[CONTROLLER-850] Separate admin port Created: 17/Sep/14 Updated: 23/Nov/15 Resolved: 23/Nov/15 |
|
| Status: | Resolved |
| Project: | controller |
| Component/s: | karaf |
| Affects Version/s: | Helium |
| Fix Version/s: | None |
| Type: | Bug | ||
| Reporter: | Liem Nguyen | Assignee: | Ryan Goulding |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Operating System: All |
||
| External issue ID: | 1936 |
| Description |
|
Admin APIs (such as AAA IdM APIs for creating users/roles/domains) should run on a separate port for better security (e.g., firewall). Currently, all APIs (service and admin) on ODL run on the same Jetty port. See https://git.opendaylight.org/gerrit/#/c/10655/ for proposed Admin port. |
| Comments |
| Comment by Liem Nguyen [ 18/Sep/14 ] |
|
Changing to critical since federation in AAA also needs this port as the "trusted" port for proxying SSSD claim auth requests. This port is only exposed on localhost. |
| Comment by Liem Nguyen [ 19/Sep/14 ] |
|
Lowering severity, as this can be documented as to how open new connectors on the Jetty server (however, I always favor "sensible defaults") |
| Comment by Carol Sanders [ 04/May/15 ] |
|
This bug is part of the project to Move all ADSAL associated component bugs to ADSAL |
| Comment by Ryan Goulding [ 23/Nov/15 ] |
|
This was solved through documentation quite some time ago. |