| Note |
|---|
This feature is considered “at-risk” for removal as there are generally simpler ways to achieve the same results. If you use this feature, feel free to contact the project. |
File(s): conf/admin/general-admin.xml (V4,0), conf/admin/admin.properties (V4.1+) conf/admin/unlock-keys.xml, views/admin/unlock-keys.vm
Format: Native Spring, Velocity, Properties (V4.1+)
| Table of Contents |
|---|
...
Overview
The "attended restart" feature renders the IdP unusable if it restarts without human intervention. Most systems obviously focus on the opposite of that characteristic. The reason behind this feature is key protection. There aren't a lot of cost-effective, simple solutions to protecting private and secret keys (there are complex ones, expensive ones, and complex, expensive ones, of course). The concept behind this feature is that it allows keys to be encrypted on disk, but without the password stored anywhere with the key and entered manually when the service is restarted.
...