Repository: syncope Updated Branches: refs/heads/2_0_X 168ab95e9 -> af417daf6
SYNCOPE-1117 - Update the getting started docs with information about changing default security values Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/af417daf Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/af417daf Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/af417daf Branch: refs/heads/2_0_X Commit: af417daf6b8bdf6122df6197a029c47b54beecbf Parents: 168ab95 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Thu Jun 22 13:05:23 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Thu Jun 22 13:05:59 2017 +0100 ---------------------------------------------------------------------- .../asciidoc/getting-started/movingForward.adoc | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/af417daf/src/main/asciidoc/getting-started/movingForward.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc index 7ebb7c6..fd5f84f 100644 --- a/src/main/asciidoc/getting-started/movingForward.adoc +++ b/src/main/asciidoc/getting-started/movingForward.adoc @@ -28,3 +28,21 @@ ifeval::["{backend}" == "pdf"] http://syncope.apache.org/docs/reference-guide.pdf[Apache Syncope Reference Guide] endif::[] to understand how to configure, extend, customize and deploy your new Apache Syncope project. + +Before deploying your Apache Syncope installation into production, it is essential to ensure that the default values for +various security properties have been changed to values specific to your deployment. + +The following values must be changed from the defaults in the `security.properties` file: + +* *adminPassword* - The SHA1 hash evaluation of the cleartext password, the default value of which is "password". +* *secretKey* - The secret key value used for AES ciphering. Only required if either: +** the value for "*adminPasswordAlgorithm*" is "AES" or +** the configuration parameter "password.cipher.algorithm" is changed to "AES" (See section 4.6.12 "Configuration Parameters" of +the Reference Guide for more information). +* *anonymousKey* - The key value to use for anonymous requests. +* *jwsKey* - The symmetric signing key used to sign access tokens (Syncope 2.0.3 onwards only). See section 4.4.1 "REST Authentication and +Authorization" of the Reference Guide for more information. + +Note that if you installed Syncope using either the installer or the maven archetype methods, then you will have already +supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 2.0.4 onwards, both installation methods will also +query for "*jwsKey*", meaning that only the "*adminPassword*" must be changed for these installation methods.
