<maven.javadoc.skip>true</maven.javadoc.skip>
<checkstyle.skip>true</checkstyle.skip>
</properties>
- <dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-core</artifactId>
- <version>1.3.2</version>
- </dependency>
- </dependencies>
- </dependencyManagement>
<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>jackson-databind</artifactId>
<scope>provided</scope>
</dependency>
-
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<dependency>
<groupId>com.highstreet-technologies.aaa</groupId>
<artifactId>aaa-shiro</artifactId>
- <version>0.12.3</version>
<exclusions>
<!-- <exclusion> -->
<!-- <groupId>org.opendaylight.aaa</groupId> -->
@Override
public String toString() {
- return "Config [providers=" + providers + ", redirectUri=" + redirectUri
- + ", supportOdlUsers=" + supportOdlUsers + ", tokenSecret=" + tokenSecret + ", tokenIssuer="
- + tokenIssuer + "]";
+ return "Config [providers=" + providers + ", redirectUri=" + redirectUri + ", supportOdlUsers="
+ + supportOdlUsers + ", tokenSecret=" + tokenSecret + ", tokenIssuer=" + tokenIssuer + "]";
}
if (isEnvExpression(supportOdlUsers)) {
this.supportOdlUsers = getProperty(supportOdlUsers, null);
}
+ if (this.providers != null && !this.providers.isEmpty()) {
+ for(OAuthProviderConfig cfg : this.providers) {
+ cfg.handleEnvironmentVars();
+ }
+ }
}
@JsonIgnore
static boolean isEnvExpression(String key) {
return key != null && key.contains(ENVVARIABLE);
}
+
public static String generateSecret() {
return generateSecret(30);
}
+
public static String generateSecret(int targetStringLength) {
int leftLimit = 48; // numeral '0'
int rightLimit = 122; // letter 'z'
public static Config getInstance() throws IOException {
return getInstance(DEFAULT_CONFIGFILENAME);
}
+
public static Config getInstance(String filename) throws IOException {
- if(_instance==null) {
+ if (_instance == null) {
_instance = load(filename);
}
return _instance;
public class OAuthProviderConfig {
private String url;
+ private String internalUrl;
private String clientId;
private String secret;
private String id;
private String title;
private String scope;
+ private String realmName;
+ private boolean trustAll;
private OAuthProvider type;
- private Map<String,String> roleMapping;
+ private Map<String, String> roleMapping;
public OAuthProvider getType() {
return type;
}
- public OAuthProviderConfig(String id, String url, String clientId, String secret, String scope,
- String title) {
+ public OAuthProviderConfig(String id, String url, String internalUrl, String clientId, String secret, String scope,
+ String title, String realmName, boolean trustAll) {
this.id = id;
this.url = url;
+ this.internalUrl = internalUrl;
this.clientId = clientId;
this.secret = secret;
this.scope = scope;
this.title = title;
+ this.realmName = realmName;
+ this.trustAll = trustAll;
this.roleMapping = new HashMap<>();
}
@Override
public String toString() {
- return "OAuthProviderConfig [host=" + url + ", clientId=" + clientId + ", secret=" + secret + ", id=" + id
- + ", title=" + title + ", scope=" + scope + ", type=" + type + "]";
+ return "OAuthProviderConfig [url=" + url + ", clientId=" + clientId + ", secret=" + secret + ", id=" + id
+ + ", title=" + title + ", scope=" + scope + ", realmName=" + realmName + ", trustAll=" + trustAll
+ + ", type=" + type + ", roleMapping=" + roleMapping + "]";
}
public void setType(OAuthProvider type) {
}
public OAuthProviderConfig() {
- this(null, null, null, null, null, null);
+ this(null, null, null, null, null, null, null, null, false);
}
public void setUrl(String url) {
return this.scope;
}
+ public String getRealmName() {
+ return realmName;
+ }
+
+ public void setRealmName(String realmName) {
+ this.realmName = realmName;
+ }
+
+ public boolean trustAll() {
+ return trustAll;
+ }
+
+ public void setTrustAll(boolean trustAll) {
+ this.trustAll = trustAll;
+ }
+
public Map<String, String> getRoleMapping() {
return roleMapping;
}
this.roleMapping = roleMapping;
}
+ public String getInternalUrl() {
+ return internalUrl;
+ }
+
+ public void setInternalUrl(String internalUrl) {
+ this.internalUrl = internalUrl;
+ }
+
@JsonIgnore
public void handleEnvironmentVars() {
- if (Config.isEnvExpression(id)) {
- this.id = Config.getProperty(id, null);
+ if (Config.isEnvExpression(this.id)) {
+ this.id = Config.getProperty(this.id, null);
+ }
+ if (Config.isEnvExpression(this.url)) {
+ this.url = Config.getProperty(this.url, null);
}
- if (Config.isEnvExpression(url)) {
- this.url = Config.getProperty(url, null);
+ if (Config.isEnvExpression(this.internalUrl)) {
+ this.internalUrl = Config.getProperty(this.internalUrl, null);
}
- if (Config.isEnvExpression(clientId)) {
- this.clientId = Config.getProperty(clientId, null);
+ if (Config.isEnvExpression(this.clientId)) {
+ this.clientId = Config.getProperty(this.clientId, null);
}
- if (Config.isEnvExpression(secret)) {
- this.secret = Config.getProperty(secret, null);
+ if (Config.isEnvExpression(this.secret)) {
+ this.secret = Config.getProperty(this.secret, null);
}
- if (Config.isEnvExpression(scope)) {
- this.scope = Config.getProperty(scope, null);
+ if (Config.isEnvExpression(this.scope)) {
+ this.scope = Config.getProperty(this.scope, null);
}
- if (Config.isEnvExpression(title)) {
- this.title = Config.getProperty(title, null);
+ if (Config.isEnvExpression(this.title)) {
+ this.title = Config.getProperty(this.title, null);
}
+ if (Config.isEnvExpression(this.realmName)) {
+ this.realmName = Config.getProperty(this.realmName, null);
+ }
+ }
+
+ @JsonIgnore
+ public String getUrlOrInternal() {
+ return this.internalUrl != null && this.internalUrl.length() > 0 ? this.internalUrl : this.url;
}
}
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.ShiroException;
import org.apache.shiro.codec.Base64;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.Subject;
import org.jolokia.osgi.security.Authenticator;
import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config;
private static final long serialVersionUID = 1L;
private static final String BASEURI = "/oauth";
private static final String LOGINURI = BASEURI + "/login";
- //private static final String LOGOUTURI = BASEURI + "/logout";
+ private static final String LOGOUTURI = BASEURI + "/logout";
private static final String PROVIDERSURI = BASEURI + "/providers";
public static final String REDIRECTURI = BASEURI + "/redirect";
private static final String REDIRECTURI_FORMAT = REDIRECTURI + "/%s";
this.sendResponse(resp, HttpServletResponse.SC_OK, getConfigs(this.providerStore.values()));
} else if (req.getRequestURI().startsWith(LOGINURI)) {
this.handleLoginRedirect(req, resp);
+ } else if (req.getRequestURI().equals(LOGOUTURI)) {
+ this.handleLogout(req, resp);
} else if (POLICIESURI.equals(req.getRequestURI())) {
this.sendResponse(resp, HttpServletResponse.SC_OK, this.getPoliciesForUser(req));
} else if (req.getRequestURI().startsWith(REDIRECTURI)) {
}
}
-
+ private void handleLogout(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ this.logout();
+ this.sendResponse(resp, HttpServletResponse.SC_OK,"");
+ }
private void handleLoginRedirect(HttpServletRequest req, HttpServletResponse resp) throws IOException {
final String uri = req.getRequestURI();
final Matcher matcher = LOGIN_REDIRECT_PATTERN.matcher(uri);
os.write(output);
}
-
+ private void logout() {
+ final Subject subject = SecurityUtils.getSubject();
+ try {
+ subject.logout();
+ Session session = subject.getSession(false);
+ if (session != null) {
+ session.stop();
+ }
+ } catch (ShiroException e) {
+ LOG.debug("Couldn't log out {}", subject, e);
+ }
+ }
}
this.redirectUri = redirectUri;
this.mapper = new ObjectMapper();
this.mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
- this.httpClient = new MappingBaseHttpClient(this.config.getUrl());
+ this.httpClient = new MappingBaseHttpClient(this.config.getUrlOrInternal(), this.config.trustAll());
}
public PublicOAuthProviderConfig getConfig() {
@Override
protected String getTokenVerifierUri() {
- return "/auth/realms/onap/protocol/openid-connect/token";
+ return String.format("/auth/realms/%s/protocol/openid-connect/token", urlEncode(this.config.getRealmName()));
}
@Override
protected String getLoginUrl(String callbackUrl) {
return String.format(
- "%s/auth/realms/onap/protocol/openid-connect/auth?client_id=%s&response_type=code&scope=%s&redirect_uri=%s",
- this.config.getUrl(), urlEncode(this.config.getClientId()), this.config.getScope(),
- urlEncode(callbackUrl));
+ "%s/auth/realms/%s/protocol/openid-connect/auth?client_id=%s&response_type=code&scope=%s&redirect_uri=%s",
+ this.config.getUrl(), urlEncode(this.config.getRealmName()), urlEncode(this.config.getClientId()),
+ this.config.getScope(), urlEncode(callbackUrl));
}
@Override
protected List<String> mapRoles(List<String> data) {
- final Map<String,String> map = this.config.getRoleMapping();
+ final Map<String, String> map = this.config.getRoleMapping();
List<String> filteredRoles =
data.stream().filter(role -> !role.equals("uma_authorization") && !role.equals("offline_access"))
.map(r -> map.getOrDefault(r, r)).collect(Collectors.toList());
public static void init() {
TokenCreator tokenCreator = TokenCreator.getInstance(TOKENCREATOR_SECRET, "issuer");
- OAuthProviderConfig config =
- new OAuthProviderConfig("git", GITURL, "odlux.app", OAUTH_SECRET, "openid", "gitlab test");
+ OAuthProviderConfig config = new OAuthProviderConfig("git", GITURL, null, "odlux.app", OAUTH_SECRET, "openid",
+ "gitlab test", "", false);
oauthService = new GitlabProviderServiceToTest(config, REDIRECT_URI, tokenCreator);
try {
initGitlabTestWebserver(PORT, "/");
}
return null;
}
+
public static class MyHandler implements HttpHandler {
private static final String GITLAB_TOKEN_ENDPOINT = "/oauth/token";
private static final String GITLAB_USER_ENDPOINT = "/api/v4/user";
private static final String GITLAB_GROUP_ENDPOINT = "/api/v4/groups?min_access_level=10";
- private static final String GITLAB_TOKEN_RESPONSE = loadResourceFileContent("src/test/resources/oauth/gitlab-token-response.json");
- private static final String GITLAB_USER_RESPONSE =loadResourceFileContent("src/test/resources/oauth/gitlab-user-response.json");
- private static final String GITLAB_GROUP_RESPONSE =loadResourceFileContent("src/test/resources/oauth/gitlab-groups-response.json");
+ private static final String GITLAB_TOKEN_RESPONSE =
+ loadResourceFileContent("src/test/resources/oauth/gitlab-token-response.json");
+ private static final String GITLAB_USER_RESPONSE =
+ loadResourceFileContent("src/test/resources/oauth/gitlab-user-response.json");
+ private static final String GITLAB_GROUP_RESPONSE =
+ loadResourceFileContent("src/test/resources/oauth/gitlab-groups-response.json");
@Override
public void handle(HttpExchange t) throws IOException {
String response = "";
try {
if (method.equals("GET")) {
- if(uri.equals(GITLAB_USER_ENDPOINT)) {
+ if (uri.equals(GITLAB_USER_ENDPOINT)) {
t.sendResponseHeaders(200, GITLAB_USER_RESPONSE.length());
os = t.getResponseBody();
os.write(GITLAB_USER_RESPONSE.getBytes());
- }
- else if(uri.equals(GITLAB_GROUP_ENDPOINT)) {
+ } else if (uri.equals(GITLAB_GROUP_ENDPOINT)) {
t.sendResponseHeaders(200, GITLAB_GROUP_RESPONSE.length());
os = t.getResponseBody();
os.write(GITLAB_GROUP_RESPONSE.getBytes());
}
} else if (method.equals("POST")) {
- if(uri.equals(GITLAB_TOKEN_ENDPOINT)){
+ if (uri.equals(GITLAB_TOKEN_ENDPOINT)) {
t.sendResponseHeaders(200, GITLAB_TOKEN_RESPONSE.length());
os = t.getResponseBody();
os.write(GITLAB_TOKEN_RESPONSE.getBytes());
- }
- else {
+ } else {
t.sendResponseHeaders(404, 0);
}
} else {
public static void init() {
TokenCreator tokenCreator = TokenCreator.getInstance(TOKENCREATOR_SECRET, "issuer");
- OAuthProviderConfig config =
- new OAuthProviderConfig("kc", KEYCLOAKURL, "odlux.app", OAUTH_SECRET, "openid", "keycloak test");
+ OAuthProviderConfig config = new OAuthProviderConfig("kc", KEYCLOAKURL, null, "odlux.app", OAUTH_SECRET,
+ "openid", "keycloak test", "onap", false);
oauthService = new KeycloakProviderServiceToTest(config, REDIRECT_URI, tokenCreator);
try {
initKeycloakTestWebserver(PORT, "/");
public static class KeycloakProviderServiceToTest extends KeycloakProviderService {
- public KeycloakProviderServiceToTest(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) {
+ public KeycloakProviderServiceToTest(OAuthProviderConfig config, String redirectUri,
+ TokenCreator tokenCreator) {
super(config, redirectUri, tokenCreator);
}
}
}
return null;
}
+
public static class MyHandler implements HttpHandler {
private static final String KEYCLOAK_TOKEN_ENDPOINT = "/auth/realms/onap/protocol/openid-connect/token";
- private static final String KEYCLOAK_TOKEN_RESPONSE = loadResourceFileContent("src/test/resources/oauth/keycloak-token-response.json");
+ private static final String KEYCLOAK_TOKEN_RESPONSE =
+ loadResourceFileContent("src/test/resources/oauth/keycloak-token-response.json");
@Override
public void handle(HttpExchange t) throws IOException {
System.out.println(String.format("req received: %s %s", method, t.getRequestURI()));
OutputStream os = null;
try {
- if (method.equals("POST")) {
- if(uri.equals(KEYCLOAK_TOKEN_ENDPOINT)){
+ if (method.equals("POST")) {
+ if (uri.equals(KEYCLOAK_TOKEN_ENDPOINT)) {
t.sendResponseHeaders(200, KEYCLOAK_TOKEN_RESPONSE.length());
os = t.getResponseBody();
os.write(KEYCLOAK_TOKEN_RESPONSE.getBytes());
- }
- else {
+ } else {
t.sendResponseHeaders(404, 0);
}
} else {
terms of the Eclipse Public License v1.0 which accompanies this distribution,
and is available at http://www.eclipse.org/legal/epl-v10.html , or the Apache License,
Version 2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0
-
SPDX-License-Identifier: EPL-1.0 OR Apache-2.0
-->
///////////////////////////////////////////////////////////////////////////////////////
-->
-
<shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
+ <!--
+ ///////////////////////////////////////////////////////////////////////////////////
+ // shiro-configuration is the model based container that contains all shiro //
+ // related information used in ODL AAA configuration. It is the sole pain of //
+ // glass for shiro related configuration, and is how to configure shiro concepts //
+ // such as: //
+ // * realms //
+ // * urls //
+ // * security manager settings //
+ // //
+ // In general, you really shouldn't muck with the settings in this file. The //
+ // way an operator should configure AAA shiro settings is through one of ODL's //
+ // northbound interfaces (i.e., RESTCONF or NETCONF). These are just the //
+ // defaults if no values are specified in MD-SAL. The reason this file is so //
+ // verbose is for two reasons: //
+ // 1) to demonstrate payload examples for plausible configuration scenarios //
+ // 2) to allow bootstrap of the controller (first time start) since otherwise //
+ // configuration becomes a chicken and the egg problem. //
+ // //
+ ///////////////////////////////////////////////////////////////////////////////////
+ -->
+
+ <!--
+ ===================================================================================
+ = =
+ = =
+ = MAIN =
+ = =
+ = =
+ ===================================================================================
+ -->
+
+ <!--
+ ===================================================================================
+ ============================ ODLJndiLdapRealmAuthNOnly ============================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with an external LDAP =
+ = server for authentication only. For authorization support, refer =
+ = to ODLJndiLdapRealm. =
+ ===================================================================================
+ -->
+ <!-- Start ldapRealm commented out
+ <main>
+ <pair-key>ldapRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.userDnTemplate</pair-key>
+ <pair-value>uid={0},ou=People,dc=DOMAIN,dc=TLD</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.contextFactory.url</pair-key>
+ <pair-value>ldap://<URL>:389</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.searchBase</pair-key>
+ <pair-value>dc=DOMAIN,dc=TLD</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.groupRolesMap</pair-key>
+ <pair-value>"person":"admin", "organizationalPerson":"user"</pair-value>
+ </main>
+ <main>
+ <pair-key>ldapRealm.ldapAttributeForComparison</pair-key>
+ <pair-value>objectClass</pair-value>
+ </main>
+ End ldapRealm commented out-->
+
+ <!--
+ ===================================================================================
+ ============================= ODLActiveDirectoryRealm =============================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with an external AD =
+ = IDP server. =
+ ===================================================================================
+ -->
+ <!-- Start adRealm commented out
+ <main>
+ <pair-key>adRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.ODLActiveDirectoryRealm</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.searchBase</pair-key>
+ <pair-value>"CN=Users,DC=example,DC=com"</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.systemUsername</pair-key>
+ <pair-value>aduser@example.com</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.systemPassword</pair-key>
+ <pair-value>adpassword</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.url</pair-key>
+ <pair-value>ldaps://adserver:636</pair-value>
+ </main>
+ <main>
+ <pair-key>adRealm.groupRolesMap</pair-key>
+ <pair-value>"CN=sysadmin,CN=Users,DC=example,DC=com":"admin", "CN=unprivileged,CN=Users,DC=example,DC=com":"user"</pair-value>
+ </main>
+ End adRealm commented out-->
+
+ <!--
+ ===================================================================================
+ ================================== ODLJdbcRealm ===================================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with an external JDBC =
+ = DBMS. =
+ ===================================================================================
+ -->
+ <!-- Start jdbcRealm commented out
+ <main>
+ <pair-key>ds</pair-key>
+ <pair-value>com.mysql.jdbc.Driver</pair-value>
+ </main>
+ <main>
+ <pair-key>ds.serverName</pair-key>
+ <pair-value>localhost</pair-value>
+ </main>
+ <main>
+ <pair-key>ds.user</pair-key>
+ <pair-value>user</pair-value>
+ </main>
+ <main>
+ <pair-key>ds.password</pair-key>
+ <pair-value>password</pair-value>
+ </main>
+ <main>
+ <pair-key>ds.databaseName</pair-key>
+ <pair-value>db_name</pair-value>
+ </main>
+ <main>
+ <pair-key>jdbcRealm</pair-key>
+ <pair-value>ODLJdbcRealm</pair-value>
+ </main>
+ <main>
+ <pair-key>jdbcRealm.dataSource</pair-key>
+ <pair-value>$ds</pair-value>
+ </main>
+ <main>
+ <pair-key>jdbcRealm.authenticationQuery</pair-key>
+ <pair-value>"SELECT password FROM users WHERE user_name = ?"</pair-value>
+ </main>
+ <main>
+ <pair-key>jdbcRealm.userRolesQuery</pair-key>
+ <pair-value>"SELECT role_name FROM user_rolesWHERE user_name = ?"</pair-value>
+ </main>
+ End jdbcRealm commented out-->
+ <!--
+ ===================================================================================
+ ================================= TokenAuthRealm ==================================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation utilizing a per node H2 database store. =
+ ===================================================================================
+ -->
+<!-- <main> -->
+<!-- <pair-key>tokenAuthRealm</pair-key> -->
+<!-- <pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value> -->
+<!-- </main> -->
<main>
<pair-key>tokenAuthRealm</pair-key>
<pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm</pair-value>
</main>
+ <!--
+ ===================================================================================
+ =================================== MdsalRealm ====================================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation utilizing the aaa.yang model. =
+ ===================================================================================
+ -->
+ <!-- Start mdsalRealm commented out
+ <main>
+ <pair-key>mdsalRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.MdsalRealm</pair-value>
+ </main>
+ End mdsalRealm commented out-->
+
+ <!--
+ ===================================================================================
+ ================================= MoonAuthRealm ===================================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with OPNFV Moon. =
+ ===================================================================================
+ -->
+ <!-- Start moonAuthRealm commented out
+ <main>
+ <pair-key>moonAuthRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.MoonRealm</pair-value>
+ </main>
+ <main>
+ <pair-key>moonAuthRealm.moonServerURL</pair-key>
+ <pair-value>http://<host>:<port></pair-value>
+ </main>
+ End moonAuthRealm commented out-->
+
+ <!--
+ ===================================================================================
+ ================================= KeystoneAuthRealm == ============================
+ ===================================================================================
+ = =
+ = Description: A Realm implementation aimed at federating with an OpenStack =
+ = Keystone. =
+ ===================================================================================
+ -->
+ <!-- Start keystoneAuthRealm commented out
+ <main>
+ <pair-key>keystoneAuthRealm</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm</pair-value>
+ </main>
+ <main>
+ <pair-key>keystoneAuthRealm.url</pair-key>
+ <pair-value>https://<host>:<port></pair-value>
+ </main>
+ <main>
+ <pair-key>keystoneAuthRealm.sslVerification</pair-key>
+ <pair-value>true</pair-value>
+ </main>
+ <main>
+ <pair-key>keystoneAuthRealm.defaultDomain</pair-key>
+ <pair-value>Default</pair-value>
+ </main>
+ -->
+
+ <!--
+ Add tokenAuthRealm as the only realm. To enable mdsalRealm, add it to the list to he right of tokenAuthRealm.
+ -->
<main>
<pair-key>securityManager.realms</pair-key>
<pair-value>$tokenAuthRealm</pair-value>
<pair-key>authcBearer</pair-key>
<pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2</pair-value>
</main>
+
+ <!-- Start moonAuthRealm commented out
+ <main>
+ <pair-key>rest</pair-key>
+ <pair-value>org.opendaylight.aaa.shiro.filters.MoonOAuthFilter</pair-value>
+ </main>
+ End moonAuthRealm commented out-->
<!-- in order to track AAA challenge attempts -->
<main>
<pair-key>dynamicAuthorization</pair-key>
<pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
</main>
+<!-- <main> -->
+<!-- <pair-key>securityManager.sessionManager.sessionIdCookieEnabled</pair-key> -->
+<!-- <pair-value>false</pair-value> -->
+<!-- </main> -->
-
+ <!--
+ ===================================================================================
+ = =
+ = =
+ = URLS =
+ = =
+ = =
+ ===================================================================================
+ -->
+ <!-- Start moonAuthRealm commented out
+ <urls>
+ <pair-key>/token</pair-key>
+ <pair-value>rest</pair-value>
+ </urls>
+ End moonAuthRealm commented out-->
<urls>
<pair-key>/**/operations/cluster-admin**</pair-key>
<pair-value>dynamicAuthorization</pair-value>
"clientId": "odlux.app",
"secret": "5da4ea3d-8cc9-4669-bd7e-3ecb91d120cd",
"scope": "openid",
- "title": "OSNL Keycloak Provider"
+ "title": "OSNL Keycloak Provider",
+ "realmName":"onap"
}
]
}
\ No newline at end of file