AAA¶
Overview¶
AAA (Authentication, Authorization, and Accounting) are services that help
improve the security posture of an OpenDaylight deployment. By default,
the majority of OpenDaylight’s northbound APIs (and all RESTCONF APIs)
are protected by AAA after installing the +odl-restconf+ feature.
Behavior/Feature Changes¶
There are no changes to features.
New Features¶
No new features.
Deprecated and Removed Features¶
There are no deprecated or removed features.
Resolved Issues¶
The following table lists the issues resolved in this release.
Type |
Key |
Summary |
Resolution |
Fix Version(s) |
|---|---|---|---|---|
SQL injection in the aaa-idm-store-h2 (deleteDomain function) |
Done |
0.15.8, 0.16.5, 0.17.0 |
||
SQL injection in the aaa-idm-store-h2 (deleteUser function) |
Done |
0.15.8, 0.16.5, 0.17.0 |
||
SQL injection in the aaa-idm-store-h2 (deleteRole function) |
Done |
0.15.8, 0.16.5, 0.17.0 |
||
https configuration fails with blueprint errors |
Done |
0.15.6, 0.16.6, 0.17.0 |
||
aaa-encrypt-service fails to start on follower nodes |
Done |
0.17.7 |
||
Make WebContext builder enforce proper pattern values |
Duplicate |
0.17.0 |
||
Validate web-api constructs |
Done |
0.17.0 |
||
Revisit aaa-cli-jar |
Done |
0.17.0 |
||
Add IDM web context description |
Done |
0.17.2 |
||
Instantiate AAAEncryptServiceImpl via OSGi DS |
Done |
0.17.4 |
||
Add support for naming WebContexts |
Done |
0.17.2 |
||
Expose WebContextSecurer through OSGi DS |
Done |
0.17.5 |
||
Select only specifically-marked Filters for CustomFilterAdapterConfiguration |
Done |
0.17.0 |
||
Upgrade Shiro to 1.10.1 |
Done |
0.15.8, 0.16.5, 0.17.0 |
||
Upgrade Shiro to 1.11.0 |
Done |
0.15.9, 0.16.8, 0.17.3 |
||
Eliminate blueprint from aaa-encrypt-service |
Done |
0.17.6 |
||
Remove OAuth2 remnants |
Done |
0.17.7 |
||
Fix AAA documentation |
Done |
0.16.8, 0.17.6 |
Known Issues¶
The following table lists the known issues that exist in this release.
Type |
Key |
Summary |
Status |
Affected Version(s) |
Fix Version(s) |
|---|---|---|---|---|---|
API to validate user access does not work |
Resolved |
0.17.6 |
0.18.0 |
Resolved Issues in SR1¶
The following table lists the issues resolved in Service Release 1.
Known Issues in SR1¶
The following table lists the known issues that exist in Service Release 1.
Resolved Issues in SR2¶
The following table lists the issues resolved in Service Release 2.
Type |
Key |
Summary |
Resolution |
Fix Version(s) |
|---|---|---|---|---|
Align aaa’s documentation version with distro |
Done |
0.16.9, 0.17.9, 0.18.0 |
||
Cleanup AAA readme |
Done |
0.16.10, 0.17.11, 0.18.0 |
Known Issues in SR2¶
The following table lists the known issues that exist in Service Release 2.
Resolved Issues in SR3¶
The following table lists the issues resolved in Service Release 3.
Type |
Key |
Summary |
Resolution |
Fix Version(s) |
|---|---|---|---|---|
RESTCONF path segment with encoded forward slash returns 400 |
Done |
0.16.10, 0.17.12, 0.18.2 |
||
Upgrade shiro to 1.12.0 |
Done |
0.16.10, 0.17.12, 0.18.1 |
||
Bump H2 database to 2.2.220 |
Done |
0.16.10, 0.17.13, 0.18.3 |
Known Issues in SR3¶
The following table lists the known issues that exist in Service Release 3.
Type |
Key |
Summary |
Status |
Affected Version(s) |
Fix Version(s) |
|---|---|---|---|---|---|
AAAEncryptionService does not inform user of Encryption/Decryption failures |
Confirmed |
0.17.14, 0.18.4 |
0.19.0 |