Bill Burke
commit
0ae9ac0848
5 changed files with 8 additions and 8 deletions
|
|
@ -1,6 +1,6 @@
|
|||
<chapter id="license">
|
||||
<title>License</title>
|
||||
<para>Keycloak is distributed under the ASL 2.0 license. It does not distribute any thirdparty libraries that are
|
||||
<para>Keycloak codebase is distributed under the ASL 2.0 license. It does not distribute any thirdparty libraries that are
|
||||
GPL. It does ship thirdparty libraries licensed under
|
||||
Apache ASL 2.0 and LGPL.
|
||||
</para>
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
<listitem>
|
||||
logout REST API has been refactored. The GET request on the logout URI does not take a session_state
|
||||
parameter anymore. You must be logged in in order to log out the session.
|
||||
You can also POST to the lougt REST URI. This action requires a valid refresh token to perform the logout.
|
||||
You can also POST to the logout REST URI. This action requires a valid refresh token to perform the logout.
|
||||
The signature is the same as refresh token minus the grant type form parameter. See documentation for details.
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
|
|
|||
|
|
@ -142,9 +142,9 @@ keycloak-war-dist-all-1.0-rc-1-SNAPSHOT/
|
|||
</itemizedlist>
|
||||
</para>
|
||||
<section>
|
||||
<title>Database Configuration</title>
|
||||
<title>Relational Database Configuration</title>
|
||||
<para>
|
||||
The datasource used to store Keycloak data is configured in the <literal>.../standalone/deployments/keycloak-ds.xml</literal>
|
||||
By default, Keycloak uses a relational database to store Keycloak data. This datasource is the <literal>.../standalone/deployments/keycloak-ds.xml</literal>
|
||||
file of your Keycloak Server installation if you used <xref linkend="WAR_distribution_installation" /> or in <literal>.../standalone/configuration/standalone.xml</literal>
|
||||
if you used <xref linkend="Appliance_install" />. File <literal>keycloak-ds.xml</literal> is used in WAR
|
||||
distribution, so that you have datasource available out of the box and you don't need to edit <literal>standalone.xml</literal> file.
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
<chapter id="timeouts">
|
||||
<chapter id="timeouts">
|
||||
<title>Cookie settings, Session Timeouts, and Token Lifespans</title>
|
||||
<para>
|
||||
Keycloak has a bunch of fine-grain settings to manage browser cookies, user login sessions, and token lifespans.
|
||||
|
|
@ -43,11 +43,11 @@
|
|||
application not knowing if the user's permissions have changed. This value is usually in minutes.
|
||||
</para>
|
||||
<para>
|
||||
The <literal>Access Code Lifespan</literal> is how long an access code is valid for. An access code is obtained
|
||||
The <literal>Client login timeout</literal> is how long an access code is valid for. An access code is obtained
|
||||
on the 1st leg of the OAuth 2.0 redirection protocol. This should be a short time limit. Usually seconds.
|
||||
</para>
|
||||
<para>
|
||||
The <literal>Access Code Action Lifespan</literal> is how long a user is allowed to attempt a login. When a user tries
|
||||
The <literal>Login user action lifespan</literal> is how long a user is allowed to attempt a login. When a user tries
|
||||
to login, they may have to change their password, set up TOTP, or perform some other action before they are redirected
|
||||
back to your application as an authentnicated user. This value is relatively short and is usually measured in minutes.
|
||||
</para>
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
Most of the time when you want to federate an external user store, much of the metadata that would be needed to
|
||||
provide this complete feature set does not exist in that external store. For example your LDAP server may only
|
||||
provide password validation, but not support TOTP or user role mappings. The Keycloak User Federation SPI was
|
||||
written to support these completely variable locations
|
||||
written to support these completely variable configurations.
|
||||
</para>
|
||||
<para>
|
||||
The way user federation works is that Keycloak will import your federated users on demand to its local storage. How
|
||||
|
|
|
|||
Loading…
Reference in a new issue