Uploaded image for project: 'ONOS'
  1. ONOS
  2. ONOS-1159

Secure ONOS Apache Karaf Container

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 1.3.0
    • Component/s: None
    • Labels:
    • Story Points:
      5
    • Epic Link:
    • Sprint:
      Drake Sprint 2 (7/27-8/14) 2, Drake Sprint 3 (8/17-8/28)

      Description

      As a deployer of ONOS, I need to be able to trust that the ONOS has been protected from unauthorized access via CLI, REST API & GUI so that I can deploy it in sensitive environments.

      Implementation Notes:

      • Document & provide tools to change default set of credentials in Karaf in order to disable the untrusted passwordless bin/client and to enable trusted passwordless ssh access to the Karaf CLI.
      • Document & provide tools to configure HTTPS on Karaf/Jetty including on how to setup SSL certificates.
      • Modify ONOS REST web.xml file to require HTTPS.
      • Modify ONOS GUI web.xml file to require HTTPS.

      Potential extras:

      • Switch REST API security model to token-based authentication.
      • Enhance GUI to use form-based login for better aesthetics.

      Clearly, this epic story ought to be split into individual & smaller stories.
      Also, this would be an ideal project for external contributors as it offers high value, but has low intersect with other core features.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            tom Thomas Vachuska
            Reporter:
            tom Thomas Vachuska
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: