakUdJMCRxIJFS1TkYnqtmRm24ZORSJyRVBAg2QWwU9JCgJZ1iqmQplEyElJUlWQcKLOlyPdELHEFFU/WHRtFqiO64r7q9NOyjTfnZKVd5pGZM7UdzE/bJ9dWoSDxels3nAcN2Na3fnN2NCorihw0oGiSZKmMMbMwHc1y5GIDNqZIsQOojgURZFZLE8IFjXZ8xgLr2G2GQSaSmBLlA5cJsvsj91adZUgdEdT10Rp6+9NXWcIVO0uulFvwvUQw6px2/fJ7efwQfSccEg4ATr1KrB9/TXMBSTKE5ANbuJApeD+9Hud7jzcq8Q2cQPe6Iy4JQPByKOxSvGbZSFq4XrUX0eggj7sGvndVdQvB8k3l4J18BA93sY7812Co8PrLnQttrw4d2x/E0kvPz5cF+9YIgiTtK/HAZF6u6VmAawQFvENomxqinmdDsOOsRgNxfmXZzHJkhH5QKdzvtNmpsNacSp26YG9zIn/y/DkfBoR12xvXNeh5MjdoZUB20JFG9RSdm1sBNw60jDUFfpcCAMjdx+UFwJpFe8S8UoUfTX5v/G8ZZ2/kS9a73+/FYFpEvD297afxmX0rLDJbVGdDwb85wkfOzSWeXhB45CvT1QHxifPu42GMMYmabRIohHgYzB8uxT2xWPHk7wSJW7U+X2oqaVUp21n4sCzZJlSHSwrCCgYWbGrtDOJISUwJBI6LqZnHEkmyojJUqY8bVtp25NERSUE6UsHj5dmZ4wwbWVjw1AU3aBU1USdIM+s7c6ljEefGjUrMkYSMwxVZXIsy4YsK4pC47dgTUMUKZpKmW6QH7iLdRk7WFasSimlE2KYkSxbDkUo382wVAEVX3anr6oYPIBoGmD0bYp9kRwvnlEk0+VjKDS2/wj9AH1LmBGWwWbxMUwsArcLHFeApUnGDhbL3OWWaSUxIGBrJn534mkrU6LnL+WCNdtcjjN9P1UAZaykHTucSVlxFON43p5u5Qz1WzhjzvooZQWB/63pXL4ShtmUMRcbrhs3lHpcaiJdDdH+2W6jojwus3LRiRGTK0VP0wRJqG5/Ds73GcEU5oQFwEAHBWHsSBJl4SjB4zAIzrqAumDy1jBoQnKKk62X/Q8NucvhC9zPgJepvfHsDW+siXe++06xNgTvHV+dTotM9vzarEVlpIn01AOnJMU9sbR84sT9Jw42l6anl6ifD4I8uqcwM1Og34tnZ+M/2voRBnsRgi/HsqtjGaG1IFUC4UEnwNzohut8iO85fTIbBNkAbMA/gByr6HlBE1aFY8IFkOU1nMcmbgF+g9vAohHcA/iE0x0NG/w9ajBANfBZbyMWhRY4h355ntE2ikbdvMRMUm6RdZRnMCikhZXyuYcfu7mefJ6viQbRcxqxRC2rx40cs6cLEl3Xs5poEy2ryWqD+SYyQJpdogbHLOSpHkgoxlRRTdWU9cDAKtNkTQJBk3XNlq3fevSWevn8w8nniiqiFpwe/2yLQdAKWXnWb7M5wDZz0E7UPFi/AUJXAfgI1sDsM9UAUCkSGDBydgGsA7RJskIpWGOCpAnufQ5tgZ0sgKSOBAHM13AZwbDkaaLuBQL3l2OPoc9dJdxWvnLF8vk9ryht2nBShMMpSWFLIgOQhs7t/vye829yjc+C/I0/zow/bn52z3mxW0YyZlQ15CpgWgJQ7uHd588fT7tu2v1w8jnB5OgfQCZ7wh3CE4IwWMNwExILlFikxNrkJfD1JuaKBDenjVoiKNGkI+/L+4CwQkc0n8dX9OUAliR919Gk84u2c9/A3QENclS1PBK/VHUipC7ZuK4zSzFFHcChFBSk8HRILMXRlUdJJp314HYGedjDJ+F1oeqGuNKWAk+R7YioMuwRFqX4epf4asReGpNGsTBu+5Qdl0T/mI9LEdg6NyPG52NiKo6mvI7iFfD5XQaOUFKR1sWigaQ0Qx7cWLCGYCjBJGg6VmdULEsMrSM9QblPyNyJa0idgi8D2QHWwfyJBibg4kWma0SfkbEG96unYdu0RfwEb7yW+UitKcjQx34fay0NjksReK50IGHuI3xhaftP0PPo14Q+WIsVsBd7hcOgYyeE0+BtbxfuEu4R7hUeEH5a+BnAbj8nvEUQIqfXH4AP7uZxDvUGnIEMo2Tgx+uDYZcbyaSRtzi1oDdo9AaVweQ9mjhc7yfaJ173f2PLcluUnZQti1lwLrKjq4YCuANnwLYQJGLRVHRHFttb7zgw+avW660jk78Nz/e9eGftOt/zfHJw8ldHj1vAOgBZybHo+5JmI1cSJQ67iWmKiq5KIlJJsnXrvrNLS9qqtkdbbNn2HsfZevr/7zq/B0iY2f4n9DX0PqEFtnq4joYFBBaLAhCDhYiDl6QtjyxgdBXawm2U0Db4Zqsy6YospKhg20zT+pZKM0y+HpR4jShian3YMg1JkYOgAC5DlleZcqMshyDWHcdhqlaG3tIA+M0q+OmgUjWgs5JOd3fBedHtP9/+C1xErwebUhVmhQ7IyAqoMzcsXTi1UgLUOZ9OzqtUBlsLTKWAeutImLgMrxdUeqMe23Eh4N9erehAm88QakvgmNEK0dnWD2UDj25XjUvFf0a1rW9nG5lMQzq5eR+61uhnG9lsA8FGRe7BXeCyL35NVlT5B8Y1D4k/tfU/6rA9I2y32+2nG8li4reF7S+hbbCHQ5BpAZjS2HFzPmGiBtiRwZqY4PdRmXESEHFv3UgGe8S4HxwlHI1zq9gvvHbXngeL6UOvPaxOl22sAK5BJPX42w6JcnevhOSLt6lrNUUuLb+sXP7g6Oho4eqFzzSOlwar167N7rr6VevIPbwEGM+kgEt0vVmcRuhwT1Ii547frLXQ44cGg83GwkID3ok8bP9fQgZr6LPA9wHtDntRvz7mkVGPD2KlXCm10NzhPkInV/rHVHnl5MkVEW99p7f/A4PDgEHRysk9/ZOvPkmuEkTuF7AA45AC63tEuJOPxWhCsXaCAAnBauEredAOE0rIDY3GJI0lDZxbQZdoEjLo/y+2AJLw6lfdeffhmuu5XrXe7vTmO3ObddCAQqFWm2nW68UV28qvnjq9knfsjTAotoMy+B25rCh2pBQ1xw3L0++YKXZ8YLsK482hWtRc168EwXPdTqu2uVltzw0Gc61qDZTX2zzbn2o0cgXLtu380pnZaiO3tpavN5rVMKg5AMjnfEMPLE9Tp2vVmZoDvGMO2FbSEgSJzDyHJRgrHo8SAqfkePAGzo+EDYS2toXt5FPe/uH2fwe92A94xBMyQkWYFxaFA8JRuFuD/jLib8evNLjNgkGJ+HoA65PvaLx9Juk3uNyLr1R2No0mrXl6PevSGyq0zF5Ju8krTd/B3k7PNsusQu9n198MK+9Y4B1Gl9hutvVPbJrdxd5xiV1iP6qwCvvRJba1xaosxZs/w1LJ6j2wzHWkvv1lwIqXBENIc7s+nCgIv30jjgy4FHARqK9df/CW6onjh99/1ZKaw0dnWyc2y84I/Rc1zmy8/k37Nq7HM7Onjh6T+LhN5E0DiSsDFukBZtsvCCtojXtnPwGZSeQNOAVIsk9HXGbqDRN5Lyxwkl0pj+l3xMlHQlOgad/9P3f/Pv6RGabu6sns9O2+ipgWXnd1oz21tLF0qF5T8+2bFubq+yvLV6cPM7U+VyiIrdJ8Wmn2pFoh++DkAPv2feHYaueU7ppZTHso2tcKDm79Y8s6dVy9Fh1q7c/NdT/opES8fzj/is1j6eNtIiSxuH/afh4z4FSaYIP3hHEDlDmKRgA/WcNCg2gUkGjUIKMeLNGXvvQXL979vttu+8DFi93OxXe9+z3vBkR1R/83r7324pkzF06cOn/sWDmXPfpZtHz+tuu27vzs0UIRfkMoTjB8SVgDX/wSHitZI1eQroS/5cUkrNEC9hEltLcHjd3h5J5RBlsqZrJxtEYG9bFOwn0dddfE3hgoAVC+rOPFMFv3FREslKTKSijWHGPeUJ16Onz47Mod6zejyC4GS/O6tiBr0G7b2kFdn+qmyu2LlMarWsoQEQ2mGw6WmiKQMExFWZRVAKgEU8Af1AaSZsrvrG40q6aEKEAXSpnTnNPliFGj1txdO//g4u1WydLyebSAVCNVsdIdlM2huddQKZCQKouMSjZck6hKYOWQJIoS4CBqAnIiBh370lu3P4E+iL4AOGYcYUroaRLNnbzWMXxE3PD5CQadQMadYMLEIHL/S+u35ixjSVSdjLggE5dZnkg4IKjkTZWYBQxmSRXFDDAhSXJlmVHHdhXdA7iG5zxbmZ2nDVeVUsT2CtLe5azLYAOMh6jagOcVSfbrVs4zTUkqEDFNacbP2Z5t+yoQB0YkyVcUwGzchguzcL2PCVRwQOJKcGVOHySu7g17pW5kcRzARZCCD64B33R8htBHP4JDoNr/URI/Gs7OhR/56O5dHxOlrWURrX8Y401AE8pbnmJoDeO3uNWq+/xTg8FT+HNvkaStPxfpxBZS0ONlYQ/4DKfPfyrMceBRaWEQGYDXlWCGjxILmDSiFobRm/gPrrVg6QAR7OCA2RK6rdqpexkk+ZZSrDrr/Qh4TA0AAEZmMzKGf8BjtIj17tztn4hK8dGtJ4o1dLNmaprpoBtK3Xo1z4iIZBIjCaAXYyx3QqVmMxODJGCDARMNrOzReTTPd1ETWagAJ/o++rJQE4QQbroL/IFDF+77eNSIAXlMvsHu8bGrV4lI1yjVs/nX5o76gSQ5Vvqbqc+Emm2Gz6T+tGTk/a3/bLl2wY3QYpQOVBzFkf8q3PKdh2bnnAR3TMNv/gH85rywdFkCL3tb+DH/BRc7ujLUuRNa7000ctoys7lms7ur1Yrizux3LCtOZwPbtmzDCGTb0VRNS8XVauvu5ZV7nwfGMjudznx51OmUy65XzHfne53sTLFsO1TSdEOPZE31nCgEXmTs2/fkRrFYLCW8cQbO9ztwn+8THubczEvOmLNCAACDyQq/rd3xNVxGDSZJ/D8wAZT0D3nYlQZ+yMNxlbJPfRqChuHxoSYxkTLHipN43eQ1Gow6PR6xTYJxoODDXhj1G3wIZmRJVs15piMqu1Ko5n1PNLSs27VDEAGCZZOZZqxo3kJdjXVmmCBAPISIiIZESaZAyIDE23nb8+bsDMBhahDD2lU1qKKAYRJvRFiSOo6BUVEzIreAbCajsq/IQLZkTSvooIgEyXIEDJdms8daudA8PR1mbFCv9HSU0RAP+GEiEknhrFmkhCkSNlONDAiS2kOonNUNUbap5XQ6gbMf3UBUU5sGCvYujOQZpGpjm/XFRGaeAzQhjIDVcIAdgAkH8hRUgsrg2SP7548ckfVbbrnw67fMDzZvcfTuLX/zN3xfsv1bQglvoJOgpUeF8+CNejvBTjgACBRP/AQVynoc/kb8I7F3BbRGkpjQOOVlEp4/4vezxsM/I67hFAjdzpG4Ydy/ilNBnM/FfkbPGqIvffR1DBB8xV6K9flSaib2MYyBaxWLfmthob2yINqOmsnYxXmzcKizjuR00JhyzIrlp75qeEU7TKVDIzYM/Q1BqpyKiymUeVm2Wy2q+qBQ9kNuHkhgp9S1dnvXHmI7IALl/O75tTDdcU2/6FuOnQ2DHFA+Y4z3n0V/jX5bCIQmx27cXplipcxhlAk0lHGnl+NDs4pGDlz2qTMoRTrDpSkkx4VqVj9G5gfJykrrvlNnKGI33Ebmh0s1+Rjz6/lHfmOyUl1+5N6tf7rhtiS++j9g7G1UBtRjCUJ9YuqGk29t8+6rrrr7Dzbv2ty86yV8cTNp2IT7PTvRORdQVwZVBqMGS96VoMGiYO5b3372FDvWZTPtWbm/gYUtYd9stllJ56K5Y/lS9cbkvv/h9iU8hb4EKKQkTI95AqA3cAMBRyItlOTyRlFtgBqTaN4OoWkfHc3uM0vX/OBn3c8/Nbra29N27Feg2a3vtNQ95/akegd6vQN/Ojw83ygd+dHv3+k9/STaHLQ2xFv/+v1b39wM49auXdce7HVr1e6EZ30FeNZvg+we5yiPG4zEUCQ2jet5Qit4OHQnLDpKLAn0gq5AcNmO/QPvMnxxBoa//Ob59p3tc80gaJ6DhfNNf2Z6X6CZabed1k1Nkr1UYbXguzZjhpbO2qkgHeyZmXacXG6qOdOcbuRzjvPzF9s3TQXB1E2d2zs3T/l+86YLBxcXombeRETUs1fVs/kKZjYPJFOEKvlsfTHnKDK2cs1oceHg7FQjn3Vc187lG1OCtP0H23+GF9CvAQZ0Qd5i4AACc3pRadRzKoNSMAhKgwZrsAQYsmjQPiehX5XOnN7aRE9/ojn7iQ98YPpTn3rgA0X0dfC2PYL3Nus/U6redv8bjr/3vd9+4H8mei3cuH0JfQTub13YJZzkngSMAh++sdGFFVZJUtkmfIQJC38hg7uTAJm8ErvKQ6STDFcLNcZZsxvP7sqGsqQO9pwY/GKll8rMeXrWLMQnDuw7t7Q8tzoCmyYTMPQSAaDje3iuXC7RXh7nXANJ3QJ8m9nZ/X5sWWhPp70vpfQL7arlGGpODdvl1r7+cnV+rqZSqipgJCUChpTQOPWvzSWUCXOy0lxA6SAnc8xb3X4aMO9nQaIYjKvF+YiBapGFnIHE5gHt1JCwDbqz7+Kfon379j3wwEH0462trb0rP4228Bf3wt8Yn/8A9GJ9Mm6bwqlEM/63Rq7+4lelzoeuFw5bmEpgnHvB2CgXz+7KBHzs9p4YvmjsDu49t7iSjB2MnpiMHqOy5Hut/WUYu0JF7a1WUfn29B13pC8P3nxrf1rpFTpV0zWUvBq2KlcMniTxTDUMnwQehqLuv04to9E1C3jYT91xB/wnergBevg8cLnpnbwzxxZ5HPgmY73wykwZbBskydTEvidegHN3fvkJeYChqnBHDvuUOb/gLh5UljfxAQJaUaa7Ts9MLURz02ksiapoEhtdh0JnteIrMwi8zL6Ybip+OaRZndXN3TOFuGUFiFwALo1pqqTrxYhK2C/HxSl/3/WfH8y+Mg7VoJ6iuqEY1CQmqnlvqBc6OpMza4TiymZ4yJ9upGxNUhv5vOOklpW6EjuiLMXU1UozcdRuIJ26UeQGee1UYpcuAQ/9UpIz+LfsE8wTt1MwFMALLifCeDgaTwSAXyQfMV7xcJlzEpen4QLZYBxnUN+Ps1HoxEFseaoEaIOZmZOdcr65ZhFEX/MCzyyBTUGBm22sM0zASUqqmvLTfikH8ML1jVRM5TBotjRrbRqrODXGBLvBRzyPHhdmExTJ2e+4asBnifDSy2Rlvlyh85XLiGoP1XfNNDdObzSGh2oAgFzwnKrnI0LW0lNTkiIaijetB3OH7GJ3dm1tdr7knV1oM0mRDRHADAbAo5iKgRXGz4MKx7d/Bz2Dvggayj1NUxjyGKBXIqzhcF2AdwX8VgENehZqo0oBraNKozdqDMZqEg2ACPM+bNAIxtpzHN1efuvbogCGUtPfJ813yRy94azxy+LHxafX/LAfA6gLbXt3WERntt45PY3evDeK9obhnY+hJdOs7MtkHmvNvSuK5ubm9sbx3koaxeW9cxHYTBPG7O/BF50T7hUeAsw/Zn0Dk1ioztMDPNVAeChhHQ3ziOc6G0MeRS0DmE3SoiELShTUIuoC3+5xiAsvGFsTWTx1QicB2SR60SINOur1ASo1YH9XpH5m6fb86mxZkZGbzaoKZpoWlosNt7TbcdJZkpgDDTkAMLGcStWc6qgU8aA/2voLbAaBzLAM9I+8Sy7Wpz1YUpSmWdjruXExg3hUWySZYj9HZFYvVVTtTY/pvs8YUVKuxWr6we7L9jOjOV3XtfxiI88YAouhAC6V4jQgqbDsurpBcrVAAWEUFUenxal2GLquqgdFSwY2rfhmYT4P0JoQROIMwvGelCdJiGAF2Q5gO8spuO7HvSxP1DMjI0zyTk+Dnn0WLHYkFHaQV5eT0IRSuf8mh5gP0PuCfD7Yuj3I33729WfPvr6xcmJl5UT0QnMelR66/vqHrv9t3r7KdeFNYNt+Gj0rhOAVuI1yuJKCLHHK4YANDyqP9E3bNvv/3LesfP+fO0TTZtHJaV0npokNfXrr47MhMRP/8KHtL+JlrAqPCx8SPi58AS6By0gSW8cTrQI5SFJNayicSEy9zCXAlJJgKI+nwLZxlDQ08XhPHk6BfULKVxt1fqRokkgHwWqh5AAT4jMpG+EL9Yo3LnwB9FPhdQejnr/DBDlfirhL4rYpj1kLsevPOKaiUJKkfsCYGKKLTTNlUma4ajqVLTtEyefnwtRM2hVF2VQtJZZDQkw77UWy74SNlnZbKqXQIFaUxqBkDdJa0yOKiVRJZl6qkZ6tmCZgqSD0s8FsxvOCqUwo0agQuZJt0Xa+Uc+rdmgvKEGnMnMxHZF+EFY6gdLv9x+VkC4VdTBwxK6oaOB4VlFPA1MHKoY4dTdrihLl9OmSKYM4hyFRfUV1NcvjP23JYOhZ4CqKbaS9QNZkbE830/l2JaLUt6mc7QUiXF7Byk5rumcTRQNTldEMrOtgYH3dAW+hSTQdyJgytLhWAt+HG3a49Z+uLbnVudL+cpwqhmHVPZ/LZh92XfBAiPiYusyg4k4OdRK79Hgu5kqvgSdyTJJ492AUmOM6Lr7Cxgjisp9wX/2xV7/6Y+nYZeydKFUMYofJd8SOHb4Qe0Q27/Lqre86MX5v+vfsKLRh6S7vzXYqHOcA/iv4rxj8l5dgy6A3HPWShFBSXgCS8jP3z5x++0cuzM9/Ip7vRrfvwsKl9Yf+nj66sV7eu7/0jeQY24Ahf4S+whmRXef5DhAkl2sQN2KcwZtSkhsFQIgYc7SIZmcl45j3s3k5pLoiqs3qgirlUuVc2hMV08bBIQe9QVMZ4B6sM7OytbUwpxCsxQOdubojIlXRmASmpDJkG3/S4+fwhe3/ic+ix4RjCUNKIsw8P5tEQPrJbw8mKQSAFUFSmwimeNwtcXQ8T93GCeoYY5SIVzvue+D4+k1peVFzirFYBraoBF6wPlrqbhSno3JU4Kwc64ojYlXU6KjdqC+g3mrINuxDszxfMr3PTWevaR1/6a/ev7HsPhKnPeR6OdM1ZRrMz7ZGS2EhG1FdlIjIwLdzXXM77W652G47b220T7765ExlpdwYY87nhBE+hBaEA8JrhbeDXQEWXp8gMLiC3iT3BNLI42XjxjHvThw6v5xx+RvgLu6Ukh68Q42nrS7zdI7b+jyyOylx42MxEUHeYWw1ol5SdkLGPzKJKo16FMa7ksC7Ma/aMMR24KSj2rRmu1MNK2ukfEOSqaIWkVzTQT8zaTcuOCVbw6I6LSqyBMNYmMqWVMRsRXUylShdD92MqClgLTCWHEv3SZDzMhTn/EylYusfCZWUYsaVaFWTDc+L6lWrj4ilq0gxTRAixTGuZmrptcWUk9ksFiuxlXYo1jzsi1Iex4ak604sB7qv6ami4rmqjPx05E95SyAaWdOP/IJDdBBiy6LUnHGtlIVsD/SapRftILAsI5jaiLM5YzlVTeenoGnB9byppq7LRqfMOfS/bv8h6PslQQdsMwUgun85HFcpE6fn9Ib9Ri+HBhPzPBn9HMLlbMZxHfDymXtWEbqnurG4/56FIMdEdHe3aNuZyHa2HkObW0+/81ftNkKjw4cufXIztlXntxK9/D0hjzvouHBNkjFKfpQDi3FYsH858wZfCfLuvShCmCR/d9hx4MOOsFsBJVLEcf3wuj37F1Vn3mf1WsF1CBENLz9VmRFxbrmx3kIzRC4WWo51YEFLOtV1xTIsgj3k825Sfrm2Z6bEyCfcxesW1XAjQ+u+k8GSptpGUF8UST49M7PHclqlokwW9HAjzerwGw5gkVyA/PoCLaanUbFlCC+qx9aEBo8kX2lTR/4y4nn9GQCP4+9yDvlJ7CuIJtt40GaymIwI9AkuG9qaeb0Jd9/kX+D+nzDyWjPQiupCOUewGhr3/ocHgCn+hwf27o0NI2X8NbyTr4yu/8wg/Yu6/vG1oqvpcJ48p/ccTgF2VOBMM4Bk9sDduYnnXhoTzsgz2y008tYQT8Uz4ChtwJG9CCf2dCc0GnLH/285ZCOaFPLOIH77Qp7jD8dJflgPEzwK2BPMcJ7RR5cPU7ZWzhD8C0QVyxLG7yeaWH7PcrlzO2C6dByBUsVRSDkQ0O3jvMKOM0TOEQn68KslWZb2YqyXACN4ko5tqpmSRoIaEkW9CIfDTfmRqym7Q361V9VEZMFuHtbErf/GF26+4w60oiBSazaNcHZ2ZhopLhGRyL5CFU1RdJ3HnRWVfYPRqyVZIfHaUxqQFiIVdFkmRCoetKko0WknBF4mCMr2R7f/BZ9GbaEP48nrNx8GzPWfhB/zqqVGfzSuURrHwnmtHIgyrJcblaSOjvqsUeaDBkswfmNY1L+cyGf1Mi/jnyQcEhLPa/OSGAfPWSflwOPdxt14C+8VLqOkD9yqUb3X7YW9Ce/lpXw8i82tNrj7sbfikBAa4QVOv8K1cwBykHQOI+ZHQBqHq6CFYZRF3JrzOHiSQh1XR3JbPDHQcJQ6T7WjcQG9iU8hQwdIJCXwnoiKZCmE6CFPikgO8TUATqIF6MxG2NYAh39WDkwJ7gehGYloquiKCgmCKMqLWOKFW/pwyjHhYKoEuNDRTKYiLfDKOZzEy+H29BAYTKCqskRCVSQIEV6kqlGKxKLIiYHFA9rpi7wATBKRpOoSwkS1eBGarKpK9XZR5rXvqhFZbqB0SkgRAbhJcsXPMN1hH/Uqot6WRctikmE4jKDsy2JE+31jl4FwKiAKECUZZalRzEjIDywT0IPMy9DlQgMYtKjoRns9Dzgi7RsMYSrplkYkzZ+Ck2AG+CGTGEiWrWUrtEDIjUAtOqbKeIEAjBVGVJcVOCAAQlVzIzhXWfURCDY28znipGFP2KQjhmQLOiJqiS4QMBFYEHgz3fPKQ9lWahFC2tVpqRFYhlpNj/GYkMOx8Ic8w82pRwne/kH0Cwdzn77rrk+DnP/u9ufxIvqCcB1I+X3CzwnvFZ4SPi98VfheUjHTS2plh9yTBDSYSPtw1A2ZT4MQ4E6QREAB8iTizlPelPkzE1Pvz4eJ/wfJA/EFneGIDcQ4qg9oNK7a8HeKevmxk5KNSc0nF8VBEu4YVS7HuUBFhhxvedztJJHZf6f7T/YeH30cFktOkHUWQag0RUIAbJBk6FSpq9/4GhgMHMyBXMWhkVdg9AH86yafNAHS9Z7399LZBcQnUSA2rg8mHlBiVcdyqCEuhQiV35D97G5J08S/+zHq9KdmO3PFkeZSvxBkKPKrpdlO5GVNDBfsRa35Lx2oovzwocZgaqYzVxrudAyu7OfGnzNlJQb9MQzgFqA9EkH3cbXBSCkqlBUskHQ+1aPCyytDytn67rc+ehiujVFeE0n5ZTYCODsCiJBKhLGs/2R3fm5qvXoAdS884FdFKlEKKBir8uaTb98g/cw9teFq5+rpgojqcHgnqIaz9SAdSHKumtv6e8kHki/J7o95ryPNf7/X9zFaeOvDx5NxmXnrzx/DmGOXvwZ/FQNXmRJmeWVyA/D9OoKrCxIzAwibJ3mCMbiHf8kZOd6Ai8goaIwSp+Si9EyvP2OY+U4h4som0nTZdfOK2j3WdRSAgzwqcBBw8lX+6IPTmhb4/v3FUTVrqxitEStMxT4Fs6BpTiqgFBoHUrroqq7iZJVfQ9/sbk0htgTWJCy8ruHKsswQYOUvAh84iM6Dl42EitAe+9edaSyjAaAD4PMcHURXLO+08z57zzx05szrz7wNbZxZR2j9zMbd+JVP3YfxfU+98j60eecm2rx789m0l816aT+TeYupmiavyjX/eynXaORK2amp/yM0g8AMrSBI6qO+hP4VxlEXcoBQ4HwCj8dNk2pZC416oyQs2giTBmBiPHsBIIpHOblCVy78MNVpWLJ1+95zxWvoPaUb991uqXbVtG/bd644HW6AjMf2RjWekfCygp5368tT+469ZyH97qP75+sz+/YffQ9qnMOW+zpUTfFKIx7vgHNKeKgqCM4o4DkEnkx46n033fr8X9xsP4zSH1p7Irrrh1+75bqnkv7L28+i54ErXs3zt3x2xJgw1BtsEtPgQGPQaeGxo20hXh28UxLOaHg5Ych9X1I1y2VmJdM73j1+8cz+aEoOMMgp/DGwpBKf+8SVoCTSUuwFkmgSmoua/Y2lXcd8TvUxkqU8YKTi+qh0697T94bWNYrvgQDIiggbiWGBYTD0+DE5YnJpJuXpjjNnROUbds2vX7tUjmQFe5iKRF/hGFLd/geQdQfGY59wCyCy+wFFvA5wxCPCE8J7+Fy4cQkxd9b5ZAIHXMtokPhcHpwpAz1nXCESHDBOd+JKkoni9Yp8CtvEek4C4I2kvoFnPWHwhslA8dHkRahDPkrRenIsxi0jGw2inYTfcJJBqJRVeowVgviq+uwxX41EpoLTMV1HVWLJw7hh4MDCpbIbzLVXVlyVBA5FmQIYIiuOZXyfaBbCXdnScb/SBl6jpHONUr6ddjC50VZ129ZVg9smTDsIZdKaZeqmrpmpLDLs0LZDXUoS0Y8ccOfuClOZqap3c55YUsRwOgOCqSggZMaZpg4uVkorXkGk2FQVdSruXYNgY4ux+dByc2H93CuPqOCV49n1a4qFj/FD21WAdiJYqExGBEFIlcBLJu0NwJ6YjesuF7YvoedAFiVA0kLklJxawAt2F9GjW99HX//6bixsncM3PfN/8/zpH29/BheBGzR4hqs1DpbNcwnt8oqCHmghL8uhHDuZGEzZiO6U64RdXgre66+jiS9tjSc7muNJXy1YLsoqwB5KKCUHtpod1c3iOQrIAJxBrXrzbRdP7bHvNqaLqK7IRYNqiiZRCVEkpYHalZEcZfPALIwUNaPI8+qK8Uvfz8LRJF7PxCf6EMmy0rJSlu/6qc7cQIv6J3pvNjcKqMFYyHEI/DaSsBinbLdl+zbzOE9JiXIU+l5aknnc4HKOwhFKwoDnKXiqJZmhSoMWAq7Zn5ShArBM1ldQ1F+TunkpsYQ7gpfwISS+45vvENG584+cF298443iSZEammuGpqsZVJzbmIsLs4XC7NMHHzxw4MGD4Obufsc77iYU779wYT9iePcNN+zG7IKTcQzKYSE1YHHl1Kmn50qluRLc1xPbz6GPoC8LMY8meb2oNxpbENClpPCXBRWnH/nRFeUH4IlO9ESJTF2350S2tVioLtowwEtLRF2o9tfX52uL4FGfWcN7bzva2ZyLcxlEvoIemXvC1quzR3avHm7VHDXhkHj7b9H30WOCNa64iwY8o8B4lrUy6EVBja9zIQsqZHkm20TvbuZml7ceP3Lpb37/DUfcj+8utV73ulZp98d/+aNH/rH4zNWJnMYgpz+Esc/CyAvDManggtbh4adgPOXwBQTUEhsDXgEDQJ8Hs4PU6sW1c48sdQE7GIHu2mk366Zyq3f293YME4ma4YG5XJ0p7r1p73tfd/fqo+dXLxYJ1jWNNETVKrG1Ny+fBGkzNAXNtZpLK8snTy4LCQ/9fbB1CzDOhwFJvlx4UHhMeLvwpPCRSYY/6g176yjq9LiqTAwTgMB6ozIOCwURr8zudHcmKvEr8icThBO9GFTgZvHqgElBJeBHPluCm74KJyU8b8wtX3S5/DkaV5SMeskk49Fle3jlTCGukuObPt8rFkO87w5cfS1AcOzG6XI5ncvjmxlGDDAAMMurs+A+dCr5emU+E74pkO1VZ20BV+aXsWOKsujk8Wzei1KNQaG7kGpU119RR5aRme2mZ+frR69qn4/qqXQtciNjlM8N7cDYV68d+MXYc+PY9eKH044XxZU0yzblQi0XfaUw507jn/WQhe1St9rgkX6UzmbzgPUCDwF/IXS+Ek9pt44UIikuctN72rJDTU8txfnl0Gjemu3VYolNzXiFMNOtZqjuVXeJHpgFN5XaHQEXL1aq98EJl9MxIm465Tmp1C95i6Uwk595UVxZFlwhLwj+ztiCTIGyV5JsBs/VVmD4pxam4P+G95+95cD+CxefffM1t+x+2XvjxampbK7xd7ecff8NF/Yf+I1brnnzsxdPvO+e3cJkjtpz6AdwfC4zwmjHtb9oQmtjp/zihVq0JB0+2nH7k1cnnOervHaj3hjVpcti0ChGUcktdytxbGie22zEgW0pbHp6uTFVjr1SGBclO1eZ9cCrpdK2I6OGRdnsg2fTgKqXaoMa/F8blUpRZNeDoOR7vqE7tml6nucHvVrVMTN2KioWI02Xi6nQcbzAcfwgIsX5TJqx6d27ESuk6/V0plYb1508h/4JrjkjnACUlOjGznVPqpom1xclVek8s9sSk2BbnnBHnqR4TRz43MVw0W6JMBLHl6bKbnTr49Q6vlQpRMGFJyTvFXb1TLozncrPDebyNd/P6AqvwWP27no020w1l5abcdbyMromW7oZoP7S8VB8/NZUOl9cOm6LT1xIxaV3BdFAi5vZfNO1FNdwHD6Hys+Y2bQS1NLlpqOHnuUDEfYczZ3U1YxlpsD9AlzfOkpwPdlBdmGUWN4GqUeT0p96oztGQR4fAQuNy+5s47biG6x0zq1E+V1BMzcnhY5sBOQE+uNKkFo3C615NJtjSYttXBUfWjqF9sNaXJs/35XMIGOFceTdYNl8SqqBbqK+F7jWqZSsU9vY+iAl0NepTC8e8vMvOu8F4SyfhbYugSt3eoPEbS+jQTl53MCowgbgyqUcsiRQg5YUjU0Jv0NRN5oIJU/J8tqEBhKZ7qY371bWxaJqVXJe5OksRqc29+8bWKHJAxnjHn++OV5tlnc1l71MKeNVc/ZUYbExCgqlrCTVGt6TewuFTC5KLWzdezcdmr6xwlylQR68+S+1KT0dVN05eafHwnh9X3l6Kl3WZaSpMTKn8tMNWONzgdTIHdvsPxFSuIn6gNcLwrxwUDgHGPVhsNrcZo8Sd87qSSyovxNf5g4miSIN+WTMIPSZPyb4Iz5HfdKYaCkfgEGy92DYjfyd3cuNpDOfbjUat0c+bBnQJESW1GDxjuO1+qTUdDydfecZBI1+Hai3BDy2BBwY/inhU5qRNC0REWgsAJ02D0RJQH55gLED3yriZS1g2BGe53xU5x8EvkiHgGElyUcTIYCUsix1D4mWmZuZyf0eEdGtShbjPGM5LJaNVAZ4/26ixzEVRWleN7pEFJesNeDcmbThh0EmY0mS0plPG31Rkvai3GCkUer0+lkjjhmlNE4ZfhzkMw5jTiYfxD7ajWS2G6FPK8qnEdpQlI17pmsSD6Whq4a0tadFSb4Lvh6Q6Q6/coE9rwlHhdNXIi+WpJrYpIKuByO5hCaVQZwtjOPtiRXl87ImrbyghDeNhpPgfDSumZnMWGhUCqfnR+fyM50TuiKiq548BIOm6Nrxk6eOqzERGSa7DhzYhbEsYmn/0aMHpFjSRiuLIx1wpDjau3tZrXgLxaXmcLnzpf0P7N37wP7ejdX6dG+2dtvDspHPG7JBi0V2Gjh2NouowsRCQTpmSOmYAbbFmaz0m3FuNiMwYbj9OeCKz0yqrDxg4TzaDZiqx3hMq8ZrNUYRa1zxBsAB9BMjobn1355/XvyaeEn/iv5k9OvRqcoDVX2mNHPwW7/28T96+czhWX/mJdOj6SdrF+v/Z+pX0j9iX5WTeWT/z/bncIwuge+rC6Pk6RjneDaQJ9h5xItR8H3jshsRkEq9MaS8xiIhBDxROal1GTbq0QTUjBs4VnGhK8h2C+FkNmmdZ97tTu7I0ULoEU2xUxkeklFVLw5jNV5aDbPKzIEFdebA57RhIZ9TjZadAlqrx9kiWmvP7VrwYy74NBUspjUtC5BfyypeHLV9P4rbyq+8di4bhMV4bSEVDGolUA6Jykw3AemrKI7et3+RH145BEdWR8WqI8VMNjql5p+0d63PL8xaM+A4/OyMPYNG2aymmWZW2/rHtqr6bf4RCdL2J4QaPobOCEWwoNcKN/IZW5O8qZQ8i+IyAJs89KXGfV2CUXcc/GgYdQuIm1DpMrNnL8z2GpcKjclqsmmCF7hbOTaVjWsSQo6LJLQ4qNcHg/op0khD49a242bDXMDL7MFQUIvJjKXMfJBDL7FyQS4XMDGwmChSC3g+ExXl0WoqVYV3lPX9XM73sz9YnCpEd6jomvpguDlcT1f52l4/B3prMcZDsyLCaib/pUwugMPK1IYDyTbllQ7i7/YqlV5lhR8pyGbHNVKHt59GH0Vf5JX2XlLrE/LpLmwCdtgOpkli7yBVySyQcFz9dQUoOi7tL05P3ToDhkwRwQ3bVtUSbSuTUpeMVm348z1eUo4kxcpoJykyNFOzxFDO6RmkHenFuq7HgbvqIsrNJ3gsTZNlWj08M71uh1I28EI/NJAoY6+hexIDVdclx5lK6oc/CfzvGHCQHK824FFlXmTAYzM8HsYaCbSePP+lxmcWjTf3Ejx25N4gH5x+8My+lg/fq2un0b2tfX7ev+/0T505ceMNPML13ZUTJ1faQdi0fN/69uqp06vnwuA833LTjWunT4/HkPO6t4AtLPOqwYRKjyscd+YpBPSF56+sopP5IMhIh17zGlEynLBRL2YyhXI267qy/LeHVNcZ1t947OFZw2Ba+hqbUkWxbc+pfVpA21/c/iJeRb8r9ASBjSd6AQ5IqBXiyRNeBsAzKpOENo9h8zdXdVIp77Gtsweny07ENNN1WivZYqbozj9+jXj1aLExV7em67XUlG2tn35w/0tloE8po+hjSTnYxra7WK4UVg+KjjG8elqNOinJbuTc/mBw0+Ysx+a57d8GHvg7YJkOCw+MZ2xww80uP1jmigmRw9EkOVyPRjvTR/n9Guf48kliMFEzEzM+kZcn9vg70T0rKQGiFT75FLYlRWmDYb4zOl7O6zhOLzabnlssNGrFoutpkW/2e9ccv+PnZSWVz4U8bUcw1nVfkkJdFGU+ZTzq1V+OVYVmNdUrwMmKmFAaysx1RrnZgFEgN4VSTlUM9NDmaEWNfWV6dqVRKnmu65bL9VJaNCpTh0cLLx+KYlBY2NdLZbJ5yjRR0XTLVGV5UNGNuayi+UFpYz1GBwPdYAYhYlbX81XHcIzIAfOqZuxySlWB0JV9g+DQJTxf8i3AgUWQK6AoZI2so2SusDSeYHvl9NIr56KaIiAWntrAjRafTjSTXWyW+HMOVBl+TKGyaPuaEYRpE0mhxNxYW5ydo6zvKUQZrB8a+EGdBw+vURBRzdhEg1I/wx8aRaRUcbo2a24Ms7n5OGRShmFzz1QBidNe2nT6L712c87Qg6ztAcYDCET0ZP7Q9le3t/Eiul342LhKjD9iiD8yo8tThtGLn6PCJ9MlqXtwSskzZ3phkBQU8tSMP54aM3nYCk/+DZPAlT8+JrfE3Ynk0MsvE0V+UioTXlHeAQNW4aWHSWA3mbU7sWItvEgZo+DKNIk4YJpFjRImMeRnkZSUr4AVZcTEMlFskdUKGVExNZGqhE+fwnwKlcQzfliNY3BmVJY1STUcJnmmrWLsKopiJtP2gC4DzBOJimqBbxiGqWkgYSop14ihmAxgssjKpje1qx4NOoiXlFKCjoBo8qe/IFW1yXQTToLgcbEpwkuqXOeVddhSOJQkElZ1kWh2IOm6okZwL/lBDFTo63DKspYkiOA0RCtn6cCkGLgPSbT4dENRVFApk9EUldfZEjqDbVVGOF0BqRWLtdzem7EiS5JlCgzu7SW8kdSJrwunhJcJrxd+Q/jOOCf9wqysEG7TZDEhMONwFwCTK6zCYCzHkyxx/SenVydZ6393XnXg83b+uIQEt9DAe2H3iTy8YH5hy2BSvc93LyfVPv1//+fGQGAHsvKWhXMrq9kgMk0GGFOaP+ww+BKl4tz0wXvW9rzq6Ia03F6xrKP9Nl3qwEL/ROhfyxS7FsWm2bAV2ZqKQtepmcTgcmbKIFQ64HBmMnoIS3wOFAUuoRL8ISRSxXXSqZlVBeyUAiIjqiLwCExnC65j6LwkXnaJqKhKOWWJWAQ5lQhJnm+i6TafJiBJ8u3Xnl+OddOIbQAWGAehZluBxICCzBYL6/3y1JF0v5DC8nS9JYm9QgpoC7A2sWZZrluyNVEt2q7tVB2VajMGHFI0ZBAQnR9clxVS4882wYrCn0cEfnuZT03gUx3MvbNw7jEPCwEcAHhHkONpRrGjwjVK+zFcJpxDxgll2dABrSM+nHAF1NQNhEQpsRt/JTCwfW8U7gK7MRj1Ij61baz/vVFSy8ZdadLOURyv6ktm4sJ9KkN7N9nAw6cWfmHLzh6JbSDmTpI4EQf+CtFDCHyymDpNFpnYUE1epn4blmRgclK9KUvElrie53cjSVNEnQzxbvEigFcj4XT3IylSNfbTkqFRb3ZgBpZ9mw2KFTB0P+i/KiKVymuff4WlXu2ngf4ReHNVJIqiXX2tTXnZgML7idRlt4qPoH8wWfKUPBUh2BkpsrP1ZzqT9drN9wAqrH97KqAANCf1c0nM8znBBz62wisF2Yi7TS7UwMPaHMtWzMSX9kZXNprIG3Gvm0x/HiV5Lv7cgRe3VfiDmdYHbp8XYffCgTtnGK4lm+bS/DBpzPTDgTebNGaWvzHw5nRYVDLL1s7mxpBvdmzYbMFxQD7SfeWSqoEZ0oJnTZcPq/5Xl1QdSWpwyXTBiiF96293lrRxVxUpO321cd8XcVFNcIRdwsHxLKorZyuEEaEjbjtCwPz8iYGNcn1YQJcbEpuQRLY63d44TQ+92zxByUuHQWIu10vNH1p5hV+34wboJM1c16/pBgWmv5aqg5Cw9MnI85FGKI4cjPbcuHrxlmKlWUOH7huu57D7IK+jeoBXVH1h3705NGgd5eacbL/vNgzfnPrD2tbRFbtUQp5kqtRJrS1t3a2a5KvPFF66sdbXjFJ/HK+k25fQXyY5Ik0Q1lGjB/zS65Gowk7vfvnu04c++apP3vuq6992//1vA1O79bWv8Xz3B4U6vgnG6YCwyZ+0QACrjouqTDQPalCJRhWuWaBuHd6aTDPltdgIdIZPT82h0qDfS2a2AmJro0qbj24tIg0GFPcmJP4Y1IBUgN7cf9eyovPpnD8gQAikvW/kdcJI3ERk6x+ptcgdy9sXFT6VBZ87P1008QJGj4l8AijDElIJeucFUceI8WgKo0QVX5PkRO+QMcrnwNyJFyj7BE8O7Ra3/gxfWMSLHIe7wMv/Eni5nmRXwggQQo8AF3evvS2ViYsXjn59L3rmfY3OTPvdW9/97ncT2dm7/RX0HPBqD/RmQzgjvGIyVyQpJvSTZ7lxVzCaeJXRC9WNXEsmXi6HrkD448eWjdFauOOD+HE4UuNPZ5wAtfFcojafV7VPxCa7yNOOknYnszCZBRhqTLdwhA2TEE0+jA/yafIGksETiF4qpau/QOTdIsVYoUaW78juBtOMqCZJd4J1xSzHK5cUskzflvFUDU+LiqRKqljETDHDf+EFb4pkM++XphwRGa/a+sRJDUsuJq9gvMpJVRUm009TSZFvAMsjG3M2eCfCcAb1FVwFFCRK1G7osnQzMDUBZLC+/UX0A/TNZAbDPGjhUeF64aJwr/BG4UnhV3h2aPI8PD4e44svJ1HMZP7LoJJkw3q81KwyGKMxjxfyBzwjRZMpqFc8BzRJKSXljjyP5PUG4eTZRmxQiXh9EHSqlD1OBuEYyfQa2Cfyk24VP/ABSXLmDzxwkrOPBn3YqU5wJdP7Zi9b5kivnO19o5+p4EIxX7ixnPexW4j0PJdwgiqebaXTmsQyzdBxAt9zgoymM4VVMqoVpw01k5GopjKaYUzJZCzbW/b8qSx/HKXe93w3zMSDhVGmzCOB5Uz7YDsz/snM+z/84SxKHTlyuIauuRqwAbiPrTenXPst96jKy3590/F85yovCAG1HeFPcth6FfjVY1Vz/SPXU/OwjtIP3qNqL32L7f6tn5pT+RMieHVQkKl5UezyZ7rYnDNvg6/4BfRlYVYAtal1QU36LcLvRnl+MEnfo/LkEaBR0Kkk1QwWClFESuX6wOH1Echt7dM1RBVb8yoUeYom4fpCA0yy6iFW9pwQLAEKv/e9rdOqCWhGavEnzGr5VCzKihg5Od1Q5crMTEVWDT1vR6Ii0/kgkNDbtrcFU0W/LymM/H+MAQzaeNp1jsFKw0AYhGfbNCIU8e5l9dRCE3ZDK9KT0JIHKNL7NoQ00CRlmx6amy/ka/guPoE3nSQrXjRL+L/dnZ0ZADd4g0D/3eHJsYCPneMBrnBxPMQD3h171Hw6HuFW3Dv24YtnKoV3zd1j96plgTFeHA+YmzseYo1Xxx41H45HkPhy7GMsIqxQ4cgulm8z7FFTMUGCKWcEBY0FZuSG9wX7GyoKYFUdLzbP9rWcJFMZKb2YySYvdqbmZUPPhHqDAzdVkhvODVIGnHlkGIZNmp0PhhBTXNK0nZaKtAsOGS2x7IJ/zfoTzRVgzv+nIOKqrOPKZqmMQiWXsg8laB3Mg7beP622zLM48bhtIenXOobdbBtgm9pTXpVSKR0qpeTfPt9tQUr6AHjabc/HblRBEEbhe8aAyZiMyTmH6e6qa5tknMbknHOUYMOO9+PNAMFZ8kuls/xU3aD7u18/u8nuf/v65+gG3RgDxljBSlYxzmrWsJZ1rGcDG9nEBJvZwla2sZ0d7GQXk+xmD3vZx34OcJBDHOYIRznGcU5wklOc5gxnOcd5LjCkUGkESc8U08xwkUtc5gpXmeUac8yzwCJLjFjmOje4yS1uc4e73OM+D3jIIx7zhKc84zkveMkrXvOGt7zjPR/4yCc+82X8x/dvozIc2mKrbTZs2t5O2Wk7Y+fsvF2wi3bJjv616Bf9ol/0i37RL/pFt+gW3aJbdItu0S26VbfqVt2qW3WrbtWt/l31q37Vr/pVv+pX/arf9Jt+02/6Tb/pN/2m3/SbftNv+k2/6Tf9ph/6oR/6oR/6oR/6oR/6oR/6oR/6oR/6oZ/6qZ/6qZ/6qZ/6qZ/6qZ/6qZ/6qZ/6qd/r9/q9fq/fx29bHvQPAAAAAAAAAf//AAJ42mNgYGBkAIKLjn8Wg2l/50QYDQBKNwY7AAAA),
+		url("./zocial.woff") format("woff"),
+		url("./zocial.ttf") format("truetype"),
+		url("./zocial.svg#zocial") format("svg");
+	font-weight: normal;
+	font-style: normal;
+}
+
+@media screen and (-webkit-min-device-pixel-ratio:0) {
+	@font-face {
+		font-family: "zocial";
+		src: url("./zocial.svg#zocial") format("svg");
+	}
 }

forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.eot 0(+0 -0)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.eot b/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.eot
old mode 100755
new mode 100644
index ff8829a..050bc1c
Binary files a/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.eot and b/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.eot differ

forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.svg 1252(+1104 -148)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.svg b/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.svg
old mode 100755
new mode 100644
index 65f7bce..a789a2a
--- a/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.svg
+++ b/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.svg
@@ -1,151 +1,1107 @@
 <?xml version="1.0" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >
-<svg xmlns="http://www.w3.org/2000/svg">
-<metadata></metadata>
+<!--
+2015-4-11: Created with FontForge (http://fontforge.org)
+-->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
+<metadata>
+Created by FontForge 20150401 at Sat Apr 11 22:32:17 2015
+ By zimbatm
+Copyright (c) 2015, zimbatm
+</metadata>
 <defs>
-<font id="zocialregular" horiz-adv-x="1000" >
-<font-face units-per-em="1000" ascent="804" descent="-196" />
-<missing-glyph horiz-adv-x="250" />
-<glyph unicode=" "  horiz-adv-x="250" />
-<glyph unicode="&#x09;" horiz-adv-x="250" />
-<glyph unicode="&#xa0;" horiz-adv-x="250" />
-<glyph unicode="!" d="M5 308q0 215 140.5 355.5t355.5 140.5t355.5 -140.5t140.5 -355.5q0 -182 -103 -313t-280 -171q-9 17 -33.5 52t-34.5 56q64 -26 86 -26q16 0 16 50q0 93 -17 93q-25 0 -97 -55q0 14 -15 12h-5q-26 69 -26 123q0 15 3 30q92 -45 148 -45q31 0 93.5 18t62.5 39 q0 13 -17 13q-26 0 -75 -7t-75 -7q-27 0 -59.5 14t-32.5 38q0 5 1.5 7.5t4.5 3t6 0t8 -1t9 -0.5q9 0 26 -2.5t25 -2.5q31 0 127 36.5t96 56.5q0 12 -18.5 17t-34.5 5q-14 0 -42 -7.5t-61 -18t-44 -13.5q4 20 4 32q0 47 -25 109.5t-58 92.5q-27 24 -72 33q-28 36 -87.5 65.5 t-105.5 29.5q-9 0 -27.5 -3.5t-23.5 -4.5l-22 -31l6 -1q7 0 21.5 2t21.5 2q34 0 78 -14q-28 -14 -49 -19q-2 -1 -13 -2.5t-18.5 -3t-14 -6t-6.5 -11.5q56 6 84 6q38 0 60 -7q-77 -9 -118.5 -53t-41.5 -121q0 -27 4 -50q19 -120 73 -358q33 -154 37 -170l1 -4 q-160 50 -251 185.5t-91 307.5zM288 432q0 -6 3 -12q-1 16 18 28t36 12q8 0 20 -5q-10 13 -29 13q-17 0 -32.5 -9.5t-15.5 -26.5zM321 357q0 13 10.5 23.5t23.5 10.5t23.5 -10.5t10.5 -23.5t-10.5 -23.5t-23.5 -10.5t-23.5 10.5t-10.5 23.5zM361 368q0 -8 9 -8t9 8q0 9 -9 9 t-9 -9zM529 455q8 13 37 13q13 0 33 -10q-10 22 -35 22q-31 0 -35 -25zM552 377q0 12 9 20.5t20 8.5q12 0 20.5 -8.5t8.5 -20.5q0 -11 -8.5 -20t-20.5 -9q-11 0 -20 9t-9 20zM587 387q0 -8 7 -8q8 0 8 8q0 7 -8 7q-7 0 -7 -7z" />
-<glyph unicode="&#x22;" horiz-adv-x="1294" d="M0 402q0 105 52.5 188t136.5 131.5t180.5 73.5t194.5 25q29 0 43 -1q115 -6 226 -41q87 -28 166 -74.5t146.5 -109t108 -146.5t40.5 -176q0 -13 -1 -19q-11 -152 -120.5 -256t-268.5 -147q-107 -30 -229 -30h-8q-201 0 -315 53q-6 2 -7 6q0 2 3 2q1 0 3.5 -0.5t3.5 -0.5 q50 -12 89 -12q24 0 47 4.5t43.5 20t20.5 39.5q0 12 -6 24q-9 16 -58.5 33.5t-114 33.5t-75.5 20q-80 26 -139 66q0 1 3.5 9.5t6 14.5t7 12t8.5 6h179q9 0 16.5 -21.5t21 -43.5t35.5 -22q18 0 31 11.5t13 29.5q0 11 -84 199t-106 231q-6 15 -16 15q-8 0 -13 -9l-3 -6 q-8 -15 -52 -114l-107 -238l-7 -15q-95 109 -95 234zM218 236q0 10 54 129l5 3q6 0 32.5 -63.5t26.5 -69.5q0 -4 -5 -4h-108q-5 0 -5 5zM525 113q0 -45 47 -45t47 45v388q0 45 -47 45t-47 -45v-388zM710 113q0 -45 47 -45t47 45v181l92 -185q13 -29 41 -29q32 0 46 29 l91 185v-181q0 -45 47 -45q48 0 48 45v388q0 45 -47 45q-35 0 -47 -29l-138 -302l-133 302q-14 29 -48 29q-46 0 -46 -45v-388z" />
-<glyph unicode="#" horiz-adv-x="1009" d="M0 -180v501h501v-501h-501zM509 319v501h500v-501h-500z" />
-<glyph unicode="$" horiz-adv-x="974" d="M0 -72l194 891h438q50 0 96.5 -18t84.5 -55.5t52.5 -94.5t-0.5 -135q-29 -136 -128.5 -214t-233.5 -78h-183l-63 -296h-257zM100 -181h257l63 295h184q134 0 233 78t129 214q28 135 -43 219q33 -74 12 -170q-29 -136 -128.5 -214t-233.5 -78h-183l-63 -295h-216zM357 394 h83l42 183h125q2 0 17 -3q-8 29 -31.5 46.5t-55.5 17.5h-125zM482 395q48 2 89.5 37t52.5 84q0 2 1 6t1 6h-114z" />
-<glyph unicode="%" horiz-adv-x="957" d="M0 -67v514q0 179 84.5 278t259.5 99h288h260q-5 -5 -52.5 -53t-100 -101t-109 -109.5t-95 -93t-41.5 -36.5q-15 0 -15 16v156h-48q-59 0 -94.5 -6.5t-63 -26t-39 -56.5t-11.5 -96v-262zM67 -184q5 5 52.5 53t100 101t109 109.5t95 93t41.5 36.5q15 0 15 -16v-156h48 q116 0 161.5 35.5t45.5 149.5v262l224 223v-514q0 -179 -84.5 -278t-259.5 -99h-288h-260z" />
-<glyph unicode="&#x26;" horiz-adv-x="921" d="M0 221v269q0 26 19 44.5t44 18.5q26 0 44.5 -18.5t18.5 -44.5v-269q0 -26 -18.5 -44.5t-44.5 -18.5t-44.5 18.5t-18.5 44.5zM173 121v418h574v-418q0 -26 -18.5 -44.5t-44.5 -18.5h-448q-26 0 -44.5 18.5t-18.5 44.5zM173 586h574q0 115 -85 189t-202 74t-202 -74 t-85 -189zM274 902q0 8 7 8q3 0 7 -2l49 -89l-15 -8q-48 88 -48 91zM289 95q0 27 19 45t47 18q25 0 44 -19t19 -44v-202q0 -28 -19 -45.5t-47 -17.5q-26 0 -44.5 18.5t-18.5 44.5v202zM294 715q0 16 12 27.5t28 11.5t27.5 -11.5t11.5 -27.5q0 -17 -11.5 -28.5t-28.5 -11.5 q-16 0 -27.5 12t-11.5 28zM502 95q0 27 19.5 45t46.5 18q26 0 44.5 -18.5t18.5 -44.5v-202q0 -28 -19 -45.5t-47 -17.5q-26 0 -44.5 18.5t-18.5 44.5v202zM547 715q0 16 12 27.5t28 11.5t27.5 -11.5t11.5 -27.5q0 -17 -12 -28.5t-28 -11.5t-27.5 12t-11.5 28zM583 819 q2 3 14 28.5t23.5 44t18.5 18.5t7 -9v-2l-48 -89zM794 221v268q0 26 18.5 45t44.5 19t44.5 -19t18.5 -45v-268q0 -26 -18.5 -44.5t-44.5 -18.5t-45 18.5t-18 44.5z" />
-<glyph unicode="'" horiz-adv-x="824" d="M0 322q0 107 29 202q28 92 83 159q56 67 135 102q81 36 178 36q128 0 217 -61q90 -59 136 -157q46 -95 46 -196q0 -93 -47 -120t-132 -27h-423q0 -85 30 -148q29 -65 76 -96q50 -33 106 -33q41 0 71 10q31 10 62 33q31 22 56 47t66 69q15 16 47 16q34 0 54 -21 q21 -21 21 -58q0 -32 -23 -78q-21 -43 -70 -85q-46 -41 -116 -68q-71 -27 -161 -27q-209 0 -325 135q-116 136 -116 366zM222 400h392q-7 125 -60 188q-51 62 -136 62q-82 0 -133 -63q-52 -63 -63 -187z" />
-<glyph unicode="(" horiz-adv-x="571" d="M0 -73v786q0 44 31.5 75.5t75.5 31.5h357q44 0 75.5 -31.5t31.5 -75.5v-786q0 -44 -31.5 -75.5t-75.5 -31.5h-357q-44 0 -75.5 31.5t-31.5 75.5zM33 34h503v608h-503v-608zM199 731q0 -10 6.5 -16.5t16.5 -6.5h127q10 0 16.5 6.5t6.5 16.5q0 9 -6.5 15.5t-16.5 6.5h-127 q-10 0 -16.5 -6.5t-6.5 -15.5zM242 -72q0 -19 13.5 -32t32.5 -13t32 13t13 32t-13 32t-32 13t-32.5 -13t-13.5 -32z" />
-<glyph unicode=")" horiz-adv-x="1106" d="M0 158v478q0 46 14 60t60 14h958q46 0 59.5 -14t13.5 -60v-478q0 -46 -13.5 -59.5t-59.5 -13.5h-406v-37h111v-58h-369v58h111v37h-405q-46 0 -60 13.5t-14 59.5zM37 150h1031v516h-1031v-516z" />
-<glyph unicode="*" d="M0 582q0 25 16 45.5t41 26.5l197 47q-63 -72 -63 -168q0 -185 253 -283q28 -11 54 -24.5t54.5 -33.5t46 -46.5t17.5 -55.5q0 -43 -35 -67t-80 -24q-58 0 -121 22.5t-105 60.5l-79 -179q56 -31 144 -61q-10 -2 -31.5 -8.5t-38.5 -10t-32 -3.5q-25 0 -45.5 16t-26.5 41 l-164 687q-2 12 -2 18zM419 536q0 38 35 58.5t76 20.5q49 0 110 -17.5t88 -46.5l61 170q-90 48 -186 63q2 0 45 12t71.5 18t42.5 6q25 0 45.5 -16t26.5 -41l164 -687q2 -12 2 -18q0 -25 -16 -45.5t-41 -26.5l-145 -34q47 70 47 152q0 111 -70.5 182.5t-184.5 109.5 q-171 58 -171 140z" />
-<glyph unicode="+" horiz-adv-x="1184" d="M0 -1q0 87 89 155t215 68h54q-42 40 -42 86q0 29 16 58q-10 -1 -29 -1q-104 0 -170 65t-66 160q0 91 82 159t187 68h310l-69 -50h-98q47 -18 73.5 -68t26.5 -111q0 -93 -88 -162q-37 -29 -48 -46t-11 -42q0 -19 27 -48t54 -49q61 -43 84.5 -88t23.5 -113 q0 -90 -82 -156.5t-222 -66.5q-133 0 -225 50t-92 132zM112 32q0 -69 58.5 -117.5t145.5 -48.5q119 0 172.5 44t53.5 117q0 19 -4 32q-3 11 -7 20.5t-12 19t-14 16t-19.5 16.5t-20.5 15t-25 17.5t-26 17.5q-39 12 -77 12q-90 1 -157.5 -47t-67.5 -114zM178 591 q11 -79 60.5 -136t109.5 -58q59 -2 94 52t25 133t-59.5 134t-109.5 57t-95 -51t-25 -131zM733 567v50h200v200h50v-200h201v-50h-201v-201h-50v201h-200z" />
-<glyph unicode="," horiz-adv-x="1106" d="M0 673v21l2 2h249l2 -2v-20q0 -8 -10 -8l-26 -1q-33 -1 -33 -20q0 -13 7 -28q50 -122 222 -484l6 -1l111 221q-13 30 -22 49l-76 150l-20 40q-26 51 -34 60.5t-33 13.5q-14 2 -14 7v21l3 2h197l5 -1v-21q0 -8 -10 -8l-15 -2q-13 -2 -19 -5t-5.5 -12t4 -17.5t14.5 -30.5 l73 -150l81 162q16 32 5 43q-6 8 -37 11l-9 1q-4 0 -7 3q-3 1 -3 6v19l3 2q57 1 186 0l2 -2v-20q0 -8 -9 -8q-22 -1 -30.5 -4.5t-16.5 -15.5q-23 -34 -30 -48l-105 -196l-3 -7l128 -262l8 -3l202 481q12 28 -3 41q-13 12 -39 13l-19 1q-3 0 -6 3q-4 2 -4 6v20l3 2h229l2 -2 v-20q0 -7 -9 -9q-46 -2 -66 -19q-20 -16 -34 -49l-250 -567q-10 -23 -22.5 -30.5t-24 1t-22.5 30.5q-38 75 -122 263q-105 -216 -131 -264q-41 -71 -71 -1q-32 75 -130 284.5t-130 286.5q-16 42 -28 52q-11 10 -52 13q-14 2 -14 7z" />
-<glyph unicode="-" horiz-adv-x="939" d="M-0.5 707q-0.5 11 6 20.5t13.5 16.5t23.5 15.5t27 13t33 14t34.5 14.5q54 22 97 16t54 -35q25 -67 102.5 -319.5t115.5 -361.5q268 88 326 105q16 6 37.5 4t32.5 -23q23 -47 32.5 -98.5t0.5 -74.5q-19 -15 -59.5 -32t-75.5 -29t-89.5 -29t-73.5 -23q-10 -3 -38 -13 t-53 -18.5t-58 -19t-61 -17.5t-54 -11.5t-44.5 -3.5t-25.5 9q-18 18 -32 52t-29 87t-19 66q-42 125 -113 338.5t-104 312.5q-6 13 -6.5 24z" />
-<glyph unicode="." horiz-adv-x="778" d="M3 -129v775h92q0 29 0.5 39t4 31.5t11.5 30t24.5 16.5t40.5 8t40.5 -8t24 -16t11.5 -30.5t4 -31.5v-39h55v39t4 31.5t11.5 30.5t24 16t40.5 8q18 0 31 -4t21.5 -8.5t14.5 -17t8.5 -18.5t4 -24.5t1.5 -24.5v-28h54v28t1.5 24.5t4 24.5t8.5 18.5t14.5 17t21.5 8.5t31 4 q24 0 40.5 -8t24 -16t11.5 -30.5t4 -31.5v-39h92v-775h-776zM68 48v-112h139v112h-139zM68 70h139v119h-139v-119zM68 211h139v130h-139v-130zM68 362h139v112h-139v-112zM139 565q0 -33 37 -33t37 33v130q0 33 -37 33t-37 -33v-130zM228 48v-112h152v112h-152zM228 70h152 v119h-152v-119zM228 211h152v130h-152v-130zM228 362h152v112h-152v-112zM354 565q0 -33 37 -33q38 0 38 33v130q0 33 -38 33q-37 0 -37 -33v-130zM401 48v-112h152v112h-152zM401 70h152v119h-152v-119zM401 211h152v130h-152v-130zM401 362h152v112h-152v-112zM569 565 q0 -33 38 -33q37 0 37 33v130q0 33 -37 33q-38 0 -38 -33v-130zM574 48v-112h140v112h-140zM574 70h140v119h-140v-119zM574 211h140v130h-140v-130zM574 362h140v112h-140v-112z" />
-<glyph unicode="/" horiz-adv-x="1309" d="M0 110v181h224v-179q0 -28 20 -48.5t49 -20.5t49.5 20t20.5 49v423q0 117 86.5 199.5t205.5 82.5t205.5 -83t86.5 -201v-92l-134 -40l-89 42v80q0 29 -20 49t-49 20t-49.5 -20t-20.5 -49v-417q0 -120 -86 -204.5t-206 -84.5q-121 0 -207 85.5t-86 207.5zM724 107v183 l89 -42l134 40v-184q0 -29 20 -49.5t49 -20.5t49 20.5t20 49.5v187h224v-181q0 -121 -85.5 -207t-206.5 -86t-207 85t-86 205z" />
-<glyph unicode="0" horiz-adv-x="1258" d="M-5 196h119q5 -40 29.5 -64t64.5 -24q48 0 76.5 32.5t28.5 81.5q0 48 -28 79t-75 31q-38 0 -65 -24.5t-51 -24.5q-53 0 -80 2q9 52 28.5 160.5t28.5 164.5h330v-98h-243q-14 -71 -24 -134h3q17 21 50.5 32t65.5 11q113 0 160 -103q24 60 72 94t111 34q49 0 91 -19.5 t66 -41.5t63 -66q3 -3 4.5 -5t4 -4.5l4.5 -4.5q35 40 50 55.5t46 40.5t62 34.5t70 9.5q90 0 145 -60.5t55 -151.5q0 -93 -55 -156t-147 -63q-116 0 -226 131q-7 -7 -39 -38.5t-42.5 -39.5t-37 -25.5t-52 -23t-57.5 -5.5q-63 0 -111 33t-74 92q-62 -128 -203 -128 q-95 0 -156.5 47.5t-61.5 138.5zM510 226q0 -42 25.5 -68t67.5 -26q75 0 155 95q-34 35 -48 48.5t-47.5 33t-63.5 19.5q-39 0 -64 -31t-25 -71zM899 226q27 -29 45.5 -45.5t49 -32.5t61.5 -16q43 0 67.5 27.5t24.5 70.5q0 42 -25.5 70t-67.5 28q-25 0 -49 -11.5t-36.5 -21.5 t-37.5 -36t-32 -33z" />
-<glyph unicode="1" horiz-adv-x="774" d="M0 458q0 63 26.5 125t76 115t130 86t178.5 33q159 0 261 -98t102 -231q0 -171 -86.5 -282.5t-223.5 -111.5q-45 0 -84.5 21t-55.5 51l-40 -158q-5 -19 -13 -38.5t-17.5 -37.5t-19 -34t-19 -30t-16.5 -23.5t-13 -16.5l-6 -8q-3 -4 -8 -3t-6 6q0 1 -1.5 14t-3 27.5t-3 37.5 t-1 44.5t3 47.5t7.5 48q11 47 74 313q-8 16 -13 38.5t-5 36.5l-1 15q0 64 32.5 106.5t78.5 42.5q37 0 57.5 -24.5t20.5 -61.5q0 -23 -8.5 -56.5t-22.5 -77t-20 -70.5q-10 -45 17.5 -78t73.5 -33q79 0 130.5 89.5t51.5 216.5q0 97 -63 158.5t-176 61.5q-126 0 -204.5 -81 t-78.5 -194q0 -67 38 -113q13 -15 8 -32q-2 -5 -6 -23t-6 -23q-2 -11 -10 -14.5t-18 0.5q-59 24 -88.5 82.5t-29.5 136.5z" />
-<glyph unicode="2" d="M15 438q33 132 125.5 227.5t220.5 132.5t260 4t227.5 -125.5t132.5 -220.5t4 -260t-125.5 -227.5t-220.5 -132.5t-260 -4t-227.5 125.5t-132.5 220.5t-4 260zM243 167l72 -18q7 -1 20 -5t19 -5l-23 -91l55 -14l22 90q6 -2 21 -5.5t23 -5.5l-22 -90l55 -13l22 91 q48 -8 85.5 -7.5t66 20.5t42.5 61q32 90 -51 133q60 13 70 80q13 86 -110 126l23 91l-55 13l-22 -88q-8 2 -23 5.5t-21 5.5l22 88l-55 14l-22 -90q-15 2 -35 8l-76 19l-14 -59l39 -9q28 -7 26 -32l-26 -103q2 0 6 -2q-1 1 -3 1t-3 1l-36 -144q-5 -18 -25 -13l-40 10z M426 190l30 121q1 0 19.5 -4t28 -7t28 -9t28.5 -13t21 -16.5t14.5 -22t-0.5 -27.5q-3 -11 -9 -19t-15 -12t-18.5 -7t-23 -2.5t-23.5 1.5t-24 4t-21.5 4.5t-19.5 4.5t-15 4zM470 366l27 110q3 -1 12.5 -3t16.5 -3.5t18 -5t19 -6.5t18 -8.5t15 -11t11.5 -13.5t6 -16.5 t-1.5 -19.5q-3 -13 -10.5 -21.5t-19 -11.5t-22.5 -4.5t-26.5 1t-24 4t-23 5.5t-16.5 4z" />
-<glyph unicode="3" horiz-adv-x="1129" d="M0 597h77l107 -363l72 244l-35 119h77l107 -363l107 363h77h213v-36l-109 -188q58 -20 86 -67q30 -50 30 -114q0 -82 -43 -137t-112 -55q-51 0 -90 33q-39 34 -56 89l60 25q13 -34 35 -54q20 -19 51 -19t52 34q22 34 22 84q0 52 -23 83q-27 34 -83 34h-30v36l103 178 h-124l-7 -12l-152 -511h-7l-110 370l-111 -370h-7zM818 180l18 -50q15 -33 33 -58q42 -58 94 -67q45 -9 88 18q19 12 35 31q20 20 28 36q4 7 11 20l-11 59q-8 -16 -16 -28t-12 -17l-4 -4q-34 -37 -61 -49q-33 -15 -68 -11q-27 2 -60 24q-36 31 -43 43q-13 18 -32 53z M845 375q0 84 33 146q16 30 37.5 48t42.5 20q35 4 70 -26q18 -15 37 -50l44 87l12 -76l-44 -85q-8 16 -19 30t-18 20l-8 6q-31 22 -64 15q-24 -5 -47.5 -30t-34.5 -59q-19 -55 -19 -106q-1 -40 5 -63q-12 22 -19 53t-7 51z" />
-<glyph unicode="4" horiz-adv-x="1169" d="M0 377q0 105 76.5 179.5t184.5 74.5q85 0 152.5 -48t94.5 -124l66 64l158 -152l437 446v-405l-267 -206l34 -36l-363 -353l-316 307q-107 2 -182 76t-75 177zM37 377q0 -90 65 -153t157 -63q33 0 65 9l220 -195l585 460l1 302l-578 -596l-90 146q20 43 20 90 q0 89 -65.5 152.5t-157.5 63.5t-157 -63.5t-65 -152.5zM85 375q0 70 49.5 119.5t119.5 49.5t119.5 -49t49.5 -120q0 -70 -49.5 -119.5t-119.5 -49.5t-119.5 49.5t-49.5 119.5z" />
-<glyph unicode="5" horiz-adv-x="710" d="M16 619h699l-66 -710l-284 -81l-284 81zM81 679v133h45v-44h40v44h44v-133h-44v44h-40v-44h-45zM146 474l24 -266l1 2h300l-10 -113l-96 -27l-97 28l-6 68h-88l12 -136l179 -51l179 51l25 267h-319l-8 89h335l8 88h-439zM230 767v45h122v-45h-39v-88h-44v88h-39zM371 679 v133h47l27 -46l28 46h47v-133h-43v68l-32 -50v1l-30 47v-66h-44zM543 679v133h44v-88h62v-45h-106z" />
-<glyph unicode="6" horiz-adv-x="943" d="M0 -32.5q-3 35.5 7 59.5q39 140 92 239q114 216 313 352v14q-59 -25 -118.5 -65.5t-102 -81t-76 -77.5t-50.5 -60l-17 -23q-2 59 16 115t45 94t54.5 67t46.5 43l19 13q4 2 10.5 5.5t27.5 13.5t43.5 18.5t55 17t64 12t70 2t73.5 -11.5q64 47 128.5 73t97.5 29l33 3 q50 5 77.5 -16.5t31 -55t-0.5 -68t-12 -59.5l-9 -24l-5 5q21 57 20.5 93.5t-17.5 56.5t-36.5 29t-36.5 10l-16 2q-4 0 -11.5 -0.5t-32 -5t-49 -12.5t-60.5 -25t-69 -41q69 -11 123 -42t86 -70.5t54.5 -85t31 -88.5t13 -78t3.5 -56l-1 -22h-557q-3 -42 10.5 -73t34 -45.5 t41 -22.5t35.5 -9l15 -1q4 0 11.5 0.5t26.5 5.5t34.5 14t31 28.5t21.5 46.5h292q-16 -59 -47 -107t-68 -77.5t-78 -51t-78.5 -31.5t-68 -16t-48.5 -7h-19q-78 0 -107 6q-60 -47 -126.5 -73.5t-103.5 -29.5l-36 -3q-46 0 -77.5 23.5t-41.5 56t-13 68zM75.5 -27 q-0.5 -24 2.5 -42.5t8 -28.5l4 -9q4 -3 11 -8t33.5 -13.5t57 -8t82 16.5t107.5 50q-8 2 -21.5 5.5t-50.5 18t-69 31.5t-66.5 47.5t-53.5 64.5q-22 -34 -33 -67t-11.5 -57zM358 397h265q1 36 -11.5 63t-32 39t-38.5 19t-33 8l-14 1q-6 0 -15 -1t-33 -8t-42 -19t-32.5 -39 t-13.5 -63z" />
-<glyph unicode="7" horiz-adv-x="900" d="M42 581q2 17 15 32l120 120q14 12 21 -4l97 -182q8 -16 -5 -31l-44 -44q-12 -12 -14 -31q0 -30 31 -77t61 -80l31 -32q14 -14 36 -34.5t72.5 -54t79.5 -33.5q19 0 32 13l52 52q14 14 30 4l175 -103q7 -4 8 -10.5t-4 -11.5l-120 -120q-15 -13 -32 -15q-49 -7 -110.5 13.5 t-114 54.5t-97.5 69t-72 60l-26 25q-10 10 -26.5 27.5t-57.5 69t-71 100.5t-52 111.5t-15 111.5z" />
-<glyph unicode="8" d="M0 318q0 136 67 251t182 182t251 67t251 -67t182 -182t67 -251t-67 -251t-182 -182t-251 -67t-251 67t-182 182t-67 251zM129 318q0 -65 36 -77q5 -2 17 -4q42 -1 85 40q41 36 58 90q25 77 10 200q-2 12 -2 17q-3 6 0 9q1 3 13 -1q38 -10 78 -29q46 -21 102 -70 q45 -39 87 -89q33 -39 80 -104q41 -57 88 -77q29 -10 47.5 -7t29 20t15 37t4.5 45q0 48 -12 96q-3 12 -8 28q-14 43 -41 84q-52 79 -135.5 124t-177.5 45q-66 0 -125 -22q-80 -28 -140.5 -89t-88.5 -142q-1 -5 -4 -14.5t-5 -13.5q-12 -50 -11 -96z" />
-<glyph unicode="9" horiz-adv-x="1220" d="M0 669q-1 5 2.5 9.5t8.5 5.5q11 2 31 6.5t28 6.5q0 17 1 49.5t1 48.5q2 12 13 12q14 0 14 -14q-2 -60 -2 -91q11 2 35 7t35 8q18 4 55 10t56 10q402 69 794 72q6 0 9.5 -4.5t2.5 -10.5q0 -11 -2 -33t-2 -33q42 -3 128 -11q5 0 9 -4.5t3 -9.5q-23 -137 -68 -412t-68 -413 q50 -8 76 -12q8 -1 10.5 -8t-0.5 -13t-10 -6h-3q-13 2 -39 6.5t-39 6.5q-1 -12 -5 -31q-2 -9 -10 -11q-1 -1 -4 -1h-4q-297 75 -600 117q-100 2 -149 2q-55 0 -165 -2v-1q1 -1 1 -2q1 -6 -4 -10.5t-11 -4.5q-11 0 -12 11q0 5 -1.5 15.5t-2.5 16.5h-13q-8 0 -10.5 7t1 13.5 t11.5 6.5h1h7l-6 54q-6 40 -25 194.5t-35.5 251.5t-42.5 191zM30 661q21 -78 43 -201q-3 70 -3 209q-16 -2 -40 -8zM97 570q1 -193 21 -424q3 -40 11 -109q1 -9 2.5 -19t3.5 -22t3 -19q67 -3 192 -13t182 -13q354 -20 483 -35q11 160 32.5 455t29.5 411q-468 -4 -960 -107 q-1 -53 0 -105zM189 407q0 -68 42.5 -111t108.5 -43q69 0 109 43h2q-13 -70 -65 -111q-41 -33 -101 -38q-40 -4 -52 -2v-75q35 0 57 2q107 8 171 68q87 82 87 233q0 94 -47 153.5t-132 59.5q-78 0 -129 -53t-51 -126zM283 413q0 45 22.5 73.5t58.5 28.5h1q43 0 65 -35.5 t21 -90.5q0 -16 -5 -26q-26 -42 -81 -42q-38 0 -60 26t-22 66zM372 -64l96 -10l373 -40q140 -30 209 -48l3 18q-55 9 -165 25q-249 35 -516 55zM564 407q0 -68 43 -111t108 -43q69 0 110 43h1q-13 -70 -64 -111q-42 -33 -102 -38q-40 -4 -52 -2v-75q35 0 57 2q107 8 171 68 q87 80 87 233q0 94 -47 153.5t-131 59.5q-78 0 -129.5 -53t-51.5 -126zM658 413q0 45 23 73.5t58 28.5h1q43 0 65 -35.5t21 -90.5q0 -16 -5 -26q-26 -42 -81 -42q-38 0 -60 26t-22 66zM1015 -111q28 -4 43 -6q20 120 64.5 392t68.5 417q-13 1 -35.5 3t-41.5 3.5t-36 2.5 q-6 -85 -27 -366.5t-31 -435.5q0 -5 -4 -9q-1 0 -1 -1z" />
-<glyph unicode=":" horiz-adv-x="834" d="M0 -180l417 1000l417 -1000h-369v135l170 85l-13 55l-157 -79v67l98 52l-14 57l-84 -45v87h-92v-157l-86 59l-16 -64l102 -70v-182h-373z" />
-<glyph unicode=";" horiz-adv-x="1123" d="M-1 52v372q0 13 13 13h176v129q0 14 13 14h98v-514q0 -14 -12 -14h-288zM108 135h67q13 0 13 14v206h-67q-13 0 -13 -14v-206zM333 52v372q0 13 13 13h98v-371q0 -14 -12 -14h-99zM333 497v69q0 14 12 14h99v-69q0 -14 -12 -14h-99zM482 52v372q0 13 13 13h288v-504 q0 -13 -13 -13h-288l1 69q0 14 12 14h176v49h-189zM592 135h67q12 0 12 14v206h-67q-12 0 -12 -14v-206zM821 -11q0 14 13 14h176v49h-189v372q0 13 13 13h287v-504q0 -13 -12 -13h-288v69zM930 135h67q13 0 13 14v206h-67q-13 0 -13 -14v-206z" />
-<glyph unicode="&#x3c;" d="M0 329q0 73 51.5 125t124.5 52q63 0 114 -43l358 179q0 2 -0.5 5.5t-0.5 5.5q0 73 52 124.5t125 51.5t124.5 -51.5t51.5 -124.5t-51.5 -125t-124.5 -52q-64 0 -114 42l-358 -179q0 -1 0.5 -4.5t0.5 -5.5q0 -1 -0.5 -5t-0.5 -5l358 -179q50 42 114 42q73 0 124.5 -51.5 t51.5 -124.5t-51.5 -125t-124.5 -52q-74 0 -125.5 51.5t-51.5 125.5q0 1 0.5 4.5t0.5 5.5l-358 179q-50 -42 -114 -42q-73 0 -124.5 51.5t-51.5 124.5z" />
-<glyph unicode="=" d="M0 319q0 136 67 251t182 182t251 67t251 -67t182 -182t67 -251q0 -101 -38 -192t-107 -160q-60 73 -145.5 114t-182.5 41q-107 0 -199 -49.5t-151 -134.5q-83 71 -130 170t-47 211zM164 463q0 -17 12 -29.5t30 -12.5q6 0 9 1q144 58 298 58t298 -58q1 0 4 -0.5t5 -0.5 q17 0 29.5 12.5t12.5 29.5q0 25 -23 37q-159 63 -326 63q-170 0 -329 -64q-20 -13 -20 -36zM210 314l6 -16q8 -13 23 -13q3 0 9 2q127 55 265 55q139 0 267 -56q4 -2 7 -2q15 0 23 13l5 17q0 13 -10 21q-138 62 -292 62q-153 0 -293 -62q-10 -10 -10 -21zM258 170 q10 -25 31 -16q108 51 224 51q112 0 219 -48q24 -13 35 12q5 13 0 23t-14 15q-106 53 -240 53q-128 0 -244 -55q-19 -10 -11 -35zM319 -147q37 48 91.5 76t116.5 28q114 0 193 -86q-104 -52 -220 -52q-94 0 -181 34z" />
-<glyph unicode="&#x3e;" horiz-adv-x="1205" d="M0 323q0 62 49.5 106t112.5 44q62 0 105 -36h5q134 82 335 82l5 4l70 267l242 -36q0 -1 2 -1q1 0 0 1q2 1 11.5 15.5t14.5 18.5q34 32 82 32q49 0 82.5 -32.5t33.5 -81.5t-33.5 -84t-82.5 -35q-57 0 -87 38.5t-30 96.5q-2 -1 -97.5 13t-109.5 17h-3q-2 -2 -16.5 -53.5 t-30 -109t-17.5 -63.5v-3l5 -4q72 0 147.5 -20.5t130.5 -57.5l3 -2q1 1 2 1t2 1q25 18 35.5 25t29.5 13t43 6q68 0 116 -48t48 -117q0 -47 -26.5 -86t-69.5 -60q0 -195 -260 -303q-41 -18 -56 -23q-32 -10 -91 -19t-93 -9q-120 0 -231 35q-2 2 -72 38q-95 51 -152.5 116 t-57.5 156h-5q-33 17 -59 50l-9 12q-15 27 -19 45.5t-4 50.5zM34 311q0 -66 57 -112q5 59 48 116t101 101q-37 26 -82 26q-49 0 -86.5 -40.5t-37.5 -90.5zM136 165q0 -54 31 -104t79.5 -85.5t102.5 -59.5t105 -34q75 -14 146 -14q123 0 233 39.5t185 122.5h-3q30 38 43 68.5 t13 72.5q0 54 -26.5 103t-69.5 84t-92 60.5t-100 38.5q-85 23 -181 23q-74 0 -151.5 -18t-150 -54t-118.5 -99.5t-46 -143.5zM322 238q0 37 22.5 59.5t59.5 22.5t62 -22.5t25 -59.5q0 -36 -25.5 -60t-61.5 -24t-59 24t-23 60zM358 74h44q25 -45 79.5 -68.5t111.5 -23.5 q58 0 110 23.5t84 68.5h41q-25 -62 -93 -96t-142 -34q-72 0 -141.5 34.5t-93.5 95.5zM694 238q0 38 23 60t61 22q34 0 58 -24t24 -58t-24 -59t-58 -25q-37 0 -60.5 23.5t-23.5 60.5zM949 706q0 -35 25 -60t60 -25q36 0 59 24.5t23 60.5q0 34 -24 58t-58 24t-59.5 -24.5 t-25.5 -57.5zM963 425q55 -36 95 -92.5t56 -119.5q59 43 59 96q0 58 -35.5 100t-92.5 42q-45 0 -82 -26z" />
-<glyph unicode="?" horiz-adv-x="767" d="M2 27q0 22 12 64q23 87 86.5 158t147.5 103q-79 63 -79 161q0 86 62.5 146t148.5 60t148.5 -60t62.5 -146q0 -97 -77 -160q106 -38 177 -127t71 -198q0 -92 -73 -106q-3 -10 -13 -26q-6 -16 -23.5 -28.5t-48.5 -20.5t-49.5 -12t-56.5 -9t-39 -5q-2 0 -7 -1t-7 -1h-120 q-51 0 -129 16.5t-89 44.5q-17 17 -25 42q-25 5 -42 21q-38 15 -38 84z" />
-<glyph unicode="@" horiz-adv-x="772" d="M4 308v103q0 87 86 200t171 160q78 44 187 44q44 0 88.5 -10t85.5 -31t66.5 -58t25.5 -85q0 -13 -2 -24.5t-7 -24t-9 -21t-14 -21t-14 -18.5t-17.5 -19.5t-16.5 -17t-18.5 -17.5t-17.5 -16h53h115q2 -72 2 -108q0 -253 -42 -326q-35 -61 -94.5 -108t-127.5 -70 q-39 -15 -56 -15h-84q-3 0 -48 17q-120 53 -120 174q0 4 0.5 11t0.5 10q-134 69 -180 215q-13 42 -13 56zM150 438q0 -40 9.5 -81t28.5 -79t52.5 -62t76.5 -24q12 0 39.5 15t49.5 15q14 0 51 -10.5t37 -19.5q0 -21 -26 -21q-130 0 -130 -76q0 -58 42 -87.5t103 -29.5 q47 0 92 16.5t73 49.5q42 50 42 164q0 19 -1 55.5t-1 54.5q0 48 5 80h-193q-1 -8 -1 -23q0 -11 1 -34t1 -35q0 -35 -8 -56q-5 -1 -17 -1q-48 0 -80 32.5t-44 74.5t-12 89q0 45 11.5 91t43 84t77.5 38q10 0 21 -3q-4 -22 -4 -34q0 -35 19 -58t53 -23t57 23t23 58q0 41 -31 70 t-70 40t-79 11q-135 0 -223 -85t-88 -219z" />
-<glyph unicode="A" horiz-adv-x="860" d="M1 361q-1 -18 -1 -36q0 -68 20 -144q26 -97 83 -184q89 -136 172 -137q30 0 78 21t95 21h4q46 0 91 -20q47 -22 76 -22q49 1 91 41t85 104q31 48 65 121q-50 19 -85 57t-48 85q-10 35 -9 70v24q4 48 33.5 91.5t78.5 70.5q-38 48 -89 75t-103 27q-48 0 -105.5 -21.5 t-85.5 -21.5q-30 0 -90.5 21.5t-101.5 21.5q-58 0 -114.5 -33.5t-95.5 -92.5q-37 -56 -44 -139zM416 619q-3 15 -3 30q0 65 53 129q27 33 69.5 56t82.5 26q2 -15 2 -30q0 -69 -50 -132q-28 -36 -70 -58q-41 -22 -80 -21h-4z" />
-<glyph unicode="B" horiz-adv-x="996" d="M0 135v369q0 130 93 223t223 93h221q65 -8 138.5 -57t104.5 -115q1 -2 5 -9.5t5 -10t3.5 -9.5t4 -12.5t3.5 -15.5t4 -22t4 -29q9 -70 26 -85q14 -13 71 -14.5t65 -7.5l14 -11l8 -17l3 -14l-2 -256q-1 -130 -93 -222.5t-222 -92.5h-363q-130 0 -223 92.5t-93 222.5z M259 140q0 -25 18 -42.5t43 -17.5h356q25 0 42.5 17.5t17.5 42.5t-17.5 42.5t-42.5 17.5h-356q-25 0 -43 -17.5t-18 -42.5zM259 502q0 -25 18 -43t43 -18h175q25 0 42.5 18t17.5 43t-17.5 42.5t-42.5 17.5h-175q-25 0 -43 -17.5t-18 -42.5z" />
-<glyph unicode="C" d="M0 320q0 98 38 191q37 90 110 163q144 146 351 146q209 0 357 -146q71 -71 107 -162q37 -89 37 -192q0 -104 -36 -192q-36 -89 -107 -159q-74 -72 -166 -111q-94 -38 -192 -38q-97 0 -190 38q-89 37 -162 110t-110 162t-37 190zM90 320q0 -79 32 -155q31 -75 91 -133 q60 -60 133 -89q72 -31 155 -31q81 0 156 31q74 31 136 90q117 114 117 287q0 85 -31 157q-30 76 -88 132q-120 121 -290 121q-171 0 -288 -120q-59 -59 -91 -134q-32 -76 -32 -156zM215 320q0 71 42 113q41 42 105 42q92 0 133 -72l-67 -35q-11 24 -27 31q-15 9 -29 9 q-67 0 -67 -88q0 -39 17 -64q18 -24 50 -24q44 0 62 42l62 -31q-21 -36 -55 -57q-35 -21 -77 -21q-67 0 -108 41t-41 114zM504 320q0 71 42 113t105 42q93 0 132 -72l-66 -35q-11 23 -26 31q-17 9 -30 9q-67 0 -67 -88q0 -41 17 -64q17 -24 50 -24q43 0 61 42l63 -31 q-22 -37 -56 -57q-35 -21 -75 -21q-69 0 -109 41q-41 41 -41 114z" />
-<glyph unicode="D" d="M0 320q0 136 67 251t182 182t251 67t251 -67t182 -182t67 -251t-67 -251t-182 -182t-251 -67t-251 67t-182 182t-67 251zM83 320q0 -156 105 -275q48 94 152 179t203 107q-15 35 -29 63q-172 -55 -372 -55q-39 0 -58 1q0 -4 -0.5 -10t-0.5 -10zM96 423q22 -2 65 -2 q167 0 317 45q-76 135 -167 225q-79 -40 -135.5 -111t-79.5 -157zM245 -9q113 -88 255 -88q74 0 147 28q-20 171 -78 331q-92 -20 -185.5 -101t-138.5 -170zM398 723q88 -91 163 -227q136 57 205 145q-116 96 -266 96q-51 0 -102 -14zM597 425q15 -32 34 -81q74 7 161 7 q62 0 123 -3q-8 136 -98 242q-65 -97 -220 -165zM656 274q51 -148 69 -304q79 51 129 131t60 173q-73 5 -133 5q-55 0 -125 -5z" />
-<glyph unicode="E" horiz-adv-x="837" d="M0 511q0 40 15 58q9 14 26 21q18 9 47 9h94q15 0 26 11t11 26q0 21 -1 44v59q0 25 12 44q15 21 50 31q11 6 53 6h19q59 -2 98 -17q38 -16 45 -62q26 1 48 1q53 0 89 -5q97 -12 129 -24q42 -13 53 -67q10 -55 18 -210q5 -89 5 -147q0 -44 -3 -71q-16 -172 -43 -254 q-14 -42 -28 -68.5t-27.5 -42.5t-36.5 -23t-42.5 -8.5t-58.5 -1.5q-108 0 -145.5 25.5t-37.5 106.5q0 45 9.5 71.5t33 37.5t46.5 13q15 1 40 1h28q4 0 5.5 -1.5t0.5 -5t-2.5 -7.5t-3 -11t-1.5 -13q0 -9 2 -18.5t1 -12t-7 -2.5h-9.5h-10.5t-10 -0.5t-10 -1.5t-8.5 -2.5t-8 -4 t-5.5 -6t-4 -9t-1 -11.5q0 -14 4 -23t7.5 -14t18 -7t22 -2h32.5q57 0 73 13.5t16 63.5q0 76 -18.5 102.5t-56.5 31.5q-88 9 -119 20q-53 20 -53 119q0 2 -2.5 2t-2.5 -2q0 -67 -18 -120l-8 -24q-11 -25 -37 -26h-6q-24 0 -54 8q-127 16 -198 47q-24 11 -37 40 q-17 35 -35.5 128.5t-23.5 133.5q-4 33 -4 51zM6 630v2l183 180q0 1 1 1l-3 -6q-11 -20 -11 -48q0 -22 1 -103q0 -10 -10 -10h-93q-34 0 -59 -11q-5 -3 -9 -5zM574 340q21 3 46 3q45 -1 81 -18q0 85 -61 87h-3q-30 0 -44 -20q-15 -21 -19 -52z" />
-<glyph unicode="F" horiz-adv-x="1053" d="M0 260q0 104 73 177t177 73t177 -73t73 -177t-73 -177t-177 -73t-177 73t-73 177zM552 260q0 104 73 177t177 73t177 -73t73 -177t-73 -177t-177 -73t-177 73t-73 177z" />
-<glyph unicode="G" horiz-adv-x="646" d="M0 -1q0 87 89 155t215 68h54q-42 40 -42 86q0 29 16 58q-10 -1 -29 -1q-104 0 -170 65t-66 160q0 91 82 159t187 68h310l-69 -50h-98q47 -18 73.5 -68t26.5 -111q0 -93 -88 -162q-37 -29 -48 -46t-11 -42q0 -19 27 -48t54 -49q61 -43 84.5 -88t23.5 -113 q0 -90 -82 -156.5t-222 -66.5q-133 0 -225 50t-92 132zM112 32q0 -69 58.5 -117.5t145.5 -48.5q119 0 172.5 44t53.5 117q0 19 -4 32q-3 11 -7 20.5t-12 19t-14 16t-19.5 16.5t-20.5 15t-25 17.5t-26 17.5q-39 12 -77 12h-4q-87 0 -153 -47q-68 -48 -68 -114zM178 591 q11 -79 60.5 -136t109.5 -58h4q56 0 90 52q27 42 27 99q0 16 -2 34q-10 79 -59.5 134t-109.5 57h-4q-57 0 -91 -51q-27 -41 -27 -98q0 -16 2 -33z" />
-<glyph unicode="H" horiz-adv-x="878" d="M0 194q0 -147 101 -257t260 -110q158 0 259 110q101 108 101 257q0 78 -27 146q-40 -25 -85 -34q22 -51 22 -114q0 -76 -36 -142q-37 -66 -99 -101q-62 -36 -135 -36q-75 0 -136 36q-63 37 -98 101q-37 65 -37 142q0 117 80 202q80 83 191 83q51 0 98 -19q4 39 27 86 q-57 21 -125 21q-160 0 -266 -118q-95 -107 -95 -253zM280 -59l56 -4q74 47 124.5 109t72.5 124t31 126q6 41 6 80q0 21 -2 40q-5 55 -12.5 98.5t-15.5 68.5l-9 25q-22 68 -43.5 119t-31.5 67l-11 17q39 -20 63 -48q23 -29 28 -53q4 -20 4 -39v-7q-1 -22 -6 -35l-5 -13 q4 -58 5 -112q0 -52 -5 -102q-9 -100 -30.5 -167t-49.5 -121.5t-57.5 -85.5t-54.5 -51.5t-41 -28.5zM555 578q4 40 23 64l18 25q12 14 39 26.5t48 18.5l21 6q36 8 66.5 35t43.5 51l13 23q41 -57 49 -129q4 -32 3 -57q0 -34 -6 -59l-11 -45q-12 -33 -33.5 -60t-36.5 -37 l-15 -11q-34 -20 -67 -20l-109 53q58 32 101 65t63.5 57.5t33 44.5t14.5 31l2 10q-18 -40 -48.5 -73t-62 -52t-60.5 -32.5t-47 -18.5l-18 -5q-25 44 -25 79q0 5 1 10z" />
-<glyph unicode="I" horiz-adv-x="487" d="M-2 -148q102 6 130 27q30 21 30 107v666q0 82 -30 106q-28 23 -130 28v28h489v-28q-102 -4 -131 -28q-30 -24 -30 -106v-666q0 -86 30 -107t131 -27v-28h-489v28z" />
-<glyph unicode="J" horiz-adv-x="1234" d="M0 145q0 161 184 347q117 116 236 162q56 23 97 23q45 0 72 -27q26 -26 26 -72q0 -31 -12 -72q-4 -14 3 -17.5t16 -0.5l10 4q96 40 170 40t106 -42q15 -22 15 -52q0 -31 -16 -71q-7 -10 -2.5 -17t8 -9t14.5 -5q62 -19 106 -62t44 -107q0 -59 -41 -120.5t-111.5 -112.5 t-178 -84t-228.5 -33q-131 0 -247.5 38.5t-193.5 115t-77 174.5zM125 97q10 -101 125 -161q92 -49 209 -49q29 0 60 3q153 15 255 97q92 75 92 165q0 9 -1 18q-10 100 -125 160q-93 49 -210 49q-29 0 -59 -3q-101 -10 -183 -51t-126 -101q-38 -53 -38 -109q0 -9 1 -18z M285 35q-13 29 -13 59q0 35 18 70q31 64 104 96q45 20 91 20q27 0 54 -7q76 -20 109 -82q17 -32 17 -66q0 -32 -15 -65q-31 -71 -109 -104q-44 -19 -88 -19q-34 0 -67 11q-73 23 -101 87zM341 54q6 -25 30 -35q13 -6 27 -6q12 0 24 4q28 9 43 33q10 16 10 32q0 7 -3 15 q-6 24 -30 34q-13 5 -26 5q-12 0 -25 -4q-27 -9 -41 -32q-11 -16 -11 -33q0 -7 2 -13zM482 133q3 -9 13 -13q5 -2 9.5 -2t9.5 2q11 4 16 13t2 18t-12 13q-9 3 -19.5 -0.5t-15.5 -12.5q-3 -6 -3 -12v-6zM803 754q-1 5 -1 10q0 13 8 25q10 16 29 21q34 7 68 7q51 0 100 -15 q83 -27 143 -93t78 -153q7 -35 7 -68q0 -51 -16 -98v-1q-6 -18 -23 -27q-11 -5 -22 -5q-7 0 -15 2q-19 6 -27 23q-5 11 -5 21q0 8 2 15v1q11 34 11 70q0 23 -4 48q-13 62 -56 109t-102 66q-35 10 -70 10q-24 0 -49 -5q-5 -1 -10 -1q-14 0 -26 8q-16 11 -20 30zM843 597 q-1 5 -1 10q0 10 6 21q9 14 26 18q19 4 37 4q67 0 115 -53q29 -33 38 -75q3 -17 3 -33q0 -24 -8 -48q-5 -16 -20 -23q-9 -5 -18 -5q-7 0 -13 2q-16 5 -24 20q-4 9 -4 18q0 7 2 13q4 14 4 26q0 28 -21 50q-22 26 -54 26q-10 0 -20 -2q-5 -1 -9 -1q-11 0 -21 7q-14 9 -18 25z " />
-<glyph unicode="K" horiz-adv-x="1086" d="M0 -182v1000h257v-371h229q85 123 257 371h286l-328 -477q0 -12 96.5 -143t192.5 -256l96 -124h-343q-47 66 -143 199.5t-143 200.5h-200v-400h-257z" />
-<glyph unicode="L" horiz-adv-x="1040" d="M-5 699q0 50 35 82.5t91 32.5q55 0 89 -32q35 -33 35 -86q0 -48 -34 -80q-35 -33 -92 -33h-1q-55 0 -89 33t-34 83zM8 -176v668h222v-668h-222zM353 -176h222v373q0 35 8 54q14 34 42.5 57.5t71.5 23.5q112 0 112 -151v-357h222v383q0 148 -70 224.5t-185 76.5 q-129 0 -201 -111v-2h-1l1 2v95h-222q2 -32 2 -199t-2 -469z" />
-<glyph unicode="M" horiz-adv-x="1348" d="M0 276q0 35 2 105q24 8 48 8h18q17 -23 40 -70t31 -61q2 7 8 36.5t10 42.5t11 36.5t15.5 40.5t19.5 31q28 -5 46 -5q6 0 11 1q24 -54 45.5 -163t38.5 -155q-1 0 -4 1l-3 1q-9 0 -26 -5.5t-22 -6.5q-40 101 -62 203q-15 -26 -15 -89t-11 -88l-5 2q-8 0 -22 -2t-21 -2h-18 q-27 48 -57 89q-3 -6 -3 -15t2.5 -26t2.5 -25l-1 -12q-30 -15 -52 -15q-7 0 -10 1q-17 56 -17 142zM355 200q0 27 8 57.5t28 57t47 26.5q10 0 28 -5t23 -6q9 -40 9 -81q0 -28 -6 -55q-12 4 -38 4.5t-37 3.5q-5 -20 -5 -37q0 -21 10 -37t30 -16q9 0 26 5t26 5q17 0 23 -14 q-42 -16 -82 -16q-46 0 -68 30t-22 78zM413 228l8 1q3 0 8 -2t7 -2l7 3q2 14 2 22q0 18 -5 40q-22 -25 -27 -62zM523 174q0 123 78 182q32 -3 60 -23q-1 -17 -8 -67q-5 -39 -5 -65v-14q-20 -2 -29 -2q-8 0 -43 5q-5 -12 -5 -23q0 -22 17 -37.5t39 -15.5q26 0 41 23 q18 -6 21 -17q-22 -21 -63 -21q-37 0 -70 20t-33 55zM579 217q4 -6 14 -6h9q9 19 9 49q0 13 -6 39q-3 -8 -10 -25t-11.5 -30.5t-4.5 -26.5zM678 236q-2 26 23 26q6 0 18 -1t17 -1q3 15 3 31q0 29 -7.5 86.5t-7.5 86.5q0 43 10 72q5 -3 26.5 -5.5t40.5 -24.5q-6 -26 -6 -67 q0 -20 4 -81q2 -35 2 -61q0 -20 -1 -34h6q7 0 9 6t2 12.5t4 6.5q8 0 18.5 -8.5t22.5 -21.5t15 -16q-9 -7 -40.5 -9t-38.5 -4q-1 -12 -1 -36q0 -16 0.5 -33t1.5 -38t1 -33q-8 -1 -23 -2t-22 -2v10v10q0 21 -3 57q-4 44 -4 61q-6 2 -32 3.5t-38 9.5zM893 244q0 20 2 58 q11 -1 20 -5t21 -10.5t18 -9.5l-1 -27q0 -59 9 -116q19 7 31 23t16.5 41.5t5.5 42t2 44.5v11q3 -1 9 -1q20 -2 49 -25q0 -3 0.5 -9.5t0.5 -9.5q0 -15 -4 -30t-7.5 -22t-14.5 -25t-14 -23q-15 -12 -34 -42q-21 -7 -38 -7q-71 0 -71 142zM1093 136q7 6 24 10q0 3 1 9 q4 35 7 56.5t12.5 59t22 59.5t35.5 39.5t53 17.5q34 0 76 -24q17 -37 17 -75q0 -66 -46.5 -119t-112.5 -68q-2 -32 -2 -48q0 -73 18 -117q-8 2 -37 2q-15 0 -22 2q-9 21 -16.5 96t-29.5 100zM1183 161q39 10 65.5 48t26.5 79q0 30 -15 56q-23 -21 -39.5 -55.5t-23 -60 t-14.5 -67.5z" />
-<glyph unicode="N" horiz-adv-x="1213" d="M-9 598q10 8 25 12q14 4 25 4h9q10 0 24 -1q22 -1 32 -1q6 0 38 2q16 1 29 0.5t23 -0.5q20 -2 32 -8q6 -3 13 -13t11.5 -19t11.5 -25.5t10 -21.5q38 -82 94 -163q2 -3 7 -11t8.5 -12.5t9 -11.5t10.5 -11t10.5 -8.5t11.5 -5.5t12 0q28 5 31 117q1 19 1 35q0 74 -15 102 q-6 11 -15.5 17.5t-24.5 12t-23 10.5q14 28 49.5 37t96.5 9h25h28t26 -0.5t27 -3l22 -5.5t19.5 -9t12.5 -14q9 -18 11 -42q0 -7 1 -14q0 -20 -3 -52q-4 -42 -4 -52q-3 -23 -3 -46q0 -18 2 -38q4 -44 30 -61q9 1 16.5 4t15.5 11t11 11.5t12.5 16.5t10.5 14q47 62 94 163 l9 22.5t11.5 26.5t12 19.5t15.5 13.5q16 7 38 7h9q20 0 46 -2q32 -2 47 -2q9 0 27.5 1t32.5 1.5t29.5 -0.5t25.5 -6t14 -13q3 -6 3 -13q0 -29 -35 -87q-17 -29 -34.5 -52.5t-45.5 -58t-37 -46.5q-2 -2 -14 -18t-17.5 -24t-11.5 -22.5t-5 -26.5q0 -8 3 -15t9.5 -15t10 -12 t13.5 -13t12 -11q71 -65 112 -117q40 -52 40 -75q0 -33 -51 -41q-26 -4 -53 -4q-21 0 -43 3q-20 2 -37 2q-26 0 -45 -5h-6q-66 11 -139 94q-4 4 -17 20.5t-22 25.5t-23 17t-27 6q-23 -4 -30.5 -29t-9 -59.5t-9.5 -48.5q-13 -24 -79 -24q-28 0 -66 4q-78 8 -141.5 40 t-100.5 67.5t-81 92.5q-104 133 -197 322q-3 6 -11 22.5t-12 25.5t-9.5 23.5t-8 28t-2.5 26.5z" />
-<glyph unicode="O" horiz-adv-x="852" d="M2 287q-1 19 -2 40q0 33 4 73q6 66 24 123q2 7 6.5 18.5t21.5 44t37.5 62t54.5 64.5t72 59q40 25 94 39q41 11 84 10q15 0 30 -1q107 0 191 -44t133.5 -116t74.5 -155t25 -169q0 -279 -160 -425q-55 -50 -121 -68t-157 -21h-11q-39 0 -83 12q-50 14 -105 44t-103 88 t-75 136q-3 9 -8 25t-14 64.5t-13 96.5zM224 189q4 -55 8 -79.5t7 -31.5q8 -66 30 -112.5t47.5 -66.5t49.5 -30.5t40 -10.5h16q54 1 91.5 22.5t59.5 66t33.5 100.5t17.5 139q2 81 2 143q0 47 -1 84q-3 86 -9 123l-5 37q-8 37 -15.5 62t-22.5 55t-33 48t-47.5 30.5 t-67.5 12.5q-10 1 -19 1q-30 0 -56 -14q-34 -20 -53.5 -51.5t-33 -63.5t-17.5 -55l-5 -24q-6 -46 -10 -110t-5 -105v-41q-3 -44 -3 -80q0 -26 1 -49z" />
-<glyph unicode="P" horiz-adv-x="1049" d="M0 207q10 139 168 173q12 89 42.5 192t71.5 146q48 49 120 75.5t146 26.5q86 0 164 -39t117 -110q19 -36 41.5 -130.5t30.5 -154.5q15 -6 34 -6q30 0 30 29q0 11 -6 33.5t-5 35.5v4h1q27 0 61 -51q34 -52 34 -81q0 -20 -9.5 -35.5t-19 -24.5t-33 -17.5t-32.5 -10.5 l-36 -8q-5 -1 -8 -2v-26q0 -173 -77 -253l25 -25q4 -2 25 -11.5t35.5 -18.5t18.5 -18q-65 -51 -132 -51q-34 0 -75 17q-88 -37 -180 -37q-118 0 -234 61q-36 -8 -55 -19q-7 -4 -26.5 -18t-36.5 -23.5t-28 -9.5q-3 18 -3 37q0 79 53 126q-60 99 -62 257l-7 1h-3 q-30 1 -76 -17q-48 -18 -64 -19q-4 0 -10 2zM232 114q0 -13 7 -27q27 -96 89 -138q43 -29 106 -46.5t117 -17.5q66 0 145.5 28t119.5 72q68 73 68 257q0 226 -92 379q-12 20 -17.5 27.5t-19 15.5t-32.5 8q-50 0 -107 -61q-76 47 -140 47q-59 0 -104.5 -43t-71 -104.5 t-42 -141t-21.5 -141t-5 -114.5zM413 521q0 22 15.5 37.5t36.5 15.5q22 0 37.5 -15.5t15.5 -37.5t-15.5 -37t-37.5 -15q-21 0 -36.5 15t-15.5 37zM469 539q0 -12 12 -12q5 0 8.5 3.5t3.5 8.5t-3.5 9t-8.5 4q-12 0 -12 -13zM563 479l2 2l-1 -3zM568 484l52 52l51 -52 q-22 -7 -50 -7q-29 0 -53 7zM570 462q27 -5 50 -5q22 0 49 5l-49 -49zM675 478v3l1 -2zM702 521q0 22 15.5 37.5t37.5 15.5t37.5 -15.5t15.5 -37.5t-15.5 -37t-37.5 -15t-37.5 15t-15.5 37zM758 539q0 -5 4 -8.5t8 -3.5q5 0 9 3.5t4 8.5q0 13 -13 13q-5 0 -8.5 -4t-3.5 -9z " />
-<glyph unicode="Q" horiz-adv-x="869" d="M3 -163v957q121 21 297 21q140 0 235.5 -24t165.5 -77q165 -125 165 -370q0 -260 -161 -395q-148 -126 -451 -126q-143 0 -251 14zM223 -1q19 -4 77 -4h4q153 0 240 85q89 86 89 256q0 154 -81.5 232t-228.5 78q-66 0 -100 -9v-638z" />
-<glyph unicode="R" d="M0 -46q0 55 39 94t94 39t94 -39t39 -94q0 -56 -39 -94.5t-94 -38.5t-94 39t-39 94zM0 289v191q179 0 331 -88.5t240.5 -240.5t88.5 -331h-192q0 194 -137 331q-138 138 -331 138zM0 628v192q203 0 388 -79.5t319 -213.5t213.5 -319t79.5 -388h-192q0 164 -64 314 t-172.5 258t-258 172t-313.5 64z" />
-<glyph unicode="S" horiz-adv-x="986" d="M0 547q0 113 80 193t193 80q78 0 145 -42q36 7 80 7q195 0 333 -138t138 -332q0 -49 -11 -101q28 -59 28 -121q0 -113 -80 -193t-193 -80q-68 0 -129 32q-45 -8 -86 -8q-194 0 -332 138t-138 333q0 47 9 94q-37 65 -37 138zM221 181q0 -41 30 -85q71 -104 246 -104 q50 0 96.5 11t87.5 34t66 63.5t25 94.5q0 58 -29.5 98t-73.5 58t-95.5 32.5t-95.5 23t-73.5 26t-29.5 44.5q0 33 36.5 49t74.5 16q40 0 66 -12.5t38 -30t21 -35t24.5 -30t39.5 -12.5q27 0 47.5 19t20.5 46t-15 54q-30 55 -95 80t-138 25q-46 0 -89 -9t-83 -29t-64.5 -56.5 t-24.5 -86.5q0 -66 40 -106.5t97 -57t114.5 -28.5t97.5 -33.5t40 -58.5q0 -29 -23 -49t-50.5 -27t-56.5 -7q-38 0 -64.5 10.5t-38.5 27t-22.5 35t-18 35t-22.5 27t-37 10.5q-28 0 -48.5 -17t-20.5 -45z" />
-<glyph unicode="T" horiz-adv-x="1230" d="M0 -83q30 -3 60 -3q176 0 314 108q-82 1 -147 50t-89 125q20 -4 47 -4q35 0 67 9q-88 17 -145.5 86.5t-57.5 160.5v3q53 -30 115 -31q-52 34 -82.5 89.5t-30.5 120.5q0 68 35 127q94 -117 229.5 -186.5t290.5 -77.5q-7 33 -7 58q0 104 74 178t179 74q109 0 184 -80 q87 18 160 62q-28 -91 -110 -140q73 9 144 40q-48 -75 -125 -131v-33q0 -101 -29.5 -202.5t-90 -194t-144.5 -164.5t-201.5 -114.5t-252.5 -42.5q-209 0 -387 113z" />
-<glyph unicode="U" horiz-adv-x="859" d="M-15 103q0 54 6 162q4 53 38 86.5t87 36.5q100 5 301 5t301 -5q53 -3 87 -36.5t38 -86.5q5 -90 5 -162t-5 -162q-4 -53 -38 -86.5t-87 -36.5q-100 -5 -301 -5t-301 5q-53 3 -87 36.5t-38 86.5q-6 108 -6 162zM52 244h61v-326h59v326h61v55h-181v-55zM117 847h60l38 -152 h4l36 152h60l-46 -148q-23 -73 -23 -75v-158h-59v151q-2 14 -5.5 25.5t-9 26.5t-8.5 25zM233 -38q0 -48 36 -48q32 0 61 35v-31h52v281h-52v-214q-21 -21 -31 -21q-14 0 -14 19v216h-52v-237zM312 537v146q0 34 22 52.5t56 18.5q33 0 53.5 -20t20.5 -53v-145 q0 -36 -20 -56.5t-56 -20.5q-35 0 -55.5 21.5t-20.5 56.5zM366 530q0 -23 22 -23q23 0 23 25v153q0 9 -7 15t-16 6t-15.5 -5.5t-6.5 -14.5v-156zM433 -82h53v21q20 -25 50 -25q47 0 47 62v156q0 71 -51 71q-25 0 -46 -27v123h-53v-381zM486 -29v176q11 11 22 11q22 0 22 -28 v-148q0 -24 -19 -24q-14 0 -25 13zM509 510v237h52v-215q0 -19 14 -19q13 0 31 21v213h52v-281h-52v31q-29 -35 -61 -35q-36 0 -36 48zM623 -3q0 -38 19 -62.5t57 -24.5q78 0 78 87v21h-54q0 -2 0.5 -13.5t-0.5 -16.5t-2.5 -13.5t-6.5 -12t-14 -3.5q-23 0 -23 40v53h100v72 q0 38 -18.5 60t-56.5 22q-36 0 -57.5 -23t-21.5 -59v-127zM677 96v30q0 31 23 31t23 -31v-30h-46z" />
-<glyph unicode="V" horiz-adv-x="1146" d="M0 548q55 65 110 116t95.5 77.5t72.5 43t48 21.5l17 4q12 2 24 2q19 0 35 -6q26 -10 42.5 -34.5t29 -55t21.5 -72t15 -77.5t13.5 -79.5t14.5 -70.5q32 -125 51.5 -177.5t41.5 -52.5q24 0 66.5 55.5t93.5 151.5q26 48 26 91q0 13 -2 23q-9 52 -51 65q-11 4 -24 4 q-35 0 -83 -26q22 130 134 209q85 60 174 60q12 0 24 -1q102 -8 139 -90q18 -38 18 -88q0 -29 -6 -61q-18 -102 -69.5 -208t-113 -187.5t-132.5 -155t-123.5 -117t-90.5 -68.5q-42 -24 -78.5 -24t-69.5 21t-56 48t-38 57q-18 38 -97.5 298.5t-96.5 280.5q-1 2 -4 4 t-13.5 4.5t-24 0t-36.5 -14t-50 -32.5z" />
-<glyph unicode="W" horiz-adv-x="1233" d="M0 -73l105 371q35 20 85.5 31t83.5 13l34 1q50 0 104 -10q101 -20 144 -61l-104 -370q-36 28 -79.5 45.5t-68.5 20.5l-26 4q-34 3 -65 3q-16 0 -42.5 -1.5t-83.5 -13.5t-87 -33zM126 404l105 371q35 20 86 31.5t84 12.5l33 1q51 0 104 -10q101 -20 144 -61l-104 -371 q-36 28 -79.5 45.5t-68.5 20.5l-26 4q-35 3 -64 3q-16 0 -42.5 -1.5t-84 -13t-87.5 -32.5zM557 -109l104 371q37 -28 80.5 -45.5t68.5 -20.5l25 -4q34 -3 65 -3q16 0 42.5 1.5t84 13t86.5 32.5l-104 -371q-35 -20 -86 -31t-84 -12l-33 -2q-51 0 -104 10q-101 20 -145 61z M677 366l104 370q37 -28 80.5 -45.5t68.5 -20.5l25 -4q34 -3 65 -3q16 0 42.5 1.5t83.5 13t87 32.5l-104 -370q-35 -20 -86 -31.5t-85 -12.5l-33 -2q-52 0 -103 11q-101 19 -145 61z" />
-<glyph unicode="X" horiz-adv-x="899" d="M-50 120h219l173 286l-130 229h-219l130 -229zM312 210l346 608h232l-345 -608l222 -392h-232z" />
-<glyph unicode="Y" horiz-adv-x="1379" d="M0 694l6 -19q4 -6 7.5 -10t5.5 -5l2 -2l19 -10h111l287 -344q11 -12 11 -25v-192q0 -8 -2.5 -12t-5.5 -5h-3q-112 0 -142 -3q-10 0 -10 -9v-55h516v57q0 3 -2.5 5t-4.5 2h-2h-144q-9 0 -9 15v202q-1 3 1.5 7t5.5 7l3 3q11 11 264 249h133q9 0 18 7l17 19q6 7 6 18v14 q-1 3 -3 4.5t-3 1.5h-2h-436l-7 -6q-1 -6 1.5 -12.5t5.5 -9.5l2 -4l23 -23l18 -7h115l-207 -195l-228 291h41q13 -1 22 4l68 21q1 0 3 1t4.5 5t2.5 9v14q0 3 -2 5t-4 2h-3h-489q-8 -1 -10 -7v-8zM1190 803l185 -7l-83 -567l-61 3zM1203 40l4 110l110 -4l-4 -110z" />
-<glyph unicode="Z" horiz-adv-x="870" d="M0 19q0 22 43 51q7 15 16.5 35.5t16 33t6.5 15.5q0 1 2.5 13.5t7 32t9.5 42.5t12.5 52t15.5 54q13 41 31 75t29 47.5t17 18.5q10 8 3 11q-9 6 -22 21.5t-29 60.5q-11 32 -11 70q0 14 2 29q2 16 7 3q3 -8 6 -25q4 -33 26.5 -74.5t60.5 -56.5q1 0 19.5 7t82 19t156.5 19 q1 37 7 76q-7 5 -11 13.5t-5 14.5l-1 6q-8 -14 -20 -13q-8 1 -8 33q0 17 2 43q1 20 18.5 32t32.5 13q2 1 5.5 2.5t13 3.5t17.5 2q14 15 45 19q19 3 35 3q11 0 20 -1l23 -3q11 1 22 1l40 -4q31 -8 47 -17l15 -9h4q27 0 41 -27q10 -17 16 -41q2 -10 3 -20q0 -14 -5 -29h-4 q-5 5 -10 17q-4 -12 -9.5 -21.5t-8.5 -12.5l-4 -4v-6q0 -44 -27 -102q-3 -8 2 -21q7 -16 23 -86q16 -66 15 -95v-3q-1 -31 -14.5 -65.5t-27.5 -48.5q1 -5 0 -10q0 -32 -21 -72q-7 -11 -17.5 -44t-14.5 -53q-5 -26 -5 -42q0 -14 4 -20q1 -1 10 -12.5t14.5 -20.5t4.5 -15 q-1 -9 -16.5 -18.5t-25.5 -9.5q-12 0 -27 7t-20 19q-6 19 -6 38q0 14 3 28q5 19 11 49q6 29 12 87q2 20 2 38q0 31 -7 51q-5 -2 -15 -5.5t-41.5 -9t-65.5 -5.5q-6 -30 -13 -57t-11 -38l-5 -12q-5 -8 -5 -113q0 -41 14 -103q9 -6 13 -14t4 -13v-5q-2 -13 -15.5 -20.5 t-29.5 -7.5t-31 11t-15 28q0 3 2 49q1 28 0 48v23q-4 78 -7 91q-26 97 -27 143q-7 0 -13 5l-53 -56q1 -5 4 -15.5t5 -18.5t2 -11q0 -8 14 -14q12 -5 25.5 -15t12.5 -20q-1 -12 -23 -14h-6q-20 0 -40 9q-2 1 -6.5 11t-9.5 24.5t-9.5 28.5t-8.5 27t-5 15q-5 21 -1 29 q15 41 15 60v4q-1 14 -22.5 32t-39.5 18q-7 0 -16.5 -5t-16 -10.5t-19.5 -16t-16 -13.5q-15 -11 -38 -32t-24 -22q-5 -3 -37 -61t-41 -81q0 -1 -2.5 -9.5t-4.5 -15t-7.5 -16t-11.5 -16t-15.5 -10.5t-21.5 -4q-22 1 -22 19z" />
-<glyph unicode="[" horiz-adv-x="999" d="M0 297q0 75 23 155.5t62 144.5q62 104 182.5 163.5t248.5 59.5q130 0 249.5 -81.5t182.5 -201.5q50 -86 50 -214q0 -150 -71 -266t-192 -177t-270 -60q20 36 61 109.5t73.5 130.5t64.5 108l1 2q3 5 12 18.5t12.5 19.5t9.5 17t9.5 21t5.5 21q6 24 6 48q0 80 -48 142 l275 81q-285 0 -428 -1q-7 1 -22 1q-99 0 -165.5 -74t-55.5 -173q-2 9 -2 28q0 44 15 77l-204 201l198 -341q19 -72 79.5 -117.5t134.5 -45.5q17 0 33 3l-66 -276q-115 0 -223 71t-175 176q-66 102 -66 230zM312 316q0 -77 54.5 -131.5t130.5 -54.5t130.5 54.5t54.5 131.5 q0 76 -54 130.5t-131 54.5t-131 -54.5t-54 -130.5z" />
-<glyph unicode="\" horiz-adv-x="831" d="M0 -155q0 27 31 27q12 0 21 0.5t28.5 7t32 17.5t23 35t10.5 57v614q0 127 -92 135q-15 1 -21.5 6.5t-7 10t-0.5 15.5q-2 25 23 25q4 0 62 -1.5t137 -3t135 -1.5q115 0 196.5 5.5t121 10.5t52.5 5q31 0 31 -31q0 -3 -6 -25.5t-6 -41.5q0 -16 3.5 -47t3.5 -44 q0 -18 -12 -27.5t-24 -9.5q-20 0 -21 28q0 4 0.5 14t0 14.5t-3 14.5t-7.5 15t-15 13t-24 12.5t-36 10t-50.5 8.5t-67 5t-85.5 2q-80 0 -115.5 -7.5t-43 -20t-7.5 -42.5q0 -29 0.5 -134.5t0.5 -115.5q0 -19 6.5 -26.5t22.5 -7.5h233q38 0 65.5 21.5t30.5 66.5q1 16 5 24 t8.5 9.5t14.5 1.5q14 0 22.5 -11.5t6.5 -33.5q0 -7 -4.5 -46t-4.5 -65q0 -25 4.5 -67t4.5 -57q0 -26 -22.5 -29.5t-29.5 23.5q-4 17 -6.5 24.5t-11.5 24t-20.5 24.5t-33.5 15.5t-51 7.5h-207q-18 0 -26 -11t-8 -38v-265q0 -43 22 -69t85 -26q5 0 50 -0.5t63 0t60 3t65.5 7.5 t52.5 15.5t47 24.5q24 19 34.5 46.5t19.5 80.5q4 19 26 18q28 0 37 -32q3 -11 2 -24q-1 -12 -16.5 -63.5t-15.5 -74.5q0 -6 0.5 -21.5t0.5 -23t-2 -18t-8 -15t-15 -4.5q-2 0 -33.5 7t-103.5 7q-66 0 -322 -1.5t-285 -1.5q-19 0 -25 5.5t-6 18.5z" />
-<glyph unicode="]" horiz-adv-x="1040" d="M2 69v576q0 1 3 19l339 -290l-338 -325q-4 14 -4 20zM47 704q7 3 17 3h913q9 0 18 -3l-340 -291l-45 -36l-89 -73l-89 73l-45 36zM48 10l341 327l132 -107l132 107l341 -327q-8 -3 -17 -3h-913q-8 0 -16 3zM698 374l338 290q3 -9 3 -19v-576q0 -9 -3 -20z" />
-<glyph unicode="^" horiz-adv-x="1106" d="M0 207v151q0 10 7 17.5t18 7.5h265l-115 -201h-150q-11 0 -18 7t-7 18zM122 -37l66 -38zM132 6.5q-3 10.5 2 19.5l304 528q5 9 15 11.5t19 -2.5l65 -37q10 -5 12.5 -15.5t-2.5 -19.5l-303 -528q-5 -9 -15.5 -11.5t-19.5 2.5l-65 38q-9 4 -12 14.5zM440 182l115 201h67 l94 -201h-276zM518 807q1 9 6 12q10 5 35.5 -31t71.5 -116t62 -105q28 -44 75.5 -130.5t91 -169t43.5 -83.5q11 -19 -2 -36t-31 -24q-18 -8 -24 -9t-30 7q-30 15 -190 393q-5 11 -13.5 30.5t-17 38t-18.5 42t-18.5 44t-17 42t-13.5 39t-8 32.5t-2 24zM846 383h235 q10 0 17.5 -7.5t7.5 -17.5v-151q0 -10 -7.5 -17.5t-17.5 -7.5h-133q-4 16 -8 23l-24 46q-64 121 -70 132zM859 66.5q3 10.5 13 15.5l37 19q10 5 21 1.5t16 -13.5l31 -60q12 -24 -10 -39l-27 -16q-10 -5 -21 -2.5t-17 12.5l-40 62q-6 10 -3 20.5zM935.5 -78q0.5 16 4 21 t12.5 14l24 9q61 12 72 -70q3 -32 -1 -76q-4 12 -44 29.5t-55 38.5q-13 18 -12.5 34z" />
-<glyph unicode="_" horiz-adv-x="1084" d="M-1 2v89v54v207h140v-207h805v207h141v-207v-54v-89h-1086z" />
-<glyph unicode="`" d="M0 298q0 141 67 260.5t182 189t251 69.5t251 -69.5t182 -189t67 -260.5q0 -4 -0.5 -10t-0.5 -10q-8 208 -152.5 353t-346.5 145t-346.5 -145t-152.5 -353q0 4 -0.5 10t-0.5 10zM183 299q0 136 93 232.5t224 96.5t224 -96.5t93 -232.5q0 -3 -0.5 -10t-0.5 -10 q-8 129 -99 219t-217 90t-217 -90t-99 -219q0 3 -0.5 10t-0.5 10zM349 104q0 33 4.5 59t10.5 43t18.5 29t23 18t28.5 9.5t31 4t35 0.5t35 -0.5t31 -4t28.5 -9.5t23 -18t18.5 -29t10.5 -43t4.5 -59q0 -118 -44.5 -202.5t-106.5 -84.5t-106.5 84.5t-44.5 202.5zM396 384 q0 44 30.5 76t73.5 32t73.5 -32t30.5 -76t-30.5 -76t-73.5 -32t-73.5 32t-30.5 76z" />
-<glyph unicode="a" horiz-adv-x="1099" d="M1 44q5 8 16 1q250 -145 544 -145q196 0 387 73q5 2 14.5 6t13.5 6q15 6 23.5 -6t-5.5 -22q-18 -13 -46 -30q-86 -51 -192 -79t-207 -28q-156 0 -295 54.5t-249 153.5q-6 5 -6 10q0 3 2 6zM302 329q0 69 34 118t93 74q54 23 133 33q27 3 88 8v17q0 64 -14 86 q-21 30 -66 30h-8q-33 -3 -57 -21t-31 -50q-4 -20 -20 -23l-115 14q-17 4 -17 18q0 3 1 7q17 89 83.5 132t155.5 48h25q114 0 178 -59q10 -10 18.5 -21.5t13.5 -20.5t9 -26t6 -23.5t3 -28t1 -25.5v-30v-28v-184q0 -26 7.5 -47.5t14.5 -31t23 -30.5q6 -9 6 -16q0 -8 -8 -14 q-83 -72 -90 -78q-12 -9 -29 -2q-14 12 -24.5 23t-15 16t-14.5 19.5t-14 19.5q-56 -61 -110 -76q-34 -10 -84 -10q-77 0 -126.5 47.5t-49.5 134.5zM474 349q0 -39 19.5 -62.5t52.5 -23.5q3 0 8.5 1t7.5 1q42 11 65 54q11 19 16.5 41.5t6 36.5t0.5 46v25q-58 0 -88 -8 q-88 -25 -88 -111zM894 27q2 4 6 8q25 17 48 23q38 10 74 11q10 1 19 -1q45 -4 54 -15q4 -6 4 -18v-7q0 -35 -19 -82.5t-53 -76.5q-5 -4 -9 -4q-2 0 -4 1q-6 3 -3 11q37 87 37 121q0 11 -4 16q-10 12 -56 12q-17 0 -40 -2q-25 -3 -46 -6q-6 0 -8 2t-1 4q0 1 1 3z" />
-<glyph unicode="b" horiz-adv-x="1314" d="M-2 438q0 55 38.5 94t93.5 39q47 0 83.5 -29.5t46.5 -74.5l502 -202q32 19 68 19q2 0 6.5 -0.5t7.5 -0.5l110 159q1 73 53 124.5t125 51.5q74 0 126 -52t52 -126t-52 -126t-126 -52l-170 -124q-5 -51 -43 -85.5t-89 -34.5q-48 0 -84 30t-46 75l-502 201q-32 -19 -68 -19 q-55 0 -93.5 39t-38.5 94zM33 438q0 -40 28.5 -68.5t68.5 -28.5q9 0 21 2l-41 16v1q-28 13 -40 42q-6 14 -6 28q0 15 6 30q12 30 40 42q15 7 31 6q13 0 27 -5v1l49 -20q-29 52 -87 52q-40 0 -68.5 -28.5t-28.5 -69.5zM743 105q29 -52 87 -52q40 0 69 28.5t29 69.5 q0 40 -28.5 68.5t-69.5 28.5q-14 0 -21 -2l40 -16q30 -12 43 -42q7 -15 7 -30q0 -14 -6 -29q-12 -31 -42 -43q-15 -6 -30 -6q-14 0 -29 6q-8 3 -24.5 9.5t-24.5 9.5zM1013 440q0 -49 35 -84t84 -35q50 0 85 35t35 84t-35 84t-85 35q-49 0 -84 -35t-35 -84zM1038 441 q0 -40 27.5 -68t67.5 -28q39 0 67 28t28 68q0 39 -28 67t-67 28q-40 0 -67.5 -28t-27.5 -67z" />
-<glyph unicode="c" horiz-adv-x="1107" d="M-2 251q0 104 73.5 178t176.5 74l1 -1q0 3 -0.5 7t-0.5 6q0 118 82.5 201t199.5 83q103 0 181 -66t96 -166h17q117 0 199.5 -83t82.5 -201t-82.5 -201t-199.5 -83q-8 0 -12 1v-1h-555h-9h-9h-5v1q-99 5 -167.5 78t-68.5 173z" />
-<glyph unicode="d" horiz-adv-x="1013" d="M-12 286l214 163l-214 162l311 203l203 -174l208 174l302 -193l-198 -165l198 -170l-307 -185l-203 156l-203 -156zM201 35v57l94 -55l203 155l1 -1v-355zM206 451l294 -185l296 196l-294 169zM499 -164l1 355l2 1l202 -155l100 60v-63z" />
-<glyph unicode="e" horiz-adv-x="1407" d="M0 181q0 31 5 53.5t21.5 46.5t46.5 38.5t83.5 24t128.5 9.5q88 0 148 -13q39 -8 58 -18v-161h-293q0 -21 2 -33.5t9 -30.5t26.5 -27t49.5 -9q85 0 85 61h63h2h56v-89q-27 -13 -56 -19q-68 -15 -150 -15q-92 0 -151 12.5t-87 39t-37.5 56t-9.5 74.5zM198 215h178 q0 18 -1.5 26.5t-8.5 23.5t-27.5 22t-53.5 7q-31 0 -50.5 -7.5t-26.5 -23t-8.5 -24t-1.5 -24.5zM491 33v89h78q-1 -51 -74 -87q-2 -2 -4 -2zM491 33q2 0 4 2q73 36 74 87h-78v39h81q1 12 1 23q0 45 -13 76q-16 39 -69 62v183h107v-203h2q31 44 88 44q43 0 69 -26 q-40 -29 -40 -102q0 -104 76 -122q-1 -31 -5.5 -54t-15.5 -47t-32.5 -36.5t-53.5 -12.5q-64 0 -91 50h-1v-42h-103v79zM491 161v161q53 -23 69 -62q13 -31 13 -76q0 -11 -1 -23h-81zM598 150q0 -77 8.5 -107.5t35.5 -30.5q28 0 37 30.5t9 107.5v5q0 35 -1 51.5t-5 37 t-13.5 28.5t-26.5 8q-16 0 -25.5 -8.5t-13 -29.5t-4.5 -38t-1 -54zM717 218q0 73 40 102q17 -18 26 -53t10 -55.5t0 -63.5v-52q-76 18 -76 122zM725 377q0 69 40 94q34 26 101 26q4 0 49 -3l107 -218v-102q0 -14 2 -39t2 -34h-100l-5 52h-2q-33 -58 -100 -58q-18 0 -26 1v52 q0 43 -0.5 63.5t-9.5 55.5t-26 53q38 29 135 29h24v31q0 29 -8.5 43t-35.5 14q-26 0 -33 -15.5t-7 -44.5h-107zM822 223q0 -62 41 -62q13 0 22.5 4.5t15.5 14t9.5 18t4.5 24t1.5 23.5t0 24t-0.5 20q-4 0 -17 -0.5t-16.5 -1l-14 -2t-14 -3t-10.5 -5t-9.5 -8t-6.5 -11 t-5 -15.5t-1 -20zM889 546h154l100 -232l109 232h143l-189 -359v-190h-141v190l-43 89v91q0 55 -21.5 86.5t-85.5 40.5zM915 494q64 -9 85.5 -40.5t21.5 -86.5v-91z" />
-<glyph unicode="f" horiz-adv-x="817" d="M280 283v191h154v96q0 104 67.5 177t163.5 73h153v-191h-153q-15 0 -27 -16.5t-12 -40.5v-98h192v-191h-192v-463h-192v463h-154z" />
-<glyph unicode="g" horiz-adv-x="939" d="M0 -27q0 -63 62 -108t150 -45t150.5 45t62.5 108q0 64 -62.5 109t-150.5 45q-1 0 -3 -0.5t-3 -0.5q-24 22 -24 47.5t24 53.5q71 4 120 55t49 121q0 28 -7 50q28 5 44 14v115q-48 -32 -109 -32h-7q-46 31 -101 31q-75 0 -128 -52t-53 -126q0 -47 24 -87t64 -64 q-28 -36 -28 -74q0 -36 26 -75q-46 -21 -73 -55t-27 -75zM121 405q0 33 21.5 56.5t50.5 23.5q30 0 51 -23.5t21 -56.5t-21 -56.5t-51 -23.5q-29 0 -50.5 23.5t-21.5 56.5zM124 -27q0 27 25.5 45.5t62.5 18.5t63 -18.5t26 -45.5q0 -26 -26 -45t-63 -19t-62.5 19t-25.5 45z M455 739q0 34 23.5 57.5t57.5 23.5t58 -23.5t24 -57.5t-24 -58t-58 -24t-57.5 24t-23.5 58zM474 92v479h134v-479h-134zM655 469h55v-284v-1q4 -30 19.5 -51.5t34.5 -31.5t37.5 -16t30.5 -7h13h7q27 0 48 8q23 8 30 16l7 9l2 99q-42 -13 -65 -13q-5 0 -9 1q-23 3 -27 16 l-4 13q0 3 -1 4v238h91v102h-91v93h-123v-93h-55v-102z" />
-<glyph unicode="h" horiz-adv-x="866" d="M0 -196v496v496l501 -496zM0 -196l501 496l134 -133l-202 -117l-433 -250v4zM0 796v4l433 -250l202 -117l-134 -133zM501 300l134 133l231 -133l-231 -133z" />
-<glyph unicode="i" d="M0 320q0 136 67 251t182 182t251 67t251 -67t182 -182t67 -251t-67 -251t-182 -182t-251 -67t-251 67t-182 182t-67 251zM100 320q0 -166 117 -283t283 -117t283 117t117 283t-117 283t-283 117t-283 -117t-117 -283zM283 144q0 -31 21.5 -52.5t52.5 -21.5q33 0 57 24 t24 57v8v261l200 37v-208q-15 5 -28 5q-33 0 -57 -24t-24 -57q0 -31 21 -52.5t52 -21.5t55.5 23t25.5 54v4v8v382l-290 -50v-300q-15 5 -28 5q-34 0 -58 -24t-24 -57z" />
-<glyph unicode="j" horiz-adv-x="764" d="M0 -183v1000h764v-817l-571 3v-186h-193zM191 176h399v450h-399v-450z" />
-<glyph unicode="k" d="M0 253v67v67t2.5 59t7 61.5t14 53t23.5 55.5t35.5 46.5t50.5 47.5q146 110 356 110h11h5v-777h124v208q7 -11 39 -63.5t51 -79.5q29 -40 63.5 -53t91.5 -13h36v118q-45 0 -63 7t-42 41q-14 18 -37 56.5t-26 43.5l171 238h-148l-136 -189v453q135 -22 238 -100 q29 -22 50.5 -47.5t35.5 -46.5t23.5 -55.5t14 -53t7 -61.5t2.5 -59v-67v-67t-2.5 -59t-7 -61.5t-14 -53t-23.5 -55.5t-35.5 -46.5t-50.5 -47.5q-146 -110 -367 -110t-367 110q-29 22 -50.5 47.5t-35.5 46.5t-23.5 55.5t-14 53t-7 61.5t-2.5 59zM81 104q66 -67 192 -67 q80 0 137.5 41t57.5 118q0 51 -18 84.5t-45 45.5t-58.5 19.5t-58.5 9t-45 11.5t-18 30q0 47 70 46q57 0 87 -29l78 78q-60 60 -170 60q-78 0 -131.5 -41.5t-53.5 -117.5q0 -51 20.5 -83.5t51.5 -44.5t62.5 -17t59.5 -9t37 -14q10 -11 10 -30q0 -46 -72 -46q-77 0 -113 36z " />
-<glyph unicode="l" horiz-adv-x="1332" d="M-1 320q0 164 116 280t280 116q124 0 219.5 -63.5t146.5 -180.5q15 -36 129 -300q21 -48 37.5 -73.5t49 -45t79.5 -21.5h7q67 0 111 36q46 38 47 96q0 27 -8 45t-29.5 32t-40.5 21.5t-59 20.5q-125 41 -180 89.5t-55 135.5q0 91 57.5 145.5t156.5 54.5q127 0 191 -115 l-84 -43q-45 62 -112 62q-46 0 -76.5 -28.5t-30.5 -72.5q0 -13 2 -24.5t8.5 -20.5t12 -16t17.5 -14.5t20 -11.5t25 -10.5t26.5 -9.5t31.5 -10t33 -10q108 -36 154.5 -84t46.5 -140q0 -100 -76 -166q-75 -65 -186 -65h-3q-100 0 -161 46.5t-103 140.5l-14 33l-127 288 q-33 77 -104.5 124t-158.5 47q-119 0 -203.5 -84.5t-84.5 -203.5t84.5 -203.5t203.5 -84.5q82 0 150 42.5t105 112.5l51 -118q-55 -68 -135 -106.5t-171 -38.5q-164 0 -280 116t-116 280z" />
-<glyph unicode="m" horiz-adv-x="1210" d="M7 -117v897h185l9 -8h825l9 8h174v-900h-171v7h-855v-4h-176zM183 15v-80h855v74l-345 259l-79 -65l-86 70zM183 75l307 229l-307 252v-481zM266 716l348 -298l347 298h-695zM731 299l307 -230v484z" />
-<glyph unicode="n" d="M0 496l316 323v-123l301 -277l187 46l-195 -208l391 -438l-444 392l-188 -192l30 169l-255 316z" />
-<glyph unicode="o" horiz-adv-x="1083" d="M0 173q-1 63 24.5 116.5t67 89t92 63t101 43t92.5 25.5t68 13l26 3v-123q-57 -4 -104.5 -19.5t-77.5 -36.5t-53 -45.5t-35 -48t-19 -42.5t-8 -31l-2 -12q-3 -15 -3 -30q0 -22 7 -42q12 -34 38 -58t59 -44.5t68 -33t64 -21.5t47 -13l19 -3v-103q-97 10 -175.5 35 t-126.5 56.5t-83 67.5t-51 70.5t-24.5 62t-9.5 44.5zM510 -180v902l142 98v-922zM686 411h5q38 -1 77 -15q42 -16 64 -31l21 -16l-83 -34l313 -78v245l-107 -61q-40 43 -112.5 69t-125.5 31l-52 5v-115z" />
-<glyph unicode="p" d="M0 -47v734q0 55 39 94t94 39h734q55 0 94 -39t39 -94v-734q0 -55 -39 -94t-94 -39h-734q-55 0 -94 39t-39 94zM38 -19q0 -51 36 -87t87 -36h678q51 0 87 36t36 87v678q0 51 -36 87t-87 36h-678q-51 0 -87 -36t-36 -87v-678zM239 13v30h49q28 0 44 18.5t18 36.5l1 19v6v29 v377q0 35 -15 54.5t-30 21.5l-15 2h-50v32h349q46 0 80.5 -15t52 -36.5t28 -42.5t13.5 -36l2 -15v-62q0 -31 -9 -55.5t-23.5 -39.5t-32 -26.5t-35.5 -16.5t-32.5 -7.5t-23.5 -2.5l-9 -1h-143v-168q0 -31 17 -48.5t35 -19.5l17 -2h47v-32h-335zM457 338h109q4 0 10 0.5 t21.5 6t27.5 14.5t21.5 28.5t9.5 46.5l-1 61q0 4 -0.5 10t-6 22.5t-14.5 29.5t-29.5 25t-47.5 14h-100v-258z" />
-<glyph unicode="q" horiz-adv-x="889" d="M0 366q0 122 59.5 226t161.5 164.5t223 60.5q184 0 314.5 -132t130.5 -319q0 -119 -57 -220.5t-154 -162.5q1 -2 3.5 -6.5t11.5 -16t21 -22t33 -21.5t45 -17v-76q-36 -7 -67 -7q-50 0 -85 18q-56 29 -91 94q-48 -13 -105 -13q-120 0 -222.5 60.5t-162 164t-59.5 225.5z M221 307q0 -116 66.5 -198.5t160.5 -82.5q26 0 52 8q-2 3 -5.5 8.5t-14.5 18.5t-23.5 23.5t-31 19.5t-36.5 10v79v9q10 1 20 1q119 0 203 -90q63 81 63 194v116q0 116 -66.5 198.5t-160.5 82.5t-160.5 -82.5t-66.5 -198.5v-116z" />
-<glyph unicode="r" horiz-adv-x="1201" d="M0 320q0 139 72 254.5t191.5 180.5t257.5 65q86 0 162 -25v-302q-64 35 -132 35q-92 0 -162 -49q-45 -33 -80.5 -82.5t-35.5 -95.5q0 -90 57.5 -141t148.5 -51q78 0 151.5 41.5t108.5 108.5q21 37 21 50q1 67 1 143t-0.5 169t-0.5 144q20 -10 119 -77q135 -92 289 -92 q20 0 26.5 -7.5t6.5 -29.5q0 -51 -53 -100.5t-110 -69.5q4 -31 4 -69q0 -139 -72 -254.5t-191.5 -180.5t-257.5 -65t-257.5 65t-191.5 180.5t-72 254.5z" />
-<glyph unicode="s" horiz-adv-x="1153" d="M0 141q0 16 3.5 44t9.5 31q6 -3 10.5 -32.5t4.5 -42.5q0 -14 -4.5 -42.5t-10.5 -31.5q-13 7 -13 74zM64 141q0 25 5 74t6 61q0 6 6 6q4 0 6 -6q12 -129 12 -135q0 -24 -5.5 -71t-6.5 -59q-2 -7 -6 -7q-6 0 -6 7q-1 11 -6 58.5t-5 71.5zM145 141q0 24 5 73.5t5 54.5 q0 9 7 9q8 0 8 -9q11 -113 11 -128t-11 -136q0 -8 -8 -8q-7 0 -7 8q0 7 -5 58.5t-5 77.5zM237 141q0 38 1.5 80.5t4 95t3.5 81.5q0 10 9 10q10 0 10 -10q1 -16 5.5 -111.5t4.5 -145.5q0 -26 -5 -77t-5 -58q0 -10 -10 -10q-9 0 -9 10q-9 132 -9 135zM331 141q0 55 3 159.5 t4 128.5q2 12 12 12t12 -12q1 -32 4.5 -133t3.5 -155q0 -25 -3.5 -72t-4.5 -61q-2 -12 -12 -12t-12 12q0 11 -3.5 59t-3.5 74zM426 141q0 40 1 85t2.5 100t2.5 85q2 15 14 15t14 -15q1 -30 2.5 -85t2.5 -100t1 -85q0 -2 -6 -131v1q-2 -15 -14 -15t-14 14q-6 129 -6 131z M521 140q0 3 6 351q2 18 16 18t16 -18q6 -348 6 -351q0 -1 -6 -127q-2 -17 -16 -17t-16 17q-6 126 -6 127zM601 352.5q0 82.5 1 155.5q-1 10 12.5 18t32.5 11.5t34.5 5.5t24.5 2q97 0 169 -72.5t80 -178.5q28 13 55 13q58 0 99.5 -45.5t42 -110.5t-41.5 -110.5t-100 -45.5 h-393q-6 0 -10.5 6t-4.5 13q0 55 -0.5 155.5t-0.5 183z" />
-<glyph unicode="t" horiz-adv-x="616" d="M0 410v142q60 20 101 55q41 33 67 86q26 51 35 127h143v-253h237v-157h-237v-256q0 -86 9 -112q9 -24 34 -39q34 -20 76 -20q77 0 151 49v-157q-63 -31 -116 -43q-52 -12 -112 -12q-68 0 -122 17q-55 19 -89 50q-36 31 -52 68q-14 34 -14 105v350h-111z" />
-<glyph unicode="u" horiz-adv-x="916" d="M2 455q4 36 15.5 63t25.5 40t28 21t23 9l9 2h8q43 0 77 -36q38 -40 41 -78q3 -16 3 -33v-6q0 -20 -5.5 -53t-28 -57.5t-59.5 -32.5q-13 -3 -26 -3q-23 0 -43 10q-30 15 -45 43t-21 58q-4 17 -4 32q0 11 2 21zM66 -32q-4 18 -4 36q0 28 10 55q16 44 38.5 68t48.5 45l26 21 q2 2 26.5 22.5t53.5 51.5t49 66q18 31 50 53q33 22 72 28q9 1 17 1q31 0 66 -18q44 -23 79 -77q8 -12 23.5 -31.5t66.5 -72t106 -95.5q26 -20 39.5 -49.5t13.5 -57t-4 -52t-9 -39.5l-6 -15q-2 -6 -7.5 -15t-27.5 -29t-50 -31.5t-79 -11.5t-112 20q-36 12 -79 13h-14 q-33 0 -55 -4l-25 -4q-10 -2 -27 -5q-18 -3 -66 -8q-24 -2 -44 -2.5t-36 2.5h-3q-46 0 -80 33q-35 34 -46 68zM208 72q-2 -14 -2 -27q0 -32 12 -61q22 -43 79 -55h127v307l-57 1v-83h-68q-30 0 -53 -20.5t-30 -41.5zM232 666q0 64 31.5 109t76.5 45t76.5 -45t31.5 -109 t-31.5 -109t-76.5 -45t-76.5 45t-31.5 109zM268 23q-2 8 -2 16q0 14 6 31q10 26 39 35h55v-125h-51q-16 0 -27.5 10.5t-15.5 21.5zM455 -15q0 -18 15 -31.5t30 -18.5l15 -5h146v217h-63v-163h-60q-9 1 -14.5 6t-7.5 9l-1 4v145l-60 -1v-162zM508 657q5 48 49 97q37 41 72 41 q6 0 13 -1q43 -10 74 -58q25 -39 25 -77q0 -9 -1 -18q-9 -55 -48 -101q-34 -39 -80 -40q-7 0 -14 1q-56 8 -76 51q-15 32 -16 75q0 14 2 30zM686 367q0 150 108 150q34 0 59.5 -14.5t38 -36t18.5 -40.5t6 -33v-14v-11v-9q0 -7 -1 -22.5t-4 -25.5t-7.5 -24t-13 -23.5 t-19 -18.5t-26.5 -13.5t-35 -4.5h-6q-38 0 -63 11q-27 12 -38 36.5t-14 44t-3 48.5z" />
-<glyph unicode="v" horiz-adv-x="1011" d="M0 -21v678q0 66 43 114.5t108 48.5h697q70 0 116.5 -37.5t46.5 -106.5v-59q-74 14 -111 20q-53 7 -54 7q-10 3 -29.5 10t-34 10.5t-32.5 3.5q-62 0 -132 -47q-34 -3 -95.5 -7t-112 -9t-95.5 -14h-1h-1l-1 -1h-1h-1h-1h-1l-1 -1h-1q-72 -14 -87 -26q-18 -15 -20 -71v-39 v-126l-3 -18l526 -13l80 27q-44 -79 -70 -132l-106 -47l-406 -7q-3 -3 -10 -3.5t-11 -4.5q4 -26 7 -39q12 -52 112 -59q206 -13 335 -13q38 0 120 20t127 20q65 0 111 -29v-54q0 -155 -154 -155h-723q-61 0 -97.5 48t-36.5 111zM690 525q0 14 10 24.5t24 10.5t24.5 -10.5 t10.5 -24.5t-10.5 -24t-24.5 -10t-24 10t-10 24z" />
-<glyph unicode="w" d="M0 319q0 136 67 251t182 182t251 67t251 -67t182 -182t67 -251t-67 -251t-182 -182t-251 -67t-251 67t-182 182t-67 251zM39 319q0 -135 71.5 -247t188.5 -168l-220 603q-40 -89 -40 -188zM114 572h30q48 0 123 6q12 1 17.5 -8t1.5 -19t-16 -11l-53 -5l168 -499l101 302 l-72 197q-24 3 -48 5q-12 1 -16 11t1.5 19t17.5 8l121 -6q49 0 123 6q12 1 17.5 -8t1.5 -19t-16 -11l-52 -5l166 -496l46 154q36 117 36 149q0 64 -39 128q-2 3 -12.5 21t-13.5 23.5t-9 19t-8 23.5t-2 21q0 33 22.5 57.5t55.5 24.5q1 0 3 -0.5t3 -0.5q-131 121 -312 121 q-119 0 -221 -56t-165 -152zM370 -124q62 -18 130 -18q80 0 153 26l-3 6l-142 389zM732 -80q105 61 167 167.5t62 231.5q0 120 -56 221q3 -21 3 -47q0 -63 -35 -165z" />
-<glyph unicode="x" horiz-adv-x="1002" d="M0 320q0 -176 109 -312q-9 25 -9 56q0 32 10 68q20 72 61.5 139.5t86 127.5t78.5 96l33 36q-147 91 -234 130q-135 -145 -135 -341zM139 -25q23 68 68.5 139t94 124t94 96.5t74.5 65.5l29 23q13 -9 34 -26t77.5 -68t102.5 -102t90.5 -121t59.5 -131q-70 -73 -164 -114 t-198 -41q-105 0 -198.5 41t-163.5 114zM176 700q139 120 325 120q185 0 324 -120q-35 20 -81 20t-87 -14.5t-77 -31.5t-58 -32l-21 -14h-1q-8 6 -22.5 15.5t-55.5 30.5t-79 33.5t-85 12.5q-1 0 -2 1q-46 0 -80 -21zM632 531q148 91 235 130q135 -145 135 -341 q0 -176 -110 -312q9 26 9 56q1 30 -9 68q-20 72 -62 139.5t-86.5 127.5t-77.5 96z" />
-<glyph unicode="y" horiz-adv-x="749" d="M4 231v-13q0 -43 6 -69q5 -18 19 -25.5t29 -2.5l204 63q22 7 31 26q5 10 5 20t-5 19q-9 19 -32 26l-204 82q-14 3 -27.5 -7.5t-16.5 -30.5q-8 -36 -9 -88zM91 708q-5 8 -5 16q0 9 6 18q12 17 38 27q81 31 171 46h5q45 0 49 -38q25 -313 25 -393q0 -33 -27 -40 q-6 -2 -12 -2q-21 0 -37 25q-148 232 -213 341zM160 -57l139 166q19 21 38 21q8 0 16 -3q25 -11 25 -45q0 -5 -1 -10v-221q-2 -14 -17 -22q-9 -5 -18 -5q-8 0 -16 3q-36 6 -85 25.5t-73 37.5q-18 14 -18 30q0 11 10 23zM454 280q-6 12 -6 23q0 17 15 33l130 179q7 8 20 8 q3 0 7 -1q17 -2 29 -18q25 -26 53 -70.5t37 -73.5q3 -8 3 -15q0 -9 -4 -16q-8 -13 -23 -16l-209 -53q-8 -2 -16 -2q-23 0 -36 22zM466 155q-9 -12 -9 -24q0 -16 13 -32l114 -190q7 -9 24 -9h3q19 1 33 15q27 24 55.5 62.5t41.5 69.5q4 11 4 21q0 7 -3 13q-5 14 -19 19 l-205 70q-10 4 -19 4q-21 0 -33 -19z" />
-<glyph unicode="z" horiz-adv-x="722" d="M0 46v13v82q0 6 2.5 12t4.5 9l2 2q65 77 195 230.5t195 230.5q-57 -11 -103 -14q-23 -2 -41 -1q-17 0 -31 1q-26 3 -46.5 10t-28.5 13.5t-12 12.5q-1 0 -1 1q-1 2 -2 3q-4 9 -4 24q0 7 1 15q5 49 49 110q2 2 6 6.5t6 7.5q5 5 12 5q6 0 15 -4q18 -10 20 -10 q55 -22 148 -26q22 -1 44 -1q107 0 222 24q9 2 13.5 -1.5t4.5 -8.5v-5q-1 -14 -4 -42.5t-5 -42.5q0 -4 -5 -9l-13 -13l-8 -7q-8 -9 -161 -188q-126 -146 -190 -219q-20 -24 -60 -70q-11 -13 -13 -18.5t-2 -23.5h7q65 0 144 -49q45 -29 86 -51t59 -29l19 -7q45 -12 83 -12 q65 0 110 35q5 -22 5 -45q0 -27 -7 -56q-12 -53 -50 -90q-32 -31 -77 -31q-8 0 -17 1q-64 8 -166 67q-23 13 -72.5 51t-78.5 53q-48 24 -95 31t-117 7h-31q-8 0 -12 17z" />
-<glyph unicode="{" horiz-adv-x="1233" d="M-63 548q174 33 208 71q27 30 45 91q18 -23 23 -48.5t1 -39.5l-5 -13q-6 -13 -10.5 -21t-7.5 -13.5t-9.5 -11t-10 -8.5t-16 -11t-20.5 -14q-35 -27 -33.5 -62.5t30.5 -54.5q26 -16 50.5 6t52.5 78q12 25 18.5 66t19.5 73t47 59q20 16 45.5 19t50 1t51.5 0t60 23.5 t67 64.5q5 6 14 15.5t38 29t59 28t74 -1t86 -44.5q-48 21 -90 21t-67.5 -15t-43.5 -33t-26 -33l-7 -15q-15 -37 -28.5 -61.5t-23.5 -38.5t-25 -22.5t-24 -11.5t-32 -8.5t-38 -9.5q-43 -13 -50 -54q-6 -36 22 -53q32 -18 82 14q37 24 59.5 49.5t30.5 44t27.5 39.5t51.5 37 q43 21 82 28.5t83 8t67 3.5q197 32 246 114q48 79 49 130q17 -58 11.5 -104t-26.5 -80.5t-44 -57t-41 -33.5l-18 -11q-77 -40 -128.5 -55.5t-83.5 -21t-62 -21.5q-103 -55 -52 -155q21 -41 61.5 -44.5t77.5 29.5q6 5 14 14t22.5 39t15.5 61q20 -56 15.5 -96.5t-20.5 -63.5 l-15 -22q-36 -38 -60.5 -53.5t-63 -18.5t-89.5 15q-86 21 -119.5 20.5t-61.5 -17.5q-28 -16 -43 -42.5t-2 -48.5q14 -25 34 -27.5t64 21.5q39 23 66 29.5t68 8.5q87 2 139 -38q37 -24 74 -57q-40 24 -79 30.5t-66 -1t-48.5 -18t-31.5 -21.5l-10 -10q-45 -51 -75.5 -72 t-53 -20.5t-58.5 14.5q-10 4 -39.5 17t-41.5 16v110q0 121 -92 186q-59 40 -134 40q-76 0 -134 -39q-20 29 -51 33v75q0 31 -21.5 52.5t-52.5 21.5h-18zM64 -16v162q0 65 19 99q40 71 134 71q69 0 110.5 -43.5t41.5 -109.5v-135h-202v-67q0 -48 50 -48q45 0 50 49h102 q0 -62 -41 -105q-43 -43 -111 -43q-94 0 -134 71q-19 34 -19 99zM167 105h100v56q0 56 -50 56t-50 -56v-56zM429 -94q11 36 11 71q0 11 -3 20q24 -4 34 -5q62 -6 85 -46q2 -3 4.5 -9t7 -23t-0.5 -31q-31 24 -65.5 30t-53.5 -1z" />
-<glyph unicode="|" horiz-adv-x="851" d="M2 -56q3 31 12 66q11 45 72 350.5t71 349.5q12 52 24 72.5t39 29.5t87 9h241q59 0 135 -1t116 -1q41 0 50 -45q10 -48 -23 -92q-30 -40 -81 -40h-401l-50 -233l352 -3q44 0 54 -45t-21 -84q-27 -33 -70 -33h-360l-48 -248h432q64 0 76.5 -43.5t-17 -87.5t-67.5 -44h-553 q-30 0 -47.5 17t-21.5 46t-1 60z" />
-<glyph unicode="}" horiz-adv-x="868" d="M0 108q0 44 31.5 76t76.5 32q44 0 76 -32t32 -76q0 -46 -34 -78q65 -74 163 -74q69 0 116 41q47 42 47 106q0 39 -25 77q-23 38 -60 64q-34 23 -115 57q-75 30 -122 59q-42 27 -73 64q-30 36 -46 74q-14 39 -14 79q0 101 81 172q82 71 197 71q77 0 155 -33 q66 -28 113 -80q37 -32 37 -80q0 -45 -32 -76.5t-76 -31.5q-45 0 -76.5 31.5t-31.5 76.5q0 21 10 44q-32 16 -88 16q-69 0 -112 -31t-43 -80q0 -43 38 -76q40 -33 128 -71q92 -40 141 -73q51 -34 82 -74q33 -41 48 -85q0 -1 1 -3t1 -3q-75 -62 -75 -158q0 -53 28 -104 q-11 -13 -24 -27q-87 -82 -206 -82t-208 64t-139 194l3 1q-5 15 -5 29zM613 33q0 -52 36 -88.5t88 -36.5t88 36.5t36 88.5q0 51 -36 87.5t-88 36.5t-88 -36.5t-36 -87.5z" />
-<glyph unicode="~" horiz-adv-x="664" d="M0 805h100l8 -121h10l5 3q79 133 246 133q130 0 212.5 -98.5t82.5 -253.5q0 -93 -27 -166.5t-72.5 -117.5t-101 -67t-116.5 -23q-69 0 -125.5 28.5t-86.5 79.5l-2 3h-11l-3 -7v-378h-113v761q0 88 -6 224zM119 392q0 -31 6 -55q19 -70 74 -113t126 -43q101 0 162 76.5 t61 204.5q0 119 -61 194t-157 75q-72 0 -128 -45.5t-74 -117.5q-9 -33 -9 -53v-123z" />
-<glyph horiz-adv-x="951" />
-<glyph horiz-adv-x="973" />
-<glyph horiz-adv-x="1314" />
-<glyph unicode="&#xa3;" horiz-adv-x="669" d="M2 467q-11 151 126 252q63 47 145 70q78 23 175 11t181 -59q-2 -40 0 -76q6 -119 -10 -153q-9 1 -52 14q-36 11 -66 16q-31 6 -61 8q-70 6 -99 -38q8 -44 38 -66q30 -21 82 -37q49 -14 69 -26q113 -70 139 -219v-80v-5q0 -81 -44.5 -142.5t-118.5 -92.5 q-105 -44 -244.5 -38.5t-239.5 59.5q3 41 0 79q-3 42 -2 81q2 43 12 69q18 -3 48 -11q53 -15 74 -19q165 -36 177 40q3 22 -10.5 40.5t-34.5 29.5q-28 14 -48 22q-29 12 -37 17q-44 23 -59 32q-57 34 -80 68q-54 77 -60 154z" />
-<glyph unicode="&#xad;" horiz-adv-x="939" d="M-0.5 707q-0.5 11 6 20.5t13.5 16.5t23.5 15.5t27 13t33 14t34.5 14.5q54 22 97 16t54 -35q25 -67 102.5 -319.5t115.5 -361.5q268 88 326 105q16 6 37.5 4t32.5 -23q23 -47 32.5 -98.5t0.5 -74.5q-19 -15 -59.5 -32t-75.5 -29t-89.5 -29t-73.5 -23q-10 -3 -38 -13 t-53 -18.5t-58 -19t-61 -17.5t-54 -11.5t-44.5 -3.5t-25.5 9q-18 18 -32 52t-29 87t-19 66q-42 125 -113 338.5t-104 312.5q-6 13 -6.5 24z" />
-<glyph unicode="&#xc7;" horiz-adv-x="1294" d="M13 314v51q0 38 87 65t211 27t211 -27t87 -65v-51q-1 -38 -88 -64.5t-210 -26.5t-210 26.5t-88 64.5zM300 557v27q2 19 64 32.5t149 13.5t148.5 -13.5t63.5 -32.5h1v-27h-1q-2 -20 -63.5 -33.5t-148.5 -13.5t-149 13.5t-64 33.5zM511 63v59v5q4 56 117 94.5t271 38.5 t270.5 -38.5t116.5 -94.5v-4v-56v-4q-3 -55 -116 -94t-271 -39t-271 38.5t-117 94.5zM739 404v1v38v3q2 29 75.5 49t175.5 20t175.5 -20t75.5 -49v-2v-39v-1q0 -29 -73.5 -50t-177.5 -21t-177.5 21t-73.5 50z" />
-<glyph unicode="&#xc9;" horiz-adv-x="1129" d="M0 644q0 20 13 33t33 13h235q16 0 28.5 -9.5t16.5 -25.5l24 -98h674l7 21q10 32 43 32q9 0 13 -2q15 -4 24 -16t9 -27q0 -5 -2 -13l-118 -393q-4 -15 -16 -24t-27 -9h-559q-16 0 -28.5 10t-16.5 25l-108 438h-199q-19 0 -32.5 13t-13.5 32zM372 466l62 -248h489l2 9 l72 239h-625zM414 -18q0 38 27.5 65t65.5 27t65 -27t27 -65t-27 -65t-65 -27t-65.5 27t-27.5 65zM479 388h166v-92h-146zM724 296l1 92h162l-24 -92h-139zM761 -18q0 38 27.5 65t65.5 27t65 -27t27 -65t-27 -65t-65 -27t-65.5 27t-27.5 65z" />
-<glyph unicode="&#xd1;" horiz-adv-x="937" d="M5 -90v333l116 129h85v-64h-56l-80 -89v-245h795v245l-80 89h-56v64h85l115 -129v-333h-924zM206 229v79v64v187l151 151h372v-338v-64v-79h-523zM266 290h403v360h-252v-151h-151v-209z" />
-<glyph unicode="&#xd6;" horiz-adv-x="696" d="M-10 86q0 63 28 98q23 31 74 45q-16 40 -16 59q0 33 35 70q37 35 69 35q17 0 40 -9q-48 137 -69 208q-24 81 -24 115q0 48 24 75q25 28 67 28q72 0 173 -295l17 -49q6 15 12 33q100 292 180 292q40 0 63 -27q24 -27 24 -70q0 -28 -24 -113q-21 -73 -66 -200 q57 -14 82 -54q27 -43 27 -133q0 -178 -106 -291q-108 -113 -274 -113q-66 0 -127 24q-59 21 -107 66q-51 48 -76 99q-26 54 -26 107zM55 91q0 -25 14 -59q13 -32 39 -67q41 -53 97 -81q57 -28 129 -28q129 0 217 97q87 96 87 243q0 46 -6 71q-5 22 -19 34q-27 23 -106 40 q-79 18 -168 18q-22 0 -28 -6q-7 -3 -7 -20q0 -41 46 -58q50 -21 165 -21h28q16 0 23 -11q8 -8 11 -31q-17 -17 -55 -31q-36 -13 -53 -26q-40 -29 -64 -69q-23 -39 -23 -74q0 -21 10 -51q11 -33 11 -43v-6l-4 -15q-44 3 -64 41q-17 32 -19 82q-3 -1 -12 -1h-11q1 -5 1 -12 q0 -30 -23 -51t-54 -21q-47 0 -95 45q-48 46 -48 90q0 8 3 16q1 7 16 22q25 -31 34 -43q42 -59 76 -59q9 0 17 6q6 6 6 10q0 8 -12 29q-8 15 -37 53q-28 36 -45 50q-15 14 -22 14q-19 0 -37 -22t-18 -55zM145 282q0 -13 16 -45q14 -27 45 -68q31 -40 56 -62q24 -20 36 -20 q7 0 14 7q7 8 7 16q0 12 -18 58q-21 51 -46 92q-22 35 -39 49q-16 15 -31 15q-11 0 -25 -15q-15 -15 -15 -27zM190 714q0 -34 24 -107q22 -71 66 -190q10 6 28 6q1 0 6.5 -0.5t10.5 -0.5q4 0 26 -2l-69 200q-28 80 -44 104q-13 21 -26 21q-9 0 -15 -8q-7 -9 -7 -23zM356 204 q9 -23 19 -50q20 23 40 38q-5 1 -15 2.5t-15 2.5q-20 4 -29 7zM461 408l67 -12q45 124 69 199q25 81 25 96q0 16 -7 25q-4 7 -15 7q-14 0 -31 -27q-19 -29 -43 -101z" />
-<glyph unicode="&#xdc;" d="M0 -100v800q0 41 29.5 70.5t70.5 29.5h800q41 0 70.5 -29.5t29.5 -70.5v-800q0 -41 -29.5 -70.5t-70.5 -29.5h-800q-41 0 -70.5 29.5t-29.5 70.5zM200 300q0 -124 88 -212t212 -88t212 88t88 212t-88 212t-212 88t-212 -88t-88 -212zM300 300q0 82 59 141t141 59t141 -59 t59 -141t-59 -141t-141 -59t-141 59t-59 141z" />
-<glyph unicode="&#xe0;" horiz-adv-x="617" d="M0 -43q0 76 57 112q29 19 54 29q114 49 122 54q-21 31 -54 68q-51 60 -60 71q-109 132 -94 247q7 55 42 91q13 14 42 32q37 21 45 25q5 2 22.5 9.5t29.5 12.5l47 21l69 30q58 25 86 40q20 11 25 -6q0 -11 -27 -25q-61 -40 -64 -114q-1 -29 5 -57.5t12.5 -47t25.5 -46 t27 -37.5t34.5 -40t31.5 -36q6 -7 29 -32.5t33 -37.5t28 -38t26 -46t15.5 -48.5t7.5 -58.5q0 -38 -13 -68q-12 -32 -28.5 -51.5t-47.5 -39.5q-35 -21 -53 -30q-23 -12 -61 -27q-16 -6 -35.5 -15t-22.5 -10l-89 -39l-36 -18q-32 -16 -50 -21q-85 -21 -133 24t-48 123z" />
-<glyph unicode="&#xe1;" horiz-adv-x="1126" d="M0.5 367.5q9.5 158.5 74.5 265.5q49 80 95.5 113.5t138.5 49.5q30 5 57 5.5t50.5 -4t44 -11.5t39 -20t33.5 -25.5t30 -31.5t26.5 -34.5t24 -38.5t21 -39.5t20.5 -40.5q7 -14 14 -30t15 -35.5t13 -30.5q8 48 56.5 188t67.5 145q91 21 145 0q4 -2 9 -8t7 -8 q-1 -18 -6 -38.5t-8.5 -32.5t-13 -36.5t-11.5 -30.5l-160 -439q-7 -34 18.5 -90t67.5 -93t74 -22q10 5 18 21t14 21q18 15 71 15.5t67 -18.5q16 -29 11 -62.5t-31 -66t-59.5 -57t-74 -36.5t-73.5 -5q-29 6 -54 18.5t-41 25.5t-34 36.5t-27.5 38.5t-27 45t-25.5 44 q-4 -2 -6 -4q-24 -58 -81 -106.5t-127 -75t-150 -19.5t-145 54q-85 62 -131 203.5t-36.5 300zM153 380q-13 -108 9 -211t73 -141q28 -21 56 -30.5t51.5 -11.5t49 9.5t43 21t41 35t35.5 39.5t33 46t27.5 43t24.5 42q5 9 8 14q-38 161 -64 223q-73 173 -202 155 q-56 -8 -81 -22t-50 -49q-41 -55 -54 -163z" />
-<glyph unicode="&#xe2;" horiz-adv-x="1078" d="M0 386.5q0 121.5 93 209.5q58 55 133.5 75t153 -1.5t137.5 -84.5q44 -46 62.5 -107t15 -115.5t-23.5 -102.5q-19 -41 -3 -93t40 -88.5t50.5 -68.5t26.5 -33l-11 9q-10 10 -21.5 20.5t-31 25.5t-38 27t-42.5 25t-45 18.5t-44.5 7.5t-42.5 -7q-47 -19 -103.5 -20t-117 22 t-102.5 69q-86 91 -86 212.5zM132 406q-9 -69 33.5 -124.5t111.5 -64.5t124 33.5t64 111.5t-33 124t-111 64t-124.5 -33t-64.5 -111zM610 700q21 59 74 87.5t113 8.5q58 -18 86.5 -72t8.5 -116q-24 -72 -114 -104q-31 -11 -55.5 -33.5t-34.5 -38t-23 -40.5q22 94 -24 159 q-55 80 -31 149zM648 205q2 92 63 155t152 63q89 0 152 -61.5t63 -156.5q0 -110 -110 -195q-38 -29 -62 -71t-30.5 -68t-12.5 -67q-4 40 -10 67t-30 69.5t-65 73.5q-111 83 -110 191zM686 677q-11 -27 0.5 -54.5t38.5 -38.5t54 0t38 38q11 28 0 55t-38 38t-54.5 0t-38.5 -38 zM752.5 162.5q18.5 -45.5 65.5 -65.5q46 -19 92 0.5t65 65.5t0 91.5t-65 65.5q-46 19 -92 0t-65 -65q-19 -47 -0.5 -92.5z" />
-<glyph unicode="&#xe3;" horiz-adv-x="999" d="M0 -154q0 51 61 106.5t123 88.5l15 -22q-44 -32 -90.5 -82.5t-58.5 -89.5q87 27 265 379q65 131 103 261q-33 107 -33 202q0 115 47 115q23 0 34 -2t20.5 -13t9.5 -34q0 -15 -3 -28l-27 1q-2 26 -17 41q-12 -20 -12 -69q0 -38 9 -94q3 18 8.5 53.5t9.5 53.5l26 -3 q-2 -152 -14 -218q36 -107 86.5 -174t142.5 -119q68 7 116 7q178 0 178 -70q0 -11 -5 -24l-3 1q-5 -42 -67 -42q-104 0 -240 72q-220 -22 -389 -82q-147 -257 -235 -257q-7 0 -14 2t-12.5 4.5t-13.5 7t-12 6.5q-8 8 -8 22zM318 101q134 54 298 85q-103 73 -164 209 q-36 -121 -134 -294zM804 151q90 -35 142 -35q15 0 22 3q0 32 -145 32h-19z" />
-<glyph unicode="&#xe4;" horiz-adv-x="875" d="M0 236q0 70 21 133t48.5 103t64.5 74.5t57 48t38 23.5q10 5 29.5 15t30.5 16t28.5 17t34.5 25q42 34 50 113q73 -88 106 -110q25 -17 73.5 -39t73.5 -37q19 -11 36 -23.5t54 -48.5t62.5 -76t46.5 -105t21 -137q0 -186 -127.5 -305t-306.5 -119q-116 0 -216.5 55.5 t-162.5 155.5t-62 221zM190 85q-2 -63 42 -93q31 -21 94 -21q41 0 97.5 29.5t105 58.5t70.5 28q23 -1 77.5 -56t70.5 -56q20 -1 33.5 8.5t31.5 35.5q33 49 33 117q0 29 -15 54.5t-47 25.5q-22 0 -92 -47t-94 -48q-22 0 -61 27.5t-88.5 55.5t-98.5 28q-65 -1 -111.5 -45 t-47.5 -102zM395 -95q-12 -10 0 -20q46 -42 165 -31q23 2 47.5 11.5t37 17.5t16.5 12t4 16q-3 12 -14 3q-41 -32 -124 -32q-75 0 -110 28q-3 2 -8 2t-14 -7zM485 -43q7 -8 28 11q2 1 8 6t8 6.5t8 5t10 4.5t11.5 2t15.5 1q16 0 26 -4.5t12.5 -8t7.5 -12.5q5 -10 7.5 -11.5 t7.5 0.5q12 7 7 20q-9 26 -22 34q-12 9 -43 9q-26 0 -41 -6q-17 -7 -44 -32q-15 -12 -7 -25z" />
-<glyph unicode="&#xe5;" horiz-adv-x="979" d="M0 42q11 15 31.5 25.5t49 20t40.5 15.5q19 0 33.5 -4.5t33.5 -15t25 -12.5q47 -21 260 -119q19 -4 35.5 0t39.5 17.5t24 14.5q20 9 76.5 34.5t87.5 39.5q4 2 41.5 21t60.5 24q13 2 27.5 -1t23.5 -7.5t23 -13t18 -10.5t15.5 -6t18.5 -8t11 -11q3 -4 4 -14q-10 -13 -31 -24 t-51 -22t-40 -16q-43 -20 -128.5 -61.5t-128.5 -61.5q-7 -3 -21 -11.5t-23.5 -13t-25.5 -11t-27.5 -7t-29.5 1.5l-264 123q-6 3 -32 14t-51.5 22t-53.5 24t-46.5 23.5t-21.5 16.5q-4 4 -4 13zM0 310q11 15 31.5 25t50 20t41.5 15q19 0 34 -4.5t34.5 -15t25.5 -13.5 q42 -19 126.5 -58t127.5 -59q19 -5 37 -0.5t39 17t25 14.5q68 32 160 72q11 5 31.5 16.5t38.5 19.5t36 11q16 3 31.5 -1t37.5 -17t23 -13q5 -3 15.5 -6.5t18 -8t11.5 -10.5q3 -5 4 -14q-10 -14 -31.5 -25.5t-52.5 -22.5t-41 -16q-48 -23 -135.5 -65t-122.5 -59 q-7 -3 -26 -14t-29 -15t-32.5 -10t-35.5 0q-214 101 -260 122q-6 3 -44 19t-69.5 30t-61.5 29.5t-34 22.5q-4 4 -4 14zM0 577q10 15 31.5 26.5t52.5 22.5t41 16l348 162q30 0 53.5 -7t56.5 -26t40 -22q39 -18 117 -54.5t117 -54.5q4 -2 36.5 -15t54.5 -24t27 -20q3 -4 4 -13 q-9 -13 -26 -22.5t-43.5 -19t-34.5 -13.5q-47 -22 -140 -66.5t-139 -66.5q-6 -3 -20 -11t-23 -12.5t-25 -10.5t-27 -6t-28 1q-245 114 -256 119q-4 2 -63 27.5t-102 46.5t-48 30q-4 4 -4 13z" />
-<glyph unicode="&#xe7;" horiz-adv-x="1137" d="M2.5 474q-7.5 215 11.5 270q4 9 9.5 15.5t14 12.5t13.5 9.5t17.5 10t16.5 8.5q136 0 386 2t329 2h40h54t55 -0.5t56.5 -2.5t45 -6t32.5 -10q16 -9 27 -24t16.5 -29.5t7.5 -40t2 -42t-0.5 -50t-0.5 -49.5q0 -207 -23 -327t-96 -213q-70 -88 -164.5 -139.5t-193 -62.5 t-200 11t-186.5 73.5t-151 133t-96 181.5q-15 52 -22.5 267zM234 476q-26 -28 15 -89.5t104 -123.5q2 -2 39.5 -40t53.5 -52t47 -35.5t57 -28.5q11 -3 22.5 -3t19.5 1t19.5 6.5t16 7.5t15.5 11.5t12 10.5t12 11l3 3q9 9 60.5 56t86 80.5t67.5 79t35 75.5q-15 40 -38 56 t-50.5 8.5t-56 -26t-59 -48t-56 -56t-49.5 -51t-37 -32.5q-27 16 -72.5 59.5t-82 82t-73.5 64t-55 14.5q-25 -15 -56 -41z" />
-<glyph unicode="&#xe8;" d="M0 326q0 102 40 194q79 186 265 265q92 40 194 40t194 -40q184 -78 265 -265q40 -95 40 -194t-40 -194q-81 -188 -265 -267q-92 -40 -194 -40t-194 40q-186 80 -265 267q-40 92 -40 194zM78 326q0 -141 84 -252q83 -109 217 -155v80q0 60 40 87q-20 1 -47 7q-51 9 -87 32 q-91 55 -91 199q0 75 50 128q-23 59 5 128h20q10 0 25 -5q39 -12 87 -44q61 16 120 16t121 -16q39 26 73 40q32 12 46 10l12 -1q27 -69 5 -128q50 -53 50 -128q0 -112 -55 -169q-30 -32 -79 -50q-41 -15 -91 -19q41 -29 41 -87v-80q129 46 213 157q82 110 82 250 q0 85 -33 164q-32 76 -90 134q-56 56 -134 89q-80 34 -163 34q-82 0 -164 -34q-75 -32 -134 -89q-56 -58 -90 -134q-33 -79 -33 -164z" />
-<glyph unicode="&#xe9;" horiz-adv-x="866" d="M0 660q0 60 127 102t306 42q180 0 306.5 -42t126.5 -102q0 -12 -72 -440q-9 -46 -111 -89t-250 -43t-250 43t-110 89q-73 414 -73 440zM107 79v4q0 17 15 17q6 0 12 -5q47 -37 122 -58t126 -23l51 -3q8 0 21.5 0.5t52.5 5t74.5 12.5t78.5 25t73 41l11 5q16 0 16 -17 q0 -2 -1 -4q-22 -121 -30 -161q-11 -49 -96 -81.5t-200 -32.5t-200 32.5t-95 81.5q-19 95 -31 161zM156 675q0 -24 81.5 -41.5t195.5 -17.5q115 0 196.5 17t81.5 41q0 25 -81.5 42.5t-196.5 17.5t-196 -17t-81 -42zM295 322q0 -57 40.5 -97.5t97.5 -40.5t97.5 40.5 t40.5 97.5t-40.5 97.5t-97.5 40.5t-97.5 -40.5t-40.5 -97.5zM364 322q0 -28 20 -48.5t49 -20.5t49 20.5t20 48.5t-20 48.5t-49 20.5t-49 -20.5t-20 -48.5z" />
-<glyph unicode="&#xea;" horiz-adv-x="1272" d="M0 95h24q-7 14 -7 34q0 65 45.5 185.5t87.5 183.5q32 49 84 49q45 0 45 -34q0 -52 -72 -199h82q20 62 53 126q34 68 73 91t116 23q29 0 56.5 -14t27.5 -40t-13 -42t-37.5 -22.5t-43.5 -8.5t-46 -2h-9q-15 -22 -28 -58q18 3 37 3q64 0 64 -38q0 -9 -3 -18h19h-19 q-16 -59 -88 -59q-23 0 -50 5q-16 -48 -21 -73q52 10 77 10t43 -11.5t18 -35.5q0 -34 -23.5 -57t-53.5 -31t-64 -8q-65 0 -96 41h-19h19q-20 24 -20 62q0 23 3 45q8 50 28 112h-82q-9 -19 -26 -55.5t-25 -54.5h-1l-7 -14q22 2 34 2q59 0 59 -40q0 -51 -39 -73.5t-93 -22.5 q-65 0 -85 39h-24zM538 173q0 38 15.5 95t33.5 99q19 45 36 74t43 56.5t60.5 41t80.5 13.5q50 0 87 -19.5t37 -64.5q0 -38 -21 -68.5t-57 -30.5q-52 0 -52 33q0 6 3.5 17.5t3.5 18.5q0 13 -22 13q-17 0 -32.5 -14t-29 -43.5t-18 -40.5t-14.5 -39h16h-16q-32 -84 -32 -119 q0 -29 28 -29q25 0 44 24.5t26 52.5q-42 2 -42 35q0 37 28 54t66 17q52 0 65 -35h37h-37q4 -11 4 -26q0 -50 -28.5 -106t-68.5 -87h40h-40q-53 -41 -120 -41q-68 0 -100 41h-17h17q-24 29 -24 78zM867 95h42q-18 26 -18 66q0 79 49 204q19 47 32.5 74t37 55.5t57 41.5 t78.5 13q120 0 120 -115q0 -50 -22 -120h36h-36q-15 -51 -41 -110h38h-38q-37 -77 -73 -109h36h-36q-46 -41 -119 -41q-72 0 -101 41h-42zM1011 204h3q-6 -35 22 -35q23 0 43 38h-2q17 36 45 115.5t28 102.5q0 24 -21 24q-20 0 -33 -16q-18 -26 -52 -119h37h-37 q-25 -67 -33 -110z" />
-<glyph unicode="&#xeb;" d="M0 304q0 136 67 251t182 182t251 67t251 -67t182 -182t67 -251t-67 -251t-182 -182t-251 -67t-251 67t-182 182t-67 251zM208 -15q0 -26 26 -26h176q28 0 28 26v48q0 26 -28 26h-29v460h29q28 0 28 26v48q0 26 -28 26h-176q-26 0 -26 -26v-48q0 -26 26 -26h31v-460h-31 q-26 0 -26 -26v-48zM485 -19q0 -24 24 -24h59q22 0 22 24v257q0 103 79 103q42 0 42 -51v-309q0 -24 22 -24h61q21 0 21 24v333q0 122 -110 122q-67 0 -122 -64l-7 36q-4 22 -24 22h-43q-24 0 -24 -25v-424z" />
-<glyph unicode="&#xec;" horiz-adv-x="784" d="M0 -196v417l76 -1l-3 -335h501v334h79v-415h-653zM123 23h392v-83h-392v83zM124 88l8 85l393 -38l-8 -85zM145 261l23 82l380 -107l-24 -82zM216 462l44 73l338 -204l-45 -73zM383 667l69 50l230 -321l-70 -50zM635 790l84 14l65 -389l-84 -14z" />
-<glyph unicode="&#xed;" horiz-adv-x="917" d="M0 804h161l197 -301q49 -75 102 -170q48 85 109 177l194 294h154l-399 -576v-424h-133v424z" />
-<glyph unicode="&#xee;" horiz-adv-x="1200" d="M0 289v34q0 113 84 197t215 84q136 0 247 -112q21 -20 54 -62l96 -126q39 -52 52 -65q74 -74 147 -74q59 0 96 40q33 33 38 85q1 5 1 14q0 22 -6 41q-9 31 -33 57q0 1 -1 1q-38 40 -95 40q-78 0 -147 -74l-85 111h1h-1q-6 8 -10 13q55 60 113 85.5t134 25.5 q124 0 214 -84h1l1 -1q83 -83 83 -215q0 -30 -5 -63q-16 -89 -79 -153q-61 -62 -150 -79q-33 -5 -62 -5q-140 0 -248 109q-23 23 -56 67l-96 124q-39 52 -52 65q-74 74 -149 74q-22 0 -40 -6q-29 -8 -55 -34q-29 -32 -36 -71q-3 -14 -3 -28q0 -57 37 -97l2 -2q39 -40 97 -40 q79 0 147 75l84 -110l9 -12q-57 -61 -115 -87t-130 -26q-131 0 -216 83v1q-63 63 -78 153q-5 25 -5 47z" />
-<glyph unicode="&#x2000;" horiz-adv-x="482" />
-<glyph unicode="&#x2001;" horiz-adv-x="964" />
-<glyph unicode="&#x2002;" horiz-adv-x="482" />
-<glyph unicode="&#x2003;" horiz-adv-x="964" />
-<glyph unicode="&#x2004;" horiz-adv-x="321" />
-<glyph unicode="&#x2005;" horiz-adv-x="241" />
-<glyph unicode="&#x2006;" horiz-adv-x="160" />
-<glyph unicode="&#x2007;" horiz-adv-x="160" />
-<glyph unicode="&#x2008;" horiz-adv-x="120" />
-<glyph unicode="&#x2009;" horiz-adv-x="192" />
-<glyph unicode="&#x200a;" horiz-adv-x="53" />
-<glyph unicode="&#x2010;" horiz-adv-x="939" d="M-0.5 707q-0.5 11 6 20.5t13.5 16.5t23.5 15.5t27 13t33 14t34.5 14.5q54 22 97 16t54 -35q25 -67 102.5 -319.5t115.5 -361.5q268 88 326 105q16 6 37.5 4t32.5 -23q23 -47 32.5 -98.5t0.5 -74.5q-19 -15 -59.5 -32t-75.5 -29t-89.5 -29t-73.5 -23q-10 -3 -38 -13 t-53 -18.5t-58 -19t-61 -17.5t-54 -11.5t-44.5 -3.5t-25.5 9q-18 18 -32 52t-29 87t-19 66q-42 125 -113 338.5t-104 312.5q-6 13 -6.5 24z" />
-<glyph unicode="&#x2011;" horiz-adv-x="939" d="M-0.5 707q-0.5 11 6 20.5t13.5 16.5t23.5 15.5t27 13t33 14t34.5 14.5q54 22 97 16t54 -35q25 -67 102.5 -319.5t115.5 -361.5q268 88 326 105q16 6 37.5 4t32.5 -23q23 -47 32.5 -98.5t0.5 -74.5q-19 -15 -59.5 -32t-75.5 -29t-89.5 -29t-73.5 -23q-10 -3 -38 -13 t-53 -18.5t-58 -19t-61 -17.5t-54 -11.5t-44.5 -3.5t-25.5 9q-18 18 -32 52t-29 87t-19 66q-42 125 -113 338.5t-104 312.5q-6 13 -6.5 24z" />
-<glyph unicode="&#x2012;" horiz-adv-x="939" d="M-0.5 707q-0.5 11 6 20.5t13.5 16.5t23.5 15.5t27 13t33 14t34.5 14.5q54 22 97 16t54 -35q25 -67 102.5 -319.5t115.5 -361.5q268 88 326 105q16 6 37.5 4t32.5 -23q23 -47 32.5 -98.5t0.5 -74.5q-19 -15 -59.5 -32t-75.5 -29t-89.5 -29t-73.5 -23q-10 -3 -38 -13 t-53 -18.5t-58 -19t-61 -17.5t-54 -11.5t-44.5 -3.5t-25.5 9q-18 18 -32 52t-29 87t-19 66q-42 125 -113 338.5t-104 312.5q-6 13 -6.5 24z" />
-<glyph unicode="&#x2013;" horiz-adv-x="499" d="M0 707q0 11 3.5 20.5t7 16.5t12.5 15.5t14.5 13t17.5 14t18 14.5q29 22 52 16t28 -35q14 -67 55 -319.5t61 -361.5q143 88 174 105q8 6 19.5 4t17.5 -23q12 -47 17 -98.5t1 -74.5q-10 -15 -32 -32t-40.5 -29t-47.5 -29t-39 -23q-5 -3 -20 -13t-28.5 -18.5t-31 -19 t-32 -17.5t-28.5 -11.5t-24 -3.5t-14 9q-9 18 -16.5 52t-15.5 87t-10 66q-22 125 -60 338.5t-56 312.5q-3 13 -3 24z" />
-<glyph unicode="&#x2014;" d="M0.5 707q-0.5 11 6 20.5t14 16.5t25 15.5t29 13t35.5 14t36 14.5q58 22 103.5 16t57.5 -35q27 -67 109 -319.5t123 -361.5q285 88 347 105q17 6 40 4t34 -23q25 -47 35 -98.5t0 -74.5q-20 -15 -63 -32t-80.5 -29t-95 -29t-78.5 -23q-10 -3 -40 -13t-56.5 -18.5t-61.5 -19 t-65 -17.5t-57.5 -11.5t-47.5 -3.5t-27 9q-19 18 -34 52t-31 87t-20 66q-45 125 -120.5 338.5t-110.5 312.5q-6 13 -6.5 24z" />
-<glyph unicode="&#x202f;" horiz-adv-x="192" />
-<glyph unicode="&#x205f;" horiz-adv-x="241" />
-<glyph unicode="&#xe000;" horiz-adv-x="820" d="M0 0v820h820v-820h-820z" />
-<glyph horiz-adv-x="664" />
-</font>
-</defs></svg> 
\ No newline at end of file
+<font id="zocial" horiz-adv-x="512" >
+  <font-face 
+    font-family="zocial"
+    font-weight="400"
+    font-stretch="normal"
+    units-per-em="512"
+    panose-1="2 0 5 3 0 0 0 0 0 0"
+    ascent="448"
+    descent="-64"
+    bbox="-96 -79.3604 667.062 521.728"
+    underline-thickness="25.6"
+    underline-position="-51.2"
+    unicode-range="U+0020-F164"
+  />
+    <missing-glyph />
+    <glyph glyph-name="space" unicode=" " horiz-adv-x="200" 
+ />
+    <glyph glyph-name="uniF122" unicode="&#xf122;" 
+d="M44.9922 -64l213.504 512l213.504 -512h-188.928v69.1201l87.04 43.5361l-6.65625 28.1602l-80.3838 -40.4648v34.3203l50.1758 26.624l-7.15234 29.1846l-43.0078 -23.0244v44.5283h-47.1035v-80.3682l-44.0166 30.1914l-8.19141 -32.752l52.2236 -35.8398v-93.2158
+h-191.008z" />
+    <glyph glyph-name="uniF150" unicode="&#xf150;" 
+d="M0 191.488c0 46.4212 11.4346 89.2585 34.3037 128.512c22.8698 39.2533 53.9313 70.3145 93.1846 93.1836c39.2533 22.8698 82.0905 34.3047 128.512 34.3047c46.4212 0 89.2585 -11.4349 128.512 -34.3047c39.2533 -22.8691 70.3148 -53.9303 93.1846 -93.1836
+c22.8691 -39.2533 34.3037 -82.0905 34.3037 -128.512c0 -34.4746 -6.48535 -67.2428 -19.4561 -98.3047c-12.9707 -31.0612 -31.2321 -58.3678 -54.7842 -81.9199c-20.4798 24.9173 -45.3118 44.3734 -74.4961 58.3682c-29.1836 13.9948 -60.3301 20.9922 -93.4395 20.9922
+c-36.5228 0 -70.4857 -8.44792 -101.889 -25.3438c-31.4023 -16.8965 -57.1729 -39.8512 -77.3115 -68.8643c-28.3307 24.2344 -50.5173 53.2477 -66.5596 87.04c-16.043 33.7917 -24.0645 69.8024 -24.0645 108.032zM83.9678 265.216
+c0 -5.80273 2.04818 -10.8372 6.14453 -15.1035c4.0957 -4.26693 9.21549 -6.40039 15.3594 -6.40039c2.04818 0 3.58431 0.170573 4.6084 0.511719c49.1517 19.7975 100.01 29.6963 152.576 29.6963c52.5651 0 103.424 -9.89876 152.576 -29.6963
+c0.341146 0 1.02376 -0.0852865 2.04785 -0.255859s1.87728 -0.255859 2.55957 -0.255859c5.80273 0 10.8376 2.13346 15.1045 6.40039c4.26628 4.26628 6.39941 9.30078 6.39941 15.1035c0 8.5332 -3.92513 14.848 -11.7754 18.9443
+c-54.2721 21.5039 -109.91 32.2559 -166.912 32.2559c-58.0267 0 -114.176 -10.9225 -168.448 -32.7676c-6.82682 -4.4375 -10.2402 -10.5817 -10.2402 -18.4326zM107.52 188.928l3.07227 -8.19141c2.73112 -4.4375 6.65658 -6.65625 11.7764 -6.65625
+c1.02409 0 2.5599 0.341146 4.60742 1.02344c43.3496 18.7734 88.5765 28.1602 135.681 28.1602c47.4453 0 93.0133 -9.55729 136.704 -28.6719c1.36523 -0.682292 2.5599 -1.02344 3.58398 -1.02344c5.11979 0 9.04492 2.21842 11.7754 6.65527l2.56055 8.7041
+c0 4.4375 -1.70671 8.02148 -5.12012 10.752c-47.1042 21.1628 -96.9388 31.7441 -149.504 31.7441c-52.224 0 -102.229 -10.5814 -150.017 -31.7441c-3.41341 -3.41341 -5.12012 -6.9974 -5.12012 -10.752zM132.096 115.2c3.41341 -8.5332 8.7041 -11.264 15.8721 -8.19238
+c36.8639 17.4082 75.0934 26.1123 114.688 26.1123c38.2292 0 75.6051 -8.19206 112.128 -24.5762c8.19206 -4.4375 14.1654 -2.38932 17.9199 6.14453c1.70638 4.43685 1.70638 8.36198 0 11.7754c-1.70703 3.41341 -4.09635 5.97331 -7.16797 7.67969
+c-36.1816 18.0911 -77.1416 27.1367 -122.88 27.1367c-43.6908 0 -85.3337 -9.38672 -124.929 -28.1602c-6.48503 -3.41341 -8.3623 -9.38672 -5.63184 -17.9199zM163.328 -47.1035c12.6296 16.3835 28.2454 29.3538 46.8477 38.9111
+c18.6029 9.55729 38.4857 14.3359 59.6484 14.3359c38.9121 0 71.8506 -14.6771 98.8154 -44.0312c-35.4987 -17.7493 -73.0452 -26.624 -112.64 -26.624c-32.0853 0 -62.9759 5.80273 -92.6719 17.4082z" />
+    <glyph glyph-name="uniF145" unicode="&#xf145;" 
+d="M0 180.736c0 48.1276 11.4346 92.5863 34.3037 133.376c22.8698 40.7891 53.9313 73.0449 93.1846 96.7676s82.0905 35.584 128.512 35.584c46.4212 0 89.2585 -11.8613 128.512 -35.584s70.3148 -55.9785 93.1846 -96.7676
+c22.8691 -40.7897 34.3037 -85.2484 34.3037 -133.376c0 -1.36523 -0.0852865 -3.07194 -0.255859 -5.12012s-0.255859 -3.75488 -0.255859 -5.12012c-2.73112 70.9974 -28.7578 131.243 -78.0801 180.736c-49.3229 49.4928 -108.459 74.2393 -177.408 74.2393
+s-128.085 -24.7464 -177.408 -74.2393c-49.3223 -49.4935 -75.349 -109.739 -78.0801 -180.736c0 1.36523 -0.0852865 3.07194 -0.255859 5.12012c-0.170573 2.04818 -0.255859 3.75488 -0.255859 5.12012zM93.6963 181.248c0 46.4212 15.8717 86.1012 47.6152 119.04
+c31.7441 32.9388 69.9736 49.4082 114.688 49.4082s82.9443 -16.4694 114.688 -49.4082c31.7435 -32.9388 47.6152 -72.6188 47.6152 -119.04c0 -1.02409 -0.0852865 -2.73079 -0.255859 -5.12012s-0.255859 -4.09603 -0.255859 -5.12012
+c-2.73047 44.0319 -19.6266 81.4079 -50.6885 112.128c-31.0612 30.7201 -68.0957 46.0801 -111.104 46.0801s-80.0423 -15.36 -111.104 -46.0801c-31.0618 -30.7201 -47.958 -68.096 -50.6885 -112.128c0 1.02409 -0.0852865 2.73079 -0.255859 5.12012
+s-0.255859 4.09603 -0.255859 5.12012zM178.688 81.4082c0 11.2637 0.767904 21.333 2.30371 30.208c1.53581 8.87435 3.3278 16.2129 5.37598 22.0156s5.2054 10.7523 9.47168 14.8486c4.26693 4.0957 8.19238 7.16764 11.7764 9.21582
+c3.58398 2.04753 8.44792 3.66862 14.5918 4.86328s11.4346 1.8776 15.8721 2.04883c4.4375 0.170573 10.4108 0.255859 17.9199 0.255859c7.50911 0 13.4824 -0.0852865 17.9199 -0.255859c4.4375 -0.171224 9.72819 -0.854167 15.8721 -2.04883
+s11.0078 -2.81576 14.5918 -4.86328c3.58398 -2.04818 7.50944 -5.12012 11.7764 -9.21582c4.26628 -4.09635 7.4235 -9.0459 9.47168 -14.8486s3.84017 -13.1413 5.37598 -22.0156c1.53581 -8.875 2.30371 -18.9443 2.30371 -30.208
+c0 -40.2773 -7.5944 -74.8376 -22.7832 -103.681c-15.1895 -28.8424 -33.3656 -43.2637 -54.5283 -43.2637c-21.1628 0 -39.3389 14.4212 -54.5283 43.2637c-15.1888 28.8431 -22.7832 63.4033 -22.7832 103.681zM202.752 224.768c0 15.0189 5.2054 27.9896 15.6162 38.9121
+c10.4108 10.9232 22.9548 16.3848 37.6318 16.3848c14.6771 0 27.221 -5.46159 37.6318 -16.3848c10.4108 -10.9225 15.6162 -23.8932 15.6162 -38.9121c0 -15.0182 -5.2054 -27.9886 -15.6162 -38.9111c-10.4108 -10.9232 -22.9548 -16.3848 -37.6318 -16.3848
+c-14.6771 0 -27.221 5.46159 -37.6318 16.3848c-10.4108 10.9225 -15.6162 23.8929 -15.6162 38.9111z" />
+    <glyph glyph-name="uniF123" unicode="&#xf123;" 
+d="M-46.5283 221.184c0 35.8408 13.0566 66.4648 39.168 91.9043c26.1123 25.4238 57.6006 38.1445 94.4639 38.1445c29.0088 0 55.04 -8.19238 78.0801 -24.5762s39.168 -37.5527 48.3848 -63.4883l33.792 32.7676l80.8955 -77.8232l223.744 228.352v-207.36
+l-136.72 -105.472l17.4238 -18.416l-185.856 -180.752l-161.792 157.2c-36.5273 0.671875 -67.584 13.6641 -93.1836 38.9121s-38.4004 55.4395 -38.4004 90.6074zM-27.584 221.184c0 -30.7197 11.0879 -56.8477 33.2803 -78.3359
+c22.1914 -21.4873 48.9756 -32.2559 80.3838 -32.2559c11.2637 0 22.3516 1.53613 33.2803 4.6084l112.64 -99.8398l299.52 235.52l0.512695 154.624l-295.937 -305.168l-46.0801 74.752c6.81641 14.6885 10.2402 30.0479 10.2402 46.0957
+c0 30.3682 -11.1836 56.4004 -33.5361 78.0801c-22.3682 21.6807 -49.248 32.5127 -80.6396 32.5127c-31.4082 0 -58.1924 -10.832 -80.3838 -32.5127c-22.1924 -21.6797 -33.2803 -47.6953 -33.2803 -78.0801zM-3.00781 220.16c0 23.9043 8.44824 44.2881 25.3438 61.1836
+c16.8965 16.8965 37.2959 25.3447 61.1836 25.3447c23.8887 0 44.2881 -8.35254 61.1846 -25.0889c16.8955 -16.7197 25.3438 -37.2158 25.3438 -61.4395c0 -23.8877 -8.44824 -44.2881 -25.3438 -61.1846c-16.8965 -16.8955 -37.2959 -25.3438 -61.1846 -25.3438
+c-23.8877 0 -44.2871 8.44824 -61.1836 25.3438c-16.8955 16.8965 -25.3438 37.2969 -25.3438 61.1846z" />
+    <glyph glyph-name="uniF127" unicode="&#xf127;" 
+d="M36.6084 -72.1924v507.904l256.512 -253.968zM36.6084 -72.1924l256.512 253.937l68.6074 -68.0957l-103.439 -59.9043l-221.68 -128v2.06348zM36.6084 435.712v2.04785l325.119 -187.903l-68.6074 -68.1123zM293.12 181.744l68.6074 68.1123l118.272 -68.1123
+l-118.272 -68.0957z" />
+    <glyph glyph-name="uniF137" unicode="&#xf137;" 
+d="M-53.8877 176.128v17.4082c0 38.5762 14.3359 72.1914 43.0078 100.864c28.6719 28.6719 65.3604 43.0078 110.08 43.0078c46.416 0 88.5762 -19.1045 126.464 -57.3438c7.16797 -6.83203 16.3838 -17.4082 27.6475 -31.7441l49.1367 -64.5127
+c13.3115 -17.7432 22.1914 -28.8477 26.624 -33.2793c25.2637 -25.2646 50.3359 -37.8887 75.2793 -37.8887c20.1289 0 36.5127 6.83203 49.1367 20.4805c11.2637 11.248 17.7441 25.7598 19.4561 43.5195c0.335938 1.69629 0.511719 4.09668 0.511719 7.16797
+c0 7.50391 -1.00781 14.4961 -3.07227 20.9922c-3.05566 10.5918 -8.6875 20.3203 -16.8955 29.1846c0 0.335938 -0.176758 0.511719 -0.512695 0.511719c-12.9756 13.6475 -29.1836 20.4795 -48.624 20.4795c-26.624 0 -51.7119 -12.6396 -75.2793 -37.8877
+l-43.5205 56.832c-2.04785 2.71973 -3.74414 4.94434 -5.10352 6.65625c18.7676 20.4795 38.0635 35.0723 57.8398 43.7754c19.8076 8.7041 42.6719 13.0566 68.6084 13.0566c42.3359 0 78.8633 -14.3359 109.584 -43.0078h0.495117l0.512695 -0.512695
+c28.3359 -28.3359 42.5117 -65.0234 42.5117 -110.08c0 -10.2559 -0.864258 -20.9912 -2.55957 -32.2559c-5.45605 -30.3838 -18.96 -56.4961 -40.4482 -78.3359c-20.8164 -21.1514 -46.4004 -34.6562 -76.7998 -40.4482
+c-11.2646 -1.69531 -21.8408 -2.54395 -31.7285 -2.54395c-47.792 0 -90.1279 18.5928 -126.992 55.792c-7.85547 7.85645 -17.4072 19.2959 -28.6719 34.3047l-49.1514 63.5039c-13.3125 17.7441 -22.1924 28.832 -26.624 33.2793
+c-25.2646 25.2646 -50.6885 37.8887 -76.2881 37.8887c-7.50391 0 -14.3359 -1.02441 -20.4805 -3.07227c-9.9043 -2.73633 -19.2803 -8.52832 -28.1602 -17.4082c-9.90332 -10.9277 -16.0312 -23.04 -18.4316 -36.3516
+c-1.02441 -4.76855 -1.53613 -9.55176 -1.53613 -14.3359c0 -19.4727 6.32031 -36.0166 18.9443 -49.6641l1.02344 -1.00781c13.3125 -13.6641 29.8721 -20.4805 49.6641 -20.4805c26.9766 0 52.0479 12.7998 75.2646 38.3838l43.0078 -56.3193l4.60742 -6.14453
+c-19.4561 -20.832 -39.0879 -35.6641 -58.8799 -44.5439s-41.9834 -13.3281 -66.5596 -13.3281c-44.7041 0 -81.584 14.1602 -110.592 42.4961v0.496094c-21.5049 21.5205 -34.8164 47.6318 -39.9365 78.3359c-1.71191 8.54395 -2.55957 16.5762 -2.55957 24.0801z" />
+    <glyph glyph-name="uniF129" unicode="&#xf129;" 
+d="M64.832 185.856v52.7354c0 29.6963 14.6719 63.8242 44.0322 102.4c29.3594 38.5762 58.5439 65.8721 87.5518 81.9199c26.624 15.0078 58.5439 22.5283 95.7441 22.5283c15.0234 0 30.1279 -1.69629 45.3115 -5.12012
+c15.1846 -3.42383 29.7764 -8.7041 43.7764 -15.8721s25.3438 -17.0566 34.0479 -29.6963c8.7041 -12.624 13.04 -27.1357 13.04 -43.5195c0 -4.43262 -0.335938 -8.62402 -1.00781 -12.5439c-0.688477 -3.9209 -1.8877 -8.0166 -3.58398 -12.2881
+c-1.71191 -4.27246 -3.24805 -7.85645 -4.62402 -10.752c-1.36035 -2.89648 -3.74414 -6.48047 -7.15234 -10.752c-3.4082 -4.27246 -5.80762 -7.4248 -7.16797 -9.47266c-1.35938 -2.04785 -4.35156 -5.37598 -8.95996 -9.9834
+c-4.62402 -4.6084 -7.43945 -7.50488 -8.44824 -8.7041c-1.00781 -1.2002 -4.17578 -4.17676 -9.4873 -8.95996c-5.28027 -4.76855 -8.27246 -7.50391 -8.94434 -8.19238h86c0.688477 -24.5762 1.02441 -43.0078 1.02441 -55.2959
+c0 -86.3525 -7.16797 -142 -21.5039 -166.912c-11.9521 -20.8164 -28.0801 -39.248 -48.3848 -55.2959c-20.3037 -16.0479 -42.0801 -27.9844 -65.2793 -35.8242c-13.3125 -5.12012 -22.8643 -7.67969 -28.6729 -7.67969h-43.0078
+c-1.02344 0 -9.21582 2.91211 -24.5918 8.7041c-40.96 18.0801 -61.4238 47.7754 -61.4238 89.0713c0 1.37598 0.0800781 3.24805 0.255859 5.64844s0.255859 4.0957 0.255859 5.10352c-45.7441 23.5684 -76.4639 60.2568 -92.1602 110.097
+c-4.43164 14.3193 -6.63965 23.8721 -6.63965 28.6562v0zM139.584 252.416c0 -13.6484 1.63184 -27.4717 4.86426 -41.4717c3.23145 -14 8.11133 -27.4727 14.5918 -40.4482c6.47949 -12.9766 15.4404 -23.5684 26.8799 -31.7441
+c11.4404 -8.17578 24.4961 -12.2881 39.1836 -12.2881c4.09668 0 10.832 2.56055 20.2246 7.66406c9.37598 5.12012 17.8242 7.67969 25.3438 7.67969c4.78418 0 13.4717 -1.79199 26.1123 -5.3916c12.6396 -3.56836 18.96 -6.91211 18.96 -9.96777
+c0 -7.16797 -4.43262 -10.752 -13.3125 -10.752c-44.3672 0 -66.5596 -12.9766 -66.5596 -38.9287c0 -19.792 7.15234 -34.7354 21.5039 -44.7998c14.3516 -10.0635 31.9043 -15.0879 52.7363 -15.0879c16.0479 0 31.7275 2.81641 47.1035 8.43164
+c15.3438 5.63281 27.8086 14.0801 37.376 25.3447c14.3359 17.0557 21.5039 45.0557 21.5039 83.9678c0 6.47949 -0.175781 15.9521 -0.511719 28.4004c-0.335938 12.4639 -0.511719 21.7598 -0.511719 27.9199c0 16.3838 0.863281 30.0312 2.55957 40.96h-98.8154
+c-0.335938 -2.73633 -0.512695 -6.65625 -0.512695 -11.7764c0 -3.74414 0.176758 -9.55176 0.512695 -17.4082c0.335938 -7.85547 0.511719 -13.8232 0.511719 -17.9199c0 -11.9521 -1.36035 -21.5039 -4.1123 -28.6719
+c-1.67969 -0.335938 -4.5918 -0.496094 -8.6875 -0.496094c-16.3848 0 -30.0479 5.53613 -40.9766 16.624c-10.9277 11.0879 -18.4316 23.8086 -22.5273 38.1445c-4.09668 14.3359 -6.16016 29.5518 -6.16016 45.5996c0 15.3604 1.95215 30.8965 5.8877 46.5918
+c3.91992 15.6963 11.2637 30.0322 22.0156 43.0078c10.752 12.9766 23.9844 19.4561 39.6641 19.4561c3.4248 0 7.00879 -0.511719 10.752 -1.53613c-1.35938 -7.50391 -2.03125 -13.3115 -2.03125 -17.4072c0 -11.9521 3.23145 -21.8398 9.71191 -29.6963
+c6.47949 -7.85645 15.5361 -11.7764 27.1514 -11.7764c11.6162 0 21.3281 3.91992 29.168 11.7764c7.85645 7.85645 11.7764 17.7441 11.7764 29.6963c0 14 -5.28027 25.9521 -15.8721 35.8398c-10.5596 9.9043 -22.5283 16.7197 -35.8398 20.4795
+c-13.2959 3.76074 -26.7842 5.63281 -40.4316 5.63281c-46.0801 0 -84.1445 -14.5127 -114.177 -43.5205c-30.0312 -29.0078 -45.0557 -66.3838 -45.0557 -112.128z" />
+    <glyph glyph-name="uniF148" unicode="&#xf148;" 
+d="M24.832 215.552c0 41.6484 10.1602 80.208 30.4639 115.712c20.3203 35.5039 47.8721 63.5684 82.6885 84.2246c34.8154 20.6553 72.8799 30.9756 114.176 30.9756c62.7998 0 116.479 -22.5283 161.008 -67.584c44.5596 -45.0557 66.832 -99.5039 66.832 -163.328
+c0 -40.624 -9.72754 -78.2402 -29.1836 -112.896c-19.4561 -34.6562 -45.7285 -62.3682 -78.8643 -83.2002c0.335938 -0.671875 0.959961 -1.79199 1.80762 -3.32812c0.848633 -1.53613 2.81641 -4.27148 5.87207 -8.19238
+c3.07227 -3.93555 6.65625 -7.67969 10.752 -11.2637c4.09668 -3.58398 9.72852 -7.24805 16.9121 -11.0078c7.15234 -3.74414 14.8477 -6.65625 23.0244 -8.68848v-38.9277c-12.2881 -2.38379 -23.7119 -3.58398 -34.3047 -3.58398
+c-17.0713 0 -31.584 3.05566 -43.5195 9.21582c-19.1201 9.88867 -34.6562 25.9365 -46.5918 48.1279c-16.3848 -4.43164 -34.3203 -6.65527 -53.7607 -6.65527c-40.96 0 -78.9277 10.3193 -113.92 30.9756c-34.9912 20.6562 -62.6396 48.6396 -82.9434 83.9678
+c-20.2881 35.3281 -30.4482 73.8086 -30.4482 115.456zM137.984 185.344c0 -39.5996 11.3438 -73.4717 34.0479 -101.632c22.6875 -28.1602 50.0801 -42.2559 82.1758 -42.2559c8.87988 0 17.7441 1.37598 26.624 4.0957
+c-0.688477 1.02441 -1.63184 2.48047 -2.81641 4.35254c-1.18359 1.87207 -3.66406 5.02344 -7.43945 9.47168c-3.74414 4.43164 -7.74414 8.44824 -12.0322 12.0322c-4.27148 3.58398 -9.55176 6.92773 -15.8555 9.9834
+c-6.32031 3.07227 -12.5449 4.78418 -18.6885 5.12012v45.0566c3.4082 0.335938 6.81641 0.496094 10.2402 0.496094c40.624 0 75.2637 -15.3604 103.936 -46.0801c21.5039 27.6475 32.2559 60.7676 32.2559 99.3271v59.3926c0 39.5996 -11.3438 73.4717 -34.0312 101.632
+c-22.7207 28.1602 -50.0967 42.2402 -82.1924 42.2402c-32.0801 0 -59.4717 -14.0801 -82.1758 -42.2402s-34.0479 -62.0322 -34.0479 -101.632v-59.3604z" />
+    <glyph glyph-name="uniF152" unicode="&#xf152;" 
+d="M-16 226.048c0 41.4717 15.8721 77.2324 47.6162 107.264c19.792 18.7686 42.5762 31.5684 68.3516 38.4004c25.7764 6.83203 51.8887 6.57617 78.3359 -0.767578c26.4482 -7.34473 49.9199 -21.7607 70.4004 -43.2646c15.0078 -15.6953 25.6797 -33.9678 32 -54.7832
+c6.32031 -20.8164 8.87988 -40.5449 7.66406 -59.1367c-1.18457 -18.6074 -5.18457 -36.0957 -12.0322 -52.4795c-6.47949 -14 -6.99219 -29.8721 -1.53613 -47.6318c5.47266 -17.7441 12.2881 -32.8486 20.4805 -45.3125
+c8.19141 -12.4482 16.8154 -24.1436 25.8555 -35.0557c9.02441 -10.9287 13.5684 -16.5605 13.5684 -16.9121l-5.63184 4.62402c-3.42383 3.4082 -7.08789 6.91211 -11.0078 10.4795c-3.9209 3.56836 -9.2002 7.93652 -15.8564 13.0566
+c-6.65625 5.10352 -13.1523 9.72754 -19.4717 13.8232c-6.32031 4.09668 -13.5684 8.35254 -21.7607 12.8008c-8.19141 4.44727 -15.8721 7.59961 -23.04 9.47168s-14.7676 3.15234 -22.7832 3.83984c-8.0166 0.671875 -15.2803 -0.511719 -21.7607 -3.58398
+c-16.0312 -6.49609 -33.6953 -9.9043 -52.9912 -10.2559c-19.2803 -0.335938 -39.248 3.4082 -59.9043 11.2637c-20.6562 7.85645 -38.1445 19.6318 -52.4805 35.3281c-29.3438 31.1045 -44.0156 67.3604 -44.0156 108.832zM51.584 236.032
+c-3.07227 -23.5518 2.63965 -44.7998 17.1523 -63.7441c14.5117 -18.9443 33.5361 -29.9365 57.0879 -33.0078c23.5518 -3.07227 44.7197 2.63965 63.4873 17.1357c18.7686 14.5117 29.6963 33.5518 32.7686 57.0879c3.07227 23.5518 -2.56055 44.7197 -16.8965 63.4883
+c-14.3359 18.7676 -33.2793 29.6963 -56.832 32.7676c-23.5518 3.07227 -44.7998 -2.55957 -63.7432 -16.8955c-18.9443 -14.3359 -29.9521 -33.2803 -33.0244 -56.832zM296.32 386.56c7.16797 20.1289 19.8076 35.0723 37.9033 44.8008
+c18.0801 9.72754 37.376 11.1836 57.8408 4.35156c19.792 -6.14355 34.5596 -18.4316 44.2871 -36.8643c9.72852 -18.4316 11.1846 -38.2236 4.35254 -59.3916c-8.19238 -24.5762 -27.6484 -42.3203 -58.3525 -53.248c-10.5918 -3.75977 -20.0635 -9.47168 -28.416 -17.1523
+c-8.35156 -7.67969 -14.2559 -14.1592 -17.6631 -19.4561c-3.4082 -5.2959 -7.34473 -12.208 -11.7764 -20.7354c7.53613 32.0801 3.42383 59.2158 -12.2881 81.4082c-18.7842 27.3115 -24.0801 52.7354 -15.8877 76.2871zM315.776 133.12
+c0.6875 31.4082 11.4395 57.8555 32.2559 79.3604c20.8154 21.5039 46.7676 32.2559 77.8242 32.2559c30.3672 0 56.3359 -10.4961 77.8232 -31.4883c21.4883 -20.9922 32.2559 -47.6963 32.2559 -80.1279c0 -37.5684 -18.7832 -70.832 -56.3193 -99.8398
+c-12.9766 -9.9043 -23.5684 -22.0166 -31.7441 -36.3359c-8.19238 -14.3359 -13.4082 -25.9521 -15.6318 -34.832c-2.22461 -8.87988 -4.33594 -20.3047 -6.38379 -34.3047c-1.36035 13.6641 -3.07227 25.0889 -5.12012 34.3047s-7.16797 21.0713 -15.3604 35.584
+c-8.19238 14.5117 -19.2803 27.0557 -33.2803 37.6475c-37.8721 28.3203 -56.6553 60.9121 -56.3193 97.7764zM335.232 374.784c-3.76074 -9.21582 -3.66406 -18.5117 0.255859 -27.9043c3.91992 -9.3916 10.4961 -15.9678 19.7119 -19.7119
+c9.2002 -3.75977 18.416 -3.75977 27.6475 0c9.2168 3.74414 15.6963 10.2402 19.4727 19.4561c3.74414 9.55176 3.74414 18.9443 0 28.1602c-3.77637 9.21582 -10.2559 15.6963 -19.4727 19.4561c-9.21582 3.74414 -18.5117 3.74414 -27.9033 0
+c-9.37598 -3.75977 -15.9521 -10.2402 -19.7119 -19.4561zM369.28 111.36c6.31934 -15.5361 17.5039 -26.7041 33.5361 -33.5361c15.6953 -6.48047 31.4072 -6.40039 47.1035 0.255859s26.7998 17.8242 33.2803 33.5518c6.47949 15.6797 6.47949 31.3125 0 46.8486
+c-6.48047 15.5352 -17.5684 26.6875 -33.2803 33.5195c-15.6963 6.48047 -31.4082 6.48047 -47.1035 0c-15.6807 -6.48047 -26.7842 -17.584 -33.2803 -33.2803c-6.49609 -16.0312 -6.56055 -31.8232 -0.255859 -47.3594z" />
+    <glyph glyph-name="uniF144" unicode="&#xf144;" 
+d="M-36.3359 270.848c-2.56055 73.3926 -0.608398 119.473 5.8877 138.24c1.36035 3.07227 2.97656 5.71191 4.84863 7.93652c1.87207 2.22363 4.27148 4.35156 7.16797 6.39941c2.91211 2.04785 5.21582 3.66406 6.91211 4.86426
+c1.71191 1.2002 4.6875 2.89551 8.95996 5.12012c4.27148 2.22363 7.08789 3.66406 8.46387 4.35156c46.416 0 112.304 0.335938 197.632 1.02441c85.3281 0.6875 141.472 1.02344 168.448 1.02344h48.1279s9.40723 -0.0800781 28.1758 -0.255859
+c18.7676 -0.175781 28.416 -0.607422 28.9277 -1.2793c0.511719 -0.688477 8.19238 -1.71289 23.04 -3.07227c14.8477 -1.36035 20.3838 -3.07227 16.6406 -5.12012c5.47168 -3.07227 10.0635 -7.16797 13.8076 -12.2881
+c3.75977 -5.12012 6.57617 -10.1436 8.44824 -15.1035c1.8877 -4.96094 3.15137 -11.7764 3.83984 -20.4805c0.671875 -8.7041 1.00781 -15.8721 1.00781 -21.5039s-0.0800781 -14.1602 -0.255859 -25.6006c-0.175781 -11.4238 -0.255859 -19.8877 -0.255859 -25.3438
+c0 -70.6562 -3.93652 -126.464 -11.7764 -167.408c-7.83984 -40.9756 -24.2402 -77.3115 -49.1523 -109.056c-23.8877 -30.0322 -51.9678 -53.8398 -84.2236 -71.4238s-65.1836 -28.2559 -98.8164 -32c-33.6318 -3.75977 -67.7598 -1.8877 -102.399 5.63184
+c-34.6396 7.52051 -66.4639 20.0479 -95.4883 37.6484c-29.0078 17.5674 -54.7842 40.2881 -77.3115 68.0957c-22.5283 27.8076 -38.9121 58.7842 -49.1523 92.9277c-5.12012 17.7119 -8.94434 63.2803 -11.5039 136.672zM82.1758 271.872
+c-8.87988 -9.56836 -6.31934 -24.832 7.68066 -45.8242s31.7432 -42.0801 53.2471 -63.2314c0.688477 -0.688477 7.4248 -7.50488 20.2246 -20.4648c12.7998 -12.9756 21.9355 -21.8398 27.3916 -26.624c5.45605 -4.7832 13.4883 -10.8477 24.0645 -18.1914
+c10.5918 -7.34375 20.3193 -12.1924 29.1836 -14.5918c3.74414 -1.00879 7.60059 -1.53613 11.5205 -1.53613c3.93555 0 7.26367 0.175781 9.9834 0.511719c2.75195 0.335938 6.06445 1.45605 10 3.32812c3.91992 1.87207 6.65625 3.15234 8.19238 3.83984
+c1.53613 0.688477 4.19238 2.63965 7.93555 5.87207c3.74414 3.24805 5.79199 5.02441 6.14453 5.37598c0.351562 0.352539 2.38379 2.22363 6.14355 5.64844l1.53613 1.53516c3.07227 3.07227 13.4082 12.6406 30.9922 28.6729
+c17.584 16.0479 32.2725 29.7754 44.0322 41.2158c11.7598 11.4395 23.2959 24.9277 34.5596 40.4482c11.2646 15.5195 17.2324 28.416 17.9199 38.6553c-5.12012 13.6484 -11.6162 23.2002 -19.4717 28.6719c-7.83984 5.45605 -16.4639 6.91211 -25.8398 4.35254
+c-9.39258 -2.56055 -18.9443 -7.00781 -28.6719 -13.3125c-9.72852 -6.31934 -19.792 -14.5117 -30.208 -24.5752c-10.416 -10.0645 -19.9688 -19.6328 -28.6885 -28.6729c-8.6875 -9.04004 -17.1357 -17.7432 -25.3438 -26.1113
+c-8.19238 -8.36816 -14.4961 -13.9199 -18.9443 -16.6562c-9.21582 5.47168 -21.584 15.6318 -37.1201 30.4639c-15.5361 14.8477 -29.5195 28.8477 -41.9834 41.9844c-12.4639 13.1357 -25.0078 24.0635 -37.6318 32.7676
+c-12.6406 8.7041 -22.0166 11.1846 -28.1602 7.42383c-8.54395 -5.10352 -18.0967 -12.0957 -28.6885 -20.9756z" />
+    <glyph glyph-name="uniF101" unicode="&#xf101;" 
+d="M-19.9238 59.8457c1.68164 2.70605 4.37402 2.85254 8.08887 0.49707c84.2168 -48.8594 175.865 -73.2744 274.9 -73.2744c66.0186 0 131.219 12.2881 195.584 36.8789c1.66797 0.672852 4.11035 1.68164 7.31445 3.02734
+c3.18945 1.36133 5.4707 2.34082 6.81738 3.04297c5.06152 2.01855 9.01074 0.995117 11.8779 -3.04297c2.85254 -4.02246 1.93066 -7.73828 -2.7793 -11.1172c-6.04199 -4.38867 -13.8096 -9.43555 -23.2305 -15.1553
+c-28.9502 -17.1738 -61.3232 -30.501 -97.0605 -39.9209c-35.6934 -9.4502 -70.5537 -14.1611 -104.594 -14.1611c-52.5459 0 -102.254 9.18652 -149.065 27.5459c-46.8262 18.3584 -88.7812 44.1924 -125.835 77.5752c-2.01855 1.66797 -3.04297 3.34961 -3.04297 5.07617
+c0 0.995117 0.336914 2.00391 1.02441 3.02832zM132.169 203.864c0 23.2441 5.73438 43.125 17.1885 59.6406c11.4541 16.501 27.1221 28.9639 46.9873 37.3906c18.1836 7.75293 40.6084 13.3115 67.2178 16.6758c9.09961 1.00977 23.9326 2.35547 44.457 4.05273v8.57227
+c0 21.5625 -2.35547 36.0449 -7.06641 43.4609c-7.06543 10.1084 -18.1826 15.1553 -33.3379 15.1553h-4.03809c-11.1318 -1.00879 -20.7285 -4.54883 -28.8027 -10.6201c-8.08984 -6.07031 -13.3125 -14.4824 -15.668 -25.2637
+c-1.3457 -6.74316 -4.72461 -10.6201 -10.1084 -11.6299l-58.1338 7.08105c-5.73438 1.3457 -8.58691 4.3877 -8.58691 9.09863c0 1.00879 0.161133 2.19434 0.49707 3.54004c5.73438 29.9736 19.793 52.209 42.2041 66.7061s48.5957 22.5723 78.584 24.2539h12.625
+c38.415 0 68.418 -9.93262 89.9512 -29.8271c3.34961 -3.36426 6.46582 -6.99219 9.3623 -10.8545c2.85254 -3.87695 5.12012 -7.31445 6.80176 -10.3574c1.69727 -3.02734 3.21875 -7.40137 4.5498 -13.1357c1.36035 -5.73438 2.37012 -9.68457 3.04297 -11.8789
+c0.6875 -2.17969 1.18457 -6.9043 1.52148 -14.1455c0.350586 -7.25586 0.49707 -11.542 0.49707 -12.8877v-122.295c0 -8.7627 1.25781 -16.7646 3.78906 -24.0059c2.53027 -7.24121 4.97363 -12.4775 7.34375 -15.667c2.35449 -3.20312 6.23145 -8.32324 11.6289 -15.418
+c2.00488 -3.04297 3.02832 -5.73535 3.02832 -8.08984c0 -2.7207 -1.36035 -5.04688 -4.03711 -7.06543c-27.9697 -24.2549 -43.125 -37.3906 -45.4805 -39.4102c-4.05176 -3.02734 -8.90918 -3.36426 -14.6582 -1.00879c-4.70996 4.03711 -8.83496 7.91406 -12.375 11.6445
+c-3.54004 3.68555 -6.07129 6.39258 -7.57812 8.07422c-1.52148 1.68262 -3.96387 4.97363 -7.3584 9.8457c-3.34961 4.88574 -5.70508 8.17676 -7.05078 9.84473c-18.8564 -20.5381 -37.4053 -33.3389 -55.5889 -38.3857
+c-11.4541 -3.36426 -25.6143 -5.06152 -42.4521 -5.06152c-25.9355 0 -47.25 8.00195 -63.9414 24.0205c-16.6758 15.9893 -25.0146 38.6484 -25.0146 67.9502zM219.092 213.957c0 -13.1211 3.29199 -23.6689 9.86035 -31.5977
+c6.56738 -7.89941 15.418 -11.8779 26.5361 -11.8779c1.00879 0 2.42773 0.175781 4.28613 0.511719c1.85742 0.336914 3.11523 0.498047 3.80273 0.498047c14.1465 3.7002 25.0889 12.7998 32.8564 27.2969c3.70117 6.40723 6.46582 13.3848 8.30859 20.9619
+c1.87305 7.57812 2.86719 13.7363 3.04297 18.4473c0.175781 4.70996 0.249023 12.4629 0.249023 23.2441v12.6396c-19.5293 0 -34.3779 -1.3457 -44.457 -4.03809c-29.666 -8.39648 -44.4854 -27.1064 -44.4854 -56.0859zM431.309 51.2588
+c0.6875 1.3457 1.69727 2.70605 3.05762 4.03711c8.42578 5.70508 16.501 9.61133 24.2686 11.6152c12.7852 3.36426 25.249 5.2373 37.3906 5.54395c3.36523 0.322266 6.58301 0.175781 9.59668 -0.49707c15.1406 -1.3457 24.2539 -3.87695 27.2969 -7.57812
+c1.3457 -2.01855 2.01855 -5.04688 2.01855 -9.08398v-3.54004c0 -11.8057 -3.21777 -25.6875 -9.59668 -41.7061c-6.40723 -16.0186 -15.3301 -28.8916 -26.7842 -38.6484c-1.68262 -1.36035 -3.21875 -2.04785 -4.5498 -2.04785
+c-0.672852 0 -1.375 0.189453 -2.0332 0.526367c-2.0332 0.995117 -2.53125 2.85254 -1.52148 5.55859c12.4492 29.2861 18.6807 49.6787 18.6807 61.1182c0 3.71582 -0.658203 6.40723 -2.01855 8.11914c-3.36523 4.02246 -12.7998 6.04102 -28.292 6.04102
+c-5.73438 0 -12.4922 -0.321289 -20.2168 -1.00879c-8.44043 -0.995117 -16.1641 -1.98926 -23.2734 -2.99902c-2.01953 0 -3.36523 0.322266 -4.05273 1.00977c-0.643555 0.658203 -0.833984 1.33105 -0.482422 1.98926
+c0.0292969 0.350586 0.219727 0.87793 0.511719 1.55078z" />
+    <glyph glyph-name="uniF106" unicode="&#xf106;" 
+d="M40.208 212.992c2.38379 28.3359 9.8877 52.0479 22.5117 71.168c13.3125 20.1436 29.6162 35.9199 48.9121 47.3594c19.2803 11.4404 38.832 17.1523 58.624 17.1523c13.9844 0 31.3125 -3.66406 51.9678 -11.0078c20.6562 -7.34375 36.0801 -11.0078 46.3359 -11.0078
+c9.53613 0 24.1289 3.66406 43.7607 11.0078s37.6475 11.0078 54.0156 11.0078c17.7441 0 35.3281 -4.60742 52.7363 -13.8242c17.4082 -9.21582 32.6074 -22.0156 45.584 -38.3994c-16.7363 -9.21582 -30.1279 -21.248 -40.208 -36.0967
+c-10.0801 -14.8477 -15.7764 -30.4639 -17.1367 -46.8477v-12.2881c-0.351562 -11.9521 1.18457 -23.9043 4.59277 -35.8398c4.43164 -16.0322 12.624 -30.5439 24.5762 -43.5195c11.9512 -12.9766 26.4639 -22.7041 43.5195 -29.1846
+c-11.5996 -24.9277 -22.6885 -45.584 -33.2803 -61.9521c-14.6719 -21.8398 -29.168 -39.584 -43.5039 -53.248s-29.8721 -20.6553 -46.5918 -20.9912c-9.91992 0 -22.8799 3.74316 -38.9277 11.2637c-15.3604 6.81543 -30.8965 10.2402 -46.5928 10.2402h-2.04785
+c-16.0312 0 -32.2559 -3.58398 -48.6396 -10.752s-29.6963 -10.752 -39.9355 -10.752c-28.3369 0.335938 -57.6807 23.7275 -88.0645 70.1436c-19.4561 29.6963 -33.6162 61.1035 -42.4961 94.208c-6.83203 25.9521 -10.2402 50.5117 -10.2402 73.7275
+c0 6.14453 0.176758 12.2881 0.52832 18.4326zM252.688 345.088c-1.02441 5.12012 -1.55273 10.2402 -1.55273 15.3604c0 22.1914 9.04004 44.208 27.1367 66.0479c9.21582 11.2637 21.0713 20.8154 35.5996 28.6719c14.4961 7.83984 28.5762 12.2881 42.2236 13.3125
+c0.688477 -5.12012 1.02441 -10.2402 1.02441 -15.3604c0 -23.5518 -8.52832 -46.0801 -25.6006 -67.584c-9.56738 -12.2881 -21.5039 -22.1924 -35.8398 -29.6963c-14 -7.51953 -27.6641 -11.0879 -40.9756 -10.752h-2.01562z" />
+    <glyph glyph-name="uniF132" unicode="&#xf132;" 
+d="M-20.0322 -65.0244v512h131.584v-189.951h117.248c29.0078 41.9834 72.8799 105.312 131.584 189.951h146.433l-167.937 -244.224c0 -4.0957 16.4639 -28.4961 49.4082 -73.2158s65.792 -88.4004 98.5596 -131.056l49.1523 -63.5049h-175.632
+c-16.0322 22.5283 -40.4326 56.5928 -73.2002 102.16c-32.7676 45.5684 -57.1836 79.7764 -73.2158 102.656h-102.4v-204.816h-131.584z" />
+    <glyph glyph-name="uniF151" unicode="&#xf151;" 
+d="M54.5918 -72.1924v213.504l38.9121 -0.511719l-1.53613 -171.52h256.513v171.008h40.4473v-212.464h-334.336v-0.0166016zM117.568 39.9355h200.704v-42.4951h-200.704v42.4951zM118.08 73.2158l4.0957 43.5205l201.216 -19.4561l-4.0957 -43.5361zM128.832 161.776
+l11.7764 42l194.56 -54.7686l-12.3037 -42zM165.184 264.704l22.5283 37.376l173.072 -104.448l-23.0566 -37.376zM250.688 369.664l35.3271 25.5996l117.761 -164.352l-35.8408 -25.6006zM379.712 432.64l43.0078 7.16797l33.2803 -199.168l-43.0078 -7.16797z" />
+    <glyph glyph-name="uniF113" unicode="&#xf113;" 
+d="M38.1436 -55.2959v489.984c41.2969 7.16797 91.9844 10.752 152.064 10.752c47.792 0 87.9844 -4.09668 120.592 -12.2881c32.5918 -8.19238 60.832 -21.3281 84.7197 -39.4248c56.3203 -42.6719 84.4805 -105.808 84.4805 -189.439
+c0 -88.752 -27.4883 -156.16 -82.416 -202.24c-50.5283 -43.0078 -127.504 -64.5117 -230.928 -64.5117c-48.8164 0 -91.6484 2.38379 -128.513 7.16797zM150.784 27.6641c6.47949 -1.37598 19.6318 -2.06445 39.4238 -2.06445h2.04785
+c52.2246 0 93.1846 14.5127 122.88 43.5361c30.3682 29.3447 45.5684 73.0244 45.5684 131.072c0 52.5596 -13.9043 92.1602 -41.7119 118.784c-27.8398 26.6074 -66.832 39.9199 -117.008 39.9199c-22.5283 0 -39.6006 -1.53613 -51.2002 -4.6084v-326.64z" />
+    <glyph glyph-name="uniF11F" unicode="&#xf11f;" 
+d="M-70.1602 128.512h60.9277c1.71289 -13.6641 6.73633 -24.5762 15.1045 -32.7676c8.36816 -8.19238 19.376 -12.3037 33.0244 -12.3037c16.3838 0 29.4395 5.55176 39.168 16.6396c9.72754 11.0879 14.5918 24.9922 14.5918 41.7275
+c0 16.3848 -4.78418 29.8564 -14.3359 40.4482c-9.56836 10.5762 -22.3525 15.8564 -38.4004 15.8564c-12.9756 0 -24.0635 -4.17676 -33.2803 -12.5439c-9.21582 -8.36816 -17.9199 -12.5439 -26.1113 -12.5439c-18.0801 0 -31.7441 0.335938 -40.96 1.00781
+c3.07129 17.7441 7.93555 45.1357 14.5918 82.1758c6.65625 37.0244 11.5195 65.1035 14.5918 84.2236h168.96v-50.1758h-124.4c-4.7832 -24.2402 -8.87988 -47.1035 -12.2871 -68.6074h1.53516c5.80859 7.16797 14.416 12.6396 25.8564 16.3838
+c11.4404 3.75977 22.624 5.63184 33.5361 5.63184c38.5762 0 65.8721 -17.584 81.9199 -52.7363c8.19238 20.4805 20.4795 36.5283 36.8643 48.1279c16.3838 11.6162 35.3281 17.4082 56.832 17.4082c16.7197 0 32.2559 -3.32812 46.6074 -9.9834
+c14.3359 -6.65625 25.6006 -13.7441 33.7764 -21.248c8.17578 -7.50488 18.9443 -18.7686 32.2559 -33.792c1.02441 -1.02441 1.80762 -1.87207 2.32031 -2.56055c0.511719 -0.6875 1.18359 -1.45605 2.04785 -2.30371l2.30371 -2.30371
+c11.9678 13.6631 20.4961 23.1191 25.6162 28.416c5.12012 5.2959 12.9756 12.208 23.5518 20.7354c10.5918 8.54395 21.168 14.416 31.7441 17.6641s22.4961 4.91211 35.8076 4.91211c30.7207 0 55.4727 -10.3359 74.2402 -30.9756
+c18.7686 -20.6406 28.1602 -46.5127 28.1602 -77.5684c0 -31.7285 -9.4082 -58.3525 -28.1758 -79.8564c-18.7686 -21.5195 -43.8564 -32.2715 -75.2646 -32.2715c-39.5996 0 -78.1592 22.3516 -115.712 67.0723c-2.36719 -2.40039 -9.02344 -8.97656 -19.9678 -19.7119
+c-10.9121 -10.7529 -18.1602 -17.5049 -21.7441 -20.2246c-3.59961 -2.73633 -9.90332 -7.08789 -18.9434 -13.0557s-17.9199 -9.9043 -26.624 -11.7764c-8.7207 -1.87207 -18.5283 -2.81543 -29.4404 -2.81543c-21.5039 0 -40.4482 5.63184 -56.832 16.9111
+c-16.3838 11.248 -29.0078 26.9766 -37.8877 47.0889c-21.168 -43.6963 -55.8086 -65.5361 -103.952 -65.5361c-32.416 0 -59.1357 8.11133 -80.1279 24.3193s-31.4883 39.8564 -31.4883 70.9121zM193.52 143.872c0 -14.3359 4.35254 -25.9365 13.0566 -34.8164
+s20.2236 -13.3115 34.5596 -13.3115c25.6162 0 52.0479 16.208 79.3604 48.624c-11.5996 11.9521 -19.792 20.2402 -24.5605 24.8477c-4.7832 4.6084 -12.9111 10.2402 -24.3359 16.8965c-11.4395 6.65527 -22.2715 9.9834 -32.5117 9.9834
+c-13.3115 0 -24.2402 -5.2959 -32.7676 -15.8721c-8.52832 -10.5752 -12.8008 -22.6875 -12.8008 -36.3516zM392.688 143.872c9.21582 -9.9043 16.9912 -17.6641 23.3115 -23.2959c6.32031 -5.64844 14.6562 -11.168 25.0723 -16.6406
+c10.416 -5.47168 20.9121 -8.19141 31.4873 -8.19141c14.6885 0 26.208 4.6875 34.5605 14.0801c8.36816 9.3916 12.5439 21.4238 12.5439 36.0957c0 14.3359 -4.35254 26.2881 -13.04 35.8242c-8.71973 9.56738 -20.2402 14.3359 -34.5596 14.3359
+c-8.52832 0 -16.9121 -1.96777 -25.0889 -5.8877c-8.19141 -3.93652 -14.416 -7.60059 -18.6875 -11.0088c-4.28809 -3.42383 -10.6719 -9.56738 -19.2002 -18.4316s-14 -14.4795 -16.3994 -16.8799z" />
+    <glyph glyph-name="uniF158" unicode="&#xf158;" 
+d="M29.8398 127.488c0 49.8232 16.208 93.0078 48.6406 129.552c36.1914 40.2881 81.584 60.416 136.191 60.416c23.2002 0 44.5439 -3.58398 64 -10.752c-7.83984 -16.0322 -12.4482 -30.7197 -13.8242 -44.0322c-16.0312 6.48047 -32.752 9.72852 -50.1758 9.72852
+c-37.8877 0 -70.4795 -14.1602 -97.792 -42.4961c-27.2959 -29.0244 -40.96 -63.4883 -40.96 -103.424c0 -26.2881 6.32031 -50.5283 18.9443 -72.7207c11.9355 -21.8398 28.6719 -39.0557 50.1758 -51.6953c20.832 -12.2881 44.0322 -18.416 69.6318 -18.416
+c24.9121 0 47.9521 6.11133 69.1201 18.416c21.168 11.9512 38.0479 29.1836 50.6885 51.6953c12.2871 22.5283 18.416 46.7842 18.416 72.7207c0 21.4873 -3.74414 40.9434 -11.248 58.3516c15.3594 3.07227 29.8555 8.86426 43.5195 17.4082
+c9.21582 -23.2002 13.8242 -48.1279 13.8242 -74.752c0 -50.8643 -17.248 -94.7207 -51.7119 -131.584c-34.4639 -37.5527 -78.6719 -56.3203 -132.608 -56.3203c-54.2715 0 -98.6396 18.7676 -133.12 56.3203c-34.4795 37.5518 -51.7119 81.4072 -51.7119 131.584z
+M173.2 -2.04785l8.17578 3.58398c5.45605 2.73633 12.4482 7.58398 20.9922 14.5918c8.54395 6.99219 17.8398 15.7764 27.9043 26.3682c10.0635 10.5762 19.8711 25.168 29.4395 43.7764c9.55176 18.5918 18 39.3271 25.3438 62.208
+c7.32812 22.8633 12.5605 51.376 15.6162 85.5039c1.71191 17.0557 2.56055 34.4795 2.56055 52.2236c-0.335938 18.4316 -1.18457 37.5518 -2.56055 57.3438l2.56055 6.65625c1.71191 4.44824 2.71973 10.416 3.05566 17.9199v3.58398
+c0 6.48047 -0.671875 13.1357 -2.03223 19.9678c-1.71191 8.19238 -6.49609 17.2324 -14.3359 27.1367c-8.19238 9.56738 -18.9443 17.7432 -32.2559 24.5752l5.63184 -8.70312c3.4082 -5.45605 8.78418 -16.8965 16.1279 -34.3047s14.7686 -37.7119 22.2881 -60.9277
+l4.5918 -12.7998c2.75195 -8.52832 5.39258 -20.2246 7.93652 -35.0723c2.55957 -14.8477 4.7041 -31.6641 6.39941 -50.4316c0.688477 -6.48047 1.02441 -13.3125 1.02441 -20.4805c0 -13.3115 -1.02441 -26.9756 -3.07227 -40.96
+c-3.07227 -21.8398 -8.35156 -43.3604 -15.8555 -64.5117c-7.52051 -21.168 -19.8887 -42.3359 -37.1201 -63.4883c-17.248 -21.168 -38.4805 -39.7764 -63.7441 -55.8076zM314 324.096c1.37598 13.6641 5.2959 24.5762 11.7764 32.7686l9.21582 12.7998
+c4.0957 4.78418 10.752 9.31152 19.9678 13.5684c9.21582 4.25586 17.4082 7.42383 24.5596 9.47168l10.7529 3.07227c12.3037 2.73535 23.6631 8.7041 34.0635 17.9199s17.8242 17.9199 22.2725 26.1113l6.65527 11.7764c14 -19.4561 22.3525 -41.4717 25.0879 -66.0479
+c1.36035 -10.9277 1.87207 -20.6562 1.53613 -29.1846c0 -11.5996 -1.00781 -21.6631 -3.07129 -30.208l-5.63281 -23.04c-4.0957 -11.2637 -9.80762 -21.5039 -17.1514 -30.7197s-13.5684 -15.5361 -18.6885 -18.9434l-7.67969 -5.63281
+c-11.5996 -6.81543 -23.0244 -10.2393 -34.2881 -10.2393l-55.8076 27.1357c19.7754 10.9277 37.0234 22.0156 51.6953 33.2803c14.6719 11.2637 25.5205 21.0713 32.5127 29.4395c7.00781 8.36816 12.624 15.9678 16.9121 22.7842
+c4.25586 6.81641 6.71973 12.1123 7.40723 15.8721l1.02441 5.12012c-6.16016 -13.6641 -14.416 -26.1123 -24.8477 -37.376c-10.4004 -11.2646 -20.9922 -20.1445 -31.7285 -26.624c-10.7363 -6.48047 -21.0723 -12.0322 -30.9922 -16.6406
+c-9.8877 -4.60742 -17.9033 -7.75977 -24.0635 -9.47168l-9.21582 -2.55957c-8.52832 15.0078 -12.7842 28.4961 -12.7842 40.4473c0.015625 1.69629 0.175781 3.4082 0.511719 5.12012z" />
+    <glyph glyph-name="uniF153" unicode="&#xf153;" 
+d="M-79.7441 252.416c0 18.7676 6.57617 34.8164 19.7119 48.1279c13.1357 13.3125 29.1045 19.9678 47.8721 19.9678c16.0322 0 30.2881 -5.04004 42.752 -15.1035c12.4639 -10.0645 20.3838 -22.7842 23.8086 -38.1445l257.023 -103.424
+c10.9277 6.48047 22.5283 9.71191 34.832 9.71191c0.671875 0 1.77637 -0.0800781 3.3125 -0.255859c1.53516 -0.175781 2.81543 -0.255859 3.83984 -0.255859l56.3193 81.3916c0.336914 24.9287 9.4082 46.1602 27.1523 63.7441s39.0557 26.3682 64 26.3682
+c25.248 0 46.752 -8.87988 64.4961 -26.624s26.624 -39.2314 26.624 -64.4795s-8.87988 -46.752 -26.624 -64.5127c-17.7441 -17.7441 -39.248 -26.624 -64.4961 -26.624l-87.04 -63.5039c-1.69629 -17.4082 -9.04004 -32 -22.0156 -43.7754
+c-12.9766 -11.7607 -28.1602 -17.6641 -45.5684 -17.6641c-16.3838 0 -30.7197 5.12012 -43.0078 15.3594c-12.2881 10.2402 -20.1445 23.04 -23.5518 38.3838l-257.04 102.944c-10.9287 -6.47949 -22.5283 -9.72754 -34.8164 -9.72754
+c-18.7676 0 -34.7363 6.65527 -47.8721 19.9678c-13.1357 13.3115 -19.7119 29.3604 -19.7119 48.1279zM-61.8242 252.416c0 -13.6484 4.86426 -25.3438 14.5918 -35.0723c9.72852 -9.72754 21.4248 -14.5918 35.0723 -14.5918c3.07227 0 6.65625 0.335938 10.752 1.02441
+l-20.9922 8.19141v0.512695c-9.55176 4.43164 -16.3838 11.5996 -20.4795 21.5039c-2.04785 4.7832 -3.07227 9.55176 -3.07227 14.3359c0 5.12012 1.02441 10.2393 3.07227 15.3594c4.0957 10.2402 10.9277 17.4082 20.4795 21.5039
+c5.12012 2.38477 10.416 3.4082 15.8721 3.07227c4.43262 0 9.04004 -0.847656 13.8242 -2.55957v0.511719l25.0879 -10.2402c-9.90332 17.7441 -24.7354 26.624 -44.5439 26.624c-13.6641 0 -25.3438 -4.86426 -35.0723 -14.5918
+c-9.72754 -9.72754 -14.5918 -21.5996 -14.5918 -35.584zM301.68 81.9199c9.9043 -17.7441 24.752 -26.624 44.5605 -26.624c13.6641 0 25.4238 4.86426 35.3115 14.5918c9.9043 9.72852 14.8486 21.584 14.8486 35.584c0 13.6641 -4.84863 25.3447 -14.5762 35.0723
+c-9.72852 9.72852 -21.6006 14.5762 -35.584 14.5762c-4.78418 0 -8.36816 -0.335938 -10.752 -1.00781l20.4639 -8.19238c10.2559 -4.0957 17.584 -11.2637 22.0156 -21.5195c2.38379 -5.10449 3.58398 -10.2402 3.58398 -15.3447
+c0 -4.7832 -1.00781 -9.72754 -3.05566 -14.8477c-4.0957 -10.5918 -11.2637 -17.9355 -21.5039 -22.0322c-5.12012 -2.04785 -10.2559 -3.05566 -15.376 -3.05566c-4.78418 0 -9.71191 1.00781 -14.8486 3.05566c-2.71973 1.02441 -6.91113 2.65625 -12.5273 4.87988
+c-5.63184 2.22461 -9.80859 3.85645 -12.5605 4.86426zM439.936 253.44c0 -16.7207 5.96875 -31.0566 17.9209 -43.0088c11.9512 -11.9512 26.2871 -17.9199 43.0078 -17.9199c17.0557 0 31.5674 5.96875 43.5039 17.9199c11.9521 11.9521 17.9355 26.2881 17.9355 43.0088
+c0 16.7197 -5.9834 31.0557 -17.9355 43.0078c-11.9365 11.9521 -26.4326 17.9199 -43.5039 17.9199c-16.7363 0 -31.0566 -5.98438 -43.0078 -17.9199c-11.9521 -11.9365 -17.9209 -26.2881 -17.9209 -43.0078zM452.736 253.952c0 13.3115 4.7041 24.7363 14.0801 34.3037
+c9.3916 9.55176 20.8955 14.3359 34.5596 14.3359c13.3281 0 24.752 -4.78418 34.3203 -14.3359c9.56738 -9.56738 14.3359 -20.9922 14.3359 -34.3037c0 -13.6484 -4.76855 -25.248 -14.3359 -34.8164c-9.56836 -9.55176 -21.0078 -14.3359 -34.3203 -14.3359
+c-13.6484 0 -25.168 4.78418 -34.5596 14.3359c-9.37598 9.55273 -14.0801 21.1523 -14.0801 34.8164z" />
+    <glyph glyph-name="uniF126" unicode="&#xf126;" 
+d="M93.248 27.6641c0 29.6797 15.1836 56.1436 45.5684 79.3438c30.3672 23.2158 67.0713 34.832 110.08 34.832h27.6475c-14.3359 13.6484 -21.5195 28.3359 -21.5195 44.0322c0 9.9043 2.75195 19.792 8.20801 29.6963
+c-3.4248 -0.335938 -8.35254 -0.512695 -14.8643 -0.512695c-35.4883 0 -64.4961 11.0879 -87.0244 33.2803c-22.5273 22.1924 -33.792 49.4883 -33.792 81.9199c0 31.0557 14 58.1924 41.9844 81.4082c27.9834 23.2158 59.9043 34.8164 95.7441 34.8164h158.72
+l-35.3281 -25.6006h-50.1758c16.0322 -6.14355 28.5918 -17.7441 37.6318 -34.8154c9.04004 -17.0566 13.5684 -36 13.5684 -56.832c0 -31.7441 -15.0078 -59.3926 -45.04 -82.9443c-12.624 -9.9043 -20.832 -17.7441 -24.5762 -23.5518
+c-3.74414 -5.80859 -5.63184 -12.9766 -5.63184 -21.5039c0 -6.48047 4.5918 -14.6729 13.8076 -24.5762c9.21582 -9.88867 18.4326 -18.2725 27.6641 -25.0723c20.8164 -14.6875 35.248 -29.6963 43.2637 -45.0557c8.0166 -15.376 12.0322 -34.6562 12.0322 -57.8564
+c0 -30.7197 -13.9834 -57.4238 -41.9834 -80.1279s-65.8721 -34.0479 -113.664 -34.0479c-45.4082 0 -83.8086 8.52832 -115.217 25.5996c-31.3916 17.0244 -47.1035 39.5684 -47.1035 67.5684zM150.592 44.5439c0 -23.5518 9.98438 -43.6162 29.9521 -60.1758
+c19.9678 -16.5439 44.7998 -24.8164 74.4805 -24.8164c40.624 0 70.0635 7.50391 88.3359 22.5127c18.2715 15.0078 27.3916 34.9912 27.3916 59.9033c0 6.48047 -0.6875 11.9521 -2.04785 16.3838c-1.00781 3.74414 -2.22363 7.24805 -3.58398 10.4961
+c-1.37598 3.23242 -3.4082 6.46387 -6.16016 9.71191c-2.71973 3.24805 -5.10352 5.96875 -7.15234 8.19238c-2.04785 2.22363 -5.37598 5.02441 -9.9834 8.44824c-4.6084 3.42383 -8.1123 5.96777 -10.4961 7.66406c-2.38379 1.71191 -6.65625 4.7041 -12.7998 8.97559
+c-6.16016 4.27246 -10.5928 7.24805 -13.3125 8.95996c-13.3115 4.1123 -26.4482 6.14453 -39.4238 6.14453h-2.04785c-29.6963 0 -55.8086 -8.0166 -78.3359 -24.0645c-23.2002 -16.3516 -34.8164 -35.8242 -34.8164 -58.3359zM184.368 330.752
+c3.75977 -26.96 14.0957 -50.1758 30.9922 -69.6318c16.8955 -19.4561 35.584 -29.3438 56.0801 -29.6963h2.03125c19.1201 0 34.4639 8.87988 46.0967 26.624c9.21582 14.3359 13.8076 31.2324 13.8076 50.6885c0 5.45605 -0.335938 11.2637 -1.02441 17.4072
+c-3.40723 26.9766 -13.5674 49.8408 -30.4473 68.6084s-35.584 28.4961 -56.0645 29.1836h-2.04785c-19.4717 0 -35.0078 -8.70312 -46.5918 -26.1113c-9.21582 -14 -13.8242 -30.7207 -13.8242 -50.1758c-0.015625 -5.45605 0.320312 -11.0889 0.992188 -16.8965z" />
+    <glyph glyph-name="uniF12E" unicode="&#xf12e;" 
+d="M0 -23.04v409.6c0 13.9948 5.03451 26.027 15.1035 36.0967c10.0697 10.069 22.1019 15.1035 36.0967 15.1035h409.6c13.9948 0 26.027 -5.03451 36.0967 -15.1035c10.069 -10.0697 15.1035 -22.1019 15.1035 -36.0967v-409.6
+c0 -13.9948 -5.03451 -26.0267 -15.1035 -36.0957c-10.0697 -10.0697 -22.1019 -15.1045 -36.0967 -15.1045h-409.6c-13.9948 0 -26.027 5.03483 -36.0967 15.1045c-10.069 10.069 -15.1035 22.1009 -15.1035 36.0957zM102.4 181.76
+c0 -42.3249 15.0186 -78.5062 45.0557 -108.544c30.0371 -30.0371 66.2184 -45.0557 108.544 -45.0557c42.3255 0 78.5068 15.0186 108.544 45.0557c30.0371 30.0378 45.0557 66.2191 45.0557 108.544c0 42.3255 -15.0186 78.5068 -45.0557 108.544
+c-30.0371 30.0378 -66.2184 45.0566 -108.544 45.0566c-42.3255 0 -78.5068 -15.0189 -108.544 -45.0566c-30.0371 -30.0371 -45.0557 -66.2184 -45.0557 -108.544zM153.6 181.76c0 27.9896 10.0693 52.0537 30.208 72.1924s44.2028 30.208 72.1924 30.208
+c27.9896 0 52.0537 -10.0693 72.1924 -30.208s30.208 -44.2028 30.208 -72.1924c0 -27.9889 -10.0693 -52.0527 -30.208 -72.1914s-44.2028 -30.208 -72.1924 -30.208c-27.9896 0 -52.0537 10.0693 -72.1924 30.208s-30.208 44.2025 -30.208 72.1914z" />
+    <glyph glyph-name="uniF157" unicode="&#xf157;" 
+d="M-67.3838 -8.42773c10.4199 -1.01465 20.8262 -1.54785 31.2207 -1.54785c61.0479 0 115.527 18.7314 163.386 56.1699c-28.4238 0.351562 -53.9326 9.04102 -76.4766 26.043c-22.5693 16.9893 -37.9844 38.6748 -46.3232 65.0557
+c6.93359 -1.41797 15.1025 -2.09473 24.4561 -2.09473c12.1494 0 23.7666 1.57422 34.8623 4.68359c-30.5176 5.86621 -55.7666 20.8916 -75.709 44.9961c-19.9551 24.1309 -29.9199 51.9688 -29.9199 83.5273v1.57422c18.3945 -10.4199 38.3105 -15.8057 59.8262 -16.1309
+c-18.0166 11.7988 -32.3389 27.3047 -42.915 46.5703c-10.5752 19.2393 -15.8701 40.1309 -15.8701 62.6748c0 23.5977 6.08789 45.6074 18.2119 66.0957c32.5996 -40.5859 72.418 -72.9385 119.431 -97.0557c47 -24.0918 97.3682 -37.5293 151.158 -40.3262
+c-2.43262 11.4473 -3.65527 21.5156 -3.65527 30.1797c0 36.085 12.8398 66.9541 38.5049 92.6201c25.6787 25.666 56.7041 38.5049 93.1533 38.5049c37.79 0 69.7002 -13.8799 95.7295 -41.6396c30.167 6.25684 57.9268 17.0146 83.2549 32.2607
+c-9.71777 -31.5586 -28.8145 -55.8457 -57.2373 -72.8477c25.3271 3.10938 50.3037 10.0557 74.9287 20.8135c-16.6514 -26.0166 -38.3359 -48.7422 -65.0557 -68.1514v-17.1973c0 -34.9922 -5.125 -70.1279 -15.3496 -105.355
+c-10.2119 -35.2139 -25.8486 -68.8535 -46.8311 -100.972c-20.9951 -32.0654 -46.0498 -60.6191 -75.1885 -85.5693c-29.126 -24.9766 -64.0801 -44.8535 -104.849 -59.5918c-40.7549 -14.752 -84.5547 -22.0889 -131.398 -22.0889
+c-72.4834 0.0136719 -139.606 19.6045 -201.345 58.7988z" />
+    <glyph glyph-name="uniF156" unicode="&#xf156;" 
+d="M84.6084 238.08v72.7041c20.4795 6.83203 37.7119 16.2236 51.7119 28.1602c14 11.2637 25.4238 25.9355 34.3037 44.0312c8.87988 18.0801 14.8643 39.7607 17.9199 65.0244h73.2002v-129.536h121.344v-80.3838h-121.344v-131.072
+c0 -29.3438 1.55176 -48.4482 4.5918 -57.3438c3.07227 -8.19238 8.89648 -14.8477 17.4404 -19.9678c11.6152 -6.81641 24.5596 -10.2402 38.9121 -10.2402c26.2871 0 52.0479 8.35156 77.3115 25.0879v-80.3838c-21.5039 -10.5605 -41.2959 -17.9043 -59.3916 -22.0166
+c-17.7285 -4.0957 -36.8965 -6.14355 -57.3447 -6.14355c-23.2158 0 -44.0312 2.91211 -62.4639 8.7041c-18.7676 6.47949 -33.9678 15.0078 -45.5674 25.6162c-12.3047 10.5596 -21.168 22.208 -26.624 34.8154c-4.78418 11.584 -7.16797 29.5205 -7.16797 53.7441v179.2
+h-56.832z" />
+    <glyph glyph-name="uniF13E" unicode="&#xf13e;" 
+d="M-67.7764 188.928v26.1123c0 12.9756 14.8486 24.0635 44.5439 33.2803c29.6963 9.21582 65.6963 13.8232 108.032 13.8232c42.3203 0 78.3359 -4.60742 108.032 -13.8232c29.6963 -9.2168 44.5439 -20.3203 44.5439 -33.2803v-26.1123
+c-0.335938 -12.9756 -15.3604 -23.9834 -45.0557 -33.0234c-29.6963 -9.04004 -65.5361 -13.5684 -107.521 -13.5684c-41.9834 0 -77.8242 4.51172 -107.52 13.5684c-29.6963 9.05566 -44.7207 20.0479 -45.0566 33.0234zM79.168 313.344v13.8242
+c0.671875 6.49609 11.5996 12.0322 32.7676 16.6396c21.1523 4.6084 46.5928 6.91211 76.2881 6.91211c29.6963 0 55.04 -2.30371 76.0322 -6.91211c20.9922 -4.60742 31.8242 -10.1436 32.5117 -16.6396h0.512695v-13.8242h-0.512695
+c-0.6875 -6.83203 -11.5195 -12.5439 -32.5117 -17.1514c-20.9922 -4.6084 -46.3359 -6.91211 -76.0322 -6.91211c-29.6953 0 -55.1357 2.30371 -76.2881 6.91211c-21.168 4.60742 -32.0957 10.3193 -32.7676 17.1514zM187.2 60.4004v32.7832
+c1.35938 19.1045 21.3281 35.248 59.9033 48.3682c38.5762 13.1523 84.8164 19.7119 138.736 19.7119c53.9365 0 100.096 -6.55957 138.496 -19.7119c38.4004 -13.1201 58.2881 -29.2637 59.6641 -48.3682v-32.7832c-1.02441 -18.7686 -20.832 -34.8164 -59.4082 -48.1279
+c-38.5596 -13.3125 -84.8154 -19.9688 -138.752 -19.9688c-53.9199 0 -100.176 6.57617 -138.736 19.7119c-38.5596 13.1367 -58.5439 29.2959 -59.9033 48.3848zM303.936 235.008v21.5039c0.672852 9.88867 13.5684 18.2559 38.6562 25.0879
+c25.0723 6.83203 55.0244 10.2402 89.8398 10.2402c34.8164 0 64.7842 -3.4082 89.8564 -10.2402s37.9844 -15.1992 38.6562 -25.0879v-21.5039c0 -9.9043 -12.5439 -18.4316 -37.6484 -25.5996c-25.0723 -7.16797 -55.376 -10.752 -90.8799 -10.752
+s-65.7764 3.58398 -90.8799 10.752c-25.0723 7.16797 -37.6006 15.6953 -37.6006 25.5996z" />
+    <glyph glyph-name="uniF125" unicode="&#xf125;" 
+d="M-47.4082 -31.7441v459.264h94.7197l4.6084 -4.0957h422.4l4.60742 4.0957h89.0723v-460.8h-87.5518v3.60059h-437.76v-2.06445h-90.0967zM42.6885 35.8398v-40.9756h437.76v37.8877l-176.641 132.608l-40.4473 -33.2803l-44.0322 35.8398zM42.6885 66.5596
+l157.184 117.248l-157.184 129.024v-246.272zM85.2002 394.752l178.176 -152.576l177.664 152.576h-355.84zM323.28 181.248l157.168 -117.76v247.808z" />
+    <glyph glyph-name="uniF15B" unicode="&#xf15b;" 
+d="M-56.3203 102.4c0 54.9434 31.4082 114.176 94.208 177.664c39.9365 39.5996 80.2246 67.2471 120.832 82.9434c19.1201 7.85645 35.6641 11.7764 49.6641 11.7764c15.3604 0 27.6484 -4.6084 36.8643 -13.8242c8.87988 -8.87988 13.3115 -21.168 13.3115 -36.8643
+c0 -10.5762 -2.04785 -22.8633 -6.14355 -36.8633c-1.36035 -4.78418 -0.847656 -7.76074 1.53613 -8.95996c2.38379 -1.2002 5.12012 -1.28027 8.19141 -0.256836l5.12012 2.04883c32.752 13.6631 61.792 20.4795 87.04 20.4795s43.3447 -7.16797 54.2881 -21.5039
+c5.10449 -7.50391 7.66406 -16.3838 7.66406 -26.624c0 -10.5762 -2.73633 -22.6885 -8.20801 -36.3516c-2.36816 -3.4082 -2.81543 -6.32031 -1.28027 -8.7041c1.55273 -2.38477 2.91211 -3.91992 4.1123 -4.6084c1.2002 -0.671875 3.66406 -1.53613 7.42383 -2.55957
+c21.1523 -6.49609 39.248 -17.0723 54.2881 -31.7607c15.0078 -14.6553 22.5117 -32.9434 22.5117 -54.7832c0 -20.1289 -6.99121 -40.6885 -20.9912 -61.6807s-33.0244 -40.1914 -57.0879 -57.5996c-24.0645 -17.4082 -54.4326 -31.7441 -91.1201 -43.0078
+c-36.7041 -11.2646 -75.6963 -16.8965 -116.992 -16.8965c-44.7197 0 -86.96 6.56055 -126.72 19.6963c-39.7607 13.1357 -72.7842 32.7676 -99.0723 58.8955c-26.2881 26.1123 -39.4404 55.9043 -39.4404 89.3447zM7.67969 77.8242
+c3.4082 -34.4805 24.752 -61.9521 64 -82.4326c31.4082 -16.7354 67.0723 -25.0713 107.009 -25.0713c9.90332 0 20.1436 0.496094 30.7197 1.53613c52.2236 5.11914 95.7441 21.6631 130.56 49.6631c31.4082 25.6006 47.1045 53.7607 47.1045 84.4805
+c0 3.07227 -0.175781 6.14355 -0.512695 9.21582c-3.40723 34.1445 -24.752 61.4404 -64 81.9199c-31.7432 16.7207 -67.584 25.0879 -107.52 25.0879c-9.9043 0 -19.9678 -0.511719 -30.208 -1.53516c-34.4639 -3.4082 -65.6963 -12.1123 -93.6963 -26.1123
+c-27.9834 -14 -49.4873 -31.2324 -64.5117 -51.7119c-12.9756 -18.0967 -19.4561 -36.6885 -19.4561 -55.8086c0 -3.08789 0.175781 -6.14355 0.511719 -9.23145zM89.6162 46.0801c-4.43262 9.8877 -6.65625 19.9678 -6.65625 30.208
+c0 11.9521 3.07227 23.9043 9.21582 35.8398c10.5918 21.8398 28.3359 38.2402 53.248 49.1523c15.3604 6.83203 30.8965 10.2393 46.5918 10.2393c9.2168 0 18.4326 -1.18359 27.6484 -3.58398c25.9355 -6.83203 44.5439 -20.8154 55.8076 -41.9834
+c5.79199 -10.9277 8.68848 -22.1924 8.68848 -33.792c0 -10.9277 -2.54395 -22.0166 -7.66406 -33.2803c-10.5762 -24.2236 -29.1846 -41.9678 -55.8076 -53.248c-15.0088 -6.46387 -30.0322 -9.71191 -45.0566 -9.71191c-11.6162 0 -23.04 1.87207 -34.3037 5.63184
+c-24.9277 7.83984 -42.1602 22.6885 -51.7119 44.5283zM118.288 55.8076c2.04785 -8.52734 7.16797 -14.4961 15.3604 -17.9199c4.43164 -2.04785 9.04004 -3.07129 13.8232 -3.07129c4.09668 0 8.19238 0.6875 12.2881 2.06348
+c9.56836 3.05566 16.8965 8.68848 22.0166 16.8799c3.40723 5.47266 5.12012 10.9443 5.12012 16.3838c0 2.38477 -0.512695 4.95996 -1.53613 7.68066c-2.04883 8.19141 -7.16797 13.9834 -15.3604 17.4082c-4.43164 1.69531 -8.87988 2.54395 -13.3115 2.54395
+c-4.09668 0 -8.35254 -0.672852 -12.8008 -2.03223c-9.21582 -3.07227 -16.2236 -8.52832 -20.9912 -16.3838c-3.76074 -5.45605 -5.63281 -11.0879 -5.63281 -16.8965c0 -2.38379 0.335938 -4.60742 1.02441 -6.65625zM190.464 96.2559
+c1.02441 -3.05566 3.24805 -5.28027 6.65625 -6.65625c1.71191 -0.6875 3.32812 -1.00781 4.86426 -1.00781c1.53516 0 3.15137 0.335938 4.86328 1.00781c3.74414 1.37598 6.48047 3.60059 8.19238 6.65625c1.71191 3.07227 2.04785 6.16016 1.02441 9.21582
+c-1.02441 3.07227 -3.07227 5.2959 -6.14453 6.65625c-3.07227 1.02441 -6.40039 0.944336 -9.98438 -0.255859s-6.23926 -3.32812 -7.93555 -6.40039c-1.02441 -2.04785 -1.53613 -4.0957 -1.53613 -6.14355v-3.07227zM354.816 414.208
+c-0.335938 1.69629 -0.496094 3.4082 -0.496094 5.12012c0 4.43164 1.37598 8.7041 4.0957 12.7998c3.4082 5.45605 8.36816 9.04004 14.8477 10.752c11.6162 2.38379 23.2168 3.58398 34.8164 3.58398c17.4082 0 34.4795 -2.55957 51.2158 -7.67969
+c28.3037 -9.21582 52.7041 -25.0879 73.1846 -47.6162c20.4795 -22.5283 33.792 -48.6396 39.9355 -78.3359c2.40039 -11.9521 3.58398 -23.5518 3.58398 -34.8164c0 -17.4072 -2.71973 -34.1279 -8.19238 -50.1758v-0.511719
+c-2.04785 -6.14453 -5.96777 -10.752 -11.7754 -13.8242c-3.74414 -1.69629 -7.50391 -2.55957 -11.248 -2.55957c-2.40039 0 -4.95996 0.335938 -7.68066 1.02344c-6.47949 2.04785 -11.0879 5.96777 -13.8076 11.7764c-1.71191 3.75977 -2.55957 7.34375 -2.55957 10.752
+c0 2.71973 0.335938 5.2959 1.00781 7.66406v0.511719c3.75977 11.6162 5.64746 23.5518 5.64746 35.8398c0 7.83984 -0.6875 16.0322 -2.06348 24.5762c-4.43164 21.168 -13.9844 39.7598 -28.6562 55.8086c-14.6875 16.0312 -32.0957 27.3115 -52.2402 33.792
+c-11.9512 3.40723 -23.8877 5.11914 -35.8232 5.11914c-8.20801 0 -16.5605 -0.863281 -25.0889 -2.55957c-1.71191 -0.335938 -3.40723 -0.511719 -5.11914 -0.511719c-4.78418 0 -9.2168 1.35938 -13.3125 4.0957c-5.48828 3.77637 -8.89551 8.87988 -10.2715 15.376z
+M375.312 333.824c-0.335938 1.69531 -0.527344 3.4082 -0.527344 5.12012c0 3.40723 1.02344 6.99121 3.08789 10.752c3.05566 4.78418 7.50391 7.85547 13.2959 9.21582c6.48047 1.36035 12.7998 2.04785 18.96 2.04785c22.8799 0 42.4961 -9.04004 58.8799 -27.1357
+c9.9043 -11.2646 16.3682 -24.0645 19.4561 -38.4004c1.00781 -5.79199 1.55176 -11.4238 1.55176 -16.8955c0 -8.19238 -1.37598 -16.3848 -4.0957 -24.5762c-1.71191 -5.45605 -5.12012 -9.39258 -10.2559 -11.7764
+c-3.05566 -1.69531 -6.16016 -2.55957 -9.21582 -2.55957c-2.38379 0 -4.6084 0.335938 -6.65625 1.02344c-5.47168 1.69629 -9.56836 5.12012 -12.2881 10.2402c-1.37598 3.07227 -2.06348 6.14453 -2.06348 9.21582c0 2.38477 0.335938 4.6084 1.02344 6.65625
+c1.37598 4.78418 2.04785 9.21582 2.04785 13.3125c0 9.56738 -3.58398 18.0957 -10.752 25.5996c-7.51953 8.87988 -16.7354 13.3115 -27.6475 13.3115c-3.42383 0 -6.84863 -0.335938 -10.2559 -1.02344c-1.68066 -0.335938 -3.2168 -0.511719 -4.57617 -0.511719
+c-3.76074 0 -7.34473 1.19922 -10.7686 3.58398c-4.76758 3.07129 -7.83984 7.32715 -9.2002 12.7998z" />
+    <glyph glyph-name="uniF15F" unicode="&#xf15f;" 
+d="M6.7041 89.5996l88.5762 146.433l-66.5605 117.248h112.145l66.5439 -117.248l-88.5762 -146.433h-112.128zM192.048 135.68l177.168 311.296h118.784l-176.656 -311.296l113.664 -200.72h-118.768z" />
+    <glyph glyph-name="uniF141" unicode="&#xf141;" 
+d="M59.7119 262.656c0 21.5039 4.52832 42.832 13.5684 64s22.0156 40.7842 38.9121 58.8799c16.8955 18.0801 39.0879 32.7676 66.5596 44.0322c27.4717 11.2637 57.9521 16.8955 91.3916 16.8955c54.2725 0 98.8164 -16.7197 133.633 -50.1758
+c34.8154 -33.4561 52.2236 -72.8799 52.2236 -118.272c0 -58.3672 -14.752 -106.575 -44.2881 -144.64s-67.6641 -57.0879 -114.432 -57.0879c-15.3447 0 -29.7764 3.59961 -43.248 10.752c-13.5039 7.18359 -22.9766 15.8721 -28.416 26.1279l-20.4805 -80.9121
+c-1.69531 -6.46387 -3.91992 -13.04 -6.65527 -19.6963c-2.7207 -6.65527 -5.71289 -13.0557 -8.96094 -19.1992c-3.24707 -6.14453 -6.47949 -11.9365 -9.72754 -17.4082s-6.48047 -10.5918 -9.72754 -15.3604c-3.24805 -4.78418 -6.06445 -8.7998 -8.44824 -12.0322
+c-2.38379 -3.23145 -4.6084 -6.06348 -6.65625 -8.44727l-3.08789 -4.1123c-1.02441 -1.37598 -2.38379 -1.87207 -4.0957 -1.53613c-1.69629 0.335938 -2.7207 1.36035 -3.07227 3.05566c0 0.336914 -0.255859 2.73633 -0.768555 7.16895
+c-0.511719 4.43164 -1.02344 9.13574 -1.53516 14.0791c-0.512695 4.95996 -1.02441 11.3447 -1.53613 19.2002c-0.512695 7.85645 -0.671875 15.4561 -0.512695 22.7842c0.176758 7.34375 0.672852 15.4561 1.53613 24.3359
+c0.848633 8.87988 2.12793 17.0557 3.83984 24.5605c3.76074 16.0479 16.3848 69.4717 37.8887 160.271c-2.73633 5.45605 -4.95996 12.0322 -6.65625 19.7119c-1.71191 7.67969 -2.55957 13.9043 -2.55957 18.6885l-0.496094 7.67969
+c0 21.8398 5.53613 40.0156 16.6396 54.5283c11.0879 14.4961 24.4961 21.7598 40.1924 21.7598c12.6396 0 22.4473 -4.17578 29.4395 -12.5439c7.00781 -8.35254 10.4961 -18.8643 10.4961 -31.4883c0 -7.85547 -1.43945 -17.4883 -4.33594 -28.9277
+c-2.89551 -11.4404 -6.75195 -24.5762 -11.5361 -39.4238c-4.76758 -14.8486 -8.19141 -26.8799 -10.2402 -36.0967c-3.40723 -15.376 -0.416016 -28.6875 8.95996 -39.9355c9.4082 -11.2637 21.9365 -16.9121 37.6484 -16.9121c26.9756 0 49.2324 15.2803 66.832 45.8242
+c17.5684 30.5596 26.3516 67.5039 26.3516 110.848c0 33.1045 -10.752 60.1602 -32.2715 81.1523c-21.5039 20.9922 -51.5361 31.4883 -90.0957 31.4883c-43.0088 0 -77.9199 -13.8242 -104.704 -41.4727c-26.7998 -27.6475 -40.1924 -60.752 -40.1924 -99.3281
+c0 -22.8633 6.48047 -42.1436 19.4561 -57.8555c4.43164 -5.12012 5.80762 -10.5918 4.0957 -16.3838c-0.6875 -1.71289 -1.71191 -5.63281 -3.07129 -11.7764c-1.36035 -6.14453 -2.38477 -10.0645 -3.07227 -11.7764
+c-0.671875 -3.74414 -2.38379 -6.22363 -5.12012 -7.40723c-2.73633 -1.2002 -5.80762 -1.12012 -9.21582 0.255859c-20.1602 8.19141 -35.2637 22.2715 -45.3438 42.2393c-10.0801 19.9688 -15.1045 43.2646 -15.1045 69.8887z" />
+    <glyph glyph-name="uniF138" unicode="&#xf138;" 
+d="M0 183.808c0 46.4219 11.4346 89.2594 34.3037 128.513c22.8698 39.2533 53.9313 70.3145 93.1846 93.1836s82.0905 34.3037 128.512 34.3037c46.4212 0 89.2585 -11.4346 128.512 -34.3037s70.3148 -53.9303 93.1846 -93.1836
+c22.8691 -39.2533 34.3037 -82.0908 34.3037 -128.513c0 -46.4212 -11.4346 -89.2585 -34.3037 -128.512c-22.8698 -39.2533 -53.9313 -70.3145 -93.1846 -93.1836c-39.2533 -22.8698 -82.0905 -34.3047 -128.512 -34.3047c-46.4212 0 -89.2585 11.4349 -128.512 34.3047
+c-39.2533 22.8691 -70.3148 53.9303 -93.1846 93.1836c-22.8691 39.2533 -34.3037 82.0905 -34.3037 128.512zM106.496 20.4805c0 -8.875 4.43717 -13.3125 13.3115 -13.3125h90.1123c9.55729 0 14.3359 4.4375 14.3359 13.3125v24.5752
+c0 8.875 -4.77865 13.3125 -14.3359 13.3125h-14.8477v235.52h14.8477c9.55729 0 14.3359 4.4375 14.3359 13.3125v24.5762c0 8.87435 -4.77865 13.3115 -14.3359 13.3115h-90.1123c-8.87435 0 -13.3115 -4.43717 -13.3115 -13.3115v-24.5762
+c0 -8.875 4.43717 -13.3125 13.3115 -13.3125h15.8721v-235.52h-15.8721c-8.87435 0 -13.3115 -4.4375 -13.3115 -13.3125v-24.5752zM248.32 18.4316c0 -8.19206 4.09603 -12.2881 12.2881 -12.2881h30.208c7.50911 0 11.2637 4.09603 11.2637 12.2881v131.584
+c0 35.1576 13.4827 52.7363 40.4482 52.7363c14.3359 0 21.5039 -8.7041 21.5039 -26.1123v-158.208c0 -8.19206 3.75456 -12.2881 11.2637 -12.2881h31.2324c7.16797 0 10.752 4.09603 10.752 12.2881v170.496c0 41.6426 -18.7734 62.4639 -56.3203 62.4639
+c-22.8691 0 -43.6904 -10.9225 -62.4639 -32.7676l-3.58398 18.4316c-1.36523 7.50977 -5.46126 11.2646 -12.2881 11.2646h-22.0156c-8.19206 0 -12.2881 -4.26693 -12.2881 -12.8008v-217.088z" />
+    <glyph glyph-name="uniF15C" unicode="&#xf15c;" 
+d="M-22.2881 372.736v10.752l1.02441 1.02344h127.504l1.02344 -1.02344v-10.2402c0 -2.73633 -1.71191 -4.0957 -5.12012 -4.0957l-13.3271 -0.512695c-11.248 -0.335938 -16.8809 -3.75977 -16.8809 -10.2393c0 -4.43262 1.2002 -9.2168 3.58398 -14.3359
+c17.0723 -41.6484 54.9609 -124.24 113.664 -247.809l3.07227 -0.496094l56.832 113.185c-4.43164 10.2236 -8.19141 18.5918 -11.2637 25.0713l-38.9121 76.8008l-10.2402 20.4795c-8.87988 17.3926 -14.6719 27.7119 -17.4082 30.96
+c-2.73535 3.24805 -8.36719 5.55176 -16.8955 6.91211c-4.78418 0.671875 -7.18457 1.85645 -7.18457 3.56836v10.752l1.53613 1.02344h100.88l2.54395 -0.511719v-10.752c0 -2.73633 -1.69531 -4.0957 -5.11914 -4.0957l-7.68066 -1.02441
+c-4.43164 -0.671875 -7.67969 -1.53613 -9.72754 -2.55957c-2.04785 -1.02441 -2.99219 -3.07227 -2.81641 -6.14453s0.848633 -6.04785 2.04785 -8.95996c1.2002 -2.89551 3.66406 -8.0957 7.4248 -15.6162l37.376 -76.7998l41.4717 82.9443
+c5.47168 10.9277 6.32031 18.2559 2.55957 22.0156c-2.06348 2.71973 -8.36816 4.6084 -18.9756 5.63184l-4.62402 0.512695c-1.36035 0 -2.52832 0.511719 -3.58398 1.53613c-0.992188 0.335938 -1.55176 1.35938 -1.55176 3.07129v9.72852l1.55176 1.02344
+c19.4561 0.335938 51.168 0.335938 95.2002 0l1.02344 -1.02344v-10.2402c0 -2.73633 -1.53613 -4.0957 -4.62402 -4.0957c-7.50391 -0.335938 -12.7041 -1.10449 -15.5996 -2.33594c-2.91211 -1.18457 -5.71191 -3.84082 -8.46387 -7.93652
+c-7.83984 -11.6162 -12.9766 -19.792 -15.3438 -24.5762l-53.7441 -100.352l-1.47266 -3.55176l65.5684 -134.145l4.0957 -1.53613l103.44 246.272c4.0957 9.55176 3.59961 16.5596 -1.56836 20.9922c-4.44824 4.0957 -11.1035 6.31934 -19.9834 6.65527l-9.71289 0.512695
+c-1.02344 0 -2.06348 0.511719 -3.05566 1.53613c-1.37598 0.6875 -2.06348 1.69531 -2.06348 3.07129v10.2402l1.53516 1.02441h117.248l1.02441 -1.02441v-10.2402c0 -2.38379 -1.56836 -3.91992 -4.62402 -4.60742
+c-15.6797 -0.688477 -26.9756 -3.93652 -33.7764 -9.72852c-6.83203 -5.45605 -12.624 -13.8242 -17.4072 -25.0879l-128 -290.304c-3.4248 -7.83984 -7.24805 -13.0566 -11.5361 -15.6318c-4.25586 -2.54395 -8.33594 -2.36816 -12.2881 0.527344
+c-3.93652 2.89648 -7.75977 8.09668 -11.5684 15.6162c-12.9756 25.5996 -33.7441 70.4805 -62.4482 134.656c-35.8398 -73.7285 -58.1914 -118.8 -67.0713 -135.168c-14 -24.2559 -26.1123 -24.4004 -36.3525 -0.496094
+c-10.9277 25.5996 -33.1035 74.1602 -66.5596 145.664s-55.6484 120.399 -66.5605 146.688c-5.45605 14.3359 -10.2393 23.2158 -14.3359 26.624c-3.71191 3.39258 -12.5918 5.61621 -26.5752 6.64062c-4.78418 0.6875 -7.18457 1.87207 -7.18457 3.58398z" />
+    <glyph glyph-name="uniF118" unicode="&#xf118;" 
+d="M100.096 6.14355c0 25.9521 9.72852 45.0566 29.1846 57.3447c9.90332 6.47949 19.1035 11.4395 27.6475 14.8633c38.9287 16.7207 59.7285 25.9365 62.4639 27.6484c-7.16797 10.5762 -16.3838 22.1924 -27.6475 34.8164
+c-17.4082 20.4795 -27.6641 32.6074 -30.7197 36.3516c-37.2002 45.0557 -53.248 87.2002 -48.1279 126.464c2.38379 18.752 9.55176 34.2881 21.5039 46.5762c4.43164 4.76758 11.5996 10.2402 21.5039 16.3838c12.6396 7.16797 20.3193 11.4238 23.04 12.7998
+c1.71191 0.688477 5.56738 2.30469 11.5361 4.86426c5.96777 2.56055 11.0078 4.68848 15.0879 6.40039l24.0635 10.752l35.3438 15.3594c19.7764 8.54395 34.4648 15.3604 44.0322 20.4805c6.81641 3.74414 11.0879 2.71973 12.7842 -3.07227
+c0 -3.74414 -4.5918 -8.01562 -13.8076 -12.7998c-20.832 -13.6641 -31.7441 -33.1035 -32.7842 -58.3682c-0.335938 -9.9043 0.527344 -19.7119 2.55957 -29.4395c2.06445 -9.72852 4.19238 -17.7441 6.40039 -24.0645c2.22363 -6.32031 6.55957 -14.1602 13.0557 -23.5518
+c6.46387 -9.39258 11.0879 -15.792 13.8086 -19.2002c2.73535 -3.4082 8.62402 -10.2402 17.6641 -20.4795c9.03906 -10.2402 14.415 -16.3848 16.1279 -18.4326c2.04785 -2.38379 7.00781 -7.93555 14.8633 -16.6396c7.83984 -8.7041 13.4727 -15.1045 16.8799 -19.2002
+c3.4248 -4.0957 8.20801 -10.5762 14.3369 -19.4561c6.15918 -8.87988 10.5918 -16.7363 13.3115 -23.5518c2.73633 -6.84863 5.37598 -15.1045 7.93555 -24.8486c2.56055 -9.71191 3.84082 -19.7119 3.84082 -29.9355c0 -12.9922 -2.22461 -24.5918 -6.65625 -34.832
+c-4.0957 -10.9277 -8.97656 -19.6963 -14.5918 -26.3516c-5.61621 -6.65625 -13.7441 -13.4082 -24.3203 -20.2402c-11.9521 -7.16797 -20.9922 -12.2881 -27.1357 -15.3604c-7.85645 -4.0957 -18.2725 -8.7041 -31.2324 -13.8076
+c-5.47168 -2.06445 -11.5361 -4.62402 -18.1914 -7.68066c-6.65625 -3.05566 -10.4805 -4.7832 -11.5049 -5.11914l-45.5518 -19.9688l-18.416 -9.21582c-10.9434 -5.45605 -19.4717 -9.02344 -25.6162 -10.752c-29.0078 -7.15234 -51.7119 -3.05566 -68.0957 12.3037
+c-16.3838 15.3604 -24.5762 36.3359 -24.5762 62.96z" />
+    <glyph glyph-name="uniF147" unicode="&#xf147;" 
+d="M2.55957 -17.9199v170.496l59.3926 66.0479h43.5195v-32.7676h-28.6719l-40.96 -45.5684v-125.44h407.04v125.44l-40.96 45.5684h-28.6719v32.7676h43.5195l58.8809 -66.0479v-170.496h-473.089zM105.472 145.408v168.96l77.3125 77.3115h190.464v-246.271h-267.776z
+M136.192 176.64h206.336v184.32h-129.024v-77.3115h-77.3115v-107.009z" />
+    <glyph glyph-name="uniF121" unicode="&#xf121;" 
+d="M-10.624 161.28c0 35.5039 12.4639 65.6953 37.376 90.624c24.9121 24.9121 55.1201 37.376 90.624 37.376s65.6963 -12.4639 90.624 -37.376c24.9121 -24.9287 37.376 -55.1201 37.376 -90.624s-12.4639 -65.7119 -37.376 -90.624
+c-24.9277 -24.9287 -55.1201 -37.376 -90.624 -37.376s-65.6963 12.4473 -90.624 37.376c-24.9121 24.9121 -37.376 55.1201 -37.376 90.624zM272 161.28c0 35.5039 12.4639 65.6953 37.376 90.624c24.9121 24.9121 55.1201 37.376 90.624 37.376
+s65.6963 -12.4639 90.624 -37.376c24.9121 -24.9121 37.376 -55.1201 37.376 -90.624s-12.4639 -65.7119 -37.376 -90.624c-24.9277 -24.9287 -55.1201 -37.376 -90.624 -37.376s-65.7119 12.4473 -90.624 37.376c-24.9121 24.9121 -37.376 55.1201 -37.376 90.624z" />
+    <glyph glyph-name="uniF119" unicode="&#xf119;" 
+d="M0.993164 75.1396v285.976c0 0.330729 0.496419 3.47526 1.48926 9.43359l168.309 -143.981l-167.812 -161.357c-1.32357 4.63411 -1.98535 7.94401 -1.98535 9.92969zM23.335 390.408c2.31706 0.992839 5.13053 1.48926 8.44043 1.48926h453.29
+c2.97917 0 5.95801 -0.496419 8.93652 -1.48926l-168.805 -144.478l-22.3418 -17.873l-44.1865 -36.2441l-44.1875 36.2441l-22.3418 17.873zM23.8311 45.8477l169.302 162.351l65.5361 -53.124l65.5361 53.124l169.301 -162.351
+c-2.64779 -0.99349 -5.46126 -1.49023 -8.44043 -1.49023h-453.29c-2.64844 0 -5.29655 0.496745 -7.94434 1.49023zM346.547 226.567l167.812 143.981c0.992839 -2.97917 1.48926 -6.1237 1.48926 -9.43359v-285.976c0 -2.97852 -0.496419 -6.28841 -1.48926 -9.92969z" />
+    <glyph glyph-name="uniF149" unicode="&#xf149;" 
+d="M-48.9756 193.536c0 21.1523 8.44727 39.248 25.3438 54.2715c16.8955 15.0244 36.0957 22.5283 57.5996 22.5283c21.168 0 39.0723 -6.14355 53.7598 -18.4316h2.56055c45.7275 27.9834 102.912 41.9834 171.52 41.9834l2.56055 2.04785l35.8398 136.704
+l123.904 -18.4316c0 -0.335938 0.335938 -0.511719 1.00781 -0.511719c0.335938 0 0.335938 0.175781 0 0.511719c0.6875 0.335938 2.63965 2.99219 5.8877 7.93555c3.24805 4.95996 5.71191 8.1123 7.42383 9.47266c11.6328 10.9277 25.6328 16.3838 42 16.3838
+c16.7207 0 30.8164 -5.55176 42.2568 -16.6396c11.4395 -11.0879 17.1357 -24.9922 17.1357 -41.7285c0 -16.7354 -5.69629 -31.0557 -17.1357 -43.0078c-11.4404 -11.9521 -25.5361 -17.9199 -42.2568 -17.9199c-19.4561 0 -34.3193 6.57617 -44.5273 19.7119
+c-10.2559 13.1357 -15.376 29.6162 -15.376 49.4082c-0.688477 -0.335938 -17.3125 1.87207 -49.9043 6.65625c-32.6084 4.76758 -51.2959 7.66309 -56.0645 8.70312h-1.55176c-0.671875 -0.6875 -3.50391 -9.80762 -8.44824 -27.3916
+c-4.94336 -17.584 -10.0635 -36.1758 -15.3438 -55.8076c-5.31152 -19.6328 -8.28809 -30.4648 -8.97559 -32.5127v-1.53613l2.55957 -2.04785c24.5605 0 49.7441 -3.50391 75.5205 -10.4961c25.7754 -6.99121 48.0479 -16.8154 66.8154 -29.4395l1.55273 -1.02441
+c0.335938 0.335938 0.671875 0.512695 1.00781 0.512695s0.671875 0.175781 1.00781 0.511719c8.52832 6.14355 14.5918 10.3994 18.1924 12.7998c3.58398 2.38379 8.62305 4.6084 15.0879 6.65625c6.49609 2.04785 13.8232 3.07227 22.0312 3.07227
+c23.2002 0 43.0088 -8.19238 59.376 -24.5762c16.4004 -16.3848 24.6084 -36.3525 24.6084 -59.9043c0 -16.0479 -4.52832 -30.7197 -13.584 -44.0322c-9.05566 -13.3115 -20.9121 -23.5674 -35.584 -30.7197c0 -66.5596 -44.3682 -118.288 -133.12 -155.136
+c-14 -6.14453 -23.5684 -10.0645 -28.6719 -11.7607c-10.9277 -3.42383 -26.4482 -6.65527 -46.5918 -9.72754c-20.1445 -3.07227 -36.0166 -4.62402 -47.6162 -4.62402c-40.96 0 -80.3838 5.96777 -118.272 17.9199c-0.6875 0.671875 -12.9756 7.16797 -36.8633 19.4561
+c-32.4326 17.4082 -58.4482 37.2002 -78.0801 59.3916c-19.6318 22.1924 -29.4404 48.8164 -29.4404 79.8721h-2.55957c-11.2646 5.79199 -21.3281 14.3359 -30.208 25.6162l-4.6084 6.12793c-5.12012 9.21582 -8.35156 16.9922 -9.72754 23.3125
+c-1.37598 6.31934 -2.04785 14.9121 -2.04785 25.8398zM-31.5684 187.392c0 -22.5117 9.72852 -41.6475 29.1846 -57.3438c1.69531 20.1445 9.90332 39.9365 24.5762 59.3926c14.6719 19.4561 31.9199 36.6875 51.7119 51.7119
+c-12.6406 8.86328 -26.624 13.3115 -41.9844 13.3115c-16.7197 0 -31.4883 -6.91211 -44.2881 -20.7363c-12.7998 -13.8232 -19.2002 -29.2637 -19.2002 -46.3359zM20.6719 112.64c0 -18.416 5.2959 -36.1758 15.8721 -53.248
+c10.5762 -17.0557 24.1445 -31.6641 40.7041 -43.7598c16.5596 -12.1279 34.0479 -22.2881 52.4795 -30.4639c18.4326 -8.17578 36.3525 -14 53.7607 -17.4082c25.5996 -4.78418 50.5273 -7.16797 74.752 -7.16797c41.9834 0 81.7441 6.73633 119.296 20.2246
+c37.5361 13.4873 69.1201 34.3838 94.7197 62.7354h-1.53613c10.2402 12.9766 17.5684 24.6562 22 35.0566c4.43262 10.3994 6.65625 22.7832 6.65625 37.1191c0 18.416 -4.51172 36 -13.5684 52.7207c-9.02344 16.7354 -20.9111 31.0713 -35.584 43.0078
+c-14.6719 11.9521 -30.3838 22.2715 -47.1035 30.9756s-33.7764 15.2803 -51.1846 19.7119c-29.0234 7.85645 -59.9033 11.7764 -92.6719 11.7764c-25.2637 0 -51.1201 -3.07227 -77.5674 -9.21582c-26.4482 -6.14453 -52.0479 -15.3604 -76.7998 -27.6484
+c-24.7529 -12.2881 -44.9766 -29.2637 -60.6729 -50.9434c-15.7119 -21.6807 -23.5518 -46.1768 -23.5518 -73.4727zM115.904 150.016c0 12.6406 3.83984 22.7842 11.5195 30.4648c7.66406 7.67969 17.8242 11.5195 30.4639 11.5195
+c12.624 0 23.2158 -3.83984 31.7441 -11.5195c8.52832 -7.68066 12.7998 -17.8242 12.7998 -30.4648c0 -12.3037 -4.35156 -22.5273 -13.0557 -30.7197c-8.7041 -8.20801 -19.2002 -12.3037 -31.4883 -12.3037s-22.3516 4.0957 -30.208 12.3037
+c-7.85547 8.19238 -11.7754 18.416 -11.7754 30.7197zM134.336 66.0479h22.5283c8.54395 -15.3594 22.0957 -27.04 40.7041 -35.0723c18.6074 -8.01562 37.6318 -12.0312 57.0879 -12.0312c19.792 0 38.5762 4.01562 56.3193 12.0312
+c17.7441 8.03223 32.0967 19.7129 43.0088 35.0723h20.9912c-8.52734 -21.168 -24.3994 -37.5518 -47.6318 -49.1357c-23.2002 -11.6318 -47.4395 -17.4238 -72.6875 -17.4238c-24.5762 0 -48.7207 5.8877 -72.4482 17.6641
+c-23.7275 11.792 -39.6963 28.0635 -47.8721 48.8955zM306.352 150.016c0 12.9766 3.9209 23.2002 11.7607 30.7207c7.87207 7.50391 18.2881 11.2637 31.2637 11.2637c11.5996 0 21.5039 -4.0957 29.6797 -12.2881c8.19238 -8.20801 12.2881 -18.0957 12.2881 -29.6963
+c0 -11.5996 -4.0957 -21.6641 -12.2881 -30.208c-8.19141 -8.54395 -18.0957 -12.8154 -29.6797 -12.8154c-12.6396 0 -22.9756 4.01562 -30.9922 12.0322c-8.01562 8.03125 -12.0322 18.3672 -12.0322 30.9912zM436.928 389.632
+c0 -11.9521 4.27246 -22.1914 12.7998 -30.7197c8.52832 -8.54395 18.7842 -12.7998 30.7207 -12.7998c12.2881 0 22.3516 4.19141 30.2236 12.5439c7.83984 8.35156 11.7598 18.6875 11.7598 30.9756c0 11.6006 -4.0957 21.5039 -12.3037 29.6963
+c-8.19238 8.19141 -18.0801 12.2881 -29.6797 12.2881c-11.6006 0 -21.7441 -4.17578 -30.4639 -12.5439c-8.7041 -8.36816 -13.0566 -18.1758 -13.0566 -29.4404zM444.096 245.76c18.7686 -12.2881 34.9766 -28.0635 48.624 -47.3594
+c13.6641 -19.2803 23.2158 -39.6807 28.6885 -61.1846c20.1279 14.6719 30.208 31.0566 30.208 49.1523c0 19.792 -6.06445 36.8643 -18.1758 51.2002c-12.1289 14.3359 -27.9043 21.5039 -47.376 21.5039c-15.3447 0 -29.3447 -4.43262 -41.9688 -13.3125z" />
+    <glyph glyph-name="uniF10D" unicode="&#xf10d;" 
+d="M-29.4404 357.888c0 6.83203 2.22461 12.4482 6.65625 16.8965c4.43262 4.44824 10.0801 6.65625 16.8965 6.65625h120.319c5.45605 0 10.3203 -1.61621 14.5928 -4.86426c4.27148 -3.24805 7.08789 -7.58398 8.44727 -13.0566l12.2881 -50.1758h345.072l3.59961 10.752
+c3.4082 10.9287 10.752 16.3848 22.0166 16.3848c3.07129 0 5.2959 -0.336914 6.65527 -1.02441c5.10449 -1.36035 9.2002 -4.0957 12.2881 -8.19238c3.08887 -4.0957 4.6084 -8.7041 4.6084 -13.8232c0 -1.69629 -0.335938 -3.9209 -1.02441 -6.65625l-60.416 -201.216
+c-1.37598 -5.12012 -4.0957 -9.2168 -8.19141 -12.2881c-4.0957 -3.07227 -8.71973 -4.6084 -13.8242 -4.6084h-286.208c-5.45605 0 -10.3203 1.69629 -14.5918 5.10449c-4.27246 3.42383 -7.08789 7.67969 -8.44824 12.8154l-55.2959 224.256h-101.888
+c-6.48047 0 -12.0322 2.22461 -16.6406 6.65625c-4.60742 4.43164 -6.91211 9.9043 -6.91211 16.3838zM161.024 266.752l31.7432 -126.976h250.368l1.00781 4.5918l36.8809 122.368h-320v0.015625zM182.528 18.9443c0 12.9756 4.6875 24.0635 14.0801 33.2793
+c9.3916 9.2168 20.5752 13.8242 33.5352 13.8242s24.0645 -4.60742 33.2803 -13.8242c9.21582 -9.21582 13.8242 -20.3193 13.8242 -33.2793s-4.6084 -24.0645 -13.8242 -33.2803s-20.3203 -13.8076 -33.2803 -13.8076s-24.1436 4.5918 -33.5352 13.8076
+c-9.37598 9.21582 -14.0801 20.3037 -14.0801 33.2803zM215.808 226.816h84.9922v-47.0889h-74.7676zM341.248 179.712l0.511719 47.0879h82.9443l-12.2881 -47.0879h-71.168zM360.192 18.9443c0 12.9756 4.7041 24.0635 14.0957 33.2793
+c9.37598 9.2168 20.5596 13.8242 33.5361 13.8242c12.9756 0 24.0635 -4.60742 33.2793 -13.8242c9.2168 -9.21582 13.8086 -20.3193 13.8086 -33.2793s-4.5918 -24.0645 -13.8086 -33.2803c-9.21582 -9.21582 -20.3193 -13.8076 -33.2793 -13.8076
+s-24.1602 4.5918 -33.5361 13.8076c-9.3916 9.21582 -14.0957 20.3037 -14.0957 33.2803z" />
+    <glyph glyph-name="uniF12A" unicode="&#xf12a;" 
+d="M0 190.976c0 46.4219 11.4346 89.2594 34.3037 128.513c22.8698 39.2533 53.9313 70.3145 93.1846 93.1836s82.0905 34.3037 128.512 34.3037c46.4212 0 89.2585 -11.4346 128.512 -34.3037s70.3148 -53.9303 93.1846 -93.1836
+c22.8691 -39.2533 34.3037 -82.0908 34.3037 -128.513c0 -46.4212 -11.4346 -89.2585 -34.3037 -128.512c-22.8698 -39.2533 -53.9313 -70.3145 -93.1846 -93.1836c-39.2533 -22.8698 -82.0905 -34.3047 -128.512 -34.3047c-46.4212 0 -89.2585 11.4349 -128.512 34.3047
+c-39.2533 22.8691 -70.3148 53.9303 -93.1846 93.1836c-22.8691 39.2533 -34.3037 82.0905 -34.3037 128.512zM66.0479 190.976c0 -22.1862 6.14421 -35.3275 18.4326 -39.4238c1.70638 -0.682292 4.60742 -1.36491 8.70312 -2.04785
+c14.3366 -0.341146 28.8434 6.48568 43.5205 20.4805c13.9948 12.2878 23.8936 27.6478 29.6963 46.0801c8.5332 26.2826 10.2396 60.4157 5.11914 102.399c-0.682292 4.09635 -1.02344 6.99772 -1.02344 8.7041c-1.02409 2.04818 -1.02409 3.58431 0 4.6084
+c0.341146 1.02344 2.5599 0.852539 6.65625 -0.512695c12.9707 -3.41341 26.2826 -8.36263 39.9355 -14.8477c15.7012 -7.16797 33.109 -19.1146 52.2236 -35.8398c15.36 -13.3118 30.2083 -28.5013 44.5449 -45.5684c11.2637 -13.3118 24.917 -31.0612 40.96 -53.248
+c13.9941 -19.4557 29.0127 -32.597 45.0557 -39.4238c9.89844 -3.41341 18.0052 -4.60807 24.3203 -3.58398c6.31445 1.02409 11.2637 4.4375 14.8477 10.2402s6.14388 12.1172 7.67969 18.9434c1.53646 6.82682 2.30469 14.5068 2.30469 23.04
+c0 16.3841 -2.04818 32.7682 -6.14453 49.1523c-1.02409 4.09635 -2.38932 8.875 -4.0957 14.3359c-4.77865 14.6777 -11.776 29.0137 -20.9922 43.0078c-17.7493 26.9655 -40.8747 48.1283 -69.376 63.4883s-58.7946 23.04 -90.8799 23.04
+c-22.528 0 -43.8613 -3.75456 -64 -11.2637c-27.3066 -9.55729 -51.2855 -24.7467 -71.9365 -45.5684c-20.6504 -20.8216 -35.7542 -45.0563 -45.3115 -72.7041c-0.341146 -1.70638 -1.02376 -4.18099 -2.04785 -7.42383s-1.8776 -5.54688 -2.56055 -6.91211
+c-4.0957 -17.0664 -5.97298 -33.4505 -5.63184 -49.1523z" />
+    <glyph glyph-name="uniF12C" unicode="&#xf12c;" 
+d="M82.1123 345.088h357.888l-33.792 -363.52l-145.408 -41.4727l-145.408 41.4727zM115.392 375.808v68.0967h23.04v-22.5283h20.4805v22.5283h22.5283v-68.0967h-22.5283v22.5283h-20.4805v-22.5283h-23.04zM148.672 270.848l12.2881 -136.191l0.511719 1.02344h153.601
+l-5.12012 -57.8555l-49.1523 -13.8242l-49.6641 14.3359l-3.07129 34.8164h-45.0566l6.14453 -69.6484l91.6475 -26.1123l91.6641 26.1123l12.7998 136.704h-163.344l-4.0957 45.5684h171.52l4.1123 45.0557h-224.784v0.015625zM191.68 420.864v23.04h62.4639v-23.04
+h-19.9678v-45.0566h-22.5117v45.0566h-19.9844zM263.872 375.808v68.0967h24.0635l13.8242 -23.5527l14.3359 23.5527h24.0645v-68.0967h-22.0322v34.8164l-16.3682 -25.5996v0.511719l-15.376 24.0635v-33.792h-22.5117zM351.936 375.808v68.0967h22.5283v-45.0566h31.7285
+v-23.04h-54.2568z" />
+    <glyph glyph-name="uniF11C" unicode="&#xf11c;" 
+d="M42.1123 193.024c0 36.5273 4.95996 71.0078 14.8477 103.424c9.55176 31.4082 23.7119 58.5439 42.4961 81.4082c19.1201 22.8633 42.1602 40.2715 69.1201 52.2236c27.6475 12.2881 58.0156 18.4316 91.1357 18.4316c43.6797 0 80.7363 -10.416 111.104 -31.2314
+c30.7197 -20.1445 53.9199 -46.9443 69.6475 -80.3838c15.6797 -32.4326 23.5361 -65.8887 23.5361 -100.353c0 -31.7441 -8.01562 -52.2236 -24.0801 -61.4561c-16.0322 -9.2002 -38.5596 -13.8076 -67.5684 -13.8076h-216.575
+c0 -29.0078 5.12012 -54.2881 15.3594 -75.7764c9.9043 -22.1924 22.8643 -38.5596 38.9121 -49.1523c17.0557 -11.248 35.1523 -16.8955 54.2881 -16.8955c13.9844 0 26.0957 1.69629 36.3359 5.12012c10.5762 3.42383 21.1523 9.04004 31.7441 16.8955
+c10.5596 7.52051 20.1279 15.5361 28.6562 24.0645c8.52734 8.52832 19.8076 20.3203 33.792 35.3438c5.12012 5.45605 13.1357 8.19238 24.0635 8.19238c11.6162 0 20.832 -3.60059 27.6484 -10.752c7.18359 -7.18457 10.7676 -17.0723 10.7676 -29.6963
+c0 -10.9277 -3.91992 -24.2402 -11.7754 -39.9355c-7.16797 -14.6729 -19.1045 -29.1846 -35.8242 -43.5205c-15.7119 -14 -35.5039 -25.5996 -59.4082 -34.8164c-24.2236 -9.21582 -51.6963 -13.8232 -82.4316 -13.8232c-71.3281 0 -126.801 23.04 -166.385 69.1035
+c-39.6152 46.4326 -59.4072 108.88 -59.4072 187.393zM155.776 232.96h200.704c-2.40039 42.6719 -12.624 74.752 -30.7207 96.2559c-17.4082 21.1523 -40.624 31.7441 -69.6475 31.7441c-28 0 -50.6885 -10.752 -68.0967 -32.2559
+c-17.7275 -21.5039 -28.4795 -53.4238 -32.2393 -95.7441z" />
+    <glyph glyph-name="uniF105" unicode="&#xf105;" 
+d="M-31.8398 216.32c3.24805 54.0957 15.9521 99.4072 38.1436 135.936c16.7207 27.3125 33.0244 46.6885 48.8965 58.1123c15.8721 11.4395 39.5039 19.8877 70.9121 25.3438c10.2393 1.71191 19.9678 2.65625 29.1836 2.81641s17.8398 -0.512695 25.8564 -2.04785
+c8.01562 -1.53613 15.5361 -3.50488 22.5273 -5.88867c7.00879 -2.38379 13.6641 -5.80762 19.9688 -10.2402c6.31934 -4.43164 12.0312 -8.7832 17.1514 -13.0557c5.12012 -4.27148 10.2402 -9.64746 15.3604 -16.1279c5.12012 -6.49609 9.64746 -12.3682 13.5518 -17.6641
+c3.93652 -5.2959 8.03223 -11.8555 12.3037 -19.7119c4.27246 -7.85645 7.85645 -14.5918 10.7686 -20.2236c2.89551 -5.63281 6.38379 -12.5439 10.4795 -20.7363c2.38477 -4.76758 4.78418 -9.8877 7.16797 -15.3604c2.36816 -5.45605 4.94434 -11.5195 7.68066 -18.1758
+c2.71973 -6.65625 4.94336 -11.8555 6.65527 -15.6162c2.7207 16.3848 12.3525 48.4639 28.9121 96.2559c16.5605 47.7764 28.0967 72.5283 34.5605 74.2402c31.0557 7.16797 55.8076 7.16797 74.2559 0c1.37598 -0.671875 2.91211 -2.04785 4.60742 -4.0957
+c1.69629 -2.04785 2.89648 -3.4082 3.58496 -4.0957c-0.336914 -6.14453 -1.36035 -12.7207 -3.05664 -19.7119c-1.71191 -7.00879 -3.15137 -12.5449 -4.35156 -16.6406s-3.42383 -10.3359 -6.65625 -18.6875c-3.23242 -8.36816 -5.2002 -13.5684 -5.8877 -15.6162
+l-81.9199 -224.769c-2.40039 -11.6152 0.751953 -26.9756 9.47168 -46.0791c8.6875 -19.1045 20.2236 -34.9922 34.5596 -47.6162c14.3359 -12.6406 26.96 -16.3838 37.8721 -11.2803c3.4082 1.71191 6.49609 5.2959 9.21582 10.752
+c2.73633 5.47168 5.12012 9.05566 7.16797 10.752c6.14453 5.12012 18.2725 7.77637 36.3525 7.93652c18.0801 0.191406 29.5195 -2.97656 34.3037 -9.47266c5.45605 -9.8877 7.32812 -20.5596 5.63184 -32c-1.69531 -11.4395 -6.99121 -22.6875 -15.8555 -33.7754
+s-19.0244 -20.832 -30.4639 -29.1846c-11.4404 -8.36816 -24.0645 -14.5918 -37.8887 -18.6875c-13.8232 -4.09668 -26.3516 -4.95996 -37.6475 -2.56055c-9.8877 2.04785 -19.1045 5.2002 -27.6484 9.47266c-8.52734 4.28711 -15.5361 8.62402 -20.9912 13.0557
+c-5.47266 4.43164 -11.2803 10.6562 -17.4082 18.6875c-6.16016 8.0166 -10.8486 14.5928 -14.0967 19.7129c-3.24805 5.10352 -7.83984 12.7832 -13.8076 23.0234c-5.98438 10.2559 -10.3359 17.7441 -13.0557 22.5283
+c-1.37598 -0.688477 -2.38477 -1.37598 -3.05664 -2.06445c-8.20801 -19.7754 -22.0312 -37.9678 -41.4873 -54.5117s-41.1201 -29.3604 -65.0244 -38.3838c-23.8877 -9.05664 -49.4883 -12.3682 -76.7998 -10c-27.3125 2.38379 -52.0479 11.6162 -74.2402 27.6641
+c-29.0078 21.1514 -51.3604 55.8877 -67.0723 104.191c-15.7119 48.3047 -21.9199 99.5039 -18.6875 153.601zM46.2402 222.72c-4.43262 -36.8633 -2.89648 -72.8799 4.60742 -108.031c7.50391 -35.1523 19.9688 -59.2168 37.376 -72.1924
+c9.55273 -7.16797 19.1201 -12.3682 28.6729 -15.6318c9.55176 -3.23242 18.3359 -5.2002 26.3672 -5.87207c8.0166 -0.688477 16.3848 0.943359 25.0879 4.86426c8.7041 3.91992 16.0488 7.51953 22.0166 10.752c5.9834 3.23145 12.9756 9.21582 20.9922 17.9199
+c8.01562 8.7041 14.0801 15.4395 18.1758 20.2236s9.72754 12.624 16.8955 23.5684c7.16797 10.9121 11.8564 18.2559 14.0801 22c2.22461 3.75977 6.38477 10.9434 12.5439 21.5195c1.69629 3.07227 3.05664 5.45605 4.09668 7.16797
+c-12.9766 54.9443 -23.9043 93.0078 -32.7686 114.176c-24.9121 59.04 -59.3916 85.5049 -103.424 79.3604c-19.1201 -2.75195 -32.9443 -6.49609 -41.4717 -11.2803c-8.54395 -4.7832 -17.0723 -13.1357 -25.6006 -25.0879
+c-13.9834 -18.7676 -23.2158 -46.5918 -27.6475 -83.4561z" />
+    <glyph glyph-name="uniF100" unicode="&#xf100;" 
+d="M0 -50.6885c0 17.4082 10.4108 35.5843 31.2324 54.5283c20.821 18.944 41.8128 34.0482 62.9756 45.3125l7.67969 -11.2646c-15.0182 -10.9225 -30.4635 -25.0023 -46.3359 -42.2393c-15.8717 -17.2376 -25.8558 -32.5124 -29.9521 -45.8242
+c29.696 9.21615 74.9229 73.8988 135.681 194.048c22.1862 44.7148 39.7646 89.2588 52.7354 133.632c-11.2637 36.5228 -16.8955 70.9974 -16.8955 103.424c0 39.2533 8.02116 58.8799 24.0635 58.8799c7.85091 0 13.6536 -0.341146 17.4082 -1.02344
+c3.75456 -0.682943 7.25326 -2.90169 10.4961 -6.65625s4.86426 -9.55729 4.86426 -17.4082c0 -5.11979 -0.512044 -9.89844 -1.53613 -14.3359l-13.8242 0.512695c-0.682292 8.87435 -3.58366 15.8714 -8.7041 20.9912
+c-4.0957 -6.82617 -6.14355 -18.6022 -6.14355 -35.3281c0 -12.9707 1.53581 -29.0133 4.60742 -48.1279c1.02409 6.14453 2.47493 15.2754 4.35254 27.3926c1.87695 12.1172 3.49837 21.2477 4.86426 27.3916l13.3115 -1.53613
+c-0.682292 -51.8822 -3.07161 -89.0872 -7.16797 -111.615c12.2878 -36.5228 27.0505 -66.2191 44.2881 -89.0889c17.2376 -22.8691 41.5576 -43.1784 72.96 -60.9277c23.2109 2.38932 43.0081 3.58398 59.3916 3.58398c60.7578 0 91.1367 -11.9466 91.1367 -35.8398
+c0 -3.75456 -0.853516 -7.85059 -2.56055 -12.2881l-1.53613 0.511719c-1.70638 -14.3359 -13.141 -21.5039 -34.3037 -21.5039c-35.4987 0 -76.4587 12.2881 -122.88 36.8643c-75.0931 -7.50911 -141.482 -21.5039 -199.168 -41.9844
+c-50.1758 -87.7227 -90.2826 -131.584 -120.32 -131.584c-2.38932 0 -4.77865 0.341471 -7.16797 1.02441s-4.52246 1.45085 -6.39941 2.30371c-1.8776 0.853516 -4.18164 2.04818 -6.91211 3.58398c-2.73112 1.53646 -4.7793 2.64583 -6.14453 3.32812
+c-2.73047 2.73047 -4.0957 6.48503 -4.0957 11.2637zM162.816 79.8721c45.7383 18.4316 96.5967 32.9382 152.575 43.5195c-35.1569 24.9173 -63.1462 60.5869 -83.9678 107.009c-12.2878 -41.3014 -35.1569 -91.4775 -68.6074 -150.528zM411.648 105.472
+c30.7194 -11.9466 54.9538 -17.9199 72.7031 -17.9199c5.12044 0 8.87533 0.512044 11.2646 1.53613c0 10.9225 -24.7467 16.3838 -74.2402 16.3838h-9.72754z" />
+    <glyph glyph-name="uniF14F" unicode="&#xf14f;" 
+d="M-37.5684 100.336c0 5.47168 0.592773 12.9756 1.79199 22.5283c1.2002 9.55176 2.81641 14.8477 4.86426 15.8721c2.04785 -1.02441 3.83984 -6.56055 5.37598 -16.6406c1.53613 -10.0635 2.30371 -17.3281 2.30371 -21.7598
+c0 -4.78418 -0.767578 -12.0322 -2.30371 -21.7441s-3.32812 -15.1035 -5.37598 -16.1279c-4.43164 2.38379 -6.65625 15.0244 -6.65625 37.8721zM-4.7998 100.336c0 8.52832 0.864258 21.168 2.55957 37.9043c1.69629 16.7197 2.73633 27.1201 3.07227 31.2158
+c0 2.04785 1.02441 3.07227 3.07227 3.07227c1.35938 0 2.38379 -1.02441 3.07129 -3.07227c4.09668 -44.0156 6.14453 -67.0557 6.14453 -69.1201c0 -8.19238 -0.944336 -20.3037 -2.81641 -36.3359c-1.8877 -16.0479 -2.99219 -26.1123 -3.32812 -30.2236
+c-0.6875 -2.36816 -1.71191 -3.56836 -3.07129 -3.56836c-2.04785 0 -3.07227 1.18359 -3.07227 3.56836c-0.335938 3.75977 -1.36035 13.7432 -3.07227 29.9678c-1.69531 16.208 -2.55957 28.416 -2.55957 36.5918zM36.6719 100.336
+c0 8.20801 0.847656 20.752 2.56055 37.6484c1.71191 16.8955 2.55957 26.208 2.55957 27.9033c0 3.07227 1.2002 4.6084 3.58398 4.6084c2.71973 0 4.0957 -1.53613 4.0957 -4.6084c3.76074 -38.5762 5.63184 -60.416 5.63184 -65.5518
+c0 -5.10352 -1.87109 -28.3203 -5.63184 -69.6318c0 -2.71973 -1.35938 -4.0957 -4.0957 -4.0957c-2.38379 0 -3.58398 1.37598 -3.58398 4.0957c0 2.38379 -0.847656 12.3682 -2.55957 29.9521c-1.69629 17.5996 -2.56055 30.8154 -2.56055 39.6797zM83.7764 100.336
+c0 12.9756 0.255859 26.7197 0.767578 41.2158c0.511719 14.5127 1.2002 30.7207 2.04785 48.6562c0.864258 17.9199 1.45605 31.8242 1.79199 41.7275c0 3.4082 1.53613 5.12012 4.6084 5.12012c3.4082 0 5.12012 -1.69531 5.12012 -5.12012
+c0.335938 -5.45508 1.2793 -24.4951 2.81543 -57.0879c1.53613 -32.5918 2.30469 -57.4238 2.30469 -74.4961c0 -8.87988 -0.848633 -22 -2.56055 -39.4072c-1.71191 -17.4248 -2.55957 -27.3125 -2.55957 -29.6963c0 -3.42383 -1.69629 -5.12012 -5.12012 -5.12012
+c-3.07227 0 -4.6084 1.69629 -4.6084 5.12012c-3.05566 45.04 -4.60742 68.0801 -4.60742 69.0879zM131.904 100.336c0 18.7842 0.511719 46 1.53613 81.6641c1.02344 35.6641 1.69531 57.5996 2.04785 65.792c0.6875 4.0957 2.73535 6.14355 6.14355 6.14355
+s5.45605 -2.04785 6.14453 -6.14355c0.335938 -10.9277 1.10352 -33.6162 2.30371 -68.0801c1.2002 -34.4795 1.79199 -60.9443 1.79199 -79.376c0 -8.52832 -0.591797 -20.8164 -1.79199 -36.8643s-1.96777 -26.4473 -2.30371 -31.2314
+c-0.672852 -4.09668 -2.7207 -6.14453 -6.14453 -6.14453s-5.45605 2.04785 -6.14355 6.14453c0 3.74414 -0.591797 13.8242 -1.79199 30.2236c-1.18457 16.3838 -1.79199 29.0078 -1.79199 37.8721zM180.544 100.336c0 13.6641 0.175781 28.1758 0.511719 43.5361
+s0.768555 32.416 1.28027 51.2002c0.511719 18.7676 0.944336 33.2793 1.28027 43.5195c0.671875 5.12012 3.07227 7.68066 7.16797 7.68066s6.47949 -2.56055 7.16797 -7.68066c0.335938 -10.2402 0.767578 -24.752 1.28027 -43.5195
+c0.511719 -18.7686 0.943359 -35.8398 1.2793 -51.2002s0.512695 -29.8721 0.512695 -43.5361c0 -0.671875 -1.02441 -23.0244 -3.07227 -67.0557v0.496094c-0.688477 -5.10449 -3.07227 -7.66406 -7.16797 -7.66406s-6.48047 2.38379 -7.16797 7.16797
+c-2.04785 44.0312 -3.07227 66.3838 -3.07227 67.0557zM229.184 99.8398c0 1.02441 1.02441 60.9277 3.07227 179.712c0.688477 6.14453 3.4082 9.21582 8.19238 9.21582s7.50391 -3.07129 8.19141 -9.21582c2.04883 -118.784 3.07227 -178.672 3.07227 -179.712
+c0 -0.335938 -1.02344 -22.0156 -3.07227 -65.0234c-0.6875 -5.79199 -3.40723 -8.7041 -8.19141 -8.7041s-7.50391 2.91211 -8.19238 8.7041c-2.04785 43.0078 -3.07227 64.6875 -3.07227 65.0234zM270.16 208.64c0 28.1602 0.160156 54.6885 0.496094 79.6162
+c-0.335938 3.4082 1.79199 6.48047 6.39941 9.21582c4.6084 2.73633 10.1602 4.68848 16.6406 5.88867c6.47949 1.19922 12.3682 2.12793 17.6641 2.81543c5.2793 0.688477 9.47168 1.02441 12.5273 1.02441c33.1045 0 61.9521 -12.3682 86.5283 -37.1201
+c24.5762 -24.7363 38.2236 -55.2158 40.9756 -91.3916c9.55273 4.43164 18.9443 6.65527 28.1602 6.65527c19.7764 0 36.7842 -7.75977 50.9443 -23.2959s21.3438 -34.3838 21.5039 -56.5762c0.192383 -22.1914 -6.91211 -41.0234 -21.248 -56.5596
+s-31.4082 -23.3125 -51.1836 -23.3125h-201.232c-2.04785 0 -3.83984 1.02441 -5.37598 3.07227s-2.32031 4.27246 -2.32031 6.65625c0 18.7676 -0.0800781 45.3115 -0.255859 79.6162c-0.143555 34.3037 -0.223633 65.5361 -0.223633 93.6953z" />
+    <glyph glyph-name="uniF116" unicode="&#xf116;" 
+d="M32 148.992c0 23.8721 3.58398 46.5918 10.752 68.0801c7.16797 21.5039 15.4404 39.0879 24.832 52.7354c9.37598 13.6484 20.3838 26.3682 33.0244 38.1445c12.624 11.7754 22.3516 19.9678 29.1836 24.5762c6.83203 4.60742 13.3115 8.62402 19.4561 12.0312
+c3.4082 1.69629 8.44824 4.27246 15.1035 7.68066c6.65625 3.4082 11.8564 6.14355 15.6162 8.19141c3.75977 2.04883 8.62402 4.95996 14.5918 8.7041c5.96875 3.74414 11.8564 8.0166 17.6641 12.7998c14.3359 11.6006 22.8643 30.8965 25.584 57.8564
+c24.9443 -30.0322 43.0088 -48.7998 54.2881 -56.3203c8.52832 -5.79199 21.0723 -12.4473 37.6318 -19.9678c16.5605 -7.50391 29.1045 -13.8242 37.6484 -18.9443c6.48047 -3.75977 12.6396 -7.75977 18.416 -12.0312c5.80762 -4.24023 15.0244 -12.5283 27.6484 -24.8164
+s23.2959 -25.2637 32 -38.9121c8.70312 -13.6475 16.6396 -31.5674 23.8076 -53.7598c7.15234 -22.1924 10.752 -45.5684 10.752 -70.1279c0 -63.5039 -21.7441 -115.568 -65.2803 -156.176c-43.5195 -40.6084 -95.8232 -60.9287 -156.943 -60.9287
+c-39.6006 0 -76.5283 9.47266 -110.832 28.4004c-34.3047 18.96 -62.0322 45.4883 -83.2002 79.6318c-21.168 34.1279 -31.7441 71.8398 -31.7441 113.152zM129.28 71.6797c-0.688477 -21.5195 6.47949 -37.376 21.5039 -47.6318
+c10.5918 -7.15137 26.624 -10.752 48.1279 -10.752c14 0 30.6396 5.02441 49.9199 15.0879c19.2959 10.0801 37.2002 20.0645 53.7598 29.9678c16.5605 9.88867 28.5918 14.6729 36.0967 14.3369c7.83984 -0.336914 21.0713 -9.88867 39.6797 -28.6729
+c18.5918 -18.7832 30.624 -28.3359 36.0957 -28.6719c6.81641 -0.335938 12.5283 1.10449 17.1523 4.35254c4.5918 3.23145 9.96777 9.2959 16.1279 18.1758c11.248 16.7197 16.8955 36.6875 16.8955 59.8877c0 9.9043 -2.55957 19.2158 -7.66406 27.9043
+c-5.11914 8.71973 -13.1514 13.0557 -24.0635 13.0557c-7.53613 0 -23.2158 -8.01562 -47.1201 -24.0635c-23.8721 -16.0322 -39.9199 -24.2402 -48.1279 -24.5762c-7.50391 0 -17.9043 4.7041 -31.2158 14.0801c-13.3125 9.3916 -28.416 18.8643 -45.3125 28.416
+c-16.9121 9.55176 -33.7119 14.3359 -50.4316 14.3359c-22.1924 -0.335938 -41.2158 -8.01562 -57.0879 -23.0244c-15.8887 -15.0078 -23.9844 -32.416 -24.3359 -52.208zM234.256 -20.4805c-4.1123 -3.40723 -4.1123 -6.83105 0 -10.2393
+c15.6797 -14.3359 43.8398 -19.6318 84.4639 -15.8721c7.83984 0.6875 15.9688 2.65625 24.3203 5.8877c8.36816 3.23242 14.6875 6.24023 18.96 8.95996c4.27246 2.73633 7.07227 4.78418 8.44824 6.16016c1.35938 1.36035 2.03223 4.0957 2.03223 8.19238
+c-1.00879 4.0957 -3.4082 4.60742 -7.15234 1.53516c-14 -10.9277 -35.1523 -16.3672 -63.5039 -16.3672c-25.6006 0 -44.3525 4.7832 -56.3203 14.3359c-1.02344 0.6875 -2.36816 1.00781 -4.0957 1.00781c-1.71191 -0.0322266 -4.09668 -1.21582 -7.15234 -3.60059z
+M280.32 6.14355c2.39941 -2.73535 7.16797 -0.863281 14.3359 5.64844c0.6875 0.335938 2.04785 1.36035 4.0957 3.05566c2.04785 1.71191 3.4082 2.81641 4.0957 3.32812c0.688477 0.512695 2.06445 1.36035 4.09668 2.56055
+c2.06348 1.19922 3.74414 1.95215 5.12012 2.30371s3.32715 0.6875 5.8877 1.02441c2.55957 0.335938 5.2002 0.511719 7.93555 0.511719c5.45605 0 9.88867 -0.768555 13.3125 -2.30371c3.42383 -1.55273 5.55176 -2.91211 6.38379 -4.1123
+c0.864258 -1.18457 2.14355 -3.32812 3.83984 -6.38379c1.71191 -3.4248 3.00781 -5.37598 3.83984 -5.88867c0.832031 -0.511719 2.12793 -0.416016 3.83984 0.255859c4.09668 2.38477 5.28027 5.79199 3.58496 10.2402
+c-3.07227 8.87988 -6.83203 14.6885 -11.2646 17.4082c-4.0957 3.08789 -11.4395 4.62402 -22.0156 4.62402c-8.87988 0 -15.8564 -1.02441 -20.9922 -3.07227c-5.80762 -2.38379 -13.3125 -7.85547 -22.5283 -16.3838
+c-5.10352 -4.1123 -6.28809 -8.38379 -3.56738 -12.8164z" />
+    <glyph glyph-name="uniF139" unicode="&#xf139;" 
+d="M-30.2881 134.144v77.3125c0 3.4082 1.2002 6.40039 3.58398 8.95996s5.45605 3.83984 9.21582 3.83984h135.681l-58.8809 -102.912h-76.7998c-3.74414 0 -6.81543 1.18457 -9.21582 3.60059c-2.38379 2.36719 -3.58398 5.43945 -3.58398 9.19922zM32.1758 9.21582
+l33.792 -19.4717zM37.3115 31.4883c-1.02344 3.58398 -0.6875 6.92773 1.02441 9.9834l155.648 270.336c1.69531 3.07227 4.27148 5.04004 7.67969 5.88867c3.4082 0.847656 6.65625 0.431641 9.72754 -1.28027l33.2803 -18.9443
+c3.4082 -1.69531 5.55176 -4.35156 6.40039 -7.93555c0.847656 -3.58398 0.431641 -6.91211 -1.28027 -9.98438l-155.136 -270.336c-1.71191 -3.07227 -4.35254 -5.02344 -7.93652 -5.8877s-6.91211 -0.416016 -9.9834 1.28027l-33.2803 19.4561
+c-3.08789 1.37598 -5.12012 3.83984 -6.14453 7.42383zM195.008 121.344l58.8799 102.912h34.3203l48.1279 -102.912h-141.328zM234.944 441.344c0.335938 3.07227 1.35938 5.12012 3.07129 6.14453c3.4082 1.71191 9.47266 -3.58398 18.1768 -15.8721
+s20.9111 -32.0801 36.6074 -59.3926c15.7119 -27.3115 26.2881 -45.2314 31.7441 -53.7598c9.56836 -15.0078 22.4316 -37.2959 38.6562 -66.8154c16.2236 -29.5205 31.7441 -58.3682 46.5918 -86.5283s22.2881 -42.4004 22.2881 -42.752
+c3.74414 -6.49609 3.4082 -12.6406 -1.02441 -18.4326c-4.43164 -5.80762 -9.71191 -9.90332 -15.8721 -12.2871c-6.14355 -2.75195 -10.2393 -4.28809 -12.2871 -4.62402c-2.06445 -0.335938 -7.16895 0.863281 -15.377 3.59961
+c-10.2236 5.12012 -42.6553 72.1924 -97.2637 201.216c-1.69629 3.74414 -4.01562 8.95996 -6.92773 15.6162s-5.79199 13.1357 -8.68848 19.4561c-2.91211 6.32031 -6.06348 13.4717 -9.4873 21.5039c-3.4248 8.03223 -6.57617 15.5361 -9.47266 22.5283
+c-2.91211 6.99121 -5.80762 14.1592 -8.7041 21.5039c-2.91113 7.34375 -5.21582 14 -6.91113 19.9678c-1.69629 5.98438 -3.07227 11.5195 -4.09668 16.6396c-1.02344 5.12012 -1.37598 9.2168 -1.02344 12.2881zM402.88 224.256h120.32
+c3.4082 0 6.39941 -1.28027 8.97559 -3.83984c2.56055 -2.55957 3.83984 -5.55176 3.83984 -8.95996v-77.3125c0 -3.40723 -1.2793 -6.38379 -3.83984 -8.95996c-2.55957 -2.5752 -5.56738 -3.83984 -8.97559 -3.83984h-68.0967
+c-1.37598 5.47266 -2.71973 9.39258 -4.0957 11.7764l-12.2881 23.5518c-21.8398 41.3125 -33.792 63.8242 -35.8398 67.584zM409.536 62.2236c1.00781 3.56836 3.23145 6.22461 6.65625 7.91992l18.9434 9.72852c3.4082 1.69629 7.00781 1.96777 10.752 0.767578
+c3.74414 -1.19922 6.49609 -3.50391 8.19238 -6.92773l15.8721 -30.7197c4.0957 -8.19238 2.39941 -14.8486 -5.12012 -19.9678l-13.8076 -8.19238c-3.4082 -1.69629 -7.00879 -2.12793 -10.752 -1.28027c-3.74414 0.864258 -6.65625 3.00781 -8.7207 6.40039
+l-20.4639 31.7441c-2.08008 3.42383 -2.5918 6.92773 -1.55176 10.5273zM448.688 -11.7764c0.191406 5.47266 0.863281 9.04004 2.06348 10.752c1.18359 1.71289 3.3125 4.09668 6.38379 7.16797l12.3047 4.6084c20.8154 4.0957 33.0879 -7.83984 36.8633 -35.8398
+c1.00781 -10.9121 0.864258 -23.8877 -0.511719 -38.9121c-1.37598 4.0957 -8.87988 9.12012 -22.5283 15.0879c-13.6641 5.98438 -23.0234 12.5605 -28.1602 19.7119c-4.44727 6.17578 -6.5752 11.9678 -6.41504 17.4238z" />
+    <glyph glyph-name="uniF131" unicode="&#xf131;" 
+d="M0 192c0 46.4212 11.4346 89.2585 34.3037 128.512c22.8698 39.2533 53.9313 70.3148 93.1846 93.1846c39.2533 22.8691 82.0905 34.3037 128.512 34.3037c46.4212 0 89.2585 -11.4346 128.512 -34.3037c39.2533 -22.8698 70.3148 -53.9313 93.1846 -93.1846
+c22.8691 -39.2533 34.3037 -82.0905 34.3037 -128.512s-11.4346 -89.2585 -34.3037 -128.512c-22.8698 -39.2533 -53.9313 -70.3148 -93.1846 -93.1846c-39.2533 -22.8691 -82.0905 -34.3037 -128.512 -34.3037c-46.4212 0 -89.2585 11.4346 -128.512 34.3037
+c-39.2533 22.8698 -70.3148 53.9313 -93.1846 93.1846c-22.8691 39.2533 -34.3037 82.0905 -34.3037 128.512zM51.2002 192c0 -56.6615 19.9678 -104.96 59.9033 -144.896c39.9362 -39.9355 88.235 -59.9033 144.896 -59.9033c56.6615 0 104.96 19.9678 144.896 59.9033
+c39.9355 39.9362 59.9033 88.235 59.9033 144.896s-19.9678 104.96 -59.9033 144.896c-39.9362 39.9355 -88.235 59.9033 -144.896 59.9033c-56.6615 0 -104.96 -19.9678 -144.896 -59.9033c-39.9355 -39.9362 -59.9033 -88.235 -59.9033 -144.896zM144.896 101.888
+c0 11.2643 4.0957 20.9925 12.2871 29.1846c8.19206 8.19206 18.0908 12.2881 29.6963 12.2881c4.4375 0 9.21615 -0.853516 14.3359 -2.56055v153.601l148.48 25.5996v-201.728c-0.341797 -10.5814 -4.69401 -19.7975 -13.0566 -27.6484
+s-17.8346 -11.7764 -28.416 -11.7764s-19.4561 3.6696 -26.624 11.0088c-7.16797 7.33854 -10.752 16.2985 -10.752 26.8799c0 11.2637 4.09603 20.9915 12.2881 29.1836s17.9202 12.2881 29.1846 12.2881c4.43685 0 9.21549 -0.85319 14.3359 -2.55957v106.495
+l-102.4 -18.9434v-137.729c0 -11.2637 -4.09603 -20.9915 -12.2881 -29.1836s-17.9199 -12.2881 -29.1836 -12.2881c-10.5814 0 -19.5413 3.66927 -26.8799 11.0078s-11.0078 16.2985 -11.0078 26.8799z" />
+    <glyph glyph-name="uniF13C" unicode="&#xf13c;" 
+d="M-56.752 370.688c-0.335938 1.69531 0.0800781 3.32715 1.28027 4.86328c1.19922 1.53613 2.63965 2.46387 4.35156 2.81641c3.75977 0.671875 9.05566 1.79199 15.8721 3.32812s11.5996 2.65527 14.3359 3.32812c0 5.80762 0.160156 14.2559 0.511719 25.3438
+c0.352539 11.0879 0.512695 19.3594 0.512695 24.832c0.6875 4.0957 2.89551 6.14355 6.65527 6.14355c4.76855 0 7.16797 -2.38379 7.16797 -7.16797c-0.671875 -20.4795 -1.02344 -36 -1.02344 -46.5918c3.75977 0.671875 9.72754 1.87207 17.9199 3.58398
+c8.19238 1.69629 14.1602 3.07227 17.9199 4.0957c6.14453 1.36035 15.5205 3.07227 28.1602 5.12012s22.1914 3.75977 28.6719 5.12012c137.216 23.5518 272.72 35.8398 406.544 36.8643c2.03223 0 3.66406 -0.768555 4.84766 -2.30371
+c1.2002 -1.53613 1.63281 -3.32812 1.28027 -5.37598c0 -3.74414 -0.335938 -9.37695 -1.00781 -16.8965c-0.671875 -7.50391 -1.00781 -13.1357 -1.00781 -16.8955c14.3359 -1.02441 36.1758 -2.91211 65.5361 -5.63281c1.69531 0 3.24805 -0.767578 4.5918 -2.30371
+c1.37598 -1.53613 1.8877 -3.15234 1.55176 -4.86426c-7.85547 -46.752 -19.4561 -117.071 -34.832 -210.943c-15.3438 -93.8721 -26.96 -164.353 -34.8154 -211.473c17.0713 -2.71973 30.0479 -4.7832 38.9277 -6.12793
+c2.73535 -0.335938 4.51172 -1.71191 5.37598 -4.11133c0.864258 -2.40039 0.767578 -4.6084 -0.272461 -6.65625c-1.00781 -2.04785 -2.71973 -3.07227 -5.10352 -3.07227h-1.55176c-4.43262 0.688477 -11.0889 1.79199 -19.9688 3.34375
+c-8.87988 1.53613 -15.5361 2.64062 -19.9678 3.3125c-0.335938 -4.0957 -1.18359 -9.37598 -2.54395 -15.8564c-0.6875 -3.07129 -2.38379 -4.95996 -5.12012 -5.64746c-0.335938 -0.335938 -1.00781 -0.496094 -2.04785 -0.496094h-2.04785
+c-101.376 25.5996 -203.76 45.5674 -307.2 59.9043c-34.1279 0.671875 -59.5684 1.00781 -76.2881 1.00781c-18.7676 0 -46.9443 -0.335938 -84.4795 -1.00781v-0.52832c0.335938 -0.335938 0.511719 -0.671875 0.511719 -1.00781
+c0.335938 -2.04785 -0.335938 -3.82422 -2.04785 -5.37598c-1.71191 -1.53613 -3.58398 -2.30469 -5.63184 -2.30469c-3.76074 0 -5.80859 1.87207 -6.14453 5.63281c0 1.69531 -0.255859 4.33594 -0.767578 7.93555c-0.512695 3.59961 -0.944336 6.40039 -1.28027 8.43164
+h-6.65625c-2.71973 0 -4.52734 1.2002 -5.37598 3.60059c-0.847656 2.39941 -0.671875 4.6875 0.511719 6.91211c1.2002 2.22363 3.16895 3.34375 5.88867 3.34375h4.0957l-3.07227 27.6475c-2.04785 13.6484 -6.31934 46.8486 -12.7998 99.584
+c-6.47949 52.7363 -12.5439 95.6641 -18.1758 128.769c-5.63184 33.1035 -12.9121 65.6963 -21.792 97.7764zM-41.3916 366.592c7.16797 -26.624 14.5117 -60.9277 22.0156 -102.912c-1.02441 23.8887 -1.53613 59.5684 -1.53613 107.009
+c-5.45605 -0.688477 -12.2881 -2.04883 -20.4795 -4.09668zM-7.08789 320c0.335938 -65.8721 3.91992 -138.256 10.752 -217.088c1.02441 -13.6641 2.91211 -32.2559 5.63184 -55.8086c0.335938 -3.05566 0.768555 -6.31934 1.28027 -9.71191
+c0.511719 -3.3916 1.10352 -7.15137 1.79199 -11.2637c0.6875 -4.0957 1.2002 -7.32812 1.53613 -9.72754c22.8633 -1.00879 55.6475 -3.23242 98.3037 -6.65625c42.6719 -3.4082 73.7275 -5.63184 93.1836 -6.65625c120.832 -6.81543 203.265 -12.7842 247.297 -17.9043
+c3.74316 54.6084 9.31152 132.272 16.6396 232.96c7.34375 100.688 12.3682 170.849 15.1035 210.433c-159.743 -1.39258 -323.584 -19.6641 -491.52 -54.8164c-0.335938 -18.0957 -0.335938 -36.0156 0 -53.7598zM40.0156 236.544
+c0 24.9121 8.7041 46.4316 26.1123 64.5117c17.4082 18.0967 39.4238 27.1367 66.0479 27.1367c29.0078 0 51.5361 -10.1445 67.584 -30.4648c16.0479 -20.3037 24.0645 -46.5117 24.0645 -78.5918c0 -51.5518 -14.8486 -91.3115 -44.5439 -119.296
+c-21.8398 -20.4795 -51.0244 -32.0957 -87.5527 -34.8154c-7.51953 -0.688477 -17.2314 -1.02441 -29.1836 -1.02441v38.4004c4.0957 -0.688477 12.9756 -0.335938 26.624 1.00781c20.4805 1.71191 37.7119 8.20801 51.7119 19.4561
+c17.7441 14 28.8477 32.9434 33.2803 56.8477h-1.02441c-13.6475 -14.6875 -32.2559 -22.0322 -55.8076 -22.0322c-22.5283 0 -41.0557 7.34473 -55.5518 22.0322c-14.4961 14.6719 -21.7607 33.6162 -21.7607 56.832zM88.1436 239.616
+c0 -13.6484 3.76074 -24.9277 11.2646 -33.792c7.50391 -8.87988 17.7441 -13.3125 30.7197 -13.3125c18.7842 0 32.5918 7.16797 41.4717 21.5039c1.71191 3.4082 2.56055 7.85645 2.56055 13.3125c0.335938 18.7676 -3.23242 34.2236 -10.752 46.3359
+c-7.52051 12.1123 -18.6084 18.1758 -33.2803 18.1758h-0.511719c-12.2881 0 -22.2725 -4.86426 -29.9521 -14.5918c-7.67969 -9.72852 -11.5205 -22.2725 -11.5205 -37.6318zM133.712 -4.6084l49.1523 -5.10352l190.976 -20.4961
+c47.7764 -10.2236 83.4561 -18.416 107.008 -24.5596l1.53613 9.21582c-18.7676 3.05566 -46.9277 7.34375 -84.4639 12.7998c-85.0078 11.9355 -173.072 21.3115 -264.208 28.1436zM232.016 236.544c0 24.9121 8.78418 46.4316 26.3682 64.5117
+c17.584 18.0967 39.6807 27.1367 66.3047 27.1367c28.6719 0 51.0234 -10.1445 67.0713 -30.4648c16.0479 -20.3037 24.0645 -46.5117 24.0645 -78.5918c0 -52.2393 -14.8643 -91.9834 -44.5439 -119.296c-21.8564 -20.4795 -51.04 -32.0957 -87.5684 -34.8154
+c-7.50391 -0.688477 -17.2158 -1.02441 -29.168 -1.02441v38.4004c4.0957 -0.688477 12.96 -0.352539 26.624 1.00781c20.4961 1.71191 37.8877 8.20801 52.2236 19.4561c17.4248 14 28.3359 32.9434 32.7686 56.8477h-0.496094
+c-14 -14.6875 -32.7842 -22.0322 -56.3359 -22.0322c-22.1924 0 -40.6084 7.34473 -55.2959 22.0322c-14.6719 14.6719 -22.0166 33.6162 -22.0166 56.832zM280.16 239.616c0 -13.6484 3.74414 -24.9277 11.2314 -33.792
+c7.52051 -8.87988 17.7441 -13.3125 30.7207 -13.3125c18.7842 0 32.5918 7.16797 41.4717 21.5039c1.71191 3.4082 2.55957 7.85645 2.55957 13.3125c0.336914 18.7676 -3.23145 34.2236 -10.752 46.3359c-7.50391 12.1123 -18.5918 18.1758 -33.2793 18.1758h-0.496094
+c-11.9521 0 -21.8398 -4.86426 -29.6963 -14.5918c-7.85547 -9.72852 -11.7598 -22.2725 -11.7598 -37.6318zM462.944 -28.6719c9.55176 -1.36035 16.8955 -2.38379 22 -3.07227c6.84766 40.9766 17.8398 107.872 33.0234 200.72
+c15.1846 92.832 26.8799 164 35.0566 213.488c-4.43262 0.335938 -10.4805 0.864258 -18.1445 1.53613c-7.67969 0.671875 -14.7842 1.28027 -21.248 1.79199c-6.49609 0.511719 -12.624 0.944336 -18.4316 1.28027c-2.04785 -29.0078 -6.65625 -91.5684 -13.8242 -187.648
+s-12.4482 -170.399 -15.8564 -222.992c0 -1.67969 -0.6875 -3.23145 -2.06348 -4.5918c-0.368164 0 -0.511719 -0.175781 -0.511719 -0.511719z" />
+    <glyph glyph-name="uniF109" unicode="&#xf109;" 
+d="M0 97.2803v188.928c0 44.373 15.8721 82.4316 47.6162 114.176s69.8027 47.6162 114.176 47.6162h113.152c22.1862 -2.73047 45.8236 -12.4583 70.9121 -29.1836c25.0879 -16.7259 42.9225 -36.3529 53.5039 -58.8809
+c0.341146 -0.682292 1.19434 -2.30339 2.55957 -4.86328s2.21875 -4.2666 2.56055 -5.12012c0.341146 -0.853516 0.938477 -2.47493 1.79199 -4.86426c0.852865 -2.38932 1.53548 -4.52246 2.04785 -6.39941c0.511719 -1.8776 1.10905 -4.52311 1.79199 -7.93652
+c0.682292 -3.41341 1.36491 -7.16797 2.04785 -11.2637c0.682292 -4.09635 1.36491 -9.0459 2.04785 -14.8486c3.07227 -23.8932 7.50944 -38.3997 13.3115 -43.5195c4.7793 -4.4375 16.8968 -6.91211 36.3525 -7.42383c19.4557 -0.51237 30.5492 -1.79232 33.2803 -3.83984
+l7.16797 -5.63281l4.0957 -8.7041l1.53613 -7.16797l-1.02441 -131.071c-0.341146 -44.3737 -16.2132 -82.347 -47.6162 -113.92c-31.4023 -31.5736 -69.29 -47.3604 -113.663 -47.3604h-185.856c-44.373 0 -82.4316 15.7868 -114.176 47.3604
+c-31.7441 31.5729 -47.6162 69.5462 -47.6162 113.92zM132.608 99.8398c0 -8.5332 3.07194 -15.7865 9.21582 -21.7598s13.4824 -8.95996 22.0156 -8.95996h182.272c8.5332 0 15.7865 2.98665 21.7598 8.95996s8.95996 13.2266 8.95996 21.7598
+s-2.98665 15.7865 -8.95996 21.7598s-13.2266 8.95996 -21.7598 8.95996h-182.272c-8.5332 0 -15.8717 -2.98665 -22.0156 -8.95996s-9.21582 -13.2266 -9.21582 -21.7598zM132.608 285.184c0 -8.5332 3.07194 -15.8717 9.21582 -22.0156s13.4824 -9.21582 22.0156 -9.21582
+h89.6006c8.5332 0 15.7865 3.07194 21.7598 9.21582s8.95996 13.4824 8.95996 22.0156c0 8.53385 -2.98665 15.7874 -8.95996 21.7607s-13.2266 8.95996 -21.7598 8.95996h-89.6006c-8.5332 0 -15.8717 -2.98665 -22.0156 -8.95996s-9.21582 -13.2269 -9.21582 -21.7607z
+" />
+    <glyph glyph-name="uniF14D" unicode="&#xf14d;" 
+d="M0 326.144c0 8.53385 2.73079 16.2995 8.19238 23.2969c5.46094 6.99674 12.458 11.5192 20.9912 13.5674l100.864 24.0645c-21.5039 -24.5762 -32.2559 -53.2484 -32.2559 -86.0166c0 -63.1465 43.1787 -111.445 129.536 -144.896
+c9.55729 -3.75456 18.7731 -7.93587 27.6475 -12.5439c8.875 -4.60807 18.1764 -10.3255 27.9043 -17.1523c9.72786 -6.82682 17.5785 -14.7627 23.5518 -23.8076c5.97331 -9.04557 8.95996 -18.5176 8.95996 -28.416c0 -14.6777 -5.97331 -26.1126 -17.9199 -34.3047
+c-11.9466 -8.19141 -25.5999 -12.2871 -40.96 -12.2871c-19.7969 0 -40.4476 3.83984 -61.9521 11.5195c-21.5039 7.68034 -39.4238 18.0055 -53.7598 30.9756l-40.4482 -91.6475c19.1152 -10.5814 43.6914 -20.9922 73.7285 -31.2324
+c-3.41341 -0.682292 -8.78939 -2.13281 -16.1279 -4.35156s-13.9092 -3.92546 -19.7119 -5.12012s-11.264 -1.79199 -16.3838 -1.79199c-8.53385 0 -16.2995 2.73079 -23.2969 8.19238c-6.99674 5.46094 -11.5192 12.458 -13.5674 20.9912l-83.9678 351.744
+c-0.682943 4.09635 -1.02441 7.16829 -1.02441 9.21582zM214.528 302.592c0 12.9707 5.97331 22.9548 17.9199 29.9521s24.9173 10.4961 38.9121 10.4961c16.7253 0 35.4984 -2.98665 56.3193 -8.95996c20.8216 -5.97331 35.8405 -13.9092 45.0566 -23.8076l31.2314 87.0391
+c-30.7201 16.3841 -62.4639 27.1364 -95.2314 32.2568c0.682292 0 8.3623 2.04785 23.04 6.14355c14.6771 4.09635 26.8796 7.16829 36.6074 9.21582c9.72786 2.04818 16.9811 3.07227 21.7598 3.07227c8.53385 0 16.2995 -2.73079 23.2969 -8.19238
+c6.99674 -5.46094 11.5192 -12.458 13.5674 -20.9912l83.9678 -351.744c0.682943 -4.09635 1.02441 -7.16829 1.02441 -9.21582c0 -8.53385 -2.73079 -16.2995 -8.19238 -23.2969c-5.46094 -6.99674 -12.458 -11.5192 -20.9912 -13.5674l-74.2402 -17.4082
+c16.0423 23.8932 24.0635 49.8346 24.0635 77.8242c0 37.888 -12.0319 69.0345 -36.0957 93.4395c-24.0638 24.4056 -55.5518 43.0938 -94.4639 56.0645c-58.3678 19.7975 -87.5518 43.6908 -87.5518 71.6797z" />
+    <glyph glyph-name="uniF111" unicode="&#xf111;" 
+d="M0 -64v256.512h256.512v-256.512h-256.512zM260.608 191.488v256.512h256v-256.512h-256z" />
+    <glyph glyph-name="uniF10F" unicode="&#xf10f;" 
+d="M-44.6719 156.672c0 35.5039 12.5439 65.8721 37.6318 91.1357c25.0879 25.2646 55.2158 37.8887 90.3682 37.8887l0.511719 -0.512695c0 1.02441 -0.0800781 2.22461 -0.255859 3.58398c-0.175781 1.36035 -0.255859 2.38477 -0.255859 3.07227
+c0 40.2725 14.0801 74.5762 42.2402 102.912c28.1592 28.3359 62.208 42.4961 102.144 42.4961c35.1523 0 66.0479 -11.2637 92.6719 -33.792s43.0078 -50.8643 49.1523 -84.9922h8.7041c39.9199 0 73.9834 -14.1602 102.144 -42.4961s42.2559 -62.6396 42.2559 -102.912
+c0 -40.2881 -14.0957 -74.5918 -42.2559 -102.928s-62.2236 -42.4795 -102.144 -42.4795c-2.73633 0 -4.78418 0.15918 -6.14453 0.495117v-0.495117h-295.952v0.511719c-33.792 1.71191 -62.3672 15.0234 -85.7598 39.9355
+c-23.376 24.9121 -35.0557 54.4326 -35.0557 88.5762z" />
+    <glyph glyph-name="uniF114" unicode="&#xf114;" 
+d="M0 192c0 46.4212 11.4346 89.2585 34.3037 128.512c22.8698 39.2533 53.9313 70.3148 93.1846 93.1846c39.2533 22.8691 82.0905 34.3037 128.512 34.3037c46.4212 0 89.2585 -11.4346 128.512 -34.3037c39.2533 -22.8698 70.3148 -53.9313 93.1846 -93.1846
+c22.8691 -39.2533 34.3037 -82.0905 34.3037 -128.512s-11.4346 -89.2585 -34.3037 -128.512c-22.8698 -39.2533 -53.9313 -70.3148 -93.1846 -93.1846c-39.2533 -22.8691 -82.0905 -34.3037 -128.512 -34.3037c-46.4212 0 -89.2585 11.4346 -128.512 34.3037
+c-39.2533 22.8698 -70.3148 53.9313 -93.1846 93.1846c-22.8691 39.2533 -34.3037 82.0905 -34.3037 128.512zM42.4961 192c0 -53.248 17.9199 -100.181 53.7598 -140.8c16.3841 32.0853 42.3255 62.6344 77.8242 91.6475c35.4987 29.0137 70.1439 47.2751 103.936 54.7842
+c-5.11979 11.9466 -10.069 22.6986 -14.8477 32.2559c-58.7096 -18.7734 -122.198 -28.1602 -190.464 -28.1602c-13.3118 0 -23.2106 0.170898 -29.6963 0.512695c0 -1.36523 -0.0852865 -3.07194 -0.255859 -5.12012s-0.255859 -3.75488 -0.255859 -5.12012z
+M49.1523 244.736c7.50911 -0.682943 18.6022 -1.02441 33.2793 -1.02441c57.0026 0 111.104 7.68001 162.305 23.04c-25.9414 46.0801 -54.4427 84.4801 -85.5039 115.2c-26.9655 -13.6536 -50.0908 -32.5977 -69.376 -56.832
+c-19.2858 -24.235 -32.8538 -51.0296 -40.7041 -80.3838zM125.44 23.5518c38.5703 -30.0371 82.0902 -45.0557 130.56 -45.0557c25.2585 0 50.3464 4.77865 75.2637 14.3359c-6.82617 58.3678 -20.138 114.858 -39.9355 169.472
+c-31.403 -6.82617 -63.0618 -24.0635 -94.9766 -51.7119c-31.9141 -27.6478 -55.5511 -56.6611 -70.9111 -87.04zM203.776 398.336c30.0371 -31.0612 57.8558 -69.8024 83.4561 -116.224c46.4212 19.4557 81.4079 44.2021 104.96 74.2393
+c-39.5951 32.7682 -84.9925 49.1523 -136.192 49.1523c-17.4082 0 -34.8161 -2.38932 -52.2236 -7.16797zM305.664 245.76c5.11979 -10.9225 10.9225 -24.7464 17.4082 -41.4717c25.2585 2.38932 52.7357 3.58398 82.4316 3.58398
+c21.1628 0 42.1549 -0.512044 62.9766 -1.53613c-2.73112 46.4212 -19.4567 87.7227 -50.1768 123.904c-22.1862 -33.1094 -59.7327 -61.2695 -112.64 -84.4805zM335.872 168.448c17.4082 -50.5176 29.1842 -102.4 35.3281 -155.648
+c26.9655 17.4082 48.9814 39.7656 66.0479 67.0723s27.3063 56.832 30.7197 88.5762c-24.9173 1.70638 -47.6159 2.55957 -68.0957 2.55957c-18.7734 0 -40.1068 -0.85319 -64 -2.55957z" />
+    <glyph glyph-name="uniF11D" unicode="&#xf11d;" 
+d="M43.4404 289.792c0 13.6641 2.55957 23.5518 7.67969 29.6963c3.07227 4.78418 7.51953 8.36816 13.3115 10.752c6.14453 3.07129 14.1602 4.60742 24.0645 4.60742h48.1436c5.12012 0 9.55273 1.88867 13.3125 5.64844c3.75977 3.74414 5.63184 8.19238 5.63184 13.3115
+c0 7.16797 -0.160156 14.6729 -0.511719 22.5283v30.1924c0 8.52734 2.04785 16.0312 6.14355 22.5273c5.12012 7.16797 13.6641 12.4639 25.6006 15.8721c3.74316 2.04785 12.7832 3.07227 27.1191 3.07227h9.72852c20.1436 -0.671875 36.8643 -3.58398 50.1758 -8.7041
+c12.9766 -5.45605 20.6562 -16.0479 23.0244 -31.7441c8.87988 0.335938 17.0557 0.512695 24.5918 0.512695c18.0957 0 33.2803 -0.848633 45.5684 -2.56055c33.0879 -4.0957 55.1191 -8.19238 66.0312 -12.2881c14.3359 -4.43164 23.4082 -15.8721 27.1523 -34.3037
+c3.4082 -18.7686 6.46387 -54.624 9.21582 -107.521c1.67969 -30.3672 2.56055 -55.4717 2.56055 -75.2637c0 -15.0078 -0.52832 -27.1201 -1.56836 -36.3359c-5.44043 -58.7197 -12.7842 -102.064 -22 -130.064c-4.78418 -14.3359 -9.56836 -26.0156 -14.3359 -35.0557
+c-4.76855 -9.04004 -9.47168 -16.3037 -14.0645 -21.7441c-4.62402 -5.47168 -10.8477 -9.4082 -18.6875 -11.7754c-7.87207 -2.38477 -15.1201 -3.84082 -21.7764 -4.35254c-6.65527 -0.511719 -16.6074 -0.799805 -29.9199 -0.799805
+c-36.8799 0 -61.7119 4.33594 -74.4961 13.0557c-12.7998 8.68848 -19.2002 26.8799 -19.2002 54.5283c0 15.3438 1.63281 27.5684 4.86426 36.5918c3.24805 9.04004 8.87988 15.4561 16.9121 19.2002c8 3.75977 15.9365 5.98438 23.8076 6.65625
+c5.12012 0.335938 11.9365 0.511719 20.4648 0.511719h14.3359c1.34375 0 2.31934 -0.255859 2.81543 -0.78418c0.496094 -0.496094 0.591797 -1.34375 0.255859 -2.54395s-0.751953 -2.47949 -1.2793 -3.83984c-0.496094 -1.36035 -1.02441 -3.23242 -1.53613 -5.64844
+c-0.496094 -2.36719 -0.78418 -4.5918 -0.78418 -6.65527c0 -3.05664 0.335938 -6.22461 1.02441 -9.47266c0.6875 -3.23145 0.847656 -5.2793 0.527344 -6.14355c-0.335938 -0.864258 -1.56738 -1.26367 -3.59961 -1.26367h-10.2559
+s-1.68066 -0.0966797 -5.12012 -0.272461c-3.4082 -0.175781 -5.12012 -0.416016 -5.12012 -0.767578c0 -0.352539 -1.44043 -0.78418 -4.33594 -1.28027c-2.91211 -0.511719 -4.25586 -1.18359 -4.0957 -2.04785c0.191406 -0.864258 -0.751953 -1.88867 -2.81641 -3.07227
+c-2.03223 -1.18359 -2.71973 -2.71973 -2.03223 -4.6084c0.65625 -1.87109 0.496094 -3.82324 -0.527344 -5.8877c0 -4.78418 0.6875 -8.6875 2.06348 -11.7598c1.34375 -3.07227 2.62402 -5.47168 3.83984 -7.16797c1.18457 -1.69629 4.25586 -2.91211 9.18457 -3.60059
+c4.97559 -0.671875 8.71973 -1.00781 11.2793 -1.00781h16.624c19.4727 0 31.9365 2.30469 37.376 6.92871c5.47266 4.5918 8.22461 15.4395 8.22461 32.4951c0 25.9365 -3.15234 43.4404 -9.50391 52.4805c-6.32031 9.04004 -15.9365 14.416 -28.9121 16.1279
+c-30.0322 3.07227 -50.3359 6.48047 -60.9443 10.2402c-18.0957 6.84766 -27.1201 27.1357 -27.1201 60.9434c0 0.688477 -0.431641 1.02441 -1.2793 1.02441c-0.864258 0 -1.28027 -0.335938 -1.28027 -1.02441c0 -22.8799 -3.07227 -43.3438 -9.21582 -61.4395
+l-4.09668 -12.2881c-3.74414 -8.54395 -10.0635 -12.9922 -18.9434 -13.3115h-3.07227c-8.19238 0 -17.4082 1.35938 -27.6484 4.0957c-43.3438 5.45605 -77.1357 13.4717 -101.376 24.0635c-8.19141 3.74414 -14.5117 10.5762 -18.9434 20.4639
+c-5.80859 11.9521 -11.8564 33.8721 -18.1768 65.792c-6.31934 31.9209 -10.3193 54.6885 -12.0312 68.3525c-1.36035 11.2803 -2.04785 19.9844 -2.04785 26.1279zM46.5117 350.72v1.02441l93.6963 92.1602c0 0.335938 0.175781 0.511719 0.511719 0.511719
+l-1.53613 -3.07227c-3.74316 -6.83203 -5.63184 -15.0078 -5.63184 -24.5762c0 -7.50391 0.175781 -25.0879 0.512695 -52.7354c0 -3.4082 -1.71289 -5.12012 -5.12012 -5.12012h-47.6162c-11.6162 0 -21.6797 -1.8877 -30.208 -5.63184
+c-1.69629 -1.02441 -3.23242 -1.87207 -4.6084 -2.56055zM337.344 202.24c7.15234 1.02344 15.0078 1.53613 23.5361 1.53613c15.376 -0.335938 29.1846 -3.4082 41.4717 -9.2168c0 29.0088 -10.3994 43.8564 -31.2158 44.5439h-1.53613
+c-10.2559 0 -17.7432 -3.40723 -22.5273 -10.2393c-5.13672 -7.16797 -8.38379 -16.0479 -9.72852 -26.624z" />
+    <glyph glyph-name="uniF12B" unicode="&#xf12b;" 
+d="M66.8799 42.4961c0 7.53613 2.04785 18.4316 6.14453 32.7842c7.83984 29.6797 22.6074 56.6553 44.2871 80.9121c21.6807 24.2236 46.8486 41.792 75.5205 52.7197c-26.9756 21.5039 -40.4482 48.9922 -40.4482 82.4316c0 29.3604 10.6719 54.2725 32 74.752
+c21.3281 20.4805 46.6719 30.7207 76.0322 30.7207c29.3438 0 54.6875 -10.2402 76.0322 -30.7207c21.3281 -20.4795 32 -45.3916 32 -74.752c0 -33.1035 -13.1367 -60.416 -39.4238 -81.9199c36.1758 -12.9756 66.3838 -34.6396 90.6074 -65.0078
+c24.2559 -30.3682 36.3525 -64.1924 36.3525 -101.376c0 -31.4082 -12.4482 -49.5039 -37.376 -54.2881c-1.00879 -3.4082 -3.23242 -7.83984 -6.65625 -13.3115c-2.04785 -5.47266 -6.04785 -10.3203 -12.0322 -14.5928
+c-5.96777 -4.25586 -14.2559 -7.74414 -24.832 -10.4961c-10.5918 -2.71973 -19.0234 -4.7832 -25.3438 -6.12793c-6.32031 -1.37598 -15.9678 -2.91211 -28.9443 -4.62402c-12.9756 -1.67969 -19.6318 -2.55957 -19.9678 -2.55957
+c-0.671875 0 -1.87207 -0.160156 -3.58398 -0.496094s-2.86426 -0.543945 -3.55176 -0.543945h-61.4561c-17.4082 0 -39.4082 2.84766 -66.0322 8.46387s-41.8076 13.2158 -45.5684 22.7842c-5.79199 5.80762 -10.0635 12.9756 -12.7998 21.5039
+c-8.52832 1.71191 -15.6963 5.28027 -21.5039 10.752c-12.9756 5.12012 -19.4561 19.4717 -19.4561 42.9922z" />
+    <glyph glyph-name="uniF135" unicode="&#xf135;" 
+d="M-63.6797 76.7998h12.2881c-2.38477 4.78418 -3.58398 10.5762 -3.58398 17.4238c0 22.1768 7.75977 53.8408 23.2959 94.9766s30.4639 72.4482 44.7998 93.9521c10.9277 16.7197 25.2637 25.0879 43.0078 25.0879c15.3604 0 23.04 -5.80859 23.04 -17.4082
+c0 -17.7441 -12.2881 -51.7119 -36.8643 -101.888h41.9844c6.83203 21.168 15.8721 42.6719 27.1357 64.5117c11.6162 23.2158 24.0645 38.7363 37.376 46.5918c13.3125 7.85645 33.1045 11.7764 59.3926 11.7764c9.90332 0 19.5352 -2.38379 28.9277 -7.16797
+c9.3916 -4.78418 14.0801 -11.6162 14.0801 -20.4805s-2.22461 -16.0322 -6.65625 -21.5039s-10.8477 -9.31152 -19.2002 -11.5195c-8.35156 -2.20801 -15.792 -3.66406 -22.2715 -4.35254c-6.48047 -0.671875 -14.3359 -1.02344 -23.5527 -1.02344h-4.60742
+c-5.12012 -7.50391 -9.9043 -17.4082 -14.3359 -29.6963c6.14355 1.02344 12.4482 1.53613 18.9434 1.53613c21.8408 0 32.7686 -6.48047 32.7686 -19.4561c0 -3.07227 -0.511719 -6.14453 -1.53613 -9.21582v0c-5.45605 -20.1445 -20.4795 -30.208 -45.0557 -30.208
+c-7.85645 0 -16.3848 0.847656 -25.6006 2.55957c-5.45605 -16.3682 -9.04004 -28.8477 -10.752 -37.376c17.7441 3.4082 30.8965 5.12012 39.4238 5.12012c8.54395 0 15.8721 -1.96777 22.0166 -5.9043c6.14355 -3.90332 9.21582 -9.96777 9.21582 -18.1602
+c0 -11.6318 -4 -21.3438 -12.0322 -29.1836c-8.01562 -7.85645 -17.1514 -13.1523 -27.3916 -15.8721c-10.2402 -2.73633 -21.168 -4.0957 -32.7686 -4.0957c-22.1758 0 -38.5752 7.00781 -49.1514 20.9922v0c-6.83203 8.20801 -10.2402 18.7676 -10.2402 31.7432
+c0 7.84082 0.511719 15.5361 1.53613 23.04c2.71973 17.0566 7.50391 36.1768 14.3359 57.3281h-41.9844c-3.07129 -6.49609 -7.50391 -15.9678 -13.3115 -28.416c-5.80859 -12.4473 -10.0645 -21.7598 -12.7998 -27.9033h-0.52832l-3.58398 -7.16797
+c7.51953 0.6875 13.3115 1.02344 17.4082 1.02344c20.1279 0 30.208 -6.83203 30.208 -20.4795c0 -17.4082 -6.65625 -29.9521 -19.9688 -37.6484c-13.3115 -7.66406 -29.1836 -11.5195 -47.6152 -11.5195c-22.1768 0 -36.6885 6.65527 -43.5205 19.9678h-12.2715v0.015625z
+M211.76 116.736c0 12.9756 2.65625 29.1836 7.93652 48.6396c5.2793 19.4561 11.0078 36.3516 17.1514 50.6885c6.48047 15.3594 12.624 28 18.4326 37.8877c5.80762 9.8877 13.1357 19.5361 22.0156 28.9277c8.87988 9.37598 19.1846 16.3838 30.9766 20.9922
+s25.5195 6.91211 41.2158 6.91211c17.0557 0 31.9033 -3.32812 44.5273 -9.98438c12.6406 -6.65625 18.96 -17.6641 18.96 -33.0234c0 -12.9766 -3.58398 -24.6562 -10.752 -35.0723c-7.16797 -10.4004 -16.8955 -15.6162 -29.1836 -15.6162
+c-17.7441 0 -26.624 5.63184 -26.624 16.8965c0 2.04785 0.608398 5.02344 1.79199 8.95996c1.18359 3.91992 1.77637 7.07129 1.77637 9.47168c0 4.43164 -3.74414 6.65625 -11.248 6.65625c-5.80859 0 -11.3447 -2.38379 -16.6562 -7.16797
+c-5.28027 -4.78418 -10.2236 -12.208 -14.8477 -22.2725c-4.59277 -10.0635 -7.66406 -16.9922 -9.2168 -20.7354c-1.53516 -3.76074 -4 -10.416 -7.40723 -19.9688v0c-10.9287 -28.6719 -16.3682 -48.9922 -16.3682 -60.9277c0 -9.9043 4.76758 -14.8477 14.3359 -14.8477
+c8.52734 0 16.0479 4.19141 22.5273 12.5273c6.48047 8.36816 10.9287 17.3281 13.3125 26.8965c-14.3359 0.671875 -21.5039 6.65625 -21.5039 17.9199c0 12.624 4.78418 21.8398 14.3359 27.6475c9.55176 5.80859 20.8164 8.7041 33.7764 8.7041
+c17.7432 0 28.8477 -5.96777 33.2793 -17.9199v0c1.37598 -3.75977 2.04785 -8.19141 2.04785 -13.3115c0 -17.0723 -4.86328 -35.1523 -14.5918 -54.2881c-9.72754 -19.1357 -21.4238 -33.9678 -35.0713 -44.5439v0c-18.0801 -13.9844 -38.5605 -20.9922 -61.4404 -20.9922
+c-23.2002 0 -40.2725 7.00781 -51.2002 20.9922v0c-8.17578 9.9043 -12.2881 23.2158 -12.2881 39.9521zM380.224 76.7998h21.5039c-6.14355 8.87988 -9.21582 20.1445 -9.21582 33.792c0 26.9766 8.36816 61.7764 25.0879 104.448
+c6.48047 16.0479 12.0322 28.6719 16.6406 37.8877c4.60742 9.21582 10.9277 18.6885 18.96 28.416c8 9.72852 17.7441 16.8164 29.168 21.248c11.4395 4.43262 24.832 6.65625 40.208 6.65625c40.96 0 61.4395 -19.6318 61.4395 -58.8799
+c0 -17.0566 -3.75977 -37.5518 -11.2793 -61.4404v0c-5.10449 -17.4082 -12.1123 -36.1758 -20.9922 -56.3193v0c-12.624 -26.2881 -25.0723 -44.8965 -37.376 -55.8086v0c-15.6963 -13.9834 -36.0166 -20.9922 -60.9277 -20.9922
+c-24.5762 0 -41.8086 7.00879 -51.7129 20.9922h-21.5039zM453.936 132.608h1.55273c-2.04785 -11.9521 1.69531 -17.9199 11.2637 -17.9199c7.83984 0 15.1836 6.47949 22 19.4551h-1.00781c5.79199 12.3047 13.4883 32 23.04 59.1367
+c9.56738 27.1357 14.3359 44.624 14.3359 52.4795c0 8.19238 -3.58398 12.2881 -10.752 12.2881c-6.83203 0 -12.4482 -2.71973 -16.8965 -8.19141c-6.16016 -8.88086 -15.0234 -29.1846 -26.624 -60.9287v0c-8.52734 -22.8633 -14.1758 -41.6475 -16.9121 -56.3193z" />
+    <glyph glyph-name="uniF10E" unicode="&#xf10e;" 
+d="M0 180.224c0 25.6003 3.92546 52.139 11.7764 79.6162c7.85026 27.4772 18.4313 52.1387 31.7432 73.9844c21.1628 35.4987 52.3096 63.4027 93.4404 83.7119s83.5417 30.4639 127.232 30.4639c44.373 0 86.9541 -13.9092 127.743 -41.7275
+c40.7897 -27.819 71.9365 -62.2087 93.4404 -103.169c17.0664 -29.3542 25.5996 -65.8766 25.5996 -109.567c0 -51.1999 -12.1172 -96.5973 -36.3516 -136.192c-24.2344 -39.5944 -57.0023 -69.8024 -98.3037 -90.624c-41.3014 -20.821 -87.3815 -31.0609 -138.24 -30.7197
+c6.82682 12.2878 17.2373 30.9759 31.2314 56.0645c13.9948 25.0879 26.5391 47.3597 37.6328 66.8154c11.0931 19.4564 22.1009 37.8883 33.0234 55.2959l0.512695 1.02441c1.02344 1.70638 3.07129 4.86361 6.14355 9.47168
+c3.07227 4.60807 5.20573 7.9362 6.40039 9.98438c1.19466 2.04753 2.81576 4.94889 4.86328 8.7041c2.04818 3.75456 3.6696 7.33854 4.86426 10.752s2.13346 6.9974 2.81641 10.752c2.04753 8.19206 3.07129 16.3841 3.07129 24.5762
+c0 27.3066 -8.19173 51.541 -24.5752 72.7031l140.8 41.4727c-97.2799 0 -170.326 -0.170898 -219.137 -0.512695c-2.38932 0.341797 -6.14388 0.512695 -11.2637 0.512695c-33.7917 0 -62.0371 -12.6296 -84.7363 -37.8887
+c-22.6986 -25.2585 -32.1706 -54.7835 -28.416 -88.5752c-0.682292 3.07161 -1.02344 7.85026 -1.02344 14.3359c0 15.0182 2.5599 28.1595 7.67969 39.4238l-104.448 102.912l101.377 -174.592c6.48503 -24.5762 20.0527 -44.6296 40.7031 -60.1602
+c20.651 -15.5306 43.6058 -23.2959 68.8643 -23.2959c5.80273 0 11.4349 0.511719 16.8965 1.53516l-33.792 -141.312c-39.2533 0 -77.3122 12.1172 -114.177 36.3516c-36.8639 24.235 -66.7305 54.2725 -89.5996 90.1123c-22.528 34.8164 -33.792 74.0697 -33.792 117.76z
+M159.744 189.952c0 25.9414 9.21582 48.2132 27.6475 66.8154c18.4323 18.6029 40.7897 27.9043 67.0723 27.9043c26.2826 0 48.64 -9.30143 67.0723 -27.9043c18.4316 -18.6022 27.6475 -40.874 27.6475 -66.8154c0 -26.2826 -9.30111 -48.7253 -27.9033 -67.3281
+c-18.6029 -18.6029 -40.875 -27.9043 -66.8164 -27.9043s-48.2132 9.30143 -66.8154 27.9043c-18.6029 18.6029 -27.9043 41.0456 -27.9043 67.3281z" />
+    <glyph glyph-name="uniF13B" unicode="&#xf13b;" 
+d="M-20.0479 29.1836v179.2h71.6797v-105.983h412.16v105.983h72.208v-179.2h-556.048z" />
+    <glyph glyph-name="uniF108" unicode="&#xf108;" 
+d="M7.67969 252.416c11.2643 45.056 32.6829 83.8828 64.2559 116.48c31.5736 32.597 69.2057 55.2103 112.896 67.8398c43.6908 12.6289 88.0641 13.3115 133.12 2.04785c45.056 -11.2643 83.8825 -32.6829 116.479 -64.2559
+c32.5977 -31.5736 55.2113 -69.2057 67.8408 -112.896c12.6289 -43.6908 13.3115 -88.0641 2.04785 -133.12c-11.2643 -45.056 -32.6829 -83.8825 -64.2559 -116.479c-31.5736 -32.5977 -69.2057 -55.2109 -112.896 -67.8398
+c-43.6908 -12.6296 -88.0641 -13.3125 -133.12 -2.04883c-45.056 11.2643 -83.8825 32.6833 -116.479 64.2568c-32.5977 31.5729 -55.2113 69.2048 -67.8408 112.896c-12.6289 43.6908 -13.3115 88.0641 -2.04785 133.12zM124.416 113.664l36.8643 -9.21582
+c2.38932 -0.341797 5.80241 -1.19531 10.2393 -2.56055c4.4375 -1.36523 7.68034 -2.21842 9.72852 -2.55957l-11.7764 -46.5918l28.1602 -7.16797l11.2646 46.0801c2.04753 -0.682943 5.63151 -1.62174 10.752 -2.81641
+c5.11979 -1.19466 9.04492 -2.13346 11.7754 -2.81641l-11.2637 -46.0801l28.1602 -6.65527l11.2637 46.5918c16.3841 -2.73047 30.9762 -4.01042 43.7764 -3.83984c12.7995 0.170573 24.0635 3.66927 33.792 10.4961c9.72786 6.82617 16.9811 17.2367 21.7598 31.2314
+c10.9225 30.7201 2.21842 53.4189 -26.1123 68.0967c20.4798 4.43685 32.4264 18.0902 35.8398 40.96c4.4375 29.3542 -14.3356 50.8581 -56.3193 64.5117l11.7754 46.5918l-28.1602 6.65625l-11.2637 -45.0566c-2.73047 0.682943 -6.6556 1.62174 -11.7754 2.81641
+c-5.12044 1.19466 -8.70475 2.13346 -10.7529 2.81641l11.2646 45.0557l-28.1602 7.16797l-11.2637 -46.0801c-5.12044 0.682943 -11.0938 2.04818 -17.9199 4.0957l-38.9121 9.72852l-7.16797 -30.208l19.9678 -4.6084c9.55729 -2.38932 13.9945 -7.85059 13.3115 -16.3838
+l-13.3115 -52.7363c0.682292 0 1.70638 -0.341146 3.07227 -1.02344c-0.341797 0.341146 -0.853841 0.511719 -1.53613 0.511719c-0.682943 0 -1.19499 0.170573 -1.53613 0.511719l-18.4326 -73.7275c-1.70638 -6.14388 -5.97298 -8.36263 -12.7998 -6.65625
+l-20.4795 5.12012zM218.112 125.44l15.3594 61.9512c0.341797 0 3.66992 -0.682617 9.98438 -2.04785s11.0931 -2.5599 14.3359 -3.58398c3.24284 -1.02409 8.02148 -2.5599 14.3359 -4.60742c6.31445 -2.04818 11.1784 -4.26693 14.5918 -6.65625
+s6.9974 -5.2054 10.752 -8.44824s6.22949 -6.9974 7.4248 -11.2637c1.19466 -4.26693 1.10905 -8.96029 -0.256836 -14.0801c-1.02409 -3.75456 -2.5599 -6.9974 -4.60742 -9.72852c-2.04818 -2.73047 -4.6084 -4.77832 -7.68066 -6.14355
+c-3.07161 -1.36523 -6.22884 -2.5599 -9.47168 -3.58398s-7.16829 -1.45085 -11.7764 -1.28027c-4.60742 0.170573 -8.61784 0.426758 -12.0312 0.768555c-3.41341 0.341146 -7.50944 1.02376 -12.2881 2.04785s-8.44792 1.79199 -11.0078 2.30371
+c-2.56055 0.51237 -5.88867 1.28027 -9.98438 2.30371c-4.0957 1.02409 -6.6556 1.70703 -7.67969 2.04883zM240.64 215.552l13.8242 56.3203c1.02409 -0.341146 3.15755 -0.85319 6.40039 -1.53613c3.24219 -0.682943 6.05794 -1.28027 8.44727 -1.79199
+c2.38997 -0.511719 5.46224 -1.36491 9.2168 -2.55957s6.99707 -2.30404 9.72754 -3.32812s5.80241 -2.47493 9.21582 -4.35254c3.41341 -1.87695 5.97363 -3.75423 7.68066 -5.63184c1.70638 -1.87695 3.66895 -4.18099 5.8877 -6.91211
+c2.21875 -2.73047 3.24284 -5.54655 3.07227 -8.44824c-0.170573 -2.90104 -0.426758 -6.22884 -0.768555 -9.9834c-1.02409 -4.4375 -2.81608 -8.10677 -5.37598 -11.0078c-2.5599 -2.90169 -5.80241 -4.86458 -9.72754 -5.88867
+c-3.92578 -1.02344 -7.76595 -1.79134 -11.5205 -2.30371c-3.75456 -0.511719 -8.27702 -0.341146 -13.5674 0.511719c-5.29102 0.853516 -9.38704 1.53646 -12.2881 2.04883c-2.90169 0.511719 -6.82715 1.4502 -11.7764 2.81543s-7.7653 2.04785 -8.44824 2.04785z" />
+    <glyph glyph-name="uniF10C" unicode="&#xf10c;" 
+d="M47.3281 325.632c0.671875 5.80859 3.24805 11.2646 7.67969 16.3838l61.4404 61.4404c4.78418 4.0957 8.36816 3.4082 10.752 -2.04785l49.6641 -93.1846c2.73535 -5.45605 1.87207 -10.752 -2.56055 -15.8721l-22.5273 -22.5273
+c-4.09668 -4.09668 -6.48047 -9.39258 -7.16797 -15.8721c0 -10.2402 5.2959 -23.376 15.8721 -39.4238c10.5752 -16.0479 20.9912 -29.6963 31.2314 -40.9766l15.8721 -16.3682c4.78418 -4.7832 10.9121 -10.6719 18.4482 -17.6641
+c7.50391 -6.99121 19.8721 -16.208 37.1035 -27.6475c17.2324 -11.4404 30.8164 -17.1523 40.7041 -17.1523c6.48047 0 11.9521 2.22461 16.3838 6.65625l26.6406 26.624c4.78418 4.78418 9.8877 5.47168 15.3438 2.04785l89.6162 -52.7363
+c2.38379 -1.37598 3.75977 -3.15137 4.0957 -5.37598c0.335938 -2.22363 -0.335938 -4.19141 -2.04785 -5.8877l-61.4404 -61.4395c-5.12012 -4.43262 -10.5918 -7.00879 -16.3672 -7.66406c-16.7363 -2.40039 -35.6006 -0.0966797 -56.5928 6.91211
+c-20.9912 7.00781 -40.4316 16.3037 -58.3516 27.9033c-17.9199 11.6006 -34.5605 23.376 -49.9199 35.3125c-15.3604 11.9521 -27.6484 22.1914 -36.8643 30.7197l-13.3115 12.8164c-3.4082 3.40723 -7.93652 8.0957 -13.5684 14.0801
+c-5.63184 5.9834 -15.4717 17.7275 -29.4717 35.3115s-26.1123 34.7363 -36.3525 51.4561s-19.1035 35.7598 -26.624 57.0879c-7.50391 21.3281 -10.0635 40.3682 -7.67969 57.0879z" />
+    <glyph glyph-name="uniF133" unicode="&#xf133;" 
+d="M-0.255859 390.144c-0.170573 3.75521 0.853516 7.25391 3.07227 10.4961c2.2181 3.24284 4.52181 6.05892 6.91113 8.44824s6.40007 5.03483 12.0322 7.93652c5.63216 2.90104 10.2402 5.11947 13.8242 6.65527c3.58398 1.53646 9.21615 3.92578 16.8965 7.16797
+c7.67969 3.24284 13.5674 5.71777 17.6631 7.4248c18.4323 7.50911 34.987 10.2396 49.6641 8.19141c14.6777 -2.04818 23.8939 -8.02148 27.6484 -17.9199c8.5332 -22.8691 26.0264 -77.3971 52.4795 -163.584c26.4538 -86.1868 46.166 -147.883 59.1367 -185.088
+c91.4772 30.0371 147.115 47.957 166.912 53.7598c5.46094 2.04818 11.8607 2.73079 19.1992 2.04785c7.33919 -0.682292 12.8861 -4.60742 16.6406 -11.7754c7.85026 -16.043 13.3968 -32.8538 16.6396 -50.4326s3.32812 -30.2933 0.255859 -38.1436
+c-6.48503 -5.11979 -16.6396 -10.5811 -30.4639 -16.3838s-26.7096 -10.7523 -38.6562 -14.8486c-11.9466 -4.0957 -27.221 -9.04492 -45.8232 -14.8477c-18.6029 -5.80273 -31.1471 -9.72819 -37.6328 -11.7764c-3.41276 -1.02409 -9.89779 -3.24251 -19.4551 -6.65527
+c-9.55794 -3.41341 -18.6035 -6.57096 -27.1367 -9.47266c-8.5332 -2.90104 -18.4316 -6.14355 -29.6953 -9.72754c-11.2643 -3.58398 -21.6751 -6.57064 -31.2324 -8.95996s-18.7734 -4.35221 -27.6484 -5.88867c-8.87435 -1.53581 -16.4688 -2.13314 -22.7832 -1.79199
+c-6.3151 0.341797 -10.6673 1.87793 -13.0566 4.6084c-6.14388 6.14388 -11.6051 15.0186 -16.3838 26.624s-9.72786 26.4535 -14.8477 44.5439c-5.12044 18.0905 -8.36328 29.3545 -9.72852 33.792c-14.3359 42.6667 -33.6211 100.438 -57.8555 173.312
+c-24.235 72.8743 -41.9844 126.208 -53.248 160c-2.04818 4.43685 -3.15755 8.53255 -3.32812 12.2871z" />
+    <glyph glyph-name="uniF110" unicode="&#xf110;" 
+d="M0 192c0 33.4505 6.48535 66.0479 19.4561 97.792c12.6296 30.7201 31.403 58.5387 56.3203 83.4561c49.1517 49.8346 109.056 74.752 179.712 74.752c71.3385 0 132.267 -24.9173 182.784 -74.752c24.2344 -24.2344 42.4954 -51.8825 54.7832 -82.9443
+c12.6296 -30.3783 18.9443 -63.1462 18.9443 -98.3037c0 -35.4987 -6.14388 -68.2666 -18.4316 -98.3037c-12.2884 -30.3789 -30.5498 -57.515 -54.7842 -81.4082c-25.2585 -24.5762 -53.5892 -43.5202 -84.9922 -56.832
+c-32.0853 -12.9707 -64.8532 -19.4561 -98.3037 -19.4561c-33.1094 0 -65.5361 6.48535 -97.2803 19.4561c-30.3789 12.6296 -58.027 31.403 -82.9443 56.3203c-24.9173 24.9173 -43.6904 52.5651 -56.3193 82.9434c-12.6296 30.3789 -18.9443 62.8057 -18.9443 97.2803z
+M46.0801 192c0 -26.9655 5.46126 -53.4189 16.3838 -79.3604c10.5814 -25.5996 26.112 -48.2982 46.5918 -68.0957c20.4805 -20.4798 43.1794 -35.6693 68.0967 -45.5684c24.5755 -10.5814 51.0286 -15.8721 79.3594 -15.8721c27.6484 0 54.2725 5.29069 79.8721 15.8721
+c25.2591 10.5814 48.4697 25.9414 69.6318 46.0801c39.9362 38.9121 59.9043 87.8936 59.9043 146.944c0 29.013 -5.29069 55.8076 -15.8721 80.3838c-10.2396 25.9414 -25.2581 48.4694 -45.0557 67.584c-40.9603 41.3014 -90.4538 61.9521 -148.48 61.9521
+c-58.3678 0 -107.52 -20.4798 -147.456 -61.4395c-20.1387 -20.1387 -35.6693 -43.0081 -46.5918 -68.6084c-10.9225 -25.9414 -16.3838 -52.5654 -16.3838 -79.8721zM110.08 192c0 24.2344 7.16797 43.5199 21.5039 57.8564
+c13.9948 14.3359 31.9147 21.5039 53.7598 21.5039c31.403 0 54.1019 -12.2881 68.0967 -36.8643l-34.3047 -17.9199c-3.75456 8.19206 -8.36263 13.4827 -13.8242 15.8721c-5.11979 3.07161 -10.069 4.60742 -14.8477 4.60742
+c-22.8691 0 -34.3037 -15.0186 -34.3037 -45.0557c0 -13.3118 2.90137 -24.2344 8.7041 -32.7676c6.14388 -8.19206 14.6771 -12.2881 25.5996 -12.2881c15.0189 0 25.6003 7.16797 31.7441 21.5039l31.7441 -15.8721
+c-7.16797 -12.2884 -16.5547 -22.0166 -28.1602 -29.1846c-11.9466 -7.16797 -25.0879 -10.752 -39.4238 -10.752c-22.8691 0 -41.3011 6.9974 -55.2959 20.9922c-13.9948 13.9948 -20.9922 33.4508 -20.9922 58.3682zM258.048 192
+c0 24.2344 7.16797 43.5199 21.5039 57.8564c14.3359 14.3359 32.2559 21.5039 53.7598 21.5039c31.7441 0 54.2725 -12.2881 67.585 -36.8643l-33.793 -17.9199c-3.75456 7.85026 -8.19173 13.141 -13.3115 15.8721c-5.80273 3.07161 -10.9229 4.60742 -15.3604 4.60742
+c-22.8691 0 -34.3037 -15.0186 -34.3037 -45.0557c0 -13.9948 2.90137 -24.9173 8.7041 -32.7676c5.80273 -8.19206 14.3359 -12.2881 25.5996 -12.2881c14.6777 0 25.0885 7.16797 31.2324 21.5039l32.2559 -15.8721
+c-7.50911 -12.6296 -17.0664 -22.3577 -28.6719 -29.1846c-11.9466 -7.16797 -24.7467 -10.752 -38.4004 -10.752c-23.5521 0 -42.1546 6.9974 -55.8076 20.9922c-13.9948 13.9948 -20.9922 33.4508 -20.9922 58.3682z" />
+    <glyph glyph-name="uniF15E" unicode="&#xf15e;" 
+d="M0 191.488c0 46.4212 11.4346 89.2585 34.3037 128.512c22.8698 39.2533 53.9313 70.3145 93.1846 93.1836c39.2533 22.8698 82.0905 34.3047 128.512 34.3047c46.4212 0 89.2585 -11.4349 128.512 -34.3047c39.2533 -22.8691 70.3148 -53.9303 93.1846 -93.1836
+c22.8691 -39.2533 34.3037 -82.0905 34.3037 -128.512s-11.4346 -89.2588 -34.3037 -128.513c-22.8698 -39.2533 -53.9313 -70.3145 -93.1846 -93.1836s-82.0905 -34.3037 -128.512 -34.3037c-46.4212 0 -89.2585 11.4346 -128.512 34.3037
+s-70.3148 53.9303 -93.1846 93.1836c-22.8691 39.2539 -34.3037 82.0915 -34.3037 128.513zM19.9678 191.488c0 -46.0801 12.2028 -88.2347 36.6084 -126.464c24.4049 -38.2298 56.5755 -66.902 96.5117 -86.0166l-112.64 308.736
+c-13.6536 -30.3789 -20.4805 -62.4642 -20.4805 -96.2559zM58.3682 321.024h15.3594c16.3841 0 37.3763 1.02376 62.9766 3.07129c4.0957 0.341797 7.08236 -1.02344 8.95996 -4.0957s2.13346 -6.31478 0.767578 -9.72754
+c-1.36523 -3.41341 -4.0957 -5.29102 -8.19141 -5.63281l-27.1367 -2.55957l86.0166 -255.488l51.7119 154.624l-36.8643 100.864c-8.19206 1.02409 -16.3841 1.87728 -24.5762 2.55957c-4.0957 0.341797 -6.82617 2.2194 -8.19141 5.63281
+c-1.36523 3.41276 -1.10938 6.65527 0.767578 9.72754c1.8776 3.07227 4.86426 4.4375 8.95996 4.0957l61.9521 -3.07129c16.7253 0 37.7174 1.02376 62.9766 3.07129c4.0957 0.341797 7.08236 -1.02344 8.95996 -4.0957
+c1.87695 -3.07227 2.13281 -6.31478 0.767578 -9.72754c-1.36523 -3.41341 -4.09603 -5.29102 -8.19238 -5.63281l-26.624 -2.55957l84.9922 -253.952l23.5518 78.8477c12.2884 39.9362 18.4326 65.3656 18.4326 76.2881c0 21.8457 -6.65592 43.6911 -19.9678 65.5361
+c-0.682943 1.02409 -2.81641 4.60807 -6.40039 10.752s-5.88802 10.1546 -6.91211 12.0322s-2.5599 5.12012 -4.60742 9.72754c-2.04818 4.60807 -3.41374 8.61882 -4.09668 12.0322c-0.682292 3.41341 -1.02344 6.9974 -1.02344 10.752
+c0 11.2643 3.83984 21.0778 11.5195 29.4404c7.68034 8.36263 17.1523 12.5439 28.416 12.5439c0.341146 0 0.85319 -0.0852865 1.53613 -0.255859s1.19499 -0.255859 1.53613 -0.255859c-44.7148 41.3008 -97.9629 61.9512 -159.744 61.9512
+c-40.6185 0 -78.3359 -9.55729 -113.152 -28.6719c-34.8158 -19.1146 -62.9756 -45.0557 -84.4795 -77.8232zM189.44 -35.3281c21.1621 -6.14388 43.3486 -9.21582 66.5596 -9.21582c27.3066 0 53.4186 4.43717 78.3359 13.3115l-1.53613 3.07227l-72.7041 199.168z
+M374.784 -12.7998c35.8398 20.821 64.3411 49.4076 85.5039 85.7598c21.1628 36.3522 31.7441 75.8617 31.7441 118.528c0 40.9596 -9.55729 78.6768 -28.6719 113.151c1.02409 -7.16797 1.53613 -15.1891 1.53613 -24.0635c0 -21.5039 -5.97363 -49.6641 -17.9209 -84.4805
+z" />
+    <glyph glyph-name="uniF120" unicode="&#xf120;" 
+d="M0 -6.14355v263.168c0 61.0983 14.4212 108.544 43.2637 142.336c28.8431 33.7917 73.1312 50.6875 132.864 50.6875h280.576c-1.70703 -1.70638 -10.667 -10.7516 -26.8799 -27.1357c-16.2135 -16.3841 -33.2803 -33.6214 -51.2002 -51.7119
+s-36.5225 -36.7786 -55.8076 -56.0645c-19.2858 -19.2852 -35.4993 -35.1572 -48.6406 -47.6162c-13.1413 -12.4583 -20.224 -18.6875 -21.248 -18.6875c-5.11979 0 -7.67969 2.73079 -7.67969 8.19238v79.8721h-24.5762c-20.1387 0 -36.2666 -1.10938 -48.3838 -3.32812
+s-22.8691 -6.65625 -32.2559 -13.3125c-9.38672 -6.6556 -16.0426 -16.2982 -19.9678 -28.9277c-3.92578 -12.6296 -5.88867 -29.0137 -5.88867 -49.1523v-134.144zM34.3037 -66.0479c1.70703 1.70638 10.667 10.7516 26.8799 27.1357
+c16.2135 16.3841 33.2803 33.6214 51.2002 51.7119s36.5228 36.7786 55.8086 56.0645c19.2852 19.2852 35.4984 35.1572 48.6396 47.6162c13.1413 12.4583 20.224 18.6875 21.248 18.6875c5.11979 0 7.67969 -2.73079 7.67969 -8.19238v-79.8721h24.5762
+c39.5944 0 67.1572 6.05892 82.6885 18.1768c15.5306 12.1172 23.2959 37.6318 23.2959 76.5439v134.144l114.688 114.176v-263.168c0 -61.0983 -14.4212 -108.544 -43.2637 -142.336c-28.8424 -33.7917 -73.1305 -50.6875 -132.864 -50.6875h-280.576z" />
+    <glyph glyph-name="uniF140" unicode="&#xf140;" 
+d="M0 282.112l161.792 165.376v-62.9766l154.112 -141.823l95.7441 23.5518l-99.8408 -106.496l200.192 -224.256l-227.328 200.704l-96.2559 -98.3047l15.3604 86.5283l-130.561 161.792z" />
+    <glyph glyph-name="uniF13F" unicode="&#xf13f;" 
+d="M0 -8.7041l99.3281 456.192h224.256c17.0664 0 33.5358 -3.07194 49.4082 -9.21582c15.8717 -6.14453 30.293 -15.6165 43.2637 -28.416c12.9707 -12.8001 21.9307 -28.9284 26.8799 -48.3848c4.94922 -19.4557 4.86393 -42.4958 -0.255859 -69.1201
+c-9.89844 -46.4212 -31.8291 -82.9437 -65.792 -109.567c-33.9629 -26.6243 -73.8135 -39.9365 -119.552 -39.9365h-93.6963l-32.2559 -151.552h-131.584zM51.2002 -64.5117l5.63184 25.0879h110.592l32.2559 151.04h93.6963c45.7389 0 85.5895 13.3118 119.552 39.9355
+c33.9629 26.6243 55.8936 63.1471 65.792 109.568c7.16797 32.7682 5.12012 61.7816 -6.14355 87.04c24.2344 -28.6719 31.5729 -66.0479 22.0156 -112.128c-10.2396 -46.4212 -32.2555 -82.944 -66.0479 -109.568c-33.7917 -26.6237 -73.557 -39.9355 -119.296 -39.9355
+h-94.208l-32.2559 -151.04h-131.584zM182.784 229.888h42.4961l21.5039 93.6963h64c0.682292 0 3.58366 -0.512044 8.7041 -1.53613c-2.73112 9.89909 -8.1071 17.8353 -16.1279 23.8086c-8.02148 5.97331 -17.4935 8.95996 -28.416 8.95996h-64zM246.784 230.4
+c16.3841 0.682292 31.6589 6.99674 45.8242 18.9434c14.1654 11.9466 23.1253 26.2826 26.8799 43.0078c0 0.682943 0.170573 1.70703 0.511719 3.07227s0.511719 2.38932 0.511719 3.07227h-58.3682z" />
+    <glyph glyph-name="uniF160" unicode="&#xf160;" 
+d="M-96 392.192v4.0957c0.671875 2.04785 2.38379 3.24805 5.12012 3.58398h251.904c0.6875 0 1.37598 -0.335938 2.04785 -1.02441c0.6875 -0.6875 1.02344 -1.53613 1.02344 -2.55957v-7.16797c0 -1.69629 -0.416016 -3.24805 -1.2793 -4.6084
+c-0.864258 -1.35938 -1.63281 -2.22363 -2.30469 -2.55957c-0.6875 -0.335938 -1.2002 -0.511719 -1.53613 -0.511719l-34.8154 -10.752c-3.07227 -1.69629 -6.83203 -2.38477 -11.2637 -2.04883h-20.9922l116.735 -148.991l105.984 99.8398h-58.8799l-9.21582 3.58398
+l-11.7764 11.7754l-1.02441 2.04883c-1.02344 1.02344 -1.96777 2.63965 -2.81543 4.86328c-0.847656 2.22461 -1.10449 4.35254 -0.768555 6.40039l3.58398 3.07227h224.24c0.352539 0 0.864258 -0.256836 1.55176 -0.768555
+c0.672852 -0.511719 1.2002 -1.28027 1.53613 -2.30371v-7.2002c0 -3.75977 -1.02344 -6.83203 -3.07129 -9.21582l-8.7041 -9.72852c-3.05664 -2.38379 -6.16016 -3.58398 -9.21582 -3.58398h-68.0967c-86.3516 -81.2158 -131.408 -123.728 -135.168 -127.472
+l-1.53613 -1.55176c-1.02344 -1.02441 -1.95215 -2.22461 -2.81543 -3.58398c-0.848633 -1.37598 -1.10449 -2.57617 -0.768555 -3.60059v-103.424c0 -5.10352 1.53613 -7.66406 4.6084 -7.66406h74.7363c0.6875 0 1.47168 -0.335938 2.31934 -1.02344
+c0.848633 -0.688477 1.28027 -1.53613 1.28027 -2.56055v-29.1836h-264.192v28.1758c0 3.07227 1.71191 4.6084 5.12012 4.6084c10.2402 1.02344 34.4639 1.53613 72.7041 1.53613h1.53613c1.02441 0.335938 1.96777 1.18359 2.81641 2.55957
+c0.847656 1.36035 1.2793 3.4082 1.2793 6.14355v98.3047c0 4.44727 -1.8877 8.71973 -5.63184 12.8154l-146.944 176.128h-56.8311l-9.72852 5.12012l-1.02441 1.02441c-0.6875 0.335938 -1.63184 1.18359 -2.81543 2.55957
+c-1.18457 1.37598 -2.48047 3.07227 -3.83984 5.12012zM513.28 448l94.7197 -3.58398l-42.4961 -290.304l-31.2158 1.53613zM519.936 57.3438l2.04883 56.3359l56.3359 -2.06348l-2.06445 -56.3203z" />
+    <glyph glyph-name="uniF12F" unicode="&#xf12f;" 
+d="M133.632 -47.6318c34.7998 2.06348 56.9922 6.65625 66.5605 13.8398c10.2559 7.15234 15.376 25.4238 15.376 54.7842v340.992c0 28 -5.12012 46.0801 -15.376 54.2715c-9.56836 7.85645 -31.7441 12.624 -66.5605 14.3359v14.3359h250.368v-14.3359
+c-34.8164 -1.35938 -57.168 -6.14355 -67.0557 -14.3359c-10.2559 -8.19141 -15.376 -26.2881 -15.376 -54.2715v-340.992c0 -29.3604 5.12012 -47.6318 15.376 -54.7842c10.2393 -7.18359 32.5918 -11.7764 67.0557 -13.8398v-14.3359h-250.368v14.3359z" />
+    <glyph glyph-name="uniF161" unicode="&#xf161;" 
+d="M18.4961 439.808h82.4316l100.864 -154.111c16.7197 -25.6006 34.1279 -54.6084 52.2402 -87.04c16.3682 29.0078 34.9756 59.2158 55.792 90.624l99.3281 150.527h78.8477l-204.288 -294.896v-217.088h-68.0957v217.088z" />
+    <glyph glyph-name="uniF112" unicode="&#xf112;" 
+d="M-30.4639 54.7842v190.464c0 4.43164 2.22363 6.65625 6.65625 6.65625h90.1113v66.0479c0 4.78418 2.22461 7.16797 6.65625 7.16797h50.1758v-263.168c0 -4.78418 -2.04785 -7.16797 -6.14355 -7.16797h-147.456zM25.3438 97.2803h34.3047
+c4.43164 0 6.65527 2.38379 6.65527 7.15137v105.488h-34.3037c-4.43164 0 -6.65625 -2.38379 -6.65625 -7.16797v-105.472zM140.544 54.7842v190.464c0 4.43164 2.22363 6.65625 6.65625 6.65625h50.1758v-189.952c0 -4.78418 -2.04785 -7.16797 -6.14355 -7.16797
+h-50.6885zM140.544 282.624v35.3281c0 4.78418 2.04785 7.16797 6.14453 7.16797h50.6875v-35.3281c0 -4.76758 -2.04785 -7.16797 -6.14355 -7.16797h-50.6885zM216.832 54.7842v190.464c0 4.43164 2.22363 6.65625 6.65625 6.65625h147.472v-258.048
+c0 -4.43262 -2.22363 -6.65625 -6.65625 -6.65625h-147.472l0.511719 35.3281c0 4.7832 2.04785 7.15137 6.14453 7.15137h90.1279v25.0879h-96.7842v0.0166016zM273.136 97.2803h34.3203c4.0957 0 6.16016 2.38379 6.16016 7.15137v105.488h-34.3203
+c-4.0957 0 -6.16016 -2.38379 -6.16016 -7.16797v-105.472zM390.384 22.5283c0 4.7832 2.22461 7.15137 6.65625 7.15137h90.1279v25.0879h-96.7842v190.48c0 4.43164 2.22461 6.65625 6.65625 6.65625h146.96v-258.048c0 -4.43262 -2.04785 -6.65625 -6.14355 -6.65625
+h-147.473v35.3281zM446.208 97.2803h34.3203c4.43164 0 6.65527 2.38379 6.65527 7.15137v105.488h-34.3193c-4.43262 0 -6.65625 -2.38379 -6.65625 -7.16797v-105.472z" />
+    <glyph glyph-name="uniF103" unicode="&#xf103;" 
+d="M81.4082 72.1924c0 21.5039 4.76758 38.2393 14.3359 50.1914c7.85547 10.5762 20.4795 18.2559 37.8877 23.0244c-5.45605 13.6475 -8.19141 23.7119 -8.19141 30.2236c0 11.2646 5.96777 23.2002 17.9199 35.8242c12.6396 11.9521 24.3994 17.9199 35.3281 17.9199
+c5.80762 0 12.623 -1.53613 20.4795 -4.6084c-16.3838 46.7686 -28.1602 82.2725 -35.3281 106.496c-8.19141 27.6484 -12.2881 47.2803 -12.2881 58.8799c0 16.3848 4.09668 29.1846 12.2881 38.4004c8.52832 9.55176 19.9678 14.3359 34.3203 14.3359
+c24.5596 0 54.0957 -50.3516 88.5596 -151.04l8.7207 -25.0879c2.03125 5.12012 4.0957 10.752 6.12793 16.8965c34.1436 99.6631 64.8633 149.504 92.1758 149.504c13.6475 0 24.3838 -4.6084 32.2559 -13.8242c8.20801 -9.21582 12.3037 -21.168 12.3037 -35.8398
+c0 -9.55273 -4.0957 -28.832 -12.3037 -57.8564c-7.16797 -24.9121 -18.416 -59.0557 -33.792 -102.399c19.4717 -4.78418 33.4717 -14 42 -27.6484c9.2002 -14.6719 13.792 -37.3604 13.792 -68.0957c0 -60.752 -18.0957 -110.416 -54.2725 -148.992
+c-36.8633 -38.5762 -83.6475 -57.8564 -140.304 -57.8564c-22.5273 0 -44.1914 4.09668 -65.0078 12.3047c-20.1436 7.15137 -38.4004 18.416 -54.7842 33.7754c-17.4082 16.3682 -30.3682 33.2803 -38.9121 50.6885c-8.86328 18.4316 -13.3115 36.6875 -13.3115 54.7842z
+M114.688 74.752c0 -8.52832 2.38379 -18.5918 7.16797 -30.208c4.43164 -10.9277 11.0879 -22.3516 19.9678 -34.3037c14 -18.0967 30.5439 -31.9199 49.6641 -41.4883c19.4395 -9.55176 41.4717 -14.3359 66.0312 -14.3359c44.0322 0 81.0723 16.5439 111.104 49.6641
+c29.6963 32.7842 44.5439 74.2559 44.5439 124.416c0 15.6963 -1.02441 27.8076 -3.05566 36.3516c-1.71191 7.50391 -4.97656 13.2959 -9.72852 17.4082c-9.21582 7.83984 -27.3115 14.6719 -54.2715 20.4639c-26.9766 6.14453 -55.6641 9.21582 -86.0322 9.21582
+c-7.50391 0 -12.2881 -1.02344 -14.3359 -3.07129c-2.38379 -1.02441 -3.58398 -4.43262 -3.58398 -10.2402c0 -14 7.83984 -23.8877 23.5518 -29.6797c17.0557 -7.18457 45.2324 -10.752 84.4805 -10.752h14.3359c5.45605 0 9.3916 -1.88867 11.7598 -5.64844
+c2.75195 -2.73633 4.62402 -8.01562 5.64746 -15.8721c-5.79199 -5.79199 -15.1836 -11.0879 -28.1592 -15.8721c-12.3047 -4.43164 -21.3281 -8.87988 -27.1367 -13.3115c-13.6641 -9.88867 -24.5596 -21.6641 -32.7676 -35.3281
+c-7.85645 -13.3125 -11.7598 -25.9365 -11.7598 -37.8721c0 -7.18457 1.67969 -15.8721 5.10352 -26.1279c3.75977 -11.248 5.64844 -18.5918 5.64844 -22.0166v-3.07129l-2.06445 -7.66406c-15.0078 1.00781 -25.9355 8.01562 -32.752 20.9922
+c-5.80762 10.9434 -9.05566 24.9434 -9.74414 42c-1.00781 -0.335938 -3.05566 -0.512695 -6.12793 -0.512695h-5.64746c0.335938 -1.69531 0.511719 -3.75977 0.511719 -6.14355c0 -10.2559 -3.93652 -18.96 -11.7764 -26.1279
+c-7.83984 -7.15234 -17.0557 -10.752 -27.6641 -10.752c-16.0312 0 -32.2393 7.67969 -48.6396 23.04c-16.3516 15.7275 -24.5439 31.0879 -24.5439 46.0957c0 2.73633 0.511719 5.47168 1.53613 8.19238c0.335938 2.38379 3.07227 6.15918 8.19141 11.2637
+c8.52832 -10.5762 14.3369 -17.9199 17.4082 -22.0156c14.3359 -20.1289 27.3125 -30.208 38.9121 -30.208c3.05566 0 5.96777 1.00781 8.7041 3.07129c2.04785 2.03223 3.07227 3.74414 3.07227 5.10449c0 2.73535 -2.06445 7.66406 -6.16016 14.8643
+c-2.71973 5.10352 -9.02441 14.1592 -18.9443 27.1191c-9.55176 12.2881 -17.248 20.8164 -23.04 25.6006c-5.12012 4.78418 -8.87988 7.16797 -11.2637 7.16797c-6.48047 0 -12.7998 -3.74414 -18.9443 -11.2637c-6.12793 -7.48828 -9.19922 -16.8809 -9.19922 -28.1445z
+M160.768 172.544c0 -4.43164 2.7207 -12.1123 8.19238 -23.04c4.78418 -9.21582 12.4639 -20.8154 23.04 -34.8154c10.5918 -13.6641 20.1436 -24.2402 28.6719 -31.7441c8.20801 -6.81641 14.3359 -10.2402 18.4316 -10.2402c2.38477 0 4.76855 1.2002 7.16895 3.58398
+c2.36719 2.73633 3.58398 5.47168 3.58398 8.20801c0 4.0957 -3.07227 13.9844 -9.2168 29.6797c-7.16797 17.4238 -15.0078 33.1045 -23.5518 47.1045c-7.51953 11.9355 -14.1602 20.3193 -19.9678 25.0879c-5.47168 5.12012 -10.752 7.67969 -15.8721 7.67969
+c-3.74414 0 -8.01562 -2.55957 -12.7998 -7.67969c-5.12012 -5.12012 -7.68066 -9.72852 -7.68066 -13.8242zM183.808 393.728c0 -11.5996 4.09668 -29.8711 12.2881 -54.7832c7.52051 -24.2402 18.7842 -56.6719 33.792 -97.2803
+c3.42383 2.04785 8.20801 3.07227 14.3359 3.07227c0.335938 0 1.47266 -0.0800781 3.34473 -0.255859c1.87207 -0.176758 3.66406 -0.256836 5.37598 -0.256836c1.35938 0 5.79199 -0.335938 13.3115 -1.02344l-35.3438 102.399
+c-9.55176 27.3125 -17.0557 45.0566 -22.5117 53.248c-4.44824 7.16797 -8.88086 10.752 -13.3281 10.752c-3.07227 0 -5.63184 -1.35938 -7.66406 -4.0957c-2.41602 -3.07227 -3.60059 -6.99219 -3.60059 -11.7764zM268.816 132.608
+c3.05566 -7.85645 6.31934 -16.3848 9.71191 -25.6162c6.83203 7.85547 13.6641 14.3359 20.4639 19.4717c-1.68066 0.335938 -4.25586 0.768555 -7.66406 1.28027c-3.42383 0.496094 -5.96777 0.944336 -7.66406 1.28027c-6.83203 1.35938 -11.792 2.5752 -14.8477 3.58398
+zM322.56 237.056l34.3203 -6.14355c15.3438 42.3203 27.1201 76.2881 35.3125 101.888c8.52734 27.6484 12.8154 44.0322 12.8154 49.1523c0 5.45605 -1.2002 9.72754 -3.59961 12.7998c-1.36035 2.38379 -3.91992 3.58398 -7.66406 3.58398
+c-4.78418 0 -10.0801 -4.6084 -15.8721 -13.8242c-6.49609 -9.90332 -13.8398 -27.1357 -22.0322 -51.7119z" />
+    <glyph glyph-name="uniF14A" unicode="&#xf14a;" 
+d="M0 4.6084c0 18.7728 6.65592 34.8154 19.9678 48.1279c13.3118 13.3118 29.3545 19.9678 48.1279 19.9678s34.8161 -6.65592 48.1279 -19.9678c13.3125 -13.3125 19.9688 -29.3551 19.9688 -48.1279c0 -19.1152 -6.65625 -35.2435 -19.9688 -48.3848
+c-13.3118 -13.1413 -29.3545 -19.7119 -48.1279 -19.7119s-34.8161 6.65625 -48.1279 19.9688c-13.3118 13.3118 -19.9678 29.3545 -19.9678 48.1279zM0 176.128v97.792c61.099 0 117.59 -15.1038 169.472 -45.3115c51.8828 -30.2083 92.9284 -71.2539 123.137 -123.137
+c30.2077 -51.8822 45.3115 -108.373 45.3115 -169.472h-98.3037c0 66.2188 -23.3815 122.709 -70.1445 169.472c-47.1035 47.1042 -103.594 70.6562 -169.472 70.6562zM0 349.696v98.3037c69.2904 0 135.509 -13.568 198.656 -40.7041
+c63.1465 -27.1361 117.589 -63.5732 163.328 -109.312c45.7383 -45.7389 82.1755 -100.182 109.312 -163.328c27.1361 -63.1471 40.7041 -129.366 40.7041 -198.656h-98.3037c0 55.9785 -10.9229 109.568 -32.7686 160.768
+c-21.8451 51.2005 -51.2848 95.2327 -88.3193 132.097c-37.0352 36.8639 -81.0674 66.2184 -132.097 88.0635c-51.0293 21.8457 -104.533 32.7686 -160.512 32.7686z" />
+    <glyph glyph-name="uniF155" unicode="&#xf155;" 
+d="M-78.2236 84.4805v92.6719h114.688v-91.6641c0 -9.56836 3.4082 -17.8242 10.2402 -24.832s15.1836 -10.4961 25.0879 -10.4961s18.3359 3.42383 25.3438 10.2402c7.00781 6.84766 10.4961 15.1992 10.4961 25.0879v216.592c0 39.9355 14.752 73.9844 44.2881 102.144
+c29.5361 28.1602 64.6084 42.2402 105.216 42.2402c40.6084 0 75.6807 -14.1602 105.216 -42.4961c29.5205 -28.3359 44.3047 -62.6396 44.3047 -102.912v-47.1035l-68.624 -20.4805l-45.5684 21.5039v40.96c0 9.9043 -3.4082 18.2568 -10.2559 25.0889
+c-6.81641 6.83203 -15.1836 10.2393 -25.0723 10.2393c-9.90332 0 -18.3359 -3.40723 -25.3438 -10.2393s-10.4961 -15.1846 -10.4961 -25.0889v-213.504c0 -40.9756 -14.6719 -75.8721 -44.0322 -104.72c-29.3438 -28.8477 -64.5117 -43.248 -105.472 -43.248
+c-41.3115 0 -76.6396 14.5918 -105.984 43.7764c-29.3438 29.1836 -44.0312 64.6074 -44.0312 106.24zM292.464 82.9443v93.6953l45.5684 -21.5195l68.624 20.4961v-94.2246c0 -9.90332 3.4082 -18.3359 10.2236 -25.3438
+c6.84766 -7.00781 15.2002 -10.4961 25.0879 -10.4961c9.9043 0 18.2725 3.50391 25.0879 10.4961c6.81641 6.99219 10.2559 15.4404 10.2559 25.3438v95.7441h114.688v-92.6719c0 -41.2959 -14.5918 -76.6396 -43.7764 -105.983
+c-29.1836 -29.3604 -64.4316 -44.0322 -105.728 -44.0322s-76.624 14.4961 -105.984 43.5195c-29.3594 29.04 -44.0479 64.0166 -44.0479 104.977z" />
+    <glyph glyph-name="uniF159" unicode="&#xf159;" 
+d="M-42.752 308.736c18.7676 22.1914 37.5518 41.9834 56.3203 59.3916c18.7676 17.4082 35.0713 30.6396 48.8955 39.6797s26.1924 16.3848 37.1201 22.0166s19.1201 9.2959 24.5762 11.0078l8.7041 2.04785c4.0957 0.688477 8.19141 1.02441 12.2881 1.02441
+c6.47949 0 12.4473 -1.02441 17.9199 -3.07227c8.87988 -3.4082 16.1279 -9.2959 21.7598 -17.6641s10.5762 -17.7441 14.8477 -28.1602c4.27246 -10.416 7.93652 -22.6875 11.0088 -36.8643c3.07129 -14.1592 5.63184 -27.3916 7.67969 -39.6797
+s4.35156 -25.8555 6.91211 -40.7041c2.55957 -14.8477 5.04004 -26.8799 7.42383 -36.0957c10.9277 -42.6719 19.7119 -72.96 26.3516 -90.8799c6.65625 -17.9043 13.7441 -26.8799 21.248 -26.8799c8.22461 0 19.5684 9.47168 34.0645 28.3994
+c14.4961 18.96 30.4639 44.7842 47.8721 77.584c8.87988 16.3848 13.3115 31.9199 13.3115 46.5928c0 4.43164 -0.335938 8.33594 -1.00781 11.7754c-3.05566 17.7441 -11.7764 28.8477 -26.1123 33.2803c-3.75977 1.36035 -7.85547 2.04785 -12.3193 2.04785
+c-11.9365 0 -26.1123 -4.43164 -42.4961 -13.3115c7.53613 44.3672 30.3838 80.0312 68.624 107.008c29.0078 20.4795 58.7354 30.7197 89.0879 30.7197c4.1123 0 8.20801 -0.175781 12.3037 -0.511719c34.8164 -2.7207 58.5283 -18.0801 71.1523 -46.0801
+c6.16016 -12.9766 9.21582 -27.9844 9.21582 -45.0566c0 -9.90332 -1.02441 -20.3037 -3.05566 -31.2314c-6.16016 -34.8164 -18 -70.3203 -35.6006 -106.496c-17.5996 -36.1924 -36.8799 -68.1924 -57.8398 -96c-20.9922 -27.8076 -43.6318 -54.2881 -67.8398 -79.3604
+c-24.2559 -25.0879 -45.3125 -45.04 -63.2158 -59.9033c-17.9199 -14.8486 -33.376 -26.5439 -46.3359 -35.0723c-14.3682 -8.19238 -27.7607 -12.2881 -40.2246 -12.2881s-24.3193 3.59961 -35.584 10.752c-11.2637 7.16797 -20.8154 15.3604 -28.6719 24.5762
+c-7.85547 9.21582 -14.3359 18.96 -19.4561 29.1836c-6.14355 12.9766 -22.7842 63.9199 -49.9199 152.832c-27.1357 88.9287 -43.5996 136.784 -49.4082 143.616c-0.335938 0.688477 -1.02344 1.37598 -2.04785 2.04785
+c-1.02344 0.671875 -3.32812 1.45605 -6.91211 2.30371c-3.58398 0.848633 -7.67969 0.848633 -12.2881 0c-4.60742 -0.847656 -10.832 -3.24707 -18.6875 -7.16797c-7.85645 -3.91992 -16.3838 -9.47168 -25.6006 -16.6396z" />
+    <glyph glyph-name="uniF128" unicode="&#xf128;" 
+d="M-32 27.7441c0 29.6797 15.2002 56.1602 45.6162 79.4082c30.3838 23.2158 67.1201 34.8477 110.16 34.8477h27.6797c-14.3682 13.6641 -21.5518 28.3359 -21.5518 44.0645c0 9.8877 2.73535 19.8076 8.19141 29.6953
+c-3.40723 -0.335938 -8.35156 -0.527344 -14.8633 -0.527344c-35.5049 0 -64.5439 11.1191 -87.0889 33.3271c-22.5439 22.1924 -33.8232 49.5205 -33.8232 82c0 31.0889 14 58.2246 42 81.4561c28.0479 23.248 60 34.8486 95.8555 34.8486h158.832l-35.3438 -25.6162
+h-50.1924c16.0479 -6.14453 28.624 -17.7764 37.6484 -34.8643c9.05566 -17.0557 13.5996 -36.0322 13.5996 -56.8799c0 -31.7598 -15.0234 -59.4238 -45.1035 -83.0078c-12.6406 -9.8877 -20.832 -17.7285 -24.5918 -23.5518
+c-3.76074 -5.82422 -5.64844 -12.9922 -5.64844 -21.5205c0 -6.47949 4.63965 -14.7041 13.8398 -24.6074c9.23242 -9.88867 18.4482 -18.2725 27.6641 -25.0723c20.8164 -14.6885 35.2803 -29.7441 43.3125 -45.0879c8.03125 -15.4082 12.0156 -34.6885 12.0156 -57.9043
+c0 -30.752 -14 -57.4717 -42 -80.1924c-28 -22.752 -65.9199 -34.0635 -113.76 -34.0635c-45.4238 0 -83.8721 8.49609 -115.28 25.5996c-31.4404 17.0879 -47.168 39.6162 -47.168 67.6484zM25.376 44.6562c0 -23.6006 10 -43.6641 29.9844 -60.2246
+c19.9834 -16.5918 44.832 -24.8477 74.5439 -24.8477c40.6719 0 70.1113 7.53613 88.3838 22.5283c18.3037 15.0234 27.4238 35.0078 27.4238 59.9355c0 6.49609 -0.671875 11.9678 -2.04785 16.4004c-1.00781 3.74414 -2.22363 7.24805 -3.56836 10.5273
+c-1.3916 3.2168 -3.43945 6.46484 -6.17578 9.71289c-2.7041 3.24707 -5.10352 5.96777 -7.13574 8.19141c-2.06445 2.22363 -5.39258 5.02441 -10.0166 8.46387c-4.60742 3.4082 -8.12793 5.96777 -10.5117 7.68066c-2.38379 1.67969 -6.63965 4.6875 -12.8154 8.97559
+c-6.12891 4.25586 -10.5928 7.24805 -13.3281 8.97559c-13.3281 4.09668 -26.4639 6.12793 -39.4404 6.12793c-30.752 0.336914 -57.6475 -7.66309 -80.6875 -24.0635c-23.04 -16.3838 -34.6084 -35.8564 -34.6084 -58.3838zM59.2158 331.056
+c3.75977 -26.9756 14.0957 -50.1914 31.0078 -69.6797c16.9287 -19.4561 35.6328 -29.3604 56.1123 -29.7119c20.1602 -0.671875 36.2236 8.19238 48.1758 26.6562c11.9521 18.4473 16.2246 41.1514 12.7842 68.1436c-3.4082 26.9766 -13.5684 49.8721 -30.4639 68.6719
+c-16.9277 18.7686 -35.6318 28.4961 -56.1436 29.2002c-20.4805 0.65625 -36.7041 -8.03223 -48.6729 -26.1602c-11.9512 -18.0957 -16.2236 -40.4639 -12.7998 -67.1201zM343.6 318.752v25.6318h102.465v102.48h25.6318v-102.48h103.008v-25.6318h-103.024v-102.992
+h-25.6318v102.992h-102.448z" />
+    <glyph glyph-name="uniF10B" unicode="&#xf10b;" 
+d="M58.6885 -37.8877v396.8h47.1035c0 9.9043 0.0800781 16.5596 0.255859 19.9678s0.848633 8.78418 2.04785 16.1279c1.2002 7.34375 3.15234 12.4639 5.88867 15.3604c2.73535 2.89551 6.91211 5.71191 12.5439 8.44824c5.63184 2.73535 12.5439 4.0957 20.7354 4.0957
+c8.19238 0 15.1045 -1.36035 20.7363 -4.0957c5.63184 -2.7207 9.72754 -5.45605 12.2881 -8.19238c2.55957 -2.73633 4.52832 -7.93555 5.8877 -15.6162c1.36035 -7.67969 2.04785 -13.0557 2.04785 -16.1279v-19.9678h28.1602v19.9678s0.671875 5.37598 2.04785 16.1279
+s3.32812 15.9678 5.88867 15.6162c2.54395 -0.335938 6.63965 2.38379 12.2881 8.19238c5.64746 5.80762 12.5439 7.16797 20.7354 4.0957c6.16016 0 11.4404 -0.688477 15.8721 -2.04785c4.43262 -1.36035 8.1123 -2.81641 11.0078 -4.35254
+c2.91211 -1.53613 5.37598 -4.43164 7.44043 -8.7041c2.04785 -4.27148 3.50391 -7.42383 4.33594 -9.47168c0.864258 -2.04785 1.53613 -6.22363 2.06445 -12.5439c0.495117 -6.32031 0.751953 -10.4961 0.751953 -12.5439v-14.3359h27.6641v14.3359
+s0.255859 4.17578 0.767578 12.5439s1.2002 12.5439 2.04785 12.5439c0.864258 0 2.32031 3.15234 4.33594 9.47168c2.06445 6.32031 4.52832 9.2168 7.44043 8.7041c2.91211 -0.511719 6.55957 0.944336 11.0078 4.35254s9.72754 4.0957 15.8721 2.04785
+c8.19141 0 15.1035 -1.36035 20.752 -4.0957c5.63184 -2.7207 9.71191 -5.45605 12.2881 -8.19238c2.55957 -2.73633 4.51172 -7.93555 5.87207 -15.6162c1.37598 -7.67969 2.06348 -13.0557 2.06348 -16.1279v-19.9678h47.0723v-396.8h-397.312zM91.9678 52.7363v-57.3447
+h71.168v57.3447h-71.168zM91.9678 64h71.168v60.9443h-71.168v-60.9443zM91.9678 136.192h71.168v66.5596h-71.168v-66.5596zM91.9678 213.504h71.168v57.3438h-71.168v-57.3438zM128.336 317.44c0 -11.2646 6.32031 -16.8965 18.9443 -16.8965
+c12.6396 0 18.9434 5.63184 18.9434 16.8965v66.5596c0 11.2637 -6.31934 16.8965 -18.9434 16.8965c-12.6406 0 -18.9443 -5.63281 -18.9443 -16.8965v-66.5596zM173.888 52.7363v-57.3447h77.8242v57.3447h-77.8242zM173.888 64h77.8242v60.9443h-77.8242v-60.9443z
+M173.888 136.192h77.8242v66.5596h-77.8242v-66.5596zM173.888 213.504h77.8242v57.3438h-77.8242v-57.3438zM238.4 317.44c0 -11.2646 6.31934 -16.8965 18.9434 -16.8965c12.9766 0 19.4727 5.63184 19.4727 16.8965v66.5596c0 11.2637 -6.49609 16.8965 -19.4727 16.8965
+c-12.624 0 -18.9434 -5.63281 -18.9434 -16.8965v-66.5596zM262.464 52.7363v-57.3447h77.8086v57.3447h-77.8086zM262.464 64h77.8086v60.9443h-77.8086v-60.9443zM262.464 136.192h77.8086v66.5596h-77.8086v-66.5596zM262.464 213.504h77.8086v57.3438h-77.8086v-57.3438
+zM348.48 317.44c0 -11.2646 6.47949 -16.8965 19.4551 -16.8965c12.624 0 18.9443 5.63184 18.9443 16.8965v66.5596c0 11.2637 -6.32031 16.8965 -18.9443 16.8965c-12.9756 0 -19.4551 -5.63281 -19.4551 -16.8965v-66.5596zM351.04 52.7363v-57.3447h71.6641v57.3447
+h-71.6641zM351.04 64h71.6641v60.9443h-71.6641v-60.9443zM351.04 136.192h71.6641v66.5596h-71.6641v-66.5596zM351.04 213.504h71.6641v57.3438h-71.6641v-57.3438z" />
+    <glyph glyph-name="uniF142" unicode="&#xf142;" 
+d="M-9.59961 134.144c3.40723 47.4561 32.0801 76.9766 86.0156 88.5762c4.0957 30.3838 11.3438 63.1523 21.7598 98.3047c10.416 35.1514 22.624 60.0791 36.6084 74.752c16.3838 16.7197 36.8643 29.6152 61.4395 38.6553
+c24.5762 9.04004 49.5039 13.5684 74.7686 13.5684c29.3594 0 57.3438 -6.65625 83.9678 -19.9678c26.624 -13.3125 46.5762 -32.0801 59.8877 -56.3203c6.49609 -12.2881 13.584 -34.5596 21.248 -66.8154c7.68066 -32.2568 12.8965 -58.624 15.6318 -79.1045
+c5.12012 -2.04785 10.9287 -3.07227 17.4082 -3.07227c10.2559 0 15.3604 4.95996 15.3604 14.8486c0 3.74316 -1.00781 9.47168 -3.07227 17.1514c-2.03223 7.68066 -2.89551 13.7441 -2.55957 18.1768v2.04785h0.527344c9.2168 0 19.6328 -8.7041 31.2168 -26.1123
+c11.5996 -17.7441 17.3916 -31.5684 17.3916 -41.4717c0 -6.83203 -1.63184 -12.8799 -4.86426 -18.1768c-3.23145 -5.2959 -6.47949 -9.47168 -9.72754 -12.5439c-3.23242 -3.07129 -8.87988 -6.06348 -16.8965 -8.95996
+c-8.01562 -2.91211 -13.5674 -4.7041 -16.6396 -5.37598l-18.4316 -4.0957c-1.68066 -0.335938 -3.05664 -0.688477 -4.09668 -1.02441v-13.3115c0 -59.0557 -13.1201 -102.24 -39.4082 -129.536l12.7842 -12.8164c1.37598 -0.6875 5.64844 -2.63965 12.8164 -5.87109
+c7.15234 -3.24805 13.2158 -6.40039 18.1758 -9.48828s8.1123 -6.14453 9.47168 -9.2002c-22.1914 -17.4082 -44.7031 -26.1279 -67.584 -26.1279c-11.6152 0 -24.3994 2.91211 -38.3994 8.71973c-30.0322 -12.6396 -60.752 -18.96 -92.1602 -18.96
+c-40.2881 0 -80.208 10.4004 -119.808 31.2324c-12.2881 -2.73633 -21.6641 -5.96777 -28.1602 -9.72852c-2.38379 -1.35938 -6.91211 -4.43164 -13.5684 -9.19922c-6.65625 -4.78418 -12.8799 -8.80078 -18.6875 -12.0322
+c-5.80859 -3.23242 -10.5928 -4.86426 -14.3525 -4.86426c-1.02344 6.14355 -1.53613 12.4639 -1.53613 18.9443c0 26.9756 9.04004 48.4639 27.1367 64.5117c-20.4805 33.792 -31.0566 77.6641 -31.7441 131.584l-3.58398 0.52832h-1.53613
+c-10.2402 0.335938 -23.2158 -2.56055 -38.9121 -8.7207c-16.3838 -6.14355 -27.3125 -9.37598 -32.7686 -9.71191c-1.35938 -0.015625 -3.07129 0.335938 -5.11914 1.00781zM109.184 86.5283c0 -4.43262 1.2002 -9.04004 3.58398 -13.8242
+c9.2168 -32.7686 24.4004 -56.3359 45.5684 -70.6562c14.6719 -9.8877 32.7676 -17.8242 54.2725 -23.792c21.5039 -5.9834 41.4717 -8.97559 59.9033 -8.97559c22.5283 0 47.3604 4.78418 74.4961 14.3359s47.5361 21.8398 61.168 36.8643
+c23.2158 24.9277 34.832 68.7676 34.832 131.584c0 77.1357 -15.6963 141.823 -47.1035 194.048c-4.09668 6.83203 -7.07227 11.5195 -8.95996 14.0801c-1.88867 2.55957 -5.12012 5.19922 -9.72852 7.93555c-4.5918 2.73633 -10.1602 4.0957 -16.624 4.0957
+c-17.0723 0 -35.3438 -10.416 -54.7998 -31.2314c-25.9355 16.0322 -49.8242 24.0635 -71.6797 24.0635c-20.1445 0 -37.9688 -7.32812 -53.5039 -22.0156c-15.5361 -14.6885 -27.6328 -32.5117 -36.3359 -53.5039c-8.7041 -20.9922 -15.8721 -45.0557 -21.5049 -72.1924
+c-5.63184 -27.1357 -9.31152 -51.2002 -11.0078 -72.1914c-1.71191 -20.9922 -2.57617 -40.5283 -2.57617 -58.624zM201.856 294.912c0 7.50391 2.65527 13.9043 7.93555 19.2002c5.2959 5.2959 11.5195 7.93555 18.6885 7.93555
+c7.50391 0 13.9199 -2.63965 19.1992 -7.93555c5.2959 -5.2959 7.93652 -11.6807 7.93652 -19.2002c0 -7.52051 -2.65625 -13.8242 -7.93652 -18.9443c-5.2959 -5.12012 -11.6953 -7.67969 -19.1992 -7.67969c-7.16895 0 -13.3926 2.55957 -18.6885 7.67969
+c-5.28027 5.12012 -7.93555 11.4404 -7.93555 18.9443zM230.528 304.128c0 -4.0957 2.04785 -6.14355 6.14355 -6.14355c1.69629 0 3.15234 0.591797 4.35254 1.79199c1.19922 1.19922 1.79199 2.65527 1.79199 4.35156c0 1.71191 -0.592773 3.24805 -1.79199 4.6084
+c-1.2002 1.35938 -2.65625 2.04785 -4.35254 2.04785c-4.08008 0 -6.14355 -2.22461 -6.14355 -6.65625zM278.656 273.408l1.02344 1.02344l-0.511719 -1.53516zM281.216 275.968l26.624 26.624l26.1279 -26.624c-7.53613 -2.38379 -16.0635 -3.58398 -25.6162 -3.58398
+c-9.8877 0 -18.9434 1.2002 -27.1357 3.58398zM282.256 264.704c9.21582 -1.69629 17.7441 -2.56055 25.6006 -2.56055c7.51953 0 15.8711 0.864258 25.0879 2.56055l-25.0879 -25.0879zM336 272.896v1.53516l0.511719 -1.02344zM349.824 294.912
+c0 7.50391 2.63965 13.9043 7.93555 19.2002s11.6807 7.93555 19.2002 7.93555c7.50391 0 13.9043 -2.63965 19.1836 -7.93555c5.29688 -5.2959 7.93652 -11.6807 7.93652 -19.2002c0 -7.52051 -2.63965 -13.8242 -7.93652 -18.9443
+c-5.2793 -5.12012 -11.6797 -7.67969 -19.1836 -7.67969c-7.51953 0 -13.9043 2.55957 -19.2002 7.67969s-7.93555 11.4404 -7.93555 18.9443zM378.496 304.128c0 -1.69629 0.6875 -3.15234 2.04785 -4.35156c1.36035 -1.2002 2.73633 -1.79199 4.1123 -1.79199
+c1.67969 0 3.23145 0.591797 4.5918 1.79199c1.37598 1.19922 2.06348 2.65527 2.06348 4.35156c0 4.43164 -2.22363 6.65625 -6.65527 6.65625c-1.71191 0 -3.15234 -0.671875 -4.35254 -2.04785c-1.21582 -1.36035 -1.80762 -2.89648 -1.80762 -4.6084z" />
+    <glyph glyph-name="uniF143" unicode="&#xf143;" 
+d="M56.832 -65.5361v512h391.168v-418.304l-292.352 1.51953v-95.2158h-98.8164zM154.624 118.288h204.288v230.384h-204.288v-230.384z" />
+    <glyph glyph-name="uniF14E" unicode="&#xf14e;" 
+d="M0 157.696v68.6074l1.28027 30.208l3.58398 31.4883l7.16797 27.1357l12.0322 28.416l18.1758 23.8086l25.8555 24.3193c49.8346 37.5469 110.592 56.3203 182.272 56.3203h8.19141v-397.824h63.4883v106.496c2.38932 -3.75456 9.04525 -14.5918 19.9678 -32.5117
+c10.9232 -17.9199 19.6273 -31.488 26.1123 -40.7041c9.89844 -13.6536 20.7357 -22.6989 32.5117 -27.1357c11.776 -4.4375 27.3923 -6.65625 46.8486 -6.65625h18.4316v60.416c-15.36 0 -26.112 1.19466 -32.2559 3.58398s-13.3118 9.38672 -21.5039 20.9922
+c-4.77865 6.14388 -11.0934 15.7865 -18.9443 28.9277c-7.85026 13.1413 -12.2874 20.5654 -13.3115 22.2725l87.5518 121.855h-75.7764l-69.6318 -96.7676v231.936c46.0801 -7.50911 86.6989 -24.5758 121.856 -51.2002
+c9.89844 -7.50911 18.5169 -15.6156 25.8555 -24.3193c7.33854 -8.70443 13.3971 -16.6406 18.1758 -23.8086s8.78939 -16.64 12.0322 -28.416s5.63216 -20.8213 7.16797 -27.1357c1.53646 -6.31445 2.73112 -16.8105 3.58398 -31.4883
+c0.853516 -14.6771 1.28027 -24.7464 1.28027 -30.208v-68.6074l-1.28027 -30.208l-3.58398 -31.4883l-7.16797 -27.1357l-12.0322 -28.416l-18.1758 -23.8086l-25.8555 -24.3193c-49.8346 -37.5469 -112.469 -56.3203 -187.904 -56.3203s-138.07 18.7734 -187.904 56.3203
+c-9.89844 7.50911 -18.5169 15.6156 -25.8555 24.3193c-7.33854 8.70443 -13.3971 16.6406 -18.1758 23.8086s-8.78939 16.64 -12.0322 28.416c-3.24284 11.776 -5.63216 20.8213 -7.16797 27.1357c-1.53646 6.31445 -2.73112 16.8105 -3.58398 31.4883
+c-0.853516 14.6771 -1.28027 24.7464 -1.28027 30.208zM41.4717 81.4082c22.528 -22.8698 55.2962 -34.3047 98.3047 -34.3047c27.3066 0 50.7731 6.9974 70.3994 20.9922c19.627 13.9948 29.4404 34.1335 29.4404 60.416c0 17.4082 -3.07194 31.8298 -9.21582 43.2646
+c-6.14453 11.4342 -13.8245 19.1995 -23.04 23.2959c-9.21615 4.0957 -19.2002 7.4235 -29.9521 9.9834c-10.752 2.56055 -20.736 4.09668 -29.9521 4.6084s-16.8962 2.47428 -23.04 5.8877c-6.14388 3.41341 -9.21582 8.53353 -9.21582 15.3604
+c0 16.0423 11.9466 23.8929 35.8398 23.5518c19.4557 0 34.3037 -4.94922 44.5439 -14.8477l39.9355 39.9355c-20.4798 20.4805 -49.4928 30.7207 -87.0391 30.7207c-26.6243 0 -49.0671 -7.08268 -67.3281 -21.248c-18.2617 -14.1654 -27.3926 -34.2188 -27.3926 -60.1602
+c0 -17.4082 3.4987 -31.6589 10.4961 -42.752c6.9974 -11.0938 15.7868 -18.6885 26.3682 -22.7842c10.5814 -4.09635 21.248 -6.99772 32 -8.7041s20.9066 -3.24251 30.4639 -4.6084c9.55729 -1.36523 15.8721 -3.75456 18.9443 -7.16797
+c3.41341 -3.75456 5.12012 -8.87435 5.12012 -15.3594c0 -15.7018 -12.2881 -23.5527 -36.8643 -23.5527c-26.2826 0 -45.568 6.14421 -57.8564 18.4326z" />
+    <glyph glyph-name="uniF15A" unicode="&#xf15a;" 
+d="M-56.6396 334.336c3.40723 2.71973 7.67969 4.78418 12.7998 6.14453c4.76758 1.35938 9.04004 2.04785 12.7998 2.04785h4.6084c3.40723 0 7.50391 -0.176758 12.2881 -0.512695c7.50391 -0.335938 12.9756 -0.511719 16.3838 -0.511719
+c2.04785 0 8.52734 0.335938 19.4561 1.02441c5.45605 0.335938 10.416 0.416016 14.8477 0.255859s8.36816 -0.255859 11.7764 -0.255859c6.83203 -0.688477 12.2881 -2.04785 16.3838 -4.09668c2.04785 -1.02344 4.27148 -3.24805 6.65625 -6.65527
+c2.38379 -3.4082 4.35156 -6.65625 5.8877 -9.72852s3.50391 -7.42383 5.8877 -13.0557s4.09668 -9.3125 5.12012 -11.0078c12.9766 -28 29.0078 -55.8086 48.1279 -83.4561c0.688477 -1.02441 1.88867 -2.91211 3.58398 -5.63184
+c1.69629 -2.73633 3.15234 -4.86426 4.35254 -6.40039c1.19922 -1.53613 2.73535 -3.50391 4.60742 -5.8877c1.87207 -2.38477 3.66406 -4.27246 5.37598 -5.63281c1.71191 -1.35938 3.50391 -2.81543 5.37598 -4.35156s3.83984 -2.48047 5.88867 -2.81641
+c2.04785 -0.335938 4.0957 -0.335938 6.14355 0c9.56836 1.69629 14.8477 21.6641 15.8721 59.9043c0.335938 6.48047 0.511719 12.4639 0.511719 17.9199c0 25.2646 -2.55957 42.6719 -7.67969 52.2246c-2.04785 3.74316 -4.68848 6.73535 -7.93555 8.95996
+c-3.24805 2.22363 -7.4248 4.27148 -12.5449 6.14355c-5.11914 1.87207 -9.03906 3.66406 -11.7754 5.37598c4.76758 9.55176 13.2314 15.8721 25.3438 18.9443c12.1123 3.07129 28.5918 4.60742 49.4082 4.60742h27.1357s4.43262 -0.0800781 13.3125 -0.255859
+s13.4873 -0.671875 13.8232 -1.53613l11.248 -2.81543s3.34473 -1.53613 10 -4.6084c6.65625 -3.07227 8.78418 -5.45605 6.40039 -7.16797c3.07227 -6.14355 4.94434 -13.3115 5.63184 -21.5039c0 -2.38379 0.160156 -4.78418 0.496094 -7.16797
+c0 -6.81641 -0.496094 -15.6963 -1.53613 -26.624c-1.35938 -14.3359 -2.04785 -23.2158 -2.04785 -26.624c-1.00781 -7.85645 -1.53613 -15.6963 -1.53613 -23.5518c0 -6.14453 0.335938 -12.624 1.00781 -19.4561c1.37598 -15.0244 6.49609 -25.4238 15.376 -31.2324
+c3.05664 0.335938 5.87207 1.02441 8.43262 2.04785c2.55957 1.02441 5.2002 2.91211 7.93555 5.63281c2.71973 2.73535 4.6084 4.6875 5.63184 5.8877c1.02441 1.2002 3.15234 4 6.40039 8.44824c3.24805 4.44727 5.02441 6.83203 5.37598 7.16797
+c16.0479 21.1514 32.0957 48.9756 48.1279 83.4561l4.6084 11.5195s1.96777 4.52832 5.8877 13.5684s5.96777 12.3682 6.14355 9.9834c0.176758 -2.38379 2.83203 -0.0800781 7.93652 6.91211c5.45605 2.38379 11.9521 3.58398 19.4561 3.58398h4.63965
+c6.83203 0 14.6719 -0.335938 23.5518 -1.02344c10.9443 -0.688477 18.96 -1.02441 24.0645 -1.02441c3.08789 0 7.77637 0.175781 14.0957 0.511719c6.32031 0.335938 11.8564 0.592773 16.6406 0.768555c4.76758 0.175781 9.80762 0.0800781 15.1035 -0.255859
+c5.28027 -0.335938 9.63184 -1.36035 13.04 -3.07227c3.42383 -1.69629 5.79199 -3.91992 7.16797 -6.65625c1.04004 -2.04785 1.53613 -4.27148 1.53613 -6.65625c0 -9.90332 -5.96777 -24.7354 -17.9199 -44.5439c-5.79199 -9.90332 -11.6797 -18.8633 -17.6641 -26.8799
+c-5.96777 -8.01562 -13.7119 -17.9199 -23.2803 -29.6953c-9.56738 -11.7764 -15.8721 -19.7129 -18.9434 -23.8086c-0.688477 -0.6875 -3.08887 -3.75977 -7.18457 -9.21582s-7.05566 -9.56836 -8.95996 -12.2881c-1.87207 -2.73633 -3.82422 -6.57617 -5.8877 -11.5361
+c-2.04785 -4.94336 -2.91211 -9.47168 -2.56055 -13.5674c0 -2.73633 0.512695 -5.28027 1.55273 -7.68066c1.00781 -2.36816 2.63965 -4.94336 4.86328 -7.66406c2.22461 -2.71973 3.93652 -4.7832 5.12012 -6.14355c1.18457 -1.37598 3.50391 -3.60059 6.91211 -6.65625
+c3.4082 -3.07227 5.47168 -4.95996 6.16016 -5.64746c24.2236 -22.1768 43.3438 -42.1445 57.3438 -59.8887c13.6484 -17.7441 20.4639 -30.5596 20.4639 -38.3994c0 -11.2646 -8.7041 -18.2725 -26.1113 -20.9922c-8.87988 -1.36035 -17.9199 -2.04785 -27.1367 -2.04785
+c-7.15137 0 -14.4951 0.511719 -22.0156 1.55176c-6.83203 0.671875 -13.1357 1.00781 -18.96 1.00781c-8.86426 0 -16.5439 -0.864258 -23.0244 -2.55957h-3.08789c-22.5273 3.75977 -46.2559 19.792 -71.168 48.1436c-1.35938 1.36035 -4.27148 4.86426 -8.7041 10.4805
+c-4.43164 5.64746 -8.19141 9.9834 -11.2637 13.0557s-7.00781 5.96777 -11.7764 8.7041c-4.76758 2.71973 -9.3916 3.74414 -13.8232 3.05566c-7.84082 -1.35938 -13.04 -6.31934 -15.6162 -14.8477s-4.0957 -18.6885 -4.6084 -30.4639
+c-0.496094 -11.7598 -2.12793 -20.0479 -4.86328 -24.832c-4.43262 -8.19238 -17.9209 -12.2881 -40.4482 -12.2881c-9.55176 0 -20.8164 0.671875 -33.792 2.04785c-26.624 2.71973 -50.7686 9.56836 -72.4482 20.4639c-21.6797 10.9443 -38.832 22.4482 -51.4561 34.5605
+c-12.624 12.1279 -26.4482 27.9033 -41.4717 47.376c-35.5039 45.3916 -69.1201 100.336 -100.864 164.863c-1.02441 2.04883 -2.89551 5.88867 -5.63184 11.5205c-2.73633 5.64746 -4.76855 10 -6.14453 13.0723c-1.37598 3.07129 -2.99121 7.08789 -4.86328 12.0312
+c-1.87207 4.94434 -3.24805 9.72852 -4.09668 14.3359c-0.847656 4.6084 -1.2793 9.13672 -1.2793 13.5684z" />
+    <glyph glyph-name="uniF136" unicode="&#xf136;" 
+d="M-2.48242 387.926c0 16.5495 5.79232 30.2028 17.377 40.96c11.5846 10.7572 26.6445 16.1357 45.1797 16.1357c18.2044 0 32.9336 -5.2959 44.1875 -15.8877c11.5846 -10.9225 17.377 -25.1553 17.377 -42.6982c0 -15.8874 -5.62663 -29.127 -16.8799 -39.7188
+c-11.5853 -10.9225 -26.8109 -16.3838 -45.6768 -16.3838h-0.49707c-18.2044 0 -32.9333 5.46126 -44.1865 16.3838c-11.2539 10.9232 -16.8809 24.6595 -16.8809 41.209zM3.97168 -46.499v331.652h110.22v-331.652h-110.22zM175.259 -46.499
+c0.662109 99.959 0.993164 177.576 0.993164 232.852s-0.331055 88.209 -0.993164 98.8008h110.22v-47.166l-0.496094 -0.993164h0.496094v0.993164c23.8314 36.7396 57.096 55.1094 99.7939 55.1094c38.0638 0 68.6803 -12.6605 91.8496 -37.9814
+c23.1693 -25.3203 34.7539 -62.4736 34.7539 -111.46v-190.154h-110.22v177.245c0 49.9798 -18.5355 74.9697 -55.6064 74.9697c-14.2324 0 -26.0651 -3.88932 -35.498 -11.668c-9.43359 -7.77799 -16.4674 -17.2939 -21.1016 -28.5479
+c-2.64779 -6.28841 -3.97168 -15.2253 -3.97168 -26.8105v-185.188h-110.22z" />
+    <glyph glyph-name="uniF14C" unicode="&#xf14c;" 
+d="M0 308.224c0 38.571 13.6533 71.5098 40.96 98.8164s60.2454 40.96 98.8164 40.96c26.6237 0 51.3701 -7.16797 74.2393 -21.5039c12.2884 2.38932 25.9417 3.58398 40.96 3.58398c66.5605 0 123.393 -23.5521 170.496 -70.6562
+c47.1042 -47.1042 70.6562 -103.765 70.6562 -169.983c0 -16.7259 -1.87728 -33.9635 -5.63184 -51.7129c9.55729 -20.1387 14.3359 -40.7891 14.3359 -61.9512c0 -38.571 -13.6533 -71.5098 -40.96 -98.8164s-60.2454 -40.96 -98.8164 -40.96
+c-23.2103 0 -45.2262 5.46126 -66.0479 16.3838c-15.36 -2.73047 -30.0374 -4.0957 -44.0322 -4.0957c-66.2181 0 -122.879 23.5521 -169.983 70.6562c-47.1042 47.1035 -70.6562 103.936 -70.6562 170.496c0 16.0423 1.53613 32.085 4.6084 48.1279
+c-12.6296 22.1862 -18.9443 45.738 -18.9443 70.6553zM113.152 120.832c0 -13.9948 5.11979 -28.5016 15.3594 -43.5205c24.235 -35.498 66.2191 -53.2471 125.952 -53.2471c17.0671 0 33.5365 1.87728 49.4082 5.63184c15.8717 3.75456 30.805 9.55697 44.7998 17.4072
+c13.9948 7.85091 25.2588 18.6885 33.792 32.5127c8.5332 13.8236 12.7998 29.9515 12.7998 48.3838c0 19.7975 -5.03451 36.5228 -15.1035 50.1758c-10.0697 13.6536 -22.6136 23.5524 -37.6318 29.6963c-15.0189 6.14388 -31.3177 11.6904 -48.8965 16.6396
+s-33.8773 8.87467 -48.8955 11.7764c-15.0189 2.90104 -27.5632 7.33822 -37.6328 13.3115c-10.069 5.97331 -15.1035 13.568 -15.1035 22.7842c0 11.2643 6.22949 19.627 18.6885 25.0879c12.4583 5.46159 25.1729 8.19238 38.1436 8.19238
+c13.653 0 24.917 -2.13346 33.792 -6.40039c8.87435 -4.26628 15.3597 -9.38607 19.4561 -15.3594c4.0957 -5.97331 7.67969 -11.9466 10.752 -17.9199s7.25358 -11.0934 12.5439 -15.3604s12.0316 -6.40039 20.2236 -6.40039c9.21615 0 17.3229 3.24284 24.3203 9.72852
+c6.9974 6.48503 10.4961 14.3356 10.4961 23.5518s-2.5599 18.4323 -7.67969 27.6484c-10.2402 18.7728 -26.4538 32.4261 -48.6406 40.96c-22.1862 8.5332 -45.738 12.7998 -70.6553 12.7998c-15.7018 0 -30.8913 -1.53613 -45.5684 -4.6084
+c-14.6771 -3.07161 -28.8424 -8.02083 -42.4961 -14.8477c-13.653 -6.82682 -24.6611 -16.4694 -33.0244 -28.9277c-8.36263 -12.459 -12.5439 -27.2217 -12.5439 -44.2881c0 -22.528 6.82682 -40.7041 20.4805 -54.5283c13.653 -13.8242 30.2077 -23.5521 49.6641 -29.1836
+c19.4557 -5.63216 38.9971 -10.4964 58.624 -14.5928c19.6263 -4.0957 36.2663 -9.81283 49.9199 -17.1514c13.653 -7.33854 20.4795 -17.3226 20.4795 -29.9521c0 -9.89844 -3.92513 -18.2611 -11.7754 -25.0879c-7.85091 -6.82682 -16.4697 -11.4349 -25.8564 -13.8242
+s-19.0293 -3.58398 -28.9277 -3.58398c-12.9707 0 -23.9788 1.79199 -33.0244 5.37598c-9.04492 3.58398 -15.6156 8.19206 -19.7119 13.8242c-4.0957 5.63216 -7.93555 11.6055 -11.5195 17.9199s-6.65592 12.2878 -9.21582 17.9199
+c-2.56055 5.63216 -6.40072 10.2402 -11.5205 13.8242s-11.4342 5.37598 -18.9434 5.37598c-9.55794 0 -17.8353 -2.90137 -24.832 -8.7041c-6.9974 -5.80273 -10.4961 -13.4827 -10.4961 -23.04z" />
+    <glyph glyph-name="uniF11A" unicode="&#xf11a;" 
+d="M0 17.4082v347.136c0 22.528 7.33854 42.0693 22.0156 58.624c14.6777 16.5547 33.1097 24.832 55.2959 24.832h356.864c23.8932 0 43.776 -6.40007 59.6484 -19.2002c15.8717 -12.8001 23.8076 -30.9759 23.8076 -54.5273v-30.208
+c-25.2585 4.77865 -44.2025 8.19173 -56.832 10.2393c-18.0905 2.38932 -27.3063 3.58398 -27.6475 3.58398c-3.41341 1.02409 -8.44824 2.73079 -15.1045 5.12012c-6.6556 2.38932 -12.4583 4.18132 -17.4082 5.37598c-4.94922 1.19466 -10.4958 1.79199 -16.6396 1.79199
+c-21.1628 0 -43.6908 -8.02116 -67.584 -24.0635c-11.6055 -1.02409 -27.9043 -2.21875 -48.8965 -3.58398c-20.9915 -1.36523 -40.1061 -2.90137 -57.3438 -4.6084c-17.237 -1.70638 -33.5355 -4.0957 -48.8955 -7.16797h-1.02441l-0.511719 -0.511719h-2.04785
+l-0.512695 -0.512695h-0.511719c-24.5762 -4.77865 -39.4242 -9.21582 -44.5439 -13.3115c-6.14388 -5.11979 -9.55729 -17.237 -10.2402 -36.3516v-84.4805l-1.53613 -9.21582l269.312 -6.65625l40.96 13.8242c-15.0189 -26.9655 -26.9655 -49.4935 -35.8398 -67.584
+l-54.2725 -24.0645l-207.872 -3.58398c-1.02409 -1.02409 -2.73079 -1.62142 -5.12012 -1.79199s-4.2666 -0.938477 -5.63184 -2.30371c1.36523 -8.87435 2.5599 -15.5303 3.58398 -19.9678c4.09635 -17.7493 23.2113 -27.8187 57.3447 -30.208
+c70.3145 -4.4375 127.488 -6.65625 171.52 -6.65625c12.9707 0 33.4508 3.41341 61.4404 10.2402c27.9889 6.82682 49.6634 10.2402 65.0234 10.2402c22.1868 0 41.1309 -4.94954 56.832 -14.8486v-27.6475c0 -52.9069 -26.2826 -79.3604 -78.8477 -79.3604h-370.176
+c-20.8216 0 -37.4616 8.19206 -49.9199 24.5762c-12.459 16.3841 -18.6885 35.3281 -18.6885 56.832zM353.28 296.96c0 4.77865 1.70671 8.95996 5.12012 12.5439c3.41276 3.58398 7.50879 5.37598 12.2881 5.37598c4.77865 0 8.95996 -1.79199 12.5439 -5.37598
+s5.37598 -7.7653 5.37598 -12.5439s-1.79199 -8.87467 -5.37598 -12.2881s-7.7653 -5.12012 -12.5439 -5.12012c-4.7793 0 -8.87533 1.70671 -12.2881 5.12012c-3.41341 3.41341 -5.12012 7.50944 -5.12012 12.2881z" />
+    <glyph glyph-name="uniF12D" unicode="&#xf12d;" 
+d="M16 11.5195c-1.02441 12.1289 0.175781 22.2725 3.58398 30.4648c13.3125 47.792 29.0078 88.5752 47.1045 122.352c38.9111 73.7441 92.3193 133.824 160.256 180.24v7.16797c-20.1445 -8.52832 -40.3682 -19.7119 -60.6719 -33.5361
+c-20.3203 -13.8242 -37.7129 -27.6484 -52.2246 -41.4717c-14.5117 -13.8242 -27.4717 -27.04 -38.9121 -39.6807c-11.4238 -12.624 -20.0479 -22.8633 -25.8555 -30.7197l-8.7041 -11.7764c-0.688477 20.1289 2.04785 39.7607 8.19141 58.8809
+c6.14453 19.1191 13.8242 35.1514 23.04 48.1279c9.2168 12.9756 18.5283 24.3994 27.9043 34.3037c9.3916 9.9043 17.3125 17.2314 23.8076 22.0156l9.72852 6.65625c1.37598 0.688477 3.15234 1.61621 5.37598 2.81641c2.22363 1.19922 6.91211 3.50391 14.0801 6.91211
+c7.16797 3.40723 14.5918 6.5752 22.2715 9.47168c7.68066 2.91211 17.0566 5.80762 28.1602 8.7041c11.0879 2.91211 22.0166 4.95996 32.7686 6.14355c10.752 1.2002 22.6875 1.53613 35.8398 1.02441c13.1201 -0.512695 25.6797 -2.48047 37.6318 -5.88867
+c21.8398 16.0488 43.7764 28.4961 65.792 37.376c22.0156 8.88086 38.6396 13.8242 49.9199 14.8486l16.8965 1.53613c17.0557 1.71191 30.3037 -1.10449 39.6641 -8.44824c9.3916 -7.32812 14.6875 -16.7197 15.8711 -28.1602
+c1.2002 -11.4395 1.12012 -23.04 -0.255859 -34.8154c-1.37598 -11.7764 -3.40723 -21.9365 -6.16016 -30.4648l-4.5918 -12.2881l-2.55957 2.56055c7.15137 19.4561 10.6562 35.4082 10.4961 47.8721c-0.175781 12.4639 -3.15234 22.0957 -8.97656 28.9277
+c-5.79199 6.83203 -12.0312 11.7764 -18.6875 14.8477c-6.65625 3.07227 -12.8799 4.78418 -18.6885 5.12012l-8.19141 1.02441c-1.37598 0 -3.32812 -0.0800781 -5.88867 -0.255859c-2.55957 -0.175781 -8.01562 -1.02441 -16.3838 -2.56055
+c-8.33594 -1.53613 -16.7197 -3.66406 -25.0723 -6.39941c-8.35156 -2.7207 -18.6875 -6.99219 -30.9912 -12.7998c-12.2881 -5.80859 -24.0645 -12.8008 -35.3125 -20.9922c23.5361 -3.75977 44.5283 -10.9287 62.9766 -21.5039
+c18.4316 -10.5928 33.1035 -22.624 44.0312 -36.0967c10.9287 -13.4717 20.2246 -28 27.9043 -43.5195c7.67969 -15.5361 12.9756 -30.6396 15.8721 -45.3125c2.91211 -14.6719 5.12012 -28 6.65625 -39.9355c1.53613 -11.9365 2.12793 -21.5039 1.77539 -28.6719
+l-0.496094 -11.2803h-285.168c-1.02344 -14.3359 0.768555 -26.7842 5.37598 -37.376c4.6084 -10.5762 10.4004 -18.3359 17.4082 -23.2803c6.99219 -4.95996 14 -8.7998 20.9922 -11.5361c6.99219 -2.71973 13.0557 -4.27148 18.1602 -4.5918l7.67969 -0.527344
+c1.37598 0 3.32812 0.0957031 5.8877 0.271484c2.56055 0.175781 7.07227 1.10449 13.585 2.81641c6.46387 1.69531 12.3516 4.11133 17.6631 7.16797c5.28027 3.05566 10.5762 7.93555 15.8721 14.5918c5.28027 6.65625 8.95996 14.5918 11.0088 23.8076h149.504
+c-5.45605 -20.1602 -13.4727 -38.3994 -24.0645 -54.7832c-10.5762 -16.3848 -22.1914 -29.6328 -34.8154 -39.6807s-25.9365 -18.7842 -39.9365 -26.1279c-14 -7.32812 -27.3916 -12.7041 -40.1924 -16.1279c-12.8154 -3.4082 -24.3994 -6.14355 -34.8154 -8.19238
+c-10.416 -2.04785 -18.6885 -3.24805 -24.8477 -3.58398h-9.71289c-26.624 0 -44.8955 1.00879 -54.7832 3.07227c-20.4805 -16.0635 -42.0645 -28.5918 -64.7686 -37.6475c-22.7041 -9.05664 -40.3516 -14.0801 -52.9922 -15.1045l-18.4316 -1.50391
+c-15.6963 0 -28.9277 4 -39.6797 12.0322s-17.8398 17.584 -21.248 28.6719s-5.63184 22.7041 -6.65625 34.8154v0zM54.6562 14.3359c-0.175781 -8.20801 0.255859 -15.4561 1.2793 -21.7598c1.02441 -6.30371 2.38477 -11.168 4.09668 -14.5918l2.04785 -4.6084
+c1.36035 -1.02441 3.24805 -2.38379 5.63184 -4.0957s8.1123 -4.0166 17.1523 -6.91211c9.04004 -2.91211 18.7676 -4.28809 29.1836 -4.0957c10.416 0.15918 24.4004 2.97559 41.9844 8.43164s35.9355 14 55.04 25.5996
+c-2.7207 0.688477 -6.40039 1.63184 -11.0078 2.81641c-4.6084 1.2002 -13.2324 4.28809 -25.8564 9.21582c-12.6396 4.97559 -24.4004 10.3359 -35.3281 16.1445c-10.9277 5.80762 -22.2715 13.9033 -34.0479 24.3193s-20.9121 21.4238 -27.3916 33.0244
+c-7.50488 -11.6162 -13.1367 -23.04 -16.8965 -34.3203c-3.75977 -11.248 -5.71191 -20.9756 -5.8877 -29.168zM199.296 231.424h135.664c0.335938 12.2881 -1.63184 23.04 -5.87207 32.2559c-4.28809 9.2168 -9.72754 15.8721 -16.3838 19.9688
+c-6.65625 4.0957 -13.2324 7.32715 -19.6963 9.72754c-6.49609 2.38379 -12.1279 3.75977 -16.9121 4.0957l-7.15137 0.512695c-2.06445 0 -4.62402 -0.176758 -7.68066 -0.512695c-3.05566 -0.335938 -8.7041 -1.69531 -16.8955 -4.0957
+c-8.19238 -2.40039 -15.3604 -5.63184 -21.5039 -9.72754c-6.14453 -4.09668 -11.6963 -10.752 -16.6406 -19.9688c-4.95996 -9.21582 -7.26367 -19.9678 -6.92773 -32.2559z" />
+    <glyph glyph-name="uniF146" unicode="&#xf146;" 
+d="M84.0322 440.32h51.2002l4.0957 -61.9521h5.12012l2.55957 1.53613c26.96 45.4072 68.9443 68.0957 125.968 68.0957c44.3682 0 80.624 -16.8164 108.784 -50.4316c28.1602 -33.6162 42.2402 -76.8965 42.2402 -129.792c0 -31.7441 -4.6084 -60.1602 -13.8242 -85.248
+c-9.2002 -25.0879 -21.584 -45.1367 -37.1035 -60.1602c-15.5361 -15.0244 -32.7842 -26.4639 -51.7119 -34.3203c-18.9287 -7.85547 -38.832 -11.7754 -59.6641 -11.7754c-23.5527 0 -44.9766 4.87988 -64.2559 14.5918
+c-19.2803 9.72754 -34.0488 23.2959 -44.2881 40.7197l-1.02441 1.53613h-5.63184l-1.53613 -3.58398v-193.536h-57.8564v389.632c0 30.0322 -1.02344 68.2725 -3.07129 114.688zM144.96 228.864c0 -10.5918 1.02441 -19.9678 3.07227 -28.1602
+c6.47949 -23.8877 19.1201 -43.168 37.8877 -57.8564c18.7686 -14.6719 40.2725 -22.0156 64.5117 -22.0156c34.4648 0 62.1279 13.0557 82.9443 39.168s31.2324 61.0078 31.2324 104.704c0 40.624 -10.416 73.7275 -31.2324 99.3281
+c-20.8164 25.5996 -47.6318 38.3994 -80.3682 38.3994c-24.5918 0 -46.4316 -7.75977 -65.5518 -23.2959c-19.1045 -15.5195 -31.7441 -35.584 -37.8877 -60.1602c-3.07227 -11.2637 -4.6084 -20.3037 -4.6084 -27.1357v-62.9756z" />
+    <glyph glyph-name="uniF14B" unicode="&#xf14b;" 
+d="M39.168 83.4561c0 15.0078 5.37598 27.9844 16.1279 38.9277c10.752 10.9121 23.8076 16.3682 39.168 16.3682c15.0078 0 28 -5.47168 38.9121 -16.3682c10.9277 -10.9434 16.3838 -23.9033 16.3838 -38.9277c0 -15.6963 -5.80762 -29.0078 -17.4082 -39.9365
+c22.1768 -25.2471 50 -37.8877 83.4561 -37.8877c23.5684 0 43.3604 7.00781 59.3926 20.9922c16.0479 14.3359 24.0635 32.416 24.0635 54.2881c0 13.3115 -4.27148 26.4316 -12.7998 39.4082c-7.85547 12.9756 -18.0957 23.9033 -30.7197 32.7832
+c-11.6162 7.84082 -31.2324 17.5684 -58.8799 29.1846c-25.6006 10.2402 -46.416 20.3037 -62.4639 30.208c-14.3359 9.21582 -26.8008 20.1279 -37.376 32.7676c-10.2402 12.2881 -18.0967 24.9121 -23.5527 37.8887c-4.7832 13.2959 -7.16797 26.7832 -7.16797 40.4316
+c0 34.4805 13.8242 63.8242 41.4727 88.0645c27.9834 24.2393 61.6152 36.3516 100.863 36.3516c26.3047 0 52.752 -5.63184 79.3604 -16.8965c22.5283 -9.55176 41.8242 -23.2158 57.8564 -40.96c12.624 -10.9277 18.9434 -24.5752 18.9434 -40.96
+c0 -15.3594 -5.45605 -28.416 -16.3682 -39.168s-23.9033 -16.1279 -38.9121 -16.1279c-15.376 0 -28.416 5.37598 -39.168 16.1279c-10.7676 10.752 -16.1279 23.8086 -16.1279 39.168c0 7.16797 1.69629 14.6729 5.10449 22.5283
+c-10.9277 5.45605 -25.9365 8.19238 -45.0557 8.19238c-23.5527 0 -42.6729 -5.2959 -57.3447 -15.8721s-22.0156 -24.2402 -22.0156 -40.96c0 -14.6719 6.47949 -27.6484 19.4561 -38.9121c13.6475 -11.2637 35.4883 -23.376 65.5361 -36.3525
+c31.4072 -13.6475 55.4717 -26.1113 72.208 -37.376c17.4072 -11.5996 31.3916 -24.2393 41.9678 -37.8877c11.2803 -14 19.4717 -28.4961 24.5762 -43.5195c0 -0.335938 0.175781 -0.864258 0.511719 -1.55273c0.335938 -0.671875 0.511719 -1.18359 0.511719 -1.53613
+c-25.6152 -21.168 -38.3994 -48.1279 -38.3994 -80.8955c0 -18.0957 4.78418 -35.8398 14.3359 -53.248c-3.74414 -4.43164 -7.83984 -9.04004 -12.2881 -13.8242c-29.6797 -27.9678 -64.8477 -41.9678 -105.472 -41.9678s-76.1123 10.9277 -106.496 32.7676
+c-30.3848 21.8408 -54.0967 54.96 -71.168 99.3281l1.53516 0.512695c-1.71191 5.10352 -2.55957 10.0801 -2.55957 14.8477zM353.024 45.0557c0 17.4082 6.14355 32.3525 18.4473 44.8008c12.2881 12.4473 27.3125 18.6875 45.0566 18.6875
+s32.752 -6.24023 45.0557 -18.6875c12.2725 -12.4648 18.416 -27.3926 18.416 -44.8008c0 -17.7441 -6.14355 -32.8477 -18.4482 -45.3115c-12.2881 -12.4639 -27.3115 -18.6885 -45.0557 -18.6885s-32.752 6.22461 -45.0557 18.6885
+c-12.2725 12.4482 -18.416 27.5674 -18.416 45.3115z" />
+    <glyph glyph-name="uniF13A" unicode="&#xf13a;" 
+d="M-86.5918 169.472c0 11.9521 0.335938 29.8721 1.02344 53.7607c8.19238 2.71973 16.3848 4.0957 24.5762 4.0957h9.21582c5.80859 -7.85645 12.6406 -19.792 20.4805 -35.8398s13.1357 -26.4482 15.8721 -31.2324c0.671875 2.40039 2.04785 8.62402 4.0957 18.6885
+c2.04785 10.0801 3.74414 17.3281 5.12012 21.7598s3.24805 10.6719 5.63184 18.6875c2.38379 8.0166 5.02441 14.9443 7.93652 20.7363c2.89551 5.80762 6.22363 11.0879 9.9834 15.8721c9.55273 -1.69629 17.4082 -2.55957 23.5527 -2.55957
+c2.04785 0 3.93555 0.175781 5.63184 0.511719c8.19141 -18.4326 15.9678 -46.2559 23.2959 -83.4561c7.34375 -37.2158 13.9199 -63.6641 19.7119 -79.376c-0.335938 0 -1.02441 0.191406 -2.04785 0.52832l-1.53613 0.511719
+c-3.07227 0 -7.52051 -0.944336 -13.3125 -2.81641c-5.80762 -1.87207 -9.56738 -2.99219 -11.2637 -3.32812c-13.6641 34.4805 -24.2402 69.1045 -31.7441 103.937c-5.12012 -8.87988 -7.67969 -24.0645 -7.67969 -45.584c0 -21.5039 -1.8877 -36.5117 -5.63184 -45.04
+l-2.56055 1.00781c-2.71973 0 -6.47949 -0.335938 -11.2637 -1.00781c-4.76855 -0.671875 -8.35254 -1.00781 -10.752 -1.00781h-9.21582c-9.2168 16.3682 -18.9443 31.5674 -29.1846 45.5674c-1.02344 -2.04785 -1.53613 -4.60742 -1.53613 -7.67969
+c0 -3.05566 0.432617 -7.50391 1.28027 -13.3115c0.847656 -5.79297 1.28027 -10.0645 1.28027 -12.8008l-0.511719 -6.14355c-10.2402 -5.12012 -19.1045 -7.67969 -26.624 -7.67969c-2.38477 0 -4.09668 0.191406 -5.12012 0.511719
+c-5.80859 19.0879 -8.7041 43.3438 -8.7041 72.6875zM95.168 130.56c0 9.2168 1.36035 19.0244 4.0957 29.4404c2.7207 10.4004 7.50391 20.1436 14.3359 29.1836c6.81641 9.04004 14.8486 13.5684 24.0645 13.5684c3.4082 0 8.19238 -0.847656 14.3359 -2.55957
+s10.0645 -2.73633 11.7764 -3.07227c3.07129 -13.6484 4.60742 -27.4717 4.60742 -41.4561c0 -9.56836 -1.02344 -18.96 -3.07227 -28.1758c-4.0957 1.35938 -10.5918 2.14355 -19.4551 2.30371c-8.88086 0.192383 -15.1846 0.78418 -18.9443 1.80762
+c-1.71191 -6.84766 -2.56055 -13.1514 -2.56055 -18.96c0 -7.16797 1.69629 -13.4873 5.12012 -18.96c3.4082 -5.45605 8.52832 -8.19141 15.3604 -8.19141c3.07227 0 7.50391 0.863281 13.3115 2.55957c5.80859 1.71191 10.2402 2.56055 13.3125 2.56055
+c5.80762 0 9.72754 -2.38477 11.7764 -7.16797c-14.3359 -5.45605 -28.3359 -8.19238 -41.9844 -8.19238c-15.6963 0 -27.3125 5.10352 -34.8164 15.3604c-7.50391 10.2559 -11.2637 23.5674 -11.2637 39.9512zM124.864 144.912l4.0957 0.496094
+c1.02441 0 2.38379 -0.335938 4.0957 -1.02441c1.69629 -0.671875 2.89648 -1.00781 3.58398 -1.00781l3.58398 1.55176c0.688477 4.76855 1.02441 8.52832 1.02441 11.248c0 6.16016 -0.864258 12.9766 -2.55957 20.4805
+c-7.50488 -8.54395 -12.1123 -19.1201 -13.8242 -31.7441zM181.184 117.248c0 41.9844 13.3125 73.04 39.9365 93.1836c10.9277 -1.02344 21.168 -4.94336 30.7197 -11.7754c-0.335938 -5.80859 -1.69629 -17.2324 -4.0957 -34.3203
+c-1.69629 -13.3115 -2.56055 -24.4004 -2.56055 -33.2803v-7.15137c-6.81543 -0.688477 -11.7754 -1.02441 -14.8477 -1.02441c-2.73633 0 -10.0635 0.864258 -22.0156 2.56055c-1.71191 -4.09668 -2.56055 -8.0166 -2.56055 -11.7764
+c0 -7.50391 2.89648 -13.9043 8.7041 -19.1836c5.80859 -5.29688 12.4639 -7.93652 19.9678 -7.93652c8.87988 0 15.8721 3.91992 20.9922 11.7764c6.14453 -2.06445 9.72852 -4.97656 10.752 -8.7207c-7.50391 -7.15137 -18.2559 -10.752 -32.2559 -10.752
+c-12.6396 0 -24.5762 3.4248 -35.8398 10.2559c-11.2637 6.80078 -16.8965 16.1924 -16.8965 28.1445zM209.856 139.264c1.35938 -2.04785 3.75977 -3.07129 7.16797 -3.07129h4.60742c3.07227 6.49609 4.6084 14.8477 4.6084 25.0879
+c0 4.43164 -1.02441 11.0879 -3.07227 19.9678c-1.02441 -2.73633 -2.71973 -7.00781 -5.12012 -12.8164c-2.38379 -5.77539 -4.35156 -11.0078 -5.8877 -15.6152c-1.53613 -4.59277 -2.30371 -9.12012 -2.30371 -13.5527zM260.544 148.992
+c-0.671875 8.87988 3.24805 13.3115 11.7764 13.3115c2.06348 0 5.12012 -0.191406 9.21582 -0.527344s7.00781 -0.496094 8.7041 -0.496094c1.02344 5.12012 1.55176 10.3994 1.55176 15.8721c0 9.8877 -1.28027 24.6553 -3.83984 44.2881
+c-2.56055 19.6318 -3.83984 34.3838 -3.83984 44.2871c0 14.6729 1.71191 26.9766 5.12012 36.8643c1.69531 -1.02344 6.22363 -1.96777 13.5674 -2.81543c7.34375 -0.848633 14.2559 -5.02441 20.7363 -12.5439c-2.04785 -8.88086 -3.07227 -20.3203 -3.07227 -34.3047
+c0 -6.83203 0.688477 -20.6553 2.06445 -41.4717c0.6875 -11.9521 1.00781 -22.3525 1.00781 -31.2324c0 -6.81543 -0.175781 -12.624 -0.511719 -17.4072h3.07129c2.38477 0 3.91992 1.02344 4.6084 3.07129c0.6875 2.04785 1.02344 4.17676 1.02344 6.38477
+s0.672852 3.34375 2.03223 3.34375c2.75195 0 5.9043 -1.47266 9.47266 -4.35254c3.59961 -2.91211 7.43945 -6.5752 11.5352 -11.0078c4.09668 -4.43164 6.65625 -7.15234 7.68066 -8.19141c-3.07227 -2.38477 -10 -3.9209 -20.752 -4.6084
+c-10.752 -0.671875 -17.3125 -1.36035 -19.6963 -2.04785c-0.335938 -4.09668 -0.511719 -10.2402 -0.511719 -18.4326c0 -5.45605 0.0957031 -11.0879 0.255859 -16.8955c0.191406 -5.79199 0.431641 -12.3037 0.78418 -19.4561
+c0.335938 -7.16797 0.496094 -12.7998 0.496094 -16.9121c-2.7207 -0.335938 -6.65625 -0.671875 -11.7764 -1.00781c-5.10449 -0.335938 -8.86426 -0.671875 -11.248 -1.00781v10.2393c0 7.16797 -0.511719 16.8965 -1.53613 29.168
+c-1.37598 15.0244 -2.06348 25.4404 -2.06348 31.248c-2.03223 0.672852 -7.50391 1.28027 -16.3682 1.77637c-8.91211 0.511719 -15.3926 2.14453 -19.4883 4.86426zM370.624 153.088c0 6.81641 0.335938 16.7197 1.02441 29.6797
+c3.74316 -0.335938 7.15137 -1.18359 10.2236 -2.55957c3.08789 -1.36035 6.65625 -3.15234 10.7676 -5.37598c4.09668 -2.22363 7.16797 -3.83984 9.2002 -4.86426l-0.496094 -13.8242c0 -20.1279 1.53613 -39.9355 4.6084 -59.3916
+c6.47949 2.38379 11.7598 6.33594 15.8555 11.7764c4.1123 5.45605 6.92871 12.5439 8.46484 21.2314c1.53516 8.7207 2.46387 15.8721 2.81543 21.5205c0.352539 5.64746 0.671875 13.2314 1.00781 22.7842v5.64746c1.00781 -0.335938 2.56055 -0.511719 4.6084 -0.511719
+c6.83203 -0.688477 15.1836 -4.95996 25.0879 -12.7998c0 -1.02441 0.0800781 -2.65625 0.255859 -4.88086c0.175781 -2.22363 0.255859 -3.83984 0.255859 -4.86328c0 -5.10449 -0.6875 -10.2402 -2.03125 -15.3604c-1.37598 -5.12012 -2.65625 -8.87988 -3.84082 -11.2637
+c-1.19922 -2.38379 -3.67969 -6.65625 -7.43945 -12.7998c-3.74414 -6.16016 -6.14453 -10.0645 -7.15234 -11.7764c-5.12012 -4.0957 -10.9434 -11.248 -17.4082 -21.5039c-7.16797 -2.38379 -13.6641 -3.60059 -19.4717 -3.60059
+c-24.208 0.0166016 -36.3359 24.2725 -36.3359 72.7363zM473.024 97.7764c2.36719 2.06348 6.46387 3.75977 12.2871 5.12012c0 1.02344 0.176758 2.55957 0.496094 4.60742c1.37598 11.9521 2.56055 21.5996 3.60059 28.9277
+c1.02344 7.34473 3.15137 17.4248 6.39941 30.2246c3.23242 12.7998 7.00879 22.96 11.248 30.4639c4.28809 7.50391 10.3359 14.2559 18.1924 20.2236c7.83984 5.98438 16.8955 8.95996 27.1201 8.95996c11.6162 0 24.5918 -4.0957 38.9277 -12.2881
+c5.79199 -12.624 8.7041 -25.4238 8.7041 -38.3838c0 -22.5283 -7.93555 -42.8477 -23.8076 -60.9434c-15.8721 -18.0967 -35.0566 -29.6807 -57.6006 -34.8164c-0.6875 -10.9277 -1.02344 -19.1201 -1.02344 -24.5762c0 -24.9277 3.07129 -44.8955 9.21582 -59.9043
+c-2.71973 0.688477 -9.04004 1.00879 -18.9443 1.00879c-5.12012 0 -8.87988 0.335938 -11.2637 1.02344c-3.07227 7.16797 -5.8877 23.5684 -8.44824 49.1523c-2.55957 25.584 -7.59961 42.6719 -15.1035 51.2002zM519.088 110.592
+c13.3125 3.4082 24.4961 11.6006 33.5518 24.5762c9.04004 12.9756 13.5684 26.4482 13.5684 40.4482c0 10.2402 -2.54395 19.792 -7.66406 28.6719c-7.85547 -7.16797 -14.5918 -16.6396 -20.2236 -28.416c-5.64844 -11.7764 -9.56836 -22.0156 -11.7764 -30.7197
+c-2.22363 -8.7207 -4.7041 -20.208 -7.45605 -34.5605z" />
+    <glyph glyph-name="uniF134" unicode="&#xf134;" 
+d="M-68.6562 192c0 55.2324 19.5361 102.352 58.5918 141.408c39.0566 39.0557 86.1924 58.5918 141.408 58.5918c41.7598 0 78.6885 -10.6719 110.88 -32.0645c32.1445 -21.376 56.7842 -51.7598 73.9844 -91.168c5.04004 -12.1279 26.752 -62.6396 65.1357 -151.52
+c7.07227 -16.1445 13.376 -28.5439 18.96 -37.1201c5.55273 -8.5918 13.7764 -16.1123 24.7363 -22.7041c10.9443 -6.57617 24.3359 -10.1914 40.1758 -10.8955h3.52051c22.5596 0 41.248 6.08008 56.0801 18.1914c15.4717 12.7998 23.3916 28.9922 23.7275 48.4961
+c0 9.07227 -1.36035 16.6719 -4.04785 22.7363c-2.7041 6.04785 -7.66406 11.4395 -14.8965 16.1758c-7.23145 4.68848 -14.0479 8.30371 -20.4639 10.832c-6.39941 2.54395 -16.3359 5.98438 -29.8076 10.3516c-42.0645 13.8242 -72.3682 28.8643 -90.8965 45.2002
+c-18.5273 16.3359 -27.7754 39.1367 -27.7754 68.4326c0 30.6396 9.66406 55.1357 29.04 73.4873c19.3438 18.3525 45.6953 27.5361 79.0234 27.5361c42.7686 0 74.9443 -19.3594 96.4805 -58.0957l-42.4482 -21.6963c-15.1357 20.8643 -33.9844 31.3125 -56.5439 31.3125
+c-15.4883 0 -28.3516 -4.7998 -38.6396 -14.3848c-10.2725 -9.59961 -15.4248 -21.8076 -15.4248 -36.6396c0 -4.36816 0.336914 -8.49609 1.04004 -12.3682c0.672852 -3.8877 2.08008 -7.32812 4.30469 -10.3516c2.17578 -3.00781 4.19141 -5.72852 6.04785 -8.08008
+c1.83984 -2.35254 4.78418 -4.7998 8.84766 -7.32812c4 -2.49609 7.4082 -4.44824 10.0801 -5.80762c2.7041 -1.34473 6.91211 -3.12012 12.624 -5.3125c5.71191 -2.17578 10.1924 -3.77539 13.3926 -4.7998c3.19922 -1.02441 8.51172 -2.67188 15.9033 -5.02441
+c7.4082 -2.38379 12.9922 -4.06348 16.7041 -5.05566c36.3359 -12.1123 62.3359 -26.2559 78.0156 -42.416c15.6484 -16.1602 23.4883 -39.7275 23.4883 -70.7197c0 -33.6641 -12.7998 -61.6006 -38.3682 -83.8398c-25.2959 -21.8721 -56.5918 -32.8164 -93.9678 -32.8164
+h-1.51953c-33.6641 0 -60.7686 7.82422 -81.3125 23.4717c-20.5273 15.6641 -37.8721 39.3125 -52 71.0088l-7.07227 16.624l-64.1592 145.472c-11.1201 25.9355 -28.7041 46.7998 -52.7842 62.624c-24.0801 15.8398 -50.752 23.7275 -80.0479 23.7275
+c-40.0645 0 -74.3203 -14.2236 -102.769 -42.6553c-28.4639 -28.4805 -42.6875 -62.752 -42.6875 -102.816s14.2393 -74.3203 42.6719 -102.768c28.4482 -28.4482 62.7041 -42.7041 102.768 -42.7041c27.6162 0 52.8643 7.15137 75.7441 21.4717
+c22.9121 14.3359 40.5918 33.2324 53.04 56.8477l25.7598 -59.6152c-18.5273 -22.8965 -41.2314 -40.8486 -68.1758 -53.7607c-26.9443 -12.9912 -55.7275 -19.4717 -86.3682 -19.4717c-55.2158 0 -102.352 19.5518 -141.408 58.5762
+c-39.0557 39.0723 -58.5918 86.208 -58.5918 141.424z" />
+    <glyph glyph-name="uniF102" unicode="&#xf102;" 
+d="M16.9756 141.312v137.729c0 8.87988 3.24805 16.4639 9.72852 22.7842c6.47949 6.31934 14 9.47168 22.5283 9.47168c8.87988 0 16.4639 -3.15234 22.7832 -9.47168c6.32031 -6.32031 9.47266 -13.9199 9.47266 -22.7842v-137.729
+c0 -8.87988 -3.16797 -16.4639 -9.47266 -22.7832c-6.30371 -6.32031 -13.9033 -9.47266 -22.7832 -9.47266c-8.88086 0 -16.4648 3.15234 -22.7842 9.47266c-6.32031 6.31934 -9.47266 13.9033 -9.47266 22.7832zM105.552 90.1123v214.016h293.889v-214.016
+c0 -8.87988 -3.15234 -16.4639 -9.47266 -22.7842c-6.31934 -6.32031 -13.9033 -9.47168 -22.7842 -9.47168h-229.392c-8.86426 0 -16.4639 3.15137 -22.7842 9.47168c-6.31934 6.32031 -9.45605 13.9043 -9.45605 22.7842zM105.552 328.192
+c0 39.248 14.4961 71.5039 43.5039 96.7676c29.0244 25.2637 63.4883 37.8877 103.44 37.8877c39.9199 0 74.416 -12.624 103.408 -37.8877c29.04 -25.2637 43.5361 -57.5195 43.5361 -96.7676h-293.889zM157.264 489.984c0 -1.02441 8.17676 -16.5605 24.5762 -46.5928
+l7.67969 4.09668l-25.0879 45.5674c-1.35938 0.688477 -2.55957 1.02441 -3.58398 1.02441c-2.38379 0 -3.58398 -1.36035 -3.58398 -4.0957zM164.944 76.7998c0 9.21582 3.24805 16.8965 9.72754 23.04c6.48047 6.14453 14.5117 9.21582 24.0645 9.21582
+c8.54395 0 16.0479 -3.24805 22.5273 -9.72754c6.48047 -6.48047 9.72852 -13.9844 9.72852 -22.5283v-103.424c0 -9.56836 -3.24805 -17.3115 -9.72852 -23.2959c-6.47949 -5.96777 -14.5117 -8.95996 -24.0635 -8.95996c-8.87988 0 -16.4639 3.15234 -22.7842 9.47168
+c-6.32031 6.32031 -9.47168 13.9043 -9.47168 22.7842v103.424zM167.504 394.24c0 -5.45605 1.95215 -10.2402 5.8877 -14.3359c3.93652 -4.09668 8.62402 -6.14453 14.0801 -6.14453c5.80859 0 10.6719 1.95215 14.5928 5.88867
+c3.91992 3.91992 5.8877 8.7832 5.8877 14.5918c0 5.45605 -1.95215 10.1436 -5.8877 14.0801c-3.9209 3.91992 -8.62402 5.8877 -14.0801 5.8877s-10.2402 -1.96777 -14.3359 -5.8877c-4.09668 -3.93652 -6.14453 -8.62402 -6.14453 -14.0801zM274 76.7998
+c0 9.21582 3.31152 16.8965 9.96777 23.04c6.65625 6.14453 14.5918 9.21582 23.8086 9.21582c8.87988 0 16.4639 -3.15137 22.7832 -9.47168c6.32031 -6.33594 9.47266 -13.9199 9.47266 -22.7998v-103.424c0 -9.56836 -3.23242 -17.3125 -9.71191 -23.2959
+c-6.48047 -5.96875 -14.4961 -8.96094 -24.0645 -8.96094c-8.87988 0 -16.4639 3.15234 -22.7842 9.47266c-6.31934 6.32031 -9.47168 13.9043 -9.47168 22.7842v103.439zM297.024 394.24c0 -5.45605 1.9834 -10.2402 5.90332 -14.3359
+c3.91992 -4.09668 8.62402 -6.14453 14.0801 -6.14453s10.2402 1.95215 14.3359 5.88867c4.09668 3.91992 6.14453 8.7832 6.14453 14.5918c0 5.45605 -1.96875 10.1436 -5.88867 14.0801c-3.93555 3.91992 -8.62402 5.8877 -14.0801 5.8877
+c-5.45508 0 -10.2393 -1.96777 -14.3359 -5.8877c-4.11133 -3.93652 -6.15918 -8.62402 -6.15918 -14.0801zM315.472 447.488l7.68066 -4.6084l24.5752 45.5684v1.02344c0 3.07227 -1.18359 4.6084 -3.58398 4.6084c-2.39941 0 -5.55176 -3.15234 -9.4873 -9.47168
+c-3.9043 -6.30469 -7.93652 -13.8242 -12.0322 -22.5283s-6.46387 -13.5684 -7.15234 -14.5918zM423.504 141.312v137.217c0 8.87988 3.15234 16.5596 9.47168 23.04c6.32031 6.47949 13.9043 9.72754 22.7842 9.72754s16.4639 -3.24805 22.7842 -9.72754
+c6.32031 -6.48047 9.47168 -14.1602 9.47168 -23.04v-137.217c0 -8.87988 -3.15137 -16.4639 -9.47168 -22.7832c-6.32031 -6.32031 -13.9043 -9.47266 -22.7842 -9.47266s-16.5596 3.15234 -23.0234 9.47266c-6.5127 6.31934 -9.58398 13.9033 -9.23242 22.7832z" />
+    <glyph glyph-name="uniF13D" unicode="&#xf13d;" 
+d="M-18.4961 116.736c-0.335938 21.5195 3.83984 41.3916 12.5439 59.6475c8.7041 18.2725 20.1279 33.4561 34.3037 45.584c14.1602 12.1123 29.8564 22.8643 47.1045 32.2559c17.2324 9.37598 34.4795 16.7207 51.7119 22.0166s33.0244 9.64746 47.3604 13.0557
+s25.9521 5.63184 34.8154 6.65625l13.3125 1.53613v-62.9766c-19.4561 -1.35938 -37.2959 -4.6875 -53.5039 -9.9834s-29.4404 -11.5205 -39.6807 -18.6885c-10.2393 -7.16797 -19.2959 -14.9434 -27.1357 -23.2959c-7.83984 -8.36816 -13.8242 -16.5596 -17.9199 -24.5762
+c-4.0957 -8.01562 -7.34375 -15.2637 -9.72754 -21.7598c-2.38477 -6.48047 -3.76074 -11.7764 -4.09668 -15.8721l-1.02344 -6.14355c-1.02441 -5.10449 -1.53613 -10.2402 -1.53613 -15.3604c0 -7.50391 1.18359 -14.6719 3.58398 -21.5039
+c4.0957 -11.6162 10.5918 -21.5039 19.4561 -29.6797c8.87988 -8.20801 18.9434 -15.792 30.208 -22.8008c11.2637 -6.99121 22.8799 -12.624 34.8154 -16.8955c11.9365 -4.27246 22.8643 -7.93652 32.7686 -11.0078c9.90332 -3.07227 17.9199 -5.2959 24.0635 -6.65625
+l9.72852 -1.55176v-52.7363c-33.1045 3.4082 -63.0566 9.3916 -89.8564 17.9199s-48.3838 18.1758 -64.7676 28.9277s-30.5605 22.2881 -42.4961 34.5605c-11.9365 12.2715 -20.6562 24.3193 -26.1123 36.0957s-9.64746 22.3525 -12.5439 31.7441
+c-2.89551 9.37598 -4.52832 16.9756 -4.86426 22.7842zM242.624 -64v461.824l72.6875 50.1758v-472.064zM332.736 238.592h-0.0166016v58.8799l26.624 -2.55957c18.0801 -1.71191 39.5205 -6.99219 64.2559 -15.8721c24.752 -8.87988 43.9521 -20.6562 57.6162 -35.3281
+l54.7842 31.2324v-125.44l-160.24 39.9365l42.4805 17.4072l-10.752 8.19238c-7.52051 5.12012 -18.4326 10.416 -32.7686 15.8721c-13.3115 4.76758 -26.4473 7.34375 -39.4395 7.67969h-2.54395z" />
+    <glyph glyph-name="uniF164" unicode="&#xf164;" 
+d="M273.806 46.0225c103.522 0 138.494 4.68848 138.494 4.68848s-5.37891 82.5752 -43.1631 97.4131c-37.7842 14.8682 -47.0264 12.7559 -60.1533 20.6689c-0.320312 0.185547 -0.639648 0.381836 -0.96875 0.546875v22.2354
+c12.5703 11.0254 22.6064 27.6348 28.4492 46.6348c6.82031 7.32617 10.7568 15.9512 10.7568 25.1729c0 6.32617 -1.86523 12.3545 -5.24512 17.9082c-2.21484 46.5527 -31.8281 77.3613 -68.0771 77.3613c-36.2285 0 -65.8418 -30.8086 -68.0781 -77.3613
+c-3.36914 -5.55371 -5.24414 -11.582 -5.24414 -17.9082c0 -9.22168 3.93555 -17.8467 10.7568 -25.1729c5.86328 -19 15.8887 -35.6201 28.46 -46.6455v-22.2246c-0.320312 -0.165039 -0.649414 -0.361328 -0.979492 -0.546875
+c-13.0957 -7.91309 -22.3594 -5.80078 -60.123 -20.6689c-37.7842 -14.8379 -43.1934 -97.4131 -43.1934 -97.4131s34.7852 -4.68848 138.309 -4.68848zM447.745 448.491l219.317 -255.896l-219.317 -255.866h-423.468c-13.4678 0 -24.3691 10.8916 -24.3691 24.3486
+v463.045c0 13.457 10.9014 24.3682 24.3691 24.3682h423.468z" />
+    <glyph glyph-name="uniF10A" unicode="&#xf10a;" 
+d="M0 49.6641c3.75456 5.11979 9.13053 9.47168 16.1279 13.0557s15.36 6.9974 25.0879 10.2402s16.64 5.88835 20.7363 7.93652c6.48503 0 12.2021 -0.768229 17.1514 -2.30469c4.94987 -1.53581 10.6673 -4.0957 17.1523 -7.67969
+c6.48568 -3.58398 10.7523 -5.71745 12.7998 -6.40039c16.043 -7.16797 60.4163 -27.4772 133.12 -60.9277c6.48568 -1.36523 12.5443 -1.36523 18.1758 0c5.63216 1.36523 12.3737 4.35189 20.2246 8.95996c7.85026 4.60807 11.9463 7.08268 12.2881 7.42383
+c6.82617 3.07227 19.8822 8.96029 39.168 17.6641c19.2852 8.70443 34.2184 15.446 44.7998 20.2246c1.36523 0.682292 8.44792 4.26628 21.248 10.752c12.8001 6.48503 23.1253 10.5811 30.9756 12.2881c4.4375 0.682292 9.13086 0.511393 14.0801 -0.512695
+s8.95996 -2.30404 12.0322 -3.83984s6.99772 -3.75456 11.7764 -6.65625c4.77865 -2.90104 7.85059 -4.69303 9.21582 -5.37598c1.36523 -0.682292 4.01042 -1.70605 7.93555 -3.07129c3.92578 -1.36589 7.08333 -2.73145 9.47266 -4.09668
+s4.2666 -3.24251 5.63184 -5.63184c1.02409 -1.36523 1.70671 -3.75456 2.04785 -7.16797c-3.41341 -4.4375 -8.7041 -8.53353 -15.8721 -12.2881c-7.16797 -3.75456 -15.8721 -7.50911 -26.1123 -11.2637c-10.2396 -3.75456 -17.0661 -6.48535 -20.4795 -8.19238
+c-14.6777 -6.82682 -36.6084 -17.3229 -65.792 -31.4883c-29.1842 -14.1647 -51.1149 -24.6605 -65.792 -31.4873c-2.38932 -1.02409 -5.97331 -2.98698 -10.752 -5.88867c-4.77865 -2.90104 -8.78939 -5.11947 -12.0322 -6.65527
+c-3.24284 -1.53646 -7.59473 -3.41374 -13.0557 -5.63184c-5.46159 -2.21875 -10.1549 -3.41341 -14.0801 -3.58398c-3.92578 -0.171224 -8.96061 0.0846354 -15.1045 0.767578l-135.168 62.9756c-2.04818 1.02409 -7.50944 3.41341 -16.3838 7.16797
+c-8.875 3.75521 -17.6644 7.51009 -26.3682 11.2646c-8.70378 3.75456 -17.8343 7.85059 -27.3916 12.2881c-9.55729 4.43685 -17.4935 8.44727 -23.8086 12.0312c-6.31445 3.58398 -9.98372 6.40007 -11.0078 8.44824c-1.36523 1.36523 -2.04785 3.58398 -2.04785 6.65625z
+M0 186.88c3.75456 5.11979 9.13053 9.38639 16.1279 12.7998s15.5306 6.82682 25.5996 10.2402c10.0697 3.41341 17.1523 5.97331 21.248 7.67969c6.48568 0 12.2884 -0.767904 17.4082 -2.30371c5.12044 -1.53581 11.0085 -4.0957 17.6641 -7.67969
+c6.65625 -3.58398 11.0081 -5.88802 13.0557 -6.91211c14.3366 -6.48568 35.9261 -16.3844 64.7686 -29.6963s50.6025 -23.3812 65.2803 -30.208c6.48503 -1.70638 12.7995 -1.79167 18.9434 -0.255859c6.14388 1.53581 12.8001 4.43717 19.9688 8.7041
+c7.16797 4.26693 11.4346 6.74154 12.7998 7.42383c23.2103 10.9225 50.5169 23.2106 81.9199 36.8643c3.75456 1.70638 9.13053 4.52246 16.1279 8.44824c6.9974 3.92513 13.568 7.25293 19.7119 9.9834c6.14388 2.73112 12.2878 4.6084 18.4316 5.63184
+c5.46159 1.02409 10.8376 0.853516 16.1279 -0.511719c5.29102 -1.36523 11.6911 -4.2666 19.2002 -8.7041c7.50977 -4.4375 11.4352 -6.65625 11.7764 -6.65625c1.70638 -1.02344 4.35156 -2.13249 7.93555 -3.32715s6.65592 -2.56022 9.21582 -4.09668
+c2.56055 -1.53581 4.52344 -3.3278 5.88867 -5.37598c1.02409 -1.70638 1.70671 -4.0957 2.04785 -7.16797c-3.41341 -4.77865 -8.78939 -9.13053 -16.1279 -13.0557s-16.2985 -7.7653 -26.8799 -11.5205c-10.5814 -3.75456 -17.5788 -6.48503 -20.9922 -8.19141
+c-16.3841 -7.85091 -39.5094 -18.9443 -69.376 -33.2803s-50.7731 -24.4053 -62.7197 -30.208c-2.38932 -1.02409 -6.82682 -3.41341 -13.3125 -7.16797c-6.48503 -3.75456 -11.4342 -6.31445 -14.8477 -7.67969s-8.96029 -3.07194 -16.6406 -5.12012
+c-7.67969 -2.04818 -13.7383 -2.04818 -18.1758 0c-73.0449 34.4746 -117.418 55.2959 -133.12 62.4639c-2.04753 1.02409 -9.55664 4.2666 -22.5273 9.72754c-12.9707 5.46159 -24.832 10.5817 -35.584 15.3604s-21.248 9.81348 -31.4883 15.1045
+c-10.2402 5.29036 -16.043 9.13021 -17.4082 11.5195c-1.36523 1.36523 -2.04785 3.75456 -2.04785 7.16797zM0 323.584c3.41341 5.11979 8.78939 9.64258 16.1279 13.5684c7.33854 3.92513 16.2985 7.76497 26.8799 11.5195s17.5788 6.48535 20.9922 8.19238
+l178.176 82.9434c10.2402 0 19.3711 -1.19466 27.3926 -3.58398c8.02083 -2.38932 17.6634 -6.8265 28.9277 -13.3115c11.2637 -6.48568 18.0902 -10.2402 20.4795 -11.2637c13.3125 -6.14453 33.2806 -15.446 59.9043 -27.9043
+c26.6243 -12.459 46.5924 -21.7604 59.9043 -27.9043c1.36523 -0.682292 7.5944 -3.24219 18.6875 -7.67969c11.0938 -4.4375 20.3952 -8.53353 27.9043 -12.2881s12.1172 -7.16797 13.8242 -10.2402c1.02409 -1.36523 1.70671 -3.58398 2.04785 -6.65625
+c-3.07227 -4.43685 -7.50977 -8.27669 -13.3125 -11.5195c-5.80208 -3.24284 -13.2259 -6.48568 -22.2715 -9.72852c-9.04557 -3.24219 -14.9336 -5.5459 -17.6641 -6.91113c-16.043 -7.50977 -39.9362 -18.8594 -71.6797 -34.0488
+c-31.7441 -15.1888 -55.4668 -26.5381 -71.168 -34.0479c-2.04818 -1.02409 -5.46159 -2.90137 -10.2402 -5.63184s-8.7041 -4.86361 -11.7764 -6.39941c-3.07161 -1.53646 -7.33822 -3.32878 -12.7998 -5.37695c-5.46159 -2.04753 -10.0697 -3.07129 -13.8242 -3.07129
+c-3.75456 0 -8.5332 0.170573 -14.3359 0.511719c-83.6263 38.9121 -127.317 59.2214 -131.072 60.9277c-1.36523 0.682943 -12.1172 5.3763 -32.2559 14.0801c-20.1387 8.70443 -37.5465 16.6406 -52.2236 23.8086c-14.6771 7.16797 -22.8691 12.2878 -24.5762 15.3594
+c-1.36523 1.36523 -2.04785 3.58398 -2.04785 6.65625z" />
+    <glyph glyph-name="uniF104" unicode="&#xf104;" 
+d="M-78.5283 233.984c0 35.8398 8.95996 67.9199 26.8799 96.2559c17.9209 28.3359 41.2168 50.7676 69.8887 67.3281c28.6719 16.5596 59.4717 29.1035 92.416 37.6318c32.9434 8.52734 66.1279 12.7998 99.584 12.7998c9.90332 0 17.248 -0.175781 22.0156 -0.511719
+c39.248 -2.04785 77.8242 -9.04004 115.712 -20.9922c29.6807 -9.56836 58.0322 -22.2725 84.9922 -38.1445c26.9756 -15.8711 51.9678 -34.4795 75.0078 -55.8076c23.0244 -21.3281 41.4727 -46.3359 55.2803 -75.0078c13.8398 -28.6719 20.752 -58.7041 20.752 -90.1123
+c0 -4.43164 -0.175781 -7.66406 -0.511719 -9.72754c-3.76074 -51.8721 -24.3359 -95.5684 -61.6963 -131.057c-37.3604 -35.4873 -83.1836 -60.5918 -137.472 -75.2637c-36.5283 -10.2559 -75.6006 -15.376 -117.265 -15.376h-4.0957
+c-68.6084 0 -122.368 9.04004 -161.28 27.1201c-2.04785 0.6875 -3.24805 1.71191 -3.58398 3.08789c0 0.671875 0.512695 1.00781 1.53613 1.00781c0.335938 0 0.944336 -0.0800781 1.79199 -0.271484c0.848633 -0.160156 1.45605 -0.255859 1.79199 -0.255859
+c17.0723 -4.09668 32.2559 -6.14453 45.5684 -6.14453c8.19141 0 16.208 0.767578 24.0635 2.30371c7.85645 1.53613 15.2803 4.95996 22.2725 10.2559c7.00781 5.28027 10.4961 12.0322 10.4961 20.2246c0 4.0957 -1.02441 8.19141 -3.07227 12.2881
+c-3.07227 5.47168 -13.0557 11.1836 -29.9521 17.1514c-16.8955 5.96875 -36.3516 11.6807 -58.3682 17.1523c-22.0156 5.47168 -34.8955 8.87988 -38.6553 10.2402c-27.3125 8.87988 -51.0244 20.1436 -71.168 33.792c0 0.335938 0.591797 1.96777 1.79199 4.86426
+c1.19922 2.91113 2.22363 5.3916 3.07129 7.42383c0.864258 2.06348 2.04785 4.0957 3.58398 6.16016c1.53613 2.03125 2.99219 3.05566 4.35254 3.05566h91.6475c3.07227 0 5.88867 -3.66406 8.44824 -11.0078c2.56055 -7.34473 6.14453 -14.7686 10.752 -22.2881
+c4.6084 -7.50391 10.6719 -11.248 18.1758 -11.248c6.14453 0 11.4404 1.95215 15.8721 5.87207c4.43262 3.93555 6.65625 8.97559 6.65625 15.1035c0 3.74414 -14.3359 37.7119 -43.0078 101.889c-28.6719 64.1592 -46.7686 103.6 -54.2725 118.271
+c-2.03125 5.15234 -4.76758 7.71191 -8.17578 7.71191c-2.71973 0 -4.94434 -1.53613 -6.65625 -4.60742l-1.53613 -3.07227c-2.73535 -5.12012 -11.6152 -24.5762 -26.623 -58.3682l-54.7842 -121.855l-3.58398 -7.68066
+c-32.4326 37.2002 -48.6406 77.1523 -48.6406 119.809v0zM33.0879 148.992c0 3.4082 9.21582 25.4238 27.6484 66.0322l2.55957 1.53516c2.04785 0 7.60059 -10.8477 16.6396 -32.5117c9.04004 -21.6641 13.5684 -33.5361 13.5684 -35.584
+c0 -1.36035 -0.847656 -2.04785 -2.55957 -2.04785h-55.2959c-1.71289 0.015625 -2.56055 0.864258 -2.56055 2.57617zM190.272 86.0156c0 -15.3594 8.01562 -23.04 24.0635 -23.04c16.0322 0 24.0645 7.68066 24.0645 23.04v198.656
+c0 15.3604 -8.0166 23.04 -24.0645 23.04s-24.0635 -7.67969 -24.0635 -23.04v-198.656zM284.992 86.0156c0 -15.3594 8 -23.04 24.0635 -23.04c16.0322 0 24.0645 7.68066 24.0645 23.04v92.6729l47.0879 -94.7207c4.43164 -9.90332 11.4404 -14.8477 20.9922 -14.8477
+c10.9121 0 18.7676 4.94434 23.5518 14.8477l46.5918 94.7207v-92.6729c0 -15.3594 8.0166 -23.04 24.0645 -23.04c16.3838 0 24.5762 7.68066 24.5762 23.04v198.656c0 15.3604 -8.03223 23.04 -24.0645 23.04c-11.9521 0 -19.9678 -4.94434 -24.0635 -14.8477
+l-70.6562 -154.624l-68.0801 154.624c-4.78418 9.90332 -12.9766 14.8477 -24.5918 14.8477c-15.6807 0 -23.5361 -7.67969 -23.5361 -23.04v-198.656z" />
+    <glyph glyph-name="uniF154" unicode="&#xf154;" 
+d="M82.4961 267.264c-3.75977 51.5361 17.7441 94.5439 64.5117 129.024c21.5039 16.0322 46.2402 28 74.2402 35.8398c26.624 7.85645 56.4795 9.72852 89.5996 5.63184c33.1045 -4.0957 64 -14.1602 92.6719 -30.208c-0.671875 -13.6641 -0.671875 -26.624 0 -38.9121
+c2.04883 -40.624 0.336914 -66.7354 -5.10352 -78.3359c-3.07227 0.335938 -11.9521 2.7207 -26.624 7.16797c-12.3037 3.76074 -23.5684 6.48047 -33.792 8.19238c-10.5762 2.04785 -20.9922 3.4082 -31.2324 4.0957c-23.9033 2.04785 -40.7832 -4.43164 -50.6875 -19.4561
+c2.71973 -15.0234 9.21582 -26.2881 19.4561 -33.792c10.2402 -7.16797 24.2402 -13.4873 41.9834 -18.9434c16.7207 -4.78418 28.4961 -9.2168 35.3281 -13.3125c38.5762 -23.9043 62.3047 -61.2803 71.168 -112.128v-43.5195
+c0 -27.6484 -7.59961 -51.9688 -22.7832 -72.96c-15.1846 -20.9922 -35.4248 -36.7842 -60.6885 -47.376c-35.8242 -15.0088 -77.5684 -21.6006 -125.168 -19.6963c-47.6162 1.87207 -88.4961 12.0322 -122.624 30.4482c1.02441 14 1.02441 27.4873 0 40.4473
+c-1.02441 14.3359 -1.36035 28.1768 -1.02441 41.4883c0.672852 14.6719 2.7207 26.4316 6.14453 35.3125c6.14355 -1.00879 14.3359 -2.89648 24.5762 -5.63281c18.0801 -5.12012 30.7197 -8.35156 37.8877 -9.71191c56.3203 -12.3037 86.5283 -5.47168 90.624 20.4639
+c1.02441 7.50488 -0.767578 14.416 -5.37598 20.7363c-4.6084 6.33594 -10.4961 11.3604 -17.6641 15.1045c-9.56836 4.7832 -17.7441 8.52734 -24.5762 11.2637c-9.8877 4.0957 -16.2236 6.99219 -18.96 8.7041c-15.0078 7.83984 -25.0879 13.3115 -30.208 16.3682
+c-19.4561 11.6152 -33.1035 23.2158 -40.96 34.8154c-18.4316 26.3203 -28.6719 52.6084 -30.7197 78.8799z" />
+    <glyph glyph-name="uniF11B" unicode="&#xf11b;" 
+d="M37.1523 -0.511719c1.02344 10.5762 3.07129 21.8555 6.14355 33.792c3.74414 15.3594 16.0322 75.1836 36.8643 179.456c20.8154 104.271 32.9277 163.936 36.3516 178.943c4.09668 17.7441 8.19238 30.1279 12.2881 37.1201
+c4.09668 7.00781 10.752 12.0322 19.9678 15.1045c9.2168 3.07129 24.0645 4.60742 44.5439 4.60742h123.393c20.1436 0 43.168 -0.175781 69.1035 -0.511719c25.9521 -0.335938 45.7441 -0.511719 59.4082 -0.511719c14 0 22.5283 -7.68066 25.6006 -23.04
+c3.40723 -16.3838 -0.496094 -32.0801 -11.7764 -47.1045c-10.2402 -13.6641 -24.0645 -20.4795 -41.4717 -20.4795h-205.312l-25.5996 -119.296l180.224 -1.53613c15.0244 0 24.2402 -7.68066 27.6641 -23.04c3.4082 -15.3604 -0.192383 -29.6963 -10.752 -43.0078
+c-9.21582 -11.2646 -21.168 -16.8965 -35.8398 -16.8965h-184.336l-24.5762 -126.976h221.184c21.8408 0 34.9121 -7.42383 39.168 -22.2725c4.25684 -14.8477 1.36035 -29.7754 -8.70312 -44.8154c-10.0645 -15.0088 -21.6006 -22.5127 -34.5605 -22.5127h-283.136
+c-10.2402 0 -18.3525 2.89648 -24.3203 8.7041c-5.9834 5.79199 -9.64746 13.6641 -11.0078 23.5518c-1.36035 9.88867 -1.53613 20.1445 -0.511719 30.7207z" />
+    <glyph glyph-name="uniF115" unicode="&#xf115;" 
+d="M-6.14355 174.592l109.567 83.4561l-109.567 82.9443l159.231 103.936l103.937 -89.0879l106.495 89.0879l154.624 -98.8154l-101.376 -84.4805l101.376 -87.04l-157.184 -94.7197l-103.936 79.8721l-103.937 -79.8721zM102.912 46.0801v29.1836l48.1279 -28.1602
+l103.936 79.3604l0.512695 -0.511719v-181.76zM105.472 259.072l150.528 -94.7207l151.552 100.353l-150.527 86.5283zM255.488 -55.8076l0.511719 181.76l1.02441 0.511719l103.424 -79.3604l51.2002 30.7207v-32.2559z" />
+    <glyph glyph-name="uniF107" unicode="&#xf107;" 
+d="M36.6084 366.08c0 20.4795 21.6641 37.8877 65.0234 52.2236c43.3604 14.3359 95.5684 21.5039 156.672 21.5039c61.4404 0 113.744 -7.16797 156.944 -21.5039s64.752 -31.7441 64.752 -52.2236c0 -4.0957 -12.3037 -79.1836 -36.8643 -225.28
+c-3.07129 -15.6963 -22.0156 -30.8955 -56.8477 -45.5674c-34.8164 -14.6729 -77.4717 -22.0166 -128 -22.0166c-50.5117 0 -93.168 7.34375 -128 22.0166c-34.8164 14.6719 -53.584 29.8555 -56.3203 45.5674c-24.8955 141.312 -37.3594 216.4 -37.3594 225.28z
+M91.3916 68.6084v2.04785c0 5.80762 2.56055 8.7041 7.68066 8.7041c2.04785 0 4.0957 -0.864258 6.14355 -2.56055c16.0322 -12.624 36.8643 -22.5117 62.4639 -29.6963c25.6006 -7.15137 47.1045 -11.0879 64.5127 -11.7598l26.1113 -1.55176
+c2.75195 0 6.40039 0.0957031 11.0078 0.272461c4.6084 0.175781 13.585 1.00781 26.8965 2.55957c13.3115 1.53613 26.0156 3.66406 38.1279 6.38379c12.1279 2.73633 25.5361 7.00781 40.208 12.8164c14.6719 5.79199 27.1357 12.7998 37.376 20.9922l5.64844 2.55957
+c5.45605 0 8.19141 -2.89551 8.19141 -8.7041c0 -0.6875 -0.175781 -1.37598 -0.511719 -2.04785c-7.52051 -41.2959 -12.6396 -68.7842 -15.3604 -82.4316c-3.74414 -16.7207 -20.1436 -30.6406 -49.1514 -41.7285c-28.9922 -11.0879 -63.1367 -16.624 -102.4 -16.624
+c-39.248 0 -73.376 5.53613 -102.384 16.624s-45.2324 25.0078 -48.6406 41.7285c-6.52734 32.3994 -11.8232 59.8877 -15.9199 82.416zM116.48 373.76c0 -8.19141 13.9033 -15.2793 41.7275 -21.248c27.8242 -5.9834 61.1836 -8.95996 100.08 -8.95996
+c39.2637 0 72.7998 2.89648 100.624 8.7041c27.8076 5.80859 41.7119 12.7998 41.7119 20.9922c0 8.52832 -13.9043 15.7764 -41.7119 21.7598c-27.8242 5.98438 -61.3604 8.95996 -100.624 8.95996c-39.248 0 -72.6885 -2.91211 -100.336 -8.7041
+c-27.6484 -5.80762 -41.4717 -12.96 -41.4717 -21.5039zM187.648 193.024c0 -19.4561 6.91113 -36.0801 20.7354 -49.9365c13.8242 -13.8076 30.4639 -20.7197 49.9199 -20.7197c19.4727 0 36.0967 6.91211 49.9365 20.7197
+c13.8076 13.8398 20.7197 30.4639 20.7197 49.9365c0 19.4717 -6.91211 36.0957 -20.7197 49.9199c-13.8398 13.8232 -30.4639 20.7354 -49.9365 20.7354c-19.4561 0 -36.0801 -6.91211 -49.9199 -20.7354c-13.8242 -13.8242 -20.7354 -30.4639 -20.7354 -49.9199z
+M222.976 193.024c0 9.55176 3.4082 17.8398 10.2402 24.832c6.81641 6.99121 15.1846 10.4951 25.0723 10.4951c9.9043 0 18.2715 -3.50391 25.0879 -10.4951c6.83203 -6.99219 10.2559 -15.2803 10.2559 -24.832c0 -9.55273 -3.42383 -17.8242 -10.2559 -24.832
+c-6.7998 -6.99219 -15.1836 -10.4961 -25.0879 -10.4961c-9.8877 0 -18.2402 3.50391 -25.0723 10.4961c-6.83203 6.99121 -10.2402 15.2793 -10.2402 24.832z" />
+    <glyph glyph-name="uniF124" unicode="&#xf124;" 
+d="M0 195.072c0 34.8158 6.82682 67.9251 20.4805 99.3281c26.9648 63.4876 72.1914 108.714 135.68 135.68c31.4023 13.653 64.5117 20.4795 99.3281 20.4795c34.8158 0 67.9251 -6.8265 99.3281 -20.4795c62.8053 -26.6243 108.032 -71.8509 135.68 -135.68
+c13.653 -32.4271 20.4795 -65.5365 20.4795 -99.3281c0 -33.7923 -6.8265 -66.9017 -20.4795 -99.3281c-27.6478 -64.1706 -72.8743 -109.739 -135.68 -136.704c-31.403 -13.6536 -64.5124 -20.4805 -99.3281 -20.4805c-34.8164 0 -67.9258 6.82682 -99.3281 20.4805
+c-63.4883 27.3066 -108.715 72.8747 -135.68 136.704c-13.6536 31.4023 -20.4805 64.5117 -20.4805 99.3281zM39.9355 195.072c0 -48.1283 14.3363 -91.1364 43.0088 -129.024c28.3307 -37.2051 65.3652 -63.6582 111.104 -79.3594v40.96
+c0 20.4798 6.82682 35.3278 20.4805 44.5439c-6.82682 0.341146 -14.8483 1.53581 -24.0645 3.58398c-17.4082 3.07161 -32.2562 8.53288 -44.5439 16.3838c-31.0612 18.7734 -46.5918 52.736 -46.5918 101.888c0 25.6003 8.5332 47.4456 25.5996 65.5361
+c-7.85026 20.1387 -6.99674 41.984 2.56055 65.5361h10.2393c3.41341 0 7.68034 -0.853516 12.8008 -2.56055c13.3118 -4.0957 28.1598 -11.6048 44.5439 -22.5273c20.821 5.46094 41.3008 8.19141 61.4395 8.19141s40.7894 -2.73047 61.9521 -8.19141
+c13.3118 8.87435 25.7705 15.7008 37.376 20.4795c10.9225 4.09635 18.7731 5.80306 23.5518 5.12012l6.14453 -0.511719c9.21615 -23.5521 10.0693 -45.3975 2.55957 -65.5361c17.0671 -18.0905 25.6006 -39.9359 25.6006 -65.5361
+c0 -38.2292 -9.38672 -67.0719 -28.1602 -86.5283c-10.2402 -10.9225 -23.723 -19.4557 -40.4482 -25.5996c-13.9948 -5.11979 -29.5254 -8.3623 -46.5918 -9.72754c13.9948 -9.89909 20.9922 -24.7471 20.9922 -44.5439v-40.96
+c44.0319 15.7012 80.3838 42.4958 109.056 80.3838c27.9896 37.5462 41.9844 80.2129 41.9844 128c0 29.013 -5.63216 57.0023 -16.8965 83.9678c-10.9225 25.9414 -26.2826 48.8109 -46.0801 68.6084c-19.1146 19.1146 -41.9837 34.3037 -68.6074 45.5674
+c-27.3066 11.6055 -55.1253 17.4082 -83.4561 17.4082c-27.9896 0 -55.9792 -5.80273 -83.9688 -17.4082c-25.5996 -10.9225 -48.4688 -26.1117 -68.6074 -45.5674c-19.1146 -19.7975 -34.4746 -42.667 -46.0801 -68.6084
+c-11.2643 -26.9655 -16.8965 -54.9548 -16.8965 -83.9678z" />
+    <glyph glyph-name="uniF162" unicode="&#xf162;" 
+d="M68.6084 146.432c0.351562 17.7607 1.87207 32.7686 4.62402 45.0879c1.02344 6.83203 3.83984 12.0322 8.44727 15.6162c4.6084 3.58398 9.2959 4.86426 14.0801 3.83984l104.433 -42c7.85547 -2.36719 13.3115 -6.84766 16.3838 -13.3115
+c1.69629 -3.04004 2.54395 -6.27246 2.54395 -9.69629s-0.847656 -6.86426 -2.54395 -10.2715c-3.07227 -6.46387 -8.35254 -10.9443 -15.8721 -13.3125l-104.448 -32.2715c-5.12012 -1.71191 -10.0801 -1.28027 -14.8477 1.2793
+c-4.76855 2.56055 -8.0166 6.91211 -9.72852 13.04c-2.04785 8.87988 -3.07129 20.6562 -3.07129 35.3447v6.65527zM113.152 390.656c-1.71191 2.73535 -2.56055 5.45605 -2.56055 8.19141c0 3.07227 1.02441 6.14453 3.07227 9.2168
+c4.0957 5.80762 10.5918 10.416 19.4561 13.8232c27.6475 10.5762 56.832 18.4326 87.5518 23.5527h2.56055c15.3594 0 23.7275 -6.48047 25.0713 -19.4561c8.5127 -106.832 12.8164 -173.904 12.8164 -201.217c0 -11.2637 -4.6084 -18.0791 -13.8242 -20.4795
+c-2.04785 -0.671875 -4.0957 -1.02441 -6.14355 -1.02441c-7.16797 0 -13.5039 4.27246 -18.9443 12.8008c-50.5117 79.1836 -86.8643 137.392 -109.056 174.592zM148.48 -1.02441l71.1836 84.9922c6.44824 7.15234 12.9922 10.752 19.4395 10.752
+c2.76855 0 5.48828 -0.496094 8.22461 -1.53613c8.49609 -3.74316 12.7998 -11.4395 12.7998 -23.04c0 -1.69531 -0.160156 -3.40723 -0.479492 -5.10352v-113.12c-0.688477 -4.81641 -3.61621 -8.52832 -8.7207 -11.2637
+c-3.05566 -1.66406 -6.14355 -2.56055 -9.21582 -2.56055c-2.71973 0 -5.43945 0.512695 -8.20801 1.58398c-12.2881 2.03223 -26.7842 6.35254 -43.5195 13.0088c-16.7207 6.65527 -29.1846 13.0078 -37.376 19.1992c-6.14453 4.76855 -9.2168 9.83984 -9.2168 15.3447
+c-0.03125 3.74316 1.68066 7.64746 5.08887 11.7432zM299.008 171.52c-2.03223 4.1123 -3.02344 8.0166 -3.02344 11.7764c0 5.80762 2.55957 11.4404 7.66406 16.8965l66.5596 91.6475c2.36816 2.71973 5.79199 4.0957 10.2559 4.0957
+c0.992188 0 2.24023 -0.175781 3.60059 -0.511719c5.77539 -0.671875 10.752 -3.74414 14.8799 -9.21582c8.49609 -8.87988 17.5996 -20.9121 27.1035 -36.0957c9.58398 -15.1846 15.8721 -27.7285 18.9922 -37.6318c0.992188 -2.73633 1.53613 -5.29688 1.53613 -7.68066
+c0 -3.07227 -0.688477 -5.79199 -2.06445 -8.19141c-2.71973 -4.43262 -6.65527 -7.16797 -11.7598 -8.19238l-107.008 -27.1357c-2.71973 -0.688477 -5.44043 -1.02441 -8.19238 -1.02441c-7.95215 0 -14.1113 3.74414 -18.5439 11.2637v0zM305.152 107.52
+c4.0957 6.48047 9.72754 9.72852 16.8955 9.72852c3.07227 0 6.32031 -0.688477 9.72852 -2.04785l104.976 -35.8398c4.71973 -1.69629 8 -4.94434 9.71191 -9.72852c1.04004 -2.03223 1.53613 -4.25586 1.53613 -6.65625c0 -3.40723 -0.688477 -7.00781 -2.04785 -10.752
+c-4.41602 -10.5918 -11.5205 -22.4473 -21.248 -35.584c-9.72852 -13.1357 -19.2002 -23.8076 -28.416 -32c-4.75195 -4.73535 -10.416 -7.32812 -16.8965 -7.66406h-1.53516c-5.84082 0 -9.93652 1.56836 -12.3047 4.59277l-58.3516 97.2793
+c-4.43262 5.45605 -6.65625 10.9287 -6.65625 16.3848c0 4.0957 1.55176 8.19141 4.6084 12.2871z" />
+    <glyph glyph-name="uniF15D" unicode="&#xf15d;" 
+d="M-63.2959 -9.21582l53.7598 189.952c11.9521 6.83203 26.5439 12.1113 43.7764 15.8721c17.2314 3.74316 31.4873 5.96777 42.752 6.65527l17.4082 0.512695c17.0713 0 34.8154 -1.69629 53.248 -5.12012c34.4795 -6.83203 59.04 -17.2324 73.7275 -31.2324
+l-53.248 -189.439c-12.2881 9.55176 -25.8555 17.3271 -40.7041 23.2959c-14.8477 5.96777 -26.5439 9.47168 -35.0723 10.4961l-13.3115 2.04785c-11.5996 1.00781 -22.6885 1.53613 -33.2803 1.53613c-5.45605 0 -12.7041 -0.272461 -21.7598 -0.768555
+c-9.04004 -0.511719 -23.2959 -2.81543 -42.752 -6.91211c-19.4561 -4.08008 -34.3037 -9.72754 -44.5439 -16.8955zM1.21582 235.008l53.7598 189.952c11.9521 6.83203 26.624 12.208 44.0322 16.1279c17.4082 3.93652 31.7441 6.06445 43.0078 6.40039l16.8965 0.511719
+c17.4082 0 35.1523 -1.69629 53.248 -5.12012c34.4795 -6.83203 59.04 -17.248 73.7275 -31.2314l-53.248 -189.952c-12.2881 9.55176 -25.8555 17.3281 -40.7041 23.2959c-14.8477 5.9834 -26.5439 9.47168 -35.0713 10.4961l-13.3125 2.04785
+c-11.9521 1.02344 -22.8799 1.53613 -32.7676 1.53613c-5.45605 0 -12.7041 -0.255859 -21.7598 -0.768555c-9.04004 -0.511719 -23.376 -2.73535 -43.0088 -6.65527c-19.6318 -3.93652 -34.5596 -9.47266 -44.7998 -16.6406zM221.888 -27.6641l53.248 189.968
+c12.624 -9.56738 26.3525 -17.3281 41.2158 -23.3115c14.8486 -5.96777 26.5283 -9.47266 35.0566 -10.4805l12.8154 -2.04785c11.6006 -1.02344 22.6885 -1.53613 33.2646 -1.53613c5.45605 0 12.7197 0.255859 21.7598 0.751953
+c9.02441 0.52832 23.376 2.75195 43.0078 6.65625c19.6318 3.93652 34.4004 9.48828 44.3037 16.6562l-53.248 -189.968c-11.9512 -6.81641 -26.623 -12.1123 -44.0312 -15.8564c-17.4082 -3.75977 -31.7441 -5.79199 -43.0078 -6.14355l-16.8965 -1.02441
+c-17.4082 0 -35.1523 1.69629 -53.248 5.12012c-34.4639 6.81543 -59.2158 17.2314 -74.2402 31.2158zM283.328 215.552l53.248 189.44c12.624 -9.55176 26.3682 -17.3281 41.2158 -23.2959c14.8477 -5.96875 26.5283 -9.47266 35.0557 -10.4961l12.8164 -2.04785
+c11.5996 -1.02441 22.6875 -1.53613 33.2803 -1.53613c5.45605 0 12.7041 0.255859 21.7441 0.767578c9.03906 0.512695 23.2959 2.73633 42.752 6.65625c19.4717 3.93555 34.3193 9.47168 44.5439 16.6396l-53.248 -189.439
+c-11.9521 -6.83203 -26.624 -12.208 -44.0322 -16.1279s-31.9199 -6.04785 -43.5205 -6.38477l-16.9111 -1.02344c-17.7441 0 -35.3125 1.87207 -52.7207 5.63184c-34.4639 6.46387 -59.2158 16.8799 -74.2236 31.2158z" />
+    <glyph glyph-name="uniF163" unicode="&#xf163;" 
+d="M38.1279 80.9121c0 18.416 1.02441 46.0635 3.07227 82.9443c1.35938 18.0957 7.85547 32.8477 19.4561 44.2871c11.5996 11.4404 26.4473 17.6641 44.5439 18.6885c34.1279 1.71191 85.5039 2.55957 154.111 2.55957c68.6084 0 119.984 -0.847656 154.129 -2.55957
+c18.0791 -1.02441 32.9434 -7.24805 44.5273 -18.6885c11.6162 -11.4238 18.0967 -26.1914 19.4727 -44.2871c1.67969 -30.7207 2.55957 -58.3682 2.55957 -82.9443c0 -24.5918 -0.879883 -52.2402 -2.55957 -82.96c-1.37598 -18.0957 -7.85645 -32.8643 -19.4727 -44.3037
+c-11.5996 -11.4248 -26.4482 -17.6484 -44.5273 -18.6729c-34.1445 -1.69531 -85.5205 -2.55957 -154.129 -2.55957c-68.6074 0 -119.983 0.864258 -154.111 2.55957c-18.0801 1.02441 -32.9277 7.24805 -44.5283 18.6885
+c-11.6162 11.4395 -18.0957 26.208 -19.4561 44.3037c-2.06348 36.8486 -3.08789 64.4961 -3.08789 82.9443zM72.4316 153.088h31.2324v-166.928h30.208v166.928h31.2314v28.1602h-92.6719v-28.1602zM105.712 461.824h30.7197l19.4561 -77.8242h2.04785l18.4326 77.8242
+h30.7197l-23.5518 -75.7764c-7.85645 -24.9121 -11.7764 -37.7119 -11.7764 -38.3994v-80.8965h-30.208v77.3125c-0.671875 4.7832 -1.61621 9.13574 -2.81543 13.0557c-1.18457 3.91992 -2.73633 8.44824 -4.6084 13.5684
+c-1.87207 5.11914 -3.32812 9.3916 -4.35156 12.7998zM165.104 8.7041c0 -16.3838 6.14453 -24.5762 18.4326 -24.5762c10.9277 0 21.3281 5.96777 31.2314 17.9199v-15.8721h26.6406v143.872h-26.6406v-109.567c-7.16797 -7.16895 -12.4639 -10.7686 -15.8711 -10.7686
+c-4.76855 0 -7.16895 3.24805 -7.16895 9.72852v110.592h-26.624v-121.328zM205.552 303.104v74.7529c0 11.5996 3.75977 20.5596 11.2646 26.8799c7.50391 6.31934 17.0713 9.47168 28.6719 9.47168c11.248 0 20.3838 -3.4082 27.376 -10.2402
+c7.00781 -6.83203 10.4961 -15.8721 10.4961 -27.1357v-74.2402c0 -12.2881 -3.4082 -21.9355 -10.2402 -28.9277s-16.3838 -10.4961 -28.6719 -10.4961c-11.9365 0 -21.4238 3.66406 -28.416 11.0078c-6.97656 7.34375 -10.4805 16.9766 -10.4805 28.9277zM233.2 299.52
+c0 -7.83984 3.75977 -11.7754 11.2637 -11.7754c7.83984 0 11.7764 4.27148 11.7764 12.7998v78.3359c0 3.07227 -1.2002 5.63184 -3.60059 7.67969c-2.36719 2.04883 -5.12012 3.07227 -8.19141 3.07227c-3.07227 0 -5.71191 -0.943359 -7.93652 -2.81543
+c-2.22363 -1.87207 -3.32812 -4.35254 -3.32812 -7.4248v-79.8721h0.0166016zM267.504 -13.8242h27.1357v10.7686c6.83203 -8.54395 15.3604 -12.8164 25.6162 -12.8164c16.0322 0 24.0645 10.5918 24.0645 31.7441v79.8721c0 24.2236 -8.7207 36.3359 -26.1279 36.3359
+c-8.52832 0 -16.3682 -4.6084 -23.5527 -13.8076v62.9756h-27.1357v-195.072zM294.64 13.3115v90.1123c3.76074 3.75977 7.52051 5.64844 11.2646 5.64844c7.50391 0 11.2637 -4.78418 11.2637 -14.3359v-75.7764c0 -8.19238 -3.23242 -12.2881 -9.72754 -12.2881
+c-4.78418 -0.015625 -9.04004 2.20801 -12.8008 6.63965zM306.416 289.28v121.344h26.624v-110.08c0 -6.47949 2.38379 -9.72754 7.16797 -9.72754c4.43164 0 9.71191 3.58398 15.8721 10.752v109.056h26.624v-143.872h-26.624v15.8721
+c-9.9043 -11.9521 -20.3203 -17.9199 -31.248 -17.9199c-12.2725 0 -18.416 8.19238 -18.416 24.5762zM364.784 26.624c0 -12.9756 3.24805 -23.6484 9.72754 -32c6.48047 -8.35156 16.208 -12.5439 29.1846 -12.5439c26.624 0 39.9199 14.8643 39.9199 44.5439v10.752
+h-27.6162c0 -0.6875 0.0644531 -2.99219 0.255859 -6.91211c0.160156 -3.93555 0.0800781 -6.75195 -0.255859 -8.44824c-0.335938 -1.69531 -0.78418 -4.01562 -1.28027 -6.92773c-0.527344 -2.89551 -1.63184 -4.94434 -3.34375 -6.12793
+c-1.69629 -1.2002 -4.0957 -1.79199 -7.15234 -1.79199c-7.85547 0 -11.7754 6.83203 -11.7754 20.4805v27.1191h51.1836v36.8809c0 12.9756 -3.15137 23.1992 -9.47168 30.7197c-6.32031 7.50391 -15.9365 11.248 -28.9277 11.248
+c-12.3047 0 -22.1123 -3.91992 -29.4404 -11.7598c-7.32812 -7.85645 -11.0078 -17.9209 -11.0078 -30.208v-65.0244zM392.432 77.3115v15.3604c0 10.5762 3.91992 15.8721 11.7764 15.8721c7.83984 0 11.7764 -5.2959 11.7764 -15.8721v-15.3604h-23.5527z" />
+    <glyph glyph-name="uniF11E" unicode="&#xf11e;" 
+d="M188.544 173.056v97.7764h78.8643v49.168c0 35.5039 11.5039 65.6963 34.5439 90.624c23.04 24.9121 50.96 37.376 83.7119 37.376h78.3359v-97.792h-78.3359c-5.10449 0 -9.71191 -2.81641 -13.8076 -8.44824c-4.09668 -5.63184 -6.14453 -12.5439 -6.14453 -20.7354
+v-50.1768h98.2881v-97.7754h-98.3037v-237.072h-98.3047v237.056h-78.8477z" />
+    <glyph glyph-name="uniF130" unicode="&#xf130;" 
+d="M-90.3516 308.736c59.3916 11.2637 94.8955 23.376 106.495 36.3516c9.2168 10.2402 16.8965 25.7764 23.04 46.5918c6.14453 -7.85547 10.0645 -16.1279 11.7764 -24.832s1.87207 -15.4395 0.511719 -20.2236l-2.55957 -6.65625
+c-2.04785 -4.43164 -3.83984 -8.01562 -5.37598 -10.752c-1.53613 -2.73535 -2.81641 -5.04004 -3.83984 -6.91211c-1.02441 -1.87207 -2.64062 -3.75977 -4.86426 -5.63184s-3.91992 -3.32812 -5.12012 -4.35156c-1.18359 -1.02441 -3.91992 -2.89648 -8.19238 -5.63184
+c-4.27148 -2.73633 -7.75977 -5.12012 -10.4951 -7.16895c-11.9521 -9.21582 -17.6641 -19.8711 -17.1523 -32c0.511719 -12.1113 5.71191 -21.4072 15.6162 -27.9033c8.87988 -5.45605 17.4873 -4.43262 25.8555 3.07227c8.36816 7.50391 17.3281 20.8154 26.8799 39.9355
+c4.09668 8.52832 7.24805 19.792 9.47266 33.792c2.22363 14 5.55176 26.4482 9.9834 37.376c4.43262 10.9277 12.4639 20.9922 24.0645 30.208c6.81543 5.45605 14.5918 8.7041 23.2959 9.72754c8.7041 1.02441 17.248 1.2002 25.5996 0.512695
+c8.36816 -0.688477 17.1523 -0.688477 26.3682 0c9.21582 0.671875 19.4561 4.6875 30.7197 12.0322c11.2646 7.32715 22.7041 18.3359 34.3047 33.0234c1.71191 2.04785 4.0957 4.68848 7.16797 7.93652s9.55176 8.19141 19.4561 14.8477
+c9.90332 6.65625 19.9678 11.4395 30.2236 14.3359c10.2402 2.91211 22.8643 2.73633 37.8721 -0.511719c15.0244 -3.24805 29.6963 -10.8486 44.0322 -22.7842c-16.3682 7.16797 -31.7441 10.752 -46.0801 10.752s-25.8564 -2.56055 -34.5439 -7.67969
+c-8.71973 -5.12012 -16.1445 -10.752 -22.2881 -16.8965c-6.16016 -6.14355 -10.5918 -11.7764 -13.3125 -16.8955l-3.59961 -7.68066c-5.10352 -12.624 -9.98438 -23.1201 -14.5918 -31.4873c-4.6084 -8.36816 -8.62402 -14.9443 -12.0322 -19.7129
+c-3.4082 -4.76758 -7.67969 -8.62305 -12.7998 -11.5195s-9.21582 -4.86426 -12.2881 -5.8877c-3.07227 -1.02441 -8.52832 -2.46387 -16.3838 -4.35254c-7.85645 -1.87207 -14.3359 -3.4873 -19.4561 -4.86328c-14.6719 -4.43262 -23.2158 -13.6641 -25.6006 -27.6484
+c-2.04785 -12.2881 1.69629 -21.3281 11.2646 -27.1357c10.9277 -6.14453 24.9121 -3.74414 41.9834 7.16797c12.624 8.19141 22.7842 16.6396 30.4639 25.3438c7.68066 8.7041 12.8809 16.208 15.6162 22.5283c2.7207 6.31934 7.42383 13.0557 14.0801 20.2236
+s15.4561 13.4883 26.3525 18.9443c14.6875 7.16797 28.6875 12.0312 42 14.5918c13.3115 2.55957 27.4717 3.91992 42.4961 4.0957c15.0078 0.175781 26.4316 0.768555 34.2871 1.79199c67.248 10.9277 109.232 30.3838 125.969 58.3682
+c16.3682 26.96 24.752 49.1523 25.0879 66.5596c5.77539 -19.792 7.74414 -37.5518 5.87207 -53.2471c-1.87207 -15.6963 -6.40039 -29.4404 -13.5684 -41.2168c-7.16797 -11.7754 -14.6875 -21.5039 -22.5283 -29.1836
+c-7.83984 -7.67969 -14.8477 -13.3916 -20.9912 -17.1523l-9.2168 -5.63184c-26.2559 -13.6475 -48.1758 -23.1201 -65.7598 -28.416s-31.8242 -8.87988 -42.752 -10.752s-21.5039 -5.55176 -31.7441 -11.0078c-35.1514 -18.7686 -44.0312 -45.2324 -26.624 -79.3604
+c7.16797 -14 17.6641 -21.584 31.5039 -22.7842c13.8086 -1.19922 27.04 3.84082 39.6641 15.1045c2.04785 1.71191 4.43262 4.0957 7.16797 7.16797c2.7207 3.07227 6.56055 9.72754 11.5205 19.9678s7.59961 20.6562 7.93555 31.2324
+c6.83203 -19.1045 9.47266 -35.584 7.93652 -49.4082c-1.55176 -13.8242 -5.04004 -24.6719 -10.4961 -32.5117l-7.66406 -11.2646c-12.3037 -12.9756 -22.624 -22.1113 -30.9922 -27.3916c-8.35156 -5.2959 -19.1035 -8.44824 -32.2559 -9.47168
+c-13.1357 -1.02441 -28.416 1.53516 -45.8242 7.66406c-29.3438 7.16797 -49.7441 10.6719 -61.1836 10.4951c-11.4404 -0.175781 -21.9365 -3.15137 -31.4883 -8.95996c-9.55176 -5.47168 -16.8955 -12.7197 -22.0156 -21.7598s-5.45605 -17.3281 -1.02441 -24.832
+c4.78418 -8.52734 10.5762 -13.2314 17.4082 -14.0957c6.83203 -0.847656 17.7441 2.81543 32.7676 11.0078c13.3125 7.85645 24.5762 12.8965 33.792 15.1045c9.2168 2.20801 20.832 3.66406 34.8164 4.33594c29.6963 0.6875 53.4395 -5.79199 71.1836 -19.4561
+c12.624 -8.20801 25.248 -17.9199 37.8721 -29.1846c-13.6641 8.20801 -27.1201 13.3926 -40.4316 15.6162c-13.3125 2.22363 -24.5918 2.06445 -33.792 -0.496094c-9.21582 -2.55957 -17.4883 -5.63184 -24.832 -9.21582s-12.7197 -7.24805 -16.1279 -11.0078
+l-5.12012 -5.12012c-15.376 -17.4082 -28.2559 -29.6963 -38.6562 -36.8799c-10.416 -7.15234 -19.4561 -10.6562 -27.1357 -10.4805s-17.6641 2.64062 -29.9521 7.42383c-3.4082 1.36035 -10.1602 4.27246 -20.2236 8.7041
+c-10.0645 4.43262 -17.1523 7.16797 -21.248 8.19238v56.3359c0 41.2959 -15.6963 73.04 -47.1045 95.2324c-20.1436 13.6641 -43.0078 20.4795 -68.6074 20.4795c-25.9521 0 -48.8164 -6.65625 -68.6084 -19.9678c-6.83203 9.9043 -15.5361 15.5361 -26.1123 16.8955
+v38.4004c0 10.5918 -3.66406 19.5518 -11.0078 26.8799c-7.35938 7.34375 -16.3193 11.0244 -26.8955 11.0244h-9.21582zM-25.3281 19.9678v82.9443c0 22.1914 3.24805 39.0879 9.72852 50.6875c13.6641 24.2568 36.5273 36.3525 68.6074 36.3525
+c23.5518 0 42.416 -7.42383 56.5762 -22.2725c14.1602 -14.8633 21.248 -33.5518 21.248 -56.0635v-69.1201h-103.424v-34.3203c0 -16.3682 8.52734 -24.5596 25.5996 -24.5596c15.3604 0 23.9043 8.33594 25.6006 25.0723h52.2236
+c0 -21.1689 -7.00781 -39.0723 -20.9922 -53.7607c-14.6719 -14.6719 -33.6318 -22 -56.832 -22c-32.0801 0 -54.96 12.1123 -68.6074 36.3359c-6.48047 11.6162 -9.72852 28.5127 -9.72852 50.7041zM27.4082 81.9199h51.2002v28.6719
+c0 19.1045 -8.52832 28.6719 -25.6006 28.6719c-17.0557 0 -25.5996 -9.56738 -25.5996 -28.6719v-28.6719zM161.552 -19.9678c3.75977 12.2881 5.63184 24.3994 5.63184 36.3359c0 3.75977 -0.511719 7.18359 -1.53516 10.2559
+c8.19141 -1.37598 14 -2.22363 17.4072 -2.55957c21.168 -2.04883 35.6641 -9.9043 43.5205 -23.5527c0.671875 -1.02344 1.45605 -2.55957 2.30371 -4.60742s2.04785 -5.96875 3.58398 -11.7764c1.53613 -5.79199 1.44043 -11.0879 -0.255859 -15.8721
+c-10.5918 8.19238 -21.7598 13.3125 -33.5361 15.376c-11.7754 2.03223 -20.9121 1.87207 -27.3916 -0.52832z" />
+  </font>
+</defs></svg>

forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.ttf 0(+0 -0)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.ttf b/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.ttf
old mode 100755
new mode 100644
index a19bff5..e4ae46c
Binary files a/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.ttf and b/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.ttf differ

forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.woff 0(+0 -0)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.woff b/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.woff
old mode 100755
new mode 100644
index 79b85a4..fe5cd39
Binary files a/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.woff and b/forms/common-themes/src/main/resources/theme/keycloak/common/resources/lib/zocial/zocial-regular-webfont.woff differ

forms/common-themes/src/main/resources/theme/keycloak/email/html/email-verification.ftl 5(+5 -0)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/email/html/email-verification.ftl b/forms/common-themes/src/main/resources/theme/keycloak/email/html/email-verification.ftl
new file mode 100644
index 0000000..eb7682a
--- /dev/null
+++ b/forms/common-themes/src/main/resources/theme/keycloak/email/html/email-verification.ftl
@@ -0,0 +1,5 @@
+<html>
+<body>
+${msg("emailVerificationBodyHtml",link, linkExpiration, realmName)}
+</body>
+</html>

forms/common-themes/src/main/resources/theme/keycloak/email/html/event-login_error.ftl 5(+5 -0)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/email/html/event-login_error.ftl b/forms/common-themes/src/main/resources/theme/keycloak/email/html/event-login_error.ftl
new file mode 100644
index 0000000..d314103
--- /dev/null
+++ b/forms/common-themes/src/main/resources/theme/keycloak/email/html/event-login_error.ftl
@@ -0,0 +1,5 @@
+<html>
+<body>
+${msg("eventLoginErrorBodyHtml",event.date,event.ipAddress)}
+</body>
+</html>

forms/common-themes/src/main/resources/theme/keycloak/email/html/event-remove_totp.ftl 5(+5 -0)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/email/html/event-remove_totp.ftl b/forms/common-themes/src/main/resources/theme/keycloak/email/html/event-remove_totp.ftl
new file mode 100644
index 0000000..91699ea
--- /dev/null
+++ b/forms/common-themes/src/main/resources/theme/keycloak/email/html/event-remove_totp.ftl
@@ -0,0 +1,5 @@
+<html>
+<body>
+${msg("eventRemoveTotpBodyHtml",event.date, event.ipAddress)}
+</body>
+</html>

forms/common-themes/src/main/resources/theme/keycloak/email/html/event-update_password.ftl 5(+5 -0)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/email/html/event-update_password.ftl b/forms/common-themes/src/main/resources/theme/keycloak/email/html/event-update_password.ftl
new file mode 100644
index 0000000..8a6da60
--- /dev/null
+++ b/forms/common-themes/src/main/resources/theme/keycloak/email/html/event-update_password.ftl
@@ -0,0 +1,5 @@
+<html>
+<body>
+${msg("eventUpdatePasswordBodyHtml",event.date, event.ipAddress)}
+</body>
+</html>

forms/common-themes/src/main/resources/theme/keycloak/email/html/event-update_totp.ftl 5(+5 -0)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/email/html/event-update_totp.ftl b/forms/common-themes/src/main/resources/theme/keycloak/email/html/event-update_totp.ftl
new file mode 100644
index 0000000..c0190c7
--- /dev/null
+++ b/forms/common-themes/src/main/resources/theme/keycloak/email/html/event-update_totp.ftl
@@ -0,0 +1,5 @@
+<html>
+<body>
+${msg("eventUpdateTotpBodyHtml",event.date, event.ipAddress)}
+</body>
+</html>

forms/common-themes/src/main/resources/theme/keycloak/email/html/password-reset.ftl 5(+5 -0)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/email/html/password-reset.ftl b/forms/common-themes/src/main/resources/theme/keycloak/email/html/password-reset.ftl
new file mode 100644
index 0000000..846b45d
--- /dev/null
+++ b/forms/common-themes/src/main/resources/theme/keycloak/email/html/password-reset.ftl
@@ -0,0 +1,5 @@
+<html>
+<body>
+${msg("passwordResetBodyHtml",link, linkExpiration, realmName)}
+</body>
+</html>
\ No newline at end of file

forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_de.properties 6(+6 -0)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_de.properties b/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_de.properties
index 0256640..91337c4 100644
--- a/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_de.properties
+++ b/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_de.properties
@@ -1,12 +1,18 @@
 emailVerificationSubject=E-Mail verifizieren
 passwordResetSubject=Passwort zur\u00FCckzusetzen
 passwordResetBody=Jemand hat angefordert Ihr {2} Passwort zur\u00FCckzusetzen. Falls das Sie waren, dann klicken Sie auf den folgenden Link um das Passwort zur\u00FCckzusetzen.\n\n{0}\n\nDieser Link wird in {1} Minuten ablaufen.\n\nFalls Sie das Passwort nicht zur\u00FCcksetzen m\u00F6chten, dann k\u00F6nnen Sie diese E-Mail ignorieren.
+passwordResetBodyHtml=<p>Jemand hat angefordert Ihr {2} Passwort zur\u00FCckzusetzen. Falls das Sie waren, dann klicken Sie auf den folgenden Link um das Passwort zur\u00FCckzusetzen.</p><p><a href="{0}">{0}</a></p><p>Dieser Link wird in {1} Minuten ablaufen.</p><p>Falls Sie das Passwort nicht zur\u00FCcksetzen m\u00F6chten, dann k\u00F6nnen Sie diese E-Mail ignorieren.</p>
 emailVerificationBody=Jemand hat ein {2} Konto mit dieser E-Mail Adresse erstellt. Fall das Sie waren, dann klicken Sie auf den Link um die E-Mail Adresse zu verifizieren.\n\n{0}\n\nDieser Link wird in {1} Minuten ablaufen.\n\nFalls Sie dieses Konto nicht erstellt haben, dann k\u00F6nnen sie diese Nachricht ignorieren.
+emailVerificationBodyHtml=<p>Jemand hat ein {2} Konto mit dieser E-Mail Adresse erstellt. Fall das Sie waren, dann klicken Sie auf den Link um die E-Mail Adresse zu verifizieren.</p><p><a href="{0}">{0}</a></p><p>Dieser Link wird in {1} Minuten ablaufen.</p><p>Falls Sie dieses Konto nicht erstellt haben, dann k\u00F6nnen sie diese Nachricht ignorieren.</p>
 eventLoginErrorSubject=Fehlgeschlagene Anmeldung
 eventLoginErrorBody=Jemand hat um {0} von {1} versucht sich mit ihrem Konto anzumelden. Falls das nicht Sie waren, dann kontaktieren Sie bitte Ihren Admin.
+eventLoginErrorBodyHtml=<p>Jemand hat um {0} von {1} versucht sich mit ihrem Konto anzumelden. Falls das nicht Sie waren, dann kontaktieren Sie bitte Ihren Admin.</p>
 eventRemoveTotpSubject=TOTP Entfernt
 eventRemoveTotpBody=TOTP wurde von ihrem Konto am {0} von {1} entfernt. Falls das nicht Sie waren, dann kontaktieren Sie bitte Ihren Admin.
+eventRemoveTotpBodyHtml=<p>TOTP wurde von ihrem Konto am {0} von {1} entfernt. Falls das nicht Sie waren, dann kontaktieren Sie bitte Ihren Admin.</p>
 eventUpdatePasswordSubject=Passwort Aktualisiert
 eventUpdatePasswordBody=Ihr Passwort wurde am {0} von {1} ge\u00E4ndert. Falls das nicht Sie waren, dann kontaktieren Sie bitte Ihren Admin.
+eventUpdatePasswordBodyHtml=<p>Ihr Passwort wurde am {0} von {1} ge\u00E4ndert. Falls das nicht Sie waren, dann kontaktieren Sie bitte Ihren Admin.</p>
 eventUpdateTotpSubject=TOTP Aktualisiert
 eventUpdateTotpBody=TOTP wurde am {0} von {1} ge\u00E4ndert. Falls das nicht Sie waren, dann kontaktieren Sie bitte Ihren Admin.
+eventUpdateTotpBodyHtml=<p>TOTP wurde am {0} von {1} ge\u00E4ndert. Falls das nicht Sie waren, dann kontaktieren Sie bitte Ihren Admin.</p>

forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_en.properties 10(+8 -2)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_en.properties b/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_en.properties
index c0afc9c..7a3ac65 100755
--- a/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_en.properties
+++ b/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_en.properties
@@ -1,12 +1,18 @@
 emailVerificationSubject=Verify email
 emailVerificationBody=Someone has created a {2} account with this email address. If this was you, click the link below to verify your email address\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you didn''t create this account, just ignore this message.
+emailVerificationBodyHtml=<p>Someone has created a {2} account with this email address. If this was you, click the link below to verify your email address</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you didn''t create this account, just ignore this message.</p>
 passwordResetSubject=Reset password
 passwordResetBody=Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you don''t want to reset your password, just ignore this message and nothing will be changed.
+passwordResetBodyHtml=<p>Someone just requested to change your {2} account''s password. If this was you, click on the link below to set a new password</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your password, just ignore this message and nothing will be changed.</p>
 eventLoginErrorSubject=Login error
-eventLoginErrorBody=A failed login attempt was dettected to your account on {0} from {1}. If this was not you, please contact an admin.
+eventLoginErrorBody=A failed login attempt was detected to your account on {0} from {1}. If this was not you, please contact an admin.
+eventLoginErrorBodyHtml=<p>A failed login attempt was detected to your account on {0} from {1}. If this was not you, please contact an admin.</p>
 eventRemoveTotpSubject=Remove TOTP
 eventRemoveTotpBody=TOTP was removed from your account on {0} from {1}. If this was not you, please contact an admin.
+eventRemoveTotpBodyHtml=<p>TOTP was removed from your account on {0} from {1}. If this was not you, please contact an admin.</p>
 eventUpdatePasswordSubject=Update password
 eventUpdatePasswordBody=Your password was changed on {0} from {1}. If this was not you, please contact an admin.
+eventUpdatePasswordBodyHtml=<p>Your password was changed on {0} from {1}. If this was not you, please contact an admin.</p>
 eventUpdateTotpSubject=Update TOTP
-eventUpdateTotpBody=TOTP was updated for your account on {0} from {1}. If this was not you, please contact an admin.
\ No newline at end of file
+eventUpdateTotpBody=TOTP was updated for your account on {0} from {1}. If this was not you, please contact an admin.
+eventUpdateTotpBodyHtml=<p>TOTP was updated for your account on {0} from {1}. If this was not you, please contact an admin.</p>

forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_pt_BR.properties 6(+6 -0)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_pt_BR.properties b/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_pt_BR.properties
index 0316e19..fff7e10 100644
--- a/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_pt_BR.properties
+++ b/forms/common-themes/src/main/resources/theme/keycloak/email/messages/messages_pt_BR.properties
@@ -1,12 +1,18 @@
 emailVerificationSubject=Verifica\u00E7\u00E3o de e-mail
 emailVerificationBody=Algu\u00E9m criou uma conta {2} com este endere\u00E7o de e-mail. Se foi voc\u00EA, clique no link abaixo para verificar o seu endere\u00E7o de email\n\n{0}\n\nEste link ir\u00E1 expirar dentro de {1} minutos.\n\nSe n\u00E3o foi voc\u00EA que criou esta conta, basta ignorar esta mensagem.
+emailVerificationBodyHtml=<p>Algu\u00E9m criou uma conta {2} com este endere\u00E7o de e-mail. Se foi voc\u00EA, clique no link abaixo para verificar o seu endere\u00E7o de email</p><p><a href="{0}">{0}</a></p><p>Este link ir\u00E1 expirar dentro de {1} minutos.</p><p>Se n\u00E3o foi voc\u00EA que criou esta conta, basta ignorar esta mensagem.</p>
 passwordResetSubject=Redefini\u00E7\u00E3o de senha
 passwordResetBody=Algu\u00E9m pediu para mudar a senha de sua conta {2}. Se foi voc\u00EA, clique no link abaixo para definir uma nova senha\n\n{0}\n\nEste link ir\u00E1 expirar dentro de {1} minutos.\n\nSe voc\u00EA n\u00E3o deseja redefinir sua senha, basta ignorar esta mensagem e nada ser\u00E1 mudado.
+passwordResetBodyHtml=<p>Algu\u00E9m pediu para mudar a senha de sua conta {2}. Se foi voc\u00EA, clique no link abaixo para definir uma nova senha</p><p><a href="{0}">{0}</a></p><p>Este link ir\u00E1 expirar dentro de {1} minutos.</p><p>Se voc\u00EA n\u00E3o deseja redefinir sua senha, basta ignorar esta mensagem e nada ser\u00E1 mudado.</p>
 eventLoginErrorSubject=Erro de login
 eventLoginErrorBody=Uma tentativa de login mal sucedida para a sua conta foi detectada em {0} de {1}. Se n\u00E3o foi voc\u00EA, por favor, entre em contato com um administrador.
+eventLoginErrorBodyHtml=<p>Uma tentativa de login mal sucedida para a sua conta foi detectada em {0} de {1}. Se n\u00E3o foi voc\u00EA, por favor, entre em contato com um administrador.</p>
 eventRemoveTotpSubject=Remover TOTP
 eventRemoveTotpBody=TOTP foi removido da sua conta em {0} de {1}. Se n\u00E3o foi voc\u00EA, por favor, entre em contato com um administrador.
+eventRemoveTotpBodyHtml=<p>TOTP foi removido da sua conta em {0} de {1}. Se n\u00E3o foi voc\u00EA, por favor, entre em contato com um administrador.</p>
 eventUpdatePasswordSubject=Atualiza\u00E7\u00E3o de senha
 eventUpdatePasswordBody=Sua senha foi alterada em {0} de {1}. Se n\u00E3o foi voc\u00EA, por favor, entre em contato com um administrador.
+eventUpdatePasswordBodyHtml=<p>Sua senha foi alterada em {0} de {1}. Se n\u00E3o foi voc\u00EA, por favor, entre em contato com um administrador.</p>
 eventUpdateTotpSubject=Atualiza\u00E7\u00E3o TOTP
 eventUpdateTotpBody=TOTP foi atualizado para a sua conta em {0} de {1}. Se n\u00E3o foi voc\u00EA, por favor, entre em contato com um administrador.
+eventUpdateTotpBodyHtml=<p>TOTP foi atualizado para a sua conta em {0} de {1}. Se n\u00E3o foi voc\u00EA, por favor, entre em contato com um administrador.</p>

forms/common-themes/src/main/resources/theme/keycloak/login/theme.properties 11(+10 -1)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/login/theme.properties b/forms/common-themes/src/main/resources/theme/keycloak/login/theme.properties
index 7c83966..63cd61b 100644
--- a/forms/common-themes/src/main/resources/theme/keycloak/login/theme.properties
+++ b/forms/common-themes/src/main/resources/theme/keycloak/login/theme.properties
@@ -27,4 +27,13 @@ kcFormOptionsClass=col-xs-4 col-sm-5 col-md-offset-4 col-md-4 col-lg-offset-3 co
 kcFormButtonsClass=col-xs-8 col-sm-7 col-md-4 col-lg-4 submit
 kcTextareaClass=form-control
 
-kcInfoAreaClass=col-xs-12 col-sm-4 col-md-4 col-lg-6 details
\ No newline at end of file
+kcInfoAreaClass=col-xs-12 col-sm-4 col-md-4 col-lg-6 details
+
+##### css classes for form buttons
+# main class used for all buttons
+kcButtonClass=btn
+# classes defining priority of the button - primary or default (there is typically only one priority button for the form)
+kcButtonPrimaryClass=btn-primary
+kcButtonDefaultClass=btn-default
+# classes defining size of the button
+kcButtonLargeClass=btn-lg

forms/email-api/src/main/java/org/keycloak/email/EmailSpi.java 2(+1 -1)

diff --git a/forms/email-api/src/main/java/org/keycloak/email/EmailSpi.java b/forms/email-api/src/main/java/org/keycloak/email/EmailSpi.java
index cde73ce..8d08533 100644
--- a/forms/email-api/src/main/java/org/keycloak/email/EmailSpi.java
+++ b/forms/email-api/src/main/java/org/keycloak/email/EmailSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class EmailSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java 60(+48 -12)

diff --git a/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java b/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java
index 95f55f3..79080de 100755
--- a/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java
+++ b/forms/email-freemarker/src/main/java/org/keycloak/email/freemarker/FreeMarkerEmailProvider.java
@@ -1,11 +1,28 @@
 package org.keycloak.email.freemarker;
 
+import java.text.MessageFormat;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.mail.Message;
+import javax.mail.Multipart;
+import javax.mail.Session;
+import javax.mail.Transport;
+import javax.mail.internet.InternetAddress;
+import javax.mail.internet.MimeBodyPart;
+import javax.mail.internet.MimeMessage;
+import javax.mail.internet.MimeMultipart;
+
 import org.jboss.logging.Logger;
 import org.keycloak.email.EmailException;
 import org.keycloak.email.EmailProvider;
 import org.keycloak.email.freemarker.beans.EventBean;
 import org.keycloak.events.Event;
 import org.keycloak.events.EventType;
+import org.keycloak.freemarker.FreeMarkerException;
 import org.keycloak.freemarker.FreeMarkerUtil;
 import org.keycloak.freemarker.LocaleHelper;
 import org.keycloak.freemarker.Theme;
@@ -15,14 +32,6 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
 
-import javax.mail.Message;
-import javax.mail.Session;
-import javax.mail.Transport;
-import javax.mail.internet.InternetAddress;
-import javax.mail.internet.MimeMessage;
-import java.text.MessageFormat;
-import java.util.*;
-
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
  */
@@ -93,16 +102,29 @@ public class FreeMarkerEmailProvider implements EmailProvider {
             Properties rb = theme.getMessages(locale);
             attributes.put("msg", new MessageFormatterMethod(locale, rb));
             String subject = new MessageFormat(rb.getProperty(subjectKey,subjectKey),locale).format(new Object[0]);
-            String body = freeMarker.processTemplate(attributes, template, theme);
+            String textTemplate = String.format("text/%s", template);
+            String textBody;
+            try {
+            	textBody = freeMarker.processTemplate(attributes, textTemplate, theme);
+            } catch (final FreeMarkerException e ) {
+            	textBody = null;
+            }
+            String htmlTemplate = String.format("html/%s", template);
+            String htmlBody;
+            try {
+            	htmlBody = freeMarker.processTemplate(attributes, htmlTemplate, theme);
+            } catch (final FreeMarkerException e ) {
+            	htmlBody = null;
+            }
 
-            send(subject, body);
+            send(subject, textBody, htmlBody);
         } catch (Exception e) {
             throw new EmailException("Failed to template email", e);
         }
     }
 
 
-    private void send(String subject, String body) throws EmailException {
+    private void send(String subject, String textBody, String htmlBody) throws EmailException {
         try {
             String address = user.getEmail();
             Map<String, String> config = realm.getSmtpConfig();
@@ -135,11 +157,25 @@ public class FreeMarkerEmailProvider implements EmailProvider {
 
             Session session = Session.getInstance(props);
 
+            Multipart multipart = new MimeMultipart("alternative");
+            
+            if(textBody != null) {
+            	MimeBodyPart textPart = new MimeBodyPart();
+            	textPart.setText(textBody, "UTF-8");
+            	multipart.addBodyPart(textPart);
+            }
+            
+            if(htmlBody != null) {
+            	MimeBodyPart htmlPart = new MimeBodyPart();
+            	htmlPart.setContent(htmlBody, "text/html; charset=UTF-8");
+            	multipart.addBodyPart(htmlPart);
+            }
+            
             Message msg = new MimeMessage(session);
             msg.setFrom(new InternetAddress(from));
             msg.setHeader("To", address);
             msg.setSubject(subject);
-            msg.setText(body);
+            msg.setContent(multipart);
             msg.saveChanges();
             msg.setSentDate(new Date());

forms/login-api/src/main/java/org/keycloak/login/LoginFormsSpi.java 2(+1 -1)

diff --git a/forms/login-api/src/main/java/org/keycloak/login/LoginFormsSpi.java b/forms/login-api/src/main/java/org/keycloak/login/LoginFormsSpi.java
index f99292a..dc18703 100644
--- a/forms/login-api/src/main/java/org/keycloak/login/LoginFormsSpi.java
+++ b/forms/login-api/src/main/java/org/keycloak/login/LoginFormsSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class LoginFormsSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

integration/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java 2(+1 -1)

diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
index a1a68df..1ff7b15 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java
@@ -136,7 +136,7 @@ public class BearerTokenRequestAuthenticator {
         return new AuthChallenge() {
             @Override
             public boolean errorPage() {
-                return false;
+                return true;
             }
 
             @Override

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientsResource.java 7(+4 -3)

diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientsResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientsResource.java
index 9843bc5..d02ce9b 100755
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientsResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientsResource.java
@@ -9,6 +9,7 @@ import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
 import java.util.List;
 
 /**
@@ -16,12 +17,12 @@ import java.util.List;
  */
 public interface ClientsResource {
 
-    @Path("{clientId}")
-    public ClientResource get(@PathParam("clientId") String clientId);
+    @Path("{id}")
+    public ClientResource get(@PathParam("id") String id);
 
     @POST
     @Consumes(MediaType.APPLICATION_JSON)
-    public void create(ClientRepresentation clientRepresentation);
+    public Response create(ClientRepresentation clientRepresentation);
 
     @GET
     @Produces(MediaType.APPLICATION_JSON)

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/RealmResource.java 18(+12 -6)

diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/RealmResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/RealmResource.java
index 4045ecf..ad5315b 100644
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/RealmResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/RealmResource.java
@@ -9,6 +9,8 @@ import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
+import java.util.List;
+import java.util.Map;
 
 /**
  * @author rodrigo.sasaki@icarros.com.br
@@ -17,25 +19,29 @@ public interface RealmResource {
 
     @GET
     @Produces(MediaType.APPLICATION_JSON)
-    public RealmRepresentation toRepresentation();
+    RealmRepresentation toRepresentation();
 
     @PUT
     @Consumes(MediaType.APPLICATION_JSON)
-    public void update(RealmRepresentation realmRepresentation);
+    void update(RealmRepresentation realmRepresentation);
 
     @Path("clients")
-    public ClientsResource clients();
+    ClientsResource clients();
 
     @Path("users")
-    public UsersResource users();
+    UsersResource users();
 
     @Path("roles")
-    public RolesResource roles();
+    RolesResource roles();
 
     @Path("identity-provider")
     IdentityProvidersResource identityProviders();
 
     @DELETE
-    public void remove();
+    void remove();
 
+    @Path("client-session-stats")
+    @GET
+    List<Map<String, String>> getClientSessionStats();
+    
 }

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UserResource.java 13(+13 -0)

diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UserResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UserResource.java
index 3472938..7d78d34 100755
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UserResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UserResource.java
@@ -12,6 +12,7 @@ import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
+import javax.ws.rs.QueryParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
@@ -49,6 +50,18 @@ public interface UserResource {
     @Path("reset-password-email")
     public void resetPasswordEmail();
 
+    @PUT
+    @Path("reset-password-email")
+    public void resetPasswordEmail(@QueryParam("client_id") String clientId);
+
+    @PUT
+    @Path("send-verify-email")
+    public void sendVerifyEmail();
+
+    @PUT
+    @Path("send-verify-email")
+    public void sendVerifyEmail(@QueryParam("client_id") String clientId);
+
     @GET
     @Path("sessions")
     public List<UserSessionRepresentation> getUserSessions();

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java 3(+2 -1)

diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java
index 0580a50..dc53fdf 100755
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java
@@ -10,6 +10,7 @@ import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
 import java.util.List;
 
 public interface UsersResource {
@@ -31,7 +32,7 @@ public interface UsersResource {
 
     @POST
     @Consumes(MediaType.APPLICATION_JSON)
-    public void create(UserRepresentation userRepresentation);
+    Response create(UserRepresentation userRepresentation);
 
     @Path("{username}")
     public UserResource get(@PathParam("username") String username);

integration/as7-eap6/pom.xml 20(+20 -0)

diff --git a/integration/as7-eap6/pom.xml b/integration/as7-eap6/pom.xml
new file mode 100644
index 0000000..9917521
--- /dev/null
+++ b/integration/as7-eap6/pom.xml
@@ -0,0 +1,20 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <parent>
+        <artifactId>keycloak-parent</artifactId>
+        <groupId>org.keycloak</groupId>
+        <version>1.3.0.Final-SNAPSHOT</version>
+        <relativePath>../../pom.xml</relativePath>
+    </parent>
+    <name>Keycloak AS7 / JBoss EAP 6 Integration</name>
+    <description/>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>keycloak-as7-integration-pom</artifactId>
+    <packaging>pom</packaging>
+
+    <modules>
+        <module>as7-adapter</module>
+        <module>as7-subsystem</module>
+    </modules>
+</project>
\ No newline at end of file

integration/pom.xml 3(+1 -2)

diff --git a/integration/pom.xml b/integration/pom.xml
index 0b248be..0a0f4a5 100755
--- a/integration/pom.xml
+++ b/integration/pom.xml
@@ -19,11 +19,10 @@
         <module>servlet-oauth-client</module>
         <module>jboss-adapter-core</module>
         <module>tomcat</module>
-        <module>as7-eap6/adapter</module>
+        <module>as7-eap6</module>
         <module>jetty</module>
         <module>undertow</module>
         <module>wildfly</module>
-        <module>as7-subsystem</module>
         <module>js</module>
         <module>installed</module>
         <module>admin-client</module>

integration/wildfly/pom.xml 2(+1 -1)

diff --git a/integration/wildfly/pom.xml b/integration/wildfly/pom.xml
index 3e370c6..588bf10 100644
--- a/integration/wildfly/pom.xml
+++ b/integration/wildfly/pom.xml
@@ -17,7 +17,7 @@
         <module>wildfly-adapter</module>
         <module>wildfly-extensions</module>
         <module>wildfly-server-subsystem</module>
-        <module>wildfly-adapter-subsystem</module>
         <module>wf8-subsystem</module>
+        <module>wf9-subsystem</module>
     </modules>
 </project>
\ No newline at end of file

integration/wildfly/wf8-subsystem/pom.xml 2(+1 -1)

diff --git a/integration/wildfly/wf8-subsystem/pom.xml b/integration/wildfly/wf8-subsystem/pom.xml
index 1d72912..8036cd8 100755
--- a/integration/wildfly/wf8-subsystem/pom.xml
+++ b/integration/wildfly/wf8-subsystem/pom.xml
@@ -25,7 +25,7 @@
     </parent>
 
     <artifactId>keycloak-wf8-subsystem</artifactId>
-    <name>Keycloak Adapter Subsystem</name>
+    <name>Keycloak Wildfly 8 Adapter Subsystem</name>
     <description/>
     <packaging>jar</packaging>

integration/wildfly/wf8-subsystem/src/main/resources/subsystem-templates/keycloak-adapter.xml 2(+1 -1)

diff --git a/integration/wildfly/wf8-subsystem/src/main/resources/subsystem-templates/keycloak-adapter.xml b/integration/wildfly/wf8-subsystem/src/main/resources/subsystem-templates/keycloak-adapter.xml
index 0abb124..a2187f6 100644
--- a/integration/wildfly/wf8-subsystem/src/main/resources/subsystem-templates/keycloak-adapter.xml
+++ b/integration/wildfly/wf8-subsystem/src/main/resources/subsystem-templates/keycloak-adapter.xml
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!--  Template used by WildFly build when directed to include Keycloak subsystem in a configuration. -->
 <config>
-   <extension-module>org.keycloak.keycloak-wf8-subsystem</extension-module>
+   <extension-module>org.keycloak.keycloak-adapter-subsystem</extension-module>
    <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
    </subsystem>
 </config>

integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemAdd.java 6(+0 -6)

diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemAdd.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemAdd.java
index 622c010..4f0dde9 100755
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemAdd.java
+++ b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemAdd.java
@@ -23,7 +23,6 @@ import org.jboss.as.server.DeploymentProcessorTarget;
 import org.jboss.as.server.deployment.Phase;
 import org.jboss.dmr.ModelNode;
 
-import org.jboss.as.server.deployment.DeploymentUnitProcessor;
 import org.keycloak.subsystem.server.extension.authserver.KeycloakServerDeploymentProcessor;
 
 /**
@@ -40,7 +39,6 @@ class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler {
         context.addStep(new AbstractDeploymentChainStep() {
             @Override
             protected void execute(DeploymentProcessorTarget processorTarget) {
-                processorTarget.addDeploymentProcessor(KeycloakExtension.SUBSYSTEM_NAME, Phase.DEPENDENCIES, 0, chooseDependencyProcessor());
                 processorTarget.addDeploymentProcessor(KeycloakExtension.SUBSYSTEM_NAME,
                         Phase.POST_MODULE, // PHASE
                         Phase.POST_MODULE_VALIDATOR_FACTORY - 1, // PRIORITY
@@ -48,8 +46,4 @@ class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler {
             }
         }, OperationContext.Stage.RUNTIME);
     }
-
-    private DeploymentUnitProcessor chooseDependencyProcessor() {
-        return new KeycloakDependencyProcessorWildFly();
-    }
 }

model/api/src/main/java/org/keycloak/mappers/UserFederationMapperFactory.java 2(+0 -2)

diff --git a/model/api/src/main/java/org/keycloak/mappers/UserFederationMapperFactory.java b/model/api/src/main/java/org/keycloak/mappers/UserFederationMapperFactory.java
index 309036c..a4c8776 100644
--- a/model/api/src/main/java/org/keycloak/mappers/UserFederationMapperFactory.java
+++ b/model/api/src/main/java/org/keycloak/mappers/UserFederationMapperFactory.java
@@ -31,6 +31,4 @@ public interface UserFederationMapperFactory extends ProviderFactory<UserFederat
      */
     void validateConfig(UserFederationMapperModel mapperModel) throws MapperConfigValidationException;
 
-    // TODO: Remove this and add realm to the method on ConfiguredProvider?
-    List<ProviderConfigProperty> getConfigProperties(RealmModel realm);
 }

model/api/src/main/java/org/keycloak/mappers/UserFederationMapperSpi.java 4(+2 -2)

diff --git a/model/api/src/main/java/org/keycloak/mappers/UserFederationMapperSpi.java b/model/api/src/main/java/org/keycloak/mappers/UserFederationMapperSpi.java
index f668058..9597f08 100644
--- a/model/api/src/main/java/org/keycloak/mappers/UserFederationMapperSpi.java
+++ b/model/api/src/main/java/org/keycloak/mappers/UserFederationMapperSpi.java
@@ -25,7 +25,7 @@ public class UserFederationMapperSpi implements Spi {
     }
 
     @Override
-    public boolean isPrivate() {
-        return false;
+    public boolean isInternal() {
+        return true;
     }
 }

model/api/src/main/java/org/keycloak/migration/MigrationSpi.java 2(+1 -1)

diff --git a/model/api/src/main/java/org/keycloak/migration/MigrationSpi.java b/model/api/src/main/java/org/keycloak/migration/MigrationSpi.java
index e599146..cc9601a 100644
--- a/model/api/src/main/java/org/keycloak/migration/MigrationSpi.java
+++ b/model/api/src/main/java/org/keycloak/migration/MigrationSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class MigrationSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

model/api/src/main/java/org/keycloak/models/entities/AuthenticationExecutionEntity.java 10(+5 -5)

diff --git a/model/api/src/main/java/org/keycloak/models/entities/AuthenticationExecutionEntity.java b/model/api/src/main/java/org/keycloak/models/entities/AuthenticationExecutionEntity.java
index c90a657..e98b371 100755
--- a/model/api/src/main/java/org/keycloak/models/entities/AuthenticationExecutionEntity.java
+++ b/model/api/src/main/java/org/keycloak/models/entities/AuthenticationExecutionEntity.java
@@ -13,7 +13,7 @@ public class AuthenticationExecutionEntity {
     protected AuthenticationExecutionModel.Requirement requirement;
     protected int priority;
     private boolean userSetupAllowed;
-    private boolean autheticatorFlow;
+    private boolean authenticatorFlow;
     private String parentFlow;
 
     public String getId() {
@@ -56,12 +56,12 @@ public class AuthenticationExecutionEntity {
         this.userSetupAllowed = userSetupAllowed;
     }
 
-    public boolean isAutheticatorFlow() {
-        return autheticatorFlow;
+    public boolean isAuthenticatorFlow() {
+        return authenticatorFlow;
     }
 
-    public void setAutheticatorFlow(boolean autheticatorFlow) {
-        this.autheticatorFlow = autheticatorFlow;
+    public void setAuthenticatorFlow(boolean authenticatorFlow) {
+        this.authenticatorFlow = authenticatorFlow;
     }
 
     public String getParentFlow() {

model/api/src/main/java/org/keycloak/models/entities/IdentityProviderEntity.java 19(+14 -5)

diff --git a/model/api/src/main/java/org/keycloak/models/entities/IdentityProviderEntity.java b/model/api/src/main/java/org/keycloak/models/entities/IdentityProviderEntity.java
index 04dd0bc..c4cdd62 100755
--- a/model/api/src/main/java/org/keycloak/models/entities/IdentityProviderEntity.java
+++ b/model/api/src/main/java/org/keycloak/models/entities/IdentityProviderEntity.java
@@ -30,7 +30,8 @@ public class IdentityProviderEntity {
     private String providerId;
     private String name;
     private boolean enabled;
-    private boolean updateProfileFirstLogin;
+    private String updateProfileFirstLoginMode;
+    private boolean trustEmail;
     private boolean storeToken;
     protected boolean addReadTokenRoleOnCreate;
     private boolean authenticateByDefault;
@@ -61,12 +62,12 @@ public class IdentityProviderEntity {
         this.enabled = enabled;
     }
 
-    public boolean isUpdateProfileFirstLogin() {
-        return updateProfileFirstLogin;
+    public String getUpdateProfileFirstLoginMode() {
+        return updateProfileFirstLoginMode;
     }
 
-    public void setUpdateProfileFirstLogin(boolean updateProfileFirstLogin) {
-        this.updateProfileFirstLogin = updateProfileFirstLogin;
+    public void setUpdateProfileFirstLoginMode(String updateProfileFirstLoginMode) {
+        this.updateProfileFirstLoginMode = updateProfileFirstLoginMode;
     }
 
     public boolean isAuthenticateByDefault() {
@@ -116,4 +117,12 @@ public class IdentityProviderEntity {
     public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) {
         this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate;
     }
+
+    public boolean isTrustEmail() {
+        return trustEmail;
+    }
+
+    public void setTrustEmail(boolean trustEmail) {
+        this.trustEmail = trustEmail;
+    }
 }

model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java 18(+9 -9)

diff --git a/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java b/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java
index 7c393bb..827c80b 100755
--- a/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java
+++ b/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java
@@ -17,9 +17,9 @@ public class RealmEntity extends AbstractIdentifiableEntity {
     protected boolean registrationEmailAsUsername;
     private boolean rememberMe;
     private boolean verifyEmail;
-    private boolean passwordCredentialGrantAllowed;
     private boolean resetPasswordAllowed;
     private String passwordPolicy;
+    private boolean editUsernameAllowed;
     //--- brute force settings
     private boolean bruteForceProtected;
     private int maxFailureWaitSeconds;
@@ -102,14 +102,6 @@ public class RealmEntity extends AbstractIdentifiableEntity {
         this.sslRequired = sslRequired;
     }
 
-    public boolean isPasswordCredentialGrantAllowed() {
-        return passwordCredentialGrantAllowed;
-    }
-
-    public void setPasswordCredentialGrantAllowed(boolean passwordCredentialGrantAllowed) {
-        this.passwordCredentialGrantAllowed = passwordCredentialGrantAllowed;
-    }
-
     public boolean isRegistrationAllowed() {
         return registrationAllowed;
     }
@@ -150,6 +142,14 @@ public class RealmEntity extends AbstractIdentifiableEntity {
         this.resetPasswordAllowed = resetPasswordAllowed;
     }
 
+    public boolean isEditUsernameAllowed() {
+        return editUsernameAllowed;
+    }
+
+    public void setEditUsernameAllowed(boolean editUsernameAllowed) {
+        this.editUsernameAllowed = editUsernameAllowed;
+    }
+
     public String getPasswordPolicy() {
         return passwordPolicy;
     }

model/api/src/main/java/org/keycloak/models/IdentityProviderModel.java 38(+32 -6)

diff --git a/model/api/src/main/java/org/keycloak/models/IdentityProviderModel.java b/model/api/src/main/java/org/keycloak/models/IdentityProviderModel.java
index c7cb4a7..0c34e4b 100755
--- a/model/api/src/main/java/org/keycloak/models/IdentityProviderModel.java
+++ b/model/api/src/main/java/org/keycloak/models/IdentityProviderModel.java
@@ -20,6 +20,8 @@ package org.keycloak.models;
 import java.util.HashMap;
 import java.util.Map;
 
+import org.keycloak.representations.idm.IdentityProviderRepresentation;
+
 /**
  * <p>A model type representing the configuration for identity providers. It provides some common properties and also a {@link org.keycloak.models.IdentityProviderModel#config}
  * for configuration options and properties specifics to a identity provider.</p>
@@ -43,7 +45,15 @@ public class IdentityProviderModel {
 
     private boolean enabled;
 
-    private boolean updateProfileFirstLogin = true;
+    /**
+     * For possible values see {@link IdentityProviderRepresentation#getUpdateProfileFirstLoginMode()}
+     * @see IdentityProviderRepresentation#UPFLM_ON
+     * @see IdentityProviderRepresentation#UPFLM_MISSING
+     * @see IdentityProviderRepresentation#UPFLM_OFF
+     */
+    protected String updateProfileFirstLoginMode = IdentityProviderRepresentation.UPFLM_ON;
+    
+    private boolean trustEmail;
 
     private boolean storeToken;
 
@@ -68,7 +78,8 @@ public class IdentityProviderModel {
         this.alias = model.getAlias();
         this.config = new HashMap<String, String>(model.getConfig());
         this.enabled = model.isEnabled();
-        this.updateProfileFirstLogin = model.isUpdateProfileFirstLogin();
+        this.updateProfileFirstLoginMode = model.getUpdateProfileFirstLoginMode();
+        this.trustEmail = model.isTrustEmail();
         this.storeToken = model.isStoreToken();
         this.authenticateByDefault = model.isAuthenticateByDefault();
         this.addReadTokenRoleOnCreate = model.addReadTokenRoleOnCreate;
@@ -106,12 +117,18 @@ public class IdentityProviderModel {
         this.enabled = enabled;
     }
 
-    public boolean isUpdateProfileFirstLogin() {
-        return this.updateProfileFirstLogin;
+    /**
+     * @see IdentityProviderRepresentation#getUpdateProfileFirstLoginMode() 
+     */
+    public String getUpdateProfileFirstLoginMode() {
+        return updateProfileFirstLoginMode;
     }
 
-    public void setUpdateProfileFirstLogin(boolean updateProfileFirstLogin) {
-        this.updateProfileFirstLogin = updateProfileFirstLogin;
+    /**
+     * @see IdentityProviderRepresentation#setUpdateProfileFirstLoginMode(String) 
+     */
+    public void setUpdateProfileFirstLoginMode(String updateProfileFirstLoginMode) {
+        this.updateProfileFirstLoginMode = updateProfileFirstLoginMode;
     }
 
     public boolean isStoreToken() {
@@ -145,4 +162,13 @@ public class IdentityProviderModel {
     public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) {
         this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate;
     }
+
+    public boolean isTrustEmail() {
+        return trustEmail;
+    }
+
+    public void setTrustEmail(boolean trustEmail) {
+        this.trustEmail = trustEmail;
+    }
+    
 }

model/api/src/main/java/org/keycloak/models/LDAPConstants.java 15(+11 -4)

diff --git a/model/api/src/main/java/org/keycloak/models/LDAPConstants.java b/model/api/src/main/java/org/keycloak/models/LDAPConstants.java
index 94e792d..22f8979 100644
--- a/model/api/src/main/java/org/keycloak/models/LDAPConstants.java
+++ b/model/api/src/main/java/org/keycloak/models/LDAPConstants.java
@@ -19,10 +19,15 @@ public class LDAPConstants {
 
     public static final String CONNECTION_URL = "connectionUrl";
     public static final String SECURITY_PROTOCOL = "securityProtocol";
-    public static final String USER_DNS = "userDns";
+    public static final String BASE_DN = "baseDn"; // used for tests only
+    public static final String USERS_DN = "usersDn";
     public static final String BIND_DN = "bindDn";
     public static final String BIND_CREDENTIAL = "bindCredential";
 
+    public static final String AUTH_TYPE = "authType";
+    public static final String AUTH_TYPE_NONE = "none";
+    public static final String AUTH_TYPE_SIMPLE = "simple";
+
     public static final String SEARCH_SCOPE = "searchScope";
     public static final String CONNECTION_POOLING = "connectionPooling";
     public static final String PAGINATION = "pagination";
@@ -47,7 +52,7 @@ public class LDAPConstants {
     public static final String CONFIG_DIVIDER = ":::";
 
     // Those are forked from Picketlink
-    public static final String GIVENNAME = "givenname";
+    public static final String GIVENNAME = "givenName";
     public static final String CN = "cn";
     public static final String SN = "sn";
     public static final String SAM_ACCOUNT_NAME = "sAMAccountName";
@@ -58,6 +63,7 @@ public class LDAPConstants {
     public static final String OBJECT_CLASS = "objectclass";
     public static final String UID = "uid";
     public static final String USER_PASSWORD_ATTRIBUTE = "userpassword";
+    public static final String GROUP = "group";
     public static final String GROUP_OF_NAMES = "groupOfNames";
     public static final String GROUP_OF_ENTRIES = "groupOfEntries";
     public static final String GROUP_OF_UNIQUE_NAMES = "groupOfUniqueNames";
@@ -65,12 +71,13 @@ public class LDAPConstants {
     public static final String COMMA = ",";
     public static final String EQUAL = "=";
     public static final String EMPTY_ATTRIBUTE_VALUE = " ";
+    public static final String EMPTY_MEMBER_ATTRIBUTE_VALUE = "";
 
     public static final String CUSTOM_ATTRIBUTE_ENABLED = "enabled";
     public static final String CUSTOM_ATTRIBUTE_CREATE_DATE = "createDate";
     public static final String CUSTOM_ATTRIBUTE_EXPIRY_DATE = "expiryDate";
     public static final String ENTRY_UUID = "entryUUID";
     public static final String OBJECT_GUID = "objectGUID";
-    public static final String CREATE_TIMESTAMP = "createTimeStamp";
-    public static final String MODIFY_TIMESTAMP = "modifyTimeStamp";
+    public static final String CREATE_TIMESTAMP = "createTimestamp";
+    public static final String MODIFY_TIMESTAMP = "modifyTimestamp";
 }

model/api/src/main/java/org/keycloak/models/RealmModel.java 18(+12 -6)

diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java
index 43eaa30..61bdbee 100755
--- a/model/api/src/main/java/org/keycloak/models/RealmModel.java
+++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java
@@ -29,6 +29,12 @@ public interface RealmModel extends RoleContainerModel {
         RealmModel getRealm();
     }
 
+    interface UserFederationMapperEvent extends ProviderEvent {
+        UserFederationMapperModel getFederationMapper();
+        RealmModel getRealm();
+        KeycloakSession getSession();
+    }
+
     String getId();
 
     String getName();
@@ -47,18 +53,18 @@ public interface RealmModel extends RoleContainerModel {
 
     void setRegistrationAllowed(boolean registrationAllowed);
 
-    public boolean isRegistrationEmailAsUsername();
-
-    public void setRegistrationEmailAsUsername(boolean registrationEmailAsUsername);
+    boolean isRegistrationEmailAsUsername();
 
-    boolean isPasswordCredentialGrantAllowed();
-
-    void setPasswordCredentialGrantAllowed(boolean passwordCredentialGrantAllowed);
+    void setRegistrationEmailAsUsername(boolean registrationEmailAsUsername);
 
     boolean isRememberMe();
 
     void setRememberMe(boolean rememberMe);
 
+    boolean isEditUsernameAllowed();
+
+    void setEditUsernameAllowed(boolean editUsernameAllowed);
+
     //--- brute force settings
     boolean isBruteForceProtected();
     void setBruteForceProtected(boolean value);

model/api/src/main/java/org/keycloak/models/RealmSpi.java 2(+1 -1)

diff --git a/model/api/src/main/java/org/keycloak/models/RealmSpi.java b/model/api/src/main/java/org/keycloak/models/RealmSpi.java
index f531cd9..ce49557 100755
--- a/model/api/src/main/java/org/keycloak/models/RealmSpi.java
+++ b/model/api/src/main/java/org/keycloak/models/RealmSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class RealmSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

model/api/src/main/java/org/keycloak/models/UserFederationManager.java 20(+18 -2)

diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
index d094b82..86355fb 100755
--- a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
+++ b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
@@ -20,6 +20,9 @@ public class UserFederationManager implements UserProvider {
 
     protected KeycloakSession session;
 
+    // Set of already validated/proxied users during this session. Key is user ID
+    private Map<String, UserModel> managedUsers = new HashMap<>();
+
     public UserFederationManager(KeycloakSession session) {
         this.session = session;
     }
@@ -47,7 +50,9 @@ public class UserFederationManager implements UserProvider {
             UserFederationProvider fed = getFederationProvider(federation);
             if (fed.synchronizeRegistrations()) {
                 user.setFederationLink(federation.getId());
-                return fed.register(realm, user);
+                UserModel registered = fed.register(realm, user);
+                managedUsers.put(registered.getId(), registered);
+                return registered;
             }
         }
         return user;
@@ -70,6 +75,7 @@ public class UserFederationManager implements UserProvider {
             boolean fedRemoved = link.removeUser(realm, user);
             if (fedRemoved) {
                 boolean localRemoved = session.userStorage().removeUser(realm, user);
+                managedUsers.remove(user.getId());
                 if (!localRemoved) {
                     logger.warn("User removed from federation provider, but failed to remove him from keycloak model");
                 }
@@ -84,6 +90,10 @@ public class UserFederationManager implements UserProvider {
     }
 
     protected void validateUser(RealmModel realm, UserModel user) {
+        if (managedUsers.containsKey(user.getId())) {
+            return;
+        }
+
         UserFederationProvider link = getFederationLink(realm, user);
         if (link != null  && !link.isValid(realm, user)) {
             deleteInvalidUser(realm, user);
@@ -100,7 +110,7 @@ public class UserFederationManager implements UserProvider {
             if (realmModel == null) return;
             UserModel deletedUser = tx.userStorage().getUserById(user.getId(), realmModel);
             tx.userStorage().removeUser(realmModel, deletedUser);
-            logger.debugf("Removed invalid user '%s'", user.getUsername());
+            logger.infof("Removed invalid user '%s'", user.getUsername());
             tx.getTransaction().commit();
         } finally {
             tx.close();
@@ -109,10 +119,16 @@ public class UserFederationManager implements UserProvider {
 
 
     protected UserModel validateAndProxyUser(RealmModel realm, UserModel user) {
+        UserModel managed = managedUsers.get(user.getId());
+        if (managed != null) {
+            return managed;
+        }
+
         UserFederationProvider link = getFederationLink(realm, user);
         if (link != null) {
             UserModel validatedProxyUser = link.validateAndProxy(realm, user);
             if (validatedProxyUser != null) {
+                managedUsers.put(user.getId(), user);
                 return validatedProxyUser;
             } else {
                 deleteInvalidUser(realm, user);

model/api/src/main/java/org/keycloak/models/UserFederationMapperEventImpl.java 33(+33 -0)

diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationMapperEventImpl.java b/model/api/src/main/java/org/keycloak/models/UserFederationMapperEventImpl.java
new file mode 100644
index 0000000..212ecc3
--- /dev/null
+++ b/model/api/src/main/java/org/keycloak/models/UserFederationMapperEventImpl.java
@@ -0,0 +1,33 @@
+package org.keycloak.models;
+
+/**
+ * Called during creation or update of UserFederationMapperModel
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class UserFederationMapperEventImpl implements RealmModel.UserFederationMapperEvent {
+
+    private final UserFederationMapperModel mapperModel;
+    private final RealmModel realm;
+    private final KeycloakSession session;
+
+    public UserFederationMapperEventImpl(UserFederationMapperModel mapperModel, RealmModel realm, KeycloakSession session) {
+        this.mapperModel = mapperModel;
+        this.realm = realm;
+        this.session = session;
+    }
+
+    @Override
+    public UserFederationMapperModel getFederationMapper() {
+        return mapperModel;
+    }
+
+    @Override
+    public RealmModel getRealm() {
+        return realm;
+    }
+
+    public KeycloakSession getSession() {
+        return session;
+    }
+}

model/api/src/main/java/org/keycloak/models/UserFederationSpi.java 2(+1 -1)

diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationSpi.java b/model/api/src/main/java/org/keycloak/models/UserFederationSpi.java
index c17c02a..6b97751 100755
--- a/model/api/src/main/java/org/keycloak/models/UserFederationSpi.java
+++ b/model/api/src/main/java/org/keycloak/models/UserFederationSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class UserFederationSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return false;
     }

model/api/src/main/java/org/keycloak/models/UserSessionSpi.java 2(+1 -1)

diff --git a/model/api/src/main/java/org/keycloak/models/UserSessionSpi.java b/model/api/src/main/java/org/keycloak/models/UserSessionSpi.java
index 8755660..993eb9e 100644
--- a/model/api/src/main/java/org/keycloak/models/UserSessionSpi.java
+++ b/model/api/src/main/java/org/keycloak/models/UserSessionSpi.java
@@ -12,7 +12,7 @@ public class UserSessionSpi implements Spi {
     public static final String NAME = "userSessions";
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

model/api/src/main/java/org/keycloak/models/UserSpi.java 2(+1 -1)

diff --git a/model/api/src/main/java/org/keycloak/models/UserSpi.java b/model/api/src/main/java/org/keycloak/models/UserSpi.java
index 1d6cd74..af834e8 100755
--- a/model/api/src/main/java/org/keycloak/models/UserSpi.java
+++ b/model/api/src/main/java/org/keycloak/models/UserSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class UserSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java 4(+1 -3)

diff --git a/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java b/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
index 77f825f..f9dd204 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
@@ -13,7 +13,6 @@ import org.keycloak.models.RequiredCredentialModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserFederationMapperModel;
-import org.keycloak.models.UserFederationProvider;
 import org.keycloak.models.UserFederationProviderModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.util.CertificateUtils;
@@ -30,7 +29,6 @@ import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.HashMap;
-import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -334,7 +332,7 @@ public final class KeycloakModelUtils {
         mapperModel.setFederationProviderId(federationProviderId);
         mapperModel.setFederationMapperType(mapperType);
 
-        Map<String, String> configMap = new HashMap<String, String>();
+        Map<String, String> configMap = new HashMap<>();
         String key = null;
         for (String configEntry : config) {
             if (key == null) {

model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java 5(+3 -2)

diff --git a/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
index 67d5932..2adcb25 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
@@ -99,7 +99,6 @@ public class ModelToRepresentation {
             rep.setCodeSecret(realm.getCodeSecret());
         }
         rep.setCertificate(realm.getCertificatePem());
-        rep.setPasswordCredentialGrantAllowed(realm.isPasswordCredentialGrantAllowed());
         rep.setRegistrationAllowed(realm.isRegistrationAllowed());
         rep.setRegistrationEmailAsUsername(realm.isRegistrationEmailAsUsername());
         rep.setRememberMe(realm.isRememberMe());
@@ -124,6 +123,7 @@ public class ModelToRepresentation {
 
         rep.setVerifyEmail(realm.isVerifyEmail());
         rep.setResetPasswordAllowed(realm.isResetPasswordAllowed());
+        rep.setEditUsernameAllowed(realm.isEditUsernameAllowed());
         rep.setAccessTokenLifespan(realm.getAccessTokenLifespan());
         rep.setSsoSessionIdleTimeout(realm.getSsoSessionIdleTimeout());
         rep.setSsoSessionMaxLifespan(realm.getSsoSessionMaxLifespan());
@@ -324,7 +324,8 @@ public class ModelToRepresentation {
         providerRep.setAlias(identityProviderModel.getAlias());
         providerRep.setEnabled(identityProviderModel.isEnabled());
         providerRep.setStoreToken(identityProviderModel.isStoreToken());
-        providerRep.setUpdateProfileFirstLogin(identityProviderModel.isUpdateProfileFirstLogin());
+        providerRep.setUpdateProfileFirstLoginMode(identityProviderModel.getUpdateProfileFirstLoginMode());
+        providerRep.setTrustEmail(identityProviderModel.isTrustEmail());
         providerRep.setAuthenticateByDefault(identityProviderModel.isAuthenticateByDefault());
         providerRep.setConfig(identityProviderModel.getConfig());
         providerRep.setAddReadTokenRoleOnCreate(identityProviderModel.isAddReadTokenRoleOnCreate());

model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java 7(+4 -3)

diff --git a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
index 715b14a..c9611af 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@@ -96,13 +96,13 @@ public class RepresentationToModel {
         else newRealm.setAccessCodeLifespanLogin(1800);
 
         if (rep.getSslRequired() != null) newRealm.setSslRequired(SslRequired.valueOf(rep.getSslRequired().toUpperCase()));
-        if (rep.isPasswordCredentialGrantAllowed() != null) newRealm.setPasswordCredentialGrantAllowed(rep.isPasswordCredentialGrantAllowed());
         if (rep.isRegistrationAllowed() != null) newRealm.setRegistrationAllowed(rep.isRegistrationAllowed());
         if (rep.isRegistrationEmailAsUsername() != null)
             newRealm.setRegistrationEmailAsUsername(rep.isRegistrationEmailAsUsername());
         if (rep.isRememberMe() != null) newRealm.setRememberMe(rep.isRememberMe());
         if (rep.isVerifyEmail() != null) newRealm.setVerifyEmail(rep.isVerifyEmail());
         if (rep.isResetPasswordAllowed() != null) newRealm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
+        if (rep.isEditUsernameAllowed() != null) newRealm.setEditUsernameAllowed(rep.isEditUsernameAllowed());
         if (rep.getPrivateKey() == null || rep.getPublicKey() == null) {
             KeycloakModelUtils.generateRealmKeys(newRealm);
         } else {
@@ -420,12 +420,12 @@ public class RepresentationToModel {
         if (rep.getQuickLoginCheckMilliSeconds() != null) realm.setQuickLoginCheckMilliSeconds(rep.getQuickLoginCheckMilliSeconds());
         if (rep.getMaxDeltaTimeSeconds() != null) realm.setMaxDeltaTimeSeconds(rep.getMaxDeltaTimeSeconds());
         if (rep.getFailureFactor() != null) realm.setFailureFactor(rep.getFailureFactor());
-        if (rep.isPasswordCredentialGrantAllowed() != null) realm.setPasswordCredentialGrantAllowed(rep.isPasswordCredentialGrantAllowed());
         if (rep.isRegistrationAllowed() != null) realm.setRegistrationAllowed(rep.isRegistrationAllowed());
         if (rep.isRegistrationEmailAsUsername() != null) realm.setRegistrationEmailAsUsername(rep.isRegistrationEmailAsUsername());
         if (rep.isRememberMe() != null) realm.setRememberMe(rep.isRememberMe());
         if (rep.isVerifyEmail() != null) realm.setVerifyEmail(rep.isVerifyEmail());
         if (rep.isResetPasswordAllowed() != null) realm.setResetPasswordAllowed(rep.isResetPasswordAllowed());
+        if (rep.isEditUsernameAllowed() != null) realm.setEditUsernameAllowed(rep.isEditUsernameAllowed());
         if (rep.getSslRequired() != null) realm.setSslRequired(SslRequired.valueOf(rep.getSslRequired().toUpperCase()));
         if (rep.getAccessCodeLifespan() != null) realm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
         if (rep.getAccessCodeLifespanUserAction() != null) realm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction());
@@ -917,7 +917,8 @@ public class RepresentationToModel {
         identityProviderModel.setAlias(representation.getAlias());
         identityProviderModel.setProviderId(representation.getProviderId());
         identityProviderModel.setEnabled(representation.isEnabled());
-        identityProviderModel.setUpdateProfileFirstLogin(representation.isUpdateProfileFirstLogin());
+        identityProviderModel.setUpdateProfileFirstLoginMode(representation.getUpdateProfileFirstLoginMode());
+        identityProviderModel.setTrustEmail(representation.isTrustEmail());
         identityProviderModel.setAuthenticateByDefault(representation.isAuthenticateByDefault());
         identityProviderModel.setStoreToken(representation.isStoreToken());
         identityProviderModel.setAddReadTokenRoleOnCreate(representation.isAddReadTokenRoleOnCreate());

model/api/src/main/java/org/keycloak/provider/ProviderConfigProperty.java 1(+1 -0)

diff --git a/model/api/src/main/java/org/keycloak/provider/ProviderConfigProperty.java b/model/api/src/main/java/org/keycloak/provider/ProviderConfigProperty.java
index e3a217d..fad9d6c 100755
--- a/model/api/src/main/java/org/keycloak/provider/ProviderConfigProperty.java
+++ b/model/api/src/main/java/org/keycloak/provider/ProviderConfigProperty.java
@@ -8,6 +8,7 @@ public class ProviderConfigProperty {
     public static final String BOOLEAN_TYPE="boolean";
     public static final String STRING_TYPE="String";
     public static final String LIST_TYPE="List";
+    public static final String CLIENT_LIST_TYPE="ClientList";
 
     protected String name;
     protected String label;

model/api/src/main/java/org/keycloak/provider/Spi.java 8(+4 -4)

diff --git a/model/api/src/main/java/org/keycloak/provider/Spi.java b/model/api/src/main/java/org/keycloak/provider/Spi.java
index be68251..e88b66b 100644
--- a/model/api/src/main/java/org/keycloak/provider/Spi.java
+++ b/model/api/src/main/java/org/keycloak/provider/Spi.java
@@ -5,9 +5,9 @@ package org.keycloak.provider;
  */
 public interface Spi {
 
-    public boolean isPrivate();
-    public String getName();
-    public Class<? extends Provider> getProviderClass();
-    public Class<? extends ProviderFactory> getProviderFactoryClass();
+    boolean isInternal();
+    String getName();
+    Class<? extends Provider> getProviderClass();
+    Class<? extends ProviderFactory> getProviderFactoryClass();
 
 }

model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java 38(+24 -14)

diff --git a/model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java b/model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java
index 26e09bb..1a19bad 100755
--- a/model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java
+++ b/model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java
@@ -30,6 +30,7 @@ import org.keycloak.models.PasswordPolicy;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RequiredCredentialModel;
 import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserFederationMapperEventImpl;
 import org.keycloak.models.UserFederationMapperModel;
 import org.keycloak.models.UserFederationProviderCreationEventImpl;
 import org.keycloak.models.UserFederationProviderModel;
@@ -139,16 +140,6 @@ public class RealmAdapter implements RealmModel {
     }
 
     @Override
-    public boolean isPasswordCredentialGrantAllowed() {
-        return realm.isPasswordCredentialGrantAllowed();
-    }
-
-    @Override
-    public void setPasswordCredentialGrantAllowed(boolean passwordCredentialGrantAllowed) {
-        realm.setPasswordCredentialGrantAllowed(passwordCredentialGrantAllowed);
-    }
-
-    @Override
     public boolean isRegistrationAllowed() {
         return realm.isRegistrationAllowed();
     }
@@ -271,6 +262,16 @@ public class RealmAdapter implements RealmModel {
     }
 
     @Override
+    public boolean isEditUsernameAllowed() {
+        return realm.isEditUsernameAllowed();
+    }
+
+    @Override
+    public void setEditUsernameAllowed(boolean editUsernameAllowed) {
+        realm.setEditUsernameAllowed(editUsernameAllowed);
+    }
+
+    @Override
     public PasswordPolicy getPasswordPolicy() {
         if (passwordPolicy == null) {
             passwordPolicy = new PasswordPolicy(realm.getPasswordPolicy());
@@ -837,7 +838,9 @@ public class RealmAdapter implements RealmModel {
         realm.getUserFederationProviders().add(entity);
 
         UserFederationProviderModel providerModel = new UserFederationProviderModel(entity.getId(), providerName, config, priority, displayName, fullSyncPeriod, changedSyncPeriod, lastSync);
+
         session.getKeycloakSessionFactory().publish(new UserFederationProviderCreationEventImpl(this, providerModel));
+
         return providerModel;
     }
 
@@ -935,6 +938,7 @@ public class RealmAdapter implements RealmModel {
             entity.setChangedSyncPeriod(model.getChangedSyncPeriod());
             entity.setLastSync(model.getLastSync());
             entities.add(entity);
+
             session.getKeycloakSessionFactory().publish(new UserFederationProviderCreationEventImpl(this, model));
         }
 
@@ -1283,7 +1287,7 @@ public class RealmAdapter implements RealmModel {
         model.setPriority(entity.getPriority());
         model.setAuthenticator(entity.getAuthenticator());
         model.setParentFlow(entity.getParentFlow());
-        model.setAutheticatorFlow(entity.isAutheticatorFlow());
+        model.setAutheticatorFlow(entity.isAuthenticatorFlow());
         return model;
     }
 
@@ -1313,7 +1317,7 @@ public class RealmAdapter implements RealmModel {
         entity.setPriority(model.getPriority());
         entity.setRequirement(model.getRequirement());
         entity.setUserSetupAllowed(model.isUserSetupAllowed());
-        entity.setAutheticatorFlow(model.isAutheticatorFlow());
+        entity.setAuthenticatorFlow(model.isAutheticatorFlow());
         AuthenticationFlowEntity flow = getFlowEntity(model.getId());
         flow.getExecutions().add(entity);
         model.setId(entity.getId());
@@ -1331,7 +1335,7 @@ public class RealmAdapter implements RealmModel {
             }
         }
         if (entity == null) return;
-        entity.setAutheticatorFlow(model.isAutheticatorFlow());
+        entity.setAuthenticatorFlow(model.isAutheticatorFlow());
         entity.setAuthenticator(model.getAuthenticator());
         entity.setPriority(model.getPriority());
         entity.setRequirement(model.getRequirement());
@@ -1459,7 +1463,11 @@ public class RealmAdapter implements RealmModel {
         entity.setConfig(model.getConfig());
 
         this.realm.getUserFederationMappers().add(entity);
-        return entityToModel(entity);
+        UserFederationMapperModel mapperModel = entityToModel(entity);
+
+        session.getKeycloakSessionFactory().publish(new UserFederationMapperEventImpl(mapperModel, this, session));
+
+        return mapperModel;
     }
 
     protected UserFederationMapperEntity getUserFederationMapperEntity(String id) {
@@ -1511,6 +1519,8 @@ public class RealmAdapter implements RealmModel {
             entity.getConfig().clear();
             entity.getConfig().putAll(mapper.getConfig());
         }
+
+        session.getKeycloakSessionFactory().publish(new UserFederationMapperEventImpl(mapper, this, session));
     }
 
     @Override

model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheRealmProviderSpi.java 2(+1 -1)

diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheRealmProviderSpi.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheRealmProviderSpi.java
index 300b8f0..bff04a9 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheRealmProviderSpi.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheRealmProviderSpi.java
@@ -11,7 +11,7 @@ import org.keycloak.provider.Spi;
 public class CacheRealmProviderSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProviderSpi.java 2(+1 -1)

diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProviderSpi.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProviderSpi.java
index 9e0affa..989f062 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProviderSpi.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProviderSpi.java
@@ -11,7 +11,7 @@ import org.keycloak.provider.Spi;
 public class CacheUserProviderSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java 12(+6 -6)

diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java
index d93acf6..016870e 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java
@@ -39,9 +39,9 @@ public class CachedRealm {
     private boolean registrationEmailAsUsername;
     private boolean rememberMe;
     private boolean verifyEmail;
-    private boolean passwordCredentialGrantAllowed;
     private boolean resetPasswordAllowed;
     private boolean identityFederationEnabled;
+    private boolean editUsernameAllowed;
     //--- brute force settings
     private boolean bruteForceProtected;
     private int maxFailureWaitSeconds;
@@ -111,9 +111,9 @@ public class CachedRealm {
         registrationEmailAsUsername = model.isRegistrationEmailAsUsername();
         rememberMe = model.isRememberMe();
         verifyEmail = model.isVerifyEmail();
-        passwordCredentialGrantAllowed = model.isPasswordCredentialGrantAllowed();
         resetPasswordAllowed = model.isResetPasswordAllowed();
         identityFederationEnabled = model.isIdentityFederationEnabled();
+        editUsernameAllowed = model.isEditUsernameAllowed();
         //--- brute force settings
         bruteForceProtected = model.isBruteForceProtected();
         maxFailureWaitSeconds = model.getMaxFailureWaitSeconds();
@@ -244,10 +244,6 @@ public class CachedRealm {
         return registrationEmailAsUsername;
     }
 
-    public boolean isPasswordCredentialGrantAllowed() {
-        return passwordCredentialGrantAllowed;
-    }
-
     public boolean isRememberMe() {
         return this.rememberMe;
     }
@@ -288,6 +284,10 @@ public class CachedRealm {
         return resetPasswordAllowed;
     }
 
+    public boolean isEditUsernameAllowed() {
+        return editUsernameAllowed;
+    }
+
     public int getSsoSessionIdleTimeout() {
         return ssoSessionIdleTimeout;
     }

model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java 26(+12 -14)

diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java
index afb1c2c..75b8b82 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java
@@ -8,14 +8,12 @@ import org.keycloak.models.AuthenticatorModel;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.IdentityProviderMapperModel;
 import org.keycloak.models.IdentityProviderModel;
-import org.keycloak.models.LDAPConstants;
 import org.keycloak.models.PasswordPolicy;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RequiredCredentialModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserFederationMapperModel;
 import org.keycloak.models.UserFederationProviderModel;
-import org.keycloak.models.UserModel;
 import org.keycloak.models.cache.entities.CachedRealm;
 import org.keycloak.models.utils.KeycloakModelUtils;
 
@@ -123,18 +121,6 @@ public class RealmAdapter implements RealmModel {
         getDelegateForUpdate();
         updated.setRegistrationEmailAsUsername(registrationEmailAsUsername);
     }
-    
-    @Override
-    public boolean isPasswordCredentialGrantAllowed() {
-        if (updated != null) return updated.isPasswordCredentialGrantAllowed();
-        return cached.isPasswordCredentialGrantAllowed();
-    }
-
-    @Override
-    public void setPasswordCredentialGrantAllowed(boolean passwordCredentialGrantAllowed) {
-        getDelegateForUpdate();
-        updated.setPasswordCredentialGrantAllowed(passwordCredentialGrantAllowed);
-    }
 
     @Override
     public boolean isRememberMe() {
@@ -257,6 +243,18 @@ public class RealmAdapter implements RealmModel {
     }
 
     @Override
+    public boolean isEditUsernameAllowed() {
+        if (updated != null) return updated.isEditUsernameAllowed();
+        return cached.isEditUsernameAllowed();
+    }
+
+    @Override
+    public void setEditUsernameAllowed(boolean editUsernameAllowed) {
+        getDelegateForUpdate();
+        updated.setEditUsernameAllowed(editUsernameAllowed);
+    }
+
+    @Override
     public int getSsoSessionIdleTimeout() {
         if (updated != null) return updated.getSsoSessionIdleTimeout();
         return cached.getSsoSessionIdleTimeout();

model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java 23(+17 -6)

diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java
index ba6de02..4cfefb4 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java
@@ -41,8 +41,11 @@ public class IdentityProviderEntity {
     @Column(name="ENABLED")
     private boolean enabled;
 
-    @Column(name="UPDATE_PROFILE_FIRST_LOGIN")
-    private boolean updateProfileFirstLogin;
+    @Column(name = "UPDATE_PROFILE_FIRST_LOGIN_MODE")
+    private String updateProfileFirstLoginMode;
+
+    @Column(name = "TRUST_EMAIL")
+    private boolean trustEmail;
 
     @Column(name="STORE_TOKEN")
     private boolean storeToken;
@@ -99,12 +102,12 @@ public class IdentityProviderEntity {
         this.enabled = enabled;
     }
 
-    public boolean isUpdateProfileFirstLogin() {
-        return this.updateProfileFirstLogin;
+    public String getUpdateProfileFirstLoginMode() {
+        return updateProfileFirstLoginMode;
     }
 
-    public void setUpdateProfileFirstLogin(boolean updateProfileFirstLogin) {
-        this.updateProfileFirstLogin = updateProfileFirstLogin;
+    public void setUpdateProfileFirstLoginMode(String updateProfileFirstLoginMode) {
+        this.updateProfileFirstLoginMode = updateProfileFirstLoginMode;
     }
 
     public boolean isStoreToken() {
@@ -138,4 +141,12 @@ public class IdentityProviderEntity {
     public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) {
         this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate;
     }
+
+    public boolean isTrustEmail() {
+        return trustEmail;
+    }
+
+    public void setTrustEmail(boolean trustEmail) {
+        this.trustEmail = trustEmail;
+    }
 }
\ No newline at end of file

model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java 20(+10 -10)

diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
index 089cd67..41be2b1 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
@@ -49,8 +49,6 @@ public class RealmEntity {
     protected boolean registrationAllowed;
     @Column(name = "REG_EMAIL_AS_USERNAME")
     protected boolean registrationEmailAsUsername;
-    @Column(name="PASSWORD_CRED_GRANT_ALLOWED")
-    protected boolean passwordCredentialGrantAllowed;
     @Column(name="VERIFY_EMAIL")
     protected boolean verifyEmail;
     @Column(name="RESET_PASSWORD_ALLOWED")
@@ -59,6 +57,8 @@ public class RealmEntity {
     protected boolean rememberMe;
     @Column(name="PASSWORD_POLICY")
     protected String passwordPolicy;
+    @Column(name="EDIT_USERNAME_ALLOWED")
+    protected boolean editUsernameAllowed;
 
     @Column(name="SSO_IDLE_TIMEOUT")
     private int ssoSessionIdleTimeout;
@@ -206,14 +206,6 @@ public class RealmEntity {
         this.sslRequired = sslRequired;
     }
 
-    public boolean isPasswordCredentialGrantAllowed() {
-        return passwordCredentialGrantAllowed;
-    }
-
-    public void setPasswordCredentialGrantAllowed(boolean passwordCredentialGrantAllowed) {
-        this.passwordCredentialGrantAllowed = passwordCredentialGrantAllowed;
-    }
-
     public boolean isRegistrationAllowed() {
         return registrationAllowed;
     }
@@ -254,6 +246,14 @@ public class RealmEntity {
         this.resetPasswordAllowed = resetPasswordAllowed;
     }
 
+    public boolean isEditUsernameAllowed() {
+        return editUsernameAllowed;
+    }
+
+    public void setEditUsernameAllowed(boolean editUsernameAllowed) {
+        this.editUsernameAllowed = editUsernameAllowed;
+    }
+
     public int getSsoSessionIdleTimeout() {
         return ssoSessionIdleTimeout;
     }

model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java 43(+28 -15)

diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
index 6689a24..7db1b47 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@@ -13,6 +13,7 @@ import org.keycloak.models.PasswordPolicy;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RequiredCredentialModel;
 import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserFederationMapperEventImpl;
 import org.keycloak.models.UserFederationMapperModel;
 import org.keycloak.models.UserFederationProviderCreationEventImpl;
 import org.keycloak.models.UserFederationProviderModel;
@@ -112,17 +113,6 @@ public class RealmAdapter implements RealmModel {
     }
 
     @Override
-    public boolean isPasswordCredentialGrantAllowed() {
-        return realm.isPasswordCredentialGrantAllowed();
-    }
-
-    @Override
-    public void setPasswordCredentialGrantAllowed(boolean passwordCredentialGrantAllowed) {
-        realm.setPasswordCredentialGrantAllowed(passwordCredentialGrantAllowed);
-        em.flush();
-    }
-
-    @Override
     public boolean isRegistrationAllowed() {
         return realm.isRegistrationAllowed();
     }
@@ -321,6 +311,17 @@ public class RealmAdapter implements RealmModel {
     }
 
     @Override
+    public boolean isEditUsernameAllowed() {
+        return realm.isEditUsernameAllowed();
+    }
+
+    @Override
+    public void setEditUsernameAllowed(boolean editUsernameAllowed) {
+        realm.setEditUsernameAllowed(editUsernameAllowed);
+        em.flush();
+    }
+
+    @Override
     public int getNotBefore() {
         return realm.getNotBefore();
     }
@@ -789,7 +790,9 @@ public class RealmAdapter implements RealmModel {
         realm.getUserFederationProviders().add(entity);
         em.flush();
         UserFederationProviderModel providerModel = new UserFederationProviderModel(entity.getId(), providerName, config, priority, displayName, fullSyncPeriod, changedSyncPeriod, lastSync);
+
         session.getKeycloakSessionFactory().publish(new UserFederationProviderCreationEventImpl(this, providerModel));
+
         return providerModel;
     }
 
@@ -907,6 +910,7 @@ public class RealmAdapter implements RealmModel {
             entity.setLastSync(model.getLastSync());
             em.persist(entity);
             realm.getUserFederationProviders().add(entity);
+
             session.getKeycloakSessionFactory().publish(new UserFederationProviderCreationEventImpl(this, model));
         }
     }
@@ -1153,7 +1157,8 @@ public class RealmAdapter implements RealmModel {
             identityProviderModel.setInternalId(entity.getInternalId());
             identityProviderModel.setConfig(entity.getConfig());
             identityProviderModel.setEnabled(entity.isEnabled());
-            identityProviderModel.setUpdateProfileFirstLogin(entity.isUpdateProfileFirstLogin());
+            identityProviderModel.setUpdateProfileFirstLoginMode(entity.getUpdateProfileFirstLoginMode());
+            identityProviderModel.setTrustEmail(entity.isTrustEmail());
             identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault());
             identityProviderModel.setStoreToken(entity.isStoreToken());
             identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate());
@@ -1185,7 +1190,8 @@ public class RealmAdapter implements RealmModel {
         entity.setEnabled(identityProvider.isEnabled());
         entity.setStoreToken(identityProvider.isStoreToken());
         entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
-        entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
+        entity.setUpdateProfileFirstLoginMode(identityProvider.getUpdateProfileFirstLoginMode());
+        entity.setTrustEmail(identityProvider.isTrustEmail());
         entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
         entity.setConfig(identityProvider.getConfig());
 
@@ -1211,7 +1217,8 @@ public class RealmAdapter implements RealmModel {
             if (entity.getInternalId().equals(identityProvider.getInternalId())) {
                 entity.setAlias(identityProvider.getAlias());
                 entity.setEnabled(identityProvider.isEnabled());
-                entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
+                entity.setUpdateProfileFirstLoginMode(identityProvider.getUpdateProfileFirstLoginMode());
+                entity.setTrustEmail(identityProvider.isTrustEmail());
                 entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
                 entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
                 entity.setStoreToken(identityProvider.isStoreToken());
@@ -1410,7 +1417,11 @@ public class RealmAdapter implements RealmModel {
 
         em.persist(entity);
         this.realm.getUserFederationMappers().add(entity);
-        return entityToModel(entity);
+        UserFederationMapperModel mapperModel = entityToModel(entity);
+
+        session.getKeycloakSessionFactory().publish(new UserFederationMapperEventImpl(mapperModel, this, session));
+
+        return mapperModel;
     }
 
     @Override
@@ -1464,6 +1475,8 @@ public class RealmAdapter implements RealmModel {
             entity.getConfig().putAll(mapper.getConfig());
         }
         em.flush();
+
+        session.getKeycloakSessionFactory().publish(new UserFederationMapperEventImpl(mapper, this, session));
     }
 
     @Override

model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java 62(+36 -26)

diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
index 9b57238..aa25be7 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
@@ -18,6 +18,7 @@ import org.keycloak.models.RealmModel;
 import org.keycloak.models.RealmProvider;
 import org.keycloak.models.RequiredCredentialModel;
 import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserFederationMapperEventImpl;
 import org.keycloak.models.UserFederationMapperModel;
 import org.keycloak.models.UserFederationProviderCreationEventImpl;
 import org.keycloak.models.UserFederationProviderModel;
@@ -112,17 +113,6 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
     }
 
     @Override
-    public boolean isPasswordCredentialGrantAllowed() {
-        return realm.isPasswordCredentialGrantAllowed();
-    }
-
-    @Override
-    public void setPasswordCredentialGrantAllowed(boolean passwordCredentialGrantAllowed) {
-        realm.setPasswordCredentialGrantAllowed(passwordCredentialGrantAllowed);
-        updateRealm();
-    }
-
-    @Override
     public boolean isRegistrationAllowed() {
         return realm.isRegistrationAllowed();
     }
@@ -255,6 +245,17 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
     }
 
     @Override
+    public boolean isEditUsernameAllowed() {
+        return realm.isEditUsernameAllowed();
+    }
+
+    @Override
+    public void setEditUsernameAllowed(boolean editUsernameAllowed) {
+        realm.setEditUsernameAllowed(editUsernameAllowed);
+        updateRealm();
+    }
+
+    @Override
     public PasswordPolicy getPasswordPolicy() {
         if (passwordPolicy == null) {
             passwordPolicy = new PasswordPolicy(realm.getPasswordPolicy());
@@ -771,7 +772,8 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
             identityProviderModel.setInternalId(entity.getInternalId());
             identityProviderModel.setConfig(entity.getConfig());
             identityProviderModel.setEnabled(entity.isEnabled());
-            identityProviderModel.setUpdateProfileFirstLogin(entity.isUpdateProfileFirstLogin());
+            identityProviderModel.setUpdateProfileFirstLoginMode(entity.getUpdateProfileFirstLoginMode());
+            identityProviderModel.setTrustEmail(entity.isTrustEmail());
             identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault());
             identityProviderModel.setStoreToken(entity.isStoreToken());
             identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate());
@@ -801,7 +803,8 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
         entity.setAlias(identityProvider.getAlias());
         entity.setProviderId(identityProvider.getProviderId());
         entity.setEnabled(identityProvider.isEnabled());
-        entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
+        entity.setUpdateProfileFirstLoginMode(identityProvider.getUpdateProfileFirstLoginMode());
+        entity.setTrustEmail(identityProvider.isTrustEmail());
         entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
         entity.setStoreToken(identityProvider.isStoreToken());
         entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
@@ -813,7 +816,6 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
 
     @Override
     public void removeIdentityProviderByAlias(String alias) {
-        IdentityProviderEntity toRemove;
         for (IdentityProviderEntity entity : realm.getIdentityProviders()) {
             if (entity.getAlias().equals(alias)) {
                 realm.getIdentityProviders().remove(entity);
@@ -829,7 +831,8 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
             if (entity.getInternalId().equals(identityProvider.getInternalId())) {
                 entity.setAlias(identityProvider.getAlias());
                 entity.setEnabled(identityProvider.isEnabled());
-                entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
+                entity.setUpdateProfileFirstLoginMode(identityProvider.getUpdateProfileFirstLoginMode());
+                entity.setTrustEmail(identityProvider.isTrustEmail());
                 entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
                 entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
                 entity.setStoreToken(identityProvider.isStoreToken());
@@ -860,7 +863,9 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
         updateRealm();
 
         UserFederationProviderModel providerModel = new UserFederationProviderModel(entity.getId(), providerName, config, priority, displayName, fullSyncPeriod, changedSyncPeriod, lastSync);
+
         session.getKeycloakSessionFactory().publish(new UserFederationProviderCreationEventImpl(this, providerModel));
+
         return providerModel;
     }
 
@@ -960,6 +965,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
             entity.setChangedSyncPeriod(model.getChangedSyncPeriod());
             entity.setLastSync(model.getLastSync());
             entities.add(entity);
+
             session.getKeycloakSessionFactory().publish(new UserFederationProviderCreationEventImpl(this, model));
         }
 
@@ -1230,7 +1236,6 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
     @Override
     public List<AuthenticationFlowModel> getAuthenticationFlows() {
         List<AuthenticationFlowEntity> flows = getMongoEntity().getAuthenticationFlows();
-        if (flows.size() == 0) return Collections.EMPTY_LIST;
         List<AuthenticationFlowModel> models = new LinkedList<>();
         for (AuthenticationFlowEntity entity : flows) {
             AuthenticationFlowModel model = entityToModel(entity);
@@ -1249,10 +1254,9 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
 
     @Override
     public AuthenticationFlowModel getAuthenticationFlowById(String id) {
-        for (AuthenticationFlowModel model : getAuthenticationFlows()) {
-            if (model.getId().equals(id)) return model;
-        }
-        return null;
+        AuthenticationFlowEntity entity = getFlowEntity(id);
+        if (entity == null) return null;
+        return entityToModel(entity);
     }
 
     protected AuthenticationFlowEntity getFlowEntity(String id) {
@@ -1274,7 +1278,6 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
 
     @Override
     public void updateAuthenticationFlow(AuthenticationFlowModel model) {
-        List<AuthenticationFlowEntity> flows = getMongoEntity().getAuthenticationFlows();
         AuthenticationFlowEntity toUpdate = getFlowEntity(model.getId());;
         if (toUpdate == null) return;
         toUpdate.setAlias(model.getAlias());
@@ -1316,7 +1319,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
         model.setPriority(entity.getPriority());
         model.setAuthenticator(entity.getAuthenticator());
         model.setParentFlow(entity.getParentFlow());
-        model.setAutheticatorFlow(entity.isAutheticatorFlow());
+        model.setAutheticatorFlow(entity.isAuthenticatorFlow());
         return model;
     }
 
@@ -1346,8 +1349,9 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
         entity.setPriority(model.getPriority());
         entity.setRequirement(model.getRequirement());
         entity.setUserSetupAllowed(model.isUserSetupAllowed());
-        entity.setAutheticatorFlow(model.isAutheticatorFlow());
-        AuthenticationFlowEntity flow = getFlowEntity(model.getId());
+        entity.setAuthenticatorFlow(model.isAutheticatorFlow());
+        entity.setParentFlow(model.getParentFlow());
+        AuthenticationFlowEntity flow = getFlowEntity(model.getParentFlow());
         flow.getExecutions().add(entity);
         updateMongoEntity();
         model.setId(entity.getId());
@@ -1365,7 +1369,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
             }
         }
         if (entity == null) return;
-        entity.setAutheticatorFlow(model.isAutheticatorFlow());
+        entity.setAuthenticatorFlow(model.isAutheticatorFlow());
         entity.setAuthenticator(model.getAuthenticator());
         entity.setPriority(model.getPriority());
         entity.setRequirement(model.getRequirement());
@@ -1499,7 +1503,11 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
 
         getMongoEntity().getUserFederationMappers().add(entity);
         updateMongoEntity();
-        return entityToModel(entity);
+        UserFederationMapperModel mapperModel = entityToModel(entity);
+
+        session.getKeycloakSessionFactory().publish(new UserFederationMapperEventImpl(mapperModel, this, session));
+
+        return mapperModel;
     }
 
     protected UserFederationMapperEntity getUserFederationMapperEntity(String id) {
@@ -1553,6 +1561,8 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
             entity.getConfig().putAll(mapper.getConfig());
         }
         updateMongoEntity();
+
+        session.getKeycloakSessionFactory().publish(new UserFederationMapperEventImpl(mapper, this, session));
     }
 
     @Override

pom.xml 25(+23 -2)

diff --git a/pom.xml b/pom.xml
index 5ba74c6..68471dc 100755
--- a/pom.xml
+++ b/pom.xml
@@ -47,7 +47,6 @@
         <postgresql.version>9.3-1100-jdbc41</postgresql.version>
         <dom4j.version>1.6.1</dom4j.version>
         <xml-apis.version>1.4.01</xml-apis.version>
-        <mysql.version>5.1.25</mysql.version>
         <slf4j.version>1.7.7.jbossorg-1</slf4j.version>
         <wildfly.version>9.0.0.CR1</wildfly.version>
         <wildfly.core.version>1.0.0.CR1</wildfly.core.version>
@@ -85,7 +84,7 @@
         <jboss.as.plugin.version>7.5.Final</jboss.as.plugin.version>
         <wildfly.plugin.version>1.0.1.Final</wildfly.plugin.version>
         <minify.plugin.version>1.7.2</minify.plugin.version>
-        <embedmongo.plugin.version>0.1.10</embedmongo.plugin.version>
+        <embedmongo.plugin.version>0.1.12</embedmongo.plugin.version>
         <jmeter.plugin.version>1.9.0</jmeter.plugin.version>
         <jmeter.analysis.plugin.version>1.0.4</jmeter.analysis.plugin.version>
     </properties>
@@ -885,6 +884,16 @@
             </dependency>
             <dependency>
                 <groupId>org.keycloak</groupId>
+                <artifactId>keycloak-wf8-subsystem</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.keycloak</groupId>
+                <artifactId>keycloak-wf9-subsystem</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.keycloak</groupId>
                 <artifactId>keycloak-subsystem</artifactId>
                 <version>${project.version}</version>
             </dependency>
@@ -1081,12 +1090,24 @@
             </dependency>
             <dependency>
                 <groupId>org.keycloak</groupId>
+                <artifactId>keycloak-as7-modules</artifactId>
+                <version>${project.version}</version>
+                <type>zip</type>
+            </dependency>
+            <dependency>
+                <groupId>org.keycloak</groupId>
                 <artifactId>keycloak-wf8-modules</artifactId>
                 <version>${project.version}</version>
                 <type>zip</type>
             </dependency>
             <dependency>
                 <groupId>org.keycloak</groupId>
+                <artifactId>keycloak-wf9-modules</artifactId>
+                <version>${project.version}</version>
+                <type>zip</type>
+            </dependency>
+            <dependency>
+                <groupId>org.keycloak</groupId>
                 <artifactId>keycloak-server-overlay</artifactId>
                 <version>${project.version}</version>
                 <type>zip</type>

proxy/proxy-server/src/main/java/org/keycloak/proxy/ConstraintAuthorizationHandler.java 55(+40 -15)

diff --git a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ConstraintAuthorizationHandler.java b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ConstraintAuthorizationHandler.java
index 58186dc..365feea 100755
--- a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ConstraintAuthorizationHandler.java
+++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ConstraintAuthorizationHandler.java
@@ -6,43 +6,68 @@ import io.undertow.util.HttpString;
 import org.keycloak.adapters.undertow.KeycloakUndertowAccount;
 import org.keycloak.representations.IDToken;
 
+import java.util.HashMap;
+import java.util.Map;
+
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
  */
 public class ConstraintAuthorizationHandler implements HttpHandler {
-    public static final HttpString KEYCLOAK_SUBJECT = new HttpString("KEYCLOAK-SUBJECT");
-    public static final HttpString KEYCLOAK_USERNAME = new HttpString("KEYCLOAK-USERNAME");
-    public static final HttpString KEYCLOAK_EMAIL = new HttpString("KEYCLOAK-EMAIL");
-    public static final HttpString KEYCLOAK_NAME = new HttpString("KEYCLOAK-NAME");
-    public static final HttpString KEYCLOAK_ACCESS_TOKEN = new HttpString("KEYCLOAK-ACCESS-TOKEN");
+
+    public static final String KEYCLOAK_SUBJECT = "KEYCLOAK_SUBJECT";
+    public static final String KEYCLOAK_USERNAME = "KEYCLOAK_USERNAME";
+    public static final String KEYCLOAK_EMAIL = "KEYCLOAK_EMAIL";
+    public static final String KEYCLOAK_NAME = "KEYCLOAK_NAME";
+    public static final String KEYCLOAK_ACCESS_TOKEN = "KEYCLOAK_ACCESS_TOKEN";
+    private final Map<String, HttpString> httpHeaderNames;
 
     protected HttpHandler next;
     protected String errorPage;
     protected boolean sendAccessToken;
 
-    public ConstraintAuthorizationHandler(HttpHandler next, String errorPage, boolean sendAccessToken) {
+    public ConstraintAuthorizationHandler(HttpHandler next, String errorPage, boolean sendAccessToken, Map<String, String> headerNames) {
         this.next = next;
         this.errorPage = errorPage;
         this.sendAccessToken = sendAccessToken;
+
+        this.httpHeaderNames = new HashMap<>();
+        this.httpHeaderNames.put(KEYCLOAK_SUBJECT, new HttpString(getOrDefault(headerNames, "keycloak-subject", KEYCLOAK_SUBJECT)));
+        this.httpHeaderNames.put(KEYCLOAK_SUBJECT, new HttpString(getOrDefault(headerNames, "keycloak-username", KEYCLOAK_USERNAME)));
+        this.httpHeaderNames.put(KEYCLOAK_EMAIL, new HttpString(getOrDefault(headerNames, "keycloak-email", KEYCLOAK_EMAIL)));
+        this.httpHeaderNames.put(KEYCLOAK_NAME, new HttpString(getOrDefault(headerNames, "keycloak-name", KEYCLOAK_NAME)));
+        this.httpHeaderNames.put(KEYCLOAK_ACCESS_TOKEN, new HttpString(getOrDefault(headerNames, "keycloak-access-token", KEYCLOAK_ACCESS_TOKEN)));
+    }
+
+    private String getOrDefault(Map<String, String> map, String key, String defaultValue) {
+        return map.containsKey(key) ? map.get(key) : defaultValue;
     }
 
     @Override
     public void handleRequest(HttpServerExchange exchange) throws Exception {
+
         KeycloakUndertowAccount account = (KeycloakUndertowAccount)exchange.getSecurityContext().getAuthenticatedAccount();
+
         SingleConstraintMatch match = exchange.getAttachment(ConstraintMatcherHandler.CONSTRAINT_KEY);
         if (match == null || (match.getRequiredRoles().isEmpty() && match.getEmptyRoleSemantic() == SecurityInfo.EmptyRoleSemantic.AUTHENTICATE)) {
             authenticatedRequest(account, exchange);
             return;
         }
+
         if (match != null) {
-            for (String role : match.getRequiredRoles()) {
-                if (account.getRoles().contains(role)) {
-                    authenticatedRequest(account, exchange);
-                    return;
+            if(SecurityInfo.EmptyRoleSemantic.PERMIT_AND_INJECT_IF_AUTHENTICATED.equals(match.getEmptyRoleSemantic())) {
+                authenticatedRequest(account, exchange);
+                return;
+            } else {
+                for (String role : match.getRequiredRoles()) {
+                    if (account.getRoles().contains(role)) {
+                        authenticatedRequest(account, exchange);
+                        return;
+                    }
                 }
             }
         }
+
         if (errorPage != null) {
             exchange.setRequestPath(errorPage);
             exchange.setRelativePath(errorPage);
@@ -61,20 +86,20 @@ public class ConstraintAuthorizationHandler implements HttpHandler {
             IDToken idToken = account.getKeycloakSecurityContext().getToken();
             if (idToken == null) return;
             if (idToken.getSubject() != null) {
-                exchange.getRequestHeaders().put(KEYCLOAK_SUBJECT, idToken.getSubject());
+                exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_SUBJECT), idToken.getSubject());
             }
 
             if (idToken.getPreferredUsername() != null) {
-                exchange.getRequestHeaders().put(KEYCLOAK_USERNAME, idToken.getPreferredUsername());
+                exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_USERNAME), idToken.getPreferredUsername());
             }
             if (idToken.getEmail() != null) {
-                exchange.getRequestHeaders().put(KEYCLOAK_EMAIL, idToken.getEmail());
+                exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_EMAIL), idToken.getEmail());
             }
             if (idToken.getName() != null) {
-                exchange.getRequestHeaders().put(KEYCLOAK_NAME, idToken.getName());
+                exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_NAME), idToken.getName());
             }
             if (sendAccessToken) {
-                exchange.getRequestHeaders().put(KEYCLOAK_ACCESS_TOKEN, account.getKeycloakSecurityContext().getTokenString());
+                exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_ACCESS_TOKEN), account.getKeycloakSecurityContext().getTokenString());
             }
         }
         next.handleRequest(exchange);

proxy/proxy-server/src/main/java/org/keycloak/proxy/ConstraintMatcherHandler.java 37(+35 -2)

diff --git a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ConstraintMatcherHandler.java b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ConstraintMatcherHandler.java
index 998302d..31a187c 100755
--- a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ConstraintMatcherHandler.java
+++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ConstraintMatcherHandler.java
@@ -1,11 +1,12 @@
 package org.keycloak.proxy;
 
-import io.undertow.security.handlers.AuthenticationConstraintHandler;
+import io.undertow.security.api.AuthenticationMechanism;
 import io.undertow.server.HttpHandler;
 import io.undertow.server.HttpServerExchange;
 import io.undertow.util.AttachmentKey;
 import org.jboss.logging.Logger;
-import org.keycloak.KeycloakSecurityContext;
+
+import java.util.List;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -47,10 +48,42 @@ public class ConstraintMatcherHandler implements HttpHandler {
             }
             return;
         }
+
+        if (match.getRequiredRoles().isEmpty()
+                && match.getEmptyRoleSemantic() == SecurityInfo.EmptyRoleSemantic.PERMIT_AND_INJECT_IF_AUTHENTICATED) {
+
+            boolean successfulAuthenticatedMethodFound = isSuccessfulAuthenticatedMethodFound(exchange);
+
+            if(successfulAuthenticatedMethodFound) {
+                //in case of authenticated we go for injecting headers
+                exchange.putAttachment(CONSTRAINT_KEY, match);
+                securedHandler.handleRequest(exchange);
+                return;
+            } else {
+                //in case of not authenticated we just show the resource
+                unsecuredHandler.handleRequest(exchange);
+                return;
+            }
+        }
+
         log.debug("found constraint");
         exchange.getSecurityContext().setAuthenticationRequired();
         exchange.putAttachment(CONSTRAINT_KEY, match);
         securedHandler.handleRequest(exchange);
 
     }
+
+    private boolean isSuccessfulAuthenticatedMethodFound(HttpServerExchange exchange) {
+        boolean successfulAuthenticatedMethodFound = false;
+        List<AuthenticationMechanism> authenticationMechanisms = exchange.getSecurityContext().getAuthenticationMechanisms();
+
+        for (AuthenticationMechanism authenticationMechanism : authenticationMechanisms) {
+            AuthenticationMechanism.AuthenticationMechanismOutcome authenticationMechanismOutcome =
+                    authenticationMechanism.authenticate(exchange, exchange.getSecurityContext());
+            if(authenticationMechanismOutcome.equals(AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED)) {
+                successfulAuthenticatedMethodFound = true;
+            }
+        }
+        return successfulAuthenticatedMethodFound;
+    }
 }

proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java 25(+21 -4)

diff --git a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java
index dd41a05..b211fde 100755
--- a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java
+++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java
@@ -3,10 +3,7 @@ package org.keycloak.proxy;
 import org.codehaus.jackson.annotate.JsonProperty;
 import org.keycloak.representations.adapters.config.AdapterConfig;
 
-import java.util.HashSet;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Set;
+import java.util.*;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -41,6 +38,8 @@ public class ProxyConfig {
     protected boolean sendAccessToken;
     @JsonProperty("applications")
     protected List<Application> applications = new LinkedList<Application>();
+    @JsonProperty("header-names")
+    private Map<String,String> headerNames = new HashMap<>();
 
     public String getBindAddress() {
         return bindAddress;
@@ -154,6 +153,14 @@ public class ProxyConfig {
         this.sendAccessToken = sendAccessToken;
     }
 
+    public void setHeaderNames(Map<String, String> headerNames) {
+        this.headerNames = headerNames;
+    }
+
+    public Map<String, String> getHeaderNames() {
+        return headerNames;
+    }
+
     public static class Application {
         @JsonProperty("base-path")
         protected String basePath;
@@ -212,6 +219,8 @@ public class ProxyConfig {
         protected boolean permit;
         @JsonProperty("authenticate")
         protected boolean authenticate;
+        @JsonProperty("permit-and-inject")
+        protected boolean permitAndInject;
 
         public String getPattern() {
             return pattern;
@@ -253,6 +262,14 @@ public class ProxyConfig {
             this.authenticate = authenticate;
         }
 
+        public boolean isPermitAndInject() {
+            return permitAndInject;
+        }
+
+        public void setPermitAndInject(boolean permitAndInject) {
+            this.permitAndInject = permitAndInject;
+        }
+
         public Set<String> getMethods() {
             return methods;
         }

proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java 22(+17 -5)

diff --git a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
index 1223faf..d689e59 100755
--- a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
+++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
@@ -51,10 +51,7 @@ import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
-import java.util.HashSet;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Set;
+import java.util.*;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -76,6 +73,8 @@ public class ProxyServerBuilder {
     protected HttpHandler proxyHandler;
     protected boolean sendAccessToken;
 
+    protected Map<String, String> headerNameConfig;
+
     public ProxyServerBuilder target(String uri) {
         SimpleProxyClientProvider provider = null;
         try {
@@ -98,6 +97,12 @@ public class ProxyServerBuilder {
         this.sendAccessToken = flag;
         return this;
     }
+
+    public ProxyServerBuilder headerNameConfig(Map<String, String> headerNameConfig) {
+        this.headerNameConfig = headerNameConfig;
+        return this;
+    }
+
     public ApplicationBuilder application(AdapterConfig config) {
         return new ApplicationBuilder(config);
     }
@@ -169,6 +174,11 @@ public class ProxyServerBuilder {
                 return this;
             }
 
+            public ConstraintBuilder injectIfAuthenticated() {
+                semantic = SecurityInfo.EmptyRoleSemantic.PERMIT_AND_INJECT_IF_AUTHENTICATED;
+                return this;
+            }
+
             public ConstraintBuilder excludedMethods(Set<String> excludedMethods) {
                 this.excludedMethods = excludedMethods;
                 return this;
@@ -222,7 +232,7 @@ public class ProxyServerBuilder {
                     errorPage = base + "/" + errorPage;
                 }
             }
-            handler = new ConstraintAuthorizationHandler(handler, errorPage, sendAccessToken);
+            handler = new ConstraintAuthorizationHandler(handler, errorPage, sendAccessToken, headerNameConfig);
             handler = new ProxyAuthenticationCallHandler(handler);
             handler = new ConstraintMatcherHandler(matches, handler, toWrap, errorPage);
             final List<AuthenticationMechanism> mechanisms = new LinkedList<AuthenticationMechanism>();
@@ -373,6 +383,7 @@ public class ProxyServerBuilder {
                     if (constraint.isDeny()) constraintBuilder.deny();
                     if (constraint.isPermit()) constraintBuilder.permit();
                     if (constraint.isAuthenticate()) constraintBuilder.authenticate();
+                    if (constraint.isPermitAndInject()) constraintBuilder.injectIfAuthenticated();
                     constraintBuilder.add();
                 }
             }
@@ -383,6 +394,7 @@ public class ProxyServerBuilder {
 
     public static void initOptions(ProxyConfig config, ProxyServerBuilder builder) {
         builder.sendAccessToken(config.isSendAccessToken());
+        builder.headerNameConfig(config.getHeaderNames());
         if (config.getBufferSize() != null) builder.setBufferSize(config.getBufferSize());
         if (config.getBuffersPerRegion() != null) builder.setBuffersPerRegion(config.getBuffersPerRegion());
         if (config.getIoThreads() != null) builder.setIoThreads(config.getIoThreads());

proxy/proxy-server/src/main/java/org/keycloak/proxy/SecurityInfo.java 6(+5 -1)

diff --git a/proxy/proxy-server/src/main/java/org/keycloak/proxy/SecurityInfo.java b/proxy/proxy-server/src/main/java/org/keycloak/proxy/SecurityInfo.java
index 5d29137..f7f98af 100755
--- a/proxy/proxy-server/src/main/java/org/keycloak/proxy/SecurityInfo.java
+++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/SecurityInfo.java
@@ -46,8 +46,12 @@ public class SecurityInfo<T extends SecurityInfo> implements Cloneable {
         /**
          * Mandate authentication but authorize access as no roles to check against.
          */
-        AUTHENTICATE;
+        AUTHENTICATE,
 
+        /**
+         * Permit access in any case, but provide authorization info only if authorized.
+         */
+        PERMIT_AND_INJECT_IF_AUTHENTICATED;
     }
 
     private volatile EmptyRoleSemantic emptyRoleSemantic = EmptyRoleSemantic.DENY;

saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java 14(+7 -7)

diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
index dbbde29..246e115 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
@@ -129,9 +129,9 @@ public class SamlService {
             SAMLDocumentHolder holder = extractResponseDocument(samlResponse);
             StatusResponseType statusResponse = (StatusResponseType) holder.getSamlObject();
             // validate destination
-            if (!uriInfo.getAbsolutePath().toString().equals(statusResponse.getDestination())) {
-                event.error(Errors.INVALID_SAML_LOGOUT_RESPONSE);
+            if (statusResponse.getDestination() != null && !uriInfo.getAbsolutePath().toString().equals(statusResponse.getDestination())) {
                 event.detail(Details.REASON, "invalid_destination");
+                event.error(Errors.INVALID_SAML_LOGOUT_RESPONSE);
                 return ErrorPage.error(session, Messages.INVALID_REQUEST);
             }
 
@@ -231,9 +231,9 @@ public class SamlService {
 
         protected Response loginRequest(String relayState, AuthnRequestType requestAbstractType, ClientModel client) {
             // validate destination
-            if (!uriInfo.getAbsolutePath().equals(requestAbstractType.getDestination())) {
-                event.error(Errors.INVALID_SAML_AUTHN_REQUEST);
+            if (requestAbstractType.getDestination() != null && !uriInfo.getAbsolutePath().equals(requestAbstractType.getDestination())) {
                 event.detail(Details.REASON, "invalid_destination");
+                event.error(Errors.INVALID_SAML_AUTHN_REQUEST);
                 return ErrorPage.error(session, Messages.INVALID_REQUEST);
             }
             String bindingType = getBindingType(requestAbstractType);
@@ -278,8 +278,8 @@ public class SamlService {
                 if (isSupportedNameIdFormat(nameIdFormat)) {
                     clientSession.setNote(GeneralConstants.NAMEID_FORMAT, nameIdFormat);
                 } else {
-                    event.error(Errors.INVALID_SAML_AUTHN_REQUEST);
                     event.detail(Details.REASON, "unsupported_nameid_format");
+                    event.error(Errors.INVALID_SAML_AUTHN_REQUEST);
                     return ErrorPage.error(session, Messages.UNSUPPORTED_NAME_ID_FORMAT);
                 }
             }
@@ -368,9 +368,9 @@ public class SamlService {
 
         protected Response logoutRequest(LogoutRequestType logoutRequest, ClientModel client, String relayState) {
             // validate destination
-            if (!uriInfo.getAbsolutePath().equals(logoutRequest.getDestination())) {
-                event.error(Errors.INVALID_SAML_LOGOUT_REQUEST);
+            if (logoutRequest.getDestination() != null && !uriInfo.getAbsolutePath().equals(logoutRequest.getDestination())) {
                 event.detail(Details.REASON, "invalid_destination");
+                event.error(Errors.INVALID_SAML_LOGOUT_REQUEST);
                 return ErrorPage.error(session, Messages.INVALID_REQUEST);
             }

services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java 18(+9 -9)

diff --git a/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java b/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
index 2bc6e61..36fcf35 100755
--- a/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
+++ b/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
@@ -401,7 +401,7 @@ public class AuthenticationProcessor {
         boolean alternativeSuccessful = false;
         for (AuthenticationExecutionModel model : executions) {
             if (isProcessed(model)) {
-                logger.info("execution is processed");
+                logger.debug("execution is processed");
                 if (!alternativeSuccessful && model.isAlternative() && isSuccessful(model)) alternativeSuccessful = true;
                 continue;
             }
@@ -425,7 +425,7 @@ public class AuthenticationProcessor {
             AuthenticatorModel authenticatorModel = realm.getAuthenticatorById(model.getAuthenticator());
             AuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticatorModel.getProviderId());
             Authenticator authenticator = factory.create(authenticatorModel);
-            logger.info("authenticator: " + authenticatorModel.getProviderId());
+            logger.debugv("authenticator: {0}", authenticatorModel.getProviderId());
             UserModel authUser = clientSession.getAuthenticatedUser();
 
             if (authenticator.requiresUser() && authUser == null){
@@ -441,7 +441,7 @@ public class AuthenticationProcessor {
                 if (!configuredFor) {
                     if (model.isRequired()) {
                         if (model.isUserSetupAllowed()) {
-                            logger.info("authenticator SETUP_REQUIRED: " + authenticatorModel.getProviderId());
+                            logger.debugv("authenticator SETUP_REQUIRED: {0}", authenticatorModel.getProviderId());
                             clientSession.setAuthenticatorStatus(model.getId(), UserSessionModel.AuthenticatorStatus.SETUP_REQUIRED);
                             String requiredAction = authenticator.getRequiredAction();
                             if (!authUser.getRequiredActions().contains(requiredAction)) {
@@ -461,18 +461,18 @@ public class AuthenticationProcessor {
             authenticator.authenticate(context);
             Status result = context.getStatus();
             if (result == Status.SUCCESS){
-                logger.info("authenticator SUCCESS: " + authenticatorModel.getProviderId());
+                logger.debugv("authenticator SUCCESS: {0}", authenticatorModel.getProviderId());
                 clientSession.setAuthenticatorStatus(model.getId(), UserSessionModel.AuthenticatorStatus.SUCCESS);
                 if (model.isAlternative()) alternativeSuccessful = true;
                 continue;
             } else if (result == Status.FAILED) {
-                logger.info("authenticator FAILED: " + authenticatorModel.getProviderId());
+                logger.debugv("authenticator FAILED: {0}", authenticatorModel.getProviderId());
                 logUserFailure();
                 clientSession.setAuthenticatorStatus(model.getId(), UserSessionModel.AuthenticatorStatus.FAILED);
                 if (context.challenge != null) return context.challenge;
                 throw new AuthException(context.error);
             } else if (result == Status.CHALLENGE) {
-                logger.info("authenticator CHALLENGE: " + authenticatorModel.getProviderId());
+                logger.debugv("authenticator CHALLENGE: {0}", authenticatorModel.getProviderId());
                 if (model.isRequired() || (model.isOptional() && configuredFor)) {
                     clientSession.setAuthenticatorStatus(model.getId(), UserSessionModel.AuthenticatorStatus.CHALLENGED);
                     return context.challenge;
@@ -485,19 +485,19 @@ public class AuthenticationProcessor {
                 }
                 continue;
             } else if (result == Status.FAILURE_CHALLENGE) {
-                logger.info("authenticator FAILURE_CHALLENGE: " + authenticatorModel.getProviderId());
+                logger.debugv("authenticator FAILURE_CHALLENGE: {0}", authenticatorModel.getProviderId());
                 logUserFailure();
                 clientSession.setAuthenticatorStatus(model.getId(), UserSessionModel.AuthenticatorStatus.CHALLENGED);
                 return context.challenge;
             } else if (result == Status.ATTEMPTED) {
-                logger.info("authenticator ATTEMPTED: " + authenticatorModel.getProviderId());
+                logger.debugv("authenticator ATTEMPTED: {0}", authenticatorModel.getProviderId());
                 if (model.getRequirement() == AuthenticationExecutionModel.Requirement.REQUIRED) {
                     throw new AuthException(Error.INVALID_CREDENTIALS);
                 }
                 clientSession.setAuthenticatorStatus(model.getId(), UserSessionModel.AuthenticatorStatus.ATTEMPTED);
                 continue;
             } else {
-                logger.info("authenticator INTERNAL_ERROR: " + authenticatorModel.getProviderId());
+                logger.debugv("authenticator INTERNAL_ERROR: {0}", authenticatorModel.getProviderId());
                 logger.error("Unknown result status");
                 throw new AuthException(Error.INTERNAL_ERROR);
             }

services/src/main/java/org/keycloak/authentication/AuthenticatorSpi.java 2(+1 -1)

diff --git a/services/src/main/java/org/keycloak/authentication/AuthenticatorSpi.java b/services/src/main/java/org/keycloak/authentication/AuthenticatorSpi.java
index 684d074..81b0373 100755
--- a/services/src/main/java/org/keycloak/authentication/AuthenticatorSpi.java
+++ b/services/src/main/java/org/keycloak/authentication/AuthenticatorSpi.java
@@ -11,7 +11,7 @@ import org.keycloak.provider.Spi;
 public class AuthenticatorSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return false;
     }

services/src/main/java/org/keycloak/exportimport/ClientImportSpi.java 2(+1 -1)

diff --git a/services/src/main/java/org/keycloak/exportimport/ClientImportSpi.java b/services/src/main/java/org/keycloak/exportimport/ClientImportSpi.java
index e59a45a..47a777e 100755
--- a/services/src/main/java/org/keycloak/exportimport/ClientImportSpi.java
+++ b/services/src/main/java/org/keycloak/exportimport/ClientImportSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class ClientImportSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

services/src/main/java/org/keycloak/messages/MessagesSpi.java 2(+1 -1)

diff --git a/services/src/main/java/org/keycloak/messages/MessagesSpi.java b/services/src/main/java/org/keycloak/messages/MessagesSpi.java
index 6e82006..dd8b266 100644
--- a/services/src/main/java/org/keycloak/messages/MessagesSpi.java
+++ b/services/src/main/java/org/keycloak/messages/MessagesSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class MessagesSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

services/src/main/java/org/keycloak/protocol/LoginProtocolSpi.java 2(+1 -1)

diff --git a/services/src/main/java/org/keycloak/protocol/LoginProtocolSpi.java b/services/src/main/java/org/keycloak/protocol/LoginProtocolSpi.java
index 6ac5496..2b594de 100755
--- a/services/src/main/java/org/keycloak/protocol/LoginProtocolSpi.java
+++ b/services/src/main/java/org/keycloak/protocol/LoginProtocolSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class LoginProtocolSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java 57(+44 -13)

diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
index ffbc6a7..53c74c9 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
@@ -37,6 +37,7 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriInfo;
+import java.util.List;
 import java.util.Map;
 
 /**
@@ -227,16 +228,7 @@ public class TokenEndpoint {
             throw new ErrorResponseException("invalid_grant", "Session not active", Response.Status.BAD_REQUEST);
         }
 
-        String adapterSessionId = formParams.getFirst(AdapterConstants.CLIENT_SESSION_STATE);
-        if (adapterSessionId != null) {
-            String adapterSessionHost = formParams.getFirst(AdapterConstants.CLIENT_SESSION_HOST);
-            logger.debugf("Adapter Session '%s' saved in ClientSession for client '%s'. Host is '%s'", adapterSessionId, client.getClientId(), adapterSessionHost);
-
-            event.detail(AdapterConstants.CLIENT_SESSION_STATE, adapterSessionId);
-            clientSession.setNote(AdapterConstants.CLIENT_SESSION_STATE, adapterSessionId);
-            event.detail(AdapterConstants.CLIENT_SESSION_HOST, adapterSessionHost);
-            clientSession.setNote(AdapterConstants.CLIENT_SESSION_HOST, adapterSessionHost);
-        }
+        updateClientSession(clientSession);
 
         AccessToken token = tokenManager.createClientAccessToken(session, accessCode.getRequestedRoles(), realm, client, user, userSession, clientSession);
 
@@ -259,6 +251,10 @@ public class TokenEndpoint {
         AccessTokenResponse res;
         try {
             res = tokenManager.refreshAccessToken(session, uriInfo, clientConnection, realm, client, refreshToken, event, headers);
+
+            UserSessionModel userSession = session.sessions().getUserSession(realm, res.getSessionState());
+            updateClientSessions(userSession.getClientSessions());
+
         } catch (OAuthErrorException e) {
             event.error(Errors.INVALID_TOKEN);
             throw new ErrorResponseException(e.getError(), e.getDescription(), Response.Status.BAD_REQUEST);
@@ -269,11 +265,46 @@ public class TokenEndpoint {
         return Cors.add(request, Response.ok(res, MediaType.APPLICATION_JSON_TYPE)).auth().allowedOrigins(client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
     }
 
-    public Response buildResourceOwnerPasswordCredentialsGrant() {
-        if (!realm.isPasswordCredentialGrantAllowed()) {
-            throw new ErrorResponseException("not_enabled", "Direct Grant REST API not enabled", Response.Status.FORBIDDEN);
+    private void updateClientSession(ClientSessionModel clientSession) {
+
+        if(clientSession == null) {
+            logger.error("client session is null");
+            return;
+        }
+
+        String adapterSessionId = formParams.getFirst(AdapterConstants.CLIENT_SESSION_STATE);
+        if (adapterSessionId != null) {
+            String adapterSessionHost = formParams.getFirst(AdapterConstants.CLIENT_SESSION_HOST);
+            logger.debugf("Adapter Session '%s' saved in ClientSession for client '%s'. Host is '%s'", adapterSessionId, client.getClientId(), adapterSessionHost);
+
+            event.detail(AdapterConstants.CLIENT_SESSION_STATE, adapterSessionId);
+            clientSession.setNote(AdapterConstants.CLIENT_SESSION_STATE, adapterSessionId);
+            event.detail(AdapterConstants.CLIENT_SESSION_HOST, adapterSessionHost);
+            clientSession.setNote(AdapterConstants.CLIENT_SESSION_HOST, adapterSessionHost);
         }
+    }
 
+    private void updateClientSessions(List<ClientSessionModel> clientSessions) {
+        if(clientSessions == null) {
+            logger.error("client sessions is null");
+            return;
+        }
+        for (ClientSessionModel clientSession : clientSessions) {
+            if(clientSession == null) {
+                logger.error("client session is null");
+                continue;
+            }
+            if(clientSession.getClient() == null) {
+                logger.error("client model in client session is null");
+                continue;
+            }
+            if(client.getId().equals(clientSession.getClient().getId())) {
+                updateClientSession(clientSession);
+            }
+        }
+    }
+
+    public Response buildResourceOwnerPasswordCredentialsGrant() {
         event.detail(Details.AUTH_METHOD, "oauth_credentials").detail(Details.RESPONSE_TYPE, "token");
 
         String username = formParams.getFirst(AuthenticationManager.FORM_USERNAME);

services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java 11(+2 -9)

diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java b/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java
index 80aee4a..afd2a8a 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java
@@ -20,7 +20,7 @@ public class OIDCWellKnownProvider implements WellKnownProvider {
 
     public static final List<String> DEFAULT_ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED = list("RS256");
 
-    public static final List<String> DEFAULT_GRANT_TYPES_SUPPORTED = list(OAuth2Constants.AUTHORIZATION_CODE, OAuth2Constants.REFRESH_TOKEN);
+    public static final List<String> DEFAULT_GRANT_TYPES_SUPPORTED = list(OAuth2Constants.AUTHORIZATION_CODE, OAuth2Constants.REFRESH_TOKEN, OAuth2Constants.PASSWORD);
 
     public static final List<String> DEFAULT_RESPONSE_TYPES_SUPPORTED = list(OAuth2Constants.CODE);
 
@@ -53,14 +53,7 @@ public class OIDCWellKnownProvider implements WellKnownProvider {
         config.setResponseTypesSupported(DEFAULT_RESPONSE_TYPES_SUPPORTED);
         config.setSubjectTypesSupported(DEFAULT_SUBJECT_TYPES_SUPPORTED);
         config.setResponseModesSupported(DEFAULT_RESPONSE_MODES_SUPPORTED);
-
-        if (!realm.isPasswordCredentialGrantAllowed()) {
-            config.setGrantTypesSupported(DEFAULT_GRANT_TYPES_SUPPORTED);
-        } else {
-            List<String> grantTypes = new LinkedList<>(DEFAULT_GRANT_TYPES_SUPPORTED);
-            grantTypes.add(OAuth2Constants.PASSWORD);
-            config.setGrantTypesSupported(grantTypes);
-        }
+        config.setGrantTypesSupported(DEFAULT_GRANT_TYPES_SUPPORTED);
 
         return config;
     }

services/src/main/java/org/keycloak/protocol/ProtocolMapperSpi.java 4(+2 -2)

diff --git a/services/src/main/java/org/keycloak/protocol/ProtocolMapperSpi.java b/services/src/main/java/org/keycloak/protocol/ProtocolMapperSpi.java
index 1b98e07..f08e7dd 100755
--- a/services/src/main/java/org/keycloak/protocol/ProtocolMapperSpi.java
+++ b/services/src/main/java/org/keycloak/protocol/ProtocolMapperSpi.java
@@ -10,8 +10,8 @@ import org.keycloak.provider.Spi;
 public class ProtocolMapperSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
-        return false;
+    public boolean isInternal() {
+        return true;
     }
 
     @Override

services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java 14(+12 -2)

diff --git a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java
index 89146fc..b91858a 100755
--- a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java
+++ b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java
@@ -4,8 +4,6 @@ import org.jboss.logging.Logger;
 import org.keycloak.Config;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.RealmProvider;
 import org.keycloak.provider.Provider;
 import org.keycloak.provider.ProviderEvent;
 import org.keycloak.provider.ProviderEventListener;
@@ -66,6 +64,10 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
                 Config.Scope scope = Config.scope(spi.getName(), provider);
                 factory.init(scope);
 
+                if (spi.isInternal() && !isInternal(factory)) {
+                    log.warnv("{0} ({1}) is implementing the internal SPI {2}. This SPI is internal and may change without notice", factory.getId(), factory.getClass().getName(), spi.getName());
+                }
+
                 factories.put(factory.getId(), factory);
 
                 log.debugv("Loaded SPI {0} (provider = {1})", spi.getName(), provider);
@@ -74,6 +76,10 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
                     Config.Scope scope = Config.scope(spi.getName(), factory.getId());
                     factory.init(scope);
 
+                    if (spi.isInternal() && !isInternal(factory)) {
+                        log.warnv("{0} ({1}) is implementing the internal SPI {2}. This SPI is internal and may change without notice", factory.getId(), factory.getClass().getName(), spi.getName());
+                    }
+
                     factories.put(factory.getId(), factory);
                 }
 
@@ -138,4 +144,8 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
         }
     }
 
+    private boolean isInternal(ProviderFactory<?> factory) {
+        return factory.getClass().getPackage().getName().startsWith("org.keycloak");
+    }
+
 }

services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java 4(+2 -2)

diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index 0cfca7a..6b12a43 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -453,8 +453,8 @@ public class AuthenticationManager {
         if (!requiredActions.isEmpty()) {
             Iterator<String> i = user.getRequiredActions().iterator();
             String action = i.next();
-
-            if (action.equals(UserModel.RequiredAction.VERIFY_EMAIL.name()) && Validation.isEmpty(user.getEmail())) {
+            
+            if (action.equals(UserModel.RequiredAction.VERIFY_EMAIL.name()) && Validation.isBlank(user.getEmail())) {
                 if (i.hasNext())
                     action = i.next();
                 else

services/src/main/java/org/keycloak/services/resources/AccountService.java 28(+21 -7)

diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java
index 026c877..697a28f 100755
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@@ -35,23 +35,35 @@ import org.keycloak.events.EventBuilder;
 import org.keycloak.events.EventStoreProvider;
 import org.keycloak.events.EventType;
 import org.keycloak.login.LoginFormsProvider;
-import org.keycloak.models.*;
+import org.keycloak.models.AccountRoles;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.ClientSessionModel;
+import org.keycloak.models.Constants;
+import org.keycloak.models.FederatedIdentityModel;
+import org.keycloak.models.IdentityProviderModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.ModelException;
+import org.keycloak.models.ModelReadOnlyException;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserCredentialModel;
+import org.keycloak.models.UserCredentialValueModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.UserSessionModel;
 import org.keycloak.models.utils.FormMessage;
 import org.keycloak.models.utils.ModelToRepresentation;
 import org.keycloak.models.utils.TimeBasedOTP;
 import org.keycloak.protocol.oidc.OIDCLoginProtocol;
 import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
-import org.keycloak.protocol.oidc.TokenManager;
 import org.keycloak.protocol.oidc.utils.RedirectUtils;
 import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.services.ForbiddenException;
+import org.keycloak.services.Urls;
 import org.keycloak.services.managers.AppAuthManager;
 import org.keycloak.services.managers.Auth;
 import org.keycloak.services.managers.AuthenticationManager;
 import org.keycloak.services.managers.ClientSessionCode;
 import org.keycloak.services.messages.Messages;
-import org.keycloak.services.Urls;
 import org.keycloak.services.util.CookieHelper;
 import org.keycloak.services.util.ResolveRelative;
 import org.keycloak.services.validation.Validation;
@@ -73,7 +85,6 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
 import javax.ws.rs.core.Variant;
-
 import java.lang.reflect.Method;
 import java.net.URI;
 import java.util.HashSet;
@@ -414,13 +425,16 @@ public class AccountService {
 
         UserModel user = auth.getUser();
 
-        List<FormMessage> errors = Validation.validateUpdateProfileForm(formData);
+        List<FormMessage> errors = Validation.validateUpdateProfileForm(realm, formData);
         if (errors != null && !errors.isEmpty()) {
             setReferrerOnPage();
             return account.setErrors(errors).setProfileFormData(formData).createResponse(AccountPages.ACCOUNT);
         }
 
         try {
+            if (realm.isEditUsernameAllowed()) {
+                user.setUsername(formData.getFirst("username"));
+            }
             user.setFirstName(formData.getFirst("firstName"));
             user.setLastName(formData.getFirst("lastName"));
 
@@ -566,7 +580,7 @@ public class AccountService {
         String totp = formData.getFirst("totp");
         String totpSecret = formData.getFirst("totpSecret");
 
-        if (Validation.isEmpty(totp)) {
+        if (Validation.isBlank(totp)) {
             setReferrerOnPage();
             return account.setError(Messages.MISSING_TOTP).createResponse(AccountPages.TOTP);
         } else if (!new TimeBasedOTP().validate(totp, totpSecret.getBytes())) {
@@ -626,7 +640,7 @@ public class AccountService {
         String passwordConfirm = formData.getFirst("password-confirm");
 
         if (requireCurrent) {
-            if (Validation.isEmpty(password)) {
+            if (Validation.isBlank(password)) {
                 setReferrerOnPage();
                 return account.setError(Messages.MISSING_PASSWORD).createResponse(AccountPages.PASSWORD);
             }

services/src/main/java/org/keycloak/services/resources/admin/AdminEventBuilder.java 14(+1 -13)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminEventBuilder.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminEventBuilder.java
index b9d2036..bc2bcc1 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/AdminEventBuilder.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminEventBuilder.java
@@ -154,19 +154,7 @@ public class AdminEventBuilder {
         sb.append("/");
         String realmRelative = sb.toString();
 
-        path = path.substring(path.indexOf(realmRelative) + realmRelative.length());
-
-        if (path.contains("clients-by-id")) {
-            path = path.replaceAll("clients-by-id", "clients");
-        } else if (path.contains("roles-by-id")) {
-            path = path.replaceAll("roles-by-id", "roles");
-        } else if (path.contains("role-mappings/realm")) {
-            path = path.replaceFirst("role-mappings/realm", "role-mappings");
-        } else if (path.contains("role-mappings/clients")) {
-            path = path.replaceFirst("role-mappings/clients", "role-mappings");
-        }
-
-        return path;
+        return path.substring(path.indexOf(realmRelative) + realmRelative.length());
     }
 
     public void error(String error) {

services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java 23(+9 -14)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
index c899fdf..5d7c703 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
@@ -96,35 +96,30 @@ public class ClientsResource {
             
             adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success();
             
-            return Response.created(uriInfo.getAbsolutePathBuilder().path(getClientPath(clientModel)).build()).build();
+            return Response.created(uriInfo.getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
         } catch (ModelDuplicateException e) {
             return ErrorResponse.exists("Client " + rep.getClientId() + " already exists");
         }
     }
 
-    protected String getClientPath(ClientModel clientModel) {
-        return clientModel.getClientId();
-    }
-
     /**
      * Base path for managing a specific client.
      *
-     * @param name
+     * @param id id of client (not client-id)
      * @return
      */
-    @Path("{app-name}")
-    public ClientResource getClient(final @PathParam("app-name") String name) {
-        ClientModel clientModel = getClientByPathParam(name);
+    @Path("{id}")
+    public ClientResource getClient(final @PathParam("id") String id) {
+        ClientModel clientModel = realm.getClientById(id);
         if (clientModel == null) {
-            throw new NotFoundException("Could not find client: " + name);
+            throw new NotFoundException("Could not find client: " + id);
         }
+
+        session.getContext().setClient(clientModel);
+
         ClientResource clientResource = new ClientResource(realm, auth, clientModel, session, adminEvent);
         ResteasyProviderFactory.getInstance().injectProperties(clientResource);
         return clientResource;
     }
 
-    protected ClientModel getClientByPathParam(String name) {
-        return realm.getClientByClientId(name);
-    }
-
 }

services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java 85(+43 -42)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
index e2899fe..b27ce49 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
@@ -35,6 +35,7 @@ import org.keycloak.services.managers.UsersSyncManager;
 import org.keycloak.services.ErrorResponse;
 import org.keycloak.timer.TimerProvider;
 
+import javax.ws.rs.BadRequestException;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
@@ -50,6 +51,10 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriInfo;
 
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
@@ -114,18 +119,6 @@ public class RealmAdminResource {
     }
 
     /**
-     * Base path for managing clients under this realm.
-     *
-     * @return
-     */
-    @Path("clients-by-id")
-    public ClientsByIdResource getClientsById() {
-        ClientsByIdResource clientsResource = new ClientsByIdResource(realm, auth, adminEvent);
-        ResteasyProviderFactory.getInstance().injectProperties(clientsResource);
-        return clientsResource;
-    }
-
-    /**
      * base path for managing realm-level roles of this realm
      *
      * @return
@@ -297,38 +290,16 @@ public class RealmAdminResource {
     }
 
     /**
-     * Returns a JSON map.  The key is the client name, the value is the number of sessions that currently are active
-     * with that client.  Only client's that actually have a session associated with them will be in this map.
-     *
-     * @return
-     */
-    @Path("client-session-stats")
-    @GET
-    @NoCache
-    @Produces(MediaType.APPLICATION_JSON)
-    @Deprecated
-    public Map<String, Integer> getClientSessionStats() {
-        auth.requireView();
-        Map<String, Integer> stats = new HashMap<String, Integer>();
-        for (ClientModel client : realm.getClients()) {
-            int size = session.sessions().getActiveUserSessions(client.getRealm(), client);
-            if (size == 0) continue;
-            stats.put(client.getClientId(), size);
-        }
-        return stats;
-    }
-
-    /**
      * Returns a JSON map.  The key is the client id, the value is the number of sessions that currently are active
      * with that client.  Only client's that actually have a session associated with them will be in this map.
      *
      * @return
      */
-    @Path("client-by-id-session-stats")
+    @Path("client-session-stats")
     @GET
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
-    public List<Map<String, String>> getClientByIdSessionStats() {
+    public List<Map<String, String>> getClientSessionStats() {
         auth.requireView();
         List<Map<String, String>> data = new LinkedList<Map<String, String>>();
         for (ClientModel client : realm.getClients()) {
@@ -416,10 +387,25 @@ public class RealmAdminResource {
         }
         
         if(dateFrom != null) {
-            query.fromDate(dateFrom);
+            SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
+            Date from = null;
+            try {
+                from = df.parse(dateFrom);
+            } catch (ParseException e) {
+                throw new BadRequestException("Invalid value for 'Date(From)', expected format is yyyy-MM-dd");
+            }
+            query.fromDate(from);
         }
+        
         if(dateTo != null) {
-            query.toDate(dateTo);
+            SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
+            Date to = null;
+            try {
+                to = df.parse(dateTo);
+            } catch (ParseException e) {
+                throw new BadRequestException("Invalid value for 'Date(To)', expected format is yyyy-MM-dd");
+            }
+            query.toDate(to);
         }
 
         if (ipAddress != null) {
@@ -438,8 +424,8 @@ public class RealmAdminResource {
     /**
      * Query admin events.  Returns all admin events, or will query based on URL query parameters listed here
      *
-     * @param client app or oauth client name
-     * @param operationTypes operation type
+     * @param authRealm
+     * @param authClient
      * @param authUser user id
      * @param authIpAddress
      * @param resourcePath
@@ -494,10 +480,25 @@ public class RealmAdminResource {
         }
         
         if(dateFrom != null) {
-            query.fromTime(dateFrom);
+            SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
+            Date from = null;
+            try {
+                from = df.parse(dateFrom);
+            } catch (ParseException e) {
+                throw new BadRequestException("Invalid value for 'Date(From)', expected format is yyyy-MM-dd");
+            }
+            query.fromTime(from);
         }
+        
         if(dateTo != null) {
-            query.toTime(dateTo);
+            SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
+            Date to = null;
+            try {
+                to = df.parse(dateTo);
+            } catch (ParseException e) {
+                throw new BadRequestException("Invalid value for 'Date(To)', expected format is yyyy-MM-dd");
+            }
+            query.toTime(to);
         }
 
         if (firstResult != null) {

services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java 3(+2 -1)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
index fbe401c..2d14b4b 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
@@ -227,7 +227,8 @@ public class RealmsAdminResource {
         }
         
         AdminEventBuilder adminEvent = new AdminEventBuilder(realm, auth, session, clientConnection);
-        
+        session.getContext().setRealm(realm);
+
         RealmAdminResource adminResource = new RealmAdminResource(realmAuth, realm, tokenManager, adminEvent);
         ResteasyProviderFactory.getInstance().injectProperties(adminResource);
         //resourceContext.initResource(adminResource);

services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java 35(+17 -18)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
index 2f912f5..c138a46 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
@@ -170,46 +170,45 @@ public class RoleByIdResource extends RoleResource {
      * Return a set of client-level roles for a specific client that are in the role's composite
      *
      * @param id
-     * @param appName
+     * @param client
      * @return
      */
-    @Path("{role-id}/composites/clients/{app}")
+    @Path("{role-id}/composites/clients/{client}")
     @GET
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
     public Set<RoleRepresentation> getClientRoleComposites(final @PathParam("role-id") String id,
-                                                                final @PathParam("app") String appName) {
+                                                                final @PathParam("client") String client) {
         RoleModel role = getRoleModel(id);
         auth.requireView();
-        ClientModel app = realm.getClientByClientId(appName);
-        if (app == null) {
-            throw new NotFoundException("Could not find client: " + appName);
-
+        ClientModel clientModel = realm.getClientById(client);
+        if (clientModel == null) {
+            throw new NotFoundException("Could not find client: " + client);
         }
-        return getClientRoleComposites(app, role);
+        return getClientRoleComposites(clientModel, role);
     }
 
     /**
      * Return a set of client-level roles for a specific client that are in the role's composite
      *
-     * @param id
-     * @param appId
+     * @param role
+     * @param client
      * @return
      */
-    @Path("{role-id}/composites/clients-by-id/{appId}")
+    @Path("{role}/composites/clients/{client}")
     @GET
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
-    public Set<RoleRepresentation> getClientByIdRoleComposites(final @PathParam("role-id") String id,
-                                                                final @PathParam("appId") String appId) {
-        RoleModel role = getRoleModel(id);
+    public Set<RoleRepresentation> getClientByIdRoleComposites(final @PathParam("role-id") String role,
+                                                                final @PathParam("client") String client) {
+        RoleModel roleModel = getRoleModel(role);
         auth.requireView();
-        ClientModel app = realm.getClientById(appId);
-        if (app == null) {
-            throw new NotFoundException("Could not find client: " + appId);
+        ClientModel clientModel = realm.getClientById(client);
+        if (clientModel == null) {
+            throw new NotFoundException("Could not find client: " + client);
 
         }
-        return getClientRoleComposites(app, role);
+        return getClientRoleComposites(clientModel, roleModel);
     }
 
     /**

services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java 43(+7 -36)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
index 111942d..2b225b6 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
@@ -223,60 +223,31 @@ public class RoleContainerResource extends RoleResource {
     }
 
     /**
-     * An client-level roles for a specific client for this role's composite
-     *
-     * @param roleName role's name (not id!)
-     * @param clientId
-     * @return
-     */
-    @Path("{role-name}/composites/client/{clientId}")
-    @GET
-    @NoCache
-    @Produces(MediaType.APPLICATION_JSON)
-    public Set<RoleRepresentation> getClientRoleComposites(
-                                                           final @PathParam("role-name") String roleName,
-                                                           final @PathParam("clientId") String clientId) {
-        auth.requireManage();
-
-        RoleModel role = roleContainer.getRole(roleName);
-        if (role == null) {
-            throw new NotFoundException("Could not find role: " + roleName);
-        }
-        ClientModel app = realm.getClientByClientId(clientId);
-        if (app == null) {
-            throw new NotFoundException("Could not find client: " + clientId);
-
-        }
-        return getClientRoleComposites(app, role);
-    }
-
-
-    /**
      * An app-level roles for a specific app for this role's composite
      *
      * @param roleName role's name (not id!)
-     * @param id
+     * @param client
      * @return
      */
-    @Path("{role-name}/composites/client-by-id/{id}")
+    @Path("{role-name}/composites/clients/{client}")
     @GET
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
-    public Set<RoleRepresentation> getClientByIdRoleComposites(@Context final UriInfo uriInfo,
+    public Set<RoleRepresentation> getClientRoleComposites(@Context final UriInfo uriInfo,
                                                                 final @PathParam("role-name") String roleName,
-                                                                final @PathParam("id") String id) {
+                                                                final @PathParam("client") String client) {
         auth.requireManage();
 
         RoleModel role = roleContainer.getRole(roleName);
         if (role == null) {
             throw new NotFoundException("Could not find role: " + roleName);
         }
-        ClientModel client = realm.getClientById(id);
+        ClientModel clientModel = realm.getClientById(client);
         if (client == null) {
-            throw new NotFoundException("Could not find client: " + id);
+            throw new NotFoundException("Could not find client: " + client);
 
         }
-        return getClientRoleComposites(client, role);
+        return getClientRoleComposites(clientModel, role);
     }

services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java 21(+5 -16)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
index 587114d..d443a43 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
@@ -215,23 +215,12 @@ public class ScopeMappedResource {
 
     }
 
-    @Path("clients/{clientId}")
-    public ScopeMappedClientResource getClientScopeMappings(@PathParam("clientId") String clientId) {
-        ClientModel app = realm.getClientByClientId(clientId);
-
-        if (app == null) {
-            throw new NotFoundException("Role not found");
-        }
-        return new ScopeMappedClientResource(realm, auth, client, session, app, adminEvent);
-    }
-
-    @Path("clients-by-id/{id}")
-    public ScopeMappedClientResource getClientByIdScopeMappings(@PathParam("id") String id) {
-        ClientModel app = realm.getClientById(id);
-
-        if (app == null) {
+    @Path("clients/{client}")
+    public ScopeMappedClientResource getClientByIdScopeMappings(@PathParam("client") String client) {
+        ClientModel clientModel = realm.getClientById(client);
+        if (clientModel == null) {
             throw new NotFoundException("Client not found");
         }
-        return new ScopeMappedClientResource(realm, auth, client, session, app, adminEvent);
+        return new ScopeMappedClientResource(realm, auth, this.client, session, clientModel, adminEvent);
     }
 }

services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java 42(+38 -4)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java
index 4e0d8f9..4f1c225 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java
@@ -69,9 +69,13 @@ public class ServerInfoAdminResource {
     }
 
     private void setProviders(ServerInfoRepresentation info) {
-        Map<String, Set<String>> providers = new HashMap<String, Set<String>>();
+        List<SpiInfoRepresentation> providers = new LinkedList<>();
         for (Spi spi : ServiceLoader.load(Spi.class)) {
-            providers.put(spi.getName(), session.listProviderIds(spi.getProviderClass()));
+            SpiInfoRepresentation spiRep = new SpiInfoRepresentation();
+            spiRep.setName(spi.getName());
+            spiRep.setInternal(spi.isInternal());
+            spiRep.setImplementations(session.listProviderIds(spi.getProviderClass()));
+            providers.add(spiRep);
         }
         info.providers = providers;
     }
@@ -197,7 +201,7 @@ public class ServerInfoAdminResource {
         private List<String> protocols;
         private List<Map<String, String>> clientImporters;
 
-        private Map<String, Set<String>> providers;
+        private List<SpiInfoRepresentation> providers;
 
         private List<String> eventListeners;
         private Map<String, List<ProtocolMapperTypeRepresentation>> protocolMapperTypes;
@@ -240,7 +244,7 @@ public class ServerInfoAdminResource {
             return clientImporters;
         }
 
-        public Map<String, Set<String>> getProviders() {
+        public List<SpiInfoRepresentation> getProviders() {
             return providers;
         }
 
@@ -265,6 +269,36 @@ public class ServerInfoAdminResource {
         }
     }
 
+    public static class SpiInfoRepresentation {
+        private String name;
+        private boolean internal;
+        private Set<String> implementations;
+
+        public String getName() {
+            return name;
+        }
+
+        public void setName(String name) {
+            this.name = name;
+        }
+
+        public boolean isInternal() {
+            return internal;
+        }
+
+        public void setInternal(boolean internal) {
+            this.internal = internal;
+        }
+
+        public Set<String> getImplementations() {
+            return implementations;
+        }
+
+        public void setImplementations(Set<String> implementations) {
+            this.implementations = implementations;
+        }
+    }
+
     private static Map<String, List<String>> createEnumsMap(Class... enums) {
         Map<String, List<String>> m = new HashMap<>();
         for (Class e : enums) {

services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java 24(+23 -1)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java
index e5deb3d..67d9230 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java
@@ -1,5 +1,7 @@
 package org.keycloak.services.resources.admin;
 
+import java.util.Collections;
+import java.util.Comparator;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
@@ -171,7 +173,7 @@ public class UserFederationProviderResource {
                 rep.setCategory(mapperFactory.getDisplayCategory());
                 rep.setName(mapperFactory.getDisplayType());
                 rep.setHelpText(mapperFactory.getHelpText());
-                List<ProviderConfigProperty> configProperties = mapperFactory.getConfigProperties(realm);
+                List<ProviderConfigProperty> configProperties = mapperFactory.getConfigProperties();
                 for (ProviderConfigProperty prop : configProperties) {
                     ConfigPropertyRepresentation propRep = new ConfigPropertyRepresentation();
                     propRep.setName(prop.getName());
@@ -202,6 +204,26 @@ public class UserFederationProviderResource {
         for (UserFederationMapperModel model : realm.getUserFederationMappersByFederationProvider(this.federationProviderModel.getId())) {
             mappers.add(ModelToRepresentation.toRepresentation(realm, model));
         }
+
+        // Sort mappers by category,type,name
+        Collections.sort(mappers, new Comparator<UserFederationMapperRepresentation>() {
+
+            @Override
+            public int compare(UserFederationMapperRepresentation o1, UserFederationMapperRepresentation o2) {
+                UserFederationMapperFactory factory1 = (UserFederationMapperFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationMapper.class, o1.getFederationMapperType());
+                UserFederationMapperFactory factory2 = (UserFederationMapperFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationMapper.class, o2.getFederationMapperType());
+
+                int compare = factory1.getDisplayCategory().compareTo(factory2.getDisplayCategory());
+                if (compare != 0) return compare;
+
+                compare = factory1.getDisplayType().compareTo(factory2.getDisplayType());
+                if (compare != 0) return compare;
+
+                compare = o1.getName().compareTo(o2.getName());
+                return compare;
+            }
+        });
+
         return mappers;
     }

services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java 326(+191 -135)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index fa6b901..55d97b0 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -57,8 +57,10 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
+import javax.ws.rs.WebApplicationException;
 
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedList;
@@ -105,22 +107,31 @@ public class UsersResource {
     /**
      * Update the user
      *
-     * @param username user name (not id!)
+     * @param id
      * @param rep
      * @return
      */
-    @Path("{username}")
+    @Path("{id}")
     @PUT
     @Consumes(MediaType.APPLICATION_JSON)
-    public Response updateUser(final @PathParam("username") String username, final UserRepresentation rep) {
+    public Response updateUser(final @PathParam("id") String id, final UserRepresentation rep) {
         auth.requireManage();
 
         try {
-            UserModel user = session.users().getUserByUsername(username, realm);
+            UserModel user = session.users().getUserById(id, realm);
             if (user == null) {
                 throw new NotFoundException("User not found");
             }
-            updateUserFromRep(user, rep);
+
+            Set<String> attrsToRemove;
+            if (rep.getAttributes() != null) {
+                attrsToRemove = new HashSet<>(user.getAttributes().keySet());
+                attrsToRemove.removeAll(rep.getAttributes().keySet());
+            } else {
+                attrsToRemove = Collections.emptySet();
+            }
+
+            updateUserFromRep(user, rep, attrsToRemove);
             adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
 
             if (session.getTransaction().isActive()) {
@@ -156,7 +167,8 @@ public class UsersResource {
 
         try {
             UserModel user = session.users().addUser(realm, rep.getUsername());
-            updateUserFromRep(user, rep);
+            Set<String> emptySet = Collections.emptySet();
+            updateUserFromRep(user, rep, emptySet);
             
             adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, user.getId()).representation(rep).success();
             
@@ -164,7 +176,7 @@ public class UsersResource {
                 session.getTransaction().commit();
             }
             
-            return Response.created(uriInfo.getAbsolutePathBuilder().path(user.getUsername()).build()).build();
+            return Response.created(uriInfo.getAbsolutePathBuilder().path(user.getId()).build()).build();
         } catch (ModelDuplicateException e) {
             if (session.getTransaction().isActive()) {
                 session.getTransaction().setRollbackOnly();
@@ -173,7 +185,10 @@ public class UsersResource {
         }
     }
 
-    private void updateUserFromRep(UserModel user, UserRepresentation rep) {
+    private void updateUserFromRep(UserModel user, UserRepresentation rep, Set<String> attrsToRemove) {
+        if (realm.isEditUsernameAllowed()) {
+            user.setUsername(rep.getUsername());
+        }
         user.setEmail(rep.getEmail());
         user.setFirstName(rep.getFirstName());
         user.setLastName(rep.getLastName());
@@ -199,9 +214,7 @@ public class UsersResource {
                 user.setAttribute(attr.getKey(), attr.getValue());
             }
 
-            Set<String> attrToRemove = new HashSet<String>(user.getAttributes().keySet());
-            attrToRemove.removeAll(rep.getAttributes().keySet());
-            for (String attr : attrToRemove) {
+            for (String attr : attrsToRemove) {
                 user.removeAttribute(attr);
             }
         }
@@ -210,17 +223,17 @@ public class UsersResource {
     /**
      * Get represenation of the user
      *
-     * @param username username (not id!)
+     * @param id user id
      * @return
      */
-    @Path("{username}")
+    @Path("{id}")
     @GET
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
-    public UserRepresentation getUser(final @PathParam("username") String username) {
+    public UserRepresentation getUser(final @PathParam("id") String id) {
         auth.requireView();
 
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -244,16 +257,16 @@ public class UsersResource {
     /**
      * List set of sessions associated with this user.
      *
-     * @param username
+     * @param id
      * @return
      */
-    @Path("{username}/sessions")
+    @Path("{id}/sessions")
     @GET
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
-    public List<UserSessionRepresentation> getSessions(final @PathParam("username") String username) {
+    public List<UserSessionRepresentation> getSessions(final @PathParam("id") String id) {
         auth.requireView();
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -269,16 +282,16 @@ public class UsersResource {
     /**
      * List set of social logins associated with this user.
      *
-     * @param username
+     * @param id
      * @return
      */
-    @Path("{username}/federated-identity")
+    @Path("{id}/federated-identity")
     @GET
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
-    public List<FederatedIdentityRepresentation> getFederatedIdentity(final @PathParam("username") String username) {
+    public List<FederatedIdentityRepresentation> getFederatedIdentity(final @PathParam("id") String id) {
         auth.requireView();
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -297,12 +310,12 @@ public class UsersResource {
         return result;
     }
 
-    @Path("{username}/federated-identity/{provider}")
+    @Path("{id}/federated-identity/{provider}")
     @POST
     @NoCache
-    public Response addFederatedIdentity(final @PathParam("username") String username, final @PathParam("provider") String provider, FederatedIdentityRepresentation rep) {
+    public Response addFederatedIdentity(final @PathParam("id") String id, final @PathParam("provider") String provider, FederatedIdentityRepresentation rep) {
         auth.requireManage();
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -316,12 +329,12 @@ public class UsersResource {
         return Response.noContent().build();
     }
 
-    @Path("{username}/federated-identity/{provider}")
+    @Path("{id}/federated-identity/{provider}")
     @DELETE
     @NoCache
-    public void removeFederatedIdentity(final @PathParam("username") String username, final @PathParam("provider") String provider) {
+    public void removeFederatedIdentity(final @PathParam("id") String id, final @PathParam("provider") String provider) {
         auth.requireManage();
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -334,16 +347,16 @@ public class UsersResource {
     /**
      * List set of consents granted by this user.
      *
-     * @param username
+     * @param id
      * @return
      */
-    @Path("{username}/consents")
+    @Path("{id}/consents")
     @GET
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
-    public List<UserConsentRepresentation> getConsents(final @PathParam("username") String username) {
+    public List<UserConsentRepresentation> getConsents(final @PathParam("id") String id) {
         auth.requireView();
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -361,15 +374,15 @@ public class UsersResource {
     /**
      * Revoke consent for particular client
      *
-     * @param username
+     * @param id
      * @param clientId
      */
-    @Path("{username}/consents/{client}")
+    @Path("{id}/consents/{client}")
     @DELETE
     @NoCache
-    public void revokeConsent(final @PathParam("username") String username, final @PathParam("client") String clientId) {
+    public void revokeConsent(final @PathParam("id") String id, final @PathParam("client") String clientId) {
         auth.requireManage();
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -380,7 +393,7 @@ public class UsersResource {
             // Logout clientSessions for this user and client
             AuthenticationManager.backchannelUserFromClient(session, realm, user, client, uriInfo, headers);
         } else {
-            throw new NotFoundException("Consent not found for user " + username + " and client " + clientId);
+            throw new NotFoundException("Consent not found for user " + id + " and client " + clientId);
         }
         adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
     }
@@ -389,13 +402,13 @@ public class UsersResource {
      * Remove all user sessions associated with this user.  And, for all client that have an admin URL, tell
      * them to invalidate the sessions for this particular user.
      *
-     * @param username username (not id!)
+     * @param id user id
      */
-    @Path("{username}/logout")
+    @Path("{id}/logout")
     @POST
-    public void logout(final @PathParam("username") String username) {
+    public void logout(final @PathParam("id") String id) {
         auth.requireManage();
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -410,16 +423,15 @@ public class UsersResource {
     /**
      * delete this user
      *
-     * @param username username (not id!)
+     * @param id user id
      */
-    @Path("{username}")
+    @Path("{id}")
     @DELETE
     @NoCache
-    public Response deleteUser(final @PathParam("username") String username) {
+    public Response deleteUser(final @PathParam("id") String id) {
         auth.requireManage();
 
-        UserRepresentation rep = getUser(username);
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -490,17 +502,17 @@ public class UsersResource {
     /**
      * Get role mappings for this user
      *
-     * @param username username (not id!)
+     * @param id user id
      * @return
      */
-    @Path("{username}/role-mappings")
+    @Path("{id}/role-mappings")
     @GET
     @Produces(MediaType.APPLICATION_JSON)
     @NoCache
-    public MappingsRepresentation getRoleMappings(@PathParam("username") String username) {
+    public MappingsRepresentation getRoleMappings(@PathParam("id") String id) {
         auth.requireView();
 
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -541,17 +553,17 @@ public class UsersResource {
     /**
      * Get realm-level role mappings for this user
      *
-     * @param username username (not id!)
+     * @param id user id
      * @return
      */
-    @Path("{username}/role-mappings/realm")
+    @Path("{id}/role-mappings/realm")
     @GET
     @Produces(MediaType.APPLICATION_JSON)
     @NoCache
-    public List<RoleRepresentation> getRealmRoleMappings(@PathParam("username") String username) {
+    public List<RoleRepresentation> getRealmRoleMappings(@PathParam("id") String id) {
         auth.requireView();
 
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -567,17 +579,17 @@ public class UsersResource {
     /**
      * Effective realm-level role mappings for this user.  Will recurse all composite roles to get this list.
      *
-     * @param username username (not id!)
+     * @param id user id
      * @return
      */
-    @Path("{username}/role-mappings/realm/composite")
+    @Path("{id}/role-mappings/realm/composite")
     @GET
     @Produces(MediaType.APPLICATION_JSON)
     @NoCache
-    public List<RoleRepresentation> getCompositeRealmRoleMappings(@PathParam("username") String username) {
+    public List<RoleRepresentation> getCompositeRealmRoleMappings(@PathParam("id") String id) {
         auth.requireView();
 
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -595,17 +607,17 @@ public class UsersResource {
     /**
      * Realm-level roles that can be mapped to this user
      *
-     * @param username username (not id!)
+     * @param id
      * @return
      */
-    @Path("{username}/role-mappings/realm/available")
+    @Path("{id}/role-mappings/realm/available")
     @GET
     @Produces(MediaType.APPLICATION_JSON)
     @NoCache
-    public List<RoleRepresentation> getAvailableRealmRoleMappings(@PathParam("username") String username) {
+    public List<RoleRepresentation> getAvailableRealmRoleMappings(@PathParam("id") String id) {
         auth.requireView();
 
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -617,17 +629,17 @@ public class UsersResource {
     /**
      * Add realm-level role mappings
      *
-     * @param username username (not id!)
+     * @param id
      * @param roles
      */
-    @Path("{username}/role-mappings/realm")
+    @Path("{id}/role-mappings/realm")
     @POST
     @Consumes(MediaType.APPLICATION_JSON)
-    public void addRealmRoleMappings(@PathParam("username") String username, List<RoleRepresentation> roles) {
+    public void addRealmRoleMappings(@PathParam("id") String id, List<RoleRepresentation> roles) {
         auth.requireManage();
 
         logger.debugv("** addRealmRoleMappings: {0}", roles);
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -645,17 +657,17 @@ public class UsersResource {
     /**
      * Delete realm-level role mappings
      *
-     * @param username username (not id!)
+     * @param id user id
      * @param roles
      */
-    @Path("{username}/role-mappings/realm")
+    @Path("{id}/role-mappings/realm")
     @DELETE
     @Consumes(MediaType.APPLICATION_JSON)
-    public void deleteRealmRoleMappings(@PathParam("username") String username, List<RoleRepresentation> roles) {
+    public void deleteRealmRoleMappings(@PathParam("id") String id, List<RoleRepresentation> roles) {
         auth.requireManage();
 
         logger.debug("deleteRealmRoleMappings");
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -680,51 +692,35 @@ public class UsersResource {
         
     }
 
-    @Path("{username}/role-mappings/clients/{clientId}")
-    public UserClientRoleMappingsResource getUserClientRoleMappingsResource(@PathParam("username") String username, @PathParam("clientId") String clientId) {
-        UserModel user = session.users().getUserByUsername(username, realm);
+    @Path("{id}/role-mappings/clients/{client}")
+    public UserClientRoleMappingsResource getUserClientRoleMappingsResource(@PathParam("id") String id, @PathParam("client") String client) {
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
 
-        ClientModel client = realm.getClientByClientId(clientId);
-
-        if (client == null) {
-            throw new NotFoundException("Client not found");
-        }
-        return new UserClientRoleMappingsResource(uriInfo, realm, auth, user, client, adminEvent);
-
-    }
-    @Path("{username}/role-mappings/clients-by-id/{id}")
-    public UserClientRoleMappingsResource getUserClientRoleMappingsResourceById(@PathParam("username") String username, @PathParam("id") String id) {
-        UserModel user = session.users().getUserByUsername(username, realm);
-        if (user == null) {
-            throw new NotFoundException("User not found");
-        }
-
-        ClientModel client = realm.getClientById(id);
-
+        ClientModel clientModel = realm.getClientById(client);
         if (client == null) {
             throw new NotFoundException("Client not found");
         }
         
-        return new UserClientRoleMappingsResource(uriInfo, realm, auth, user, client, adminEvent);
+        return new UserClientRoleMappingsResource(uriInfo, realm, auth, user, clientModel, adminEvent);
 
     }
     /**
      *  Set up a temporary password for this user.  User will have to reset this temporary password when they log
      *  in next.
      *
-     * @param username username (not id!)
+     * @param id
      * @param pass temporary password
      */
-    @Path("{username}/reset-password")
+    @Path("{id}/reset-password")
     @PUT
     @Consumes(MediaType.APPLICATION_JSON)
-    public void resetPassword(@PathParam("username") String username, CredentialRepresentation pass) {
+    public void resetPassword(@PathParam("id") String id, CredentialRepresentation pass) {
         auth.requireManage();
 
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -748,15 +744,15 @@ public class UsersResource {
     /**
      *
      *
-     * @param username username (not id!)
+     * @param id
      */
-    @Path("{username}/remove-totp")
+    @Path("{id}/remove-totp")
     @PUT
     @Consumes(MediaType.APPLICATION_JSON)
-    public void removeTotp(@PathParam("username") String username) {
+    public void removeTotp(@PathParam("id") String id) {
         auth.requireManage();
 
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             throw new NotFoundException("User not found");
         }
@@ -770,72 +766,88 @@ public class UsersResource {
      * The redirectUri and clientId parameters are optional. The default for the
      * redirect is the account client.
      *
-     * @param username username (not id!)
+     * @param id
      * @param redirectUri redirect uri
      * @param clientId client id
      * @return
      */
-    @Path("{username}/reset-password-email")
+    @Path("{id}/reset-password-email")
     @PUT
     @Consumes(MediaType.APPLICATION_JSON)
-    public Response resetPasswordEmail(@PathParam("username") String username, @QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirectUri, @QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId) {
+    public Response resetPasswordEmail(@PathParam("id") String id, @QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirectUri, @QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId) {
         auth.requireManage();
 
-        UserModel user = session.users().getUserByUsername(username, realm);
+        UserModel user = session.users().getUserById(id, realm);
         if (user == null) {
             return ErrorResponse.error("User not found", Response.Status.NOT_FOUND);
         }
 
-        if (!user.isEnabled()) {
-            return ErrorResponse.error("User is disabled", Response.Status.BAD_REQUEST);
-        }
-
         if (user.getEmail() == null) {
             return ErrorResponse.error("User email missing", Response.Status.BAD_REQUEST);
         }
 
-        if(redirectUri != null && clientId == null){
-            return ErrorResponse.error("Client id missing", Response.Status.BAD_REQUEST);
-        }
+        ClientSessionModel clientSession = createClientSession(user, redirectUri, clientId);
+        ClientSessionCode accessCode = new ClientSessionCode(realm, clientSession);
+        accessCode.setAction(ClientSessionModel.Action.RECOVER_PASSWORD);
 
-        if(clientId == null){
-            clientId = Constants.ACCOUNT_MANAGEMENT_CLIENT_ID;
-        }
+        try {
+            UriBuilder builder = Urls.loginPasswordResetBuilder(uriInfo.getBaseUri());
+            builder.queryParam("key", accessCode.getCode());
 
-        ClientModel client = realm.getClientByClientId(clientId);
-        if (client == null || !client.isEnabled()) {
-            return ErrorResponse.error(clientId + " not enabled", Response.Status.INTERNAL_SERVER_ERROR);
+            String link = builder.build(realm.getName()).toString();
+            long expiration = TimeUnit.SECONDS.toMinutes(realm.getAccessCodeLifespanUserAction());
+
+            this.session.getProvider(EmailProvider.class).setRealm(realm).setUser(user).sendPasswordReset(link, expiration);
+
+            //audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, accessCode.getCodeId()).success();
+
+            adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
+
+            return Response.ok().build();
+        } catch (EmailException e) {
+            logger.error("Failed to send password reset email", e);
+            return ErrorResponse.error("Failed to send email", Response.Status.INTERNAL_SERVER_ERROR);
         }
+    }
 
-        String redirect;
-        if(redirectUri != null){
-            redirect = RedirectUtils.verifyRedirectUri(uriInfo, redirectUri, realm, client);
-            if(redirect == null){
-                return ErrorResponse.error("Invalid redirect uri.", Response.Status.BAD_REQUEST);
-            }
-        }else{
-            redirect = Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getName()).toString();
+    /**
+     * Send an email to the user with a link they can click to verify their email address.
+     * The redirectUri and clientId parameters are optional. The default for the
+     * redirect is the account client.
+     *
+     * @param id
+     * @param redirectUri redirect uri
+     * @param clientId client id
+     * @return
+     */
+    @Path("{id}/send-verify-email")
+    @PUT
+    @Consumes(MediaType.APPLICATION_JSON)
+    public Response sendVerifyEmail(@PathParam("id") String id, @QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirectUri, @QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId) {
+        auth.requireManage();
+
+        UserModel user = session.users().getUserById(id, realm);
+        if (user == null) {
+            return ErrorResponse.error("User not found", Response.Status.NOT_FOUND);
         }
 
+        if (user.getEmail() == null) {
+            return ErrorResponse.error("User email missing", Response.Status.BAD_REQUEST);
+        }
 
-        UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "form", false, null, null);
-        //audit.session(userSession);
-        ClientSessionModel clientSession = session.sessions().createClientSession(realm, client);
-        clientSession.setAuthMethod(OIDCLoginProtocol.LOGIN_PROTOCOL);
-        clientSession.setRedirectUri(redirect);
-        clientSession.setUserSession(userSession);
+        ClientSessionModel clientSession = createClientSession(user, redirectUri, clientId);
         ClientSessionCode accessCode = new ClientSessionCode(realm, clientSession);
 
-        accessCode.setAction(ClientSessionModel.Action.RECOVER_PASSWORD);
+        accessCode.setAction(ClientSessionModel.Action.VERIFY_EMAIL);
 
         try {
-            UriBuilder builder = Urls.loginPasswordResetBuilder(uriInfo.getBaseUri());
+            UriBuilder builder = Urls.loginActionEmailVerificationBuilder(uriInfo.getBaseUri());
             builder.queryParam("key", accessCode.getCode());
 
             String link = builder.build(realm.getName()).toString();
             long expiration = TimeUnit.SECONDS.toMinutes(realm.getAccessCodeLifespanUserAction());
 
-            this.session.getProvider(EmailProvider.class).setRealm(realm).setUser(user).sendPasswordReset(link, expiration);
+            this.session.getProvider(EmailProvider.class).setRealm(realm).setUser(user).sendVerifyEmail(link, expiration);
 
             //audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, accessCode.getCodeId()).success();
 
@@ -843,9 +855,53 @@ public class UsersResource {
 
             return Response.ok().build();
         } catch (EmailException e) {
-            logger.error("Failed to send password reset email", e);
+            logger.error("Failed to send verification email", e);
             return ErrorResponse.error("Failed to send email", Response.Status.INTERNAL_SERVER_ERROR);
         }
     }
 
+    private ClientSessionModel createClientSession(UserModel user, String redirectUri, String clientId) {
+
+        if (!user.isEnabled()) {
+            throw new WebApplicationException(
+                ErrorResponse.error("User is disabled", Response.Status.BAD_REQUEST));
+        }
+
+        if (redirectUri != null && clientId == null) {
+            throw new WebApplicationException(
+                ErrorResponse.error("Client id missing", Response.Status.BAD_REQUEST));
+        }
+
+        if (clientId == null) {
+            clientId = Constants.ACCOUNT_MANAGEMENT_CLIENT_ID;
+        }
+
+        ClientModel client = realm.getClientByClientId(clientId);
+        if (client == null || !client.isEnabled()) {
+            throw new WebApplicationException(
+                ErrorResponse.error(clientId + " not enabled", Response.Status.BAD_REQUEST));
+        }
+
+        String redirect;
+        if (redirectUri != null) {
+            redirect = RedirectUtils.verifyRedirectUri(uriInfo, redirectUri, realm, client);
+            if (redirect == null) {
+                throw new WebApplicationException(
+                    ErrorResponse.error("Invalid redirect uri.", Response.Status.BAD_REQUEST));
+            }
+        } else {
+            redirect = Urls.accountBase(uriInfo.getBaseUri()).path("/").build(realm.getName()).toString();
+        }
+
+
+        UserSessionModel userSession = session.sessions().createUserSession(realm, user, user.getUsername(), clientConnection.getRemoteAddr(), "form", false, null, null);
+        //audit.session(userSession);
+        ClientSessionModel clientSession = session.sessions().createClientSession(realm, client);
+        clientSession.setAuthMethod(OIDCLoginProtocol.LOGIN_PROTOCOL);
+        clientSession.setRedirectUri(redirect);
+        clientSession.setUserSession(userSession);
+
+        return clientSession;
+    }
+
 }

services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java 11(+8 -3)

diff --git a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
index e6660ee..e1d6bfa 100755
--- a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
+++ b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
@@ -44,10 +44,10 @@ import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.UserSessionModel;
-import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.protocol.oidc.TokenManager;
 import org.keycloak.provider.ProviderFactory;
 import org.keycloak.representations.AccessToken;
+import org.keycloak.representations.idm.IdentityProviderRepresentation;
 import org.keycloak.services.managers.AppAuthManager;
 import org.keycloak.services.managers.AuthenticationManager;
 import org.keycloak.services.managers.AuthenticationManager.AuthResult;
@@ -71,6 +71,7 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
+
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -278,12 +279,16 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
             try {
                 federatedUser = createUser(context);
 
-                if (identityProviderConfig.isUpdateProfileFirstLogin()) {
+                if (IdentityProviderRepresentation.UPFLM_ON.equals(identityProviderConfig.getUpdateProfileFirstLoginMode()) 
+                        || (IdentityProviderRepresentation.UPFLM_MISSING.equals(identityProviderConfig.getUpdateProfileFirstLoginMode()) && !Validation.validateUserMandatoryFields(realmModel, federatedUser))) {
                     if (isDebugEnabled()) {
                         LOGGER.debugf("Identity provider requires update profile action.", federatedUser);
                     }
                     federatedUser.addRequiredAction(UPDATE_PROFILE);
                 }
+                if(identityProviderConfig.isTrustEmail() && !Validation.isBlank(federatedUser.getEmail())){
+                    federatedUser.setEmailVerified(true);
+                }
             } catch (Exception e) {
                 return redirectToLoginPage(e, clientCode);
             }
@@ -506,7 +511,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
         String username = context.getModelUsername();
         if (username == null) {
             username = context.getUsername();
-            if (this.realmModel.isRegistrationEmailAsUsername() && !Validation.isEmpty(context.getEmail())) {
+            if (this.realmModel.isRegistrationEmailAsUsername() && !Validation.isBlank(context.getEmail())) {
                 username = context.getEmail();
             } else if (username == null) {
                 username = context.getIdpConfig().getAlias() + "." + context.getId();

services/src/main/java/org/keycloak/services/resources/LoginActionsService.java 6(+4 -2)

diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
index a1da985..980c4ff 100755
--- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
@@ -799,6 +799,8 @@ public class LoginActionsService {
             user.setEmailVerified(false);
         }
 
+        AttributeFormDataProcessor.process(formData, realm, user);
+        
         user.removeRequiredAction(RequiredAction.UPDATE_PROFILE);
         event.clone().event(EventType.UPDATE_PROFILE).success();
 
@@ -830,7 +832,7 @@ public class LoginActionsService {
         String totpSecret = formData.getFirst("totpSecret");
 
         LoginFormsProvider loginForms = session.getProvider(LoginFormsProvider.class).setUser(user);
-        if (Validation.isEmpty(totp)) {
+        if (Validation.isBlank(totp)) {
             return loginForms.setError(Messages.MISSING_TOTP)
                     .setClientSessionCode(accessCode.getCode())
                     .createResponse(RequiredAction.CONFIGURE_TOTP);
@@ -876,7 +878,7 @@ public class LoginActionsService {
 
         LoginFormsProvider loginForms = session.getProvider(LoginFormsProvider.class)
                 .setUser(user);
-        if (Validation.isEmpty(passwordNew)) {
+        if (Validation.isBlank(passwordNew)) {
             return loginForms.setError(Messages.MISSING_PASSWORD)
                     .setClientSessionCode(accessCode.getCode())
                     .createResponse(RequiredAction.UPDATE_PASSWORD);

services/src/main/java/org/keycloak/services/resources/ModelExceptionMapper.java 6(+6 -0)

diff --git a/services/src/main/java/org/keycloak/services/resources/ModelExceptionMapper.java b/services/src/main/java/org/keycloak/services/resources/ModelExceptionMapper.java
index c5cc88e..4926490 100644
--- a/services/src/main/java/org/keycloak/services/resources/ModelExceptionMapper.java
+++ b/services/src/main/java/org/keycloak/services/resources/ModelExceptionMapper.java
@@ -4,6 +4,8 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.ext.ExceptionMapper;
 import javax.ws.rs.ext.Provider;
+
+import org.jboss.logging.Logger;
 import org.keycloak.messages.MessagesProvider;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.ModelException;
@@ -15,6 +17,8 @@ import org.keycloak.services.ErrorResponse;
 @Provider
 public class ModelExceptionMapper implements ExceptionMapper<ModelException> {
 
+    private static final Logger logger = Logger.getLogger(ModelExceptionMapper.class);
+
     @Context
     private KeycloakSession session;
 
@@ -22,6 +26,8 @@ public class ModelExceptionMapper implements ExceptionMapper<ModelException> {
     public Response toResponse(ModelException ex) {
         String message = session.getProvider(MessagesProvider.class, "admin")
                 .getMessage(ex.getMessage(), ex.getParameters());
+
+        logger.error(message, ex);
         return ErrorResponse.error(message, Response.Status.BAD_REQUEST);
     }
 }

services/src/main/java/org/keycloak/services/validation/Validation.java 65(+50 -15)

diff --git a/services/src/main/java/org/keycloak/services/validation/Validation.java b/services/src/main/java/org/keycloak/services/validation/Validation.java
index 1a4392b..d3abc4d 100755
--- a/services/src/main/java/org/keycloak/services/validation/Validation.java
+++ b/services/src/main/java/org/keycloak/services/validation/Validation.java
@@ -1,17 +1,18 @@
 package org.keycloak.services.validation;
 
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Pattern;
-
-import javax.ws.rs.core.MultivaluedMap;
-
 import org.keycloak.models.PasswordPolicy;
 import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
 import org.keycloak.models.utils.FormMessage;
 import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.services.messages.Messages;
 
+import javax.ws.rs.core.MultivaluedMap;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Pattern;
+
 public class Validation {
 
     public static final String FIELD_PASSWORD_CONFIRM = "password-confirm";
@@ -27,26 +28,26 @@ public class Validation {
     public static List<FormMessage> validateRegistrationForm(RealmModel realm, MultivaluedMap<String, String> formData, List<String> requiredCredentialTypes, PasswordPolicy policy) {
         List<FormMessage> errors = new ArrayList<>();
 
-        if (!realm.isRegistrationEmailAsUsername() && isEmpty(formData.getFirst(FIELD_USERNAME))) {
+        if (!realm.isRegistrationEmailAsUsername() && isBlank(formData.getFirst(FIELD_USERNAME))) {
             addError(errors, FIELD_USERNAME, Messages.MISSING_USERNAME);
         }
 
-        if (isEmpty(formData.getFirst(FIELD_FIRST_NAME))) {
+        if (isBlank(formData.getFirst(FIELD_FIRST_NAME))) {
             addError(errors, FIELD_FIRST_NAME, Messages.MISSING_FIRST_NAME);
         }
 
-        if (isEmpty(formData.getFirst(FIELD_LAST_NAME))) {
+        if (isBlank(formData.getFirst(FIELD_LAST_NAME))) {
             addError(errors, FIELD_LAST_NAME, Messages.MISSING_LAST_NAME);
         }
 
-        if (isEmpty(formData.getFirst(FIELD_EMAIL))) {
+        if (isBlank(formData.getFirst(FIELD_EMAIL))) {
             addError(errors, FIELD_EMAIL, Messages.MISSING_EMAIL);
         } else if (!isEmailValid(formData.getFirst(FIELD_EMAIL))) {
             addError(errors, FIELD_EMAIL, Messages.INVALID_EMAIL);
         }
 
         if (requiredCredentialTypes.contains(CredentialRepresentation.PASSWORD)) {
-            if (isEmpty(formData.getFirst(FIELD_PASSWORD))) {
+            if (isBlank(formData.getFirst(FIELD_PASSWORD))) {
                 addError(errors, FIELD_PASSWORD, Messages.MISSING_PASSWORD);
             } else if (!formData.getFirst(FIELD_PASSWORD).equals(formData.getFirst(FIELD_PASSWORD_CONFIRM))) {
                 addError(errors, FIELD_PASSWORD_CONFIRM, Messages.INVALID_PASSWORD_CONFIRM);
@@ -66,19 +67,26 @@ public class Validation {
         errors.add(new FormMessage(field, message));
     }
 
-
     public static List<FormMessage> validateUpdateProfileForm(MultivaluedMap<String, String> formData) {
+        return validateUpdateProfileForm(null, formData);
+    }
+
+    public static List<FormMessage> validateUpdateProfileForm(RealmModel realm, MultivaluedMap<String, String> formData) {
         List<FormMessage> errors = new ArrayList<>();
         
-        if (isEmpty(formData.getFirst(FIELD_FIRST_NAME))) {
+        if (realm != null && realm.isEditUsernameAllowed() && isBlank(formData.getFirst(FIELD_USERNAME))) {
+            addError(errors, FIELD_USERNAME, Messages.MISSING_USERNAME);
+        }
+
+        if (isBlank(formData.getFirst(FIELD_FIRST_NAME))) {
             addError(errors, FIELD_FIRST_NAME, Messages.MISSING_FIRST_NAME);
         }
 
-        if (isEmpty(formData.getFirst(FIELD_LAST_NAME))) {
+        if (isBlank(formData.getFirst(FIELD_LAST_NAME))) {
             addError(errors, FIELD_LAST_NAME, Messages.MISSING_LAST_NAME);
         }
 
-        if (isEmpty(formData.getFirst(FIELD_EMAIL))) {
+        if (isBlank(formData.getFirst(FIELD_EMAIL))) {
             addError(errors, FIELD_EMAIL, Messages.MISSING_EMAIL);
         } else if (!isEmailValid(formData.getFirst(FIELD_EMAIL))) {
             addError(errors, FIELD_EMAIL, Messages.INVALID_EMAIL);
@@ -86,10 +94,37 @@ public class Validation {
 
         return errors;
     }
+    
+    /**
+     * Validate if user object contains all mandatory fields.
+     * 
+     * @param realm user is for
+     * @param user to validate
+     * @return true if user object contains all mandatory values, false if some mandatory value is missing
+     */
+    public static boolean validateUserMandatoryFields(RealmModel realm, UserModel user){
+        return!(isBlank(user.getFirstName()) || isBlank(user.getLastName()) || isBlank(user.getEmail()));        
+    }
 
+    /**
+     * Check if string is empty (null or lenght is 0)
+     * 
+     * @param s to check
+     * @return true if string is empty
+     */
     public static boolean isEmpty(String s) {
         return s == null || s.length() == 0;
     }
+    
+    /**
+     * Check if string is blank (null or lenght is 0 or contains only white characters)
+     * 
+     * @param s to check
+     * @return true if string is blank
+     */
+    public static boolean isBlank(String s) {
+        return s == null || s.trim().length() == 0;
+    }
 
     public static boolean isEmailValid(String email) {
         return EMAIL_PATTERN.matcher(email).matches();

services/src/main/java/org/keycloak/wellknown/WellKnownSpi.java 2(+1 -1)

diff --git a/services/src/main/java/org/keycloak/wellknown/WellKnownSpi.java b/services/src/main/java/org/keycloak/wellknown/WellKnownSpi.java
index 7734f48..564c600 100755
--- a/services/src/main/java/org/keycloak/wellknown/WellKnownSpi.java
+++ b/services/src/main/java/org/keycloak/wellknown/WellKnownSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class WellKnownSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }

services/src/test/java/org/keycloak/test/ValidationTest.java 22(+22 -0)

diff --git a/services/src/test/java/org/keycloak/test/ValidationTest.java b/services/src/test/java/org/keycloak/test/ValidationTest.java
index 0da7dfa..72f5926 100644
--- a/services/src/test/java/org/keycloak/test/ValidationTest.java
+++ b/services/src/test/java/org/keycloak/test/ValidationTest.java
@@ -24,4 +24,26 @@ public class ValidationTest {
         Assert.assertFalse(Validation.isEmailValid("abc@foo."));
         Assert.assertFalse(Validation.isEmailValid("abc@foo..bar"));
     }
+    
+    @Test
+    public void testIsEmpty(){
+        Assert.assertTrue(Validation.isEmpty(null));
+        Assert.assertTrue(Validation.isEmpty(""));
+        Assert.assertFalse(Validation.isEmpty(" "));
+        Assert.assertFalse(Validation.isEmpty("     "));
+        Assert.assertFalse(Validation.isEmpty("a"));
+        Assert.assertFalse(Validation.isEmpty("    a "));
+        Assert.assertFalse(Validation.isEmpty("asgadfgedfs"));
+    }
+    
+    @Test
+    public void testIsBlank(){
+        Assert.assertTrue(Validation.isBlank(null));
+        Assert.assertTrue(Validation.isBlank(""));
+        Assert.assertTrue(Validation.isBlank(" "));
+        Assert.assertTrue(Validation.isBlank("  \n   "));
+        Assert.assertFalse(Validation.isBlank("a"));
+        Assert.assertFalse(Validation.isBlank("    a "));
+        Assert.assertFalse(Validation.isBlank("asgadfgedfs"));
+    }
 }

social/core/src/main/java/org/keycloak/social/SocialProviderSpi.java 2(+1 -1)

diff --git a/social/core/src/main/java/org/keycloak/social/SocialProviderSpi.java b/social/core/src/main/java/org/keycloak/social/SocialProviderSpi.java
index fd500a8..382c18d 100644
--- a/social/core/src/main/java/org/keycloak/social/SocialProviderSpi.java
+++ b/social/core/src/main/java/org/keycloak/social/SocialProviderSpi.java
@@ -29,7 +29,7 @@ public class SocialProviderSpi implements Spi {
     public static final String SOCIAL_SPI_NAME = "social";
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return false;
     }

social/linkedin/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java 2(+1 -1)

diff --git a/social/linkedin/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java b/social/linkedin/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java
index 5c5265e..d6b7108 100755
--- a/social/linkedin/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java
+++ b/social/linkedin/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java
@@ -69,7 +69,7 @@ public class LinkedInIdentityProvider extends AbstractOAuth2IdentityProvider imp
 
             return user;
 		} catch (Exception e) {
-			throw new IdentityBrokerException("Could not obtain user profile from github.", e);
+			throw new IdentityBrokerException("Could not obtain user profile from linkedIn.", e);
 		}
 	}

testsuite/integration/pom.xml 2(+0 -2)

diff --git a/testsuite/integration/pom.xml b/testsuite/integration/pom.xml
index 0b0b2a6..6b5051a 100755
--- a/testsuite/integration/pom.xml
+++ b/testsuite/integration/pom.xml
@@ -421,7 +421,6 @@
                 <keycloak.connectionsMongo.host>localhost</keycloak.connectionsMongo.host>
                 <keycloak.connectionsMongo.port>27018</keycloak.connectionsMongo.port>
                 <keycloak.connectionsMongo.db>keycloak</keycloak.connectionsMongo.db>
-                <keycloak.connectionsMongo.clearOnStartup>true</keycloak.connectionsMongo.clearOnStartup>
                 <keycloak.connectionsMongo.bindIp>127.0.0.1</keycloak.connectionsMongo.bindIp>
             </properties>
 
@@ -448,7 +447,6 @@
                                         <keycloak.connectionsMongo.host>${keycloak.connectionsMongo.host}</keycloak.connectionsMongo.host>
                                         <keycloak.connectionsMongo.port>${keycloak.connectionsMongo.port}</keycloak.connectionsMongo.port>
                                         <keycloak.connectionsMongo.db>${keycloak.connectionsMongo.db}</keycloak.connectionsMongo.db>
-                                        <keycloak.connectionsMongo.clearOnStartup>${keycloak.connectionsMongo.clearOnStartup}</keycloak.connectionsMongo.clearOnStartup>
                                         <keycloak.connectionsMongo.bindIp>${keycloak.connectionsMongo.bindIp}</keycloak.connectionsMongo.bindIp>
                                     </systemPropertyVariables>
                                 </configuration>

testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java 60(+58 -2)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java
index 6585f2d..45200c9 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java
@@ -24,11 +24,9 @@ package org.keycloak.testsuite.account;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
-import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
-import org.keycloak.account.freemarker.model.ApplicationsBean;
 import org.keycloak.events.Details;
 import org.keycloak.events.Event;
 import org.keycloak.events.EventType;
@@ -155,6 +153,9 @@ public class AccountTest {
             @Override
             public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
                 UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
+                user.setFirstName("Tom");
+                user.setLastName("Brady");
+                user.setEmail("test-user@localhost");
 
                 UserCredentialModel cred = new UserCredentialModel();
                 cred.setType(CredentialRepresentation.PASSWORD);
@@ -395,6 +396,61 @@ public class AccountTest {
     }
 
     @Test
+    public void changeUsername() {
+        // allow to edit the username in realm
+        keycloakRule.update(new KeycloakRule.KeycloakSetup() {
+            @Override
+            public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
+                appRealm.setEditUsernameAllowed(true);
+            }
+        });
+
+        try {
+            profilePage.open();
+            loginPage.login("test-user@localhost", "password");
+
+            events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT).assertEvent();
+
+            Assert.assertEquals("test-user@localhost", profilePage.getUsername());
+            Assert.assertEquals("Tom", profilePage.getFirstName());
+            Assert.assertEquals("Brady", profilePage.getLastName());
+            Assert.assertEquals("test-user@localhost", profilePage.getEmail());
+
+            // All fields are required, so there should be an error when something is missing.
+            profilePage.updateProfile("", "New first", "New last", "new@email.com");
+
+            Assert.assertEquals("Please specify username.", profilePage.getError());
+            Assert.assertEquals("", profilePage.getUsername());
+            Assert.assertEquals("New first", profilePage.getFirstName());
+            Assert.assertEquals("New last", profilePage.getLastName());
+            Assert.assertEquals("new@email.com", profilePage.getEmail());
+
+            events.assertEmpty();
+
+            profilePage.updateProfile("test-user-new@localhost", "New first", "New last", "new@email.com");
+
+            Assert.assertEquals("Your account has been updated.", profilePage.getSuccess());
+            Assert.assertEquals("test-user-new@localhost", profilePage.getUsername());
+            Assert.assertEquals("New first", profilePage.getFirstName());
+            Assert.assertEquals("New last", profilePage.getLastName());
+            Assert.assertEquals("new@email.com", profilePage.getEmail());
+
+        } finally {
+            // reset user for other tests
+            profilePage.updateProfile("test-user@localhost", "Tom", "Brady", "test-user@localhost");
+            events.clear();
+
+            // reset realm
+            keycloakRule.update(new KeycloakRule.KeycloakSetup() {
+                @Override
+                public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
+                    appRealm.setEditUsernameAllowed(false);
+                }
+            });
+        }
+    }
+
+    @Test
     public void setupTotp() {
         totpPage.open();
         loginPage.login("test-user@localhost", "password");

testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java 41(+29 -12)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
index b814f62..bb8d1e3 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
@@ -54,7 +54,9 @@ import org.keycloak.testsuite.utils.CredentialHelper;
 import org.openqa.selenium.WebDriver;
 
 import javax.mail.MessagingException;
+import javax.mail.Multipart;
 import javax.mail.internet.MimeMessage;
+
 import java.io.IOException;
 
 import static org.junit.Assert.assertEquals;
@@ -124,9 +126,8 @@ public class RequiredActionEmailVerificationTest {
         Assert.assertEquals(1, greenMail.getReceivedMessages().length);
 
         MimeMessage message = greenMail.getReceivedMessages()[0];
-
-        String body = (String) message.getContent();
-        String verificationUrl = MailUtil.getLink(body);
+        
+        String verificationUrl = getPasswordResetEmailLink(message);
 
         AssertEvents.ExpectedEvent emailEvent = events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).detail("email", "test-user@localhost");
         Event sendEvent = emailEvent.assertEvent();
@@ -159,14 +160,12 @@ public class RequiredActionEmailVerificationTest {
 
         MimeMessage message = greenMail.getReceivedMessages()[0];
 
-        String body = (String) message.getContent();
-
         Event sendEvent = events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).user(userId).detail("username", "verifyEmail").detail("email", "email@mail.com").assertEvent();
         String sessionId = sendEvent.getSessionId();
 
         String mailCodeId = sendEvent.getDetails().get(Details.CODE_ID);
 
-        String verificationUrl = MailUtil.getLink(body);
+        String verificationUrl = getPasswordResetEmailLink(message);
 
         driver.navigate().to(verificationUrl.trim());
 
@@ -197,11 +196,9 @@ public class RequiredActionEmailVerificationTest {
 
         MimeMessage message = greenMail.getReceivedMessages()[1];
 
-        String body = (String) message.getContent();
-
         events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).session(sessionId).detail("email", "test-user@localhost").assertEvent(sendEvent);
 
-        String verificationUrl = MailUtil.getLink(body);
+        String verificationUrl = getPasswordResetEmailLink(message);
 
         driver.navigate().to(verificationUrl.trim());
 
@@ -223,8 +220,7 @@ public class RequiredActionEmailVerificationTest {
 
         MimeMessage message = greenMail.getReceivedMessages()[0];
 
-        String body = (String) message.getContent();
-        String verificationUrl = MailUtil.getLink(body);
+        String verificationUrl = getPasswordResetEmailLink(message);
 
         AssertEvents.ExpectedEvent emailEvent = events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).detail("email", "test-user@localhost");
         Event sendEvent = emailEvent.assertEvent();
@@ -247,6 +243,27 @@ public class RequiredActionEmailVerificationTest {
 
         assertTrue(loginPage.isCurrent());
     }
-
+    
+    private String getPasswordResetEmailLink(MimeMessage message) throws IOException, MessagingException {
+    	Multipart multipart = (Multipart) message.getContent();
+    	
+        final String textContentType = multipart.getBodyPart(0).getContentType();
+        
+        assertEquals("text/plain; charset=UTF-8", textContentType);
+        
+        final String textBody = (String) multipart.getBodyPart(0).getContent();
+        final String textChangePwdUrl = MailUtil.getLink(textBody);
+    	
+        final String htmlContentType = multipart.getBodyPart(1).getContentType();
+        
+        assertEquals("text/html; charset=UTF-8", htmlContentType);
+        
+        final String htmlBody = (String) multipart.getBodyPart(1).getContent();
+        final String htmlChangePwdUrl = MailUtil.getLink(htmlBody);
+        
+        assertEquals(htmlChangePwdUrl, textChangePwdUrl);
+
+        return htmlChangePwdUrl;
+    }
 
 }

testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java 50(+44 -6)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
index 2ea5ecc..3f3e453 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
@@ -48,21 +48,50 @@ public class AdapterTest {
             realmPublicKey = realm.getPublicKey();
 
             URL url = getClass().getResource("/adapter-test/cust-app-keycloak.json");
-            deployApplication("customer-portal", "/customer-portal", CustomerServlet.class, url.getPath(), "user");
+            createApplicationDeployment()
+                    .name("customer-portal").contextPath("/customer-portal")
+                    .servletClass(CustomerServlet.class).adapterConfigPath(url.getPath())
+                    .role("user").deployApplication();
+
             url = getClass().getResource("/adapter-test/secure-portal-keycloak.json");
-            deployApplication("secure-portal", "/secure-portal", CallAuthenticatedServlet.class, url.getPath(), "user", false);
+            createApplicationDeployment()
+                    .name("secure-portal").contextPath("/secure-portal")
+                    .servletClass(CallAuthenticatedServlet.class).adapterConfigPath(url.getPath())
+                    .role("user")
+                    .isConstrained(false).deployApplication();
+
             url = getClass().getResource("/adapter-test/customer-db-keycloak.json");
-            deployApplication("customer-db", "/customer-db", CustomerDatabaseServlet.class, url.getPath(), "user");
+            createApplicationDeployment()
+                    .name("customer-db").contextPath("/customer-db")
+                    .servletClass(CustomerDatabaseServlet.class).adapterConfigPath(url.getPath())
+                    .role("user")
+                    .errorPage(null).deployApplication();
+
+            createApplicationDeployment()
+                    .name("customer-db-error-page").contextPath("/customer-db-error-page")
+                    .servletClass(CustomerDatabaseServlet.class).adapterConfigPath(url.getPath())
+                    .role("user").deployApplication();
+
             url = getClass().getResource("/adapter-test/product-keycloak.json");
-            deployApplication("product-portal", "/product-portal", ProductServlet.class, url.getPath(), "user");
+            createApplicationDeployment()
+                    .name("product-portal").contextPath("/product-portal")
+                    .servletClass(ProductServlet.class).adapterConfigPath(url.getPath())
+                    .role("user").deployApplication();
 
             // Test that replacing system properties works for adapters
             System.setProperty("app.server.base.url", "http://localhost:8081");
             System.setProperty("my.host.name", "localhost");
             url = getClass().getResource("/adapter-test/session-keycloak.json");
-            deployApplication("session-portal", "/session-portal", SessionServlet.class, url.getPath(), "user");
+            createApplicationDeployment()
+                    .name("session-portal").contextPath("/session-portal")
+                    .servletClass(SessionServlet.class).adapterConfigPath(url.getPath())
+                    .role("user").deployApplication();
+
             url = getClass().getResource("/adapter-test/input-keycloak.json");
-            deployApplication("input-portal", "/input-portal", InputServlet.class, url.getPath(), "user", true, null, "/secured/*");
+            createApplicationDeployment()
+                    .name("input-portal").contextPath("/input-portal")
+                    .servletClass(InputServlet.class).adapterConfigPath(url.getPath())
+                    .role("user").constraintUrl("/secured/*").deployApplication();
         }
     };
 
@@ -110,6 +139,15 @@ public class AdapterTest {
     }
 
     /**
+     * KEYCLOAK-1368
+     * @throws Exception
+     */
+    @Test
+    public void testNullBearerTokenCustomErrorPage() throws Exception {
+        testStrategy.testNullBearerTokenCustomErrorPage();
+    }
+
+    /**
      * KEYCLOAK-518
      * @throws Exception
      */

testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java 101(+57 -44)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java
index 694b5a9..e26baea 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java
@@ -21,6 +21,11 @@
  */
 package org.keycloak.testsuite.adapter;
 
+import io.undertow.util.Headers;
+import org.apache.http.client.HttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
+import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine;
 import org.junit.Assert;
 import org.junit.rules.ExternalResource;
 import org.keycloak.Config;
@@ -44,6 +49,7 @@ import org.keycloak.services.managers.RealmManager;
 import org.keycloak.services.managers.ResourceAdminManager;
 import org.keycloak.services.resources.admin.AdminRoot;
 import org.keycloak.testsuite.OAuthClient;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AccountSessionsPage;
 import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.rule.AbstractKeycloakRule;
@@ -65,6 +71,7 @@ import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import java.net.URI;
+import java.util.List;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicInteger;
 
@@ -115,9 +122,6 @@ public class AdapterTestStrategy extends ExternalResource {
     }
 
     public static RealmModel baseAdapterTestInitialization(KeycloakSession session, RealmManager manager, RealmModel adminRealm, Class<?> clazz) {
-        // Required by admin client
-        adminRealm.setPasswordCredentialGrantAllowed(true);
-
         RealmRepresentation representation = KeycloakServer.loadJson(clazz.getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
         RealmModel demoRealm = manager.importRealm(representation);
         return demoRealm;
@@ -135,25 +139,6 @@ public class AdapterTestStrategy extends ExternalResource {
         webRule.after();
     }
 
-    protected String createAdminToken() {
-        KeycloakSession session = keycloakRule.startSession();
-        try {
-            RealmManager manager = new RealmManager(session);
-
-            RealmModel adminRealm = manager.getRealm(Config.getAdminRealm());
-            ClientModel adminConsole = adminRealm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
-            TokenManager tm = new TokenManager();
-            UserModel admin = session.users().getUserByUsername("admin", adminRealm);
-            ClientSessionModel clientSession = session.sessions().createClientSession(adminRealm, adminConsole);
-            clientSession.setNote(OIDCLoginProtocol.ISSUER, AUTH_SERVER_URL + "/realms/master");
-            UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "admin", null, "form", false, null, null);
-            AccessToken token = tm.createClientAccessToken(session, TokenManager.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession, clientSession);
-            return tm.encodeToken(adminRealm, token);
-        } finally {
-            keycloakRule.stopSession(session, true);
-        }
-    }
-
     public void testSavedPostRequest() throws Exception {
         // test login to customer-portal which does a bearer request to customer-db
         driver.navigate().to(APP_SERVER_BASE_URL + "/input-portal");
@@ -212,27 +197,20 @@ public class AdapterTestStrategy extends ExternalResource {
         Assert.assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad"));
 
         // View stats
-        String adminToken = createAdminToken();
-
-        Client client = ClientBuilder.newClient();
-        UriBuilder authBase = UriBuilder.fromUri(AUTH_SERVER_URL);
-        WebTarget adminTarget = client.target(AdminRoot.realmsUrl(authBase)).path("demo");
-        Map<String, Integer> stats = adminTarget.path("client-session-stats").request()
-                .header(HttpHeaders.AUTHORIZATION, "Bearer " + adminToken)
-                .get(new GenericType<Map<String, Integer>>() {
-                });
-        Integer custSessionsCount = stats.get("customer-portal");
-        Assert.assertNotNull(custSessionsCount);
-        Assert.assertEquals(1, custSessionsCount.intValue());
-        Integer prodStatsCount = stats.get("product-portal");
-        Assert.assertNotNull(prodStatsCount);
-        Assert.assertTrue(1 == prodStatsCount);
-
-        client.close();
-
+        List<Map<String, String>> stats = Keycloak.getInstance("http://localhost:8081/auth", "master", "admin", "admin", "security-admin-console").realm("demo").getClientSessionStats();
+        Map<String, String> customerPortalStats = null;
+        Map<String, String> productPortalStats = null;
+        for (Map<String, String> s : stats) {
+            if (s.get("clientId").equals("customer-portal")) {
+                customerPortalStats = s;
+            } else if (s.get("clientId").equals("product-portal")) {
+                productPortalStats = s;
+            }
+        }
+        Assert.assertEquals(1, Integer.parseInt(customerPortalStats.get("active")));
+        Assert.assertEquals(1, Integer.parseInt(productPortalStats.get("active")));
 
         // test logout
-
         String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
                 .queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/customer-portal").build("demo").toString();
         driver.navigate().to(logoutUri);
@@ -244,8 +222,6 @@ public class AdapterTestStrategy extends ExternalResource {
         loginPage.cancel();
         System.out.println(driver.getPageSource());
         Assert.assertTrue(driver.getPageSource().contains("Error Page"));
-
-
     }
 
     public void testServletRequestLogout() throws Exception {
@@ -420,6 +396,43 @@ public class AdapterTestStrategy extends ExternalResource {
     }
 
     /**
+     * KEYCLOAK-1368
+     * @throws Exception
+     */
+    public void testNullBearerTokenCustomErrorPage() throws Exception {
+        Client client = ClientBuilder.newClient();
+        WebTarget target = client.target(APP_SERVER_BASE_URL + "/customer-db-error-page/");
+
+        Response response = target.request().get();
+
+        // TODO: follow redirects automatically if possible
+        if (response.getStatus() == 302) {
+            String location = response.getHeaderString(HttpHeaders.LOCATION);
+            response.close();
+            response = client.target(location).request().get();
+        }
+        Assert.assertEquals(200, response.getStatus());
+        String errorPageResponse = response.readEntity(String.class);
+        Assert.assertTrue(errorPageResponse.contains("Error Page"));
+        response.close();
+
+        response = target.request().header(HttpHeaders.AUTHORIZATION, "Bearer null").get();
+        // TODO: follow redirects automatically if possible
+        if (response.getStatus() == 302) {
+            String location = response.getHeaderString(HttpHeaders.LOCATION);
+            response.close();
+            response = client.target(location).request().get();
+        }
+        Assert.assertEquals(200, response.getStatus());
+        errorPageResponse = response.readEntity(String.class);
+        Assert.assertTrue(errorPageResponse.contains("Error Page"));
+        response.close();
+
+        client.close();
+
+    }
+
+    /**
      * KEYCLOAK-518
      * @throws Exception
      */
@@ -587,7 +600,7 @@ public class AdapterTestStrategy extends ExternalResource {
 
         // logout mposolda with admin client
         Keycloak keycloakAdmin = Keycloak.getInstance(AUTH_SERVER_URL, "master", "admin", "admin", Constants.ADMIN_CONSOLE_CLIENT_ID);
-        keycloakAdmin.realm("demo").clients().get("session-portal").logoutUser("mposolda");
+        ApiUtil.findClientByClientId(keycloakAdmin.realm("demo"), "session-portal").logoutUser("mposolda");
 
         // bburke should be still logged with original httpSession in our browser window
         driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");

testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CookieTokenStoreAdapterTest.java 18(+15 -3)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CookieTokenStoreAdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CookieTokenStoreAdapterTest.java
index 405609c..243a626 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CookieTokenStoreAdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CookieTokenStoreAdapterTest.java
@@ -45,11 +45,23 @@ public class CookieTokenStoreAdapterTest {
             manager.importRealm(representation);
 
             URL url = getClass().getResource("/adapter-test/cust-app-keycloak.json");
-            deployApplication("customer-portal", "/customer-portal", CustomerServlet.class, url.getPath(), "user");
+            createApplicationDeployment()
+                    .name("customer-portal").contextPath("/customer-portal")
+                    .servletClass(CustomerServlet.class).adapterConfigPath(url.getPath())
+                    .role("user").deployApplication();
+
             url = getClass().getResource("/adapter-test/cust-app-cookie-keycloak.json");
-            deployApplication("customer-cookie-portal", "/customer-cookie-portal", CustomerServlet.class, url.getPath(), "user");
+            createApplicationDeployment()
+                    .name("customer-cookie-portal").contextPath("/customer-cookie-portal")
+                    .servletClass(CustomerServlet.class).adapterConfigPath(url.getPath())
+                    .role("user").deployApplication();
+
             url = getClass().getResource("/adapter-test/customer-db-keycloak.json");
-            deployApplication("customer-db", "/customer-db", CustomerDatabaseServlet.class, url.getPath(), "user");
+            createApplicationDeployment()
+                    .name("customer-db").contextPath("/customer-db")
+                    .servletClass(CustomerDatabaseServlet.class).adapterConfigPath(url.getPath())
+                    .role("user")
+                    .errorPage(null).deployApplication();
         }
     };

testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/MultiTenancyTest.java 7(+6 -1)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/MultiTenancyTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/MultiTenancyTest.java
index 83f3ff6..7c95796 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/MultiTenancyTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/MultiTenancyTest.java
@@ -26,6 +26,7 @@ import org.keycloak.models.RealmModel;
 import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.services.managers.RealmManager;
+import org.keycloak.testsuite.federation.KerberosCredDelegServlet;
 import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.rule.AbstractKeycloakRule;
 import org.keycloak.testsuite.rule.WebResource;
@@ -57,7 +58,11 @@ public class MultiTenancyTest {
             RealmRepresentation tenant2 = KeycloakServer.loadJson(getClass().getResourceAsStream("/adapter-test/tenant2-realm.json"), RealmRepresentation.class);
             manager.importRealm(tenant2);
 
-            deployApplication("multi-tenant", "/multi-tenant", MultiTenantServlet.class, null, "user", true, MultiTenantResolver.class);
+            createApplicationDeployment()
+                    .name("multi-tenant").contextPath("/multi-tenant")
+                    .servletClass(MultiTenantServlet.class)
+                    .role("user")
+                    .keycloakConfigResolver(MultiTenantResolver.class).deployApplication();
         }
 
         protected String[] getTestRealms() {

testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java 66(+29 -37)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java
index 4ec20a8..6283718 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java
@@ -26,6 +26,7 @@ import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.OAuth2Constants;
+import org.keycloak.admin.client.Keycloak;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.ClientSessionModel;
 import org.keycloak.models.Constants;
@@ -56,6 +57,7 @@ import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.UriBuilder;
 import java.net.URL;
 import java.security.PublicKey;
+import java.util.List;
 import java.util.Map;
 
 /**
@@ -80,25 +82,26 @@ public class RelativeUriAdapterTest {
             realmPublicKey = realm.getPublicKey();
 
             URL url = getClass().getResource("/adapter-test/cust-app-keycloak-relative.json");
-            deployApplication("customer-portal", "/customer-portal", CustomerServlet.class, url.getPath(), "user");
+            createApplicationDeployment()
+                    .name("customer-portal").contextPath("/customer-portal")
+                    .servletClass(CustomerServlet.class).adapterConfigPath(url.getPath())
+                    .role("user").deployApplication();
+
             url = getClass().getResource("/adapter-test/customer-db-keycloak-relative.json");
-            deployApplication("customer-db", "/customer-db", CustomerDatabaseServlet.class, url.getPath(), "user");
-            url = getClass().getResource("/adapter-test/product-keycloak-relative.json");
-            deployApplication("product-portal", "/product-portal", ProductServlet.class, url.getPath(), "user");
-            ClientModel adminConsole = adminRealm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
-            TokenManager tm = new TokenManager();
-            UserModel admin = session.users().getUserByUsername("admin", adminRealm);
-            ClientSessionModel clientSession = session.sessions().createClientSession(realm, adminConsole);
-            clientSession.setNote(OIDCLoginProtocol.ISSUER, "http://localhost:8081/auth/realms/master");
-            UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "user", null, "form", false, null, null);
-            AccessToken token = tm.createClientAccessToken(session, tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession, clientSession);
-            adminToken = tm.encodeToken(adminRealm, token);
+            createApplicationDeployment()
+                    .name("customer-db").contextPath("/customer-db")
+                    .servletClass(CustomerDatabaseServlet.class).adapterConfigPath(url.getPath())
+                    .role("user")
+                    .errorPage(null).deployApplication();
 
+            url = getClass().getResource("/adapter-test/product-keycloak-relative.json");
+            createApplicationDeployment()
+                    .name("product-portal").contextPath("/product-portal")
+                    .servletClass(ProductServlet.class).adapterConfigPath(url.getPath())
+                    .role("user").deployApplication();
         }
     };
 
-    public static String adminToken;
-
     @Rule
     public WebRule webRule = new WebRule(this);
 
@@ -115,42 +118,33 @@ public class RelativeUriAdapterTest {
     public void testLoginSSOAndLogout() throws Exception {
         // test login to customer-portal which does a bearer request to customer-db
         driver.navigate().to("http://localhost:8081/customer-portal");
-        System.out.println("Current url: " + driver.getCurrentUrl());
         Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
         loginPage.login("bburke@redhat.com", "password");
-        System.out.println("Current url: " + driver.getCurrentUrl());
         Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/customer-portal");
         String pageSource = driver.getPageSource();
-        System.out.println(pageSource);
         Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
 
         // test SSO
         driver.navigate().to("http://localhost:8081/product-portal");
         Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/product-portal");
         pageSource = driver.getPageSource();
-        System.out.println(pageSource);
         Assert.assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad"));
 
         // View stats
-        Client client = ClientBuilder.newClient();
-        UriBuilder authBase = UriBuilder.fromUri("http://localhost:8081/auth");
-        WebTarget adminTarget = client.target(AdminRoot.realmsUrl(authBase)).path("demo");
-        Map<String, Integer> stats = adminTarget.path("client-session-stats").request()
-                .header(HttpHeaders.AUTHORIZATION, "Bearer " + adminToken)
-                .get(new GenericType<Map<String, Integer>>(){});
-
-        Integer custSessionsCount = stats.get("customer-portal");
-        Assert.assertNotNull(custSessionsCount);
-        Assert.assertTrue(1 == custSessionsCount);
-        Integer prodStatsCount = stats.get("product-portal");
-        Assert.assertNotNull(prodStatsCount);
-        Assert.assertTrue(1 == prodStatsCount);
-
-        client.close();
-
+        List<Map<String, String>> stats = Keycloak.getInstance("http://localhost:8081/auth", "master", "admin", "admin", "security-admin-console").realm("demo").getClientSessionStats();
+        Map<String, String> customerPortalStats = null;
+        Map<String, String> productPortalStats = null;
+        for (Map<String, String> s : stats) {
+            if (s.get("clientId").equals("customer-portal")) {
+                customerPortalStats = s;
+            } else if (s.get("clientId").equals("product-portal")) {
+                productPortalStats = s;
+            }
+        }
+        Assert.assertEquals(1, Integer.parseInt(customerPortalStats.get("active")));
+        Assert.assertEquals(1, Integer.parseInt(productPortalStats.get("active")));
 
         // test logout
-
         String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
                 .queryParam(OAuth2Constants.REDIRECT_URI, "/customer-portal").build("demo").toString();
         driver.navigate().to(logoutUri);
@@ -159,8 +153,6 @@ public class RelativeUriAdapterTest {
         Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
         driver.navigate().to("http://localhost:8081/customer-portal");
         Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-
-
     }
 
     @Test

testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AbstractClientTest.java 4(+0 -4)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AbstractClientTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AbstractClientTest.java
index 1a8c554..cfc9270 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AbstractClientTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AbstractClientTest.java
@@ -39,8 +39,6 @@ public abstract class AbstractClientTest {
         keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
             @Override
             public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                adminstrationRealm.setPasswordCredentialGrantAllowed(true);
-
                 RealmModel testRealm = manager.createRealm(REALM_NAME);
                 testRealm.setEnabled(true);
                 KeycloakModelUtils.generateRealmKeys(testRealm);
@@ -58,8 +56,6 @@ public abstract class AbstractClientTest {
         keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
             @Override
             public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                adminstrationRealm.setPasswordCredentialGrantAllowed(false);
-
                 RealmModel realm = manager.getRealmByName(REALM_NAME);
                 if (realm != null) {
                     manager.removeRealm(realm);

testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java 2(+1 -1)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java
index afee212..3bde1cb 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java
@@ -236,12 +236,12 @@ public class AdminAPITest {
         if (rep.getQuickLoginCheckMilliSeconds() != null) Assert.assertEquals(rep.getQuickLoginCheckMilliSeconds(), storedRealm.getQuickLoginCheckMilliSeconds());
         if (rep.getMaxDeltaTimeSeconds() != null) Assert.assertEquals(rep.getMaxDeltaTimeSeconds(), storedRealm.getMaxDeltaTimeSeconds());
         if (rep.getFailureFactor() != null) Assert.assertEquals(rep.getFailureFactor(), storedRealm.getFailureFactor());
-        if (rep.isPasswordCredentialGrantAllowed() != null) Assert.assertEquals(rep.isPasswordCredentialGrantAllowed(), storedRealm.isPasswordCredentialGrantAllowed());
         if (rep.isRegistrationAllowed() != null) Assert.assertEquals(rep.isRegistrationAllowed(), storedRealm.isRegistrationAllowed());
         if (rep.isRegistrationEmailAsUsername() != null) Assert.assertEquals(rep.isRegistrationEmailAsUsername(), storedRealm.isRegistrationEmailAsUsername());
         if (rep.isRememberMe() != null) Assert.assertEquals(rep.isRememberMe(), storedRealm.isRememberMe());
         if (rep.isVerifyEmail() != null) Assert.assertEquals(rep.isVerifyEmail(), storedRealm.isVerifyEmail());
         if (rep.isResetPasswordAllowed() != null) Assert.assertEquals(rep.isResetPasswordAllowed(), storedRealm.isResetPasswordAllowed());
+        if (rep.isEditUsernameAllowed() != null) Assert.assertEquals(rep.isEditUsernameAllowed(), storedRealm.isEditUsernameAllowed());
         if (rep.getSslRequired() != null) Assert.assertEquals(rep.getSslRequired(), storedRealm.getSslRequired());
         if (rep.getAccessCodeLifespan() != null) Assert.assertEquals(rep.getAccessCodeLifespan(), storedRealm.getAccessCodeLifespan());
         if (rep.getAccessCodeLifespanUserAction() != null)

testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java 33(+33 -0)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java
new file mode 100644
index 0000000..a0b23c1
--- /dev/null
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java
@@ -0,0 +1,33 @@
+package org.keycloak.testsuite.admin;
+
+import org.keycloak.admin.client.resource.ClientResource;
+import org.keycloak.admin.client.resource.RealmResource;
+import org.keycloak.representations.idm.ClientRepresentation;
+
+import javax.ws.rs.core.Response;
+import java.net.URI;
+
+/**
+ * Created by st on 28.05.15.
+ */
+public class ApiUtil {
+
+    public static String getCreatedId(Response response) {
+        URI location = response.getLocation();
+        if (location == null) {
+            return null;
+        }
+        String path = location.getPath();
+        return path.substring(path.lastIndexOf('/') + 1);
+    }
+
+    public static ClientResource findClientByClientId(RealmResource realm, String clientId) {
+        for (ClientRepresentation c : realm.clients().findAll()) {
+            if (c.getClientId().equals(clientId)) {
+                return realm.clients().get(c.getId());
+            }
+        }
+        return null;
+    }
+
+}

testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ClientTest.java 43(+27 -16)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ClientTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
index 9d2fa9d..c30ee36 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
@@ -45,28 +45,36 @@ public class ClientTest extends AbstractClientTest {
         assertNames(realm.clients().findAll(), "account", "realm-management", "security-admin-console", "broker");
     }
 
-    @Test
-    public void createClient() {
+    private String createClient() {
         ClientRepresentation rep = new ClientRepresentation();
         rep.setClientId("my-app");
         rep.setEnabled(true);
-        realm.clients().create(rep);
+        Response response = realm.clients().create(rep);
+        response.close();
+        return ApiUtil.getCreatedId(response);
+    }
+
+    @Test
+    public void createClientVerify() {
+        String id = createClient();
 
+        assertNotNull(realm.clients().get(id));
         assertNames(realm.clients().findAll(), "account", "realm-management", "security-admin-console", "broker", "my-app");
     }
 
     @Test
     public void removeClient() {
-        createClient();
+        String id = createClient();
 
-        realm.clients().get("my-app").remove();
+        realm.clients().get(id).remove();
     }
 
     @Test
     public void getClientRepresentation() {
-        createClient();
+        String id = createClient();
 
-        ClientRepresentation rep = realm.clients().get("my-app").toRepresentation();
+        ClientRepresentation rep = realm.clients().get(id).toRepresentation();
+        assertEquals(id, rep.getId());
         assertEquals("my-app", rep.getClientId());
         assertTrue(rep.isEnabled());
     }
@@ -81,7 +89,7 @@ public class ClientTest extends AbstractClientTest {
         OAuthClient.AccessTokenResponse response2 = oauth.doAccessTokenRequest(codeResponse.getCode(), "password");
         assertEquals(200, response2.getStatusCode());
 
-        ClientResource app = keycloak.realm("test").clients().get("test-app");
+        ClientResource app = ApiUtil.findClientByClientId(keycloak.realm("test"), "test-app");
 
         assertEquals(2, (long) app.getApplicationSessionCount().get("count"));
 
@@ -96,26 +104,28 @@ public class ClientTest extends AbstractClientTest {
         ClientRepresentation rep = new ClientRepresentation();
         rep.setClientId("my-app");
         rep.setEnabled(true);
-        realm.clients().create(rep);
+        Response response = realm.clients().create(rep);
+        response.close();
+        String id = ApiUtil.getCreatedId(response);
 
         RoleRepresentation role = new RoleRepresentation("test", "test");
-        realm.clients().get("my-app").roles().create(role);
+        realm.clients().get(id).roles().create(role);
 
-        rep = realm.clients().get("my-app").toRepresentation();
+        rep = realm.clients().get(id).toRepresentation();
         rep.setDefaultRoles(new String[] { "test" });
-        realm.clients().get("my-app").update(rep);
+        realm.clients().get(id).update(rep);
 
-        assertArrayEquals(new String[] { "test" }, realm.clients().get("my-app").toRepresentation().getDefaultRoles());
+        assertArrayEquals(new String[] { "test" }, realm.clients().get(id).toRepresentation().getDefaultRoles());
 
-        realm.clients().get("my-app").roles().deleteRole("test");
+        realm.clients().get(id).roles().deleteRole("test");
 
-        assertNull(realm.clients().get("my-app").toRepresentation().getDefaultRoles());
+        assertNull(realm.clients().get(id).toRepresentation().getDefaultRoles());
     }
 
     @Test
     public void testProtocolMappers() {
         createClient();
-        ProtocolMappersResource mappersResource = realm.clients().get("my-app").getProtocolMappers();
+        ProtocolMappersResource mappersResource = ApiUtil.findClientByClientId(realm, "my-app").getProtocolMappers();
 
         protocolMappersTest(mappersResource);
     }
@@ -171,4 +181,5 @@ public class ClientTest extends AbstractClientTest {
         } catch (NotFoundException nfe) {
         }
     }
+
 }

testsuite/integration/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java 3(+2 -1)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java
index 80cc7a0..a7bae96 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java
@@ -52,7 +52,8 @@ public class IdentityProviderTest extends AbstractClientTest {
         assertEquals("clientSecret", representation.getConfig().get("clientSecret"));
         assertTrue(representation.isEnabled());
         assertFalse(representation.isStoreToken());
-        assertTrue(representation.isUpdateProfileFirstLogin());
+        assertEquals(IdentityProviderRepresentation.UPFLM_ON, representation.getUpdateProfileFirstLoginMode());
+        assertFalse(representation.isTrustEmail());
     }
 
     @Test

testsuite/integration/src/test/java/org/keycloak/testsuite/admin/RealmTest.java 4(+4 -0)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/RealmTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/RealmTest.java
index 1b02d0b..6cf6427 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/RealmTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/RealmTest.java
@@ -71,6 +71,7 @@ public class RealmTest extends AbstractClientTest {
         rep.setAccessCodeLifespanLogin(1234);
         rep.setRegistrationAllowed(true);
         rep.setRegistrationEmailAsUsername(true);
+        rep.setEditUsernameAllowed(true);
 
         realm.update(rep);
 
@@ -81,16 +82,19 @@ public class RealmTest extends AbstractClientTest {
         assertEquals(1234, rep.getAccessCodeLifespanLogin().intValue());
         assertEquals(Boolean.TRUE, rep.isRegistrationAllowed());
         assertEquals(Boolean.TRUE, rep.isRegistrationEmailAsUsername());
+        assertEquals(Boolean.TRUE, rep.isEditUsernameAllowed());
 
         // second change
         rep.setRegistrationAllowed(false);
         rep.setRegistrationEmailAsUsername(false);
+        rep.setEditUsernameAllowed(false);
 
         realm.update(rep);
 
         rep = realm.toRepresentation();
         assertEquals(Boolean.FALSE, rep.isRegistrationAllowed());
         assertEquals(Boolean.FALSE, rep.isRegistrationEmailAsUsername());
+        assertEquals(Boolean.FALSE, rep.isEditUsernameAllowed());
     }
 
     @Test

testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java 318(+241 -77)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java
index 756b1ab..42dd464 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java
@@ -1,13 +1,13 @@
 package org.keycloak.testsuite.admin;
 
 import org.junit.Assert;
-import org.junit.Ignore;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.IdentityProviderResource;
 import org.keycloak.admin.client.resource.UserResource;
 import org.keycloak.representations.idm.ErrorRepresentation;
 import org.keycloak.representations.idm.FederatedIdentityRepresentation;
 import org.keycloak.representations.idm.IdentityProviderRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 
 import javax.ws.rs.ClientErrorException;
@@ -24,104 +24,94 @@ import static org.junit.Assert.fail;
  */
 public class UserTest extends AbstractClientTest {
 
-    @Test
-    public void createUser() {
+    public String createUser() {
         UserRepresentation user = new UserRepresentation();
         user.setUsername("user1");
         user.setEmail("user1@localhost");
 
-        realm.users().create(user);
+        Response response = realm.users().create(user);
+        String createdId = ApiUtil.getCreatedId(response);
+        response.close();
+        return createdId;
+    }
+
+    @Test
+    public void verifyCreateUser() {
+        createUser();
     }
 
     @Test
     public void createDuplicatedUser1() {
         createUser();
 
-        try {
-            UserRepresentation user = new UserRepresentation();
-            user.setUsername("user1");
-            realm.users().create(user);
-            fail("Expected failure");
-        } catch (ClientErrorException e) {
-            assertEquals(409, e.getResponse().getStatus());
+        UserRepresentation user = new UserRepresentation();
+        user.setUsername("user1");
+        Response response = realm.users().create(user);
+        assertEquals(409, response.getStatus());
 
-            // Just to show how to retrieve underlying error message
-            ErrorRepresentation error = e.getResponse().readEntity(ErrorRepresentation.class);
-            Assert.assertEquals("User exists with same username", error.getErrorMessage());
-        }
+        // Just to show how to retrieve underlying error message
+        ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
+        Assert.assertEquals("User exists with same username", error.getErrorMessage());
+
+        response.close();
     }
-    
+
     @Test
     public void createDuplicatedUser2() {
         createUser();
 
-        try {
-            UserRepresentation user = new UserRepresentation();
-            user.setUsername("user2");
-            user.setEmail("user1@localhost");
-            realm.users().create(user);
-            fail("Expected failure");
-        } catch (ClientErrorException e) {
-            assertEquals(409, e.getResponse().getStatus());
-        }
+        UserRepresentation user = new UserRepresentation();
+        user.setUsername("user2");
+        user.setEmail("user1@localhost");
+        Response response = realm.users().create(user);
+        assertEquals(409, response.getStatus());
+        response.close();
     }
     
     @Test
     public void createDuplicatedUser3() {
         createUser();
 
-        try {
-            UserRepresentation user = new UserRepresentation();
-            user.setUsername("User1");
-            realm.users().create(user);
-            fail("Expected failure");
-        } catch (ClientErrorException e) {
-            assertEquals(409, e.getResponse().getStatus());
-        }
+        UserRepresentation user = new UserRepresentation();
+        user.setUsername("User1");
+        Response response = realm.users().create(user);
+        assertEquals(409, response.getStatus());
+        response.close();
     }
     
     @Test
     public void createDuplicatedUser4() {
         createUser();
 
-        try {
-            UserRepresentation user = new UserRepresentation();
-            user.setUsername("USER1");
-            realm.users().create(user);
-            fail("Expected failure");
-        } catch (ClientErrorException e) {
-            assertEquals(409, e.getResponse().getStatus());
-        }
+        UserRepresentation user = new UserRepresentation();
+        user.setUsername("USER1");
+        Response response = realm.users().create(user);
+        assertEquals(409, response.getStatus());
+        response.close();
     }
 
     @Test
     public void createDuplicatedUser5() {
         createUser();
 
-        try {
-            UserRepresentation user = new UserRepresentation();
-            user.setUsername("user2");
-            user.setEmail("User1@localhost");
-            realm.users().create(user);
-            fail("Expected failure");
-        } catch (ClientErrorException e) {
-            assertEquals(409, e.getResponse().getStatus());
-        }
+        UserRepresentation user = new UserRepresentation();
+        user.setUsername("user2");
+        user.setEmail("User1@localhost");
+        Response response = realm.users().create(user);
+        assertEquals(409, response.getStatus());
+        response.close();
     }
     
     @Test
     public void createDuplicatedUser6() {
         createUser();
 
-        try {
-            UserRepresentation user = new UserRepresentation();
-            user.setUsername("user2");
-            user.setEmail("user1@LOCALHOST");
-            realm.users().create(user);
-            fail("Expected failure");
-        } catch (ClientErrorException e) {
-            assertEquals(409, e.getResponse().getStatus());
-        }
+        UserRepresentation user = new UserRepresentation();
+        user.setUsername("user2");
+        user.setEmail("user1@LOCALHOST");
+        Response response = realm.users().create(user);
+        assertEquals(409, response.getStatus());
+        response.close();
     }
     
     private void createUsers() {
@@ -132,7 +122,7 @@ public class UserTest extends AbstractClientTest {
             user.setFirstName("First" + i);
             user.setLastName("Last" + i);
 
-            realm.users().create(user);
+            realm.users().create(user).close();
         }
     }
 
@@ -200,8 +190,8 @@ public class UserTest extends AbstractClientTest {
         addSampleIdentityProvider();
 
         // Add sample user
-        createUser();
-        UserResource user = realm.users().get("user1");
+        String id = createUser();
+        UserResource user = realm.users().get(id);
         assertEquals(0, user.getFederatedIdentity().size());
 
         // Add social link to the user
@@ -212,7 +202,7 @@ public class UserTest extends AbstractClientTest {
         assertEquals(204, response.getStatus());
 
         // Verify social link is here
-        user = realm.users().get("user1");
+        user = realm.users().get(id);
         List<FederatedIdentityRepresentation> federatedIdentities = user.getFederatedIdentity();
         assertEquals(1, federatedIdentities.size());
         link = federatedIdentities.get(0);
@@ -245,9 +235,9 @@ public class UserTest extends AbstractClientTest {
 
     @Test
     public void addRequiredAction() {
-        createUser();
+        String id = createUser();
 
-        UserResource user = realm.users().get("user1");
+        UserResource user = realm.users().get(id);
         assertTrue(user.toRepresentation().getRequiredActions().isEmpty());
 
         UserRepresentation userRep = user.toRepresentation();
@@ -260,10 +250,17 @@ public class UserTest extends AbstractClientTest {
 
     @Test
     public void removeRequiredAction() {
-        addRequiredAction();
+        String id = createUser();
+
+        UserResource user = realm.users().get(id);
+        assertTrue(user.toRepresentation().getRequiredActions().isEmpty());
 
-        UserResource user = realm.users().get("user1");
         UserRepresentation userRep = user.toRepresentation();
+        userRep.getRequiredActions().add("UPDATE_PASSWORD");
+        user.update(userRep);
+
+        user = realm.users().get(id);
+        userRep = user.toRepresentation();
         userRep.getRequiredActions().clear();
         user.update(userRep);
 
@@ -276,20 +273,25 @@ public class UserTest extends AbstractClientTest {
         user1.setUsername("user1");
         user1.attribute("attr1", "value1user1");
         user1.attribute("attr2", "value2user1");
-        realm.users().create(user1);
+
+        Response response = realm.users().create(user1);
+        String user1Id = ApiUtil.getCreatedId(response);
+        response.close();
 
         UserRepresentation user2 = new UserRepresentation();
         user2.setUsername("user2");
         user2.attribute("attr1", "value1user2");
         user2.attribute("attr2", "value2user2");
-        realm.users().create(user2);
 
-        user1 = realm.users().get("user1").toRepresentation();
+        response = realm.users().create(user2);
+        String user2Id = ApiUtil.getCreatedId(response);
+        response.close();
+        user1 = realm.users().get(user1Id).toRepresentation();
         assertEquals(2, user1.getAttributes().size());
         assertEquals("value1user1", user1.getAttributes().get("attr1"));
         assertEquals("value2user1", user1.getAttributes().get("attr2"));
 
-        user2 = realm.users().get("user2").toRepresentation();
+        user2 = realm.users().get(user2Id).toRepresentation();
         assertEquals(2, user2.getAttributes().size());
         assertEquals("value1user2", user2.getAttributes().get("attr1"));
         assertEquals("value2user2", user2.getAttributes().get("attr2"));
@@ -297,27 +299,189 @@ public class UserTest extends AbstractClientTest {
         user1.attribute("attr1", "value3user1");
         user1.attribute("attr3", "value4user1");
 
-        realm.users().get("user1").update(user1);
+        realm.users().get(user1Id).update(user1);
 
-        user1 = realm.users().get("user1").toRepresentation();
+        user1 = realm.users().get(user1Id).toRepresentation();
         assertEquals(3, user1.getAttributes().size());
         assertEquals("value3user1", user1.getAttributes().get("attr1"));
         assertEquals("value2user1", user1.getAttributes().get("attr2"));
         assertEquals("value4user1", user1.getAttributes().get("attr3"));
 
         user1.getAttributes().remove("attr1");
-        realm.users().get("user1").update(user1);
+        realm.users().get(user1Id).update(user1);
 
-        user1 = realm.users().get("user1").toRepresentation();
+        user1 = realm.users().get(user1Id).toRepresentation();
         assertEquals(2, user1.getAttributes().size());
         assertEquals("value2user1", user1.getAttributes().get("attr2"));
         assertEquals("value4user1", user1.getAttributes().get("attr3"));
 
         user1.getAttributes().clear();
-        realm.users().get("user1").update(user1);
+        realm.users().get(user1Id).update(user1);
 
-        user1 = realm.users().get("user1").toRepresentation();
+        user1 = realm.users().get(user1Id).toRepresentation();
         assertNull(user1.getAttributes());
     }
 
+    @Test
+    public void sendResetPasswordEmail() {
+        UserRepresentation userRep = new UserRepresentation();
+        userRep.setUsername("user1");
+        Response response = realm.users().create(userRep);
+        String id = ApiUtil.getCreatedId(response);
+        response.close();
+        UserResource user = realm.users().get(id);
+
+        try {
+            user.resetPasswordEmail();
+            fail("Expected failure");
+        } catch (ClientErrorException e) {
+            assertEquals(400, e.getResponse().getStatus());
+
+            ErrorRepresentation error = e.getResponse().readEntity(ErrorRepresentation.class);
+            Assert.assertEquals("User email missing", error.getErrorMessage());
+        }
+        try {
+            userRep = user.toRepresentation();
+            userRep.setEmail("user1@localhost");
+            userRep.setEnabled(false);
+            user.update(userRep);
+            user.resetPasswordEmail();
+            fail("Expected failure");
+        } catch (ClientErrorException e) {
+            assertEquals(400, e.getResponse().getStatus());
+
+            ErrorRepresentation error = e.getResponse().readEntity(ErrorRepresentation.class);
+            Assert.assertEquals("User is disabled", error.getErrorMessage());
+        }
+        try {
+            userRep.setEnabled(true);
+            user.update(userRep);
+            user.resetPasswordEmail("invalidClientId");
+            fail("Expected failure");
+        } catch (ClientErrorException e) {
+            assertEquals(400, e.getResponse().getStatus());
+
+            ErrorRepresentation error = e.getResponse().readEntity(ErrorRepresentation.class);
+            Assert.assertEquals("invalidClientId not enabled", error.getErrorMessage());
+        }
+    }
+
+    @Test
+    public void sendVerifyEmail() {
+        UserRepresentation userRep = new UserRepresentation();
+        userRep.setUsername("user1");
+        Response response = realm.users().create(userRep);
+        String id = ApiUtil.getCreatedId(response);
+        response.close();
+
+        UserResource user = realm.users().get(id);
+
+        try {
+            user.sendVerifyEmail();
+            fail("Expected failure");
+        } catch (ClientErrorException e) {
+            assertEquals(400, e.getResponse().getStatus());
+
+            ErrorRepresentation error = e.getResponse().readEntity(ErrorRepresentation.class);
+            Assert.assertEquals("User email missing", error.getErrorMessage());
+        }
+        try {
+            userRep = user.toRepresentation();
+            userRep.setEmail("user1@localhost");
+            userRep.setEnabled(false);
+            user.update(userRep);
+            user.sendVerifyEmail();
+            fail("Expected failure");
+        } catch (ClientErrorException e) {
+            assertEquals(400, e.getResponse().getStatus());
+
+            ErrorRepresentation error = e.getResponse().readEntity(ErrorRepresentation.class);
+            Assert.assertEquals("User is disabled", error.getErrorMessage());
+        }
+        try {
+            userRep.setEnabled(true);
+            user.update(userRep);
+            user.sendVerifyEmail("invalidClientId");
+            fail("Expected failure");
+        } catch (ClientErrorException e) {
+            assertEquals(400, e.getResponse().getStatus());
+
+            ErrorRepresentation error = e.getResponse().readEntity(ErrorRepresentation.class);
+            Assert.assertEquals("invalidClientId not enabled", error.getErrorMessage());
+        }
+    }
+
+    @Test
+    public void updateUserWithNewUsername() {
+        switchEditUsernameAllowedOn();
+        String id = createUser();
+
+        UserResource user = realm.users().get(id);
+        UserRepresentation userRep = user.toRepresentation();
+        userRep.setUsername("user11");
+        user.update(userRep);
+
+        userRep = realm.users().get(id).toRepresentation();
+        assertEquals("user11", userRep.getUsername());
+    }
+
+    @Test
+    public void updateUserWithNewUsernameNotPossible() {
+        String id = createUser();
+
+        UserResource user = realm.users().get(id);
+        UserRepresentation userRep = user.toRepresentation();
+        userRep.setUsername("user11");
+        user.update(userRep);
+
+        userRep = realm.users().get(id).toRepresentation();
+        assertEquals("user1", userRep.getUsername());
+    }
+
+    @Test
+    public void updateUserWithNewUsernameAccessingViaOldUsername() {
+        switchEditUsernameAllowedOn();
+        createUser();
+
+        try {
+            UserResource user = realm.users().get("user1");
+            UserRepresentation userRep = user.toRepresentation();
+            userRep.setUsername("user1");
+            user.update(userRep);
+
+            realm.users().get("user11").toRepresentation();
+            fail("Expected failure");
+        } catch (ClientErrorException e) {
+            assertEquals(404, e.getResponse().getStatus());
+        }
+    }
+
+    @Test
+    public void updateUserWithExistingUsername() {
+        switchEditUsernameAllowedOn();
+        createUser();
+
+        UserRepresentation userRep = new UserRepresentation();
+        userRep.setUsername("user2");
+        Response response = realm.users().create(userRep);
+        String createdId = ApiUtil.getCreatedId(response);
+        response.close();
+
+        try {
+            UserResource user = realm.users().get(createdId);
+            userRep = user.toRepresentation();
+            userRep.setUsername("user1");
+            user.update(userRep);
+            fail("Expected failure");
+        } catch (ClientErrorException e) {
+            assertEquals(409, e.getResponse().getStatus());
+        }
+    }
+
+    private void switchEditUsernameAllowedOn() {
+        RealmRepresentation rep = realm.toRepresentation();
+        rep.setEditUsernameAllowed(true);
+        realm.update(rep);
+    }
+
 }

testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java 226(+198 -28)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
index 1ad0207..3f4ffa5 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
@@ -34,7 +34,9 @@ import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.UserModel.RequiredAction;
 import org.keycloak.representations.IDToken;
+import org.keycloak.representations.idm.IdentityProviderRepresentation;
 import org.keycloak.services.Urls;
+import org.keycloak.testsuite.MailUtil;
 import org.keycloak.testsuite.OAuthClient;
 import org.keycloak.testsuite.broker.util.UserSessionStatusServlet.UserSessionStatus;
 import org.keycloak.testsuite.pages.AccountFederatedIdentityPage;
@@ -42,6 +44,8 @@ import org.keycloak.testsuite.pages.AccountPasswordPage;
 import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.pages.LoginUpdateProfilePage;
 import org.keycloak.testsuite.pages.OAuthGrantPage;
+import org.keycloak.testsuite.pages.VerifyEmailPage;
+import org.keycloak.testsuite.rule.GreenMailRule;
 import org.keycloak.testsuite.rule.WebResource;
 import org.keycloak.testsuite.rule.WebRule;
 import org.openqa.selenium.By;
@@ -49,6 +53,9 @@ import org.openqa.selenium.NoSuchElementException;
 import org.openqa.selenium.WebDriver;
 import org.openqa.selenium.WebElement;
 
+import javax.mail.MessagingException;
+import javax.mail.Multipart;
+import javax.mail.internet.MimeMessage;
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.ClientBuilder;
 import javax.ws.rs.client.ClientRequestContext;
@@ -58,6 +65,7 @@ import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 import javax.ws.rs.core.UriBuilder;
+
 import java.io.IOException;
 import java.net.URI;
 import java.util.List;
@@ -91,6 +99,13 @@ public abstract class AbstractIdentityProviderTest {
     @WebResource
     private LoginUpdateProfilePage updateProfilePage;
 
+
+    @WebResource
+    protected VerifyEmailPage verifyEmailPage;
+
+    @Rule
+    public GreenMailRule greenMail = new GreenMailRule();
+
     @WebResource
     protected OAuthClient oauth;
 
@@ -123,17 +138,106 @@ public abstract class AbstractIdentityProviderTest {
     @Test
     public void testSuccessfulAuthentication() {
         IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+        identityProviderModel.setUpdateProfileFirstLoginMode(IdentityProviderRepresentation.UPFLM_ON);
 
-        UserModel user = assertSuccessfulAuthentication(identityProviderModel, "test-user", "new@email.com");
+        UserModel user = assertSuccessfulAuthentication(identityProviderModel, "test-user", "new@email.com", true);
         Assert.assertEquals("617-666-7777", user.getAttribute("mobile"));
     }
 
     @Test
+    public void testSuccessfulAuthenticationUpdateProfileOnMissing_nothingMissing() {
+        IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+        identityProviderModel.setUpdateProfileFirstLoginMode(IdentityProviderRepresentation.UPFLM_MISSING);
+
+        assertSuccessfulAuthentication(identityProviderModel, "test-user", "test-user@localhost", false);
+    }
+
+    @Test
+    public void testSuccessfulAuthenticationUpdateProfileOnMissing_missingEmail() {
+        IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+        identityProviderModel.setUpdateProfileFirstLoginMode(IdentityProviderRepresentation.UPFLM_MISSING);
+
+        assertSuccessfulAuthentication(identityProviderModel, "test-user-noemail", "new@email.com", true);
+    }
+
+    @Test
     public void testSuccessfulAuthenticationWithoutUpdateProfile() {
         IdentityProviderModel identityProviderModel = getIdentityProviderModel();
-        identityProviderModel.setUpdateProfileFirstLogin(false);
+        identityProviderModel.setUpdateProfileFirstLoginMode(IdentityProviderRepresentation.UPFLM_OFF);
 
-        assertSuccessfulAuthentication(identityProviderModel, "test-user", "test-user@localhost");
+        assertSuccessfulAuthentication(identityProviderModel, "test-user", "test-user@localhost", false);
+    }
+
+    /**
+     * Test that verify email action is performed if email is provided and email trust is not enabled for the provider
+     * 
+     * @throws MessagingException
+     * @throws IOException
+     */
+    @Test
+    public void testSuccessfulAuthenticationWithoutUpdateProfile_emailProvided_emailVerifyEnabled() throws IOException, MessagingException {
+        getRealm().setVerifyEmail(true);
+        brokerServerRule.stopSession(this.session, true);
+        this.session = brokerServerRule.startSession();
+
+        IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+        try {
+            identityProviderModel.setUpdateProfileFirstLoginMode(IdentityProviderRepresentation.UPFLM_OFF);
+            identityProviderModel.setTrustEmail(false);
+
+            UserModel federatedUser = assertSuccessfulAuthenticationWithEmailVerification(identityProviderModel, "test-user", "test-user@localhost", false);
+
+            // email is verified now
+            assertFalse(federatedUser.getRequiredActions().contains(RequiredAction.VERIFY_EMAIL.name()));
+
+        } finally {
+            getRealm().setVerifyEmail(false);
+        }
+    }
+
+    private UserModel assertSuccessfulAuthenticationWithEmailVerification(IdentityProviderModel identityProviderModel, String username, String expectedEmail,
+            boolean isProfileUpdateExpected)
+            throws IOException, MessagingException {
+        authenticateWithIdentityProvider(identityProviderModel, username, isProfileUpdateExpected);
+
+        // verify email is sent
+        Assert.assertTrue(verifyEmailPage.isCurrent());
+
+        // read email to take verification link from
+        Assert.assertEquals(1, greenMail.getReceivedMessages().length);
+        MimeMessage message = greenMail.getReceivedMessages()[0];
+        String verificationUrl = getVerificationEmailLink(message);
+
+        driver.navigate().to(verificationUrl.trim());
+
+        // authenticated and redirected to app
+        assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));
+
+        UserModel federatedUser = getFederatedUser();
+
+        assertNotNull(federatedUser);
+
+        doAssertFederatedUser(federatedUser, identityProviderModel, expectedEmail, isProfileUpdateExpected);
+
+        brokerServerRule.stopSession(session, true);
+        session = brokerServerRule.startSession();
+
+        RealmModel realm = getRealm();
+
+        Set<FederatedIdentityModel> federatedIdentities = this.session.users().getFederatedIdentities(federatedUser, realm);
+
+        assertEquals(1, federatedIdentities.size());
+
+        FederatedIdentityModel federatedIdentityModel = federatedIdentities.iterator().next();
+
+        assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider());
+        assertEquals(federatedUser.getUsername(), federatedIdentityModel.getIdentityProvider() + "." + federatedIdentityModel.getUserName());
+
+        driver.navigate().to("http://localhost:8081/test-app/logout");
+        driver.navigate().to("http://localhost:8081/test-app");
+
+        assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
+        return federatedUser;
     }
 
     /**
@@ -147,9 +251,9 @@ public abstract class AbstractIdentityProviderTest {
 
         try {
             IdentityProviderModel identityProviderModel = getIdentityProviderModel();
-            identityProviderModel.setUpdateProfileFirstLogin(false);
+            identityProviderModel.setUpdateProfileFirstLoginMode(IdentityProviderRepresentation.UPFLM_OFF);
 
-            UserModel federatedUser = assertSuccessfulAuthentication(identityProviderModel, "test-user-noemail", null);
+            UserModel federatedUser = assertSuccessfulAuthentication(identityProviderModel, "test-user-noemail", null, false);
 
             assertTrue(federatedUser.getRequiredActions().contains(RequiredAction.VERIFY_EMAIL.name()));
 
@@ -158,6 +262,55 @@ public abstract class AbstractIdentityProviderTest {
         }
     }
 
+    /**
+     * Test for KEYCLOAK-1372 - verify email action is not performed if email is provided but email trust is enabled for the provider
+     */
+    @Test
+    public void testSuccessfulAuthenticationWithoutUpdateProfile_emailProvided_emailVerifyEnabled_emailTrustEnabled() {
+        getRealm().setVerifyEmail(true);
+        brokerServerRule.stopSession(this.session, true);
+        this.session = brokerServerRule.startSession();
+
+        IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+        try {
+            identityProviderModel.setUpdateProfileFirstLoginMode(IdentityProviderRepresentation.UPFLM_OFF);
+            identityProviderModel.setTrustEmail(true);
+
+            UserModel federatedUser = assertSuccessfulAuthentication(identityProviderModel, "test-user", "test-user@localhost", false);
+
+            assertFalse(federatedUser.getRequiredActions().contains(RequiredAction.VERIFY_EMAIL.name()));
+
+        } finally {
+            identityProviderModel.setTrustEmail(false);
+            getRealm().setVerifyEmail(false);
+        }
+    }
+
+    /**
+     * Test for KEYCLOAK-1372 - verify email action is performed if email is provided and email trust is enabled for the provider, but email is changed on First login update profile page
+     * 
+     * @throws MessagingException
+     * @throws IOException
+     */
+    @Test
+    public void testSuccessfulAuthentication_emailTrustEnabled_emailVerifyEnabled_emailUpdatedOnFirstLogin() throws IOException, MessagingException {
+        getRealm().setVerifyEmail(true);
+        brokerServerRule.stopSession(this.session, true);
+        this.session = brokerServerRule.startSession();
+
+        IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+        try {
+            identityProviderModel.setUpdateProfileFirstLoginMode(IdentityProviderRepresentation.UPFLM_ON);
+            identityProviderModel.setTrustEmail(true);
+
+            UserModel user = assertSuccessfulAuthenticationWithEmailVerification(identityProviderModel, "test-user", "new@email.com", true);
+            Assert.assertEquals("617-666-7777", user.getAttribute("mobile"));
+        } finally {
+            identityProviderModel.setTrustEmail(false);
+            getRealm().setVerifyEmail(false);
+        }
+    }
+
     @Test
     public void testSuccessfulAuthenticationWithoutUpdateProfile_newUser_emailAsUsername() {
 
@@ -167,9 +320,9 @@ public abstract class AbstractIdentityProviderTest {
 
         try {
             IdentityProviderModel identityProviderModel = getIdentityProviderModel();
-            identityProviderModel.setUpdateProfileFirstLogin(false);
+            identityProviderModel.setUpdateProfileFirstLoginMode(IdentityProviderRepresentation.UPFLM_OFF);
 
-            authenticateWithIdentityProvider(identityProviderModel, "test-user");
+            authenticateWithIdentityProvider(identityProviderModel, "test-user", false);
 
             // authenticated and redirected to app
             assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));
@@ -186,7 +339,7 @@ public abstract class AbstractIdentityProviderTest {
 
             assertEquals("test-user@localhost", federatedUser.getUsername());
 
-            doAssertFederatedUser(federatedUser, identityProviderModel, "test-user@localhost");
+            doAssertFederatedUser(federatedUser, identityProviderModel, "test-user@localhost", false);
 
             Set<FederatedIdentityModel> federatedIdentities = this.session.users().getFederatedIdentities(federatedUser, realm);
 
@@ -215,9 +368,9 @@ public abstract class AbstractIdentityProviderTest {
 
         try {
             IdentityProviderModel identityProviderModel = getIdentityProviderModel();
-            identityProviderModel.setUpdateProfileFirstLogin(false);
+            identityProviderModel.setUpdateProfileFirstLoginMode(IdentityProviderRepresentation.UPFLM_OFF);
 
-            authenticateWithIdentityProvider(identityProviderModel, "test-user-noemail");
+            authenticateWithIdentityProvider(identityProviderModel, "test-user-noemail", false);
 
             brokerServerRule.stopSession(session, true);
             session = brokerServerRule.startSession();
@@ -275,15 +428,10 @@ public abstract class AbstractIdentityProviderTest {
 
     @Test
     public void testProviderOnLoginPage() {
-        IdentityProviderModel identityProviderModel = getIdentityProviderModel();
-        RealmModel realm = getRealm();
-        ClientModel clientModel = realm.getClientByClientId("test-app");
-
         // Provider button is available on login page
         this.driver.navigate().to("http://localhost:8081/test-app/");
         assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
         loginPage.findSocialButton(getProviderId());
-
      }
 
     @Test
@@ -325,7 +473,7 @@ public abstract class AbstractIdentityProviderTest {
     public void testUserAlreadyExistsWhenNotUpdatingProfile() {
         IdentityProviderModel identityProviderModel = getIdentityProviderModel();
 
-        identityProviderModel.setUpdateProfileFirstLogin(false);
+        identityProviderModel.setUpdateProfileFirstLoginMode(IdentityProviderRepresentation.UPFLM_OFF);
 
         this.driver.navigate().to("http://localhost:8081/test-app/");
 
@@ -390,7 +538,6 @@ public abstract class AbstractIdentityProviderTest {
         revokeGrant();
 
         // Logout from account management
-        String pageSource = driver.getPageSource();
         System.out.println("*** logout from account management");
         accountFederatedIdentityPage.logout();
         assertTrue(driver.getTitle().equals("Log in to realm-with-broker"));
@@ -400,7 +547,6 @@ public abstract class AbstractIdentityProviderTest {
         this.loginPage.clickSocial(identityProviderModel.getAlias());
         this.loginPage.login("test-user", "password");
         doAfterProviderAuthentication();
-        String current = driver.getCurrentUrl();
         this.updateProfilePage.assertCurrent();
     }
 
@@ -465,7 +611,7 @@ public abstract class AbstractIdentityProviderTest {
 
         identityProviderModel.setStoreToken(true);
 
-        authenticateWithIdentityProvider(identityProviderModel, "test-user");
+        authenticateWithIdentityProvider(identityProviderModel, "test-user", true);
 
         UserModel federatedUser = getFederatedUser();
         RealmModel realm = getRealm();
@@ -530,17 +676,18 @@ public abstract class AbstractIdentityProviderTest {
 
     protected abstract void doAssertTokenRetrieval(String pageSource);
 
-    private UserModel assertSuccessfulAuthentication(IdentityProviderModel identityProviderModel, String username, String expectedEmail) {
-        authenticateWithIdentityProvider(identityProviderModel, username);
+    private UserModel assertSuccessfulAuthentication(IdentityProviderModel identityProviderModel, String username, String expectedEmail, boolean isProfileUpdateExpected) {
+        authenticateWithIdentityProvider(identityProviderModel, username, isProfileUpdateExpected);
 
         // authenticated and redirected to app
-        assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));
+        assertTrue("Bad current URL " + this.driver.getCurrentUrl() + " and page source: " + this.driver.getPageSource(),
+                this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));
 
         UserModel federatedUser = getFederatedUser();
 
         assertNotNull(federatedUser);
 
-        doAssertFederatedUser(federatedUser, identityProviderModel, expectedEmail);
+        doAssertFederatedUser(federatedUser, identityProviderModel, expectedEmail, isProfileUpdateExpected);
 
         brokerServerRule.stopSession(session, true);
         session = brokerServerRule.startSession();
@@ -563,11 +710,11 @@ public abstract class AbstractIdentityProviderTest {
         return federatedUser;
     }
 
-    private void authenticateWithIdentityProvider(IdentityProviderModel identityProviderModel, String username) {
+    private void authenticateWithIdentityProvider(IdentityProviderModel identityProviderModel, String username, boolean isProfileUpdateExpected) {
         loginIDP(username);
 
 
-        if (identityProviderModel.isUpdateProfileFirstLogin()) {
+        if (isProfileUpdateExpected) {
             String userEmail = "new@email.com";
             String userFirstName = "New first";
             String userLastName = "New last";
@@ -576,6 +723,7 @@ public abstract class AbstractIdentityProviderTest {
             this.updateProfilePage.assertCurrent();
             this.updateProfilePage.update(userFirstName, userLastName, userEmail);
         }
+
     }
 
     private void loginIDP(String username) {
@@ -621,7 +769,7 @@ public abstract class AbstractIdentityProviderTest {
 
         assertNotNull(identityProviderModel);
 
-        identityProviderModel.setUpdateProfileFirstLogin(true);
+        identityProviderModel.setUpdateProfileFirstLoginMode(IdentityProviderRepresentation.UPFLM_ON);
         identityProviderModel.setEnabled(true);
 
         return identityProviderModel;
@@ -631,8 +779,8 @@ public abstract class AbstractIdentityProviderTest {
         return this.session.realms().getRealm("realm-with-broker");
     }
 
-    protected void doAssertFederatedUser(UserModel federatedUser, IdentityProviderModel identityProviderModel, String expectedEmail) {
-        if (identityProviderModel.isUpdateProfileFirstLogin()) {
+    protected void doAssertFederatedUser(UserModel federatedUser, IdentityProviderModel identityProviderModel, String expectedEmail, boolean isProfileUpdateExpected) {
+        if (isProfileUpdateExpected) {
             String userFirstName = "New first";
             String userLastName = "New last";
 
@@ -677,4 +825,26 @@ public abstract class AbstractIdentityProviderTest {
             }
         }
     }
+    
+    private String getVerificationEmailLink(MimeMessage message) throws IOException, MessagingException {
+    	Multipart multipart = (Multipart) message.getContent();
+    	
+        final String textContentType = multipart.getBodyPart(0).getContentType();
+        
+        assertEquals("text/plain; charset=UTF-8", textContentType);
+        
+        final String textBody = (String) multipart.getBodyPart(0).getContent();
+        final String textVerificationUrl = MailUtil.getLink(textBody);
+    	
+        final String htmlContentType = multipart.getBodyPart(1).getContentType();
+        
+        assertEquals("text/html; charset=UTF-8", htmlContentType);
+        
+        final String htmlBody = (String) multipart.getBodyPart(1).getContent();
+        final String htmlVerificationUrl = MailUtil.getLink(htmlBody);
+        
+        assertEquals(htmlVerificationUrl, textVerificationUrl);
+
+        return htmlVerificationUrl;
+    }
 }

testsuite/integration/src/test/java/org/keycloak/testsuite/broker/BrokerKeyCloakRule.java 13(+11 -2)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/BrokerKeyCloakRule.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/BrokerKeyCloakRule.java
index deb2611..438ab93 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/BrokerKeyCloakRule.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/BrokerKeyCloakRule.java
@@ -20,6 +20,7 @@ package org.keycloak.testsuite.broker;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.services.managers.RealmManager;
+import org.keycloak.testsuite.adapter.CustomerDatabaseServlet;
 import org.keycloak.testsuite.broker.util.UserSessionStatusServlet;
 import org.keycloak.testsuite.rule.AbstractKeycloakRule;
 
@@ -34,8 +35,16 @@ public class BrokerKeyCloakRule extends AbstractKeycloakRule {
     protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
         server.importRealm(getClass().getResourceAsStream("/broker-test/test-realm-with-broker.json"));
         URL url = getClass().getResource("/broker-test/test-app-keycloak.json");
-        deployApplication("test-app", "/test-app", UserSessionStatusServlet.class, url.getPath(), "manager");
-        deployApplication("test-app-allowed-providers", "/test-app-allowed-providers", UserSessionStatusServlet.class, url.getPath(), "manager");
+
+        createApplicationDeployment()
+                .name("test-app").contextPath("/test-app")
+                .servletClass(UserSessionStatusServlet.class).adapterConfigPath(url.getPath())
+                .role("manager").deployApplication();
+
+        createApplicationDeployment()
+                .name("test-app-allowed-providers").contextPath("/test-app-allowed-providers")
+                .servletClass(UserSessionStatusServlet.class).adapterConfigPath(url.getPath())
+                .role("manager").deployApplication();
     }
 
     @Override

testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java 37(+25 -12)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
index 9b1f643..b2e3605 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
@@ -33,6 +33,7 @@ import org.keycloak.broker.saml.SAMLIdentityProviderFactory;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.IdentityProviderModel;
 import org.keycloak.models.RealmModel;
+import org.keycloak.representations.idm.IdentityProviderRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.social.facebook.FacebookIdentityProvider;
 import org.keycloak.social.facebook.FacebookIdentityProviderFactory;
@@ -80,7 +81,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
 
         identityProviderModel.getConfig().put("config-added", "value-added");
         identityProviderModel.setEnabled(false);
-        identityProviderModel.setUpdateProfileFirstLogin(false);
+        identityProviderModel.setUpdateProfileFirstLoginMode(IdentityProviderRepresentation.UPFLM_OFF);
+        identityProviderModel.setTrustEmail(true);
         identityProviderModel.setStoreToken(true);
         identityProviderModel.setAuthenticateByDefault(true);
 
@@ -94,13 +96,15 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
 
         assertEquals("value-added", identityProviderModel.getConfig().get("config-added"));
         assertFalse(identityProviderModel.isEnabled());
-        assertFalse(identityProviderModel.isUpdateProfileFirstLogin());
+        assertEquals(IdentityProviderRepresentation.UPFLM_OFF, identityProviderModel.getUpdateProfileFirstLoginMode());
+        assertTrue(identityProviderModel.isTrustEmail());
         assertTrue(identityProviderModel.isStoreToken());
         assertTrue(identityProviderModel.isAuthenticateByDefault());
 
         identityProviderModel.getConfig().remove("config-added");
         identityProviderModel.setEnabled(true);
-        identityProviderModel.setUpdateProfileFirstLogin(true);
+        identityProviderModel.setUpdateProfileFirstLoginMode(IdentityProviderRepresentation.UPFLM_MISSING);
+        identityProviderModel.setTrustEmail(false);
         identityProviderModel.setAuthenticateByDefault(false);
 
         realm.updateIdentityProvider(identityProviderModel);
@@ -112,7 +116,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
 
         assertFalse(identityProviderModel.getConfig().containsKey("config-added"));
         assertTrue(identityProviderModel.isEnabled());
-        assertTrue(identityProviderModel.isUpdateProfileFirstLogin());
+        assertEquals(IdentityProviderRepresentation.UPFLM_MISSING, identityProviderModel.getUpdateProfileFirstLoginMode());
+        assertFalse(identityProviderModel.isTrustEmail());
         assertFalse(identityProviderModel.isAuthenticateByDefault());
         this.realmManager.removeRealm(realm);
     }
@@ -160,7 +165,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
         assertEquals("model-google", config.getAlias());
         assertEquals(GoogleIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
         assertEquals(true, config.isEnabled());
-        assertEquals(true, config.isUpdateProfileFirstLogin());
+        assertEquals(IdentityProviderRepresentation.UPFLM_ON, config.getUpdateProfileFirstLoginMode());
+        assertEquals(true, config.isTrustEmail());
         assertEquals(false, config.isAuthenticateByDefault());
         assertEquals(true, config.isStoreToken());
         assertEquals("clientId", config.getClientId());
@@ -178,8 +184,9 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
         assertEquals("model-saml-signed-idp", config.getAlias());
         assertEquals(SAMLIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
         assertEquals(true, config.isEnabled());
-        assertEquals(true, config.isUpdateProfileFirstLogin());
+        assertEquals(IdentityProviderRepresentation.UPFLM_ON, config.getUpdateProfileFirstLoginMode());
         assertEquals(false, config.isAuthenticateByDefault());
+        assertEquals(false, config.isTrustEmail());
         assertEquals(false, config.isStoreToken());
         assertEquals("http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml", config.getSingleSignOnServiceUrl());
         assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", config.getNameIDPolicyFormat());
@@ -198,7 +205,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
         assertEquals("model-oidc-idp", config.getAlias());
         assertEquals(OIDCIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
         assertEquals(false, config.isEnabled());
-        assertEquals(false, config.isUpdateProfileFirstLogin());
+        assertEquals(IdentityProviderRepresentation.UPFLM_OFF, config.getUpdateProfileFirstLoginMode());
+        assertEquals(false, config.isTrustEmail());
         assertEquals(false, config.isAuthenticateByDefault());
         assertEquals(false, config.isStoreToken());
         assertEquals("clientId", config.getClientId());
@@ -212,7 +220,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
         assertEquals("model-facebook", config.getAlias());
         assertEquals(FacebookIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
         assertEquals(true, config.isEnabled());
-        assertEquals(true, config.isUpdateProfileFirstLogin());
+        assertEquals(IdentityProviderRepresentation.UPFLM_OFF, config.getUpdateProfileFirstLoginMode());
+        assertEquals(false, config.isTrustEmail());
         assertEquals(false, config.isAuthenticateByDefault());
         assertEquals(false, config.isStoreToken());
         assertEquals("clientId", config.getClientId());
@@ -229,7 +238,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
         assertEquals("model-github", config.getAlias());
         assertEquals(GitHubIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
         assertEquals(true, config.isEnabled());
-        assertEquals(true, config.isUpdateProfileFirstLogin());
+        assertEquals(IdentityProviderRepresentation.UPFLM_ON, config.getUpdateProfileFirstLoginMode());
+        assertEquals(false, config.isTrustEmail());
         assertEquals(false, config.isAuthenticateByDefault());
         assertEquals(false, config.isStoreToken());
         assertEquals("clientId", config.getClientId());
@@ -246,7 +256,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
         assertEquals("model-linkedin", config.getAlias());
       assertEquals(LinkedInIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
       assertEquals(true, config.isEnabled());
-      assertEquals(true, config.isUpdateProfileFirstLogin());
+        assertEquals(IdentityProviderRepresentation.UPFLM_MISSING, config.getUpdateProfileFirstLoginMode());
+        assertEquals(false, config.isTrustEmail());
       assertEquals(false, config.isAuthenticateByDefault());
       assertEquals(false, config.isStoreToken());
       assertEquals("clientId", config.getClientId());
@@ -263,7 +274,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
         assertEquals("model-stackoverflow", config.getAlias());
         assertEquals(StackoverflowIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
         assertEquals(true, config.isEnabled());
-        assertEquals(true, config.isUpdateProfileFirstLogin());
+        assertEquals(IdentityProviderRepresentation.UPFLM_OFF, config.getUpdateProfileFirstLoginMode());
+        assertEquals(false, config.isTrustEmail());
         assertEquals(false, config.isAuthenticateByDefault());
         assertEquals(false, config.isStoreToken());
         assertEquals("clientId", config.getClientId());
@@ -281,7 +293,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
         assertEquals("model-twitter", config.getAlias());
         assertEquals(TwitterIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
         assertEquals(true, config.isEnabled());
-        assertEquals(true, config.isUpdateProfileFirstLogin());
+        assertEquals(IdentityProviderRepresentation.UPFLM_OFF, config.getUpdateProfileFirstLoginMode());
+        assertEquals(false, config.isTrustEmail());
         assertEquals(false, config.isAuthenticateByDefault());
         assertEquals(true, config.isStoreToken());
         assertEquals("clientId", config.getClientId());

testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java 12(+9 -3)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java
index 46bfa3d..c0ffd00 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java
@@ -6,6 +6,7 @@ import org.keycloak.models.IdentityProviderModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.representations.idm.IdentityProviderRepresentation;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.rule.AbstractKeycloakRule;
 import org.keycloak.testsuite.KeycloakServer;
@@ -50,9 +51,9 @@ public class SAMLKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderT
     }
 
     @Override
-    protected void doAssertFederatedUser(UserModel federatedUser, IdentityProviderModel identityProviderModel, String expectedEmail) {
-        if (identityProviderModel.isUpdateProfileFirstLogin()) {
-            super.doAssertFederatedUser(federatedUser, identityProviderModel, expectedEmail);
+    protected void doAssertFederatedUser(UserModel federatedUser, IdentityProviderModel identityProviderModel, String expectedEmail, boolean isProfileUpdateExpected) {
+        if (isProfileUpdateExpected) {
+            super.doAssertFederatedUser(federatedUser, identityProviderModel, expectedEmail, isProfileUpdateExpected);
         } else {
             if (expectedEmail == null) {
                 // Need to handle differences for various databases (like Oracle)
@@ -114,4 +115,9 @@ public class SAMLKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderT
     public void testSuccessfulAuthenticationWithoutUpdateProfile_newUser_emailAsUsername() {
         super.testSuccessfulAuthenticationWithoutUpdateProfile_newUser_emailAsUsername();
     }
+
+    @Test
+    public void testSuccessfulAuthenticationUpdateProfileOnMissing_nothingMissing() {
+        // skip this test as this provider do not return name and surname so something is missing always
+    }
 }

testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java 12(+9 -3)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
index 821fc0e..34c10d5 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
@@ -6,6 +6,7 @@ import org.keycloak.models.IdentityProviderModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.representations.idm.IdentityProviderRepresentation;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.rule.AbstractKeycloakRule;
 import org.keycloak.testsuite.KeycloakServer;
@@ -50,9 +51,9 @@ public class SAMLKeyCloakServerBrokerWithSignatureTest extends AbstractIdentityP
     }
 
     @Override
-    protected void doAssertFederatedUser(UserModel federatedUser, IdentityProviderModel identityProviderModel, String expectedEmail) {
-        if (identityProviderModel.isUpdateProfileFirstLogin()) {
-            super.doAssertFederatedUser(federatedUser, identityProviderModel, expectedEmail);
+    protected void doAssertFederatedUser(UserModel federatedUser, IdentityProviderModel identityProviderModel, String expectedEmail, boolean isProfileUpdateExpected) {
+        if (isProfileUpdateExpected) {
+            super.doAssertFederatedUser(federatedUser, identityProviderModel, expectedEmail, isProfileUpdateExpected);
         } else {
             if (expectedEmail == null) {
                 // Need to handle differences for various databases (like Oracle)
@@ -102,4 +103,9 @@ public class SAMLKeyCloakServerBrokerWithSignatureTest extends AbstractIdentityP
     public void testAccountManagementLinkIdentity() {
         super.testAccountManagementLinkIdentity();
     }
+
+    @Test
+    public void testSuccessfulAuthenticationUpdateProfileOnMissing_nothingMissing() {
+        // skip this test as this provider do not return name and surname so something is missing always
+    }
 }

testsuite/integration/src/test/java/org/keycloak/testsuite/events/AdminEventStoreProviderTest.java 35(+23 -12)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/events/AdminEventStoreProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/events/AdminEventStoreProviderTest.java
index 58c5698..534f056 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/events/AdminEventStoreProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/events/AdminEventStoreProviderTest.java
@@ -83,14 +83,25 @@ public class AdminEventStoreProviderTest {
         String d3 = new String("2015-03-06");
         String d4 = new String("2015-03-07");
         
+        String d5 = new String("2015-03-01");
+        String d6 = new String("2015-03-03");
+        String d7 = new String("2015-03-08");
+        String d8 = new String("2015-03-10");
+        
         SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd");
         Date date1 = null, date2 = null, date3 = null, date4 = null;
+        Date date5 = null, date6 = null, date7 = null, date8 = null;
         
         try {
             date1 = formatter.parse(d1);
             date2 = formatter.parse(d2);
             date3 = formatter.parse(d3);
             date4 = formatter.parse(d4);
+            
+            date5 = formatter.parse(d5);
+            date6 = formatter.parse(d6);
+            date7 = formatter.parse(d7);
+            date8 = formatter.parse(d8);
         } catch (ParseException e) {
             e.printStackTrace();
         }
@@ -121,22 +132,22 @@ public class AdminEventStoreProviderTest {
         Assert.assertEquals(1, eventStore.createAdminQuery().operation(OperationType.DELETE).getResultList().size());
         Assert.assertEquals(4, eventStore.createAdminQuery().operation(OperationType.CREATE).getResultList().size());
         
-        Assert.assertEquals(8, eventStore.createAdminQuery().fromTime("2015-03-04").getResultList().size());
-        Assert.assertEquals(8, eventStore.createAdminQuery().toTime("2015-03-07").getResultList().size());
+        Assert.assertEquals(8, eventStore.createAdminQuery().fromTime(date1).getResultList().size());
+        Assert.assertEquals(8, eventStore.createAdminQuery().toTime(date4).getResultList().size());
         
-        Assert.assertEquals(4, eventStore.createAdminQuery().fromTime("2015-03-06").getResultList().size());
-        Assert.assertEquals(4, eventStore.createAdminQuery().toTime("2015-03-05").getResultList().size());
+        Assert.assertEquals(4, eventStore.createAdminQuery().fromTime(date3).getResultList().size());
+        Assert.assertEquals(4, eventStore.createAdminQuery().toTime(date2).getResultList().size());
         
-        Assert.assertEquals(0, eventStore.createAdminQuery().fromTime("2015-03-08").getResultList().size());
-        Assert.assertEquals(0, eventStore.createAdminQuery().toTime("2015-03-03").getResultList().size());
+        Assert.assertEquals(0, eventStore.createAdminQuery().fromTime(date7).getResultList().size());
+        Assert.assertEquals(0, eventStore.createAdminQuery().toTime(date6).getResultList().size());
         
-        Assert.assertEquals(8, eventStore.createAdminQuery().fromTime("2015-03-04").toTime("2015-03-07").getResultList().size());
-        Assert.assertEquals(6, eventStore.createAdminQuery().fromTime("2015-03-05").toTime("2015-03-07").getResultList().size());
-        Assert.assertEquals(4, eventStore.createAdminQuery().fromTime("2015-03-04").toTime("2015-03-05").getResultList().size());
-        Assert.assertEquals(4, eventStore.createAdminQuery().fromTime("2015-03-06").toTime("2015-03-07").getResultList().size());
+        Assert.assertEquals(8, eventStore.createAdminQuery().fromTime(date1).toTime(date4).getResultList().size());
+        Assert.assertEquals(6, eventStore.createAdminQuery().fromTime(date2).toTime(date4).getResultList().size());
+        Assert.assertEquals(4, eventStore.createAdminQuery().fromTime(date1).toTime(date2).getResultList().size());
+        Assert.assertEquals(4, eventStore.createAdminQuery().fromTime(date3).toTime(date4).getResultList().size());
         
-        Assert.assertEquals(0, eventStore.createAdminQuery().fromTime("2015-03-01").toTime("2015-03-03").getResultList().size());
-        Assert.assertEquals(0, eventStore.createAdminQuery().fromTime("2015-03-08").toTime("2015-03-10").getResultList().size());
+        Assert.assertEquals(0, eventStore.createAdminQuery().fromTime(date5).toTime(date6).getResultList().size());
+        Assert.assertEquals(0, eventStore.createAdminQuery().fromTime(date7).toTime(date8).getResultList().size());
         
     }

testsuite/integration/src/test/java/org/keycloak/testsuite/events/EventStoreProviderTest.java 35(+23 -12)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/events/EventStoreProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/events/EventStoreProviderTest.java
index f5f81ff..7a378aa 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/events/EventStoreProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/events/EventStoreProviderTest.java
@@ -84,14 +84,25 @@ public class EventStoreProviderTest {
         String d3 = new String("2015-03-06");
         String d4 = new String("2015-03-07");
         
+        String d5 = new String("2015-03-01");
+        String d6 = new String("2015-03-03");
+        String d7 = new String("2015-03-08");
+        String d8 = new String("2015-03-10");
+        
         SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd");
         Date date1 = null, date2 = null, date3 = null, date4 = null;
+        Date date5 = null, date6 = null, date7 = null, date8 = null;
         
         try {
             date1 = formatter.parse(d1);
             date2 = formatter.parse(d2);
             date3 = formatter.parse(d3);
             date4 = formatter.parse(d4);
+            
+            date5 = formatter.parse(d5);
+            date6 = formatter.parse(d6);
+            date7 = formatter.parse(d7);
+            date8 = formatter.parse(d8);
         } catch (ParseException e) {
             e.printStackTrace();
         }
@@ -124,22 +135,22 @@ public class EventStoreProviderTest {
         Assert.assertEquals(1, eventStore.createQuery().type(EventType.UPDATE_PROFILE).getResultList().size());
         Assert.assertEquals(1, eventStore.createQuery().type(EventType.UPDATE_EMAIL).getResultList().size());
         
-        Assert.assertEquals(8, eventStore.createQuery().fromDate("2015-03-04").getResultList().size());
-        Assert.assertEquals(8, eventStore.createQuery().toDate("2015-03-07").getResultList().size());
+        Assert.assertEquals(8, eventStore.createQuery().fromDate(date1).getResultList().size());
+        Assert.assertEquals(8, eventStore.createQuery().toDate(date4).getResultList().size());
         
-        Assert.assertEquals(4, eventStore.createQuery().fromDate("2015-03-06").getResultList().size());
-        Assert.assertEquals(4, eventStore.createQuery().toDate("2015-03-05").getResultList().size());
+        Assert.assertEquals(4, eventStore.createQuery().fromDate(date3).getResultList().size());
+        Assert.assertEquals(4, eventStore.createQuery().toDate(date2).getResultList().size());
         
-        Assert.assertEquals(0, eventStore.createQuery().fromDate("2015-03-08").getResultList().size());
-        Assert.assertEquals(0, eventStore.createQuery().toDate("2015-03-03").getResultList().size());
+        Assert.assertEquals(0, eventStore.createQuery().fromDate(date7).getResultList().size());
+        Assert.assertEquals(0, eventStore.createQuery().toDate(date6).getResultList().size());
         
-        Assert.assertEquals(8, eventStore.createQuery().fromDate("2015-03-04").toDate("2015-03-07").getResultList().size());
-        Assert.assertEquals(6, eventStore.createQuery().fromDate("2015-03-05").toDate("2015-03-07").getResultList().size());
-        Assert.assertEquals(4, eventStore.createQuery().fromDate("2015-03-04").toDate("2015-03-05").getResultList().size());
-        Assert.assertEquals(4, eventStore.createQuery().fromDate("2015-03-06").toDate("2015-03-07").getResultList().size());
+        Assert.assertEquals(8, eventStore.createQuery().fromDate(date1).toDate(date4).getResultList().size());
+        Assert.assertEquals(6, eventStore.createQuery().fromDate(date2).toDate(date4).getResultList().size());
+        Assert.assertEquals(4, eventStore.createQuery().fromDate(date1).toDate(date2).getResultList().size());
+        Assert.assertEquals(4, eventStore.createQuery().fromDate(date3).toDate(date4).getResultList().size());
         
-        Assert.assertEquals(0, eventStore.createQuery().fromDate("2015-03-01").toDate("2015-03-03").getResultList().size());
-        Assert.assertEquals(0, eventStore.createQuery().fromDate("2015-03-08").toDate("2015-03-10").getResultList().size());
+        Assert.assertEquals(0, eventStore.createQuery().fromDate(date5).toDate(date6).getResultList().size());
+        Assert.assertEquals(0, eventStore.createQuery().fromDate(date7).toDate(date8).getResultList().size());
         
     }

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java 62(+56 -6)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
index aa61ee6..c384651 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
@@ -11,18 +11,21 @@ import org.junit.runners.MethodSorters;
 import org.keycloak.OAuth2Constants;
 import org.keycloak.federation.ldap.LDAPFederationProvider;
 import org.keycloak.federation.ldap.LDAPFederationProviderFactory;
-import org.keycloak.federation.ldap.LDAPUtils;
 import org.keycloak.federation.ldap.idm.model.LDAPObject;
-import org.keycloak.models.ClientModel;
+import org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapper;
+import org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapperFactory;
+import org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapper;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.LDAPConstants;
 import org.keycloak.models.ModelReadOnlyException;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserCredentialValueModel;
+import org.keycloak.models.UserFederationMapperModel;
 import org.keycloak.models.UserFederationProvider;
 import org.keycloak.models.UserFederationProviderModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.OAuthClient;
 import org.keycloak.testsuite.pages.AccountPasswordPage;
@@ -63,10 +66,7 @@ public class FederationProvidersIntegrationTest {
 
             // Delete all LDAP users and add some new for testing
             LDAPFederationProvider ldapFedProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
-            LDAPUtils.removeAllUsers(ldapFedProvider, appRealm);
-
-            // Add sample application TODO: REmove this!!!! It's just temporarily needed in SyncProvidersTest until model for federation mappers is implemented
-            ClientModel finance = appRealm.addClient("finance");
+            FederationTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm);
 
             LDAPObject john = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", "1234");
             ldapFedProvider.getLdapIdentityStore().updatePassword(john, "Password1");
@@ -265,6 +265,56 @@ public class FederationProvidersIntegrationTest {
     }
 
     @Test
+    public void testFullNameMapper() {
+        KeycloakSession session = keycloakRule.startSession();
+        UserFederationMapperModel firstNameMapper = null;
+
+        try {
+            RealmModel appRealm = new RealmManager(session).getRealmByName("test");
+
+            // assert that user "fullnameUser" is not in local DB
+            Assert.assertNull(session.users().getUserByUsername("fullname", appRealm));
+
+            // Add the user with some fullName into LDAP directly. Ensure that fullName is saved into "cn" attribute in LDAP (currently mapped to model firstName)
+            LDAPFederationProvider ldapFedProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
+            FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "fullname", "James Dee", "Dee", "fullname@email.org", "4578");
+
+            // add fullname mapper to the provider and remove "firstNameMapper". For this test, we will simply map full name to the LDAP attribute, which was before firstName ( "givenName" on active directory, "cn" on other LDAP servers)
+            firstNameMapper = appRealm.getUserFederationMapperByName(ldapModel.getId(), "first name");
+            String ldapFirstNameAttributeName = firstNameMapper.getConfig().get(UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE);
+            appRealm.removeUserFederationMapper(firstNameMapper);
+
+            UserFederationMapperModel fullNameMapperModel = KeycloakModelUtils.createUserFederationMapperModel("full name", ldapModel.getId(), FullNameLDAPFederationMapperFactory.PROVIDER_ID,
+                    FullNameLDAPFederationMapper.LDAP_FULL_NAME_ATTRIBUTE, ldapFirstNameAttributeName,
+                    UserAttributeLDAPFederationMapper.READ_ONLY, "false");
+            appRealm.addUserFederationMapper(fullNameMapperModel);
+
+            // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName
+            FederationTestUtils.assertUserImported(session.users(), appRealm, "fullname", "James", "Dee", "fullname@email.org", "4578");
+        } finally {
+            keycloakRule.stopSession(session, true);
+        }
+
+        session = keycloakRule.startSession();
+        try {
+            RealmModel appRealm = new RealmManager(session).getRealmByName("test");
+
+            // Remove "fullnameUser" to assert he is removed from LDAP. Revert mappers to previous state
+            UserModel fullnameUser = session.users().getUserByUsername("fullname", appRealm);
+            session.users().removeUser(appRealm, fullnameUser);
+
+            // Revert mappers
+            UserFederationMapperModel fullNameMapperModel = appRealm.getUserFederationMapperByName(ldapModel.getId(), "full name");
+            appRealm.removeUserFederationMapper(fullNameMapperModel);
+
+            firstNameMapper.setId(null);
+            appRealm.addUserFederationMapper(firstNameMapper);
+        } finally {
+            keycloakRule.stopSession(session, true);
+        }
+    }
+
+    @Test
     public void testReadonly() {
         KeycloakSession session = keycloakRule.startSession();
         try {

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationTestUtils.java 46(+41 -5)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationTestUtils.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationTestUtils.java
index d3dd9ab..540ae64 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationTestUtils.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationTestUtils.java
@@ -1,10 +1,14 @@
 package org.keycloak.testsuite.federation;
 
+import java.util.List;
+
 import org.junit.Assert;
 import org.keycloak.federation.ldap.LDAPFederationProvider;
 import org.keycloak.federation.ldap.LDAPFederationProviderFactory;
 import org.keycloak.federation.ldap.LDAPUtils;
 import org.keycloak.federation.ldap.idm.model.LDAPObject;
+import org.keycloak.federation.ldap.idm.query.internal.LDAPIdentityQuery;
+import org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore;
 import org.keycloak.federation.ldap.mappers.RoleLDAPFederationMapper;
 import org.keycloak.federation.ldap.mappers.RoleLDAPFederationMapperFactory;
 import org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapper;
@@ -91,9 +95,13 @@ class FederationTestUtils {
     }
 
     public static void addZipCodeLDAPMapper(RealmModel realm, UserFederationProviderModel providerModel) {
-        UserFederationMapperModel mapperModel = KeycloakModelUtils.createUserFederationMapperModel("zipCodeMapper", providerModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID,
-                UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "postal_code",
-                UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, LDAPConstants.POSTAL_CODE,
+        addUserAttributeMapper(realm, providerModel, "zipCodeMapper", "postal_code", LDAPConstants.POSTAL_CODE); 
+    }
+
+    public static void addUserAttributeMapper(RealmModel realm, UserFederationProviderModel providerModel, String mapperName, String userModelAttributeName, String ldapAttributeName) {
+        UserFederationMapperModel mapperModel = KeycloakModelUtils.createUserFederationMapperModel(mapperName, providerModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID,
+                UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, userModelAttributeName,
+                UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, ldapAttributeName,
                 UserAttributeLDAPFederationMapper.READ_ONLY, "false");
         realm.addUserFederationMapper(mapperModel);
     }
@@ -104,8 +112,9 @@ class FederationTestUtils {
             mapperModel.getConfig().put(RoleLDAPFederationMapper.MODE, mode.toString());
             realm.updateUserFederationMapper(mapperModel);
         } else {
+            String baseDn = providerModel.getConfig().get(LDAPConstants.BASE_DN);
             mapperModel = KeycloakModelUtils.createUserFederationMapperModel("realmRolesMapper", providerModel.getId(), RoleLDAPFederationMapperFactory.PROVIDER_ID,
-                    RoleLDAPFederationMapper.ROLES_DN, "ou=RealmRoles,dc=keycloak,dc=org",
+                    RoleLDAPFederationMapper.ROLES_DN, "ou=RealmRoles," + baseDn,
                     RoleLDAPFederationMapper.USE_REALM_ROLES_MAPPING, "true",
                     RoleLDAPFederationMapper.MODE, mode.toString());
             realm.addUserFederationMapper(mapperModel);
@@ -116,12 +125,39 @@ class FederationTestUtils {
             mapperModel.getConfig().put(RoleLDAPFederationMapper.MODE, mode.toString());
             realm.updateUserFederationMapper(mapperModel);
         } else {
+            String baseDn = providerModel.getConfig().get(LDAPConstants.BASE_DN);
             mapperModel = KeycloakModelUtils.createUserFederationMapperModel("financeRolesMapper", providerModel.getId(), RoleLDAPFederationMapperFactory.PROVIDER_ID,
-                    RoleLDAPFederationMapper.ROLES_DN, "ou=FinanceRoles,dc=keycloak,dc=org",
+                    RoleLDAPFederationMapper.ROLES_DN, "ou=FinanceRoles," + baseDn,
                     RoleLDAPFederationMapper.USE_REALM_ROLES_MAPPING, "false",
                     RoleLDAPFederationMapper.CLIENT_ID, "finance",
                     RoleLDAPFederationMapper.MODE, mode.toString());
             realm.addUserFederationMapper(mapperModel);
         }
     }
+
+    public static void removeAllLDAPUsers(LDAPFederationProvider ldapProvider, RealmModel realm) {
+        LDAPIdentityStore ldapStore = ldapProvider.getLdapIdentityStore();
+        LDAPIdentityQuery ldapQuery = LDAPUtils.createQueryForUserSearch(ldapProvider, realm);
+        List<LDAPObject> allUsers = ldapQuery.getResultList();
+
+        for (LDAPObject ldapUser : allUsers) {
+            ldapStore.remove(ldapUser);
+        }
+    }
+
+    public static void removeAllLDAPRoles(KeycloakSession session, RealmModel appRealm, UserFederationProviderModel ldapModel, String mapperName) {
+        UserFederationMapperModel mapperModel = appRealm.getUserFederationMapperByName(ldapModel.getId(), mapperName);
+        LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
+        LDAPIdentityQuery roleQuery = new RoleLDAPFederationMapper().createRoleQuery(mapperModel, ldapProvider);
+        List<LDAPObject> ldapRoles = roleQuery.getResultList();
+        for (LDAPObject ldapRole : ldapRoles) {
+            ldapProvider.getLdapIdentityStore().remove(ldapRole);
+        }
+    }
+
+    public static void createLDAPRole(KeycloakSession session, RealmModel appRealm, UserFederationProviderModel ldapModel, String mapperName, String roleName) {
+        UserFederationMapperModel mapperModel = appRealm.getUserFederationMapperByName(ldapModel.getId(), mapperName);
+        LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
+        new RoleLDAPFederationMapper().createLDAPRole(mapperModel, roleName, ldapProvider);
+    }
 }

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/KerberosLdapTest.java 6(+5 -1)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/KerberosLdapTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/KerberosLdapTest.java
index 6db2d85..765c88a 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/KerberosLdapTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/KerberosLdapTest.java
@@ -21,6 +21,7 @@ import org.keycloak.models.UserFederationProviderModel;
 import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.AssertEvents;
+import org.keycloak.testsuite.adapter.CustomerServlet;
 import org.keycloak.testsuite.rule.KerberosRule;
 import org.keycloak.testsuite.rule.KeycloakRule;
 import org.keycloak.testsuite.rule.WebRule;
@@ -45,7 +46,10 @@ public class KerberosLdapTest extends AbstractKerberosTest {
         public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
             CredentialHelper.setRequiredCredential(CredentialRepresentation.KERBEROS, appRealm);
             URL url = getClass().getResource("/kerberos-test/kerberos-app-keycloak.json");
-            keycloakRule.deployApplication("kerberos-portal", "/kerberos-portal", KerberosCredDelegServlet.class, url.getPath(), "user");
+            keycloakRule.createApplicationDeployment()
+                    .name("kerberos-portal").contextPath("/kerberos-portal")
+                    .servletClass(KerberosCredDelegServlet.class).adapterConfigPath(url.getPath())
+                    .role("user").deployApplication();
 
             Map<String,String> ldapConfig = kerberosRule.getConfig();
             ldapModel = appRealm.addUserFederationProvider(LDAPFederationProviderFactory.PROVIDER_NAME, ldapConfig, 0, "kerberos-ldap", -1, -1, 0);

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/KerberosStandaloneTest.java 6(+5 -1)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/KerberosStandaloneTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/KerberosStandaloneTest.java
index 2841e25..cc0f80e 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/KerberosStandaloneTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/KerberosStandaloneTest.java
@@ -47,7 +47,11 @@ public class KerberosStandaloneTest extends AbstractKerberosTest {
 
             CredentialHelper.setRequiredCredential(CredentialRepresentation.KERBEROS, appRealm);
             URL url = getClass().getResource("/kerberos-test/kerberos-app-keycloak.json");
-            keycloakRule.deployApplication("kerberos-portal", "/kerberos-portal", KerberosCredDelegServlet.class, url.getPath(), "user");
+            keycloakRule.createApplicationDeployment()
+                    .name("kerberos-portal").contextPath("/kerberos-portal")
+                    .servletClass(KerberosCredDelegServlet.class).adapterConfigPath(url.getPath())
+                    .role("user").deployApplication();
+
 
             Map<String,String> kerberosConfig = kerberosRule.getConfig();
             kerberosModel = appRealm.addUserFederationProvider(KerberosFederationProviderFactory.PROVIDER_NAME, kerberosConfig, 0, "kerberos-standalone", -1, -1, 0);

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/LDAPRoleMappingsTest.java 69(+31 -38)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/LDAPRoleMappingsTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/LDAPRoleMappingsTest.java
index a389fe5..f8a6944 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/LDAPRoleMappingsTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/LDAPRoleMappingsTest.java
@@ -13,7 +13,6 @@ import org.junit.rules.TestRule;
 import org.junit.runners.MethodSorters;
 import org.keycloak.federation.ldap.LDAPFederationProvider;
 import org.keycloak.federation.ldap.LDAPFederationProviderFactory;
-import org.keycloak.federation.ldap.LDAPUtils;
 import org.keycloak.federation.ldap.idm.model.LDAPObject;
 import org.keycloak.federation.ldap.idm.query.Condition;
 import org.keycloak.federation.ldap.idm.query.QueryParameter;
@@ -34,11 +33,8 @@ import org.keycloak.models.UserFederationProviderModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.OAuthClient;
-import org.keycloak.testsuite.pages.AccountPasswordPage;
-import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.LoginPage;
-import org.keycloak.testsuite.pages.RegisterPage;
 import org.keycloak.testsuite.rule.KeycloakRule;
 import org.keycloak.testsuite.rule.LDAPRule;
 import org.keycloak.testsuite.rule.WebResource;
@@ -67,13 +63,19 @@ public class LDAPRoleMappingsTest {
 
             ldapModel = appRealm.addUserFederationProvider(LDAPFederationProviderFactory.PROVIDER_NAME, ldapConfig, 0, "test-ldap", -1, -1, 0);
 
-            // Delete all LDAP users and add some new for testing
+            // Delete all LDAP users
             LDAPFederationProvider ldapFedProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
-            LDAPUtils.removeAllUsers(ldapFedProvider, appRealm);
+            FederationTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm);
 
             // Add sample application
             ClientModel finance = appRealm.addClient("finance");
 
+            // Delete all LDAP roles
+            FederationTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, RoleLDAPFederationMapper.Mode.LDAP_ONLY);
+            FederationTestUtils.removeAllLDAPRoles(manager.getSession(), appRealm, ldapModel, "realmRolesMapper");
+            FederationTestUtils.removeAllLDAPRoles(manager.getSession(), appRealm, ldapModel, "financeRolesMapper");
+
+            // Add some users for testing
             LDAPObject john = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", "1234");
             ldapFedProvider.getLdapIdentityStore().updatePassword(john, "Password1");
 
@@ -83,34 +85,12 @@ public class LDAPRoleMappingsTest {
             LDAPObject rob = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "robkeycloak", "Rob", "Brown", "rob@email.org", "8910");
             ldapFedProvider.getLdapIdentityStore().updatePassword(rob, "Password1");
 
+            // Add some roles for testing
+            FederationTestUtils.createLDAPRole(manager.getSession(), appRealm, ldapModel, "realmRolesMapper", "realmRole1");
+            FederationTestUtils.createLDAPRole(manager.getSession(), appRealm, ldapModel, "realmRolesMapper", "realmRole2");
+            FederationTestUtils.createLDAPRole(manager.getSession(), appRealm, ldapModel, "financeRolesMapper", "financeRole1");
         }
-    }) {
-
-        @Override
-        protected void after() {
-            // Need to cleanup some LDAP objects after the test
-            update(new KeycloakRule.KeycloakSetup() {
-
-                @Override
-                public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                    RoleLDAPFederationMapper roleMapper = new RoleLDAPFederationMapper();
-
-                    FederationTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, RoleLDAPFederationMapper.Mode.LDAP_ONLY);
-                    UserFederationMapperModel roleMapperModel = appRealm.getUserFederationMapperByName(ldapModel.getId(), "realmRolesMapper");
-                    LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
-
-                    LDAPObject ldapRole = roleMapper.loadLDAPRoleByName(roleMapperModel, ldapProvider, "realmRole3");
-                    if (ldapRole != null) {
-                        ldapProvider.getLdapIdentityStore().remove(ldapRole);
-                    }
-                }
-
-            });
-
-            super.after();
-        }
-
-    };
+    });
 
     @ClassRule
     public static TestRule chain = RuleChain
@@ -153,7 +133,12 @@ public class LDAPRoleMappingsTest {
             RoleModel realmRole2 = appRealm.getRole("realmRole2");
             mary.grantRole(realmRole2);
 
-            RoleModel realmRole3 = appRealm.addRole("realmRole3");
+            // This role may already exists from previous test (was imported from LDAP), but may not
+            RoleModel realmRole3 = appRealm.getRole("realmRole3");
+            if (realmRole3 == null) {
+                realmRole3 = appRealm.addRole("realmRole3");
+            }
+
             john.grantRole(realmRole3);
             mary.grantRole(realmRole3);
 
@@ -270,12 +255,20 @@ public class LDAPRoleMappingsTest {
             // Delete role mappings directly in LDAP
             deleteRoleMappingsInLDAP(roleMapperModel, roleMapper, ldapProvider, maryLdap, "realmRole1");
             deleteRoleMappingsInLDAP(roleMapperModel, roleMapper, ldapProvider, maryLdap, "realmRole2");
+        } finally {
+            keycloakRule.stopSession(session, false);
+        }
+
+        session = keycloakRule.startSession();
+        try {
+            RealmModel appRealm = session.realms().getRealmByName("test");
+            UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm);
 
             // Assert role mappings is not available
-            maryRoles = mary.getRealmRoleMappings();
-            Assert.assertFalse(maryRoles.contains(realmRole1));
-            Assert.assertFalse(maryRoles.contains(realmRole2));
-            Assert.assertFalse(maryRoles.contains(realmRole3));
+            Set<RoleModel> maryRoles = mary.getRealmRoleMappings();
+            Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole1")));
+            Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole2")));
+            Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole3")));
         } finally {
             keycloakRule.stopSession(session, false);
         }

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/SyncProvidersTest.java 12(+6 -6)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/SyncProvidersTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/SyncProvidersTest.java
index 40ae50c..bab44c1 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/SyncProvidersTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/SyncProvidersTest.java
@@ -9,9 +9,7 @@ import org.junit.rules.TestRule;
 import org.junit.runners.MethodSorters;
 import org.keycloak.federation.ldap.LDAPFederationProvider;
 import org.keycloak.federation.ldap.LDAPFederationProviderFactory;
-import org.keycloak.federation.ldap.LDAPUtils;
 import org.keycloak.federation.ldap.idm.model.LDAPObject;
-import org.keycloak.models.ClientModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.models.LDAPConstants;
@@ -60,10 +58,7 @@ public class SyncProvidersTest {
 
             // Delete all LDAP users and add 5 new users for testing
             LDAPFederationProvider ldapFedProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
-            LDAPUtils.removeAllUsers(ldapFedProvider, appRealm);
-
-            // Add sample application TODO: REmove this!!!! It's just temporarily needed in SyncProvidersTest until model for federation mappers is implemented
-            ClientModel finance = appRealm.addClient("finance");
+            FederationTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm);
 
             for (int i=1 ; i<=5 ; i++) {
                 LDAPObject ldapUser = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "user" + i, "User" + i + "FN", "User" + i + "LN", "user" + i + "@email.org", "12" + i);
@@ -80,6 +75,11 @@ public class SyncProvidersTest {
             .outerRule(ldapRule)
             .around(keycloakRule);
 
+//    @Test
+//    public void test01runit() throws Exception {
+//        Thread.sleep(10000000);
+//    }
+
     @Test
     public void testLDAPSync() {
         UsersSyncManager usersSyncManager = new UsersSyncManager();

testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java 47(+32 -15)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
index ed94502..26b1f79 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
@@ -52,7 +52,9 @@ import org.keycloak.util.Time;
 import org.openqa.selenium.WebDriver;
 
 import javax.mail.MessagingException;
+import javax.mail.Multipart;
 import javax.mail.internet.MimeMessage;
+
 import java.io.IOException;
 import java.util.Collections;
 
@@ -146,9 +148,8 @@ public class ResetPasswordTest {
         assertEquals(1, greenMail.getReceivedMessages().length);
 
         MimeMessage message = greenMail.getReceivedMessages()[0];
-
-        String body = (String) message.getContent();
-        String changePasswordUrl = MailUtil.getLink(body);
+        
+        final String changePasswordUrl = getPasswordResetEmailLink(message);
 
         driver.navigate().to(changePasswordUrl.trim());
 
@@ -211,8 +212,7 @@ public class ResetPasswordTest {
 
         MimeMessage message = greenMail.getReceivedMessages()[0];
 
-        String body = (String) message.getContent();
-        String changePasswordUrl = MailUtil.getLink(body);
+        String changePasswordUrl = getPasswordResetEmailLink(message);
 
         driver.navigate().to(changePasswordUrl.trim());
 
@@ -256,8 +256,7 @@ public class ResetPasswordTest {
 
         MimeMessage message = greenMail.getReceivedMessages()[greenMail.getReceivedMessages().length - 1];
 
-        String body = (String) message.getContent();
-        String changePasswordUrl = MailUtil.getLink(body);
+        String changePasswordUrl = getPasswordResetEmailLink(message);
 
         driver.navigate().to(changePasswordUrl.trim());
 
@@ -294,8 +293,7 @@ public class ResetPasswordTest {
 
         MimeMessage message = greenMail.getReceivedMessages()[greenMail.getReceivedMessages().length - 1];
 
-        String body = (String) message.getContent();
-        String changePasswordUrl = MailUtil.getLink(body);
+        String changePasswordUrl = getPasswordResetEmailLink(message);
 
         driver.navigate().to(changePasswordUrl.trim());
 
@@ -364,8 +362,7 @@ public class ResetPasswordTest {
 
             MimeMessage message = greenMail.getReceivedMessages()[0];
 
-            String body = (String) message.getContent();
-            String changePasswordUrl = MailUtil.getLink(body);
+            String changePasswordUrl = getPasswordResetEmailLink(message);
 
             Time.setOffset(350);
 
@@ -513,8 +510,7 @@ public class ResetPasswordTest {
 
         MimeMessage message = greenMail.getReceivedMessages()[0];
 
-        String body = (String) message.getContent();
-        String changePasswordUrl = MailUtil.getLink(body);
+        String changePasswordUrl = getPasswordResetEmailLink(message);
 
         String sessionId = events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent().getSessionId();
 
@@ -609,8 +605,7 @@ public class ResetPasswordTest {
 
         MimeMessage message = greenMail.getReceivedMessages()[0];
 
-        String body = (String) message.getContent();
-        String changePasswordUrl = MailUtil.getLink(body);
+        String changePasswordUrl = getPasswordResetEmailLink(message);
 
         driver.manage().deleteAllCookies();
 
@@ -629,5 +624,27 @@ public class ResetPasswordTest {
 
         assertTrue(loginPage.isCurrent());
     }
+    
+    private String getPasswordResetEmailLink(MimeMessage message) throws IOException, MessagingException {
+    	Multipart multipart = (Multipart) message.getContent();
+    	
+        final String textContentType = multipart.getBodyPart(0).getContentType();
+        
+        assertEquals("text/plain; charset=UTF-8", textContentType);
+        
+        final String textBody = (String) multipart.getBodyPart(0).getContent();
+        final String textChangePwdUrl = MailUtil.getLink(textBody);
+        
+        final String htmlContentType = multipart.getBodyPart(1).getContentType();
+        
+        assertEquals("text/html; charset=UTF-8", htmlContentType);
+        
+        final String htmlBody = (String) multipart.getBodyPart(1).getContent();
+        final String htmlChangePwdUrl = MailUtil.getLink(htmlBody);
+        
+        assertEquals(htmlChangePwdUrl, textChangePwdUrl);
+
+        return htmlChangePwdUrl;
+    }
 
 }

testsuite/integration/src/test/java/org/keycloak/testsuite/ldap/LDAPTestConfiguration.java 11(+5 -6)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/ldap/LDAPTestConfiguration.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/ldap/LDAPTestConfiguration.java
index c00ca33..e5d8408 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/ldap/LDAPTestConfiguration.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/ldap/LDAPTestConfiguration.java
@@ -28,9 +28,8 @@ public class LDAPTestConfiguration {
 
     static {
         PROP_MAPPINGS.put(LDAPConstants.CONNECTION_URL, "idm.test.ldap.connection.url");
-        PROP_MAPPINGS.put("rolesDnSuffix", "idm.test.ldap.roles.dn.suffix");
-        PROP_MAPPINGS.put("groupDnSuffix", "idm.test.ldap.group.dn.suffix");
-        PROP_MAPPINGS.put(LDAPConstants.USER_DNS, "idm.test.ldap.user.dn.suffix");
+        PROP_MAPPINGS.put(LDAPConstants.BASE_DN, "idm.test.ldap.base.dn");
+        PROP_MAPPINGS.put(LDAPConstants.USERS_DN, "idm.test.ldap.user.dn.suffix");
         PROP_MAPPINGS.put(LDAPConstants.BIND_DN, "idm.test.ldap.bind.dn");
         PROP_MAPPINGS.put(LDAPConstants.BIND_CREDENTIAL, "idm.test.ldap.bind.credential");
         PROP_MAPPINGS.put(LDAPConstants.VENDOR, "idm.test.ldap.vendor");
@@ -38,6 +37,7 @@ public class LDAPTestConfiguration {
         PROP_MAPPINGS.put(LDAPConstants.PAGINATION, "idm.test.ldap.pagination");
         PROP_MAPPINGS.put(LDAPConstants.BATCH_SIZE_FOR_SYNC, "idm.test.ldap.batch.size.for.sync");
         PROP_MAPPINGS.put(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, "idm.test.ldap.username.ldap.attribute");
+        PROP_MAPPINGS.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, "idm.test.ldap.rdn.ldap.attribute");
         PROP_MAPPINGS.put(LDAPConstants.USER_OBJECT_CLASSES, "idm.test.ldap.user.object.classes");
         PROP_MAPPINGS.put(LDAPConstants.USER_ACCOUNT_CONTROLS_AFTER_PASSWORD_UPDATE, "idm.test.ldap.user.account.controls.after.password.update");
         PROP_MAPPINGS.put(LDAPConstants.EDIT_MODE, "idm.test.ldap.edit.mode");
@@ -52,9 +52,8 @@ public class LDAPTestConfiguration {
         PROP_MAPPINGS.put(KerberosConstants.USE_KERBEROS_FOR_PASSWORD_AUTHENTICATION, "idm.test.kerberos.use.kerberos.for.password.authentication");
 
         DEFAULT_VALUES.put(LDAPConstants.CONNECTION_URL, "ldap://localhost:10389");
-        DEFAULT_VALUES.put("rolesDnSuffix", "ou=Roles,dc=keycloak,dc=org");
-        DEFAULT_VALUES.put("groupDnSuffix", "ou=Groups,dc=keycloak,dc=org");
-        DEFAULT_VALUES.put(LDAPConstants.USER_DNS, "ou=People,dc=keycloak,dc=org");
+        DEFAULT_VALUES.put(LDAPConstants.BASE_DN, "dc=keycloak,dc=org");
+        DEFAULT_VALUES.put(LDAPConstants.USERS_DN, "ou=People,dc=keycloak,dc=org");
         DEFAULT_VALUES.put(LDAPConstants.BIND_DN, "uid=admin,ou=system");
         DEFAULT_VALUES.put(LDAPConstants.BIND_CREDENTIAL, "secret");
         DEFAULT_VALUES.put(LDAPConstants.VENDOR, LDAPConstants.VENDOR_OTHER);

testsuite/integration/src/test/java/org/keycloak/testsuite/MailUtil.java 2(+1 -1)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/MailUtil.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/MailUtil.java
index 9691301..f29ae4e 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/MailUtil.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/MailUtil.java
@@ -8,7 +8,7 @@ import java.util.regex.Pattern;
  */
 public class MailUtil {
 
-    private static Pattern mailPattern = Pattern.compile("http[^\\s]*");
+    private static Pattern mailPattern = Pattern.compile("http[^\\s\"]*");
 
     public static String getLink(String body) {
         Matcher matcher = mailPattern.matcher(body);

testsuite/integration/src/test/java/org/keycloak/testsuite/model/ModelTest.java 2(+2 -0)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ModelTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ModelTest.java
index 9a4fb5f..7637f1d 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ModelTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ModelTest.java
@@ -21,6 +21,7 @@ public class ModelTest extends AbstractModelTest {
         realm.setRegistrationAllowed(true);
         realm.setRegistrationEmailAsUsername(true);
         realm.setResetPasswordAllowed(true);
+        realm.setEditUsernameAllowed(true);
         realm.setSslRequired(SslRequired.EXTERNAL);
         realm.setVerifyEmail(true);
         realm.setAccessTokenLifespan(1000);
@@ -55,6 +56,7 @@ public class ModelTest extends AbstractModelTest {
         Assert.assertEquals(expected.isRegistrationAllowed(), actual.isRegistrationAllowed());
         Assert.assertEquals(expected.isRegistrationEmailAsUsername(), actual.isRegistrationEmailAsUsername());
         Assert.assertEquals(expected.isResetPasswordAllowed(), actual.isResetPasswordAllowed());
+        Assert.assertEquals(expected.isEditUsernameAllowed(), actual.isEditUsernameAllowed());
         Assert.assertEquals(expected.getSslRequired(), actual.getSslRequired());
         Assert.assertEquals(expected.isVerifyEmail(), actual.isVerifyEmail());
         Assert.assertEquals(expected.getAccessTokenLifespan(), actual.getAccessTokenLifespan());

testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthDanceClientSessionExtensionTest.java 71(+71 -0)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthDanceClientSessionExtensionTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthDanceClientSessionExtensionTest.java
new file mode 100644
index 0000000..f097892
--- /dev/null
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthDanceClientSessionExtensionTest.java
@@ -0,0 +1,71 @@
+package org.keycloak.testsuite.oauth;
+
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.events.Details;
+import org.keycloak.events.Event;
+import org.keycloak.testsuite.AssertEvents;
+import org.keycloak.testsuite.OAuthClient;
+import org.keycloak.testsuite.rule.KeycloakRule;
+import org.keycloak.testsuite.rule.WebResource;
+import org.keycloak.testsuite.rule.WebRule;
+
+/**
+ * @author Sebastian Rose, AOE on 02.06.15.
+ */
+public class OAuthDanceClientSessionExtensionTest {
+
+    @ClassRule
+    public static KeycloakRule keycloakRule = new KeycloakRule();
+
+    @Rule
+    public WebRule webRule = new WebRule(this);
+
+    @WebResource
+    protected OAuthClient oauth;
+
+    @Rule
+    public AssertEvents events = new AssertEvents(keycloakRule);
+
+    @Test
+    public void doOauthDanceWithClientSessionStateAndHost() throws Exception {
+        oauth.doLogin("test-user@localhost", "password");
+
+        Event loginEvent = events.expectLogin().assertEvent();
+
+        String sessionId = loginEvent.getSessionId();
+        String codeId = loginEvent.getDetails().get(Details.CODE_ID);
+
+        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+
+        String clientSessionState = "1234";
+        String clientSessionHost = "test-client-host";
+
+        OAuthClient.AccessTokenResponse tokenResponse = oauth.clientSessionState(clientSessionState)
+                                                             .clientSessionHost(clientSessionHost)
+                                                             .doAccessTokenRequest(code, "password");
+
+        String refreshTokenString = tokenResponse.getRefreshToken();
+
+        Event tokenEvent = events.expectCodeToToken(codeId, sessionId)
+                                 .detail(Details.CLIENT_SESSION_STATE, clientSessionState)
+                                 .detail(Details.CLIENT_SESSION_HOST, clientSessionHost)
+                                 .assertEvent();
+
+
+        String updatedClientSessionState = "5678";
+
+        oauth.clientSessionState(updatedClientSessionState)
+             .clientSessionHost(clientSessionHost)
+             .doRefreshTokenRequest(refreshTokenString, "password");
+
+        events.expectRefresh(tokenEvent.getDetails().get(Details.REFRESH_TOKEN_ID), sessionId)
+              .detail(Details.CLIENT_SESSION_STATE, updatedClientSessionState)
+              .detail(Details.CLIENT_SESSION_HOST, clientSessionHost)
+              .assertEvent();
+
+    }
+
+}

testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java 28(+0 -28)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
index 90a88e2..cadeb9e 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
@@ -33,7 +33,6 @@ public class ResourceOwnerPasswordCredentialsGrantTest {
         public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
             ClientModel app = appRealm.addClient("resource-owner");
             app.setSecret("secret");
-            appRealm.setPasswordCredentialGrantAllowed(true);
 
             UserModel user = session.users().addUser(appRealm, "direct-login");
             user.setEmail("direct-login@localhost");
@@ -106,33 +105,6 @@ public class ResourceOwnerPasswordCredentialsGrantTest {
     }
 
     @Test
-    public void grantAccessTokenNotEnabled() throws Exception {
-        try {
-            keycloakRule.update(new KeycloakRule.KeycloakSetup() {
-                @Override
-                public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                    appRealm.setPasswordCredentialGrantAllowed(false);
-                }
-            });
-
-            oauth.clientId("resource-owner");
-
-            OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "test-user@localhost", "password");
-
-            assertEquals(403, response.getStatusCode());
-            assertEquals("not_enabled", response.getError());
-
-        } finally {
-            keycloakRule.update(new KeycloakRule.KeycloakSetup() {
-                @Override
-                public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                    appRealm.setPasswordCredentialGrantAllowed(true);
-                }
-            });
-        }
-    }
-
-    @Test
     public void grantAccessTokenLogout() throws Exception {
         oauth.clientId("resource-owner");

testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java 37(+37 -0)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
index 3c81b8a..4e4f57a 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
@@ -35,6 +35,7 @@ import org.junit.Assert;
 import org.keycloak.OAuth2Constants;
 import org.keycloak.RSATokenVerifier;
 import org.keycloak.VerificationException;
+import org.keycloak.constants.AdapterConstants;
 import org.keycloak.freemarker.LocaleHelper;
 import org.keycloak.jose.jws.JWSInput;
 import org.keycloak.jose.jws.crypto.RSAProvider;
@@ -78,6 +79,10 @@ public class OAuthClient {
 
     private PublicKey realmPublicKey;
 
+    private String clientSessionState;
+
+    private String clientSessionHost;
+
     public OAuthClient(WebDriver driver) {
         this.driver = driver;
 
@@ -128,6 +133,14 @@ public class OAuthClient {
             parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
         }
 
+        if(clientSessionState != null) {
+            parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState));
+        }
+
+        if(clientSessionHost != null) {
+            parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost));
+        }
+
         UrlEncodedFormEntity formEntity = null;
         try {
             formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
@@ -155,6 +168,13 @@ public class OAuthClient {
         parameters.add(new BasicNameValuePair("username", username));
         parameters.add(new BasicNameValuePair("password", password));
 
+        if(clientSessionState != null) {
+            parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState));
+        }
+        if(clientSessionHost != null) {
+            parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost));
+        }
+
         UrlEncodedFormEntity formEntity;
         try {
             formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
@@ -211,6 +231,13 @@ public class OAuthClient {
             parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
         }
 
+        if(clientSessionState != null) {
+            parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState));
+        }
+        if(clientSessionHost != null) {
+            parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost));
+        }
+
         UrlEncodedFormEntity formEntity;
         try {
             formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
@@ -360,6 +387,16 @@ public class OAuthClient {
         return this;
     }
 
+    public OAuthClient clientSessionState(String client_session_state) {
+        this.clientSessionState = client_session_state;
+        return this;
+    }
+
+    public OAuthClient clientSessionHost(String client_session_host) {
+        this.clientSessionHost = client_session_host;
+        return this;
+    }
+
     public String getRealm() {
         return realm;
     }

testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountUpdateProfilePage.java 20(+20 -0)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountUpdateProfilePage.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountUpdateProfilePage.java
index 1aa7b21..18bc795 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountUpdateProfilePage.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/AccountUpdateProfilePage.java
@@ -35,6 +35,9 @@ public class AccountUpdateProfilePage extends AbstractAccountPage {
 
     public static String PATH = RealmsResource.accountUrl(UriBuilder.fromUri(Constants.AUTH_SERVER_ROOT)).build("test").toString();
 
+    @FindBy(id = "username")
+    private WebElement usernameInput;
+
     @FindBy(id = "firstName")
     private WebElement firstNameInput;
 
@@ -74,11 +77,28 @@ public class AccountUpdateProfilePage extends AbstractAccountPage {
         submitButton.click();
     }
 
+    public void updateProfile(String username, String firstName, String lastName, String email) {
+        usernameInput.clear();
+        usernameInput.sendKeys(username);
+        firstNameInput.clear();
+        firstNameInput.sendKeys(firstName);
+        lastNameInput.clear();
+        lastNameInput.sendKeys(lastName);
+        emailInput.clear();
+        emailInput.sendKeys(email);
+
+        submitButton.click();
+    }
+
     public void clickCancel() {
         cancelButton.click();
     }
 
 
+    public String getUsername() {
+        return usernameInput.getAttribute("value");
+    }
+
     public String getFirstName() {
         return firstNameInput.getAttribute("value");
     }

testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java 116(+83 -33)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java
index 7641d6f..257b7aa 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java
@@ -148,40 +148,9 @@ public abstract class AbstractKeycloakRule extends ExternalResource {
         return deploymentInfo;
     }
 
-    public void deployApplication(String name, String contextPath, Class<? extends Servlet> servletClass, String adapterConfigPath, String role) {
-        deployApplication(name, contextPath, servletClass, adapterConfigPath, role, true);
 
-    }
-
-    public void deployApplication(String name, String contextPath, Class<? extends Servlet> servletClass, String adapterConfigPath, String role, boolean isConstrained) {
-        deployApplication(name, contextPath, servletClass, adapterConfigPath, role, isConstrained, null);
-    }
-
-    public void deployApplication(String name, String contextPath, Class<? extends Servlet> servletClass, String adapterConfigPath, String role, boolean isConstrained, Class<? extends KeycloakConfigResolver> keycloakConfigResolver) {
-        String constraintUrl = "/*";
-        deployApplication(name, contextPath, servletClass, adapterConfigPath, role, isConstrained, keycloakConfigResolver, constraintUrl);
-    }
-
-    public void deployApplication(String name, String contextPath, Class<? extends Servlet> servletClass, String adapterConfigPath, String role, boolean isConstrained, Class<? extends KeycloakConfigResolver> keycloakConfigResolver, String constraintUrl) {
-        DeploymentInfo di = createDeploymentInfo(name, contextPath, servletClass);
-        if (null == keycloakConfigResolver) {
-            di.addInitParameter("keycloak.config.file", adapterConfigPath);
-        } else {
-            di.addInitParameter("keycloak.config.resolver", keycloakConfigResolver.getCanonicalName());
-        }
-        if (isConstrained) {
-            SecurityConstraint constraint = new SecurityConstraint();
-            WebResourceCollection collection = new WebResourceCollection();
-            collection.addUrlPattern(constraintUrl);
-            constraint.addWebResourceCollection(collection);
-            constraint.addRoleAllowed(role);
-            di.addSecurityConstraint(constraint);
-        }
-        LoginConfig loginConfig = new LoginConfig("KEYCLOAK", "demo", null, "/error.html");
-        di.setLoginConfig(loginConfig);
-        addErrorPage(di);
-
-        server.getServer().deploy(di);
+    public DeploymentBuilder createApplicationDeployment() {
+        return new DeploymentBuilder();
     }
 
     public void addErrorPage(DeploymentInfo di) {
@@ -302,4 +271,85 @@ public abstract class AbstractKeycloakRule extends ExternalResource {
         return new String[]{"test", "demo"};
     }
 
+    public class DeploymentBuilder {
+
+        private String name;
+        private String contextPath;
+        private Class<? extends Servlet> servletClass;
+        private String adapterConfigPath;
+        private String role;
+        private boolean isConstrained = true;
+        private Class<? extends KeycloakConfigResolver> keycloakConfigResolver;
+        private String constraintUrl = "/*";
+        private String errorPage = "/error.html";
+
+        public DeploymentBuilder name(String name) {
+            this.name = name;
+            return this;
+        }
+
+        public DeploymentBuilder contextPath(String contextPath) {
+            this.contextPath = contextPath;
+            return this;
+        }
+
+        public DeploymentBuilder servletClass(Class<? extends Servlet> servletClass) {
+            this.servletClass = servletClass;
+            return this;
+        }
+
+        public DeploymentBuilder adapterConfigPath(String adapterConfigPath) {
+            this.adapterConfigPath = adapterConfigPath;
+            return this;
+        }
+
+        public DeploymentBuilder role(String role) {
+            this.role = role;
+            return this;
+        }
+
+        public DeploymentBuilder isConstrained(boolean isConstrained) {
+            this.isConstrained = isConstrained;
+            return this;
+        }
+
+        public DeploymentBuilder keycloakConfigResolver(Class<? extends KeycloakConfigResolver> keycloakConfigResolver) {
+            this.keycloakConfigResolver = keycloakConfigResolver;
+            return this;
+        }
+
+        public DeploymentBuilder constraintUrl(String constraintUrl) {
+            this.constraintUrl = constraintUrl;
+            return this;
+        }
+
+        public DeploymentBuilder errorPage(String errorPage) {
+            this.errorPage = errorPage;
+            return this;
+        }
+
+        public void deployApplication() {
+            DeploymentInfo di = createDeploymentInfo(name, contextPath, servletClass);
+            if (null == keycloakConfigResolver) {
+                di.addInitParameter("keycloak.config.file", adapterConfigPath);
+            } else {
+                di.addInitParameter("keycloak.config.resolver", keycloakConfigResolver.getCanonicalName());
+            }
+            if (isConstrained) {
+                SecurityConstraint constraint = new SecurityConstraint();
+                WebResourceCollection collection = new WebResourceCollection();
+                collection.addUrlPattern(constraintUrl);
+                constraint.addWebResourceCollection(collection);
+                constraint.addRoleAllowed(role);
+                di.addSecurityConstraint(constraint);
+            }
+            LoginConfig loginConfig = new LoginConfig("KEYCLOAK", "demo", null, errorPage);
+            di.setLoginConfig(loginConfig);
+            addErrorPage(di);
+
+            server.getServer().deploy(di);
+        }
+
+    }
+
 }

testsuite/integration/src/test/resources/adapter-test/demorealm.json 1(+0 -1)

diff --git a/testsuite/integration/src/test/resources/adapter-test/demorealm.json b/testsuite/integration/src/test/resources/adapter-test/demorealm.json
index 32a79c7..c0b6003 100755
--- a/testsuite/integration/src/test/resources/adapter-test/demorealm.json
+++ b/testsuite/integration/src/test/resources/adapter-test/demorealm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

testsuite/integration/src/test/resources/adapter-test/tenant1-realm.json 1(+0 -1)

diff --git a/testsuite/integration/src/test/resources/adapter-test/tenant1-realm.json b/testsuite/integration/src/test/resources/adapter-test/tenant1-realm.json
index 3f6649c..8f0adda 100644
--- a/testsuite/integration/src/test/resources/adapter-test/tenant1-realm.json
+++ b/testsuite/integration/src/test/resources/adapter-test/tenant1-realm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

testsuite/integration/src/test/resources/adapter-test/tenant2-realm.json 1(+0 -1)

diff --git a/testsuite/integration/src/test/resources/adapter-test/tenant2-realm.json b/testsuite/integration/src/test/resources/adapter-test/tenant2-realm.json
index 1a5ccc4..a1b0357 100644
--- a/testsuite/integration/src/test/resources/adapter-test/tenant2-realm.json
+++ b/testsuite/integration/src/test/resources/adapter-test/tenant2-realm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json 27(+17 -10)

diff --git a/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json b/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
index 009fda5..a6ace52 100755
--- a/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
+++ b/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
@@ -7,12 +7,18 @@
     "registrationAllowed": true,
     "privateKey": "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCCPyvTTb14vSMkpe/pds2P5Cqxk7bkeFnQiNMS1vyZ+HS2O79fxzp1eAguHnBTs4XTRT7SZJhIT/6utgqZjmDigKV5N7X5ptq8BM/W1qa1cYBRip261pc+tWf3IywJYQ9yFI9mUQarmIEl0D7GH16NSZklheaWfbodRVarvX+ML0amNtGYVDft/RftYmgbKKrK218qQp9R4GZFtf/Q/RmboNXN7weMINU8GWVkTRrccKBIXSunT6zXGfuj3Wp1YpVq20BWwY2OMM/P+yDAc7LKEO1LJqPBdT4r9BRn2lXiaga3AL24gTKZPKU/tu7uqfFciF+i4Rr58SMDNOzQcnklAgMBAAECggEAc0eibJYEO5d8QXW1kPgcHV2gBChv2mxDYnWYDLbIQSdNdfYP/qABt/MTmm5KkWr16fcCEYoD1w0mqFBrtVn1msSusUmEAYGTXJMNumOmjjX1kzaTQMmqeFBrwqwYz/xehWR5P+A7fSmwNV3KEeW19GvN5w5K96w0TLAQdFV3TQVPSytusDunwuR1yltMe1voaEDZ9z0Pi08YiEk2f6xhj5CMkoiw3mNImzfruphHullxU4FD05fH6tDeJ381527ILpAzDsgYZh4aFLKjUHem96bX4EL7FIzBJ6okgN78AZnUC/EaVfgFTw0qfhoWvZV4ruVXXiMhCg4CMMRDq/k9iQKBgQDBNWsJMT84OnnWmQoJmZogkFV+tsGrSK6Re+aJxLWpishh7dwAnT2OcagZvVdUb0FwNWu1D0B9/SKDDMRnnHBhOGDpH57m/eQdRU0oX1BD27xvffk0lLcfD4BTxnR5e9jss8K4twc9jf0P1rxC/loGJ2NtCH0BrPHgz54Ea+96ewKBgQCsk3JDaaPnFwzVYm2BXlhxOxLPsF4wvD2rIRAswZV4C5xebjand8nwiMmVpNd0PRLkEnkI+waURGv2EY/P3JsssoiY8Xqe8f/1G+SQKre7lbqOas8rFoALepC0BYDiZDFy0Z9ZnRAFzRI5sgIt7jpoMRD4xDNlmiV8X+yBxc3Y3wKBgQChDQsU1YUyNKQ8+sLAL9anEEkD4Ald4q8JPHN2IY+gLLxNzT0XEfsu0pTiJ8805axxgUYv3e/PVYNAJBNPnrqaf6lgiegl+jr9Hzhqz9CTUAYqFaL2boSakoxQyNtsLI0s+cb1vDN/3uy0GDZDzcty18BsMagqDmRtFgNNAj/UIwKBgQCahbeFBv0cOPZjxisY8Bou4N8aGehsqNBq/0LVYExuXa8YmoTTdJ3bgw9Er4G/ccQNdUDsuqAMeCtW/CiRzQ0ge4d1sprB4Rv3I4+HSsiS7SFKzfZLtWzXWlpg5qCdlWr1TR7qhYjIOPO9t1beO3YOvwhcRoliyyAPenBxTmTfbwKBgDtm2WJ5VlQgNpIdOs1CCiqd0DFmWOmvBPspPC1kySiy+Ndr9jNohRZkR7pEjgqA5E8rdzc88LirUN7bY5HFHRWN9KXrs5/o3O1K3GFCp64N6nvnPEYZ2zSJalcMC2fjSsJg26z8Dg1H+gfTIDUMoGiEAAnJXuqk+WayPU+fZMLn",
     "publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj8r0029eL0jJKXv6XbNj+QqsZO25HhZ0IjTEtb8mfh0tju/X8c6dXgILh5wU7OF00U+0mSYSE/+rrYKmY5g4oCleTe1+abavATP1tamtXGAUYqdutaXPrVn9yMsCWEPchSPZlEGq5iBJdA+xh9ejUmZJYXmln26HUVWq71/jC9GpjbRmFQ37f0X7WJoGyiqyttfKkKfUeBmRbX/0P0Zm6DVze8HjCDVPBllZE0a3HCgSF0rp0+s1xn7o91qdWKVattAVsGNjjDPz/sgwHOyyhDtSyajwXU+K/QUZ9pV4moGtwC9uIEymTylP7bu7qnxXIhfouEa+fEjAzTs0HJ5JQIDAQAB",
+    "smtpServer": {
+        "from": "auto@keycloak.org",
+        "host": "localhost",
+        "port":"3025"
+    },
     "identityProviders" : [
         {
             "alias" : "model-google",
             "providerId" : "google",
             "enabled": true,
             "updateProfileFirstLogin" : "true",
+            "trustEmail" : "true",
             "storeToken": "true",
             "config": {
                 "clientId": "clientId",
@@ -23,7 +29,7 @@
             "alias" : "model-facebook",
             "providerId" : "facebook",
             "enabled": true,
-            "updateProfileFirstLogin" : "true",
+            "updateProfileFirstLogin" : "false",
             "config": {
                 "authorizationUrl": "authorizationUrl",
                 "tokenUrl": "tokenUrl",
@@ -36,7 +42,7 @@
             "alias" : "model-github",
             "providerId" : "github",
             "enabled": true,
-            "updateProfileFirstLogin" : "true",
+            "updateProfileFirstLoginMode" : "on",
             "storeToken": "false",
             "config": {
                 "authorizationUrl": "authorizationUrl",
@@ -50,7 +56,7 @@
             "alias" : "model-twitter",
             "providerId" : "twitter",
             "enabled": true,
-            "updateProfileFirstLogin" : "true",
+            "updateProfileFirstLoginMode" : "off",
             "storeToken": true,
             "config": {
                 "authorizationUrl": "authorizationUrl",
@@ -64,7 +70,7 @@
             "alias" : "model-linkedin",
             "providerId" : "linkedin",
             "enabled": true,
-            "updateProfileFirstLogin" : "true",
+            "updateProfileFirstLoginMode" : "missing",
             "storeToken": false,
             "config": {
                 "authorizationUrl": "authorizationUrl",
@@ -78,7 +84,7 @@
             "alias" : "model-stackoverflow",
             "providerId" : "stackoverflow",
             "enabled": true,
-            "updateProfileFirstLogin" : "true",
+            "updateProfileFirstLoginMode" : "off",
             "storeToken": false,
             "config": {
                 "key": "keyValue",
@@ -93,7 +99,7 @@
           "alias" : "model-saml-signed-idp",
           "providerId" : "saml",
           "enabled": true,
-          "updateProfileFirstLogin" : "true",
+          "updateProfileFirstLoginMode" : "on",
           "config": {
             "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml",
             "nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
@@ -109,7 +115,7 @@
             "alias" : "kc-saml-signed-idp",
             "providerId" : "saml",
             "enabled": true,
-            "updateProfileFirstLogin" : true,
+            "updateProfileFirstLoginMode" : "on",
             "addReadTokenRoleOnCreate": true,
             "config": {
                 "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-signed-idp/protocol/saml",
@@ -128,7 +134,8 @@
             "alias" : "kc-saml-idp-basic",
             "providerId" : "saml",
             "enabled": true,
-            "updateProfileFirstLogin" : true,
+            "updateProfileFirstLoginMode" : "on",
+            "trustEmail" : false,
             "addReadTokenRoleOnCreate": true,
             "config": {
                 "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-idp-basic/protocol/saml",
@@ -143,7 +150,7 @@
             "alias" : "model-oidc-idp",
             "providerId" : "oidc",
             "enabled": false,
-            "updateProfileFirstLogin" : "false",
+            "updateProfileFirstLoginMode" : "off",
             "authenticateByDefault" : "false",
             "config": {
                 "clientId": "clientId",
@@ -159,7 +166,7 @@
             "alias" : "kc-oidc-idp",
             "providerId" : "keycloak-oidc",
             "enabled": true,
-            "updateProfileFirstLogin" : "false",
+            "updateProfileFirstLoginMode" : "off",
             "storeToken" : true,
             "addReadTokenRoleOnCreate": true,
             "config": {

testsuite/integration/src/test/resources/kerberos-test/kerberosrealm.json 1(+0 -1)

diff --git a/testsuite/integration/src/test/resources/kerberos-test/kerberosrealm.json b/testsuite/integration/src/test/resources/kerberos-test/kerberosrealm.json
index b0fb903..d9616db 100644
--- a/testsuite/integration/src/test/resources/kerberos-test/kerberosrealm.json
+++ b/testsuite/integration/src/test/resources/kerberos-test/kerberosrealm.json
@@ -5,7 +5,6 @@
     "sslRequired": "external",
     "registrationAllowed": true,
     "resetPasswordAllowed": true,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password", "kerberos" ],

testsuite/integration/src/test/resources/ldap/ldap-connection.properties 2(+0 -2)

diff --git a/testsuite/integration/src/test/resources/ldap/ldap-connection.properties b/testsuite/integration/src/test/resources/ldap/ldap-connection.properties
index c759f4a..c279f49 100644
--- a/testsuite/integration/src/test/resources/ldap/ldap-connection.properties
+++ b/testsuite/integration/src/test/resources/ldap/ldap-connection.properties
@@ -1,7 +1,5 @@
 idm.test.ldap.connection.url=ldap\://localhost\:10389
 idm.test.ldap.base.dn=dc\=keycloak,dc\=org
-idm.test.ldap.roles.dn.suffix=ou\=Roles,dc\=keycloak,dc\=org
-idm.test.ldap.group.dn.suffix=ou\=Groups,dc\=keycloak,dc\=org
 idm.test.ldap.user.dn.suffix=ou\=People,dc\=keycloak,dc\=org
 idm.test.ldap.start.embedded.ldap.server=true
 idm.test.ldap.bind.dn=uid\=admin,ou\=system

testsuite/integration/src/test/resources/ldap/users.ldif 17(+0 -17)

diff --git a/testsuite/integration/src/test/resources/ldap/users.ldif b/testsuite/integration/src/test/resources/ldap/users.ldif
index b1777d7..9450126 100644
--- a/testsuite/integration/src/test/resources/ldap/users.ldif
+++ b/testsuite/integration/src/test/resources/ldap/users.ldif
@@ -14,26 +14,9 @@ objectclass: top
 objectclass: organizationalUnit
 ou: RealmRoles
 
-dn: cn=realmRole1,ou=RealmRoles,dc=keycloak,dc=org
-objectclass: top
-objectclass: groupOfNames
-cn: realmRole1
-member:
-
-dn: cn=realmRole2,ou=RealmRoles,dc=keycloak,dc=org
-objectclass: top
-objectclass: groupOfNames
-cn: realmRole2
-member:
-
 dn: ou=FinanceRoles,dc=keycloak,dc=org
 objectclass: top
 objectclass: organizationalUnit
 ou: FinanceRoles
 
-dn: cn=financeRole1,ou=FinanceRoles,dc=keycloak,dc=org
-objectclass: top
-objectclass: groupOfNames
-cn: financeRole1
-member:

testsuite/integration/src/test/resources/saml/testsaml.json 1(+0 -1)

diff --git a/testsuite/integration/src/test/resources/saml/testsaml.json b/testsuite/integration/src/test/resources/saml/testsaml.json
index ed67040..8b297ec 100755
--- a/testsuite/integration/src/test/resources/saml/testsaml.json
+++ b/testsuite/integration/src/test/resources/saml/testsaml.json
@@ -5,7 +5,6 @@
     "sslRequired": "external",
     "registrationAllowed": true,
     "resetPasswordAllowed": true,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

testsuite/integration/src/test/resources/testrealm.json 1(+0 -1)

diff --git a/testsuite/integration/src/test/resources/testrealm.json b/testsuite/integration/src/test/resources/testrealm.json
index c9b6708..a20c18f 100755
--- a/testsuite/integration/src/test/resources/testrealm.json
+++ b/testsuite/integration/src/test/resources/testrealm.json
@@ -5,7 +5,6 @@
     "sslRequired": "external",
     "registrationAllowed": true,
     "resetPasswordAllowed": true,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/GeneralSettingsPage.java 5(+1 -4)

diff --git a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/GeneralSettingsPage.java b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/GeneralSettingsPage.java
index bfab15d..744b364 100644
--- a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/GeneralSettingsPage.java
+++ b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/GeneralSettingsPage.java
@@ -39,10 +39,7 @@ public class GeneralSettingsPage extends AbstractPage {
     
     @FindBy(id = "updateProfileOnInitialSocialLogin")
     private WebElement updateProfileOnInitialSocialLogin;
-    
-    @FindBy(id = "passwordCredentialGrantAllowed")
-    private WebElement passwordCredentialGrantAllowed;
-    
+
     @FindBy(id = "loginTheme")
     private Select loginThemeSelect;

testsuite/jetty/jetty81/src/test/java/org/keycloak/testsuite/Jetty8Test.java 10(+10 -0)

diff --git a/testsuite/jetty/jetty81/src/test/java/org/keycloak/testsuite/Jetty8Test.java b/testsuite/jetty/jetty81/src/test/java/org/keycloak/testsuite/Jetty8Test.java
index 6232ae5..2453aab 100755
--- a/testsuite/jetty/jetty81/src/test/java/org/keycloak/testsuite/Jetty8Test.java
+++ b/testsuite/jetty/jetty81/src/test/java/org/keycloak/testsuite/Jetty8Test.java
@@ -66,6 +66,7 @@ public class Jetty8Test {
         File base = new File(dir.getFile()).getParentFile();
         list.add(new WebAppContext(new File(base, "customer-portal").toString(), "/customer-portal"));
         list.add(new WebAppContext(new File(base, "customer-db").toString(), "/customer-db"));
+        list.add(new WebAppContext(new File(base, "customer-db-error-page").toString(), "/customer-db-error-page"));
         list.add(new WebAppContext(new File(base, "product-portal").toString(), "/product-portal"));
         list.add(new WebAppContext(new File(base, "session-portal").toString(), "/session-portal"));
         list.add(new WebAppContext(new File(base, "input-portal").toString(), "/input-portal"));
@@ -132,6 +133,15 @@ public class Jetty8Test {
     }
 
     /**
+     * KEYCLOAK-1368
+     * @throws Exception
+     */
+    @Test
+    public void testNullBearerTokenCustomErrorPage() throws Exception {
+        testStrategy.testNullBearerTokenCustomErrorPage();
+    }
+
+    /**
      * KEYCLOAK-518
      * @throws Exception
      */

testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/jetty-web.xml 29(+29 -0)

diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+    <Get name="securityHandler">
+        <Set name="authenticator">
+            <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+                <!--
+                <Set name="adapterConfig">
+                    <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+                        <Set name="realm">tomcat</Set>
+                        <Set name="resource">customer-portal</Set>
+                        <Set name="authServerUrl">http://localhost:8081/auth</Set>
+                        <Set name="sslRequired">external</Set>
+                        <Set name="credentials">
+                            <Map>
+                                <Entry>
+                                    <Item>secret</Item>
+                                    <Item>password</Item>
+                                </Entry>
+                            </Map>
+                        </Set>
+                        <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+                    </New>
+                </Set>
+                -->
+            </New>
+        </Set>
+    </Get>
+</Configure>
\ No newline at end of file

testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json 10(+10 -0)

diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json b/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json
new file mode 100755
index 0000000..38d1179
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+  "realm" : "demo",
+  "resource" : "customer-db",
+  "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+  "auth-server-url": "http://localhost:8081/auth",
+  "ssl-required" : "external",
+  "bearer-only" : true,
+  "enable-cors" : true
+
+}

testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml 59(+59 -0)

diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml b/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml
new file mode 100755
index 0000000..f44a60b
--- /dev/null
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+      version="3.0">
+
+	<module-name>adapter-test</module-name>
+
+    <servlet>
+        <servlet-name>Servlet</servlet-name>
+        <servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>Error Servlet</servlet-name>
+        <servlet-class>org.keycloak.testsuite.rule.ErrorServlet</servlet-class>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>Servlet</servlet-name>
+        <url-pattern>/*</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>Error Servlet</servlet-name>
+        <url-pattern>/error.html</url-pattern>
+    </servlet-mapping>
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Users</web-resource-name>
+            <url-pattern>/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>user</role-name>
+        </auth-constraint>
+    </security-constraint>
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Errors</web-resource-name>
+            <url-pattern>/error.html</url-pattern>
+        </web-resource-collection>
+    </security-constraint>
+
+    <login-config>
+        <auth-method>FORM</auth-method>
+        <realm-name>demo</realm-name>
+        <form-login-config>
+            <form-login-page>/error.html</form-login-page>
+            <form-error-page>/error.html</form-error-page>
+        </form-login-config>
+    </login-config>
+
+    <security-role>
+        <role-name>admin</role-name>
+    </security-role>
+    <security-role>
+        <role-name>user</role-name>
+    </security-role>
+</web-app>

testsuite/jetty/jetty81/src/test/resources/adapter-test/demorealm.json 1(+0 -1)

diff --git a/testsuite/jetty/jetty81/src/test/resources/adapter-test/demorealm.json b/testsuite/jetty/jetty81/src/test/resources/adapter-test/demorealm.json
index 9db9064..a21838e 100755
--- a/testsuite/jetty/jetty81/src/test/resources/adapter-test/demorealm.json
+++ b/testsuite/jetty/jetty81/src/test/resources/adapter-test/demorealm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

testsuite/jetty/jetty81/src/test/resources/jetty-test/demorealm.json 1(+0 -1)

diff --git a/testsuite/jetty/jetty81/src/test/resources/jetty-test/demorealm.json b/testsuite/jetty/jetty81/src/test/resources/jetty-test/demorealm.json
index ee13db5..0efd923 100755
--- a/testsuite/jetty/jetty81/src/test/resources/jetty-test/demorealm.json
+++ b/testsuite/jetty/jetty81/src/test/resources/jetty-test/demorealm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

testsuite/jetty/jetty91/src/test/java/org/keycloak/testsuite/Jetty9Test.java 10(+10 -0)

diff --git a/testsuite/jetty/jetty91/src/test/java/org/keycloak/testsuite/Jetty9Test.java b/testsuite/jetty/jetty91/src/test/java/org/keycloak/testsuite/Jetty9Test.java
index 09bffc7..ba6b2e9 100755
--- a/testsuite/jetty/jetty91/src/test/java/org/keycloak/testsuite/Jetty9Test.java
+++ b/testsuite/jetty/jetty91/src/test/java/org/keycloak/testsuite/Jetty9Test.java
@@ -66,6 +66,7 @@ public class Jetty9Test {
         File base = new File(dir.getFile()).getParentFile();
         list.add(new WebAppContext(new File(base, "customer-portal").toString(), "/customer-portal"));
         list.add(new WebAppContext(new File(base, "customer-db").toString(), "/customer-db"));
+        list.add(new WebAppContext(new File(base, "customer-db-error-page").toString(), "/customer-db-error-page"));
         list.add(new WebAppContext(new File(base, "product-portal").toString(), "/product-portal"));
         list.add(new WebAppContext(new File(base, "session-portal").toString(), "/session-portal"));
         list.add(new WebAppContext(new File(base, "input-portal").toString(), "/input-portal"));
@@ -132,6 +133,15 @@ public class Jetty9Test {
     }
 
     /**
+     * KEYCLOAK-1368
+     * @throws Exception
+     */
+    @Test
+    public void testNullBearerTokenCustomErrorPage() throws Exception {
+        testStrategy.testNullBearerTokenCustomErrorPage();
+    }
+
+    /**
      * KEYCLOAK-518
      * @throws Exception
      */

testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/jetty-web.xml 29(+29 -0)

diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+    <Get name="securityHandler">
+        <Set name="authenticator">
+            <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+                <!--
+                <Set name="adapterConfig">
+                    <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+                        <Set name="realm">tomcat</Set>
+                        <Set name="resource">customer-portal</Set>
+                        <Set name="authServerUrl">http://localhost:8081/auth</Set>
+                        <Set name="sslRequired">external</Set>
+                        <Set name="credentials">
+                            <Map>
+                                <Entry>
+                                    <Item>secret</Item>
+                                    <Item>password</Item>
+                                </Entry>
+                            </Map>
+                        </Set>
+                        <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+                    </New>
+                </Set>
+                -->
+            </New>
+        </Set>
+    </Get>
+</Configure>
\ No newline at end of file

testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json 10(+10 -0)

diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json
new file mode 100755
index 0000000..38d1179
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+  "realm" : "demo",
+  "resource" : "customer-db",
+  "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+  "auth-server-url": "http://localhost:8081/auth",
+  "ssl-required" : "external",
+  "bearer-only" : true,
+  "enable-cors" : true
+
+}

testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml 59(+59 -0)

diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml
new file mode 100755
index 0000000..f44a60b
--- /dev/null
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+      version="3.0">
+
+	<module-name>adapter-test</module-name>
+
+    <servlet>
+        <servlet-name>Servlet</servlet-name>
+        <servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>Error Servlet</servlet-name>
+        <servlet-class>org.keycloak.testsuite.rule.ErrorServlet</servlet-class>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>Servlet</servlet-name>
+        <url-pattern>/*</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>Error Servlet</servlet-name>
+        <url-pattern>/error.html</url-pattern>
+    </servlet-mapping>
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Users</web-resource-name>
+            <url-pattern>/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>user</role-name>
+        </auth-constraint>
+    </security-constraint>
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Errors</web-resource-name>
+            <url-pattern>/error.html</url-pattern>
+        </web-resource-collection>
+    </security-constraint>
+
+    <login-config>
+        <auth-method>FORM</auth-method>
+        <realm-name>demo</realm-name>
+        <form-login-config>
+            <form-login-page>/error.html</form-login-page>
+            <form-error-page>/error.html</form-error-page>
+        </form-login-config>
+    </login-config>
+
+    <security-role>
+        <role-name>admin</role-name>
+    </security-role>
+    <security-role>
+        <role-name>user</role-name>
+    </security-role>
+</web-app>

testsuite/jetty/jetty91/src/test/resources/adapter-test/demorealm.json 1(+0 -1)

diff --git a/testsuite/jetty/jetty91/src/test/resources/adapter-test/demorealm.json b/testsuite/jetty/jetty91/src/test/resources/adapter-test/demorealm.json
index 9db9064..a21838e 100755
--- a/testsuite/jetty/jetty91/src/test/resources/adapter-test/demorealm.json
+++ b/testsuite/jetty/jetty91/src/test/resources/adapter-test/demorealm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

testsuite/jetty/jetty91/src/test/resources/jetty-test/demorealm.json 1(+0 -1)

diff --git a/testsuite/jetty/jetty91/src/test/resources/jetty-test/demorealm.json b/testsuite/jetty/jetty91/src/test/resources/jetty-test/demorealm.json
index ee13db5..0efd923 100755
--- a/testsuite/jetty/jetty91/src/test/resources/jetty-test/demorealm.json
+++ b/testsuite/jetty/jetty91/src/test/resources/jetty-test/demorealm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

testsuite/jetty/jetty92/src/test/java/org/keycloak/testsuite/Jetty9Test.java 10(+10 -0)

diff --git a/testsuite/jetty/jetty92/src/test/java/org/keycloak/testsuite/Jetty9Test.java b/testsuite/jetty/jetty92/src/test/java/org/keycloak/testsuite/Jetty9Test.java
index 26db13a..037769f 100755
--- a/testsuite/jetty/jetty92/src/test/java/org/keycloak/testsuite/Jetty9Test.java
+++ b/testsuite/jetty/jetty92/src/test/java/org/keycloak/testsuite/Jetty9Test.java
@@ -66,6 +66,7 @@ public class Jetty9Test {
         File base = new File(dir.getFile()).getParentFile();
         list.add(new WebAppContext(new File(base, "customer-portal").toString(), "/customer-portal"));
         list.add(new WebAppContext(new File(base, "customer-db").toString(), "/customer-db"));
+        list.add(new WebAppContext(new File(base, "customer-db-error-page").toString(), "/customer-db-error-page"));
         list.add(new WebAppContext(new File(base, "product-portal").toString(), "/product-portal"));
         list.add(new WebAppContext(new File(base, "session-portal").toString(), "/session-portal"));
         list.add(new WebAppContext(new File(base, "input-portal").toString(), "/input-portal"));
@@ -132,6 +133,15 @@ public class Jetty9Test {
     }
 
     /**
+     * KEYCLOAK-1368
+     * @throws Exception
+     */
+    @Test
+    public void testNullBearerTokenCustomErrorPage() throws Exception {
+        testStrategy.testNullBearerTokenCustomErrorPage();
+    }
+
+    /**
      * KEYCLOAK-518
      * @throws Exception
      */

testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/jetty-web.xml 29(+29 -0)

diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/jetty-web.xml b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/jetty-web.xml
new file mode 100755
index 0000000..1ec566d
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/jetty-web.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+    <Get name="securityHandler">
+        <Set name="authenticator">
+            <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+                <!--
+                <Set name="adapterConfig">
+                    <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+                        <Set name="realm">tomcat</Set>
+                        <Set name="resource">customer-portal</Set>
+                        <Set name="authServerUrl">http://localhost:8081/auth</Set>
+                        <Set name="sslRequired">external</Set>
+                        <Set name="credentials">
+                            <Map>
+                                <Entry>
+                                    <Item>secret</Item>
+                                    <Item>password</Item>
+                                </Entry>
+                            </Map>
+                        </Set>
+                        <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+                    </New>
+                </Set>
+                -->
+            </New>
+        </Set>
+    </Get>
+</Configure>
\ No newline at end of file

testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json 10(+10 -0)

diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json
new file mode 100755
index 0000000..38d1179
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+  "realm" : "demo",
+  "resource" : "customer-db",
+  "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+  "auth-server-url": "http://localhost:8081/auth",
+  "ssl-required" : "external",
+  "bearer-only" : true,
+  "enable-cors" : true
+
+}

testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml 59(+59 -0)

diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml
new file mode 100755
index 0000000..f44a60b
--- /dev/null
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+      version="3.0">
+
+	<module-name>adapter-test</module-name>
+
+    <servlet>
+        <servlet-name>Servlet</servlet-name>
+        <servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>Error Servlet</servlet-name>
+        <servlet-class>org.keycloak.testsuite.rule.ErrorServlet</servlet-class>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>Servlet</servlet-name>
+        <url-pattern>/*</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>Error Servlet</servlet-name>
+        <url-pattern>/error.html</url-pattern>
+    </servlet-mapping>
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Users</web-resource-name>
+            <url-pattern>/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>user</role-name>
+        </auth-constraint>
+    </security-constraint>
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Errors</web-resource-name>
+            <url-pattern>/error.html</url-pattern>
+        </web-resource-collection>
+    </security-constraint>
+
+    <login-config>
+        <auth-method>FORM</auth-method>
+        <realm-name>demo</realm-name>
+        <form-login-config>
+            <form-login-page>/error.html</form-login-page>
+            <form-error-page>/error.html</form-error-page>
+        </form-login-config>
+    </login-config>
+
+    <security-role>
+        <role-name>admin</role-name>
+    </security-role>
+    <security-role>
+        <role-name>user</role-name>
+    </security-role>
+</web-app>

testsuite/jetty/jetty92/src/test/resources/adapter-test/demorealm.json 1(+0 -1)

diff --git a/testsuite/jetty/jetty92/src/test/resources/adapter-test/demorealm.json b/testsuite/jetty/jetty92/src/test/resources/adapter-test/demorealm.json
index 9db9064..a21838e 100755
--- a/testsuite/jetty/jetty92/src/test/resources/adapter-test/demorealm.json
+++ b/testsuite/jetty/jetty92/src/test/resources/adapter-test/demorealm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

testsuite/proxy/src/test/resources/demorealm.json 1(+0 -1)

diff --git a/testsuite/proxy/src/test/resources/demorealm.json b/testsuite/proxy/src/test/resources/demorealm.json
index 5c83e0f..bb66dc8 100755
--- a/testsuite/proxy/src/test/resources/demorealm.json
+++ b/testsuite/proxy/src/test/resources/demorealm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatTest.java 10(+10 -0)

diff --git a/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatTest.java b/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatTest.java
index 5393b65..e28a2f6 100755
--- a/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatTest.java
+++ b/testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatTest.java
@@ -60,6 +60,7 @@ public class TomcatTest {
         System.setProperty("my.host.name", "localhost");
         tomcat.deploy("/customer-portal", "customer-portal");
         tomcat.deploy("/customer-db", "customer-db");
+        tomcat.deploy("/customer-db-error-page", "customer-db-error-page");
         tomcat.deploy("/product-portal", "product-portal");
         tomcat.deploy("/secure-portal", "secure-portal");
         tomcat.deploy("/session-portal", "session-portal");
@@ -120,6 +121,15 @@ public class TomcatTest {
     }
 
     /**
+     * KEYCLOAK-1368
+     * @throws Exception
+     */
+    @Test
+    public void testNullBearerTokenCustomErrorPage() throws Exception {
+        testStrategy.testNullBearerTokenCustomErrorPage();
+    }
+
+    /**
      * KEYCLOAK-518
      * @throws Exception
      */

testsuite/tomcat6/src/test/resources/adapter-test/customer-db-error-page/META-INF/context.xml 3(+3 -0)

diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/customer-db-error-page/META-INF/context.xml b/testsuite/tomcat6/src/test/resources/adapter-test/customer-db-error-page/META-INF/context.xml
new file mode 100755
index 0000000..5066a55
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/customer-db-error-page/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-db-error-page">
+    <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file

testsuite/tomcat6/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json 10(+10 -0)

diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json b/testsuite/tomcat6/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json
new file mode 100755
index 0000000..38d1179
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+  "realm" : "demo",
+  "resource" : "customer-db",
+  "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+  "auth-server-url": "http://localhost:8081/auth",
+  "ssl-required" : "external",
+  "bearer-only" : true,
+  "enable-cors" : true
+
+}

testsuite/tomcat6/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml 59(+59 -0)

diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml b/testsuite/tomcat6/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml
new file mode 100755
index 0000000..c2cef86
--- /dev/null
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+      version="3.0">
+
+	<module-name>adapter-test</module-name>
+
+    <servlet>
+        <servlet-name>Servlet</servlet-name>
+        <servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>Error Servlet</servlet-name>
+        <servlet-class>org.keycloak.testsuite.rule.ErrorServlet</servlet-class>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>Servlet</servlet-name>
+        <url-pattern>/*</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>Error Servlet</servlet-name>
+        <url-pattern>/error.html</url-pattern>
+    </servlet-mapping>
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Users</web-resource-name>
+            <url-pattern>/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>user</role-name>
+        </auth-constraint>
+    </security-constraint>
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Errors</web-resource-name>
+            <url-pattern>/error.html</url-pattern>
+        </web-resource-collection>
+    </security-constraint>
+
+    <login-config>
+        <auth-method>BASIC</auth-method>
+        <realm-name>demo</realm-name>
+        <form-login-config>
+            <form-login-page>/error.html</form-login-page>
+            <form-error-page>/error.html</form-error-page>
+        </form-login-config>
+    </login-config>
+
+    <security-role>
+        <role-name>admin</role-name>
+    </security-role>
+    <security-role>
+        <role-name>user</role-name>
+    </security-role>
+</web-app>

testsuite/tomcat6/src/test/resources/adapter-test/demorealm.json 1(+0 -1)

diff --git a/testsuite/tomcat6/src/test/resources/adapter-test/demorealm.json b/testsuite/tomcat6/src/test/resources/adapter-test/demorealm.json
index 9db9064..a21838e 100755
--- a/testsuite/tomcat6/src/test/resources/adapter-test/demorealm.json
+++ b/testsuite/tomcat6/src/test/resources/adapter-test/demorealm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

testsuite/tomcat7/src/test/java/org/keycloak/testsuite/Tomcat7Test.java 11(+11 -0)

diff --git a/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/Tomcat7Test.java b/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/Tomcat7Test.java
index 3f20d16..b67c2fc 100755
--- a/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/Tomcat7Test.java
+++ b/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/Tomcat7Test.java
@@ -65,6 +65,7 @@ public class Tomcat7Test {
         File base = new File(dir.getFile()).getParentFile();
         tomcat.addWebapp("/customer-portal", new File(base, "customer-portal").toString());
         tomcat.addWebapp("/customer-db", new File(base, "customer-db").toString());
+        tomcat.addWebapp("/customer-db-error-page", new File(base, "customer-db-error-page").toString());
         tomcat.addWebapp("/product-portal", new File(base, "product-portal").toString());
         tomcat.addWebapp("/secure-portal", new File(base, "secure-portal").toString());
         tomcat.addWebapp("/session-portal", new File(base, "session-portal").toString());
@@ -125,6 +126,16 @@ public class Tomcat7Test {
     }
 
     /**
+     * KEYCLOAK-1368
+     * @throws Exception
+     */
+    @Test
+    public void testNullBearerTokenCustomErrorPage() throws Exception {
+        testStrategy.testNullBearerTokenCustomErrorPage();
+    }
+
+
+    /**
      * KEYCLOAK-518
      * @throws Exception
      */

testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/META-INF/context.xml 3(+3 -0)

diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/META-INF/context.xml b/testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/META-INF/context.xml
new file mode 100755
index 0000000..5066a55
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-db-error-page">
+    <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file

testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json 10(+10 -0)

diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json b/testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json
new file mode 100755
index 0000000..38d1179
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+  "realm" : "demo",
+  "resource" : "customer-db",
+  "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+  "auth-server-url": "http://localhost:8081/auth",
+  "ssl-required" : "external",
+  "bearer-only" : true,
+  "enable-cors" : true
+
+}

testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml 59(+59 -0)

diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml b/testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml
new file mode 100755
index 0000000..c2cef86
--- /dev/null
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+      version="3.0">
+
+	<module-name>adapter-test</module-name>
+
+    <servlet>
+        <servlet-name>Servlet</servlet-name>
+        <servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>Error Servlet</servlet-name>
+        <servlet-class>org.keycloak.testsuite.rule.ErrorServlet</servlet-class>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>Servlet</servlet-name>
+        <url-pattern>/*</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>Error Servlet</servlet-name>
+        <url-pattern>/error.html</url-pattern>
+    </servlet-mapping>
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Users</web-resource-name>
+            <url-pattern>/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>user</role-name>
+        </auth-constraint>
+    </security-constraint>
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Errors</web-resource-name>
+            <url-pattern>/error.html</url-pattern>
+        </web-resource-collection>
+    </security-constraint>
+
+    <login-config>
+        <auth-method>BASIC</auth-method>
+        <realm-name>demo</realm-name>
+        <form-login-config>
+            <form-login-page>/error.html</form-login-page>
+            <form-error-page>/error.html</form-error-page>
+        </form-login-config>
+    </login-config>
+
+    <security-role>
+        <role-name>admin</role-name>
+    </security-role>
+    <security-role>
+        <role-name>user</role-name>
+    </security-role>
+</web-app>

testsuite/tomcat7/src/test/resources/adapter-test/demorealm.json 1(+0 -1)

diff --git a/testsuite/tomcat7/src/test/resources/adapter-test/demorealm.json b/testsuite/tomcat7/src/test/resources/adapter-test/demorealm.json
index 9db9064..a21838e 100755
--- a/testsuite/tomcat7/src/test/resources/adapter-test/demorealm.json
+++ b/testsuite/tomcat7/src/test/resources/adapter-test/demorealm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

testsuite/tomcat8/src/test/java/org/keycloak/testsuite/TomcatTest.java 10(+10 -0)

diff --git a/testsuite/tomcat8/src/test/java/org/keycloak/testsuite/TomcatTest.java b/testsuite/tomcat8/src/test/java/org/keycloak/testsuite/TomcatTest.java
index 8c1372a..0168f04 100755
--- a/testsuite/tomcat8/src/test/java/org/keycloak/testsuite/TomcatTest.java
+++ b/testsuite/tomcat8/src/test/java/org/keycloak/testsuite/TomcatTest.java
@@ -64,6 +64,7 @@ public class TomcatTest {
         File base = new File(dir.getFile()).getParentFile();
         tomcat.addWebapp("/customer-portal", new File(base, "customer-portal").toString());
         tomcat.addWebapp("/customer-db", new File(base, "customer-db").toString());
+        tomcat.addWebapp("/customer-db-error-page", new File(base, "customer-db-error-page").toString());
         tomcat.addWebapp("/product-portal", new File(base, "product-portal").toString());
         tomcat.addWebapp("/secure-portal", new File(base, "secure-portal").toString());
         tomcat.addWebapp("/session-portal", new File(base, "session-portal").toString());
@@ -125,6 +126,15 @@ public class TomcatTest {
     }
 
     /**
+     * KEYCLOAK-1368
+     * @throws Exception
+     */
+    @Test
+    public void testNullBearerTokenCustomErrorPage() throws Exception {
+        testStrategy.testNullBearerTokenCustomErrorPage();
+    }
+
+    /**
      * KEYCLOAK-518
      * @throws Exception
      */

testsuite/tomcat8/src/test/resources/adapter-test/customer-db-error-page/META-INF/context.xml 3(+3 -0)

diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/customer-db-error-page/META-INF/context.xml b/testsuite/tomcat8/src/test/resources/adapter-test/customer-db-error-page/META-INF/context.xml
new file mode 100755
index 0000000..5066a55
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/customer-db-error-page/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context path="/customer-db-error-page">
+    <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file

testsuite/tomcat8/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json 10(+10 -0)

diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json b/testsuite/tomcat8/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json
new file mode 100755
index 0000000..38d1179
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json
@@ -0,0 +1,10 @@
+{
+  "realm" : "demo",
+  "resource" : "customer-db",
+  "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+  "auth-server-url": "http://localhost:8081/auth",
+  "ssl-required" : "external",
+  "bearer-only" : true,
+  "enable-cors" : true
+
+}

testsuite/tomcat8/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml 59(+59 -0)

diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml b/testsuite/tomcat8/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml
new file mode 100755
index 0000000..c2cef86
--- /dev/null
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+      version="3.0">
+
+	<module-name>adapter-test</module-name>
+
+    <servlet>
+        <servlet-name>Servlet</servlet-name>
+        <servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
+    </servlet>
+    <servlet>
+        <servlet-name>Error Servlet</servlet-name>
+        <servlet-class>org.keycloak.testsuite.rule.ErrorServlet</servlet-class>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>Servlet</servlet-name>
+        <url-pattern>/*</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>Error Servlet</servlet-name>
+        <url-pattern>/error.html</url-pattern>
+    </servlet-mapping>
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Users</web-resource-name>
+            <url-pattern>/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>user</role-name>
+        </auth-constraint>
+    </security-constraint>
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Errors</web-resource-name>
+            <url-pattern>/error.html</url-pattern>
+        </web-resource-collection>
+    </security-constraint>
+
+    <login-config>
+        <auth-method>BASIC</auth-method>
+        <realm-name>demo</realm-name>
+        <form-login-config>
+            <form-login-page>/error.html</form-login-page>
+            <form-error-page>/error.html</form-error-page>
+        </form-login-config>
+    </login-config>
+
+    <security-role>
+        <role-name>admin</role-name>
+    </security-role>
+    <security-role>
+        <role-name>user</role-name>
+    </security-role>
+</web-app>

testsuite/tomcat8/src/test/resources/adapter-test/demorealm.json 1(+0 -1)

diff --git a/testsuite/tomcat8/src/test/resources/adapter-test/demorealm.json b/testsuite/tomcat8/src/test/resources/adapter-test/demorealm.json
index 9db9064..a21838e 100755
--- a/testsuite/tomcat8/src/test/resources/adapter-test/demorealm.json
+++ b/testsuite/tomcat8/src/test/resources/adapter-test/demorealm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

testsuite/tomcat8/src/test/resources/tomcat-test/demorealm.json 1(+0 -1)

diff --git a/testsuite/tomcat8/src/test/resources/tomcat-test/demorealm.json b/testsuite/tomcat8/src/test/resources/tomcat-test/demorealm.json
index ee13db5..0efd923 100755
--- a/testsuite/tomcat8/src/test/resources/tomcat-test/demorealm.json
+++ b/testsuite/tomcat8/src/test/resources/tomcat-test/demorealm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 6000,
     "sslRequired": "external",
     "registrationAllowed": false,
-    "passwordCredentialGrantAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
     "requiredCredentials": [ "password" ],

timer/api/src/main/java/org/keycloak/timer/TimerSpi.java 2(+1 -1)

diff --git a/timer/api/src/main/java/org/keycloak/timer/TimerSpi.java b/timer/api/src/main/java/org/keycloak/timer/TimerSpi.java
index ac92339..eb70763 100644
--- a/timer/api/src/main/java/org/keycloak/timer/TimerSpi.java
+++ b/timer/api/src/main/java/org/keycloak/timer/TimerSpi.java
@@ -10,7 +10,7 @@ import org.keycloak.provider.Spi;
 public class TimerSpi implements Spi {
 
     @Override
-    public boolean isPrivate() {
+    public boolean isInternal() {
         return true;
     }