1. Build the project.
2. Run karaf(I lunched it from aaa project).
3. Install features-aaa (feature:install features-aaa)
4. Make sure all features installed (feature:list | grep aaa)
   Result:
   odl-aaa-shiro                        │ 0.16.1.SNAPSHOT  │          │ Started     │ odl-aaa-0.16.1-SNAPSHOT              │ ODL :: aaa :: odl-aaa-shiro
   odl-aaa-web                          │ 0.16.1.SNAPSHOT  │          │ Started     │ odl-aaa-0.16.1-SNAPSHOT              │ ODL :: aaa :: odl-aaa-web
   odl-aaa-cli                          │ 0.16.1.SNAPSHOT  │          │ Started     │ odl-aaa-cli                          │ ODL :: aaa :: odl-aaa-cli
   odl-aaa-api                          │ 0.16.1.SNAPSHOT  │          │ Started     │ odl-aaa-0.16.1-SNAPSHOT              │ ODL :: aaa :: odl-aaa-api
   odl-aaa-cert                         │ 0.16.1.SNAPSHOT  │          │ Started     │ odl-aaa-0.16.1-SNAPSHOT              │ ODL :: aaa :: odl-aaa-cert
   odl-apache-shiro                     │ 0.16.1.SNAPSHOT  │          │ Started     │ odl-aaa-0.16.1-SNAPSHOT              │ OpenDaylight :: Apache Shiro
   odl-aaa-password-service             │ 0.16.1.SNAPSHOT  │          │ Started     │ odl-aaa-0.16.1-SNAPSHOT              │ ODL :: aaa :: odl-aaa-password-service
   odl-aaa-encryption-service           │ 0.16.1.SNAPSHOT  │          │ Started     │ odl-aaa-0.16.1-SNAPSHOT              │ ODL :: aaa :: odl-aaa-encryption-service
   features-aaa                         │ 0.16.1.SNAPSHOT  │ x        │ Started     │ features-aaa                         │ ODL :: aaa :: features-aaa
5. Send request in postman. I was able to recreate this error with get-node request from my collection. Here how it's looks:
   http://127.0.0.1:8181/rests/data/network-topology:network-topology/topology=topology-netconf?content=all
   Result in Postman should be next:
   <html>
   <head>
   <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
   <title>Error 500 org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.</title>
   </head>
   <body><h2>HTTP ERROR 500 org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.</h2>
   <table>
   <tr><th>URI:</th><td>/rests/data/network-topology:network-topology/topology=topology-netconf</td></tr>
   <tr><th>STATUS:</th><td>500</td></tr>
   <tr><th>MESSAGE:</th><td>org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.</td></tr>
   <tr><th>SERVLET:</th><td>default</td></tr>
   <tr><th>CAUSED BY:</th><td>org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.</td></tr>
   </table>

   </body>
   </html>

   Aslo you can see logs in karaf after typing `log:exception-display` and next after it `log:tail` commands.
6. On this step you can use remote debug to look into problem.