Merge pull request #1 from stianst/master

Re-structuring

.gitignore

@@ -1,3 +1,6 @@
+_book
+node_modules
+
 # Intellij
 ###################
 .idea

README.adoc

@@ -1,10 +1,10 @@
 
-Securing Client Applications Guide
-======================
+{{book.title}}
+===========================================
 
 image:images/keycloak_logo.png[alt="Keycloak"]
 
-*Keycloak* _Documentation_ for {{book.versions.swarm}}
+*Keycloak* _Documentation_ for {{book.project.version}}
 
 http://www.keycloak.org
 

SUMMARY.adoc

@@ -1,25 +1,49 @@
-== Securing Client Applications Guide
-
-//. link:topics/templates/document-attributes.adoc[]
-:imagesdir: images
+= {{book.title}}
 
  . link:topics/preface.adoc[Preface]
- . link:topics/Overview.adoc[Overview]
- . link:topics/oidc.adoc[OpenID Connect Client Adapters]
- .. link:topics/jboss-adapter.adoc[JBoss/Wildfly Adapter]
- .. link:topics/tomcat-adapter.adoc[Tomcat 6, 7 and 8 Adapters]
- .. link:topics/jetty9-adapter.adoc[Jetty 9.x Adapters]
- .. link:topics/jetty8-adapter.adoc[Jetty 8.1.x Adapter]
- .. link:topics/servlet-filter-adapter.adoc[Java Servlet Filter Adapter]
- .. link:topics/fuse-adapter.adoc[JBoss Fuse and Apache Karaf Adapter]
- .. link:topics/javascript-adapter.adoc[Javascript Adapter]
- .. link:topics/spring-boot-adapter.adoc[Spring Boot Adapter]
- .. link:topics/spring-security-adapter.adoc[Spring Security Adapter]
- .. link:topics/installed-applications.adoc[Installed Applications]
- .. link:topics/logout.adoc[Logout]
- .. link:topics/adapter_error_handling.adoc[Error Handling]
- .. link:topics/multi-tenancy.adoc[ Multi Tenancy]
- .. link:topics/jaas.adoc[JAAS plugin]
- . link:topics/saml.adoc[SAML Client Adapters]
+ . link:topics/overview/overview.adoc[Overview]
+   .. link:topics/overview/what-are-client-adapters.adoc[What are Client Adapters?]
+   .. link:topics/overview/supported-protocols.adoc[Supported Protocols]
+
+ . link:topics/oidc/oidc-overview.adoc[OpenID Connect]
+
+   .. link:topics/oidc/java/java-adapters.adoc[Java Adapters]
+      ... link:topics/oidc/java/java-adapter-config.adoc[Java Adapters Config]
+      ... link:topics/oidc/java/jboss-adapter.adoc[JBoss EAP/Wildfly Adapter]
+      ... link:topics/oidc/java/fuse-adapter.adoc[JBoss Fuse and Apache Karaf Adapter]
+      {% if book.community %}
+      ... link:topics/oidc/java/tomcat-adapter.adoc[Tomcat 6, 7 and 8 Adapters]
+      ... link:topics/oidc/java/jetty9-adapter.adoc[Jetty 9.x Adapters]
+      ... link:topics/oidc/java/jetty8-adapter.adoc[Jetty 8.1.x Adapter]
+      ... link:topics/oidc/java/spring-boot-adapter.adoc[Spring Boot Adapter]
+      ... link:topics/oidc/java/spring-security-adapter.adoc[Spring Security Adapter]
+      {% endif %}
+      ... link:topics/oidc/java/servlet-filter-adapter.adoc[Java Servlet Filter Adapter]
+      ... link:topics/oidc/java/jaas.adoc[JAAS plugin]
+      ... link:topics/oidc/java/adapter-context.adoc[Keycloak Security Context]
+      ... link:topics/oidc/java/adapter_error_handling.adoc[Error Handling]
+      ... link:topics/oidc/java/logout.adoc[Logout]
+      ... link:topics/oidc/java/multi-tenancy.adoc[Multi Tenancy]
+
+   .. link:topics/oidc/javascript-adapter.adoc[JavaScript Adapter]
+
+   .. link:topics/oidc/oidc-generic.adoc[Other OpenID Connect libraries]
+
+ . link:topics/saml/saml-overview.adoc[SAML]
+
+
+// . link:topics/oidc.adoc[OpenID Connect Client Adapters]
+
+//
+//
+//{% if book.community %}
+//
+//
+//{% endif %}
+// .. link:topics/installed-applications.adoc[Installed Applications]
+//
+//
+//
+// . link:topics/saml.adoc[SAML Client Adapters]
 
 

book.json

@@ -0,0 +1,39 @@
+{
+  "gitbook": "2.x.x",
+  "structure": {
+    "readme": "README.adoc"
+  },
+  "plugins": [
+    "toggle-chapters",
+    "ungrey",
+    "splitter"
+  ],
+  "variables": {
+    "title": "Keycloak Securing Client Applications Guide",
+    "community": true,
+    "product": false,
+    "images": "keycloak-images",
+    "appserver": {
+      "name": "Wildfly",
+      "version": "10"
+    },
+    "adminguide": {
+      "name": "Keycloak Administration Guide",
+      "link": "https://keycloak.gitbooks.io/server-adminstration-guide/content/"
+    },
+    "web": {
+      "docs": {
+        "name": "keycloak.org/docs",
+        "link": "http://keycloak.org/docs"
+      },
+      "downloads": {
+        "name": "keycloak.org/downloads",
+        "link": "http://keycloak.org/downloads"
+      }
+    },
+    "project": {
+      "name": "Keycloak",
+      "version": "1.9.5.Final"
+    }
+  }
+}

build.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+cd $(readlink -f `dirname $0`)
+
+python gitlab-conversion.py
+cd target
+asciidoctor master.adoc
+
+xdg-open master.html

gitlab-conversion.py

@@ -0,0 +1,107 @@
+import sys, os, re, json, shutil, errno
+
+def transform(root, f, targetdir):
+    full = os.path.join(root, f)
+    input = open(full, 'r').read()
+    dir = os.path.join(targetdir, root)
+    if not os.path.exists(dir):
+        os.makedirs(dir)
+    output = open(os.path.join(dir, f), 'w')
+    input = applyTransformation(input)
+    output.write(input)
+
+
+def applyTransformation(input):
+    for variable in re.findall(r"\{\{(.*?)\}\}", input):
+        tmp = variable.replace('.', '_')
+        input = input.replace(variable, tmp)
+    input = input.replace('{{', '{').replace('}}', '}')
+    input = re.sub(r"<<fake.+#", "<<", input)
+    for variable in re.findall(r"[ ]*{% if (.*?) %}", input):
+        tmp = variable.replace('.', '_')
+        input = input.replace(variable, tmp)
+    exp = re.compile("[ ]*{% if (.*?) %}(.*?)[ ]*{% endif %}", re.DOTALL)
+    input = re.sub(exp, "ifeval::[{\g<1>}==true]\g<2>endif::[]", input)
+    input = re.sub(r"image:(\.\./)*", "image:", input)
+    input = re.sub(r"image::(\.\./)*", "image::", input)
+    return input
+
+
+indir = 'topics'
+targetdir = 'target'
+if len(sys.argv) > 1:
+    targetdir = sys.argv[1]
+
+shutil.rmtree(os.path.join(targetdir, 'images'), ignore_errors=True)
+shutil.rmtree(os.path.join(targetdir, 'keycloak-images'), ignore_errors=True)
+shutil.rmtree(os.path.join(targetdir, 'rhsso-images'), ignore_errors=True)
+shutil.copytree('images',os.path.join(targetdir, 'images'))
+#shutil.copytree('keycloak-images',os.path.join(targetdir, 'keycloak-images'))
+#shutil.copytree('rhsso-images',os.path.join(targetdir, 'rhsso-images'))
+
+tmp = os.path.join(targetdir, 'topics')
+if not os.path.exists(tmp):
+    os.makedirs(tmp)
+
+# transform files
+for root, dirs, filenames in os.walk(indir):
+    for f in filenames:
+        transform(root,f,targetdir)
+
+# Create master.doc includes
+input = open('SUMMARY.adoc', 'r').read()
+output = open(os.path.join(targetdir, 'master.adoc'), 'w')
+
+output.write("""
+:toc:
+:toclevels: 3
+:numbered:
+
+include::document-attributes.adoc[]
+""")
+
+input = re.sub(r"[ ]*\.+\s*link:(.*)\[(.*)\]", "include::\g<1>[]", input)
+input = applyTransformation(input)
+output.write(input)
+
+# parse book.json file and create document attributes
+with open('book.json') as data_file:
+    data = json.load(data_file)
+
+variables = data['variables']
+
+def makeAttributes(variables, variable, list):
+    for i in variables.keys():
+        if variable is None:
+            tmp = i
+        else:
+            tmp = variable + '_' + i
+        if isinstance(variables[i],dict):
+            makeAttributes(variables[i], tmp, list)
+        elif isinstance(variables[i],bool):
+            boolval = 'false'
+            if variables[i]:
+                boolval = 'true'
+            list.append({tmp: boolval})
+        else:
+            list.append({tmp: str(variables[i])})
+
+
+attributeList = []
+makeAttributes(variables, None, attributeList)
+
+output = open(os.path.join(targetdir, 'document-attributes.adoc'), 'w')
+for attribute in attributeList:
+    for k in attribute.keys():
+        output.write(':book_' + k + ": " + attribute[k] + "\n")
+
+print "Transformation complete!"
+
+
+
+
+
+
+
+
+

topics/oidc/java/adapter-context.adoc

@@ -1,10 +1,4 @@
-= KeycloakSecurityContext
-:doctype: book
-:sectnums:
-:toc: left
-:icons: font
-:experimental:
-:sourcedir: .
+=== Keycloak Security Context
 
 The `KeycloakSecurityContext` interface is available if you need to look at the access token directly.
 This context is also useful if you need to get the encoded access token so you can make additional REST invocations.

topics/oidc/java/adapter_error_handling.adoc

@@ -1,6 +1,6 @@
 
 [[_adapter_error_handling]]
-= Error Handling
+=== Error Handling
 
 Keycloak has some error handling facilities for servlet based client adapters.
 When an error is encountered in authentication, keycloak will call `HttpServletResponse.sendError()`.

topics/oidc/java/fuse-adapter.adoc

@@ -1,6 +1,6 @@
 
 [[_fuse_adapter]]
-= JBoss Fuse and Apache Karaf Adapter
+=== JBoss Fuse and Apache Karaf Adapter
 
 Currently Keycloak supports securing your web applications running inside http://www.jboss.org/products/fuse/overview/[JBoss Fuse]        or http://karaf.apache.org/[Apache Karaf] . It leverages <<_jetty8_adapter,Jetty 8 adapter>> as both JBoss Fuse 6.1 and Apache Karaf 3 are bundled with http://eclipse.org/jetty/[Jetty 8.1 server] under the covers and Jetty is used for running various kinds of web applications. 
 

topics/oidc/java/jaas.adoc

@@ -1,6 +1,6 @@
 
 [[_jaas_adapter]]
-= JAAS plugin
+=== JAAS plugin
 
 It's generally not needed to use JAAS for most of the applications, especially if they are HTTP based, but directly choose one of our adapters.
 However some applications and systems may still rely on pure legacy JAAS solution.

topics/oidc/java/java-adapter-config.adoc

@@ -1,17 +1,6 @@
 
-[[_adapter_config]]
-
-= Adapters
-
-Keycloak can secure a wide variety of application types.
-This section defines which application types are supported and how to configure and install them so that you can use Keycloak to secure your applications. 
-
-These client adapters use an extension of the OpenID Connect protocol (a derivate of OAuth 2.0). This extension provides support for clustering, backchannel logout, and other non-standard adminstrative functions.
-The Keycloak project also provides a separate, standalone, generic, SAML client adapter.
-But that is describe in a separate document and has a different download. 
-
-
-== General Adapter Config
+[[_java_adapter_config]]
+=== Java Adapter Config
 
 Each adapter supported by Keycloak can be configured by a simple JSON text file.
 This is what one might look like:

topics/oidc/java/java-adapters.adoc

@@ -0,0 +1 @@
+== Java Adapters

topics/oidc/java/jboss-adapter.adoc

@@ -1,6 +1,6 @@
 
 [[_jboss_adapter]]
-= JBoss/Wildfly Adapter
+=== JBoss/Wildfly Adapter
 
 To be able to secure WAR apps deployed on JBoss AS 7.1.1, JBoss EAP 6.x, or Wildfly, you must install and configure the Keycloak Subsystem.
 You then have two options to secure your WARs.
@@ -9,7 +9,7 @@ Alternatively, you don't have to crack open your WARs at all and can apply Keycl
 Both methods are described in this section. 
 
 [[_jboss_adapter_installation]]
-== Adapter Installation
+==== Adapter Installation
 
 Adapters are no longer included with the appliance or war distribution.
 Each adapter is a separate download on the Keycloak download site.
@@ -144,7 +144,7 @@ public class CustomerService {
 
 We hope to improve our integration in the future so that you don't have to specify the @SecurityDomain annotation when you want to propagate a keycloak security context to the EJB tier. 
 
-== Required Per WAR Configuration
+==== Required Per WAR Configuration
 
 This section describes how to secure a WAR directly by adding config and editing files within your WAR package. 
 
@@ -206,7 +206,7 @@ Here's an example pulled from one of the examples that comes distributed with Ke
 </web-app>
 ----        
 
-== Securing WARs via Keycloak Subsystem
+==== Securing WARs via Keycloak Subsystem
 
 You do not have to crack open a WAR to secure it with Keycloak.
 Alternatively, you can externally secure it via the Keycloak Adapter Subsystem.

topics/oidc/java/jetty8-adapter.adoc

@@ -1,13 +1,13 @@
 
 [[_jetty8_adapter]]
-= Jetty 8.1.x Adapter
+=== Jetty 8.1.x Adapter
 
 Keycloak has a separate adapter for Jetty 8.1.x that you will have to install into your Jetty installation.
 You then have to provide some extra configuration in each WAR you deploy to Jetty.
 Let's go over these steps. 
 
 [[_jetty8_adapter_installation]]
-== Adapter Installation
+==== Adapter Installation
 
 Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on the Keycloak download site.
 They are also available as a maven artifact. 
@@ -40,7 +40,7 @@ Edit start.ini and add keycloak to the options
 OPTIONS=Server,jsp,jmx,resources,websocket,ext,plus,annotations,keycloak
 ----        
 
-== Required Per WAR Configuration
+==== Required Per WAR Configuration
 
 Enabling Keycloak for your WARs is the same as the Jetty 9.x adapter.
 Our 8.1.x adapter supports both keycloak.json and the jboss-web.xml advanced configuration.

topics/oidc/java/jetty9-adapter.adoc

@@ -1,13 +1,13 @@
 
 [[_jetty9_adapter]]
-= Jetty 9.x Adapters
+=== Jetty 9.x Adapters
 
 Keycloak has a separate adapter for Jetty 9.1.x and Jetty 9.2.x that you will have to install into your Jetty installation.
 You then have to provide some extra configuration in each WAR you deploy to Jetty.
 Let's go over these steps. 
 
 [[_jetty9_adapter_installation]]
-== Adapter Installation
+==== Adapter Installation
 
 Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on the Keycloak download site.
 They are also available as a maven artifact. 
@@ -34,7 +34,7 @@ $ java -jar $JETTY_HOME/start.jar --add-to-startd=keycloak
 ----        
 
 [[_jetty9_per_war]]
-== Required Per WAR Configuration
+==== Required Per WAR Configuration
 
 This section describes how to secure a WAR directly by adding config and editing files within your WAR package. 
 

topics/oidc/java/logout.adoc

@@ -1,5 +1,5 @@
 
-= Logout
+=== Logout
 
 There are multiple ways you can logout from a web application.
 For Java EE servlet containers, you can call HttpServletRequest.logout(). For any other browser application, you can point the browser at the url `http://auth-server/auth/realms/{realm-name}/tokens/logout?redirect_uri=encodedRedirectUri`.

topics/oidc/java/multi-tenancy.adoc

@@ -1,5 +1,5 @@
 
-= Multi Tenancy
+=== Multi Tenancy
 
 Multi Tenancy, in our context, means that one single target application (WAR) can be secured by a single (or clustered) Keycloak server, authenticating its users against different realms.
 In practice, this means that one application needs to use different `keycloak.json` files.

topics/oidc/java/servlet-filter-adapter.adoc

@@ -1,5 +1,5 @@
 
-= Java Servlet Filter Adapter
+=== Java Servlet Filter Adapter
 
 If you want to use Keycloak with a Java servlet application that doesn't have an adapter for that servlet platform, you can opt to use the servlet filter adapter that Keycloak has.
 This adapter works a little differently than the other adapters.

topics/oidc/java/spring-boot-adapter.adoc

@@ -1,11 +1,11 @@
 
-= Spring Boot Adapter
+=== Spring Boot Adapter
 
 To be able to secure Spring Boot apps you must add the Keycloak Spring Boot adapter JAR to your app.
 You then have to provide some extra configuration via normal Spring Boot configuration (`application.properties`).  Let's go over these steps. 
 
 [[_spring_boot_adapter_installation]]
-== Adapter Installation
+==== Adapter Installation
 
 The Keycloak Spring Boot adapter takes advantage of Spring Boot's autoconfiguration so all you need to do is add the Keycloak Spring Boot adapter JAR to your project.
 Depending on what container you are using with Spring Boot, you also need to add the appropriate Keycloak container adapter.
@@ -29,7 +29,7 @@ If you are using Maven, add the following to your pom.xml (using Tomcat as an ex
 ----        
 
 [[_spring_boot_adapter_configuration]]
-== Required Spring Boot Adapter Configuration
+==== Required Spring Boot Adapter Configuration
 
 This section describes how to configure your Spring Boot app to use Keycloak. 
 

topics/oidc/java/spring-security-adapter.adoc

@@ -1,5 +1,5 @@
 
-= Spring Security Adapter
+=== Spring Security Adapter
 
 To secure an application with Spring Security and Keycloak, add this adapter as a dependency to your project.
 You then have to provide some extra beans in your Spring Security configuration file and add the Keycloak security filter to your pipeline. 
@@ -7,7 +7,7 @@ You then have to provide some extra beans in your Spring Security configuration
 Unlike the other Keycloak Adapters, you should not configure your security in web.xml.
 However, keycloak.json is still required. 
 
-== Adapter Installation
+==== Adapter Installation
 
 Add Keycloak Spring Security adapter as a dependency to your Maven POM or Gradle build. 
 
@@ -23,11 +23,11 @@ Add Keycloak Spring Security adapter as a dependency to your Maven POM or Gradle
 </dependency>
 ----        
 
-== Spring Security Configuration
+==== Spring Security Configuration
 
 The Keycloak Spring Security adapter takes advantage of Spring Security's flexible security configuration syntax. 
 
-=== Java Configuration
+===== Java Configuration
 
 Keycloak provides a KeycloakWebSecurityConfigurerAdapter as a convenient base class for creating a http://docs.spring.io/spring-security/site/docs/4.0.x/apidocs/org/springframework/security/config/annotation/web/WebSecurityConfigurer.html[WebSecurityConfigurer]                instance.
 The implementation allows customization by overriding methods.
@@ -78,7 +78,7 @@ You must provide a session authentication strategy bean which should be of type
 Spring Security's `SessionFixationProtectionStrategy` is currently not supported because it changes the session identifier after login via Keycloak.
 If the session identifier changes, universal log out will not work because Keycloak is unaware of the new session identifier. 
 
-=== XML Configuration
+===== XML Configuration
 
 While Spring Security's XML namespace simplifies configuration, customizing the configuration can be a bit verbose. 
 
@@ -148,13 +148,13 @@ While Spring Security's XML namespace simplifies configuration, customizing the
 </beans>
 ----            
 
-== Multi Tenancy
+==== Multi Tenancy
 
 The Keycloak Spring Security adapter also supports multi tenancy.
 Instead of injecting `AdapterDeploymentContextFactoryBean` with the path to `keycloak.json` you can inject an implementation of the `KeycloakConfigResolver` interface.
 More details on how to implement the `KeycloakConfigResolver` can be found in <<_multi_tenancy>>. 
 
-== Naming Security Roles
+==== Naming Security Roles
 
 Spring Security, when using role-based authentication, requires that role names start with `ROLE_`.
 For example, an administrator role must be declared in Keycloak as `ROLE_ADMIN` or similar, not simply `ADMIN`. 
@@ -163,7 +163,7 @@ The class `org.keycloak.adapters.springsecurity.authentication.KeycloakAuthentic
 Use, for example, `org.springframework.security.core.authority.mapping.SimpleAuthorityMapper` to insert the `ROLE_` prefix and convert the role name to upper case.
 The class is part of Spring Security Core module. 
 
-== Client to Client Support
+==== Client to Client Support
 
 To simplify communication between clients, Keycloak provides an extension of Spring's `RestTemplate` that handles bearer token authentication for you.
 To enable this feature your security configuration must add the `KeycloakRestTemplate` bean.
@@ -227,7 +227,7 @@ public class RemoteProductService implements ProductService {
 }
 ----        
 
-== Spring Boot Configuration
+==== Spring Boot Configuration
 
 Spring Boot attempts to eagerly register filter beans with the web application context.
 Therefore, when running the Keycloak Spring Security adapter in a Spring Boot environment, it may be necessary to add two ``FilterRegistrationBean``s to your security configuration to prevent the Keycloak filters from being registered twice. 

topics/oidc/java/tomcat-adapter.adoc

@@ -1,13 +1,13 @@
 
 [[_tomcat_adapter]]
-= Tomcat 6, 7 and 8 Adapters
+=== Tomcat 6, 7 and 8 Adapters
 
 To be able to secure WAR apps deployed on Tomcat 6, 7 and 8 you must install the Keycloak Tomcat 6, 7 or 8 adapter into your Tomcat installation.
 You then have to provide some extra configuration in each WAR you deploy to Tomcat.
 Let's go over these steps. 
 
 [[_tomcat_adapter_installation]]
-== Adapter Installation
+==== Adapter Installation
 
 Adapters are no longer included with the appliance or war distribution.
 Each adapter is a separate download on the Keycloak download site.
@@ -28,7 +28,7 @@ $ unzip keycloak-tomcat7-adapter-dist.zip
 $ unzip keycloak-tomcat8-adapter-dist.zip
 ----    
 
-== Required Per WAR Configuration
+==== Required Per WAR Configuration
 
 This section describes how to secure a WAR directly by adding config and editing files within your WAR package. 
 

topics/oidc/javascript-adapter.adoc

@@ -1,5 +1,5 @@
 
-= Javascript Adapter
+== Javascript Adapter
 
 The Keycloak Server comes with a Javascript library you can use to secure HTML/Javascript applications.
 This library is referenceable directly from the keycloak server.

topics/oidc/oidc-generic.adoc

@@ -1,10 +1,29 @@
+== Other OpenID Connect libraries
 
-= Installed Applications
+OAuth2 https://tools.ietf.org/html/rfc6749
+OpenID Connect http://openid.net/connect/
+
+
+=== Endpoints
+
+TODO
+
+=== Flows
+
+==== Authorization Grant
+
+==== Implicit
+
+==== Resource Owner Password Credentials
+
+==== Client Credentials
+
+=== Redirect URIs
 
 Keycloak provides two special redirect uris for installed applications.
 
 [[_installed_applications_url]]
-== Installed Applications url
+==== Installed Applications url
 
 http://localhost
 
@@ -13,7 +32,7 @@ Any port number is allowed.
 This makes it possible to start a web server for the installed application on any free port number without requiring changes in the `Admin Console`.
 
 [[_installed_applications_urn]]
-== Installed Applications urn
+==== Installed Applications urn
 
 `urn:ietf:wg:oauth:2.0:oob`
 
@@ -21,3 +40,7 @@ If its not possible to start a web server in the client (or a browser is not ava
 When this redirect uri is used Keycloak displays a page with the code in the title and in a box on the page.
 The application can either detect that the browser title has changed, or the user can copy/paste the code manually to the application.
 With this redirect uri it is also possible for a user to use a different device to obtain a code to paste back to the application.
+
+=== Session Management
+
+=== Dynamic Client Registration

topics/oidc/oidc-overview.adoc

@@ -0,0 +1,8 @@
+== OpenID Connect
+
+Keycloak can secure a wide variety of application types.
+This section defines which application types are supported and how to configure and install them so that you can use Keycloak to secure your applications.
+
+These client adapters use an extension of the OpenID Connect protocol (a derivate of OAuth 2.0). This extension provides support for clustering, backchannel logout, and other non-standard adminstrative functions.
+The Keycloak project also provides a separate, standalone, generic, SAML client adapter.
+But that is describe in a separate document and has a different download.

topics/preface.adoc

@@ -1,4 +1,4 @@
-= Preface
+== Preface
 
 In some of the example listings, what is meant to be displayed on one line does not fit inside the available page width.These lines have been broken up. A '\' at the end of a line means that a break has been introduced to fit in the page, with the following lines indented.
 So: 

topics/saml/saml-overview.adoc

@@ -0,0 +1 @@
+== SAML