Merge remote-tracking branch 'upstream/master'

2018-01-02 09:21:06 -05:00 · 2018-01-02 09:21:06 -05:00 · 014708a65b
commit 014708a65b
parent ce1faef0ea a6da7f5436
16 changed files with 106 additions and 49 deletions
--- a/authorization_services/topics/auth-services-overview.adoc
+++ b/authorization_services/topics/auth-services-overview.adoc
@ -1,12 +1,8 @@
 [[_overview]]
 = Overview

-ifeval::[{project_product}==true]
-NOTE: Authorization Services is a Technology Preview feature and is not fully supported. This feature is disabled by default.
-
-To enable Authorization Services add the `standalone/configuration/profile.properties` file with the contents `profile=preview`
-or start the server with `-Dkeycloak.profile=preview` to enable all technology preview features.
-endif::[]
+:tech_feature_name: Authorization Services
+include::templates/techpreview.adoc[]

 {project_name} supports fine-grained authorization policies and is able to combine different access control
 mechanisms such as:
--- a/build-product.sh
+++ b/build-product.sh
@ -103,6 +103,7 @@ else
        echo ""
        for i in `find -maxdepth 2 -name master.adoc | xargs dirname | sort`; do
            TITLE=`getTitle $i`
+            GUIDE_DIR=`readlink -f $i`
            echo "$TITLE"
            echo " - AsciiDoctor:  file://$GUIDE_DIR/target/html/index.html"
            echo " - ccutil:       file://$GUIDE_DIR/build/tmp/en-US/html-single/index.html"
--- a/securing_apps/topics.adoc
+++ b/securing_apps/topics.adoc
@ -24,8 +24,8 @@ include::topics/oidc/java/jetty9-adapter.adoc[]
 include::topics/oidc/java/jetty8-adapter.adoc[]
 include::topics/oidc/java/spring-security-adapter.adoc[]
 endif::[]
-ifeval::[{project_community}==true]
 include::topics/oidc/java/servlet-filter-adapter.adoc[]
+ifeval::[{project_community}==true]
 include::topics/oidc/java/jaas.adoc[]
 endif::[]
 ifeval::[{project_community}==true]
--- a/securing_apps/topics/oidc/java/fuse/fuse-admin.adoc
+++ b/securing_apps/topics/oidc/java/fuse/fuse-admin.adoc
@ -36,7 +36,7 @@ sshRealm=keycloak
 ----
 This file specifies the client application configuration, which is used by JAAS DirectAccessGrantsLoginModule from the `keycloak` JAAS realm for SSH authentication.

-. Start Fuse and install the `keycloak` JAAS realm. The easiest way is to install the `keycloak-jaas` feature, which has the JAAS realm predefined. You can override the feature's predefined realm by using your own `keycloak` JAAS realm with higher ranking. For details see the https:access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html-single/security_guide/#ESBSecureContainer[JBoss Fuse documentation]. 
+. Start Fuse and install the `keycloak` JAAS realm. The easiest way is to install the `keycloak-jaas` feature, which has the JAAS realm predefined. You can override the feature's predefined realm by using your own `keycloak` JAAS realm with higher ranking. For details see the https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html-single/security_guide/#ESBSecureContainer[JBoss Fuse documentation]. 
 +
 Use these commands in the Fuse terminal:
 +
--- a/securing_apps/topics/overview/supported-platforms.adoc
+++ b/securing_apps/topics/overview/supported-platforms.adoc
@ -13,51 +13,35 @@ ifeval::[{project_community}==true]
  * <<_jetty8_adapter,Jetty 8>>
 endif::[]

-ifeval::[{project_community}==true]
 * <<_servlet_filter_adapter,Servlet Filter>>
-  * <<_spring_security_adapter,Spring Security>> (community)
-  * <<_spring_boot_adapter,Spring Boot>> (community)
-endif::[]
+* <<_spring_boot_adapter,Spring Boot>>

 ifeval::[{project_community}==true]
+  * <<_spring_security_adapter,Spring Security>>
+endif::[]
+
 ===== JavaScript (client-side)
 * <<_javascript_adapter,JavaScript>>
-endif::[]

 ===== Node.js (server-side)
 * <<_nodejs_adapter,Node.js>>

-===== JavaScript
-* <<_javascript_adapter,JavaScript>>
-
-ifeval::[{project_community}==true]
-===== Node.js
-* https://github.com/keycloak/keycloak-nodejs-connect[{project_name} Connect] (community)
-endif::[]

 ifeval::[{project_community}==true]
 ==== C#
 * https://github.com/dylanplecki/KeycloakOwinAuthentication[OWIN] (community)
-endif::[]

-ifeval::[{project_community}==true]
 ==== Python
 * https://pypi.python.org/pypi/oic/[oidc] (generic)
-endif::[]

-ifeval::[{project_community}==true]
 ==== Android
 * https://github.com/openid/AppAuth-Android[AppAuth] (generic)
 * https://github.com/aerogear/aerogear-android-authz[AeroGear] (generic)
-endif::[]

-ifeval::[{project_community}==true]
 ==== iOS
 * https://github.com/openid/AppAuth-iOS[AppAuth] (generic)
 * https://github.com/aerogear/aerogear-ios-oauth2[AeroGear] (generic)
-endif::[]

-ifeval::[{project_community}==true]
 ===== Apache HTTP Server
 * https://github.com/zmartzone/mod_auth_openidc[mod_auth_openidc]
 endif::[]
--- a/securing_apps/topics/token-exchange/token-exchange.adoc
+++ b/securing_apps/topics/token-exchange/token-exchange.adoc
@ -3,6 +3,9 @@

 == Token Exchange

+:tech_feature_name: Token Exchange
+include::../templates/techpreview.adoc[]
+
 In {project_name}, token exchange is the process of using a set of credentials or token to obtain an entirely different token.
 A client may want to invoke on a less trusted application so it may want to downgrade the current token it has.
 A client may want to exchange a {project_token} for a token stored for a linked social provider account.
--- a/server_admin/topics/admin-console-permissions/fine-grain.adoc
+++ b/server_admin/topics/admin-console-permissions/fine-grain.adoc
@ -2,6 +2,9 @@

 === Fine Grain Admin Permissions

+:tech_feature_name: Fine Grain Admin Permissions
+include::../templates/techpreview.adoc[]
+
 Sometimes roles like `manage-realm` or `manage-users` are too coarse grain and you want to create
 restricted admin accounts that have more fine grain permissions.  {project_name} allows you to define
 and assign restricted access policies for managing a realm.  Things like:
--- a/server_admin/topics/user-federation/sssd.adoc
+++ b/server_admin/topics/user-federation/sssd.adoc
@ -24,7 +24,7 @@ Running a FreeIPA server with Docker requires this command:
 docker run --name freeipa-server-container -it \
 -h server.freeipa.local -e PASSWORD=YOUR_PASSWORD \
 -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
- -v /var/lib/ipa-data:/data:Z adelton/freeipa-server
+ -v /var/lib/ipa-data:/data:Z freeipa/freeipa-server

 The parameter `-h` with `server.freeipa.local` represents the FreeIPA/IdM server hostname. Be sure to change `YOUR_PASSWORD` to a password of your choosing.

--- a/server_installation/topics/operating-mode/crossdc.adoc
+++ b/server_installation/topics/operating-mode/crossdc.adoc
@ -2,6 +2,10 @@
 [[crossdc-mode]]
 === Cross-Datacenter Replication Mode

+:tech_feature_name: Cross-Datacenter Replication Mode
+:tech_feature_disabled: false
+include::../templates/techpreview.adoc[]
+
 Cross-Datacenter Replication mode is for when you want to run {project_name} in a cluster across multiple data centers, most typically using data center sites that are in different geographic regions. When using this mode, each data center will have its own cluster of {project_name} servers.

 This documentation will refer the following example architecture diagram to illustrate and describe a simple Cross-Datacenter Replication use case.
--- a/topics/templates/document-attributes-product.adoc
+++ b/topics/templates/document-attributes-product.adoc
@ -1,9 +1,9 @@
 :project_name: Red Hat Single Sign-On
 :project_community: false
 :project_product: true
-:project_version: 7.2.0.DR4
-:project_versionMvn: 3.3.0.Final-redhat1
-:project_versionNpm: 3.3.0.Final-redhat1
+:project_version: 7.2.0.GA
+:project_versionMvn: 3.4.2.Final-redhat1
+:project_versionNpm: 3.4.2.Final-redhat1
 :project_versionDoc: 7.2
 :project_images: rhsso-images
 :project_doc_base_url: https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/{project_versionDoc}/html-single
--- a/topics/templates/techpreview.adoc
+++ b/topics/templates/techpreview.adoc
@ -0,0 +1,14 @@
+ifeval::[{project_product}==true]
+[NOTE]
+====
+ifeval::[{tech_feature_disabled}!=false]
+{tech_feature_name} is *Technology Preview* and is not fully supported. This feature is disabled by default.
+
+To enable start the server with `-Dkeycloak.profile=preview`. For more details see
+link:{installguide_profile_link}[{installguide_profile_name}].
+endif::[]
+ifeval::[{tech_feature_disabled}==false]
+{tech_feature_name} is *Technology Preview* and is not fully supported.
+endif::[]
+====
+endif::[]
--- a/upgrading/topics/migrate_themes.adoc
+++ b/upgrading/topics/migrate_themes.adoc
@ -19,6 +19,7 @@ In summary:
 ifeval::[{project_product}==true]
 Each step is described in more detail below the list of changes.

+include::rhsso/migrate_themes-changes-72.adoc[leveloffset=0]
 include::rhsso/migrate_themes-changes-71.adoc[leveloffset=0]
 endif::[]

--- a/upgrading/topics/rhsso/intro.adoc
+++ b/upgrading/topics/rhsso/intro.adoc
@ -2,7 +2,7 @@

 == Introduction

-Red Hat Single Sign-On (RH-SSO) 7.1 is based on the Keycloak project and provides security for your web applications by
+Red Hat Single Sign-On (RH-SSO) 7.2 is based on the Keycloak project and provides security for your web applications by
 providing Web single sign-on capabilities based on popular standards such as SAML 2.0, OpenID Connect, and OAuth 2.0.
 The Red Hat Single Sign-On Server can act as a SAML or OpenID Connect-based identity provider, mediating with your
 enterprise user directory or third-party SSO provider for identity information and your applications using standards-based
@ -14,30 +14,30 @@ RH-SSO instances from a single control point. The upgrade process differs depend
 implemented. Specific instructions for each mode are provided where applicable.

 The purpose of this guide is to document the steps that are required to successfully upgrade from
-Red Hat Single Sign-On 7.0 to Red Hat Single Sign-On 7.1.
+Red Hat Single Sign-On 7.1 to Red Hat Single Sign-On 7.2.

 === About Upgrades

 ==== Major Upgrades

 A major upgrade or migration is required when RH-SSO is upgraded from one major release to another, for example, from
-Red Hat Single Sign-On 7.0 to Red Hat Single Sign-On 8.0. There may be breaking API changes between major releases
+Red Hat Single Sign-On 7.2 to Red Hat Single Sign-On 8.0. There may be breaking API changes between major releases
 that could require rewriting parts of applications or server extensions.

 ==== Minor Updates

 Red Hat Single Sign-On periodically provides point releases, which are minor updates that include bug fixes, security
 fixes, and new features. If you plan to upgrade from one Red Hat Single Sign-On point release to another, for example,
-from Red Hat Single Sign-On 7.0 to Red Hat Single Sign-On 7.1, code changes should not be required for applications or
+from Red Hat Single Sign-On 7.1 to Red Hat Single Sign-On 7.2, code changes should not be required for applications or
 custom server extensions as long as no private, unsupported, or tech preview APIs are used.

 ==== Micro Updates

 Red Hat Single Sign-On 7 also periodically provides micro releases that contain bug and security fixes.
-Micro releases increment the minor release version by the last digit, for example from 7.1.0 to 7.1.1. These release
+Micro releases increment the minor release version by the last digit, for example from 7.2.0 to 7.2.1. These release
 do not require migration and should not impact the server configuration files. The patch management system for ZIP
 installations can also rollback the patch and server configuration.

-A micro release only contains the artifacts that have changed. For example if Red Hat Single Sign-On 7.1.1 contains changes to
+A micro release only contains the artifacts that have changed. For example if Red Hat Single Sign-On 7.2.1 contains changes to
 the server and the JavaScript adapter, but not the EAP adapter, only the server and JavaScript adapter are released and require
 updating.
--- a/upgrading/topics/rhsso/migrate_themes-changes-71.adoc
+++ b/upgrading/topics/rhsso/migrate_themes-changes-71.adoc
@ -1,4 +1,4 @@
-The changes that have been made for RH-SSO 7.1 include:
+===== Theme changes RH-SSO 7.1

 **Templates**

--- a/upgrading/topics/rhsso/migrate_themes-changes-72.adoc
+++ b/upgrading/topics/rhsso/migrate_themes-changes-72.adoc
@ -0,0 +1,51 @@
+===== Theme changes RH-SSO 7.2
+
+**Templates**
+
+* Account: account.ftl
+* Account: applications.ftl
+* Account: federatedIdentity.ftl
+* Account: password.ftl
+* Account: sessions.ftl
+* Account: template.ftl
+* Account: totp.ftl
+* Admin: index.ftl
+* Email: email-test.ftl (new)
+* Email: email-verification.ftl
+* Email: event-login_error.ftl
+* Email: event-removed_totp.ftl
+* Email: event-update_password.ftl
+* Email: event-update_totp.ftl
+* Email: executeActions.ftl
+* Email: identity-provider-link.ftl
+* Email: password-reset.ftl
+* Login: bypass_kerberos.ftl (removed)
+* Login: error.ftl
+* Login: info.ftl
+* Login: login-config-totp.ftl
+* Login: login-idp-link-email.ftl
+* Login: login-oauth-grant.ftl
+* Login: login-page-expired.ftl (new)
+* Login: login-reset-password.ftl
+* Login: login-totp.ftl
+* Login: login-update-password.ftl
+* Login: login-update-profile.ftl
+* Login: login-verify-email.ftl
+* Login: login-x509-info.ftl (new)
+* Login: login.ftl (new)
+* Login: register.ftl (new)
+* Login: template.ftl (new)
+* Login: terms.ftl (new)
+
+**Messages**
+
+* Account: messages_en.properties
+* Admin: admin-messages_en.properties
+* Admin: messages_en.properties
+* Email: messages_en.properties
+* Login: messages_en.properties
+
+**Styles**
+
+* Account: account.css
+* Login: login.css