This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch 2_1_X in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 5350713a7576ad347d17d241827552fcf2a50d93 Author: Francesco Chicchiriccò <[email protected]> AuthorDate: Mon Nov 29 11:24:12 2021 +0100 Clarifying usage of AES --- src/main/asciidoc/getting-started/movingForward.adoc | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc index e67373a..b2058d6 100644 --- a/src/main/asciidoc/getting-started/movingForward.adoc +++ b/src/main/asciidoc/getting-started/movingForward.adoc @@ -34,11 +34,15 @@ various security properties have been changed to values specific to your deploym The following values must be changed from the defaults in the `security.properties` file: -* *adminPassword* - The cleartext password as encoded per the "adminPasswordAlgorithm" value (SSHA256 by default), the default value of which is "password". -* *secretKey* - The secret key value used for AES ciphering. Only required if either: -** the value for "*adminPasswordAlgorithm*" is "AES" or -** the configuration parameter "password.cipher.algorithm" is changed to "AES" (See section 4.6.14 "Configuration Parameters" of -the Reference Guide for more information). +* *adminPassword* - The cleartext password as encoded per the `adminPasswordAlgorithm` value (`SSHA256` by default), the +default value of which is "password". +* *secretKey* - The secret key value used for AES ciphering; AES is used by the use cases below: + ** if the value for `adminPasswordAlgorithm` is `AES` or the configuration parameter `password.cipher.algorithm` is +changed to `AES` + ** if set for Encrypted Plain Schema instances + ** for Linked Accounts' password values + ** to securely store Access Token's cached authorities + ** within some of the predefined rules used by Password Policies * *anonymousKey* - The key value to use for anonymous requests. * *jwsKey* - The symmetric signing key used to sign access tokens. See section 4.4.1 "REST Authentication and Authorization" of the Reference Guide for more information.
