From: Matej.Sramcik Date: Wed, 31 May 2023 08:37:22 +0000 (+0200) Subject: Cleanup AAA readme X-Git-Tag: v0.16.10~8 X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=commitdiff_plain;h=88cc3b44cb25d7ee827e4464ff85505cbcb944cc;p=aaa.git Cleanup AAA readme Update Java, Maven and Python versions. Remove occurrences of Oauth2. JIRA: AAA-260 Change-Id: Ied5296d8338d330570f8679a64b10981f508c72d Signed-off-by: Matej Sramcik (cherry picked from commit 58bbd90c6cc75614208b6213832fc70b3bca4044) --- diff --git a/README.md b/README.md index 9b768323b..c8c5a2088 100644 --- a/README.md +++ b/README.md @@ -20,9 +20,9 @@ The following caveats are applicable to the current AAA implementation: *Prerequisite:* The followings are required for building AAA: -- Maven 3.5.2+ -- JDK8 -- Python 2.7+ (optional) for running wrapper scripts +- Maven 3.8.3+ +- JDK 17 +- Python 3.7+ (optional) for running wrapper scripts Get the code: @@ -48,24 +48,19 @@ following command: ### Running Once the installation finishes, one can authenticate with the OpenDaylight controller by presenting a username/password -and a domain name (scope): +to access protected resources. +Example: - curl -s -d 'grant_type=password&username=admin&password=admin&scope=sdn' http://:/oauth2/token + curl -s -H 'Authorization: Basic YWRtaW46YWRtaW4=' \ + http://:/rests/data/...?content=config -Upon successful authentication, the controller returns an access token with a configurable expiration in seconds, -something similar to the followings: -```json -{ - "expires_in": 3600, - "token_type": "Bearer", - "access_token": "d772d85e-34c7-3099-bea5-cfafd3c747cb" -} -``` -The access token can then be used to access protected resources on the controller by passing it along in the standard -HTTP Authorization header with the resource request. Example: +Upon successful authentication, session cookie will be created, which can be then used to access protected resources +during session, instead of providing username/password. +Example: + + curl -s -H 'Cookie: JSESSIONID=node0x12lwsvqbaxx15981soehtqed1.node0' \ + http://:/rests/data/...?content=config - curl -s -H 'Authorization: Bearer d772d85e-34c7-3099-bea5-cfafd3c747cb' \ - http://:/restconf/operational/opendaylight-inventory:nodes ### Defaults @@ -97,15 +92,15 @@ the simpler to deploy (i.e., no external system dependency) and hence being the #### Direct In this use-case, a user presents some credentials (e.g., username/password) directly to the Opendaylight (ODL) -controller token endpoint `/oauth2/token` and receives an access token, which then can be used to access protected -resources on the controller, similar to the example we saw in the Quickstart section. +controller and receives a session cookie, which can be then used to access protected resources on the controller, +similar to the example we saw in the Quickstart section. #### Federated In the federated use-case, the responsibility of authentication is delegated to a third-party IdP (perhaps, an enterprise-level IdP). -For more information, consult ODLJndiLdapRealm and ODLJndiLdapRealmAuthnOnly documentation. +For more information, consult ODLJndiLdapRealm and ODLJndiLdapRealmAuthNOnly documentation. ### Authorization & Access Control