Free Chapter
OpenDaylight's security is, in part, provided by the AAA project, which implements mechanisms to bring:
By default, when you install any features, AAA authentication will be installed. It provides two users by default:
This recipe does not require anything more than OpenDaylight itself.
The sample code for this recipe is available at:
https://github.com/jgoodyear/OpenDaylightCookbook/tree/master/chapter1/chapter1-recipe7
Perform the following steps:
$ ./bin/karaf
opendaylight-user@root>feature:install odl-aaa-authn
It might take a few minutes to complete the installation.
Authorization: Basic YWRtaW46YWRtaW4=
{
"users": [
{
"userid": "admin@sdn",
"name": "admin",
"description": "admin user",
"enabled": true,
"email": "",
"password": "**********",
"salt": "**********",
"domainid": "sdn"
},
{
"userid": "user@sdn",
"name": "user",
"description": "user user",
"enabled": true,
"email": "",
"password": "**********",
"salt": "**********",
"domainid": "sdn"
}
]
}
First, you need the userid that can be retrieved using the previous request. For this tutorial, we will use userid=user@sdn.
To update the password for this user, do the following request:
Authorization: Basic YWRtaW46YWRtaW4=
This is the basic admin/admin authorization. We will not modify this one.
{
"userid": "user@sdn",
"name": "user",
"description": "user user",
"enabled": true,
"email": "",
"password": "newpassword",
"domainid": "sdn"
}
Once sent, you will receive the acknowledged payload.
You should now be logged in with the new, updated password for the user.
The AAA project supports role-based access control (RBAC) based on the Apache Shiro permissions system. It defines a REST application used to interact with the h2 database. Each table has its own REST endpoint that can be used using a REST client to modify the h2 database content, such as the user information.