You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2021/11/30 10:47:00 UTC

[syncope] 01/02: Clarifying usage of AES

This is an automated email from the ASF dual-hosted git repository.

ilgrosso pushed a commit to branch 2_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git

commit 5350713a7576ad347d17d241827552fcf2a50d93
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Mon Nov 29 11:24:12 2021 +0100

    Clarifying usage of AES
---
 src/main/asciidoc/getting-started/movingForward.adoc | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc
index e67373a..b2058d6 100644
--- a/src/main/asciidoc/getting-started/movingForward.adoc
+++ b/src/main/asciidoc/getting-started/movingForward.adoc
@@ -34,11 +34,15 @@ various security properties have been changed to values specific to your deploym
 
 The following values must be changed from the defaults in the `security.properties` file:
 
-* *adminPassword* - The cleartext password as encoded per the "adminPasswordAlgorithm" value (SSHA256 by default), the default value of which is "password".
-* *secretKey* - The secret key value used for AES ciphering. Only required if either:
-** the value for "*adminPasswordAlgorithm*" is "AES" or
-** the configuration parameter "password.cipher.algorithm" is changed to "AES" (See section 4.6.14 "Configuration Parameters" of
-the Reference Guide for more information).
+* *adminPassword* - The cleartext password as encoded per the `adminPasswordAlgorithm` value (`SSHA256` by default), the
+default value of which is "password".
+* *secretKey* - The secret key value used for AES ciphering; AES is used by the use cases below:
+  ** if the value for `adminPasswordAlgorithm` is `AES` or the configuration parameter `password.cipher.algorithm` is
+changed to `AES`
+  ** if set for Encrypted Plain Schema instances
+  ** for Linked Accounts' password values
+  ** to securely store Access Token's cached authorities
+  ** within some of the predefined rules used by Password Policies
 * *anonymousKey* - The key value to use for anonymous requests.
 * *jwsKey* - The symmetric signing key used to sign access tokens. See section 4.4.1 "REST Authentication and 
 Authorization" of the Reference Guide for more information.