syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject syncope git commit: SYNCOPE-1117 - Update the getting started docs with information about changing default security values
Date Thu, 22 Jun 2017 12:05:47 GMT
Repository: syncope
Updated Branches:
  refs/heads/master 16096f6d8 -> a18b08c14


SYNCOPE-1117 - Update the getting started docs with information about changing default security
values


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a18b08c1
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a18b08c1
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a18b08c1

Branch: refs/heads/master
Commit: a18b08c144abf2c1ae56c1cde89bfcda2267d4c1
Parents: 16096f6
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Jun 22 13:05:23 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Jun 22 13:05:23 2017 +0100

----------------------------------------------------------------------
 .../asciidoc/getting-started/movingForward.adoc   | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/a18b08c1/src/main/asciidoc/getting-started/movingForward.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc
index 7ebb7c6..fd5f84f 100644
--- a/src/main/asciidoc/getting-started/movingForward.adoc
+++ b/src/main/asciidoc/getting-started/movingForward.adoc
@@ -28,3 +28,21 @@ ifeval::["{backend}" == "pdf"]
 http://syncope.apache.org/docs/reference-guide.pdf[Apache Syncope Reference Guide]
 endif::[]
 to understand how to configure, extend, customize and deploy your new Apache Syncope project.
+
+Before deploying your Apache Syncope installation into production, it is essential to ensure
that the default values for 
+various security properties have been changed to values specific to your deployment. 
+
+The following values must be changed from the defaults in the `security.properties` file:
+
+* *adminPassword* - The SHA1 hash evaluation of the cleartext password, the default value
of which is "password".
+* *secretKey* - The secret key value used for AES ciphering. Only required if either:
+** the value for "*adminPasswordAlgorithm*" is "AES" or
+** the configuration parameter "password.cipher.algorithm" is changed to "AES" (See section
4.6.12 "Configuration Parameters" of
+the Reference Guide for more information).
+* *anonymousKey* - The key value to use for anonymous requests.
+* *jwsKey* - The symmetric signing key used to sign access tokens (Syncope 2.0.3 onwards
only). See section 4.4.1 "REST Authentication and 
+Authorization" of the Reference Guide for more information.
+
+Note that if you installed Syncope using either the installer or the maven archetype methods,
then you will have already
+supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 2.0.4 onwards,
both installation methods will also
+query for "*jwsKey*", meaning that only the "*adminPassword*" must be changed for these installation
methods.


Mime
View raw message