You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by co...@apache.org on 2017/06/22 12:05:47 UTC

syncope git commit: SYNCOPE-1117 - Update the getting started docs with information about changing default security values

Repository: syncope
Updated Branches:
  refs/heads/master 16096f6d8 -> a18b08c14


SYNCOPE-1117 - Update the getting started docs with information about changing default security values


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a18b08c1
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a18b08c1
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a18b08c1

Branch: refs/heads/master
Commit: a18b08c144abf2c1ae56c1cde89bfcda2267d4c1
Parents: 16096f6
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Jun 22 13:05:23 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jun 22 13:05:23 2017 +0100

----------------------------------------------------------------------
 .../asciidoc/getting-started/movingForward.adoc   | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/a18b08c1/src/main/asciidoc/getting-started/movingForward.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc
index 7ebb7c6..fd5f84f 100644
--- a/src/main/asciidoc/getting-started/movingForward.adoc
+++ b/src/main/asciidoc/getting-started/movingForward.adoc
@@ -28,3 +28,21 @@ ifeval::["{backend}" == "pdf"]
 http://syncope.apache.org/docs/reference-guide.pdf[Apache Syncope Reference Guide]
 endif::[]
 to understand how to configure, extend, customize and deploy your new Apache Syncope project.
+
+Before deploying your Apache Syncope installation into production, it is essential to ensure that the default values for 
+various security properties have been changed to values specific to your deployment. 
+
+The following values must be changed from the defaults in the `security.properties` file:
+
+* *adminPassword* - The SHA1 hash evaluation of the cleartext password, the default value of which is "password".
+* *secretKey* - The secret key value used for AES ciphering. Only required if either:
+** the value for "*adminPasswordAlgorithm*" is "AES" or
+** the configuration parameter "password.cipher.algorithm" is changed to "AES" (See section 4.6.12 "Configuration Parameters" of
+the Reference Guide for more information).
+* *anonymousKey* - The key value to use for anonymous requests.
+* *jwsKey* - The symmetric signing key used to sign access tokens (Syncope 2.0.3 onwards only). See section 4.4.1 "REST Authentication and 
+Authorization" of the Reference Guide for more information.
+
+Note that if you installed Syncope using either the installer or the maven archetype methods, then you will have already
+supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 2.0.4 onwards, both installation methods will also
+query for "*jwsKey*", meaning that only the "*adminPassword*" must be changed for these installation methods.