Contents

Major Features

For each top-level feature, identify the name, url, description, etc. User-facing features are used directly by end users.

odl-aaa-shiro

• Feature URL: https://git.opendaylight.org/gerrit/gitweb?p=aaa.git;a=blob_plain;f=features/shiro/features-aaa-shiro/src/main/features/features.xml;hb=refs/heads/stable/nitrogen
• Feature Description: ODL Shiro-based AAA implementation
• Top Level: Yes
• User Facing: Yes
• Experimental: Yes
• CSIT Test: https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-all-nitrogen/

odl-aaa-authn

• Feature URL: https://git.opendaylight.org/gerrit/gitweb?p=aaa.git;a=blob;f=features/authn/features-aaa/src/main/features/features.xml;hb=refs/heads/stable/nitrogen
• Feature Description: Same as odl-aaa-shiro
• Top Level: Yes
• User Facing: Yes
• Experimental: Yes
• CSIT Test: https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-all-nitrogen/

odl-aaa-cert

• Feature URL: https://git.opendaylight.org/gerrit/gitweb?p=aaa.git;a=blob;f=features/authn/features-aaa/src/main/features/features.xml;hb=refs/heads/stable/nitrogen
• Feature Description: MD-SAL based encrypted certificate management
• Top Level: Yes
• User Facing: Yes
• Experimental: Yes
• CSIT Test: https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-all-nitrogen/

odl-aaa-cli

• Feature URL: https://git.opendaylight.org/gerrit/gitweb?p=aaa.git;a=blob;f=features/authn/features-aaa/src/main/features/features.xml;hb=refs/heads/stable/nitrogen
• Feature Description: Basic karaf CLI commands for interacting with AAA
• Top Level: Yes
• User Facing: Yes
• Experimental: Yes
• CSIT Test: https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-all-nitrogen/

Documentation

Please provide the URL to each document at docs.opendaylight.org. If the document is under review, provide a link to the change in Gerrit.

• User Guide(s):
  • Authentication, Authorization and Accounting (AAA) Services
• Developer Guide(s):
  • Authentication, Authorization and Accounting (AAA) Services

Security Considerations

• Do you have any external interfaces other than RESTCONF?

  No.

• Other security issues?

  N/A.

Quality Assurance

• Link to Sonar Report (54% code coverage)
• Link to CSIT Jobs

Migration

• Bug 7793: shiro.ini is no longer exposed in ODL Nitrogen.

shiro.ini is no longer exposed in ODL Nitrogen. A more robust mechanism is provided to configure AAA in ODL Nitrogen based on the clustered-app-config framework. A migration utility is provided and may be run by invoking the following:

python bin/upgrade/convert-shiro-ini-to-rest-payload <filename>

An XML payload is output to stdout, which can be used as a PUT payload to the aaa-app-config REST endpoint to maintain configuration from a previous version. An alternative is to write the resulting payload to the initial application config:

python bin/upgrade/convert-shiro-ini-to-rest-payload <filename> > etc/opendaylight/datastore/initial/config/aaa-app-config.xml

For Example:

python bin/upgrade/convert-shiro-ini-to-rest-payload etc/shiro.ini > etc/opendaylight/datastore/initial/config/aaa-app-config.xml

Compatibility

• Is this release compatible with the previous release?

  Yes.

• Any API changes?

  No.

• Any configuration changes?

  Some CLI commands were modified for security and ease of use purposes. Nothing else.

Bugs Fixed

• 6772 When it is known some features have not activated fully, do not return 401
• 8717 deprecate the existing mdsal AAA datastore impl
• 8572 remove SecureBlockingQueue which is unused
• 8724 clean AAA features

Known Issues

• List key known issues with workarounds
• 5838 token authentication fails intermittently
• Link to Open Bugs

End-of-life

• N/A

Standards

• LDAP, JDBC, ActiveDirectory (less tested)

Release Mechanics

• Link to release plan

• Describe any major shifts in release schedule from the release plan
  None.