From 098c06ca2d8a41abef3fd8a4690d88e73e8c8176 Mon Sep 17 00:00:00 2001 From: Marek Posolda Date: Fri, 2 Sep 2022 17:27:57 +0200 Subject: [PATCH] Remove some remaining references to Wildfly (#1674) closes #1669 --- securing_apps/topics/oidc/fapi-support.adoc | 13 +++---------- server_admin/topics/authentication/webauthn.adoc | 1 + server_admin/topics/identity-broker/mappers.adoc | 2 +- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/securing_apps/topics/oidc/fapi-support.adoc b/securing_apps/topics/oidc/fapi-support.adoc index 853eae0c4b..d3f4595625 100644 --- a/securing_apps/topics/oidc/fapi-support.adoc +++ b/securing_apps/topics/oidc/fapi-support.adoc @@ -37,13 +37,6 @@ in the more strict way to enforce some of the requirements. Especially: ==== TLS considerations As confidential information is being exchanged, all interactions shall be encrypted with TLS (HTTPS). Moreover, there are some requirements in the FAPI specification for -the cipher suites and TLS protocol versions used. To match these requirements, you can consider configure allowed ciphers. This configuration can be done in the -`KEYCLOAK_HOME/standalone/configuration/standalone-*.xml` file in the Elytron subsystem. For example this element can be added under `tls` -> `server-ssl-contexts` - -[source,xml] - - -As confidential information is being exchanged, all interactions shall be encrypted with TLS (HTTPS). Moreover, there are some requirements in the FAPI specification for -the cipher suites and TLS protocol versions used. To match these requirements, you can consider configuring allowed ciphers. This configuration can be done by setting the `https-protocols` and `https-cipher-suites` options. For more details, see https://www.keycloak.org/server/enabletls[Configuring TLS] guide. +the cipher suites and TLS protocol versions used. To match these requirements, you can consider configure allowed ciphers. This configuration can be done by setting +the `https-protocols` and `https-cipher-suites` options. {project_name} uses `TLSv1.3` by default and hence it is posibly not needed to change the default settings. However it +may be needed to adjust ciphers if you need to fallback to lower TLS version for some reason. For more details, see https://www.keycloak.org/server/enabletls[Configuring TLS] guide. diff --git a/server_admin/topics/authentication/webauthn.adoc b/server_admin/topics/authentication/webauthn.adoc index 8f63ff8693..d2d26ca5f1 100644 --- a/server_admin/topics/authentication/webauthn.adoc +++ b/server_admin/topics/authentication/webauthn.adoc @@ -1,3 +1,4 @@ + [id="webauthn_{context}"] === W3C Web Authentication (WebAuthn) diff --git a/server_admin/topics/identity-broker/mappers.adoc b/server_admin/topics/identity-broker/mappers.adoc index d0ff7b7dea..46dba24c39 100644 --- a/server_admin/topics/identity-broker/mappers.adoc +++ b/server_admin/topics/identity-broker/mappers.adoc @@ -34,4 +34,4 @@ image:{project_images}/identity-provider-mapper.png[identity provider mapper] For JSON-based claims, you can use dot notation for nesting and square brackets to access array fields by index. For example, `contact.address[0].country`. -To investigate the structure of user profile JSON data provided by social providers, you can enable the `DEBUG` level logger `org.keycloak.social.user_profile_dump` in the server's app-server configuration file (domain.xml or standalone.xml). +To investigate the structure of user profile JSON data provided by social providers, you can enable the `DEBUG` level logger `org.keycloak.social.user_profile_dump` when starting the server.