Merge pull request #54 from pedroigor/master

[RHSSO-471] - Adding RH-SSO images
This commit is contained in:
Pedro Igor 2017-01-05 14:57:54 -02:00 committed by GitHub
commit 0adafcedb9
104 changed files with 40 additions and 40 deletions

View file

Before

Width:  |  Height:  |  Size: 29 KiB

After

Width:  |  Height:  |  Size: 29 KiB

View file

Before

Width:  |  Height:  |  Size: 121 KiB

After

Width:  |  Height:  |  Size: 121 KiB

View file

Before

Width:  |  Height:  |  Size: 90 KiB

After

Width:  |  Height:  |  Size: 90 KiB

View file

Before

Width:  |  Height:  |  Size: 70 KiB

After

Width:  |  Height:  |  Size: 70 KiB

View file

Before

Width:  |  Height:  |  Size: 71 KiB

After

Width:  |  Height:  |  Size: 71 KiB

View file

Before

Width:  |  Height:  |  Size: 67 KiB

After

Width:  |  Height:  |  Size: 67 KiB

View file

Before

Width:  |  Height:  |  Size: 71 KiB

After

Width:  |  Height:  |  Size: 71 KiB

View file

Before

Width:  |  Height:  |  Size: 122 KiB

After

Width:  |  Height:  |  Size: 122 KiB

View file

Before

Width:  |  Height:  |  Size: 106 KiB

After

Width:  |  Height:  |  Size: 106 KiB

View file

Before

Width:  |  Height:  |  Size: 31 KiB

After

Width:  |  Height:  |  Size: 31 KiB

View file

Before

Width:  |  Height:  |  Size: 75 KiB

After

Width:  |  Height:  |  Size: 75 KiB

View file

Before

Width:  |  Height:  |  Size: 74 KiB

After

Width:  |  Height:  |  Size: 74 KiB

View file

Before

Width:  |  Height:  |  Size: 80 KiB

After

Width:  |  Height:  |  Size: 80 KiB

View file

Before

Width:  |  Height:  |  Size: 79 KiB

After

Width:  |  Height:  |  Size: 79 KiB

View file

Before

Width:  |  Height:  |  Size: 88 KiB

After

Width:  |  Height:  |  Size: 88 KiB

View file

Before

Width:  |  Height:  |  Size: 101 KiB

After

Width:  |  Height:  |  Size: 101 KiB

View file

Before

Width:  |  Height:  |  Size: 108 KiB

After

Width:  |  Height:  |  Size: 108 KiB

View file

Before

Width:  |  Height:  |  Size: 85 KiB

After

Width:  |  Height:  |  Size: 85 KiB

View file

Before

Width:  |  Height:  |  Size: 90 KiB

After

Width:  |  Height:  |  Size: 90 KiB

View file

Before

Width:  |  Height:  |  Size: 99 KiB

After

Width:  |  Height:  |  Size: 99 KiB

View file

Before

Width:  |  Height:  |  Size: 88 KiB

After

Width:  |  Height:  |  Size: 88 KiB

View file

Before

Width:  |  Height:  |  Size: 87 KiB

After

Width:  |  Height:  |  Size: 87 KiB

View file

Before

Width:  |  Height:  |  Size: 76 KiB

After

Width:  |  Height:  |  Size: 76 KiB

View file

Before

Width:  |  Height:  |  Size: 125 KiB

After

Width:  |  Height:  |  Size: 125 KiB

View file

Before

Width:  |  Height:  |  Size: 101 KiB

After

Width:  |  Height:  |  Size: 101 KiB

View file

Before

Width:  |  Height:  |  Size: 80 KiB

After

Width:  |  Height:  |  Size: 80 KiB

View file

Before

Width:  |  Height:  |  Size: 71 KiB

After

Width:  |  Height:  |  Size: 71 KiB

View file

Before

Width:  |  Height:  |  Size: 120 KiB

After

Width:  |  Height:  |  Size: 120 KiB

View file

Before

Width:  |  Height:  |  Size: 84 KiB

After

Width:  |  Height:  |  Size: 84 KiB

View file

Before

Width:  |  Height:  |  Size: 75 KiB

After

Width:  |  Height:  |  Size: 75 KiB

View file

Before

Width:  |  Height:  |  Size: 86 KiB

After

Width:  |  Height:  |  Size: 86 KiB

View file

Before

Width:  |  Height:  |  Size: 85 KiB

After

Width:  |  Height:  |  Size: 85 KiB

View file

Before

Width:  |  Height:  |  Size: 92 KiB

After

Width:  |  Height:  |  Size: 92 KiB

View file

Before

Width:  |  Height:  |  Size: 83 KiB

After

Width:  |  Height:  |  Size: 83 KiB

View file

Before

Width:  |  Height:  |  Size: 59 KiB

After

Width:  |  Height:  |  Size: 59 KiB

View file

Before

Width:  |  Height:  |  Size: 72 KiB

After

Width:  |  Height:  |  Size: 72 KiB

View file

Before

Width:  |  Height:  |  Size: 118 KiB

After

Width:  |  Height:  |  Size: 118 KiB

View file

Before

Width:  |  Height:  |  Size: 63 KiB

After

Width:  |  Height:  |  Size: 63 KiB

View file

Before

Width:  |  Height:  |  Size: 99 KiB

After

Width:  |  Height:  |  Size: 99 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 29 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 88 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 85 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 65 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 67 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 67 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 67 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 125 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 47 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 32 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 76 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 69 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 84 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 86 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 84 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 103 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 111 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 80 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 85 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 96 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 87 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 80 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 74 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 130 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 122 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 85 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 65 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 123 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 76 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 75 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 84 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 86 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 86 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 83 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 59 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 66 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 100 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 60 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 93 KiB

View file

@ -9,7 +9,7 @@ Ensure you have a {{book.project.name}} instance running; the default configurat
Administration Console, a page similar to this one is displayed:
.{{book.project.name}} Administration Console
image:../../images/getting-started/kc-start-page.png[alt="{{book.project.name}} Administration Console"]
image:../../{{book.images}}/getting-started/kc-start-page.png[alt="{{book.project.name}} Administration Console"]
The source code for the getting started tutorials can be obtained from the demo distributions. The authorization-related examples
are located at *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz*.

View file

@ -12,7 +12,7 @@ To create a realm and a user complete the following steps:
. Create a realm with a name *hello-world-authz*. Once created, a page similar to the following is displayed:
+
.Realm hello-world-authz
image:../../../images/getting-started/hello-world/create-realm.png[alt="Realm hello-world-authz"]
image:../../../{{book.images}}/getting-started/hello-world/create-realm.png[alt="Realm hello-world-authz"]
. Create a user for your newly created realm. Click *Users*. The user list page opens.
@ -21,12 +21,12 @@ image:../../../images/getting-started/hello-world/create-realm.png[alt="Realm he
. Complete the fields as shown in the screenshot below to create a new user with the username of *alice* and then click *Save*.
+
.Add User
image:../../../images/getting-started/hello-world/create-user.png[alt="Add User"]
image:../../../{{book.images}}/getting-started/hello-world/create-user.png[alt="Add User"]
. Set a password for the *alice* user by clicking the *Credentials* tab.
+
.Set User Password
image:../../../images/getting-started/hello-world/reset-user-pwd.png[alt="Set User Password"]
image:../../../{{book.images}}/getting-started/hello-world/reset-user-pwd.png[alt="Set User Password"]
. Complete the *New Password* and *Password Confirmation* fields with a password and click the *Temporary* switch to *OFF*.

View file

@ -8,12 +8,12 @@ To create a new client, complete the following steps:
. Click *Clients* to start creating a new client application and fill in the fields as shown in the screenshot below:
+
.Create Client Application
image:../../../images/getting-started/hello-world/create-client.png[alt="Create Client Application"]
image:../../../{{book.images}}/getting-started/hello-world/create-client.png[alt="Create Client Application"]
. Click *Save*. The Client Details page is displayed.
+
.Client Details
image:../../../images/getting-started/hello-world/enable-authz.png[alt="Client Details"]
image:../../../{{book.images}}/getting-started/hello-world/enable-authz.png[alt="Client Details"]
. On the Client Details page, click the *Authorization Enabled* switch to *ON*, and then click *Save*.
A new *Authorization* tab is displayed for the client.
@ -21,7 +21,7 @@ A new *Authorization* tab is displayed for the client.
. Click the *Authorization* tab and an Authorization Settings page similar to the following is displayed:
+
.Authorization Settings
image:../../../images/getting-started/hello-world/authz-settings.png[alt="Authorization Settings"]
image:../../../{{book.images}}/getting-started/hello-world/authz-settings.png[alt="Authorization Settings"]
When you enable authorization services for a client application, {{book.project.name}} automatically creates several <<fake/../../../resource-server/default-config.adoc#_resource_server_default_config, default settings>> for your client authorization configuration.

View file

@ -12,12 +12,12 @@ To obtain the adapter configuration from the {{book.project.name}} Administratio
. Click *Clients*. In the client listing, click the *hello-world-authz-service* client application. The Client Details page opens.
+
.Client Details
image:../../../images/getting-started/hello-world/enable-authz.png[alt="Client Details"]
image:../../../{{book.images}}/getting-started/hello-world/enable-authz.png[alt="Client Details"]
. Click the *Installation* tab. From the Format Option dropdown list, select *Keycloak OIDC JSON*. The adapter configuration is displayed in JSON format. Click *Download*.
+
.Adapter Configuration
image:../../../images/getting-started/hello-world/adapter-config.png[alt="Adapter Configuration"]
image:../../../{{book.images}}/getting-started/hello-world/adapter-config.png[alt="Adapter Configuration"]
. Navigate to the *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz/hello-world-authz-service/src/main/webapp/WEB-INF* directory and locate the *keycloak.json* file. Replace its contents with the adapter configuration you obtained from step 2 and save the file.
@ -44,12 +44,12 @@ mvn clean package wildfly:deploy
If your application was successfully deployed you can access it at http://localhost:8080/hello-world-authz-service[http://localhost:8080/hello-world-authz-service]. The {{book.project.name}} Login page opens.
.Login Page
image:../../../images/getting-started/hello-world/login-page.png[alt="Login Page"]
image:../../../{{book.images}}/getting-started/hello-world/login-page.png[alt="Login Page"]
Log in as *alice* using the password you specified for that user. After authenticating, the following page is displayed:
.Hello World Authz Main Page
image:../../../images/getting-started/hello-world/main-page.png[alt="Hello World Authz Main Page"]
image:../../../{{book.images}}/getting-started/hello-world/main-page.png[alt="Hello World Authz Main Page"]
The <<fake/../../../resource-server/default-config.adoc#_resource_server_default_config, default settings>> defined by {{book.project.name}} when you enable authorization services for a client application provide a simple
policy that always grants access to the resources protected by this policy.
@ -68,7 +68,7 @@ $evaluation.deny();
Now, log out of the demo application and log in again. You can no longer access the application.
image:../../../images/getting-started/hello-world/access-denied-page.png[alt="Access Denied Page"]
image:../../../{{book.images}}/getting-started/hello-world/access-denied-page.png[alt="Access Denied Page"]
Let's fix that now, but instead of changing the `Default Policy` code we are going to change the `Logic` to `Negative` using the dropdown list below the policy code text area.
That re-enables access to the application as we are negating the result of that policy, which is by default denying all requests for access. Again, before testing this change, be sure to log out and log in again.

View file

@ -15,7 +15,7 @@ Ensure you have a {{book.project.name}} instance running; the default configurat
Administration Console, a page similar to this one is displayed:
.{{book.project.name}} Administration Console
image:../../images/getting-started/kc-start-page.png[alt="{{book.project.name}} Administration Console"]
image:../../{{book.images}}/getting-started/kc-start-page.png[alt="{{book.project.name}} Administration Console"]
All source code for the getting started tutorials can be obtained from the demo distributions. The authorization-related examples
are located at *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz*.

View file

@ -6,7 +6,7 @@ A resource-based permission defines a set of one or more resources to protect us
To create a new resource-based permission, select *Resource-based* in the dropdown list in the upper right corner of the permission listing.
.Add Resource-Based Permission
image:../../images/permission/create-resource.png[alt="Add Resource-Based Permission"]
image:../../{{book.images}}/permission/create-resource.png[alt="Add Resource-Based Permission"]
==== Configuration

View file

@ -6,7 +6,7 @@ A scope-based permission defines a set of one or more scopes to protect using a
To create a new scope-based permission, select *Scope-based* in the dropdown list in the upper right corner of the permission listing.
.Add Scope-Based Permission
image:../../images/permission/create-scope.png[alt="Add Scope-Based Permission"]
image:../../{{book.images}}/permission/create-scope.png[alt="Add Scope-Based Permission"]
==== Configuration

View file

@ -7,7 +7,7 @@ After creating the resources you want to protect and the policies you want to us
you can start managing permissions. To manage permissions, click the *Permissions* tab when editing a resource server.
.Permissions
image:../../images/permission/view.png[alt="Permissions"]
image:../../{{book.images}}/permission/view.png[alt="Permissions"]
Permissions can be created to protect two main types of objects:

View file

@ -13,4 +13,4 @@ To create a typed resource permission, click <<fake/../create-resource.adoc#_per
you can specify the type that you want to protect as well as the policies that are to be applied to govern access to all resources with type you have specified.
.Example of a Typed Resource Permission
image:../../images/typed-resource-perm-example.png[alt="Example of a Typed Resource Permission"]
image:../../{{book.images}}/permission/typed-resource-perm-example.png[alt="Example of a Typed Resource Permission"]

View file

@ -5,7 +5,7 @@ When designing your policies, you can simulate authorization requests to test ho
You can access the Policy Evaluation Tool by clicking the `Evaluate` tab when editing a resource server. There you can specify different inputs to simulate real authorization requests and test the effect of your policies.
image:../../images/policy-evaluation-tool.png[alt="Policy Evaluation Tool"]
image:../../{{book.images}}/policy-evaluation-tool/policy-evaluation-tool.png[alt="Policy Evaluation Tool"]
=== Providing Identity Information

View file

@ -6,7 +6,7 @@ As mentioned previously, {{book.project.name}} allows you to build a policy of p
To create a new aggregated policy, select *Aggregated* in the dropdown list located in the right upper corner of the permission listing.
.Add an Aggregated Policy
image:../../images/policy/create-aggregated.png[alt="Add Aggregated Policy"]
image:../../{{book.images}}/policy/create-aggregated.png[alt="Add Aggregated Policy"]
Let's suppose you have a resource called _Confidential Resource_ that can be accessed only by users from the _keycloak.org_ domain and from a certain range of IP addresses.
You can create a single policy with both conditions. However, you want to reuse the domain part of this policy to apply to permissions that operates regardless of the originating network.

View file

@ -8,7 +8,7 @@ To create a new Rule-based policy, in the dropdown list in the right upper corne
select *Rule*.
.Add Rule Policy
image:../../images/policy/create-drools.png[alt="Add Rule Policy"]
image:../../{{book.images}}/policy/create-drools.png[alt="Add Rule Policy"]
==== Configuration

View file

@ -7,7 +7,7 @@ supported by {{book.project.name}}, and provides flexibility to write any policy
To create a new JavaScript-based policy, select *JavaScript* in the dropdown list in the upper right corner of the permission listing.
.Add JavaScript Policy
image:../../images/policy/create-js.png[alt="Add JavaScript Policy"]
image:../../{{book.images}}/policy/create-js.png[alt="Add JavaScript Policy"]
==== Configuration

View file

@ -6,7 +6,7 @@ As mentioned previously, policies define the conditions that must be satisfied b
You can view all policies associated with a resource server by clicking the *Policy* tab when editing a resource server.
.Policies
image:../../images/policy/view.png[alt="Policies"]
image:../../{{book.images}}/policy/view.png[alt="Policies"]
On this tab, you can view the list of previously created policies as well as create and edit a policy.

View file

@ -5,7 +5,7 @@ When creating a role-based policy, you can specify a specific role as `Required`
only if the user requesting access has been granted *all* the *required* roles. Both realm and client roles can be configured as such.
.Example of Required Role
image:../../images/policy/create-role.png[alt="Example of Required Role"]
image:../../{{book.images}}/policy/create-role.png[alt="Example of Required Role"]
To specify a role as required, select the `Required` checkbox for the role you want to configure as required.

View file

@ -10,7 +10,7 @@ Role policies can be useful when you need more restricted role-based access cont
To create a new role-based policy, select *Role-Based* in the dropdown list in the upper right corner of the permission listing.
.Add Role-Based Policy
image:../../images/policy/create-role.png[alt="Add Role-Based Policy"]
image:../../{{book.images}}/policy/create-role.png[alt="Add Role-Based Policy"]
==== Configuration

View file

@ -6,7 +6,7 @@ You can use this type of policy to define time conditions for your permissions.
To create a new time-based policy, select *Time* in the dropdown list in the upper right corner of the permission listing.
.Add Time Policy
image:../../images/policy/create-time.png[alt="Add Time Policy"]
image:../../{{book.images}}/policy/create-time.png[alt="Add Time Policy"]
==== Configuration

View file

@ -6,7 +6,7 @@ You can use this type of policy to define conditions for your permissions where
To create a new user-based policy, select *User-Based* in the dropdown list in the upper right corner of the permission listing.
.Add a User-Based Policy
image:../../images/policy/create-user.png[alt="Add User-Based Policy"]
image:../../{{book.images}}/policy/create-user.png[alt="Add User-Based Policy"]
==== Configuration

View file

@ -8,12 +8,12 @@ To create a client application, complete the following steps:
. Click *Clients*.
+
.Clients
image:../../images/resource-server/client-list.png[alt="Clients"]
image:../../{{book.images}}/resource-server/client-list.png[alt="Clients"]
. On this page, click *Create*.
+
.Create Client
image:../../images/resource-server/client-create.png[alt="Create Client"]
image:../../{{book.images}}/resource-server/client-create.png[alt="Create Client"]
. Type the `Client ID` of the client. For example, _my-resource-server_.
. Type the `Root URL` for your application. For example:
@ -25,4 +25,4 @@ http://${host}:${port}/my-resource-server
. Click *Save*. The client is created and the client Settings page opens. A page similar to the following is displayed:
+
.Client Settings
image:../../images/resource-server/client-enable-authz.png[alt="Client Settings"]
image:../../{{book.images}}/resource-server/client-enable-authz.png[alt="Client Settings"]

View file

@ -12,7 +12,7 @@ The default configuration consists of:
The default protected resource is referred to as the *default resource* and you can view it if you navigate to the *Resources* tab.
.Default Resource
image:../../images/resource-server/default-resource.png[alt="Default Resource"]
image:../../{{book.images}}/resource-server/default-resource.png[alt="Default Resource"]
This resource defines a `Type`, namely `urn:my-resource-server:resources:default` and a `URI` `/*`. Here, the `URI` field defines a
wildcard pattern that indicates to {{book.project.name}} that this resource represents all the paths in your application. In other words,
@ -25,7 +25,7 @@ to the default resource or any other resource you create using the same type.
The default policy is referred to as the *only from realm policy* and you can view it if you navigate to the *Policies* tab.
.Default Policy
image:../../images/resource-server/default-policy.png[alt="Default Policy"]
image:../../{{book.images}}/resource-server/default-policy.png[alt="Default Policy"]
This policy is a <<fake/../../policy/js-policy.adoc#_policy_js, JavaScript-based policy>> defining a condition that always grants access to the resources protected by this policy. If you click this policy you can see that it defines a rule as follows:
@ -37,7 +37,7 @@ $evaluation.grant();
Lastly, the default permission is referred to as the *default permission* and you can view it if you navigate to the *Permissions* tab.
.Default Permission
image:../../images/resource-server/default-permission.png[alt="Default Permission"]
image:../../{{book.images}}/resource-server/default-permission.png[alt="Default Permission"]
This permission is a <<fake/../../permission/create-resource.adoc#_permission_create_resource, resource-based permission>>, defining a set of one or more policies that are applied to all resources with a given type.

View file

@ -4,12 +4,12 @@
To turn your OIDC Client Application into a resource server and enable fine-grained authorization, click the *Authorization Enabled* switch to *ON* and click *Save*.
.Enabling Authorization Services
image:../../images/resource-server/client-enable-authz.png[alt="Enabling Authorization Services"]
image:../../{{book.images}}/resource-server/client-enable-authz.png[alt="Enabling Authorization Services"]
A new Authorization tab is displayed for this client. Click the *Authorization* tab and a page similar to the following is displayed:
.Resource Server Settings
image:../../images/resource-server/authz-settings.png[alt="Resource Server Settings"]
image:../../{{book.images}}/resource-server/authz-settings.png[alt="Resource Server Settings"]
The Authorization tab contains additional sub-tabs covering the different steps that you must follow to actually protect your application's resources. Each tab is covered separately by a specific topic in this documentation. But here is a quick description about each one:

View file

@ -14,12 +14,12 @@ To export a configuration file, complete the following steps:
. Navigate to the *Resource Server Settings* page.
+
.Resource Server Settings
image:../../images/resource-server/authz-settings.png[alt="Resource Server Settings"]
image:../../{{book.images}}/resource-server/authz-settings.png[alt="Resource Server Settings"]
. On this page, in the Export Settings section, click *Export*.
+
.Export Settings
image:../../images/resource-server/authz-export.png[alt="Export Settings"]
image:../../{{book.images}}/resource-server/authz-export.png[alt="Export Settings"]
The configuration file is exported in JSON format and displayed in a text area, from which you can copy and paste. You can also click *Download* to download the configuration file and save it.

Some files were not shown because too many files have changed in this diff Show more