Merge pull request #9 from stianst/master

Fixes

topics/authentication/password-policies.adoc

@@ -35,7 +35,7 @@ HashAlgorithm::
   on how to plug in your own algorithm.  Note that if you do change the algorithm, password hashes will not change in storage until
   the next time the user logs in.
 HashIterations::
-  This value specifies the number of times a password will be hashed before it is stored or verified.  The default value is 1.
+  This value specifies the number of times a password will be hashed before it is stored or verified.  The default value is 20,000.
   This hashing is done in the rare case that a hacker gets access to your password database.  Once they have the database
   they can reverse engineer user passwords.
   The industry recommended value for this parameter changes every year as CPU power improves.  The current recommended value

topics/overview.adoc

@@ -6,6 +6,4 @@ in their organization.  Security features that developers normally have to write
 and are easily tailorable to the individual requirements of your organization.  {{book.project.name}} provides customizable
 user interfaces for login, registration, administration, and account management.  You can also use {{book.project.name}} as an
 integration platform to hook it into existing LDAP and Active Directory servers.  You can also delegate authentication to third
-party identity providers like Facebook and Google+.  {{book.project.name}} has tons of SPIs that you can use to customize every
+party identity providers like Facebook and Google+.
-aspect of the server.
-

topics/overview/features.adoc

@@ -1,37 +1,29 @@
 
 === Features
 
-* SSO and Single Log Out for browser applications
+* Single-Sign On and Single-Sign Out for browser applications
-* Social Login.  Enable Google, GitHub, Facebook, Twitter, and other social providers with no code required.
+* OpenID Connect support.
-* LDAP and Active Directory support.
+* OAuth 2.0 support.
-* Optional User Registration
+* SAML support.
-* Password and TOTP support (via Google Authenticator).  Client cert auth coming soon.
+* Identity Brokering - Authenticate with external OpenID Connect or SAML Identity Providers.
-* Forgot password support.  User can have an email sent to them
+* Social Login - Enable login with Google, GitHub, Facebook, Twitter, and other social networks.
-* Reset password/totp.  Admin can force a password reset, or set up a temporary password.
+* User Federation - Sync users from LDAP and Active Directory servers.
-* Not-before revocation policies per realm, application, or user.
+* Kerberos bridge - Automatically authenticate users that are logged-in to a Kerberos server.
-* User session management.  Admin can view user sessions and what applications/clients have an access token.  Sessions can be invalidated
+* Admin Console for central management of users, roles, role mappings, clients and configuration.
-  per realm or per user.
+* Account Management console that allows users to centrally manage their account.
-* Pluggable theme and style support for user facing screens. Login, grant pages, account mgmt, and admin console all
+* Theme support - Customize all user facing pages to integrate with your applications and branding.
-  can be styled, branded, and tailored to your application and organizational needs.
+* 2nd Factory Authentication - Support for TOTP/HOTP via Google Authenticator or FreeOTP
-* Integrated Browser App to REST Service token propagation
+* Login flows - optional user self-registration, recover password, verify email, require password update, etc.
-* OAuth Bearer token auth for REST Services
+* Session management - Admins and users themselves can view and manage user sessions.
-* OAuth 2.0 Grant requests
+* Token mappers - Map user attributes, roles, etc how you want into tokens and statements.
-* OpenID Connect Support.
+* Not-before revocation policies per realm, application and user.
-* SAML Support.
+* CORS support - Client adapters have built-in support for CORS
-* CORS Support
+{% if book.community %}
-* CORS Web Origin management and validation
+* Service Provider Interfaces (SPI) - A number of SPIs to enable customizing various aspects of the server. Authentication flows, user federation providers,
-* Completely centrally managed user and role mapping metadata.  Minimal configuration at the application side
+protocol mappers and many more.
-* Admin Console for managing users, roles, role mappings, clients, user sessions and allowed CORS web origins.
+* Client adapters for JavaScript applications, WildFly, JBoss EAP, Fuse, Tomcat, Jetty, Spring, etc.
-* Account Management console that allows users to manage their own account, view their open sessions, reset passwords, etc.
+{% endif %}
-* Deployable as a WAR, appliance, or on Openshift.  Completely clusterable.
+{% if book.product %}
-* Multitenancy support.  You can host and manage multiple realms for multiple organizations.   In the same auth server
+* Client adapters for JavaScript applications, JBoss EAP, Fuse, etc.
-  and even within the same deployed application.
+{% endif %}
-* Identity brokering/chaining.  You can make the {{book.project.name}} server a child IDP to another SAML 2.0 or OpenID Connect IDP.
+* Supports any platform/language that has an OpenID Connect Resource Provider library or SAML 2.0 Service Provider library
-* Token claim, assertion, and attribute mappings.  You can map user attributes, roles, and role names however you want
-  into a OIDC ID Token, Access Token, SAML attribute statements, etc.  This feature allows you to basically
-  tailor how you want auth responses to look.
-* Can support any platform that has an Open ID Connect or SAML 2.0 client adapter.  {{book.project.name}} does provide
-  client adapters for Pure HTML5/JavaScript apps, JBoss AS7, JBoss EAP 6.x, JBoss EAP 7, Wildfly, Tomcat 7,
-  Tomcat 8, Jetty 9.1.x, Jetty 9.2.x, and Jetty 8.1.x.
-* Tons of SPIs for customizing every aspect of the server.
-