<div dir="ltr">Exactly. In addition to a security domain referencing the realm and a http-authentication-factory referencing the domain.</div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 7, 2018 at 6:17 AM, Jim Ma <span dir="ltr">&lt;<a href="mailto:ema@redhat.com" target="_blank">ema@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <div class="m_6129916239530327338moz-cite-prefix">Just to understand. I saw the
      SecurityIdentiy will be called by
      KeycloakHttpServerAuthenticati<wbr>onMechanism, and this will finally
      trigger<br>
      the KeycloakSecurityRealm to create identity.   To make this all
      work, we need to <br>
      configure KeycloakSecurityRealm and
      KeycloakHttpServerAuthenticati<wbr>onMechanism under Elytron subsystem,
      right?<div><div class="h5"><br>
      <br>
       <br>
       06/07/2018 12:25 AM, Pedro Igor Silva wrote:<br>
    </div></div></div><div><div class="h5">
    <blockquote type="cite">
      <div dir="ltr">I don&#39;t think Keycloak integration code can be
        worked to be a common utility.
        <div><br>
        </div>
        <div>It seems to me that you would need a specific security
          realm implementation from where you could just return an
          authorized identity as a result of parsing the SAML assertion.
          Here is what we have in Keycloak [1]. As you can see, we are
          basically trusting a KeycloakPrincipal, previously created by
          the keycloak adapter, and creating an authorization identity
          from it. We don&#39;t re-authenticate the user.</div>
        <div><br>
        </div>
        <div>So when pushContext is called, you could use
          serverauthenticationcontext and the CBH to ask Elytron for a
          security identity. See [2]. In this last example, we pass the
          previously authenticated principal via <span style="color:rgb(36,41,46);font-family:SFMono-Regular,Consolas,&quot;Liberation Mono&quot;,Menlo,Courier,monospace;font-size:12px;white-space:pre-wrap;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">EvidenceVerifyCallback.</span></div>
        <div><span style="color:rgb(36,41,46);font-family:SFMono-Regular,Consolas,&quot;Liberation Mono&quot;,Menlo,Courier,monospace;font-size:12px;white-space:pre-wrap;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">
</span></div>
        <div><span style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">I
            think this might work for you.</span><br>
        </div>
        <div><br>
        </div>
        <div>[1] <a href="https://github.com/pedroigor/keycloak/blob/d3e559453b7dcf6f0d9f32c5a9a7f8c49403bb3a/adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/KeycloakSecurityRealm.java#L83" target="_blank">https://github.com/<wbr>pedroigor/keycloak/blob/<wbr>d3e559453b7dcf6f0d9f32c5a9a7f8<wbr>c49403bb3a/adapters/oidc/<wbr>wildfly-elytron/src/main/java/<wbr>org/keycloak/adapters/elytron/<wbr>KeycloakSecurityRealm.java#L83</a></div>
        <div>[2] <a href="https://github.com/pedroigor/keycloak/blob/d3dee07956be8d0ac69466ac9367984ab0ea072d/adapters/oidc/wildfly-elytron/src/main/java/org/keycloak/adapters/elytron/SecurityIdentityUtil.java#L45" target="_blank">https://github.com/<wbr>pedroigor/keycloak/blob/<wbr>d3dee07956be8d0ac69466ac936798<wbr>4ab0ea072d/adapters/oidc/<wbr>wildfly-elytron/src/main/java/<wbr>org/keycloak/adapters/elytron/<wbr>SecurityIdentityUtil.java#L45</a></div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Wed, Jun 6, 2018 at 12:30 AM, Jim Ma
          <span dir="ltr">&lt;<a href="mailto:ema@redhat.com" target="_blank">ema@redhat.com</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF"><span>
                <div class="m_6129916239530327338m_-520751116552800486moz-cite-prefix">On
                  06/04/2018 09:31 PM, Pedro Igor Silva wrote:<br>
                </div>
                <blockquote type="cite">
                  <div dir="ltr">
                    <div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">
                        <div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">In
                          Keycloak integration we have a specific
                          security realm implementation that expects a
                          principal previously authenticated by a
                          keycloak adapter (e.g.: using SAML or OIDC)
                          and builds an authorized identity based on it.
                          Basically, what this security realm does is
                          populate the authorized idenitty with
                          information from tokens.</div>
                        <div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br>
                        </div>
                      </span></div>
                    <span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Later
                      we complete authentication in Elytron and set the
                      token as a credential into the identity. It is
                      worth mention that in Keycloak integration, the
                      adapter is a Elytron HTTP Authentication
                      Mechanism, so we don&#39;t deal directly with the
                      security domain but with the callback handler.</span>
                    <div><br>
                    </div>
                    <div>Regarding ElytronSecurityDomainContextIm<wbr>pl,
                      is method pushContext called after a call to
                      isValid ? If so, the security domain should be set
                      with the security identity and you don&#39;t even need
                      to keep that ThreadLocal ...<br>
                    </div>
                  </div>
                </blockquote>
                  <br>
              </span>  Thanks Pedro . Do you think the keycloak Elytron
              integration code can be improved or changed to a common
              utility to convert the principal to an Elytron identity?<br>
               Can you please point me the integration code or some
              Elytron example code snippet to build this authorized
              identity from a authenticated principal ?     <br>
              <div>
                <div class="m_6129916239530327338h5"> <br>
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div>
                        <div class="gmail_extra"><br>
                          <div class="gmail_quote">On Thu, May 31, 2018
                            at 7:03 AM, Darran Lofthouse <span dir="ltr">&lt;<a href="mailto:darran.lofthouse@redhat.com" target="_blank">darran.lofthouse@redhat.com</a>&gt;</span>
                            wrote:<br>
                            <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                              <div dir="ltr">Just added Pedro in CC so
                                see if he has any suggestions - this is
                                sounding similar to the problems he
                                would have needed to handle when he
                                added support for KeyCloak integration
                                using the Elytron APIs.  </div>
                            </blockquote>
                            <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                              <div dir="ltr">
                                <div><br>
                                </div>
                                <div>Although the reported problem we
                                  are working on is in the context of
                                  access to the token it does currently
                                  sound that there is a missing
                                  pre-requisite step of tying the
                                  authentication to Elytron to we can
                                  populate a SecurityIdentity.  But this
                                  does not sound like the first time we
                                  have needed to approach this. </div>
                              </div>
                            </blockquote>
                            <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                              <div dir="ltr">
                                <div><br>
                                </div>
                                <div>Regards,</div>
                                <div>Darran Lofthouse.</div>
                                <div>
                                  <div class="m_6129916239530327338m_-520751116552800486gmail-h5">
                                    <div><br>
                                      <br>
                                      <div class="gmail_quote">
                                        <div dir="ltr">On Thu, 31 May
                                          2018 at 10:54 Jim Ma &lt;<a href="mailto:ema@redhat.com" target="_blank">ema@redhat.com</a>&gt;
                                          wrote:<br>
                                        </div>
                                        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                                          <div bgcolor="#FFFFFF">
                                            <div class="m_6129916239530327338m_-520751116552800486gmail-m_6817568120572316212m_6492737856986601187moz-cite-prefix">On
                                              05/31/2018 05:37 PM,
                                              Darran Lofthouse wrote:<br>
                                            </div>
                                            <blockquote type="cite">
                                              <div dir="ltr">So the
                                                validation is within
                                                Apache CXF - is there an
                                                end result to this
                                                validation where you
                                                have access to
                                                everything you need
                                                where we could perform
                                                some additional steps?
                                                <div><br>
                                                </div>
                                              </div>
                                            </blockquote>
                                            <br>
                                          </div>
                                          <div bgcolor="#FFFFFF">  After
                                            Apache CXF validation, we
                                            can get a LoginContext from
                                            CXF&#39;s exchange message : <a class="m_6129916239530327338m_-520751116552800486gmail-m_6817568120572316212m_6492737856986601187moz-txt-link-freetext" href="https://github.com/apache/cxf/blob/master/core/src/main/java/org/apache/cxf/security/LoginSecurityContext.java" target="_blank">https://github.com/apache/cxf/<wbr>blob/master/core/src/main/java<wbr>/org/apache/cxf/security/Login<wbr>SecurityContext.java</a><br>
                                             Can we do something to
                                            convert it to an Elytron
                                            authenticated identity ? <br>
                                             Or we have to hook/replace
                                            something with Elytron in
                                            CXF&#39;s validation to make
                                            this work ?</div>
                                          <div bgcolor="#FFFFFF"><br>
                                            <br>
                                            <blockquote type="cite"><br>
                                              <div class="gmail_quote">
                                                <div dir="ltr">On Thu,
                                                  31 May 2018 at 10:34
                                                  Jim Ma &lt;<a href="mailto:ema@redhat.com" target="_blank">ema@redhat.com</a>&gt;
                                                  wrote:<br>
                                                </div>
                                                <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                                                  <div bgcolor="#FFFFFF">
                                                    <div class="m_6129916239530327338m_-520751116552800486gmail-m_6817568120572316212m_6492737856986601187m_399130190808493830moz-cite-prefix">The
                                                      saml validation is
                                                      now Apache CXF&#39;s
                                                      SAML
                                                      functionality. We
                                                      can&#39;t port the
                                                      CXF&#39;s security to
                                                      rely on <br>
                                                      our Elytron.   <br>
                                                    </div>
                                                  </div>
                                                  <div bgcolor="#FFFFFF">
                                                    <div class="m_6129916239530327338m_-520751116552800486gmail-m_6817568120572316212m_6492737856986601187m_399130190808493830moz-cite-prefix">
                                                      <br>
                                                      On 05/31/2018
                                                      05:07 PM, Darran
                                                      Lofthouse wrote:<br>
                                                    </div>
                                                  </div>
                                                  <div bgcolor="#FFFFFF">
                                                    <blockquote type="cite">
                                                      <div dir="ltr">It
                                                        sounds to me
                                                        then that the
                                                        place to start
                                                        is within the
                                                        SAML validation,
                                                        this is
                                                        effectively an
                                                        authentication
                                                        step so should
                                                        be ported over
                                                        to an Elytron
                                                        based
                                                        authentication -
                                                        the end result
                                                        of the
                                                        authentication
                                                        would then be
                                                        the required
                                                        SecurityIdentity
                                                        to propagate
                                                        from container
                                                        to container.
                                                        <div><br>
                                                        </div>
                                                      </div>
                                                      <br>
                                                      <div class="gmail_quote">
                                                        <div dir="ltr">On
                                                          Thu, 31 May
                                                          2018 at 03:57
                                                          Jim Ma &lt;<a href="mailto:ema@redhat.com" target="_blank">ema@redhat.com</a>&gt;
                                                          wrote:<br>
                                                        </div>
                                                        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                                                          <div bgcolor="#FFFFFF">
                                                          <div class="m_6129916239530327338m_-520751116552800486gmail-m_6817568120572316212m_6492737856986601187m_399130190808493830m_5946244944197837763moz-cite-prefix">On
                                                          05/30/2018
                                                          09:47 PM,
                                                          Darran
                                                          Lofthouse
                                                          wrote:<br>
                                                          </div>
                                                          <blockquote type="cite">
                                                          <div dir="ltr">I
                                                          am currently
                                                          gathering
                                                          together some
                                                          information
                                                          regarding how
                                                          the JCA
                                                          subsystem
                                                          handles the
                                                          requirement of
                                                          populating a
                                                          Subject for
                                                          propagation
                                                          into a
                                                          resource
                                                          adapter,
                                                          however there
                                                          is a general
                                                          question about
                                                          what is
                                                          attempting to
                                                          be achieved
                                                          here.
                                                          <div><br>
                                                          </div>
                                                          <div>Once an
                                                          EJB is secured
                                                          using WildFly
                                                          Elytron the
                                                          associated
                                                          identity is
                                                          not accessed
                                                          as a Subject
                                                          instead it is
                                                          accessed a
                                                          SecurityIdentity
                                                          the current
                                                          SecurityIdentity
                                                          can always be
                                                          retrieved by
                                                          calling the
                                                          current
                                                          SecurityDomain:
                                                          -</div>
                                                          <div><br>
                                                          </div>
                                                          <div><a href="http://wildfly-security.github.io/wildfly-elytron/1.3.x/api-javadoc/org/wildfly/security/auth/server/SecurityDomain.html#getCurrent--" target="_blank">http://wildfly-security.github<wbr>.io/wildfly-elytron/1.3.x/api-<wbr>javadoc/org/wildfly/security/a<wbr>uth/server/SecurityDomain.html<wbr>#getCurrent--</a></div>
                                                          <div><a href="http://wildfly-security.github.io/wildfly-elytron/1.3.x/api-javadoc/org/wildfly/security/auth/server/SecurityDomain.html#getCurrentSecurityIdentity--" target="_blank">http://wildfly-security.github<wbr>.io/wildfly-elytron/1.3.x/api-<wbr>javadoc/org/wildfly/security/a<wbr>uth/server/SecurityDomain.html<wbr>#getCurrentSecurityIdentity--</a></div>
                                                          <div><br>
                                                          </div>
                                                          <div>The
                                                          SecurityIdentity
                                                          has some
                                                          similarity
                                                          with the
                                                          Subject in
                                                          that amongst
                                                          other things
                                                          it also
                                                          contains a
                                                          collection of
                                                          public
                                                          credentials
                                                          and a
                                                          collection of
                                                          private
                                                          credentials: -</div>
                                                          <div><br>
                                                          </div>
                                                          <div><a href="http://wildfly-security.github.io/wildfly-elytron/1.3.x/api-javadoc/org/wildfly/security/auth/server/SecurityIdentity.html#getPublicCredentials--" target="_blank">http://wildfly-security.github<wbr>.io/wildfly-elytron/1.3.x/api-<wbr>javadoc/org/wildfly/security/a<wbr>uth/server/SecurityIdentity.ht<wbr>ml#getPublicCredentials--</a></div>
                                                          <div><a href="http://wildfly-security.github.io/wildfly-elytron/1.3.x/api-javadoc/org/wildfly/security/auth/server/SecurityIdentity.html#getPrivateCredentials--" target="_blank">http://wildfly-security.github<wbr>.io/wildfly-elytron/1.3.x/api-<wbr>javadoc/org/wildfly/security/a<wbr>uth/server/SecurityIdentity.ht<wbr>ml#getPrivateCredentials--</a></div>
                                                          <div><br>
                                                          </div>
                                                          <div>So I
                                                          think the very
                                                          first question
                                                          is has the
                                                          SecurityIdentity
                                                          been correctly
                                                          populated with
                                                          any delegated
                                                          credentials? 
                                                          If not that is
                                                          going to be a
                                                          pre-requisite
                                                          for any follow
                                                          on steps
                                                          regardless.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Then
                                                          secondly what
                                                          is it that is
                                                          making use of
                                                          this
                                                          identity?  Why
                                                          can&#39;t it be
                                                          ported to make
                                                          use of the
                                                          Elytron
                                                          authentication
                                                          client APIs
                                                          which amongst
                                                          other things
                                                          provide
                                                          support for
                                                          delegation
                                                          from the
                                                          current
                                                          identity.</div>
                                                          </div>
                                                          </blockquote>
                                                          <blockquote type="cite">
                                                          <div dir="ltr">
                                                          <div><br>
                                                          </div>
                                                          <div>If we
                                                          need to we can
                                                          look at a
                                                          conversion to
                                                          a Subject but
                                                          we are only
                                                          doing that
                                                          where it is
                                                          really
                                                          required.</div>
                                                          </div>
                                                          </blockquote>
                                                          <br>
                                                          </div>
                                                          <div bgcolor="#FFFFFF">
                                                            We don&#39;t
                                                          have the
                                                          SecurityIdentity
                                                          populated,
                                                          there is only
                                                          principal and
                                                          subject
                                                          created by
                                                          jbossws/CXF&#39;s
                                                          saml
                                                          validator. <br>
                                                            We need to
                                                          convert the
                                                          subject/principal
                                                          to Elytron&#39;s
                                                          SecurityIdentity
                                                          or something
                                                          else, then
                                                          later on EJB
                                                          subystem with
                                                          Elytron <br>
                                                            security can
                                                          retrieve this
                                                          authenticated
                                                          info without
                                                          check it
                                                          twice. So we&#39;d
                                                          like to know
                                                          how can we
                                                          convert a
                                                          subject/principal
                                                          <br>
                                                            to Elytron&#39;s
SecurityIdentity and let Elytron know this is already authenticated and
                                                          authorized. <br>
                                                          <br>
                                                          Thanks,<br>
                                                          Jim   <br>
                                                          </div>
                                                          <div bgcolor="#FFFFFF">
                                                          <br>
                                                          <br>
                                                          <blockquote type="cite">
                                                          <div dir="ltr">
                                                          <div><br>
                                                          </div>
                                                          <div>Regards,</div>
                                                          <div>Darran
                                                          Lofthouse.</div>
                                                          <div><br>
                                                          <br>
                                                          <div class="gmail_quote">
                                                          <div dir="ltr">On
                                                          Wed, 30 May
                                                          2018 at 10:27
                                                          Alessio
                                                          Soldano &lt;<a href="mailto:asoldano@redhat.com" target="_blank">asoldano@redhat.com</a>&gt;
                                                          wrote:<br>
                                                          </div>
                                                          <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                                                          <div dir="ltr">
                                                          <div>As
                                                          suggested by
                                                          Darran, I&#39;m
                                                          forwarding the
                                                          message below
                                                          to the list on
                                                          behalf of Jim.<br>
                                                          </div>
                                                          The classes
                                                          Jim is
                                                          referring to
                                                          are at <a href="https://github.com/wildfly/wildfly/tree/master/webservices/server-integration/src/main/java/org/jboss/as/webservices/security" target="_blank">https://github.com/wildfly/wil<wbr>dfly/tree/master/webservices/s<wbr>erver-integration/src/main/jav<wbr>a/org/jboss/as/webservices/sec<wbr>urity</a>
                                                          <br>
                                                          <br>
                                                          <div><br>
                                                          <div class="gmail_quote">----------
                                                          Forwarded
                                                          message
                                                          ----------<br>
                                                          From: <b class="gmail_sendername">Jim
                                                          Ma</b> <span dir="ltr">&lt;<a href="mailto:ema@redhat.com" target="_blank">ema@redhat.com</a>&gt;</span><br>
                                                          Date: Wed, May
                                                          30, 2018 at
                                                          9:03 AM<br>
                                                          Subject: Set
                                                          an authorized
                                                          identity to
                                                          EltyronSecurity
                                                          Context<br>
                                                          To: Darran
                                                          Lofthouse &lt;<a href="mailto:darran.lofthouse@redhat.com" target="_blank">darran.lofthouse@redhat.com</a>&gt;<br>
                                                          Cc: Alessio
                                                          Soldano &lt;<a href="mailto:asoldano@redhat.com" target="_blank">asoldano@redhat.com</a>&gt;<br>
                                                          <br>
                                                          <br>
                                                          Hi Darran,<br>
                                                          <br>
                                                          We are helping
                                                          look at a
                                                          customer issue
                                                          which requires
                                                          propagate the
                                                          authenticated
                                                          subject from
                                                          webservice
                                                          subsystem to<br>
                                                          <br>
                                                          ejb subystem.
                                                          With old
                                                          security
                                                          domain , we
                                                          can do this
                                                          with creating
                                                          a subject :<br>
                                                          <br>
                                                              @Override<br>
                                                              public
                                                          void
                                                          pushSubjectContext(final
                                                          Subject
                                                          subject, final
                                                          Principal
                                                          principal,
                                                          final Object
                                                          credential) {<br>
                                                                 
                                                          AccessController.doPrivileged(<wbr>new
PrivilegedAction&lt;Void&gt;() {<br>
                                                          <br>
                                                                     
                                                          public Void
                                                          run() {<br>
                SecurityContext securityContext =
                                                          SecurityContextAssociation.get<wbr>SecurityContext();<br>
                if (securityContext == null) {<br>
                    securityContext = createSecurityContext(getSecur<wbr>ityDomain());<br>
setSecurityContextOnAssociatio<wbr>n(securityContext);<br>
                }<br>
securityContext.getUtil().crea<wbr>teSubjectInfo(principal, credential,
                                                          subject);<br>
                return null;<br>
                                                                      }<br>
                                                                  });<br>
                                                              }<br>
                                                          <br>
                                                          <br>
                                                          After
                                                          Elytron,  what
                                                          is the
                                                          equivalent
                                                          thing to do
                                                          this  then ejb
                                                          can retrieve
                                                          this security
                                                          without check
                                                          this twice ?<br>
                                                          <br>
                                                          Thanks,<br>
                                                          <br>
                                                          Jim<br>
                                                          <br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <div dir="ltr">
                                                          <div><br>
                                                          <br clear="all">
                                                          <br>
                                                          -- <br>
                                                          <div class="m_6129916239530327338m_-520751116552800486gmail-m_6817568120572316212m_6492737856986601187m_399130190808493830m_5946244944197837763m_-7102110169809177803gmail_signature">
                                                          <div dir="ltr">
                                                          <div>
                                                          <p style="font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:uppercase"><span>Alessio</span>
                                                          <span>Soldano</span></p>
                                                          <p style="font-weight:normal;font-size:10px;margin:0px 0px 4px;text-transform:uppercase"><span>Associate
                                                          Manager</span><span style="font-weight:normal;color:rgb(170,170,170);margin:0px"></span></p>
                                                          <p style="font-weight:normal;margin:0px;font-size:10px;color:rgb(153,153,153)"><a style="color:rgb(0,136,206);font-size:10px;margin:0px;text-decoration:none;font-family:overpass,sans-serif" href="https://www.redhat.com" target="_blank">Red
                                                          Hat <span><br>
                                                          <br>
                                                          </span></a></p>
                                                          <table border="0">
                                                          <tbody>
                                                          <tr>
                                                          <td width="100px"><a href="https://red.ht/sig" target="_blank"> <img src="https://www.redhat.com/files/brand/email/sig-redhat.png" height="auto" width="90"></a>
                                                          </td>
                                                          </tr>
                                                          </tbody>
                                                          </table>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </blockquote>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </blockquote>
                                                          <p><br>
                                                          </p>
                                                          </div>
                                                        </blockquote>
                                                      </div>
                                                    </blockquote>
                                                    <p><br>
                                                    </p>
                                                  </div>
                                                </blockquote>
                                              </div>
                                            </blockquote>
                                            <p><br>
                                            </p>
                                          </div>
                                        </blockquote>
                                      </div>
                                    </div>
                                  </div>
                                </div>
                              </div>
                            </blockquote>
                          </div>
                          <br>
                        </div>
                      </div>
                    </div>
                  </blockquote>
                  <p><br>
                  </p>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <p><br>
    </p>
  </div></div></div>

</blockquote></div><br></div>