[OPENAM-5508] REST with Realm/DNS Aliases causes unexpected results Created: 09/Feb/15  Updated: 20/Nov/16  Resolved: 20/Nov/16

Status: Closed
Project: OpenAM
Component/s: authentication, rest, upgrade
Affects Version/s: 12.0.0
Fix Version/s: 12.0.1, 13.0.0

Type: Bug Priority: Major
Reporter: Mark Powell Assignee: Phill Cunnington
Resolution: Fixed Votes: 2
Labels: AME, TESLA, release-notes, verified
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: Not Specified Time Spent: Not Specified
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Issue Links:
Relates
relates to OPENAM-5686 Document changes to the semantics of ... Closed
relates to OPENAM-6340 XUI needs to support DNS/Alias behavi... Open
relates to OPENAM-5860 PolicyEditor does not load in OpenAM ... Resolved
relates to OPENAM-5841 Realm override query parameter on log... Resolved
relates to OPENAM-6470 ThemeManager.js doesn't need to strip... Resolved
relates to OPENAM-6503 Unable to update policies in subrealm Resolved
relates to OPENAM-5618 Document clarification of realm handling Resolved
relates to OPENAM-5539 Add examples on how to use the XUI Lo... Resolved
Sub-Tasks:
Key
Summary
Type
Status
Assignee
OPENAM-5551 Change the way to XUI interprets realms Sub-task Closed Phil Ostler [X]  
OPENAM-5552 Change the meaning of query param rea... Sub-task Closed Phill Cunnington  
OPENAM-5701 Investigate server response to Policy... Sub-task Closed Phill Cunnington  
Target Version/s:
Sprint: Sprint 79 - Team Tesla, Sprint 80 - Team Tesla, Sprint 81 - Team Tesla, Sprint 82 - Team Tesla
Support Ticket IDs:
QA Assignee: Nemanja Lukic
Verified Version/s:

 Description   

Steps to reproduce:

  • Create a vanilla install of OpenAM 11.0.2 with embedded config and data stores
  • Set up a subrealm called "Customers"
  • In the "Customers" subrealm, remove the embedded user datastore and replace with a different user datastore, e.g. OpenDJ
  • In the "Customers" subrealm, add a Realm/DNS Alias of customers.example.com
  • In OpenDJ, add "testuser1"
  • Upgrade to OpenAM 12 (this is required to create test case 3 below - the other two examples occur from a vanilla OpenAM 12 install)
  • Use REST to test the following commands...

Test 1
Using the user from OpenDJ, authenticate into the Customers subrealm with testuser1, using the DNS Alias "customers.example.com" and "/json/authenticate?realm=customers" in the URL:

$ curl --request POST --header "X-OpenAM-Username:testuser1" --header "X-OpenAM-Password:password" --header "Content-Type: application/json" --data "{}" "http://customers.example.com:8080/openam/json/authenticate?realm=customers"
{"code":400,"reason":"Bad Request","message":"Invalid realm, Customerscustomers"}

Test 2
Using the user from OpenDJ, authenticate into the Customers subrealm with testuser1, using the DNS Alias "customers.example.com" and "json/customers/authenticate" in the URL:

$ curl --request POST --header "X-OpenAM-Username:testuser1" --header "X-OpenAM-Password:password" --header "Content-Type: application/json" --data "{}" "http://customers.example.com:8080/openam/json/customers/authenticate"
{"code":400,"reason":"Bad Request","message":"Invalid realm, Customers/customers"}

Test 3
Using the user from OpenDJ, attempt to authenticate into the / (Top Level Realm) with testuser1, using the DNS Alias "customers.example.com" - user should not have access to this realm:

$ curl --request POST --header "X-OpenAM-Username:testuser1" --header "X-OpenAM-Password:password" --header "Content-Type: application/json" --data "{}" "http://customers.example.com:8080/openam/json/authenticate?realm=/"
{"tokenId":"AQIC5wM2LY4Sfcwb114pUEw6F55OCi-lWklVgiOFRJZTC5M.*AAJTSQACMDEAAlNLABM0NzE2Mzk5OTMzNjg3MDU4Njcy*","successUrl":"/openam/console"}


 Comments   
Comment by Nemanja Lukic [ 23/Mar/15 ]

Results from the trunk build (OpenAM 13.0.0-SNAPSHOT Build 13107 (2015-March-21 11:00)):

Test 1

curl --request POST --header "X-OpenAM-Username:testuser1" --header "X-OpenAM-Password:password" --header "Content-Type: application/json" --data "{}" "http://ft-oam.test.rck.me:8080/openam/json/authenticate?realm=customers"

{"code":400,"reason":"Bad Request","message":"Invalid realm, Customers/customers"}

Test 2

curl --request POST --header "X-OpenAM-Username:testuser1" --header "X-OpenAM-Password:password" --header "Content-Type: application/json" --data "{}" "http://ft-oam.test.rck.me:8080/openam/json/customers/authenticate"

{"code":400,"reason":"Bad Request","message":"Invalid realm, Customers/customers"}
Comment by Nemanja Lukic [ 26/Mar/15 ]

I have rerun the tests but due to OPENAM-5706 I was not able to check the results after upgrade from 11.0.2.

The setup is almost as in the description:

  • Subrealm "Customers" has been created with "ft-oam.test.rck.me" DNS/Alias

The output is as follows:

Case 1

With query parameter only: ?realm=customers

curl --request POST --header X-OpenAM-Username:testuser1 --header X-OpenAM-Password:password --header Content-Type: application/json --data {} http://ft-oam.test.rck.me:8080/openam/json/authenticate?realm=customers
{"tokenId":"AQIC5wM2LY4Sfcz8b1bdvP3GTxQJ2Jmhorw2aGVKnQdYs10.*AAJTSQACMDEAAlNLABM2MDk3NDg2NzAyMjEzODgwMTE3*","successUrl":"/openam/console"}

Case 2

With URL parameter: /customers/

curl --request POST --header X-OpenAM-Username:testuser1 --header X-OpenAM-Password:password --header Content-Type: application/json --data {} http://ft-oam.test.rck.me:8080/openam/json/customers/authenticate
{"code":400,"reason":"Bad Request","message":"Invalid realm, Customers/customers"}

Case 3

With query parameter: ?realm=/

curl --request POST --header X-OpenAM-Username:testuser1 --header X-OpenAM-Password:password --header Content-Type: application/json --data {} http://ft-oam.test.rck.me:8080/openam/json/authenticate?realm=/
{"code":401,"reason":"Unauthorized","message":"Authentication Failed!!"}

Case 4

With query parameter: ?realm=/customers

curl --request POST --header X-OpenAM-Username:testuser1 --header X-OpenAM-Password:password --header Content-Type: application/json --data {} http://ft-oam.test.rck.me:8080/openam/json/authenticate?realm=/customers
{"tokenId":"AQIC5wM2LY4SfcwOiH7f67M099X8r_N7rYqyzT_GR4WFI98.*AAJTSQACMDEAAlNLABQtODU1MjgxMzQ1MDQ3NzgyMTQ0MA..*","successUrl":"/openam/console"}

Case 5

With url and query parameter together: /customers/...?realm=customers

curl --request POST --header X-OpenAM-Username:testuser1 --header X-OpenAM-Password:password --header Content-Type: application/json --data {} http://ft-oam.test.rck.me:8080/openam/json/customers/authenticate?realm=customers
{"tokenId":"AQIC5wM2LY4SfcytxJ8P0moxgDEmJU4TRdlyLc5hG6C_odY.*AAJTSQACMDEAAlNLABQtNzIzNDQ1MDYyMTk3MzM0OTY0NQ..*","successUrl":"/openam/console"}
Comment by Nemanja Lukic [ 30/Mar/15 ]

Verified in: OpenAM 13.0.0-SNAPSHOT Build 13206 (2015-March-30 10:48)
The verification includes only curl as XUI is blocked due to: OPENAM-5763

Comment by Nemanja Lukic [ 09/Jul/15 ]

Results after upgrade to 12.0.1 are as follows:

Case 1

With query parameter only: ?realm=customers

curl --request POST --header "X-OpenAM-Username:testuser1" --header "X-OpenAM-Password:password" --header "Content-Type: application/json" --data "{}" "http://ft-oam.test.rck.me:8080/openam/json/authenticate?realm=customers"
{"tokenId":"AQIC5wM2LY4SfcwUJ86w4QtCfgpRyp9f0KJiJnbRs7vMXlI.*AAJTSQACMDEAAlNLABM2NTg2ODc5OTY0OTU5OTEzNzYw*","successUrl":"/openam/console"}

Case 2

With URL parameter: /customers/

curl --request POST --header "X-OpenAM-Username:testuser1" --header "X-OpenAM-Password:password" --header "Content-Type: application/json" --data "{}" http://ft-oam.test.rck.me:8080/openam/json/customers/authenticate
{"code":400,"reason":"Bad Request","message":"Invalid realm, Customers/customers"}

Case 3

With query parameter: ?realm=/

curl --request POST --header "X-OpenAM-Username:testuser1" --header "X-OpenAM-Password:password" --header "Content-Type: application/json" --data "{}" http://ft-oam.test.rck.me:8080/openam/json/authenticate?realm=/
{"errorMessage":"Authentication Failed!!"}

Case 4

With query parameter: ?realm=/customers

curl --request POST --header "X-OpenAM-Username:testuser1" --header "X-OpenAM-Password:password" --header "Content-Type: application/json" --data "{}" "http://ft-oam.test.rck.me:8080/openam/json/authenticate?realm=/customers"
{"tokenId":"AQIC5wM2LY4SfcyPOKpnuvmfWhUcpSyc4LQ6xPj_0zU4qzs.*AAJTSQACMDEAAlNLABMxNzU2MzkyNDExNTA2NDMxMTI3*","successUrl":"/openam/console"}

Case 5

With url and query parameter together: /customers/...?realm=customers

curl --request POST --header "X-OpenAM-Username:testuser1" --header "X-OpenAM-Password:password" --header "Content-Type: application/json" --data "{}" "http://ft-oam.test.rck.me:8080/openam/json/customers/authenticate?realm=customers"
{"tokenId":"AQIC5wM2LY4SfcwLm2H4A-SEUT1rRy6nYnYlC_TjmQJoF1E.*AAJTSQACMDEAAlNLABQtMzkzMjI3NDk0NzQ2NzAzMDI3OQ..*","successUrl":"/openam/console"}
Comment by Nemanja Lukic [ 09/Jul/15 ]

XUI/12.0.1
The output is as follows:

Case 1 FAILED

With query parameter only: http://ft-oam.test.rck.me:8080/openam?realm=customers

Error message:

Login/Password combination invalid.

Live HTTP headers:

http://ft-oam.test.rck.me:8080/openam/json/authenticate?realm=customers

POST /openam/json/authenticate?realm=customers HTTP/1.1
Host: ft-oam.test.rck.me:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,sr;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Accept-API-Version: protocol=1.0,resource=2.0
X-Password: anonymous
X-Username: anonymous
X-NoSession: true
X-Requested-With: XMLHttpRequest
Referer: http://ft-oam.test.rck.me:8080/openam/XUI/
Content-Length: 717
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
{"authId":"eyAidHlwIjogIkpXVCIsICJhbGciOiAiSFMyNTYiIH0.eyAib3RrIjogIjNrbjdycTNjbHY3aXFkN3M4cDJmcmNxdmgxIiwgInJlYWxtIjogIm89Y3VzdG9tZXJzLG91PXNlcnZpY2VzLGRjPW9wZW5hbSxkYz1mb3JnZXJvY2ssZGM9b3JnIiwgInNlc3Npb25JZCI6ICJBUUlDNXdNMkxZNFNmY3pnRlc0cG14SWpSTGU0UkJEaHZncmdzUi1rRi1zOFlXQS4qQUFKVFNRQUNNREVBQWxOTEFCTTNNell3TXpreE5EWTVOamswT1RjM09UWXkqIiB9.UiMffR6vuFQqNKVl8TcmsOBgJP0PbMohzdvGIrjjhwI","template":"","stage":"DataStore1","header":"Sign in to OpenAM","callbacks":[{"type":"NameCallback","output":[{"name":"prompt","value":"User Name:"}],"input":[{"name":"IDToken1","value":"testuser1"}]},{"type":"PasswordCallback","output":[{"name":"prompt","value":"Password:"}],"input":[{"name":"IDToken2","value":"password"}]}]}
HTTP/1.1 200 OK
Set-Cookie: amlbcookie=01; Domain=.test.forgerock.com; Path=/
Content-API-Version: protocol=1.0,resource=2.0
Date: Thu, 09 Jul 2015 09:29:10 GMT
Accept-Ranges: bytes
Server: Restlet-Framework/2.1.7
Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: application/json;charset=UTF-8
Content-Length: 143
----------------------------------------------------------
http://ft-oam.test.rck.me:8080/openam/json/users?_action=idFromSession&realm=customers

POST /openam/json/users?_action=idFromSession&realm=customers HTTP/1.1
Host: ft-oam.test.rck.me:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,sr;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Accept-API-Version: protocol=1.0,resource=2.0
X-Password: anonymous
X-Username: anonymous
X-NoSession: true
X-Requested-With: XMLHttpRequest
Referer: http://ft-oam.test.rck.me:8080/openam/XUI/
Content-Length: 2
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
{}
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Content-Type: application/json;charset=UTF-8
Content-Length: 62
Date: Thu, 09 Jul 2015 09:29:10 GMT

Case 2 - OK

With URL parameter: http://ft-oam.test.rck.me:8080/openam/XUI/#login/customers/

Error message:

Realm does not exist.

Case 3 - OK

With query parameter: http://ft-oam.test.rck.me:8080/openam/XUI/#login/&realm=/

Error Message:

Login/password combination is invalid.

Live HTTP Headers:

http://ft-oam.test.rck.me:8080/openam/json/authenticate?realm=/

POST /openam/json/authenticate?realm=/ HTTP/1.1
Host: ft-oam.test.rck.me:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,sr;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Accept-API-Version: protocol=1.0,resource=2.0
X-Password: anonymous
X-Username: anonymous
X-NoSession: true
X-Requested-With: XMLHttpRequest
Referer: http://ft-oam.test.rck.me:8080/openam/XUI/
Content-Length: 685
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
{"authId":"eyAidHlwIjogIkpXVCIsICJhbGciOiAiSFMyNTYiIH0.eyAib3RrIjogImc2NnU5b2huamYxbjNsYmNzcWE2ZnFqcXNvIiwgInJlYWxtIjogImRjPW9wZW5hbSxkYz1mb3JnZXJvY2ssZGM9b3JnIiwgInNlc3Npb25JZCI6ICJBUUlDNXdNMkxZNFNmY3g2bzFFM01TXzZMcEQ1VmNkQUpVdm5Oa3FLTnBDMU9oVS4qQUFKVFNRQUNNREVBQWxOTEFCSTFOVEU0TnpFMk9UUTFORFExTURnek1UTS4qIiB9.D4hrSqh6ctR76RVT1LcsZdsdCY7rURQVU-jEGhn0DOA","template":"","stage":"DataStore1","header":"Sign in to OpenAM","callbacks":[{"type":"NameCallback","output":[{"name":"prompt","value":"User Name:"}],"input":[{"name":"IDToken1","value":"testuser1"}]},{"type":"PasswordCallback","output":[{"name":"prompt","value":"Password:"}],"input":[{"name":"IDToken2","value":"password"}]}]}
HTTP/1.1 401 Unauthorized
Content-API-Version: protocol=1.0,resource=2.0
Date: Thu, 09 Jul 2015 09:40:48 GMT
Accept-Ranges: bytes
Server: Restlet-Framework/2.1.7
Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
Content-Type: application/json;charset=UTF-8
Content-Length: 72
----------------------------------------------------------
http://ft-oam.test.rck.me:8080/openam/json/authenticate?realm=%2F

POST /openam/json/authenticate?realm=%2F HTTP/1.1
Host: ft-oam.test.rck.me:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,sr;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json
Accept-API-Version: protocol=1.0,resource=2.0
X-Password: anonymous
X-Username: anonymous
X-NoSession: true
X-Requested-With: XMLHttpRequest
Referer: http://ft-oam.test.rck.me:8080/openam/XUI/
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Set-Cookie: amlbcookie=01; Domain=.test.forgerock.com; Path=/
Content-API-Version: protocol=1.0,resource=2.0
Date: Thu, 09 Jul 2015 09:40:48 GMT
Accept-Ranges: bytes
Server: Restlet-Framework/2.1.7
Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: application/json;charset=UTF-8
Content-Length: 674
----------------------------------------------------------
curl --request POST --header X-OpenAM-Username:testuser1 --header X-OpenAM-Password:password --header Content-Type: application/json --data {} http://ft-oam.test.rck.me:8080/openam/json/authenticate?realm=/
{"code":401,"reason":"Unauthorized","message":"Authentication Failed!!"}

Case 4 FAILED

With query parameter:http://ft-oam.test.rck.me:8080/openam/XUI/#login/&realm=/customers

Error Message:

Login/password combination is invalid.
http://ft-oam.test.rck.me:8080/openam/json/authenticate?realm=/customers

POST /openam/json/authenticate?realm=/customers HTTP/1.1
Host: ft-oam.test.rck.me:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,sr;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Accept-API-Version: protocol=1.0,resource=2.0
X-Password: anonymous
X-Username: anonymous
X-NoSession: true
X-Requested-With: XMLHttpRequest
Referer: http://ft-oam.test.rck.me:8080/openam/XUI/
Content-Length: 717
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
{"authId":"eyAidHlwIjogIkpXVCIsICJhbGciOiAiSFMyNTYiIH0.eyAib3RrIjogInIzOHQzNmNtMDR1ZWJiaHNpb3JwZnRvaXY0IiwgInJlYWxtIjogIm89Y3VzdG9tZXJzLG91PXNlcnZpY2VzLGRjPW9wZW5hbSxkYz1mb3JnZXJvY2ssZGM9b3JnIiwgInNlc3Npb25JZCI6ICJBUUlDNXdNMkxZNFNmY3pWSmFfTHlSTXdQYk8yTldUTmFGNGltSWlyeFBJaUVYay4qQUFKVFNRQUNNREVBQWxOTEFCTTBOVEl3TURjME56UTVPRFUxTkRreU9UazIqIiB9.JJCMUTD95eWTNdktJOVFSfT0J7MX5a3SUfY7SoMGIa4","template":"","stage":"DataStore1","header":"Sign in to OpenAM","callbacks":[{"type":"NameCallback","output":[{"name":"prompt","value":"User Name:"}],"input":[{"name":"IDToken1","value":"testuser1"}]},{"type":"PasswordCallback","output":[{"name":"prompt","value":"Password:"}],"input":[{"name":"IDToken2","value":"password"}]}]}
HTTP/1.1 200 OK
Content-API-Version: protocol=1.0,resource=2.0
Date: Thu, 09 Jul 2015 09:49:13 GMT
Accept-Ranges: bytes
Server: Restlet-Framework/2.1.7
Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: application/json;charset=UTF-8
Content-Length: 139
----------------------------------------------------------
http://ft-oam.test.rck.me:8080/openam/json/users?_action=idFromSession&realm=/customers

POST /openam/json/users?_action=idFromSession&realm=/customers HTTP/1.1
Host: ft-oam.test.rck.me:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,sr;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Accept-API-Version: protocol=1.0,resource=2.0
X-Password: anonymous
X-Username: anonymous
X-NoSession: true
X-Requested-With: XMLHttpRequest
Referer: http://ft-oam.test.rck.me:8080/openam/XUI/
Content-Length: 2
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
{}
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Content-Type: application/json;charset=UTF-8
Content-Length: 62
Date: Thu, 09 Jul 2015 09:49:13 GMT
----------------------------------------------------------
http://ft-oam.test.rck.me:8080/openam/XUI/images/span_error.png?v=1.1.10-1

GET /openam/XUI/images/span_error.png?v=1.1.10-1 HTTP/1.1
Host: ft-oam.test.rck.me:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,sr;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://ft-oam.test.rck.me:8080/openam/XUI/
Connection: keep-alive

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Etag: W/"1527-1434985434000"
Last-Modified: Mon, 22 Jun 2015 15:03:54 GMT
Content-Type: image/png
Content-Length: 1527
Date: Thu, 09 Jul 2015 09:49:13 GMT
----------------------------------------------------------

Case 5 - FAILED

With url and query parameter together: http://ft-oam.test.rck.me:8080/openam/XUI/#login/customers/?realm=customers

XUI does not load.

Comment by Quentin CASTEL [X] (Inactive) [ 20/Nov/16 ]

modification of the status, in order to migrate the 'Zendesk ID' field to 'Support Ticket ID' field.

Comment by Quentin CASTEL [X] (Inactive) [ 20/Nov/16 ]

modification of the status, in order to migrate the 'Zendesk ID' field to 'Support Ticket ID' field.

Generated at Thu Oct 22 01:54:35 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.