SAML: documentation for AuthSAML
This commit is contained in:
parent
f80620fae4
commit
7da7106e5f
|
@ -152,6 +152,10 @@
|
||||||
<li>HTML::Template</li>
|
<li>HTML::Template</li>
|
||||||
|
|
||||||
<li>SOAP::Lite</li>
|
<li>SOAP::Lite</li>
|
||||||
|
|
||||||
|
<li>Config::IniFiles</li>
|
||||||
|
|
||||||
|
<li>JSON</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h4 class="heading-1-1-1"><span id="HResetPasswordbyMail">Reset Password
|
<h4 class="heading-1-1-1"><span id="HResetPasswordbyMail">Reset Password
|
||||||
|
@ -168,12 +172,19 @@
|
||||||
<h4 class="heading-1-1-1"><span id="HExtras">Extras</span></h4>
|
<h4 class="heading-1-1-1"><span id="HExtras">Extras</span></h4>
|
||||||
|
|
||||||
<ul class="star">
|
<ul class="star">
|
||||||
<li>Lasso (see <span class="wikiexternallink"><a href=
|
<li>Lasso (Liberty Alliance, SAML2) (see <span class=
|
||||||
|
"wikiexternallink"><a href=
|
||||||
"http://lasso.entrouvert.org/">http://lasso.entrouvert.org/</a></span>)</li>
|
"http://lasso.entrouvert.org/">http://lasso.entrouvert.org/</a></span>)</li>
|
||||||
|
|
||||||
<li>CAS (see <span class="wikiexternallink"><a href=
|
<li>CAS (see <span class="wikiexternallink"><a href=
|
||||||
"http://sourcesup.cru.fr/projects/perlcas/">http://sourcesup.cru.fr/projects/perlcas/</a></span>)</li>
|
"http://sourcesup.cru.fr/projects/perlcas/">http://sourcesup.cru.fr/projects/perlcas/</a></span>)</li>
|
||||||
|
|
||||||
|
<li>Net::OpenID::Consumer</li>
|
||||||
|
|
||||||
|
<li>Net::OpenID::Server</li>
|
||||||
|
|
||||||
|
<li>Net::Twitter</li>
|
||||||
|
|
||||||
<li>Test::POD</li>
|
<li>Test::POD</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
|
@ -194,7 +205,7 @@
|
||||||
|
|
||||||
<div class="code">
|
<div class="code">
|
||||||
<pre>
|
<pre>
|
||||||
# apt-get install apache2 libapache2-mod-perl2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl libsoap-lite-perl libhtml-template-perl libregexp-assemble-perl libjs-jquery libxml-libxml-perl libcrypt-rijndael-perl libio-string-perl libxml-libxslt-perl
|
# apt-get install apache2 libapache2-mod-perl2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl libsoap-lite-perl libhtml-template-perl libregexp-assemble-perl libjs-jquery libxml-libxml-perl libcrypt-rijndael-perl libio-string-perl libxml-libxslt-perl libconfig-inifiles-perl libjson-perl
|
||||||
# apt-get install libstring-random-perl libemail-date-format-perl libmime-lite-perl
|
# apt-get install libstring-random-perl libemail-date-format-perl libmime-lite-perl
|
||||||
</pre>
|
</pre>
|
||||||
</div>
|
</div>
|
||||||
|
@ -211,7 +222,7 @@
|
||||||
|
|
||||||
<div class="code">
|
<div class="code">
|
||||||
<pre>
|
<pre>
|
||||||
# yum install httpd mod_perl perl-Apache-Session perl-LDAP perl-XML-SAX perl-XML-NamespaceSupport perl-HTML-Template perl-Regexp-Assemble perl-Error perl-IPC-ShareLite perl-Cache-Cache perl-FreezeThaw perl-XML-Simple perl-version perl-CGI-Session perl-DBD-Pg perl-XML-LibXML-Common perl-BSD-Resource perl-XML-LibXML perl-Crypt-Rijndael perl-IO-<span class="java-object">String</span> perl-XML-LibXSLT perl-SOAP-Lite
|
# yum install httpd mod_perl perl-Apache-Session perl-LDAP perl-XML-SAX perl-XML-NamespaceSupport perl-HTML-Template perl-Regexp-Assemble perl-Error perl-IPC-ShareLite perl-Cache-Cache perl-FreezeThaw perl-XML-Simple perl-version perl-CGI-Session perl-DBD-Pg perl-XML-LibXML-Common perl-BSD-Resource perl-XML-LibXML perl-Crypt-Rijndael perl-IO-<span class="java-object">String</span> perl-XML-LibXSLT perl-SOAP-Lite perl-Config-IniFiles perl-JSON
|
||||||
</pre>
|
</pre>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -273,6 +284,18 @@
|
||||||
|
|
||||||
<td>0.90</td>
|
<td>0.90</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
||||||
|
<tr class="table-even">
|
||||||
|
<td>1.0-rc1</td>
|
||||||
|
|
||||||
|
<td> </td>
|
||||||
|
|
||||||
|
<td> </td>
|
||||||
|
|
||||||
|
<td> </td>
|
||||||
|
|
||||||
|
<td> </td>
|
||||||
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
|
@ -63,11 +63,334 @@
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
<li><a href="#HPresentation">Presentation</a></li>
|
<li><a href="#HPresentation">Presentation</a></li>
|
||||||
</ul>
|
|
||||||
|
<li>
|
||||||
|
<a href="#HTechnicalrequirements">Technical requirements</a>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li><a href="#HLasso">Lasso</a></li>
|
||||||
|
|
||||||
|
<li><a href="#HApacherewriterules">Apache rewrite rules</a></li>
|
||||||
|
|
||||||
|
<li><a href="#HSAML2IDP">SAML2 IDP</a></li>
|
||||||
|
|
||||||
|
<li><a href="#HPublic2Fprivatekey">Public/private key</a></li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a href="#HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG
|
||||||
|
configuration</a>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li><a href="#HAuthenticationandUserDB">Authentication and
|
||||||
|
UserDB</a></li>
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a href="#HSAML2Service">SAML2 Service</a>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li><a href="#HNodeSAML2Service">Node SAML 2 Service</a></li>
|
||||||
|
|
||||||
|
<li><a href="#HNodeOrganization">Node Organization</a></li>
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a href="#HNodeServiceProvider">Node Service Provider</a>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li><a href="#HNodeSingleLogout">Node SingleLogout</a></li>
|
||||||
|
|
||||||
|
<li><a href="#HNodeAssertionConsumer">Node Assertion
|
||||||
|
Consumer</a></li>
|
||||||
|
|
||||||
|
<li><a href="#HNodeNameIDFormat">Node NameID Format</a></li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li><a href="#HNodeIdentityProvider">Node Identity
|
||||||
|
Provider</a></li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<a href="#HIdentityProviderregistration">Identity Provider
|
||||||
|
registration</a>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li><a href="#HMetadataXML">Metadata XML</a></li>
|
||||||
|
|
||||||
|
<li><a href="#HNodeExportedattributes">Node Exported
|
||||||
|
attributes</a></li>
|
||||||
|
|
||||||
|
<li><a href="#HNodeOptions">Node Options</a></li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li><a href="#HPartnerIDPconfiguration">Partner IDP
|
||||||
|
configuration</a></li>
|
||||||
|
</ul><strong class="strong">Since LemonLDAP::NG 1.0</strong>
|
||||||
|
|
||||||
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
|
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
|
||||||
|
|
||||||
<p class="paragraph"></p>This feature is a work in progress.
|
<p class="paragraph"></p>LemonLDAP::NG can used SAML2 authentication to
|
||||||
|
get user identity and grab some attributes defined in user profile on its
|
||||||
|
Identity Provider (IDP). In this case, LemonLDAP::NG acts like an SAML2
|
||||||
|
Service Provider (SP).
|
||||||
|
|
||||||
|
<p class="paragraph"></p>Several IDPs are allowed, in this case the user
|
||||||
|
will choose the IDP he wants. You can preselect IDP with an IDP resolution
|
||||||
|
rule.
|
||||||
|
|
||||||
|
<p class="paragraph"></p>For each IDP, you can configure attributes that
|
||||||
|
are asked. Some can be mandatory, so if they are not givn by IDP, the
|
||||||
|
session will not open.
|
||||||
|
|
||||||
|
<h3 class="heading-1-1"><span id="HTechnicalrequirements">Technical
|
||||||
|
requirements</span></h3>
|
||||||
|
|
||||||
|
<h4 class="heading-1-1-1"><span id="HLasso">Lasso</span></h4>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>SAML2 implementation is based on <span class=
|
||||||
|
"wikiexternallink"><a href="http://lasso.entrouvert.org">Lasso</a></span>.
|
||||||
|
You will need a very recent version of Lasso (>= 2.2.91).
|
||||||
|
|
||||||
|
<p class="paragraph"></p>For lucky Debian users, there are packages
|
||||||
|
available here: <span class="wikiexternallink"><a href=
|
||||||
|
"http://deb.entrouvert.org/">http://deb.entrouvert.org/</a></span>.
|
||||||
|
|
||||||
|
<p class="paragraph"></p>You will only need to install liblasso3-perl
|
||||||
|
package:
|
||||||
|
|
||||||
|
<div class="code">
|
||||||
|
<pre>
|
||||||
|
$ sudo apt-get install liblasso3-perl
|
||||||
|
</pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<h4 class="heading-1-1-1"><span id="HApacherewriterules">Apache rewrite
|
||||||
|
rules</span></h4><br />
|
||||||
|
<br />
|
||||||
|
Be sure that mod_rewrite is installed and that SAML2 rewrite rules are
|
||||||
|
activated in <strong class="strong">etc/portal-apache2.conf</strong>:
|
||||||
|
|
||||||
|
<div class="code">
|
||||||
|
<pre>
|
||||||
|
<IfModule mod_rewrite.c>
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteRule ^/saml/metadata /metadata.pl
|
||||||
|
RewriteRule ^/saml/.* /index.pl
|
||||||
|
</IfModule>
|
||||||
|
</pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<h4 class="heading-1-1-1"><span id="HSAML2IDP">SAML2 IDP</span></h4>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>Of course you need an SAML2 IDP. If you don't
|
||||||
|
have one, you can check:
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li><span class="wikiexternallink"><a href=
|
||||||
|
"http://authentic.labs.libre-entreprise.org/">Authentic</a></span></li>
|
||||||
|
|
||||||
|
<li><span class="wikiexternallink"><a href=
|
||||||
|
"https://rnd.feide.no/simplesamlphp">simpleSAMLphp</a></span></li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<h4 class="heading-1-1-1"><span id="HPublic2Fprivatekey">Public/private
|
||||||
|
key</span></h4>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>Since SAML2 use a lot a signature and encoding,
|
||||||
|
you need to generate a public/private key pair.
|
||||||
|
|
||||||
|
<p class="paragraph"></p>You can do this with openssl:
|
||||||
|
|
||||||
|
<div class="code">
|
||||||
|
<pre>
|
||||||
|
$ openssl genrsa -out private_key.pem 1024
|
||||||
|
$ openssl rsa -pubout -in private_key.pem -out public_key.pem
|
||||||
|
</pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<h3 class="heading-1-1"><span id=
|
||||||
|
"HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h3>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>All configuration can be done with LemonLDAP::NG
|
||||||
|
Manager. Connect to it first (by default <span class=
|
||||||
|
"wikiexternallink"><a href=
|
||||||
|
"http://manager.example.com">http://manager.example.com</a></span>).
|
||||||
|
|
||||||
|
<h4 class="heading-1-1-1"><span id=
|
||||||
|
"HAuthenticationandUserDB">Authentication and UserDB</span></h4>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>In General Parameters > Authentication, set:
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>Users database type: SAML</li>
|
||||||
|
|
||||||
|
<li>Authentication module: SAML</li>
|
||||||
|
</ul>As passwords will not be managed by LL::NG, you can also go in
|
||||||
|
General Parameters > Portal :
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>Display reset password: 0</li>
|
||||||
|
|
||||||
|
<li>Display password change: 0</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<h4 class="heading-1-1-1"><span id="HSAML2Service">SAML2
|
||||||
|
Service</span></h4>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>This is where you configure SAML2 settings for
|
||||||
|
LemonLDAP::NG service. These settings will be used to build metadata that
|
||||||
|
will be shared with identity providers.
|
||||||
|
|
||||||
|
<h5 class="heading-1-1-1-1"><span id="HNodeSAML2Service">Node SAML 2
|
||||||
|
Service</span></h5>
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>Entity Identifier: your EntityID, often use as metadata URL, by
|
||||||
|
default <span class="nobr"><a href=
|
||||||
|
"http://auth.example.com/saml/metadata.">http://auth.example.com/saml/metadata.</a></span>
|
||||||
|
Change this value to fit your portal URL.</li>
|
||||||
|
|
||||||
|
<li>Private key: copy all the content of your private key file, with
|
||||||
|
header and footer. This will not be published in metadata.</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<h5 class="heading-1-1-1-1"><span id="HNodeOrganization">Node
|
||||||
|
Organization</span></h5>
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>Display Name: will be displayed on IDP, this is often your society
|
||||||
|
name</li>
|
||||||
|
|
||||||
|
<li>Name: internal name</li>
|
||||||
|
|
||||||
|
<li>URL: URL of your society</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<h5 class="heading-1-1-1-1"><span id="HNodeServiceProvider">Node Service
|
||||||
|
Provider</span></h5>
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>Signed Authentication Request: set to On to require signed
|
||||||
|
authentication request. Off by default.</li>
|
||||||
|
|
||||||
|
<li>Protocol: Protocol support enumeration string. Do not change.</li>
|
||||||
|
|
||||||
|
<li>Signing Key: copy the content of your public key file,
|
||||||
|
<strong class="strong">without</strong> header and footer.</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<h6 class="heading-1-1-1-1-1"><span id="HNodeSingleLogout">Node
|
||||||
|
SingleLogout</span></h6>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>For each binding you can set:
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>Location: Access Point for SLO request. Change this value to fit
|
||||||
|
your portal URL.</li>
|
||||||
|
|
||||||
|
<li>Response Location: Access Point for SLO response. Change this value
|
||||||
|
to fit your portal URL.</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<h6 class="heading-1-1-1-1-1"><span id="HNodeAssertionConsumer">Node
|
||||||
|
Assertion Consumer</span></h6>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>For each binding you can set:
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>Default: will this binding be used by default for authentication
|
||||||
|
response</li>
|
||||||
|
|
||||||
|
<li>Index: Do not change.</li>
|
||||||
|
|
||||||
|
<li>Binding: SAML2 binding string. Do not change.</li>
|
||||||
|
|
||||||
|
<li>Location: Access Point for SSO request and response. Change this
|
||||||
|
value to fit your portal URL.</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<h6 class="heading-1-1-1-1-1"><span id="HNodeNameIDFormat">Node NameID
|
||||||
|
Format</span></h6>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>For each NameID Format, you can activate and
|
||||||
|
deactivate it in metadata. The first will be chosen by default if no
|
||||||
|
NameID Format is set in authentication request.
|
||||||
|
|
||||||
|
<h5 class="heading-1-1-1-1"><span id="HNodeIdentityProvider">Node Identity
|
||||||
|
Provider</span></h5>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>Not used here.
|
||||||
|
|
||||||
|
<h4 class="heading-1-1-1"><span id=
|
||||||
|
"HIdentityProviderregistration">Identity Provider registration</span></h4>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>Now you have to register partner IDP. For that,
|
||||||
|
select node Identity Providers and click on New metadatas.
|
||||||
|
|
||||||
|
<p class="paragraph"></p>The IDP name is asked, enter it and click OK.
|
||||||
|
|
||||||
|
<h5 class="heading-1-1-1-1"><span id="HMetadataXML">Metadata
|
||||||
|
XML</span></h5>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>You must register IDP metadata here. You can do
|
||||||
|
it either by uploading the file, or with IDP metadata URL.
|
||||||
|
|
||||||
|
<h5 class="heading-1-1-1-1"><span id="HNodeExportedattributes">Node
|
||||||
|
Exported attributes</span></h5>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>For each attribute, you can set:
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>Key name: name of the key in LemonLDAP::NG session (for example
|
||||||
|
"uid" will then be used as $uid in access rules)</li>
|
||||||
|
|
||||||
|
<li>Mandatory : if set to "On", then session will not open if this
|
||||||
|
attribure is not given by IDP.</li>
|
||||||
|
|
||||||
|
<li>Name : SAML attribute name.</li>
|
||||||
|
|
||||||
|
<li>Friendly Name: optional, SAML attribute friendly name.</li>
|
||||||
|
|
||||||
|
<li>Format: optional, SAML attribute format.</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<h5 class="heading-1-1-1-1"><span id="HNodeOptions">Node
|
||||||
|
Options</span></h5>
|
||||||
|
|
||||||
|
<ul class="star">
|
||||||
|
<li>NameID format: force NameID format here (email, persitent,
|
||||||
|
transient, etc.). If no value, will use first NameID Format activated in
|
||||||
|
metadata.</li>
|
||||||
|
|
||||||
|
<li>Force authentication: set ForceAuthn flag in authentication
|
||||||
|
request</li>
|
||||||
|
|
||||||
|
<li>Allow proxied authentication: allow an authentication response to be
|
||||||
|
issued from another IDP that the one we register (proxy IDP)</li>
|
||||||
|
|
||||||
|
<li>SSO binding: force binding to use for SSO (http-redirect, http-post,
|
||||||
|
etc.)</li>
|
||||||
|
|
||||||
|
<li>SLO binding: force binding to use for SLO (http-redirect, http-post,
|
||||||
|
etc.)</li>
|
||||||
|
|
||||||
|
<li>Resolution rule: Perl expression that will be evaluate to know if
|
||||||
|
this IDP is the default for the connected user. You can use for example
|
||||||
|
$ENV{ to get user's IP.</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<h3 class="heading-1-1"><span id="HPartnerIDPconfiguration">Partner IDP
|
||||||
|
configuration</span></h3>
|
||||||
|
|
||||||
|
<p class="paragraph"></p>You have to give LemonLDAP::NG metadata to your
|
||||||
|
partner. After previous steps, metadata can be viewed at Entity Identifier
|
||||||
|
URL (by default <span class="nobr"><a href=
|
||||||
|
"http://auth.example.com/saml/metadata/">http://auth.example.com/saml/metadata/</a></span>)
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<p class="footer"><a href="index.html">Index</a></p>
|
<p class="footer"><a href="index.html">Index</a></p>
|
||||||
|
|
|
@ -53,7 +53,7 @@ my $docs = {
|
||||||
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/UserDBLDAP' => '4.6-LDAP-user-backend.html',
|
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/UserDBLDAP' => '4.6-LDAP-user-backend.html',
|
||||||
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/UserDBNull' => '4.6-Null-user-backend.html',
|
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/UserDBNull' => '4.6-Null-user-backend.html',
|
||||||
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/UserDBMulti' => '4.6-Multiple-user-backend.html',
|
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/UserDBMulti' => '4.6-Multiple-user-backend.html',
|
||||||
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/userDBSAML' => '4.6-SAML-user-backend.html',
|
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/userDBSAML' => '4.6-SAML-user-backend.html',
|
||||||
# Password backends
|
# Password backends
|
||||||
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/PasswordDBLDAP' => '4.7-LDAP-password-backend.html',
|
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/PasswordDBLDAP' => '4.7-LDAP-password-backend.html',
|
||||||
# LDAP specificities
|
# LDAP specificities
|
||||||
|
|
Loading…
Reference in New Issue
Block a user