syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject syncope git commit: SYNCOPE-1117 - Update the getting started docs with information about changing default security values
Date Thu, 22 Jun 2017 12:05:47 GMT
Repository: syncope
Updated Branches:
  refs/heads/master 16096f6d8 -> a18b08c14

SYNCOPE-1117 - Update the getting started docs with information about changing default security


Branch: refs/heads/master
Commit: a18b08c144abf2c1ae56c1cde89bfcda2267d4c1
Parents: 16096f6
Author: Colm O hEigeartaigh <>
Authored: Thu Jun 22 13:05:23 2017 +0100
Committer: Colm O hEigeartaigh <>
Committed: Thu Jun 22 13:05:23 2017 +0100

 .../asciidoc/getting-started/movingForward.adoc   | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc
index 7ebb7c6..fd5f84f 100644
--- a/src/main/asciidoc/getting-started/movingForward.adoc
+++ b/src/main/asciidoc/getting-started/movingForward.adoc
@@ -28,3 +28,21 @@ ifeval::["{backend}" == "pdf"][Apache Syncope Reference Guide]
 to understand how to configure, extend, customize and deploy your new Apache Syncope project.
+Before deploying your Apache Syncope installation into production, it is essential to ensure
that the default values for 
+various security properties have been changed to values specific to your deployment. 
+The following values must be changed from the defaults in the `` file:
+* *adminPassword* - The SHA1 hash evaluation of the cleartext password, the default value
of which is "password".
+* *secretKey* - The secret key value used for AES ciphering. Only required if either:
+** the value for "*adminPasswordAlgorithm*" is "AES" or
+** the configuration parameter "password.cipher.algorithm" is changed to "AES" (See section
4.6.12 "Configuration Parameters" of
+the Reference Guide for more information).
+* *anonymousKey* - The key value to use for anonymous requests.
+* *jwsKey* - The symmetric signing key used to sign access tokens (Syncope 2.0.3 onwards
only). See section 4.4.1 "REST Authentication and 
+Authorization" of the Reference Guide for more information.
+Note that if you installed Syncope using either the installer or the maven archetype methods,
then you will have already
+supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 2.0.4 onwards,
both installation methods will also
+query for "*jwsKey*", meaning that only the "*adminPassword*" must be changed for these installation

View raw message