fixes
This commit is contained in:
parent
e29603bb7d
commit
4499df5ba4
9 changed files with 14 additions and 12 deletions
|
@ -82,7 +82,7 @@ you have that file already available.
|
|||
|
||||
===== Enable SPNEGO Processing
|
||||
|
||||
{{book.project.name}} does not have SPNEGO protocol support turned on by default. So, you have to go to the <<../../authentication/flows.adoc#_authentication-flows, browser flow>>
|
||||
{{book.project.name}} does not have SPNEGO protocol support turned on by default. So, you have to go to the <<fake/../../authentication/flows.adoc#_authentication-flows, browser flow>>
|
||||
and enable `Kerberos`.
|
||||
|
||||
.browser flow
|
||||
|
@ -95,7 +95,7 @@ to _required_ then all users must have Kerberos enabled for their browser.
|
|||
===== Configure Kerberos User Storage Federation Provider
|
||||
|
||||
Now that the SPNEGO protocol is turned on at the authentication server, you'll need to configure how {{book.project.name}} interprets the Kerberos ticket.
|
||||
This is done through <../../user-federation.adoc#_user-storage-federation,User Storage Federation>>. We have 2 different federation providers with Kerberos authentication support.
|
||||
This is done through <fake/../../user-federation.adoc#_user-storage-federation,User Storage Federation>>. We have 2 different federation providers with Kerberos authentication support.
|
||||
|
||||
If you want to authenticate with Kerberos backed by an LDAP server, you have to first configure the <<fake/../../user-federation/ldap.adoc#_ldap, LDAP Federation Provider>>.
|
||||
If you look at the configuration page for your LDAP provider you'll see a `Kerberos Integration` section.
|
||||
|
|
|
@ -85,7 +85,7 @@ Remember that you still have to click the `Save` button!
|
|||
Only wildcards, * ,are allowed at the end of of a URI, i.e. http://host.com/*
|
||||
|
||||
You should take extra precautions when registering valid redirect URI patterns as if you make
|
||||
them too general you are vulnerable to attacks. See <<fake/../../threat/redirect.adoc#_unspecific-redirect-uris, Security Vulnerabilities>> chapter
|
||||
them too general you are vulnerable to attacks. See <<fake/../../threat/redirect.adoc#_unspecific-redirect-uris, Threat Model Mitigation>> chapter
|
||||
for more information.
|
||||
|
||||
*Base URL*
|
||||
|
|
|
@ -24,7 +24,7 @@ The token can be a standard bearer token, a initial access token or a registrati
|
|||
===== Bearer Token
|
||||
|
||||
The bearertoken can be issued on behalf of a user or a Service Account.
|
||||
The following permissions are required to invoke the endpoints (see <<_admin_permissions,Admin Permissions>> for more details):
|
||||
The following permissions are required to invoke the endpoints (see <<fake/../../admin-console-permissions.adoc#_admin_permissions,Admin Permissions>> for more details):
|
||||
|
||||
* create-client
|
||||
+`manage-client`
|
||||
|
@ -32,7 +32,8 @@ The following permissions are required to invoke the endpoints (see <<_admin_per
|
|||
+`manage-client`
|
||||
* manage-client
|
||||
|
||||
If you are using a regular bearer token to create clients we recommend using a token from on behalf of a Service Account with only the `create-client` role. See the <<fake/../../clients/oidc/service-accounts.adoc#_service_accounts,Service Accounts>> section for more details.
|
||||
If you are using a regular bearer token to create clients we recommend using a token from on behalf of a Service Account with only the `create-client` role.
|
||||
See the <<fake/../../clients/oidc/service-accounts.adoc#_service_accounts,Service Accounts>> section for more details.
|
||||
|
||||
===== Initial Access Token
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ Consent::
|
|||
Consent Text::
|
||||
If your client requires consent and the `Consent` switch is on, this is the text that will be displayed by the user.
|
||||
The value for this text is localizable by specifying a substitution variable with `$\{var-name}}` strings. The
|
||||
localized value is then configured within property files in your theme. See the link:{{book.developerguide.link}}[book.developerguide.name]
|
||||
localized value is then configured within property files in your theme. See the link:{{book.developerguide.link}}[{{book.developerguide.name}}]
|
||||
for more information on localization.
|
||||
|
||||
Most OIDC mappers also allow you to control where the claim gets put. You can opt to include or exclude the claim from both the
|
||||
|
@ -43,7 +43,7 @@ _id_ and _access_ tokens by fiddling with the `Add to ID token` and `Add to acce
|
|||
Finaly, you can also add other mapper types. if you go back to the `Mappers` tab, click the `Create` button.
|
||||
|
||||
.Add Mapper
|
||||
image:../../{{book.images}}/add-mapper[]
|
||||
image:../../{{book.images}}/add-mapper.png[]
|
||||
|
||||
Pick a `Mapper Type` from the list box. If you hover over the tooltip, you'll see a description of what that mapper type does.
|
||||
Different config parameters will appear for different mapper types.
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
==== Default Groups
|
||||
|
||||
Default groups allow you to automatically assign group membership whenever any new user is created or imported through
|
||||
<<fake/../../../user-federation.adoc#_user-federation, User Federation>> or <<fake/../../../identity-broker.adoc_identity-broker, Identity Brokering>>.
|
||||
<<fake/../../user-federation.adoc#_user-storage-federation, User Storage Federation>> or <<fake/../../identity-broker.adoc#_identity-brokering, Identity Brokering>>.
|
||||
To specify _default groups go to the `Groups` left menu item, and click the `Default Groups` tab.
|
||||
|
||||
.Default Roles
|
||||
|
|
|
@ -12,8 +12,8 @@ and hit the `Save` button.
|
|||
.Add Role
|
||||
image:../../{{book.images}}/role.png[]
|
||||
|
||||
The value for the `description` field is localizable by specifying a substitution variable with `$\{var-name}}` strings.
|
||||
The localized value is then configured within property files in your theme. See the link:{{book.developerguide.link}}[book.developerguide.name]
|
||||
The value for the `description` field is localizable by specifying a substitution variable with `$\{var-name}` strings.
|
||||
The localized value is then configured within property files in your theme. See the link:{{book.developerguide.link}}[{{book.developerguide.name}}]
|
||||
for more information on localization. If a client requires user _consent_, this description string will be displayed on the
|
||||
consent page for the user.
|
||||
|
||||
|
|
|
@ -23,5 +23,5 @@ in as the user being impersonated. If the admin and user are not in the same re
|
|||
be logged in as the user in that user's realm. In both cases, the browser will be redirected to the impersonated user's User Accoutn Management
|
||||
page.
|
||||
|
||||
Any user with the realm's `impersonation` role can impersonate a user. Please see the <<fake/../../admin-permissions.adoc#_admin-permissions,Admin Permissions>> chapter
|
||||
Any user with the realm's `impersonation` role can impersonate a user. Please see the <<fake/../../admin-console-permissions.adoc#_admin_permissions,Admin Console Access Control>> chapter
|
||||
for more details on assigning administration permissions.
|
||||
|
|
|
@ -27,7 +27,7 @@ action name. Also remember to click the `Save` button after you've decided what
|
|||
==== Default Required Actions
|
||||
|
||||
You can also specify required actions that will be added to an account whenever a new user is created, i.e. through the `Add User` button the user
|
||||
list screen, or via the <<fake/../../registration.adoc#_registration, user registration>> link on the login page. To specify
|
||||
list screen, or via the <<fake/../../users/user-registration.adoc#_user-registration, user registration>> link on the login page. To specify
|
||||
the default required actions go to the `Authentication` left menu item and click on the `Required Actions` tab.
|
||||
|
||||
.Default Required Actions
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
[[_user-registration]]
|
||||
|
||||
=== User Registration
|
||||
|
||||
|
|
Loading…
Reference in a new issue