AAA¶
Overview¶
AAA (Authentication, Authorization, and Accounting) are services that help
improve the security posture of an OpenDaylight deployment. By default,
the majority of OpenDaylight’s northbound APIs (and all RESTCONF APIs)
are protected by AAA after installing the +odl-restconf+ feature.
Behavior/Feature Changes¶
There are no changes to features.
New Features¶
This release contains a major upgrade of H2 database. This impacts the ability
to perform in-place upgrades. Users perfoming an upgrade will need to remove
data/idmlight.db.* files and re-populate the database.
Deprecated and Removed Features¶
There are no deprecated or removed features.
Resolved Issues¶
The following table lists the issues resolved in this release.
Type |
Key |
Summary |
Resolution |
Fix Version(s) |
|---|---|---|---|---|
[CSRF] Attacker can insert or modify the entry of flow table |
Duplicate |
0.16.0 |
||
ODLAuthenticator does not work |
Duplicate |
0.16.1 |
||
web-impl-osgi mis-represents servlet paths |
Done |
0.16.2 |
||
Resources not found with web-osgi-impl |
Done |
0.16.2 |
||
WebInitializer failure with web-jetty-impl |
Done |
0.16.2 |
||
StackOverflowError in aaa-filterchain |
Done |
0.16.3 |
||
Shiro throws a warning about SecurityManager |
Done |
0.14.14, 0.15.6, 0.16.1 |
||
Remove CORS filter from shiro-impl |
Done |
0.16.0 |
||
Reimplement web-osgi-impl with HTTP Whiteboard |
Done |
0.16.0 |
||
Bump Shiro to 1.9.1 |
Done |
0.14.14, 0.15.6, 0.16.0 |
||
Upgrade H2 database to 2.1.210 |
Done |
0.16.0 |
Known Issues¶
The following table lists the known issues that exist in this release.
Type |
Key |
Summary |
Status |
Affected Version(s) |
Fix Version(s) |
|---|---|---|---|---|---|
SQL injection in the aaa-idm-store-h2 (deleteDomain function) |
Resolved |
0.15.0, 0.15.6, 0.16.0, 0.16.4 |
0.15.8, 0.16.5, 0.17.0 |
||
SQL injection in the aaa-idm-store-h2 (deleteUser function) |
Resolved |
0.15.0, 0.15.6, 0.16.0, 0.16.4 |
0.15.8, 0.16.5, 0.17.0 |
||
SQL injection in the aaa-idm-store-h2 (deleteRole function) |
Resolved |
0.15.0, 0.15.6, 0.16.0, 0.16.4 |
0.15.8, 0.16.5, 0.17.0 |
Resolved Issues in SR1¶
The following table lists the issues resolved in Service Release 1.
Type |
Key |
Summary |
Resolution |
Fix Version(s) |
|---|---|---|---|---|
SQL injection in the aaa-idm-store-h2 (deleteDomain function) |
Done |
0.15.8, 0.16.5, 0.17.0 |
||
SQL injection in the aaa-idm-store-h2 (deleteUser function) |
Done |
0.15.8, 0.16.5, 0.17.0 |
||
SQL injection in the aaa-idm-store-h2 (deleteRole function) |
Done |
0.15.8, 0.16.5, 0.17.0 |
||
Upgrade Shiro to 1.10.1 |
Done |
0.15.8, 0.16.5, 0.17.0 |
Known Issues in SR1¶
The following table lists the known issues that exist in Service Release 1.
Resolved Issues in SR2¶
The following table lists the issues resolved in Service Release 2.
Known Issues in SR2¶
The following table lists the known issues that exist in Service Release 2.