===
AAA
===
Major Features
==============
For each top-level feature, identify the name, url, description, etc. User-facing features are used directly by end users.
odl-aaa-shiro
-------------
* **Feature URL:** https://git.opendaylight.org/gerrit/gitweb?p=aaa.git;a=blob_plain;f=features/shiro/features-aaa-shiro/src/main/features/features.xml;hb=refs/heads/stable/nitrogen
* **Feature Description:** ODL Shiro-based AAA implementation
* **Top Level:** Yes
* **User Facing:** Yes
* **Experimental:** Yes
* **CSIT Test:** https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-all-nitrogen/
odl-aaa-authn
-------------
* **Feature URL:** https://git.opendaylight.org/gerrit/gitweb?p=aaa.git;a=blob;f=features/authn/features-aaa/src/main/features/features.xml;hb=refs/heads/stable/nitrogen
* **Feature Description:** Same as odl-aaa-shiro
* **Top Level:** Yes
* **User Facing:** Yes
* **Experimental:** Yes
* **CSIT Test:** https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-all-nitrogen/
odl-aaa-cert
------------
* **Feature URL:** https://git.opendaylight.org/gerrit/gitweb?p=aaa.git;a=blob;f=features/authn/features-aaa/src/main/features/features.xml;hb=refs/heads/stable/nitrogen
* **Feature Description:** MD-SAL based encrypted certificate management
* **Top Level:** Yes
* **User Facing:** Yes
* **Experimental:** Yes
* **CSIT Test:** https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-all-nitrogen/
odl-aaa-cli
------------
* **Feature URL:** https://git.opendaylight.org/gerrit/gitweb?p=aaa.git;a=blob;f=features/authn/features-aaa/src/main/features/features.xml;hb=refs/heads/stable/nitrogen
* **Feature Description:** Basic karaf CLI commands for interacting with AAA
* **Top Level:** Yes
* **User Facing:** Yes
* **Experimental:** Yes
* **CSIT Test:** https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-all-nitrogen/
Documentation
=============
Please provide the URL to each document at docs.opendaylight.org. If the document is under review, provide a link to the change in Gerrit.
* **User Guide(s):**
* :ref:`aaa-user-guide`
* **Developer Guide(s):**
* :ref:`aaa-dev-guide`
Security Considerations
=======================
* Do you have any external interfaces other than RESTCONF?
No.
* Other security issues?
N/A.
Quality Assurance
=================
* `Link to Sonar Report `_ (54% code coverage)
* `Link to CSIT Jobs `_
Migration
---------
* Bug 7793: shiro.ini is no longer exposed in ODL Nitrogen.
shiro.ini is no longer exposed in ODL Nitrogen. A more robust mechanism is
provided to configure AAA in ODL Nitrogen based on the clustered-app-config
framework. A migration utility is provided and may be run by invoking the
following:
.. code-block:: bash
python bin/upgrade/convert-shiro-ini-to-rest-payload
An XML payload is output to stdout, which can be used as a PUT payload to the
aaa-app-config REST endpoint to maintain configuration from a previous version.
An alternative is to write the resulting payload to the initial application
config:
.. code-block:: bash
python bin/upgrade/convert-shiro-ini-to-rest-payload > etc/opendaylight/datastore/initial/config/aaa-app-config.xml
For Example:
.. code-block:: bash
python bin/upgrade/convert-shiro-ini-to-rest-payload etc/shiro.ini > etc/opendaylight/datastore/initial/config/aaa-app-config.xml
Compatibility
-------------
* Is this release compatible with the previous release?
Yes.
* Any API changes?
No.
* Any configuration changes?
Some CLI commands were modified for security and ease of use purposes. Nothing else.
Bugs Fixed
----------
* `6772 `_ When it is known some features have not activated fully, do not return 401
* `8717 `_ deprecate the existing mdsal AAA datastore impl
* `8572 `_ remove SecureBlockingQueue which is unused
* `8724 `_ clean AAA features
Known Issues
------------
* List key known issues with workarounds
* `5838 `_ token authentication fails intermittently
* `Link to Open Bugs `_
End-of-life
===========
* N/A
Standards
=========
* LDAP, JDBC, ActiveDirectory (less tested)
Release Mechanics
=================
* `Link to release plan `_
* Describe any major shifts in release schedule from the release plan
None.