AAA

Overview

AAA (Authentication, Authorization, and Accounting) are services that help improve the security posture of an OpenDaylight deployment. By default, the majority of OpenDaylight’s northbound APIs (and all RESTCONF APIs) are protected by AAA after installing the +odl-restconf+ feature.

Behavior/Feature Changes

There are no changes to features.

New Features

This release contains a major upgrade of H2 database. This impacts the ability to perform in-place upgrades. Users perfoming an upgrade will need to remove data/idmlight.db.* files and re-populate the database.

Deprecated and Removed Features

There are no deprecated or removed features.

Resolved Issues

The following table lists the issues resolved in this release.

Issues resolved in versions 0.16.0 through 0.16.3 (JIRA)

Type

Key

Summary

Resolution

Fix Version(s)

Bug

AAA-197

[CSRF] Attacker can insert or modify the entry of flow table

Duplicate

0.16.0

Bug

AAA-229

ODLAuthenticator does not work

Duplicate

0.16.1

Bug

AAA-230

web-impl-osgi mis-represents servlet paths

Done

0.16.2

Bug

AAA-231

Resources not found with web-osgi-impl

Done

0.16.2

Bug

AAA-232

WebInitializer failure with web-jetty-impl

Done

0.16.2

Bug

AAA-235

StackOverflowError in aaa-filterchain

Done

0.16.3

Bug

AAA-215

Shiro throws a warning about SecurityManager

Done

0.14.14, 0.15.6, 0.16.1

Improvement

AAA-213

Remove CORS filter from shiro-impl

Done

0.16.0

Improvement

AAA-225

Reimplement web-osgi-impl with HTTP Whiteboard

Done

0.16.0

Task

AAA-227

Bump Shiro to 1.9.1

Done

0.14.14, 0.15.6, 0.16.0

Task

AAA-221

Upgrade H2 database to 2.1.210

Done

0.16.0

Known Issues

The following table lists the known issues that exist in this release.

Issues affecting versions 0.16.0 through 0.16.3 (JIRA)

Type

Key

Summary

Status

Affected Version(s)

Fix Version(s)

Bug

AAA-240

SQL injection in the aaa-idm-store-h2 (deleteDomain function)

Resolved

0.15.0, 0.15.6, 0.16.0, 0.16.4

0.15.8, 0.16.5, 0.17.0

Bug

AAA-241

SQL injection in the aaa-idm-store-h2 (deleteUser function)

Resolved

0.15.0, 0.15.6, 0.16.0, 0.16.4

0.15.8, 0.16.5, 0.17.0

Bug

AAA-239

SQL injection in the aaa-idm-store-h2 (deleteRole function)

Resolved

0.15.0, 0.15.6, 0.16.0, 0.16.4

0.15.8, 0.16.5, 0.17.0

Resolved Issues in SR1

The following table lists the issues resolved in Service Release 1.

Issues resolved in versions 0.16.4 through 0.16.6 (JIRA)

Type

Key

Summary

Resolution

Fix Version(s)

Bug

AAA-240

SQL injection in the aaa-idm-store-h2 (deleteDomain function)

Done

0.15.8, 0.16.5, 0.17.0

Bug

AAA-241

SQL injection in the aaa-idm-store-h2 (deleteUser function)

Done

0.15.8, 0.16.5, 0.17.0

Bug

AAA-239

SQL injection in the aaa-idm-store-h2 (deleteRole function)

Done

0.15.8, 0.16.5, 0.17.0

Task

AAA-242

Upgrade Shiro to 1.10.1

Done

0.15.8, 0.16.5, 0.17.0

Known Issues in SR1

The following table lists the known issues that exist in Service Release 1.

Resolved Issues in SR2

The following table lists the issues resolved in Service Release 2.

Known Issues in SR2

The following table lists the known issues that exist in Service Release 2.