There is an issue with the API used to validate user access in the DomainHandler class. When a correct request is made, the response includes this error message:

{
    "message": "password does not match for username: admin",
    "details": null,
    "code": 500
} 

The problem is that the code is comparing the user's password with an encrypted password. More in attached image.

Steps to reproduce:

1) Start Karaf with:
feature:install odl-netconf-topology odl-restconf-nb
2) Validate default 'admin' user with request:

curl --request POST 'http://localhost:8181/auth/v1/domains/sdn/users/roles' \
--header 'Authorization: Basic YWRtaW46YWRtaW4=' \
--header 'Content-Type: application/json' \
--data-raw '{
    "username": "admin",
    "userpwd": "admin"
}' 

IMHO, providing a password for this request is unnecessary.