From 0102c727c4a298d235360582fcb14b8b9d8d28ef Mon Sep 17 00:00:00 2001
From: Geeth Munasinghe <geeth@wso2.com>
Date: Wed, 3 Dec 2014 11:05:29 +0530
Subject: [PATCH] Adding the config directory

---
 .../src/repository/conf/api-manager.xml       | 524 +++++++++++++
 .../conf/application-authenticators.xml       |  23 +
 .../src/repository/conf/axis2/axis2.xml       | 702 ++++++++++++++++++
 .../src/repository/conf/carbon.xml            | 625 ++++++++++++++++
 .../repository/conf/cipher-tool.properties    |  36 +
 .../data-bridge/cassandra-datasink-config.xml |  22 +
 .../conf/data-bridge/data-bridge-config.xml   |  70 ++
 .../conf/datasources/master-datasources.xml   | 139 ++++
 .../src/repository/conf/emm-config.xml        |  51 ++
 .../repository/conf/entitlement.properties    |  43 ++
 .../src/repository/conf/identity.xml          | 230 ++++++
 .../src/repository/conf/log4j.properties      | 164 ++++
 .../conf/multitenancy/cloud-services-desc.xml | 186 +++++
 .../src/repository/conf/registry.xml          | 195 +++++
 .../src/repository/conf/shindig.properties    | 215 ++++++
 .../src/repository/conf/sso-idp-config.xml    |  52 ++
 .../src/repository/conf/tomcat/context.xml    |  38 +
 .../repository/conf/trusted-idp-config.xml    |  21 +
 .../src/repository/conf/user-mgt.xml          | 343 +++++++++
 .../src/repository/conf/wso2emm.jks           | Bin 0 -> 3180 bytes
 .../src/repository/conf/wso2permission.jks    | Bin 0 -> 46409 bytes
 21 files changed, 3679 insertions(+)
 create mode 100755 modules/distribution/src/repository/conf/api-manager.xml
 create mode 100755 modules/distribution/src/repository/conf/application-authenticators.xml
 create mode 100644 modules/distribution/src/repository/conf/axis2/axis2.xml
 create mode 100644 modules/distribution/src/repository/conf/carbon.xml
 create mode 100644 modules/distribution/src/repository/conf/cipher-tool.properties
 create mode 100755 modules/distribution/src/repository/conf/data-bridge/cassandra-datasink-config.xml
 create mode 100755 modules/distribution/src/repository/conf/data-bridge/data-bridge-config.xml
 create mode 100755 modules/distribution/src/repository/conf/datasources/master-datasources.xml
 create mode 100644 modules/distribution/src/repository/conf/emm-config.xml
 create mode 100644 modules/distribution/src/repository/conf/entitlement.properties
 create mode 100755 modules/distribution/src/repository/conf/identity.xml
 create mode 100644 modules/distribution/src/repository/conf/log4j.properties
 create mode 100644 modules/distribution/src/repository/conf/multitenancy/cloud-services-desc.xml
 create mode 100755 modules/distribution/src/repository/conf/registry.xml
 create mode 100644 modules/distribution/src/repository/conf/shindig.properties
 create mode 100755 modules/distribution/src/repository/conf/sso-idp-config.xml
 create mode 100644 modules/distribution/src/repository/conf/tomcat/context.xml
 create mode 100644 modules/distribution/src/repository/conf/trusted-idp-config.xml
 create mode 100644 modules/distribution/src/repository/conf/user-mgt.xml
 create mode 100644 modules/distribution/src/repository/conf/wso2emm.jks
 create mode 100644 modules/distribution/src/repository/conf/wso2permission.jks

diff --git a/modules/distribution/src/repository/conf/api-manager.xml b/modules/distribution/src/repository/conf/api-manager.xml
new file mode 100755
index 00000000000..56cd371db59
--- /dev/null
+++ b/modules/distribution/src/repository/conf/api-manager.xml
@@ -0,0 +1,524 @@
+<APIManager>
+    <!--
+        JNDI name of the data source to be used by the API publisher, API store and API
+        key manager. This data source should be defined in the master-datasources.xml file
+        in conf/datasources directory.
+    -->
+    <DataSourceName>jdbc/WSO2AM_DB</DataSourceName>
+
+    <!-- This parameter is used when adding api management capability to other products like GReg, AS, DSS etc.-->
+    <GatewayType>EMM</GatewayType>
+	
+  <!-- This parameter is used to enable the securevault support when try to publish endpoint secured APIs. Values should be "true" or "false".
+  By default secure vault is disabled.-->
+	<EnableSecureVault>false</EnableSecureVault>
+    <!--
+        Database configuration used by API publisher, API store and API key manager.
+        When these components are deployed separately, each of them should have
+        separate database configurations pointing to the same physical database.
+    -->
+    <!--Database-->
+        <!--
+            JDBC connection string for the database.
+        -->
+        <!--<URL>jdbc:h2:repository/database/WSO2AM_DB</URL> -->
+
+        <!--
+            JDBC username for the database.
+        -->
+        <!--<Username>wso2carbon</Username>-->
+
+        <!--
+            JDBC password for the database.
+        -->
+        <!--<Password>wso2carbon</Password>
+
+
+            JDBC driver for the database.
+        -->
+        <!--<Driver>org.h2.Driver</Driver>
+    </Database>-->
+
+    <!--
+        Authentication manager configuration for API publisher and API store. This is
+        a required configuration for both web applications as their user authentication
+        logic relies on this.
+    -->
+    <AuthManager>
+        <!--
+            Server URL of the Authentication service
+        -->
+        <ServerURL>https://${carbon.local.ip}:${mgt.transport.https.port}/services/</ServerURL>
+        <!--
+            Admin username for the Authentication manager.
+        -->
+        <Username>admin</Username>
+        <!--
+            Admin password for the Authentication manager.
+        -->
+        <Password>admin</Password>
+    </AuthManager>
+
+    <!--
+        Configuration parameters for the API authentication handler. This is an optional
+        configuration for the API Gateway component.
+    -->
+    <APIConsumerAuthentication>
+        <!--
+            Name of the security context header to be added to the validated requests.
+        -->
+        <SecurityContextHeader>X-JWT-Assertion</SecurityContextHeader>
+
+	<!-- 
+		Fully qualified name of the class that will retrieve additional user claims
+		to be appended to the JWT. If not specified no claims will be appended.
+		The DefaultClaimsRetriever class adds user claims from the default carbon user store.
+	-->
+	<!--ClaimsRetrieverImplClass>org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever</ClaimsRetrieverImplClass-->
+
+	<!--
+		The dialectURI under which the claimURIs that need to be appended to the
+		JWT are defined. Not used with custom ClaimsRetriever implementations. The
+		same value is used in the keys for appending the default properties to the
+		JWT.
+	-->
+    	<!--ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI-->
+    	
+    	<!-- 
+		Signature algorithm. Accepts "SHA256withRSA" or "NONE". To disable signing explicitly specify "NONE".
+	-->
+	<!--SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm-->
+
+    <!--
+		Enable/Disable JWT generation. Default is false.
+	-->
+	<!--EnableTokenGeneration>false</EnableTokenGeneration-->
+	
+	<!-- 
+		Remove OAuth headers from outgoing message or keep with it.
+	-->
+	<!--RemoveOAuthHeadersFromOutMessage>true</RemoveOAuthHeadersFromOutMessage-->
+    </APIConsumerAuthentication>
+
+    <!-- Primary/secondary login configuration for APIstore. If user likes to keep two login attributes in a distributed setup, to login the APIstore,
+		he should configure this section. Primary login doesn't have a claimUri associated with it. But secondary login, which is a claim attribute,
+		is associated with a claimuri.-->
+    <!-- <LoginConfig>
+            <UserIdLogin  primary="true">
+        <ClaimUri></ClaimUri>
+        </UserIdLogin>
+        <EmailLogin  primary="false">
+            <ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
+        </EmailLogin>
+    </LoginConfig>-->
+
+    <!--
+        Credentials for the API gateway admin server. This configuration
+        is mainly used by the API publisher and store to connect to the API gateway and
+        create/update published API configurations.
+    -->
+    <APIGateway>
+	<!-- The environments to which an API will be published -->
+	<Environments>
+		<!-- Environments can be of different types. Allowed values are 'hybrid', 'production' and 'sandbox'.
+		     An API deployed on a 'production' type gateway will only support production keys
+		     An API deployed on a 'sandbox' type gateway will only support sandbox keys
+		     An API deployed on a 'hybrid' type gateway will support both production and sandbox keys -->
+                <Environment type="hybrid">
+                        <Name>Production and Sandbox</Name>
+			<!--
+            			Server URL of the API gateway.
+        		-->
+                        <ServerURL>https://${carbon.local.ip}:${mgt.transport.https.port}/services/</ServerURL>
+			<!--
+            			Admin username for the API gateway.
+        		-->
+                        <Username>admin</Username>
+			<!--
+            			Admin password for the API gateway.
+        		-->
+                        <Password>admin</Password>
+			<!--
+            			Endpoint URLs for the APIs hosted in this API gateway.
+        		-->
+                        <GatewayEndpoint>http://${carbon.local.ip}:${http.nio.port},https://${carbon.local.ip}:${https.nio.port}</GatewayEndpoint>
+                </Environment>
+        </Environments>
+        
+        <!--
+            Enable/Disable caching at gateway node.
+        -->
+        <EnableGatewayKeyCache>false</EnableGatewayKeyCache>
+
+	<!-- Header name can be configurable, as you preferred. When API invocation is restricted to access only for authorized domains, 
+		client request should send his domain, as the value of this header. 
+	-->
+	<ClientDomainHeader>referer</ClientDomainHeader>
+
+    </APIGateway>
+
+     <!--
+	    Enable/Disable Usage metering and billing for api usage
+     -->
+     <EnableBillingAndUsage>false</EnableBillingAndUsage>
+
+    <!--
+        API usage tracker configuration used by the BAM data publisher and 
+        Google Analytics publisher in API gateway.
+    -->
+    <APIUsageTracking>
+	
+        <!--
+            Enable/Disable the API usage tracker.
+        -->
+        <Enabled>false</Enabled>
+
+        <!--
+            API Usage Data Publisher.
+        -->
+        <PublisherClass>org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher</PublisherClass>
+
+        <!--
+            Thrift port of the remote BAM server.
+        -->
+        <ThriftPort>7612</ThriftPort>
+
+        <!--
+            Server URL of the remote BAM/CEP server used to collect statistics. Must
+            be specified in protocol://hostname:port/ format.
+
+            An event can also be published to multiple Receiver Groups each having 1 or more receivers. Receiver
+            Groups are delimited by curly braces whereas receivers are delimited by commas.
+	    Ex - Multiple Receivers within a single group
+		 tcp://localhost:7612/,tcp://localhost:7613/,tcp://localhost:7614/
+	    Ex - Multiple Receiver Groups with two receivers each		
+                 {tcp://localhost:7612/,tcp://localhost:7613},{tcp://localhost:7712/,tcp://localhost:7713/} 
+        -->
+        <BAMServerURL>tcp://localhost:7612/</BAMServerURL>
+
+        <!--
+            Administrator username to login to the remote BAM server.
+        -->
+        <BAMUsername>admin</BAMUsername>
+
+        <!--
+            Administrator password to login to the remote BAM server.
+        -->
+        <BAMPassword>admin</BAMPassword>
+
+        <!--
+            JNDI name of the data source to be used for getting BAM statistics.This data source should
+            be defined in the master-datasources.xml file in conf/datasources directory.
+        -->
+        <!--DataSourceName>jdbc/WSO2AM_STATS_DB</DataSourceName-->
+
+	<!--
+            Google Analytics publisher configuration. Create Google Analytics account and obtain a
+            Tracking ID. 
+	    Reffer http://support.google.com/analytics/bin/answer.py?hl=en&answer=1009694
+        -->
+        <GoogleAnalyticsTracking>
+             <!--
+                 Enable/Disable Google Analytics Tracking
+             -->
+             <Enabled>false</Enabled>
+
+             <!--
+                Google Analytics Tracking ID    
+             -->
+             <TrackingID>UA-XXXXXXXX-X</TrackingID>
+
+       </GoogleAnalyticsTracking>
+
+    </APIUsageTracking>
+
+    <!--
+        API key manager configuration used by API key manager (IS), API store and API gateway.
+        This is used by API store to generate and manage API keys. API gateway uses it to
+        validate and authenticate users against the provided API keys.
+    -->
+    <APIKeyManager>
+        <!--
+            Server URL of the API key manager
+        -->
+        <ServerURL>https://${carbon.local.ip}:${mgt.transport.https.port}/services/</ServerURL>
+
+        <!--
+            Admin username for API key manager.
+        -->
+        <Username>admin</Username>
+
+        <!--
+            Admin password for API key manager.
+        -->
+        <Password>admin</Password>
+        <!--
+            Enable/Disable JWT caching.
+        -->
+        <EnableJWTCache>false</EnableJWTCache>
+
+        <!--
+            Enable/Disable API key validation information caching at key-management server
+        -->
+
+        <EnableKeyMgtValidationInfoCache>false</EnableKeyMgtValidationInfoCache>
+
+        <!--
+        Configurations related to enable thrift support for key-management related communication.
+        If you want to switch back to Web Service Client, change the value of "KeyValidatorClientType" to "WSClient".
+        In a distributed environment;
+        -If you are at the Gateway node, you need to point "ThriftClientPort" value to the "ThriftServerPort" value given at KeyManager node.
+        -If you need to start two API Manager instances in the same machine, you need to give different ports to "ThriftServerPort" value in two nodes.
+        -ThriftServerHost - Allows to configure a hostname for the thrift server. It uses the carbon hostname by default.
+        -->
+
+        <KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
+        <ThriftClientPort>10397</ThriftClientPort>
+        <ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
+        <ThriftServerPort>10397</ThriftServerPort>
+	<!--ThriftServerHost>localhost</ThriftServerHost-->
+	<EnableThriftServer>true</EnableThriftServer>
+	<!--
+	   This parameter is used to specify Thrift server host name. In a distributed deployment we must set this parameter
+	   if keymanager running on separate machine. Gateway use this parameter to connect key validation thrift service
+	-->
+	<!--ThriftServerHost>127.0.0.1</ThriftServerHost-->
+
+        <!--
+            Remove UserName from JWT Token
+        -->
+       <!-- <RemoveUserNameToJWTForApplicationToken>true</RemoveUserNameToJWTForApplicationToken>-->
+
+	<!-- Name of the token API -->
+	<TokenEndPointName>oauth2/token</TokenEndPointName>
+	
+	<!-- Whether to encrypt tokens when storing in the Database
+	Note: If changing this value to true, change the value of <TokenPersistenceProcessor> to
+	org.wso2.carbon.identity.oauth.tokenprocessor.EncryptionDecryptionProcessor in the identity.xml -->
+	<EncryptPersistedTokens>false</EncryptPersistedTokens>
+
+    </APIKeyManager>
+
+    <!--
+        Settings related to managing API access tiers.
+    -->
+    <TierManagement>
+        <!--
+            Enable the providers to expose their APIs over the special 'Unlimited' tier which
+            basically disables tier based throttling for the specified APIs.
+        -->
+        <EnableUnlimitedTier>true</EnableUnlimitedTier>
+    </TierManagement>
+
+    <!--
+        Use this configuration to control the self-sign-up capability in API store.
+    -->
+    <SelfSignUp>
+        <!--
+            Enable or disable the self-sign-up feature.
+        -->
+        <Enabled>true</Enabled>
+
+        <!--
+            Self signed up users should be associated with a suitable subscriber
+            role for them to be able to access the API store portal. This required
+            parameter specifies which role should be used for that purpose. The role
+            specified here must have the '/permission/admin/manage/api/subscribe'
+            permission.
+        -->
+        <SubscriberRoleName>subscriber</SubscriberRoleName>
+
+        <!--
+            This parameter specifies whether the subscriber role specified above
+            should be created in the local user store or not. This only makes sense
+            when the API subscribers are authenticated against the local user store.
+            That is the local Carbon server is acting as the AuthManager. If a remote
+            Carbon server is acting as the AuthManager, this parameter should be turned
+            off for the local server.
+        -->
+        <CreateSubscriberRole>true</CreateSubscriberRole>
+    </SelfSignUp>
+
+    <!--
+        Use this configuration to control the number of APIs shown in API store.
+    -->
+    <APIStore>
+        <!--
+            This parameter specifies whether to display multiple versions of same
+            API or only showing the latest version of an API.
+
+        -->
+        <DisplayMultipleVersions>false</DisplayMultipleVersions>
+        <!--
+            This parameter specifies whether to display all the APIs
+            [which are having DEPRECATED/PUBLISHED status] or only display the APIs
+            with having their status is as 'PUBLISHED'
+
+        -->
+        <DisplayAllAPIs>false</DisplayAllAPIs>
+		
+		 <!--
+            This parameter specifies whether to display the comment editing facility or not.
+           Default is "true". If user wants to disable, he must set this param as "false"
+
+        -->
+		<DisplayComments>true</DisplayComments>
+		
+		 <!--
+            This parameter specifies whether to display the ratings  or not.
+           Default is "true". If user wants to disable, he must set this param as "false"
+
+        -->
+		<DisplayRatings>true</DisplayRatings>
+	      
+              <!--
+                This parameter specifies the expiration time of the TagCache. TagCache will 
+                only be created when this element is uncommented. When the specified
+                time duration gets elapsed ,tag cache will get re-generated.
+               -->
+         <!--TagCacheDuration>120000</TagCacheDuration-->
+
+
+    </APIStore>
+
+    <!--
+        Status observers can be registered against the API Publisher to listen for
+        API status update events. Each observer must implement the APIStatusObserver
+        interface. Multiple observers can be engaged if necessary and in such situations
+        they will be notified in the order they are defined here.
+    -->
+    <!--StatusObservers>
+        <Observer>org.wso2.carbon.apimgt.impl.observers.SimpleLoggingObserver</Observer>
+    </StatusObservers-->
+
+    <!--
+        There are set of plugguble extensions for some operations related to API MAnager
+	operations such as self sign in, subscriptions and etc. For those operatios we can
+	trigger external work flow of business process server. Here are the configurations
+	related to those operations
+    -->
+    <WorkFlowExtensions>
+      <ApplicationCreation executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationCreationSimpleWorkflowExecutor"/>
+	  <!--ApplicationCreation executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationCreationWSWorkflowExecutor">
+           <Property name="serviceEndpoint">http://localhost:9765/services/ApplicationApprovalWorkFlowProcess/</Property>
+           <Property name="username">admin</Property>
+           <Property name="password">admin</Property>
+           <Property name="callbackURL">https://localhost:8243/services/WorkflowCallbackService</Property>
+      </ApplicationCreation-->
+      <SubscriptionCreation executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationSimpleWorkflowExecutor"/>
+      <!--SubscriptionCreation executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationWSWorkflowExecutor">
+           <Property name="serviceEndpoint">http://localhost:9765/services/SubscriptionApprovalWorkFlowProcess/</Property>
+           <Property name="username">admin</Property>
+           <Property name="password">admin</Property>
+           <Property name="callbackURL">https://localhost:8243/services/WorkflowCallbackService</Property>
+      </SubscriptionCreation-->
+      <UserSignUp executor="org.wso2.carbon.apimgt.impl.workflow.UserSignUpSimpleWorkflowExecutor"/>
+      <!--UserSignUp executor="org.wso2.carbon.apimgt.impl.workflow.UserSignUpWSWorkflowExecutor">
+           <Property name="serviceEndpoint">http://localhost:9765/services/UserSignupProcess/</Property>
+           <Property name="username">admin</Property>
+           <Property name="password">admin</Property>
+           <Property name="callbackURL">https://localhost:8243/services/WorkflowCallbackService</Property>
+      </UserSignUp-->
+    </WorkFlowExtensions>
+
+    <!-- 
+	Use this configuration Create APIs at the Server startup
+    -->
+    <StartupAPIPublisher>
+
+	<!--
+            Enable/Disable the API Startup Publisher
+        -->
+	
+	<Enabled>false</Enabled>
+	
+	<!--
+	Configuration to create APIs for local endpoints. 
+	Endpoint will be computed as http://${carbon.local.ip}:${mgt.transport.http.port}/Context.
+	Define many LocalAPI elements as below to create many APIs
+	for local Endpoints.
+	IconPath should be relative to CARBON_HOME.
+	-->
+	<!--
+	Configuration to create APIs for remote endpoints.
+	When Endpoint need to be defined use this configuration.  
+	Define many API elements as below to create many APIs
+	for external Endpoints.
+	If you do not need to add Icon or Documentation set 
+	'none' as the value for IconPath & DocumentURL.
+	-->
+	<!--APIs>
+		<API>	
+			<Context>/resource</Context>
+			<Endpoint>http://localhost:9764/resource</Endpoint>
+			<Provider>admin</Provider>
+			<Version>1.0.0</Version>
+			<IconPath>none</IconPath>
+			<DocumentURL>none</DocumentURL>
+			<AuthType>Any</AuthType>
+		</API>
+	</APIs-->
+		
+    </StartupAPIPublisher>
+
+    <!--
+   Below are set of external APIStores which can be configured to publish an API from current running
+   APIM server.-->
+
+    <!--<ExternalAPIStores>-->
+
+	<!--Configuration to set the store URL of the current running APIM deployment. 
+	APIs published to external stores will be redirected to this URL-->
+	
+	<!--<StoreURL>http://localhost:9763/store</StoreURL>
+
+        <ExternalAPIStore id="Store1" type="wso2">
+            <DisplayName>Store1</DisplayName>
+            <Endpoint>http://localhost:9764/store</Endpoint>
+            <Username>xxxx</Username>
+            <Password>xxxx</Password>
+        </ExternalAPIStore>
+
+        <ExternalAPIStore id="ProWeb" type="proWeb">
+            <Name>ProgrammableWeb</Name>
+            <Endpoint>xxxxx</Endpoint>
+        </ExternalAPIStore>
+
+        <ExternalAPIStore id="Store2" type="wso2">
+            <DisplayName>Store2</DisplayName>
+            <Endpoint>http://localhost:9764/store</Endpoint>
+            <Username>xxxx</Username>
+            <Password>xxxx</Password>
+        </ExternalAPIStore>
+
+    </ExternalAPIStores> -->
+
+    <!--
+	When an API is invoked, a list of handlers get engaged to its execution flow. This
+	property defines the position of the Extension Handler.
+	Supported values: top, bottom
+	Defaults to: bottom
+    -->	
+    <!--ExtensionHandlerPosition>top|bottom</ExtensionHandlerPosition-->
+
+
+    <!--Configuration to enable/disable sending CORS headers in the Gateway response
+        and define the Access-Control-Allow-Origin header value.-->
+    <CORSConfiguration>
+        
+	<!--Configuration to enable/disable sending CORS headers from the Gateway-->
+	<Enabled>true</Enabled>
+
+	<!--The value of the Access-Control-Allow-Origin header. Default values are 
+	    API Store addresses, which is needed for swagger to function.-->
+	<Access-Control-Allow-Origin>https://localhost:9443,http://localhost:9763</Access-Control-Allow-Origin>
+
+	<!--Configure Access-Control-Allow-Headers-->
+	<Access-Control-Allow-Headers>authorization,Access-Control-Allow-Origin,Content-Type</Access-Control-Allow-Headers>
+
+	<!--Configure Access-Control-Allow-Methods-->
+	<Access-Control-Allow-Methods>GET,POST,PUT,DELETE,OPTIONS</Access-Control-Allow-Methods>
+
+    </CORSConfiguration>
+</APIManager>
+
diff --git a/modules/distribution/src/repository/conf/application-authenticators.xml b/modules/distribution/src/repository/conf/application-authenticators.xml
new file mode 100755
index 00000000000..c13c0401074
--- /dev/null
+++ b/modules/distribution/src/repository/conf/application-authenticators.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<!--
+  ~ Copyright 2005-2013 WSO2, Inc. (http://wso2.com)
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<Authenticators>
+    <Authenticator name="BasicAuthenticator" disabled="false" factor="1">
+        <Status value="10" loginPage="/sso/login" />
+    </Authenticator>
+</Authenticators>
\ No newline at end of file
diff --git a/modules/distribution/src/repository/conf/axis2/axis2.xml b/modules/distribution/src/repository/conf/axis2/axis2.xml
new file mode 100644
index 00000000000..0ecbffaabe7
--- /dev/null
+++ b/modules/distribution/src/repository/conf/axis2/axis2.xml
@@ -0,0 +1,702 @@
+<!--
+  ~ Copyright 2005-2011 WSO2, Inc. (http://wso2.com)
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<axisconfig name="AxisJava2.0">
+
+    <!-- ================================================= -->
+    <!-- Globally engaged modules -->
+    <!-- ================================================= -->
+    <module ref="addressing"/>
+
+    <!-- ================================================= -->
+    <!-- Parameters -->
+    <!-- ================================================= -->
+    <parameter name="hotdeployment">${hotdeployment}</parameter>
+    <parameter name="hotupdate">${hotupdate}</parameter>
+    <parameter name="enableMTOM" locked="false">optional</parameter>
+    <parameter name="cacheAttachments">true</parameter>
+    <parameter name="attachmentDIR">work/mtom</parameter>
+    <parameter name="sizeThreshold">4000</parameter>
+
+    <parameter name="EnableChildFirstClassLoading">${childfirstCL}</parameter>
+
+    <!--
+    The exposeServiceMetadata parameter decides whether the metadata (WSDL, schema, policy) of
+    the services deployed on Axis2 should be visible when ?wsdl, ?wsdl2, ?xsd, ?policy requests
+    are received.
+    This parameter can be defined in the axi2.xml file, in which case this will be applicable
+    globally, or in the services.xml files, in which case, it will be applicable to the
+    Service groups and/or services, depending on the level at which the parameter is declared.
+    This value of this parameter defaults to true.
+    -->
+    <parameter name="exposeServiceMetadata">true</parameter>
+
+    <!--
+    Defines how the persistence of WS-ReliableMessaging is handled
+
+    Possible value are: inmemory & persistent
+    -->
+    <!-- Following parameter will completely disable REST handling in both the servlets-->
+    <parameter name="disableREST" locked="false">false</parameter>
+
+    <parameter name="Sandesha2StorageManager">inmemory</parameter>
+
+    <!-- This deployment interceptor will be called whenever before a module is initialized or
+     service is deployed -->
+    <listener class="org.wso2.carbon.core.deployment.DeploymentInterceptor"/>
+
+    <!-- setting servicePath. contextRoot is defined in the carbon.xml file -->
+    <!-- modification of this variable should be accompanied by the change in 'ServerURL' in carbon.xml file -->
+    <parameter name="servicePath">services</parameter>
+
+    <!--the directory in which .aar services are deployed inside axis2 repository-->
+    <parameter name="ServicesDirectory">axis2services</parameter>
+
+    <!--the directory in which modules are deployed inside axis2 repository-->
+    <parameter name="ModulesDirectory">axis2modules</parameter>
+
+    <parameter name="userAgent" locked="true">
+        @product.name@-@product.version@
+    </parameter>
+    <parameter name="server" locked="true">
+        @product.name@-@product.version@
+    </parameter>
+
+    <!-- ========================================================================-->
+
+    <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+    <!--that behaviour.-->
+    <parameter name="sendStacktraceDetailsWithFaults">false</parameter>
+
+    <!--If there aren't any information available to find out the fault reason, we set the message of the expcetion-->
+    <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+    <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+    <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+    <parameter name="DrillDownToRootCauseForFaultReason">false</parameter>
+
+    <!--Set the flag to true if you want to enable transport level session mangment-->
+    <parameter name="manageTransportSession">true</parameter>
+
+    <!-- Synapse Configuration file -->
+    <parameter name="SynapseConfig.ConfigurationFile" locked="false">
+        ./repository/deployment/server/synapse-configs
+    </parameter>
+
+    <!-- Synapse Home parameter -->
+    <parameter name="SynapseConfig.HomeDirectory" locked="false">.</parameter>
+
+    <!-- Resolve root used to resolve synapse references like schemas inside a WSDL -->
+    <parameter name="SynapseConfig.ResolveRoot" locked="false">.</parameter>
+
+    <!-- Synapse Server name parameter -->
+    <parameter name="SynapseConfig.ServerName" locked="false">WSO2 Carbon Server</parameter>
+
+    <!--By default, JAXWS services are created by reading annotations. WSDL and schema are generated-->
+    <!--using a separate WSDL generator only when ?wsdl is called. Therefore, even if you engage-->
+    <!--policies etc.. to AxisService, it doesn't appear in the WSDL. By setting the following property-->
+    <!--to true, you can create the AxisService using the generated WSDL and remove the need for a-->
+    <!--WSDL generator. When ?wsdl is called, WSDL is generated in the normal way.-->
+    <parameter name="useGeneratedWSDLinJAXWS">${jaxwsparam}</parameter>
+
+    <!-- Deployer for the dataservice. -->
+    <!--<deployer extension="dbs" directory="dataservices" class="org.wso2.dataservices.DBDeployer"/>-->
+
+    <!-- Axis1 deployer for Axis2-->
+    <!--<deployer extension="wsdd" class="org.wso2.carbon.axis1services.Axis1Deployer" directory="axis1services"/>-->
+
+    <!-- POJO service deployer for Jar -->
+    <!--<deployer extension="jar" class="org.apache.axis2.deployment.POJODeployer" directory="pojoservices"/>-->
+
+    <!-- POJO service deployer for Class  -->
+    <!--<deployer extension="class" class="org.apache.axis2.deployment.POJODeployer" directory="pojoservices"/>-->
+
+    <!-- JAXWS service deployer  -->
+    <!--<deployer extension=".jar" class="org.apache.axis2.jaxws.framework.JAXWSDeployer" directory="servicejars"/>-->
+    <!-- ================================================= -->
+    <!-- Message Receivers -->
+    <!-- ================================================= -->
+    <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+    <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+    <!--any operation -->
+    <!--Note : You can ovride this for particular service by adding the same element with your requirement-->
+
+    <messageReceivers>
+        <messageReceiver mep="http://www.w3.org/ns/wsdl/in-only"
+                         class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/>
+        <messageReceiver mep="http://www.w3.org/ns/wsdl/robust-in-only"
+                         class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/>
+        <messageReceiver mep="http://www.w3.org/ns/wsdl/in-out"
+                         class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+    </messageReceivers>
+
+    <messageFormatters>
+        <messageFormatter contentType="application/x-www-form-urlencoded"
+                          class="org.apache.axis2.transport.http.XFormURLEncodedFormatter"/>
+        <messageFormatter contentType="multipart/form-data"
+                          class="org.apache.axis2.transport.http.MultipartFormDataFormatter"/>
+        <messageFormatter contentType="application/xml"
+                          class="org.apache.axis2.transport.http.ApplicationXMLFormatter"/>
+        <messageFormatter contentType="text/xml"
+                          class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+        <messageFormatter contentType="application/soap+xml"
+                          class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+
+        <!--JSON Message Formatters-->
+        <messageFormatter contentType="application/json"
+                          class="org.apache.axis2.json.JSONMessageFormatter"/>
+        <messageFormatter contentType="application/json/badgerfish"
+                          class="org.apache.axis2.json.JSONBadgerfishMessageFormatter"/>
+        <messageFormatter contentType="text/javascript"
+                          class="org.apache.axis2.json.JSONMessageFormatter"/>
+
+        <!--messageFormatter contentType="application/x-www-form-urlencoded"
+                        class="org.wso2.carbon.relay.ExpandingMessageFormatter"/-->
+        <!--messageFormatter contentType="multipart/form-data"
+                        class="org.wso2.carbon.relay.ExpandingMessageFormatter"/-->
+        <!--messageFormatter contentType="application/xml"
+                        class="org.wso2.carbon.relay.ExpandingMessageFormatter"/-->
+        <!--messageFormatter contentType="text/html"
+                        class="org.wso2.carbon.relay.ExpandingMessageFormatter"/-->
+        <!--messageFormatter contentType="application/soap+xml"
+                        class="org.wso2.carbon.relay.ExpandingMessageFormatter"/-->
+        <!--messageFormatter contentType="x-application/hessian"
+			class="org.apache.synapse.format.hessian.HessianMessageFormatter"/-->
+        <!--<messageFormatter contentType="">
+			class="org.apache.synapse.format.hessian.HessianMessageFormatter"/-->
+    </messageFormatters>
+
+    <messageBuilders>
+        <messageBuilder contentType="application/xml"
+                        class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+        <messageBuilder contentType="application/x-www-form-urlencoded"
+                        class="org.apache.axis2.builder.XFormURLEncodedBuilder"/>
+        <messageBuilder contentType="multipart/form-data"
+                        class="org.apache.axis2.builder.MultipartFormDataBuilder"/>
+
+        <!--JSON Message Builders-->
+        <messageBuilder contentType="application/json"
+                        class="org.apache.axis2.json.JSONOMBuilder"/>
+        <messageBuilder contentType="application/json/badgerfish"
+                        class="org.apache.axis2.json.JSONBadgerfishOMBuilder"/>
+        <messageBuilder contentType="text/javascript"
+                        class="org.apache.axis2.json.JSONOMBuilder"/>
+
+        <!--messageBuilder contentType="application/xml"
+     		        class="org.wso2.carbon.relay.BinaryRelayBuilder"/-->
+        <!--messageBuilder contentType="application/x-www-form-urlencoded"
+                        class="org.wso2.carbon.relay.BinaryRelayBuilder"/-->
+        <!--messageBuilder contentType="multipart/form-data"
+                        class="org.wso2.carbon.relay.BinaryRelayBuilder"/-->
+        <!--messageBuilder contentType="multipart/related"
+                       class="org.wso2.carbon.relay.BinaryRelayBuilder"/-->
+        <!--messageBuilder contentType="application/soap+xml"
+                       class="org.wso2.carbon.relay.BinaryRelayBuilder"/-->
+        <!--messageBuilder contentType="text/plain"
+                       class="org.wso2.carbon.relay.BinaryRelayBuilder"/-->
+        <!--messageBuilder contentType="text/xml"
+                       class="org.wso2.carbon.relay.BinaryRelayBuilder"/-->
+        <!--messageFormatter contentType="text/plain"
+                        class="org.apache.axis2.format.PlainTextBuilder"/-->
+        <!--messageBuilder contentType="x-application/hessian"
+		       class="org.apache.synapse.format.hessian.HessianMessageBuilder"/-->
+    </messageBuilders>
+
+
+    <!-- ================================================= -->
+    <!-- In Transports -->
+    <!-- ================================================= -->
+    <transportReceiver name="http"
+                       class="org.wso2.carbon.core.transports.http.HttpTransportListener">
+        <!--
+           Uncomment the following if you are deploying this within an application server. You
+           need to specify the HTTP port of the application server
+        -->
+        <parameter name="port">9763</parameter>
+
+        <!--
+       Uncomment the following to enable any proxy like Apache2 mod_proxy or any load balancer. The port on the proxy server like Apache is 80
+       in this case.
+        -->
+        <!--<parameter name="proxyPort">80</parameter>-->
+    </transportReceiver>
+
+    <!--Please uncomment this in Multiple Instance Scenario if you want to use NIO Transport Recievers and 
+ 	Remove the current transport REceivers in axis2.xml -->
+    <!--transportReceiver name="http" class="org.apache.synapse.transport.nhttp.HttpCoreNIOListener">
+        <parameter name="port" locked="false">8280</parameter>
+        <parameter name="non-blocking" locked="false">true</parameter>
+    </transportReceiver>
+    
+    <transportReceiver name="https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLListener">
+        <parameter name="port" locked="false">8243</parameter>
+        <parameter name="non-blocking" locked="false">true</parameter>
+        <parameter name="keystore" locked="false">
+            <KeyStore>
+                <Location>repository/resources/security/wso2carbon.jks</Location>
+                <Type>JKS</Type>
+                <Password>wso2carbon</Password>
+                <KeyPassword>wso2carbon</KeyPassword>
+            </KeyStore>
+        </parameter>
+        <parameter name="truststore" locked="false">
+            <TrustStore>
+                <Location>repository/resources/security/client-truststore.jks</Location>
+                <Type>JKS</Type>
+                <Password>wso2carbon</Password>
+            </TrustStore>
+        </parameter>
+    </transportReceiver-->
+
+
+    <transportReceiver name="https"
+                       class="org.wso2.carbon.core.transports.http.HttpsTransportListener">
+        <!--
+           Uncomment the following if you are deploying this within an application server. You
+           need to specify the HTTPS port of the application server
+        -->
+        <parameter name="port">9443</parameter>
+
+        <!--
+       Uncomment the following to enable any proxy like Apache2 mod_proxy or any load balancer. The port on a proxy server like Apache is 443
+       in this case.
+        -->
+        <!--<parameter name="proxyPort">443</parameter>-->
+    </transportReceiver>
+
+    <!--
+       Uncomment the following segment to enable TCP transport.
+       Note : Addressing module should be engaged for TCP transport to work
+    -->
+    <!--<transportReceiver name="tcp"
+                       class="org.apache.axis2.transport.tcp.TCPServer">
+        <parameter name="port">6667</parameter>
+    </transportReceiver>-->
+
+    <!--
+     To Enable Mail Transport Listener, please uncomment the following.
+    -->
+    <!--<transportReceiver name="mailto" class="org.apache.axis2.transport.mail.MailTransportListener">
+
+    </transportReceiver>-->
+
+
+    <!--
+      Uncomment this and configure as appropriate for JMS transport support,
+      after setting up your JMS environment (e.g. ActiveMQ)
+    -->
+    <!--<transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+        <parameter name="myTopicConnectionFactory">
+        	<parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+        	<parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+        	<parameter name="transport.jms.ConnectionFactoryJNDIName">TopicConnectionFactory</parameter>
+        </parameter>
+
+        <parameter name="myQueueConnectionFactory">
+        	<parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+        	<parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+        	<parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+        </parameter>
+
+        <parameter name="default">
+        	<parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+        	<parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+        	<parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+        </parameter>
+    </transportReceiver>-->
+
+    <!--Uncomment this and configure as appropriate for JMS transport support with Apache Qpid -->
+    <!--transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+        <parameter name="myTopicConnectionFactory" locked="false">
+            <parameter name="java.naming.factory.initial" locked="false">org.apache.qpid.jndi.PropertiesFileInitialContextFactory</parameter>
+            <parameter name="java.naming.provider.url" locked="false">repository/conf/jndi.properties</parameter>
+            <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">TopicConnectionFactory</parameter>
+            <parameter name="transport.jms.ConnectionFactoryType" locked="false">topic</parameter>
+        </parameter>
+
+        <parameter name="myQueueConnectionFactory" locked="false">
+            <parameter name="java.naming.factory.initial" locked="false">org.apache.qpid.jndi.PropertiesFileInitialContextFactory</parameter>
+            <parameter name="java.naming.provider.url" locked="false">repository/conf/jndi.properties</parameter>
+            <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
+            <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
+        </parameter>
+
+        <parameter name="default" locked="false">
+            <parameter name="java.naming.factory.initial" locked="false">org.apache.qpid.jndi.PropertiesFileInitialContextFactory</parameter>
+            <parameter name="java.naming.provider.url" locked="false">repository/conf/jndi.properties</parameter>
+            <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
+            <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
+        </parameter>
+    </transportReceiver-->
+
+    <!--Uncomment this and configure as appropriate for JMS transport support with WSO2 MB 2.x.x -->
+    <!--transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+        <parameter name="myTopicConnectionFactory" locked="false">
+           <parameter name="java.naming.factory.initial" locked="false">org.wso2.andes.jndi.PropertiesFileInitialContextFactory</parameter>
+            <parameter name="java.naming.provider.url" locked="false">repository/conf/jndi.properties</parameter>
+            <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">TopicConnectionFactory</parameter>
+            <parameter name="transport.jms.ConnectionFactoryType" locked="false">topic</parameter>
+        </parameter>
+
+        <parameter name="myQueueConnectionFactory" locked="false">
+            <parameter name="java.naming.factory.initial" locked="false">org.wso2.andes.jndi.PropertiesFileInitialContextFactory</parameter>
+            <parameter name="java.naming.provider.url" locked="false">repository/conf/jndi.properties</parameter>
+            <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
+           <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
+        </parameter>
+
+        <parameter name="default" locked="false">
+            <parameter name="java.naming.factory.initial" locked="false">org.wso2.andes.jndi.PropertiesFileInitialContextFactory</parameter>
+            <parameter name="java.naming.provider.url" locked="false">repository/conf/jndi.properties</parameter>
+            <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
+            <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
+        </parameter>
+    </transportReceiver-->
+
+
+    <!-- ================================================= -->
+    <!-- Out Transports -->
+    <!-- ================================================= -->
+
+    <transportSender name="tcp"
+                     class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+    <transportReceiver name="local"
+                       class="org.wso2.carbon.core.transports.local.CarbonLocalTransportReceiver"/>
+    <transportSender name="local"
+                     class="org.wso2.carbon.core.transports.local.CarbonLocalTransportSender"/>
+    <!--<transportSender name="jms"
+                     class="org.apache.axis2.transport.jms.JMSSender"/>-->
+    <transportSender name="http"
+                     class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+        <parameter name="PROTOCOL">HTTP/1.1</parameter>
+        <parameter name="Transfer-Encoding">chunked</parameter>
+        <!-- This parameter has been added to overcome problems encounted in SOAP action parameter -->
+        <parameter name="OmitSOAP12Action">true</parameter>
+    </transportSender>
+    <transportSender name="https"
+                     class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+        <parameter name="PROTOCOL">HTTP/1.1</parameter>
+        <parameter name="Transfer-Encoding">chunked</parameter>
+        <!-- This parameter has been added to overcome problems encounted in SOAP action parameter -->
+        <parameter name="OmitSOAP12Action">true</parameter>
+    </transportSender>
+
+    <!-- To enable mail transport sender, ncomment the following and change the parameters
+         accordingly-->
+    <!--<transportSender name="mailto"
+                     class="org.apache.axis2.transport.mail.MailTransportSender">
+        <parameter name="mail.smtp.from">wso2demomail@gmail.com</parameter>
+        <parameter name="mail.smtp.user">wso2demomail</parameter>
+        <parameter name="mail.smtp.password">mailpassword</parameter>
+        <parameter name="mail.smtp.host">smtp.gmail.com</parameter>
+
+        <parameter name="mail.smtp.port">587</parameter>
+        <parameter name="mail.smtp.starttls.enable">true</parameter>
+        <parameter name="mail.smtp.auth">true</parameter>
+    </transportSender>-->
+
+    <!--Please uncomment this in Multiple Instance Scenario if you want to use NIO sender -->
+    <!--  
+    <transportSender name="http" class="org.apache.synapse.transport.nhttp.HttpCoreNIOSender">
+        <parameter name="non-blocking" locked="false">true</parameter>
+    </transportSender>
+    <transportSender name="https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender">
+        <parameter name="non-blocking" locked="false">true</parameter>
+        <parameter name="keystore" locked="false">
+            <KeyStore>
+                <Location>repository/resources/security/wso2carbon.jks</Location>
+                <Type>JKS</Type>
+                <Password>wso2carbon</Password>
+                <KeyPassword>wso2carbon</KeyPassword>
+            </KeyStore>
+        </parameter>
+        <parameter name="truststore" locked="false">
+            <TrustStore>
+                <Location>repository/resources/security/client-truststore.jks</Location>
+                <Type>JKS</Type>
+                <Password>wso2carbon</Password>
+            </TrustStore>
+        </parameter>
+    </transportSender>
+	-->
+
+
+    <!-- ================================================= -->
+    <!-- Phases  -->
+    <!-- ================================================= -->
+    <phaseOrder type="InFlow">
+        <!--  System pre defined phases       -->
+        <!--
+           The MsgInObservation phase is used to observe messages as soon as they are
+           received. In this phase, we could do some things such as SOAP message tracing & keeping
+           track of the time at which a particular message was received
+
+           NOTE: This should be the very first phase in this flow
+        -->
+        <phase name="MsgInObservation"/>
+
+        <phase name="Validation"/>
+        <phase name="Transport">
+            <handler name="RequestURIBasedDispatcher"
+                     class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+                <order phase="Transport"/>
+            </handler>
+            <handler name="SOAPActionBasedDispatcher"
+                     class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+                <order phase="Transport"/>
+            </handler>
+        </phase>
+        <phase name="Addressing">
+            <handler name="AddressingBasedDispatcher"
+                     class="org.wso2.carbon.core.multitenancy.MultitenantAddressingBasedDispatcher">
+                <order phase="Addressing"/>
+            </handler>
+        </phase>
+        <phase name="Ghost">
+            <handler name="GhostDispatcher"
+                     class="org.wso2.carbon.core.dispatchers.GhostDispatcher"/>
+        </phase>
+        <phase name="Security"/>
+        <phase name="PreDispatch"/>
+        <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+            <handler name="RequestURIBasedDispatcher"
+                     class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+            <handler name="SOAPActionBasedDispatcher"
+                     class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+            <handler name="RequestURIOperationDispatcher"
+                     class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+            <handler name="SOAPMessageBodyBasedDispatcher"
+                     class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+            <handler name="HTTPLocationBasedDispatcher"
+                     class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+        </phase>
+        <!--  System pre defined phases       -->
+        <phase name="RMPhase"/>
+        <phase name="OpPhase"/>
+        <!--   After Postdispatch phase module author or or service author can add any phase he want      -->
+        <phase name="OperationInPhase"/>
+    </phaseOrder>
+    <phaseOrder type="OutFlow">
+        <!-- Handlers related to unified-endpoint component are added to the UEPPhase -->
+        <phase name="UEPPhase"/>
+        <phase name="RMPhase"/>
+        <phase name="OpPhase"/>
+        <!--      user can add his own phases to this area  -->
+        <phase name="OperationOutPhase"/>
+        <!--system predefined phase-->
+        <!--these phase will run irrespective of the service-->
+        <phase name="PolicyDetermination"/>
+        <phase name="MessageOut"/>
+        <phase name="Security"/>
+
+        <!--
+           The MsgOutObservation phase is used to observe messages just before the
+           responses are sent out. In this phase, we could do some things such as SOAP message
+           tracing & keeping track of the time at which a particular response was sent.
+
+           NOTE: This should be the very last phase in this flow
+        -->
+        <phase name="MsgOutObservation"/>
+        <!--Following phase is added to publish stats -->
+        <phase name="StatReporting"/>
+    </phaseOrder>
+    <phaseOrder type="InFaultFlow">
+        <!--  System pre defined phases       -->
+        <!--
+           The MsgInObservation phase is used to observe messages as soon as they are
+           received. In this phase, we could do some things such as SOAP message tracing & keeping
+           track of the time at which a particular message was received
+
+           NOTE: This should be the very first phase in this flow
+        -->
+        <phase name="MsgInObservation"/>
+
+        <phase name="Validation"/>
+        <phase name="Transport">
+            <handler name="RequestURIBasedDispatcher"
+                     class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+                <order phase="Transport"/>
+            </handler>
+            <handler name="SOAPActionBasedDispatcher"
+                     class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+                <order phase="Transport"/>
+            </handler>
+        </phase>
+
+        <phase name="Addressing">
+            <handler name="AddressingBasedDispatcher"
+                     class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+                <order phase="Addressing"/>
+            </handler>
+        </phase>
+        <phase name="Ghost">
+            <handler name="GhostDispatcher"
+                     class="org.wso2.carbon.core.dispatchers.GhostDispatcher"/>
+        </phase>
+        <phase name="Security"/>
+        <phase name="PreDispatch"/>
+        <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+            <handler name="RequestURIBasedDispatcher"
+                     class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+            <handler name="SOAPActionBasedDispatcher"
+                     class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+            <handler name="RequestURIOperationDispatcher"
+                     class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+            <handler name="SOAPMessageBodyBasedDispatcher"
+                     class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+            <handler name="HTTPLocationBasedDispatcher"
+                     class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+        </phase>
+        <phase name="RMPhase"/>
+        <phase name="OpPhase"/>
+        <!--      user can add his own phases to this area  -->
+        <phase name="OperationInFaultPhase"/>
+    </phaseOrder>
+    <phaseOrder type="OutFaultFlow">
+        <!-- Handlers related to unified-endpoint component are added to the UEPPhase -->
+        <phase name="UEPPhase"/>
+        <phase name="RMPhase"/>
+        <!--      user can add his own phases to this area  -->
+        <phase name="OperationOutFaultPhase"/>
+        <phase name="PolicyDetermination"/>
+        <phase name="MessageOut"/>
+        <phase name="Security"/>
+	<phase name="Transport"/>
+        <!--
+           The MsgOutObservation phase is used to observe messages just before the
+           responses are sent out. In this phase, we could do some things such as SOAP message
+           tracing & keeping track of the time at which a particular response was sent.
+
+           NOTE: This should be the very last phase in this flow
+        -->
+        <phase name="MsgOutObservation"/>
+        <!--Following phase is added to publish stats -->
+        <phase name="StatReporting"/>
+    </phaseOrder>
+
+    <clustering class="org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent"
+                enable="false">
+
+        <!--
+           This parameter indicates whether the cluster has to be automatically initalized
+           when the AxisConfiguration is built. If set to "true" the initialization will not be
+           done at that stage, and some other party will have to explictly initialize the cluster.
+        -->
+        <parameter name="AvoidInitiation">true</parameter>
+
+        <!--
+           The membership scheme used in this setup. The only values supported at the moment are
+           "multicast" and "wka"
+
+           1. multicast - membership is automatically discovered using multicasting
+           2. wka - Well-Known Address based multicasting. Membership is discovered with the help
+                    of one or more nodes running at a Well-Known Address. New members joining a
+                    cluster will first connect to a well-known node, register with the well-known node
+                    and get the membership list from it. When new members join, one of the well-known
+                    nodes will notify the others in the group. When a member leaves the cluster or
+                    is deemed to have left the cluster, it will be detected by the Group Membership
+                    Service (GMS) using a TCP ping mechanism.
+        -->
+        <parameter name="membershipScheme">multicast</parameter>
+        <!--<parameter name="licenseKey">xxx</parameter>-->
+        <!--<parameter name="mgtCenterURL">http://localhost:8081/mancenter/</parameter>-->
+
+        <!--
+         The clustering domain/group. Nodes in the same group will belong to the same multicast
+         domain. There will not be interference between nodes in different groups.
+        -->
+        <parameter name="domain">wso2.carbon.domain</parameter>
+
+        <!-- The multicast address to be used -->
+        <!--<parameter name="mcastAddress">228.0.0.4</parameter>-->
+
+        <!-- The multicast port to be used -->
+        <parameter name="mcastPort">45564</parameter>
+
+        <parameter name="mcastTTL">100</parameter>
+
+        <parameter name="mcastTimeout">60</parameter>
+
+        <!--
+           The IP address of the network interface to which the multicasting has to be bound to.
+           Multicasting would be done using this interface.
+        -->
+        <!--
+            <parameter name="mcastBindAddress">127.0.0.1</parameter>
+        -->
+        <!-- The host name or IP address of this member -->
+
+        <parameter name="localMemberHost">127.0.0.1</parameter>
+
+        <!--
+            The bind adress of this member. The difference between localMemberHost & localMemberBindAddress
+            is that localMemberHost is the one that is advertised by this member, while localMemberBindAddress
+            is the address to which this member is bound to.
+        -->
+        <!--
+        <parameter name="localMemberBindAddress">127.0.0.1</parameter>
+        -->
+
+        <!--
+        The TCP port used by this member. This is the port through which other nodes will
+        contact this member
+         -->
+        <parameter name="localMemberPort">4000</parameter>
+
+        <!--
+            The bind port of this member. The difference between localMemberPort & localMemberBindPort
+            is that localMemberPort is the one that is advertised by this member, while localMemberBindPort
+            is the port to which this member is bound to.
+        -->
+        <!--
+        <parameter name="localMemberBindPort">4001</parameter>
+        -->
+
+        <!--
+        Properties specific to this member
+        -->
+        <parameter name="properties">
+            <property name="backendServerURL" value="https://${hostName}:${httpsPort}/services/"/>
+            <property name="mgtConsoleURL" value="https://${hostName}:${httpsPort}/"/>
+            <property name="subDomain" value="worker"/>
+        </parameter>
+
+        <!--
+           The list of static or well-known members. These entries will only be valid if the
+           "membershipScheme" above is set to "wka"
+        -->
+        <members>
+            <member>
+                <hostName>127.0.0.1</hostName>
+                <port>4000</port>
+            </member>
+        </members>
+
+        <!--
+        Enable the groupManagement entry if you need to run this node as a cluster manager.
+        Multiple application domains with different GroupManagementAgent implementations
+        can be defined in this section.
+        -->
+        <groupManagement enable="false">
+            <applicationDomain name="wso2.as.domain"
+                               description="AS group"
+                               agent="org.wso2.carbon.core.clustering.hazelcast.HazelcastGroupManagementAgent"
+                               subDomain="worker"
+                               port="2222"/>
+        </groupManagement>
+    </clustering>
+</axisconfig>
diff --git a/modules/distribution/src/repository/conf/carbon.xml b/modules/distribution/src/repository/conf/carbon.xml
new file mode 100644
index 00000000000..c134855b431
--- /dev/null
+++ b/modules/distribution/src/repository/conf/carbon.xml
@@ -0,0 +1,625 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<!--
+  ~ Copyright 2005-2011 WSO2, Inc. (http://wso2.com)
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<!--
+    This is the main server configuration file
+
+    ${carbon.home} represents the carbon.home system property.
+    Other system properties can be specified in a similar manner.
+-->
+<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
+
+    <!--
+       Product Name
+    -->
+    <Name>WSO2 Enterprise Mobile Platform</Name>
+
+    <!--
+       machine readable unique key to identify each product
+    -->
+    <ServerKey>EMM</ServerKey>
+
+    <!--
+       Product Version
+    -->
+    <Version>1.1.0</Version>
+
+    <!--
+       Host name or IP address of the machine hosting this server
+       e.g. www.wso2.org, 192.168.1.10
+       This is will become part of the End Point Reference of the
+       services deployed on this server instance.
+    -->
+    <!--HostName>www.wso2.org</HostName-->
+
+    <!--
+    Host name to be used for the Carbon management console
+    -->
+    <!--MgtHostName>mgt.wso2.org</MgtHostName-->
+
+    <!--
+        The URL of the back end server. This is where the admin services are hosted and
+        will be used by the clients in the front end server.
+        This is required only for the Front-end server. This is used when seperating BE server from FE server
+       -->
+    <ServerURL>local:/${carbon.context}/services/</ServerURL>
+    <!--
+    <ServerURL>https://${carbon.local.ip}:${carbon.management.port}${carbon.context}/services/</ServerURL>
+    -->
+     <!--
+     The URL of the index page. This is where the user will be redirected after signing in to the
+     carbon server.
+     -->
+    <!-- IndexPageURL>/carbon/admin/index.jsp</IndexPageURL-->
+
+    <!--
+    For cApp deployment, we have to identify the roles that can be acted by the current server.
+    The following property is used for that purpose. Any number of roles can be defined here.
+    Regular expressions can be used in the role.
+    Ex : <Role>.*</Role> means this server can act any role
+    -->
+    <ServerRoles>
+        <Role>MobilePlatform</Role>
+    </ServerRoles>
+
+    <!-- uncommnet this line to subscribe to a bam instance automatically -->
+    <!--<BamServerURL>https://bamhost:bamport/services/</BamServerURL>-->
+
+    <!--
+       The fully qualified name of the server
+    -->
+    <Package>org.wso2.carbon</Package>
+
+    <!--
+       Webapp context root of WSO2 Carbon.
+    -->
+    <WebContextRoot>/</WebContextRoot>
+
+    <!-- In-order to  get the registry http Port from the back-end when the default http transport is not the same-->
+    <!--RegistryHttpPort>9763</RegistryHttpPort-->
+
+    <!--
+    Number of items to be displayed on a management console page. This is used at the
+    backend server for pagination of various items.
+    -->
+    <ItemsPerPage>15</ItemsPerPage>
+
+    <!-- The endpoint URL of the cloud instance management Web service -->
+    <!--<InstanceMgtWSEndpoint>https://ec2.amazonaws.com/</InstanceMgtWSEndpoint>-->
+
+    <!--
+       Ports used by this server
+    -->
+    <Ports>
+
+        <!-- Ports offset. This entry will set the value of the ports defined below to
+         the define value + Offset.
+         e.g. Offset=2 and HTTPS port=9443 will set the effective HTTPS port to 9445
+         -->
+        <Offset>0</Offset>
+
+        <!-- The JMX Ports -->
+        <JMX>
+            <!--The port RMI registry is exposed-->
+            <RMIRegistryPort>9999</RMIRegistryPort>
+            <!--The port RMI server should be exposed-->
+            <RMIServerPort>11111</RMIServerPort>
+        </JMX>
+
+        <!-- Embedded LDAP server specific ports -->
+        <EmbeddedLDAP>
+            <!-- Port which embedded LDAP server runs -->
+            <LDAPServerPort>10389</LDAPServerPort>
+            <!-- Port which KDC (Kerberos Key Distribution Center) server runs -->
+            <KDCServerPort>8000</KDCServerPort>
+        </EmbeddedLDAP>
+  
+      <!-- Embedded Qpid broker ports -->
+        <EmbeddedQpid>
+      <!-- Broker TCP Port -->
+            <BrokerPort>5672</BrokerPort>
+      <!-- SSL Port -->
+            <BrokerSSLPort>8672</BrokerSSLPort>
+        </EmbeddedQpid>
+  
+  <!-- 
+             Override datasources JNDIproviderPort defined in bps.xml and datasources.properties files
+  -->
+  <!--<JNDIProviderPort>2199</JNDIProviderPort>-->
+  <!--Override receive port of thrift based entitlement service.-->
+  <ThriftEntitlementReceivePort>10500</ThriftEntitlementReceivePort>
+
+    </Ports>
+
+    <!--
+        JNDI Configuration
+    -->
+    <JNDI>
+        <!-- 
+             The fully qualified name of the default initial context factory
+        -->
+        <DefaultInitialContextFactory>org.wso2.carbon.tomcat.jndi.CarbonJavaURLContextFactory</DefaultInitialContextFactory>
+        <!-- 
+             The restrictions that are done to various JNDI Contexts in a Multi-tenant environment 
+        -->
+        <Restrictions>
+            <!--
+                Contexts that will be available only to the super-tenant
+            -->
+            <!-- <SuperTenantOnly>
+                <UrlContexts>
+                    <UrlContext>
+                        <Scheme>foo</Scheme>
+                    </UrlContext>
+                    <UrlContext>
+                        <Scheme>bar</Scheme>
+                    </UrlContext>
+                </UrlContexts>
+            </SuperTenantOnly> -->
+            <!-- 
+                Contexts that are common to all tenants
+            -->
+            <AllTenants>
+                <UrlContexts>
+                    <UrlContext>
+                        <Scheme>java</Scheme>
+                    </UrlContext>
+                    <!-- <UrlContext>
+                        <Scheme>foo</Scheme>
+                    </UrlContext> -->
+                </UrlContexts>
+            </AllTenants>
+            <!-- 
+                 All other contexts not mentioned above will be available on a per-tenant basis 
+                 (i.e. will not be shared among tenants)
+            -->
+        </Restrictions>
+    </JNDI>
+
+    <!--
+        Property to determine if the server is running an a cloud deployment environment.
+        This property should only be used to determine deployment specific details that are
+        applicable only in a cloud deployment, i.e when the server deployed *-as-a-service.
+    -->
+    <IsCloudDeployment>false</IsCloudDeployment>
+
+    <!--
+  Property to determine whether usage data should be collected for metering purposes
+    -->
+    <EnableMetering>false</EnableMetering>
+
+    <!-- The Max time a thread should take for execution in seconds -->
+    <MaxThreadExecutionTime>600</MaxThreadExecutionTime>
+
+    <!--
+        A flag to enable or disable Ghost Deployer. By default this is set to false. That is
+        because the Ghost Deployer works only with the HTTP/S transports. If you are using
+        other transports, don't enable Ghost Deployer.
+    -->
+    <GhostDeployment>
+        <Enabled>false</Enabled>
+        <PartialUpdate>false</PartialUpdate>
+    </GhostDeployment>
+
+    <!--
+    Axis2 related configurations
+    -->
+    <Axis2Config>
+        <!--
+             Location of the Axis2 Services & Modules repository
+
+             This can be a directory in the local file system, or a URL.
+
+             e.g.
+             1. /home/wso2wsas/repository/ - An absolute path
+             2. repository - In this case, the path is relative to CARBON_HOME
+             3. file:///home/wso2wsas/repository/
+             4. http://wso2wsas/repository/
+        -->
+        <RepositoryLocation>${carbon.home}/repository/deployment/server/</RepositoryLocation>
+
+        <!--
+         Deployment update interval in seconds. This is the interval between repository listener
+         executions. 
+        -->
+        <DeploymentUpdateInterval>15</DeploymentUpdateInterval>
+
+        <!--
+            Location of the main Axis2 configuration descriptor file, a.k.a. axis2.xml file
+
+            This can be a file on the local file system, or a URL
+
+            e.g.
+            1. /home/repository/axis2.xml - An absolute path
+            2. conf/axis2.xml - In this case, the path is relative to CARBON_HOME
+            3. file:///home/carbon/repository/axis2.xml
+            4. http://repository/conf/axis2.xml
+        -->
+        <ConfigurationFile>${carbon.home}/repository/conf/axis2/axis2.xml</ConfigurationFile>
+
+        <!--
+          ServiceGroupContextIdleTime, which will be set in ConfigurationContex
+          for multiple clients which are going to access the same ServiceGroupContext
+          Default Value is 30 Sec.
+        -->
+        <ServiceGroupContextIdleTime>30000</ServiceGroupContextIdleTime>
+
+        <!--
+          This repository location is used to crete the client side configuration
+          context used by the server when calling admin services.
+        -->
+        <ClientRepositoryLocation>${carbon.home}/repository/deployment/client/</ClientRepositoryLocation>
+        <!-- This axis2 xml is used in createing the configuration context by the FE server
+         calling to BE server -->
+        <clientAxis2XmlLocation>${carbon.home}/repository/conf/axis2/axis2_client.xml</clientAxis2XmlLocation>
+        <!-- If this parameter is set, the ?wsdl on an admin service will not give the admin service wsdl. -->
+        <HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>
+  
+  <!--WARNING-Use With Care! Uncommenting bellow parameter would expose all AdminServices in HTTP transport.
+  With HTTP transport your credentials and data routed in public channels are vulnerable for sniffing attacks. 
+  Use bellow parameter ONLY if your communication channels are confirmed to be secured by other means -->
+        <!--HttpAdminServices>*</HttpAdminServices-->
+
+    </Axis2Config>
+
+    <!--
+       The default user roles which will be created when the server
+       is started up for the first time.
+    -->
+    <ServiceUserRoles>
+        <Role>
+            <Name>admin</Name>
+            <Description>Default Administrator Role</Description>
+        </Role>
+        <Role>
+            <Name>user</Name>
+            <Description>Default User Role</Description>
+        </Role>
+    </ServiceUserRoles>
+    
+    <!-- 
+      Enable following config to allow Emails as usernames.   
+    -->       
+    <EnableEmailUserName>false</EnableEmailUserName> 
+
+    <!--
+      Security configurations
+    -->
+    <Security>
+        <!--
+            KeyStore which will be used for encrypting/decrypting passwords
+            and other sensitive information.
+        -->
+        <KeyStore>
+            <!-- Keystore file location-->
+            <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+            <!-- Keystore type (JKS/PKCS12 etc.)-->
+            <Type>JKS</Type>
+            <!-- Keystore password-->
+            <Password>wso2carbon</Password>
+            <!-- Private Key alias-->
+            <KeyAlias>wso2carbon</KeyAlias>
+            <!-- Private Key password-->
+            <KeyPassword>wso2carbon</KeyPassword>
+        </KeyStore>
+
+   <!--
+      Encrypt Decrypt Store will be used for encrypting and decrypting
+    -->
+        <RegistryKeyStore>
+            <!-- Keystore file location-->
+            <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+            <!-- Keystore type (JKS/PKCS12 etc.)-->
+            <Type>JKS</Type>
+            <!-- Keystore password-->
+            <Password>wso2carbon</Password>
+            <!-- Private Key alias-->
+            <KeyAlias>wso2carbon</KeyAlias>
+            <!-- Private Key password-->
+            <KeyPassword>wso2carbon</KeyPassword>
+        </RegistryKeyStore>
+
+        <!--
+            System wide trust-store which is used to maintain the certificates of all
+            the trusted parties.
+        -->
+        <TrustStore>
+            <!-- trust-store file location -->
+            <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
+            <!-- trust-store type (JKS/PKCS12 etc.) -->
+            <Type>JKS</Type>
+            <!-- trust-store password -->
+            <Password>wso2carbon</Password>
+        </TrustStore>
+
+        <!--
+            The Authenticator configuration to be used at the JVM level. We extend the
+            java.net.Authenticator to make it possible to authenticate to given servers and 
+            proxies.
+        -->
+        <NetworkAuthenticatorConfig>
+            <!-- 
+                Below is a sample configuration for a single authenticator. Please note that
+                all child elements are mandatory. Not having some child elements would lead to
+                exceptions at runtime.
+            -->
+            <!-- <Credential> -->
+                <!-- 
+                    the pattern that would match a subset of URLs for which this authenticator
+                    would be used
+                -->
+                <!-- <Pattern>regularExpression</Pattern> -->
+                <!-- 
+                    the type of this authenticator. Allowed values are:
+                    1. server
+                    2. proxy
+                -->
+                <!-- <Type>proxy</Type> -->
+                <!-- the username used to log in to server/proxy -->
+                <!-- <Username>username</Username> -->
+                <!-- the password used to log in to server/proxy -->
+                <!-- <Password>password</Password> -->
+            <!-- </Credential> -->
+        </NetworkAuthenticatorConfig>
+
+        <!--
+         The Tomcat realm to be used for hosted Web applications. Allowed values are;
+         1. UserManager
+         2. Memory
+
+         If this is set to 'UserManager', the realm will pick users & roles from the system's
+         WSO2 User Manager. If it is set to 'memory', the realm will pick users & roles from
+         CARBON_HOME/repository/conf/tomcat/tomcat-users.xml
+        -->
+        <TomcatRealm>UserManager</TomcatRealm>
+
+  <!--Option to disable storing of tokens issued by STS-->
+  <DisableTokenStore>false</DisableTokenStore>
+
+  <!--
+   Security token store class name. If this is not set, default class will be
+   org.wso2.carbon.security.util.SecurityTokenStore
+  -->
+  <!--TokenStoreClassName>org.wso2.carbon.identity.sts.store.DBTokenStore</TokenStoreClassName-->
+    </Security>
+
+    <!--
+       The temporary work directory
+    -->
+    <WorkDirectory>${carbon.home}/tmp/work</WorkDirectory>
+
+    <!--
+       House-keeping configuration
+    -->
+    <HouseKeeping>
+
+        <!--
+           true  - Start House-keeping thread on server startup
+           false - Do not start House-keeping thread on server startup.
+                   The user will run it manually as and when he wishes.
+        -->
+        <AutoStart>true</AutoStart>
+
+        <!--
+           The interval in *minutes*, between house-keeping runs
+        -->
+        <Interval>10</Interval>
+
+        <!--
+          The maximum time in *minutes*, temp files are allowed to live
+          in the system. Files/directories which were modified more than
+          "MaxTempFileLifetime" minutes ago will be removed by the
+          house-keeping task
+        -->
+        <MaxTempFileLifetime>30</MaxTempFileLifetime>
+    </HouseKeeping>
+
+    <!--
+       Configuration for handling different types of file upload & other file uploading related
+       config parameters.
+       To map all actions to a particular FileUploadExecutor, use
+       <Action>*</Action>
+    -->
+    <FileUploadConfig>
+        <!--
+           The total file upload size limit in MB
+        -->
+        <TotalFileSizeLimit>100</TotalFileSizeLimit>
+
+        <Mapping>
+            <Actions>
+                <Action>keystore</Action>
+                <Action>certificate</Action>
+                <Action>*</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.AnyFileUploadExecutor</Class>
+        </Mapping>
+
+        <Mapping>
+            <Actions>
+                <Action>jarZip</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.JarZipUploadExecutor</Class>
+        </Mapping>
+        <Mapping>
+            <Actions>
+                <Action>dbs</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.DBSFileUploadExecutor</Class>
+        </Mapping>
+        <Mapping>
+            <Actions>
+                <Action>tools</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.ToolsFileUploadExecutor</Class>
+        </Mapping>
+        <Mapping>
+            <Actions>
+                <Action>toolsAny</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.ToolsAnyFileUploadExecutor</Class>
+        </Mapping>
+    </FileUploadConfig>
+
+    <!--
+       Processors which process special HTTP GET requests such as ?wsdl, ?policy etc.
+
+       In order to plug in a processor to handle a special request, simply add an entry to this
+       section.
+
+       The value of the Item element is the first parameter in the query string(e.g. ?wsdl)
+       which needs special processing
+       
+       The value of the Class element is a class which implements
+       org.wso2.carbon.transport.HttpGetRequestProcessor
+    -->
+    <HttpGetRequestProcessors>
+        <Processor>
+            <Item>info</Item>
+            <Class>org.wso2.carbon.core.transports.util.InfoProcessor</Class>
+        </Processor>
+        <Processor>
+            <Item>wsdl</Item>
+            <Class>org.wso2.carbon.core.transports.util.Wsdl11Processor</Class>
+        </Processor>
+        <Processor>
+            <Item>wsdl2</Item>
+            <Class>org.wso2.carbon.core.transports.util.Wsdl20Processor</Class>
+        </Processor>
+        <Processor>
+            <Item>xsd</Item>
+            <Class>org.wso2.carbon.core.transports.util.XsdProcessor</Class>
+        </Processor>
+    </HttpGetRequestProcessors>
+
+    <!-- Deployment Synchronizer Configuration. t Enabled value to true when running with "svn based" dep sync.
+  In master nodes you need to set both AutoCommit and AutoCheckout to true
+  and in  worker nodes set only AutoCheckout to true.
+    -->
+    <DeploymentSynchronizer>
+        <Enabled>false</Enabled>
+        <AutoCommit>false</AutoCommit>
+        <AutoCheckout>true</AutoCheckout>
+        <RepositoryType>svn</RepositoryType>
+        <SvnUrl>http://svnrepo.example.com/repos/</SvnUrl>
+        <SvnUser>username</SvnUser>
+        <SvnPassword>password</SvnPassword>
+        <SvnUrlAppendTenantId>true</SvnUrlAppendTenantId>
+    </DeploymentSynchronizer>
+
+    <!-- Deployment Synchronizer Configuration. Uncomment the following section when running with "registry based" dep sync.
+        In master nodes you need to set both AutoCommit and AutoCheckout to true
+        and in  worker nodes set only AutoCheckout to true.
+    -->
+    <!--<DeploymentSynchronizer>
+        <Enabled>true</Enabled>
+        <AutoCommit>false</AutoCommit>
+        <AutoCheckout>true</AutoCheckout>
+    </DeploymentSynchronizer>-->
+
+    <!-- Mediation persistence configurations. Only valid if mediation features are available i.e. ESB -->
+    <!--<MediationConfig>
+        <LoadFromRegistry>false</LoadFromRegistry>
+        <SaveToFile>false</SaveToFile>
+        <Persistence>enabled</Persistence>
+        <RegistryPersistence>enabled</RegistryPersistence>
+    </MediationConfig>-->
+
+    <!--
+    Server intializing code, specified as implementation classes of org.wso2.carbon.core.ServerInitializer.
+    This code will be run when the Carbon server is initialized
+    -->
+    <ServerInitializers>
+        <!--<Initializer></Initializer>-->
+    </ServerInitializers>
+    
+    <!--
+    Indicates whether the Carbon Servlet is required by the system, and whether it should be
+    registered
+    -->
+    <RequireCarbonServlet>${require.carbon.servlet}</RequireCarbonServlet>
+
+    <!--
+    Carbon H2 OSGI Configuration
+    By default non of the servers start.
+        name="web" - Start the web server with the H2 Console
+        name="webPort" - The port (default: 8082)
+        name="webAllowOthers" - Allow other computers to connect
+        name="webSSL" - Use encrypted (HTTPS) connections
+        name="tcp" - Start the TCP server
+        name="tcpPort" - The port (default: 9092)
+        name="tcpAllowOthers" - Allow other computers to connect
+        name="tcpSSL" - Use encrypted (SSL) connections
+        name="pg" - Start the PG server
+        name="pgPort"  - The port (default: 5435)
+        name="pgAllowOthers"  - Allow other computers to connect
+        name="trace" - Print additional trace information; for all servers
+        name="baseDir" - The base directory for H2 databases; for all servers  
+    -->
+    <!--H2DatabaseConfiguration>
+        <property name="web" />
+        <property name="webPort">8082</property>
+        <property name="webAllowOthers" />
+        <property name="webSSL" />
+        <property name="tcp" />
+        <property name="tcpPort">9092</property>
+        <property name="tcpAllowOthers" />
+        <property name="tcpSSL" />
+        <property name="pg" />
+        <property name="pgPort">5435</property>
+        <property name="pgAllowOthers" />
+        <property name="trace" />
+        <property name="baseDir">${carbon.home}</property>
+    </H2DatabaseConfiguration-->
+    <!--Disabling statistics reporter by default-->
+    <StatisticsReporterDisabled>true</StatisticsReporterDisabled>
+
+    <!-- Enable accessing Admin Console via HTTP -->
+    <!-- EnableHTTPAdminConsole>true</EnableHTTPAdminConsole -->
+
+    <!--
+       Default Feature Repository of WSO2 Carbon.
+    -->
+    <FeatureRepository>
+  <RepositoryName>default repository</RepositoryName>
+  <RepositoryURL>http://dist.wso2.org/p2/carbon/releases/4.2.0</RepositoryURL>
+    </FeatureRepository>
+
+    <!--
+  Configure API Management
+   -->
+   <APIManagement>
+  
+  <!--Uses the embedded API Manager by default. If you want to use an external 
+  API Manager instance to manage APIs, configure below  externalAPIManager-->
+  
+  <Enabled>true</Enabled>
+  
+  <!--Uncomment and configure API Gateway and 
+  Publisher URLs to use external API Manager instance-->
+  
+  <!--ExternalAPIManager>
+
+    <APIGatewayURL>http://localhost:8281</APIGatewayURL>
+    <APIPublisherURL>http://localhost:8281/publisher</APIPublisherURL>
+
+  </ExternalAPIManager-->
+  
+  <LoadAPIContextsInServerStartup>true</LoadAPIContextsInServerStartup>
+   </APIManagement>
+</Server>
diff --git a/modules/distribution/src/repository/conf/cipher-tool.properties b/modules/distribution/src/repository/conf/cipher-tool.properties
new file mode 100644
index 00000000000..2f0878a5499
--- /dev/null
+++ b/modules/distribution/src/repository/conf/cipher-tool.properties
@@ -0,0 +1,36 @@
+# This properties file contains all the aliases to be used in carbon components. If any property need to be secured, you need to add alias name and the value. This value is described as follows.
+# The value goes as, the file name//xpath to the property value to be secured,true if xml elements start with capital letter. Please check existing property values below.
+
+transports.https.keystorePass=mgt-transports.xml//transports/transport[@name='https']/parameter[@name='keystorePass'],false
+Carbon.Security.KeyStore.Password=carbon.xml//Server/Security/KeyStore/KeyPassword,true
+Carbon.Security.KeyStore.KeyPassword=carbon.xml//Server/Security/KeyStore/Password,true
+Carbon.Security.TrustStore.Password=carbon.xml//Server/Security/TrustStore/Password,true
+UserManager.AdminUser.Password=user-mgt.xml//UserManager/Realm/Configuration/AdminUser/Password,true
+Datasources.WSO2_CARBON_DB.Configuration.Password=master-datasources.xml//datasources-configuration/datasources/datasource[name='WSO2_CARBON_DB']/definition[@type='RDBMS']/configuration/password,false
+#Datasource.WSO2AM_DB.configuration.password=master-datasources.xml//datasources-configuration/datasources/datasource[name='WSO2AM_DB']/definition[@type='RDBMS']/configuration/password,false
+#Datasource.WSO2AM_STATS_DB.configuration.password=master-datasources.xml//datasources-configuration/datasources/datasource[name='WSO2AM_STATS_DB']/definition[@type='RDBMS']/configuration/password,false
+#UserStoreManager.Property.ConnectionPassword=user-mgt.xml//UserManager/Realm/UserStoreManager/Property[@name='ConnectionPassword'],true
+#UserStoreManager.Property.password=user-mgt.xml//UserManager/Realm/UserStoreManager/Property[@name='password'],true
+#AuthManager.Password=api-manager.xml//APIManager/AuthManager/Password,true
+#APIGateway.Password=api-manager.xml//APIManager/APIGateway/Environments/Environment/Password,true
+#APIUsageTracking.BAMPassword=api-manager.xml//APIManager/APIUsageTracking/BAMPassword,true
+#APIUsageTracking.JDBCPassword=api-manager.xml//APIManager/APIUsageTracking/JDBCPassword,true
+#APIKeyManager.Password=api-manager.xml//APIManager/APIKeyManager/Password,true
+#Database.Password=api-manager.xml//APIManager/Database/Password,true
+#Security.UserTrustedRPStore.Password=identity.xml//Server/Security/UserTrustedRPStore/Password
+#Security.UserTrustedRPStore.KeyPassword=identity.xml//Server/Security/UserTrustedRPStore/KeyPassword
+#Identity.System.StorePass=identity.xml//Server/Identity/System/StorePass
+#MultifactorAuthentication.XMPPSettings.XMPPConfig.XMPPPassword=identity.xml//MultifactorAuthentication/XMPPSettings/XMPPConfig/XMPPPassword
+#BPELEPR.Password=securedinvoke.epr//EndpointReference/Metadata/transport/authorization-password,false
+Axis2.Https.Listener.TrustStore.Password=axis2.xml//axisconfig/transportReceiver[@name='https']/parameter[@name='truststore']/TrustStore/Password,false
+Axis2.Https.Listener.KeyStore.Password=axis2.xml//axisconfig/transportReceiver[@name='https']/parameter[@name='keystore']/KeyStore/Password,false
+Axis2.Https.Listener.KeyStore.KeyPassword=axis2.xml//axisconfig/transportReceiver[@name='https']/parameter[@name='keystore']/KeyStore/KeyPassword,false
+Axis2.Https.Sender.TrustStore.Password=axis2.xml//axisconfig/transportSender[@name='https']/parameter[@name='truststore']/TrustStore/Password,false
+Axis2.Https.Sender.KeyStore.Password=axis2.xml//axisconfig/transportSender[@name='https']/parameter[@name='keystore']/KeyStore/Password,false
+Axis2.Https.Sender.KeyStore.KeyPassword=axis2.xml//axisconfig/transportSender[@name='https']/parameter[@name='keystore']/KeyStore/KeyPassword,false
+Axis2.Mailto.Parameter.Password=axis2.xml//axisconfig/transportSender[@name='mailto']/parameter[@name='mail.smtp.password'],false
+eventBrokerConfig.eventBroker.deliveryManager.remoteMessageBroker.password=event-broker.xml//eventBrokerConfig/eventBroker/deliveryManager/remoteMessageBroker/password,false
+
+
+
+
diff --git a/modules/distribution/src/repository/conf/data-bridge/cassandra-datasink-config.xml b/modules/distribution/src/repository/conf/data-bridge/cassandra-datasink-config.xml
new file mode 100755
index 00000000000..7bc8f4445a9
--- /dev/null
+++ b/modules/distribution/src/repository/conf/data-bridge/cassandra-datasink-config.xml
@@ -0,0 +1,22 @@
+<!--
+  ~ Copyright 2005-2011 WSO2, Inc. (http://wso2.com)
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the License);
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an AS IS BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<CassandraDataSinkConfiguration xmlns="http://wso2.org/carbon/cassandraDataSink">
+    <PersistedStreams>
+        <Include>*</Include>
+        <Exclude>rt_*</Exclude>
+    </PersistedStreams>
+</CassandraDataSinkConfiguration>
diff --git a/modules/distribution/src/repository/conf/data-bridge/data-bridge-config.xml b/modules/distribution/src/repository/conf/data-bridge/data-bridge-config.xml
new file mode 100755
index 00000000000..6081e61eec4
--- /dev/null
+++ b/modules/distribution/src/repository/conf/data-bridge/data-bridge-config.xml
@@ -0,0 +1,70 @@
+<!--
+  ~ Copyright 2005-2011 WSO2, Inc. (http://wso2.com)
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the License);
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an AS IS BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<dataBridgeConfiguration xmlns="http://wso2.org/carbon/databridge">
+
+    <StreamDefinitionStore>org.wso2.carbon.databridge.streamdefn.cassandra.datastore.CassandraStreamDefinitionStore</StreamDefinitionStore>
+
+    <workerThreads>10</workerThreads>
+    <eventBufferCapacity>10000</eventBufferCapacity>
+    <clientTimeoutMS>30000</clientTimeoutMS>
+    <keySpaceName>EVENT_KS</keySpaceName>
+
+<!-- Default configuration for thriftDataReceiver -->
+    <thriftDataReceiver>
+    <!--<hostName>localhost</hostName>-->
+        <port>7611</port>
+        <securePort>7711</securePort>
+    </thriftDataReceiver>
+
+    <!--<streamDefinitions>
+        <streamDefinition>
+            {
+             'name':'org.wso2.esb.MediatorStatistics',
+             'version':'1.3.0',
+             'nickName': 'Stock Quote Information',
+             'description': 'Some Desc',
+             'metaData':[
+             {'name':'ipAdd','type':'STRING'}
+             ],
+             'payloadData':[
+             {'name':'symbol','type':'STRING'},
+             {'name':'price','type':'DOUBLE'},
+             {'name':'volume','type':'INT'},
+             {'name':'max','type':'DOUBLE'},
+             {'name':'min','type':'Double'}
+             ]
+            }
+        </streamDefinition>
+        <streamDefinition domainName="wso2">
+            {
+             'name':'org.wso2.esb.MediatorStatistics',
+             'version':'1.3.4',
+             'nickName': 'Stock Quote Information',
+             'description': 'Some Other Desc',
+             'metaData':[
+             {'name':'ipAdd','type':'STRING'}
+             ],
+             'payloadData':[
+             {'name':'symbol','type':'STRING'},
+             {'name':'price','type':'DOUBLE'},
+             {'name':'volume','type':'INT'}
+             ]
+            }
+        </streamDefinition>
+    </streamDefinitions>-->
+
+</dataBridgeConfiguration>
diff --git a/modules/distribution/src/repository/conf/datasources/master-datasources.xml b/modules/distribution/src/repository/conf/datasources/master-datasources.xml
new file mode 100755
index 00000000000..b1535beb62a
--- /dev/null
+++ b/modules/distribution/src/repository/conf/datasources/master-datasources.xml
@@ -0,0 +1,139 @@
+<datasources-configuration xmlns:svns="http://org.wso2.securevault/configuration">
+    <providers>
+        <provider>org.wso2.carbon.ndatasource.rdbms.RDBMSDataSourceReader</provider>
+    </providers>
+
+    <datasources>
+        <datasource>
+            <name>WSO2_EMM_DB</name>
+            <description>The datasource used for EMM</description>
+            <jndiConfig>
+                <name>jdbc/WSO2EMMDB</name>
+            </jndiConfig>
+            <definition type="RDBMS">
+                <configuration>
+                    <url>jdbc:h2:repository/database/WSO2EMM_DB;DB_CLOSE_ON_EXIT=FALSE</url>
+                    <username>wso2carbon</username>
+                    <password>wso2carbon</password>
+                    <driverClassName>org.h2.Driver</driverClassName>
+                    <maxActive>50</maxActive>
+                    <maxWait>60000</maxWait>
+                    <testOnBorrow>true</testOnBorrow>
+                    <validationQuery>SELECT 1</validationQuery>
+                    <validationInterval>30000</validationInterval>
+                </configuration>
+            </definition>
+        </datasource>
+        <datasource>
+            <name>WSO2_CARBON_DB</name>
+            <description>The datasource used for registry and user manager</description>
+            <jndiConfig>
+                <name>jdbc/WSO2CarbonDB</name>
+            </jndiConfig>
+            <definition type="RDBMS">
+                <configuration>
+                    <url>jdbc:h2:repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE</url>
+                    <username>wso2carbon</username>
+                    <password>wso2carbon</password>
+                    <driverClassName>org.h2.Driver</driverClassName>
+                    <maxActive>50</maxActive>
+                    <maxWait>60000</maxWait>
+                    <testOnBorrow>true</testOnBorrow>
+                    <validationQuery>SELECT 1</validationQuery>
+                    <validationInterval>30000</validationInterval>
+                </configuration>
+            </definition>
+        </datasource>
+
+        <datasource>
+            <name>WSO2_IDENTITY_DB</name>
+            <description>The datasource used for Identity configurations</description>
+            <jndiConfig>
+                <name>jdbc/WSO2IdentityDB</name>
+            </jndiConfig>
+            <definition type="RDBMS">
+                <configuration>
+                    <url>jdbc:h2:repository/database/WSO2IDENTITY_DB;DB_CLOSE_ON_EXIT=FALSE</url>
+                    <username>wso2carbon</username>
+                    <password>wso2carbon</password>
+                    <driverClassName>org.h2.Driver</driverClassName>
+                    <maxActive>50</maxActive>
+                    <maxWait>60000</maxWait>
+                    <testOnBorrow>true</testOnBorrow>
+                    <validationQuery>SELECT 1</validationQuery>
+                    <validationInterval>30000</validationInterval>
+                </configuration>
+            </definition>
+        </datasource>
+
+        <datasource>
+            <name>SOCIAL_CACHE</name>
+            <description>The datasource used for storing the cached social objects.</description>
+            <jndiConfig>
+                <name>jdbc/test</name>
+            </jndiConfig>
+            <definition type="RDBMS">
+                <configuration>
+                    <url>jdbc:h2:repository/database/WSO2SOCIAL_CACHE_DB;DB_CLOSE_ON_EXIT=FALSE</url>
+                    <username>wso2carbon</username>
+                    <password>wso2carbon</password>
+                    <driverClassName>org.h2.Driver</driverClassName>
+                    <maxActive>50</maxActive>
+                    <maxWait>60000</maxWait>
+                </configuration>
+            </definition>
+        </datasource>
+
+        <datasource>
+            <name>SOCIAL_CASSANDRA_DB</name>
+            <description>The cassandra  datasource used for storing social activities</description>
+            <definition type="RDBMS">
+                <configuration>
+                    <url>jdbc:cassandra://localhost:9160/EVENT_KS</url>
+                    <username>admin@admin.com</username>
+                    <password>admin</password>
+                    <driverClassName>org.apache.cassandra.cql.jdbc.CassandraDriver</driverClassName>
+                </configuration>
+            </definition>
+        </datasource>
+
+        <datasource>
+            <name>WSO2AM_DB</name>
+            <description>The datasource used for API Manager database</description>
+            <jndiConfig>
+                <name>jdbc/WSO2AM_DB</name>
+            </jndiConfig>
+            <definition type="RDBMS">
+                <configuration>
+                    <url>jdbc:h2:repository/database/WSO2AM_DB;DB_CLOSE_ON_EXIT=FALSE</url>
+                    <username>wso2carbon</username>
+                    <password>wso2carbon</password>
+                    <driverClassName>org.h2.Driver</driverClassName>
+                    <maxActive>50</maxActive>
+                    <maxWait>60000</maxWait>
+                    <testOnBorrow>true</testOnBorrow>
+                    <validationQuery>SELECT 1</validationQuery>
+                    <validationInterval>30000</validationInterval>
+                </configuration>
+            </definition>
+        </datasource>
+
+        <datasource>
+            <name>JAGH2</name>
+            <description>The datasource used for by the Jaggery Storage Manager</description>
+            <jndiConfig>
+                <name>jdbc/test</name>
+            </jndiConfig>
+            <definition type="RDBMS">
+                <configuration>
+                    <url>jdbc:h2:~/test;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000</url>
+                    <username>sa</username>
+                    <password></password>
+                    <driverClassName>org.h2.Driver</driverClassName>
+                    <maxActive>50</maxActive>
+                    <maxWait>60000</maxWait>
+                </configuration>
+            </definition>
+        </datasource>
+    </datasources>
+</datasources-configuration>
diff --git a/modules/distribution/src/repository/conf/emm-config.xml b/modules/distribution/src/repository/conf/emm-config.xml
new file mode 100644
index 00000000000..caf7817ebac
--- /dev/null
+++ b/modules/distribution/src/repository/conf/emm-config.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<!--
+  ~ Copyright 2005-2014 WSO2, Inc. (http://wso2.com)
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<EnterpriseMobilityManager>
+
+	<DeviceMonitorFrequency>60000</DeviceMonitorFrequency>
+
+	<iOSEMMConfigurations>
+		<!-- iOS EMM endpoint urls -->
+		<iOSEnrollURL>https://192.168.1.2:9443/emm/scep</iOSEnrollURL>
+		<iOSProfileURL>https://192.168.1.2:9443/emm/profile</iOSProfileURL>
+		<iOSCheckinURL>https://192.168.1.2:9443/emm/checkin</iOSCheckinURL>
+		<iOSServerURL>https://192.168.1.2:9443/emm/server</iOSServerURL>
+		
+		<!-- post url for device tokens -->
+		<TokenURL>http://192.168.1.2:9763/emm/api/devices/iostokenregister</TokenURL>
+		
+		<EmmKeystore>		
+			<!-- EMM Keystore file location-->
+            <EMMKeystoreLocation>${carbon.home}/repository/resources/security/wso2emm.jks</EMMKeystoreLocation>
+            <!-- EMM Keystore type (JKS/PKCS12 etc.)-->
+            <EMMKeystoreType>JKS</EMMKeystoreType>
+            <!-- EMM Keystore password-->
+            <EMMKeystorePassword>wso2carbon</EMMKeystorePassword>
+			<!-- Certificate authority certificate alias -->
+			<EMMCACertAlias>cacert</EMMCACertAlias>
+			<!-- Certificate authority private key password -->
+			<EMMCAPrivateKeyPassword>cacert</EMMCAPrivateKeyPassword>
+			<!-- Registration authority certificate alias -->
+			<EMMRACertAlias>racert</EMMRACertAlias>
+			<!-- Registration authority private key password -->
+			<EMMRAPrivateKeyPassword>racert</EMMRAPrivateKeyPassword>
+        </EmmKeystore>
+	</iOSEMMConfigurations>
+	
+</EnterpriseMobilityManager>
diff --git a/modules/distribution/src/repository/conf/entitlement.properties b/modules/distribution/src/repository/conf/entitlement.properties
new file mode 100644
index 00000000000..41e11316e7a
--- /dev/null
+++ b/modules/distribution/src/repository/conf/entitlement.properties
@@ -0,0 +1,43 @@
+PDP.Enable=true
+PAP.Enable=true
+PDP.DecisionCaching.Enable=true 
+#cache intervals are in seconds
+PDP.DecisionCaching.CachingInterval=300
+PDP.AttributeCaching.Enable=true 
+PDP.AttributeCaching.CachingInterval=300
+PDP.ResourceCaching.Enable=true 
+PDP.ResourceCaching.CachingInterval=300
+PDP.SchemaValidation.Enable=true
+PDP.Balana.Config.Enable=false
+PDP.Multiple.Decision.Profile.Enable=true
+PDP.Global.Policy.Combining.Algorithm=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides
+PAP.Policy.Add.Start.Enable=false
+PAP.Items.Per.Page=10
+ 
+#PDP.Extensions.Extension.1=your.extension.class.name
+
+
+#PDP.Policy.Store=org.wso2.carbon.identity.entitlement.policy.store.CarbonRegistryPolicyStore
+ 
+PIP.AttributeDesignators.Designator.1=org.wso2.carbon.identity.entitlement.pip.DefaultAttributeFinder
+PIP.ResourceFinders.Finder.1=org.wso2.carbon.identity.entitlement.pip.DefaultResourceFinder
+ 
+PAP.Entitlement.Data.Finder.1=org.wso2.carbon.identity.entitlement.pap.CarbonEntitlementDataFinder
+PAP.Policy.Publisher.Module.1=org.wso2.carbon.identity.entitlement.policy.publisher.CarbonBasicPolicyPublisherModule
+#PAP.Policy.Post.Publisher.Module.1=
+#PAP.Policy.Publisher.Verification.Handler=
+PAP.Policy.Version.Module=org.wso2.carbon.identity.entitlement.policy.version.DefaultPolicyVersionManager
+PAP.Status.Data.Handler.1=org.wso2.carbon.identity.entitlement.SimplePAPStatusDataHandler
+
+PDP.Policy.Finder.1=org.wso2.carbon.identity.entitlement.policy.store.RegistryPolicyStoreManageModule
+#PDP.Policy.Collection
+PDP.Policy.Store.Module=org.wso2.carbon.identity.entitlement.policy.store.RegistryPolicyStoreManageModule
+PDP.Policy.Data.Store.Module=org.wso2.carbon.identity.entitlement.policy.store.DefaultPolicyDataStore
+
+# Properties needed for each extension.
+# org.wso2.carbon.identity.entitlement.pip.DefaultAttributeFinder.1=name,value
+# org.wso2.carbon.identity.entitlement.pip.DefaultAttributeFinder.2=name,value
+# org.wso2.carbon.identity.entitlement.pip.DefaultResourceFinder.1=name.value
+# org.wso2.carbon.identity.entitlement.pip.DefaultResourceFinder.2=name,value
+# org.wso2.carbon.identity.entitlement.policy.CarbonPolicyMetaDataFinder.1=name,value
+# org.wso2.carbon.identity.entitlement.policy.CarbonPolicyMetaDataFinder.2=name,value
diff --git a/modules/distribution/src/repository/conf/identity.xml b/modules/distribution/src/repository/conf/identity.xml
new file mode 100755
index 00000000000..15394806145
--- /dev/null
+++ b/modules/distribution/src/repository/conf/identity.xml
@@ -0,0 +1,230 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ ~ Copyright (c) 2005-2011, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ ~
+ ~ WSO2 Inc. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except
+ ~ in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~    http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
+
+    <OpenIDServerUrl>https://localhost:9443/openidserver</OpenIDServerUrl>
+
+    <OpenIDUserPattern>https://localhost:9443/openid/</OpenIDUserPattern>
+    <!-- If the users must be prompted for approval -->
+    <OpenIDSkipUserConsent>false</OpenIDSkipUserConsent>
+    <!-- Expiry time of the OpenID RememberMe token in minutes -->
+    <OpenIDRememberMeExpiry>7200</OpenIDRememberMeExpiry>
+
+    <JDBCPersistenceManager>
+        <DataSource>
+            <!-- Include a data source name (jndiConfigName) from the set of data sources defined in master-datasources.xml -->
+            <Name>jdbc/WSO2AM_DB</Name>
+        </DataSource>
+        <!-- If the identity database is created from another place and if it is required to skip schema initialization during the server start up, set the following
+           property to "true". -->
+        <SkipDBSchemaCreation>true</SkipDBSchemaCreation>
+    </JDBCPersistenceManager>
+
+    <!--
+      Security configurations
+    -->
+    <Security>
+        <UserTrustedRPStore>
+            <Location>${carbon.home}/repository/resources/security/userRP.jks</Location>
+            <!-- Keystore type (JKS/PKCS12 etc.)-->
+            <Type>JKS</Type>
+            <!-- Keystore password-->
+            <Password>wso2carbon</Password>
+            <!-- Private Key password-->
+            <KeyPassword>wso2carbon</KeyPassword>
+        </UserTrustedRPStore>
+
+        <!--
+              The directory under which all other KeyStore files will be stored
+          -->
+        <KeyStoresDir>${carbon.home}/conf/keystores</KeyStoresDir>
+    </Security>
+
+    <Identity>
+        <IssuerPolicy>SelfAndManaged</IssuerPolicy>
+        <TokenValidationPolicy>CertValidate</TokenValidationPolicy>
+        <BlackList></BlackList>
+        <WhiteList></WhiteList>
+        <System>
+            <KeyStore></KeyStore>
+            <StorePass></StorePass>
+        </System>
+    </Identity>
+
+    <OAuth>
+        <RequestTokenUrl>https://10.100.5.3:9443/oauth/request-token</RequestTokenUrl>
+        <AccessTokenUrl>https://10.100.5.3:9443/oauth/access-token</AccessTokenUrl>
+        <AuthorizeUrl>https://10.100.5.3:9443/oauth/authorize-url</AuthorizeUrl>
+        <!-- Default validity period for Authorization Code in seconds -->
+        <AuthorizationCodeDefaultValidityPeriod>300</AuthorizationCodeDefaultValidityPeriod>
+        <!-- Default validity period for Access Token in seconds -->
+        <AccessTokenDefaultValidityPeriod>3600</AccessTokenDefaultValidityPeriod>
+        <!-- Default validity period for Application Access Token in seconds-If want to set this as never expired,set the value as <0   -->
+        <ApplicationAccessTokenDefaultValidityPeriod>3600</ApplicationAccessTokenDefaultValidityPeriod>
+        <!-- Default validity period for User Access Token in seconds-->
+        <UserAccessTokenDefaultValidityPeriod>3600</UserAccessTokenDefaultValidityPeriod>
+        <!-- Timestamp skew in seconds -->
+        <TimestampSkew>300</TimestampSkew>
+        <!-- Enable OAuth caching. This cache has the replication support. -->
+        <EnableOAuthCache>true</EnableOAuthCache>
+        <!-- Configure the security measures needs to be done prior to store the token in the database,
+          such as hashing, encrypting, etc.-->
+        <TokenPersistenceProcessor>
+            org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor
+        </TokenPersistenceProcessor>
+        <ClientAuthHandlers>
+            <ClientAuthHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler</ClientAuthHandlerImplClass>
+        </ClientAuthHandlers>
+	<!--TokenPersistenceProcessor>
+            org.wso2.carbon.identity.oauth.tokenprocessor.EncryptionDecryptionPersistenceProcessor
+        </TokenPersistenceProcessor-->
+        <!-- Supported Response Types -->
+        <SupportedResponseTypes>
+            <SupportedResponseType>
+                <ResponseTypeName>token</ResponseTypeName>
+                <ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler</ResponseTypeHandlerImplClass>
+            </SupportedResponseType>
+            <SupportedResponseType>
+                <ResponseTypeName>code</ResponseTypeName>
+                <ResponseTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.authz.handlers.CodeResponseTypeHandler</ResponseTypeHandlerImplClass>
+            </SupportedResponseType>
+        </SupportedResponseTypes>
+        <!-- Supported Grant Types -->
+        <SupportedGrantTypes>
+            <SupportedGrantType>
+                <GrantTypeName>authorization_code</GrantTypeName>
+                <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationCodeGrantHandler</GrantTypeHandlerImplClass>
+            </SupportedGrantType>
+            <SupportedGrantType>
+                <GrantTypeName>password</GrantTypeName>
+                <GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler</GrantTypeHandlerImplClass>
+            </SupportedGrantType>
+            <SupportedGrantType>
+                <GrantTypeName>refresh_token</GrantTypeName>
+                <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler</GrantTypeHandlerImplClass>
+            </SupportedGrantType>
+            <SupportedGrantType>
+                <GrantTypeName>client_credentials</GrantTypeName>
+                <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.ClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
+            </SupportedGrantType>
+            <SupportedGrantType>
+                <GrantTypeName>urn:ietf:params:oauth:grant-type:saml2-bearer</GrantTypeName>
+                <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandler</GrantTypeHandlerImplClass>
+            </SupportedGrantType>
+        </SupportedGrantTypes>
+        <OAuthCallbackHandlers>
+            <OAuthCallbackHandler Class="org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler"/>
+        </OAuthCallbackHandlers>
+
+        <!-- Add custom user headers to the response-->
+        <!--<RequiredRespHeaderClaimUris>
+            <ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
+            <ClaimUri>http://wso2.org/claims/gender</ClaimUri>
+        </RequiredRespHeaderClaimUris>-->
+
+        <!-- Enable/Disable OAuth Caching-->
+        <!--<EnableCache>true</EnableCache>-->
+
+	<!-- Assertions can be used to embedd parameters into access token.-->
+	<EnableAssertions>
+		<UserName>false</UserName>
+	</EnableAssertions>
+
+	<!-- This should be set to true when using multiple user stores and keys should saved 
+			into different tables according to the user store. By default all the application keys are saved in to the same table.
+			UserName Assertion should be 'true' to use this.-->
+	<EnableAccessTokenPartitioning>false</EnableAccessTokenPartitioning>
+
+	<!-- user store domain names and mappings to new table names.
+				eg: if you provide 'A:foo.com', foo.com should be the user store domain name and 'A' represent the relavant mapping of 
+				token storing table, i.e. tokens relevant to the users comming from foo.com user store will be added to a table called
+				IDN_OAUTH2_ACCESS_TOKEN_A. --> 
+	<AccessTokenPartitioningDomains><!-- A:foo.com, B:bar.com --></AccessTokenPartitioningDomains>
+
+	<AuthorizationContextTokenGeneration>		
+		<Enabled>false</Enabled>
+		<TokenGeneratorImplClass>org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator</TokenGeneratorImplClass>
+		<ClaimsRetrieverImplClass>org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
+		<ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
+		<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
+		<AuthorizationContextTTL>15</AuthorizationContextTTL>
+	</AuthorizationContextTokenGeneration>
+
+    	<SAML2Grant>
+		<!--SAML2TokenHandler></SAML2TokenHandler-->
+	</SAML2Grant>
+
+		<!-- Primary/secondary login configuration for APIstore. If user likes to keep two login attributes in a distributed setup, to login the APIstore, 
+		he should configure this section. Primary login doesn't have a claimUri associated with it. But secondary login, which is a claim attribute,
+		is associated with a claimuri.--> 
+			<!-- <LoginConfig>
+					<UserIdLogin  primary="true">
+				<ClaimUri></ClaimUri>
+				</UserIdLogin>
+				<EmailLogin  primary="false">
+					<ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
+				</EmailLogin>
+			</LoginConfig>--> 
+    </OAuth>
+
+    <MultifactorAuthentication>
+        <XMPPSettings>
+            <XMPPConfig>
+                <XMPPProvider>gtalk</XMPPProvider>
+                <XMPPServer>talk.google.com</XMPPServer>
+                <XMPPPort>5222</XMPPPort>
+                <XMPPExt>gmail.com</XMPPExt>
+                <XMPPUserName>multifactor1@gmail.com</XMPPUserName>
+                <XMPPPassword>wso2carbon</XMPPPassword>
+            </XMPPConfig>
+        </XMPPSettings>
+    </MultifactorAuthentication>
+
+    <SSOService>
+        <IdentityProviderURL>https://localhost:9443/samlsso</IdentityProviderURL>
+    </SSOService>
+
+    <EntitlementSettings>
+        <!-- Uncomment this to enable on-demand policy loading -->
+        <!--OnDemandPolicyLoading>
+                <Enable>true</Enable>
+                <MaxInMemoryPolicies>100</MaxInMemoryPolicies>
+        </OnDemandPolicyLoading-->
+        <DecisionCaching>
+            <Enable>true</Enable>
+            <CachingInterval>36000</CachingInterval>
+        </DecisionCaching>
+        <AttributeCaching>
+            <Enable>true</Enable>
+        </AttributeCaching>
+        <ThirftBasedEntitlementConfig>
+            <EnableThriftService>true</EnableThriftService>
+            <ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
+            <ClientTimeout>10000</ClientTimeout>
+            <KeyStore>
+                <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+                <Password>wso2carbon</Password>
+            </KeyStore>
+        </ThirftBasedEntitlementConfig>
+    </EntitlementSettings>
+
+    <!--To do OSGI invocations to OAuth2Service,when the entire server is in one JVM -->
+    <SeparateBackEnd>false</SeparateBackEnd>
+</Server>
diff --git a/modules/distribution/src/repository/conf/log4j.properties b/modules/distribution/src/repository/conf/log4j.properties
new file mode 100644
index 00000000000..70f371f819d
--- /dev/null
+++ b/modules/distribution/src/repository/conf/log4j.properties
@@ -0,0 +1,164 @@
+#
+# Copyright 2009 WSO2, Inc. (http://wso2.com)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# This is the log4j configuration file used by WSO2 Carbon
+#
+# IMPORTANT : Please do not remove or change the names of any
+# of the Appenders defined here. The layout pattern & log file
+# can be changed using the WSO2 Carbon Management Console, and those
+# settings will override the settings in this file.
+#
+
+log4j.rootLogger=INFO, CARBON_CONSOLE, CARBON_LOGFILE, CARBON_MEMORY, CARBON_SYS_LOG
+
+log4j.logger.AUDIT_LOG=INFO, AUDIT_LOGFILE
+log4j.logger.org.apache.axis2.wsdl.codegen.writer.PrettyPrinter=ERROR, CARBON_LOGFILE, CARBON_MEMORY
+log4j.logger.org.apache.axis2.clustering=INFO, CARBON_CONSOLE, CARBON_LOGFILE
+log4j.logger.org.apache=INFO, CARBON_LOGFILE, CARBON_MEMORY
+log4j.logger.org.apache.catalina=WARN
+log4j.logger.org.apache.tomcat=WARN
+log4j.logger.org.wso2.carbon.apacheds=WARN
+log4j.logger.org.apache.directory.server.ldap=WARN
+log4j.logger.org.apache.directory.server.core.event=WARN
+log4j.logger.com.atomikos=INFO,ATOMIKOS
+log4j.logger.org.quartz=WARN
+log4j.logger.org.apache.jackrabbit.webdav=WARN
+log4j.logger.org.apache.juddi=ERROR
+log4j.logger.org.apache.commons.digester.Digester=WARN
+log4j.logger.org.apache.jasper.compiler.TldLocationsCache=WARN
+log4j.logger.org.apache.qpid=WARN
+log4j.logger.org.apache.qpid.server.Main=INFO
+log4j.logger.qpid.message=WARN
+log4j.logger.qpid.message.broker.listening=INFO
+log4j.logger.org.apache.tiles=WARN
+log4j.logger.org.apache.commons.httpclient=ERROR
+log4j.logger.org.apache.coyote=WARN
+log4j.logger.org.apache.solr=ERROR
+log4j.logger.org.infinispan=WARN
+log4j.logger.org.jgroups=ERROR
+log4j.logger.me.prettyprint.cassandra.hector.TimingLogger=ERROR
+log4j.logger.org.wso2=INFO
+log4j.logger.org.apache.axis2.enterprise=FATAL, CARBON_LOGFILE, CARBON_MEMORY
+log4j.logger.org.opensaml.xml=WARN, CARBON_LOGFILE, CARBON_MEMORY
+log4j.logger.org.apache.directory.shared.ldap=WARN, CARBON_LOGFILE, CARBON_MEMORY
+log4j.logger.org.apache.directory.server.ldap.handlers=WARN, CARBON_LOGFILE, CARBON_MEMORY 
+#Following are to remove false error messages from startup (IS)
+log4j.logger.org.apache.directory.shared.ldap.entry.DefaultServerAttribute=FATAL, CARBON_LOGFILE, CARBON_MEMORY
+log4j.logger.org.apache.directory.server.core.DefaultDirectoryService=ERROR, CARBON_LOGFILE, CARBON_MEMORY
+log4j.logger.org.apache.directory.shared.ldap.ldif.LdifReader=ERROR, CARBON_LOGFILE, CARBON_MEMORY
+log4j.logger.org.apache.directory.server.ldap.LdapProtocolHandler=ERROR, CARBON_LOGFILE, CARBON_MEMORY
+log4j.logger.org.apache.directory.server.core=ERROR, CARBON_LOGFILE, CARBON_MEMORY
+#Hive Related Log configurations
+log4j.logger.DataNucleus=ERROR
+log4j.logger.Datastore=ERROR
+log4j.logger.Datastore.Schema=ERROR
+log4j.logger.JPOX.Datastore=ERROR
+log4j.logger.JPOX.Plugin=ERROR
+log4j.logger.JPOX.MetaData=ERROR
+log4j.logger.JPOX.Query=ERROR
+log4j.logger.JPOX.General=ERROR
+log4j.logger.JPOX.Enhancer=ERROR
+log4j.logger.org.apache.hadoop.hive=WARN
+log4j.logger.hive=WARN
+log4j.logger.ExecMapper=WARN
+log4j.logger.ExecReducer=WARN
+log4j.logger.net.sf.ehcache=ERROR
+
+log4j.logger.trace.messages=TRACE,CARBON_TRACE_LOGFILE
+
+log4j.additivity.org.apache.axis2.clustering=false
+log4j.additivity.com.atomikos=false
+
+# CARBON_CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CARBON_CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CARBON_CONSOLE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
+# ConversionPattern will be overridden by the configuration setting in the DB
+log4j.appender.CARBON_CONSOLE.layout.ConversionPattern=[%d] %P%5p {%c} - %x %m%n
+log4j.appender.CARBON_CONSOLE.layout.TenantPattern=%U%@%D[%T]
+log4j.appender.CARBON_CONSOLE.threshold=DEBUG
+
+# CARBON_MEMORY is set to be a MemoryAppender using a PatternLayout.
+log4j.appender.CARBON_MEMORY=org.wso2.carbon.logging.appenders.MemoryAppender
+log4j.appender.CARBON_MEMORY.layout=org.apache.log4j.PatternLayout
+log4j.appender.CARBON_MEMORY.bufferSize=200
+# ConversionPattern will be overridden by the configuration setting in the DB
+#log4j.appender.CARBON_MEMORY.layout.ConversionPattern=[%d] %5p - %x %m {%c}%n
+log4j.appender.CARBON_MEMORY.layout.ConversionPattern=[%d] %5p {%c} - %x %m%n
+log4j.appender.CARBON_MEMORY.threshold=DEBUG
+
+
+# CARBON_LOGFILE is set to be a DailyRollingFileAppender using a PatternLayout.
+log4j.appender.CARBON_LOGFILE=org.apache.log4j.DailyRollingFileAppender
+# Log file will be overridden by the configuration setting in the DB
+# This path should be relative to WSO2 Carbon Home
+log4j.appender.CARBON_LOGFILE.File=${carbon.home}/repository/logs/${instance.log}/wso2carbon${instance.log}.log
+log4j.appender.CARBON_LOGFILE.Append=true
+log4j.appender.CARBON_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
+# ConversionPattern will be overridden by the configuration setting in the DB
+log4j.appender.CARBON_LOGFILE.layout.ConversionPattern=TID: [%T] [%S] [%d] %P%5p {%c} - %x %m {%c}%n
+log4j.appender.CARBON_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
+log4j.appender.CARBON_LOGFILE.threshold=DEBUG
+
+log4j.appender.CARBON_SYS_LOG = org.apache.log4j.net.SyslogAppender
+log4j.appender.CARBON_SYS_LOG.layout=org.apache.log4j.PatternLayout
+log4j.appender.CARBON_SYS_LOG.layout.ConversionPattern=[%d] %5p {%c} - %x %m {%c}%n
+log4j.appender.CARBON_SYS_LOG.SyslogHost=localhost
+log4j.appender.CARBON_SYS_LOG.Facility=USER
+log4j.appender.CARBON_SYS_LOG.threshold=DEBUG
+
+# LOGEVENT is set to be a LogEventAppender using a PatternLayout to send logs to LOGEVENT 
+log4j.appender.LOGEVENT=org.wso2.carbon.logging.appender.LogEventAppender
+log4j.appender.LOGEVENT.url=tcp://10.100.3.103:7611
+log4j.appender.LOGEVENT.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
+log4j.appender.LOGEVENT.columnList=%T,%S,%A,%d,%c,%p,%m,%H,%I,%Stacktrace
+log4j.appender.LOGEVENT.userName=admin
+log4j.appender.LOGEVENT.password=admin
+
+# Appender config to CARBON_TRACE_LOGFILE
+log4j.appender.CARBON_TRACE_LOGFILE=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.CARBON_TRACE_LOGFILE.File=${carbon.home}/repository/logs/${instance.log}/wso2carbon-trace-messages${instance.log}.log
+log4j.appender.CARBON_TRACE_LOGFILE.Append=true
+log4j.appender.CARBON_TRACE_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
+log4j.appender.CARBON_TRACE_LOGFILE.layout.ConversionPattern=[%d] %P%5p {%c} - %x %m {%c}%n
+log4j.appender.CARBON_TRACE_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
+log4j.appender.CARBON_TRACE_LOGFILE.threshold=TRACE
+log4j.additivity.trace.messages=false
+
+# Appender config to AUDIT_LOGFILE
+log4j.appender.AUDIT_LOGFILE=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.AUDIT_LOGFILE.File=${carbon.home}/repository/logs/audit.log
+log4j.appender.AUDIT_LOGFILE.Append=true
+log4j.appender.AUDIT_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
+log4j.appender.AUDIT_LOGFILE.layout.ConversionPattern=[%d] %P%5p - %x %m %n
+log4j.appender.AUDIT_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
+log4j.appender.AUDIT_LOGFILE.threshold=INFO
+log4j.additivity.AUDIT_LOG=false
+
+# Appender config to send Atomikos transaction logs to new log file tm.out.
+log4j.appender.ATOMIKOS = org.apache.log4j.RollingFileAppender
+log4j.appender.ATOMIKOS.File = repository/logs/tm.out
+log4j.appender.ATOMIKOS.Append = true
+log4j.appender.ATOMIKOS.layout = org.apache.log4j.PatternLayout
+log4j.appender.ATOMIKOS.layout.ConversionPattern=%p %t %c - %m%n
+
+# This file is used to override the default logger settings, and is used to remove unwanted logs from Shindig appearing on the console.
+
+# Specification of Handler used by Console Logger
+handlers=java.util.logging.ConsoleHandler
+
+# Replacing default INFO level with SEVERE
+java.util.logging.ConsoleHandler.level=SEVERE
diff --git a/modules/distribution/src/repository/conf/multitenancy/cloud-services-desc.xml b/modules/distribution/src/repository/conf/multitenancy/cloud-services-desc.xml
new file mode 100644
index 00000000000..43da09023ef
--- /dev/null
+++ b/modules/distribution/src/repository/conf/multitenancy/cloud-services-desc.xml
@@ -0,0 +1,186 @@
+<!--
+This has the configurations for the cloud services.
+Label, link, icon, description, and the other similar information for each of the services are
+given here.
+-->
+<cloudServices xmlns="http://wso2.com/carbon/cloud/mgt/services">
+    <cloudService name="WSO2 Stratos Controller" default="true">
+        <key>SCC</key>
+        <label>WSO2 Stratos Controller</label>
+        <link>https://scc.cloud.wso2.com</link>
+        <!--icon>
+            https://localhost:9443/cloud-services-icons/esb.gif
+        </icon-->
+        <productPageURL>http://wso2.com/cloud/stratos</productPageURL>
+        <description>WSO2 stratos controller.</description>
+    </cloudService>
+    <cloudService name="WSO2 Cloud Controller" default="true">
+        <key>CC</key>
+        <label>WSO2 Cloud Controller</label>
+        <link>https://cc.cloud.wso2.com</link>
+        <!--icon>
+            https://localhost:9443/cloud-services-icons/esb.gif
+        </icon-->
+        <productPageURL>http://wso2.com/cloud/stratos</productPageURL>
+        <description>WSO2 Cloud Controller.</description>
+    </cloudService>
+    <cloudService name="WSO2 Stratos Agent" default="true">
+        <key>Agent</key>
+        <label>WSO2 Stratos Agent</label>
+        <link>https://cc.cloud.wso2.com</link>
+        <!--icon>
+            https://localhost:9443/cloud-services-icons/esb.gif
+        </icon-->
+        <productPageURL>http://wso2.com/cloud/stratos</productPageURL>
+        <description>WSO2 Stratos Agent.</description>
+    </cloudService>
+    <cloudService name="WSO2 Enterprise Service Bus" default="true">
+        <key>ESB</key>
+        <label>Enterprise Service Bus</label>
+        <link>https://esb.cloud.wso2.com</link>
+        <icon>
+            https://localhost:9443/cloud-services-icons/esb.gif
+        </icon>
+        <productPageURL>http://wso2.com/products/enterprise-service-bus/</productPageURL>
+        <description>Enterprise Service Bus in the cloud.</description>
+    </cloudService>
+    <cloudService name="Application Server" default="true">
+        <key>AS</key>
+        <label>Application Server</label>
+        <link>https://appserver.cloud.wso2.com</link>
+        <icon>
+            https://localhost:9443/cloud-services-icons/appserver.gif
+        </icon>
+        <productPageURL>http://wso2.com/products/application-server/</productPageURL>
+        <description>Application Server in the cloud.</description>
+    </cloudService>
+    <cloudService name="WSO2 Data Services Server" default="true">
+        <key>DSS</key>
+        <label>WSO2 Data Services Server</label>
+        <link>https://dss.cloud.wso2.com</link>
+        <icon>
+            https://localhost:9443/cloud-services-icons/ds.gif
+        </icon>
+        <productPageURL>http://wso2.com/products/data-services-server/</productPageURL>
+        <description>Data Services Server in the cloud.</description>
+    </cloudService>
+    <cloudService name="WSO2 Governance Registry" default="true">
+        <key>Greg</key>
+        <label>Governance</label>
+        <link>https://governance.cloud.wso2.com</link>
+        <description>Governance in the cloud.</description>
+        <icon>
+            https://localhost:9443/cloud-services-icons/governance.gif
+        </icon>
+        <productPageURL>http://wso2.com/products/governance-registry/</productPageURL>
+    </cloudService>
+    <cloudService name="WSO2 Identity Server" default="true">
+        <key>IS</key>
+        <label>WSO2 Identity Server</label>
+        <link>https://identity.cloud.wso2.com</link>
+        <icon>
+            https://localhost:9443/cloud-services-icons/identity.gif
+        </icon>
+        <description>Identity in the cloud.</description>
+        <productPageURL>http://wso2.com/products/identity-server/</productPageURL>
+    </cloudService>
+    <cloudService name="WSO2 Business Activity Monitor" default="true">
+        <label>Business Activity Monitor</label>
+        <link>https://bam.cloud.wso2.com</link>
+        <icon>
+            https://localhost:9443/cloud-services-icons/bam.gif
+        </icon>
+        <description>Business Activity Monitor in the cloud.</description>
+        <productPageURL>http://wso2.com/products/business-activity-monitor/</productPageURL>
+    </cloudService>
+    <cloudService name="WSO2 Business Process Server" default="true">
+        <key>BPS</key>
+        <label>Business Process Server</label>
+        <link>https://bps.cloud.wso2.com</link>
+        <icon>
+            https://localhost:9443/cloud-services-icons/bps.gif
+        </icon>
+        <description>Business Process Server in the cloud.</description>
+        <productPageURL>http://wso2.com/products/business-process-server/</productPageURL>
+    </cloudService>
+    <cloudService name="WSO2 Business Rule Server" default="true">
+        <key>BRS</key>
+        <label>Business Rule Server</label>
+        <link>https://brs.cloud.wso2.com</link>
+        <icon>
+            https://localhost:9443/cloud-services-icons/brs.gif
+        </icon>
+        <description>Business Rules Server in the cloud.</description>
+        <productPageURL>http://wso2.com/products/business-rules-server/</productPageURL>
+    </cloudService>
+    <cloudService name="WSO2 Mashup Server" default="true">
+        <key>MB</key>
+        <label>Mashup Server</label>
+        <link>https://mashup.cloud.wso2.com</link>
+        <icon>
+            https://localhost:9443/cloud-services-icons/mashup.gif
+        </icon>
+        <description>Mashup Server in the cloud.</description>
+        <productPageURL>http://wso2.com/products/mashup-server/</productPageURL>
+    </cloudService>
+    <cloudService name="WSO2 Gadget Server" default="true">
+        <key>GS</key>
+        <label>Gadget Server</label>
+        <link>https://gadget.cloud.wso2.com</link>
+        <icon>
+            https://localhost:9443/cloud-services-icons/gadget.gif
+        </icon>
+        <description>Gadgets in the cloud.</description>
+        <productPageURL>http://wso2.com/products/gadget-server/</productPageURL>
+    </cloudService>
+    <cloudService name="Cloud Gateway" default="true">
+        <key>CG</key>
+        <label>Cloud Gateway</label>
+        <link>https://cg.stratoslive.wso2.com</link>
+        <icon>
+            https://localhost:9443/cloud-services-icons/csg.gif
+        </icon>
+        <description>Cloud Gateway in the cloud.</description>
+        <productPageURL>http://wso2.com/products/cloud-services-gateway/</productPageURL> <!-- FIXME, put the correct project home -->
+    </cloudService>
+    <cloudService name="WSO2 Complex Event Processor" default="true">
+        <key>CEP</key>
+        <label>Complex Event Processor</label>
+        <link>https://cep.cloud.wso2.com</link>
+        <icon>
+            https://localhost:9443/cloud-services-icons/cep.gif
+        </icon>
+        <productPageURL>http://wso2.com/products/complex-event-processing-server/</productPageURL> <!-- FIXME, put the correct project home -->
+        <description>Complex Event Processor in the cloud.</description>
+    </cloudService>
+    <cloudService name="WSO2 Message Broker" default="true">
+        <key>MB</key>
+        <label>Message Broker</label>
+        <link>https://mb.cloud.wso2.com</link>
+        <icon>
+            https://localhost:9443/cloud-services-icons/mb.gif
+        </icon>
+        <productPageURL>http://wso2.com/products/message-broker/</productPageURL>
+        <description>Message Broker in the cloud.</description>
+    </cloudService>
+    <cloudService name="WSO2 Storage Server" default="true">
+        <key>SS</key>
+        <label>WSO2 Storage Server</label>
+        <link>https://ss.stratoslive.wso2.com</link>
+        <icon>
+            https://localhost:9443/cloud-services-icons/ss.gif
+        </icon>
+        <description>WSO2 Storage Server.</description>
+        <productPageURL>http://wso2.com/products/storage-server/</productPageURL>
+    </cloudService>
+    <cloudService name="WSO2 Enterprise Store" default="true">
+        <key>ES</key>
+        <label>WSO2 Enterprise Store</label>
+        <link>https://es.stratoslive.wso2.com</link>
+        <icon>
+            https://localhost:9443/cloud-services-icons/ss.gif
+        </icon>
+        <description>WSO2 Enterprise Store.</description>
+        <productPageURL>http://wso2.com/products/storage-server/</productPageURL>
+    </cloudService>
+</cloudServices>
\ No newline at end of file
diff --git a/modules/distribution/src/repository/conf/registry.xml b/modules/distribution/src/repository/conf/registry.xml
new file mode 100755
index 00000000000..ee8ae46bf9f
--- /dev/null
+++ b/modules/distribution/src/repository/conf/registry.xml
@@ -0,0 +1,195 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<!--
+  ~ Copyright 2005-2011 WSO2, Inc. (http://wso2.com)
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<wso2registry>
+
+    <!--
+    For details on configuring different config & governance registries see;
+    http://wso2.org/library/tutorials/2010/04/sharing-registry-space-across-multiple-product-instances
+    -->
+
+    <currentDBConfig>wso2registry</currentDBConfig>
+    <readOnly>false</readOnly>
+    <enableCache>true</enableCache>
+    <registryRoot>/</registryRoot>
+
+    <dbConfig name="wso2registry">
+        <dataSource>jdbc/WSO2CarbonDB</dataSource>
+    </dbConfig>
+
+    <!--aspect name="SecondLifeCycle" class="org.wso2.carbon.governance.registry.extensions.aspects.DefaultLifeCycle">
+        <configuration type="literal">
+        <lifecycle>
+            <scxml xmlns="http://www.w3.org/2005/07/scxml"
+                   version="1.0"
+                   initialstate="Development">
+                <state id="Development">
+                    <datamodel>
+                        <data name="checkItems">
+                            <item name="Code Completed" forEvent="">
+                            </item>
+                            <item name="WSDL, Schema Created" forEvent="">
+                            </item>
+                            <item name="QoS Created" forEvent="">
+                            </item>
+                        </data>
+                    </datamodel>
+                    <transition event="Promote" target="Tested"/>
+                </state>
+                <state id="Published">
+                    <datamodel>
+                        <data name="checkItems">
+                            <item name="Effective Inspection Completed" forEvent="">
+                            </item>
+                            <item name="Test Cases Passed" forEvent="">
+                            </item>
+                            <item name="Smoke Test Passed" forEvent="">
+                            </item>
+                        </data>
+                    </datamodel>
+                    <transition event="Promote" target="Production"/>
+                    <transition event="Demote" target="Development"/>
+                </state>
+                <state id="Deprecated">
+                    <transition event="Demote" target="Tested"/>
+                </state>
+            </scxml>
+        </lifecycle>
+        </configuration>
+    </aspect-->
+
+<handler class="org.wso2.jaggery.scxml.registry.handlers.JaggeryExecutorHandler" methods="PUT">
+    <filter class="org.wso2.jaggery.scxml.registry.filters.JaggeryExecutorFilter">
+    </filter>
+</handler>
+<handler class="org.wso2.carbon.identity.entitlement.policy.finder.registry.RegistryPolicyHandler">
+<filter class="org.wso2.carbon.identity.entitlement.policy.finder.registry.RegistryPolicyMediaTypeMatcher">
+<property name="mediaType">application/xacml-policy+xml</property>
+</filter>
+</handler>
+
+    <!--<aspect name="SampleLifeCycle" class="org.wso2.carbon.governance.registry.extensions.aspects.ChecklistLifeCycle">
+        <configuration type="literal">
+            <lifecycle>
+                <state name="Created" id="Created" location="/environment/created">
+                    <checkitem>Condition 1</checkitem>
+                    <checkitem>Condition 2</checkitem>
+                </state>
+                <state name="Deprecated" id="Deprecated" location="/environment/deprecated">
+                </state>
+            </lifecycle>
+        </configuration>
+    </aspect>-->
+
+    <!--<handler class="org.wso2.carbon.registry.extensions.handlers.SynapseRepositoryHandler">
+         <filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
+             <property name="mediaType">application/vnd.apache.synapse</property>
+         </filter>
+     </handler>
+
+     <handler class="org.wso2.carbon.registry.extensions.handlers.SynapseRepositoryHandler">
+         <filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
+             <property name="mediaType">application/vnd.apache.esb</property>
+         </filter>
+     </handler>
+
+     <handler class="org.wso2.carbon.registry.extensions.handlers.Axis2RepositoryHandler">
+         <filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
+             <property name="mediaType">application/vnd.apache.axis2</property>
+         </filter>
+     </handler>
+
+     <handler class="org.wso2.carbon.registry.extensions.handlers.Axis2RepositoryHandler">
+         <filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
+             <property name="mediaType">application/vnd.apache.wsas</property>
+         </filter>
+     </handler>
+
+     <handler class="org.wso2.carbon.registry.extensions.handlers.WSDLMediaTypeHandler">
+         <filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
+             <property name="mediaType">application/wsdl+xml</property>
+         </filter>
+     </handler>
+
+     <handler class="org.wso2.carbon.registry.extensions.handlers.XSDMediaTypeHandler">
+         <filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
+             <property name="mediaType">application/x-xsd+xml</property>
+         </filter>
+     </handler> -->
+
+    <!--remoteInstance url="https://localhost:9443/registry">
+        <id>instanceid</id>
+        <username>username</username>
+        <password>password</password>
+    </remoteInstance-->
+
+    <!--remoteInstance url="https://localhost:9443/registry">
+        <id>instanceid</id>
+        <dbConfig>wso2registry</dbConfig>
+        <readOnly>false</readOnly>
+        <enableCache>true</enableCache>
+        <registryRoot>/</registryRoot>
+    </remoteInstance-->
+
+    <!--mount path="/_system/config" overwrite="true|false|virtual">
+        <instanceId>instanceid</instanceId>
+        <targetPath>/_system/nodes</targetPath>
+    </mount-->
+
+    <!-- This defines index cofiguration which is used in meta data search feature of the registry -->
+        <indexingConfiguration>
+        <startingDelayInSeconds>30</startingDelayInSeconds>
+        <indexingFrequencyInSeconds>5</indexingFrequencyInSeconds>
+        <!--number of resources submit for given indexing thread -->
+        <batchSize>50</batchSize>
+         <!--number of worker threads for indexing -->
+        <indexerPoolSize>50</indexerPoolSize>
+        <!-- location storing the time the indexing took place-->
+        <lastAccessTimeLocation>/_system/local/repository/components/org.wso2.carbon.registry/indexing/lastaccesstime</lastAccessTimeLocation>
+        <!-- the indexers that implement the indexer interface for a relevant media type/(s) -->
+        <indexers>
+            <!--indexer class="org.wso2.carbon.registry.indexing.indexer.MSExcelIndexer" mediaTypeRegEx="application/vnd.ms-excel"/>
+            <indexer class="org.wso2.carbon.registry.indexing.indexer.MSPowerpointIndexer" mediaTypeRegEx="application/vnd.ms-powerpoint"/>
+            <indexer class="org.wso2.carbon.registry.indexing.indexer.MSWordIndexer" mediaTypeRegEx="application/msword"/>
+            <indexer class="org.wso2.carbon.registry.indexing.indexer.PDFIndexer" mediaTypeRegEx="application/pdf"/>
+            <indexer class="org.wso2.carbon.registry.indexing.indexer.XMLIndexer" mediaTypeRegEx="application/xml"/>
+            <indexer class="org.wso2.carbon.registry.indexing.indexer.XMLIndexer" mediaTypeRegEx="application/(.)+\+xml"/>
+            <indexer class="org.wso2.carbon.registry.indexing.indexer.PlainTextIndexer" mediaTypeRegEx="text/(.)+"/>
+            <indexer class="org.wso2.carbon.registry.indexing.indexer.PlainTextIndexer" mediaTypeRegEx="application/x-javascript"/>
+            <indexer class="org.wso2.carbon.registry.indexing.indexer.PlainTextIndexer" mediaTypeRegEx="application/json"/>
+            <indexer class="org.wso2.carbon.governance.registry.extensions.indexers.RXTIndexer" mediaTypeRegEx="application/vnd.wso2-ebook\+xml" profiles ="default"/>
+            <indexer class="org.wso2.carbon.governance.registry.extensions.indexers.RXTIndexer" mediaTypeRegEx="application/vnd.wso2-gadget\+xml" profiles ="default"/>
+            <indexer class="org.wso2.carbon.governance.registry.extensions.indexers.RXTIndexer" mediaTypeRegEx="application/vnd.wso2-site\+xml" profiles ="default"/-->
+            <indexer class="org.wso2.carbon.governance.registry.extensions.indexers.RXTIndexer" mediaTypeRegEx="application/vnd.(.)+\+xml" profiles ="default"/>
+        
+        </indexers>
+        <exclusions>
+            <exclusion pathRegEx="/_system/config/repository/dashboards/gadgets/swfobject1-5/.*[.]html"/>
+            <exclusion pathRegEx="/_system/local/repository/components/org[.]wso2[.]carbon[.]registry/mount/.*"/>
+        </exclusions>
+    </indexingConfiguration>
+    <versionResourcesOnChange>true</versionResourcesOnChange>
+
+    <!-- NOTE: You can edit the options under "StaticConfiguration" only before the
+     startup. -->
+    <staticConfiguration>
+        <versioningProperties>true</versioningProperties>
+        <versioningComments>true</versioningComments>
+        <versioningTags>true</versioningTags>
+        <versioningRatings>true</versioningRatings>
+    </staticConfiguration>
+</wso2registry>
diff --git a/modules/distribution/src/repository/conf/shindig.properties b/modules/distribution/src/repository/conf/shindig.properties
new file mode 100644
index 00000000000..89be04b9dbb
--- /dev/null
+++ b/modules/distribution/src/repository/conf/shindig.properties
@@ -0,0 +1,215 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Location of feature manifests (comma separated)
+shindig.features.default=res://features/features.txt
+
+# Location of container configurations (comma separated)
+shindig.containers.default=res://containers/default/container.js
+
+### Inbound OAuth support
+# The URL base to use for full OAuth support (three-legged)
+shindig.oauth.base-url=/oauth
+shindig.oauth.authorize-action=/WEB-INF/authorize.jsp
+# The range to the past and future of timestamp for OAuth token validation. Default to 5 minutes
+shindig.oauth.validator-max-timestamp-age-ms=300000
+
+### Outbound OAuth support
+shindig.signing.state-key=
+shindig.signing.key-name=
+shindig.signing.key-file=
+shindig.signing.global-callback-url=http://%authority%%contextRoot%/gadgets/oauthcallback
+shindig.signing.enable-signed-callbacks=true
+
+### If a OAuth2Client does not specify a redirect uri it will default here
+shindig.oauth2.global-redirect-uri=http://%authority%%contextRoot%/gadgets/oauth2callback
+### Setting to true will cause the registered OAuth2Persistence plugin to load it's values
+### with what's in config/oauth2.json, no meaning without a second persistence implementation.
+shindig.oauth2.import=false
+### Determines if the import will start by removing everything currently in persistence.
+shindig.oauth2.import.clean=false
+# Set to true if you want to allow the use of 3-party (authorization_code) OAuth 2.0 flow when viewer != owner.
+# This setting is not recommeneded for pages that allow user-controlled javascript, since
+# that javascript could be used to make unauthorized requests on behalf of the viewer of the page
+shindig.oauth2.viewer-access-tokens-enabled=true
+# Set to true to send extended trace messages to the client.  Probably want this to be false for
+# production systems and true for test/development.
+shindig.oauth2.send-trace-to-client=true
+shindig.signing.oauth2.state-key=
+
+# Set to true if you want to allow the use of 3-legged OAuth tokens when viewer != owner.
+# This setting is not recommeneded for pages that allow user-controlled javascript, since
+# that javascript could be used to make unauthorized requests on behalf of the viewer of the page
+shindig.signing.viewer-access-tokens-enabled=false
+
+# If enabled here, configuration values can be found in container configuration files.
+shindig.locked-domain.enabled=false
+
+# TODO: This needs to be moved to container configuration.
+shindig.content-rewrite.only-allow-excludes=false
+shindig.content-rewrite.include-urls=.*
+shindig.content-rewrite.exclude-urls=
+shindig.content-rewrite.include-tags=body,embed,img,input,link,script,style
+shindig.content-rewrite.expires=86400
+shindig.content-rewrite.enable-split-js-concat=true
+shindig.content-rewrite.enable-single-resource-concat=false
+
+#
+# Default set of forced libs to allow for better caching
+#
+# NOTE: setting this causes the EndToEnd test to fail the opensocial-templates test
+shindig.gadget-rewrite.default-forced-libs=core:rpc
+#shindig.gadget-rewrite.default-forced-libs=
+
+#
+# Allow supported JavaScript features required by a gadget to be externalized on demand
+shindig.gadget-rewrite.externalize-feature-libs=true
+
+# Configuration for image rewriter
+shindig.image-rewrite.max-inmem-bytes = 1048576
+shindig.image-rewrite.max-palette-size = 256
+shindig.image-rewrite.allow-jpeg-conversion = true
+shindig.image-rewrite.jpeg-compression = 0.90
+shindig.image-rewrite.min-threshold-bytes = 200
+shindig.image-rewrite.jpeg-retain-subsampling = false
+# Huffman optimization reduces the images size by addition 4-6% without
+# any loss in the quality of the image, but takes extra cpu cycles for
+# computing the optimized huffman tables.
+shindig.image-rewrite.jpeg-huffman-optimization = false
+
+# Configuration for the os:Flash tag
+shindig.flash.min-version = 9.0.115
+
+# Configuration for template rewriter
+shindig.template-rewrite.extension-tag-namespace=http://ns.opensocial.org/2009/extensions
+
+# These values provide default TTLs (in ms) for HTTP responses that don't use caching headers.
+shindig.cache.http.defaultTtl=3600000
+shindig.cache.http.negativeCacheTtl=60000
+
+# Amount of time after which the entry in cache should be considered for a refetch for a
+# non-userfacing internal fetch when the response is strict-no-cache.
+shindig.cache.http.strict-no-cache-resource.refetch-after-ms=-1
+
+# A default refresh interval for XML files, since there is no natural way for developers to
+# specify this value, and most HTTP responses don't include good cache control headers.
+shindig.cache.xml.refreshInterval=300000
+
+# Add entries in the form shindig.cache.lru.<name>.capacity to specify capacities for different
+# caches when using the LruCacheProvider.
+# It is highly recommended that the EhCache implementation be used instead of the LRU cache.
+shindig.cache.lru.default.capacity=1000
+shindig.cache.lru.expressions.capacity=1000
+shindig.cache.lru.gadgetSpecs.capacity=1000
+shindig.cache.lru.messageBundles.capacity=1000
+shindig.cache.lru.httpResponses.capacity=10000
+
+# The location of the EhCache configuration file.
+shindig.cache.ehcache.config=res://org/apache/shindig/common/cache/ehcache/ehcacheConfig.xml
+
+# The location of the filter file for EhCache's SizeOfEngine
+# This gets set as a system property to be consumed by EhCache.
+# Can be a resource on the classpath or a path on the file system.
+shindig.cache.ehcache.sizeof.filter=res://org/apache/shindig/common/cache/ehcache/SizeOfFilter.txt
+
+# true to enable JMX integration.
+shindig.cache.ehcache.jmx.enabled=true
+
+# true to enable JMX stats.
+shindig.cache.ehcache.jmx.stats=true
+
+# true to skip expensive encoding detection.
+# if true, will only attempt to validate utf-8. Assumes all other encodings are ISO-8859-1.
+shindig.http.fast-encoding-detection=true
+
+# Configuration for the HttpFetcher
+# Connection timeout, in milliseconds, for requests.
+shindig.http.client.connection-timeout-ms=5000
+
+# Maximum size, in bytes, of the object we fetched, 0 == no limit
+shindig.http.client.max-object-size-bytes=0
+
+# Strict-mode parsing for proxy and concat URIs ensures that the authority/host and path
+# for the URIs match precisely what is found in the container config for it. This is
+# useful where statistics and traffic routing patterns, typically in large installations,
+# key on hostname (and occasionally path). Enforcing this does come at the cost that
+# mismatches break, which in turn mandates that URI generation always happen in consistent
+# fashion, ie. by the class itself or tightly controlled code.
+shindig.uri.proxy.use-strict-parsing=false
+shindig.uri.concat.use-strict-parsing=false
+
+# Host:port of the proxy to use while fetching urls. Leave blank if proxy is
+# not to be used.
+org.apache.shindig.gadgets.http.basicHttpFetcherProxy=
+
+org.apache.shindig.serviceExpirationDurationMinutes=60
+
+#
+# Older versions of shindig used 'data' in the json-rpc response format
+# The spec calls for using 'result' instead, however to avoid breakage we
+# allow you to set it back to the old way here
+#
+# valid values are
+#  result  - new form
+#  data    - old broken form
+#  both    - return both fields for full compatibility
+#
+shindig.json-rpc.result-field=result
+
+# Remap "Internal server error"s received from the basicHttpFetcherProxy server to
+# "Bad Gateway error"s, so that it is clear to the user that the proxy server is
+# the one that threw the exception.
+shindig.accelerate.remapInternalServerError=true
+shindig.proxy.remapInternalServerError=true
+
+# Add debug data when using VanillaCajaHtmlParser.
+vanillaCajaParser.needsDebugData=true
+
+# Allow non-SSL OAuth 2.0 bearer tokens
+org.apache.shindig.auth.oauth2-require-ssl=false
+
+# Set gadget param in proxied uri as authority if this is true
+org.apache.shindig.gadgets.uri.setAuthorityAsGadgetParam=false
+
+# Maximum Get Url size limit
+org.apache.shindig.gadgets.uri.urlMaxLength=2048
+
+# Default cachettl value for versioned url in seconds. Here default value is 1 year.
+org.apache.shindig.gadgets.servlet.longLivedRefreshSec=31536000
+
+# Closure compiler optimization level.  One of advanced|simple|whitespace_only|none.
+# Defaults to simple.
+shindig.closure.compile.level=simple
+
+# Size of the compiler thread pool
+shindig.closure.compile.threadPoolSize=5
+
+# OAuth 2.0 authorization code, access token, and refresh token expiration times.
+# 5 * 60 * 1000 = 300000 = 5 minutes
+# 5 * 60 * 60 * 1000 = 18000000 = 5 hours
+# 5 * 60 * 60 * 1000 * 24 = 432000000 = 5 days
+shindig.oauth2.authCodeExpiration=300000
+shindig.oauth2.accessTokenExpiration=18000000
+shindig.oauth2.refreshTokenExpiration=432000000
+
+# Allows unauthenticated requests to Shindig
+shindig.allowUnauthenticated=true
+
+# Comma separated tags that need to have its relative path to be resolved as absolute.
+# Possible values are RESOURCES and HYPERLINKS
+shindig.gadgets.rewriter.absolutePath.tags=RESOURCES
+shindig.urlgen.use-templates-default=false
diff --git a/modules/distribution/src/repository/conf/sso-idp-config.xml b/modules/distribution/src/repository/conf/sso-idp-config.xml
new file mode 100755
index 00000000000..99f61be9ebb
--- /dev/null
+++ b/modules/distribution/src/repository/conf/sso-idp-config.xml
@@ -0,0 +1,52 @@
+<!--
+ ~ Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ ~
+ ~ WSO2 Inc. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except
+ ~ in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~    http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+<SSOIdentityProviderConfig>
+    <TenantRegistrationPage>https://stratos-local.wso2.com/carbon/tenant-register/select_domain.jsp</TenantRegistrationPage>
+    <ServiceProviders>
+        <ServiceProvider>
+            <Issuer>store</Issuer>
+            <AssertionConsumerService>https://localhost:9443/store/acs</AssertionConsumerService>
+            <SignResponse>true</SignResponse>
+            <CustomLoginPage>/store/login.jag</CustomLoginPage>
+        </ServiceProvider>
+        <ServiceProvider>
+            <Issuer>social</Issuer>
+            <AssertionConsumerService>https://localhost:9443/social/acs</AssertionConsumerService>
+            <SignResponse>true</SignResponse>
+            <CustomLoginPage>/social/login</CustomLoginPage>
+        </ServiceProvider>
+        <ServiceProvider>
+            <Issuer>publisher</Issuer>
+            <AssertionConsumerService>https://localhost:9443/publisher/acs</AssertionConsumerService>
+            <SignResponse>true</SignResponse>
+            <CustomLoginPage>/publisher/controllers/login.jag</CustomLoginPage>
+        </ServiceProvider>
+				<ServiceProvider>
+            <Issuer>emm</Issuer>
+            <AssertionConsumerService>https://localhost:9443/emm/acs</AssertionConsumerService>
+            <SignResponse>true</SignResponse>
+            <CustomLoginPage>/emm/login</CustomLoginPage>
+        </ServiceProvider>
+				<ServiceProvider>
+            <Issuer>mam</Issuer>
+            <AssertionConsumerService>https://localhost:9443/mam/acs</AssertionConsumerService>
+            <SignResponse>true</SignResponse>
+            <CustomLoginPage>/mam/login</CustomLoginPage>
+        </ServiceProvider>
+    </ServiceProviders>
+</SSOIdentityProviderConfig>
diff --git a/modules/distribution/src/repository/conf/tomcat/context.xml b/modules/distribution/src/repository/conf/tomcat/context.xml
new file mode 100644
index 00000000000..33db120fecd
--- /dev/null
+++ b/modules/distribution/src/repository/conf/tomcat/context.xml
@@ -0,0 +1,38 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- The contents of this file will be loaded for each web application -->
+<Context crossContext="true">
+	
+
+
+    <!-- Default set of monitored resources -->
+
+    <Loader className="org.wso2.carbon.webapp.mgt.loader.CarbonWebappLoader" loaderClass="org.wso2.carbon.webapp.mgt.loader.CarbonWebappClassLoader"/>
+
+    <!-- Uncomment this to disable session persistence across Tomcat restarts -->
+    <!--
+    <Manager pathname="" />
+    -->
+
+    <!-- Uncomment this to enable Comet connection tacking (provides events
+         on session expiration as well as webapp lifecycle) -->
+    <!--
+    <Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
+    -->
+
+</Context>
diff --git a/modules/distribution/src/repository/conf/trusted-idp-config.xml b/modules/distribution/src/repository/conf/trusted-idp-config.xml
new file mode 100644
index 00000000000..a69f282d43f
--- /dev/null
+++ b/modules/distribution/src/repository/conf/trusted-idp-config.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- ~ Copyright (c) 2005-2011, WSO2 Inc. (http://www.wso2.org) All Rights 
+	Reserved. ~ ~ WSO2 Inc. licenses this file to you under the Apache License, 
+	~ Version 2.0 (the "License"); you may not use this file except ~ in compliance 
+	with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 
+	~ ~ Unless required by applicable law or agreed to in writing, ~ software 
+	distributed under the License is distributed on an ~ "AS IS" BASIS, WITHOUT 
+	WARRANTIES OR CONDITIONS OF ANY ~ KIND, either express or implied. See the 
+	License for the ~ specific language governing permissions and limitations 
+	~ under the License. -->
+
+<TrustedIdPConfig xmlns="http://wso2.org/projects/carbon/trusted-idp-config.xml">
+	<JDBCPersistenceManager>
+		<DataSource>
+			<!-- Include a data source name (jndiConfigName) from the set of data 
+				sources defined in master-datasources.xml -->
+			<!--Name>jdbc/WSO2_IDP_DB</Name-->
+			<Name>jdbc/WSO2CarbonDB</Name>
+		</DataSource>
+	</JDBCPersistenceManager>
+</TrustedIdPConfig>
diff --git a/modules/distribution/src/repository/conf/user-mgt.xml b/modules/distribution/src/repository/conf/user-mgt.xml
new file mode 100644
index 00000000000..cb059ab060c
--- /dev/null
+++ b/modules/distribution/src/repository/conf/user-mgt.xml
@@ -0,0 +1,343 @@
+<!--
+  ~ Copyright WSO2, Inc. (http://wso2.com)
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+        
+<UserManager>
+    <Realm>
+        <Configuration>
+		<AddAdmin>true</AddAdmin>
+                <AdminRole>admin</AdminRole>
+                <AdminUser>
+                     <UserName>admin@admin.com</UserName>
+                     <Password>admin</Password>
+                </AdminUser>
+            <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
+            <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
+        </Configuration>
+	<!-- Following is the default user store manager. This user store manager is based on embedded-apacheds LDAP. It reads/writes users and roles into the 		     default apacheds LDAP user store. Descriptions about each of the following properties can be found in user management documentation of the 	 respective product. In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property>
+	     Note: Do not comment within UserStoreManager tags. Cause, specific tag names are used as tokens when building configurations for products. -->
+	<!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
+            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
+            <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
+            <Property name="ConnectionName">uid=admin,ou=system</Property>
+            <Property name="ConnectionPassword">admin</Property>
+            <Property name="Disabled">false</Property>           
+            <Property name="passwordHashMethod">SHA</Property>
+            <Property name="UserNameListFilter">(objectClass=person)</Property>
+	    <Property name="UserEntryObjectClass">wso2Person</Property>
+            <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
+            <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
+            <Property name="UserNameAttribute">uid</Property>
+            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
+            <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
+	    <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
+            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="ReadGroups">true</Property>
+	    <Property name="WriteGroups">true</Property>
+	    <Property name="EmptyRolesAllowed">true</Property>
+            <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
+            <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
+            <Property name="GroupEntryObjectClass">groupOfNames</Property>
+            <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
+            <Property name="GroupNameAttribute">cn</Property>
+            <Property name="SharedGroupNameAttribute">cn</Property>
+            <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
+            <Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
+            <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
+            <Property name="SharedGroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
+            <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
+            <Property name="SharedTenantNameAttribute">ou</Property>
+            <Property name="SharedTenantObjectClass">organizationalUnit</Property>
+	    <Property name="MembershipAttribute">member</Property>
+	    <Property name="UserRolesCacheEnabled">true</Property>
+	    <Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property>
+            <Property name="MaxRoleNameListLength">100</Property>
+            <Property name="MaxUserNameListLength">100</Property>
+            <Property name="SCIMEnabled">false</Property>
+        </UserStoreManager-->
+
+	<!-- Following is the configuration for internal JDBC user store. This user store manager is based on JDBC. In case if application needs to manage 		     passwords externally set property <Property name="PasswordsExternallyManaged">true</Property>. In case if user core cache domain is needed to 			identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property>. Furthermore properties, IsEmailUserName and 	     			DomainCalculation are readonly properties. 
+	     Note: Do not comment within UserStoreManager tags. Cause, specific tag names are used as tokens when building configurations for products. -->	
+        <UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
+            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property>
+	    <Property name="ReadOnly">false</Property>
+            <Property name="MaxUserNameListLength">100</Property>
+            <Property name="IsEmailUserName">false</Property>
+            <Property name="DomainCalculation">default</Property>
+            <Property name="PasswordDigest">SHA-256</Property>
+            <Property name="StoreSaltedPassword">true</Property>
+            <Property name="ReadGroups">true</Property>
+	    <Property name="WriteGroups">true</Property>
+            <Property name="UserNameUniqueAcrossTenants">false</Property>
+            <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
+            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
+	    <Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\&lt;&gt;,\'\"]{3,30}$</Property>
+	    <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
+	    <Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\&lt;&gt;,\'\"]{3,30}$</Property>
+	    <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
+            <Property name="UserRolesCacheEnabled">true</Property>
+            <Property name="MaxRoleNameListLength">100</Property>
+            <Property name="MaxUserNameListLength">100</Property>
+	    <Property name="SharedGroupEnabled">false</Property>
+            <Property name="SCIMEnabled">false</Property>
+        </UserStoreManager>
+	
+	<!-- If product is using an external LDAP as the user store in READ ONLY mode, use following user manager.
+		In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property>
+ 	-->
+        <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
+            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
+            <Property name="ReadOnly">true</Property>
+            <Property name="Disabled">false</Property>                       
+	    <Property name="MaxUserNameListLength">100</Property>
+            <Property name="ConnectionURL">ldap://localhost:10389</Property>
+            <Property name="ConnectionName">uid=admin,ou=system</Property>
+            <Property name="ConnectionPassword">admin</Property>
+	    <Property name="passwordHashMethod">PLAIN_TEXT</Property>
+            <Property name="UserSearchBase">ou=system</Property>
+            <Property name="UserNameListFilter">(objectClass=person)</Property>
+	    <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
+            <Property name="UserNameAttribute">uid</Property>
+	    <Property name="ReadGroups">true</Property>
+            <Property name="GroupSearchBase">ou=system</Property>
+            <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
+	    <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
+            <Property name="GroupNameAttribute">cn</Property>
+            <Property name="SharedGroupNameAttribute">cn</Property>
+            <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
+            <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
+            <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
+            <Property name="SharedTenantNameAttribute">ou</Property>
+            <Property name="SharedTenantObjectClass">organizationalUnit</Property>
+	    <Property name="MembershipAttribute">member</Property>
+            <Property name="UserRolesCacheEnabled">true</Property>
+	    <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
+            <Property name="MaxRoleNameListLength">100</Property>
+            <Property name="MaxUserNameListLength">100</Property>
+            <Property name="SCIMEnabled">false</Property>
+        </UserStoreManager-->
+	
+	<!-- Active directory configuration is as follows.
+	    In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property>
+	    There are few special properties for "Active Directory". 
+	    They are : 
+	    1.Referral - (comment out this property if this feature is not reuired) This enables LDAP referral support.
+	    2.BackLinksEnabled - (Do not comment, set to true or false) In some cases LDAP works with BackLinksEnabled. In which role is stored
+	     at user level. Depending on this value we need to change the Search Base within code.
+	    3.isADLDSRole - (Do not comment) Set to true if connecting to an AD LDS instance else set to false.  
+	-->
+	<!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
+            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
+            <Property name="defaultRealmName">WSO2.ORG</Property>
+            <Property name="Disabled">false</Property>                                   
+            <Property name="kdcEnabled">false</Property>
+            <Property name="ConnectionURL">ldaps://10.100.1.100:636</Property> 
+            <Property name="ConnectionName">CN=admin,CN=Users,DC=WSO2,DC=Com</Property>
+            <Property name="ConnectionPassword">A1b2c3d4</Property>
+	    <Property name="passwordHashMethod">PLAIN_TEXT</Property>
+            <Property name="UserSearchBase">CN=Users,DC=WSO2,DC=Com</Property>
+            <Property name="UserEntryObjectClass">user</Property>
+            <Property name="UserNameAttribute">cn</Property>
+            <Property name="isADLDSRole">false</Property>
+	    <Property name="userAccountControl">512</Property>
+            <Property name="UserNameListFilter">(objectClass=user)</Property>
+	    <Property name="UserNameSearchFilter">(&amp;(objectClass=user)(cn=?))</Property>
+            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
+            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
+	    <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
+            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+	    <Property name="ReadGroups">true</Property>
+	    <Property name="WriteGroups">true</Property>
+	    <Property name="EmptyRolesAllowed">true</Property>
+            <Property name="GroupSearchBase">CN=Users,DC=WSO2,DC=Com</Property>
+	    <Property name="GroupEntryObjectClass">group</Property>
+            <Property name="GroupNameAttribute">cn</Property>
+            <Property name="SharedGroupNameAttribute">cn</Property>
+            <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
+            <Property name="SharedGroupEntryObjectClass">groups</Property>
+            <Property name="SharedTenantNameListFilter">(object=organizationalUnit)</Property>
+            <Property name="SharedTenantNameAttribute">ou</Property>
+            <Property name="SharedTenantObjectClass">organizationalUnit</Property>
+            <Property name="MembershipAttribute">member</Property>
+            <Property name="GroupNameListFilter">(objectcategory=group)</Property>
+	    <Property name="GroupNameSearchFilter">(&amp;(objectClass=group)(cn=?))</Property>
+            <Property name="UserRolesCacheEnabled">true</Property>
+            <Property name="Referral">follow</Property>
+	    <Property name="BackLinksEnabled">true</Property>
+            <Property name="MaxRoleNameListLength">100</Property>
+            <Property name="MaxUserNameListLength">100</Property>
+            <Property name="SCIMEnabled">false</Property>
+        </UserStoreManager-->
+	
+	<!-- If product is using an external LDAP as the user store in read/write mode, use following user manager 
+		In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property>
+	-->
+	<!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
+            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
+            <Property name="ConnectionURL">ldap://localhost:10389</Property>
+            <Property name="Disabled">false</Property>                       
+            <Property name="ConnectionName">uid=admin,ou=system</Property>
+            <Property name="ConnectionPassword">secret</Property>
+            <Property name="passwordHashMethod">PLAIN_TEXT</Property>
+            <Property name="UserNameListFilter">(objectClass=person)</Property>
+	    <Property name="UserEntryObjectClass">inetOrgPerson</Property>
+            <Property name="UserSearchBase">ou=system</Property>
+            <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
+            <Property name="UserNameAttribute">uid</Property>
+	    <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
+	    <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
+            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
+	    <Property name="ReadGroups">true</Property>
+	    <Property name="WriteGroups">true</Property>
+	    <Property name="EmptyRolesAllowed">false</Property>
+            <Property name="GroupSearchBase">ou=system</Property>
+            <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
+            <Property name="GroupEntryObjectClass">groupOfNames</Property>
+            <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
+            <Property name="GroupNameAttribute">cn</Property>
+            <Property name="SharedGroupNameAttribute">cn</Property>
+            <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
+            <Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
+            <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
+            <Property name="SharedGroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
+            <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
+            <Property name="SharedTenantNameAttribute">ou</Property>
+            <Property name="SharedTenantObjectClass">organizationalUnit</Property>
+            <Property name="MembershipAttribute">member</Property>
+            <Property name="UserRolesCacheEnabled">true</Property>
+	    <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
+            <Property name="MaxRoleNameListLength">100</Property>
+            <Property name="MaxUserNameListLength">100</Property>
+            <Property name="SCIMEnabled">false</Property>
+        </UserStoreManager-->
+
+	<!-- Following user manager is used by Identity Server (IS) as its default user manager. 
+	     IS will do token replacement when building the product. Therefore do not change the syntax. 
+	     If "kdcEnabled" parameter is true, IS will allow service principle management. Thus "ServicePasswordJavaRegEx", "ServiceNameJavaRegEx"
+	     properties control the service name format and service password formats.
+	     In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property>
+	-->
+	<!--ISUserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
+            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
+            <Property name="defaultRealmName">WSO2.ORG</Property>
+            <Property name="kdcEnabled">false</Property>
+            <Property name="Disabled">false</Property>                                   
+            <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
+            <Property name="ConnectionName">uid=admin,ou=system</Property>
+            <Property name="ConnectionPassword">admin</Property>
+            <Property name="passwordHashMethod">SHA</Property>
+            <Property name="UserNameListFilter">(objectClass=person)</Property>
+            <Property name="UserEntryObjectClass">identityPerson</Property>
+            <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
+            <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
+            <Property name="UserNameAttribute">uid</Property>
+            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
+	    <Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property>
+	    <Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property>
+            <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
+            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
+            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+	    <Property name="ReadGroups">true</Property>
+	    <Property name="WriteGroups">true</Property>
+	    <Property name="EmptyRolesAllowed">true</Property>
+            <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
+            <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
+	    <Property name="GroupEntryObjectClass">groupOfNames</Property>
+            <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
+            <Property name="GroupNameAttribute">cn</Property>
+            <Property name="SharedGroupNameAttribute">cn</Property>
+            <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
+            <Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
+            <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
+            <Property name="SharedGroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
+            <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
+            <Property name="SharedTenantNameAttribute">ou</Property>
+            <Property name="SharedTenantObjectClass">organizationalUnit</Property>
+            <Property name="MembershipAttribute">member</Property>
+            <Property name="UserRolesCacheEnabled">true</Property>
+	    <Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property>
+	    <Property name="RoleDNPattern">cn={0},ou=Groups,dc=wso2,dc=org</Property>
+	    <Property name="SCIMEnabled">true</Property>
+            <Property name="MaxRoleNameListLength">100</Property>
+            <Property name="MaxUserNameListLength">100</Property>
+        </ISUserStoreManager-->
+
+	<!--	Following configuration is for the CassandraUserStoreManager. The CassandraUserStoreManager is capable of using a Cassandra
+		database as a user store. This user manager supports multiple credentials for authentication. Credential types can be defined
+		and configured in the following configuration. The CassandraUserStoreManager does not ships with the any of the WSO2 Carbon
+		Servers by default, therefor Cassandra user manager component needs to be installed to the Carbon Server befor using.
+
+		And if this CassandraUserStoreManager is used as the primary user store with multi tenants, it should also implement a 
+		compatible TenantManager and set property <Property name="TenantManager">FULL_QUALIFIED_TENANT_MANAGER_CLASS_NAME</Property>.
+	-->
+	<!--UserStoreManager class="org.wso2.carbon.user.cassandra.CassandraUserStoreManager">
+	    <Property name="Keyspace">User_KS3</Property>
+	    <Property name="Host">localhost</Property>
+	    <Property name="Port">9160</Property>
+	    <Property name="PasswordDigest">SHA-256</Property>
+	    <Property name="StoreSaltedPassword">true</Property>
+	    <Property name="AuthenticateWithAnyCredential">true</Property>
+	    <Property name="DomainName">multipleCredentialUserStoreDomain</Property>
+	        <MultipleCredentials>
+		    <Credential type="Default">org.wso2.carbon.user.cassandra.credentialtypes.EmailCredential</Credential>
+		    <Credential type="Email">org.wso2.carbon.user.cassandra.credentialtypes.EmailCredential</Credential>
+		    <Credential type="PhoneNumber">org.wso2.carbon.user.cassandra.credentialtypes.PhoneNumberCredential</Credential>
+		    <Credential type="Device">org.wso2.carbon.user.cassandra.credentialtypes.DeviceCredential</Credential>
+		    <Credential type="External">org.wso2.carbon.user.cassandra.credentialtypes.ExternalProviderCredential</Credential>
+	        </MultipleCredentials>
+	</UserStoreManager-->
+
+        <AuthorizationManager
+            class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
+            <Property name="AdminRoleManagementPermissions">/permission</Property>
+	    <Property name="AuthorizationCacheEnabled">true</Property>
+        </AuthorizationManager>
+    </Realm>
+</UserManager>
+
+<!--*******Description of some of the configuration properties used in user-mgt.xml*********************************
+
+DomainName - This property must be used by all secondary user store managers in multiple user store configuration. 
+	     DomainName is a unique identifier given to the user store. Users must provide both the domain name and 
+	     username at log-in as "DomainName\Username"
+
+UserRolesCacheEnabled - This is to indicate whether to cache role list of a user. By default it is set to true.
+                        You may need to disable it if user-roles are changed by external means and need to reflect
+                        those changes in the carbon product immediately.
+
+ReplaceEscapeCharactersAtUserLogin - This is to configure whether escape characters in user name needs to be replaced at user login.
+				     Currently the identified escape characters that needs to be replaced are '\' & '\\'
+
+UserDNPattern - This property will be used when authenticating users. During authentication we do a bind. But if the user is login with
+                email address or some other property we need to first lookup LDAP and retreive DN for the user. This involves an additional step. 
+                If UserDNPattern is specified the DN will be contructed using the pattern specified in this property. Performance of this is much better than looking
+                up DN and binding user.
+
+RoleDNPattern - This property will be used when checking whether user has been assigned to a given role. Rather than searching the role in search base, by 
+                using this property direct search can be done.
+
+passwordHashMethod - This says how the password should be stored. Allowed values are as follows,
+                     SHA - Uses SHA digest method
+                     MD5 - Uses MD 5 digest method
+                     PLAIN_TEXT - Plain text passwords
+                     In addition to above this supports all digest methods supported by http://docs.oracle.com/javase/6/docs/api/java/security/MessageDigest.html.
+
+DisplayNameAttribute - this is to have a dedicated LDAP attribute to display an entity(User/Role) in UI, in addition to the UserNameAttribute which is used for IS-UserStore interactions.
+-->
diff --git a/modules/distribution/src/repository/conf/wso2emm.jks b/modules/distribution/src/repository/conf/wso2emm.jks
new file mode 100644
index 0000000000000000000000000000000000000000..ab02772790f6bcd11ff0b2dfa0c7b1d6981c7cb4
GIT binary patch
literal 3180
zcmeH|c{J4h9>-@h#u^PX7llD~p5F{+2p7#1*_W}Wv4?rG&t#23gh(s0R6|HeYLKO*
zsHdh)gsf%X*TiG#PTl9++v(hM&pqefbN_n&_@3|id_I4C-rw){^?iSK=62>lAQ0q_
z1qQ)GJ-mEE!$BbMAq^wRYEG#ENPyG=f^c3HI2Z<2h6sbfTp(BigsJO9jyWC4JjQRi
zuTJ%nr=@5!#BJSjmHTNGK1A2hh&OAlPdfCB!<Yg0)`LSY%eI7NQlm@n?{Tg+DSop$
z-IK!-Wmd5Ss59?(aN9R^YQQhlf@4;Bhuj-^B=#|>G;$Xl0>>LOCdTf21VhQ@W%(%0
z+{VLEF9S}Z0_1WHOi0Z%)sn2pDp110Hb#bMsf8*DHs-^eoClF?oG&0!p(|4EbnQy}
zR&^#Xb)v{Im=(9fboBG@lr)ON4}a41Sd^o*9k`XG#(L8=@UHy>%_{DIqav%1+HY_{
zfQM%CWVys*Ui{M=+s$l2GvN^juhfan{OD#&v1kc-dU|2Oro&WIxVLvkC55meYVAMW
z1baOCM&&kQw1BpJkzZ?mzwa@O+Elato-B`5w)Dm2XM(zit>!_seP_ro)n5)2&5V;Z
zm6ms9=@5-kk)4GX2F{erT@Y~Rg%7#Z$-Rcls22#25TokIhdVz9m=6tC9_gT4wlpY%
z&zd+mdn>7;Y66AIpQfl_X7OYnri8YIUg5CXeHjl=mYDOAJcJ7nA=Y{hpDr3X=-w-v
zcO1nmkdJG5+{>QxGJkM(Bl>W|g<txw+-j?|#J);tuL^!ls434bwHhv7bj;G6jgEe&
zYxa@wS9<<#w^yuqC`GxI;U=4+i5$a8S?^ihJ?EcT6}Bi;sooeKFt_n6aNlJdQPA*a
z8nzwM4&tl-RK2miv|ZnRX&o_O_XS-dQWs?zS8*lAT-2a2*A!%x<p9?4_RpKNt)(W{
zN4g+M%-`=I-enb22G{nSy>7NGGdMIkWuAHeqeu_S+F}RkbIz%1nN5>2y{FK&pRXIQ
z;bO{bHwKtoX_Zzj`s{f!^*G7)_9nY;w)0x2x|A2qTQMf<IpfQBs=1uhwE!Is$U+>D
z`GEv5?HUvUhCsmHfB>9FIoTxnivR~{E)ZaW6#)3)P<t3JKg=>H&<Cpr?Ee-*`87_2
z1>vM^gMz}PiAK_jIvO4XZ>$HPhSdN()iiOQ+G?Jj-gq?vPTQB@h1J#|c=;*;l4t==
z9S>*&cpQMmxo|?wA3{L>=XRn1^6%~Vzqhj^9<-LWH3Aq{e-z63d{9OP2w<c_7!1%m
zii_Xa*-UmZ-7M9!_mtijz_c4TAu%)Jf7K>#qNnunhioymsGS0vZu7T@_rcymAzK40
z0;10LeuI-%BDHC6<(1)kDW@$O5EarTHz*V@=e{RJw-lCP#P~FOX%R8Q8HwrG0fI;i
z{=qq>mYq>&p@M;%%5JAbYjMzh2SG;&6bu3v$pRQ)7f1SDBpCb^#sxq*8^<v?iCy0k
zFerrU+K*@8TsD*=zL9=iAi?xq-4|HD^(!}p-vS;<-?gj8j3p*%pr6HLcD$gTdIbt0
z>#K$;iOA{=&HxWasnIQ@38SaP_hB2SYg=!GooQy5k;G4W1|e5SSp`-abYnwBbSO!z
zgYR$*dgi&3gN{QrrKUtQDgr9B5A^ZHSz>v+3Gz~sE^h^W8uSk|2plvtIB4Ymfd=>|
zwf}E4{>LQ#JA&Am^Q~2n%zYPX>@(6N8cHjih0XInZNKT#H4qEl?a>|kFr9Aeil!4K
zr$FWz9^5MycE?fbr|RWxxEcek)gI#HCb^E_rwNinPM3>AI+X3CM$G9q6(k*=A}QQx
z_;Y35*`s_1my~+fgIGpB!}{orKDSNfrPA&hQvPI1!M^{LAaL?eZ}N>Gg#bs{$R!ea
zI@f^os{!IPW##lDGpqEic#qS8(%%>1CzILZ1@h!q>|<AN%fWrXX4;>O!t40ge;Kxl
zKlJQK^^3x;^Y`I|g-9IiVLw4A@I15Z@k3X!sli4>E@?*QPJv;1LLAr>%9BXRi&ff1
zJ8un3l&!Witjfq+<#F9{<roZSWP1H`WEw7f<v2|v2dBD!F*1wX#;eK+!%onPXqj2E
zwn1#AEowsngB&j`D{>=BP+_W6zf5r9brtb0L@iH!{vrPW%knKr&lXdx;(6CWA(Tp=
ztT1<!yb|4)=*K`I(KGFkgJ=8O2ol})<4tqhN7tU%3Tx0}WcA&;bs6uA>A&$-Gx8`l
z6nD3(TO-@|9LJZ&zTQi#;x5h&TiK=r$QmpV^|w|;>pt5}zwg^C*d09F0f?Z}{u1hl
z>W4&Nsw@v~yQ)RJGrDIRlxvktY#J2tM0v=h?>W(}X`j17$QjjFFXz6w$S0PItuQq?
z!h^`PExYZ;?2k+K+X!){&)cT7A-lUu@PmtCEMl1~Gr;$V%+h?XA3RjcLs`PRse9Tq
zzNT@_fnRrkYdEkd!VKR5JH60sYC2QWbC=-q_Bpz}XLN`6rbu&>ewxB_X+(?tsiExG
zxtp;$$;@NL8y_y*pbZ4MKOILI1_?B$^9-zxt6Y-VJ*yK(=p(1NES{Pgjeh;vtIi8*
zuT+z+XD>p=?&$PzFMWxCXSAH@l)X`|h1<{FXcnn^hVs6Ib$9Lq{IWL}>Xntxym_H0
z)ZLf+_J+m&T}?^#v(TA&43w!AV|>@_e9lh8`IthvPz+0><E~rz2c<csl2LM!@n|+_
zVJf*H9dr5DuL)AO-cZ-3n-p<j<m7Y0U3cUx<3S1c$|n<5e9BZ^6UBRtAEvgLKDtvM
za;51G-lqgSG){O8x5-OAo<yOor#Wsm_#VQPB^R%~{J@i4kW~{msCaDp1lE7e(<NAc
zLYT^CAC2Q}TudA3$di)sZ@bb-(=`d{=0(mzYEp78i@D<3Zg^KZHaH#av%R&s+M7ey
zizg}jmAkvhQK+P~()z-RN7hz+un07C92FRg+X^0`hC9{1_>T0S#>fEuX^j7cF%CMs
WTu-<|bB(W<&GwyPi{a7_c>E3HRNo~4

literal 0
HcmV?d00001

diff --git a/modules/distribution/src/repository/conf/wso2permission.jks b/modules/distribution/src/repository/conf/wso2permission.jks
new file mode 100644
index 0000000000000000000000000000000000000000..9d5de8f1079b8bbabae2a0ffe7cff29669a9742a
GIT binary patch
literal 46409
zcmd_T2X|b@l`aaPku%W9L}+A?Ab@UUfXGB3NMwK@2qFWGKmy&!IXG!7+haLuENg68
zwk25(vMkSNY-wifwPZ=8a-<b0P4Iob^XA=q-&^+&yze`^`k+A&plC}T%eU9JckQZ^
z>QwE$E1Wu~|JSeo`F}a!;^N{4O4Y)kl?8k5=<xiA-IhISonLfuaZUHx-PNNfyTDw6
z1M1C4bgLnErR3gN?S{}C;OTP=;VBRh;Ogq`;bNY!_?dk?4QJgwjc!e6ECFUeMtqI#
z=Q>++Ek<()quxf}bHfXhQ?`jkyUh}84rHR2(W}!sytp`RbsXhqbZ@cStd64$M&I2W
zn@y1c=3+~(#bU`d7v~lCMg`^O7U!Bvatl<#pDrs>0Q<|s)x*Ug+gw<90Lu+<0R_JI
z7`XRoN!gYFd@gk6KR@vg>yQFKuYYx?BM#xn!mD3D)eC`<e$eg#i1dJfI=>xolSHiT
zdATBaA~+ASCHF~!aMLA(YL|186o_D@s{EKCtR@6vlQ&pzDcB6C7SsY-2L12Pe)q0;
zgi9c2{O4W&9D(>NUjQp|Gq}3A?k^Q+iKA3_e!*}U!n|;>q;qA=nCB!|OAT1{Yu{(-
z`T8}2H#UJ~fSeIN(&bsST(^O=qb(zYd3`*YGZJ3-e451bBsh!UyvYXMr>X>EAnz17
z18RNc5%5WO-sCEXy8`V65`v#@?E+^t#Fe&I%`!Ze56*(4StON#iJe((i}Onhi=)$1
zkVc1LX9?H_RB#uEow*~z8`Z;ZL=0}OZf@?ys=#hom`b&r?Cxx*CCnTucIQ_o7tgj?
z7cHmE^-T2(t6W)G$yV9omYkDX-Ud%r4>sDy?KvmgI!#lyQTzOCwrOO|G;bZxHcd~>
zOf4=T7#_*Cq?(hpGZ|wuMvs~-B_$;$rwf^yxUY50l4rJXH-qt*^H#Z-=_Gv4)cDls
z@Zyx+W~yFVoV3qREv}j4BLhlGEN0ktNp60gxi>PvqM`+i{>9xds+m>4&z&CXKB%h$
zmdN*il5U4Y)sF_%fvAK!S|QPrfTcA(wOyCa85+j)$Pqf2oubtS1Vx}weT#8RM1M06
zEdkMj1m^cXEdsUq>gP_J(6=lehgfM*wgcHlSLD@v=6H8QlzRu{z+f<7R08n#{~Ao$
zWb1$=ySXa;XY<4A*TN7_pCQPn7y)X~{<s_5T)ea$lAv~R2{a|wXe}X}{CD?$@?Y=$
z<a_tY5ljL8VhqR8Y#NO2Cp(%fW|lrZ5#43l<l^FNX->{QyYFaHwr|NEou4*mvfP5*
zQ_M*?D2R6LWQa`4H9L$^vrVmej|*bSyLy@vcyzLRl$niya>7Tcn*bfR-~xhYzqzQ#
zo6K=MF3>%~{T7b#=P^ci53|8lQ-|n1y^$@iY8Q8Zv+oi2?)+@C!A*0j`z*|<DXP@7
z17Y0Y0Zx4eV(TSjw%HVfo{~5?TLb?>FSkp<G)I+r3&c%OHRvM9i`iqFl1j^X_M2cl
zb9*cpkX<X`gt`o3+%Gmdtk|KTsoAniU9p6oJ%)u5h{3#66=)39$CI|QVF^76#^Ux=
zjUGKiZ5i8bb^x?CDRkL7KeaG5VH=$uURcPRKtJ$+X35~mY#7|g-7dKWZy^M{UV1Pd
zLGaoHcs^*q|MEb05F3EKCKhQ9N8O=M7}$+WbRrYSO^vqEY)hHBlpFkvc_*1GQ=X}9
zX=Hk8)YLXVH8VWFc2J99$}%<NT1w5ua<oM?NyVnU=f`gK_IcB=G&JkhG1Jn5)nvC#
zuUQf_6~vVz9EX^?*kqeptcxr5`Ab@xRBSG=6q~gl+N9iKb1~Yeyn>Q~k{h>4AIJNY
z`r2QYhqgrnI4Y#SZ|dbAzxLQgDqg~QFxEZ&fT@0_q4M?HRJW8pNr69t$RO%EkSf7T
zpJ7X|Ir`G~*aiU?*kK#1a#w8_Be8WWvQ4!sN6Xp}rwXpBZq*D8Ku~vXU|XbT@1qX@
zin`2fGF=;TRcDZ$-?6D-@HpCJYv05HJy$5SYKUCgn_u`<-*b1-vcf^GC9B!ZK@+pH
zkbz(}q(EnL*GwkDfPROSN;-HquQw>sxZvSJNXOI5z>jhW7BaT@{G$sHVwJNQrV{}o
zK`gi`?-PNNQoBGO4@^lgM>kXgnv=K>Z+4CiFL3@`+M0`q99`s@GhY9Z8ayDX&HxAD
z>f$uiLX-tM%-mr(2+pe2!az^oOix#L*JExWu22z{Fw@`t9@t_CSZrPlYljXBNb%WR
zoudy0O1&?fXC8p?%z!yl3G>Wa1l*`Ug02qsMBaJ$h@RpNDX&G3LO88QuKtSdNcBw?
zA+nSK&nWKWB@y9)p-Y1%pDsj{W_m}m!1ESWxv6X-Y3#~fa>&>=%Wfy5l%u9%5cTc+
z$h%+Tfou!buRR1#N4yCVa2xQ(U29er4RAtLyDgFGBVhXhuuj)9z>1kM;Dvi!)9JW*
z2(L!-VV~~xI~F`bQ=_xWFR{$$c*kBIXO<9H?fJzlqGRs9yJmp6DhXBOu{<e|F2Qx2
z_cqV|*=s)<ykKKFR;*O&`&3c^wFWH?LJVlxwO_Ut<!3`!1J%${{`G-7Y_b774@5H%
zq+USS%UYeEmXxr7YL;t53RqDV*dR}@`~W0?C9@?W&nB>`;}I+35HU*WdakE+(&fre
zsH<nGTP`d^<|@fpxj`cnl<-WU_W1ZM7JiVj0oj(%!Ud8+EQJP|Kr&-#VXu6F%D}n~
z>!9_fb$2G`v?_OoIO_lymEiTiqlcprQ$b^Q3sdbj@y;iap5g!8<FyFe)!kLGx&_uY
zR#mJXhmgOSw8(_3KXp!J$pO?gTAs^H{l)%r)=I<}81Tw>Boxjb3Tqlz?4$lT<JHG|
zhFwy|{WePDk?bAF@&{OJ<*P&Bv`rI8bu=J3Bj|Jy?SMDa1Y+f%N&o{Ky&s8zpYCTK
z>D~ZVx>rj4|MSS*5L{Tsz`6wBt;<SgjRLBSCDIZuVVDHqtgjJ}%H$irpu#-)WgF|S
zY5**h^^#OVO}P*R#;E259Yb@sQ{3iOOU{jM?krv!-Ts!6y`E{O4i6^5qRo-)nRxpL
zpR+D3TIX%((AbwTzP9RfU;bVv?bG&|5xZlu%h%tRGiJ^9kts}w9Wh7q3<m$u-9%G|
z-M(l#S<SwQCEskZ6k_tL*iypra)DFSJpN(lCfsb4-1u9}*$O3E@!haQ4(>brkFVXG
zNM#C|sRsvGB{R(;=UOEMFI%GWGyM$xjz232VE6a<1u&ZB5U8L>)jF$Y_+)Kf<Rk?8
zOFO7PfaY8P62xr3{VhmdAf7t4e@oJ-5-IT=6~|oH=aqTN1}c#=x)HHe4J-Adnk9i&
zsPD``z|Ff6NlJr#tFixUpITuKu6&QiGLdj9g9UIdvLOJ0GEqoZzgu&GeTum><!fkB
zaVzv&brr=62%h{2m|$B1x<!CRRW2ep-Q*5v&`(c-z#>w`TN>KJ``MZ*X>zOcke%{J
zcvv|b2px>@)GUWub9KyF?oxb$CIT3=@kaRK<nYR(b=Eq+V7CoVj|?wNjUGJYNTs0}
z5;db!XW=}UtIK|K<D9eX;-uxh)fT0r-bR0i&7B;cwOT^W!Bkx@qYtB|F8hkj5@U{H
zny)dWOUtC`q}{f#G`)!FX-kGVjobW;343R&I<51|Q=`@eQ|;6;#!;BXPSi%fnCgmB
zXK7RSYO3MQ!ceu7?VU3BagB&}lu4FWC{<EW*`xLuZO~C@#sGYG(7_SM!Gn&!ko%VU
z++WuRI}$kpymJPujTRpcIt8M=_k!#-U_oqIR+i?keNmajImA~%KxI4F6pdjyGKo%s
zO(WCjas+Jd0DroRd{CTfuOJo_pHtmX?^#64YB$=pham`(U%Ne|o<7Xai@glNj>%Vq
zZoh1{<2sH)q9gNVU*O1vs8@bX-;$`g69{;SVh(~<#u>GlkKHMd!{#@#aNs3SxoSF9
z58E{%6N#Z`I-humz5sCP1FJfhdRo~y@8+#f&?Rhe%fi$D{Kn^p`wS4Xctg7-!1AT*
zeEJt)tcFDpQ2E>sL;&vxvAEe80^a##(3;l_YpW!@x5IS<0=t0CymV-vXBz?!dX_L%
z1uU2obd|s;y)Qr)b%QC5+=;vc{fm1XU52|hF=%jg3m)b@QX%M#>yG~ZXAdB3yRg1r
z18;ds<7N{J`)4gmKKQIfo%tl4lfhV~&sxaDN$xF7oa8y?+nwA@UZJ_jQuqhWZG0SV
z7`5w~w7+tddvOiYS`=4bHejx<?2`BffC0xr6CfH>`nCJPfo2JYyUQSKN(8(D^xXIK
z=$rRVJ@u#_YiJv&=a}T`-$;_3<{k`6H-dRIfLYclvT+C8l;=6lEdn;O0cL-Rlm(gM
zAkEi<G21j6pnHm4i71I|_#rg%c66Mos2?&RcI@hx!C&}-Y{<Pv3$9`prY)9M_WT!D
zc#|eF%Q6^yRf2eSkd!4(K~(*eScu8xD)Y=k1Um<S>QAxfrepcqqud{$4Fc?9PrmR&
zo=*@LAR+VWjQXa?nOA=@Ug?|$xe%1399+l{B7^Q*;4z@onqj&!x@uO?;XO1|etudw
zs}*QI*%&8Mq6Fg-fIsz15&H+1>5bArrKOSt&I}0Hw*s#HfZmfX=>7Y^R9VFOvGV3k
z>SjE6*}O_WYRT;C0v%u`h(~pSfD^1BAR+^-2DE6Cgmg9=Ky5$R5s?Gpxd-5KoVlQD
zcJoLY9ev@`k_<jGa%pM_VgIc1u#h+3{}p)dLK5$}2ec6mrkaqkQ;>H+g{g1fi2z6m
zV|ze_yHuZCqB1(-;~poQbx!|ZQ>RBoP`cq)qZD?Y_kI$T@e&oXciMPKDF|Xwn_xg*
zKiM0qi7927^w5xiUJ0}z!!fOih}_!?ot?MNOfAhE*iIO-SlouA<g_YA{_Ojq$>v09
z6k@LLhqlS>vL|}XoU!L|Nq{SQqDS<es4AF`U0?Jgx_7Di0~-u%c8o!kmbf5Exd*S>
zmmWimlN*4sZrVen^oaJt>X7N_6A}&H3Kc<_=@7jFPq9!+D{BGesx|<ka)*!rTKm=8
zdH6CNG`*ZXIi5E9=3R9yUNnXXp7rF?jOw8x!qX?X%x>}$!KupfAT#InhVk@}aAr(3
zBZWNt?c10Bs1E29y)ux0EN?z%hG$Qb1iJ)<<AFz%t6fr-TOeD&y|@!wUVv^8pra`j
zkzHzLTo4vcKX~OfbrL;&F|J%>GrdnyK2JBdW*$B|FUiN*PO&NDS$VzO^K8wQGTP3w
zmGz4Td+T8^Ag2w?OJufk9P$I1ELP3a1TPQc!4(!bXwTOUe!Av{103!}3)|dWZ?I;@
zso#l5v$St7<B@J$f}>Isg)v!0p`KS+oSr?Yz0@<d0&^Y@_cI>X57+yQc4T?Y`E2@{
z45!hp(}QHkJ#w&`V=<ZI_xqHPDJ&<ca^6w8o94pYLNgvE7vyWpJDj2{1;FyLzfZZ3
zTl5;Gb8;B?dC=K6ehj`y1=n%5;k>mW(1R@<P*~R2*^iLLRt!>YcWRAK$|YY8$JkDG
zWKp*TTfIE771U_VN@<R5Q}&01E?T9^Kp$;h5aWBHq>$E9d3N&%yC;KV3;76?#~PEp
z7%NH_nT<BEVasM8?(j|)c5ped(`L7~$w7@H#l;Ei?f~qf=}>mB$4i4njH2n&^8r2V
zjyRrh{l^y{W@!X5uk63jfO8u&z@NN>cHTj&<yE&q)9jN0s-UJJ(l?&wfq;K*g}NNK
zyn8oTlN;URi;sZ;^MQ1(mGoc{lajQ^b8(-M1Qv+q7yQ+ttA&N>1G^pUpqW8>$h(k*
zU`4#h$^AOz<R5mIUmmy&?1Z^Qd_eBL<sdg$_m$zi@ayOYUHPS+#v6<l=apZb*3qST
ztBJE`*7<`T=PM6UfR&t>($1F!U}i0v$0*ANaGLM?*xsq!$^QC0bf$|MoZodsjtxS<
zjsaU921Cz0h#*+0AlqDD8fXK^J+d;nfrgS!OGxwYnrA;E3&bW&Su>=$*FF(l*)YBV
zu^{8s$9xf{Xfx$)YY^AjuBxsGwect@P5FT7Qq>I8<mh4q%5oZe-o5v|PnBGf#E9r&
z2x^FM@()<z#U~<aiB~XH!quPry?eplA$#*aFyJpoU9Ml?#iFOjWq&5wsa;k+MizEr
zfftv49<aJg%u2H|oJ3pQ<&<=j)m@Pz#<S%(4DfYfwYEt__y~fSy-T}3$N?Y5x-Pgw
z<<6Bpn%U19TYTaNROU_k^nCUofd;m%sca;T-1fV>9t9T!(>$)j)jKcJEguJ^6;i{M
z-9ci@cy0-7Jp`=2m800#?gA6!BA5rUg(#P#I0=T>I`jl4f#<N$j?)|g4^Zx^$XyGx
z**+$9RLo@6`9WZQ1)d1B<|W!Xw=^|Ayt<(IS?kEs!j#RrurNBDd(i5x6q<*@M9wl|
zL|bxPH2cz{`~4EznU=kdcekfmC)b8|r<1p&nNy^diQBuuWUW!z!bmhLSMLwvxrQY_
zzrfKSbVNV&>&ad2zqdnuuC_WQzQglK23;x*?|<C!bJnwt#V5W5nHBWbw^<+br<J=M
zw-iLx{tG^kUw?!;<P#9zR*z6nhhRi`?jxpIYE0D&4}cGX=87t*dDST;UNQ06!#$8g
zsRh7OKL#tB1B<1=@e9x)0r*8;yahy;&bS0L1ILgKqN@*;z}3S%D~@%_JYlvXWfVkL
zJ!tO#aBKd0cNW9z2D{_&2CgQq2y@U%D-Lr-bUQ2xc6Uvuz}nOuGQJK5EIWCk54QjH
zjwoi&=tf&$inm*icy#Awn@0_9tn>X!<>ZO{B_qOHV)Ph2ctKA&b;=7=$lL)o3BaHH
zvM!2HgCNMO#5uL16EQ<A*!CGP_USj38~NQY??&u5JSX6n%eEQF0Oeg08N57{8nxxa
z?!YXFlg|R?4`AYqh~Qhg1i`xzY}`48wE?7^12c<!xPP)7;GgJ|cmhZ03R&jh-1iqY
zp9OdB)zMfpwF=L6jn_FLZNaH>Q3m6oF3O_2D2q9tk7Bv{(~KdjBl^)?REll?T^{PE
za@b6;X<K>kYv6;u0g<iwF-rB4ka8XbOw#KVJawDF^z_4YJBjUe)d(Vb3UjGDZ6jmg
zK)VEVAUcjg@}=_#EzX}t;9~2QZPd#cZU8!(&N4NqxRqC;;$(9=Cyp(xfKBC<AMWZI
zqNP;&!DGcEtnN_dtsoj4Zfe{-hBwF#SoeR!XQF$Tq@P~R?Vxu#A5lnW0fZG+U2NEF
zg5=~N4&Cjrr>sjC<g5l>1nB080S3Fh3F{Q1smoxhHrNY}d*Pel(bxVSTu_c+#3b^W
z9=c*dB6}LZc29f*g02c$t`64DoF0SF$O?GlUYdIMIvDMFvwkEDfxu=6U4v8{N7pH!
z2Ju9hpb<$bN3a88mV3DkC|c93+OfDp=9d?=!QFwQTSF%8*^utAYDTn4^&3okeF%#?
z;><_H0fedP@ZH57rqR(qYJG>APInAu4_x0N`(;VF?4MJ|D)NtJeaD~kt&9HLqH`-O
zyeP+k)6m}jWHptu7}V%~7F-Z}1YrbCBkEK^DZ4?L7d^pG<bZYm`@?^Q08j$}NY*8{
zW=UhuEV2E~zeO<d^5e8v&#;BpzxLcWj&UH-*WwQjgsZ+)E&Wx<X`45KoGjT^ieLd$
z-`R8Ja~_gLZ?HhC^^$lEFINSMm6s$T{XvU5(oP+Zz_H5yBNkQm2D_Apz_!()fdO05
zXwpg{XSsOKs{Lo41+FYWRR9q+9E|kRWe7qN5S|8Q?55Rh$+q*htG{T681nD;-4;#%
zLO16h3icoO{ZwV4ao2Aly&@IN8M$++Na&8WC9W*=WYBXDc!kwy?q%=0D!GTftD?R9
zWiV*IW!f!-m6kK~{Ot&U^?FwCh1qF|?pMBpX3=(sIF5A|2fVOyE9)*k&M&O|8QteW
zb$Mtn2?x0*YHugT7~}+HL5VbocfKJ}aJ;|{KBz1`{&;Bjal~Dxjz9lRnuLxucZkLk
zunkG`=6+9n#>jvTJ(ceA580!s0VTK6n1DbDEJ_>M>q=L)0I_KmYzDMzb?hWO`7o1W
z*|XAKXbj-dS%KVfXXWPe?DN^&5d^T0@Z>!r573I~kAO)KhmpX)eVbe`jv$A(qJw<{
zAY}-wxt3=ZWFdI%r>j%;c?irO3zmb(A`oDv6IuZ^vO@^G`K4EWg&+#luyC;}DSwQo
zpkq5vFW-KiF4d3y6}pxQkRW%APNRN49bD@ya`*#iP9tby(K@;|g2!XptJep;-Nx|*
zy@ei*Vwow^Zq&;&*X<o#;5|p_TLd+9)nV1>{H%Rmdkkk$!w!SdsBK|B<b5)(+17>=
zh34Gcyj;8=tqmv4Dq2v2=!bO~+{O*><YuPPilg4SYjciWbycK6RKqb4KrO!fcq4d0
z*81<iz$6dL`KKSr@%4vDx9>w`>5eZt%7z%&_J8(nk*Is&B3}KTQtinmBou{fFZ|0U
z@S`I2`a}$`_$IN{XsrXg%+m>8e-I(_k^+hcrPHuxJi$gwp8VcGu?!k+Sdq%;U8qkS
zhG=h^46_H}^7<#wY*>PlsjuZAwI?Ti1pj{jH<}@3stjIaQ@<boa{v8FRCk`{lu5SJ
z9CYjsgF2B$-B#l!$BM8P|MMfVH*c%v+F#Q_05n^`cYbE3R=JSHMM=wNozNtJbqRXu
zs;J+ueFu!iC>?e+Lp(8U9~qv$#qScZNMw$X{RY7eOPSXN4)_*9mAQh(;}=$R{X?jR
zllTn5jlMu|=#wan$ju+>HwbXPTrPvO6l#y4aDFYC&*;bb)()z%L*0T>F*)|kZ@)Xa
zqqGw#?dQPeRkQZ;=bm|pTHjpIei6az4}ndtDdi1$=d+0RrL?nY?NWWgqpBf6k~8WW
z^Cdb!e=MM_IOEJQbq=;9XFX{9RQ!;0C%`w$X|)ptGvGif2d;EX09y>UBXm{(Z6<$<
z*>KD=K-60V$Oq3kU?TuUmM2l%SCSaKbT8QRWY65Un+oaUXcE`Y*6#gM0Iko-TyT$=
zz};&y{1DKgUkad(J@rK?sPq|AQ5~IR){BpWZ#hlQ$PS0@eErmI-2SOse01oDcXvUy
zx%7j5AE3of9Xs*L=fUZB>D05VXJ7s*!ry=9QSDWGHYa`{YM*L2t00=Vzby=mN^xRj
zlda&TO=U0zWrzWNpfe&0r>+LEnQ6`fivjt9w7LFQ{tgn5lhV<*uJl_{nq!pyN%VBZ
z$!(F^cmjZpJFv`rmZ~Pns>~v7Kx-XB78Zx+$EU2*V>em6gsFO*#XX4J4Ft$k&JEtv
z;n-?&Z}&-kL&nz_+v&KVsmnS#X~Uav6I0d&HOPV%X$^((=<aTgB};o>%F&lAv4@4J
z+QQrtOHp2lr4SRgdCt*4VNOscuBQFXqjI*c0kYQIo5d$<&2yz7!P(TiOUyrHOoV0$
z4D2i`?*&Pz5TxIHS9SomWh!@>f=Gp)JSdX3NH_y><%T32LvZEc&K!w((EY`O#$!3O
z;bnV43+}1Zl@)3*{V8=gHLMFf4Fv2&gPCU~0$$J43aH9&d<RV3lceS|KPN?|zaHPc
z7fCGD7T(aLJgwvF2%@9P!ROk`%-KA)d}RT=-;*Pa<Zdwfapoo#q_na!0J8TQ7*NQ=
z0opS#CBgIGmXPJl0ZN{2;B>zvu^0r(hHS=y<bn79cCcLEuq+Zwc{L!mW<q-_Ti>c$
zzgi@)SoO6Ikd?LWb#J^a9SI^`VDD5Aj6ik$AgMFZxhAWURY}-Lr*lhZV<}$z)0qdZ
zhL`%Tch~#IUg{|t48#LRRDyKGsB%%&c>e9bWf8};vQGl6Y46)XpkAwr9Ju)Ar)8_~
z#)66!&*~o4q3J=Q?}WNW;y8<+`b}3^-c<GGClRiI04k#n$9jSgdVJvcvF7j{gd_dg
zTDRNJ6cfjxHFe7w88oBj2({(P&#jQMcF#-`rh`|v1IbkF$MXml5p?&jE6t9R#4LR?
zJ;=%DzsP%VVdFs)Je$<xl8g`tJ$dv(gZH(+uD)pXl$1mS)w?33El@tl_}hmh9lX5c
zg@3MCnuQc~-T<DYZ-Fpy?2Y>+?#ql<h17#5tOc@ogJc7EP67+!2Ge_%!`|D9r)Ilr
zO`O3^ruQx^(dJo0el9OPTzu-qM<DL^x3@gC_h0iKljZ-k7q@QhhEcV*@Z#3B&%FK^
zj?m%0Dq=Z;X(LUJc9zmUF3D-y=SV!gpZGfBd9)dzAi;J7!FxZlg|~EZ*Z|D18DRg3
zPMA)e##z-v@6wP!lN$n2_kpMq32UOLra)6;@M??ea=~b5A!59=t2?E$lUKi2=mP;r
zOzWaOR)WGn&pzZChrk)U0<g1`$;lIE(1L*qS_E*O_grRs>0YA?bFJ=xW1na5eM<Er
z5m^EOG_OGs-}>olbS3=+`=#_70A1}7o_JK^!iz$+UE)<+o4}?T2<mPC4|iu50Z><_
zcioRDB+;qOgtUWOFUcOu2+9wi)RZn0OYsff%;me~NM@8Rg$2|Ldh18^X+d+9o!uj@
z4aZnxK;@#JQ6%tYRx+S&{?*%gOFCZv0Yp{grIK0{H>__KK@~VJ=?rh@2;?1`>U2->
z>ehrOzgC8j4xEj5MJt#yCN^6gpN&Cs*Me-L!T`$A5AdK6(7fkwf5}>I3P@u!!W)gh
z{2g!sTL8cWnqq0UZiBI`z3B3bul+2WCt*U(^Qs_EC9R!~rq_<GFfAgu_?usWXRI2#
z*IH-VAgXes1r&|<sCI=1sEa{jMHGjr;yZ%~b$jkO*gOA_01i}ww6?%!+CDlwJ!xOi
zK1MrhefkIb=P}*14@|ffP)A+mFqwrqvt5Mfja~lPy(12_Hrm_Y4evljn8P@(@bV96
zwlCQhho@|&?kVevW1Q>jFQ2ScUkot#@8*re3(VW%`;_J)Oyg?9ivmRRRMh+tT~_XT
z|D7H>b0Y_ZOW@3_GbC1;t*7RR<VEe!aSYP$zwkHU5ugG|Z=vpGg3?=6ilk2lw!3&u
zO;<^bRSyh+j>NZvuhB{7fObF^Kz*~+H(=iBjY&zl`W1x#^59p!sq{1srCmN*7TKXL
z+e-xS*0NqY&l4q%85~rb_F3V$AbCk1A1LHG_7|S&TVk6FGo*bXAoKN~#X$x#>BN$1
zy6PorT`m`aDo%&@_9I}0RAc22p87|~z|nvs8T8F`c*;&?19&rNRE_ggk*h9LZu<#r
zTM7Vc1*IpQC{IHe!a9hIWvQ~V!WU^mOT$k-+T94@$@{>b|2fz>7OfG)nu!Iq{`SYu
zefE^R{1_-NKi+J4MkEc)ppER^HYt7_7H6n0>==x}YL&<Cq71I_+V|0oNGXLZzM-}7
zaa@w|q1`ZQ7}#$X2m6%Q?rXEjQQgXR`z7i>xkPIby#1L}5gOXxz73Mrd?1VuT9R~c
z8jR<R*%ls6L+SvHfM^?ni~hC6dIZ9l&#WH3#2!fwm7n&K?w%UVIA{ixQ3D1vos<wf
zafZz^^SP%3LW2k1{re5@!qO)m9Zw4V?Puk?JxKY3)@0BpHBG7hL;e4}?bFTLcWjXQ
z)`Rv&HqQWk;gGfvVK@XLQ%_Z#Ke<JtF9!+ySRm^xuWPrrv>>Q@=RxpXw#0V&2%y&Q
zt<T#LvOs{S3>FAbMep8QcJ)yNrXyg_(n|<<b)f0^dGNQ{M_%F{s@Na_?2-wRvu7K$
z#yJ@8>^OZh^uQHfZdG(4Ze`?bsojEA#l^9fj^=~0VmA!WKaOC(>bYU6aBy$Kec%d=
zB6ERE4ra@g;0OI=sCou#$;AU#{<x%b&j&p}@(keCZ+Q0y8y<G=V~qi<F4r(HmZ-aG
zZP^LCSf?WXeu$~Yg(?QP^(4?H*_PC*mf4W7%9dD%3#8<&-~L1rM(Yr2kJk~hF<Y7g
zD*?4qSE!im<~@Cfi5eILN*<g&%FgLCfA#xE?lwW_1PRI!Y>Ajs$BZq9gYlrbu_h~<
zwMky?fc`#o!ho#+v)B~M2JU#8OKX_%+5?jAtL_r9jMxeA9JXH0`0scAQyk*c?0V7!
z7T%;uFo(1)wzJEwEJI)*5ls68yu=gfHl`xMYT2wt*Rl}$-u;$KP&WiOP-Ptph}BUJ
z$~6RnJA)SlXwiZ#1ZpTySV~9AOaNm6W16)EIG)ko%BzB^jCLQ-hLr8MFQ-+NH~vg~
zrMX-)s<6WAAI)}lHhqXsX8*`{1Yx$h=6p*LpFPQvY%N;As96g0fCp_KhZ~d|*k5~x
z`Ue~|*g_)}3?ZO}X|Ki7=CY{5OR8|j(sJ0*uLUs`<T8;@1F(XUKnoy&cVN+3NU8N;
z(|Rg|rE|(+rcWbQ0XlP%J|Tp50i^Rh0FP#aPg9{?ZWgnh1a?{_G*nBtG-0IY0?yHq
z^t+Ic)79CQ6IzQ90!EOdqYsgd4DU$`4_qFO9RSXgC%B8O%7MYvd%<2Mdr7sEYU9UO
zgB$}{$LHX0_`ud-KDcqm16w4C2_62xmTEw^#X1L6Jxj!vwD*C=P4>Nh{{KUGTsxwD
zPZhbja`#G24#IR$XHXj(PCDBE_lFPv5CL$CYAN8TibFXa-B}`DjHW4c>gjD%V<2sQ
z6nv>|WQht2w8d0{hqzFM>!#Ql70~;ie)m(AEC}|0R#<X8$qw5ItJ24=XW1dT4izDi
zFyzB78QX21Bu^5<gQRCRVYO@P+|+`egI2p4dZ^WgE^@ariX7Y--158k`x(xd*X-?u
zsTmVrV?cw|F6-H}*JvDHCpCuZ=?&V-BD~<IJ&Mi6JEe}7Wzf-bj(#ZDz@6N}yfF3#
zqDGa4M<&N~Z(l%4*)+SQ^q#Ar*Z&C&XaaE{!KSr2(aReF(33M>!Y;Q5cLjJP>*nJ2
zUhgYg!87QGQziPpA9~;`m+yjH6IGxT2NC+#Y~>Ak!3fZ~tTu3J;kxp(5C^F|>;?fm
zJS@CGB0R&!{FSdr>})2&m%l;#biAMa;-{mTJ=N2Iv;m3+(LL)JD5j?OF)O@sTe9YY
zAw72oSV^?Hv>W?Ce$?OMY_K@qKG0lY5AuqGaGY~JL)-}{?9`UX4x}+t<sfF9Qy@`>
zj1G5ZDvzlwMlW7&1hfW<U?mNLc-$Os9B{b)PILQ>KZLmF|0LFN1lu`*$C!V}7Q`*9
zp477ce=9z~F^4>)WOW?92$s{|MUizVh~aIo9^>5s>FlNoVg?#?Sr@8fJXlp{K&S0z
zIYLeW6|sFCTRxV393gOGNkVX?d*wy1KFZoqmwE4V<%Ju?E2s3`OpsV*fd3Oe2d`6A
z8q%JWB<bO&e8wORv@U{sR9yaihd+dH*{J;5(~oqia-EWN;Z$^>(zFH6UV)A{k^Zl*
z-w)yPr}cFD=0JD4HQ?I4{ouUW%y2hwD$qsdLPv8xHLI^Vk9y&g12*2jB3t8@jUot-
z@Chln`V+`0bF(b1Za=U{*#_R8Ij~!Hh_~j;CXaD_7YKQpi{1MYg5|K65U%^fj3%7p
z|NhZk6?3nBEf`{XsebYsJ6+kl*Yh4Y{=NP$Gj8R1+Q<0~gg>MEl=|9Vmxp%LUuH`m
zLHFtmn$EK2*{>srlk{$y0AP=?cNE%|x_!?|oDD=`2z}VLBqSoZlv~OE4Yio&UtItO
zT>H`aN>}Z}xOC})W4*fg<O9mA>yXqh$!s*nQkKDA_;HL~(l*+MZIE^(CY+b57SX2)
z;R2|fURu5tw!cuEX4|nB^AiA~AEbT0^&nUlZE~A=Ix$ZP)R*N04qTcU;^^V2FDLu=
zoqqXYh|KWif1pbQco5IWwi;mm1+BmNTO&`)5rW`?YD*A%mmUJ()#z^lW{kZ-!Pw%)
z6L<19tqVQiWpwR=CqFA;-3$xQmc-s45M=2S0bKJQo-=ElYChm4XJ(h}oE~N{!mgPQ
z9W#9)U9KwV8x|@L2b{bHzB{k}Skc?)rM`h}i8se`WbbPX=Xc~yO~bZJ!={Y3<;A0>
zrp2*ri+orZUkCHnKH`9XW3wcgO+3V4jMffm9K*Z>(oLQA=_T!t+wdrj-|E^o#~wbV
zcFh{IE?4oN8?){66Iy?;2w$qlA2;R|YM*<^E#!YVs_4h(Mx?~|*T$iCf7G>!jes-Q
z;<mP3TrAfU-+bW0BwOG7F}C+?sU0?^IteODa|Eb1Z#@8}$_~<6b>ZfQ+Dy}7_cjCs
zB+;OF_GUJQ^|N5kNQjIZHlK`e@6G&|?|!yrB^2A1Q>%hx7iEQQ&IdrI`2yP4;@N4N
za&*uj<9ib1u6qZBNJ^lKiZ}sw!kxwwRc5BerFmUax51IR^NO~oKM{uQz`;k#c4w~6
z_2+LF$n*`3{ra)-LETOquR3vMMJ!oh2*l>2m|mKry}*tWxd=vC`^oG)3D%6gs(yd>
z2wmz@WTtFTPAtQfqs>6&P5mL~dz?+Pj%ptxOS98uvQN_tqGqrYdJLqZvm$~YFA#B(
zjnrJ(S@2bm>W|TNTFb!zjsOJtJtg$pt<fBk)cQ|q-ZUI9tt?K>*ylgU8(xMD>VRQ|
z+>JLalcV?>T*&*am&4v(Cv|D8v#1pSzDA!K$8{b5(&1<HJ*mIk<>V^$9ZkENwg2nT
z+@BeLB$jI_&c_!JId56OC_lE%dCQOT+PL9c8z#Hs2)ZYroa4_lHjx00{HTck{mxH_
z08THXy%;t2{&)K!`*^U~%Af-qQG`H1$HLKGqC~4RT{|`)vL7D{y3GEO;3B;aI~I<m
zm6FUeW`XF%+FpH-n#X2Skg7`%cs{zQN~*4)!<Yksdg%DeE{M#M=W}<13-Z>P8y%Ci
zHK&Xcd*VKX1GF!JGB~gEG`I6nV571@1^!$8h<mO}qHucc0Z;{XG8{Ao0!j+!sqrfv
zw5Mmj%x+OR2uSX%Oh`eP*yjbV%Ab}8(AR5E5f(>jtdmg|a9WqL+J0q`JSmVKqc4=e
zN96bV=JT|ahMwoyEAsB5DQ@s0?mSfcS6RpZ4tSeAwY3#k&wTw-3;Y-4L5@n6Z29-&
zY=FIevWBI1?H^myS!pa4fF6pK%d7+|2XT~lyjIB@iZ&*51ABcvAVB+szx(h-)*<)j
zrl<bNyomttSNc%ZipcZd-=^Xfg)jn4vZ$I~{X5r1gi8Znr($+yAw?+fM_mV)$sLfD
z&1evaRSk3$mAGI1p=F(w4zQS+2SJ?#Wvpi%SMJ%&zCs0R@eVsPgK&1{QVbP^H=O{|
zLBpYr0#t9>fQ|@}a#c3e<%5~K?E-zT3Kk&MPMck^GT#7Ar=j+^_NQHOkaHOaY4bP;
z1-TdFMJUsg;-Vp@)PRkafN9P+XwN6d4tywVIOs!TyP3VA%3S~XFV&~@HF~KJ`dG5G
zKP^R{HRZZb{OrCQV!iI)h4G{}Hy7{qSqdz0!1z<g-ROsYJt@5X_jYJEu^&hEOn8s{
z&wKCAO7NzVgmJ3HSJjBSosMWk`OeK3zeDYG1+}oL|F_TI=}uh&E_Dua6QKHNHA-KQ
z;!3{?xP&P~fJ_g05~TgZ5OtB35PlAf`bPD+2m&UP=~bIGU(p_a0<!8ejB0<wjrbr{
z7HA7nE=u*@E<fhnJG|9zj{ULKfBi#|ecv40qYH;T0Xc<RW0hpS`g6HY8c?z+xRvf#
zhm&XhfCpUP-}_^~I!6DfnhHqoJqkt@P(JmQ#~|xSwFIzJ1lZ{60J<gC<12UD!RcI>
z!p26>E5TU=<8xFKfLd8jKbYL;>W-j>?K;3yMs$EpP#3E}C(@X^jFocmu$5tO;MjON
zcmQaD9+(Q4XssPYAUMiW7tl46sJ~t-#hN?XyGZ4b4{z^Vq>@Efds-C?#Opv`?zi8J
z|Cq%pAM`UCAK7A+51auhi~V<hs1sAl5pXeC4!?we%?6NY%=2tY75OaN%cp)I5#c5Y
za>4^PAq`#HUSl`N)8R>uP#M)O868xOtutV3=K%ecohR-%e>&`3{VR7%dNl$AC|sgc
zE`j%SWd)?u5<4@^>{98|YNNp!n*&9sG*FwDKvy1cNzk0w{sP&%PUQ%lB5#>p3w8pc
z>6d#>XB8pHYoI@M2EDsy-w^e`j)p>?Tj|L|CO3!j!b7GY0c^ejLl+BFhey<qW^I!2
z@`DKDUFn#C-FrnO4U}94R?A%Zf*L`?t6(W09f6P*qFHLqEH)k75jaMx0|FvfMA&P7
zH(6%trv16KTfP~`x`Nz->6ON}TWDqj=j_a1G)oM)VJTm~LX2OZ*JidNJ36aPwZn_U
z@*Pr4RjKz#v(3l3ho3Q3K2Z8WzCxXEv6y#Ph+)mQ#a!h0Tcqn&h<*4OIOy(gV07Ec
zZz~hPkrm4NAkr_Vx-PSA7aXVh0R^jLU98%w_Gf;L!291m|0!>TR6A|CM<VNFS@~P`
zBWPu3Qpc0Jry+QO1n1d7@v_bu=ay+mD@|ZDpl;A9P#oxJj4}Ik$azTdG{DBL;|rxq
zpAn^v%*;-3XCO<0_>Du1Y}>_(y|!gf@KTZH>Jdh>p#m=73udTFbF1)?1bP~PMWc#f
znD>7nVv2@R>&+tS^ru<TBq|EPc&9pON2NJnLy~l+8KH7kgF9oYq0|0B4I5||B@yTC
zG^E!a1>0$EuIXNe01VPti$!L1iEfN1_-}W7ViQ4|W=@VpU|85xd|=nweTY`%-bb!|
z0#q&k8by43zwvN}16zOt*0vn{We$9lV~|-f;lE4qwVQ0y$eL;1I-YGh^vfKUl9G~J
z`7#G4%BRMsM&%DJ^mn>V8NBjQtt~9Ue2KP9Mf&d&Eyl6}%S{%3{dwOSs^r$@XPRk{
zN~s~4yuu^Kj%A*C<=1|vshI$^Z347f1-4KFrp&oB6EYnv_n@K!F`!LjX<)(y2=S7Z
z5~c)+Zb@+I4DH6v|J@%Ws7i6!VN)XTJ}RM~1T=!PB7)OiFS0=c)Odi`%5AfkUwM3-
z<_FOBn5#xMzt>?R=jrbtX)c-;NI!A>nJ+JEpQ?w<mdV=LU-sK?K>&_2lQdU4BY^J3
zBUj~StciB%wFI{F{$t)}c|tSuzQNt5KtMqy@4kP1JzU~02*Q)PA{nwB1p*sYi9&98
z?c3li<v^CdUF{N;I5K{676}46PRAH%(L8_f$3^yjyHw>{`L;JdhqHKtET9yh2=G~_
z(Z&bb+4+%;_B~^au5SKO4D|>P^El@laMeT*5cv!Xy>nMts7z%o6|xn4^XaelM~$&X
z0X)4!hBxV-sD&28?DDJM&yX#`M>*Fq1L8OWpssM&Lf$<E)%d)9Pal<}n>NtJ%3~`P
zstz(7K?DevfGxytzU@)8YcH(StM`?#>^e)6!T-MpKlQzf2w9_RZb{&R-~ROdpM}vu
z>)70(uLffEBxY&go!cay8NhKMeLT=uWz3{PSNzAfJ{QD`MoIc=V(X<=YN7V;D(aS4
zr-HYBt!_l3iDmB3{sQ9U4p^C_?KU8YQ_Hi@^nlmfDT1if^JnM5o9e)ZLC&Ck08^V_
zd%JJimp?2AHaTw9W*p*HPOf#|LR?;We5V^RK^Fp5e7yMC{jJa+Gj95z5C1>1anlFR
zfRx7myT3sfPIjeZp+-~pyNBuEPR)T$y!RORfBxbgaKINty(vxwV~<BbqY<R^2P8nU
z+LTLW%_ybwgh-26c>nKvN-o(T0pV941g`{zayxwrwJiUQFKK_1<pVj4rq@!}J(aMk
zj2Lk`0GeGPXtWPZz<ewF$fZa%IhMn-0uvG((zlZxT$-340Syv3nHShE5{;#KUCp)7
z&Y6QZ?@TJ344K}nk$q?YUX^qmL29f5aap#VM)1PDU@S_2H<6^yeeIL<1skd1_2#t*
z+3ax!;Z7XbuDu6Wl^KyRn9vD+>UV#oy+l+1d4shAymkjzB~8>NpY<wWb!xU2zUK>t
zH(9yqHlP`t*1gdT?vSq(E;&8E!aw62{FTCVbE=Gp;;;Kkq2t-U;}bl)|EqW1j%t~w
z{#8TFp5ZN6GvBIF6RQ?{<WQb${TF3RO8pj1Fi5YiHj&mZ-!4LAAk|86q&!fUb;0w>
zmmy#I<yg%6_H-F_qbOrxh}HyjQg4|yLpS~E!<0bEB&hH6mS^verO)i6m5nJ?J`TAw
z01RMKifajYB{kt(08d5l{@QI|z!bY3v!}o+L)qG_ff77&PK+Qt!0PZyh-wR5n4cpw
z_yJHmXd;Qt#<8+f?8>pF02V-DJfa*FXnyL`5qS`d-e4Q~E#Ot4#Wx<?LI5nEr7+s1
zT#zKvUA*;$n%y1)kJG^mP4dD54+Mi3z~1;iSU!kz6#={T^xW6qye9!kJnPKmAAz?f
zB!RzhCzvz*)^{}Xi`adLY#*~OOikGEfA0r2c)V9ypd)mXQ{Mbp@`RHy-paG&9CH?J
z(_l=y;j`qE$g`<aGQIb~a*-upeN<F?u&hm2@WJw*EF&nHTN}mDBSwXStxKVTSL+f4
zDkDJam?$cfNSd-s)xT_6*mbbjflVThqQ1TO1293qDNtR4tp$()THUqh21MCqO9lyO
zs#Lv(es($qC+OpWfR5c<E+OvQ)-4;r{WfS1!JrK0fss=oVAS9S?N5Rs0R5nrSdqc6
zeG6=nIiFXmpU7To`Ef(HDg?xS^C(zX5g0&I2kPe*z<C9M8e)aSEL8O(rSZ5jl$}Y$
z+>8B=1f9_Lh4923U^FTLUBL3|Up-1A7Vv5lp>$$&B0#}Y-((rqN^CVMZ<w`sAxp(2
z0H1LTbb8G_W+OB@F4f)N?Ca^B>FMg>;e}6i?^&x|o!=K8&MM%gU->bZJq3)lR@3|8
zJbdn0#L0j&^bSC|1mOLk96biX57b>82R@^GFN+U&>Jwlos=%UDv9ml_PF>9V7=6*;
zY|W*tlFRpWP=$bt^RIq!zOq57?&UA0KJzoAc1EbJR5s-yS0S#f#DF)P2TP}-3aG6W
zfndy0QZ4-vFbb-sst8yO%kl1A2v&2Moy^T<*&=++#&*aV#Zy#G|88}I`lc(l>mqAk
zP&?t$M#D=pP|sGjzy>N}i)cPN3YDRj%=6}>Q)NR@H5HL%qhstG#CN``#~UG?;2y@_
z-+T!{Y7bMixpH;0|NiS=AO(=`8brx=4IF=7JU(x=&J0f-{P&6miy6nte>*$7aeRnu
z-<k!dS0#7<SFyL+60Yg8ySLF_t*kVi9G<m0Rtk9;eHb-$*;j0q7;_XIxvw!~-ycxi
z!oN?be?v7GkEpY>S?3q*w&7`0y}Doit#hXN=>Bz>v5u0-aum(}4<1<9WbmiGM`_`|
zE}_>}P@+$#{e|AW=+XXqKXiOHg`-}l<&IsT)1%t^w}S!fxCsWfvS^_jq3_?8x|Fe4
zT626fUAAm+EU_I87AFbU9((a`#%SwdHu}>|No@|AOQ<S_>>_cx1c1FVB`r%BhM?cJ
zzR989nX@~d(MOe~vTe8sDo*icaQTt9zmGt`J|WNxV)Nth(tpqw59CzaEfNZ!7&#_F
zbI1?`J7}nfZ5lJxQPAg&fM$3a1SE{qBqNBVcL3;CB0&vD-~ToO-t+X(Tpt2~%Dv5{
zfsP`8-ceaHB%|yDu1XTpU~-yjK-o@)9RWKD0+eIQ374qOwTVF%DQotUo(y3{A~IjH
zXAD>H2X!A07|C&(e%7h;_~DG?)B<pWG5orb9EWhG0&T{GgSdQ4zV;F*R>$Nq>KMfR
z>2rkAzP0XTsI3ymY_9V_P&}xlm+G-f>pI1{-)QXM=8Ziq7IjpRdC^K;qhU~81iq@j
zz~+ig+N>m(xNBCWbo1GVk(wu4iu!2iz{?LL(*^+T{})6Q?w*Tqb*R5GsLmQ+2H98A
z`{N{Z=IfDfJ%l(LbsG4lIw!>Ng19OKsvpvon2|+e(!t(<U^|GWWcBI>_mU)v0~WBT
z(I@{30e61sYhb_(XtG4)-GV^8o~5UzmgvYvWuN042=fXh0`A`lHpF6NuSF1nz}Tio
z&q4|}Z|m{d?P<s=Z}oa|5u|OFRieXFu|FBg{-ja9@3gxZ(c=b-5hJ;$$sP0C_}Hi~
zUDGK!_oypZFKT}!8|WVD9=z<^m{{B-+k~_CF*hgj{)S?AGF<C^MO}FNm)JFt_pBVw
zB)f_4{SBD9D^{~|dysVGCNh0l;;nT2z*Sa>V0jDS8;`v3rDlmIv!HZrLSjRpBjI#b
z?%Zf5YbMQ2WhG9wKL5*|cRs7C3@Oue$<Uzj;3F^G*@d1wqQ+J-ke~v=OLu_nwr?~6
zAbm^1?G6dSXQ?&<W;JH%iMu4`#=2Kpqug$mYys~nj^;hEq6OXyo|nG?@#0pnYYwYE
z(&MxhLC%Z68lYYYI%zPA>NHor9<e-#_%Is;0k!vyFTC|20%Kg4Pkzdl3F6kc(zwOG
z;HSAKor31jgC^`_!((G>H~aFnI~y-|?LjJCi#88%qYfm!_~>3Qo~XTUiVk5^*QC|d
zV8>zwT+q}oZ(o{KOBF2U9QGOgj2ZgoTlnHNzI)Anoa2kvTJ%qo36#VweC+zYZ)1Pp
zToi5Wf<y+DVM<K+1kK4h33iT#IItqgJc?epygO>td)Ip-rE<ruE2%5^&7aGT;7jFa
z=rnm`1$$E3|NfXR<y_1}<f+@YpZv#o2!gtFo~)=xVzdrGsaPb$g!w}Dbs{UNj)G&h
zeqDy(2jb;+I~Ap}ITV30>rI-{U}!nGw}&@)AIMs)y#~W<3=J)USA*t9j*K8kun)%6
zAarY2mrRbji0G;TteF=Q^dewG07TQ)bPOy6Kvu;DN%fx~c};+Y2VA?CcU!yRTQQPB
z3##_&WJ1VxF>|70N|%^Sqq*s~te^bZt6#x>O(Co~x|VVfaP2|f0YF0n=%Ah7_K{S&
zw40uRw_yE~C^#;3YoDvmRb2o&P$2Z_@2W<Cb&=;8#)^-R0;3j``?4(!v9Xl3ukhtV
z7@aQ$2Vz~p;y@W73y5uS7f4{~p)v?Y-uZf+YOm{%k^;K=DY~iTwcQ$QmVMdQ<t2mB
z#&lHMs6VFv_PKiyoB+|zwn1s8FztUkZ0h`pNb_Y&6bKT~!w1JR4WQlyvDyW+HejA^
znT{BE;TziD=Rs<rsV%5oATn!dn%aacvcWtT0~WM&DjPw&_Aw^6(A`s0@q>BDlRpVQ
zi9q0c^-da4z)QDFJeRrSC0H=b97|JhtoIy*q9Cxiop+e1wFrA({LZ_@&r@%E(o0n^
z4}w#3M<JZMVNXJt!rtcMz*oQjYratZK|io&$}%<Nsl_^6Hs_dK$SdT3>Kr(`fKkrJ
z`i4=rw=i0H?s4qTp3`bVOuYR_kuoYITmprf*$XRd0DJi>?B_&Yxu5zTQAOKTn!ijl
z3h~?mKW+nKtXje>1jmNYgHNQ<Fo2E=vnF?X_Vs7(Q?4MAgKZDl4BqqN7j+pzO{1Sg
z(<gFm|N7Ifg~!qpn3{8<-utR-m_~3egr=$ahY-3X8W(%^fYND5Z+;)_7^re*&3djP
z+%)c;gP4v6#_A=?c2eM**$#o-Vzr4z`}~7oP3P4mAb0jD_caos@;gXF7c9T{Fa*`y
zsItjp%L1&AzIM+@(be0mkm<rYQx=a5#D#XUH*y@*ctW+|lZeni9Pj{bcN`F+&WwEl
zZ%}2<Ge4JDF9H@fkjT0P@|O#FS|B{<sfTvL6N*L_RBOS8IFeqy0F?R8PltR4<C(^4
z_A3YLHOBi7*&zs$ld`@1p8Me<V$_*9&>Qztkyx<oJ~UqY0XU%g&n~^Y-Vdq9xHj1g
z&T2c#5|1zE)r&_WqUeHw_UZQ?raN;5#j|Ny2ZhFjvVeebP*_+U8#X}m(wV(Q5C>TG
zf<Ed9(B+~hLAZREIp#!R#5><tYOHT_YcT3E8@^W7wJN?KRn4nZ3!tDI?CoF7L`pOs
zfhurFR7-$G;=A6`dPbrQwm>18yHD8jI+Hw=w~j0=Oxdgp3!}rg{y*gh{H?L`d!BH5
zhyPExdd11G?-eKY{M}lkGKfjwtegK``A2zeDbxMU+o3b6IEWSIMk~xeTgE1nR{uWL
zmAWHXsO}ijBavyVkS{+1mIlg|4S5K(1-b~=dzCv?y0~zJ!f$>JHvPg6!GTN(z(+-D
za0?Qly)?9puC154N}mTj^<}X6y5}CGPX&0jN)Z`LjID^T7_!k<P3Wl*h8=Sjf9$`P
z>nB~DZ@W}0v1C0F!nsS6(|aGN$<{;nztKYvdL2L;-@39Y1cTbgVy)UAKG8`9gf%K-
zO%J1G3bK@)U1m{N2khoB+J)sp$03+Q;N%h|@#XKcC#QDO{t?y6NNtv<b*V#k2{t7T
zPG1UQ_4v>i08#m1OP~dnAjzx?!Mk?`(-{a(@Tx=6^cBEaHS{borz5rvV#a{<9p$Jb
G`u_tKXA=ql

literal 0
HcmV?d00001