Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
OpenDaylight Cookbook

You're reading from   OpenDaylight Cookbook Deploy and operate software-defined networking in your organization

Arrow left icon
Product type Paperback
Published in Jun 2017
Publisher Packt
ISBN-13 9781786462305
Length 336 pages
Edition 1st Edition
Concepts
Arrow right icon
Authors (6):
Arrow left icon
Rashmi Pujar Rashmi Pujar
Author Profile Icon Rashmi Pujar
Rashmi Pujar
ICARO CAMELO ICARO CAMELO
Author Profile Icon ICARO CAMELO
ICARO CAMELO
Mohamed Elserngawy Mohamed Elserngawy
Author Profile Icon Mohamed Elserngawy
Mohamed Elserngawy
Jamie Goodyear Jamie Goodyear
Author Profile Icon Jamie Goodyear
Jamie Goodyear
Mathieu Lemay Mathieu Lemay
Author Profile Icon Mathieu Lemay
Mathieu Lemay
Yrineu Rodrigues Yrineu Rodrigues
Author Profile Icon Yrineu Rodrigues
Yrineu Rodrigues
+2 more Show less
Arrow right icon
View More author details
Toc

Table of Contents (9) Chapters Close

Preface 1. OpenDaylight Fundamentals 2. Virtual Customer Edge FREE CHAPTER 3. Dynamic Interconnects 4. Network Virtualization 5. Virtual Core and Aggregation 6. Intent and Policy Networking 7. OpenDaylight Container Customizations 8. Authentication and Authorization

Changing user authentication

OpenDaylight's security is, in part, provided by the AAA project, which implements mechanisms to bring:

  • Authentication: Used to authenticate the users
  • Authorization: Used to authorize access to resources for a given user
  • Accounting: Used to record user's access to resources

By default, when you install any features, AAA authentication will be installed. It provides two users by default:

  • User admin with password admin
  • User user with password user

Getting ready

How to do it...

Perform the following steps:

  1. Start your OpenDaylight distribution using the karaf script. Using this script will give you access to the Karaf CLI:
$ ./bin/karaf 
  1. Install the user-facing feature, responsible for pulling in all dependencies needed to enable user authentication:
opendaylight-user@root>feature:install odl-aaa-authn  

It might take a few minutes to complete the installation.

  1. To retrieve the list of existing users, send the following request:
  • Type: GET
  • Headers:

Authorization: Basic YWRtaW46YWRtaW4=

  • URL: http://localhost:8181/auth/v1/users
{ 
"users": [
{
"userid": "admin@sdn",
"name": "admin",
"description": "admin user",
"enabled": true,
"email": "",
"password": "**********",
"salt": "**********",
"domainid": "sdn"
},
{
"userid": "user@sdn",
"name": "user",
"description": "user user",
"enabled": true,
"email": "",
"password": "**********",
"salt": "**********",
"domainid": "sdn"
}
]
}
  1. Update the configuration of a user.

First, you need the userid that can be retrieved using the previous request. For this tutorial, we will use userid=user@sdn.

To update the password for this user, do the following request:

  • Type: PUT
  • Headers:

Authorization: Basic YWRtaW46YWRtaW4=

This is the basic admin/admin authorization. We will not modify this one.

  • Payload:
{ 
"userid": "user@sdn",
"name": "user",
"description": "user user",
"enabled": true,
"email": "",
"password": "newpassword",
"domainid": "sdn"
}
  • URL: http://localhost:8181/auth/v1/users/user@sdn

Once sent, you will receive the acknowledged payload.

  1. Try your new user's password. Open your browser and go here http://localhost:8181/auth/v1/users, you should be asked for credentials. Use:
    • Username: user
    • Password: newpassword

You should now be logged in with the new, updated password for the user.

How it works...

The AAA project supports role-based access control (RBAC) based on the Apache Shiro permissions system. It defines a REST application used to interact with the h2 database. Each table has its own REST endpoint that can be used using a REST client to modify the h2 database content, such as the user information.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime