aboutsummaryrefslogtreecommitdiffstats
path: root/odl-aaa-moon/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'odl-aaa-moon/README.md')
-rw-r--r--odl-aaa-moon/README.md64
1 files changed, 64 insertions, 0 deletions
diff --git a/odl-aaa-moon/README.md b/odl-aaa-moon/README.md
new file mode 100644
index 00000000..71f52a63
--- /dev/null
+++ b/odl-aaa-moon/README.md
@@ -0,0 +1,64 @@
+## Welcome to the OPNFV/Opendaylight AAA Project!
+
+This project is aimed at providing a flexible, pluggable framework with out-of-the-box capabilities for:
+
+* *Authentication*: Means to authenticate the identity of both human and machine users (direct or federated).
+* *Authorization*: Means to authorize human or machine user access to resources including RPCs, notification subscriptions, and subsets of the datatree.
+* *Accounting*: Means to record and access the records of human or machine user access to resources including RPCs, notifications, and subsets of the datatree
+
+
+
+### Building
+
+*Prerequisite:* The followings are required for building AAA:
+
+- Maven 3
+- Java 7
+
+Get the code:
+
+ clone the project with git
+
+Build it:
+
+ cd aaa && mvn clean install -DskipTests
+
+### Export Moon information
+
+export MOON_SERVER_ADDR=192.168.105.135
+export MOON_SERVER_PORT=5000
+
+
+### Installing
+
+AAA installs into an existing Opendaylight controller Karaf installation. If you don't have an Opendaylight installation, please refer to this [page](https://wiki.opendaylight.org/view/OpenDaylight_Controller:Installation).
+
+Start the controller Karaf container:
+ cd distribution-karaf/target/assembly/
+ bin/karaf
+
+Install AAA AuthN features:
+
+ feature:install odl-aaa-shiro
+
+### Running
+
+Once the installation finishes, one can authenticates with the Opendaylight controller by presenting a username/password and a domain name (scope) to be logged into:
+
+ curl -s -d 'grant_type=password&username=admin&password=admin&scope=sdn' http://<controller>:<port>/moon/token
+
+Upon successful authentication, the controller returns an access token with a configurable expiration in seconds, something similar to the followings:
+
+ {"expires_in":3600,"token_type":"Bearer","access_token":"d772d85e-34c7-3099-bea5-cfafd3c747cb"}
+
+The access token can then be used to access protected resources on the controller by passing it along in the standard HTTP Authorization header with the resource request. Example:
+
+ curl -s -H 'Authorization: Bearer d772d85e-34c7-3099-bea5-cfafd3c747cb' http://<controller>:<port>/restconf/operational/opendaylight-inventory:nodes
+
+The operational state of access tokens cached in the MD-SAL can also be obtained after enabling the restconf feature:
+
+ feature:install odl-aaa-all
+
+At the following URL
+
+ http://controller:8181/restconf/operational/aaa-authn-model:tokencache/