Hide last authors
jmcettrick 1.18 1 XWiki supports several different authentication mechanisms for authenticating users:
Vincent Massol 1.1 2
Silvia Macovei 34.2 3 {{toc/}}
Silvia Macovei 34.1 4
Vincent Massol 1.1 5 The form authentication is the default mechanism.
6
Silvia Macovei 34.1 7 {{info}}
8 Note that currently XWiki allows only one method of authentication to be enabled at a time. This will probably be improved in the future.
9 {{/info}}
Vincent Massol 1.1 10
Silvia Macovei 34.2 11 = Form Authentication =
Vincent Massol 1.1 12
Sorin Burjan 38.2 13 Form authentication is the default way to get authenticated within a Wiki. It requires a user and a password.
Vincent Massol 1.1 14
Silvia Macovei 34.2 15 = LDAP Authentication =
Vincent Massol 1.1 16
Silvia Macovei 34.1 17 {{warning}}
18 New LDAP implementation since XWiki Platform 1.3M2, see [[previous LDAP authentication service documentation>>AuthenticationLdapOld]]
19 {{/warning}}
Vincent Massol 17.3 20
Silvia Macovei 34.2 21 == Generic LDAP configuration ==
Vincent Massol 1.1 22
Silvia Macovei 34.1 23 In order to enable the LDAP support you have to change the authentication method in //WEB-INF/xwiki.cfg// as follows:
24
25 {{code}}
Thomas Mortagne 7.1 26 ## Turn LDAP authentication on - otherwise only XWiki authentication
27 ## 0 : disable
28 ## 1 : enable
Vincent Massol 1.2 29 xwiki.authentication.ldap=1
Thomas Mortagne 7.1 30
31 ## set LDAP as authentication service
Thomas Mortagne 18.1 32 xwiki.authentication.authclass=com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl
Silvia Macovei 34.1 33 {{/code}}
Thomas Mortagne 18.1 34
Silvia Macovei 34.1 35 You can setup the LDAP configuration in the //xwiki.cfg// file by filling the following properties:
Vincent Massol 1.2 36
Silvia Macovei 34.1 37 {{code language="none"}}
Thomas Mortagne 36.1 38 #-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
39 xwiki.authentication.ldap.server=127.0.0.1
Vincent Massol 1.1 40 xwiki.authentication.ldap.port=389
Thomas Mortagne 6.1 41
Thomas Mortagne 36.1 42 #-# LDAP login, empty = anonymous access, otherwise specify full dn
43 #-# {0} is replaced with the username, {1} with the password
Vincent Massol 1.1 44 xwiki.authentication.ldap.bind_DN=cn={0},department=USER,department=INFORMATIK,department=1230,o=MP
45 xwiki.authentication.ldap.bind_pass={1}
Thomas Mortagne 6.1 46
Thomas Mortagne 36.1 47 #-# Force to check password after LDAP connection
48 #-# 0: disable
49 #-# 1: enable
Thomas Mortagne 12.1 50 xwiki.authentication.ldap.validate_password=0
51
Thomas Mortagne 36.1 52 #-# only members of the following group will be verified in the LDAP
53 #-# otherwise only users that are found after searching starting from the base_DN
54 # xwiki.authentication.ldap.user_group=cn=developers,ou=groups,o=MegaNova,c=US
Thomas Mortagne 6.1 55
Thomas Mortagne 36.1 56 #-# only users not member of the following group can autheticate
57 # xwiki.authentication.ldap.exclude_group=cn=admin,ou=groups,o=MegaNova,c=US
Thomas Mortagne 22.1 58
Thomas Mortagne 36.1 59 #-# base DN for searches
Thomas Mortagne 6.1 60 xwiki.authentication.ldap.base_DN=
61
Thomas Mortagne 36.1 62 #-# Specifies the LDAP attribute containing the identifier to be used as the XWiki name (default=cn)
63 # xwiki.authentication.ldap.UID_attr=cn
Thomas Mortagne 6.1 64
Thomas Mortagne 36.1 65 #-# Specifies the LDAP attribute containing the password to be used "when xwiki.authentication.ldap.validate_password" is set to 1
66 # xwiki.authentication.ldap.password_field=userPassword
Thomas Mortagne 6.1 67
Thomas Mortagne 36.1 68 #-# The potential LDAP groups classes. Separated by commas.
69 # xwiki.authentication.ldap.group_classes=group,groupOfNames,groupOfUniqueNames,dynamicGroup,dynamicGroupAux,groupWiseDistributionList
70
71 #-# The potential names of the LDAP groups fields containings the members. Separated by commas.
72 # xwiki.authentication.ldap.group_memberfields=member,uniqueMember
73
74 #-# retrieve the following fields from LDAP and store them in the XWiki user object (xwiki-attribute=ldap-attribute)
75 xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=givenName,email=mail
76
77 #-# on every login update the mapped attributes from LDAP to XWiki otherwise this happens only once when the XWiki account is created.
Thomas Mortagne 6.1 78 xwiki.authentication.ldap.update_user=1
79
Thomas Mortagne 36.1 80 #-# mapps XWiki groups to LDAP groups, separator is "|"
81 # xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=cn=AdminRole,ou=groups,o=MegaNova,c=US|\
82 # XWiki.Organisation=cn=testers,ou=groups,o=MegaNova,c=US
Thomas Mortagne 6.1 83
Thomas Mortagne 36.1 84 #-# time in s after which the list of members in a group is refreshed from LDAP (default=3600*6)
85 # xwiki.authentication.ldap.groupcache_expiration=21800
Thomas Mortagne 6.1 86
Thomas Mortagne 36.1 87 #-# - create : synchronize group membership only when the user is first created
88 #-# - always: synchronize on every login
89 # xwiki.authentication.ldap.mode_group_sync=always
Thomas Mortagne 6.1 90
Thomas Mortagne 36.1 91 #-# if ldap authentication fails for any reason, try XWiki DB authentication with the same credentials
Thomas Mortagne 6.1 92 xwiki.authentication.ldap.trylocal=1
Thomas Mortagne 8.1 93
Thomas Mortagne 36.1 94 #-# SSL connection to LDAP server
95 #-# 0: normal
96 #-# 1: SSL
97 # xwiki.authentication.ldap.ssl=0
Thomas Mortagne 8.1 98
Thomas Mortagne 36.1 99 #-# The keystore file to use in SSL connection
100 # xwiki.authentication.ldap.ssl.keystore=
101
102 #-# The java secure provider used in SSL connection
103 # xwiki.authentication.ldap.ssl.secure_provider=com.sun.net.ssl.internal.ssl.Provider
Silvia Macovei 34.1 104 {{/code}}
Vincent Massol 3.1 105
Silvia Macovei 34.1 106 {{info}}
Jerome 40.1 107 You can also setup the LDAP configuration in XWiki.XWikiPreferences page by going to the object editor. Simply replace "xwiki.authentication.ldap." by "ldap_". For example ##xwiki.authentication.ldap.base_DN## becomes ##ldap_base_DN##. The contributed extension [[LDAP Tools>>extensions:Extension.LDAP Tools]] provides a administration section UI to configure LDAP from the wiki in a simpler manner.
Silvia Macovei 34.1 108 {{/info}}
Thomas Mortagne 9.1 109
jmcettrick 1.19 110 For testing purposes, you may wish to omit the "ldap.fields_mapping" field, to test the authentication first, and then add it later to get the mappings right.
111
Thomas Mortagne 31.1 112 Here are some LDAP client for checking your configuration:
jmcettrick 1.19 113
Silvia Macovei 34.1 114 * [[Apache Directory Studio>>http://directory.apache.org/studio/]]
Thomas Mortagne 37.1 115 * [[LDAPExplorerTool>>http://ldaptool.sourceforge.net/]]
jmcettrick 1.19 116
Silvia Macovei 34.2 117 == Detailed use cases ==
Thomas Mortagne 12.1 118
Silvia Macovei 34.1 119 See [[LDAP configuration uses cases>>LDAPAuthenticationUseCases]] for some detailed use cases.
Thomas Mortagne 25.1 120
Silvia Macovei 34.2 121 == Enable LDAP debug log ==
Silvia Macovei 34.1 122
Thomas Mortagne 42.1 123 See [[AdminGuide.Logging]].
Silvia Macovei 34.1 124
Thomas Mortagne 42.1 125 The specific packages to track for LDAP are ##com.xpn.xwiki.plugin.ldap## and ###com.xpn.xwiki.user.impl.LDAP#.##
Thomas Mortagne 27.1 126
Thomas Mortagne 42.1 127 Before 3.1, add the following to the log4j configuration file:
128 {{code}}log4j.logger.com.xpn.xwiki.plugin.ldap=trace
129 log4j.logger.com.xpn.xwiki.user.impl.LDAP=trace{{/code}}
130
Silvia Macovei 34.2 131 = eXo Authentication =
hexC0DE 30.1 132
Silvia Macovei 34.1 133 The eXo authentication is used automatically by adding/editing the //xwiki.exo=1// property in //WEB-INF/xwiki.cfg//.
Vincent Massol 1.1 134
Silvia Macovei 34.2 135 = Custom Authentication =
Vincent Massol 1.1 136
137 This allows plugging to any existing authentication mechanism such as SiteMinder, etc. To configure a custom authentication do the following:
138
Silvia Macovei 34.1 139 1. Implement the [[XWikiAuthService>>http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/api/XWikiAuthService.java]] interface.
140 1. Edit the //WEB-INF/xwiki.cfg// file and add a //xwiki.authentication.authclass// property pointing to your class. For example:
141
142 {{code}}
Vincent Massol 1.1 143 xwiki.authentication.authclass = com.acme.MyCustomAuthenticationService
Silvia Macovei 34.1 144 {{/code}}
Vincent Massol 1.1 145
Silvia Macovei 34.1 146 Here's a [[tutorial on implementing a custom authentication class for authenticating against Oracle's SSO>>http://bodez.wordpress.com/2008/10/15/xwiki-user-authentication-with-oracle-sso/]].
Vincent Massol 27.2 147
Silvia Macovei 34.1 148 Note, that you also can implement own right management service by implementing [[XWikiRightService>>http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/api/XWikiRightService.java]] interface:
149
150 {{code}}
rssh 5.1 151 xwiki.authentication.rightsclass = com.acme.MyCustomRightsService
Silvia Macovei 34.1 152 {{/code}}
rssh 4.1 153
Silvia Macovei 34.1 154 and Group Service by implementing [[XWikiGroupService>>http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/api/XWikiGroupService.java]]:
rssh 4.1 155
Silvia Macovei 34.1 156 {{code}}
Vincent Massol 27.3 157 xwiki.authentication.groupclass = com.acme.MyCustomGroupService
Silvia Macovei 34.1 158 {{/code}}
rssh 4.1 159
Silvia Macovei 34.2 160 == Custom Authentication using a Groovy script in a wiki page ==
Vincent Massol 28.1 161
162 Start by specifying you want to use the Groovy Authenticator:
163
Silvia Macovei 34.1 164 {{code}}
Vincent Massol 28.1 165 xwiki.authentication.authclass = com.xpn.xwiki.user.impl.xwiki.GroovyAuthServiceImpl
Silvia Macovei 34.1 166 {{/code}}
Vincent Massol 28.1 167
168 Then add another configuration parameter to specify in which wiki page the authenticator is:
169
Silvia Macovei 34.1 170 {{code}}
Vincent Massol 28.1 171 xwiki.authentication.groovy.pagename = MySpace.MyPage
Silvia Macovei 34.1 172 {{/code}}
Vincent Massol 28.1 173
174 Then in a wiki page put some Groovy code that returns a XWikiAuthService object.
175
Thomas Mortagne 37.1 176 = Authentication parameters =
ShawnLauzon 1.14 177
178 You can set each of these parameters by setting:
179
Silvia Macovei 34.1 180 {{code}}
ShawnLauzon 1.14 181 xwiki.authentication.~~param_name~~=~~param_value~~
Silvia Macovei 34.1 182 {{/code}}
ShawnLauzon 1.14 183
Silvia Macovei 34.1 184 |=Name|=Optional|=Allowed values|=Default value|=Description
185 |encryptionKey|No(1)|?|n/a|Set the Encryption Key used to create a secret key, the secret key is passed to the Cipher object to be used during encryption and decryption of cookie values.
186 |validationKey|No(2)|?|n/a|Set the Validation Key used to generate hash value; the hash value is stored with the cookie and used to verify that the cookie has not been tampered with.
187 |cookiedomains|Yes|String|Server host name|Which host(s) should your cookies be sent to; use only if you want to share cookies across domains, otherwise should be commented out
188 |cookielife|Yes|Number|14|Number of days cookies take to expire
189 |cookiepath|Yes|String|/|The webapp path that XWiki cookies should be sent to; if you have anything else running on your web server, this should be set to ///xwiki//
190 |default_page|Yes|String|/bin/view/ Main/WebHome|Page to redirect to if xredirect parameter is not set
191 |encryptionalgorithm|Yes|?|?|Set the Encryption Algorithm used to encrypt and decrypt cookies
192 |encryptionmode|Yes|?|?|Set the Encryption Mode used to encrypt and decrypt cookies
193 |encryptionpadding|Yes|?|?|Set the Encryption Padding used to encrypt and decrypt cookies
194 |errorpage|Yes|String|/bin/loginerror/ XWiki/XWikiLogin|Page to redirect to if there is an error logging in
195 |loginpage|Yes|String|/bin/login/ XWiki/XWikiLogin|Page to redirect to when not logged in
Caleb James DeLisle 35.1 196 |loginsubmitpage|Yes|String|/loginsubmit/ XWiki/XWikiLogin|The URL where the username and password are posted to when logging in.
Silvia Macovei 34.1 197 |logoutpage|Yes|String|/bin/logout/ XWiki/XWikiLogout|Page to redirect to after logged out
198 |realmname|Yes|String|XWiki|Sets the realm name
199 |protection|Yes|all, validation, encryption, none|all|Protection level for the "remember me" cookie functionality
Caleb James DeLisle 35.1 200 |unauthorized_code|Yes|Number|401|The HTTP status code to return when the login has failed.
Silvia Macovei 34.1 201 |useip|Yes|true / false|true|Specify to use the IP address when encrypting the cookie data; if IP address changes will need to re-login.
ShawnLauzon 1.16 202
Silvia Macovei 34.1 203 1. Only required if protection = encryption or all (default)
204 1. Only required if protection = validation or all (default)
ShawnLauzon 1.17 205
Silvia Macovei 34.2 206 = Kerberos SSO Authentication =
Jasper Siepkes 21.1 207
Silvia Macovei 34.1 208 {{warning}}
209 This implementation of SSO is currently under review see: http://jira.xwiki.org/jira/browse/XWIKI-2496 . The class which is described in this segment of documentation, AppServerTrustedKerberosAuthServiceImpl, is not part of the default XWiki distribution!
210 {{/warning}}
211
Jasper Siepkes 20.1 212 The following is an example of mod_auth_kerb for Apache being used to easily implement Xwiki authentication of users via by HTTP Negotiate on a linux server. This example assumes you already have a working Apache2 HTTPD and Apache Tomcat setup with mod_jk.
jmcettrick 1.18 213
Jasper Siepkes 20.1 214 First of all you need to create a principal and keytab for the webserver:
Silvia Macovei 34.1 215
216 {{code}}
Jasper Siepkes 20.1 217 # kadmin
218 kadmin> addprinc -randkey HTTP/wiki.example.com
219 kadmin> ktadd -k /etc/apache2/ssl/wiki.keytab HTTP/wiki.example.com
220 kadmin> quit
Silvia Macovei 34.1 221 {{/code}}
Thomas Mortagne 10.1 222
Jasper Siepkes 20.1 223 Make sure the keytab has the right permissions and ownership:
Silvia Macovei 34.1 224
225 {{code}}
Jasper Siepkes 20.1 226 chown www-data:www-data /etc/apache2/ssl/wiki.keytab
227 chmod 400 /etc/apache2/ssl/wiki.keytab
Silvia Macovei 34.1 228 {{/code}}
Thomas Mortagne 11.1 229
Jasper Siepkes 20.1 230 Install mod_auth_kerb in your linux installation. On Debian or Ubuntu this would be achieved by running:
Silvia Macovei 34.1 231
232 {{code}}
Jasper Siepkes 20.1 233 aptitude install libapache2-mod-auth-kerb
Silvia Macovei 34.1 234 {{/code}}
235
Jasper Siepkes 20.1 236 Of course the installation procedure varies per Linux distribution.
237
238 If your xwiki installation is mounted in Apache HTTPD under /xwiki, add the following to the virtual host configuration:
Silvia Macovei 34.1 239
240 {{code}}
Jasper Siepkes 20.1 241 <Location /xwiki/>
242 AuthType Kerberos
243 AuthName "Kerberos Login"
244 KrbAuthRealms EXAMPLE.COM
245 Krb5Keytab "/etc/apache2/ssl/wiki.keytab"
246 KrbMethodK5Passwd off
247 KrbMethodNegotiate on
248 KrbSaveCredentials on
249 require valid-user
250 </Location>
Silvia Macovei 34.1 251 {{/code}}
Jasper Siepkes 20.1 252
253 Make sure Apache Tomcat uses the authentication performed by Apache HTTPD with the "tomcatAuthentication" property in the connector description (which is in the server.xml file of Apache Tomcat):
Silvia Macovei 34.1 254
255 {{code}}
Jasper Siepkes 20.1 256 <Connector port="8009" address="127.0.0.1" enableLookups="false" tomcatAuthentication="false" redirectPort="8443" protocol="AJP/1.3" />
Silvia Macovei 34.1 257 {{/code}}
Jasper Siepkes 20.1 258
259 Place the authkerb.jar jar in the WEB-INF/lib directory of Xwiki in Apache Tomcat.
260
261 Have Xwiki use the authentication module by changing the "xwiki.authentication.authclass" property in WEB-INF/lib/xwiki.cfg file.
Silvia Macovei 34.1 262
263 {{code}}
Jasper Siepkes 20.1 264 xwiki.authentication.authclass=com.xpn.xwiki.user.impl.xwiki.AppServerTrustedKerberosAuthServiceImpl
Silvia Macovei 34.1 265 {{/code}}
Jasper Siepkes 20.1 266
Silvia Macovei 34.1 267 If you use Firefox, do not forget to whitelist the xwiki URL for HTTP Negotiate in about:config with the "network.negotiate-auth.trusted-uris" property. possible values for this propperty include (without the quotes): "https:~/~/" for all secured connections or "example.com" for all example.com subdomains.
Jasper Siepkes 20.1 268
Silvia Macovei 34.1 269 2 JBoss SPNEGO (Kerberos in combination with LDAP) I changed the code of the XWikiLDAPAuthServiceImpl to be able to detect the sso user. The authenication already happend by using the SPNEGO module (JAAS). After that I'm using the ldap synchronisation feature to make sure that the user is up to date. The combination leads to an automatic login in the xwiki and the user rights are controlled in the Active Directory server. I hope you can adopt this code or that you can use it for your own projects.
jek 29.1 270
Silvia Macovei 34.2 271 The configuration of ldap:
jek 29.1 272
Silvia Macovei 34.1 273 {{code}}
jek 29.1 274 xwiki.authentication.authclass=com.wiki.sso.SSOLdapAuthenicationImpl
275 xwiki.authentication.ldap=1
276 xwiki.authentication.ldap.server=<ad-server>
277 xwiki.authentication.ldap.port=389
278 xwiki.authentication.ldap.base_DN=<OU=Users,...............>
279 #use a fixed user to attach to the ldap database,
280 #the password is not provided with the SSOLdapAuthenicationImpl
281 xwiki.authentication.ldap.bind_DN=<domain>\\<user>
282 xwiki.authentication.ldap.bind_pass=<password>
283 #Microsoft AD configuration
284 xwiki.authentication.ldap.UID_attr=sAMAccountName
285 xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn
286 xwiki.authentication.ldap.group_memberfields=member,uniqueMember
287 #LDAP group mapping
288 xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=CN=WIKI_Admin,............|\
289 XWiki.XWikiAllGroup=CN=WIKI_User,...........
Silvia Macovei 34.1 290 {{/code}}
jek 29.1 291
292 The java code
Silvia Macovei 34.1 293
294 {{code}}
jek 29.1 295 package com.wiki.sso;
296
297
298 import org.apache.commons.logging.Log;
299 import org.apache.commons.logging.LogFactory;
300
301 import com.xpn.xwiki.XWikiContext;
302 import com.xpn.xwiki.XWikiException;
303 import com.xpn.xwiki.user.api.XWikiUser;
304 import com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl;
305
306 import java.security.Principal;
307
308 public class SSOLdapAuthenicationImpl extends XWikiLDAPAuthServiceImpl {
309 /**
310 * Logging tool.
311 */
312 private static final Log LOG = LogFactory.getLog(SSOLdapAuthenicationImpl.class);
313
314
315 public XWikiUser checkAuth(XWikiContext context) throws XWikiException {
316 String user = getRemoteUser(context);
317 if ((user != null) || !user.equals("")) {
318 if (LOG.isInfoEnabled())
319 LOG.info("Launching create user for " + user);
320 if ( authenticate(user, context) != null ) {
321 if (LOG.isInfoEnabled())
322 LOG.info("Create user done for " + user);
323 user = "XWiki." + user;
324 context.setUser(user);
325 System.out.println("User is set to:" + user);
326 return new XWikiUser(user);
327 } else {
328 LOG.error( "User " + user + " can't be authenticated against ldap" );
329 }
330 }
331 return super.checkAuth(context);
332 }
333
334 /**
335 * We cannot authenticate locally since we need to trust the app server for
336 * authentication
337 *
338 * @param username
339 * @param password
340 * @param context
341 * @return
342 * @throws XWikiException
343 */
344 public XWikiUser checkAuth(String username, String password,
345 String rememberme, XWikiContext context) throws XWikiException {
346 String user = getRemoteUser(context);
347 if ((user == null) || user.equals("")) {
348 return super.checkAuth(username, password, rememberme, context);
349 }
350 return checkAuth(context);
351 }
352
353 private String getRemoteUser(XWikiContext context) {
354 String userName = context.getRequest().getHttpServletRequest()
355 .getRemoteUser();
356 if (userName != null) {
357 // only take the front of the username@domain
358 String[] elements = userName.split("@", 2);
359 userName = elements[0];
360 }
361 return userName;
362 }
363
364 public Principal authenticate(String login, XWikiContext context) throws XWikiException
365 {
366 if (LOG.isTraceEnabled()) {
367 LOG.trace("Starting LDAP authentication");
368 }
369
370 /*
371 * TODO: Put the next 4 following "if" in common with XWikiAuthService to ensure coherence This method was
372 * returning null on failure so I preserved that behaviour, while adding the exact error messages to the context
373 * given as argument. However, the right way to do this would probably be to throw XWikiException-s.
374 */
375
376 if (login == null) {
377 // If we can't find the username field then we are probably on the login screen
378
379 if (LOG.isDebugEnabled()) {
380 LOG.debug("The provided user is null."
381 + " We don't try to authenticate, it probably means the user is in non logged mode.");
382 }
383
384 return null;
385 }
386
387 // Check for empty usernames
388 if (login.equals("")) {
389 context.put("message", "nousername");
390
391 if (LOG.isDebugEnabled()) {
392 LOG.debug("LDAP authentication failed: login empty");
393 }
394
395 return null;
396 }
397
398 // If we have the context then we are using direct mode
399 // then we should specify the database
400 // This is needed for virtual mode to work
401 Principal principal = null;
402
403 // Try authentication against ldap
404 principal = ldapAuthenticate(login, "", context);
405
406 if (LOG.isDebugEnabled()) {
407 if (principal != null) {
408 LOG.debug("LDAP authentication succeed with principal [" + principal.getName() + "]");
409 } else {
410 LOG.debug("LDAP authentication failed for user [" + login + "]");
411 }
412 }
413
414 return principal;
415 }
416 }
Silvia Macovei 34.1 417 {{/code}}

Get Connected