fixes

topics/authentication/kerberos.adoc

@@ -82,7 +82,7 @@ you have that file already available.
 
 ===== Enable SPNEGO Processing
 
-{{book.project.name}} does not have SPNEGO protocol support turned on by default.  So, you have to go to the <<../../authentication/flows.adoc#_authentication-flows, browser flow>>
+{{book.project.name}} does not have SPNEGO protocol support turned on by default.  So, you have to go to the <<fake/../../authentication/flows.adoc#_authentication-flows, browser flow>>
 and enable `Kerberos`.
 
 .browser flow
@@ -95,7 +95,7 @@ to _required_ then all users must have Kerberos enabled for their browser.
 ===== Configure Kerberos User Storage Federation Provider
 
 Now that the SPNEGO protocol is turned on at the authentication server, you'll need to configure how {{book.project.name}} interprets the Kerberos ticket.
-This is done through <../../user-federation.adoc#_user-storage-federation,User Storage Federation>>. We have 2 different federation providers with Kerberos authentication support.
+This is done through <fake/../../user-federation.adoc#_user-storage-federation,User Storage Federation>>. We have 2 different federation providers with Kerberos authentication support.
 
 If you want to authenticate with Kerberos backed by an LDAP server, you have to first configure the <<fake/../../user-federation/ldap.adoc#_ldap, LDAP Federation Provider>>.
 If you look at the configuration page for your LDAP provider you'll see a `Kerberos Integration` section.

topics/clients/client-oidc.adoc

@@ -85,7 +85,7 @@ Remember that you still have to click the `Save` button!
 Only wildcards, * ,are allowed at the end of of a URI, i.e. http://host.com/*
 
 You should take extra precautions when registering valid redirect URI patterns as if you make
-them too general you are vulnerable to attacks.  See <<fake/../../threat/redirect.adoc#_unspecific-redirect-uris, Security Vulnerabilities>> chapter
+them too general you are vulnerable to attacks.  See <<fake/../../threat/redirect.adoc#_unspecific-redirect-uris, Threat Model Mitigation>> chapter
 for more information.
 
 *Base URL*

topics/clients/client-registration.adoc

@@ -24,7 +24,7 @@ The token can be a standard bearer token, a initial access token or a registrati
 ===== Bearer Token
 
 The bearertoken can be issued on behalf of a user or a Service Account.
-The following permissions are required to invoke the endpoints (see <<_admin_permissions,Admin Permissions>> for more details): 
+The following permissions are required to invoke the endpoints (see <<fake/../../admin-console-permissions.adoc#_admin_permissions,Admin Permissions>> for more details):
 
 * create-client
 +`manage-client`
@@ -32,7 +32,8 @@ The following permissions are required to invoke the endpoints (see <<_admin_per
 +`manage-client`
 * manage-client                
 
-If you are using a regular bearer token to create clients we recommend using a token from on behalf of a Service Account with only the `create-client` role. See the <<fake/../../clients/oidc/service-accounts.adoc#_service_accounts,Service Accounts>> section for more details.
+If you are using a regular bearer token to create clients we recommend using a token from on behalf of a Service Account with only the `create-client` role.
+See the <<fake/../../clients/oidc/service-accounts.adoc#_service_accounts,Service Accounts>> section for more details.
 
 ===== Initial Access Token
 

topics/clients/protocol-mappers.adoc

@@ -34,7 +34,7 @@ Consent::
 Consent Text::
   If your client requires consent and the `Consent` switch is on, this is the text that will be displayed by the user.
   The value for this text is localizable by specifying a substitution variable with `$\{var-name}}` strings.  The
-  localized value is then configured within property files in your theme.  See the link:{{book.developerguide.link}}[book.developerguide.name]
+  localized value is then configured within property files in your theme.  See the link:{{book.developerguide.link}}[{{book.developerguide.name}}]
   for more information on localization.
 
 Most OIDC mappers also allow you to control where the claim gets put.  You can opt to include or exclude the claim from both the
@@ -43,7 +43,7 @@ _id_ and _access_ tokens by fiddling with the `Add to ID token` and `Add to acce
 Finaly, you can also add other mapper types.  if you go back to the `Mappers` tab, click the `Create` button.
 
 .Add Mapper
-image:../../{{book.images}}/add-mapper[]
+image:../../{{book.images}}/add-mapper.png[]
 
 Pick a `Mapper Type` from the list box.  If you hover over the tooltip, you'll see a description of what that mapper type does.
 Different config parameters will appear for different mapper types.

topics/groups/default-groups.adoc

@@ -2,7 +2,7 @@
 ==== Default Groups
 
 Default groups allow you to automatically assign group membership whenever any new user is created or imported through
-<<fake/../../../user-federation.adoc#_user-federation, User Federation>> or <<fake/../../../identity-broker.adoc_identity-broker, Identity Brokering>>.
+<<fake/../../user-federation.adoc#_user-storage-federation, User Storage Federation>> or <<fake/../../identity-broker.adoc#_identity-brokering, Identity Brokering>>.
 To specify _default groups go to the `Groups` left menu item, and click the `Default Groups` tab.
 
 .Default Roles

topics/roles/realm-client-roles.adoc

@@ -12,8 +12,8 @@ and hit the `Save` button.
 .Add Role
 image:../../{{book.images}}/role.png[]
 
-The value for the `description` field is localizable by specifying a substitution variable with `$\{var-name}}` strings.
+The value for the `description` field is localizable by specifying a substitution variable with `$\{var-name}` strings.
-The localized value is then configured within property files in your theme.  See the link:{{book.developerguide.link}}[book.developerguide.name]
+The localized value is then configured within property files in your theme.  See the link:{{book.developerguide.link}}[{{book.developerguide.name}}]
 for more information on localization.  If a client requires user _consent_, this description string will be displayed on the
 consent page for the user.
 

topics/users/impersonation.adoc

@@ -23,5 +23,5 @@ in as the user being impersonated.  If the admin and user are not in the same re
 be logged in as the user in that user's realm.  In both cases, the browser will be redirected to the impersonated user's User Accoutn Management
 page.
 
-Any user with the realm's `impersonation` role can impersonate a user.  Please see the <<fake/../../admin-permissions.adoc#_admin-permissions,Admin Permissions>> chapter
+Any user with the realm's `impersonation` role can impersonate a user.  Please see the <<fake/../../admin-console-permissions.adoc#_admin_permissions,Admin Console Access Control>> chapter
 for more details on assigning administration permissions.

topics/users/required-actions.adoc

@@ -27,7 +27,7 @@ action name.  Also remember to click the `Save` button after you've decided what
 ==== Default Required Actions
 
 You can also specify required actions that will be added to an account whenever a new user is created, i.e. through the `Add User` button the user
-list screen, or via the <<fake/../../registration.adoc#_registration, user registration>> link on the login page.  To specify
+list screen, or via the <<fake/../../users/user-registration.adoc#_user-registration, user registration>> link on the login page.  To specify
 the default required actions go to the `Authentication` left menu item and click on the `Required Actions` tab.
 
 .Default Required Actions

topics/users/user-registration.adoc

@@ -1,3 +1,4 @@
+[[_user-registration]]
 
 === User Registration