libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Minor updates to docs

Browse source
This commit is contained in:
Stian Thorgersen 2014-02-18 10:36:58 +00:00
parent cbb6ec8b2c
commit 7a8b5587d7
4 changed files with 55 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docbook/reference/en/en-US/modules/Overview.xml
View file

@ -2,7 +2,7 @@
<title>Overview</title> <title>Overview</title>
<para> <para>
Keycloak is an SSO solution for web apps and RESTful web services. It is an authentication server where users Keycloak is an SSO solution for web apps, mobile and RESTful web services. It is an authentication server where users
can centrally login, logout, register, and manage their user accounts. The Keycloak admin UI can manage roles can centrally login, logout, register, and manage their user accounts. The Keycloak admin UI can manage roles
and role mappings for any application secured by Keycloak. The Keycloak Server can also be used to perform and role mappings for any application secured by Keycloak. The Keycloak Server can also be used to perform
social logins via the user's favorite social media site i.e. Google, Facebook, Twitter etc. social logins via the user's favorite social media site i.e. Google, Facebook, Twitter etc.
@ -20,7 +20,7 @@
</listitem> </listitem>
<listitem> <listitem>
Social Broker. Enable Google, Facebook, Yahoo, Twitter social login with no code required. Social Broker. Enable Google, GitHub, Facebook, Twitter social login with no code required.
</listitem> </listitem>
<listitem> <listitem>
@ -90,7 +90,7 @@
<section> <section>
<title>How Does Security Work in Keycloak?</title> <title>How Does Security Work in Keycloak?</title>
<para> <para>
Keycloak uses <emphasis>access tokens</emphasis>. Access tokens are contains security metadata specifying the Keycloak uses <emphasis>access tokens</emphasis>. Access tokens contains security metadata specifying the
identity of the user as well as the role mappings for that user. The format of these tokens is a Keycloak identity of the user as well as the role mappings for that user. The format of these tokens is a Keycloak
extension to the <ulink url="http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-14">JSON Web Token</ulink> specification. Each realm has a private and public key pair extension to the <ulink url="http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-14">JSON Web Token</ulink> specification. Each realm has a private and public key pair
which it uses to digitally sign the access token using the <ulink url="http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-19">JSON Web Signature</ulink> specification. which it uses to digitally sign the access token using the <ulink url="http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-19">JSON Web Signature</ulink> specification.

4
docbook/reference/en/en-US/modules/adapter-config.xml
View file

@ -149,7 +149,7 @@
<term>bearer-only</term> <term>bearer-only</term>
<listitem> <listitem>
<para> <para>
This tells the adapter to only to bearer token authentication. That is, it will not do This tells the adapter to only do bearer token authentication. That is, it will not do
OAuth 2.0 redirects, but only accept bearer tokens through the OAuth 2.0 redirects, but only accept bearer tokens through the
<literal>Authorization</literal> <literal>Authorization</literal>
header. header.
@ -220,7 +220,7 @@
<para> <para>
This setting is for Java adapters. This is the file path to a Java keystore file. This setting is for Java adapters. This is the file path to a Java keystore file.
Used for outgoing HTTPS communications to the Keycloak server. Client making HTTPS Used for outgoing HTTPS communications to the Keycloak server. Client making HTTPS
requests need a way to verify the host of the server they are talking to. THis is requests need a way to verify the host of the server they are talking to. This is
what the trustore does. The keystore contains one or more trusted what the trustore does. The keystore contains one or more trusted
host certificates or certificate authorities. You can host certificates or certificate authorities. You can
create this truststore by extracting the public certificate of the Keycloak server's SSL create this truststore by extracting the public certificate of the Keycloak server's SSL

9
docbook/reference/en/en-US/modules/openshift.xml
View file

@ -56,15 +56,14 @@
<section> <section>
<title>Next steps</title> <title>Next steps</title>
<para> <para>
The Keycloak servers homepage should show the Keycloak logo and <literal>Welcome to Keycloak</literal>. The Keycloak servers homepage shows the Keycloak logo and <literal>Welcome to Keycloak</literal>.
There should also be a link to the <literal>Administration Console</literal>. Open that and log in using username There is also a link to the <literal>Administration Console</literal>. Open that and log in using username
<literal>admin</literal> and password <literal>admin</literal>. On the first login you should be asked <literal>admin</literal> and password <literal>admin</literal>. On the first login you are required to change the password.
to reset the password.
</para> </para>
<tip> <tip>
<para> <para>
On OpenShift Keycloak has been configured to only accept requests over https. If you try to use http On OpenShift Keycloak has been configured to only accept requests over https. If you try to use http
you should be redirected to https. you will be redirected to https.
</para> </para>
</tip> </tip>
</section> </section>

30
docbook/reference/en/en-US/modules/server-installation.xml
View file

@ -175,7 +175,7 @@ keycloak-war-dist-all-1.0-alpha-1/
</para> </para>
<para> <para>
Besides moving the database config into the central <literal>standalone.xml</literal> configuration file Besides moving the database config into the central <literal>standalone.xml</literal> configuration file
you might want to use a better relational database for Keycloak like Oracle or something. You might also you might want to use a better relational database for Keycloak like PostgreSQL or MySQL. You might also
want to tweak the configuration settings of the datasource. Please see the <ulink url="https://docs.jboss.org/author/display/WFLY8/DataSource+configuration">Wildfly</ulink>, want to tweak the configuration settings of the datasource. Please see the <ulink url="https://docs.jboss.org/author/display/WFLY8/DataSource+configuration">Wildfly</ulink>,
<ulink url="https://docs.jboss.org/author/display/AS71/DataSource+configuration">JBoss AS7</ulink>, <ulink url="https://docs.jboss.org/author/display/AS71/DataSource+configuration">JBoss AS7</ulink>,
or <ulink url="https://docs.jboss.org/author/display/AS71/DataSource+configuration">JBoss EAP 6.x</ulink> documentation on how to do this. or <ulink url="https://docs.jboss.org/author/display/AS71/DataSource+configuration">JBoss EAP 6.x</ulink> documentation on how to do this.
@ -312,24 +312,18 @@ $ keytool -import -alias yourdomain -keystore keycloak.jks -file your-certificat
</para> </para>
<para> <para>
To the <literal>security-realms</literal> element add: To the <literal>security-realms</literal> element add:
<programlisting><![CDATA[] <programlisting><![CDATA[<security-realm name="UndertowRealm">
<security-realm name="UndertowRealm">
<server-identities> <server-identities>
<ssl> <ssl>
<keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="secret" /> <keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="secret" />
</ssl> </ssl>
</server-identities> </server-identities>
</security-realm> </security-realm>]]></programlisting>
]]>
</programlisting>
</para> </para>
<para> <para>
Find the element <literal>&lt;server name="default-server"&gt;</literal> (it's a child element of <literal>&lt;subsystem xmlns="urn:jboss:domain:undertow:1.0"&gt;</literal>) and add: Find the element <literal>&lt;server name="default-server"&gt;</literal> (it's a child element of <literal>&lt;subsystem xmlns="urn:jboss:domain:undertow:1.0"&gt;</literal>) and add:
<programlisting><![CDATA[]<![CDATA[] <programlisting><![CDATA[<https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>
< ]]></programlisting>
<https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>
]]>
</programlisting>
</para> </para>
<para> <para>
Check the <ulink url="https://docs.jboss.org/author/display/WFLY8/Undertow+(web)+subsystem+configuration">Wildfly Undertow</ulink> documentation for more information on fine tuning the socket connections. Check the <ulink url="https://docs.jboss.org/author/display/WFLY8/Undertow+(web)+subsystem+configuration">Wildfly Undertow</ulink> documentation for more information on fine tuning the socket connections.
@ -344,8 +338,7 @@ $ keytool -import -alias yourdomain -keystore keycloak.jks -file your-certificat
Then you need to edit <literal>standalone/configuration/standalone.xml</literal> to enable SSL/HTTPS. Then you need to edit <literal>standalone/configuration/standalone.xml</literal> to enable SSL/HTTPS.
</para> </para>
<para> <para>
<programlisting><![CDATA[] <programlisting><![CDATA[<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="443" /> <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="443" />
<connector name="https" scheme="https" protocol="HTTP/1.1" socket-binding="https" <connector name="https" scheme="https" protocol="HTTP/1.1" socket-binding="https"
enable-lookups="false" secure="true"> enable-lookups="false" secure="true">
@ -353,9 +346,7 @@ $ keytool -import -alias yourdomain -keystore keycloak.jks -file your-certificat
key-alias="localhost" certificate-key-file="${jboss.server.config.dir}/keycloak.jks" /> key-alias="localhost" certificate-key-file="${jboss.server.config.dir}/keycloak.jks" />
</connector> </connector>
... ...
</subsystem> </subsystem>]]></programlisting>
]]>
</programlisting>
</para> </para>
<para> <para>
Check the <ulink url="https://docs.jboss.org/author/display/AS71/SSL+setup+guide">JBoss</ulink> documentation for more information on fine tuning the socket connections. Check the <ulink url="https://docs.jboss.org/author/display/AS71/SSL+setup+guide">JBoss</ulink> documentation for more information on fine tuning the socket connections.
@ -369,8 +360,7 @@ $ keytool -import -alias yourdomain -keystore keycloak.jks -file your-certificat
uncomment out the security constraint. uncomment out the security constraint.
</para> </para>
<para> <para>
<programlisting><![CDATA[] <programlisting><![CDATA[<web-app>
<web-app>
... ...
<security-constraint> <security-constraint>
<web-resource-collection> <web-resource-collection>
@ -380,9 +370,7 @@ $ keytool -import -alias yourdomain -keystore keycloak.jks -file your-certificat
<transport-guarantee>CONFIDENTIAL</transport-guarantee> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint> </user-data-constraint>
</security-constraint> </security-constraint>
</web-app> </web-app>]]></programlisting>
]]>
</programlisting>
</para> </para>
</section> </section>
<section> <section>