From 3667d06451b77e02a5d7bbc6ad47837c4909342b Mon Sep 17 00:00:00 2001
From: lskublik <lskublik@evolveum.com>
Date: Tue, 27 Apr 2021 17:38:50 +0200
Subject: [PATCH] rewrite jasper report from initial-objects to new object
 collection reports

---
 .../AutoCompleteReferencePanelFactory.java    |   72 +
 .../search/ReferenceAutocomplete.java         |   10 +-
 .../ReferenceValueSearchPopupPanel.java       |    8 -
 .../web/page/admin/reports/PageReports.java   |    2 +-
 .../component/RunReportPopupPanel.html        |   19 +-
 .../component/RunReportPopupPanel.java        |   99 +-
 .../initial-objects/080-report-audit.xml      |   21 -
 .../090-report-audit-jasper.xml               |   25 -
 .../initial-objects/090-report-audit.xml      |  227 ++
 .../100-report-reconciliation.xml             |  197 +-
 .../initial-objects/110-report-user-list.xml  |  165 +-
 .../130-report-certification-definitions.xml  |   41 +-
 .../140-report-certification-campaigns.xml    |  189 +-
 .../150-report-certification-cases.xml        |  203 +-
 .../160-report-certification-decisions.xml    |  183 +-
 ... => 251-object-collection-resource-up.xml} |    0
 ... => 261-object-collection-task-active.xml} |    0
 ...it.xml => 270-object-collection-audit.xml} |    0
 ...ml => 271-object-collection-audit-24h.xml} |    0
 ...72-object-collection-audit-errors-24h.xml} |    0
 ...ct-collection-audit-modifications-24h.xml} |    0
 ...-collection-certification-campaign-all.xml |   27 +
 ...l => 290-object-collection-shadow-all.xml} |   10 +-
 .../prism}/query/PagingConvertor.java         |    4 +-
 .../public/common/common-certification-3.xsd  | 2971 +++++++++--------
 .../xml/ns/public/common/common-core-3.xsd    |   15 +
 .../impl/controller/DashboardServiceImpl.java |   41 -
 .../ModelInteractionServiceImpl.java          |   22 +-
 .../report/impl/ReportServiceImpl.java        |   20 +-
 .../controller/fileformat/CsvController.java  |   12 +-
 .../fileformat/FileFormatController.java      |   45 +-
 .../controller/fileformat/HtmlController.java |   15 +-
 32 files changed, 2876 insertions(+), 1767 deletions(-)
 create mode 100644 gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/AutoCompleteReferencePanelFactory.java
 delete mode 100644 gui/admin-gui/src/main/resources/initial-objects/080-report-audit.xml
 delete mode 100644 gui/admin-gui/src/main/resources/initial-objects/090-report-audit-jasper.xml
 create mode 100644 gui/admin-gui/src/main/resources/initial-objects/090-report-audit.xml
 rename gui/admin-gui/src/main/resources/initial-objects/{280-object-collection-resource-up.xml => 251-object-collection-resource-up.xml} (100%)
 rename gui/admin-gui/src/main/resources/initial-objects/{270-object-collection-task-active.xml => 261-object-collection-task-active.xml} (100%)
 rename gui/admin-gui/src/main/resources/initial-objects/{284-object-collection-audit.xml => 270-object-collection-audit.xml} (100%)
 rename gui/admin-gui/src/main/resources/initial-objects/{285-object-collection-audit-24h.xml => 271-object-collection-audit-24h.xml} (100%)
 rename gui/admin-gui/src/main/resources/initial-objects/{290-object-collection-audit-errors-24h.xml => 272-object-collection-audit-errors-24h.xml} (100%)
 rename gui/admin-gui/src/main/resources/initial-objects/{300-object-collection-audit-modifications-24h.xml => 273-object-collection-audit-modifications-24h.xml} (100%)
 create mode 100644 gui/admin-gui/src/main/resources/initial-objects/280-object-collection-certification-campaign-all.xml
 rename gui/admin-gui/src/main/resources/initial-objects/{255-object-collection-certification-definition-all.xml => 290-object-collection-shadow-all.xml} (66%)
 rename infra/{prism-impl/src/main/java/com/evolveum/midpoint/prism/impl => prism-api/src/main/java/com/evolveum/midpoint/prism}/query/PagingConvertor.java (95%)

diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/AutoCompleteReferencePanelFactory.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/AutoCompleteReferencePanelFactory.java
new file mode 100644
index 00000000000..71f5ca79373
--- /dev/null
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/panel/AutoCompleteReferencePanelFactory.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2010-2020 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+package com.evolveum.midpoint.gui.impl.factory.panel;
+
+import com.evolveum.midpoint.gui.api.component.autocomplete.AutoCompleteReferenceRenderer;
+import com.evolveum.midpoint.gui.api.factory.GuiComponentFactory;
+import com.evolveum.midpoint.gui.api.prism.wrapper.ItemWrapper;
+import com.evolveum.midpoint.gui.api.prism.wrapper.PrismReferenceWrapper;
+import com.evolveum.midpoint.gui.api.registry.GuiComponentRegistry;
+import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
+import com.evolveum.midpoint.gui.impl.prism.wrapper.PrismReferenceValueWrapperImpl;
+import com.evolveum.midpoint.report.api.ReportConstants;
+import com.evolveum.midpoint.util.QNameUtil;
+import com.evolveum.midpoint.util.exception.SchemaException;
+import com.evolveum.midpoint.util.logging.Trace;
+import com.evolveum.midpoint.util.logging.TraceManager;
+import com.evolveum.midpoint.web.component.data.LinkedReferencePanel;
+import com.evolveum.midpoint.web.component.search.ReferenceAutocomplete;
+import com.evolveum.midpoint.web.component.search.ReferenceValueSearchPopupPanel;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.CaseType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
+
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
+
+import org.apache.wicket.behavior.AttributeAppender;
+import org.apache.wicket.model.Model;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.PostConstruct;
+
+/**
+ * @author lskublik
+ */
+@Component
+public class AutoCompleteReferencePanelFactory
+        implements GuiComponentFactory<PrismReferencePanelContext<ObjectReferenceType>> {
+
+    private static final Trace LOGGER = TraceManager.getTrace(AutoCompleteReferencePanelFactory.class);
+
+    @Autowired private GuiComponentRegistry registry;
+
+    @PostConstruct
+    public void register() {
+        registry.addToRegistry(this);
+    }
+
+    @Override
+    public Integer getOrder() {
+        return 100;
+    }
+
+    @Override
+    public <IW extends ItemWrapper<?, ?>> boolean match(IW wrapper) {
+        return QNameUtil.match(ObjectReferenceType.COMPLEX_TYPE, wrapper.getTypeName()) &&
+                ReportConstants.NS_EXTENSION.equals(wrapper.getNamespace());
+    }
+
+    @Override
+    public org.apache.wicket.Component createPanel(PrismReferencePanelContext<ObjectReferenceType> panelCtx) {
+        ReferenceAutocomplete panel = new ReferenceAutocomplete(panelCtx.getComponentId(), panelCtx.getRealValueModel(),
+                new AutoCompleteReferenceRenderer(),
+                panelCtx.getPageBase());
+        panel.setOutputMarkupId(true);
+        panel.add(AttributeAppender.append("style", "padding-top:5px")); //ugly hack to be aligned with prism-property-label
+        return panel;
+    }
+}
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/search/ReferenceAutocomplete.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/search/ReferenceAutocomplete.java
index 04ec0521258..a012bf3cd33 100644
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/search/ReferenceAutocomplete.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/search/ReferenceAutocomplete.java
@@ -11,6 +11,7 @@
 import java.util.Iterator;
 import java.util.List;
 
+import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
 
 import org.apache.commons.lang3.StringUtils;
@@ -36,14 +37,16 @@
 /**
  * @author honchar
  */
-public abstract class ReferenceAutocomplete extends AutoCompleteTextPanel<ObjectReferenceType> {
+public class ReferenceAutocomplete extends AutoCompleteTextPanel<ObjectReferenceType> {
     private static final long serialVersionUID = 1L;
 
     private final PageBase pageBase;
+    private final IModel<ObjectReferenceType> model;
 
     public ReferenceAutocomplete(String id, final IModel<ObjectReferenceType> model, IAutoCompleteRenderer<ObjectReferenceType> renderer, PageBase pageBase) {
         super(id, model, ObjectReferenceType.class, renderer);
         this.pageBase = pageBase;
+        this.model = model;
     }
 
     @Override
@@ -82,7 +85,10 @@ protected boolean isAllowedNotFoundObjectRef() {
     }
 
     protected <O extends ObjectType> Class<O> getReferenceTargetObjectType(){
-        return (Class<O>) AbstractRoleType.class;
+        if (model.getObject().getType() == null) {
+            return (Class<O>) ObjectType.class;
+        }
+        return (Class<O>) WebComponentUtil.qnameToClass(pageBase.getPrismContext(), model.getObject().getType());
     }
 
     protected int getMaxRowsCount() {
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/search/ReferenceValueSearchPopupPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/search/ReferenceValueSearchPopupPanel.java
index e1367088571..f9ef3d8e9dd 100644
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/search/ReferenceValueSearchPopupPanel.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/search/ReferenceValueSearchPopupPanel.java
@@ -86,14 +86,6 @@ public void setObject(String object) {
 
             private static final long serialVersionUID = 1L;
 
-            @Override
-            protected Class<O> getReferenceTargetObjectType() {
-                if (getModelObject().getType() == null) {
-                    return (Class<O>) ObjectType.class;
-                }
-                return (Class<O>) WebComponentUtil.qnameToClass(getPageBase().getPrismContext(), getModelObject().getType());
-            }
-
             @Override
             protected boolean isAllowedNotFoundObjectRef() {
                 return ReferenceValueSearchPopupPanel.this.isAllowedNotFoundObjectRef();
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/PageReports.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/PageReports.java
index 6ae03cfaf61..8f8ff00970b 100644
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/PageReports.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/PageReports.java
@@ -290,7 +290,7 @@ private void runConfirmPerformed(AjaxRequestTarget target, ReportType reportType
 
     protected void runReportPerformed(AjaxRequestTarget target, ReportType report) {
 
-        if(report.getObjectCollection() == null) {
+        if(report.getObjectCollection() == null || report.getObjectCollection().getParameter().isEmpty()) {
             runConfirmPerformed(target, report, null);
             return;
         }
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/component/RunReportPopupPanel.html b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/component/RunReportPopupPanel.html
index b76fff0b1e0..9cfabf7b116 100644
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/component/RunReportPopupPanel.html
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/component/RunReportPopupPanel.html
@@ -10,25 +10,20 @@
 <wicket:panel>
     <form wicket:id="mainForm">
 
-    <div class="feedbackContainer">
-        <div wicket:id="popupFeedback" class="messagePanel"/>
-    </div>
+        <div class="feedbackContainer">
+            <div wicket:id="popupFeedback" class="messagePanel"/>
+        </div>
         <h3 style="margin-left: 20px;">
             <wicket:message key="RunReportPopupPanel.title"/>
         </h3>
 
-        <div class="box boxed-table">
-            <div class="box-header">
-
-            </div>
-            <div  class="box-body no-padding">
-                <div wicket:id="parameters">
-                    <div wicket:id="parameter"/>
-                </div>
+        <div class="prism-properties">
+            <div wicket:id="parameters">
+                <div class="row prism-property" wicket:id="parameter"/>
             </div>
         </div>
         <p align="center">
-            <a class="btn btn-success" wicket:id="runReport" />
+            <a class="btn btn-success" wicket:id="runReport"/>
         </p>
     </form>
 </wicket:panel>
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/component/RunReportPopupPanel.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/component/RunReportPopupPanel.java
index 780fba46824..af42566baf6 100644
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/component/RunReportPopupPanel.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/component/RunReportPopupPanel.java
@@ -96,53 +96,63 @@ protected void onInitialize() {
     }
 
     private void initParameters() {
-        PrismContainerDefinition<ReportParameterType> paramContainerDef = getPrismContext().getSchemaRegistry().findContainerDefinitionByElementName(ReportConstants.REPORT_PARAMS_PROPERTY_NAME);
+        PrismContainerValue<ReportParameterType> reportParamValue;
+        try {
+            PrismContainerDefinition<ReportParameterType> paramContainerDef = getPrismContext().getSchemaRegistry()
+                    .findContainerDefinitionByElementName(ReportConstants.REPORT_PARAMS_PROPERTY_NAME);
+            paramContainer = paramContainerDef.instantiate();
+
+            ReportParameterType reportParam = new ReportParameterType();
+            reportParamValue = reportParam.asPrismContainerValue();
+            reportParamValue.revive(getPrismContext());
+            paramContainer.add(reportParamValue);
+        } catch (SchemaException e) {
+            LOGGER.error("Couldn't create container for report parameters");
+            return;
+        }
         for (SearchFilterParameterType parameter : reportType.getObjectCollection().getParameter()) {
-            try {
-                paramContainer = paramContainerDef.instantiate();
-
-                ReportParameterType reportParam = new ReportParameterType();
-                PrismContainerValue<ReportParameterType> reportParamValue = reportParam.asPrismContainerValue();
-                reportParamValue.revive(getPrismContext());
-                paramContainer.add(reportParamValue);
-
-                Class<?> clazz = getPrismContext().getSchemaRegistry().determineClassForType(parameter.getType());
-                QName type = getPrismContext().getSchemaRegistry().determineTypeForClass(clazz);
-                if (Containerable.class.isAssignableFrom(clazz)) {
-                    LOGGER.error("Couldn't create container item for parameter " + parameter);
-                    continue;
-                }
-                MutableItemDefinition def;
-                if (Referencable.class.isAssignableFrom(clazz)) {
-                    def = getPrismContext().definitionFactory().createReferenceDefinition(
-                            new QName(ReportConstants.NS_EXTENSION, parameter.getName()), type);
-                    ((MutablePrismReferenceDefinition)def).setTargetTypeName(parameter.getTargetType());
+            Class<?> clazz = getPrismContext().getSchemaRegistry().determineClassForType(parameter.getType());
+            QName type = getPrismContext().getSchemaRegistry().determineTypeForClass(clazz);
+            if (Containerable.class.isAssignableFrom(clazz)) {
+                LOGGER.error("Couldn't create container item for parameter " + parameter);
+                continue;
+            }
+            MutableItemDefinition def;
+            if (Referencable.class.isAssignableFrom(clazz)) {
+                def = getPrismContext().definitionFactory().createReferenceDefinition(
+                        new QName(ReportConstants.NS_EXTENSION, parameter.getName()), type);
+                ((MutablePrismReferenceDefinition) def).setTargetTypeName(parameter.getTargetType());
+            } else {
+                List values = WebComponentUtil.getAllowedValues(parameter, getPageBase());
+                if (CollectionUtils.isNotEmpty(values)) {
+                    def = (MutableItemDefinition) getPrismContext().definitionFactory().createPropertyDefinition(
+                            new QName(ReportConstants.NS_EXTENSION, parameter.getName()), type, values, null);
                 } else {
-                    List values = WebComponentUtil.getAllowedValues(parameter, getPageBase());
-                    if (CollectionUtils.isNotEmpty(values)) {
-                        def = (MutableItemDefinition) getPrismContext().definitionFactory().createPropertyDefinition(
-                                new QName(ReportConstants.NS_EXTENSION, parameter.getName()), type, values, null);
-                    } else {
-                        def = getPrismContext().definitionFactory().createPropertyDefinition(
-                                new QName(ReportConstants.NS_EXTENSION, parameter.getName()), type);
-                    }
-                }
-                def.setDynamic(true);
-                def.setRuntimeSchema(true);
-                def.setMaxOccurs(1);
-                def.setMinOccurs(0);
-                if (parameter.getDisplay() != null) {
-                    String displayName = WebComponentUtil.getTranslatedPolyString(parameter.getDisplay().getLabel());
-                    def.setDisplayName(displayName);
-                    String help = WebComponentUtil.getTranslatedPolyString(parameter.getDisplay().getHelp());
-                    def.setHelp(help);
+                    def = getPrismContext().definitionFactory().createPropertyDefinition(
+                            new QName(ReportConstants.NS_EXTENSION, parameter.getName()), type);
                 }
-                if (parameter.getAllowedValuesLookupTable() != null) {
-                    def.setValueEnumerationRef(parameter.getAllowedValuesLookupTable().asReferenceValue());
+            }
+            def.setDynamic(true);
+            def.setRuntimeSchema(true);
+            def.setMaxOccurs(1);
+            def.setMinOccurs(0);
+            if (parameter.getDisplay() != null) {
+                String displayName = WebComponentUtil.getTranslatedPolyString(parameter.getDisplay().getLabel());
+                def.setDisplayName(displayName);
+                String help = WebComponentUtil.getTranslatedPolyString(parameter.getDisplay().getHelp());
+                def.setHelp(help);
+            }
+            if (parameter.getAllowedValuesLookupTable() != null) {
+                def.setValueEnumerationRef(parameter.getAllowedValuesLookupTable().asReferenceValue());
+            }
+            try {
+                Item item = def.instantiate();
+                if (item instanceof PrismReference){
+                    ObjectReferenceType ref = new ObjectReferenceType();
+                    ref.setType(parameter.getTargetType());
+                    item.add(ref.asReferenceValue());
                 }
-
-                Item prop = def.instantiate();
-                reportParamValue.add(prop);
+                reportParamValue.add(item);
 
             } catch (SchemaException e) {
                 LOGGER.error("Couldn't create item for parameter " + parameter);
@@ -349,7 +359,8 @@ private void runConfirmPerformed(AjaxRequestTarget target) {
         PrismContainer<ReportParameterType> parameterContainer = paramContainer.clone();
         List<Item> itemForRemoving = new ArrayList<>();
         parameterContainer.getValue().getItems().forEach((item) -> {
-            if (item.isEmpty() || item.getRealValue() == null){
+            if (item.isEmpty() || item.getRealValue() == null
+                    || (item instanceof PrismReference && ((PrismReference) item).getRealValue() != null && ((PrismReference) item).getRealValue().getOid() == null)) {
                 itemForRemoving.add(item);
             }
         });
diff --git a/gui/admin-gui/src/main/resources/initial-objects/080-report-audit.xml b/gui/admin-gui/src/main/resources/initial-objects/080-report-audit.xml
deleted file mode 100644
index 42194b59555..00000000000
--- a/gui/admin-gui/src/main/resources/initial-objects/080-report-audit.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Copyright (c) 2010-2020 Evolveum and contributors
-  ~
-  ~ This work is dual-licensed under the Apache License 2.0
-  ~ and European Union Public License. See LICENSE file for details.
-  -->
-
-<report xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-        oid="00000000-0000-0000-0000-000000000080">
-    <name>All audit records report</name>
-    <description>Report made from all audit records.</description>
-    <assignment>
-        <targetRef oid="00000000-0000-0000-0000-000000000171" type="ArchetypeType" />
-    </assignment>
-    <objectCollection>
-        <collection>
-            <collectionRef oid="00000000-0000-0000-0001-000000000284" type="ObjectCollectionType"/>
-        </collection>
-    </objectCollection>
-</report>
diff --git a/gui/admin-gui/src/main/resources/initial-objects/090-report-audit-jasper.xml b/gui/admin-gui/src/main/resources/initial-objects/090-report-audit-jasper.xml
deleted file mode 100644
index 5ec1a4d1e28..00000000000
--- a/gui/admin-gui/src/main/resources/initial-objects/090-report-audit-jasper.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Copyright (c) 2015-2019 Evolveum and contributors
-  ~
-  ~ This work is dual-licensed under the Apache License 2.0
-  ~ and European Union Public License. See LICENSE file for details.
-  -->
-<report oid="00000000-0000-0000-0000-000000000009"
-        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
-    <name>Audit logs report (Jasper)</name>
-    <description>Report made from audit records.</description>
-    <jasper>
-           <parent>true</parent>
-           <template>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGphc3BlclJlcG9ydCB4bWxucz0iaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2phc3BlcnJlcG9ydHMiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2phc3BlcnJlcG9ydHMgaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L3hzZC9qYXNwZXJyZXBvcnQueHNkIiBuYW1lPSJyZXBvcnRBdWRpdExvZ3MiIHBhZ2VXaWR0aD0iMTE2MiIgcGFnZUhlaWdodD0iNTk1IiBvcmllbnRhdGlvbj0iTGFuZHNjYXBlIiB3aGVuTm9EYXRhVHlwZT0iQWxsU2VjdGlvbnNOb0RldGFpbCIgY29sdW1uV2lkdGg9IjExMjIiIGxlZnRNYXJnaW49IjIwIiByaWdodE1hcmdpbj0iMjAiIHRvcE1hcmdpbj0iMjAiIGJvdHRvbU1hcmdpbj0iMjAiIHV1aWQ9IjY3ZTQ2NWM1LTQ2ZWEtNDBkMi1iZWEwLTQ2OWM2Y2YzODkzNyI+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuYXd0Lmlnbm9yZS5taXNzaW5nLmZvbnQiIHZhbHVlPSJ0cnVlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0LmNzdi5leGNsdWRlLm9yaWdpbi5iYW5kLjEiIHZhbHVlPSJ0aXRsZSIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC5jc3YuZXhjbHVkZS5vcmlnaW4uYmFuZC4yIiB2YWx1ZT0icGFnZUZvb3RlciIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC5wZGYuZm9yY2UubGluZWJyZWFrLnBvbGljeSIgdmFsdWU9InRydWUiLz4KCTxpbXBvcnQgdmFsdWU9Im9yZy5hcGFjaGUuY29tbW9ucy5sYW5nLlN0cmluZ1V0aWxzIi8+Cgk8aW1wb3J0IHZhbHVlPSJjb20uZXZvbHZldW0ubWlkcG9pbnQucmVwb3J0LmltcGwuUmVwb3J0VXRpbHMiLz4KCTxzdWJEYXRhc2V0IG5hbWU9ImVudHJ5RGVsdGFzIiB1dWlkPSI2NDg5NDAwNS1kMGY3LTQxYmEtYTA0Ny0xYTFhYmVhOWY1NWYiPgoJCTxmaWVsZCBuYW1lPSJleGVjdXRpb25SZXN1bHQiIGNsYXNzPSJjb20uZXZvbHZldW0ubWlkcG9pbnQueG1sLm5zLl9wdWJsaWMuY29tbW9uLmNvbW1vbl8zLk9wZXJhdGlvblJlc3VsdFR5cGUiLz4KCQk8ZmllbGQgbmFtZT0ib2JqZWN0RGVsdGEiIGNsYXNzPSJjb20uZXZvbHZldW0ucHJpc20ueG1sLm5zLl9wdWJsaWMudHlwZXNfMy5PYmplY3REZWx0YVR5cGUiLz4KCQk8ZmllbGQgbmFtZT0ib2JqZWN0TmFtZSIgY2xhc3M9ImphdmEubGFuZy5PYmplY3QiLz4KCQk8ZmllbGQgbmFtZT0icmVzb3VyY2VOYW1lIiBjbGFzcz0iamF2YS5sYW5nLk9iamVjdCIvPgoJPC9zdWJEYXRhc2V0PgoJPHBhcmFtZXRlciBuYW1lPSJmcm9tIiBjbGFzcz0iamF2YXgueG1sLmRhdGF0eXBlLlhNTEdyZWdvcmlhbkNhbGVuZGFyIj4KCQk8cHJvcGVydHkgbmFtZT0ibXVsdGl2YWx1ZSIgdmFsdWU9ImZhbHNlIi8+Cgk8L3BhcmFtZXRlcj4KCTxwYXJhbWV0ZXIgbmFtZT0idG8iIGNsYXNzPSJqYXZheC54bWwuZGF0YXR5cGUuWE1MR3JlZ29yaWFuQ2FsZW5kYXIiLz4KCTxwYXJhbWV0ZXIgbmFtZT0iZXZlbnRUeXBlIiBjbGFzcz0iamF2YS51dGlsLkxpc3QiIG5lc3RlZFR5cGU9ImNvbS5ldm9sdmV1bS5taWRwb2ludC54bWwubnMuX3B1YmxpYy5jb21tb24uYXVkaXRfMy5BdWRpdEV2ZW50VHlwZVR5cGUiPgoJCTxwcm9wZXJ0eSBuYW1lPSJtdWx0aXZhbHVlIiB2YWx1ZT0idHJ1ZSIvPgoJPC9wYXJhbWV0ZXI+Cgk8cGFyYW1ldGVyIG5hbWU9ImV2ZW50U3RhZ2UiIGNsYXNzPSJqYXZhLnV0aWwuTGlzdCIgbmVzdGVkVHlwZT0iY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5hdWRpdF8zLkF1ZGl0RXZlbnRTdGFnZVR5cGUiPgoJCTxwcm9wZXJ0eSBuYW1lPSJtdWx0aXZhbHVlIiB2YWx1ZT0idHJ1ZSIvPgoJPC9wYXJhbWV0ZXI+Cgk8cGFyYW1ldGVyIG5hbWU9Im91dGNvbWUiIGNsYXNzPSJqYXZhLnV0aWwuTGlzdCIgbmVzdGVkVHlwZT0iY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy5PcGVyYXRpb25SZXN1bHRTdGF0dXNUeXBlIj4KCQk8cHJvcGVydHkgbmFtZT0ibXVsdGl2YWx1ZSIgdmFsdWU9InRydWUiLz4KCTwvcGFyYW1ldGVyPgoJPHBhcmFtZXRlciBuYW1lPSJpbml0aWF0b3JOYW1lIiBjbGFzcz0iamF2YS5sYW5nLlN0cmluZyIvPgoJPHBhcmFtZXRlciBuYW1lPSJ0YXJnZXROYW1lIiBjbGFzcz0iamF2YS51dGlsLkxpc3QiIG5lc3RlZFR5cGU9ImphdmEubGFuZy5TdHJpbmciLz4KCTxxdWVyeVN0cmluZyBsYW5ndWFnZT0ibXFsIj4KCQk8IVtDREFUQVs8Y29kZT4NCiAgICBpbXBvcnQgamF2YS51dGlsLkdyZWdvcmlhbkNhbGVuZGFyOw0KICAgIGltcG9ydCBqYXZheC54bWwuZGF0YXR5cGUuRGF0YXR5cGVGYWN0b3J5Ow0KICAgIGltcG9ydCBqYXZheC54bWwuZGF0YXR5cGUuWE1MR3JlZ29yaWFuQ2FsZW5kYXI7IA0KICAgIA0KICAgIHF1ZXJ5ID0gInNlbGVjdCAqIGZyb20gbV9hdWRpdF9ldmVudCBhcyBhZXIgd2hlcmUgMT0xIGFuZCAiOw0KICAgICAgICANCiAgICBpZiAoYXVkaXRQYXJhbXMuZ2V0KCdmcm9tJykuZ2V0VmFsdWUoKSAhPSBudWxsKSB7DQogICAgICAgIHF1ZXJ5ICs9ICIoYWVyLnRpbWVzdGFtcFZhbHVlID49IDpmcm9tKSBhbmQgIjsNCiAgICB9IGVsc2Ugew0KICAgICAgICBhdWRpdFBhcmFtcy5yZW1vdmUoJ2Zyb20nKS5nZXRWYWx1ZSgpOw0KICAgIH0NCiAgICBpZiAoYXVkaXRQYXJhbXMuZ2V0KCd0bycpLmdldFZhbHVlKCkgIT0gbnVsbCkgew0KICAgICAgICBxdWVyeSArPSAiKGFlci50aW1lc3RhbXBWYWx1ZSA8PSA6dG8pIGFuZCAiOw0KICAgIH0gZWxzZSB7DQogICAgICAgIGF1ZGl0UGFyYW1zLnJlbW92ZSgndG8nKS5nZXRWYWx1ZSgpOw0KICAgIH0NCiAgICBpZiAoYXVkaXRQYXJhbXMuZ2V0KCdldmVudFR5cGUnKS5nZXRWYWx1ZSgpICE9IG51bGwpIHsNCiAgICAgICAgcXVlcnkgKz0gIihhZXIuZXZlbnRUeXBlIGluICg6ZXZlbnRUeXBlKSkgYW5kICI7DQogICAgfSBlbHNlIHsNCiAgICAgICAgYXVkaXRQYXJhbXMucmVtb3ZlKCdldmVudFR5cGUnKS5nZXRWYWx1ZSgpOw0KICAgIH0NCiAgICBpZiAoYXVkaXRQYXJhbXMuZ2V0KCdldmVudFN0YWdlJykuZ2V0VmFsdWUoKSAhPSBudWxsKSB7DQogICAgICAgIHF1ZXJ5ICs9ICIoYWVyLmV2ZW50U3RhZ2UgaW4gKDpldmVudFN0YWdlKSkgYW5kICI7DQogICAgfSBlbHNlIHsNCiAgICAgICAgYXVkaXRQYXJhbXMucmVtb3ZlKCdldmVudFN0YWdlJykuZ2V0VmFsdWUoKTsNCiAgICB9DQogICAgaWYgKGF1ZGl0UGFyYW1zLmdldCgnb3V0Y29tZScpLmdldFZhbHVlKCkgIT0gbnVsbCkgew0KICAgICAgICBxdWVyeSArPSAiKGFlci5vdXRjb21lIGluICg6b3V0Y29tZSkpIGFuZCAiOw0KICAgIH0gZWxzZSB7DQogICAgICAgIGF1ZGl0UGFyYW1zLnJlbW92ZSgnb3V0Y29tZScpLmdldFZhbHVlKCk7DQogICAgfQ0KICAgIGlmIChhdWRpdFBhcmFtcy5nZXQoJ2luaXRpYXRvck5hbWUnKS5nZXRWYWx1ZSgpICE9IG51bGwpIHsNCiAgICAgICAgcXVlcnkgKz0gIihhZXIuaW5pdGlhdG9yTmFtZSA9IDppbml0aWF0b3JOYW1lKSBhbmQgIjsNCiAgICB9IGVsc2Ugew0KICAgICAgICBhdWRpdFBhcmFtcy5yZW1vdmUoJ2luaXRpYXRvck5hbWUnKS5nZXRWYWx1ZSgpOw0KICAgIH0NCiAgICBpZiAoYXVkaXRQYXJhbXMuZ2V0KCd0YXJnZXROYW1lJykuZ2V0VmFsdWUoKSAhPSBudWxsKSB7DQogICAgICAgIHF1ZXJ5ICs9ICIoYWVyLnRhcmdldE5hbWUgaW4gKDp0YXJnZXROYW1lKSkgYW5kICI7DQogICAgfSBlbHNlIHsNCiAgICAgICAgYXVkaXRQYXJhbXMucmVtb3ZlKCd0YXJnZXROYW1lJykuZ2V0VmFsdWUoKTsNCiAgICB9DQogICAgDQogICAgcXVlcnkgPSBxdWVyeS5zdWJzdHJpbmcoMCwgcXVlcnkubGVuZ3RoKCktNSk7IC8vIHJlbW92ZSB0cmFpbGluZyBhbmQgDQogICAgcXVlcnkgKz0gIiBvcmRlciBieSBhZXIudGltZXN0YW1wVmFsdWUgYXNjIjsNCiAgICANCiAgICByZXBvcnQuc2VhcmNoQXVkaXRSZWNvcmRzKHF1ZXJ5LCBhdWRpdFBhcmFtcyk7DQo8L2NvZGU+XV0+Cgk8L3F1ZXJ5U3RyaW5nPgoJPGZpZWxkIG5hbWU9InRpbWVzdGFtcCIgY2xhc3M9ImphdmF4LnhtbC5kYXRhdHlwZS5YTUxHcmVnb3JpYW5DYWxlbmRhciIvPgoJPGZpZWxkIG5hbWU9ImV2ZW50VHlwZSIgY2xhc3M9ImNvbS5ldm9sdmV1bS5taWRwb2ludC54bWwubnMuX3B1YmxpYy5jb21tb24uYXVkaXRfMy5BdWRpdEV2ZW50VHlwZVR5cGUiLz4KCTxmaWVsZCBuYW1lPSJldmVudFN0YWdlIiBjbGFzcz0iY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5hdWRpdF8zLkF1ZGl0RXZlbnRTdGFnZVR5cGUiLz4KCTxmaWVsZCBuYW1lPSJ0YXJnZXRSZWYiIGNsYXNzPSJjb20uZXZvbHZldW0ubWlkcG9pbnQucHJpc20uUHJpc21SZWZlcmVuY2VWYWx1ZSIvPgoJPGZpZWxkIG5hbWU9ImluaXRpYXRvclJlZiIgY2xhc3M9ImNvbS5ldm9sdmV1bS5taWRwb2ludC5wcmlzbS5QcmlzbVJlZmVyZW5jZVZhbHVlIi8+Cgk8ZmllbGQgbmFtZT0ib3V0Y29tZSIgY2xhc3M9ImNvbS5ldm9sdmV1bS5taWRwb2ludC54bWwubnMuX3B1YmxpYy5jb21tb24uY29tbW9uXzMuT3BlcmF0aW9uUmVzdWx0U3RhdHVzVHlwZSIvPgoJPGZpZWxkIG5hbWU9Im1lc3NhZ2UiIGNsYXNzPSJqYXZhLmxhbmcuU3RyaW5nIi8+Cgk8ZmllbGQgbmFtZT0iZGVsdGEiIGNsYXNzPSJqYXZhLnV0aWwuQXJyYXlMaXN0Ii8+Cgk8YmFja2dyb3VuZD4KCQk8YmFuZCBzcGxpdFR5cGU9IlN0cmV0Y2giLz4KCTwvYmFja2dyb3VuZD4KCTx0aXRsZT4KCQk8YmFuZCBoZWlnaHQ9IjE5OCIgc3BsaXRUeXBlPSJTdHJldGNoIj4KCQkJPGZyYW1lPgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlRpdGxlIiBtb2RlPSJPcGFxdWUiIHg9IjAiIHk9IjAiIHdpZHRoPSIxMTIwIiBoZWlnaHQ9IjY3IiBiYWNrY29sb3I9IiMyNjc5OTQiIHV1aWQ9IjQ0YmVkYWNjLWZhMjMtNGZlMS1iNzFmLWU1YWZhOTQzZjU1MyIvPgoJCQkJPHN0YXRpY1RleHQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlRpdGxlIiB4PSIxMCIgeT0iMTMiIHdpZHRoPSIyNjYiIGhlaWdodD0iMzgiIHV1aWQ9ImYyZDk5Y2FkLTlkODQtNGY1MC1iNDU1LTQ1M2M4N2Y2MmM0YyIvPgoJCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHQ+PCFbQ0RBVEFbQXVkaXQgTG9nIFJlcG9ydF1dPjwvdGV4dD4KCQkJCTwvc3RhdGljVGV4dD4KCQkJPC9mcmFtZT4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIHg9IjIiIHk9Ijg1IiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjIwIiB1dWlkPSJlMDM1ZGJkNS1kYzJmLTQ1Y2ItOTM2Yy1hMDhlOWMwMTFlNDMiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtEYXRlIEZyb206XV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTx0ZXh0RmllbGQgcGF0dGVybj0iZGQuTU0ueXl5eSwgSEg6bW06c3MiPgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgaGVhZGVyIiBpc1ByaW50UmVwZWF0ZWRWYWx1ZXM9ImZhbHNlIiB4PSIxMTAiIHk9Ijg1IiB3aWR0aD0iMjQ0IiBoZWlnaHQ9IjIwIiB1dWlkPSIyOGJiOWI0Ny1hNjljLTQ4ZTEtOTA3My1kNTRkOTI2MjQyZTgiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIj4KCQkJCQk8Zm9udCBpc0JvbGQ9ImZhbHNlIi8+CgkJCQk8L3RleHRFbGVtZW50PgoJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbaW1wb3J0IGNvbS5ldm9sdmV1bS5taWRwb2ludC5yZXBvcnQuaW1wbC5SZXBvcnRVdGlsczsgCgkJCQkkUHtmcm9tfSAhPSBudWxsID8gUmVwb3J0VXRpbHMuY29udmVydERhdGVUaW1lKCRQe2Zyb219KSA6ICJBbnkiXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQk8L3RleHRGaWVsZD4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIHg9IjIiIHk9IjExNSIgd2lkdGg9IjEwMCIgaGVpZ2h0PSIyMCIgdXVpZD0iZTAzNWRiZDUtZGMyZi00NWNiLTkzNmMtYTA4ZTljMDExZTQzIi8+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbRGF0ZSBUbzpdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHRleHRGaWVsZCBwYXR0ZXJuPSJkZC5NTS55eXl5LCBISDptbTpzcyI+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIGlzUHJpbnRSZXBlYXRlZFZhbHVlcz0iZmFsc2UiIHg9IjExMCIgeT0iMTE1IiB3aWR0aD0iMjQ0IiBoZWlnaHQ9IjIwIiB1dWlkPSIyOGJiOWI0Ny1hNjljLTQ4ZTEtOTA3My1kNTRkOTI2MjQyZTgiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIj4KCQkJCQk8Zm9udCBpc0JvbGQ9ImZhbHNlIi8+CgkJCQk8L3RleHRFbGVtZW50PgoJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbaW1wb3J0IGNvbS5ldm9sdmV1bS5taWRwb2ludC5yZXBvcnQuaW1wbC5SZXBvcnRVdGlsczsKCQkJCSRQe3RvfSAhPSBudWxsID8gUmVwb3J0VXRpbHMuY29udmVydERhdGVUaW1lKCRQe3RvfSkgOiAiQW55Il1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJPC90ZXh0RmllbGQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgaGVhZGVyIiB4PSIyIiB5PSIxNDUiIHdpZHRoPSIxMDAiIGhlaWdodD0iMjAiIHV1aWQ9ImUwMzVkYmQ1LWRjMmYtNDVjYi05MzZjLWEwOGU5YzAxMWU0MyIvPgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCTx0ZXh0PjwhW0NEQVRBW0V2ZW50IFR5cGU6XV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTx0ZXh0RmllbGQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIGlzUHJpbnRSZXBlYXRlZFZhbHVlcz0iZmFsc2UiIHg9IjExMCIgeT0iMTQ1IiB3aWR0aD0iMjQ0IiBoZWlnaHQ9IjIwIiB1dWlkPSIyOGJiOWI0Ny1hNjljLTQ4ZTEtOTA3My1kNTRkOTI2MjQyZTgiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIj4KCQkJCQk8Zm9udCBpc0JvbGQ9ImZhbHNlIi8+CgkJCQk8L3RleHRFbGVtZW50PgoJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbaW1wb3J0IGNvbS5ldm9sdmV1bS5taWRwb2ludC5yZXBvcnQuaW1wbC5SZXBvcnRVdGlsczsKCQkJCVJlcG9ydFV0aWxzLmdldFByb3BlcnR5U3RyaW5nKCJBdWRpdEV2ZW50VHlwZS4iLCAkUHtldmVudFR5cGV9LCAiQW55IildXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCTwvdGV4dEZpZWxkPgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGhlYWRlciIgeD0iMiIgeT0iMTc1IiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjIwIiB1dWlkPSJlMDM1ZGJkNS1kYzJmLTQ1Y2ItOTM2Yy1hMDhlOWMwMTFlNDMiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtFdmVudCBTdGFnZTpdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHRleHRGaWVsZCBpc0JsYW5rV2hlbk51bGw9InRydWUiPgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgaGVhZGVyIiBpc1ByaW50UmVwZWF0ZWRWYWx1ZXM9ImZhbHNlIiB4PSIxMTAiIHk9IjE3NSIgd2lkdGg9IjI0NCIgaGVpZ2h0PSIyMCIgdXVpZD0iMjhiYjliNDctYTY5Yy00OGUxLTkwNzMtZDU0ZDkyNjI0MmU4Ii8+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSI+CgkJCQkJPGZvbnQgaXNCb2xkPSJmYWxzZSIvPgoJCQkJPC90ZXh0RWxlbWVudD4KCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBW2ltcG9ydCBjb20uZXZvbHZldW0ubWlkcG9pbnQucmVwb3J0LmltcGwuUmVwb3J0VXRpbHM7CgkJCQlSZXBvcnRVdGlscy5nZXRQcm9wZXJ0eVN0cmluZygiQXVkaXRFdmVudFN0YWdlLiIsICRQe2V2ZW50U3RhZ2V9LCAiQW55IildXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCTwvdGV4dEZpZWxkPgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGhlYWRlciIgeD0iNDAwIiB5PSI4NSIgd2lkdGg9IjEwMCIgaGVpZ2h0PSIyMCIgdXVpZD0iZTAzNWRiZDUtZGMyZi00NWNiLTkzNmMtYTA4ZTljMDExZTQzIi8+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbT3V0Y29tZTpdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHRleHRGaWVsZD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGhlYWRlciIgaXNQcmludFJlcGVhdGVkVmFsdWVzPSJmYWxzZSIgeD0iNTEwIiB5PSI4NSIgd2lkdGg9IjI0NCIgaGVpZ2h0PSIyMCIgdXVpZD0iMjhiYjliNDctYTY5Yy00OGUxLTkwNzMtZDU0ZDkyNjI0MmU4Ii8+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSI+CgkJCQkJPGZvbnQgaXNCb2xkPSJmYWxzZSIvPgoJCQkJPC90ZXh0RWxlbWVudD4KCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBW2ltcG9ydCBjb20uZXZvbHZldW0ubWlkcG9pbnQucmVwb3J0LmltcGwuUmVwb3J0VXRpbHM7CgkJCQlSZXBvcnRVdGlscy5nZXRQcm9wZXJ0eVN0cmluZygiT3BlcmF0aW9uUmVzdWx0U3RhdHVzVHlwZS4iLCAkUHtvdXRjb21lfSwgIkFueSIpXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQk8L3RleHRGaWVsZD4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIHg9IjQwMCIgeT0iMTE1IiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjIwIiB1dWlkPSJlMDM1ZGJkNS1kYzJmLTQ1Y2ItOTM2Yy1hMDhlOWMwMTFlNDMiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtJbml0aWF0b3IgTmFtZTpdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHRleHRGaWVsZD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGhlYWRlciIgaXNQcmludFJlcGVhdGVkVmFsdWVzPSJmYWxzZSIgeD0iNTEwIiB5PSIxMTUiIHdpZHRoPSIyNDQiIGhlaWdodD0iMjAiIHV1aWQ9IjI4YmI5YjQ3LWE2OWMtNDhlMS05MDczLWQ1NGQ5MjYyNDJlOCIvPgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiPgoJCQkJCTxmb250IGlzQm9sZD0iZmFsc2UiLz4KCQkJCTwvdGV4dEVsZW1lbnQ+CgkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVskUHtpbml0aWF0b3JOYW1lfSAhPSBudWxsID8gJFB7aW5pdGlhdG9yTmFtZX0gOiAiQW55Il1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJPC90ZXh0RmllbGQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgaGVhZGVyIiB4PSI0MDAiIHk9IjE0NSIgd2lkdGg9IjEwMCIgaGVpZ2h0PSIyMCIgdXVpZD0iZTAzNWRiZDUtZGMyZi00NWNiLTkzNmMtYTA4ZTljMDExZTQzIi8+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbVGFyZ2V0IE5hbWU6XV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTx0ZXh0RmllbGQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIGlzUHJpbnRSZXBlYXRlZFZhbHVlcz0iZmFsc2UiIHg9IjUxMCIgeT0iMTQ1IiB3aWR0aD0iMjQ0IiBoZWlnaHQ9IjIwIiB1dWlkPSIyOGJiOWI0Ny1hNjljLTQ4ZTEtOTA3My1kNTRkOTI2MjQyZTgiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIj4KCQkJCQk8Zm9udCBpc0JvbGQ9ImZhbHNlIi8+CgkJCQk8L3RleHRFbGVtZW50PgoJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbaW1wb3J0IG9yZy5hcGFjaGUuY29tbW9ucy5sYW5nLlN0cmluZ1V0aWxzOwoJCQkJJFB7dGFyZ2V0TmFtZX0gIT0gbnVsbCA/IFN0cmluZ1V0aWxzLmpvaW4oJFB7dGFyZ2V0TmFtZX0sICIsICIpIDogIkFueSJdXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCTwvdGV4dEZpZWxkPgoJCTwvYmFuZD4KCTwvdGl0bGU+Cgk8cGFnZUhlYWRlcj4KCQk8YmFuZCBzcGxpdFR5cGU9IlN0cmV0Y2giLz4KCTwvcGFnZUhlYWRlcj4KCTxjb2x1bW5IZWFkZXI+CgkJPGJhbmQgaGVpZ2h0PSIyNCIgc3BsaXRUeXBlPSJTdHJldGNoIj4KCQkJPGZyYW1lPgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIG1vZGU9IlRyYW5zcGFyZW50IiB4PSIwIiB5PSIxIiB3aWR0aD0iMTEyMCIgaGVpZ2h0PSIxOSIgaXNSZW1vdmVMaW5lV2hlbkJsYW5rPSJ0cnVlIiB1dWlkPSIzZThmZGQ2ZC1hNmZmLTQ0MDctOWExZS01ZDZiNDcwNjMwMGEiLz4KCQkJCTxzdGF0aWNUZXh0PgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJDb2x1bW4gaGVhZGVyIiB4PSIwIiB5PSIwIiB3aWR0aD0iMTIwIiBoZWlnaHQ9IjE4IiB1dWlkPSI4NmM3NGJlYi1iZGRkLTQ4Y2MtOTQ1YS0xNjdiMjYxYjFlMGIiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIiB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHQ+PCFbQ0RBVEFbVGltZXN0YW1wXV0+PC90ZXh0PgoJCQkJPC9zdGF0aWNUZXh0PgoJCQkJPHN0YXRpY1RleHQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjEyMCIgeT0iMCIgd2lkdGg9IjgwIiBoZWlnaHQ9IjE4IiB1dWlkPSI4NmM3NGJlYi1iZGRkLTQ4Y2MtOTQ1YS0xNjdiMjYxYjFlMGIiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIiB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHQ+PCFbQ0RBVEFbSW5pdGlhdG9yXV0+PC90ZXh0PgoJCQkJPC9zdGF0aWNUZXh0PgoJCQkJPHN0YXRpY1RleHQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjIwMCIgeT0iMCIgd2lkdGg9IjkwIiBoZWlnaHQ9IjE4IiB1dWlkPSI4NmM3NGJlYi1iZGRkLTQ4Y2MtOTQ1YS0xNjdiMjYxYjFlMGIiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIiB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHQ+PCFbQ0RBVEFbRXZlbnQgVHlwZV1dPjwvdGV4dD4KCQkJCTwvc3RhdGljVGV4dD4KCQkJCTxzdGF0aWNUZXh0PgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJDb2x1bW4gaGVhZGVyIiB4PSIyOTAiIHk9IjAiIHdpZHRoPSI5MCIgaGVpZ2h0PSIxOCIgdXVpZD0iODZjNzRiZWItYmRkZC00OGNjLTk0NWEtMTY3YjI2MWIxZTBiIi8+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0PjwhW0NEQVRBW0V2ZW50IFN0YWdlXV0+PC90ZXh0PgoJCQkJPC9zdGF0aWNUZXh0PgoJCQkJPHN0YXRpY1RleHQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjM4MCIgeT0iMCIgd2lkdGg9IjEwMCIgaGVpZ2h0PSIxOCIgdXVpZD0iODZjNzRiZWItYmRkZC00OGNjLTk0NWEtMTY3YjI2MWIxZTBiIi8+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0PjwhW0NEQVRBW1RhcmdldF1dPjwvdGV4dD4KCQkJCTwvc3RhdGljVGV4dD4KCQkJCTxzdGF0aWNUZXh0PgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJDb2x1bW4gaGVhZGVyIiB4PSI0ODAiIHk9IjAiIHdpZHRoPSI4MCIgaGVpZ2h0PSIxOCIgdXVpZD0iODZjNzRiZWItYmRkZC00OGNjLTk0NWEtMTY3YjI2MWIxZTBiIi8+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0PjwhW0NEQVRBW091dGNvbWVdXT48L3RleHQ+CgkJCQk8L3N0YXRpY1RleHQ+CgkJCQk8c3RhdGljVGV4dD4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29sdW1uIGhlYWRlciIgeD0iNTYwIiB5PSIwIiB3aWR0aD0iMTYwIiBoZWlnaHQ9IjE4IiB1dWlkPSI4NmM3NGJlYi1iZGRkLTQ4Y2MtOTQ1YS0xNjdiMjYxYjFlMGIiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIiB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHQ+PCFbQ0RBVEFbTWVzc2FnZV1dPjwvdGV4dD4KCQkJCTwvc3RhdGljVGV4dD4KCQkJCTxzdGF0aWNUZXh0PgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJDb2x1bW4gaGVhZGVyIiB4PSI3MjAiIHk9IjAiIHdpZHRoPSI0MDAiIGhlaWdodD0iMTgiIHV1aWQ9Ijg2Yzc0YmViLWJkZGQtNDhjYy05NDVhLTE2N2IyNjFiMWUwYiIvPgoJCQkJCTx0ZXh0RWxlbWVudCB0ZXh0QWxpZ25tZW50PSJDZW50ZXIiIHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCQk8dGV4dD48IVtDREFUQVtEZWx0YV1dPjwvdGV4dD4KCQkJCTwvc3RhdGljVGV4dD4KCQkJPC9mcmFtZT4KCQk8L2JhbmQ+Cgk8L2NvbHVtbkhlYWRlcj4KCTxkZXRhaWw+CgkJPGJhbmQgaGVpZ2h0PSIxNSIgc3BsaXRUeXBlPSJTdHJldGNoIj4KCQkJPGZyYW1lPgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkRldGFpbCIgbW9kZT0iT3BhcXVlIiB4PSIwIiB5PSIwIiB3aWR0aD0iMTEyMCIgaGVpZ2h0PSIxNCIgdXVpZD0iM2U4ZmRkNmQtYTZmZi00NDA3LTlhMWUtNWQ2YjQ3MDYzMDBhIi8+CgkJCQk8dGV4dEZpZWxkIGlzU3RyZXRjaFdpdGhPdmVyZmxvdz0idHJ1ZSIgcGF0dGVybj0iZGQuTU0ueXl5eSwgSEg6bW06c3MiPgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJEZXRhaWwiIHg9IjAiIHk9IjAiIHdpZHRoPSIxMjAiIGhlaWdodD0iMTMiIGlzUHJpbnRXaGVuRGV0YWlsT3ZlcmZsb3dzPSJ0cnVlIiB1dWlkPSIyOGJiOWI0Ny1hNjljLTQ4ZTEtOTA3My1kNTRkOTI2MjQyZTgiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBW2ltcG9ydCBjb20uZXZvbHZldW0ubWlkcG9pbnQucmVwb3J0LmltcGwuUmVwb3J0VXRpbHM7CgkJCQkJUmVwb3J0VXRpbHMuY29udmVydERhdGVUaW1lKCRGe3RpbWVzdGFtcH0pXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkIGlzU3RyZXRjaFdpdGhPdmVyZmxvdz0idHJ1ZSIgaXNCbGFua1doZW5OdWxsPSJ0cnVlIj4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iRGV0YWlsIiB4PSIxMjAiIHk9IjAiIHdpZHRoPSI4MCIgaGVpZ2h0PSIxMyIgaXNQcmludFdoZW5EZXRhaWxPdmVyZmxvd3M9InRydWUiIHV1aWQ9IjI4YmI5YjQ3LWE2OWMtNDhlMS05MDczLWQ1NGQ5MjYyNDJlOCI+CgkJCQkJCTxwcmludFdoZW5FeHByZXNzaW9uPjwhW0NEQVRBW2ltcG9ydCBjb20uZXZvbHZldW0ubWlkcG9pbnQucHJpc20uUHJpc21SZWZlcmVuY2VWYWx1ZTsKCQkJCQkkRntpbml0aWF0b3JSZWZ9IGluc3RhbmNlb2YgUHJpc21SZWZlcmVuY2VWYWx1ZV1dPjwvcHJpbnRXaGVuRXhwcmVzc2lvbj4KCQkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVskRntpbml0aWF0b3JSZWZ9LmdldFRhcmdldE5hbWUoKV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZCBpc1N0cmV0Y2hXaXRoT3ZlcmZsb3c9InRydWUiIGlzQmxhbmtXaGVuTnVsbD0idHJ1ZSI+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkRldGFpbCIgeD0iMjAwIiB5PSIwIiB3aWR0aD0iOTAiIGhlaWdodD0iMTMiIGlzUHJpbnRXaGVuRGV0YWlsT3ZlcmZsb3dzPSJ0cnVlIiB1dWlkPSIyOGJiOWI0Ny1hNjljLTQ4ZTEtOTA3My1kNTRkOTI2MjQyZTgiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIiB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbaW1wb3J0IGNvbS5ldm9sdmV1bS5taWRwb2ludC5yZXBvcnQuaW1wbC5SZXBvcnRVdGlsczsKCQkJCQkkRntldmVudFR5cGV9ICE9IG51bGwgPyBSZXBvcnRVdGlscy5nZXRQcm9wZXJ0eVN0cmluZygiQXVkaXRFdmVudFR5cGUuIiskRntldmVudFR5cGV9KSA6IG51bGxdXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQgaXNTdHJldGNoV2l0aE92ZXJmbG93PSJ0cnVlIiBpc0JsYW5rV2hlbk51bGw9InRydWUiPgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJEZXRhaWwiIHg9IjI5MCIgeT0iMCIgd2lkdGg9IjkwIiBoZWlnaHQ9IjEzIiBpc1ByaW50V2hlbkRldGFpbE92ZXJmbG93cz0idHJ1ZSIgdXVpZD0iMjhiYjliNDctYTY5Yy00OGUxLTkwNzMtZDU0ZDkyNjI0MmU4Ii8+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBW2ltcG9ydCBjb20uZXZvbHZldW0ubWlkcG9pbnQucmVwb3J0LmltcGwuUmVwb3J0VXRpbHM7CgkJCQkJJEZ7ZXZlbnRTdGFnZX0gIT0gbnVsbCA/IFJlcG9ydFV0aWxzLmdldFByb3BlcnR5U3RyaW5nKCJBdWRpdEV2ZW50U3RhZ2VUeXBlLiIrJEZ7ZXZlbnRTdGFnZX0pIDogbnVsbF1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZCBpc1N0cmV0Y2hXaXRoT3ZlcmZsb3c9InRydWUiIGlzQmxhbmtXaGVuTnVsbD0idHJ1ZSI+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkRldGFpbCIgeD0iMzgwIiB5PSIwIiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjEzIiBpc1ByaW50V2hlbkRldGFpbE92ZXJmbG93cz0idHJ1ZSIgdXVpZD0iMjhiYjliNDctYTY5Yy00OGUxLTkwNzMtZDU0ZDkyNjI0MmU4Ij4KCQkJCQkJPHByaW50V2hlbkV4cHJlc3Npb24+PCFbQ0RBVEFbISRGe3RhcmdldFJlZn0uZXF1YWxzKG51bGwpXV0+PC9wcmludFdoZW5FeHByZXNzaW9uPgoJCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBW2ltcG9ydCBjb20uZXZvbHZldW0ubWlkcG9pbnQucHJpc20uUHJpc21SZWZlcmVuY2VWYWx1ZTsKCQkJCQlpZighKCRGe3RhcmdldFJlZn0gaW5zdGFuY2VvZiBQcmlzbVJlZmVyZW5jZVZhbHVlKSl7CgkJCQkJICAgcmV0dXJuIG51bGwKCQkJCQl9CgkJCQkJCgkJCQkJaWYoJEZ7dGFyZ2V0UmVmfSAhPSBudWxsKXsKCQkJCQkgICAkRnt0YXJnZXRSZWZ9LmdldFRhcmdldFR5cGUoKS5nZXRMb2NhbFBhcnQoKSsiOiAiKyRGe3RhcmdldFJlZn0uZ2V0VGFyZ2V0TmFtZSgpCgkJCQkJfV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZCBpc1N0cmV0Y2hXaXRoT3ZlcmZsb3c9InRydWUiIGlzQmxhbmtXaGVuTnVsbD0idHJ1ZSI+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkRldGFpbCIgeD0iNDgwIiB5PSIwIiB3aWR0aD0iODAiIGhlaWdodD0iMTMiIGlzUHJpbnRXaGVuRGV0YWlsT3ZlcmZsb3dzPSJ0cnVlIiB1dWlkPSIyOGJiOWI0Ny1hNjljLTQ4ZTEtOTA3My1kNTRkOTI2MjQyZTgiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIiB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbaW1wb3J0IGNvbS5ldm9sdmV1bS5taWRwb2ludC5yZXBvcnQuaW1wbC5SZXBvcnRVdGlsczsKCQkJCQkkRntvdXRjb21lfSAhPSBudWxsID8gUmVwb3J0VXRpbHMuZ2V0UHJvcGVydHlTdHJpbmcoIk9wZXJhdGlvblJlc3VsdFN0YXR1c1R5cGUuIiskRntvdXRjb21lfSkgOiBudWxsXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkIGlzU3RyZXRjaFdpdGhPdmVyZmxvdz0idHJ1ZSIgaXNCbGFua1doZW5OdWxsPSJ0cnVlIj4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29kZSIgeD0iNTYwIiB5PSIwIiB3aWR0aD0iMTYwIiBoZWlnaHQ9IjEzIiBpc1ByaW50V2hlbkRldGFpbE92ZXJmbG93cz0idHJ1ZSIgdXVpZD0iMjhiYjliNDctYTY5Yy00OGUxLTkwNzMtZDU0ZDkyNjI0MmU4Ii8+CgkJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVskRnttZXNzYWdlfV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZCBpc1N0cmV0Y2hXaXRoT3ZlcmZsb3c9InRydWUiIGlzQmxhbmtXaGVuTnVsbD0idHJ1ZSI+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvZGUiIHg9IjcyMCIgeT0iMCIgd2lkdGg9IjQwMCIgaGVpZ2h0PSIxMyIgaXNQcmludFdoZW5EZXRhaWxPdmVyZmxvd3M9InRydWUiIHV1aWQ9IjI4YmI5YjQ3LWE2OWMtNDhlMS05MDczLWQ1NGQ5MjYyNDJlOCIvPgoJCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbaW1wb3J0IGNvbS5ldm9sdmV1bS5taWRwb2ludC5yZXBvcnQuaW1wbC5SZXBvcnRVdGlsczsKCQkJCQkgICAgICAgICAgICAgICAgICAgICAgICBpbXBvcnQgY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy5PYmplY3REZWx0YU9wZXJhdGlvblR5cGU7CgkJCQkJCgkJCQkJICAgICAgICAgICAgICAgICAgICAgICAgaWYoJEZ7ZGVsdGF9ID09IG51bGwpewoJCQkJCSAgICAgICAgICAgICAgICAgICAgICAgICAgIHJldHVybiBudWxsCgkJCQkJICAgICAgICAgICAgICAgICAgICAgICAgfQoJCQkJCSAgICAgICAgICAgICAgICAgICAgICAgIFN0cmluZyByZXQgPSAiIjsKCQkJCQkgICAgICAgICAgICAgICAgICAgICAgICBmb3IoT2JqZWN0RGVsdGFPcGVyYXRpb25UeXBlIG9iamVjdERlbHRhIDogJEZ7ZGVsdGF9KXsKCQkJCQkgICAgICAgICAgICAgICAgICAgICAgICAgICByZXQgPSByZXQgKyBSZXBvcnRVdGlscy5wcmludERlbHRhKG9iamVjdERlbHRhLmdldE9iamVjdERlbHRhKCksIChvYmplY3REZWx0YS5nZXRPYmplY3ROYW1lKCk9PW51bGwpP251bGw6b2JqZWN0RGVsdGEuZ2V0T2JqZWN0TmFtZSgpLnRvU3RyaW5nKCksIChvYmplY3REZWx0YS5nZXRSZXNvdXJjZU5hbWUoKT09bnVsbCk/bnVsbDpvYmplY3REZWx0YS5nZXRSZXNvdXJjZU5hbWUoKS50b1N0cmluZygpKSArICJcbiIKCQkJCQkgICAgICAgICAgICAgICAgICAgICAgICB9CgkJCQkJICAgICAgICAgICAgICAgICAgICAgICAgaWYgKHJldCAhPSBudWxsICYmIHJldC5sZW5ndGgoKSA+IDApIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmV0ID0gcmV0LnN1YnN0cmluZygwLCByZXQubGVuZ3RoKCkgLSAxKTsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQoJCQkJCSAgICAgICAgICAgICAgICAgICAgICAgIHJldHVybiByZXRdXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTxsaW5lPgoJCQkJCTxyZXBvcnRFbGVtZW50IHBvc2l0aW9uVHlwZT0iRml4UmVsYXRpdmVUb0JvdHRvbSIgbW9kZT0iT3BhcXVlIiB4PSIwIiB5PSIxMyIgd2lkdGg9IjExMjAiIGhlaWdodD0iMSIgZm9yZWNvbG9yPSIjMzMzMzMzIiB1dWlkPSI0N2Y5MTgwMS1jZjVmLTRiZWQtYjE5Yy1jYTM5MzFjYmY5OGQiLz4KCQkJCTwvbGluZT4KCQkJPC9mcmFtZT4KCQk8L2JhbmQ+Cgk8L2RldGFpbD4KCTxjb2x1bW5Gb290ZXI+CgkJPGJhbmQgaGVpZ2h0PSI3IiBzcGxpdFR5cGU9IlN0cmV0Y2giPgoJCQk8bGluZT4KCQkJCTxyZXBvcnRFbGVtZW50IHBvc2l0aW9uVHlwZT0iRml4UmVsYXRpdmVUb0JvdHRvbSIgeD0iMCIgeT0iMyIgd2lkdGg9IjExMjAiIGhlaWdodD0iMSIgdXVpZD0iYTU5MWQ0YzEtMWNhZC00ZGEyLTlmOWQtMDgxZjUzOWU5MDQzIi8+CgkJCQk8Z3JhcGhpY0VsZW1lbnQ+CgkJCQkJPHBlbiBsaW5lV2lkdGg9IjAuNSIgbGluZUNvbG9yPSIjOTk5OTk5Ii8+CgkJCQk8L2dyYXBoaWNFbGVtZW50PgoJCQk8L2xpbmU+CgkJPC9iYW5kPgoJPC9jb2x1bW5Gb290ZXI+Cgk8cGFnZUZvb3Rlcj4KCQk8YmFuZCBoZWlnaHQ9IjMyIiBzcGxpdFR5cGU9IlN0cmV0Y2giPgoJCQk8ZnJhbWU+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBmb290ZXIiIG1vZGU9IlRyYW5zcGFyZW50IiB4PSIwIiB5PSIxIiB3aWR0aD0iMTEyMCIgaGVpZ2h0PSIyNCIgZm9yZWNvbG9yPSIjMDAwMDAwIiBiYWNrY29sb3I9IiMyNjc5OTQiIHV1aWQ9ImZiZThhYWU0LTY1MDAtNDY4YS1iMWU4LTcwMGI1NjkxMzlhMSIvPgoJCQkJPHRleHRGaWVsZCBwYXR0ZXJuPSJFRUVFRSBkZCBNTU1NTSB5eXl5Ij4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBmb290ZXIiIHg9IjIiIHk9IjEiIHdpZHRoPSIxOTciIGhlaWdodD0iMjAiIHV1aWQ9IjI4YmI5YjQ3LWE2OWMtNDhlMS05MDczLWQ1NGQ5MjYyNDJlOCIvPgoJCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbbmV3IGphdmEudXRpbC5EYXRlKCldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgZm9vdGVyIiB4PSIxMDAwIiB5PSIxIiB3aWR0aD0iODAiIGhlaWdodD0iMjAiIHV1aWQ9IjVjMDYyYzY2LWJhNDUtNDI4OC05ZGNkLTI0NmUyOGM1YWY3NSIvPgoJCQkJCTx0ZXh0RWxlbWVudCB0ZXh0QWxpZ25tZW50PSJSaWdodCIgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBWyJQYWdlICIrJFZ7UEFHRV9OVU1CRVJ9KyIgb2YiXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkIGV2YWx1YXRpb25UaW1lPSJSZXBvcnQiPgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGZvb3RlciIgeD0iMTA4MCIgeT0iMSIgd2lkdGg9IjQwIiBoZWlnaHQ9IjIwIiB1dWlkPSI5MzRiMTZlOC1jM2ViLTQwMTctODY2YS0wYjc3MzViZjI5MTciLz4KCQkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBWyIgIiArICRWe1BBR0VfTlVNQkVSfV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQk8L2ZyYW1lPgoJCTwvYmFuZD4KCTwvcGFnZUZvb3Rlcj4KCTxzdW1tYXJ5PgoJCTxiYW5kIHNwbGl0VHlwZT0iU3RyZXRjaCIvPgoJPC9zdW1tYXJ5Pgo8L2phc3BlclJlcG9ydD4K</template>
-        <templateStyle>PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgamFzcGVyVGVtcGxhdGUNCiAgUFVCTElDICItLy9KYXNwZXJSZXBvcnRzLy9EVEQgVGVtcGxhdGUvL0VOIg0KICAiaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2R0ZHMvamFzcGVydGVtcGxhdGUuZHRkIj4NCjxqYXNwZXJUZW1wbGF0ZT4NCiAgICAgICAgCTxzdHlsZSBmb250TmFtZT0iRGVqYVZ1IFNhbnMiIGZvbnRTaXplPSIxMCIgaEFsaWduPSJMZWZ0IiBpc0RlZmF1bHQ9InRydWUiIGlzUGRmRW1iZWRkZWQ9InRydWUiIA0KCQkJCSAgIG5hbWU9IkJhc2UiIHBkZkVuY29kaW5nPSJJZGVudGl0eS1IIiBwZGZGb250TmFtZT0iRGVqYVZ1U2Fucy50dGYiIHZBbGlnbj0iTWlkZGxlIj4NCgkJCTwvc3R5bGU+DQoJCQk8c3R5bGUgYmFja2NvbG9yPSIjMjY3OTk0IiBmb250U2l6ZT0iMjYiIGZvcmVjb2xvcj0iI0ZGRkZGRiIgaXNEZWZhdWx0PSJmYWxzZSINCiAgICAgICAgICAgICAgICAgICBtb2RlPSJPcGFxdWUiIG5hbWU9IlRpdGxlIiBzdHlsZT0iQmFzZSIvPiANCgkJCTxzdHlsZSBmb250U2l6ZT0iMTIiIGZvcmVjb2xvcj0iIzAwMDAwMCIgaXNEZWZhdWx0PSJmYWxzZSIgbmFtZT0iUGFnZSBoZWFkZXIiDQogICAgICAgICAgICAgICAgICAgc3R5bGU9IkJhc2UiLz4NCgkJCTxzdHlsZSBiYWNrY29sb3I9IiMzMzMzMzMiIGZvbnRTaXplPSIxMiIgZm9yZWNvbG9yPSIjRkZGRkZGIiBoQWxpZ249IkNlbnRlciINCiAgICAgICAgICAgICAgICAgICBpc0RlZmF1bHQ9ImZhbHNlIiBtb2RlPSJPcGFxdWUiIG5hbWU9IkNvbHVtbiBoZWFkZXIiIHN0eWxlPSJCYXNlIi8+DQoJCQk8c3R5bGUgaXNCb2xkPSJmYWxzZSIgaXNEZWZhdWx0PSJmYWxzZSIgbmFtZT0iRGV0YWlsIiBzdHlsZT0iQmFzZSIvPg0KICAgICAgICAgICAgPHN0eWxlIGlzQm9sZD0iZmFsc2UiIGlzRGVmYXVsdD0iZmFsc2UiIG5hbWU9IkNvZGUiIHN0eWxlPSJCYXNlIiBmb250U2l6ZT0iOSIvPg0KCQkJPHN0eWxlIGZvbnRTaXplPSI5IiBmb3JlY29sb3I9IiMwMDAwMDAiIGlzRGVmYXVsdD0iZmFsc2UiIG5hbWU9IlBhZ2UgZm9vdGVyIg0KICAgICAgICAgICAgICAgICAgIHN0eWxlPSJCYXNlIi8+DQoJCTwvamFzcGVyVGVtcGxhdGU+</templateStyle>
-        <export>html</export>
-          <virtualizer>JRSwapFileVirtualizer</virtualizer>
-          <virtualizerKickOn>300</virtualizerKickOn>
-             <maxPages>10000</maxPages>
-          <timeout>300000</timeout>
-    </jasper>
-      <defaultScriptConfiguration>
-         <objectVariableMode>prismReference</objectVariableMode>
-       </defaultScriptConfiguration>
-</report>
diff --git a/gui/admin-gui/src/main/resources/initial-objects/090-report-audit.xml b/gui/admin-gui/src/main/resources/initial-objects/090-report-audit.xml
new file mode 100644
index 00000000000..1704e9025ea
--- /dev/null
+++ b/gui/admin-gui/src/main/resources/initial-objects/090-report-audit.xml
@@ -0,0 +1,227 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2010-2020 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
+<report xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        oid="00000000-0000-0000-0000-000000000080">
+    <name>All audit records report</name>
+    <description>Report made from all audit records.</description>
+    <assignment>
+        <targetRef oid="00000000-0000-0000-0000-000000000171" type="ArchetypeType"/>
+    </assignment>
+    <objectCollection>
+        <collection>
+            <baseCollectionRef>
+                <collectionRef oid="00000000-0000-0000-0001-000000000284" type="ObjectCollectionType"/>
+            </baseCollectionRef>
+            <filter>
+                <q:and>
+                    <q:ref>
+                        <q:path>targetRef</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <objectVariableMode>prismReference</objectVariableMode>
+                                <code>
+                                    import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
+
+                                    if (!target) {
+                                        return null;
+                                    }
+
+                                    ObjectReferenceType ort = new ObjectReferenceType();
+                                    ort.setOid(target.getOid());
+                                    ort.setRelation(target.getRelation());
+                                    ort.setType(target.getTargetType());
+                                    return ort;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:ref>
+                    <q:ref>
+                        <q:path>initiatorRef</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <objectVariableMode>prismReference</objectVariableMode>
+                                <code>
+                                    import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
+
+                                    if (!initiator) {
+                                        return null;
+                                    }
+
+                                    ObjectReferenceType ort = new ObjectReferenceType();
+                                    ort.setOid(initiator.getOid());
+                                    ort.setRelation(initiator.getRelation());
+                                    ort.setType(initiator.getTargetType());
+                                    return ort;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:ref>
+                    <q:equal>
+                        <q:path>outcome</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <code>
+                                    if (!outcome) {
+                                        return null;
+                                    }
+                                    return outcome;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:equal>
+                    <q:equal>
+                        <q:path>eventType</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <code>
+                                    if (!eventType) {
+                                        return null;
+                                    }
+                                    return eventType;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:equal>
+                    <q:equal>
+                        <q:path>eventStage</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <code>
+                                    if (!eventStage) {
+                                        return null;
+                                    }
+                                    return eventStage;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:equal>
+                    <q:greater>
+                        <q:path>timestamp</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <code>
+                                    if (!from) {
+                                        return null;
+                                    }
+                                    return from;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:greater>
+                    <q:less>
+                        <q:path>timestamp</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <code>
+                                    if (!to) {
+                                        return null;
+                                    }
+                                    return to;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:less>
+                </q:and>
+            </filter>
+        </collection>
+        <parameter>
+            <name>outcome</name>
+            <type>OperationResultStatusType</type>
+            <display>
+                <label>
+                    <orig>outcome</orig>
+                    <translation>
+                        <key>AuditEventRecordType.outcome</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>eventType</name>
+            <type>AuditEventTypeType</type>
+            <display>
+                <label>
+                    <orig>eventType</orig>
+                    <translation>
+                        <key>AuditEventRecordType.eventType</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>eventStage</name>
+            <type>AuditEventStageType</type>
+            <display>
+                <label>
+                    <orig>eventStage</orig>
+                    <translation>
+                        <key>AuditEventRecordType.eventStage</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>from</name>
+            <type>dateTime</type>
+            <display>
+                <label>
+                    <orig>from</orig>
+                    <translation>
+                        <key>AuditPopupPanel.dateFrom</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>to</name>
+            <type>dateTime</type>
+            <display>
+                <label>
+                    <orig>to</orig>
+                    <translation>
+                        <key>AuditPopupPanel.dateTo</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>target</name>
+            <type>c:ObjectReferenceType</type>
+            <display>
+                <label>
+                    <orig>targetRef</orig>
+                    <translation>
+                        <key>AuditEventRecordType.targetRef</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>initiator</name>
+            <type>c:ObjectReferenceType</type>
+            <display>
+                <label>
+                    <orig>initiatorRef</orig>
+                    <translation>
+                        <key>AuditEventRecordType.initiatorRef</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+    </objectCollection>
+</report>
diff --git a/gui/admin-gui/src/main/resources/initial-objects/100-report-reconciliation.xml b/gui/admin-gui/src/main/resources/initial-objects/100-report-reconciliation.xml
index 32f521d5f4d..b8d07a40ded 100644
--- a/gui/admin-gui/src/main/resources/initial-objects/100-report-reconciliation.xml
+++ b/gui/admin-gui/src/main/resources/initial-objects/100-report-reconciliation.xml
@@ -1,22 +1,189 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright (c) 2010-2019 Evolveum and contributors
+  ~ Copyright (c) 2010-2020 Evolveum and contributors
   ~
   ~ This work is dual-licensed under the Apache License 2.0
   ~ and European Union Public License. See LICENSE file for details.
   -->
-<report oid="00000000-0000-0000-0000-000000000100"
-        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
-   <name>Reconciliation report (Jasper)</name>
-   <description>Reconciliation report for selected resource.</description>
-   <jasper>
-       <parent>true</parent>
-       <template>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGphc3BlclJlcG9ydCB4bWxucz0iaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2phc3BlcnJlcG9ydHMiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2phc3BlcnJlcG9ydHMgaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L3hzZC9qYXNwZXJyZXBvcnQueHNkIiBuYW1lPSJyZXBvcnRSZWNvbmNpbGlhdGlvbiIgcGFnZVdpZHRoPSIxMDQyIiBwYWdlSGVpZ2h0PSI1OTUiIG9yaWVudGF0aW9uPSJMYW5kc2NhcGUiIHdoZW5Ob0RhdGFUeXBlPSJBbGxTZWN0aW9uc05vRGV0YWlsIiBjb2x1bW5XaWR0aD0iMTAwMiIgbGVmdE1hcmdpbj0iMjAiIHJpZ2h0TWFyZ2luPSIyMCIgdG9wTWFyZ2luPSIyMCIgYm90dG9tTWFyZ2luPSIyMCIgdXVpZD0iNjdlNDY1YzUtNDZlYS00MGQyLWJlYTAtNDY5YzZjZjM4OTM3Ij4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5hd3QuaWdub3JlLm1pc3NpbmcuZm9udCIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQucGRmLmZvcmNlLmxpbmVicmVhay5wb2xpY3kiIHZhbHVlPSJ0cnVlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0LmNzdi5leGNsdWRlLm9yaWdpbi5iYW5kLjEiIHZhbHVlPSJ0aXRsZSIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC5jc3YuZXhjbHVkZS5vcmlnaW4uYmFuZC4yIiB2YWx1ZT0icGFnZUZvb3RlciIvPgoJPHN1YkRhdGFzZXQgbmFtZT0ib3duZXJEYXRhc2V0IiB1dWlkPSJiODFiOGRmZi01ODdiLTQzZTYtYWNkYy0wYjk3NDhmNDc2MTAiPgoJCTxwYXJhbWV0ZXIgbmFtZT0ic2hhZG93T2lkIiBjbGFzcz0iamF2YS5sYW5nLlN0cmluZyIvPgoJCTxxdWVyeVN0cmluZyBsYW5ndWFnZT0ibXFsIj4KCQkJPCFbQ0RBVEFbPGNvZGU+CiAgICAgICAgICAgICAgICBpbXBvcnQgY29tLmV2b2x2ZXVtLm1pZHBvaW50LnNjaGVtYS5HZXRPcGVyYXRpb25PcHRpb25zOwogICAgICAgICAgICAgICAgaW1wb3J0IGNvbS5ldm9sdmV1bS5taWRwb2ludC5zY2hlbWEuU2VsZWN0b3JPcHRpb25zOwogICAgICAgICAgICAgICAgaW1wb3J0IGNvbS5ldm9sdmV1bS5taWRwb2ludC54bWwubnMuX3B1YmxpYy5jb21tb24uY29tbW9uXzMuKjsKICAgICAgICAgICAgICAgIGltcG9ydCBjb20uZXZvbHZldW0ubWlkcG9pbnQucHJpc20ucXVlcnkuKgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBxdWVyeSA9IG1pZHBvaW50LmdldFByaXNtQ29udGV4dCgpLnF1ZXJ5Rm9yKEZvY3VzVHlwZS5jbGFzcykKCQkJCS5pdGVtKEZvY3VzVHlwZS5GX0xJTktfUkVGKS5yZWYoc2hhZG93T2lkKQoJCQkJLmJ1aWxkKCk7CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIG9wdGlvbnMgPSBTZWxlY3Rvck9wdGlvbnMuY3JlYXRlQ29sbGVjdGlvbihHZXRPcGVyYXRpb25PcHRpb25zLmNyZWF0ZVJhdygpKQogICAgICAgICAgICAgICAgbWlkcG9pbnQuc2VhcmNoT2JqZWN0cyhGb2N1c1R5cGUuY2xhc3MsIHF1ZXJ5LCBvcHRpb25zKTsKICAgICAgICAgICAgPC9jb2RlPl1dPgoJCTwvcXVlcnlTdHJpbmc+CgkJPGZpZWxkIG5hbWU9Im5hbWUiIGNsYXNzPSJjb20uZXZvbHZldW0ubWlkcG9pbnQucHJpc20ucG9seXN0cmluZy5Qb2x5U3RyaW5nIi8+Cgk8L3N1YkRhdGFzZXQ+Cgk8cGFyYW1ldGVyIG5hbWU9InJlc291cmNlIiBjbGFzcz0iamF2YS5sYW5nLlN0cmluZyI+CgkJPHByb3BlcnR5IG5hbWU9InRhcmdldFR5cGUiIHZhbHVlPSJjb20uZXZvbHZldW0ubWlkcG9pbnQueG1sLm5zLl9wdWJsaWMuY29tbW9uLmNvbW1vbl8zLlJlc291cmNlVHlwZSIvPgoJCTxwcm9wZXJ0eSBuYW1lPSJrZXkiIHZhbHVlPSJuYW1lIi8+CgkJPHByb3BlcnR5IG5hbWU9ImxhYmVsIiB2YWx1ZT0ibmFtZSIvPgoJCTxwcm9wZXJ0eSBuYW1lPSJtYW5kYXRvcnkiIHZhbHVlPSJ0cnVlIi8+Cgk8L3BhcmFtZXRlcj4KCTxwYXJhbWV0ZXIgbmFtZT0iaW50ZW50IiBjbGFzcz0iamF2YS5sYW5nLlN0cmluZyIvPgoJPHBhcmFtZXRlciBuYW1lPSJvYmplY3RDbGFzcyIgY2xhc3M9ImphdmEubGFuZy5TdHJpbmciLz4KCTxwYXJhbWV0ZXIgbmFtZT0ia2luZCIgY2xhc3M9ImNvbS5ldm9sdmV1bS5taWRwb2ludC54bWwubnMuX3B1YmxpYy5jb21tb24uY29tbW9uXzMuU2hhZG93S2luZFR5cGUiLz4KCTxwYXJhbWV0ZXIgbmFtZT0ic2l0dWF0aW9uIiBjbGFzcz0iY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy5TeW5jaHJvbml6YXRpb25TaXR1YXRpb25UeXBlIi8+Cgk8cXVlcnlTdHJpbmcgbGFuZ3VhZ2U9Im1xbCI+CgkJPCFbQ0RBVEFbPGZpbHRlcj4NCiAgICA8dHlwZT4NCiAgICAgICAgPHR5cGU+U2hhZG93VHlwZTwvdHlwZT4NCiAgICAgICAgPGZpbHRlcj4NCiAgICAgICAgICAgIDxhbmQ+DQogICAgICAgICAgICAgICAgPHJlZj4NCiAgICAgICAgICAgICAgICAgICAgPHBhdGg+cmVzb3VyY2VSZWY8L3BhdGg+DQogICAgICAgICAgICAgICAgICAgIDxleHByZXNzaW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHF1ZXJ5SW50ZXJwcmV0YXRpb25PZk5vVmFsdWU+ZmlsdGVyQWxsPC9xdWVyeUludGVycHJldGF0aW9uT2ZOb1ZhbHVlPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHNjcmlwdD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8Y29kZT4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW1wb3J0IGNvbS5ldm9sdmV1bS5taWRwb2ludC54bWwubnMuX3B1YmxpYy5jb21tb24uY29tbW9uXzMuUmVzb3VyY2VUeXBlOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbXBvcnQgY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy5PYmplY3RSZWZlcmVuY2VUeXBlOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBPYmplY3RSZWZlcmVuY2VUeXBlIG9ydCA9IG5ldyBPYmplY3RSZWZlcmVuY2VUeXBlKCk7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUmVzb3VyY2VUeXBlIHJlc09iajsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmIChyZXNvdXJjZSAhPSBudWxsKSB7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICByZXNPYmogPSBtaWRwb2ludC5zZWFyY2hPYmplY3RCeU5hbWUoUmVzb3VyY2VUeXBlLmNsYXNzLCByZXNvdXJjZSk7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZiAocmVzT2JqICE9IG51bGwpIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBvcnQuc2V0T2lkKHJlc09iai5nZXRPaWQoKSk7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9ydC5zZXRUeXBlKFJlc291cmNlVHlwZS5DT01QTEVYX1RZUEUpOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICByZXR1cm4gb3J0Ow0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvY29kZT4NCiAgICAgICAgICAgICAgICAgICAgICAgIDwvc2NyaXB0Pg0KICAgICAgICAgICAgICAgICAgICA8L2V4cHJlc3Npb24+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgIDwvcmVmPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgPGVxdWFsPg0KICAgICAgICAgICAgICAgICAgICA8cGF0aD5zeW5jaHJvbml6YXRpb25TaXR1YXRpb248L3BhdGg+DQogICAgICAgICAgICAgICAgICAgIDxleHByZXNzaW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHF1ZXJ5SW50ZXJwcmV0YXRpb25PZk5vVmFsdWU+ZmlsdGVyQWxsPC9xdWVyeUludGVycHJldGF0aW9uT2ZOb1ZhbHVlPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHBhdGg+JHNpdHVhdGlvbjwvcGF0aD4NCiAgICAgICAgICAgICAgICAgICAgPC9leHByZXNzaW9uPg0KICAgICAgICAgICAgICAgIDwvZXF1YWw+ICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICA8ZXF1YWw+DQogICAgICAgICAgICAgICAgICAgIDxwYXRoPm9iamVjdENsYXNzPC9wYXRoPg0KICAgICAgICAgICAgICAgICAgICA8ZXhwcmVzc2lvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgIDxxdWVyeUludGVycHJldGF0aW9uT2ZOb1ZhbHVlPmZpbHRlckFsbDwvcXVlcnlJbnRlcnByZXRhdGlvbk9mTm9WYWx1ZT4NCiAgICAgICAgICAgICAgICAgICAgICAgIDxzY3JpcHQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgPGNvZGU+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGltcG9ydCBqYXZheC54bWwubmFtZXNwYWNlLlFOYW1lOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZiAob2JqZWN0Q2xhc3MgIT0gbnVsbCkNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJldHVybiBuZXcgUU5hbWUoImh0dHA6Ly9taWRwb2ludC5ldm9sdmV1bS5jb20veG1sL25zL3B1YmxpYy9yZXNvdXJjZS9pbnN0YW5jZS0zIiwgb2JqZWN0Q2xhc3MpDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9jb2RlPg0KICAgICAgICAgICAgICAgICAgICAgICAgPC9zY3JpcHQ+DQogICAgICAgICAgICAgICAgICAgIDwvZXhwcmVzc2lvbj4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgPC9lcXVhbD4gICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgPGVxdWFsPg0KICAgICAgICAgICAgICAgICAgICA8cGF0aD5raW5kPC9wYXRoPg0KICAgICAgICAgICAgICAgICAgICA8ZXhwcmVzc2lvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgIDxxdWVyeUludGVycHJldGF0aW9uT2ZOb1ZhbHVlPmZpbHRlckFsbDwvcXVlcnlJbnRlcnByZXRhdGlvbk9mTm9WYWx1ZT4NCiAgICAgICAgICAgICAgICAgICAgICAgIDxwYXRoPiRraW5kPC9wYXRoPg0KICAgICAgICAgICAgICAgICAgICA8L2V4cHJlc3Npb24+DQogICAgICAgICAgICAgICAgPC9lcXVhbD4NCiAgICAgICAgICAgICAgICA8ZXF1YWw+DQogICAgICAgICAgICAgICAgICAgIDxwYXRoPmludGVudDwvcGF0aD4NCiAgICAgICAgICAgICAgICAgICAgPGV4cHJlc3Npb24+DQogICAgICAgICAgICAgICAgICAgICAgICA8cXVlcnlJbnRlcnByZXRhdGlvbk9mTm9WYWx1ZT5maWx0ZXJBbGw8L3F1ZXJ5SW50ZXJwcmV0YXRpb25PZk5vVmFsdWU+DQogICAgICAgICAgICAgICAgICAgICAgICA8cGF0aD4kaW50ZW50PC9wYXRoPg0KICAgICAgICAgICAgICAgICAgICA8L2V4cHJlc3Npb24+DQogICAgICAgICAgICAgICAgPC9lcXVhbD4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgIDwvYW5kPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgIDwvZmlsdGVyPg0KICAgIDwvdHlwZT4NCjwvZmlsdGVyPl1dPgoJPC9xdWVyeVN0cmluZz4KCTxmaWVsZCBuYW1lPSJvaWQiIGNsYXNzPSJqYXZhLmxhbmcuU3RyaW5nIi8+Cgk8ZmllbGQgbmFtZT0ibmFtZSIgY2xhc3M9ImNvbS5ldm9sdmV1bS5taWRwb2ludC5wcmlzbS5wb2x5c3RyaW5nLlBvbHlTdHJpbmciLz4KCTxmaWVsZCBuYW1lPSJzeW5jaHJvbml6YXRpb25TaXR1YXRpb24iIGNsYXNzPSJjb20uZXZvbHZldW0ubWlkcG9pbnQueG1sLm5zLl9wdWJsaWMuY29tbW9uLmNvbW1vbl8zLlN5bmNocm9uaXphdGlvblNpdHVhdGlvblR5cGUiLz4KCTxmaWVsZCBuYW1lPSJzeW5jaHJvbml6YXRpb25UaW1lc3RhbXAiIGNsYXNzPSJqYXZheC54bWwuZGF0YXR5cGUuWE1MR3JlZ29yaWFuQ2FsZW5kYXIiLz4KCTxmaWVsZCBuYW1lPSJyZXNvdXJjZVJlZiIgY2xhc3M9ImNvbS5ldm9sdmV1bS5taWRwb2ludC54bWwubnMuX3B1YmxpYy5jb21tb24uY29tbW9uXzMuT2JqZWN0UmVmZXJlbmNlVHlwZSIvPgoJPGJhY2tncm91bmQ+CgkJPGJhbmQgc3BsaXRUeXBlPSJTdHJldGNoIi8+Cgk8L2JhY2tncm91bmQ+Cgk8dGl0bGU+CgkJPGJhbmQgaGVpZ2h0PSIxMzgiIHNwbGl0VHlwZT0iU3RyZXRjaCI+CgkJCTxmcmFtZT4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJUaXRsZSIgbW9kZT0iT3BhcXVlIiB4PSIwIiB5PSIwIiB3aWR0aD0iMTAwMCIgaGVpZ2h0PSI2NyIgYmFja2NvbG9yPSIjMjY3OTk0IiB1dWlkPSI0NGJlZGFjYy1mYTIzLTRmZTEtYjcxZi1lNWFmYTk0M2Y1NTMiLz4KCQkJCTxzdGF0aWNUZXh0PgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJUaXRsZSIgeD0iMTAiIHk9IjEzIiB3aWR0aD0iMjY2IiBoZWlnaHQ9IjM4IiB1dWlkPSJmMmQ5OWNhZC05ZDg0LTRmNTAtYjQ1NS00NTNjODdmNjJjNGMiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0PjwhW0NEQVRBW1JlY29uY2lsaWF0aW9uIFJlcG9ydF1dPjwvdGV4dD4KCQkJCTwvc3RhdGljVGV4dD4KCQkJPC9mcmFtZT4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIHg9IjIiIHk9IjcwIiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjIwIiB1dWlkPSJlMDM1ZGJkNS1kYzJmLTQ1Y2ItOTM2Yy1hMDhlOWMwMTFlNDMiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtSZXNvdXJjZTpdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHRleHRGaWVsZCBpc0JsYW5rV2hlbk51bGw9InRydWUiPgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgaGVhZGVyIiB4PSIxMDIiIHk9IjcwIiB3aWR0aD0iMjgwIiBoZWlnaHQ9IjIwIiB1dWlkPSIyOGJiOWI0Ny1hNjljLTQ4ZTEtOTA3My1kNTRkOTI2MjQyZTgiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIj4KCQkJCQk8Zm9udCBpc0JvbGQ9ImZhbHNlIi8+CgkJCQk8L3RleHRFbGVtZW50PgoJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbJFB7cmVzb3VyY2V9XV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQk8L3RleHRGaWVsZD4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIHg9IjIiIHk9IjkwIiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjIwIiB1dWlkPSJlMDM1ZGJkNS1kYzJmLTQ1Y2ItOTM2Yy1hMDhlOWMwMTFlNDMiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtJbnRlbnQ6XV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTx0ZXh0RmllbGQgaXNCbGFua1doZW5OdWxsPSJ0cnVlIj4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGhlYWRlciIgeD0iMTAyIiB5PSI5MCIgd2lkdGg9IjE1MCIgaGVpZ2h0PSIyMCIgdXVpZD0iMjhiYjliNDctYTY5Yy00OGUxLTkwNzMtZDU0ZDkyNjI0MmU4Ii8+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSI+CgkJCQkJPGZvbnQgaXNCb2xkPSJmYWxzZSIvPgoJCQkJPC90ZXh0RWxlbWVudD4KCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBWyRQe2ludGVudH1dXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCTwvdGV4dEZpZWxkPgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGhlYWRlciIgeD0iMiIgeT0iMTEwIiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjIwIiB1dWlkPSJlMDM1ZGJkNS1kYzJmLTQ1Y2ItOTM2Yy1hMDhlOWMwMTFlNDMiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtPYmplY3QgQ2xhc3M6XV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTx0ZXh0RmllbGQgaXNCbGFua1doZW5OdWxsPSJ0cnVlIj4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGhlYWRlciIgeD0iMTAyIiB5PSIxMTAiIHdpZHRoPSIxNTAiIGhlaWdodD0iMjAiIHV1aWQ9IjI4YmI5YjQ3LWE2OWMtNDhlMS05MDczLWQ1NGQ5MjYyNDJlOCIvPgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiPgoJCQkJCTxmb250IGlzQm9sZD0iZmFsc2UiLz4KCQkJCTwvdGV4dEVsZW1lbnQ+CgkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVskUHtvYmplY3RDbGFzc31dXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCTwvdGV4dEZpZWxkPgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGhlYWRlciIgeD0iNDAwIiB5PSI3MCIgd2lkdGg9IjE1MCIgaGVpZ2h0PSIyMCIgdXVpZD0iZTAzNWRiZDUtZGMyZi00NWNiLTkzNmMtYTA4ZTljMDExZTQzIi8+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbUmVwb3J0IGdlbmVyYXRlZCBvbjpdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHRleHRGaWVsZCBwYXR0ZXJuPSJFRUVFRSBkZCBNTU1NTSB5eXl5LCBISDptbTpzcyI+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIHg9IjU1MCIgeT0iNzAiIHdpZHRoPSIyNTAiIGhlaWdodD0iMjAiIHV1aWQ9IjI4YmI5YjQ3LWE2OWMtNDhlMS05MDczLWQ1NGQ5MjYyNDJlOCIvPgoJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IlJpZ2h0IiB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIj4KCQkJCQk8Zm9udCBpc0JvbGQ9ImZhbHNlIi8+CgkJCQk8L3RleHRFbGVtZW50PgoJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbbmV3IGphdmEudXRpbC5EYXRlKCldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCTwvdGV4dEZpZWxkPgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGhlYWRlciIgeD0iNDAwIiB5PSI5MCIgd2lkdGg9IjE1MCIgaGVpZ2h0PSIyMCIgdXVpZD0iODU5OWIyYzUtM2EyNC00NTk0LTk4YjktNWIzZjM4ZjM5ZTI0Ii8+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbTnVtYmVyIG9mIHJlY29yZHM6XV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTx0ZXh0RmllbGQgZXZhbHVhdGlvblRpbWU9IlJlcG9ydCIgaXNCbGFua1doZW5OdWxsPSJ0cnVlIj4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGhlYWRlciIgeD0iNTUwIiB5PSI5MCIgd2lkdGg9IjI1MCIgaGVpZ2h0PSIyMCIgdXVpZD0iZjZiMDEwMTYtMjQwNi00MTk1LThiM2ItMzVkY2EyMzJjZTY4Ii8+CgkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iUmlnaHQiIHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiPgoJCQkJCTxmb250IGlzQm9sZD0iZmFsc2UiLz4KCQkJCTwvdGV4dEVsZW1lbnQ+CgkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVskVntSRVBPUlRfQ09VTlR9XV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQk8L3RleHRGaWVsZD4KCQk8L2JhbmQ+Cgk8L3RpdGxlPgoJPHBhZ2VIZWFkZXI+CgkJPGJhbmQgc3BsaXRUeXBlPSJTdHJldGNoIi8+Cgk8L3BhZ2VIZWFkZXI+Cgk8Y29sdW1uSGVhZGVyPgoJCTxiYW5kIGhlaWdodD0iMjQiIHNwbGl0VHlwZT0iU3RyZXRjaCI+CgkJCTxmcmFtZT4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJDb2x1bW4gaGVhZGVyIiBtb2RlPSJUcmFuc3BhcmVudCIgeD0iMCIgeT0iMSIgd2lkdGg9IjEwMDAiIGhlaWdodD0iMTkiIGlzUmVtb3ZlTGluZVdoZW5CbGFuaz0idHJ1ZSIgdXVpZD0iM2U4ZmRkNmQtYTZmZi00NDA3LTlhMWUtNWQ2YjQ3MDYzMDBhIi8+CgkJCQk8c3RhdGljVGV4dD4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29sdW1uIGhlYWRlciIgeD0iMCIgeT0iMCIgd2lkdGg9IjMwMCIgaGVpZ2h0PSIxOCIgdXVpZD0iODZjNzRiZWItYmRkZC00OGNjLTk0NWEtMTY3YjI2MWIxZTBiIi8+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0PjwhW0NEQVRBW05hbWVdXT48L3RleHQ+CgkJCQk8L3N0YXRpY1RleHQ+CgkJCQk8c3RhdGljVGV4dD4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29sdW1uIGhlYWRlciIgeD0iMzAwIiB5PSIwIiB3aWR0aD0iMjAwIiBoZWlnaHQ9IjE4IiB1dWlkPSI4NmM3NGJlYi1iZGRkLTQ4Y2MtOTQ1YS0xNjdiMjYxYjFlMGIiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIiB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHQ+PCFbQ0RBVEFbUmVzb3VyY2VdXT48L3RleHQ+CgkJCQk8L3N0YXRpY1RleHQ+CgkJCQk8c3RhdGljVGV4dD4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29sdW1uIGhlYWRlciIgeD0iNTAwIiB5PSIwIiB3aWR0aD0iMTUwIiBoZWlnaHQ9IjE4IiB1dWlkPSI4NmM3NGJlYi1iZGRkLTQ4Y2MtOTQ1YS0xNjdiMjYxYjFlMGIiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIiB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHQ+PCFbQ0RBVEFbU2l0dWF0aW9uXV0+PC90ZXh0PgoJCQkJPC9zdGF0aWNUZXh0PgoJCQkJPHN0YXRpY1RleHQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjY1MCIgeT0iMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxOCIgdXVpZD0iODZjNzRiZWItYmRkZC00OGNjLTk0NWEtMTY3YjI2MWIxZTBiIi8+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0PjwhW0NEQVRBW093bmVyXV0+PC90ZXh0PgoJCQkJPC9zdGF0aWNUZXh0PgoJCQkJPHN0YXRpY1RleHQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9Ijg1MCIgeT0iMCIgd2lkdGg9IjE1MCIgaGVpZ2h0PSIxOCIgdXVpZD0iODZjNzRiZWItYmRkZC00OGNjLTk0NWEtMTY3YjI2MWIxZTBiIi8+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0PjwhW0NEQVRBW1RpbWVzdGFtcF1dPjwvdGV4dD4KCQkJCTwvc3RhdGljVGV4dD4KCQkJPC9mcmFtZT4KCQk8L2JhbmQ+Cgk8L2NvbHVtbkhlYWRlcj4KCTxkZXRhaWw+CgkJPGJhbmQgaGVpZ2h0PSIxNyIgc3BsaXRUeXBlPSJTdHJldGNoIj4KCQkJPGZyYW1lPgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkRldGFpbCIgc3RyZXRjaFR5cGU9IlJlbGF0aXZlVG9UYWxsZXN0T2JqZWN0IiBtb2RlPSJPcGFxdWUiIHg9IjAiIHk9IjAiIHdpZHRoPSIxMDAwIiBoZWlnaHQ9IjE0IiB1dWlkPSIzZThmZGQ2ZC1hNmZmLTQ0MDctOWExZS01ZDZiNDcwNjMwMGEiLz4KCQkJCTx0ZXh0RmllbGQgaXNTdHJldGNoV2l0aE92ZXJmbG93PSJ0cnVlIiBpc0JsYW5rV2hlbk51bGw9InRydWUiPgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJEZXRhaWwiIHN0cmV0Y2hUeXBlPSJSZWxhdGl2ZVRvVGFsbGVzdE9iamVjdCIgeD0iMCIgeT0iMCIgd2lkdGg9IjMwMCIgaGVpZ2h0PSIxMyIgaXNQcmludFdoZW5EZXRhaWxPdmVyZmxvd3M9InRydWUiIHV1aWQ9IjI4YmI5YjQ3LWE2OWMtNDhlMS05MDczLWQ1NGQ5MjYyNDJlOCIvPgoJCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbJEZ7bmFtZX0uZ2V0T3JpZygpXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkIGlzU3RyZXRjaFdpdGhPdmVyZmxvdz0idHJ1ZSIgaXNCbGFua1doZW5OdWxsPSJ0cnVlIj4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iRGV0YWlsIiBzdHJldGNoVHlwZT0iUmVsYXRpdmVUb1RhbGxlc3RPYmplY3QiIHg9IjMwMCIgeT0iMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMyIgaXNQcmludFdoZW5EZXRhaWxPdmVyZmxvd3M9InRydWUiIHV1aWQ9IjI4YmI5YjQ3LWE2OWMtNDhlMS05MDczLWQ1NGQ5MjYyNDJlOCIvPgoJCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbJEZ7cmVzb3VyY2VSZWZ9LmdldE5hbWUoKS5nZXRPcmlnKCldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQgaXNTdHJldGNoV2l0aE92ZXJmbG93PSJ0cnVlIiBpc0JsYW5rV2hlbk51bGw9InRydWUiPgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJEZXRhaWwiIHN0cmV0Y2hUeXBlPSJSZWxhdGl2ZVRvVGFsbGVzdE9iamVjdCIgeD0iNTAwIiB5PSIwIiB3aWR0aD0iMTUwIiBoZWlnaHQ9IjEzIiBpc1ByaW50V2hlbkRldGFpbE92ZXJmbG93cz0idHJ1ZSIgdXVpZD0iMjhiYjliNDctYTY5Yy00OGUxLTkwNzMtZDU0ZDkyNjI0MmU4Ii8+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBWyRGe3N5bmNocm9uaXphdGlvblNpdHVhdGlvbn1dXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQgaXNTdHJldGNoV2l0aE92ZXJmbG93PSJ0cnVlIiBwYXR0ZXJuPSJkZC5NTS55eSwgSEg6bW06c3MiIGlzQmxhbmtXaGVuTnVsbD0idHJ1ZSI+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkRldGFpbCIgc3RyZXRjaFR5cGU9IlJlbGF0aXZlVG9UYWxsZXN0T2JqZWN0IiB4PSI4NTAiIHk9IjAiIHdpZHRoPSIxNTAiIGhlaWdodD0iMTMiIGlzUHJpbnRXaGVuRGV0YWlsT3ZlcmZsb3dzPSJ0cnVlIiB1dWlkPSIyOGJiOWI0Ny1hNjljLTQ4ZTEtOTA3My1kNTRkOTI2MjQyZTgiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIiB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbJEZ7c3luY2hyb25pemF0aW9uVGltZXN0YW1wfS50b0dyZWdvcmlhbkNhbGVuZGFyKCkuZ2V0VGltZSgpXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8Y29tcG9uZW50RWxlbWVudD4KCQkJCQk8cmVwb3J0RWxlbWVudCB4PSI2NTAiIHk9IjEiIHdpZHRoPSIyMDAiIGhlaWdodD0iMTMiIHV1aWQ9ImZjNjBkYzA1LWEwNmQtNDFhYy04MjM4LWU1MjdlNWE3MDVkYyIvPgoJCQkJCTxqcjpsaXN0IHhtbG5zOmpyPSJodHRwOi8vamFzcGVycmVwb3J0cy5zb3VyY2Vmb3JnZS5uZXQvamFzcGVycmVwb3J0cy9jb21wb25lbnRzIiB4c2k6c2NoZW1hTG9jYXRpb249Imh0dHA6Ly9qYXNwZXJyZXBvcnRzLnNvdXJjZWZvcmdlLm5ldC9qYXNwZXJyZXBvcnRzL2NvbXBvbmVudHMgaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L3hzZC9jb21wb25lbnRzLnhzZCIgcHJpbnRPcmRlcj0iVmVydGljYWwiPgoJCQkJCQk8ZGF0YXNldFJ1biBzdWJEYXRhc2V0PSJvd25lckRhdGFzZXQiIHV1aWQ9IjcwYjIwZTMwLWFiNjAtNDEyNi04YzI4LTE4MjBmMGVhOTlkMyI+CgkJCQkJCQk8cGFyYW1ldGVyc01hcEV4cHJlc3Npb24+PCFbQ0RBVEFbbmV3IEhhc2hNYXAoJFB7UkVQT1JUX1BBUkFNRVRFUlNfTUFQfSldXT48L3BhcmFtZXRlcnNNYXBFeHByZXNzaW9uPgoJCQkJCQkJPGRhdGFzZXRQYXJhbWV0ZXIgbmFtZT0ic2hhZG93T2lkIj4KCQkJCQkJCQk8ZGF0YXNldFBhcmFtZXRlckV4cHJlc3Npb24+PCFbQ0RBVEFbJEZ7b2lkfV1dPjwvZGF0YXNldFBhcmFtZXRlckV4cHJlc3Npb24+CgkJCQkJCQk8L2RhdGFzZXRQYXJhbWV0ZXI+CgkJCQkJCQk8Y29ubmVjdGlvbkV4cHJlc3Npb24+PCFbQ0RBVEFbJFB7UkVQT1JUX0NPTk5FQ1RJT059XV0+PC9jb25uZWN0aW9uRXhwcmVzc2lvbj4KCQkJCQkJPC9kYXRhc2V0UnVuPgoJCQkJCQk8anI6bGlzdENvbnRlbnRzIGhlaWdodD0iMTIiIHdpZHRoPSIyMDAiPgoJCQkJCQkJPHRleHRGaWVsZCBpc1N0cmV0Y2hXaXRoT3ZlcmZsb3c9InRydWUiIGlzQmxhbmtXaGVuTnVsbD0idHJ1ZSI+CgkJCQkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iMCIgeT0iMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMiIgdXVpZD0iNTFhYzM0Y2QtMWVjZi00OWFiLWJiOWYtY2VkZmM1ZjFjNTZlIi8+CgkJCQkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBWyRGe25hbWV9LmdldE9yaWcoKV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCQkJCTwvdGV4dEZpZWxkPgoJCQkJCQk8L2pyOmxpc3RDb250ZW50cz4KCQkJCQk8L2pyOmxpc3Q+CgkJCQk8L2NvbXBvbmVudEVsZW1lbnQ+CgkJCQk8bGluZT4KCQkJCQk8cmVwb3J0RWxlbWVudCBwb3NpdGlvblR5cGU9IkZpeFJlbGF0aXZlVG9Cb3R0b20iIG1vZGU9Ik9wYXF1ZSIgeD0iMCIgeT0iMTMiIHdpZHRoPSIxMDAwIiBoZWlnaHQ9IjEiIGZvcmVjb2xvcj0iIzMzMzMzMyIgdXVpZD0iNDdmOTE4MDEtY2Y1Zi00YmVkLWIxOWMtY2EzOTMxY2JmOThkIi8+CgkJCQk8L2xpbmU+CgkJCTwvZnJhbWU+CgkJPC9iYW5kPgoJPC9kZXRhaWw+Cgk8Y29sdW1uRm9vdGVyPgoJCTxiYW5kIGhlaWdodD0iNyIgc3BsaXRUeXBlPSJTdHJldGNoIj4KCQkJPGxpbmU+CgkJCQk8cmVwb3J0RWxlbWVudCBwb3NpdGlvblR5cGU9IkZpeFJlbGF0aXZlVG9Cb3R0b20iIHg9IjAiIHk9IjMiIHdpZHRoPSIxMDAwIiBoZWlnaHQ9IjEiIHV1aWQ9ImE1OTFkNGMxLTFjYWQtNGRhMi05ZjlkLTA4MWY1MzllOTA0MyIvPgoJCQkJPGdyYXBoaWNFbGVtZW50PgoJCQkJCTxwZW4gbGluZVdpZHRoPSIwLjUiIGxpbmVDb2xvcj0iIzk5OTk5OSIvPgoJCQkJPC9ncmFwaGljRWxlbWVudD4KCQkJPC9saW5lPgoJCTwvYmFuZD4KCTwvY29sdW1uRm9vdGVyPgoJPHBhZ2VGb290ZXI+CgkJPGJhbmQgaGVpZ2h0PSIzMiIgc3BsaXRUeXBlPSJTdHJldGNoIj4KCQkJPGZyYW1lPgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgZm9vdGVyIiBtb2RlPSJUcmFuc3BhcmVudCIgeD0iMCIgeT0iMSIgd2lkdGg9IjEwMDAiIGhlaWdodD0iMjQiIGZvcmVjb2xvcj0iIzAwMDAwMCIgYmFja2NvbG9yPSIjMjY3OTk0IiB1dWlkPSJmYmU4YWFlNC02NTAwLTQ2OGEtYjFlOC03MDBiNTY5MTM5YTEiLz4KCQkJCTx0ZXh0RmllbGQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgZm9vdGVyIiB4PSI4ODAiIHk9IjEiIHdpZHRoPSI4MCIgaGVpZ2h0PSIyMCIgdXVpZD0iNWMwNjJjNjYtYmE0NS00Mjg4LTlkY2QtMjQ2ZTI4YzVhZjc1Ii8+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IlJpZ2h0IiB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIj4KCQkJCQkJPGZvbnQgc2l6ZT0iOSIgaXNCb2xkPSJ0cnVlIi8+CgkJCQkJPC90ZXh0RWxlbWVudD4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVsiUGFnZSAiKyRWe1BBR0VfTlVNQkVSfSsiIG9mIl1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZCBwYXR0ZXJuPSJFRUVFRSBkZCBNTU1NTSB5eXl5Ij4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBmb290ZXIiIHg9IjIiIHk9IjEiIHdpZHRoPSIxOTciIGhlaWdodD0iMjAiIHV1aWQ9IjI4YmI5YjQ3LWE2OWMtNDhlMS05MDczLWQ1NGQ5MjYyNDJlOCIvPgoJCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIj4KCQkJCQkJPGZvbnQgc2l6ZT0iOSIgaXNCb2xkPSJ0cnVlIi8+CgkJCQkJPC90ZXh0RWxlbWVudD4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVtuZXcgamF2YS51dGlsLkRhdGUoKV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZCBldmFsdWF0aW9uVGltZT0iUmVwb3J0Ij4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBmb290ZXIiIHg9Ijk2MCIgeT0iMSIgd2lkdGg9IjQwIiBoZWlnaHQ9IjIwIiB1dWlkPSI5MzRiMTZlOC1jM2ViLTQwMTctODY2YS0wYjc3MzViZjI5MTciLz4KCQkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSI+CgkJCQkJCTxmb250IHNpemU9IjkiIGlzQm9sZD0idHJ1ZSIvPgoJCQkJCTwvdGV4dEVsZW1lbnQ+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbIiAiICsgJFZ7UEFHRV9OVU1CRVJ9XV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCTwvZnJhbWU+CgkJPC9iYW5kPgoJPC9wYWdlRm9vdGVyPgoJPHN1bW1hcnk+CgkJPGJhbmQgc3BsaXRUeXBlPSJTdHJldGNoIi8+Cgk8L3N1bW1hcnk+CjwvamFzcGVyUmVwb3J0Pgo=</template>
-       <templateStyle>PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgamFzcGVyVGVtcGxhdGUNCiAgUFVCTElDICItLy9KYXNwZXJSZXBvcnRzLy9EVEQgVGVtcGxhdGUvL0VOIg0KICAiaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2R0ZHMvamFzcGVydGVtcGxhdGUuZHRkIj4NCjxqYXNwZXJUZW1wbGF0ZT4NCiAgICAgICAgCTxzdHlsZSBmb250TmFtZT0iRGVqYVZ1IFNhbnMiIGZvbnRTaXplPSIxMCIgaEFsaWduPSJMZWZ0IiBpc0RlZmF1bHQ9InRydWUiIGlzUGRmRW1iZWRkZWQ9InRydWUiIA0KCQkJCSAgIG5hbWU9IkJhc2UiIHBkZkVuY29kaW5nPSJJZGVudGl0eS1IIiBwZGZGb250TmFtZT0iRGVqYVZ1U2Fucy50dGYiIHZBbGlnbj0iTWlkZGxlIj4NCgkJCTwvc3R5bGU+DQoJCQk8c3R5bGUgYmFja2NvbG9yPSIjMjY3OTk0IiBmb250U2l6ZT0iMjYiIGZvcmVjb2xvcj0iI0ZGRkZGRiIgaXNEZWZhdWx0PSJmYWxzZSINCiAgICAgICAgICAgICAgICAgICBtb2RlPSJPcGFxdWUiIG5hbWU9IlRpdGxlIiBzdHlsZT0iQmFzZSIvPiANCgkJCTxzdHlsZSBmb250U2l6ZT0iMTIiIGZvcmVjb2xvcj0iIzAwMDAwMCIgaXNEZWZhdWx0PSJmYWxzZSIgbmFtZT0iUGFnZSBoZWFkZXIiDQogICAgICAgICAgICAgICAgICAgc3R5bGU9IkJhc2UiLz4NCgkJCTxzdHlsZSBiYWNrY29sb3I9IiMzMzMzMzMiIGZvbnRTaXplPSIxMiIgZm9yZWNvbG9yPSIjRkZGRkZGIiBoQWxpZ249IkNlbnRlciINCiAgICAgICAgICAgICAgICAgICBpc0RlZmF1bHQ9ImZhbHNlIiBtb2RlPSJPcGFxdWUiIG5hbWU9IkNvbHVtbiBoZWFkZXIiIHN0eWxlPSJCYXNlIi8+DQoJCQk8c3R5bGUgaXNCb2xkPSJmYWxzZSIgaXNEZWZhdWx0PSJmYWxzZSIgbmFtZT0iRGV0YWlsIiBzdHlsZT0iQmFzZSIvPg0KICAgICAgICAgICAgPHN0eWxlIGlzQm9sZD0iZmFsc2UiIGlzRGVmYXVsdD0iZmFsc2UiIG5hbWU9IkNvZGUiIHN0eWxlPSJCYXNlIiBmb250U2l6ZT0iOSIvPg0KCQkJPHN0eWxlIGZvbnRTaXplPSI5IiBmb3JlY29sb3I9IiMwMDAwMDAiIGlzRGVmYXVsdD0iZmFsc2UiIG5hbWU9IlBhZ2UgZm9vdGVyIg0KICAgICAgICAgICAgICAgICAgIHN0eWxlPSJCYXNlIi8+DQoJCTwvamFzcGVyVGVtcGxhdGU+</templateStyle>
-       <export>pdf</export>
-       <virtualizer>JRSwapFileVirtualizer</virtualizer>
-       <virtualizerKickOn>300</virtualizerKickOn>
-       <maxPages>10000</maxPages>
-       <timeout>300000</timeout>
-    </jasper>
+
+<report xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        oid="00000000-0000-0000-0000-000000000100">
+    <name>Reconciliation report</name>
+    <description>Reconciliation report for selected resource.</description>
+    <assignment>
+        <targetRef oid="00000000-0000-0000-0000-000000000171" type="ArchetypeType"/>
+    </assignment>
+    <objectCollection>
+        <collection>
+            <baseCollectionRef>
+                <collectionRef oid="00000000-0000-0000-0001-000000000008" type="ObjectCollectionType"/>
+            </baseCollectionRef>
+            <filter>
+                <q:and>
+                    <q:ref>
+                        <q:path>resourceRef</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <objectVariableMode>prismReference</objectVariableMode>
+                                <code>
+                                    import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
+
+                                    if (!resource) {
+                                        return null;
+                                    }
+
+                                    ObjectReferenceType ort = new ObjectReferenceType();
+                                    ort.setOid(resource.getOid());
+                                    ort.setRelation(resource.getRelation());
+                                    ort.setType(resource.getTargetType());
+                                    return ort;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:ref>
+                    <q:equal>
+                        <q:path>synchronizationSituation</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <code>
+                                    if (!situation) {
+                                        return null;
+                                    }
+                                    return situation;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:equal>
+                    <q:equal>
+                        <q:path>objectClass</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <code>
+                                    import javax.xml.namespace.QName;
+                                    if (objectClass != null)
+                                        return new QName("http://midpoint.evolveum.com/xml/ns/public/resource/instance-3", objectClass)
+                                </code>
+                            </script>
+                        </expression>
+                    </q:equal>
+                    <q:equal>
+                        <q:path>kind</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <code>
+                                    if (!kind) {
+                                        return null;
+                                    }
+                                    return kind;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:equal>
+                    <q:equal>
+                        <q:path>intent</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <code>
+                                    if (!intent) {
+                                        return null;
+                                    }
+                                    return intent;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:equal>
+                </q:and>
+            </filter>
+        </collection>
+        <parameter>
+            <name>intent</name>
+            <type>string</type>
+            <display>
+                <label>
+                    <orig>intent</orig>
+                    <translation>
+                        <key>ShadowType.intent</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>objectClass</name>
+            <type>string</type>
+            <display>
+                <label>
+                    <orig>objectClass</orig>
+                    <translation>
+                        <key>ShadowType.objectClass</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>kind</name>
+            <type>ShadowKindType</type>
+            <display>
+                <label>
+                    <orig>kind</orig>
+                    <translation>
+                        <key>ShadowType.kind</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>situation</name>
+            <type>SynchronizationSituationType</type>
+            <display>
+                <label>
+                    <orig>situation</orig>
+                    <translation>
+                        <key>ShadowType.synchronizationSituation</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>resource</name>
+            <type>c:ObjectReferenceType</type>
+            <targetType>c:ResourceType</targetType>
+            <display>
+                <label>
+                    <orig>resource</orig>
+                    <translation>
+                        <key>ObjectTypeGuiDescriptor.resource</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <view>
+            <type>ShadowType</type>
+            <column>
+                <name>nameColumn</name>
+                <path>name</path>
+            </column>
+            <column>
+                <name>situationColumn</name>
+                <path>synchronizationSituation</path>
+                <previousColumn>nameColumn</previousColumn>
+            </column>
+            <column>
+                <name>synchTimestampColumn</name>
+                <path>synchronizationTimestamp</path>
+                <previousColumn>situationColumn</previousColumn>
+            </column>
+            <column>
+                <name>resourceColumn</name>
+                <path>resourceRef</path>
+                <previousColumn>synchTimestampColumn</previousColumn>
+            </column>
+        </view>
+    </objectCollection>
 </report>
diff --git a/gui/admin-gui/src/main/resources/initial-objects/110-report-user-list.xml b/gui/admin-gui/src/main/resources/initial-objects/110-report-user-list.xml
index e1e6395cf7a..c73e31f96ad 100644
--- a/gui/admin-gui/src/main/resources/initial-objects/110-report-user-list.xml
+++ b/gui/admin-gui/src/main/resources/initial-objects/110-report-user-list.xml
@@ -1,21 +1,160 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright (c) 2010-2019 Evolveum and contributors
+  ~ Copyright (c) 2010-2020 Evolveum and contributors
   ~
   ~ This work is dual-licensed under the Apache License 2.0
   ~ and European Union Public License. See LICENSE file for details.
   -->
-<report oid="00000000-0000-0000-0000-000000000110"
-        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
-    <name>Users in MidPoint (Jasper)</name>
+
+<report xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        oid="00000000-0000-0000-0000-000000000110">
+    <name>Users in MidPoint</name>
     <description>Users listed in MidPoint.</description>
-    <jasper>
-        <template>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGphc3BlclJlcG9ydCB4bWxucz0iaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2phc3BlcnJlcG9ydHMiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2phc3BlcnJlcG9ydHMgaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L3hzZC9qYXNwZXJyZXBvcnQueHNkIiBuYW1lPSJyZXBvcnRVc2VyTGlzdCIgcGFnZVdpZHRoPSIxMTIwIiBwYWdlSGVpZ2h0PSI1OTUiIG9yaWVudGF0aW9uPSJMYW5kc2NhcGUiIHdoZW5Ob0RhdGFUeXBlPSJBbGxTZWN0aW9uc05vRGV0YWlsIiBjb2x1bW5XaWR0aD0iMTA4MCIgbGVmdE1hcmdpbj0iMjAiIHJpZ2h0TWFyZ2luPSIyMCIgdG9wTWFyZ2luPSIzMCIgYm90dG9tTWFyZ2luPSIzMCIgdXVpZD0iNjdlNDY1YzUtNDZlYS00MGQyLWJlYTAtNDY5YzZjZjM4OTM3Ij4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5wcmludC5rZWVwLmZ1bGwudGV4dCIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzLnJlbW92ZS5lbXB0eS5zcGFjZS5iZXR3ZWVuLmNvbHVtbnMiIHZhbHVlPSJ0cnVlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5yZW1vdmUuZW1wdHkuc3BhY2UuYmV0d2Vlbi5yb3dzIiB2YWx1ZT0idHJ1ZSIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC5wZGYuZm9yY2UubGluZWJyZWFrLnBvbGljeSIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQuY3N2LmV4Y2x1ZGUub3JpZ2luLmJhbmQuMSIgdmFsdWU9InRpdGxlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0LmNzdi5leGNsdWRlLm9yaWdpbi5iYW5kLjIiIHZhbHVlPSJwYWdlRm9vdGVyIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5leGNsdWRlLm9yaWdpbi5iYW5kLjEiIHZhbHVlPSJwYWdlSGVhZGVyIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5leGNsdWRlLm9yaWdpbi5iYW5kLjIiIHZhbHVlPSJwYWdlRm9vdGVyIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5leGNsdWRlLm9yaWdpbi5rZWVwLmZpcnN0LmJhbmQuMiIgdmFsdWU9ImNvbHVtbkhlYWRlciIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC54bHMuZGV0ZWN0LmNlbGwudHlwZSIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzLndyYXAudGV4dCIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzLmF1dG8uZml0LnJvdyIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzLmF1dG8uZml0LmNvbHVtbiIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5hd3QuaWdub3JlLm1pc3NpbmcuZm9udCIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJpcmVwb3J0Lnpvb20iIHZhbHVlPSIxLjAiLz4KCTxwcm9wZXJ0eSBuYW1lPSJpcmVwb3J0LngiIHZhbHVlPSIxNiIvPgoJPHByb3BlcnR5IG5hbWU9ImlyZXBvcnQueSIgdmFsdWU9IjE0Ii8+Cgk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLmRhdGEuZGVmYXVsdGRhdGFhZGFwdGVyIiB2YWx1ZT0ibXFsIi8+Cgk8aW1wb3J0IHZhbHVlPSJjb20uZXZvbHZldW0ubWlkcG9pbnQucmVwb3J0LmltcGwuUmVwb3J0VXRpbHMiLz4KCTxzdWJEYXRhc2V0IG5hbWU9InJvbGVzRGF0YXNldCIgdXVpZD0iNjU5ZDNmYmEtZDAzZC00M2JjLThkY2QtNTAyZDAzNDQzZWJlIj4KCQk8cGFyYW1ldGVyIG5hbWU9ImFzc2lnbm1lbnQiIGNsYXNzPSJqYXZhLnV0aWwuTGlzdCIvPgoJCTxxdWVyeVN0cmluZyBsYW5ndWFnZT0ibXFsIj4KCQkJPCFbQ0RBVEFbPGNvZGU+aWYgKGFzc2lnbm1lbnQgIT0gbnVsbCl7cmVwb3J0LnJlc29sdmVSb2xlcyhhc3NpZ25tZW50KX08L2NvZGU+XV0+CgkJPC9xdWVyeVN0cmluZz4KCQk8ZmllbGQgbmFtZT0ibmFtZSIgY2xhc3M9ImphdmEubGFuZy5TdHJpbmciLz4KCTwvc3ViRGF0YXNldD4KCTxzdWJEYXRhc2V0IG5hbWU9Im9yZ3NEYXRhc2V0IiB1dWlkPSI2NGE1Yzk0YS1jYmM2LTQyNjgtYmNiMy0wY2VmMzNhYTVlMDIiPgoJCTxwYXJhbWV0ZXIgbmFtZT0iYXNzaWdubWVudCIgY2xhc3M9ImphdmEudXRpbC5MaXN0Ii8+CgkJPHF1ZXJ5U3RyaW5nIGxhbmd1YWdlPSJtcWwiPgoJCQk8IVtDREFUQVs8Y29kZT4KCQkJCQlpZiAoYXNzaWdubWVudCAhPSBudWxsKXsKCQkJCQlyZXBvcnQucmVzb2x2ZU9yZ3MoYXNzaWdubWVudCkKCQkJCQl9CgkJCQk8L2NvZGU+XV0+CgkJPC9xdWVyeVN0cmluZz4KCQk8ZmllbGQgbmFtZT0ibmFtZSIgY2xhc3M9ImphdmEubGFuZy5TdHJpbmciLz4KCTwvc3ViRGF0YXNldD4KCTxzdWJEYXRhc2V0IG5hbWU9ImFjY291bnRzRGF0YXNldCIgdXVpZD0iYzRkODQ0ZTctMTRjNC00OWI4LWJmMTEtYzkyMWQ1OGExZDQwIj4KCQk8cGFyYW1ldGVyIG5hbWU9Im9iamVjdFJlZiIgY2xhc3M9ImphdmEudXRpbC5BcnJheUxpc3QiLz4KCQk8cXVlcnlTdHJpbmcgbGFuZ3VhZ2U9Im1xbCI+CgkJCTwhW0NEQVRBWzxjb2RlPgoJCQlpbXBvcnQgY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy5TaGFkb3dUeXBlOwoJCQkKCQkJaWYgKG9iamVjdFJlZiAhPSBudWxsKXsKCQkJCQlyZXBvcnQucmVzb2x2ZUxpbmtSZWZzKG9iamVjdFJlZiwgU2hhZG93VHlwZS5jbGFzcykKCQkJCQl9CgkJCTwvY29kZT5dXT4KCQk8L3F1ZXJ5U3RyaW5nPgoJCTxmaWVsZCBuYW1lPSJuYW1lIiBjbGFzcz0iamF2YS5sYW5nLlN0cmluZyIvPgoJCTxmaWVsZCBuYW1lPSJyZXNvdXJjZVJlZiIgY2xhc3M9ImNvbS5ldm9sdmV1bS5taWRwb2ludC54bWwubnMuX3B1YmxpYy5jb21tb24uY29tbW9uXzMuT2JqZWN0UmVmZXJlbmNlVHlwZSIvPgoJPC9zdWJEYXRhc2V0PgoJPHBhcmFtZXRlciBuYW1lPSJhY3RpdmF0aW9uIiBjbGFzcz0iY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy5BY3RpdmF0aW9uU3RhdHVzVHlwZSIvPgoJPHBhcmFtZXRlciBuYW1lPSJvcmdhbml6YXRpb24iIGNsYXNzPSJqYXZhLmxhbmcuU3RyaW5nIi8+Cgk8cGFyYW1ldGVyIG5hbWU9InJvbGUiIGNsYXNzPSJqYXZhLmxhbmcuU3RyaW5nIi8+Cgk8cGFyYW1ldGVyIG5hbWU9InJlc291cmNlIiBjbGFzcz0iamF2YS5sYW5nLlN0cmluZyI+CgkJPHByb3BlcnR5IG5hbWU9ImtleSIgdmFsdWU9Im9pZCIvPgoJCTxwcm9wZXJ0eSBuYW1lPSJsYWJlbCIgdmFsdWU9Im5hbWUiLz4KCQk8cHJvcGVydHkgbmFtZT0idGFyZ2V0VHlwZSIgdmFsdWU9ImNvbS5ldm9sdmV1bS5taWRwb2ludC54bWwubnMuX3B1YmxpYy5jb21tb24uY29tbW9uXzMuUmVzb3VyY2VUeXBlIi8+Cgk8L3BhcmFtZXRlcj4KCTxxdWVyeVN0cmluZyBsYW5ndWFnZT0ibXFsIj4KCQk8IVtDREFUQVs8ZmlsdGVyPg0KICAgIDx0eXBlPg0KICAgICAgICA8dHlwZT5Vc2VyVHlwZTwvdHlwZT4NCiAgICAgICAgPGZpbHRlcj4NCiAgICAgICAgICAgIDxhbmQ+DQogICAgICAgICAgICAgICAgPGVxdWFsPg0KICAgICAgICAgICAgICAgICAgICA8cGF0aD5hY3RpdmF0aW9uL2FkbWluaXN0cmF0aXZlU3RhdHVzPC9wYXRoPg0KICAgICAgICAgICAgICAgICAgICA8ZXhwcmVzc2lvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgIDxxdWVyeUludGVycHJldGF0aW9uT2ZOb1ZhbHVlPmZpbHRlckFsbDwvcXVlcnlJbnRlcnByZXRhdGlvbk9mTm9WYWx1ZT4NCiAgICAgICAgICAgICAgICAgICAgICAgIDxwYXRoPiRhY3RpdmF0aW9uPC9wYXRoPg0KICAgICAgICAgICAgICAgICAgICA8L2V4cHJlc3Npb24+DQogICAgICAgICAgICAgICAgPC9lcXVhbD4NCiAgICAgICAgICAgICAgICA8cmVmPg0KICAgICAgICAgICAgICAgICAgICA8cGF0aD5hc3NpZ25tZW50L3RhcmdldFJlZjwvcGF0aD4NCiAgICAgICAgICAgICAgICAgICAgPGV4cHJlc3Npb24+DQogICAgICAgICAgICAgICAgICAgICAgICA8cXVlcnlJbnRlcnByZXRhdGlvbk9mTm9WYWx1ZT5maWx0ZXJBbGw8L3F1ZXJ5SW50ZXJwcmV0YXRpb25PZk5vVmFsdWU+DQogICAgICAgICAgICAgICAgICAgICAgICA8c2NyaXB0Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxjb2RlPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbXBvcnQgY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy5PcmdUeXBlOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbXBvcnQgY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy5PYmplY3RSZWZlcmVuY2VUeXBlOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgKCFvcmdhbml6YXRpb24pIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJldHVybiBudWxsOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBPYmplY3RSZWZlcmVuY2VUeXBlIG9ydCA9IG5ldyBPYmplY3RSZWZlcmVuY2VUeXBlKCk7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgb3J0LnNldE9pZChvcmdhbml6YXRpb24pOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBvcnQuc2V0VHlwZShPcmdUeXBlLkNPTVBMRVhfVFlQRSk7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJldHVybiBvcnQ7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9jb2RlPiAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgPC9zY3JpcHQ+DQogICAgICAgICAgICAgICAgICAgIDwvZXhwcmVzc2lvbj4NCiAgICAgICAgICAgICAgICA8L3JlZj4NCiAgICAgICAgICAgICAgICA8cmVmPg0KICAgICAgICAgICAgICAgICAgICA8cGF0aD5hc3NpZ25tZW50L3RhcmdldFJlZjwvcGF0aD4NCiAgICAgICAgICAgICAgICAgICAgPGV4cHJlc3Npb24+DQogICAgICAgICAgICAgICAgICAgICAgICA8cXVlcnlJbnRlcnByZXRhdGlvbk9mTm9WYWx1ZT5maWx0ZXJBbGw8L3F1ZXJ5SW50ZXJwcmV0YXRpb25PZk5vVmFsdWU+DQogICAgICAgICAgICAgICAgICAgICAgICA8c2NyaXB0Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxjb2RlPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbXBvcnQgY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy5Sb2xlVHlwZTsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW1wb3J0IGNvbS5ldm9sdmV1bS5taWRwb2ludC54bWwubnMuX3B1YmxpYy5jb21tb24uY29tbW9uXzMuT2JqZWN0UmVmZXJlbmNlVHlwZTsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcm9sZSkgew0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmV0dXJuIG51bGw7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE9iamVjdFJlZmVyZW5jZVR5cGUgb3J0ID0gbmV3IE9iamVjdFJlZmVyZW5jZVR5cGUoKTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBvcnQuc2V0T2lkKHJvbGUpOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBvcnQuc2V0VHlwZShSb2xlVHlwZS5DT01QTEVYX1RZUEUpOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICByZXR1cm4gb3J0Ow0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvY29kZT4gICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgIDwvc2NyaXB0Pg0KICAgICAgICAgICAgICAgICAgICA8L2V4cHJlc3Npb24+DQogICAgICAgICAgICAgICAgPC9yZWY+ICANCiAgICAgICAgICAgICAgICA8cmVmPg0KICAgICAgICAgICAgICAgICAgICA8cGF0aD5hc3NpZ25tZW50L2NvbnN0cnVjdGlvbi9yZXNvdXJjZVJlZjwvcGF0aD4NCiAgICAgICAgICAgICAgICAgICAgPGV4cHJlc3Npb24+DQogICAgICAgICAgICAgICAgICAgICAgICA8cXVlcnlJbnRlcnByZXRhdGlvbk9mTm9WYWx1ZT5maWx0ZXJBbGw8L3F1ZXJ5SW50ZXJwcmV0YXRpb25PZk5vVmFsdWU+DQogICAgICAgICAgICAgICAgICAgICAgICA8c2NyaXB0Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxjb2RlPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbXBvcnQgY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy5SZXNvdXJjZVR5cGU7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGltcG9ydCBjb20uZXZvbHZldW0ubWlkcG9pbnQueG1sLm5zLl9wdWJsaWMuY29tbW9uLmNvbW1vbl8zLk9iamVjdFJlZmVyZW5jZVR5cGU7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZiAoIXJlc291cmNlKSB7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICByZXR1cm4gbnVsbDsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgT2JqZWN0UmVmZXJlbmNlVHlwZSBvcnQgPSBuZXcgT2JqZWN0UmVmZXJlbmNlVHlwZSgpOyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9ydC5zZXRPaWQocmVzb3VyY2UpOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBvcnQuc2V0VHlwZShSZXNvdXJjZVR5cGUuQ09NUExFWF9UWVBFKTsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmV0dXJuIG9ydDsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L2NvZGU+ICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICA8L3NjcmlwdD4NCiAgICAgICAgICAgICAgICAgICAgPC9leHByZXNzaW9uPg0KICAgICAgICAgICAgICAgIDwvcmVmPiAgDQogICAgICAgICAgICA8L2FuZD4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICA8L2ZpbHRlcj4NCiAgICA8L3R5cGU+DQo8L2ZpbHRlcj5dXT4KCTwvcXVlcnlTdHJpbmc+Cgk8ZmllbGQgbmFtZT0ib2lkIiBjbGFzcz0iamF2YS5sYW5nLlN0cmluZyIvPgoJPGZpZWxkIG5hbWU9Im5hbWUiIGNsYXNzPSJqYXZhLmxhbmcuU3RyaW5nIi8+Cgk8ZmllbGQgbmFtZT0ibGlua1JlZiIgY2xhc3M9ImphdmEudXRpbC5BcnJheUxpc3QiLz4KCTxmaWVsZCBuYW1lPSJhc3NpZ25tZW50IiBjbGFzcz0iamF2YS51dGlsLkxpc3QiLz4KCTxmaWVsZCBuYW1lPSJhY3RpdmF0aW9uIiBjbGFzcz0iY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy5BY3RpdmF0aW9uVHlwZSIvPgoJPGZpZWxkIG5hbWU9ImZ1bGxOYW1lIiBjbGFzcz0iamF2YS5sYW5nLlN0cmluZyIvPgoJPGJhY2tncm91bmQ+CgkJPGJhbmQgaGVpZ2h0PSIzMCIgc3BsaXRUeXBlPSJTdHJldGNoIi8+Cgk8L2JhY2tncm91bmQ+Cgk8dGl0bGU+CgkJPGJhbmQgaGVpZ2h0PSIxNDUiIHNwbGl0VHlwZT0iU3RyZXRjaCI+CgkJCTxmcmFtZT4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJUaXRsZSIgbW9kZT0iT3BhcXVlIiB4PSIwIiB5PSIwIiB3aWR0aD0iMTA4MCIgaGVpZ2h0PSI2NyIgYmFja2NvbG9yPSIjMjY3OTk0IiB1dWlkPSI0NGJlZGFjYy1mYTIzLTRmZTEtYjcxZi1lNWFmYTk0M2Y1NTMiLz4KCQkJCTxzdGF0aWNUZXh0PgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJUaXRsZSIgeD0iMTAiIHk9IjEzIiB3aWR0aD0iMjY2IiBoZWlnaHQ9IjM4IiB1dWlkPSJmMmQ5OWNhZC05ZDg0LTRmNTAtYjQ1NS00NTNjODdmNjJjNGMiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0PjwhW0NEQVRBW1VzZXIgUmVwb3J0XV0+PC90ZXh0PgoJCQkJPC9zdGF0aWNUZXh0PgoJCQk8L2ZyYW1lPgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGhlYWRlciIgeD0iMiIgeT0iODUiIHdpZHRoPSIxNTAiIGhlaWdodD0iMjAiIHV1aWQ9ImIwYjk3MTRmLTk2ZjUtNGY1OC04MjRiLWM4MWZkNGQzMjFmNyIvPgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCTx0ZXh0PjwhW0NEQVRBW1JlcG9ydCBnZW5lcmF0ZWQgb246XV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTx0ZXh0RmllbGQgcGF0dGVybj0iZGQuTU1NTS55eXl5LCBISDptbTpzcyI+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIHg9IjE2MCIgeT0iODUiIHdpZHRoPSIyNTAiIGhlaWdodD0iMjAiIHV1aWQ9IjA5YTdlMjcyLTIwNGUtNDA3OC04YTVlLWU0NzI3NTc0MjRjMSIvPgoJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IlJpZ2h0IiB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIj4KCQkJCQk8Zm9udCBpc0JvbGQ9ImZhbHNlIi8+CgkJCQk8L3RleHRFbGVtZW50PgoJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbbmV3IGphdmEudXRpbC5EYXRlKCldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCTwvdGV4dEZpZWxkPgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGhlYWRlciIgeD0iMiIgeT0iMTE1IiB3aWR0aD0iMTUwIiBoZWlnaHQ9IjIwIiB1dWlkPSIzZmY3OGZiZi04ZmNlLTQwNzItYjY5MS03YWYwNDdlYTkyYTciLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtOdW1iZXIgb2YgcmVjb3JkczpdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHRleHRGaWVsZCBldmFsdWF0aW9uVGltZT0iUmVwb3J0IiBpc0JsYW5rV2hlbk51bGw9InRydWUiPgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgaGVhZGVyIiB4PSIxNjAiIHk9IjExNSIgd2lkdGg9IjI1MCIgaGVpZ2h0PSIyMCIgdXVpZD0iODkyNTEyMTEtM2Y0OS00NzFkLWI4OGQtNTU2NGMxYmQwNGQxIi8+CgkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iUmlnaHQiIHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiPgoJCQkJCTxmb250IGlzQm9sZD0iZmFsc2UiLz4KCQkJCTwvdGV4dEVsZW1lbnQ+CgkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVskVntSRVBPUlRfQ09VTlR9XV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQk8L3RleHRGaWVsZD4KCQk8L2JhbmQ+Cgk8L3RpdGxlPgoJPHBhZ2VIZWFkZXI+CgkJPGJhbmQgc3BsaXRUeXBlPSJTdHJldGNoIi8+Cgk8L3BhZ2VIZWFkZXI+Cgk8Y29sdW1uSGVhZGVyPgoJCTxiYW5kIGhlaWdodD0iMTkiIHNwbGl0VHlwZT0iU3RyZXRjaCI+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjAiIHk9IjAiIHdpZHRoPSIyNDAiIGhlaWdodD0iMTgiIHV1aWQ9IjA0OTg5MDliLWQzYzUtNGVlMy1iOGM5LWYwMGE4MDhlZmE3YSIvPgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCTx0ZXh0PjwhW0NEQVRBW05hbWVdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29sdW1uIGhlYWRlciIgeD0iMjQwIiB5PSIwIiB3aWR0aD0iMjIwIiBoZWlnaHQ9IjE4IiB1dWlkPSI4NmM3NGJlYi1iZGRkLTQ4Y2MtOTQ1YS0xNjdiMjYxYjFlMGIiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtGdWxsIG5hbWVdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29sdW1uIGhlYWRlciIgeD0iNDYwIiB5PSIwIiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjE4IiB1dWlkPSI4NmM3NGJlYi1iZGRkLTQ4Y2MtOTQ1YS0xNjdiMjYxYjFlMGIiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtBY3RpdmF0aW9uXV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjU2MCIgeT0iMCIgd2lkdGg9IjE0MCIgaGVpZ2h0PSIxOCIgdXVpZD0iMmZmZDIyOGItOGI4Ny00YmM2LWE5ZDItMzFlOGEyZDVkYmI3Ii8+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbUm9sZV1dPjwvdGV4dD4KCQkJPC9zdGF0aWNUZXh0PgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJDb2x1bW4gaGVhZGVyIiB4PSI3MDAiIHk9IjAiIHdpZHRoPSIxNDAiIGhlaWdodD0iMTgiIHV1aWQ9IjJjNGZhZWIzLWQxOWMtNGMxZS1iZmJmLTFiMTBjZWNlOGFlOCIvPgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCTx0ZXh0PjwhW0NEQVRBW09yZ2FuaXphdGlvbl1dPjwvdGV4dD4KCQkJPC9zdGF0aWNUZXh0PgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJDb2x1bW4gaGVhZGVyIiB4PSI4NDAiIHk9IjAiIHdpZHRoPSIyNDAiIGhlaWdodD0iMTgiIHV1aWQ9IjNlNGUyMzE5LTI1MDItNGE1My1hNmI0LWM3OTY4NTIxZjZiOCIvPgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCTx0ZXh0PjwhW0NEQVRBW0FjY291bnRdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQk8L2JhbmQ+Cgk8L2NvbHVtbkhlYWRlcj4KCTxkZXRhaWw+CgkJPGJhbmQgaGVpZ2h0PSIyNSIgc3BsaXRUeXBlPSJTdHJldGNoIj4KCQkJPGZyYW1lPgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkRldGFpbCIgc3RyZXRjaFR5cGU9IlJlbGF0aXZlVG9UYWxsZXN0T2JqZWN0IiBtb2RlPSJPcGFxdWUiIHg9IjAiIHk9IjAiIHdpZHRoPSIxMDgwIiBoZWlnaHQ9IjI0IiB1dWlkPSI4NmRiNjUzNy04MWYwLTQyYjEtYjc0YS1kMmJlNzA5MjcxY2QiLz4KCQkJCTx0ZXh0RmllbGQgaXNTdHJldGNoV2l0aE92ZXJmbG93PSJ0cnVlIiBpc0JsYW5rV2hlbk51bGw9InRydWUiPgoJCQkJCTxyZXBvcnRFbGVtZW50IHg9IjAiIHk9IjAiIHdpZHRoPSIyODAiIGhlaWdodD0iMjAiIHV1aWQ9IjNjNjY4ZWVlLWNkM2UtNDY5Ny1hZmUzLWVkYjc4OTQ1MjVjYyIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBWyRGe25hbWV9XV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkIGlzU3RyZXRjaFdpdGhPdmVyZmxvdz0idHJ1ZSIgaXNCbGFua1doZW5OdWxsPSJ0cnVlIj4KCQkJCQk8cmVwb3J0RWxlbWVudCB4PSIyODAiIHk9IjAiIHdpZHRoPSIxODAiIGhlaWdodD0iMjAiIHV1aWQ9ImM4OTQ4Yzg1LWVjMzEtNGIzOS04ODlhLTQzY2JjZTcwZjdmOCIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBWyRGe2Z1bGxOYW1lfV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZCBpc1N0cmV0Y2hXaXRoT3ZlcmZsb3c9InRydWUiIGlzQmxhbmtXaGVuTnVsbD0idHJ1ZSI+CgkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iNDYwIiB5PSIwIiB3aWR0aD0iMTAwIiBoZWlnaHQ9IjIwIiB1dWlkPSI4OTliMDY2ZC1kOGNmLTQ1OTQtODNiNC0xYTM1YTk1NDE2NDgiLz4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVskRnthY3RpdmF0aW9ufS5nZXRBZG1pbmlzdHJhdGl2ZVN0YXR1cygpXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8Y29tcG9uZW50RWxlbWVudD4KCQkJCQk8cmVwb3J0RWxlbWVudCB4PSI1NjAiIHk9IjAiIHdpZHRoPSIxNDAiIGhlaWdodD0iMTkiIHV1aWQ9IjQyYTdmMDFmLTM1OGEtNGEwZC1hNmFhLTRjOWMwOTNiZTNjNiIvPgoJCQkJCTxqcjpsaXN0IHhtbG5zOmpyPSJodHRwOi8vamFzcGVycmVwb3J0cy5zb3VyY2Vmb3JnZS5uZXQvamFzcGVycmVwb3J0cy9jb21wb25lbnRzIiB4c2k6c2NoZW1hTG9jYXRpb249Imh0dHA6Ly9qYXNwZXJyZXBvcnRzLnNvdXJjZWZvcmdlLm5ldC9qYXNwZXJyZXBvcnRzL2NvbXBvbmVudHMgaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L3hzZC9jb21wb25lbnRzLnhzZCIgcHJpbnRPcmRlcj0iSG9yaXpvbnRhbCI+CgkJCQkJCTxkYXRhc2V0UnVuIHN1YkRhdGFzZXQ9InJvbGVzRGF0YXNldCIgdXVpZD0iMzAwNTg2ZDYtMGYzMi00YWY5LWIyN2YtYWI5OTE2NzUwMWQ1Ij4KCQkJCQkJCTxwYXJhbWV0ZXJzTWFwRXhwcmVzc2lvbj48IVtDREFUQVtuZXcgSGFzaE1hcCgkUHtSRVBPUlRfUEFSQU1FVEVSU19NQVB9KV1dPjwvcGFyYW1ldGVyc01hcEV4cHJlc3Npb24+CgkJCQkJCQk8ZGF0YXNldFBhcmFtZXRlciBuYW1lPSJhc3NpZ25tZW50Ij4KCQkJCQkJCQk8ZGF0YXNldFBhcmFtZXRlckV4cHJlc3Npb24+PCFbQ0RBVEFbJEZ7YXNzaWdubWVudH1dXT48L2RhdGFzZXRQYXJhbWV0ZXJFeHByZXNzaW9uPgoJCQkJCQkJPC9kYXRhc2V0UGFyYW1ldGVyPgoJCQkJCQkJPGNvbm5lY3Rpb25FeHByZXNzaW9uPjwhW0NEQVRBWyRQe1JFUE9SVF9DT05ORUNUSU9OfV1dPjwvY29ubmVjdGlvbkV4cHJlc3Npb24+CgkJCQkJCTwvZGF0YXNldFJ1bj4KCQkJCQkJPGpyOmxpc3RDb250ZW50cyBoZWlnaHQ9IjE4IiB3aWR0aD0iMTQwIj4KCQkJCQkJCTx0ZXh0RmllbGQgaXNTdHJldGNoV2l0aE92ZXJmbG93PSJ0cnVlIiBpc0JsYW5rV2hlbk51bGw9InRydWUiPgoJCQkJCQkJCTxyZXBvcnRFbGVtZW50IHg9IjAiIHk9IjAiIHdpZHRoPSIxNDAiIGhlaWdodD0iMTgiIHV1aWQ9IjYxZGM5NDBlLTFkZjQtNDczZC1hMWY1LWMyMWRmNjY2ZThhMSIvPgoJCQkJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBWyRGe25hbWV9XV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJCQkJPC90ZXh0RmllbGQ+CgkJCQkJCTwvanI6bGlzdENvbnRlbnRzPgoJCQkJCTwvanI6bGlzdD4KCQkJCTwvY29tcG9uZW50RWxlbWVudD4KCQkJCTxjb21wb25lbnRFbGVtZW50PgoJCQkJCTxyZXBvcnRFbGVtZW50IHg9IjcwMCIgeT0iMCIgd2lkdGg9IjE0MCIgaGVpZ2h0PSIxOSIgdXVpZD0iZTdmNjY4ZjMtOTY2NC00NjYwLThiMTYtMGQyNWRmN2QzZTJkIi8+CgkJCQkJPGpyOmxpc3QgeG1sbnM6anI9Imh0dHA6Ly9qYXNwZXJyZXBvcnRzLnNvdXJjZWZvcmdlLm5ldC9qYXNwZXJyZXBvcnRzL2NvbXBvbmVudHMiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2phc3BlcnJlcG9ydHMvY29tcG9uZW50cyBodHRwOi8vamFzcGVycmVwb3J0cy5zb3VyY2Vmb3JnZS5uZXQveHNkL2NvbXBvbmVudHMueHNkIiBwcmludE9yZGVyPSJIb3Jpem9udGFsIj4KCQkJCQkJPGRhdGFzZXRSdW4gc3ViRGF0YXNldD0ib3Jnc0RhdGFzZXQiIHV1aWQ9ImFmNjRjMTdjLTAyZWUtNDA0NC1hOWNlLTkxYTkwYTdhNGUwOCI+CgkJCQkJCQk8cGFyYW1ldGVyc01hcEV4cHJlc3Npb24+PCFbQ0RBVEFbbmV3IEhhc2hNYXAoJFB7UkVQT1JUX1BBUkFNRVRFUlNfTUFQfSldXT48L3BhcmFtZXRlcnNNYXBFeHByZXNzaW9uPgoJCQkJCQkJPGRhdGFzZXRQYXJhbWV0ZXIgbmFtZT0iYXNzaWdubWVudCI+CgkJCQkJCQkJPGRhdGFzZXRQYXJhbWV0ZXJFeHByZXNzaW9uPjwhW0NEQVRBWyRGe2Fzc2lnbm1lbnR9XV0+PC9kYXRhc2V0UGFyYW1ldGVyRXhwcmVzc2lvbj4KCQkJCQkJCTwvZGF0YXNldFBhcmFtZXRlcj4KCQkJCQkJCTxjb25uZWN0aW9uRXhwcmVzc2lvbj48IVtDREFUQVskUHtSRVBPUlRfQ09OTkVDVElPTn1dXT48L2Nvbm5lY3Rpb25FeHByZXNzaW9uPgoJCQkJCQk8L2RhdGFzZXRSdW4+CgkJCQkJCTxqcjpsaXN0Q29udGVudHMgaGVpZ2h0PSIxOSIgd2lkdGg9IjE0MCI+CgkJCQkJCQk8dGV4dEZpZWxkIGlzU3RyZXRjaFdpdGhPdmVyZmxvdz0idHJ1ZSIgaXNCbGFua1doZW5OdWxsPSJ0cnVlIj4KCQkJCQkJCQk8cmVwb3J0RWxlbWVudCB4PSIwIiB5PSIwIiB3aWR0aD0iMTQwIiBoZWlnaHQ9IjE5IiB1dWlkPSI5ZjQ4OTRmMy00ZGFjLTQ4MTMtODBjZi1hZDk3MDgzNmMwZWEiLz4KCQkJCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVskRntuYW1lfV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCQkJCTwvdGV4dEZpZWxkPgoJCQkJCQk8L2pyOmxpc3RDb250ZW50cz4KCQkJCQk8L2pyOmxpc3Q+CgkJCQk8L2NvbXBvbmVudEVsZW1lbnQ+CgkJCQk8Y29tcG9uZW50RWxlbWVudD4KCQkJCQk8cmVwb3J0RWxlbWVudCB4PSI4NDAiIHk9IjAiIHdpZHRoPSIyNDAiIGhlaWdodD0iMTkiIHV1aWQ9ImE4Y2UyNTAwLWQ3OTktNDhjYy1hMzMxLTRjMTNhMmFmNjc0NCIvPgoJCQkJCTxqcjpsaXN0IHhtbG5zOmpyPSJodHRwOi8vamFzcGVycmVwb3J0cy5zb3VyY2Vmb3JnZS5uZXQvamFzcGVycmVwb3J0cy9jb21wb25lbnRzIiB4c2k6c2NoZW1hTG9jYXRpb249Imh0dHA6Ly9qYXNwZXJyZXBvcnRzLnNvdXJjZWZvcmdlLm5ldC9qYXNwZXJyZXBvcnRzL2NvbXBvbmVudHMgaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L3hzZC9jb21wb25lbnRzLnhzZCIgcHJpbnRPcmRlcj0iSG9yaXpvbnRhbCI+CgkJCQkJCTxkYXRhc2V0UnVuIHN1YkRhdGFzZXQ9ImFjY291bnRzRGF0YXNldCIgdXVpZD0iNmYxODVmNDgtZGJjMC00NzAzLThjZjItNWY5YzJjNzQwZDk3Ij4KCQkJCQkJCTxwYXJhbWV0ZXJzTWFwRXhwcmVzc2lvbj48IVtDREFUQVtuZXcgSGFzaE1hcCgkUHtSRVBPUlRfUEFSQU1FVEVSU19NQVB9KV1dPjwvcGFyYW1ldGVyc01hcEV4cHJlc3Npb24+CgkJCQkJCQk8ZGF0YXNldFBhcmFtZXRlciBuYW1lPSJvYmplY3RSZWYiPgoJCQkJCQkJCTxkYXRhc2V0UGFyYW1ldGVyRXhwcmVzc2lvbj48IVtDREFUQVskRntsaW5rUmVmfV1dPjwvZGF0YXNldFBhcmFtZXRlckV4cHJlc3Npb24+CgkJCQkJCQk8L2RhdGFzZXRQYXJhbWV0ZXI+CgkJCQkJCQk8Y29ubmVjdGlvbkV4cHJlc3Npb24+PCFbQ0RBVEFbJFB7UkVQT1JUX0NPTk5FQ1RJT059XV0+PC9jb25uZWN0aW9uRXhwcmVzc2lvbj4KCQkJCQkJPC9kYXRhc2V0UnVuPgoJCQkJCQk8anI6bGlzdENvbnRlbnRzIGhlaWdodD0iMTkiIHdpZHRoPSIyNDAiPgoJCQkJCQkJPHRleHRGaWVsZCBpc1N0cmV0Y2hXaXRoT3ZlcmZsb3c9InRydWUiIGlzQmxhbmtXaGVuTnVsbD0idHJ1ZSI+CgkJCQkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iMCIgeT0iMCIgd2lkdGg9IjI0MCIgaGVpZ2h0PSIxOSIgdXVpZD0iNGU1OTg5ZGYtNzM0Yy00MWFkLTg0NzItYjZhNmY4OTM5YjI4Ii8+CgkJCQkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbJEZ7bmFtZX0rIiAoUmVzb3VyY2U6ICIrJEZ7cmVzb3VyY2VSZWZ9LmdldE5hbWUoKS5nZXRPcmlnKCkrIikiXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJCQkJPC90ZXh0RmllbGQ+CgkJCQkJCTwvanI6bGlzdENvbnRlbnRzPgoJCQkJCTwvanI6bGlzdD4KCQkJCTwvY29tcG9uZW50RWxlbWVudD4KCQkJCTxsaW5lPgoJCQkJCTxyZXBvcnRFbGVtZW50IHBvc2l0aW9uVHlwZT0iRml4UmVsYXRpdmVUb0JvdHRvbSIgbW9kZT0iT3BhcXVlIiB4PSIwIiB5PSIxOSIgd2lkdGg9IjEwODAiIGhlaWdodD0iMSIgZm9yZWNvbG9yPSIjMzMzMzMzIiB1dWlkPSI0N2Y5MTgwMS1jZjVmLTRiZWQtYjE5Yy1jYTM5MzFjYmY5OGQiLz4KCQkJCTwvbGluZT4KCQkJPC9mcmFtZT4KCQk8L2JhbmQ+Cgk8L2RldGFpbD4KCTxjb2x1bW5Gb290ZXI+CgkJPGJhbmQgaGVpZ2h0PSI3IiBzcGxpdFR5cGU9IlN0cmV0Y2giPgoJCQk8bGluZT4KCQkJCTxyZXBvcnRFbGVtZW50IHBvc2l0aW9uVHlwZT0iRml4UmVsYXRpdmVUb0JvdHRvbSIgeD0iMCIgeT0iMyIgd2lkdGg9IjEwODAiIGhlaWdodD0iMSIgdXVpZD0iYTU5MWQ0YzEtMWNhZC00ZGEyLTlmOWQtMDgxZjUzOWU5MDQzIi8+CgkJCQk8Z3JhcGhpY0VsZW1lbnQ+CgkJCQkJPHBlbiBsaW5lV2lkdGg9IjAuNSIgbGluZUNvbG9yPSIjOTk5OTk5Ii8+CgkJCQk8L2dyYXBoaWNFbGVtZW50PgoJCQk8L2xpbmU+CgkJPC9iYW5kPgoJPC9jb2x1bW5Gb290ZXI+Cgk8cGFnZUZvb3Rlcj4KCQk8YmFuZCBoZWlnaHQ9IjMyIiBzcGxpdFR5cGU9IlN0cmV0Y2giPgoJCQk8ZnJhbWU+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBmb290ZXIiIG1vZGU9IlRyYW5zcGFyZW50IiB4PSIwIiB5PSIxIiB3aWR0aD0iMTA4MCIgaGVpZ2h0PSIyNCIgdXVpZD0iZmJlOGFhZTQtNjUwMC00NjhhLWIxZTgtNzAwYjU2OTEzOWExIi8+CgkJCQk8dGV4dEZpZWxkIHBhdHRlcm49ImRkLk1NTU1NLnl5eXkiPgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGZvb3RlciIgeD0iMiIgeT0iMSIgd2lkdGg9IjE5NyIgaGVpZ2h0PSIyMCIgdXVpZD0iMjhiYjliNDctYTY5Yy00OGUxLTkwNzMtZDU0ZDkyNjI0MmU4Ii8+CgkJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVtuZXcgamF2YS51dGlsLkRhdGUoKV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZD4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBmb290ZXIiIHg9Ijk2MCIgeT0iMSIgd2lkdGg9IjgwIiBoZWlnaHQ9IjIwIiB1dWlkPSI1YzA2MmM2Ni1iYTQ1LTQyODgtOWRjZC0yNDZlMjhjNWFmNzUiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iUmlnaHQiIHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVsiUGFnZSAiKyRWe1BBR0VfTlVNQkVSfSsiIG9mIl1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZCBldmFsdWF0aW9uVGltZT0iUmVwb3J0Ij4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBmb290ZXIiIHg9IjEwNDAiIHk9IjEiIHdpZHRoPSI0MCIgaGVpZ2h0PSIyMCIgdXVpZD0iOTM0YjE2ZTgtYzNlYi00MDE3LTg2NmEtMGI3NzM1YmYyOTE3Ii8+CgkJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVsiICIgKyAkVntQQUdFX05VTUJFUn1dXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJPC9mcmFtZT4KCQk8L2JhbmQ+Cgk8L3BhZ2VGb290ZXI+CjwvamFzcGVyUmVwb3J0Pgo=</template>
-        <templateStyle>PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgamFzcGVyVGVtcGxhdGUNCiAgUFVCTElDICItLy9KYXNwZXJSZXBvcnRzLy9EVEQgVGVtcGxhdGUvL0VOIg0KICAiaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2R0ZHMvamFzcGVydGVtcGxhdGUuZHRkIj4NCjxqYXNwZXJUZW1wbGF0ZT4NCiAgICAgICAgCTxzdHlsZSBmb250TmFtZT0iRGVqYVZ1IFNhbnMiIGZvbnRTaXplPSIxMCIgaEFsaWduPSJMZWZ0IiBpc0RlZmF1bHQ9InRydWUiIGlzUGRmRW1iZWRkZWQ9InRydWUiIA0KCQkJCSAgIG5hbWU9IkJhc2UiIHBkZkVuY29kaW5nPSJJZGVudGl0eS1IIiBwZGZGb250TmFtZT0iRGVqYVZ1U2Fucy50dGYiIHZBbGlnbj0iTWlkZGxlIj4NCgkJCTwvc3R5bGU+DQoJCQk8c3R5bGUgYmFja2NvbG9yPSIjMjY3OTk0IiBmb250U2l6ZT0iMjYiIGZvcmVjb2xvcj0iI0ZGRkZGRiIgaXNEZWZhdWx0PSJmYWxzZSINCiAgICAgICAgICAgICAgICAgICBtb2RlPSJPcGFxdWUiIG5hbWU9IlRpdGxlIiBzdHlsZT0iQmFzZSIvPiANCgkJCTxzdHlsZSBmb250U2l6ZT0iMTIiIGZvcmVjb2xvcj0iIzAwMDAwMCIgaXNEZWZhdWx0PSJmYWxzZSIgbmFtZT0iUGFnZSBoZWFkZXIiDQogICAgICAgICAgICAgICAgICAgc3R5bGU9IkJhc2UiLz4NCgkJCTxzdHlsZSBiYWNrY29sb3I9IiMzMzMzMzMiIGZvbnRTaXplPSIxMiIgZm9yZWNvbG9yPSIjRkZGRkZGIiBoQWxpZ249IkNlbnRlciINCiAgICAgICAgICAgICAgICAgICBpc0RlZmF1bHQ9ImZhbHNlIiBtb2RlPSJPcGFxdWUiIG5hbWU9IkNvbHVtbiBoZWFkZXIiIHN0eWxlPSJCYXNlIi8+DQoJCQk8c3R5bGUgaXNCb2xkPSJmYWxzZSIgaXNEZWZhdWx0PSJmYWxzZSIgbmFtZT0iRGV0YWlsIiBzdHlsZT0iQmFzZSIvPg0KICAgICAgICAgICAgPHN0eWxlIGlzQm9sZD0iZmFsc2UiIGlzRGVmYXVsdD0iZmFsc2UiIG5hbWU9IkNvZGUiIHN0eWxlPSJCYXNlIiBmb250U2l6ZT0iOSIvPg0KCQkJPHN0eWxlIGZvbnRTaXplPSI5IiBmb3JlY29sb3I9IiMwMDAwMDAiIGlzRGVmYXVsdD0iZmFsc2UiIG5hbWU9IlBhZ2UgZm9vdGVyIg0KICAgICAgICAgICAgICAgICAgIHN0eWxlPSJCYXNlIi8+DQoJCTwvamFzcGVyVGVtcGxhdGU+</templateStyle>
-        <export>pdf</export>
-        <virtualizer>JRSwapFileVirtualizer</virtualizer>
-        <virtualizerKickOn>300</virtualizerKickOn>
-        <maxPages>10000</maxPages>
-        <timeout>300000</timeout>
-    </jasper>
+    <assignment>
+        <targetRef oid="00000000-0000-0000-0000-000000000171" type="ArchetypeType"/>
+    </assignment>
+    <objectCollection>
+        <collection>
+            <filter>
+                <q:and>
+                    <q:equal>
+                        <q:path>activation/administrativeStatus</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <code>
+                                    if (!activation) {
+                                        return null;
+                                    }
+                                    return activation;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:equal>
+                    <q:ref>
+                        <q:path>assignment/targetRef</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <objectVariableMode>prismReference</objectVariableMode>
+                                <code>
+                                    import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
+
+                                    if (!organization) {
+                                    return null;
+                                    }
+
+                                    ObjectReferenceType ort = new ObjectReferenceType();
+                                    ort.setOid(organization.getOid());
+                                    ort.setRelation(organization.getRelation());
+                                    ort.setType(organization.getTargetType());
+                                    return ort;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:ref>
+                    <q:ref>
+                        <q:path>assignment/targetRef</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <objectVariableMode>prismReference</objectVariableMode>
+                                <code>
+                                    import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
+
+                                    if (!role) {
+                                    return null;
+                                    }
+
+                                    ObjectReferenceType ort = new ObjectReferenceType();
+                                    ort.setOid(role.getOid());
+                                    ort.setRelation(role.getRelation());
+                                    ort.setType(role.getTargetType());
+                                    return ort;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:ref>
+                    <q:ref>
+                        <q:path>assignment/construction/resourceRef</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <objectVariableMode>prismReference</objectVariableMode>
+                                <code>
+                                    import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
+
+                                    if (!resource) {
+                                    return null;
+                                    }
+
+                                    ObjectReferenceType ort = new ObjectReferenceType();
+                                    ort.setOid(resource.getOid());
+                                    ort.setRelation(resource.getRelation());
+                                    ort.setType(resource.getTargetType());
+                                    return ort;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:ref>
+                </q:and>
+            </filter>
+        </collection>
+        <parameter>
+            <name>activation</name>
+            <type>ActivationStatusType</type>
+            <display>
+                <label>
+                    <orig>activation</orig>
+                    <translation>
+                        <key>ActivationType.administrativeStatus</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>organization</name>
+            <type>c:ObjectReferenceType</type>
+            <targetType>c:OrgType</targetType>
+            <display>
+                <label>
+                    <orig>organization</orig>
+                    <translation>
+                        <key>ObjectTypeGuiDescriptor.org</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>role</name>
+            <type>c:ObjectReferenceType</type>
+            <targetType>c:RoleType</targetType>
+            <display>
+                <label>
+                    <orig>role</orig>
+                    <translation>
+                        <key>ObjectTypeGuiDescriptor.role</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>resource</name>
+            <type>c:ObjectReferenceType</type>
+            <targetType>c:ResourceType</targetType>
+            <display>
+                <label>
+                    <orig>resource</orig>
+                    <translation>
+                        <key>ObjectTypeGuiDescriptor.resource</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <view>
+            <type>UserType</type>
+        </view>
+    </objectCollection>
 </report>
diff --git a/gui/admin-gui/src/main/resources/initial-objects/130-report-certification-definitions.xml b/gui/admin-gui/src/main/resources/initial-objects/130-report-certification-definitions.xml
index 9795729d665..ae05a788aa2 100644
--- a/gui/admin-gui/src/main/resources/initial-objects/130-report-certification-definitions.xml
+++ b/gui/admin-gui/src/main/resources/initial-objects/130-report-certification-definitions.xml
@@ -7,6 +7,7 @@
   -->
 
 <report xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
         oid="00000000-0000-0000-0000-000000000130">
     <name>Certification definitions report</name>
     <description>All certification definitions with basic information on related campaigns.</description>
@@ -15,15 +16,14 @@
     </assignment>
     <objectCollection>
         <collection>
-            <collectionRef oid="00000000-0000-0000-0001-000000000255" type="ObjectCollectionType"/>
+            <filter>
+                <q:all/>
+            </filter>
         </collection>
         <view>
             <column>
                 <name>nameColumn</name>
                 <path>name</path>
-                <display>
-                    <label>Name</label>
-                </display>
             </column>
             <column>
                 <name>ownerColumn</name>
@@ -43,21 +43,12 @@
                     <expression>
                         <script>
                             <code>
-                                import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignType
-
-                                oid = object.getOid();
-                                numberOfCampaigns = 0;
-                                campaigns = midpoint.searchObjects(AccessCertificationCampaignType.class, prismContext.queryFor(AccessCertificationCampaignType.class).build(), null);
-                                for (AccessCertificationCampaignType campaign : campaigns) {
-                                    if (oid.equals(campaign.getDefinitionRef().getOid())) {
-                                        numberOfCampaigns++
-                                    }
-                                }
-                                return numberOfCampaigns;
+                                return campaigns;
                             </code>
                         </script>
                     </expression>
                 </export>
+                <displayValue>number</displayValue>
             </column>
             <column>
                 <name>openCampaignsColumn</name>
@@ -74,7 +65,6 @@
 
                                 oid = object.getOid();
                                 numberOfCampaigns = 0;
-                                campaigns = midpoint.searchObjects(AccessCertificationCampaignType.class, prismContext.queryFor(AccessCertificationCampaignType.class).build(), null);
                                 for (AccessCertificationCampaignType campaign : campaigns) {
                                     if (oid.equals(campaign.getDefinitionRef().getOid())) {
                                         AccessCertificationCampaignStateType state = campaign.getState();
@@ -89,6 +79,7 @@
                         </script>
                     </expression>
                 </export>
+                <displayValue>number</displayValue>
             </column>
             <column>
                 <name>lastStartedColumn</name>
@@ -126,6 +117,24 @@
             </column>
             <type>AccessCertificationDefinitionType</type>
         </view>
+        <paging>
+            <orderDirection>ascending</orderDirection>
+            <orderBy>name</orderBy>
+        </paging>
+        <subreport>
+            <name>campaigns</name>
+            <type>AccessCertificationCampaignType</type>
+            <expression>
+                <script>
+                    <code>
+                        import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignType
+
+                        query = prismContext.queryFor(AccessCertificationCampaignType.class).item(AccessCertificationCampaignType.F_DEFINITION_REF).ref(object.getOid()).build();
+                        return midpoint.searchObjects(AccessCertificationCampaignType.class, query, null);
+                    </code>
+                </script>
+            </expression>
+        </subreport>
         <useOnlyReportView>true</useOnlyReportView>
     </objectCollection>
 </report>
diff --git a/gui/admin-gui/src/main/resources/initial-objects/140-report-certification-campaigns.xml b/gui/admin-gui/src/main/resources/initial-objects/140-report-certification-campaigns.xml
index 78b2853c93e..c34d4949e8f 100644
--- a/gui/admin-gui/src/main/resources/initial-objects/140-report-certification-campaigns.xml
+++ b/gui/admin-gui/src/main/resources/initial-objects/140-report-certification-campaigns.xml
@@ -7,19 +7,180 @@
   -->
 
 <report xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
         oid="00000000-0000-0000-0000-000000000140">
-   <name>Certification campaigns report (Jasper)</name>
-   <description>All certification campaigns along with their state.</description>
-   <jasper>
-       <parent>true</parent>
-       <template>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGphc3BlclJlcG9ydCB4bWxucz0iaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2phc3BlcnJlcG9ydHMiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2phc3BlcnJlcG9ydHMgaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L3hzZC9qYXNwZXJyZXBvcnQueHNkIiBuYW1lPSJyZXBvcnRVc2VyTGlzdCIgcGFnZVdpZHRoPSIxMjAwIiBwYWdlSGVpZ2h0PSI1OTUiIG9yaWVudGF0aW9uPSJMYW5kc2NhcGUiIHdoZW5Ob0RhdGFUeXBlPSJBbGxTZWN0aW9uc05vRGV0YWlsIiBjb2x1bW5XaWR0aD0iMTE2MCIgbGVmdE1hcmdpbj0iMjAiIHJpZ2h0TWFyZ2luPSIyMCIgdG9wTWFyZ2luPSIzMCIgYm90dG9tTWFyZ2luPSIzMCIgdXVpZD0iNjdlNDY1YzUtNDZlYS00MGQyLWJlYTAtNDY5YzZjZjM4OTM3Ij4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5wcmludC5rZWVwLmZ1bGwudGV4dCIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzLnJlbW92ZS5lbXB0eS5zcGFjZS5iZXR3ZWVuLmNvbHVtbnMiIHZhbHVlPSJ0cnVlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5yZW1vdmUuZW1wdHkuc3BhY2UuYmV0d2Vlbi5yb3dzIiB2YWx1ZT0idHJ1ZSIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC5wZGYuZm9yY2UubGluZWJyZWFrLnBvbGljeSIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQuY3N2LmV4Y2x1ZGUub3JpZ2luLmJhbmQuMSIgdmFsdWU9InRpdGxlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0LmNzdi5leGNsdWRlLm9yaWdpbi5iYW5kLjIiIHZhbHVlPSJwYWdlRm9vdGVyIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5leGNsdWRlLm9yaWdpbi5iYW5kLjEiIHZhbHVlPSJwYWdlSGVhZGVyIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5leGNsdWRlLm9yaWdpbi5iYW5kLjIiIHZhbHVlPSJwYWdlRm9vdGVyIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5leGNsdWRlLm9yaWdpbi5rZWVwLmZpcnN0LmJhbmQuMiIgdmFsdWU9ImNvbHVtbkhlYWRlciIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC54bHMuZGV0ZWN0LmNlbGwudHlwZSIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzLndyYXAudGV4dCIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzLmF1dG8uZml0LnJvdyIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzLmF1dG8uZml0LmNvbHVtbiIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5hd3QuaWdub3JlLm1pc3NpbmcuZm9udCIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJpcmVwb3J0Lnpvb20iIHZhbHVlPSIxLjAiLz4KCTxwcm9wZXJ0eSBuYW1lPSJpcmVwb3J0LngiIHZhbHVlPSIxNiIvPgoJPHByb3BlcnR5IG5hbWU9ImlyZXBvcnQueSIgdmFsdWU9IjE0Ii8+Cgk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLmRhdGEuZGVmYXVsdGRhdGFhZGFwdGVyIiB2YWx1ZT0ibXFsLnhtbCIvPgoJPGltcG9ydCB2YWx1ZT0iY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy4qIi8+Cgk8aW1wb3J0IHZhbHVlPSJjb20uZXZvbHZldW0ubWlkcG9pbnQucmVwb3J0LmltcGwuUmVwb3J0VXRpbHMiLz4KCTxpbXBvcnQgdmFsdWU9ImNvbS5ldm9sdmV1bS5taWRwb2ludC5zY2hlbWEudXRpbC5DZXJ0Q2FtcGFpZ25UeXBlVXRpbCIvPgoJPHN0eWxlIG5hbWU9IkJhc2UiIGlzRGVmYXVsdD0idHJ1ZSIgaFRleHRBbGlnbj0iTGVmdCIgaEltYWdlQWxpZ249IkxlZnQiIHZUZXh0QWxpZ249Ik1pZGRsZSIgdkltYWdlQWxpZ249Ik1pZGRsZSIgZm9udE5hbWU9IkRlamFWdSBTYW5zIiBmb250U2l6ZT0iMTAiIHBkZkZvbnROYW1lPSJEZWphVnVTYW5zLnR0ZiIgcGRmRW5jb2Rpbmc9IklkZW50aXR5LUgiIGlzUGRmRW1iZWRkZWQ9InRydWUiLz4KCTxzdHlsZSBuYW1lPSJUaXRsZSIgc3R5bGU9IkJhc2UiIG1vZGU9Ik9wYXF1ZSIgZm9yZWNvbG9yPSIjRkZGRkZGIiBiYWNrY29sb3I9IiMyNjc5OTQiIGZvbnRTaXplPSIyNiIvPgoJPHN0eWxlIG5hbWU9IlBhZ2UgaGVhZGVyIiBzdHlsZT0iQmFzZSIgZm9yZWNvbG9yPSIjMDAwMDAwIiBmb250U2l6ZT0iMTIiLz4KCTxzdHlsZSBuYW1lPSJDb2x1bW4gaGVhZGVyIiBzdHlsZT0iQmFzZSIgbW9kZT0iT3BhcXVlIiBmb3JlY29sb3I9IiNGRkZGRkYiIGJhY2tjb2xvcj0iIzMzMzMzMyIgaFRleHRBbGlnbj0iQ2VudGVyIiBoSW1hZ2VBbGlnbj0iQ2VudGVyIiBmb250U2l6ZT0iMTIiLz4KCTxzdHlsZSBuYW1lPSJEZXRhaWwiIHN0eWxlPSJCYXNlIiBpc0JvbGQ9ImZhbHNlIi8+Cgk8c3R5bGUgbmFtZT0iQ29kZSIgc3R5bGU9IkJhc2UiIGZvbnRTaXplPSI5IiBpc0JvbGQ9ImZhbHNlIi8+Cgk8c3R5bGUgbmFtZT0iUGFnZSBmb290ZXIiIHN0eWxlPSJCYXNlIiBmb3JlY29sb3I9IiMwMDAwMDAiIGZvbnRTaXplPSI5Ii8+Cgk8cGFyYW1ldGVyIG5hbWU9ImFsc29DbG9zZWRDYW1wYWlnbnMiIGNsYXNzPSJqYXZhLmxhbmcuQm9vbGVhbiI+CgkJPHBhcmFtZXRlckRlc2NyaXB0aW9uPjwhW0NEQVRBW1Nob3VsZCB3ZSBzaG93IGFsc28gY2FtcGFpZ25zIHRoYXQgd2VyZSBhbHJlYWR5IGNsb3NlZD8gKGRlZmF1bHQgaXMgZmFsc2UpXV0+PC9wYXJhbWV0ZXJEZXNjcmlwdGlvbj4KCTwvcGFyYW1ldGVyPgoJPHF1ZXJ5U3RyaW5nIGxhbmd1YWdlPSJtcWwiPgoJCTwhW0NEQVRBWzxjb2RlPiAgICAgICAgDQogICAgcmVwb3J0LmdldENlcnRpZmljYXRpb25DYW1wYWlnbnMoYWxzb0Nsb3NlZENhbXBhaWducykNCjwvY29kZT5dXT4KCTwvcXVlcnlTdHJpbmc+Cgk8ZmllbGQgbmFtZT0ib2lkIiBjbGFzcz0iamF2YS5sYW5nLlN0cmluZyIvPgoJPGZpZWxkIG5hbWU9Im5hbWUiIGNsYXNzPSJqYXZhLmxhbmcuU3RyaW5nIi8+Cgk8ZmllbGQgbmFtZT0ib3duZXJSZWYiIGNsYXNzPSJjb20uZXZvbHZldW0ubWlkcG9pbnQueG1sLm5zLl9wdWJsaWMuY29tbW9uLmNvbW1vbl8zLk9iamVjdFJlZmVyZW5jZVR5cGUiLz4KCTxmaWVsZCBuYW1lPSJzdGFydFRpbWVzdGFtcCIgY2xhc3M9ImphdmF4LnhtbC5kYXRhdHlwZS5YTUxHcmVnb3JpYW5DYWxlbmRhciIvPgoJPGZpZWxkIG5hbWU9ImVuZFRpbWVzdGFtcCIgY2xhc3M9ImphdmF4LnhtbC5kYXRhdHlwZS5YTUxHcmVnb3JpYW5DYWxlbmRhciIvPgoJPGZpZWxkIG5hbWU9InN0YXRlIiBjbGFzcz0iY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy5BY2Nlc3NDZXJ0aWZpY2F0aW9uQ2FtcGFpZ25TdGF0ZVR5cGUiLz4KCTxmaWVsZCBuYW1lPSJzdGFnZU51bWJlciIgY2xhc3M9ImphdmEubGFuZy5JbnRlZ2VyIi8+Cgk8ZmllbGQgbmFtZT0iX3RoaXNfIiBjbGFzcz0iY29tLmV2b2x2ZXVtLm1pZHBvaW50LnByaXNtLlByaXNtQ29udGFpbmVyVmFsdWUiLz4KCTxiYWNrZ3JvdW5kPgoJCTxiYW5kIGhlaWdodD0iNjgiIHNwbGl0VHlwZT0iU3RyZXRjaCIvPgoJPC9iYWNrZ3JvdW5kPgoJPHRpdGxlPgoJCTxiYW5kIGhlaWdodD0iMTIzIiBzcGxpdFR5cGU9IlN0cmV0Y2giPgoJCQk8ZnJhbWU+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iVGl0bGUiIG1vZGU9Ik9wYXF1ZSIgeD0iMCIgeT0iMCIgd2lkdGg9IjExNjAiIGhlaWdodD0iNjciIGJhY2tjb2xvcj0iIzI2Nzk5NCIgdXVpZD0iNDRiZWRhY2MtZmEyMy00ZmUxLWI3MWYtZTVhZmE5NDNmNTUzIi8+CgkJCQk8c3RhdGljVGV4dD4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iVGl0bGUiIHg9IjEwIiB5PSIxNCIgd2lkdGg9IjExNDAiIGhlaWdodD0iMzgiIHV1aWQ9ImYyZDk5Y2FkLTlkODQtNGY1MC1iNDU1LTQ1M2M4N2Y2MmM0YyIvPgoJCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHQ+PCFbQ0RBVEFbQ2VydGlmaWNhdGlvbiBDYW1wYWlnbnMgUmVwb3J0XV0+PC90ZXh0PgoJCQkJPC9zdGF0aWNUZXh0PgoJCQk8L2ZyYW1lPgoJCTwvYmFuZD4KCTwvdGl0bGU+Cgk8cGFnZUhlYWRlcj4KCQk8YmFuZCBzcGxpdFR5cGU9IlN0cmV0Y2giLz4KCTwvcGFnZUhlYWRlcj4KCTxjb2x1bW5IZWFkZXI+CgkJPGJhbmQgaGVpZ2h0PSIyMCIgc3BsaXRUeXBlPSJTdHJldGNoIj4KCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LmhlaWdodCIgdmFsdWU9InBpeGVsIi8+CgkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8ubGF5b3V0IiB2YWx1ZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLmVkaXRvci5sYXlvdXQuSG9yaXpvbnRhbFJvd0xheW91dCIvPgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJDb2x1bW4gaGVhZGVyIiB4PSIwIiB5PSIwIiB3aWR0aD0iMzYwIiBoZWlnaHQ9IjIwIiB1dWlkPSIwNDk4OTA5Yi1kM2M1LTRlZTMtYjhjOS1mMDBhODA4ZWZhN2EiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtOYW1lXV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjM2MCIgeT0iMCIgd2lkdGg9IjE0NSIgaGVpZ2h0PSIyMCIgdXVpZD0iYzUzMDU1NmItZTY3NC00N2M2LWE3OTktNmYxZDViNWJjZTYxIi8+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbT3duZXJdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29sdW1uIGhlYWRlciIgeD0iNTA1IiB5PSIwIiB3aWR0aD0iMTE1IiBoZWlnaHQ9IjIwIiB1dWlkPSJiYmY5NGYwZC01MzVmLTRiN2YtYTJmMi03YWQzZWM1MGYwZWYiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtTdGFydF1dPjwvdGV4dD4KCQkJPC9zdGF0aWNUZXh0PgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJDb2x1bW4gaGVhZGVyIiB4PSI2MjAiIHk9IjAiIHdpZHRoPSIxMTUiIGhlaWdodD0iMjAiIHV1aWQ9IjNiNTQ3MjJhLTk5YmYtNGM3Yy1iNjQ5LWJiMDNlYzUzMzI5ZSI+CgkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LndpZHRoIiB2YWx1ZT0icGl4ZWwiLz4KCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtGaW5pc2hdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29sdW1uIGhlYWRlciIgeD0iNzM1IiB5PSIwIiB3aWR0aD0iNjAiIGhlaWdodD0iMjAiIHV1aWQ9IjQyMWQzOWJkLTZhZjAtNGMxYy04MzlmLTA2YzFjZjNjZjEzMCI+CgkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LngiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC53aWR0aCIgdmFsdWU9InBpeGVsIi8+CgkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbQ2FzZXNdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29sdW1uIGhlYWRlciIgeD0iNzk1IiB5PSIwIiB3aWR0aD0iMTc1IiBoZWlnaHQ9IjIwIiB1dWlkPSJjMTQzOWMwZC02NTgwLTRkOTYtOGM4YS1lOTg2MjI0Njk2ZjMiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtTdGF0ZSBhbmQgc3RhZ2VdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29sdW1uIGhlYWRlciIgeD0iOTcwIiB5PSIwIiB3aWR0aD0iOTAiIGhlaWdodD0iMjAiIHV1aWQ9ImE4YmUxZmI5LWU3MTQtNDIzZi1iMzQ5LTQyYTIyMDQ5NGI2MSIvPgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCTx0ZXh0PjwhW0NEQVRBW1N0YWdlIGNhc2VzXV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjEwNjAiIHk9IjAiIHdpZHRoPSIxMDAiIGhlaWdodD0iMjAiIHV1aWQ9IjMzMTllNTliLTUyMDEtNDU0ZC05Mjk2LTcyMmM1NTdiODQ2MCIvPgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCTx0ZXh0PjwhW0NEQVRBWyUgY29tcGxldGVdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQk8L2JhbmQ+Cgk8L2NvbHVtbkhlYWRlcj4KCTxkZXRhaWw+CgkJPGJhbmQgaGVpZ2h0PSIyNCIgc3BsaXRUeXBlPSJTdHJldGNoIj4KCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LmhlaWdodCIgdmFsdWU9InBpeGVsIi8+CgkJCTxmcmFtZT4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJEZXRhaWwiIHN0cmV0Y2hUeXBlPSJSZWxhdGl2ZVRvVGFsbGVzdE9iamVjdCIgbW9kZT0iT3BhcXVlIiB4PSIwIiB5PSIwIiB3aWR0aD0iMTE2MCIgaGVpZ2h0PSIyNCIgdXVpZD0iODZkYjY1MzctODFmMC00MmIxLWI3NGEtZDJiZTcwOTI3MWNkIj4KCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQud2lkdGgiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8ubGF5b3V0IiB2YWx1ZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLmVkaXRvci5sYXlvdXQuSG9yaXpvbnRhbFJvd0xheW91dCIvPgoJCQkJPC9yZXBvcnRFbGVtZW50PgoJCQkJPHRleHRGaWVsZD4KCQkJCQk8cmVwb3J0RWxlbWVudCB4PSIwIiB5PSIwIiB3aWR0aD0iMzYwIiBoZWlnaHQ9IjI0IiB1dWlkPSJjODk0OGM4NS1lYzMxLTRiMzktODg5YS00M2NiY2U3MGY3ZjgiPgoJCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQud2lkdGgiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVskRntuYW1lfV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZD4KCQkJCQk8cmVwb3J0RWxlbWVudCB4PSIzNjAiIHk9IjAiIHdpZHRoPSIxNDUiIGhlaWdodD0iMjQiIHV1aWQ9Ijc1YmZkNGEwLTU4MDAtNDdhNS1hNTNjLTQ1ODAyNTczMGJiMyI+CgkJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC54IiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LndpZHRoIiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbY29tLmV2b2x2ZXVtLm1pZHBvaW50LnJlcG9ydC5pbXBsLlJlcG9ydFV0aWxzLnByZXR0eVByaW50Rm9yUmVwb3J0KCRGe293bmVyUmVmfSwgZmFsc2UpXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkPgoJCQkJCTxyZXBvcnRFbGVtZW50IHg9IjUwNSIgeT0iMCIgd2lkdGg9IjExNSIgaGVpZ2h0PSIyNCIgdXVpZD0iZjliOGJiNjgtN2RjMy00N2JmLTg2MTEtODAyYjgzNjhmMjI0Ij4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LngiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQud2lkdGgiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbY29tLmV2b2x2ZXVtLm1pZHBvaW50LnJlcG9ydC5pbXBsLlJlcG9ydFV0aWxzLnByZXR0eVByaW50Rm9yUmVwb3J0KCRGe3N0YXJ0VGltZXN0YW1wfSldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iNjIwIiB5PSIwIiB3aWR0aD0iMTE1IiBoZWlnaHQ9IjI0IiB1dWlkPSJiNWRlNjAwMy1jYzY0LTRlZTQtOWIyNS05OTI3ZTczNzlmNTciPgoJCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQueCIgdmFsdWU9InBpeGVsIi8+CgkJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC53aWR0aCIgdmFsdWU9InBpeGVsIi8+CgkJCQkJPC9yZXBvcnRFbGVtZW50PgoJCQkJCTx0ZXh0RWxlbWVudCB0ZXh0QWxpZ25tZW50PSJDZW50ZXIiLz4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVtjb20uZXZvbHZldW0ubWlkcG9pbnQucmVwb3J0LmltcGwuUmVwb3J0VXRpbHMucHJldHR5UHJpbnRGb3JSZXBvcnQoJEZ7ZW5kVGltZXN0YW1wfSldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQgaXNCbGFua1doZW5OdWxsPSJ0cnVlIj4KCQkJCQk8cmVwb3J0RWxlbWVudCB4PSI3MzUiIHk9IjAiIHdpZHRoPSI2MCIgaGVpZ2h0PSIyNCIgdXVpZD0iYjkxYjNmNDUtMjUyZC00ZTcxLTk1MWMtOWUxMjBhYWY3YzVhIj4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LngiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQud2lkdGgiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbJEZ7X3RoaXNffS5nZXRDYXNlKCkuc2l6ZSgpXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkPgoJCQkJCTxyZXBvcnRFbGVtZW50IHg9Ijc5NSIgeT0iMCIgd2lkdGg9IjEzMCIgaGVpZ2h0PSIyNCIgdXVpZD0iMTA0NDMwZjctZmQ2MC00Zjk4LTg5MjctMzliMjNlNzdjZjRmIj4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LndpZHRoIiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LngiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVtjb20uZXZvbHZldW0ubWlkcG9pbnQucmVwb3J0LmltcGwuUmVwb3J0VXRpbHMucHJldHR5UHJpbnRGb3JSZXBvcnQoJEZ7c3RhdGV9KV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZD4KCQkJCQk8cmVwb3J0RWxlbWVudCB4PSI5MjUiIHk9IjAiIHdpZHRoPSI0NSIgaGVpZ2h0PSIyNCIgdXVpZD0iNGYwOTgyZjMtNDg5NS00NjA1LWE1YWEtZjY0MDJiNGFlYWI4Ij4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LndpZHRoIiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LngiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbJEZ7c3RhdGV9ID09IGNvbS5ldm9sdmV1bS5taWRwb2ludC54bWwubnMuX3B1YmxpYy5jb21tb24uY29tbW9uXzMuQWNjZXNzQ2VydGlmaWNhdGlvbkNhbXBhaWduU3RhdGVUeXBlLklOX1JFVklFV19TVEFHRSB8fAoJCQkkRntzdGF0ZX0gPT0gY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy5BY2Nlc3NDZXJ0aWZpY2F0aW9uQ2FtcGFpZ25TdGF0ZVR5cGUuUkVWSUVXX1NUQUdFX0RPTkUgCgkJCQk/ICRGe3N0YWdlTnVtYmVyfSA6ICIiXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkIGlzQmxhbmtXaGVuTnVsbD0idHJ1ZSI+CgkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iOTcwIiB5PSIwIiB3aWR0aD0iOTAiIGhlaWdodD0iMjQiIHV1aWQ9IjhjMDliNzg3LTIzOTItNDRlOS04OTBmLTQ2ZGQwZjNiM2I2OCI+CgkJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC54IiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LndpZHRoIiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBW2NvbS5ldm9sdmV1bS5taWRwb2ludC5zY2hlbWEudXRpbC5DZXJ0Q2FtcGFpZ25UeXBlVXRpbC5nZXRBY3RpdmVDYXNlcygkRntfdGhpc199LmdldENhc2UoKSwgJEZ7c3RhZ2VOdW1iZXJ9LCAkRntzdGF0ZX0pXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkIGlzQmxhbmtXaGVuTnVsbD0idHJ1ZSI+CgkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iMTA2MCIgeT0iMCIgd2lkdGg9IjEwMCIgaGVpZ2h0PSIyNCIgdXVpZD0iOTk0YTFlMGYtY2UyOC00ZTQ0LWJiNGQtNDcwYzhiYzJjNjVkIj4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LngiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQud2lkdGgiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbY29tLmV2b2x2ZXVtLm1pZHBvaW50LnNjaGVtYS51dGlsLkNlcnRDYW1wYWlnblR5cGVVdGlsLmdldENhc2VzRGVjaWRlZFBlcmNlbnRhZ2VBbGxTdGFnZXNBbGxJdGVyYXRpb25zKCRGe190aGlzX30pKyIlIl1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQk8L2ZyYW1lPgoJCTwvYmFuZD4KCTwvZGV0YWlsPgoJPHBhZ2VGb290ZXI+CgkJPGJhbmQgaGVpZ2h0PSIzMiIgc3BsaXRUeXBlPSJTdHJldGNoIj4KCQkJPGZyYW1lPgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgZm9vdGVyIiBtb2RlPSJUcmFuc3BhcmVudCIgeD0iMCIgeT0iMSIgd2lkdGg9IjExMjAiIGhlaWdodD0iMjQiIGZvcmVjb2xvcj0iIzAwMDAwMCIgYmFja2NvbG9yPSIjMjY3OTk0IiB1dWlkPSJmYmU4YWFlNC02NTAwLTQ2OGEtYjFlOC03MDBiNTY5MTM5YTEiLz4KCQkJCTx0ZXh0RmllbGQgcGF0dGVybj0iRUVFRUUgZGQgTU1NTU0geXl5eSI+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgZm9vdGVyIiB4PSIyIiB5PSIxIiB3aWR0aD0iMTk3IiBoZWlnaHQ9IjIwIiB1dWlkPSIyOGJiOWI0Ny1hNjljLTQ4ZTEtOTA3My1kNTRkOTI2MjQyZTgiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBW25ldyBqYXZhLnV0aWwuRGF0ZSgpXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkPgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGZvb3RlciIgeD0iMTAwMCIgeT0iMSIgd2lkdGg9IjgwIiBoZWlnaHQ9IjIwIiB1dWlkPSI1YzA2MmM2Ni1iYTQ1LTQyODgtOWRjZC0yNDZlMjhjNWFmNzUiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iUmlnaHQiIHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVsiUGFnZSAiKyRWe1BBR0VfTlVNQkVSfSsiIG9mIl1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZCBldmFsdWF0aW9uVGltZT0iUmVwb3J0Ij4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBmb290ZXIiIHg9IjEwODAiIHk9IjEiIHdpZHRoPSI0MCIgaGVpZ2h0PSIyMCIgdXVpZD0iOTM0YjE2ZTgtYzNlYi00MDE3LTg2NmEtMGI3NzM1YmYyOTE3Ii8+CgkJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVsiICIgKyAkVntQQUdFX05VTUJFUn1dXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJPC9mcmFtZT4KCQk8L2JhbmQ+Cgk8L3BhZ2VGb290ZXI+CjwvamFzcGVyUmVwb3J0Pgo=</template>
-       <export>html</export>
-       <virtualizer>JRSwapFileVirtualizer</virtualizer>
-       <virtualizerKickOn>300</virtualizerKickOn>
-       <maxPages>10000</maxPages>
-       <timeout>300000</timeout>
-    </jasper>
-    <defaultScriptConfiguration>
-        <objectVariableMode>prismReference</objectVariableMode>
-    </defaultScriptConfiguration>
+    <name>Certification campaigns report</name>
+    <description>All certification campaigns along with their state.</description>
+    <assignment>
+        <targetRef oid="00000000-0000-0000-0000-000000000171" type="ArchetypeType" />
+    </assignment>
+    <objectCollection>
+        <collection>
+            <filter>
+                <q:or>
+                    <q:equal>
+                        <q:path>state</q:path>
+                        <expression>
+                            <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                            <script>
+                                <code>
+                                    import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignStateType
+
+                                    if (Boolean.TRUE.equals(alsoClosedCampaigns)) {
+                                        return null;
+                                    }
+                                    return AccessCertificationCampaignStateType.CREATED;
+                                </code>
+                            </script>
+                        </expression>
+                    </q:equal>
+                    <q:equal>
+                        <q:path>state</q:path>
+                        <q:value>inReviewStage</q:value>
+                    </q:equal>
+                    <q:equal>
+                        <q:path>state</q:path>
+                        <q:value>reviewStageDone</q:value>
+                    </q:equal>
+                    <q:equal>
+                        <q:path>state</q:path>
+                        <q:value>inRemediation</q:value>
+                    </q:equal>
+                </q:or>
+            </filter>
+            <baseCollectionRef>
+                <collectionRef oid="00000000-0000-0000-0001-000000000280" type="ObjectCollectionType"/>
+            </baseCollectionRef>
+        </collection>
+        <view>
+            <column>
+                <name>nameColumn</name>
+                <path>name</path>
+                <display>
+                    <label>Name</label>
+                </display>
+            </column>
+            <column>
+                <name>ownerColumn</name>
+                <path>ownerRef</path>
+                <display>
+                    <label>Owner</label>
+                </display>
+                <previousColumn>nameColumn</previousColumn>
+            </column>
+            <column>
+                <name>startTimestampColumn</name>
+                <path>startTimestamp</path>
+                <display>
+                    <label>Start</label>
+                </display>
+                <previousColumn>ownerColumn</previousColumn>
+                <export>
+                    <expression>
+                        <script>
+                            <code>
+                                com.evolveum.midpoint.report.impl.ReportUtils.prettyPrintForReport(object)
+                            </code>
+                        </script>
+                    </expression>
+                </export>
+            </column>
+            <column>
+                <name>endTimestampColumn</name>
+                <path>endTimestamp</path>
+                <display>
+                    <label>Finish</label>
+                </display>
+                <previousColumn>startTimestampColumn</previousColumn>
+                <export>
+                    <expression>
+                        <script>
+                            <code>
+                                com.evolveum.midpoint.report.impl.ReportUtils.prettyPrintForReport(object)
+                            </code>
+                        </script>
+                    </expression>
+                </export>
+            </column>
+            <column>
+                <name>casesColumn</name>
+                <path>case</path>
+                <display>
+                    <label>Cases</label>
+                </display>
+                <previousColumn>endTimestampColumn</previousColumn>
+                <displayValue>number</displayValue>
+            </column>
+            <column>
+                <name>stateColumn</name>
+                <path>state</path>
+                <display>
+                    <label>State</label>
+                </display>
+                <previousColumn>casesColumn</previousColumn>
+            </column>
+            <column>
+                <name>stageNumberColumn</name>
+                <path>stageNumber</path>
+                <display>
+                    <label>Actual stage</label>
+                </display>
+                <previousColumn>stateColumn</previousColumn>
+            </column>
+            <column>
+                <name>stageCasesColumn</name>
+                <previousColumn>stageNumberColumn</previousColumn>
+                <display>
+                    <label>Stage cases</label>
+                </display>
+                <export>
+                    <expression>
+                        <script>
+                            <code>
+                                import com.evolveum.midpoint.schema.util.CertCampaignTypeUtil
+
+                                return CertCampaignTypeUtil.getActiveCases(object.getCase(), object.getStageNumber(), object.getState())
+                            </code>
+                        </script>
+                    </expression>
+                </export>
+            </column>
+            <column>
+                <name>percentageCompleteColumn</name>
+                <previousColumn>stageCasesColumn</previousColumn>
+                <display>
+                    <label>% complete</label>
+                </display>
+                <export>
+                    <expression>
+                        <script>
+                            <code>
+                                import com.evolveum.midpoint.schema.util.CertCampaignTypeUtil
+
+                                CertCampaignTypeUtil.getCasesDecidedPercentageAllStagesAllIterations(object) + " %"
+                            </code>
+                        </script>
+                    </expression>
+                </export>
+            </column>
+            <type>AccessCertificationCampaignType</type>
+        </view>
+        <useOnlyReportView>true</useOnlyReportView>
+        <paging>
+            <orderDirection>ascending</orderDirection>
+            <orderBy>name</orderBy>
+        </paging>
+        <parameter>
+            <name>alsoClosedCampaigns</name>
+            <type>boolean</type>
+            <display>
+                <label>
+                    <orig>alsoClosedCampaigns</orig>
+                    <translation>
+                        <key>runReportPopupContent.param.name.alsoClosedCampaigns</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+    </objectCollection>
 </report>
diff --git a/gui/admin-gui/src/main/resources/initial-objects/150-report-certification-cases.xml b/gui/admin-gui/src/main/resources/initial-objects/150-report-certification-cases.xml
index b0f6c1478a5..edd13c50f19 100644
--- a/gui/admin-gui/src/main/resources/initial-objects/150-report-certification-cases.xml
+++ b/gui/admin-gui/src/main/resources/initial-objects/150-report-certification-cases.xml
@@ -6,19 +6,194 @@
   ~ and European Union Public License. See LICENSE file for details.
   -->
 <report xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
         oid="00000000-0000-0000-0000-000000000150">
-   <name>Certification cases report (Jasper)</name>
-   <description>Cases within a given certification campaign.</description>
-   <jasper>
-       <parent>true</parent>
-       <template>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGphc3BlclJlcG9ydCB4bWxucz0iaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2phc3BlcnJlcG9ydHMiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2phc3BlcnJlcG9ydHMgaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L3hzZC9qYXNwZXJyZXBvcnQueHNkIiBuYW1lPSJyZXBvcnRVc2VyTGlzdCIgcGFnZVdpZHRoPSIxMjYwIiBwYWdlSGVpZ2h0PSI1OTUiIG9yaWVudGF0aW9uPSJMYW5kc2NhcGUiIHdoZW5Ob0RhdGFUeXBlPSJBbGxTZWN0aW9uc05vRGV0YWlsIiBjb2x1bW5XaWR0aD0iMTIyMCIgbGVmdE1hcmdpbj0iMjAiIHJpZ2h0TWFyZ2luPSIyMCIgdG9wTWFyZ2luPSIzMCIgYm90dG9tTWFyZ2luPSIzMCIgdXVpZD0iNjdlNDY1YzUtNDZlYS00MGQyLWJlYTAtNDY5YzZjZjM4OTM3Ij4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5wcmludC5rZWVwLmZ1bGwudGV4dCIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzLnJlbW92ZS5lbXB0eS5zcGFjZS5iZXR3ZWVuLmNvbHVtbnMiIHZhbHVlPSJ0cnVlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5yZW1vdmUuZW1wdHkuc3BhY2UuYmV0d2Vlbi5yb3dzIiB2YWx1ZT0idHJ1ZSIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC5wZGYuZm9yY2UubGluZWJyZWFrLnBvbGljeSIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQuY3N2LmV4Y2x1ZGUub3JpZ2luLmJhbmQuMSIgdmFsdWU9InRpdGxlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0LmNzdi5leGNsdWRlLm9yaWdpbi5iYW5kLjIiIHZhbHVlPSJwYWdlRm9vdGVyIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5leGNsdWRlLm9yaWdpbi5iYW5kLjEiIHZhbHVlPSJwYWdlSGVhZGVyIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5leGNsdWRlLm9yaWdpbi5iYW5kLjIiIHZhbHVlPSJwYWdlRm9vdGVyIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5leGNsdWRlLm9yaWdpbi5rZWVwLmZpcnN0LmJhbmQuMiIgdmFsdWU9ImNvbHVtbkhlYWRlciIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC54bHMuZGV0ZWN0LmNlbGwudHlwZSIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzLndyYXAudGV4dCIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzLmF1dG8uZml0LnJvdyIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzLmF1dG8uZml0LmNvbHVtbiIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5hd3QuaWdub3JlLm1pc3NpbmcuZm9udCIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJpcmVwb3J0Lnpvb20iIHZhbHVlPSIxLjAiLz4KCTxwcm9wZXJ0eSBuYW1lPSJpcmVwb3J0LngiIHZhbHVlPSIxNiIvPgoJPHByb3BlcnR5IG5hbWU9ImlyZXBvcnQueSIgdmFsdWU9IjE0Ii8+Cgk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLmRhdGEuZGVmYXVsdGRhdGFhZGFwdGVyIiB2YWx1ZT0ibXFsLnhtbCIvPgoJPHN0eWxlIG5hbWU9IkJhc2UiIGlzRGVmYXVsdD0idHJ1ZSIgaFRleHRBbGlnbj0iTGVmdCIgaEltYWdlQWxpZ249IkxlZnQiIHZUZXh0QWxpZ249Ik1pZGRsZSIgdkltYWdlQWxpZ249Ik1pZGRsZSIgZm9udE5hbWU9IkRlamFWdSBTYW5zIiBmb250U2l6ZT0iMTAiIHBkZkZvbnROYW1lPSJEZWphVnVTYW5zLnR0ZiIgcGRmRW5jb2Rpbmc9IklkZW50aXR5LUgiIGlzUGRmRW1iZWRkZWQ9InRydWUiLz4KCTxzdHlsZSBuYW1lPSJUaXRsZSIgc3R5bGU9IkJhc2UiIG1vZGU9Ik9wYXF1ZSIgZm9yZWNvbG9yPSIjRkZGRkZGIiBiYWNrY29sb3I9IiMyNjc5OTQiIGZvbnRTaXplPSIyNiIvPgoJPHN0eWxlIG5hbWU9IlBhZ2UgaGVhZGVyIiBzdHlsZT0iQmFzZSIgZm9yZWNvbG9yPSIjMDAwMDAwIiBmb250U2l6ZT0iMTIiLz4KCTxzdHlsZSBuYW1lPSJDb2x1bW4gaGVhZGVyIiBzdHlsZT0iQmFzZSIgbW9kZT0iT3BhcXVlIiBmb3JlY29sb3I9IiNGRkZGRkYiIGJhY2tjb2xvcj0iIzMzMzMzMyIgaFRleHRBbGlnbj0iQ2VudGVyIiBoSW1hZ2VBbGlnbj0iQ2VudGVyIiBmb250U2l6ZT0iMTIiLz4KCTxzdHlsZSBuYW1lPSJEZXRhaWwiIHN0eWxlPSJCYXNlIiBpc0JvbGQ9ImZhbHNlIi8+Cgk8c3R5bGUgbmFtZT0iQ29kZSIgc3R5bGU9IkJhc2UiIGZvbnRTaXplPSI5IiBpc0JvbGQ9ImZhbHNlIi8+Cgk8c3R5bGUgbmFtZT0iUGFnZSBmb290ZXIiIHN0eWxlPSJCYXNlIiBmb3JlY29sb3I9IiMwMDAwMDAiIGZvbnRTaXplPSI5Ii8+Cgk8cGFyYW1ldGVyIG5hbWU9ImNhbXBhaWduTmFtZSIgY2xhc3M9ImphdmEubGFuZy5TdHJpbmciPgoJCTxwcm9wZXJ0eSBuYW1lPSJrZXkiIHZhbHVlPSJuYW1lIi8+CgkJPHByb3BlcnR5IG5hbWU9ImxhYmVsIiB2YWx1ZT0ibmFtZSIvPgoJCTxwcm9wZXJ0eSBuYW1lPSJ0YXJnZXRUeXBlIiB2YWx1ZT0iY29tLmV2b2x2ZXVtLm1pZHBvaW50LnhtbC5ucy5fcHVibGljLmNvbW1vbi5jb21tb25fMy5BY2Nlc3NDZXJ0aWZpY2F0aW9uQ2FtcGFpZ25UeXBlIi8+CgkJPHBhcmFtZXRlckRlc2NyaXB0aW9uPjwhW0NEQVRBW05hbWUgb2YgY2VydGlmaWNhdGlvbiBjYW1wYWlnbiB3aG9zZSBjYXNlcyBhcmUgdG8gYmUgcmVwb3J0ZWQgb24uXV0+PC9wYXJhbWV0ZXJEZXNjcmlwdGlvbj4KCTwvcGFyYW1ldGVyPgoJPHF1ZXJ5U3RyaW5nIGxhbmd1YWdlPSJtcWwiPgoJCTwhW0NEQVRBWzxjb2RlPiAgICAgICAgDQogICAgcmVwb3J0LmdldENlcnRpZmljYXRpb25DYW1wYWlnbkNhc2VzKGNhbXBhaWduTmFtZSkNCjwvY29kZT5dXT4KCTwvcXVlcnlTdHJpbmc+Cgk8ZmllbGQgbmFtZT0iX3RoaXNfIiBjbGFzcz0iY29tLmV2b2x2ZXVtLm1pZHBvaW50LnByaXNtLlByaXNtQ29udGFpbmVyVmFsdWUiLz4KCTxmaWVsZCBuYW1lPSJvYmplY3RSZWYiIGNsYXNzPSJjb20uZXZvbHZldW0ubWlkcG9pbnQueG1sLm5zLl9wdWJsaWMuY29tbW9uLmNvbW1vbl8zLk9iamVjdFJlZmVyZW5jZVR5cGUiLz4KCTxmaWVsZCBuYW1lPSJ0YXJnZXRSZWYiIGNsYXNzPSJjb20uZXZvbHZldW0ubWlkcG9pbnQueG1sLm5zLl9wdWJsaWMuY29tbW9uLmNvbW1vbl8zLk9iamVjdFJlZmVyZW5jZVR5cGUiLz4KCTxmaWVsZCBuYW1lPSJjdXJyZW50UmV2aWV3UmVxdWVzdGVkVGltZXN0YW1wIiBjbGFzcz0iamF2YXgueG1sLmRhdGF0eXBlLlhNTEdyZWdvcmlhbkNhbGVuZGFyIi8+Cgk8ZmllbGQgbmFtZT0iY3VycmVudFJldmlld0RlYWRsaW5lIiBjbGFzcz0iamF2YXgueG1sLmRhdGF0eXBlLlhNTEdyZWdvcmlhbkNhbGVuZGFyIi8+Cgk8ZmllbGQgbmFtZT0ib3V0Y29tZSIgY2xhc3M9ImphdmEubGFuZy5TdHJpbmciLz4KCTxmaWVsZCBuYW1lPSJpdGVyYXRpb24iIGNsYXNzPSJqYXZhLmxhbmcuSW50ZWdlciIvPgoJPGZpZWxkIG5hbWU9InN0YWdlTnVtYmVyIiBjbGFzcz0iamF2YS5sYW5nLkludGVnZXIiLz4KCTxmaWVsZCBuYW1lPSJyZW1lZGllZFRpbWVzdGFtcCIgY2xhc3M9ImphdmF4LnhtbC5kYXRhdHlwZS5YTUxHcmVnb3JpYW5DYWxlbmRhciIvPgoJPGJhY2tncm91bmQ+CgkJPGJhbmQgaGVpZ2h0PSI2OCIgc3BsaXRUeXBlPSJTdHJldGNoIj4KCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby5sYXlvdXQiIHZhbHVlPSJjb20uamFzcGVyc29mdC5zdHVkaW8uZWRpdG9yLmxheW91dC5GcmVlTGF5b3V0Ii8+CgkJPC9iYW5kPgoJPC9iYWNrZ3JvdW5kPgoJPHRpdGxlPgoJCTxiYW5kIGhlaWdodD0iMTIzIiBzcGxpdFR5cGU9IlN0cmV0Y2giPgoJCQk8ZnJhbWU+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iVGl0bGUiIG1vZGU9Ik9wYXF1ZSIgeD0iMCIgeT0iMCIgd2lkdGg9IjEyMjAiIGhlaWdodD0iNjciIGJhY2tjb2xvcj0iIzI2Nzk5NCIgdXVpZD0iNDRiZWRhY2MtZmEyMy00ZmUxLWI3MWYtZTVhZmE5NDNmNTUzIi8+CgkJCQk8c3RhdGljVGV4dD4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iVGl0bGUiIHg9IjEwIiB5PSIxNCIgd2lkdGg9IjEyMDAiIGhlaWdodD0iMzgiIHV1aWQ9ImYyZDk5Y2FkLTlkODQtNGY1MC1iNDU1LTQ1M2M4N2Y2MmM0YyIvPgoJCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHQ+PCFbQ0RBVEFbQ2VydGlmaWNhdGlvbiBDYXNlcyBSZXBvcnRdXT48L3RleHQ+CgkJCQk8L3N0YXRpY1RleHQ+CgkJCTwvZnJhbWU+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgaGVhZGVyIiB4PSIwIiB5PSI4NSIgd2lkdGg9IjEyMCIgaGVpZ2h0PSIyMCIgdXVpZD0iZTAzNWRiZDUtZGMyZi00NWNiLTkzNmMtYTA4ZTljMDExZTQzIj4KCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQueCIgdmFsdWU9InBpeGVsIi8+CgkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbQ2FtcGFpZ24gbmFtZTpdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHRleHRGaWVsZCBwYXR0ZXJuPSJkZC5NTS55eXl5LCBISDptbTpzcyI+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIGlzUHJpbnRSZXBlYXRlZFZhbHVlcz0iZmFsc2UiIHg9IjEyMCIgeT0iODUiIHdpZHRoPSI0MzciIGhlaWdodD0iMjAiIHV1aWQ9IjI4YmI5YjQ3LWE2OWMtNDhlMS05MDczLWQ1NGQ5MjYyNDJlOCIvPgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiPgoJCQkJCTxmb250IGlzQm9sZD0iZmFsc2UiLz4KCQkJCTwvdGV4dEVsZW1lbnQ+CgkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVskUHtjYW1wYWlnbk5hbWV9XV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQk8L3RleHRGaWVsZD4KCQk8L2JhbmQ+Cgk8L3RpdGxlPgoJPHBhZ2VIZWFkZXI+CgkJPGJhbmQgc3BsaXRUeXBlPSJTdHJldGNoIi8+Cgk8L3BhZ2VIZWFkZXI+Cgk8Y29sdW1uSGVhZGVyPgoJCTxiYW5kIGhlaWdodD0iMjAiIHNwbGl0VHlwZT0iU3RyZXRjaCI+CgkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8ubGF5b3V0IiB2YWx1ZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLmVkaXRvci5sYXlvdXQuSG9yaXpvbnRhbFJvd0xheW91dCIvPgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJDb2x1bW4gaGVhZGVyIiB4PSIwIiB5PSIwIiB3aWR0aD0iMTk1IiBoZWlnaHQ9IjIwIiB1dWlkPSIwNDk4OTA5Yi1kM2M1LTRlZTMtYjhjOS1mMDBhODA4ZWZhN2EiPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC53aWR0aCIgdmFsdWU9InBpeGVsIi8+CgkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbT2JqZWN0XV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjE5NSIgeT0iMCIgd2lkdGg9IjE5NSIgaGVpZ2h0PSIyMCIgdXVpZD0iYzUzMDU1NmItZTY3NC00N2M2LWE3OTktNmYxZDViNWJjZTYxIj4KCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQud2lkdGgiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC54IiB2YWx1ZT0icGl4ZWwiLz4KCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtUYXJnZXRdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29sdW1uIGhlYWRlciIgeD0iMzkwIiB5PSIwIiB3aWR0aD0iMTI4IiBoZWlnaHQ9IjIwIiB1dWlkPSIzYjU0NzIyYS05OWJmLTRjN2MtYjY0OS1iYjAzZWM1MzMyOWUiPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC53aWR0aCIgdmFsdWU9InBpeGVsIi8+CgkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbUmV2aWV3ZXJzXV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjUxOCIgeT0iMCIgd2lkdGg9IjEyOSIgaGVpZ2h0PSIyMCIgdXVpZD0iNDIxZDM5YmQtNmFmMC00YzFjLTgzOWYtMDZjMWNmM2NmMTMwIj4KCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQueCIgdmFsdWU9InBpeGVsIi8+CgkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LndpZHRoIiB2YWx1ZT0icGl4ZWwiLz4KCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtMYXN0IHJldmlld2VkIG9uXV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjY0NyIgeT0iMCIgd2lkdGg9IjEyOCIgaGVpZ2h0PSIyMCIgdXVpZD0iYzE0MzljMGQtNjU4MC00ZDk2LThjOGEtZTk4NjIyNDY5NmYzIi8+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbUmV2aWV3ZWQgYnldXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29sdW1uIGhlYWRlciIgeD0iNzc1IiB5PSIwIiB3aWR0aD0iNjAiIGhlaWdodD0iMjAiIHV1aWQ9ImVmMTZjYzg0LWNjYTctNDIwNC05YmM4LWQwODY4MGI1MDY3ZCI+CgkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LmhlaWdodCIgdmFsdWU9InBpeGVsIi8+CgkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbSXRlcmF0aW9uXV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjgzNSIgeT0iMCIgd2lkdGg9IjY2IiBoZWlnaHQ9IjIwIiB1dWlkPSJhOGJlMWZiOS1lNzE0LTQyM2YtYjM0OS00MmEyMjA0OTRiNjEiPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC5oZWlnaHQiIHZhbHVlPSJwaXhlbCIvPgoJCQkJPC9yZXBvcnRFbGVtZW50PgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCTx0ZXh0PjwhW0NEQVRBW0luIHN0YWdlXV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjkwMSIgeT0iMCIgd2lkdGg9IjYzIiBoZWlnaHQ9IjIwIiB1dWlkPSIzMzE5ZTU5Yi01MjAxLTQ1NGQtOTI5Ni03MjJjNTU3Yjg0NjAiPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC54IiB2YWx1ZT0icGl4ZWwiLz4KCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtSZXN1bHRdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29sdW1uIGhlYWRlciIgeD0iOTY0IiB5PSIwIiB3aWR0aD0iMTI4IiBoZWlnaHQ9IjIwIiB1dWlkPSI1M2M1OTE3MC1mNzhhLTQxYTUtOTM5OS1lNDEyOWQzZDZkZjgiPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC54IiB2YWx1ZT0icGl4ZWwiLz4KCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtDb21tZW50c11dPjwvdGV4dD4KCQkJPC9zdGF0aWNUZXh0PgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJDb2x1bW4gaGVhZGVyIiB4PSIxMDkyIiB5PSIwIiB3aWR0aD0iMTI4IiBoZWlnaHQ9IjIwIiB1dWlkPSI4MGI2ZTFiZC04YjJlLTQ3NzQtYjUxMi03ZDRjMjNhNTgyMTEiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtSZW1lZGllZCBvbl1dPjwvdGV4dD4KCQkJPC9zdGF0aWNUZXh0PgoJCTwvYmFuZD4KCTwvY29sdW1uSGVhZGVyPgoJPGRldGFpbD4KCQk8YmFuZCBoZWlnaHQ9IjI0IiBzcGxpdFR5cGU9IlN0cmV0Y2giPgoJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLmxheW91dCIgdmFsdWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby5lZGl0b3IubGF5b3V0Lkhvcml6b250YWxSb3dMYXlvdXQiLz4KCQkJPGZyYW1lPgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkRldGFpbCIgc3RyZXRjaFR5cGU9IlJlbGF0aXZlVG9UYWxsZXN0T2JqZWN0IiBtb2RlPSJPcGFxdWUiIHg9IjAiIHk9IjAiIHdpZHRoPSIxMjIwIiBoZWlnaHQ9IjI0IiB1dWlkPSI4NmRiNjUzNy04MWYwLTQyYjEtYjc0YS1kMmJlNzA5MjcxY2QiPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8ubGF5b3V0IiB2YWx1ZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLmVkaXRvci5sYXlvdXQuSG9yaXpvbnRhbFJvd0xheW91dCIvPgoJCQkJPC9yZXBvcnRFbGVtZW50PgoJCQkJPHRleHRGaWVsZCBpc1N0cmV0Y2hXaXRoT3ZlcmZsb3c9InRydWUiPgoJCQkJCTxyZXBvcnRFbGVtZW50IHg9IjAiIHk9IjAiIHdpZHRoPSIxOTUiIGhlaWdodD0iMjQiIHV1aWQ9ImM4OTQ4Yzg1LWVjMzEtNGIzOS04ODlhLTQzY2JjZTcwZjdmOCI+CgkJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC53aWR0aCIgdmFsdWU9InBpeGVsIi8+CgkJCQkJPC9yZXBvcnRFbGVtZW50PgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBW2NvbS5ldm9sdmV1bS5taWRwb2ludC5yZXBvcnQuaW1wbC5SZXBvcnRVdGlscy5wcmV0dHlQcmludEZvclJlcG9ydCgkRntvYmplY3RSZWZ9KV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZCBpc1N0cmV0Y2hXaXRoT3ZlcmZsb3c9InRydWUiPgoJCQkJCTxyZXBvcnRFbGVtZW50IHg9IjE5NSIgeT0iMCIgd2lkdGg9IjE5NSIgaGVpZ2h0PSIyNCIgdXVpZD0iNzViZmQ0YTAtNTgwMC00N2E1LWE1M2MtNDU4MDI1NzMwYmIzIj4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LndpZHRoIiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LngiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVtjb20uZXZvbHZldW0ubWlkcG9pbnQucmVwb3J0LmltcGwuUmVwb3J0VXRpbHMucHJldHR5UHJpbnRGb3JSZXBvcnQoJEZ7dGFyZ2V0UmVmfSldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQgaXNTdHJldGNoV2l0aE92ZXJmbG93PSJ0cnVlIj4KCQkJCQk8cmVwb3J0RWxlbWVudCB4PSIzOTAiIHk9IjAiIHdpZHRoPSIxMjgiIGhlaWdodD0iMjQiIHV1aWQ9ImI1ZGU2MDAzLWNjNjQtNGVlNC05YjI1LTk5MjdlNzM3OWY1NyI+CgkJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC54IiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LndpZHRoIiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBW2NvbS5ldm9sdmV1bS5taWRwb2ludC5yZXBvcnQuaW1wbC5SZXBvcnRVdGlscy5wcmV0dHlQcmludFVzZXJzRm9yUmVwb3J0KGNvbS5ldm9sdmV1bS5taWRwb2ludC5zY2hlbWEudXRpbC5DZXJ0Q2FtcGFpZ25UeXBlVXRpbC5nZXRDdXJyZW50bHlBc3NpZ25lZFJldmlld2VycygkRntfdGhpc199LmFzUHJpc21Db250YWluZXJWYWx1ZSgpKSldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iNTE4IiB5PSIwIiB3aWR0aD0iMTI5IiBoZWlnaHQ9IjI0IiB1dWlkPSJiOTFiM2Y0NS0yNTJkLTRlNzEtOTUxYy05ZTEyMGFhZjdjNWEiPgoJCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQueCIgdmFsdWU9InBpeGVsIi8+CgkJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC53aWR0aCIgdmFsdWU9InBpeGVsIi8+CgkJCQkJPC9yZXBvcnRFbGVtZW50PgoJCQkJCTx0ZXh0RWxlbWVudCB0ZXh0QWxpZ25tZW50PSJDZW50ZXIiLz4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVtjb20uZXZvbHZldW0ubWlkcG9pbnQucmVwb3J0LmltcGwuUmVwb3J0VXRpbHMucHJldHR5UHJpbnRGb3JSZXBvcnQoY29tLmV2b2x2ZXVtLm1pZHBvaW50LnNjaGVtYS51dGlsLkNlcnRDYW1wYWlnblR5cGVVdGlsLmdldExhc3RSZXZpZXdlZE9uKCRGe190aGlzX30uYXNQcmlzbUNvbnRhaW5lclZhbHVlKCkpKV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZCBpc1N0cmV0Y2hXaXRoT3ZlcmZsb3c9InRydWUiPgoJCQkJCTxyZXBvcnRFbGVtZW50IHg9IjY0NyIgeT0iMCIgd2lkdGg9IjEyOCIgaGVpZ2h0PSIyNCIgdXVpZD0iMTA0NDMwZjctZmQ2MC00Zjk4LTg5MjctMzliMjNlNzdjZjRmIj4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LngiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQud2lkdGgiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbY29tLmV2b2x2ZXVtLm1pZHBvaW50LnJlcG9ydC5pbXBsLlJlcG9ydFV0aWxzLnByZXR0eVByaW50VXNlcnNGb3JSZXBvcnQoY29tLmV2b2x2ZXVtLm1pZHBvaW50LnNjaGVtYS51dGlsLkNlcnRDYW1wYWlnblR5cGVVdGlsLmdldFJldmlld2VkQnkoJEZ7X3RoaXNffS5hc1ByaXNtQ29udGFpbmVyVmFsdWUoKSkpXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkPgoJCQkJCTxyZXBvcnRFbGVtZW50IHg9Ijc3NSIgeT0iMCIgd2lkdGg9IjYwIiBoZWlnaHQ9IjI0IiB1dWlkPSIyZDM2YzUyOC00Nzg0LTQwYjItOWI1My0zYTI1MzVkNzc5ZjYiPgoJCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQueCIgdmFsdWU9InBpeGVsIi8+CgkJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC53aWR0aCIgdmFsdWU9InBpeGVsIi8+CgkJCQkJPC9yZXBvcnRFbGVtZW50PgoJCQkJCTx0ZXh0RWxlbWVudCB0ZXh0QWxpZ25tZW50PSJDZW50ZXIiLz4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVskRntzdGFnZU51bWJlcn1dXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iODM1IiB5PSIwIiB3aWR0aD0iNjYiIGhlaWdodD0iMjQiIHV1aWQ9IjhjMDliNzg3LTIzOTItNDRlOS04OTBmLTQ2ZGQwZjNiM2I2OCI+CgkJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC54IiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LndpZHRoIiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBWyRGe3N0YWdlTnVtYmVyfV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZCBpc0JsYW5rV2hlbk51bGw9InRydWUiPgoJCQkJCTxyZXBvcnRFbGVtZW50IHg9IjkwMSIgeT0iMCIgd2lkdGg9IjYzIiBoZWlnaHQ9IjI0IiB1dWlkPSI5OTRhMWUwZi1jZTI4LTRlNDQtYmI0ZC00NzBjOGJjMmM2NWQiPgoJCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQueCIgdmFsdWU9InBpeGVsIi8+CgkJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC53aWR0aCIgdmFsdWU9InBpeGVsIi8+CgkJCQkJPC9yZXBvcnRFbGVtZW50PgoJCQkJCTx0ZXh0RWxlbWVudCB0ZXh0QWxpZ25tZW50PSJDZW50ZXIiLz4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVtjb20uZXZvbHZldW0ubWlkcG9pbnQucmVwb3J0LmltcGwuUmVwb3J0VXRpbHMucHJldHR5UHJpbnRDZXJ0T3V0Y29tZUZvclJlcG9ydCgkRntvdXRjb21lfSldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQgaXNTdHJldGNoV2l0aE92ZXJmbG93PSJ0cnVlIj4KCQkJCQk8cmVwb3J0RWxlbWVudCB4PSI5NjQiIHk9IjAiIHdpZHRoPSIxMjgiIGhlaWdodD0iMjQiIHV1aWQ9ImE5YWFkNTc2LTY5ZGItNDdjMS1iNDliLTQ0NzkzYTRlNmEwNyI+CgkJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC54IiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LndpZHRoIiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBW2NvbS5ldm9sdmV1bS5taWRwb2ludC5yZXBvcnQuaW1wbC5SZXBvcnRVdGlscy5qb2luKGNvbS5ldm9sdmV1bS5taWRwb2ludC5zY2hlbWEudXRpbC5DZXJ0Q2FtcGFpZ25UeXBlVXRpbC5nZXRDb21tZW50cygkRntfdGhpc199LmFzUHJpc21Db250YWluZXJWYWx1ZSgpKSldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iMTA5MiIgeT0iMCIgd2lkdGg9IjEyOCIgaGVpZ2h0PSIyNCIgdXVpZD0iNDc3Yzk5NjQtZDgyYy00NTBlLWI0ZWUtMjczYjFiZGQ4ZTZmIj4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LngiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQud2lkdGgiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQuaGVpZ2h0IiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBW2NvbS5ldm9sdmV1bS5taWRwb2ludC5yZXBvcnQuaW1wbC5SZXBvcnRVdGlscy5wcmV0dHlQcmludEZvclJlcG9ydCgkRntyZW1lZGllZFRpbWVzdGFtcH0pXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCTwvZnJhbWU+CgkJPC9iYW5kPgoJPC9kZXRhaWw+Cgk8cGFnZUZvb3Rlcj4KCQk8YmFuZCBoZWlnaHQ9IjMyIiBzcGxpdFR5cGU9IlN0cmV0Y2giPgoJCQk8ZnJhbWU+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBmb290ZXIiIG1vZGU9IlRyYW5zcGFyZW50IiB4PSIwIiB5PSIxIiB3aWR0aD0iMTE4MCIgaGVpZ2h0PSIyNCIgZm9yZWNvbG9yPSIjMDAwMDAwIiBiYWNrY29sb3I9IiMyNjc5OTQiIHV1aWQ9ImZiZThhYWU0LTY1MDAtNDY4YS1iMWU4LTcwMGI1NjkxMzlhMSIvPgoJCQkJPHRleHRGaWVsZCBwYXR0ZXJuPSJFRUVFRSBkZCBNTU1NTSB5eXl5Ij4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBmb290ZXIiIHg9IjIiIHk9IjEiIHdpZHRoPSIxOTciIGhlaWdodD0iMjAiIHV1aWQ9IjI4YmI5YjQ3LWE2OWMtNDhlMS05MDczLWQ1NGQ5MjYyNDJlOCIvPgoJCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbbmV3IGphdmEudXRpbC5EYXRlKCldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgZm9vdGVyIiB4PSIxMDYwIiB5PSIxIiB3aWR0aD0iODAiIGhlaWdodD0iMjAiIHV1aWQ9IjVjMDYyYzY2LWJhNDUtNDI4OC05ZGNkLTI0NmUyOGM1YWY3NSIvPgoJCQkJCTx0ZXh0RWxlbWVudCB0ZXh0QWxpZ25tZW50PSJSaWdodCIgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBWyJQYWdlICIrJFZ7UEFHRV9OVU1CRVJ9KyIgb2YiXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkIGV2YWx1YXRpb25UaW1lPSJSZXBvcnQiPgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGZvb3RlciIgeD0iMTE0MCIgeT0iMSIgd2lkdGg9IjQwIiBoZWlnaHQ9IjIwIiB1dWlkPSI5MzRiMTZlOC1jM2ViLTQwMTctODY2YS0wYjc3MzViZjI5MTciLz4KCQkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBWyIgIiArICRWe1BBR0VfTlVNQkVSfV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQk8L2ZyYW1lPgoJCTwvYmFuZD4KCTwvcGFnZUZvb3Rlcj4KPC9qYXNwZXJSZXBvcnQ+Cg==</template>
-       <export>html</export>
-       <virtualizer>JRSwapFileVirtualizer</virtualizer>
-       <virtualizerKickOn>300</virtualizerKickOn>
-       <maxPages>10000</maxPages>
-       <timeout>300000</timeout>
-   </jasper>
-    <defaultScriptConfiguration>
-        <objectVariableMode>prismReference</objectVariableMode>
-    </defaultScriptConfiguration>
+    <name>Certification cases report</name>
+    <description>Cases within a given certification campaign.</description>
+    <objectCollection>
+        <collection>
+            <filter>
+                <q:equal>
+                    <q:path>../name</q:path>
+                    <expression>
+                        <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                        <script>
+                            <code>
+                                if (!campaignName) {
+                                return null;
+                                }
+                                return campaignName.getName();
+                            </code>
+                        </script>
+                    </expression>
+                </q:equal>
+            </filter>
+        </collection>
+        <view>
+            <column>
+                <name>objectColumn</name>
+                <path>objectRef</path>
+                <display>
+                    <label>Object</label>
+                </display>
+                <export>
+                    <expression>
+                        <script>
+                            <objectVariableMode>prismReference</objectVariableMode>
+                            <code>
+                                import com.evolveum.midpoint.report.impl.ReportUtils;
+
+                                ReportUtils.prettyPrintForReport(object)
+                            </code>
+                        </script>
+                    </expression>
+                </export>
+            </column>
+            <column>
+                <name>targetColumn</name>
+                <path>targetRef</path>
+                <display>
+                    <label>Target</label>
+                </display>
+                <previousColumn>objectColumn</previousColumn>
+                <export>
+                    <expression>
+                        <script>
+                            <objectVariableMode>prismReference</objectVariableMode>
+                            <code>
+                                import com.evolveum.midpoint.report.impl.ReportUtils;
+
+                                ReportUtils.prettyPrintForReport(object)
+                            </code>
+                        </script>
+                    </expression>
+                </export>
+            </column>
+            <column>
+                <name>reviewersColumn</name>
+                <display>
+                    <label>Reviewers</label>
+                </display>
+                <previousColumn>targetColumn</previousColumn>
+                <export>
+                    <expression>
+                        <script>
+                            <code>
+                                import com.evolveum.midpoint.schema.util.CertCampaignTypeUtil;
+
+                                return CertCampaignTypeUtil.getCurrentlyAssignedReviewers(object.asPrismContainerValue());
+                            </code>
+                        </script>
+                    </expression>
+                </export>
+            </column>
+            <column>
+                <name>lastReviewedOnColumn</name>
+                <display>
+                    <label>Last reviewed on</label>
+                </display>
+                <previousColumn>reviewersColumn</previousColumn>
+                <export>
+                    <expression>
+                        <script>
+                            <code>
+                                import com.evolveum.midpoint.schema.util.CertCampaignTypeUtil;
+                                import com.evolveum.midpoint.report.impl.ReportUtils;
+
+                                ReportUtils.prettyPrintForReport(CertCampaignTypeUtil.getLastReviewedOn(object.asPrismContainerValue()))
+                            </code>
+                        </script>
+                    </expression>
+                </export>
+            </column>
+            <column>
+                <name>reviewedByColumn</name>
+                <display>
+                    <label>Reviewed by</label>
+                </display>
+                <previousColumn>lastReviewedOnColumn</previousColumn>
+                <export>
+                    <expression>
+                        <script>
+                            <code>
+                                import com.evolveum.midpoint.schema.util.CertCampaignTypeUtil;
+                                import com.evolveum.midpoint.report.impl.ReportUtils;
+
+                                ReportUtils.prettyPrintForReport(CertCampaignTypeUtil.getReviewedBy(object.asPrismContainerValue()))
+                            </code>
+                        </script>
+                    </expression>
+                </export>
+            </column>
+            <column>
+                <name>iterationColumn</name>
+                <path>iteration</path>
+                <display>
+                    <label>Iteration</label>
+                </display>
+                <previousColumn>reviewedByColumn</previousColumn>
+            </column>
+            <column>
+                <name>inStageNumberColumn</name>
+                <path>stageNumber</path>
+                <display>
+                    <label>In stage</label>
+                </display>
+                <previousColumn>iterationColumn</previousColumn>
+            </column>
+            <column>
+                <name>outcomeColumn</name>
+                <path>outcome</path>
+                <display>
+                    <label>Result</label>
+                </display>
+                <previousColumn>inStageNumberColumn</previousColumn>
+            </column>
+            <column>
+                <name>commentsColumn</name>
+                <display>
+                    <label>Comments</label>
+                </display>
+                <previousColumn>outcomeColumn</previousColumn>
+                <export>
+                    <expression>
+                        <script>
+                            <code>
+                                import com.evolveum.midpoint.schema.util.CertCampaignTypeUtil;
+                                import com.evolveum.midpoint.report.impl.ReportUtils;
+
+                                ReportUtils.prettyPrintForReport(CertCampaignTypeUtil.getComments(object.asPrismContainerValue()))
+                            </code>
+                        </script>
+                    </expression>
+                </export>
+            </column>
+            <column>
+                <name>remediedTimestampColumn</name>
+                <path>remediedTimestamp</path>
+                <display>
+                    <label>Remedied on</label>
+                </display>
+                <previousColumn>commentsColumn</previousColumn>
+            </column>
+            <type>AccessCertificationCaseType</type>
+        </view>
+        <paging>
+            <orderBy>objectRef/@/name</orderBy>
+        </paging>
+        <parameter>
+            <name>campaignName</name>
+            <type>c:ObjectReferenceType</type>
+            <targetType>c:AccessCertificationCampaignType</targetType>
+            <display>
+                <label>
+                    <orig>campaignName</orig>
+                    <translation>
+                        <key>runReportPopupContent.param.name.campaignName</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+    </objectCollection>
 </report>
diff --git a/gui/admin-gui/src/main/resources/initial-objects/160-report-certification-decisions.xml b/gui/admin-gui/src/main/resources/initial-objects/160-report-certification-decisions.xml
index 86cb0f2e414..0b58b51e360 100644
--- a/gui/admin-gui/src/main/resources/initial-objects/160-report-certification-decisions.xml
+++ b/gui/admin-gui/src/main/resources/initial-objects/160-report-certification-decisions.xml
@@ -6,19 +6,176 @@
   ~ and European Union Public License. See LICENSE file for details.
   -->
 <report xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
         oid="00000000-0000-0000-0000-000000000160">
-   <name>Certification decisions report (Jasper)</name>
+   <name>Certification decisions report</name>
    <description>Decisions of individual reviewers for a certification campaign as a whole or for a given campaign stage.</description>
-    <jasper>
-       <parent>true</parent>
-       <template>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGphc3BlclJlcG9ydCB4bWxucz0iaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2phc3BlcnJlcG9ydHMiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L2phc3BlcnJlcG9ydHMgaHR0cDovL2phc3BlcnJlcG9ydHMuc291cmNlZm9yZ2UubmV0L3hzZC9qYXNwZXJyZXBvcnQueHNkIiBuYW1lPSJyZXBvcnRVc2VyTGlzdCIgcGFnZVdpZHRoPSIxMjYwIiBwYWdlSGVpZ2h0PSI2MTUiIG9yaWVudGF0aW9uPSJMYW5kc2NhcGUiIHdoZW5Ob0RhdGFUeXBlPSJBbGxTZWN0aW9uc05vRGV0YWlsIiBjb2x1bW5XaWR0aD0iMTIyMCIgbGVmdE1hcmdpbj0iMjAiIHJpZ2h0TWFyZ2luPSIyMCIgdG9wTWFyZ2luPSIzMCIgYm90dG9tTWFyZ2luPSIzMCIgdXVpZD0iNjdlNDY1YzUtNDZlYS00MGQyLWJlYTAtNDY5YzZjZjM4OTM3Ij4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5wcmludC5rZWVwLmZ1bGwudGV4dCIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzLnJlbW92ZS5lbXB0eS5zcGFjZS5iZXR3ZWVuLmNvbHVtbnMiIHZhbHVlPSJ0cnVlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5yZW1vdmUuZW1wdHkuc3BhY2UuYmV0d2Vlbi5yb3dzIiB2YWx1ZT0idHJ1ZSIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC5wZGYuZm9yY2UubGluZWJyZWFrLnBvbGljeSIgdmFsdWU9InRydWUiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQuY3N2LmV4Y2x1ZGUub3JpZ2luLmJhbmQuMSIgdmFsdWU9InRpdGxlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0LmNzdi5leGNsdWRlLm9yaWdpbi5iYW5kLjIiIHZhbHVlPSJwYWdlRm9vdGVyIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0LmNzdi5leGNsdWRlLm9yaWdpbi5rZWVwLmZpcnN0LmJhbmQuMiIgdmFsdWU9ImNvbHVtbkhlYWRlciIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC54bHMuZXhjbHVkZS5vcmlnaW4uYmFuZC4xIiB2YWx1ZT0icGFnZUhlYWRlciIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC54bHMuZXhjbHVkZS5vcmlnaW4uYmFuZC4yIiB2YWx1ZT0icGFnZUZvb3RlciIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC54bHMuZXhjbHVkZS5vcmlnaW4ua2VlcC5maXJzdC5iYW5kLjIiIHZhbHVlPSJjb2x1bW5IZWFkZXIiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzLmRldGVjdC5jZWxsLnR5cGUiIHZhbHVlPSJ0cnVlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy53cmFwLnRleHQiIHZhbHVlPSJ0cnVlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5hdXRvLmZpdC5yb3ciIHZhbHVlPSJ0cnVlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhscy5hdXRvLmZpdC5jb2x1bW4iIHZhbHVlPSJ0cnVlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuYXd0Lmlnbm9yZS5taXNzaW5nLmZvbnQiIHZhbHVlPSJ0cnVlIi8+Cgk8cHJvcGVydHkgbmFtZT0ibmV0LnNmLmphc3BlcnJlcG9ydHMuZXhwb3J0Lnhsc3guZXhjbHVkZS5vcmlnaW4uYmFuZC4xIiB2YWx1ZT0icGFnZUhlYWRlciIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC54bHN4LmV4Y2x1ZGUub3JpZ2luLmJhbmQuMiIgdmFsdWU9InBhZ2VGb290ZXIiLz4KCTxwcm9wZXJ0eSBuYW1lPSJuZXQuc2YuamFzcGVycmVwb3J0cy5leHBvcnQueGxzeC5leGNsdWRlLm9yaWdpbi5rZWVwLmZpcnN0LmJhbmQuMiIgdmFsdWU9ImNvbHVtbkhlYWRlciIvPgoJPHByb3BlcnR5IG5hbWU9Im5ldC5zZi5qYXNwZXJyZXBvcnRzLmV4cG9ydC54bHN4LmV4Y2x1ZGUub3JpZ2luLmtlZXAuZmlyc3QuYmFuZC4xIiB2YWx1ZT0icGFnZUhlYWRlciIvPgoJPHByb3BlcnR5IG5hbWU9ImlyZXBvcnQuem9vbSIgdmFsdWU9IjEuMCIvPgoJPHByb3BlcnR5IG5hbWU9ImlyZXBvcnQueCIgdmFsdWU9IjE2Ii8+Cgk8cHJvcGVydHkgbmFtZT0iaXJlcG9ydC55IiB2YWx1ZT0iMTQiLz4KCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8uZGF0YS5kZWZhdWx0ZGF0YWFkYXB0ZXIiIHZhbHVlPSJtcWwueG1sIi8+Cgk8c3R5bGUgbmFtZT0iQmFzZSIgaXNEZWZhdWx0PSJ0cnVlIiBoVGV4dEFsaWduPSJMZWZ0IiBoSW1hZ2VBbGlnbj0iTGVmdCIgdlRleHRBbGlnbj0iTWlkZGxlIiB2SW1hZ2VBbGlnbj0iTWlkZGxlIiBmb250TmFtZT0iRGVqYVZ1IFNhbnMiIGZvbnRTaXplPSIxMCIgcGRmRm9udE5hbWU9IkRlamFWdVNhbnMudHRmIiBwZGZFbmNvZGluZz0iSWRlbnRpdHktSCIgaXNQZGZFbWJlZGRlZD0idHJ1ZSIvPgoJPHN0eWxlIG5hbWU9IlRpdGxlIiBzdHlsZT0iQmFzZSIgbW9kZT0iT3BhcXVlIiBmb3JlY29sb3I9IiNGRkZGRkYiIGJhY2tjb2xvcj0iIzI2Nzk5NCIgZm9udFNpemU9IjI2Ii8+Cgk8c3R5bGUgbmFtZT0iUGFnZSBoZWFkZXIiIHN0eWxlPSJCYXNlIiBmb3JlY29sb3I9IiMwMDAwMDAiIGZvbnRTaXplPSIxMiIvPgoJPHN0eWxlIG5hbWU9IkNvbHVtbiBoZWFkZXIiIHN0eWxlPSJCYXNlIiBtb2RlPSJPcGFxdWUiIGZvcmVjb2xvcj0iI0ZGRkZGRiIgYmFja2NvbG9yPSIjMzMzMzMzIiBoVGV4dEFsaWduPSJDZW50ZXIiIGhJbWFnZUFsaWduPSJDZW50ZXIiIGZvbnRTaXplPSIxMiIvPgoJPHN0eWxlIG5hbWU9IkRldGFpbCIgc3R5bGU9IkJhc2UiIGlzQm9sZD0iZmFsc2UiLz4KCTxzdHlsZSBuYW1lPSJDb2RlIiBzdHlsZT0iQmFzZSIgZm9udFNpemU9IjkiIGlzQm9sZD0iZmFsc2UiLz4KCTxzdHlsZSBuYW1lPSJQYWdlIGZvb3RlciIgc3R5bGU9IkJhc2UiIGZvcmVjb2xvcj0iIzAwMDAwMCIgZm9udFNpemU9IjkiLz4KCTxwYXJhbWV0ZXIgbmFtZT0iY2FtcGFpZ25OYW1lIiBjbGFzcz0iamF2YS5sYW5nLlN0cmluZyI+CgkJPHByb3BlcnR5IG5hbWU9ImtleSIgdmFsdWU9Im5hbWUiLz4KCQk8cHJvcGVydHkgbmFtZT0ibGFiZWwiIHZhbHVlPSJuYW1lIi8+CgkJPHByb3BlcnR5IG5hbWU9InRhcmdldFR5cGUiIHZhbHVlPSJjb20uZXZvbHZldW0ubWlkcG9pbnQueG1sLm5zLl9wdWJsaWMuY29tbW9uLmNvbW1vbl8zLkFjY2Vzc0NlcnRpZmljYXRpb25DYW1wYWlnblR5cGUiLz4KCQk8cGFyYW1ldGVyRGVzY3JpcHRpb24+PCFbQ0RBVEFbTmFtZSBvZiBjZXJ0aWZpY2F0aW9uIGNhbXBhaWduIHdob3NlIGRlY2lzaW9ucyBhcmUgdG8gYmUgcmVwb3J0ZWQgb24uXV0+PC9wYXJhbWV0ZXJEZXNjcmlwdGlvbj4KCTwvcGFyYW1ldGVyPgoJPHBhcmFtZXRlciBuYW1lPSJzdGFnZU51bWJlciIgY2xhc3M9ImphdmEubGFuZy5JbnRlZ2VyIj4KCQk8cGFyYW1ldGVyRGVzY3JpcHRpb24+PCFbQ0RBVEFbTnVtYmVyIG9mIHN0YWdlIHRvIHJlcG9ydCBkZWNpc2lvbnMgZm9yIChpZiBub3Qgc3BlY2lmaWVkLCBhbGwgc3RhZ2VzIGFyZSB0YWtlbiBpbnRvIGFjY291bnQpXV0+PC9wYXJhbWV0ZXJEZXNjcmlwdGlvbj4KCTwvcGFyYW1ldGVyPgoJPHBhcmFtZXRlciBuYW1lPSJpdGVyYXRpb24iIGNsYXNzPSJqYXZhLmxhbmcuSW50ZWdlciI+CgkJPHBhcmFtZXRlckRlc2NyaXB0aW9uPjwhW0NEQVRBW0l0ZXJhdGlvbiB0byByZXBvcnQgZGVjaXNpb25zIGZvciAoaWYgbm90IHNwZWNpZmllZCwgYWxsIGl0ZXJhdGlvbnMgYXJlIHRha2VuIGludG8gYWNjb3VudCldXT48L3BhcmFtZXRlckRlc2NyaXB0aW9uPgoJPC9wYXJhbWV0ZXI+Cgk8cXVlcnlTdHJpbmcgbGFuZ3VhZ2U9Im1xbCI+CgkJPCFbQ0RBVEFbPGNvZGU+DQogICAgcmVwb3J0LmdldENlcnRpZmljYXRpb25DYW1wYWlnbkRlY2lzaW9ucyhjYW1wYWlnbk5hbWUsIHN0YWdlTnVtYmVyLCBpdGVyYXRpb24pDQo8L2NvZGU+XV0+Cgk8L3F1ZXJ5U3RyaW5nPgoJPGZpZWxkIG5hbWU9InN0YWdlTnVtYmVyIiBjbGFzcz0iamF2YS5sYW5nLkludGVnZXIiLz4KCTxmaWVsZCBuYW1lPSJpdGVyYXRpb24iIGNsYXNzPSJqYXZhLmxhbmcuSW50ZWdlciIvPgoJPGZpZWxkIG5hbWU9InBlcmZvcm1lclJlZiIgY2xhc3M9ImNvbS5ldm9sdmV1bS5taWRwb2ludC54bWwubnMuX3B1YmxpYy5jb21tb24uY29tbW9uXzMuT2JqZWN0UmVmZXJlbmNlVHlwZSIvPgoJPGZpZWxkIG5hbWU9Im91dHB1dCIgY2xhc3M9ImNvbS5ldm9sdmV1bS5taWRwb2ludC54bWwubnMuX3B1YmxpYy5jb21tb24uY29tbW9uXzMuQWJzdHJhY3RXb3JrSXRlbU91dHB1dFR5cGUiLz4KCTxmaWVsZCBuYW1lPSJvdXRwdXRDaGFuZ2VUaW1lc3RhbXAiIGNsYXNzPSJqYXZheC54bWwuZGF0YXR5cGUuWE1MR3JlZ29yaWFuQ2FsZW5kYXIiLz4KCTxmaWVsZCBuYW1lPSJfcGFyZW50XyIgY2xhc3M9ImNvbS5ldm9sdmV1bS5taWRwb2ludC5wcmlzbS5QcmlzbUNvbnRhaW5lclZhbHVlIi8+Cgk8ZmllbGQgbmFtZT0iX3RoaXNfIiBjbGFzcz0iY29tLmV2b2x2ZXVtLm1pZHBvaW50LnByaXNtLlByaXNtQ29udGFpbmVyVmFsdWUiLz4KCTxiYWNrZ3JvdW5kPgoJCTxiYW5kIGhlaWdodD0iNjgiIHNwbGl0VHlwZT0iU3RyZXRjaCI+CgkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8ubGF5b3V0IiB2YWx1ZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLmVkaXRvci5sYXlvdXQuRnJlZUxheW91dCIvPgoJCTwvYmFuZD4KCTwvYmFja2dyb3VuZD4KCTx0aXRsZT4KCQk8YmFuZCBoZWlnaHQ9IjE0MyIgc3BsaXRUeXBlPSJTdHJldGNoIj4KCQkJPGZyYW1lPgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlRpdGxlIiBtb2RlPSJPcGFxdWUiIHg9IjAiIHk9IjAiIHdpZHRoPSIxMjIwIiBoZWlnaHQ9IjY3IiBiYWNrY29sb3I9IiMyNjc5OTQiIHV1aWQ9IjQ0YmVkYWNjLWZhMjMtNGZlMS1iNzFmLWU1YWZhOTQzZjU1MyIvPgoJCQkJPHN0YXRpY1RleHQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlRpdGxlIiB4PSIxMCIgeT0iMTQiIHdpZHRoPSIxMjAwIiBoZWlnaHQ9IjM4IiB1dWlkPSJmMmQ5OWNhZC05ZDg0LTRmNTAtYjQ1NS00NTNjODdmNjJjNGMiLz4KCQkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJCTx0ZXh0PjwhW0NEQVRBW0NlcnRpZmljYXRpb24gRGVjaXNpb25zIFJlcG9ydF1dPjwvdGV4dD4KCQkJCTwvc3RhdGljVGV4dD4KCQkJPC9mcmFtZT4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIHg9IjAiIHk9Ijg1IiB3aWR0aD0iMTIwIiBoZWlnaHQ9IjIwIiB1dWlkPSJlMDM1ZGJkNS1kYzJmLTQ1Y2ItOTM2Yy1hMDhlOWMwMTFlNDMiPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC54IiB2YWx1ZT0icGl4ZWwiLz4KCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtDYW1wYWlnbiBuYW1lOl1dPjwvdGV4dD4KCQkJPC9zdGF0aWNUZXh0PgoJCQk8dGV4dEZpZWxkPgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgaGVhZGVyIiBpc1ByaW50UmVwZWF0ZWRWYWx1ZXM9ImZhbHNlIiB4PSIxMjAiIHk9Ijg1IiB3aWR0aD0iNDM3IiBoZWlnaHQ9IjIwIiB1dWlkPSIyOGJiOWI0Ny1hNjljLTQ4ZTEtOTA3My1kNTRkOTI2MjQyZTgiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIj4KCQkJCQk8Zm9udCBpc0JvbGQ9ImZhbHNlIi8+CgkJCQk8L3RleHRFbGVtZW50PgoJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbJFB7Y2FtcGFpZ25OYW1lfV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJPC90ZXh0RmllbGQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgaGVhZGVyIiB4PSI5NjQiIHk9Ijg1IiB3aWR0aD0iMTg2IiBoZWlnaHQ9IjIwIiB1dWlkPSJlMDM1ZGJkNS1kYzJmLTQ1Y2ItOTM2Yy1hMDhlOWMwMTFlNDMiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtTdGFnZSBudW1iZXI6XV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTx0ZXh0RmllbGQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIGlzUHJpbnRSZXBlYXRlZFZhbHVlcz0iZmFsc2UiIHg9IjExNjAiIHk9Ijg1IiB3aWR0aD0iNjAiIGhlaWdodD0iMjAiIHV1aWQ9IjI4YmI5YjQ3LWE2OWMtNDhlMS05MDczLWQ1NGQ5MjYyNDJlOCIvPgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiPgoJCQkJCTxmb250IGlzQm9sZD0iZmFsc2UiLz4KCQkJCTwvdGV4dEVsZW1lbnQ+CgkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVskUHtzdGFnZU51bWJlcn0gIT0gbnVsbCA/ICRQe3N0YWdlTnVtYmVyfSA6ICJBbnkiXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQk8L3RleHRGaWVsZD4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIHg9Ijk2NCIgeT0iMTA1IiB3aWR0aD0iMTg2IiBoZWlnaHQ9IjIwIiB1dWlkPSIxOTk5NTNmMS1lOWJjLTRkNzEtOTc5Ny0wMGQ5Y2M1NGE3MGMiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtJdGVyYXRpb246XV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTx0ZXh0RmllbGQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBoZWFkZXIiIGlzUHJpbnRSZXBlYXRlZFZhbHVlcz0iZmFsc2UiIHg9IjExNjAiIHk9IjEwNSIgd2lkdGg9IjYwIiBoZWlnaHQ9IjIwIiB1dWlkPSI3YTFlZDhjYy05NTJhLTQyNTktODNlMS1mYzljY2E0OTI3YjQiLz4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIj4KCQkJCQk8Zm9udCBpc0JvbGQ9ImZhbHNlIi8+CgkJCQk8L3RleHRFbGVtZW50PgoJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbJFB7aXRlcmF0aW9ufSAhPSBudWxsID8gJFB7aXRlcmF0aW9ufSA6ICJBbnkiXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQk8L3RleHRGaWVsZD4KCQk8L2JhbmQ+Cgk8L3RpdGxlPgoJPHBhZ2VIZWFkZXI+CgkJPGJhbmQgc3BsaXRUeXBlPSJTdHJldGNoIi8+Cgk8L3BhZ2VIZWFkZXI+Cgk8Y29sdW1uSGVhZGVyPgoJCTxiYW5kIGhlaWdodD0iMjAiIHNwbGl0VHlwZT0iU3RyZXRjaCI+CgkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8ubGF5b3V0IiB2YWx1ZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLmVkaXRvci5sYXlvdXQuSG9yaXpvbnRhbFJvd0xheW91dCIvPgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJDb2x1bW4gaGVhZGVyIiB4PSIwIiB5PSIwIiB3aWR0aD0iMjczIiBoZWlnaHQ9IjIwIiB1dWlkPSIwNDk4OTA5Yi1kM2M1LTRlZTMtYjhjOS1mMDBhODA4ZWZhN2EiPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC53aWR0aCIgdmFsdWU9InBpeGVsIi8+CgkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbT2JqZWN0XV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjI3MyIgeT0iMCIgd2lkdGg9IjI3MiIgaGVpZ2h0PSIyMCIgdXVpZD0iYzUzMDU1NmItZTY3NC00N2M2LWE3OTktNmYxZDViNWJjZTYxIj4KCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQud2lkdGgiIHZhbHVlPSJwaXhlbCIvPgoJCQkJPC9yZXBvcnRFbGVtZW50PgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCTx0ZXh0PjwhW0NEQVRBW1RhcmdldF1dPjwvdGV4dD4KCQkJPC9zdGF0aWNUZXh0PgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJDb2x1bW4gaGVhZGVyIiB4PSI1NDUiIHk9IjAiIHdpZHRoPSIxNjUiIGhlaWdodD0iMjAiIHV1aWQ9IjNiNTQ3MjJhLTk5YmYtNGM3Yy1iNjQ5LWJiMDNlYzUzMzI5ZSI+CgkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LndpZHRoIiB2YWx1ZT0icGl4ZWwiLz4KCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQk8dGV4dD48IVtDREFUQVtSZXZpZXdlZCBieV1dPjwvdGV4dD4KCQkJPC9zdGF0aWNUZXh0PgoJCQk8c3RhdGljVGV4dD4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJDb2x1bW4gaGVhZGVyIiB4PSI3MTAiIHk9IjAiIHdpZHRoPSIxMzAiIGhlaWdodD0iMjAiIHV1aWQ9IjQyMWQzOWJkLTZhZjAtNGMxYy04MzlmLTA2YzFjZjNjZjEzMCIvPgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCTx0ZXh0PjwhW0NEQVRBW1Jldmlld2VkIG9uXV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9Ijg0MCIgeT0iMCIgd2lkdGg9IjYwIiBoZWlnaHQ9IjIwIiB1dWlkPSJlOTYzODYxNy01NDFlLTQzYWEtOWFhMy1mZDk5YWYwYjQwZmEiPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC5oZWlnaHQiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC53aWR0aCIgdmFsdWU9InBpeGVsIi8+CgkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbSXRlcmF0aW9uXV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjkwMCIgeT0iMCIgd2lkdGg9Ijc1IiBoZWlnaHQ9IjIwIiB1dWlkPSJhOGJlMWZiOS1lNzE0LTQyM2YtYjM0OS00MmEyMjA0OTRiNjEiPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC5oZWlnaHQiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC53aWR0aCIgdmFsdWU9InBpeGVsIi8+CgkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbSW4gc3RhZ2VdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQkJPHN0YXRpY1RleHQ+CgkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iQ29sdW1uIGhlYWRlciIgeD0iOTc1IiB5PSIwIiB3aWR0aD0iODAiIGhlaWdodD0iMjAiIHV1aWQ9IjMzMTllNTliLTUyMDEtNDU0ZC05Mjk2LTcyMmM1NTdiODQ2MCI+CgkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LngiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC53aWR0aCIgdmFsdWU9InBpeGVsIi8+CgkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQk8dGV4dEVsZW1lbnQgdmVydGljYWxBbGlnbm1lbnQ9Ik1pZGRsZSIvPgoJCQkJPHRleHQ+PCFbQ0RBVEFbUmVzdWx0XV0+PC90ZXh0PgoJCQk8L3N0YXRpY1RleHQ+CgkJCTxzdGF0aWNUZXh0PgoJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IkNvbHVtbiBoZWFkZXIiIHg9IjEwNTUiIHk9IjAiIHdpZHRoPSIxNjUiIGhlaWdodD0iMjAiIHV1aWQ9IjUzYzU5MTcwLWY3OGEtNDFhNS05Mzk5LWU0MTI5ZDNkNmRmOCI+CgkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LngiIHZhbHVlPSJwaXhlbCIvPgoJCQkJPC9yZXBvcnRFbGVtZW50PgoJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCTx0ZXh0PjwhW0NEQVRBW0NvbW1lbnRdXT48L3RleHQ+CgkJCTwvc3RhdGljVGV4dD4KCQk8L2JhbmQ+Cgk8L2NvbHVtbkhlYWRlcj4KCTxkZXRhaWw+CgkJPGJhbmQgaGVpZ2h0PSIyNCIgc3BsaXRUeXBlPSJTdHJldGNoIj4KCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby5sYXlvdXQiIHZhbHVlPSJjb20uamFzcGVyc29mdC5zdHVkaW8uZWRpdG9yLmxheW91dC5Ib3Jpem9udGFsUm93TGF5b3V0Ii8+CgkJCTxmcmFtZT4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJEZXRhaWwiIHN0cmV0Y2hUeXBlPSJSZWxhdGl2ZVRvVGFsbGVzdE9iamVjdCIgbW9kZT0iT3BhcXVlIiB4PSIwIiB5PSIwIiB3aWR0aD0iMTIyMCIgaGVpZ2h0PSIyNCIgdXVpZD0iODZkYjY1MzctODFmMC00MmIxLWI3NGEtZDJiZTcwOTI3MWNkIj4KCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLmxheW91dCIgdmFsdWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby5lZGl0b3IubGF5b3V0Lkhvcml6b250YWxSb3dMYXlvdXQiLz4KCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCTx0ZXh0RmllbGQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iMCIgeT0iMCIgd2lkdGg9IjI3MyIgaGVpZ2h0PSIyNCIgdXVpZD0iYzg5NDhjODUtZWMzMS00YjM5LTg4OWEtNDNjYmNlNzBmN2Y4Ij4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LndpZHRoIiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbY29tLmV2b2x2ZXVtLm1pZHBvaW50LnJlcG9ydC5pbXBsLlJlcG9ydFV0aWxzLnByZXR0eVByaW50Rm9yUmVwb3J0KCRGe19wYXJlbnRffS5nZXRPYmplY3RSZWYoKSldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iMjczIiB5PSIwIiB3aWR0aD0iMjcyIiBoZWlnaHQ9IjI0IiB1dWlkPSI3NWJmZDRhMC01ODAwLTQ3YTUtYTUzYy00NTgwMjU3MzBiYjMiPgoJCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQud2lkdGgiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQueCIgdmFsdWU9InBpeGVsIi8+CgkJCQkJPC9yZXBvcnRFbGVtZW50PgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBW2NvbS5ldm9sdmV1bS5taWRwb2ludC5yZXBvcnQuaW1wbC5SZXBvcnRVdGlscy5wcmV0dHlQcmludEZvclJlcG9ydCgkRntfcGFyZW50X30uZ2V0VGFyZ2V0UmVmKCkpXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkPgoJCQkJCTxyZXBvcnRFbGVtZW50IHg9IjU0NSIgeT0iMCIgd2lkdGg9IjE2NSIgaGVpZ2h0PSIyNCIgdXVpZD0iYjVkZTYwMDMtY2M2NC00ZWU0LTliMjUtOTkyN2U3Mzc5ZjU3Ij4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LngiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbY29tLmV2b2x2ZXVtLm1pZHBvaW50LnJlcG9ydC5pbXBsLlJlcG9ydFV0aWxzLnByZXR0eVByaW50UGVyZm9ybWVyT3JBc3NpZ25lZXNGb3JSZXBvcnQoJEZ7X3RoaXNffS5hc1ByaXNtQ29udGFpbmVyVmFsdWUoKSldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iNzEwIiB5PSIwIiB3aWR0aD0iMTMwIiBoZWlnaHQ9IjI0IiB1dWlkPSJiOTFiM2Y0NS0yNTJkLTRlNzEtOTUxYy05ZTEyMGFhZjdjNWEiPgoJCQkJCQk8cHJvcGVydHkgbmFtZT0iY29tLmphc3BlcnNvZnQuc3R1ZGlvLnVuaXQueCIgdmFsdWU9InBpeGVsIi8+CgkJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC53aWR0aCIgdmFsdWU9InBpeGVsIi8+CgkJCQkJPC9yZXBvcnRFbGVtZW50PgoJCQkJCTx0ZXh0RWxlbWVudCB0ZXh0QWxpZ25tZW50PSJDZW50ZXIiLz4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVtjb20uZXZvbHZldW0ubWlkcG9pbnQucmVwb3J0LmltcGwuUmVwb3J0VXRpbHMucHJldHR5UHJpbnRPdXRwdXRDaGFuZ2VGb3JSZXBvcnQoJEZ7X3RoaXNffS5hc1ByaXNtQ29udGFpbmVyVmFsdWUoKSldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQ+CgkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iODQwIiB5PSIwIiB3aWR0aD0iNjAiIGhlaWdodD0iMjQiIHV1aWQ9IjZmZmNmZmRiLTg1MTMtNDg1Yi05ZDE5LWNlYWI5MzFlNzUxNyI+CgkJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC53aWR0aCIgdmFsdWU9InBpeGVsIi8+CgkJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC54IiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBWyRGe3N0YWdlTnVtYmVyfV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZD4KCQkJCQk8cmVwb3J0RWxlbWVudCB4PSI5MDAiIHk9IjAiIHdpZHRoPSI3NSIgaGVpZ2h0PSIyNCIgdXVpZD0iOGMwOWI3ODctMjM5Mi00NGU5LTg5MGYtNDZkZDBmM2IzYjY4Ij4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LndpZHRoIiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LngiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbJEZ7c3RhZ2VOdW1iZXJ9XV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkIGlzQmxhbmtXaGVuTnVsbD0idHJ1ZSI+CgkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iOTc1IiB5PSIwIiB3aWR0aD0iODAiIGhlaWdodD0iMjQiIHV1aWQ9Ijk5NGExZTBmLWNlMjgtNGU0NC1iYjRkLTQ3MGM4YmMyYzY1ZCI+CgkJCQkJCTxwcm9wZXJ0eSBuYW1lPSJjb20uamFzcGVyc29mdC5zdHVkaW8udW5pdC54IiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LndpZHRoIiB2YWx1ZT0icGl4ZWwiLz4KCQkJCQk8L3JlcG9ydEVsZW1lbnQ+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IkNlbnRlciIvPgoJCQkJCTx0ZXh0RmllbGRFeHByZXNzaW9uPjwhW0NEQVRBW2NvbS5ldm9sdmV1bS5taWRwb2ludC5yZXBvcnQuaW1wbC5SZXBvcnRVdGlscy5wcmV0dHlQcmludENlcnRPdXRjb21lRm9yUmVwb3J0KChjb20uZXZvbHZldW0ubWlkcG9pbnQueG1sLm5zLl9wdWJsaWMuY29tbW9uLmNvbW1vbl8zLkFic3RyYWN0V29ya0l0ZW1PdXRwdXRUeXBlKSRGe291dHB1dH0sIHRydWUpXV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCQk8dGV4dEZpZWxkIGlzQmxhbmtXaGVuTnVsbD0idHJ1ZSI+CgkJCQkJPHJlcG9ydEVsZW1lbnQgeD0iMTA1NSIgeT0iMCIgd2lkdGg9IjE2NSIgaGVpZ2h0PSIyNCIgdXVpZD0iYTlhYWQ1NzYtNjlkYi00N2MxLWI0OWItNDQ3OTNhNGU2YTA3Ij4KCQkJCQkJPHByb3BlcnR5IG5hbWU9ImNvbS5qYXNwZXJzb2Z0LnN0dWRpby51bml0LngiIHZhbHVlPSJwaXhlbCIvPgoJCQkJCTwvcmVwb3J0RWxlbWVudD4KCQkJCQk8dGV4dEVsZW1lbnQgdGV4dEFsaWdubWVudD0iQ2VudGVyIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbY29tLmV2b2x2ZXVtLm1pZHBvaW50LnJlcG9ydC5pbXBsLlJlcG9ydFV0aWxzLnByZXR0eVByaW50Q2VydENvbW1lbnRGb3JSZXBvcnQoJEZ7b3V0cHV0fSldXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJPC9mcmFtZT4KCQk8L2JhbmQ+Cgk8L2RldGFpbD4KCTxwYWdlRm9vdGVyPgoJCTxiYW5kIGhlaWdodD0iMzIiIHNwbGl0VHlwZT0iU3RyZXRjaCI+CgkJCTxmcmFtZT4KCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGZvb3RlciIgbW9kZT0iVHJhbnNwYXJlbnQiIHg9IjAiIHk9IjEiIHdpZHRoPSIxMTgwIiBoZWlnaHQ9IjI0IiBmb3JlY29sb3I9IiMwMDAwMDAiIGJhY2tjb2xvcj0iIzI2Nzk5NCIgdXVpZD0iZmJlOGFhZTQtNjUwMC00NjhhLWIxZTgtNzAwYjU2OTEzOWExIi8+CgkJCQk8dGV4dEZpZWxkIHBhdHRlcm49IkVFRUVFIGRkIE1NTU1NIHl5eXkiPgoJCQkJCTxyZXBvcnRFbGVtZW50IHN0eWxlPSJQYWdlIGZvb3RlciIgeD0iMiIgeT0iMSIgd2lkdGg9IjE5NyIgaGVpZ2h0PSIyMCIgdXVpZD0iMjhiYjliNDctYTY5Yy00OGUxLTkwNzMtZDU0ZDkyNjI0MmU4Ii8+CgkJCQkJPHRleHRFbGVtZW50IHZlcnRpY2FsQWxpZ25tZW50PSJNaWRkbGUiLz4KCQkJCQk8dGV4dEZpZWxkRXhwcmVzc2lvbj48IVtDREFUQVtuZXcgamF2YS51dGlsLkRhdGUoKV1dPjwvdGV4dEZpZWxkRXhwcmVzc2lvbj4KCQkJCTwvdGV4dEZpZWxkPgoJCQkJPHRleHRGaWVsZD4KCQkJCQk8cmVwb3J0RWxlbWVudCBzdHlsZT0iUGFnZSBmb290ZXIiIHg9IjEwNjAiIHk9IjEiIHdpZHRoPSI4MCIgaGVpZ2h0PSIyMCIgdXVpZD0iNWMwNjJjNjYtYmE0NS00Mjg4LTlkY2QtMjQ2ZTI4YzVhZjc1Ii8+CgkJCQkJPHRleHRFbGVtZW50IHRleHRBbGlnbm1lbnQ9IlJpZ2h0IiB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbIlBhZ2UgIiskVntQQUdFX05VTUJFUn0rIiBvZiJdXT48L3RleHRGaWVsZEV4cHJlc3Npb24+CgkJCQk8L3RleHRGaWVsZD4KCQkJCTx0ZXh0RmllbGQgZXZhbHVhdGlvblRpbWU9IlJlcG9ydCI+CgkJCQkJPHJlcG9ydEVsZW1lbnQgc3R5bGU9IlBhZ2UgZm9vdGVyIiB4PSIxMTQwIiB5PSIxIiB3aWR0aD0iNDAiIGhlaWdodD0iMjAiIHV1aWQ9IjkzNGIxNmU4LWMzZWItNDAxNy04NjZhLTBiNzczNWJmMjkxNyIvPgoJCQkJCTx0ZXh0RWxlbWVudCB2ZXJ0aWNhbEFsaWdubWVudD0iTWlkZGxlIi8+CgkJCQkJPHRleHRGaWVsZEV4cHJlc3Npb24+PCFbQ0RBVEFbIiAiICsgJFZ7UEFHRV9OVU1CRVJ9XV0+PC90ZXh0RmllbGRFeHByZXNzaW9uPgoJCQkJPC90ZXh0RmllbGQ+CgkJCTwvZnJhbWU+CgkJPC9iYW5kPgoJPC9wYWdlRm9vdGVyPgo8L2phc3BlclJlcG9ydD4K</template>
-       <export>html</export>
-       <virtualizer>JRSwapFileVirtualizer</virtualizer>
-       <virtualizerKickOn>300</virtualizerKickOn>
-       <maxPages>10000</maxPages>
-       <timeout>300000</timeout>
-    </jasper>
-    <defaultScriptConfiguration>
-        <objectVariableMode>prismReference</objectVariableMode>
-    </defaultScriptConfiguration>
+    <objectCollection>
+        <collection>
+            <filter>
+                <q:equal>
+                    <q:path>../name</q:path>
+                    <expression>
+                        <queryInterpretationOfNoValue>filterAll</queryInterpretationOfNoValue>
+                        <script>
+                            <code>
+                                if (!campaignName) {
+                                return null;
+                                }
+                                return campaignName.getName();
+                            </code>
+                        </script>
+                    </expression>
+                </q:equal>
+            </filter>
+        </collection>
+        <condition>
+            <script>
+                <code>
+                    import com.evolveum.midpoint.schema.util.CertCampaignTypeUtil;
+                    import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationWorkItemType
+
+                    for (AccessCertificationWorkItemType workItem : object.getWorkItem()) {
+                        if (stageNumber != null  &amp;&amp; !Objects.equals(workItem.getStageNumber(), stageNumber)) {
+                            continue;
+                        }
+                        if (iteration != null  &amp;&amp; CertCampaignTypeUtil.norm(workItem.getIteration()) != iteration) {
+                            continue;
+                        }
+                        return true;
+                    }
+                    return false;
+                </code>
+            </script>
+        </condition>
+        <view>
+            <column>
+                <name>objectColumn</name>
+                <path>objectRef</path>
+                <display>
+                    <label>Object</label>
+                </display>
+                <export>
+                    <expression>
+                        <script>
+                            <objectVariableMode>prismReference</objectVariableMode>
+                            <code>
+                                import com.evolveum.midpoint.report.impl.ReportUtils;
+
+                                ReportUtils.prettyPrintForReport(object)
+                            </code>
+                        </script>
+                    </expression>
+                </export>
+            </column>
+            <column>
+                <name>targetColumn</name>
+                <path>targetRef</path>
+                <display>
+                    <label>Target</label>
+                </display>
+                <previousColumn>objectColumn</previousColumn>
+                <export>
+                    <expression>
+                        <script>
+                            <objectVariableMode>prismReference</objectVariableMode>
+                            <code>
+                                import com.evolveum.midpoint.report.impl.ReportUtils;
+
+                                ReportUtils.prettyPrintForReport(object)
+                            </code>
+                        </script>
+                    </expression>
+                </export>
+            </column>
+            <column>
+                <name>workItemColumn</name>
+                <path>workItem</path>
+                <display>
+                    <label>Reviewed by - Reviewed on - Iteration - In stage - Result (Comment)</label>
+                </display>
+                <previousColumn>targetColumn</previousColumn>
+                <export>
+                    <expression>
+                        <script>
+                            <code>
+                                import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationWorkItemType
+                                import com.evolveum.midpoint.schema.util.CertCampaignTypeUtil;
+                                import com.evolveum.midpoint.report.impl.ReportUtils;
+
+                                if (stageNumber != null  &amp;&amp; !Objects.equals(object.getStageNumber(), stageNumber)) {
+                                    return null;
+                                }
+                                if (iteration != null  &amp;&amp; CertCampaignTypeUtil.norm(object.getIteration()) != iteration) {
+                                    return null;
+                                }
+
+                                StringBuilder sb = new StringBuilder(ReportUtils.prettyPrintPerformerOrAssigneesForReport(object.asPrismContainerValue()));
+                                sb.append(" - ");
+                                sb.append(ReportUtils.prettyPrintOutputChangeForReport(object.asPrismContainerValue()));
+                                sb.append(" - ");
+                                sb.append(object.getStageNumber());
+                                sb.append(" - ");
+                                sb.append(object.getIteration());
+                                sb.append(" - ");
+                                sb.append(ReportUtils.prettyPrintCertOutcomeForReport(object.getOutput(), true));
+                                comment = ReportUtils.prettyPrintCertCommentForReport(object.getOutput());
+                                if (comment != null) {
+                                    sb.append(" (");
+                                    sb.append(comment);
+                                    sb.append(")");
+                                }
+
+                                return sb.toString();
+
+
+                            </code>
+                        </script>
+                    </expression>
+                </export>
+            </column>
+            <type>c:AccessCertificationCaseType</type>
+        </view>
+        <paging>
+            <orderBy>objectRef/@/name</orderBy>
+        </paging>
+        <parameter>
+            <name>campaignName</name>
+            <type>c:ObjectReferenceType</type>
+            <targetType>c:AccessCertificationCampaignType</targetType>
+            <display>
+                <label>
+                    <orig>campaignName</orig>
+                    <translation>
+                        <key>runReportPopupContent.param.name.campaignName</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>stageNumber</name>
+            <type>string</type>
+            <display>
+                <label>
+                    <orig>stageNumber</orig>
+                    <translation>
+                        <key>runReportPopupContent.param.name.stageNumber</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+        <parameter>
+            <name>iteration</name>
+            <type>string</type>
+            <display>
+                <label>
+                    <orig>iteration</orig>
+                    <translation>
+                        <key>runReportPopupContent.param.name.iteration</key>
+                    </translation>
+                </label>
+            </display>
+        </parameter>
+    </objectCollection>
 </report>
diff --git a/gui/admin-gui/src/main/resources/initial-objects/280-object-collection-resource-up.xml b/gui/admin-gui/src/main/resources/initial-objects/251-object-collection-resource-up.xml
similarity index 100%
rename from gui/admin-gui/src/main/resources/initial-objects/280-object-collection-resource-up.xml
rename to gui/admin-gui/src/main/resources/initial-objects/251-object-collection-resource-up.xml
diff --git a/gui/admin-gui/src/main/resources/initial-objects/270-object-collection-task-active.xml b/gui/admin-gui/src/main/resources/initial-objects/261-object-collection-task-active.xml
similarity index 100%
rename from gui/admin-gui/src/main/resources/initial-objects/270-object-collection-task-active.xml
rename to gui/admin-gui/src/main/resources/initial-objects/261-object-collection-task-active.xml
diff --git a/gui/admin-gui/src/main/resources/initial-objects/284-object-collection-audit.xml b/gui/admin-gui/src/main/resources/initial-objects/270-object-collection-audit.xml
similarity index 100%
rename from gui/admin-gui/src/main/resources/initial-objects/284-object-collection-audit.xml
rename to gui/admin-gui/src/main/resources/initial-objects/270-object-collection-audit.xml
diff --git a/gui/admin-gui/src/main/resources/initial-objects/285-object-collection-audit-24h.xml b/gui/admin-gui/src/main/resources/initial-objects/271-object-collection-audit-24h.xml
similarity index 100%
rename from gui/admin-gui/src/main/resources/initial-objects/285-object-collection-audit-24h.xml
rename to gui/admin-gui/src/main/resources/initial-objects/271-object-collection-audit-24h.xml
diff --git a/gui/admin-gui/src/main/resources/initial-objects/290-object-collection-audit-errors-24h.xml b/gui/admin-gui/src/main/resources/initial-objects/272-object-collection-audit-errors-24h.xml
similarity index 100%
rename from gui/admin-gui/src/main/resources/initial-objects/290-object-collection-audit-errors-24h.xml
rename to gui/admin-gui/src/main/resources/initial-objects/272-object-collection-audit-errors-24h.xml
diff --git a/gui/admin-gui/src/main/resources/initial-objects/300-object-collection-audit-modifications-24h.xml b/gui/admin-gui/src/main/resources/initial-objects/273-object-collection-audit-modifications-24h.xml
similarity index 100%
rename from gui/admin-gui/src/main/resources/initial-objects/300-object-collection-audit-modifications-24h.xml
rename to gui/admin-gui/src/main/resources/initial-objects/273-object-collection-audit-modifications-24h.xml
diff --git a/gui/admin-gui/src/main/resources/initial-objects/280-object-collection-certification-campaign-all.xml b/gui/admin-gui/src/main/resources/initial-objects/280-object-collection-certification-campaign-all.xml
new file mode 100644
index 00000000000..a92f8c21f25
--- /dev/null
+++ b/gui/admin-gui/src/main/resources/initial-objects/280-object-collection-certification-campaign-all.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2010-2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
+<objectCollection xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+                  xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+                  oid="00000000-0000-0000-0001-000000000280">
+    <name>All certification campaigns</name>
+    <type>AccessCertificationCampaignType</type>
+    <filter>
+        <q:all/>
+    </filter>
+    <getOptions>
+        <option>
+            <selector>
+                <path>case</path>
+            </selector>
+            <options>
+                <retrieve>include</retrieve>
+            </options>
+        </option>
+    </getOptions>
+</objectCollection>
diff --git a/gui/admin-gui/src/main/resources/initial-objects/255-object-collection-certification-definition-all.xml b/gui/admin-gui/src/main/resources/initial-objects/290-object-collection-shadow-all.xml
similarity index 66%
rename from gui/admin-gui/src/main/resources/initial-objects/255-object-collection-certification-definition-all.xml
rename to gui/admin-gui/src/main/resources/initial-objects/290-object-collection-shadow-all.xml
index 330c41f246c..5dff0c4992b 100644
--- a/gui/admin-gui/src/main/resources/initial-objects/255-object-collection-certification-definition-all.xml
+++ b/gui/admin-gui/src/main/resources/initial-objects/290-object-collection-shadow-all.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright (c) 2010-2020 Evolveum and contributors
+  ~ Copyright (c) 2010-2019 Evolveum and contributors
   ~
   ~ This work is dual-licensed under the Apache License 2.0
   ~ and European Union Public License. See LICENSE file for details.
@@ -8,16 +8,16 @@
 
 <objectCollection xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                   xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
-                  oid="00000000-0000-0000-0001-000000000255">
-    <name>All certification definition</name>
-    <type>AccessCertificationDefinitionType</type>
+                  oid="00000000-0000-0000-0001-000000000008">
+    <name>All shadows</name>
+    <type>ShadowType</type>
     <filter>
         <q:all/>
     </filter>
     <getOptions>
         <option>
             <options>
-                <resolveNames>true</resolveNames>
+                <raw>true</raw>
             </options>
         </option>
     </getOptions>
diff --git a/infra/prism-impl/src/main/java/com/evolveum/midpoint/prism/impl/query/PagingConvertor.java b/infra/prism-api/src/main/java/com/evolveum/midpoint/prism/query/PagingConvertor.java
similarity index 95%
rename from infra/prism-impl/src/main/java/com/evolveum/midpoint/prism/impl/query/PagingConvertor.java
rename to infra/prism-api/src/main/java/com/evolveum/midpoint/prism/query/PagingConvertor.java
index 3b63ba929e4..ecc47e20921 100644
--- a/infra/prism-impl/src/main/java/com/evolveum/midpoint/prism/impl/query/PagingConvertor.java
+++ b/infra/prism-api/src/main/java/com/evolveum/midpoint/prism/query/PagingConvertor.java
@@ -5,11 +5,9 @@
  * and European Union Public License. See LICENSE file for details.
  */
 
-package com.evolveum.midpoint.prism.impl.query;
+package com.evolveum.midpoint.prism.query;
 
 import com.evolveum.midpoint.prism.PrismContext;
-import com.evolveum.midpoint.prism.query.ObjectPaging;
-import com.evolveum.midpoint.prism.query.OrderDirection;
 import com.evolveum.prism.xml.ns._public.query_3.OrderDirectionType;
 import com.evolveum.prism.xml.ns._public.query_3.PagingType;
 import com.evolveum.prism.xml.ns._public.types_3.ItemPathType;
diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-certification-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-certification-3.xsd
index f13254ee87b..70db29818d4 100644
--- a/infra/schema/src/main/resources/xml/ns/public/common/common-certification-3.xsd
+++ b/infra/schema/src/main/resources/xml/ns/public/common/common-certification-3.xsd
@@ -1,1485 +1,1486 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-  ~ Copyright (c) 2010-2018 Evolveum and contributors
-  ~
-  ~ This work is dual-licensed under the Apache License 2.0
-  ~ and European Union Public License. See LICENSE file for details.
-  -->
-
-<xsd:schema targetNamespace="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-            xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-            xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-            xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"
-            xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-            xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
-            xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
-            xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
-            elementFormDefault="qualified"
-            xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"
-            jaxb:extensionBindingPrefixes="xjc"
-            jaxb:version="2.0">
-
-    <xsd:annotation>
-        <xsd:documentation>
-            TODO
-        </xsd:documentation>
-    </xsd:annotation>
-
-    <!-- Don't provide schemaLocation here, as it causes xjc to really contact the URIs (!) -->
-    <xsd:import namespace="http://prism.evolveum.com/xml/ns/public/annotation-3"/>
-    <xsd:import namespace="http://prism.evolveum.com/xml/ns/public/types-3"/>
-    <xsd:import namespace="http://prism.evolveum.com/xml/ns/public/query-3"/>
-
-    <xsd:include schemaLocation="http://midpoint.evolveum.com/xml/ns/public/common/common-core-3" />
-    <xsd:include schemaLocation="http://midpoint.evolveum.com/xml/ns/public/common/common-case-management-3" />
-    <xsd:include schemaLocation="http://midpoint.evolveum.com/xml/ns/public/common/common-workflows-3" />
-
-    <xsd:complexType name="AbstractAccessCertificationDefinitionType" abstract="true">      <!-- TODO [4.0] remove -->
-        <xsd:annotation>
-            <xsd:documentation>
-                Definition of an access certification - a template for
-                a set of access certification campaigns.
-            </xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexContent>
-            <xsd:extension base="c:AssignmentHolderType">
-                <xsd:sequence>
-                    <xsd:element name="handlerUri" type="xsd:anyURI" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                The certification handler that should take care of certification campaigns
-                                created according to this definition.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="scopeDefinition" type="tns:AccessCertificationScopeType" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Specifies the standard scope of certifications of this type. (In the future it can be overridden
-                                in specific certification campaign.)
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="ownerRef" type="tns:ObjectReferenceType" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                The user that owns certification campaigns based on this definition.
-                            </xsd:documentation>
-                            <xsd:appinfo>
-                                <a:objectReferenceTargetType>tns:UserType</a:objectReferenceTargetType>
-                            </xsd:appinfo>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="remediationDefinition" type="tns:AccessCertificationRemediationDefinitionType" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                How the identified cases have to be resolved?
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="reiterationDefinition" type="tns:AccessCertificationReiterationDefinitionType" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Configuration of the manual or automatic reiteration.
-                            </xsd:documentation>
-                            <xsd:appinfo>
-                                <a:since>3.9</a:since>
-                            </xsd:appinfo>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="stageDefinition" type="tns:AccessCertificationStageDefinitionType" minOccurs="0" maxOccurs="unbounded">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Definition of individual stages (reviewers, duration, ...).
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="reviewStrategy" type="tns:AccessCertificationCaseReviewStrategyType" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Strategy used to compute review outcome for a given case, based on results of individual stages,
-                                along with instructions when a case review advances from a stage to next one.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="adHoc" type="xsd:boolean" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Denotes "ad hoc" certification campaign, i.e. one that is started by policy rules, not explicitly by a user.
-                            </xsd:documentation>
-                            <xsd:appinfo>
-                                <a:since>3.6</a:since>
-                            </xsd:appinfo>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="lastCampaignIdUsed" type="xsd:int" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                ID that was used to auto-generate campaign name last time (null if none so far).
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="lastCampaignStartedTimestamp" type="xsd:dateTime" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                When the last campaign of this type was started (in its first iteration)?
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="lastCampaignClosedTimestamp" type="xsd:dateTime" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                When the last campaign of this type was closed? Deletion is not recorded in this attribute.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <!--<xsd:element name="campaignSchedulingInterval" type="xsd:duration" minOccurs="0">-->
-                    <!--<xsd:annotation>-->
-                    <!--<xsd:documentation>-->
-                    <!--How often should a campaign of this type be automatically started?-->
-                    <!--(null if automated scheduling is not required)-->
-                    <!--Scheduling is based on last campaign started timestamp.-->
-                    <!--</xsd:documentation>-->
-                    <!--</xsd:annotation>-->
-                    <!--</xsd:element>-->
-                </xsd:sequence>
-            </xsd:extension>
-        </xsd:complexContent>
-    </xsd:complexType>
-
-    <xsd:complexType name="AccessCertificationDefinitionForReportType">
-        <xsd:annotation>
-            <xsd:documentation>
-                Access certification definition augmented with report-related information
-                (e.g. number of campaigns).
-
-                EXPERIMENTAL. It is to be seen if this form is OK.
-            </xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexContent>
-            <xsd:extension base="c:AbstractAccessCertificationDefinitionType">
-                <xsd:sequence>
-                    <xsd:element name="campaigns" type="xsd:int" minOccurs="0"/>
-                    <xsd:element name="openCampaigns" type="xsd:int" minOccurs="0"/>
-                </xsd:sequence>
-            </xsd:extension>
-        </xsd:complexContent>
-    </xsd:complexType>
-    <xsd:element name="accessCertificationDefinitionForReport" type="tns:AccessCertificationDefinitionForReportType" substitutionGroup="c:object"/>
-
-    <xsd:complexType name="AccessCertificationDefinitionType">
-        <xsd:annotation>
-            <xsd:documentation>
-                Access certification definition.
-            </xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexContent>
-            <xsd:extension base="c:AbstractAccessCertificationDefinitionType">
-            </xsd:extension>
-        </xsd:complexContent>
-    </xsd:complexType>
-    <xsd:element name="accessCertificationDefinition" type="tns:AccessCertificationDefinitionType" substitutionGroup="c:object"/>
-
-    <xsd:complexType name="AccessCertificationStageDefinitionType">
-        <xsd:annotation>
-            <xsd:documentation>
-                Definition of an access certification campaign stage.
-            </xsd:documentation>
-            <xsd:appinfo>
-                <a:container/>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:sequence>
-            <xsd:element name="number" type="xsd:int" minOccurs="1">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Stages are numbered from 1 onwards.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="name" type="xsd:string" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Stage name.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="description" type="xsd:string" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Stage description.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element ref="tns:documentation" minOccurs="0" maxOccurs="1"/>
-            <xsd:element name="duration" type="xsd:duration" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        How long should the stage last?
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="deadlineRounding" type="c:DeadlineRoundingType" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        How to round the deadline (if at all)? The default is to 23:59:59 of the computed day.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="notifyBeforeDeadline" type="xsd:duration" minOccurs="0" maxOccurs="unbounded">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        How long before the end of stage should notifications be sent?
-                        (Multiple values can be put here.)
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="notifyOnlyWhenNoDecision" type="xsd:boolean" minOccurs="0" default="true">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Send notifications only to people that have not decided yet.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="reviewerSpecification" type="tns:AccessCertificationReviewerSpecificationType" minOccurs="0" maxOccurs="1">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        TODO
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="outcomeStrategy" type="tns:AccessCertificationCaseOutcomeStrategyType" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        How to determine outcome of the approval process (e.g. if multiple reviewers are present)?
-                        Default is oneAcceptAccepts.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="outcomeIfNoReviewers" type="tns:AccessCertificationResponseType" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        What is the outcome if no reviewers are available? (This is not the same situation as if some reviewers were computed but none of them responded!)
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="stopReviewOn" type="tns:AccessCertificationResponseType" minOccurs="0" maxOccurs="unbounded">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        What decisions stop the case from advancing to the next stage?
-                        If neither stopReviewOn nor advanceToNextStageOn is used, a default (defined at the campaign level) is used.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="advanceToNextStageOn" type="tns:AccessCertificationResponseType" minOccurs="0" maxOccurs="unbounded">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        What decisions make the case to advance to the next stage?
-                        If neither stopReviewOn nor advanceToNextStageOn is used, a default (defined at the campaign level) is used.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="timedActions" type="tns:WorkItemTimedActionsType" minOccurs="0" maxOccurs="unbounded">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        What actions are to be applied to work items when given timer(s) occur.
-                        EXPERIMENTAL
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <a:since>3.6</a:since>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:element>
-        </xsd:sequence>
-        <xsd:attribute name="id" type="xsd:long"/>
-    </xsd:complexType>
-
-    <xsd:complexType name="AccessCertificationReviewerSpecificationType">
-        <xsd:annotation>
-            <xsd:documentation>
-                Specifies how to select reviewers for a campaign stage.
-            </xsd:documentation>
-            <xsd:appinfo>
-                <a:container/>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:sequence>
-            <xsd:element name="name" type="xsd:string" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        User-readable name of this reviewer specification. (In case it is necessary.)
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="description" type="xsd:string" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Description of this reviewer specification.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element ref="tns:documentation" minOccurs="0" maxOccurs="1"/>
-            <xsd:element name="useTargetOwner" type="xsd:boolean" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Indicates that target object (Org, Role, Resource) owner(s) should be used as reviewer(s).
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="useTargetApprover" type="xsd:boolean" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Indicates that target object (Org, Role, Resource) approver(s) should be used as reviewer(s).
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="useObjectOwner" type="xsd:boolean" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Indicates that object (Org, Role) owner(s) should be used as reviewer(s).
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="useObjectApprover" type="xsd:boolean" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Indicates that object (Org, Role) approver(s) should be used as reviewer(s).
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="useObjectManager" type="tns:ManagerSearchType" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Indicates that the object's managers should be used. The interpretation depends on what kind
-                        of object there is.
-
-                        For a user, the managers of all organizations to which he/she belongs, are taken.
-                        For an org, its managers are taken.
-                        (For the future: For a role, if it has a parentOrgRef, managers of these are taken. If it has
-                        none, no reviewers are contributed by this option.)
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="reviewerExpression" type="tns:ExpressionType" minOccurs="0" maxOccurs="unbounded">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        The most general way of specifying the reviewer. Inputs for such expressions are:
-                        - certificationCase (current certification case),
-                        - campaign (certification campaign object),
-                        - reviewerSpecification (current reviewer specification).
-                        Output is a collection of parent-less reviewer references (of type ObjectReferenceType).
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="defaultReviewerRef" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="unbounded">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        If no reviewer(s) are computed by other means, this/these should be used.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <a:objectReferenceTargetType>tns:FocusType</a:objectReferenceTargetType>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="additionalReviewerRef" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="unbounded">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        These reviewers are always used.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <a:objectReferenceTargetType>tns:FocusType</a:objectReferenceTargetType>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:element>
-        </xsd:sequence>
-        <xsd:attribute name="id" type="xsd:long"/>
-    </xsd:complexType>
-
-    <xsd:complexType name="AccessCertificationCampaignType">
-        <xsd:annotation>
-            <xsd:documentation>
-                Definition of an access certification campaign.
-            </xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexContent>
-            <xsd:extension base="c:AssignmentHolderType">
-                <xsd:sequence>
-                    <xsd:element name="definitionRef" type="tns:ObjectReferenceType" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Specifies the definition for this certification campaign.
-                                (It is optional, as there are also ad-hoc certifications with no pre-existing definition.)
-                            </xsd:documentation>
-                            <xsd:appinfo>
-                                <a:objectReferenceTargetType>tns:AccessCertificationDefinitionType</a:objectReferenceTargetType>
-                            </xsd:appinfo>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="ownerRef" type="tns:ObjectReferenceType" minOccurs="1">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Specifies the owner of this certification campaign.
-                            </xsd:documentation>
-                            <xsd:appinfo>
-                                <a:objectReferenceTargetType>tns:UserType</a:objectReferenceTargetType>
-                            </xsd:appinfo>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="handlerUri" type="xsd:anyURI" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                The certification handler that should take care of this campaign.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="scopeDefinition" type="tns:AccessCertificationScopeType" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Specifies the scope of this campaign.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="remediationDefinition" type="tns:AccessCertificationRemediationDefinitionType" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                How the identified cases have to be resolved?
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="reiterationDefinition" type="tns:AccessCertificationReiterationDefinitionType" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Configuration of the manual or automatic reiteration.
-                            </xsd:documentation>
-                            <xsd:appinfo>
-                                <a:since>3.9</a:since>
-                            </xsd:appinfo>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="stageDefinition" type="tns:AccessCertificationStageDefinitionType" minOccurs="0" maxOccurs="unbounded">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Definition of individual stages.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="reviewStrategy" type="tns:AccessCertificationCaseReviewStrategyType" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Strategy used to compute review outcome for a given case, based on results of individual stages,
-                                along with instructions when a case review advances from a stage to next one.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="startTimestamp" type="xsd:dateTime" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                When this campaign has to start (or has started).
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="endTimestamp" type="xsd:dateTime" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                When this campaign has finished.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="repetition" type="xsd:int" minOccurs="0" default="1">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Which iteration this campaign is in. 1 means the regular (first) run;
-                                2 means first repetition, etc.
-                            </xsd:documentation>
-                            <xsd:appinfo>
-                                <a:since>3.9</a:since>
-                            </xsd:appinfo>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="state" type="tns:AccessCertificationCampaignStateType" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                In which state is the current campaign.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="stageNumber" type="xsd:int" minOccurs="1">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                The stage this campaign is in.
-                                0 means it has not started yet.
-                                X in 1..N (where N is the number of defined stages) means that stage X is being carried out.
-                                Y greater than N means the campaign has been already finished.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="stage" type="tns:AccessCertificationStageType" minOccurs="0" maxOccurs="unbounded">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Stages for this campaign (already finished, current, or planned).
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="case" type="tns:AccessCertificationCaseType" minOccurs="0" maxOccurs="unbounded">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Certification cases for this campaign.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                </xsd:sequence>
-            </xsd:extension>
-        </xsd:complexContent>
-    </xsd:complexType>
-    <xsd:element name="accessCertificationCampaign" type="tns:AccessCertificationCampaignType" substitutionGroup="c:object" />
-
-    <xsd:complexType name="AccessCertificationStageType">
-        <xsd:annotation>
-            <xsd:documentation>
-                Information about a stage of a campaign.
-            </xsd:documentation>
-            <xsd:appinfo>
-                <a:container/>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:sequence>
-            <xsd:element name="iteration" type="xsd:int" minOccurs="0" default="1">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Which iteration this stage is part of. 1 means the first (i.e. regular) run.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <a:since>3.9</a:since>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="number" type="xsd:int">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        TODO
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="name" type="xsd:string" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Stage name.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="description" type="xsd:string" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Stage description.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element ref="tns:documentation" minOccurs="0" maxOccurs="1"/>
-            <xsd:element name="startTimestamp" type="xsd:dateTime" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        When this stage has started.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="deadline" type="xsd:dateTime" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        When this stage has to finish.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="endTimestamp" type="xsd:dateTime" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        When this stage has actually finished.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="escalationLevel" type="tns:WorkItemEscalationLevelType" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        The escalation level is currently the same for open all cases and their open work items in the stage.
-                        (This might change in the future.)
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-        </xsd:sequence>
-        <xsd:attribute name="id" type="xsd:long"/>
-    </xsd:complexType>
-
-    <xsd:complexType name="AccessCertificationScopeType">
-        <xsd:annotation>
-            <xsd:documentation>
-                Specifies the scope of an access certification campaign.
-            </xsd:documentation>
-            <xsd:appinfo>
-                <a:container/>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:sequence>
-            <xsd:element name="name" type="xsd:string" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        User-readable name of this scope definition. (In case it is necessary.)
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="description" type="xsd:string" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Description of this scope definition.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element ref="tns:documentation" minOccurs="0" maxOccurs="1"/>
-        </xsd:sequence>
-        <xsd:attribute name="id" type="xsd:long"/>
-    </xsd:complexType>
-
-    <xsd:complexType name="AccessCertificationObjectBasedScopeType">
-        <xsd:annotation>
-            <xsd:appinfo>
-                <a:container/>
-            </xsd:appinfo>
-            <xsd:documentation>
-                The most common way of specifying scope - providing type+search filter to select "base" objects
-                and then some means of deriving certification cases from them.
-            </xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexContent>
-            <xsd:extension base="tns:AccessCertificationScopeType">
-                <xsd:sequence>
-                    <xsd:element name="objectType" type="xsd:QName" minOccurs="1">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Type of objects to be selected for certification.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="searchFilter" type="q:SearchFilterType" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Filter to find objects for certification.
-                                By default, all objects of a given type will be selected.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="itemSelectionExpression" type="c:ExpressionType" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Expression that selects items that are to be included in the certification.
-                                Exact use of this expression depends on the certification handler.
-                                E.g. user assignment handler could call this expression individually with each assignment
-                                to determine which assignments should be included and which should not.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="caseGenerationExpression" type="c:ExpressionType" minOccurs="0" maxOccurs="unbounded">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Expression that produces certification cases. This can be any expression, whose input is an object
-                                that has passed the search filter specified above, and its output is a list of certification cases.
-                                An example: a groovy expression, creating certification cases by selecting user's
-                                "risky" assignments (e.g. assignments to a roles of a given type/types). Another example
-                                can be the computation of all assignments (direct and indirect ones), and selecting among these.
-                                NOT IMPLEMENTED YET
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                </xsd:sequence>
-            </xsd:extension>
-        </xsd:complexContent>
-    </xsd:complexType>
-    <xsd:element name="accessCertificationObjectBasedScopeType" type="tns:AccessCertificationObjectBasedScopeType"/>
-
-    <xsd:complexType name="AccessCertificationAssignmentReviewScopeType">
-        <xsd:annotation>
-            <xsd:documentation>
-                Scope for assignment-related reviews.
-            </xsd:documentation>
-            <xsd:appinfo>
-                <a:container/>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:complexContent>
-            <xsd:extension base="tns:AccessCertificationObjectBasedScopeType">
-                <xsd:sequence>
-                    <xsd:element name="includeAssignments" type="xsd:boolean" minOccurs="0" default="true">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Should assignments be included in the certification?
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="includeInducements" type="xsd:boolean" minOccurs="0" default="true">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Should inducements be included in the certification?
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="includeRoles" type="xsd:boolean" minOccurs="0" default="true">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Should assignments/inducements of roles be included in the certification?
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="includeOrgs" type="xsd:boolean" minOccurs="0" default="true">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Should assignments/inducements of orgs be included in the certification?
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="includeResources" type="xsd:boolean" minOccurs="0" default="true">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Should assignments/inducements of resources be included in the certification?
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="includeServices" type="xsd:boolean" minOccurs="0" default="true">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Should assignments/inducements of services be included in the certification?
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="includeUsers" type="xsd:boolean" minOccurs="0" default="true">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Should assignments/inducements of users (e.g. deputy relations) be included in the certification?
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="enabledItemsOnly" type="xsd:boolean" minOccurs="0" default="true">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Should we approve only assignments/inducements that are currently enabled?
-                                (I.e. with administrativeStatus either null or ENABLED)
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="relation" type="xsd:QName" minOccurs="0" maxOccurs="unbounded">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Relation(s) which are to be considered. Value of q:any means "any relation".
-                                If no relation is present, org:default (i.e. null) is assumed.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                </xsd:sequence>
-            </xsd:extension>
-        </xsd:complexContent>
-    </xsd:complexType>
-    <xsd:element name="accessCertificationAssignmentReviewScopeType" type="tns:AccessCertificationAssignmentReviewScopeType"/>
-
-    <xsd:complexType name="AccessCertificationCaseType">
-        <xsd:annotation>
-            <xsd:documentation>
-                An item that has to be certified, viewed in the scope of a given certification campaign.
-            </xsd:documentation>
-            <xsd:appinfo>
-                <a:container/>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:sequence>
-            <xsd:element name="objectRef" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="1">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Object (e.g. a user) that is being touched by this case.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <a:objectReferenceTargetType>tns:ObjectType</a:objectReferenceTargetType>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="targetRef" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="1">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Quite an abstract parameter - describing the object of the certification case (e.g. a role, a resource, ...).
-                        Used for selecting relevant cases for approvals.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <a:objectReferenceTargetType>tns:ObjectType</a:objectReferenceTargetType>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="tenantRef" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="1">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        For parameterized certification items (e.g. assignments): a tenant parameter, if applicable.
-                        See discussion on tenantRef in AssignmentType.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <a:objectReferenceTargetType>tns:OrgType</a:objectReferenceTargetType>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="orgRef" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="1">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        For parameterized certification items (e.g. assignments): an org parameter, if applicable.
-                        See discussion on orgRef in AssignmentType.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <a:objectReferenceTargetType>tns:OrgType</a:objectReferenceTargetType>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="activation" type="tns:ActivationType" minOccurs="0" maxOccurs="1">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        If the target is assigned with activation information (e.g. validFrom/validTo/administrativeStatus)
-                        here is the information copied. Note that other activation information (e.g. effectiveStatus) are
-                        _not_ updated here and probably should be ignored.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <!--
-<xsd:element name="targetQualification" type="xsd:string" minOccurs="0">
-    <xsd:annotation>
-        <xsd:documentation>
-            E.g. kind+intent of a resource object (if target is a resource).
-
-                        TargetRef + targetQualification are used to group cases e.g. by role, by roleType,
-                        by resource, by resource object ... We could add more similar properties,
-                        as requirements evolve.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            -->
-            <xsd:element name="stageNumber" type="xsd:int">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        The number of current stage in which this case is.
-                        E.g. currentOutcome relates to the currentStage.
-                        Case is "enabled" for a current campaign stage if and only if case.currentStage == campaign.stageNumber.
-
-                        When opening a campaign stage, case's currentStage either advances (if it is transferred to stage being opened)
-                        or stays at the existing value (if it is not). It then indicates the last stage this case
-                        was reviewed in.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="iteration" type="xsd:int" minOccurs="0" default="1">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Iteration this case takes part of. Case is "enabled" for a current campaign stage if and only if
-                        case.iteration == campaign.iteration (beware of null comparison).
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="workItem" type="tns:AccessCertificationWorkItemType" minOccurs="0" maxOccurs="unbounded">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Work items for this stage. Some might be completed. Work items are not deleted.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <a:since>3.6</a:since>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="currentStageCreateTimestamp" type="xsd:dateTime">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        When was this certification case requested to be reviewed?
-                        (Can be found in certification.stage.start but we need to
-                        sort according to this value.)
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="currentStageDeadline" type="xsd:dateTime" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        When should this certification case be reviewed?
-                        (Can be found in certification.stage.end but we need to
-                        sort according to this value.)
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="currentStageOutcome" type="xsd:anyURI" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Currently valid outcome, relevant to the current stage. It is recomputed on each reviewer's
-                        response based on defined algorithms. If the case is not transferred into the next stage,
-                        the value of this item stays as it is.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="outcome" type="xsd:anyURI" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        The outcome, taking into account all closed stages plus current stage (if any).
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="reviewFinishedTimestamp" type="xsd:dateTime" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        When was the review process for this case finished (for the current iteration)?
-                        This value is cleared for cases entering the next iteration.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <a:since>3.9</a:since>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="remediedTimestamp" type="xsd:dateTime" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        When was this certification case was remedied?
-                        If null, this means that either remediation was not required
-                        (either because the decision was "accept" or "abstain" or
-                        because remediation mode was set to "none").
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="event" type="tns:CaseEventType" minOccurs="0" maxOccurs="unbounded">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Events that occurred during lifetime of this case.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-        </xsd:sequence>
-        <xsd:attribute name="id" type="xsd:long"/>
-    </xsd:complexType>
-    <xsd:element name="accessCertificationCase" type="tns:AccessCertificationCaseType"/>
-
-    <xsd:complexType name="AccessCertificationCaseStageOutcomeType">
-        <xsd:annotation>
-            <xsd:appinfo>
-                <a:container/>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:sequence>
-            <xsd:element name="stageNumber" type="xsd:int" minOccurs="1" />
-            <xsd:element name="outcome" type="tns:AccessCertificationResponseType" minOccurs="1" />
-        </xsd:sequence>
-        <xsd:attribute name="id" type="xsd:long"/>
-    </xsd:complexType>
-
-    <xsd:complexType name="AccessCertificationWorkItemType">
-        <xsd:annotation>
-            <xsd:documentation>
-                A work item for a certification case.
-            </xsd:documentation>
-            <xsd:appinfo>
-                <a:container/>
-                <a:since>3.6</a:since>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:complexContent>
-            <xsd:extension base="tns:AbstractWorkItemType">
-                <xsd:sequence>
-                    <xsd:element name="outputChangeTimestamp" type="xsd:dateTime" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                When the decision was made or changed.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="iteration" type="xsd:int" minOccurs="0" default="1">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Which iteration this work item is part of. 1 means the first (i.e. regular) run.
-                            </xsd:documentation>
-                            <xsd:appinfo>
-                                <a:since>3.9</a:since>
-                            </xsd:appinfo>
-                        </xsd:annotation>
-                    </xsd:element>
-                </xsd:sequence>
-            </xsd:extension>
-        </xsd:complexContent>
-    </xsd:complexType>
-
-    <xsd:complexType name="AccessCertificationAssignmentCaseType">
-        <xsd:annotation>
-            <xsd:appinfo>
-                <a:container/>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:complexContent>
-            <xsd:extension base="tns:AccessCertificationCaseType">
-                <xsd:sequence>
-                    <xsd:element name="assignment" type="tns:AssignmentType" minOccurs="1">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Assignment that is being considered.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                    <xsd:element name="isInducement" type="xsd:boolean" minOccurs="0">
-                        <xsd:annotation>
-                            <xsd:documentation>
-                                Indicates if the above assignment is an assignment or (in case of roles) an inducement.
-                            </xsd:documentation>
-                        </xsd:annotation>
-                    </xsd:element>
-                </xsd:sequence>
-            </xsd:extension>
-        </xsd:complexContent>
-    </xsd:complexType>
-    <xsd:element name="accessCertificationAssignmentCase" type="tns:AccessCertificationAssignmentCaseType"/>
-
-    <xsd:simpleType name="AccessCertificationResponseType">
-        <xsd:annotation>
-            <xsd:documentation>
-                An enumeration that defines possible reviewers' responses.
-            </xsd:documentation>
-        </xsd:annotation>
-        <xsd:restriction base="xsd:string">
-            <xsd:enumeration value="accept">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        A.k.a. maintain, confirm, certify, approve, OK - the situation was approved and can be left
-                        as it is. It is possible to enter a date when the approval will expire. Until this time
-                        the item will be considered approved and will not be shown in the certification list
-                        for the given certifier. (We have to decide how to implement this feature. The most simple
-                        but not entirely correct solution is to set "validTo" date for a given assignment. But it
-                        wouldn't work e.g. for indirect assignments.)
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="ACCEPT"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="revoke">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        A.k.a. reject, remove, "not OK" - the situation is unacceptable and has to be eliminated
-                        or disabled. E.g. the assignment has to be removed or disabled.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="REVOKE"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="reduce">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        A.k.a. update - situation is not acceptable; however, simple elimination/disabling is not
-                        necessary or not appropriate - someone has to look at this and try to find another solution.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="REDUCE"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="notDecided">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        A.k.a. abstain - responsible person says he/she is not able to decide.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="NOT_DECIDED"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="delegate">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Responsible person delegates the decision to someone else.
-                        DEPRECATED
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="DELEGATE"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="noResponse">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        No response was provided by the given reviewer.
-                        (This state can be used e.g. to facilitate querying by state.)
-
-                        SHOULD NOT BE USED FOR INDIVIDUAL RESPONSES. (A null value should be used instead.)
-                        But it's OK to use this for stage/case outcome.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="NO_RESPONSE"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-        </xsd:restriction>
-    </xsd:simpleType>
-
-    <xsd:complexType name="AccessCertificationCaseReviewStrategyType">
-        <xsd:sequence>
-            <xsd:element name="outcomeStrategy" type="tns:AccessCertificationCaseOutcomeStrategyType" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Strategy used to compute review outcome for a given case, based on results of individual stages.
-                        Default is oneDenyDenies.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="stopReviewOn" type="tns:AccessCertificationResponseType" minOccurs="0" maxOccurs="unbounded">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        What decisions stop the case from advancing to the next stage?
-                        If neither stopReviewOn nor advanceToNextStageOn is used, a default (defined by the outcomeStrategy) is used.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="advanceToNextStageOn" type="tns:AccessCertificationResponseType" minOccurs="0" maxOccurs="unbounded">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        What decisions make the case to advance to the next stage?
-                        If neither stopReviewOn nor advanceToNextStageOn is used, a default (defined by the outcomeStrategy) is used.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-        </xsd:sequence>
-    </xsd:complexType>
-
-    <xsd:simpleType name="AccessCertificationCaseOutcomeStrategyType">
-        <xsd:annotation>
-            <xsd:documentation>
-                An enumeration that defines possible strategies for case outcome (approval) computation - currently both at the stage and campaign level.
-                (In the future, these uses might be split.)
-            </xsd:documentation>
-        </xsd:annotation>
-        <xsd:restriction base="xsd:string">
-            <xsd:enumeration value="oneAcceptAccepts">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        If at least one reviewer approves, the result is "APPROVED" regardless of the other votes.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="ONE_ACCEPT_ACCEPTS"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="oneDenyDenies">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        If at least one reviewer denies (either via revoke or reduce), the result is "NOT APPROVED".
-                        However, for the case to be approved, at least approval must be present.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="ONE_DENY_DENIES"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="acceptedIfNotDenied">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Approved if none of the reviewers denies (either via revoke or reduce).
-                        So e.g. if nobody says anything, the case is approved.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="ACCEPTED_IF_NOT_DENIED"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="allMustAccept">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        All reviewers must approve, i.e. no revoke, reduce, noResponse is acceptable.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="ALL_MUST_ACCEPT"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-        </xsd:restriction>
-    </xsd:simpleType>
-
-    <xsd:complexType name="AccessCertificationRemediationDefinitionType">
-        <xsd:annotation>
-            <xsd:documentation>
-                TODO
-            </xsd:documentation>
-            <xsd:appinfo>
-                <a:container/>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:sequence>
-            <xsd:element name="style" type="tns:AccessCertificationRemediationStyleType" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        TODO
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="revokeOn" type="tns:AccessCertificationResponseType" minOccurs="0" maxOccurs="unbounded">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        What (final) outcomes cause actual remediation (e.g. deletion of an assignment) if automated remediation is configured?
-                        The default is "revoke". But more can be specified here, e.g. noResponse.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-        </xsd:sequence>
-        <xsd:attribute name="id" type="xsd:long"/>
-    </xsd:complexType>
-
-    <xsd:complexType name="AccessCertificationReiterationDefinitionType">
-        <xsd:annotation>
-            <xsd:documentation>
-                TODO
-            </xsd:documentation>
-            <xsd:appinfo>
-                <a:container/>
-                <a:since>3.9</a:since>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:sequence>
-            <xsd:element name="startsAfter" type="xsd:duration" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        How long after campaign is closed should automatic reiteration start?
-                        The default is that reiteration starts only manually.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="limitWhenAutomatic" type="xsd:int" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        How many iterations are allowed for automatic start? After reaching the specified number of iterations
-                        (irrespective of how they were started) automatic reiteration mechanism will be disabled for this
-                        campaign.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="limit" type="xsd:int" minOccurs="0">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        How many iterations are allowed in total? After reaching the specified number of iterations
-                        no new iterations can be opened.
-                    </xsd:documentation>
-                </xsd:annotation>
-            </xsd:element>
-        </xsd:sequence>
-        <xsd:attribute name="id" type="xsd:long"/>
-    </xsd:complexType>
-
-    <xsd:simpleType name="AccessCertificationRemediationStyleType">
-        <xsd:annotation>
-            <xsd:documentation>
-                An enumeration that defines possible styles for certification case remediation.
-            </xsd:documentation>
-        </xsd:annotation>
-        <xsd:restriction base="xsd:string">
-            <xsd:enumeration value="automated">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Resolution of revoked cases is fully automated.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="AUTOMATED"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="reportOnly">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Non-conformant cases are only to be reported.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="REPORT_ONLY"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-        </xsd:restriction>
-    </xsd:simpleType>
-
-    <xsd:simpleType name="AccessCertificationCampaignStateType">
-        <xsd:annotation>
-            <xsd:documentation>
-                An enumeration that defines possible states of a certification campaign.
-            </xsd:documentation>
-        </xsd:annotation>
-        <xsd:restriction base="xsd:string">
-            <xsd:enumeration value="created">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Campaign was created, but its first stage has not been started yet.
-                        Current stage number is 0.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="CREATED"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="inReviewStage">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Review is being carried out, in a given stage.
-                        Current stage number is between 1 and N (number of stages).
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="IN_REVIEW_STAGE"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="reviewStageDone">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        A given review stage was done. Next stage nor remediation (if any) has not started yet.
-                        Current stage number indicates the number of stage that has been recently done.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="REVIEW_STAGE_DONE"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="inRemediation">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        The last stage was closed, remediation (either automated or manual) is in progress.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="IN_REMEDIATION"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="closed">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Review and possibly remediation is over. The campaign is closed.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="CLOSED"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-        </xsd:restriction>
-    </xsd:simpleType>
-
-    <!--
-    <xsd:simpleType name="AccessCertificationCaseStateType">
-        <xsd:annotation>
-            <xsd:documentation>
-                An enumeration that defines possible states of a certification case.
-            </xsd:documentation>
-        </xsd:annotation>
-        <xsd:restriction base="xsd:string">
-            <xsd:enumeration value="inReview">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Review is being carried out.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="IN_REVIEW"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="reviewDone">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Review was done. Remediation (if any) has not started yet.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="REVIEW_DONE"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="inRemediation">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        The last stage was closed, remediation (either automated or manual) is in progress.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="IN_REMEDIATION"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-            <xsd:enumeration value="closed">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Review and remediation is over. The case is closed.
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="CLOSED"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-        </xsd:restriction>
-    </xsd:simpleType> -->
-
-    <xsd:complexType name="AccessCertificationCasesStatisticsType">
-        <xsd:annotation>
-            <xsd:documentation>
-                Statistics give a set of access certification cases.
-            </xsd:documentation>
-            <xsd:appinfo>
-                <a:container/>
-                <a:schemaMigration>
-                    <a:element>tns:markedAsDelegate</a:element>
-                    <a:version>4.0</a:version>
-                    <a:operation>removed</a:operation>
-                </a:schemaMigration>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:sequence>
-            <xsd:element name="markedAsAccept" type="xsd:int" minOccurs="1" default="0"/>
-            <xsd:element name="markedAsRevoke" type="xsd:int" minOccurs="1" default="0"/>
-            <xsd:element name="markedAsRevokeAndRemedied" type="xsd:int" minOccurs="1" default="0"/>
-            <xsd:element name="markedAsReduce" type="xsd:int" minOccurs="1" default="0"/>
-            <xsd:element name="markedAsReduceAndRemedied" type="xsd:int" minOccurs="1" default="0"/>
-            <xsd:element name="markedAsNotDecide" type="xsd:int" minOccurs="1" default="0"/>
-            <xsd:element name="withoutResponse" type="xsd:int" minOccurs="1" default="0"/>
-        </xsd:sequence>
-        <xsd:attribute name="id" type="xsd:long"/>
-    </xsd:complexType>
-    <xsd:element name="accessCertificationCasesStatisticsType" type="tns:AccessCertificationCasesStatisticsType" />
-
-    <xsd:complexType name="ManagerSearchType">
-        <xsd:annotation>
-            <xsd:documentation>
-                TODO
-            </xsd:documentation>
-        </xsd:annotation>
-        <xsd:sequence>
-            <xsd:element name="orgType" type="xsd:string" minOccurs="0" />
-            <xsd:element name="allowSelf" type="xsd:boolean" minOccurs="0" default="false" />
-            <!-- todo whether to search in upper layers (by default: yes) -->
-        </xsd:sequence>
-    </xsd:complexType>
-
-    <xsd:complexType name="AccessCertificationConfigurationType">
-        <xsd:annotation>
-            <xsd:documentation>
-                Configuration for access certification.
-            </xsd:documentation>
-            <xsd:appinfo>
-                <a:container/>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:sequence>
-            <xsd:element name="availableResponse" minOccurs="0" maxOccurs="unbounded" type="tns:AccessCertificationResponseType">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        What response types are available to reviewers? Empty list means all responses.
-                        TODO should we configure also names of the responses? (probably no)
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <a:displayName>AccessCertificationConfigurationType.availableResponse</a:displayName>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="reviewerCommentsFormatting" minOccurs="0" type="tns:PerformerCommentsFormattingType">
-                <xsd:annotation>
-                    <xsd:documentation>
-                        Instructions how to format reviewers comments before storing them into metadata.
-                        EXPERIMENTAL
-                    </xsd:documentation>
-                    <xsd:appinfo>
-                        <a:experimental>true</a:experimental>
-                        <a:since>3.7.1</a:since>
-                        <a:displayName>AccessCertificationConfigurationType.reviewerCommentsFormatting</a:displayName>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:element>
-        </xsd:sequence>
-        <xsd:attribute name="id" type="xsd:long"/>
-    </xsd:complexType>
-
-</xsd:schema>
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ Copyright (c) 2010-2018 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
+<xsd:schema targetNamespace="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+            xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+            xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+            xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"
+            xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+            xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
+            xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+            xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
+            elementFormDefault="qualified"
+            xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"
+            jaxb:extensionBindingPrefixes="xjc"
+            jaxb:version="2.0">
+
+    <xsd:annotation>
+        <xsd:documentation>
+            TODO
+        </xsd:documentation>
+    </xsd:annotation>
+
+    <!-- Don't provide schemaLocation here, as it causes xjc to really contact the URIs (!) -->
+    <xsd:import namespace="http://prism.evolveum.com/xml/ns/public/annotation-3"/>
+    <xsd:import namespace="http://prism.evolveum.com/xml/ns/public/types-3"/>
+    <xsd:import namespace="http://prism.evolveum.com/xml/ns/public/query-3"/>
+
+    <xsd:include schemaLocation="http://midpoint.evolveum.com/xml/ns/public/common/common-core-3" />
+    <xsd:include schemaLocation="http://midpoint.evolveum.com/xml/ns/public/common/common-case-management-3" />
+    <xsd:include schemaLocation="http://midpoint.evolveum.com/xml/ns/public/common/common-workflows-3" />
+
+    <xsd:complexType name="AbstractAccessCertificationDefinitionType" abstract="true">      <!-- TODO [4.0] remove -->
+        <xsd:annotation>
+            <xsd:documentation>
+                Definition of an access certification - a template for
+                a set of access certification campaigns.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="c:AssignmentHolderType">
+                <xsd:sequence>
+                    <xsd:element name="handlerUri" type="xsd:anyURI" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                The certification handler that should take care of certification campaigns
+                                created according to this definition.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="scopeDefinition" type="tns:AccessCertificationScopeType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Specifies the standard scope of certifications of this type. (In the future it can be overridden
+                                in specific certification campaign.)
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="ownerRef" type="tns:ObjectReferenceType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                The user that owns certification campaigns based on this definition.
+                            </xsd:documentation>
+                            <xsd:appinfo>
+                                <a:objectReferenceTargetType>tns:UserType</a:objectReferenceTargetType>
+                            </xsd:appinfo>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="remediationDefinition" type="tns:AccessCertificationRemediationDefinitionType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                How the identified cases have to be resolved?
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="reiterationDefinition" type="tns:AccessCertificationReiterationDefinitionType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Configuration of the manual or automatic reiteration.
+                            </xsd:documentation>
+                            <xsd:appinfo>
+                                <a:since>3.9</a:since>
+                            </xsd:appinfo>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="stageDefinition" type="tns:AccessCertificationStageDefinitionType" minOccurs="0" maxOccurs="unbounded">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Definition of individual stages (reviewers, duration, ...).
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="reviewStrategy" type="tns:AccessCertificationCaseReviewStrategyType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Strategy used to compute review outcome for a given case, based on results of individual stages,
+                                along with instructions when a case review advances from a stage to next one.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="adHoc" type="xsd:boolean" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Denotes "ad hoc" certification campaign, i.e. one that is started by policy rules, not explicitly by a user.
+                            </xsd:documentation>
+                            <xsd:appinfo>
+                                <a:since>3.6</a:since>
+                            </xsd:appinfo>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="lastCampaignIdUsed" type="xsd:int" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                ID that was used to auto-generate campaign name last time (null if none so far).
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="lastCampaignStartedTimestamp" type="xsd:dateTime" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                When the last campaign of this type was started (in its first iteration)?
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="lastCampaignClosedTimestamp" type="xsd:dateTime" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                When the last campaign of this type was closed? Deletion is not recorded in this attribute.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <!--<xsd:element name="campaignSchedulingInterval" type="xsd:duration" minOccurs="0">-->
+                    <!--<xsd:annotation>-->
+                    <!--<xsd:documentation>-->
+                    <!--How often should a campaign of this type be automatically started?-->
+                    <!--(null if automated scheduling is not required)-->
+                    <!--Scheduling is based on last campaign started timestamp.-->
+                    <!--</xsd:documentation>-->
+                    <!--</xsd:annotation>-->
+                    <!--</xsd:element>-->
+                </xsd:sequence>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+
+    <xsd:complexType name="AccessCertificationDefinitionForReportType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Access certification definition augmented with report-related information
+                (e.g. number of campaigns).
+
+                EXPERIMENTAL. It is to be seen if this form is OK.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="c:AbstractAccessCertificationDefinitionType">
+                <xsd:sequence>
+                    <xsd:element name="campaigns" type="xsd:int" minOccurs="0"/>
+                    <xsd:element name="openCampaigns" type="xsd:int" minOccurs="0"/>
+                </xsd:sequence>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+    <xsd:element name="accessCertificationDefinitionForReport" type="tns:AccessCertificationDefinitionForReportType" substitutionGroup="c:object"/>
+
+    <xsd:complexType name="AccessCertificationDefinitionType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Access certification definition.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="c:AbstractAccessCertificationDefinitionType">
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+    <xsd:element name="accessCertificationDefinition" type="tns:AccessCertificationDefinitionType" substitutionGroup="c:object"/>
+
+    <xsd:complexType name="AccessCertificationStageDefinitionType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Definition of an access certification campaign stage.
+            </xsd:documentation>
+            <xsd:appinfo>
+                <a:container/>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:sequence>
+            <xsd:element name="number" type="xsd:int" minOccurs="1">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Stages are numbered from 1 onwards.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="name" type="xsd:string" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Stage name.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="description" type="xsd:string" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Stage description.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element ref="tns:documentation" minOccurs="0" maxOccurs="1"/>
+            <xsd:element name="duration" type="xsd:duration" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        How long should the stage last?
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="deadlineRounding" type="c:DeadlineRoundingType" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        How to round the deadline (if at all)? The default is to 23:59:59 of the computed day.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="notifyBeforeDeadline" type="xsd:duration" minOccurs="0" maxOccurs="unbounded">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        How long before the end of stage should notifications be sent?
+                        (Multiple values can be put here.)
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="notifyOnlyWhenNoDecision" type="xsd:boolean" minOccurs="0" default="true">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Send notifications only to people that have not decided yet.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="reviewerSpecification" type="tns:AccessCertificationReviewerSpecificationType" minOccurs="0" maxOccurs="1">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        TODO
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="outcomeStrategy" type="tns:AccessCertificationCaseOutcomeStrategyType" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        How to determine outcome of the approval process (e.g. if multiple reviewers are present)?
+                        Default is oneAcceptAccepts.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="outcomeIfNoReviewers" type="tns:AccessCertificationResponseType" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        What is the outcome if no reviewers are available? (This is not the same situation as if some reviewers were computed but none of them responded!)
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="stopReviewOn" type="tns:AccessCertificationResponseType" minOccurs="0" maxOccurs="unbounded">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        What decisions stop the case from advancing to the next stage?
+                        If neither stopReviewOn nor advanceToNextStageOn is used, a default (defined at the campaign level) is used.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="advanceToNextStageOn" type="tns:AccessCertificationResponseType" minOccurs="0" maxOccurs="unbounded">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        What decisions make the case to advance to the next stage?
+                        If neither stopReviewOn nor advanceToNextStageOn is used, a default (defined at the campaign level) is used.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="timedActions" type="tns:WorkItemTimedActionsType" minOccurs="0" maxOccurs="unbounded">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        What actions are to be applied to work items when given timer(s) occur.
+                        EXPERIMENTAL
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:since>3.6</a:since>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
+        </xsd:sequence>
+        <xsd:attribute name="id" type="xsd:long"/>
+    </xsd:complexType>
+
+    <xsd:complexType name="AccessCertificationReviewerSpecificationType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Specifies how to select reviewers for a campaign stage.
+            </xsd:documentation>
+            <xsd:appinfo>
+                <a:container/>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:sequence>
+            <xsd:element name="name" type="xsd:string" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        User-readable name of this reviewer specification. (In case it is necessary.)
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="description" type="xsd:string" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Description of this reviewer specification.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element ref="tns:documentation" minOccurs="0" maxOccurs="1"/>
+            <xsd:element name="useTargetOwner" type="xsd:boolean" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Indicates that target object (Org, Role, Resource) owner(s) should be used as reviewer(s).
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="useTargetApprover" type="xsd:boolean" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Indicates that target object (Org, Role, Resource) approver(s) should be used as reviewer(s).
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="useObjectOwner" type="xsd:boolean" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Indicates that object (Org, Role) owner(s) should be used as reviewer(s).
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="useObjectApprover" type="xsd:boolean" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Indicates that object (Org, Role) approver(s) should be used as reviewer(s).
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="useObjectManager" type="tns:ManagerSearchType" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Indicates that the object's managers should be used. The interpretation depends on what kind
+                        of object there is.
+
+                        For a user, the managers of all organizations to which he/she belongs, are taken.
+                        For an org, its managers are taken.
+                        (For the future: For a role, if it has a parentOrgRef, managers of these are taken. If it has
+                        none, no reviewers are contributed by this option.)
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="reviewerExpression" type="tns:ExpressionType" minOccurs="0" maxOccurs="unbounded">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        The most general way of specifying the reviewer. Inputs for such expressions are:
+                        - certificationCase (current certification case),
+                        - campaign (certification campaign object),
+                        - reviewerSpecification (current reviewer specification).
+                        Output is a collection of parent-less reviewer references (of type ObjectReferenceType).
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="defaultReviewerRef" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="unbounded">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        If no reviewer(s) are computed by other means, this/these should be used.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:objectReferenceTargetType>tns:FocusType</a:objectReferenceTargetType>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="additionalReviewerRef" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="unbounded">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        These reviewers are always used.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:objectReferenceTargetType>tns:FocusType</a:objectReferenceTargetType>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
+        </xsd:sequence>
+        <xsd:attribute name="id" type="xsd:long"/>
+    </xsd:complexType>
+
+    <xsd:complexType name="AccessCertificationCampaignType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Definition of an access certification campaign.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="c:AssignmentHolderType">
+                <xsd:sequence>
+                    <xsd:element name="definitionRef" type="tns:ObjectReferenceType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Specifies the definition for this certification campaign.
+                                (It is optional, as there are also ad-hoc certifications with no pre-existing definition.)
+                            </xsd:documentation>
+                            <xsd:appinfo>
+                                <a:objectReferenceTargetType>tns:AccessCertificationDefinitionType</a:objectReferenceTargetType>
+                            </xsd:appinfo>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="ownerRef" type="tns:ObjectReferenceType" minOccurs="1">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Specifies the owner of this certification campaign.
+                            </xsd:documentation>
+                            <xsd:appinfo>
+                                <a:objectReferenceTargetType>tns:UserType</a:objectReferenceTargetType>
+                            </xsd:appinfo>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="handlerUri" type="xsd:anyURI" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                The certification handler that should take care of this campaign.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="scopeDefinition" type="tns:AccessCertificationScopeType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Specifies the scope of this campaign.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="remediationDefinition" type="tns:AccessCertificationRemediationDefinitionType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                How the identified cases have to be resolved?
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="reiterationDefinition" type="tns:AccessCertificationReiterationDefinitionType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Configuration of the manual or automatic reiteration.
+                            </xsd:documentation>
+                            <xsd:appinfo>
+                                <a:since>3.9</a:since>
+                            </xsd:appinfo>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="stageDefinition" type="tns:AccessCertificationStageDefinitionType" minOccurs="0" maxOccurs="unbounded">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Definition of individual stages.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="reviewStrategy" type="tns:AccessCertificationCaseReviewStrategyType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Strategy used to compute review outcome for a given case, based on results of individual stages,
+                                along with instructions when a case review advances from a stage to next one.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="startTimestamp" type="xsd:dateTime" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                When this campaign has to start (or has started).
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="endTimestamp" type="xsd:dateTime" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                When this campaign has finished.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="repetition" type="xsd:int" minOccurs="0" default="1">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Which iteration this campaign is in. 1 means the regular (first) run;
+                                2 means first repetition, etc.
+                            </xsd:documentation>
+                            <xsd:appinfo>
+                                <a:since>3.9</a:since>
+                            </xsd:appinfo>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="state" type="tns:AccessCertificationCampaignStateType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                In which state is the current campaign.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="stageNumber" type="xsd:int" minOccurs="1">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                The stage this campaign is in.
+                                0 means it has not started yet.
+                                X in 1..N (where N is the number of defined stages) means that stage X is being carried out.
+                                Y greater than N means the campaign has been already finished.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="stage" type="tns:AccessCertificationStageType" minOccurs="0" maxOccurs="unbounded">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Stages for this campaign (already finished, current, or planned).
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="case" type="tns:AccessCertificationCaseType" minOccurs="0" maxOccurs="unbounded">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Certification cases for this campaign.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                </xsd:sequence>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+    <xsd:element name="accessCertificationCampaign" type="tns:AccessCertificationCampaignType" substitutionGroup="c:object" />
+
+    <xsd:complexType name="AccessCertificationStageType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Information about a stage of a campaign.
+            </xsd:documentation>
+            <xsd:appinfo>
+                <a:container/>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:sequence>
+            <xsd:element name="iteration" type="xsd:int" minOccurs="0" default="1">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Which iteration this stage is part of. 1 means the first (i.e. regular) run.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:since>3.9</a:since>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="number" type="xsd:int">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        TODO
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="name" type="xsd:string" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Stage name.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="description" type="xsd:string" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Stage description.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element ref="tns:documentation" minOccurs="0" maxOccurs="1"/>
+            <xsd:element name="startTimestamp" type="xsd:dateTime" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        When this stage has started.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="deadline" type="xsd:dateTime" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        When this stage has to finish.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="endTimestamp" type="xsd:dateTime" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        When this stage has actually finished.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="escalationLevel" type="tns:WorkItemEscalationLevelType" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        The escalation level is currently the same for open all cases and their open work items in the stage.
+                        (This might change in the future.)
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+        </xsd:sequence>
+        <xsd:attribute name="id" type="xsd:long"/>
+    </xsd:complexType>
+
+    <xsd:complexType name="AccessCertificationScopeType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Specifies the scope of an access certification campaign.
+            </xsd:documentation>
+            <xsd:appinfo>
+                <a:container/>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:sequence>
+            <xsd:element name="name" type="xsd:string" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        User-readable name of this scope definition. (In case it is necessary.)
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="description" type="xsd:string" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Description of this scope definition.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element ref="tns:documentation" minOccurs="0" maxOccurs="1"/>
+        </xsd:sequence>
+        <xsd:attribute name="id" type="xsd:long"/>
+    </xsd:complexType>
+
+    <xsd:complexType name="AccessCertificationObjectBasedScopeType">
+        <xsd:annotation>
+            <xsd:appinfo>
+                <a:container/>
+            </xsd:appinfo>
+            <xsd:documentation>
+                The most common way of specifying scope - providing type+search filter to select "base" objects
+                and then some means of deriving certification cases from them.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="tns:AccessCertificationScopeType">
+                <xsd:sequence>
+                    <xsd:element name="objectType" type="xsd:QName" minOccurs="1">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Type of objects to be selected for certification.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="searchFilter" type="q:SearchFilterType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Filter to find objects for certification.
+                                By default, all objects of a given type will be selected.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="itemSelectionExpression" type="c:ExpressionType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Expression that selects items that are to be included in the certification.
+                                Exact use of this expression depends on the certification handler.
+                                E.g. user assignment handler could call this expression individually with each assignment
+                                to determine which assignments should be included and which should not.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="caseGenerationExpression" type="c:ExpressionType" minOccurs="0" maxOccurs="unbounded">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Expression that produces certification cases. This can be any expression, whose input is an object
+                                that has passed the search filter specified above, and its output is a list of certification cases.
+                                An example: a groovy expression, creating certification cases by selecting user's
+                                "risky" assignments (e.g. assignments to a roles of a given type/types). Another example
+                                can be the computation of all assignments (direct and indirect ones), and selecting among these.
+                                NOT IMPLEMENTED YET
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                </xsd:sequence>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+    <xsd:element name="accessCertificationObjectBasedScopeType" type="tns:AccessCertificationObjectBasedScopeType"/>
+
+    <xsd:complexType name="AccessCertificationAssignmentReviewScopeType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Scope for assignment-related reviews.
+            </xsd:documentation>
+            <xsd:appinfo>
+                <a:container/>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="tns:AccessCertificationObjectBasedScopeType">
+                <xsd:sequence>
+                    <xsd:element name="includeAssignments" type="xsd:boolean" minOccurs="0" default="true">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Should assignments be included in the certification?
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="includeInducements" type="xsd:boolean" minOccurs="0" default="true">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Should inducements be included in the certification?
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="includeRoles" type="xsd:boolean" minOccurs="0" default="true">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Should assignments/inducements of roles be included in the certification?
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="includeOrgs" type="xsd:boolean" minOccurs="0" default="true">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Should assignments/inducements of orgs be included in the certification?
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="includeResources" type="xsd:boolean" minOccurs="0" default="true">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Should assignments/inducements of resources be included in the certification?
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="includeServices" type="xsd:boolean" minOccurs="0" default="true">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Should assignments/inducements of services be included in the certification?
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="includeUsers" type="xsd:boolean" minOccurs="0" default="true">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Should assignments/inducements of users (e.g. deputy relations) be included in the certification?
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="enabledItemsOnly" type="xsd:boolean" minOccurs="0" default="true">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Should we approve only assignments/inducements that are currently enabled?
+                                (I.e. with administrativeStatus either null or ENABLED)
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="relation" type="xsd:QName" minOccurs="0" maxOccurs="unbounded">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Relation(s) which are to be considered. Value of q:any means "any relation".
+                                If no relation is present, org:default (i.e. null) is assumed.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                </xsd:sequence>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+    <xsd:element name="accessCertificationAssignmentReviewScopeType" type="tns:AccessCertificationAssignmentReviewScopeType"/>
+
+    <xsd:complexType name="AccessCertificationCaseType">
+        <xsd:annotation>
+            <xsd:documentation>
+                An item that has to be certified, viewed in the scope of a given certification campaign.
+            </xsd:documentation>
+            <xsd:appinfo>
+                <a:container/>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:sequence>
+            <xsd:element name="objectRef" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="1">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Object (e.g. a user) that is being touched by this case.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:objectReferenceTargetType>tns:ObjectType</a:objectReferenceTargetType>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="targetRef" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="1">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Quite an abstract parameter - describing the object of the certification case (e.g. a role, a resource, ...).
+                        Used for selecting relevant cases for approvals.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:objectReferenceTargetType>tns:ObjectType</a:objectReferenceTargetType>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="tenantRef" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="1">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        For parameterized certification items (e.g. assignments): a tenant parameter, if applicable.
+                        See discussion on tenantRef in AssignmentType.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:objectReferenceTargetType>tns:OrgType</a:objectReferenceTargetType>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="orgRef" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="1">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        For parameterized certification items (e.g. assignments): an org parameter, if applicable.
+                        See discussion on orgRef in AssignmentType.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:objectReferenceTargetType>tns:OrgType</a:objectReferenceTargetType>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="activation" type="tns:ActivationType" minOccurs="0" maxOccurs="1">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        If the target is assigned with activation information (e.g. validFrom/validTo/administrativeStatus)
+                        here is the information copied. Note that other activation information (e.g. effectiveStatus) are
+                        _not_ updated here and probably should be ignored.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <!--
+<xsd:element name="targetQualification" type="xsd:string" minOccurs="0">
+    <xsd:annotation>
+        <xsd:documentation>
+            E.g. kind+intent of a resource object (if target is a resource).
+
+                        TargetRef + targetQualification are used to group cases e.g. by role, by roleType,
+                        by resource, by resource object ... We could add more similar properties,
+                        as requirements evolve.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            -->
+            <xsd:element name="stageNumber" type="xsd:int">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        The number of current stage in which this case is.
+                        E.g. currentOutcome relates to the currentStage.
+                        Case is "enabled" for a current campaign stage if and only if case.currentStage == campaign.stageNumber.
+
+                        When opening a campaign stage, case's currentStage either advances (if it is transferred to stage being opened)
+                        or stays at the existing value (if it is not). It then indicates the last stage this case
+                        was reviewed in.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="iteration" type="xsd:int" minOccurs="0" default="1">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Iteration this case takes part of. Case is "enabled" for a current campaign stage if and only if
+                        case.iteration == campaign.iteration (beware of null comparison).
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="workItem" type="tns:AccessCertificationWorkItemType" minOccurs="0" maxOccurs="unbounded">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Work items for this stage. Some might be completed. Work items are not deleted.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:since>3.6</a:since>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="currentStageCreateTimestamp" type="xsd:dateTime">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        When was this certification case requested to be reviewed?
+                        (Can be found in certification.stage.start but we need to
+                        sort according to this value.)
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="currentStageDeadline" type="xsd:dateTime" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        When should this certification case be reviewed?
+                        (Can be found in certification.stage.end but we need to
+                        sort according to this value.)
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="currentStageOutcome" type="xsd:anyURI" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Currently valid outcome, relevant to the current stage. It is recomputed on each reviewer's
+                        response based on defined algorithms. If the case is not transferred into the next stage,
+                        the value of this item stays as it is.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="outcome" type="xsd:anyURI" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        The outcome, taking into account all closed stages plus current stage (if any).
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="reviewFinishedTimestamp" type="xsd:dateTime" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        When was the review process for this case finished (for the current iteration)?
+                        This value is cleared for cases entering the next iteration.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:since>3.9</a:since>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="remediedTimestamp" type="xsd:dateTime" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        When was this certification case was remedied?
+                        If null, this means that either remediation was not required
+                        (either because the decision was "accept" or "abstain" or
+                        because remediation mode was set to "none").
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="event" type="tns:CaseEventType" minOccurs="0" maxOccurs="unbounded">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Events that occurred during lifetime of this case.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+        </xsd:sequence>
+        <xsd:attribute name="id" type="xsd:long"/>
+    </xsd:complexType>
+    <xsd:element name="accessCertificationCase" type="tns:AccessCertificationCaseType"/>
+    <xsd:element name="workItem" type="tns:AccessCertificationWorkItemType"/>
+
+    <xsd:complexType name="AccessCertificationCaseStageOutcomeType">
+        <xsd:annotation>
+            <xsd:appinfo>
+                <a:container/>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:sequence>
+            <xsd:element name="stageNumber" type="xsd:int" minOccurs="1" />
+            <xsd:element name="outcome" type="tns:AccessCertificationResponseType" minOccurs="1" />
+        </xsd:sequence>
+        <xsd:attribute name="id" type="xsd:long"/>
+    </xsd:complexType>
+
+    <xsd:complexType name="AccessCertificationWorkItemType">
+        <xsd:annotation>
+            <xsd:documentation>
+                A work item for a certification case.
+            </xsd:documentation>
+            <xsd:appinfo>
+                <a:container/>
+                <a:since>3.6</a:since>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="tns:AbstractWorkItemType">
+                <xsd:sequence>
+                    <xsd:element name="outputChangeTimestamp" type="xsd:dateTime" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                When the decision was made or changed.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="iteration" type="xsd:int" minOccurs="0" default="1">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Which iteration this work item is part of. 1 means the first (i.e. regular) run.
+                            </xsd:documentation>
+                            <xsd:appinfo>
+                                <a:since>3.9</a:since>
+                            </xsd:appinfo>
+                        </xsd:annotation>
+                    </xsd:element>
+                </xsd:sequence>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+
+    <xsd:complexType name="AccessCertificationAssignmentCaseType">
+        <xsd:annotation>
+            <xsd:appinfo>
+                <a:container/>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="tns:AccessCertificationCaseType">
+                <xsd:sequence>
+                    <xsd:element name="assignment" type="tns:AssignmentType" minOccurs="1">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Assignment that is being considered.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="isInducement" type="xsd:boolean" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Indicates if the above assignment is an assignment or (in case of roles) an inducement.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                </xsd:sequence>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+    <xsd:element name="accessCertificationAssignmentCase" type="tns:AccessCertificationAssignmentCaseType"/>
+
+    <xsd:simpleType name="AccessCertificationResponseType">
+        <xsd:annotation>
+            <xsd:documentation>
+                An enumeration that defines possible reviewers' responses.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:restriction base="xsd:string">
+            <xsd:enumeration value="accept">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        A.k.a. maintain, confirm, certify, approve, OK - the situation was approved and can be left
+                        as it is. It is possible to enter a date when the approval will expire. Until this time
+                        the item will be considered approved and will not be shown in the certification list
+                        for the given certifier. (We have to decide how to implement this feature. The most simple
+                        but not entirely correct solution is to set "validTo" date for a given assignment. But it
+                        wouldn't work e.g. for indirect assignments.)
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="ACCEPT"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="revoke">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        A.k.a. reject, remove, "not OK" - the situation is unacceptable and has to be eliminated
+                        or disabled. E.g. the assignment has to be removed or disabled.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="REVOKE"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="reduce">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        A.k.a. update - situation is not acceptable; however, simple elimination/disabling is not
+                        necessary or not appropriate - someone has to look at this and try to find another solution.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="REDUCE"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="notDecided">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        A.k.a. abstain - responsible person says he/she is not able to decide.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="NOT_DECIDED"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="delegate">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Responsible person delegates the decision to someone else.
+                        DEPRECATED
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="DELEGATE"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="noResponse">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        No response was provided by the given reviewer.
+                        (This state can be used e.g. to facilitate querying by state.)
+
+                        SHOULD NOT BE USED FOR INDIVIDUAL RESPONSES. (A null value should be used instead.)
+                        But it's OK to use this for stage/case outcome.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="NO_RESPONSE"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+        </xsd:restriction>
+    </xsd:simpleType>
+
+    <xsd:complexType name="AccessCertificationCaseReviewStrategyType">
+        <xsd:sequence>
+            <xsd:element name="outcomeStrategy" type="tns:AccessCertificationCaseOutcomeStrategyType" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Strategy used to compute review outcome for a given case, based on results of individual stages.
+                        Default is oneDenyDenies.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="stopReviewOn" type="tns:AccessCertificationResponseType" minOccurs="0" maxOccurs="unbounded">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        What decisions stop the case from advancing to the next stage?
+                        If neither stopReviewOn nor advanceToNextStageOn is used, a default (defined by the outcomeStrategy) is used.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="advanceToNextStageOn" type="tns:AccessCertificationResponseType" minOccurs="0" maxOccurs="unbounded">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        What decisions make the case to advance to the next stage?
+                        If neither stopReviewOn nor advanceToNextStageOn is used, a default (defined by the outcomeStrategy) is used.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+        </xsd:sequence>
+    </xsd:complexType>
+
+    <xsd:simpleType name="AccessCertificationCaseOutcomeStrategyType">
+        <xsd:annotation>
+            <xsd:documentation>
+                An enumeration that defines possible strategies for case outcome (approval) computation - currently both at the stage and campaign level.
+                (In the future, these uses might be split.)
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:restriction base="xsd:string">
+            <xsd:enumeration value="oneAcceptAccepts">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        If at least one reviewer approves, the result is "APPROVED" regardless of the other votes.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="ONE_ACCEPT_ACCEPTS"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="oneDenyDenies">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        If at least one reviewer denies (either via revoke or reduce), the result is "NOT APPROVED".
+                        However, for the case to be approved, at least approval must be present.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="ONE_DENY_DENIES"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="acceptedIfNotDenied">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Approved if none of the reviewers denies (either via revoke or reduce).
+                        So e.g. if nobody says anything, the case is approved.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="ACCEPTED_IF_NOT_DENIED"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="allMustAccept">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        All reviewers must approve, i.e. no revoke, reduce, noResponse is acceptable.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="ALL_MUST_ACCEPT"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+        </xsd:restriction>
+    </xsd:simpleType>
+
+    <xsd:complexType name="AccessCertificationRemediationDefinitionType">
+        <xsd:annotation>
+            <xsd:documentation>
+                TODO
+            </xsd:documentation>
+            <xsd:appinfo>
+                <a:container/>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:sequence>
+            <xsd:element name="style" type="tns:AccessCertificationRemediationStyleType" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        TODO
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="revokeOn" type="tns:AccessCertificationResponseType" minOccurs="0" maxOccurs="unbounded">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        What (final) outcomes cause actual remediation (e.g. deletion of an assignment) if automated remediation is configured?
+                        The default is "revoke". But more can be specified here, e.g. noResponse.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+        </xsd:sequence>
+        <xsd:attribute name="id" type="xsd:long"/>
+    </xsd:complexType>
+
+    <xsd:complexType name="AccessCertificationReiterationDefinitionType">
+        <xsd:annotation>
+            <xsd:documentation>
+                TODO
+            </xsd:documentation>
+            <xsd:appinfo>
+                <a:container/>
+                <a:since>3.9</a:since>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:sequence>
+            <xsd:element name="startsAfter" type="xsd:duration" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        How long after campaign is closed should automatic reiteration start?
+                        The default is that reiteration starts only manually.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="limitWhenAutomatic" type="xsd:int" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        How many iterations are allowed for automatic start? After reaching the specified number of iterations
+                        (irrespective of how they were started) automatic reiteration mechanism will be disabled for this
+                        campaign.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="limit" type="xsd:int" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        How many iterations are allowed in total? After reaching the specified number of iterations
+                        no new iterations can be opened.
+                    </xsd:documentation>
+                </xsd:annotation>
+            </xsd:element>
+        </xsd:sequence>
+        <xsd:attribute name="id" type="xsd:long"/>
+    </xsd:complexType>
+
+    <xsd:simpleType name="AccessCertificationRemediationStyleType">
+        <xsd:annotation>
+            <xsd:documentation>
+                An enumeration that defines possible styles for certification case remediation.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:restriction base="xsd:string">
+            <xsd:enumeration value="automated">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Resolution of revoked cases is fully automated.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="AUTOMATED"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="reportOnly">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Non-conformant cases are only to be reported.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="REPORT_ONLY"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+        </xsd:restriction>
+    </xsd:simpleType>
+
+    <xsd:simpleType name="AccessCertificationCampaignStateType">
+        <xsd:annotation>
+            <xsd:documentation>
+                An enumeration that defines possible states of a certification campaign.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:restriction base="xsd:string">
+            <xsd:enumeration value="created">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Campaign was created, but its first stage has not been started yet.
+                        Current stage number is 0.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="CREATED"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="inReviewStage">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Review is being carried out, in a given stage.
+                        Current stage number is between 1 and N (number of stages).
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="IN_REVIEW_STAGE"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="reviewStageDone">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        A given review stage was done. Next stage nor remediation (if any) has not started yet.
+                        Current stage number indicates the number of stage that has been recently done.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="REVIEW_STAGE_DONE"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="inRemediation">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        The last stage was closed, remediation (either automated or manual) is in progress.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="IN_REMEDIATION"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="closed">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Review and possibly remediation is over. The campaign is closed.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="CLOSED"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+        </xsd:restriction>
+    </xsd:simpleType>
+
+    <!--
+    <xsd:simpleType name="AccessCertificationCaseStateType">
+        <xsd:annotation>
+            <xsd:documentation>
+                An enumeration that defines possible states of a certification case.
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:restriction base="xsd:string">
+            <xsd:enumeration value="inReview">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Review is being carried out.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="IN_REVIEW"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="reviewDone">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Review was done. Remediation (if any) has not started yet.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="REVIEW_DONE"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="inRemediation">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        The last stage was closed, remediation (either automated or manual) is in progress.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="IN_REMEDIATION"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="closed">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Review and remediation is over. The case is closed.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="CLOSED"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+        </xsd:restriction>
+    </xsd:simpleType> -->
+
+    <xsd:complexType name="AccessCertificationCasesStatisticsType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Statistics give a set of access certification cases.
+            </xsd:documentation>
+            <xsd:appinfo>
+                <a:container/>
+                <a:schemaMigration>
+                    <a:element>tns:markedAsDelegate</a:element>
+                    <a:version>4.0</a:version>
+                    <a:operation>removed</a:operation>
+                </a:schemaMigration>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:sequence>
+            <xsd:element name="markedAsAccept" type="xsd:int" minOccurs="1" default="0"/>
+            <xsd:element name="markedAsRevoke" type="xsd:int" minOccurs="1" default="0"/>
+            <xsd:element name="markedAsRevokeAndRemedied" type="xsd:int" minOccurs="1" default="0"/>
+            <xsd:element name="markedAsReduce" type="xsd:int" minOccurs="1" default="0"/>
+            <xsd:element name="markedAsReduceAndRemedied" type="xsd:int" minOccurs="1" default="0"/>
+            <xsd:element name="markedAsNotDecide" type="xsd:int" minOccurs="1" default="0"/>
+            <xsd:element name="withoutResponse" type="xsd:int" minOccurs="1" default="0"/>
+        </xsd:sequence>
+        <xsd:attribute name="id" type="xsd:long"/>
+    </xsd:complexType>
+    <xsd:element name="accessCertificationCasesStatisticsType" type="tns:AccessCertificationCasesStatisticsType" />
+
+    <xsd:complexType name="ManagerSearchType">
+        <xsd:annotation>
+            <xsd:documentation>
+                TODO
+            </xsd:documentation>
+        </xsd:annotation>
+        <xsd:sequence>
+            <xsd:element name="orgType" type="xsd:string" minOccurs="0" />
+            <xsd:element name="allowSelf" type="xsd:boolean" minOccurs="0" default="false" />
+            <!-- todo whether to search in upper layers (by default: yes) -->
+        </xsd:sequence>
+    </xsd:complexType>
+
+    <xsd:complexType name="AccessCertificationConfigurationType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Configuration for access certification.
+            </xsd:documentation>
+            <xsd:appinfo>
+                <a:container/>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:sequence>
+            <xsd:element name="availableResponse" minOccurs="0" maxOccurs="unbounded" type="tns:AccessCertificationResponseType">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        What response types are available to reviewers? Empty list means all responses.
+                        TODO should we configure also names of the responses? (probably no)
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:displayName>AccessCertificationConfigurationType.availableResponse</a:displayName>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="reviewerCommentsFormatting" minOccurs="0" type="tns:PerformerCommentsFormattingType">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Instructions how to format reviewers comments before storing them into metadata.
+                        EXPERIMENTAL
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:experimental>true</a:experimental>
+                        <a:since>3.7.1</a:since>
+                        <a:displayName>AccessCertificationConfigurationType.reviewerCommentsFormatting</a:displayName>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
+        </xsd:sequence>
+        <xsd:attribute name="id" type="xsd:long"/>
+    </xsd:complexType>
+
+</xsd:schema>
diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
index ea78952ee2a..34cfc42d56b 100755
--- a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
+++ b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
@@ -12867,6 +12867,9 @@
                                 It does not provide any further details. More details can be found in the "synchronizationSituationDescription"
                                 property.
                             </xsd:documentation>
+                             <xsd:appinfo>
+                                 <a:displayName>ShadowType.synchronizationTimestamp</a:displayName>
+                             </xsd:appinfo>
                         </xsd:annotation>
                      </xsd:element>
                      <xsd:element name="fullSynchronizationTimestamp" type="xsd:dateTime" minOccurs="0">
@@ -25616,6 +25619,18 @@
                             </xsd:appinfo>
                         </xsd:annotation>
                     </xsd:element>
+                    <xsd:element name="paging" type="q:PagingType" minOccurs="0" maxOccurs="1">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Paging for query.
+                            </xsd:documentation>
+                            <xsd:appinfo>
+                                <a:experimental>true</a:experimental>
+                                <a:since>4.4</a:since>
+                                <a:displayName>ObjectCollectionReportEngineConfigurationType.paging</a:displayName>
+                            </xsd:appinfo>
+                        </xsd:annotation>
+                    </xsd:element>
                 </xsd:sequence>
             </xsd:extension>
         </xsd:complexContent>
diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/DashboardServiceImpl.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/DashboardServiceImpl.java
index de0786664de..270d5333a3b 100644
--- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/DashboardServiceImpl.java
+++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/DashboardServiceImpl.java
@@ -490,47 +490,6 @@ private void evaluateVariation(DashboardWidgetType widget, VariablesMap variable
         }
     }
 
-//    @Override
-//    public void searchObjectFromCollection(CollectionRefSpecificationType collectionConfig, AuditResultHandler handler,
-//            ObjectPaging paging, Task task, OperationResult result, boolean recordProgress)
-//            throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
-//
-//        if (collectionConfig.getCollectionRef() != null && collectionConfig.getFilter() != null) {
-//            LOGGER.error("CollectionRefSpecificationType contains CollectionRef and Filter, please define only one");
-//            throw new IllegalArgumentException("CollectionRefSpecificationType contains CollectionRef and Filter, please define only one");
-//        }
-//        CompiledObjectCollectionView compiledCollection = modelInteractionService.compileObjectCollectionView(
-//                collectionConfig, AuditEventRecordType.class, task, task.getResult());
-//
-//        VariablesMap variables = new VariablesMap();
-//        ObjectFilter filter = ExpressionUtil.evaluateFilterExpressions(compiledCollection.getFilter(), variables, MiscSchemaUtil.getExpressionProfile(),
-//                expressionFactory, prismContext, "collection filter", task, result);
-//        if (filter == null) {
-//            LOGGER.error("Couldn't find filter");
-//            throw new ConfigurationException("Couldn't find filter");
-//        }
-//
-//        ObjectQuery query = prismContext.queryFactory().createQuery();
-//        query.setFilter(filter);
-//        query.setPaging(paging);
-//        ObjectCollectionType collection = null;
-//        if (collectionConfig.getCollectionRef() != null) {
-//            ObjectReferenceType ref = collectionConfig.getCollectionRef();
-//            Class<ObjectType> refType = prismContext.getSchemaRegistry().determineClassForType(ref.getType());
-//            collection = (ObjectCollectionType) modelService
-//                    .getObject(refType, ref.getOid(), null, task, result).asObjectable();
-//        }
-//        @NotNull Collection<SelectorOptions<GetOperationOptions>> options = combineAuditOption(collectionConfig, collection, task, result);
-//        if (recordProgress) {
-//            long count = auditService.countObjects(query, options, result);
-//            task.setExpectedTotal(count);
-//        }
-//        @NotNull SearchResultList<AuditEventRecordType> auditRecords = auditService.searchObjects(query, options, result);
-//        auditRecords.forEach(audit -> {
-//            handler.handle(audit);
-//        });
-//    }
-
     @Override
     public ObjectCollectionType getObjectCollectionType(DashboardWidgetType widget, Task task, OperationResult result)
             throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
index e44ff85d73b..e21555e87fe 100644
--- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
+++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
@@ -1989,23 +1989,33 @@ public void searchObjectFromCollection(CollectionRefSpecificationType collection
             long count;
             if (AuditEventRecordType.class.equals(type)) {
                 count = auditService.countObjects(query, options, result);
+            } else if (Containerable.class.isAssignableFrom(type)) {
+                count = modelService.countContainers(type, query, options, task, result);
             } else {
                 count = modelService.countObjects((Class<ObjectType>) type, query, options, task, result);
             }
+
             task.setExpectedTotal(count);
         }
         if (AuditEventRecordType.class.equals(type)) {
             @NotNull SearchResultList<AuditEventRecordType> auditRecords = auditService.searchObjects(query, options, result);
-            for (AuditEventRecordType auditRecord : auditRecords){
-                PrismContainerValue prismValue = auditRecord.asPrismContainerValue();
-                prismValue.setPrismContext(prismContext);
-                PrismContainer container = prismValue.asSingleValuedContainer(AuditEventRecordType.COMPLEX_TYPE);
-                handler.test(container);
-            }
+            processContainerByHandler(auditRecords, handler);
+        } else if (Containerable.class.isAssignableFrom(type)) {
+            SearchResultList<? extends Containerable> containers = modelService.searchContainers(type, query, options, task, result);
+            processContainerByHandler(containers, handler);
         } else {
             ResultHandler<ObjectType> resultHandler = (value, operationResult) -> handler.test((PrismContainer)value);
             modelService.searchObjectsIterative((Class<ObjectType>) type, query, resultHandler, options, task, result);
         }
     }
 
+    private void processContainerByHandler(SearchResultList<? extends Containerable> containers, Predicate<PrismContainer> handler) throws SchemaException {
+        for (Containerable container : containers){
+            PrismContainerValue prismValue = container.asPrismContainerValue();
+            prismValue.setPrismContext(prismContext);
+            PrismContainer prismContainer = prismValue.asSingleValuedContainer(prismValue.getTypeName());
+            handler.test(prismContainer);
+        }
+    }
+
 }
diff --git a/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/ReportServiceImpl.java b/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/ReportServiceImpl.java
index b28c9c4e011..9f17ea1fab2 100644
--- a/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/ReportServiceImpl.java
+++ b/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/ReportServiceImpl.java
@@ -26,6 +26,8 @@
 
 import com.evolveum.midpoint.xml.ns._public.common.audit_3.AuditEventRecordType;
 
+import com.evolveum.prism.xml.ns._public.types_3.RawType;
+
 import org.apache.commons.lang.StringUtils;
 import org.jetbrains.annotations.NotNull;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -483,13 +485,21 @@ public VariablesMap getParameters(Task task) {
             PrismContainerValue<ReportParameterType> reportParamsValues = reportParams.getValue();
             Collection<Item<?, ?>> items = reportParamsValues.getItems();
             for (Item item : items) {
-                PrismProperty pp = (PrismProperty) item;
-                String paramName = pp.getPath().lastName().getLocalPart();
+                String paramName = item.getPath().lastName().getLocalPart();
                 Object value = null;
-                if (!pp.getRealValues().isEmpty()) {
-                    value = pp.getRealValues().iterator().next();
+                if (!item.getRealValues().isEmpty()) {
+                    value = item.getRealValues().iterator().next();
+                }
+                if (item.getRealValue() instanceof RawType){
+                    try {
+                        ObjectReferenceType parsedRealValue = ((RawType) item.getRealValue()).getParsedRealValue(ObjectReferenceType.class);
+                        variables.put(paramName, new TypedValue(parsedRealValue, ObjectReferenceType.class));
+                    } catch (SchemaException e) {
+                        LOGGER.error("Couldn't parse ObjectReferenceType from raw type. " + item.getRealValue());
+                    }
+                } else {
+                    variables.put(paramName, new TypedValue(value, item.getRealValue().getClass()));
                 }
-                variables.put(paramName, new TypedValue(value, ((PrismProperty<?>) item).getValueClass()));
             }
         }
         return variables;
diff --git a/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/controller/fileformat/CsvController.java b/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/controller/fileformat/CsvController.java
index c7a9f180301..a83c4846980 100644
--- a/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/controller/fileformat/CsvController.java
+++ b/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/controller/fileformat/CsvController.java
@@ -6,16 +6,16 @@
  */
 package com.evolveum.midpoint.report.impl.controller.fileformat;
 
-import com.evolveum.midpoint.audit.api.AuditResultHandler;
 import com.evolveum.midpoint.model.api.authentication.CompiledObjectCollectionView;
 import com.evolveum.midpoint.model.api.interaction.DashboardWidget;
 import com.evolveum.midpoint.model.common.util.DefaultColumnUtils;
 import com.evolveum.midpoint.prism.*;
 import com.evolveum.midpoint.prism.path.ItemPath;
+import com.evolveum.midpoint.prism.query.ObjectPaging;
 import com.evolveum.midpoint.prism.query.ObjectQuery;
+import com.evolveum.midpoint.prism.query.PagingConvertor;
 import com.evolveum.midpoint.report.impl.ReportServiceImpl;
 import com.evolveum.midpoint.schema.GetOperationOptions;
-import com.evolveum.midpoint.schema.ResultHandler;
 import com.evolveum.midpoint.schema.SearchResultList;
 import com.evolveum.midpoint.schema.SelectorOptions;
 import com.evolveum.midpoint.schema.expression.TypedValue;
@@ -27,7 +27,6 @@
 import com.evolveum.midpoint.util.exception.*;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
-import com.evolveum.midpoint.xml.ns._public.common.audit_3.AuditEventRecordType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 
 import com.evolveum.prism.xml.ns._public.types_3.ItemPathType;
@@ -135,7 +134,8 @@ public byte[] processCollection(String nameOfReport, ObjectCollectionReportEngin
         CompiledObjectCollectionView compiledCollection = createCompiledView(collectionConfig, collection);
 
         return createTableBox(collectionRefSpecification, compiledCollection,
-                    collectionConfig.getCondition(), collectionConfig.getSubreport(), task, result);
+                    collectionConfig.getCondition(), collectionConfig.getSubreport(),
+                PagingConvertor.createObjectPaging(collectionConfig.getPaging(), getReportService().getPrismContext()), result, task);
     }
 
     private CompiledObjectCollectionView createCompiledView(ObjectCollectionReportEngineConfigurationType collectionConfig, boolean useDefaultView, Task task, OperationResult result)
@@ -185,7 +185,7 @@ private CompiledObjectCollectionView createCompiledView(ObjectCollectionReportEn
     }
 
     private byte[] createTableBox(CollectionRefSpecificationType collection, CompiledObjectCollectionView compiledCollection, ExpressionType condition,
-            List<SubreportParameterType> subreports, Task task, OperationResult result)
+            List<SubreportParameterType> subreports, ObjectPaging paging, OperationResult result, Task task)
             throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
 
         Class<Containerable> type = resolveType(collection, compiledCollection);
@@ -235,7 +235,7 @@ private byte[] createTableBox(CollectionRefSpecificationType collection, Compile
             return true;
         };
         searchObjectFromCollection(collection, compiledCollection.getContainerType(), handler,
-                options, null, task, result, true);
+                options, paging, task, result, true);
 
         CSVFormat csvFormat = createCsvFormat();
         if (Boolean.TRUE.equals(isHeader())) {
diff --git a/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/controller/fileformat/FileFormatController.java b/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/controller/fileformat/FileFormatController.java
index 21843d4d2b7..2bb9c4224ea 100644
--- a/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/controller/fileformat/FileFormatController.java
+++ b/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/controller/fileformat/FileFormatController.java
@@ -20,6 +20,7 @@
 
 import com.google.common.collect.ImmutableSet;
 import org.apache.commons.lang3.ObjectUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.jetbrains.annotations.NotNull;
 
 import com.evolveum.midpoint.model.api.authentication.CompiledObjectCollectionView;
@@ -151,8 +152,20 @@ protected String getRealValueAsString(GuiObjectColumnType column, PrismContainer
         }
         if (expression != null) {
             Object value = evaluateExportExpression(expression, valueObject, task, result);
-            if (value instanceof List) {
-                return processListOfRealValues((List) value);
+            if (value instanceof Collection) {
+                if (DisplayValueType.NUMBER.equals(column.getDisplayValue())) {
+                    return String.valueOf(((Collection) value).size());
+                }
+                return processListOfRealValues((Collection) value);
+            }
+            if (DisplayValueType.NUMBER.equals(column.getDisplayValue())) {
+                if (value == null) {
+                    return "0";
+                }
+                if (value instanceof PrismValue && ((PrismValue)value).getRealValue() instanceof Collection){
+                    return String.valueOf(((Collection<?>) ((PrismValue)value).getRealValue()).size());
+                }
+                return "1";
             }
             return processListOfRealValues(Collections.singletonList(value));
         }
@@ -249,12 +262,13 @@ private Object evaluateExportExpression(ExpressionType expression, Item valueObj
 
     private Object evaluateExportExpression(ExpressionType expression, Object valueObject, Task task, OperationResult result) {
         checkVariables(task);
-        if (!variables.containsKey(ExpressionConstants.VAR_OBJECT)) {
-            if (valueObject == null) {
-                variables.put(ExpressionConstants.VAR_OBJECT, null, Object.class);
-            } else {
-                variables.put(ExpressionConstants.VAR_OBJECT, valueObject, valueObject.getClass());
-            }
+        if (variables.containsKey(ExpressionConstants.VAR_OBJECT)) {
+            variables.remove(ExpressionConstants.VAR_OBJECT);
+        }
+        if (valueObject == null) {
+            variables.put(ExpressionConstants.VAR_OBJECT, null, Object.class);
+        } else {
+            variables.put(ExpressionConstants.VAR_OBJECT, valueObject, valueObject.getClass());
         }
         Object values = null;
         try {
@@ -311,12 +325,16 @@ protected String getColumnLabel(GuiObjectColumnType column, PrismContainerDefini
         } else {
 
             String name = column.getName();
+            String displayName = null;
             if (path != null) {
                 ItemDefinition def = objectDefinition.findItemDefinition(path);
                 if (def == null) {
                     throw new IllegalArgumentException("Could'n find item for path " + path);
                 }
-                String displayName = def.getDisplayName();
+                displayName = def.getDisplayName();
+
+            }
+            if (StringUtils.isNotEmpty(displayName)) {
                 label = getMessage(displayName);
             } else {
                 label = name;
@@ -445,15 +463,18 @@ protected void evaluateSubreportParameters(List<SubreportParameterType> subrepor
     }
 
     protected void cleanUpVariables() {
-        variables.clear();
-        variables = null;
+        if (variables != null) {
+            variables.clear();
+            variables = null;
+        }
     }
 
     protected void initializationParameters(List<SearchFilterParameterType> parametersType, Task task) {
         VariablesMap variables = getReportService().getParameters(task);
         for (SearchFilterParameterType parameter : parametersType) {
             if (!variables.containsKey(parameter.getName())) {
-                variables.put(parameter.getName(), null, String.class);
+                Class<?> clazz = getReportService().getPrismContext().getSchemaRegistry().determineClassForType(parameter.getType());
+                variables.put(parameter.getName(), null, clazz);
             }
         }
         parameters = variables;
diff --git a/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/controller/fileformat/HtmlController.java b/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/controller/fileformat/HtmlController.java
index 073e6375a70..e412547e27a 100644
--- a/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/controller/fileformat/HtmlController.java
+++ b/model/report-impl/src/main/java/com/evolveum/midpoint/report/impl/controller/fileformat/HtmlController.java
@@ -12,17 +12,19 @@
 import java.text.SimpleDateFormat;
 import java.util.*;
 import java.util.concurrent.atomic.AtomicInteger;
-import java.util.function.Consumer;
 import java.util.function.Predicate;
 import javax.xml.namespace.QName;
 
 import com.evolveum.midpoint.prism.Containerable;
 import com.evolveum.midpoint.prism.PrismContainer;
 import com.evolveum.midpoint.prism.PrismContainerDefinition;
-import com.evolveum.midpoint.report.api.ReportConstants;
+import com.evolveum.midpoint.prism.query.ObjectPaging;
+import com.evolveum.midpoint.prism.query.PagingConvertor;
 import com.evolveum.midpoint.schema.expression.VariablesMap;
 import com.evolveum.midpoint.task.api.RunningTask;
 
+import com.evolveum.prism.xml.ns._public.query_3.PagingType;
+
 import j2html.TagCreator;
 import j2html.tags.ContainerTag;
 import org.apache.commons.io.IOUtils;
@@ -140,7 +142,7 @@ public byte[] processDashboard(DashboardReportEngineConfigurationType dashboardC
 //                            break;
                         case OBJECT_COLLECTION:
                             tableBox = createTableBox(widgetData.getLabel(), collectionRefSpecification, compiledCollection,
-                                    null, Collections.emptyList(), task, result, false);
+                                    null, Collections.emptyList(), null, result, false, task);
                             break;
                     }
                     if (tableBox != null) {
@@ -226,7 +228,8 @@ public byte[] processCollection(String nameOfReport, ObjectCollectionReportEngin
         }
 
         ContainerTag tableBox = createTableBox(label, collectionRefSpecification, compiledCollection,
-                collectionConfig.getCondition(), collectionConfig.getSubreport(), task, result, true);
+                collectionConfig.getCondition(), collectionConfig.getSubreport(),
+                PagingConvertor.createObjectPaging(collectionConfig.getPaging(), getReportService().getPrismContext()), result, true, task);
 
         body.append(tableBox.render());
 
@@ -258,7 +261,7 @@ private ContainerTag createTableBox(ContainerTag table, String nameOfTable, int
     }
 
     private ContainerTag createTableBox(String tableLabel, CollectionRefSpecificationType collection, @NotNull CompiledObjectCollectionView compiledCollection,
-            ExpressionType condition, List<SubreportParameterType> subreports, Task task, OperationResult result, boolean recordProgress) throws ObjectNotFoundException, SchemaException, CommunicationException,
+            ExpressionType condition, List<SubreportParameterType> subreports, ObjectPaging paging, OperationResult result, boolean recordProgress, Task task) throws ObjectNotFoundException, SchemaException, CommunicationException,
             ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
         long startMillis = getReportService().getClock().currentTimeMillis();
         Class<Containerable> type = resolveType(collection, compiledCollection);
@@ -326,7 +329,7 @@ private ContainerTag createTableBox(String tableLabel, CollectionRefSpecificatio
             return true;
         };
         searchObjectFromCollection(collection, compiledCollection.getContainerType(), handler, options,
-                null, task, result, recordProgress);
+                paging, task, result, recordProgress);
         if (tBody.getNumChildren() == 0 && !recordProgress) {
             return null;
         }