#
-# Copyright (c) 2015-2016 Brocade Communications Systems, Inc. and others. All rights reserved.
+# Copyright (c) 2015-2017 Brocade Communications Systems, Inc. and others. All rights reserved.
#
# This program and the accompanying materials are made available under the
# terms of the Eclipse Public License v1.0 which accompanies this distribution,
# - TokenAuthRealm (enabled by default) #
# - ODLJndiLdapRealm (disabled by default) #
# - ODLJndiLdapRealmAuthNOnly (disabled by default) #
+# - ODLActiveDirectoryRealm (disabled by default) #
+# - KeystoneAuthRealm (disabled by default) #
+# #
# Basic user configuration through shiro.ini is disabled for security #
# purposes. #
###############################################################################
-
-
[main]
###############################################################################
# realms #
# #
# This section is dedicated to setting up realms for OpenDaylight. Realms #
# are essentially different methods for providing AAA. ODL strives to provide#
-# highly-configurable AAA by providing pluggable infrastructure. By deafult, #
+# highly-configurable AAA by providing pluggable infrastructure. By default, #
# TokenAuthRealm is enabled out of the box (which bridges to the existing AAA #
# mechanisms). More than one realm can be enabled, and the realms are #
# tried Round-Robin until: #
#moonAuthRealm = org.opendaylight.aaa.shiro.realm.MoonRealm
#moonAuthRealm.moonServerURL = http://<host>:<port>
-# ODL provides a KeystoneAuthRealm to authenticate access against an OpenStack
-# Keystone (v3) instance. At this time the authentication is 'unscoped' and
-# authorization is not supported.
+# The KeystoneAuthRealm allows for authentication/authorization against an
+# OpenStack's Keystone server. It uses the Identity's API v3 or later.
#keystoneAuthRealm = org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm
+# The URL where the Keystone server exposes the Identity's API v3 the URL
+# can be either HTTP or HTTPS and it is mandatory for this realm.
#keystoneAuthRealm.url = https://<host>:<port>
+# Optional parameter to make the realm verify the certificates in case of HTTPS
#keystoneAuthRealm.sslVerification = true
-# Default domain to use if not specified within the provided credentials.
+# Optional parameter to set up a default domain for requests using credentials
+# without domain, uncomment in case you want a different value from the hard-coded
+# one "Default"
#keystoneAuthRealm.defaultDomain = Default
# The CSV list of enabled realms. In order to enable a realm, add it to the