From 4a09aea087e0a0292bccedd302d5ec1d19b587bd Mon Sep 17 00:00:00 2001 From: Jan Lieskovsky Date: Fri, 14 Dec 2018 22:11:46 +0100 Subject: [PATCH] [General] Drop the duplicate 'Creating Administrator Account for {project_name} Server' paragraph from the 'Get Started' section Keep the copy present in 'Advanced Concept's section, because it is more updated & already present part of the book dedicated to advanced topics (see 7.2 guide for reference) Signed-off-by: Jan Lieskovsky --- openshift/topics/advanced_concepts.adoc | 29 +++--- openshift/topics/get_started.adoc | 118 +----------------------- openshift/topics/tutorials.adoc | 10 +- 3 files changed, 23 insertions(+), 134 deletions(-) diff --git a/openshift/topics/advanced_concepts.adoc b/openshift/topics/advanced_concepts.adoc index f466efb747..0a8adb003a 100644 --- a/openshift/topics/advanced_concepts.adoc +++ b/openshift/topics/advanced_concepts.adoc @@ -262,7 +262,7 @@ and access the {project_name} administrator console at: * *\https://secure-sso-sso-app-demo.openshift.example.com/auth/admin* * *\http://sso-sso-app-demo.openshift.example.com/auth/admin* -using the xref:../advanced_concepts/advanced_concepts.adoc#advanced-concepts-sso-administrator-setup[administrator account]. +using the xref:sso-administrator-setup[administrator account]. [[advanced-concepts-sso-hostname-spi-setup]] === Customizing Hostname for the {project_name} Server @@ -318,10 +318,10 @@ If successful, the previous command will return the following output: route "sso" patched ---- -[[advanced-concepts-sso-administrator-setup]] -=== Creating Administrator Account for Red Hat Single Sign-On Server +[[sso-administrator-setup]] +=== Creating the Administrator Account for {project_name} Server -Red Hat Single Sign-On does not provide any pre-configured management account out of the box. This administrator account is necessary for logging into the `master` realm's management console and perform server maintenance operations such as, creating realms or users, or registering applications intended to be secured by Red Hat Single Sign-On. +{project_name} does not provide any pre-configured management account out of the box. This administrator account is necessary for logging into the `master` realm's management console and perform server maintenance operations such as, creating realms or users, or registering applications intended to be secured by {project_name}. The administrator account can be created: @@ -330,13 +330,13 @@ The administrator account can be created: [NOTE] ==== -Red Hat Single Sign-On allows an initial administrator account to be created via the link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.2/html-single/getting_started_guide/#creating_the_admin_account[Welcome Page] web form, but only if the Welcome Page is accessed from localhost; this method of administrator account creation is not applicable for the {project_openshift_product_name} image. +{project_name} allows an initial administrator account to be created via the link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.2/html-single/getting_started_guide/#creating_the_admin_account[Welcome Page] web form, but only if the Welcome Page is accessed from localhost; this method of administrator account creation is not applicable for the {project_openshift_product_name} image. ==== -[[advanced-concepts-sso-admin-template-parameters]] -==== Creating {project_name} Administrator Account via Template Parameters +[[sso-admin-template-parameters]] +==== Creating the Administrator Account Using Template Parameters -When deploying {project_name} application template, *_SSO_ADMIN_USERNAME_* and *_SSO_ADMIN_PASSWORD_* parameters denote the username and password of the {project_name} server's administrator account to be created for the `master` realm. +When deploying {project_name} application template, the *_SSO_ADMIN_USERNAME_* and *_SSO_ADMIN_PASSWORD_* parameters denote the username and password of the {project_name} server's administrator account to be created for the `master` realm. [NOTE] ==== @@ -381,8 +381,8 @@ $ oc set env dc/sso \ ---- ==== -[[advanced-concepts-sso-admin-remote-shell]] -==== Creating {project_name} Administrator Account via Remote Shell Session to {project_name} Pod +[[sso-admin-remote-shell]] +==== Creating the Administrator Account via Remote Shell Session to {project_name} Pod Run following commands to create an administrator account for the `master` realm of the {project_name} server, when deploying the {project_openshift_product_name} image directly from the image stream (without the xref:../introduction/introduction.adoc#sso-templates[template]), after the {project_name} application pod has been started: @@ -407,13 +407,16 @@ sh-4.2$ [source,bash,subs="attributes+,macros+"] ---- sh-4.2$ cd /opt/eap/bin/ -sh-4.2$ ./add-user-keycloak.sh -r master -u sso_admin -p sso_password +sh-4.2$ ./add-user-keycloak.sh \ + -r master \ + -u sso_admin \ + -p sso_password Added 'sso_admin' to '/opt/eap/standalone/configuration/keycloak-add-user.json', restart server to load user ---- + [NOTE] ==== -The `sso_admin`/`sso_password` credentials in the example above are for demonstration purposes only. Refer to the password policy applicable within your organization for guidance on how to create a secure user name and password. +The 'sso_admin' / 'sso_password' credentials in the example above are for demonstration purposes only. Refer to the password policy applicable within your organization for guidance on how to create a secure user name and password. ==== . Restart the underlying JBoss EAP server instance to load the newly added user account. Wait for the server to restart properly. + @@ -441,7 +444,7 @@ After the {project_name} web server pod has started, it can be accessed at its c * *\http://sso-__.__/auth/admin*: for the {project_name} web server, and * *\https://secure-sso-__.__/auth/admin*: for the encrypted {project_name} web server. -Use the xref:../advanced_concepts/advanced_concepts.adoc#advanced-concepts-sso-administrator-setup[administrator user credentials] to log in into the `master` realm’s administration console. +Use the xref:sso-administrator-setup[administrator user credentials] to log in into the `master` realm’s administration console. [[SSO-Clients]] === {project_name} Clients diff --git a/openshift/topics/get_started.adoc b/openshift/topics/get_started.adoc index 9d194b60ff..6b473f4d5b 100644 --- a/openshift/topics/get_started.adoc +++ b/openshift/topics/get_started.adoc @@ -109,120 +109,6 @@ $ oc secrets link "success", - "result" => undefined -} ----- -+ -[WARNING] -==== -When restarting the server it is important to restart just the JBoss EAP process within the running {project_name} container, and not the whole container. Because restarting the whole container recreates it from scratch, without the {project_name} server administration account for the `master` realm to be created. -==== -. Log into the `master` realm's administration console of the {project_name} server using the the credentials created in the steps above. In the browser, navigate to *\http://sso-./auth/admin* for the {project_name} web server, or to *\https://secure-sso-./auth/admin* for the encrypted {project_name} web server, and specify user name and password used to create the administrator user. - ==== Using the OpenShift Web Console Log in to the OpenShift web console: @@ -321,7 +207,7 @@ The EAP 6.4 / 7.1 JSP service application requires dedicated {project_name} real + *\https://secure-sso-sso-app-demo.openshift.example.com/auth/admin* + -Use the xref:sso_server.adoc#sso-administrator-setup[credentials of the {project_name} administrator user]. +Use the xref:sso-administrator-setup[credentials of the {project_name} administrator user]. . Hover your cursor over the realm namespace (default is *Master*) at the top of the sidebar and click *Add Realm*. . Enter a realm name (this example uses `demo`) and click *Create*. @@ -807,7 +693,7 @@ Perform the following steps to add the `appuser` to the `admin` {project_name} r + *\https://secure-sso-sso-app-demo.openshift.example.com/auth/admin*. + -Use the xref:sso_server.adoc#sso-administrator-setup[credentials of the {project_name} administrator user]. +Use the xref:sso-administrator-setup[credentials of the {project_name} administrator user]. . Click *Users* in the *Manage* sidebar to view the user information for the `demo` realm. . Click *View all users* button. . Click the ID link for the *appuser* or alternatively click the *Edit* button in the *Actions* column. diff --git a/openshift/topics/tutorials.adoc b/openshift/topics/tutorials.adoc index aa92027f24..8be4347cb5 100644 --- a/openshift/topics/tutorials.adoc +++ b/openshift/topics/tutorials.adoc @@ -39,7 +39,7 @@ The EAP 6.4 / 7.1 JSP service application requires dedicated {project_name} real + *\https://secure-sso-sso-app-demo.openshift.example.com/auth/admin* + -Use the xref:sso_server.adoc#sso-administrator-setup[credentials of the {project_name} administrator user]. +Use the xref:sso-administrator-setup[credentials of the {project_name} administrator user]. . Hover your cursor over the realm namespace (default is *Master*) at the top of the sidebar and click *Add Realm*. . Enter a realm name (this example uses `demo`) and click *Create*. @@ -608,7 +608,7 @@ When the *_SSO_REALM_* configuration variable is set on the {project_openshift_p + . Click *Create* to deploy the application template and start pod deployment. This may take a couple of minutes. + -Then access the {project_name} web console at *$$https://secure-sso-$$__.__/auth/admin* using the xref:../advanced_concepts/advanced_concepts.adoc#sso-administrator-setup[administrator account]. +Then access the {project_name} web console at *$$https://secure-sso-$$__.__/auth/admin* using the xref:sso-administrator-setup[administrator account]. + [NOTE] ==== @@ -737,7 +737,7 @@ Configure OpenShift to use the {project_name} deployment as the authorization ga This example adds {project_name} as an authentication method alongside the HTPasswd method configured in the https://access.redhat.com/documentation/en/red-hat-xpaas/0/single/openshift-primer/#understand_roles_and_authentication[OpenShift Primer]. Once configured, both methods will be available for user login to your OpenShift web console. ==== Configuring {project_name} Credentials -Log in to the encrypted {project_name} web server at *$$https://secure-sso-$$_sso-app-demo_._openshift32.example.com_/auth/admin* using the xref:../advanced_concepts/advanced_concepts.adoc#sso-administrator-setup[administrator account] created during the {project_name} deployment. +Log in to the encrypted {project_name} web server at *$$https://secure-sso-$$_sso-app-demo_._openshift32.example.com_/auth/admin* using the xref:sso-administrator-setup[administrator account] created during the {project_name} deployment. *Create a Realm* @@ -901,7 +901,7 @@ $ oc secrets link default eap-ssl-secret eap-jgroup-secret ---- ==== Preparing the {project_name} Credentials -Log in to the encrypted {project_name} web server at *$$https://secure-sso-$$__.__/auth/admin* using the xref:../advanced_concepts/advanced_concepts.adoc#sso-administrator-setup[administrator account] created during the {project_name} deployment. +Log in to the encrypted {project_name} web server at *$$https://secure-sso-$$__.__/auth/admin* using the xref:sso-administrator-setup[administrator account] created during the {project_name} deployment. *Create a Realm* @@ -1019,7 +1019,7 @@ This example uses a SAML client but an OpenID-Connect client could also be used. ==== ==== Preparing the {project_name} Credentials -Log in to the encrypted {project_name} web server at *$$https://secure-sso-$$__.__/auth/admin* using the xref:../advanced_concepts/advanced_concepts.adoc#sso-administrator-setup[administrator account] created during the {project_name} deployment. +Log in to the encrypted {project_name} web server at *$$https://secure-sso-$$__.__/auth/admin* using the xref:sso-administrator-setup[administrator account] created during the {project_name} deployment. *Create a Realm*