X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=README.md;h=e5b6090f23722685393b46305a418d5865e96ada;hb=aef5d4ba9128c0cc4418b6dd9e12533b3d76bc84;hp=4eaed8ab21465bc7d7e45835ce99c9128169fd69;hpb=46e851eb9dc2ba62f8be94c1b8ebf3a58fcaf860;p=clamp.git diff --git a/README.md b/README.md index 4eaed8ab..e5b6090f 100644 --- a/README.md +++ b/README.md @@ -45,11 +45,6 @@ Note that all others configurations can be configured in the JSON as well, "spring.datasource.cldsdb.username": "admin", "spring.datasource.cldsdb.password": "password" - "clamp.config.sdc.catalog.url": "https://sdchost:8443/sdc/v1/catalog/", - "clamp.config.sdc.hostUrl": "https://sdchost:8443/", - "clamp.config.sdc.serviceUrl": "https://sdchost:8443/sdc/v1/catalog/services", - "clamp.config.sdc.serviceUsername": "clamp", - "clamp.config.sdc.servicePassword": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981", "clamp.config.dcae.inventory.url": "http://dcaegen2.host:8080", "clamp.config.dcae.dispatcher.url": "http://dcaegen2.host:8080", "clamp.config.policy.pdpUrl1": "https://policy-pdp.host:9091/pdp/ , testpdp, alpha123", @@ -122,7 +117,48 @@ You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/ ## Clamp Credentials -Credentials should be specified in `src/main/resources/clds/clds-users.json`. You might specify you own credential file by redefining the `clamp.config.files.cldsUsers` in `application.properties`. +There are two mechanisms that can enabled for the authentication, one or the other never both at the same time. +They can be enabled in the application.properties. + +1. AAF CA +There is a section for SSL enablement and cadi configuration (for AAF) + one spring profile to enable + +server.port=8443 +server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12 +server.ssl.key-store-password=China in the Spring +server.ssl.key-password=China in the Spring +server.ssl.key-store-type=PKCS12 +server.ssl.key-alias=clamp@clamp.onap.org +server.ssl.client-auth=want +server.ssl.trust-store=classpath:/clds/aaf/truststoreONAPall.jks +server.ssl.trust-store-password=changeit + +server.http-to-https-redirection.port=8080 +.... +spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller +.... +clamp.config.cadi.keyFile=classpath:/clds/aaf/org.onap.clamp.keyfile +clamp.config.cadi.cadiLoglevel=DEBUG +clamp.config.cadi.cadiLatitude=37.78187 +clamp.config.cadi.cadiLongitude=-122.26147 +clamp.config.cadi.aafLocateUrl=https://aaf.api.simpledemo.onap.org:8095 +clamp.config.cadi.cadiKeystorePassword=enc:V_kq_EwDNb4itWp_lYfDGXIWJzemHGkhkZOxAQI9IHs +clamp.config.cadi.cadiTruststorePassword=enc:Mj0YQqNCUKbKq2lPp1kTFQWeqLxaBXKNwd5F1yB1ukf +clamp.config.cadi.aafEnv=DEV +clamp.config.cadi.aafUrl=https://AAF_LOCATE_URL/AAF_NS.service:2.0 +clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US + +In that case a certificate must be added in the browser and is required to login properly +Please check that section to get the certificate +https://wiki.onap.org/display/DW/Control+Loop+Flows+and+Models+for+Casablanca#ControlLoopFlowsandModelsforCasablanca-Configure + +Or it can be found in the Clamp source code folder src/main/resources/clds/aaf +(Default Password: "China in the Spring") + +2. Spring authentication +It's possible to enable the spring authentication by disabling the "clamp-aaf-authentication" profile and enabling only the "clamp-default-user" +spring.profiles.active=clamp-default,clamp-default-user,clamp-sdc-controller +In that case, the credentials should be specified in `src/main/resources/clds/clds-users.json`. You might specify you own credential file by redefining the `clamp.config.files.cldsUsers` in `application.properties`. Passwords should be hashed using Bcrypt : ``` @@ -132,4 +168,9 @@ Passwords should be hashed using Bcrypt : Default credentials are admin/password and cs0008/password. +There is a spring file that disables the AAF and enable the Spring authentication by default. +To use it just add +--spring.config.name=application-noaaf + +to the jvm parameters. This file is available by default in the java classpath resource folder. \ No newline at end of file