You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2021/11/30 10:47:00 UTC
[syncope] 01/02: Clarifying usage of AES
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 2_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 5350713a7576ad347d17d241827552fcf2a50d93
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Mon Nov 29 11:24:12 2021 +0100
Clarifying usage of AES
---
src/main/asciidoc/getting-started/movingForward.adoc | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc
index e67373a..b2058d6 100644
--- a/src/main/asciidoc/getting-started/movingForward.adoc
+++ b/src/main/asciidoc/getting-started/movingForward.adoc
@@ -34,11 +34,15 @@ various security properties have been changed to values specific to your deploym
The following values must be changed from the defaults in the `security.properties` file:
-* *adminPassword* - The cleartext password as encoded per the "adminPasswordAlgorithm" value (SSHA256 by default), the default value of which is "password".
-* *secretKey* - The secret key value used for AES ciphering. Only required if either:
-** the value for "*adminPasswordAlgorithm*" is "AES" or
-** the configuration parameter "password.cipher.algorithm" is changed to "AES" (See section 4.6.14 "Configuration Parameters" of
-the Reference Guide for more information).
+* *adminPassword* - The cleartext password as encoded per the `adminPasswordAlgorithm` value (`SSHA256` by default), the
+default value of which is "password".
+* *secretKey* - The secret key value used for AES ciphering; AES is used by the use cases below:
+ ** if the value for `adminPasswordAlgorithm` is `AES` or the configuration parameter `password.cipher.algorithm` is
+changed to `AES`
+ ** if set for Encrypted Plain Schema instances
+ ** for Linked Accounts' password values
+ ** to securely store Access Token's cached authorities
+ ** within some of the predefined rules used by Password Policies
* *anonymousKey* - The key value to use for anonymous requests.
* *jwsKey* - The symmetric signing key used to sign access tokens. See section 4.4.1 "REST Authentication and
Authorization" of the Reference Guide for more information.