Private/Import-ADFSTkAllTransformRules.ps1

function Import-ADFSTkAllTransformRules
{
   

    $TransformRules = @{}
 #region Static values from config
    $TransformRules.o = [PSCustomObject]@{
    Rule=@"
    @RuleName = "Send static [o]"
    => issue(type = "urn:oid:2.5.4.10",
    value = "$($Settings.configuration.StaticValues.o)",
    Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
"@

    Attribute=""
    AttributeGroup="Static attributes"
    }

    $TransformRules.norEduOrgAcronym = [PSCustomObject]@{
    Rule=@"
    @RuleName = "Send static [norEduOrgAcronym]"
    => issue(type = "urn:oid:1.3.6.1.4.1.2428.90.1.6",
    value = "$($Settings.configuration.StaticValues.norEduOrgAcronym)",
    Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
"@

    Attribute=""
    AttributeGroup="Static attributes"
    }

    $TransformRules.c = [PSCustomObject]@{
    Rule=@"
    @RuleName = "Send static [c]"
    => issue(type = "urn:oid:2.5.4.6",
    value = "$($Settings.configuration.StaticValues.c)",
    Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
"@

    Attribute=""
    AttributeGroup="Static attributes"
    }

    $TransformRules.co = [PSCustomObject]@{
    Rule=@"
    @RuleName = "Send static [co]"
    => issue(type = "urn:oid:0.9.2342.19200300.100.1.43",
    value = "$($Settings.configuration.StaticValues.co)",
    Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
"@

    Attribute=""
    AttributeGroup="Static attributes"
    }

    $TransformRules.schacHomeOrganization = [PSCustomObject]@{
    Rule=@"
    @RuleName = "Send static [schacHomeOrganization]"
    => issue(type = "urn:oid:1.3.6.1.4.1.25178.1.2.9",
    value = "$($Settings.configuration.StaticValues.schacHomeOrganization)",
    Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
"@

    Attribute=""
    AttributeGroup="Static attributes"
    }

    $TransformRules.schacHomeOrganizationType = [PSCustomObject]@{
    Rule=@"
    @RuleName = "Send static [schacHomeOrganizationType]"
    => issue(type = "urn:oid:1.3.6.1.4.1.25178.1.2.10",
    value = "$($Settings.configuration.StaticValues.schacHomeOrganizationType)",
    Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
"@

    Attribute=""
    AttributeGroup="Static attributes"
    }
    #endregion

    #region ID's
# $TransformRules."transient-id" = [PSCustomObject]@{
# Rule=@"
# @RuleName = "synthesize transient-id"
# c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"]
# &&
# c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"]
# => add(store = "_OpaqueIdStore",
# types = ("http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/internal/tpid"),
# query = "{0};{1};{2};{3};{4}",
# param = "useEntropy",
# param = "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/adfs/services/trust![ReplaceWithSPNameQualifier]!" + c1.Value,
# param = c1.OriginalIssuer,
# param = "",
# param = c2.Value);
#
# @RuleName = "issue transient-id"
# c:[Type == "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/internal/tpid"]
# => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
# Value = c.Value,
# Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
# Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "[ReplaceWithSPNameQualifier]",
# Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier"] = "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/adfs/services/trust");
#"@
# Attribute=""
# AttributeGroup="ID's"
# }

#New way to release nameID
$TransformRules."transient-id" = [PSCustomObject]@{
    Rule=@"
    @RuleName = "synthesize transient-id"
    c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"] &&
    c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"]
    => add(
            store = "_OpaqueIdStore",
            types = ("urn:adfstk:transientid"),
            query = "{0};{1};{2};{3};{4}",
            param = "useEntropy",
            param = c1.Value,
            param = c1.OriginalIssuer,
            param = "",
            param = regexreplace(c2.Value, "(?<start>^.{1,20}).+$", "${start}")+".000Z");
             
    @RuleName = "issue transient-id"
    c:[Type == "urn:adfstk:transientid"]
    => issue(
            Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
            Value = c.Value,
            Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
            Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "[ReplaceWithSPNameQualifier]",
            Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier"] = "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/adfs/services/trust");
"@

    Attribute=""
    AttributeGroup="ID's"
    }

 $TransformRules."persistent-id" = [PSCustomObject]@{
    Rule=@"
    @RuleName = "synthesize persistent-id"
    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"]
    => add(
            store = "_OpaqueIdStore",
            types = ("urn:adfstk:persistentid"),
            query = "{0};{1};{2}",
            param = "ppid",
            param = c.Value,
            param = c.OriginalIssuer);
 
    @RuleName = "issue persistent-id"
    c:[Type == "urn:adfstk:persistentid"]
    => issue(
            Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
            Issuer = c.Issuer,
            OriginalIssuer = c.OriginalIssuer,
            Value = c.Value,
            ValueType = c.ValueType,
            Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
            Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "[ReplaceWithSPNameQualifier]",
            Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier"] = "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)");
"@

    Attribute=""
    AttributeGroup="ID's"
    }
   
   # eduPersonPrincipalName
   # Calculated based off an ADFSTk configuration rule keyed to ADFSTkExtractSubjectUniqueId, default to the Claim 'upn'
   #
   # Origin Claim will have only the left hand side being everything prior to the first @ sign
   # Rest of the string will be surpressed and then it is re-assembled with our SAML2 scope.
   #
   

    $TransformRules.eduPersonPrincipalName = [PSCustomObject]@{
    Rule=@"
    @RuleName = "compose eduPersonPrincipalName"
    c:[Type == "$(($Settings.configuration.transformRules.rule | ? name -eq "ADFSTkExtractSubjectUniqueId").originClaim )" ]
     => issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
     Value = RegexReplace(c.Value, "@.*$", "") +"@$($Settings.configuration.StaticValues.schacHomeOrganization)",
     Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
"@

    Attribute="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
    AttributeGroup="ID's"
    }

# $TransformRules.eduPersonTargetedID = [PSCustomObject]@{
# Rule=@"
# @RuleName = "compose eduPersonTargetedID"
# c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
# Value !~ "^.+\\"]
# => issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.10",
# Value = c.Value,
# Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
# "@
# Attribute="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
# AttributeGroup="ID's"
# }

    $TransformRules.eduPersonTargetedID = [PSCustomObject]@{
        Rule=@"
        @RuleName = "synthesize eduPersonTargetedID"
        c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"]
        => add(
                store = "_OpaqueIdStore",
                types = ("urn:adfstk:edupersontargetedid"),
                query = "{0};{1};{2}",
                param = "ppid",
                param = c.Value,
                param = c.OriginalIssuer);
     
        @RuleName = "issue eduPersonTargetedID"
        c:[Type == "urn:adfstk:edupersontargetedid"]
        => issue(
                Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
                Issuer = c.Issuer,
                OriginalIssuer = c.OriginalIssuer,
                Value = c.Value,
                ValueType = c.ValueType,
                Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
                Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "[ReplaceWithSPNameQualifier]",
                Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier"] = "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)");
"@

        Attribute=""
        AttributeGroup="ID's"
        }

    $TransformRules.eduPersonUniqueID = [PSCustomObject]@{
    Rule=@"
    @RuleName = "compose eduPersonUniqueID"
    c:[Type == "urn:mace:dir:attribute-def:eduPersonUniqueID"]
     => issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.13",
     Value = RegExReplace(c.Value, "-", "") + "@$($Settings.configuration.StaticValues.schacHomeOrganization)",
     Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
"@

    Attribute="urn:mace:dir:attribute-def:eduPersonUniqueID"
    AttributeGroup="ID's"
    }

 $TransformRules["LoginName"] = [PSCustomObject]@{
    Rule=@"
 
    @RuleName = "Transform LoginName"
    c:[Type == "http://schemas.xmlsoap.org/claims/samaccountname"]
     => issue(Type = "LOGINNAME",
     Value = c.Value,
     Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:assertion");
"@


    Attribute="http://schemas.xmlsoap.org/claims/samaccountname"
    AttributeGroup="ID's"
    }

    $TransformRules.schacPersonalUniqueCode = Get-ADFSTkTransformRule -Type "urn:schac:personalUniqueCode" `
                                           -Oid "urn:oid:1.3.6.1.4.1.25178.1.2.14" `
                                           -AttributeName schacPersonalUniqueCode `
                                           -AttributeGroup "ID's"

    $TransformRules.pairwiseID = Get-ADFSTkTransformRule -Type "urn:oasis:names:tc:SAML:attribute:pairwise-id" `
                                           -Oid "urn:oasis:names:tc:SAML:attribute:pairwise-id" `
                                           -AttributeName pairwiseID `
                                           -AttributeGroup "ID's"

    $TransformRules.subjectID = Get-ADFSTkTransformRule -Type "urn:oasis:names:tc:SAML:attribute:subject-id" `
                                           -Oid "urn:oasis:names:tc:SAML:attribute:subject-id" `
                                           -AttributeName subjectID `
                                           -AttributeGroup "ID's"

    #endregion
    #region Personal attributes
    $TransformRules.givenName = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" `
                                           -Oid "urn:oid:2.5.4.42" `
                                           -AttributeName givenName `
                                           -AttributeGroup "Personal attributes"

    $TransformRules.sn = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" `
                                           -Oid "urn:oid:2.5.4.4" `
                                           -AttributeName sn `
                                           -AttributeGroup "Personal attributes"

    $TransformRules.displayName = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname" `
                                           -Oid "urn:oid:2.16.840.1.113730.3.1.241" `
                                           -AttributeName displayName `
                                           -AttributeGroup "Personal attributes"
                                           
    $TransformRules.cn = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/claims/CommonName" `
                                           -Oid "urn:oid:2.5.4.3" `
                                           -AttributeName cn `
                                           -AttributeGroup "Personal attributes"
    
# $TransformRules.cn = [PSCustomObject]@{
# Rule=@"
#
# @RuleName = "Transform CommonName"
# c1:[Type == "http://schemas.xmlsoap.org/claims/CommonName"] &&
# c2:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"] &&
# c3:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"] &&
# => issue(Type = "urn:oid:2.5.4.3",
# Value = c2.Value + " " + c3.Value,
# Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
#"@
#
# Attribute=@("givenName","sn")
# AttributeGroup="Personal attributes"
# }

    $TransformRules.mail = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" `
                                             -Oid "urn:oid:0.9.2342.19200300.100.1.3" `
                                             -AttributeName mail `
                                             -AttributeGroup "Personal attributes"

    $TransformRules.mailLocalAddress = Get-ADFSTkTransformRule -Type "mailLocalAddress" `
                                             -Oid "urn:oid:2.16.840.1.113730.3.1.13" `
                                             -AttributeName mailLocalAddress `
                                             -AttributeGroup "Personal attributes"

    $TransformRules.personalIdentityNumber = [PSCustomObject]@{
        Rule=@"
 
        @RuleName = "Transform personalIdentityNumber"
        c:[Type == "urn:mace:dir:attribute-def:personalIdentityNumber", value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))[0-9]{4}$"]
        => issue(Type = "urn:oid:1.2.752.29.4.13", Value = c.Value,
                 Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
"@


        Attribute="urn:mace:dir:attribute-def:personalIdentityNumber"
        AttributeGroup="Personal attributes"
    }

# $TransformRules.schacDateOfBirth = [PSCustomObject]@{
# Rule=@'
#
# @RuleName = "Transform schacDateOfBirth"
# c:[Type == "urn:mace:dir:attribute-def:schacDateOfBirth",
# value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))[0-9]{4}$"]
# => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3",
# Value = regexReplace (c.Value, "(?<start>^.{1,8}).+$", "${start}"),
# Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
#'@
#
# Attribute="urn:mace:dir:attribute-def:schacDateOfBirth"
# AttributeGroup="Personal attributes"
# }


    $TransformRules.schacDateOfBirth = [PSCustomObject]@{
        Rule=@'
 
        @RuleName = "Compose schacDateOfBirth start"
        c:[Type == "urn:mace:dir:attribute-def:schacDateOfBirth", Value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))([A-Z0-9]{1}[0-9]{3}){0,1}$"]
         => add(Type = "urn:adfstk:schackdateofbirth:start", Value = regexReplace(c.Value, "(?<start>^.{6}).+$", "${start}"));
         
        @RuleName = "Compose schacDateOfBirth middle"
        c:[Type == "urn:mace:dir:attribute-def:schacDateOfBirth", Value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))([A-Z0-9]{1}[0-9]{3}){0,1}$"]
         => add(Type = "urn:adfstk:schackdateofbirth:middle", Value = regexReplace(c.Value, "^.{6}(?<middle>\d{1}).+$", "${middle}"));
         
        @RuleName = "Compose schacDateOfBirth end"
        c:[Type == "urn:mace:dir:attribute-def:schacDateOfBirth", Value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))([A-Z0-9]{1}[0-9]{3}){0,1}$"]
         => add(Type = "urn:adfstk:schackdateofbirth:end", Value = regexReplace(c.Value, "^.{7}(?<end>\d{1}).+$", "${end}"));
         
        @RuleName = "Transform schacDateOfBirth 6x->0x"
        c1:[Type == "urn:adfstk:schackdateofbirth:start"]
         && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value == "6"]
         && c3:[Type == "urn:adfstk:schackdateofbirth:end"]
         => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + "0" + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
         
        @RuleName = "Transform schacDateOfBirth 7x->1x"
        c1:[Type == "urn:adfstk:schackdateofbirth:start"]
         && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value == "7"]
         && c3:[Type == "urn:adfstk:schackdateofbirth:end"]
         => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + "1" + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
         
        @RuleName = "Transform schacDateOfBirth 8x->2x"
        c1:[Type == "urn:adfstk:schackdateofbirth:start"]
         && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value == "8"]
         && c3:[Type == "urn:adfstk:schackdateofbirth:end"]
         => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + "2" + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
         
        @RuleName = "Transform schacDateOfBirth 9x->3x"
        c1:[Type == "urn:adfstk:schackdateofbirth:start"]
         && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value == "9"]
         && c3:[Type == "urn:adfstk:schackdateofbirth:end"]
         => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + "3" + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
         
        @RuleName = "Transform schacDateOfBirth <=3x"
        c1:[Type == "urn:adfstk:schackdateofbirth:start"]
         && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value =~ "[0-3]"]
         && c3:[Type == "urn:adfstk:schackdateofbirth:end"]
         => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + c2.Value + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
         
'@


        Attribute="urn:mace:dir:attribute-def:schacDateOfBirth"
        AttributeGroup="Personal attributes"
    }

    #endregion

 #region eduPerson Attributes

    $TransformRules.eduPersonScopedAffiliation = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonScopedAffiliation" `
                                                        -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.9" `
                                                        -AttributeName eduPersonScopedAffiliation `
                                                        -AttributeGroup "eduPerson attributes"

    $TransformRules.eduPersonAffiliation = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonAffiliation" `
                                                        -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.1" `
                                                        -AttributeName eduPersonAffiliation `
                                                        -AttributeGroup "eduPerson attributes"

    $TransformRules.eduPersonPrimaryAffiliation = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" `
                                                        -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.5" `
                                                        -AttributeName eduPersonPrimaryAffiliation `
                                                        -AttributeGroup "eduPerson attributes"

    $TransformRules.norEduPersonLIN = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:norEduPersonLIN" `
                                                        -Oid "urn:oid:1.3.6.1.4.1.2428.90.1.4" `
                                                        -AttributeName norEduPersonLIN `
                                                        -AttributeGroup "norEduPerson attributes"

    $TransformRules.norEduPersonNIN = [PSCustomObject]@{
        Rule=@"
 
        @RuleName = "Transform norEduPersonNIN"
        c:[Type == "urn:mace:dir:attribute-def:norEduPersonNIN",
           value =~ "^(18|19|20)[0-9]{2}((0[1-9])|(10|11|12))(((0[1-9])|([1-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))(([PTRSUWXJKLMN]{1}[0-9]{3})|([0-9]{4}))$"]
        => issue(Type = "urn:oid:1.3.6.1.4.1.2428.90.1.5",
                 Value = c.Value,
                 Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
"@


        Attribute="urn:mace:dir:attribute-def:norEduPersonNIN"
        AttributeGroup="eduPerson attributes"
    }

    $TransformRules.eduPersonEntitlement = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonEntitlement" `
                                                             -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.7" `
                                                             -AttributeName eduPersonEntitlement `
                                                             -AttributeGroup "eduPerson attributes"

    $TransformRules.eduPersonAssurance = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonAssurance" `
                                                           -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.11" `
                                                           -AttributeName eduPersonAssurance `
                                                           -AttributeGroup "eduPerson attributes"

    $TransformRules.eduPersonOrcid = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonOrcid" `
                                                  -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.16" `
                                                  -AttributeName eduPersonOrcid `
                                                  -AttributeGroup "norEduPerson attributes"

    $TransformRules.eduPersonOrgDN = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonOrgDN" `
                                                  -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.3" `
                                                  -AttributeName eduPersonOrgDN `
                                                  -AttributeGroup "eduPerson attributes"
                                                  

    #endregion

    #region Load local institution transform rules if they exists
    if (Test-Path $Global:ADFSTkPaths.institutionLocalTransformRulesFile) {
        Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesFoundFile)
        try {
            Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesFile)
            . $Global:ADFSTkPaths.institutionLocalTransformRulesFile
    
            if (Test-Path function:Get-ADFSTkLocalTransformRules) {
                $localTransformRules = Get-ADFSTkLocalTransformRules
                Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesFound -f $localTransformRules.Count)
    
                foreach ($transformRule in $localTransformRules.Keys) {
                    #Add or replace the standard Entoty Category with the federation one
                    if ($TransformRules.ContainsKey($transformRule)) {
                        Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesOverwrite -f $transformRule)
                    }
                    else {
                        Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesAdd -f $transformRule)
                    }
    
                    $TransformRules.$transformRule = $localTransformRules.$transformRule
                }
            }
            else {
                Write-ADFSTkLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesLoadFail) -EntryType Error
            }
        }
        catch {
            Write-ADFSTkLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesLoadFail) -EntryType Error
        }
    }
    else {
        Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesFileNotFound)
    }
    #endregion


    $TransformRules
}

# SIG # Begin signature block
# MIItXwYJKoZIhvcNAQcCoIItUDCCLUwCAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDNu7D0EcJuhira
# TxoIS5PPuu3hSonkaWHAgvxzq12m5KCCJmgwggWNMIIEdaADAgECAhAOmxiO+dAt
# 5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNV
# BAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4MDEwMDAwMDBa
# Fw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy
# dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD
# ZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
# ggIBAL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3E
# MB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKy
# unWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsF
# xl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU1
# 5zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB
# MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObUR
# WBf3JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6
# nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxB
# YKqxYxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5S
# UUd0viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+x
# q4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjggE6MIIB
# NjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTs1+OC0nFdZEzfLmc/57qYrhwP
# TzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAOBgNVHQ8BAf8EBAMC
# AYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
# Y2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv
# bS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0
# aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENB
# LmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggEBAHCgv0Nc
# Vec4X6CjdBs9thbX979XB72arKGHLOyFXqkauyL4hxppVCLtpIh3bb0aFPQTSnov
# Lbc47/T/gLn4offyct4kvFIDyE7QKt76LVbP+fT3rDB6mouyXtTP0UNEm0Mh65Zy
# oUi0mcudT6cGAxN3J0TU53/oWajwvy8LpunyNDzs9wPHh6jSTEAZNUZqaVSwuKFW
# juyk1T3osdz9HNj0d1pcVIxv76FQPfx2CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPF
# mCLBsln1VWvPJ6tsds5vIy30fnFqI2si/xK4VC0nftg62fC2h5b9W9FcrBjDTZ9z
# twGpn1eqXijiuZQwggXfMIIEx6ADAgECAhBOQOQ3VO3mjAAAAABR05R/MA0GCSqG
# SIb3DQEBCwUAMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5j
# LjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcG
# A1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVz
# ZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRo
# b3JpdHkgLSBHMjAeFw0yMTA1MDcxNTQzNDVaFw0zMDExMDcxNjEzNDVaMGkxCzAJ
# BgNVBAYTAlVTMRYwFAYDVQQKDA1FbnRydXN0LCBJbmMuMUIwQAYDVQQDDDlFbnRy
# dXN0IENvZGUgU2lnbmluZyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g
# Q1NCUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCngY/3FEW2YkPy
# 2K7TJV5IT1G/xX2fUBw10dZ+YSqUGW0nRqSmGl33VFFqgCLGqGZ1TVSDyV5oG6v2
# W2Swra0gvVTvRmttAudFrnX2joq5Mi6LuHccUk15iF+lOhjJUCyXJy2/2gB9Y3/v
# MuxGh2Pbmp/DWiE2e/mb1cqgbnIs/OHxnnBNCFYVb5Cr+0i6udfBgniFZS5/tcnA
# 4hS3NxFBBuKK4Kj25X62eAUBw2DtTwdBLgoTSeOQm3/dvfqsv2RR0VybtPVc51z/
# O5uloBrXfQmywrf/bhy8yH3m6Sv8crMU6UpVEoScRCV1HfYq8E+lID1oJethl3wP
# 5bY9867DwRG8G47M4EcwXkIAhnHjWKwGymUfe5SmS1dnDH5erXhnW1XjXuvH2OxM
# bobL89z4n4eqclgSD32m+PhCOTs8LOQyTUmM4OEAwjignPqEPkHcblauxhpb9Gdo
# BQHNG7+uh7ydU/Yu6LZr5JnexU+HWKjSZR7IH9Vybu5ZHFc7CXKd18q3kMbNe0WS
# kUIDTH0/yvKquMIOhvMQn0YupGaGaFpoGHApOBGAYGuKQ6NzbOOzazf/5p1nAZKG
# 3y9I0ftQYNVc/iHTAUJj/u9wtBfAj6ju08FLXxLq/f0uDodEYOOp9MIYo+P9zgyE
# Ig3zp3jak/PbOM+5LzPG/wc8Xr5F0wIDAQABo4IBKzCCAScwDgYDVR0PAQH/BAQD
# AgGGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0lBBYwFAYIKwYBBQUHAwMGCCsG
# AQUFBwMIMDsGA1UdIAQ0MDIwMAYEVR0gADAoMCYGCCsGAQUFBwIBFhpodHRwOi8v
# d3d3LmVudHJ1c3QubmV0L3JwYTAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGG
# F2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6
# Ly9jcmwuZW50cnVzdC5uZXQvZzJjYS5jcmwwHQYDVR0OBBYEFIK61j2Xzp/PceiS
# N6/9s7VpNVfPMB8GA1UdIwQYMBaAFGpyJnrQHu995ztpUdRsjZ+QEmarMA0GCSqG
# SIb3DQEBCwUAA4IBAQAfXkEEtoNwJFMsVXMdZTrA7LR7BJheWTgTCaRZlEJeUL9P
# bG4lIJCTWEAN9Rm0Yu4kXsIBWBUCHRAJb6jU+5J+Nzg+LxR9jx1DNmSzZhNfFMyl
# cfdbIUvGl77clfxwfREc0yHd0CQ5KcX+Chqlz3t57jpv3ty/6RHdFoMI0yyNf02o
# FHkvBWFSOOtg8xRofcuyiq3AlFzkJg4sit1Gw87kVlHFVuOFuE2bRXKLB/GK+0m4
# X9HyloFdaVIk8Qgj0tYjD+uL136LwZNr+vFie1jpUJuXbheIDeHGQ5jXgWG2hZ1H
# 7LGerj8gO0Od2KIc4NR8CMKvdgb4YmZ6tvf6yK81MIIGgzCCBGugAwIBAgIQNa+3
# e500H2r8j4RGqzE1KzANBgkqhkiG9w0BAQ0FADBpMQswCQYDVQQGEwJVUzEWMBQG
# A1UECgwNRW50cnVzdCwgSW5jLjFCMEAGA1UEAww5RW50cnVzdCBDb2RlIFNpZ25p
# bmcgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIENTQlIxMB4XDTIxMDUw
# NzE5MTk1MloXDTQwMTIyOTIzNTkwMFowYzELMAkGA1UEBhMCVVMxFjAUBgNVBAoT
# DUVudHJ1c3QsIEluYy4xPDA6BgNVBAMTM0VudHJ1c3QgRXh0ZW5kZWQgVmFsaWRh
# dGlvbiBDb2RlIFNpZ25pbmcgQ0EgLSBFVkNTMjCCAiIwDQYJKoZIhvcNAQEBBQAD
# ggIPADCCAgoCggIBAL69pznJpX3sXWXx9Cuph9DnrRrFGjsYzuGhUY1y+s5YH1y4
# JEIPRtUxl9BKTeObMMm6l6ic/kU2zyeA53u4bsEkt9+ndNyF8qMkWEXMlJQ7AuvE
# jXxG9VxmguOkwdMfrG4MUyMO1Dr62kLxg1RfNTJW8rV4m1cASB6pYWEnDnMDQ7bW
# cJL71IWaMMaz5ppeS+8dKthmqxZG/wvYD6aJSgJRV0E8QThOl8dRMm1njmahXk2f
# NSKv1Wq3f0BfaDXMafrxBfDqhabqMoXLwcHKg2lFSQbcCWy6SWUZjPm3NyeMZJ41
# 4+Xs5wegnahyvG+FOiymFk49nM8I5oL1RH0owL2JrWwv3C94eRHXHHBL3Z0ITF4u
# +o29p91j9n/wUjGEbjrY2VyFRJ5jBmnQhlh4iZuHu1gcpChsxv5pCpwerBFgal7J
# aWUu7UMtafF4tzstNfKqT+If4wFvkEaq1agNBFegtKzjbb2dGyiAJ0bH2qpnlfHR
# h3vHyCXphAyPiTbSvjPhhcAz1aA8GYuvOPLlk4C/xsOre5PEPZ257kV2wNRobzBe
# PLQ2+ddFQuASBoDbpSH85wV6KI20jmB798i1SkesFGaXoFppcjFXa1OEzWG6cwcV
# cDt7AfynP4wtPYeM+wjX5S8Xg36Cq08J8inhflV3ZZQFHVnUCt2TfuMUXeK7AgMB
# AAGjggErMIIBJzASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTOiU+CUaoV
# ooRiyjEjYdJh+/j+eDAfBgNVHSMEGDAWgBSCutY9l86fz3Hokjev/bO1aTVXzzAz
# BggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3Qu
# bmV0MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvY3Ni
# cjEuY3JsMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEFBQcDAzBEBgNV
# HSAEPTA7MDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0
# Lm5ldC9ycGEwBwYFZ4EMAQMwDQYJKoZIhvcNAQENBQADggIBAD4AVLgq849mr2EW
# xFiTZPRBi2RVjRs1M6GbkdirRsqrX7y+fnDk0tcHqJYH14bRVwoI0NB4Tfgq37IE
# 85rh13zwwQB6wUCh34qMt8u0HQFh8piapt24gwXKqSwW3JwtDv6nl+RQqZeVwUsq
# jFHjxALga3w1TVO8S5QTi1MYFl6mCqe4NMFssess5DF9DCzGfOGkVugtdtWyE3Xq
# gwCuAHfGb6k97mMUgVAW/FtPEhkOWw+N6kvOBkyJS64gzI5HpnXWZe4vMOhdNI8f
# gk1cQqbyFExQIJwJonQkXDnYiTKFPK+M5Wqe5gQ6pRP/qh3NR0suAgW0ao/rhU+B
# 7wrbfZ8pj6XCP1I4UkGVO7w+W1QwQiMJY95QjYk1RfqruA+Poq17ehGT8Y8ohHto
# eUdq6GQpTR/0HS9tHsiUhjzTWpl6a3yrNfcrOUtPuT8Wku8pjI2rrAEazHFEOctA
# PiASzghw40f+3IDXCADRC2rqIbV5ZhfpaqpW3c0VeLEDwBStPkcYde0KU0syk83/
# gLGQ1hPl5EF4Iu1BguUO37DOlSFF5osB0xn39CtVrNlWc2MQ4LigbctUlpigmSFR
# BqqmDDorY8t52kO50hLM3o9VeukJ8+Ka0yXBezaS2uDlUmfN4+ZUCqWd1HOj0y9d
# BmSFA3d/YNjCvHTJlZFot7d+YRl1MIIGrjCCBJagAwIBAgIQBzY3tyRUfNhHrP0o
# ZipeWzANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGln
# aUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhE
# aWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMjIwMzIzMDAwMDAwWhcNMzcwMzIy
# MjM1OTU5WjBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4x
# OzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGlt
# ZVN0YW1waW5nIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxoY1
# BkmzwT1ySVFVxyUDxPKRN6mXUaHW0oPRnkyibaCwzIP5WvYRoUQVQl+kiPNo+n3z
# nIkLf50fng8zH1ATCyZzlm34V6gCff1DtITaEfFzsbPuK4CEiiIY3+vaPcQXf6sZ
# Kz5C3GeO6lE98NZW1OcoLevTsbV15x8GZY2UKdPZ7Gnf2ZCHRgB720RBidx8ald6
# 8Dd5n12sy+iEZLRS8nZH92GDGd1ftFQLIWhuNyG7QKxfst5Kfc71ORJn7w6lY2zk
# psUdzTYNXNXmG6jBZHRAp8ByxbpOH7G1WE15/tePc5OsLDnipUjW8LAxE6lXKZYn
# LvWHpo9OdhVVJnCYJn+gGkcgQ+NDY4B7dW4nJZCYOjgRs/b2nuY7W+yB3iIU2YIq
# x5K/oN7jPqJz+ucfWmyU8lKVEStYdEAoq3NDzt9KoRxrOMUp88qqlnNCaJ+2RrOd
# OqPVA+C/8KI8ykLcGEh/FDTP0kyr75s9/g64ZCr6dSgkQe1CvwWcZklSUPRR8zZJ
# TYsg0ixXNXkrqPNFYLwjjVj33GHek/45wPmyMKVM1+mYSlg+0wOI/rOP015LdhJR
# k8mMDDtbiiKowSYI+RQQEgN9XyO7ZONj4KbhPvbCdLI/Hgl27KtdRnXiYKNYCQEo
# AA6EVO7O6V3IXjASvUaetdN2udIOa5kM0jO0zbECAwEAAaOCAV0wggFZMBIGA1Ud
# EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFLoW2W1NhS9zKXaaL3WMaiCPnshvMB8G
# A1UdIwQYMBaAFOzX44LScV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjAT
# BgNVHSUEDDAKBggrBgEFBQcDCDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGG
# GGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2Nh
# Y2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYD
# VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0
# VHJ1c3RlZFJvb3RHNC5jcmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9
# bAcBMA0GCSqGSIb3DQEBCwUAA4ICAQB9WY7Ak7ZvmKlEIgF+ZtbYIULhsBguEE0T
# zzBTzr8Y+8dQXeJLKftwig2qKWn8acHPHQfpPmDI2AvlXFvXbYf6hCAlNDFnzbYS
# lm/EUExiHQwIgqgWvalWzxVzjQEiJc6VaT9Hd/tydBTX/6tPiix6q4XNQ1/tYLaq
# T5Fmniye4Iqs5f2MvGQmh2ySvZ180HAKfO+ovHVPulr3qRCyXen/KFSJ8NWKcXZl
# 2szwcqMj+sAngkSumScbqyQeJsG33irr9p6xeZmBo1aGqwpFyd/EjaDnmPv7pp1y
# r8THwcFqcdnGE4AJxLafzYeHJLtPo0m5d2aR8XKc6UsCUqc3fpNTrDsdCEkPlM05
# et3/JWOZJyw9P2un8WbDQc1PtkCbISFA0LcTJM3cHXg65J6t5TRxktcma+Q4c6um
# AU+9Pzt4rUyt+8SVe+0KXzM5h0F4ejjpnOHdI/0dKNPH+ejxmF/7K9h+8kaddSwe
# Jywm228Vex4Ziza4k9Tm8heZWcpw8De/mADfIBZPJ/tgZxahZrrdVcA6KYawmKAr
# 7ZVBtzrVFZgxtGIJDwq9gdkT/r+k0fNX2bwE+oLeMt8EifAAzV3C+dAjfwAL5HYC
# JtnwZXZCpimHCUcr5n8apIUP/JiW9lVUKx+A+sDyDivl1vupL0QVSucTDh3bNzga
# oSv27dZ8/DCCBsAwggSooAMCAQICEAxNaXJLlPo8Kko9KQeAPVowDQYJKoZIhvcN
# AQELBQAwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTsw
# OQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVT
# dGFtcGluZyBDQTAeFw0yMjA5MjEwMDAwMDBaFw0zMzExMjEyMzU5NTlaMEYxCzAJ
# BgNVBAYTAlVTMREwDwYDVQQKEwhEaWdpQ2VydDEkMCIGA1UEAxMbRGlnaUNlcnQg
# VGltZXN0YW1wIDIwMjIgLSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
# AgEAz+ylJjrGqfJru43BDZrboegUhXQzGias0BxVHh42bbySVQxh9J0Jdz0Vlggv
# a2Sk/QaDFteRkjgcMQKW+3KxlzpVrzPsYYrppijbkGNcvYlT4DotjIdCriak5Lt4
# eLl6FuFWxsC6ZFO7KhbnUEi7iGkMiMbxvuAvfTuxylONQIMe58tySSgeTIAehVbn
# he3yYbyqOgd99qtu5Wbd4lz1L+2N1E2VhGjjgMtqedHSEJFGKes+JvK0jM1MuWbI
# u6pQOA3ljJRdGVq/9XtAbm8WqJqclUeGhXk+DF5mjBoKJL6cqtKctvdPbnjEKD+j
# HA9QBje6CNk1prUe2nhYHTno+EyREJZ+TeHdwq2lfvgtGx/sK0YYoxn2Off1wU9x
# LokDEaJLu5i/+k/kezbvBkTkVf826uV8MefzwlLE5hZ7Wn6lJXPbwGqZIS1j5Vn1
# TS+QHye30qsU5Thmh1EIa/tTQznQZPpWz+D0CuYUbWR4u5j9lMNzIfMvwi4g14Gs
# 0/EH1OG92V1LbjGUKYvmQaRllMBY5eUuKZCmt2Fk+tkgbBhRYLqmgQ8JJVPxvzvp
# qwcOagc5YhnJ1oV/E9mNec9ixezhe7nMZxMHmsF47caIyLBuMnnHC1mDjcbu9Sx8
# e47LZInxscS451NeX1XSfRkpWQNO+l3qRXMchH7XzuLUOncCAwEAAaOCAYswggGH
# MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsG
# AQUFBwMIMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATAfBgNVHSME
# GDAWgBS6FtltTYUvcyl2mi91jGogj57IbzAdBgNVHQ4EFgQUYore0GH8jzEU7ZcL
# zT0qlBTfUpwwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybDMuZGlnaWNlcnQu
# Y29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NB
# LmNybDCBkAYIKwYBBQUHAQEEgYMwgYAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# LmRpZ2ljZXJ0LmNvbTBYBggrBgEFBQcwAoZMaHR0cDovL2NhY2VydHMuZGlnaWNl
# cnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGlu
# Z0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAVaoqGvNG83hXNzD8deNP1oUj8fz5
# lTmbJeb3coqYw3fUZPwV+zbCSVEseIhjVQlGOQD8adTKmyn7oz/AyQCbEx2wmInc
# ePLNfIXNU52vYuJhZqMUKkWHSphCK1D8G7WeCDAJ+uQt1wmJefkJ5ojOfRu4aqKb
# wVNgCeijuJ3XrR8cuOyYQfD2DoD75P/fnRCn6wC6X0qPGjpStOq/CUkVNTZZmg9U
# 0rIbf35eCa12VIp0bcrSBWcrduv/mLImlTgZiEQU5QpZomvnIj5EIdI/HMCb7XxI
# stiSDJFPPGaUr10CU+ue4p7k0x+GAWScAMLpWnR1DT3heYi/HAGXyRkjgNc2Wl+W
# FrFjDMZGQDvOXTXUWT5Dmhiuw8nLw/ubE19qtcfg8wXDWd8nYiveQclTuf80EGf2
# JjKYe/5cQpSBlIKdrAqLxksVStOYkEVgM4DgI974A6T2RUflzrgDQkfoQTZxd639
# ouiXdE4u2h4djFrIHprVwvDGIqhPm73YHJpRxC+a9l+nJ5e6li6FV8Bg53hWf2rv
# wpWaSxECyIKcyRoFfLpxtU56mWz06J7UWpjIn7+NuxhcQ/XQKujiYu54BNu90ftb
# CqhwfvCXhHjjCANdRyxjqCU4lwHSPzra5eX25pvcfizM/xdMTQCi2NYBDriL7ubg
# clWJLCcZYfZ3AYwwggbzMIIE26ADAgECAhAWdy8OxRnHb5IdXyBiye3RMA0GCSqG
# SIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu
# MTwwOgYDVQQDEzNFbnRydXN0IEV4dGVuZGVkIFZhbGlkYXRpb24gQ29kZSBTaWdu
# aW5nIENBIC0gRVZDUzIwHhcNMjIwMzI5MjAxODAzWhcNMjMwMzI5MjAxODAzWjCB
# ozELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90dGF3
# YTETMBEGCysGAQQBgjc8AgEDEwJDQTEUMBIGA1UEChMLQ0FOQVJJRSBJTkMxHTAb
# BgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMREwDwYDVQQFEwgyOTAyMDgtNzEU
# MBIGA1UEAxMLQ0FOQVJJRSBJTkMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
# AoICAQC7QrVGr/0GFSjOKBtAIfg420mYYBtsT/eqfZigZeS4ZW6sykAZBX71qiU+
# 1SqfMpfU+GY2oQAvGGq/1kBaKTukhT+wwEAH90wJeaMSzAhpl9Q8vSx0xRfXmKfx
# GG8cn6kuq9DZb9kKeKP2qWSFPJyS2y0F5pVhSp8hDvZxAeAKNAjoTDip55kMJm14
# /CkqU2biZ35prXMDMh7/29YWuFWX55zKOxEfVWbbsRKGladcYtKXu1oqSh0XEhhF
# B1BLXBw1YdN2RgjXAIMxrsvNjQ7q8ZWHEMrgvA/50X59x9vxQLS4ivT8RRLic+EW
# 6BMoQ7tqlUwedFSLRsGRxs+7tLwt0FYjQQEYZEbqUpLCcrdco9QEWSI/xaY4sl7F
# S/F6HdISYpyeBlKjcsHVy5Cj7azh8UXVZYa4k+AeEseIB21/MQpynet1S1EuifGH
# Ms0Zh8axQAbJ+rDlupWsRiO63WTAPt5OsL/uEH20xZ/50m8sidF9tIZ1QrsLq8JF
# i99Zm+OncY3ysG2mQAgcsz3x7254Q2mHOSuDWKDDXx6VCZ7ihmAEtnUbL1rCngdf
# 4evV71tVyhf+4KTebjk03t6mpqYvjO3W7yuObH8NOVaAcYgOjUi0G9AN/vYwBZHf
# BAhikGO8pKxW6U/Krc2oQWaKpmGzKK1OpSVi5VZuB6has6Mm3wIDAQABo4IBYDCC
# AVwwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUEB15NHKwwcMjbBDrbk8UA+4uHysw
# HwYDVR0jBBgwFoAUzolPglGqFaKEYsoxI2HSYfv4/ngwZwYIKwYBBQUHAQEEWzBZ
# MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAyBggrBgEFBQcw
# AoYmaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9ldmNzMi1jaGFpbi5wN2MwMQYDVR0f
# BCowKDAmoCSgIoYgaHR0cDovL2NybC5lbnRydXN0Lm5ldC9ldmNzMi5jcmwwDgYD
# VR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMEsGA1UdIAREMEIwNwYK
# YIZIAYb6bAoBAjApMCcGCCsGAQUFBwIBFhtodHRwczovL3d3dy5lbnRydXN0Lm5l
# dC9ycGEwBwYFZ4EMAQMwDQYJKoZIhvcNAQELBQADggIBAIXuiHbQsWUCEhlA76KA
# YJCAbtiCXDerGtT1z27L+7/TcVUBOv2luPJ9C9qXVuQIwa0CTYNQ/kDKSkhWCJxi
# vk4OPaGi5yONchUlHsLQFXQOLDvSFbIYjeUvLAvOp30NgLyy7/Sw3SQsiSKmuLrK
# fSbNTqj0Lf48W+TQk5YD0TzDSSQG8+J4oVfYyyFxoo4C9kAoh7gTjwtj01p5QLKe
# LYJG5lpH6EomLDftK9Pe0woz46smPdL+d9dfvA51O3jS/xHt4kBpqWcWOZ2C5ZGx
# ydU6Ru+U7NVlHATRzAM/dxGJGqFCeTs1CpQF9vykl8iiSpPjzJ+CdrJbQ8gA0kCa
# +G7CagqQ3bkSMvRQllexC5HW6CiUKc8rJfZsCGOpEqtrfuxbiUUZ2og8BOliaFHK
# ZENurT73LtMNygx+yMcbaJkpfEheDJuGK82avSh9HFkyuJD3MI2MafN2OtyXyO/M
# sseiqHwpcRdwDZr0mkOrN9y1YOo62BYRVDVUep9X5lQ/MEA9c6iMgrQ4/E8kk4Jo
# LC7pe21qAP1ICIbjS7g5t4cbPfeFBtvSZeMANKmlDXQkedoGOOnOxqCuhxc3a0LX
# B746Q/VF6hookZlTqDXuu6aeIdD3tpLt0Dx8D69FY2Si/eMdn6dKDsT7CXYFve0S
# 1DDwrqhTIXI9wPojPbu8ZXPzMYIGTTCCBkkCAQEwdzBjMQswCQYDVQQGEwJVUzEW
# MBQGA1UEChMNRW50cnVzdCwgSW5jLjE8MDoGA1UEAxMzRW50cnVzdCBFeHRlbmRl
# ZCBWYWxpZGF0aW9uIENvZGUgU2lnbmluZyBDQSAtIEVWQ1MyAhAWdy8OxRnHb5Id
# XyBiye3RMA0GCWCGSAFlAwQCAQUAoIGEMBgGCisGAQQBgjcCAQwxCjAIoAKAAKEC
# gAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwG
# CisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEICcXRJhVgNnpPSqwXKrCx1mw69r+
# 5JPZlaGNb7CDadxiMA0GCSqGSIb3DQEBAQUABIICAFcw5zS/1NmHSZBKNdMf5LiL
# j9TJwGd5g7j0QYFo4/R0l60OklgDWr7tyRjnnbo1MfH+01JfUrYTliOjApeB2HSe
# 3FM2lfC6zAv9/evLC5Jlrq1x9bUREbRmLlXgoT45b+7I1LksyYjIoQeJSGg/n/1f
# VI4pWqlcLAC2ke0z8gUi7r85uL7VID7/FIJDNHxmBb088HTAJvOq0M1se7aNI69i
# O/vx5TV5fktslEa12r6S3WiJ9yf7UmmAF9vgCFTTvGwlv0BaJfAWCmTSH+DRR1IJ
# TMJ9oMKHup31/QiQnF8ijz/l3VLBzDKDpOrWm9T2bdkLltyiuT8goJB1401Zj2eP
# ZjG4sUy3tbVFdRBHdzPRkYMp+cd/f4JQNf0TCCVxAJQlhp+9bEHzwJk16Eg/AUAG
# pYx4EwM239rJ383tUClECK4rxOTSGm5c2TJvqGZM4AVP6SEmePbaqH0j0LqVIeSR
# 5NKupHMjNcCg1IGEozDk6B8nbfBM6agr5Ty/xyAmO9yFN+a+OCUvWo+sR83xz5Iv
# JUD1glKq0pBymy7PFDnIv7n++jcXh2jBD78xFodWgzlawN7PEnatqP37JRw+0E4l
# VBishvLqZXdkfsK1noynObeeOGR1xOb3M1tZpqMhbf2uG+CFHHi5SLafHQiA/6d8
# NT0AokDzv83n1Cb1sV+hoYIDIDCCAxwGCSqGSIb3DQEJBjGCAw0wggMJAgEBMHcw
# YzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQD
# EzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGlu
# ZyBDQQIQDE1pckuU+jwqSj0pB4A9WjANBglghkgBZQMEAgEFAKBpMBgGCSqGSIb3
# DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIyMTEyOTAyNDkyOFow
# LwYJKoZIhvcNAQkEMSIEIGKYkYCPTuX+oQhsw8hWPcT+hkFlhIlaUTTYjlVe812o
# MA0GCSqGSIb3DQEBAQUABIICAKZyz5Vkab/ih3mJCHnCTHGHOw87H+CV2SkEzrhu
# ulcojmyIyfHg+n4ssXAGZrNLOaSMFbcoBRSJEtP2r7GGnnrBT7KKdYkBugWnmrmq
# PaYwrajrwVFBiuLb9Z0RcQeibC7KkCHHPm5m1zHW0457mCA9Y+HxacnVkVN6OGZo
# 8aJXdgjuWpkQoZkwfJqyiBZMEyBCL980FQQYN6x0JHnfp0LdiNBK1QMvX6XMDIhb
# xyO2ehZRC96M1joSfpH+FjyDGTDfcWax94I020KIom83Pa7PrtXR6SiDgEHXhlge
# ywe8VZcEN3aYjGrMEzlnWHO1L9buIc7wLHebWtYDdjazC53MdutOJcjjPaZqY/qv
# lcFWHSniSj0gsb7/EvA7Y0PmyjFKpRkAKk8kx5AhwExxL6fzFF85q8ksNGu8hJhj
# qnoST/tEAZMtIS2vL0NHXQ5XkNWdaDlo4jeZnPv16Q8BrSh2CLwyct/VVeO3CjL5
# u9MvfHx/b4qYT2xWHMON4DWTMKYSnjCn3KWKlc2ZYXNSLj8GSQZuJq4FZwqRwhtj
# ywt3/ZLcSatTdDlGaPqvjTV1VNoGJTGFftu9De3/jo4+pjCCS5sW0FjmF5s6xqcg
# qgzpUT8GaN/lj+6ZYUzDtk05rCJKrjOlqc/+IkSQWdOMK/b55oYRbH7nLjQrmutM
# sU2x
# SIG # End signature block