From cf864337c13b4638c588badf3f589f9e39318c95 Mon Sep 17 00:00:00 2001 From: Trevor Bramwell Date: Mon, 12 Sep 2016 11:06:56 -0700 Subject: Move ODL-AAA-MOON under 'upstream' Directory Change-Id: Ie010fbe3899e151421940908dbe8675aade54e2d Signed-off-by: Trevor Bramwell --- upstream/odl-aaa-moon/aaa/README.md | 62 +++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 upstream/odl-aaa-moon/aaa/README.md (limited to 'upstream/odl-aaa-moon/aaa/README.md') diff --git a/upstream/odl-aaa-moon/aaa/README.md b/upstream/odl-aaa-moon/aaa/README.md new file mode 100644 index 00000000..dc748ef1 --- /dev/null +++ b/upstream/odl-aaa-moon/aaa/README.md @@ -0,0 +1,62 @@ +## Welcome to the OPNFV/Opendaylight AAA Project! + +This project is aimed at providing a flexible, pluggable framework with out-of-the-box capabilities for: + +* *Authentication*: Means to authenticate the identity of both human and machine users (direct or federated). +* *Authorization*: Means to authorize human or machine user access to resources including RPCs, notification subscriptions, and subsets of the datatree. +* *Accounting*: Means to record and access the records of human or machine user access to resources including RPCs, notifications, and subsets of the datatree + + + +### Building + +*Prerequisite:* The followings are required for building AAA: + +- Maven 3 +- Java 7 + +Get the code: + + clone the project with git + +Build it: + + cd aaa && mvn clean install -DskipTests + +### Export Moon information + +export MOON_SERVER_ADDR=192.168.56.101 +export MOON_SERVER_PORT=5000 + + +### Installing + +AAA installs into an existing Opendaylight controller Karaf installation. If you don't have an Opendaylight installation, please refer to this [page](https://wiki.opendaylight.org/view/OpenDaylight_Controller:Installation). + +Start the controller Karaf container: + cd distribution-karaf/target/assembly/ + bin/karaf + +Install AAA AuthN features: + + feature:install odl-aaa-shiro + +### Running + +Once the installation finishes, one can authenticates with the Opendaylight controller by presenting a username/password and a domain name (scope) to be logged into: + + curl -s -d 'grant_type=password&username=admin&password=admin' http://:/moon/token + + curl -s -d 'grant_type=password&username=admin&password=password' http://localhost:8080/moon/token + +Upon successful authentication, the controller returns an access token with a configurable expiration in seconds, something similar to the followings: + + {"expires_in":3600,"token_type":"Bearer","access_token":"d772d85e-34c7-3099-bea5-cfafd3c747cb"} + +The access token can then be used to access protected resources on the controller by passing it along in the standard HTTP Authorization header with the resource request. Example: + + curl -s -H 'Authorization: Bearer d772d85e-34c7-3099-bea5-cfafd3c747cb' http://:/restconf/operational/opendaylight-inventory:nodes + +Test HTTP Basic Authentication + + curl -u admin:password http://localhost:8080/auth/v1/domains \ No newline at end of file -- cgit 1.2.3-korg