Contents
Major Features
For each top-level feature, identify the name, url, description, etc. User-facing features are used directly by end users.
odl-aaa-shiro
- Feature URL: https://git.opendaylight.org/gerrit/gitweb?p=aaa.git;a=blob_plain;f=features/shiro/features-aaa-shiro/src/main/features/features.xml;hb=refs/heads/stable/nitrogen
- Feature Description: ODL Shiro-based AAA implementation
- Top Level: Yes
- User Facing: Yes
- Experimental: Yes
- CSIT Test: https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-all-nitrogen/
odl-aaa-authn
- Feature URL: https://git.opendaylight.org/gerrit/gitweb?p=aaa.git;a=blob;f=features/authn/features-aaa/src/main/features/features.xml;hb=refs/heads/stable/nitrogen
- Feature Description: Same as odl-aaa-shiro
- Top Level: Yes
- User Facing: Yes
- Experimental: Yes
- CSIT Test: https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-all-nitrogen/
odl-aaa-cert
- Feature URL: https://git.opendaylight.org/gerrit/gitweb?p=aaa.git;a=blob;f=features/authn/features-aaa/src/main/features/features.xml;hb=refs/heads/stable/nitrogen
- Feature Description: MD-SAL based encrypted certificate management
- Top Level: Yes
- User Facing: Yes
- Experimental: Yes
- CSIT Test: https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-all-nitrogen/
odl-aaa-cli
- Feature URL: https://git.opendaylight.org/gerrit/gitweb?p=aaa.git;a=blob;f=features/authn/features-aaa/src/main/features/features.xml;hb=refs/heads/stable/nitrogen
- Feature Description: Basic karaf CLI commands for interacting with AAA
- Top Level: Yes
- User Facing: Yes
- Experimental: Yes
- CSIT Test: https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-all-nitrogen/
Documentation
Please provide the URL to each document at docs.opendaylight.org. If the document is under review, provide a link to the change in Gerrit.
- User Guide(s):
- Developer Guide(s):
Security Considerations
Do you have any external interfaces other than RESTCONF?
No.
Other security issues?
N/A.
Quality Assurance
- Link to Sonar Report (54% code coverage)
- Link to CSIT Jobs
Migration
- Bug 7793: shiro.ini is no longer exposed in ODL Nitrogen.
shiro.ini is no longer exposed in ODL Nitrogen. A more robust mechanism is provided to configure AAA in ODL Nitrogen based on the clustered-app-config framework. A migration utility is provided and may be run by invoking the following:
python bin/upgrade/convert-shiro-ini-to-rest-payload <filename>
An XML payload is output to stdout, which can be used as a PUT payload to the aaa-app-config REST endpoint to maintain configuration from a previous version. An alternative is to write the resulting payload to the initial application config:
python bin/upgrade/convert-shiro-ini-to-rest-payload <filename> > etc/opendaylight/datastore/initial/config/aaa-app-config.xml
For Example:
python bin/upgrade/convert-shiro-ini-to-rest-payload etc/shiro.ini > etc/opendaylight/datastore/initial/config/aaa-app-config.xml
Compatibility
Is this release compatible with the previous release?
Yes.
Any API changes?
No.
Any configuration changes?
Some CLI commands were modified for security and ease of use purposes. Nothing else.
Bugs Fixed
- 6772 When it is known some features have not activated fully, do not return 401
- 8717 deprecate the existing mdsal AAA datastore impl
- 8572 remove SecureBlockingQueue which is unused
- 8724 clean AAA features
Known Issues
- List key known issues with workarounds
- 5838 token authentication fails intermittently
- Link to Open Bugs
End-of-life
- N/A
Standards
- LDAP, JDBC, ActiveDirectory (less tested)
Release Mechanics
Describe any major shifts in release schedule from the release plan
None.