diff options
author | WuKong <rebirthmonkey@gmail.com> | 2016-05-24 17:13:17 +0200 |
---|---|---|
committer | WuKong <rebirthmonkey@gmail.com> | 2016-05-24 17:13:17 +0200 |
commit | e63b03f3d7e4851e008e4bb4d184982c2c0bd229 (patch) | |
tree | 8364e8a9c56e214ac0fe248409d21f324b1e0f18 /odl-aaa-moon/README.md | |
parent | 3c1264562ec7949d008e2335b9eecc400436a70d (diff) |
odl/aaa clone
Change-Id: I2b72c16aa3245e02d985a2c6189aacee7caad36e
Signed-off-by: WuKong <rebirthmonkey@gmail.com>
Diffstat (limited to 'odl-aaa-moon/README.md')
-rw-r--r-- | odl-aaa-moon/README.md | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/odl-aaa-moon/README.md b/odl-aaa-moon/README.md new file mode 100644 index 00000000..71f52a63 --- /dev/null +++ b/odl-aaa-moon/README.md @@ -0,0 +1,64 @@ +## Welcome to the OPNFV/Opendaylight AAA Project! + +This project is aimed at providing a flexible, pluggable framework with out-of-the-box capabilities for: + +* *Authentication*: Means to authenticate the identity of both human and machine users (direct or federated). +* *Authorization*: Means to authorize human or machine user access to resources including RPCs, notification subscriptions, and subsets of the datatree. +* *Accounting*: Means to record and access the records of human or machine user access to resources including RPCs, notifications, and subsets of the datatree + + + +### Building + +*Prerequisite:* The followings are required for building AAA: + +- Maven 3 +- Java 7 + +Get the code: + + clone the project with git + +Build it: + + cd aaa && mvn clean install -DskipTests + +### Export Moon information + +export MOON_SERVER_ADDR=192.168.105.135 +export MOON_SERVER_PORT=5000 + + +### Installing + +AAA installs into an existing Opendaylight controller Karaf installation. If you don't have an Opendaylight installation, please refer to this [page](https://wiki.opendaylight.org/view/OpenDaylight_Controller:Installation). + +Start the controller Karaf container: + cd distribution-karaf/target/assembly/ + bin/karaf + +Install AAA AuthN features: + + feature:install odl-aaa-shiro + +### Running + +Once the installation finishes, one can authenticates with the Opendaylight controller by presenting a username/password and a domain name (scope) to be logged into: + + curl -s -d 'grant_type=password&username=admin&password=admin&scope=sdn' http://<controller>:<port>/moon/token + +Upon successful authentication, the controller returns an access token with a configurable expiration in seconds, something similar to the followings: + + {"expires_in":3600,"token_type":"Bearer","access_token":"d772d85e-34c7-3099-bea5-cfafd3c747cb"} + +The access token can then be used to access protected resources on the controller by passing it along in the standard HTTP Authorization header with the resource request. Example: + + curl -s -H 'Authorization: Bearer d772d85e-34c7-3099-bea5-cfafd3c747cb' http://<controller>:<port>/restconf/operational/opendaylight-inventory:nodes + +The operational state of access tokens cached in the MD-SAL can also be obtained after enabling the restconf feature: + + feature:install odl-aaa-all + +At the following URL + + http://controller:8181/restconf/operational/aaa-authn-model:tokencache/ |