Updating authorization_services for new admin console (#1572)

Closes #1570

authorization_services/.asciidoctorconfig

@@ -1 +0,0 @@
-:imagesdir: {asciidoctorconfigdir}

authorization_services/topics/hello-world-create-realm.adoc

@@ -14,13 +14,24 @@ image:{project_images}/getting-started/hello-world/create-realm.png[alt="Realm h
 +
 The user list page displays where you can create a user.
 
+ifeval::[{project_community}==true]
+. Click *Create user*.
+endif::[]
+ifeval::[{project_product}==true]
 . Click *Add User*.
+endif::[]
 
 . Complete the *Username*, *Email*, *First Name*, and *Last Name* fields.
 
-. Toggle *User Enabled* to *ON*
+. Toggle *User Enabled* to *ON*.
 
+ifeval::[{project_community}==true]
+. Click *Create*.
+endif::[]
+ifeval::[{project_product}==true]
 . Click *Save*.
+endif::[]
+
 +
 .Add User
 image:{project_images}/getting-started/hello-world/create-user.png[alt="Add User"]
@@ -30,6 +41,12 @@ image:{project_images}/getting-started/hello-world/create-user.png[alt="Add User
 .Set user password
 image:{project_images}/getting-started/hello-world/reset-user-pwd.png[alt="Set user password"]
 
-. Complete the *New Password* and *Password Confirmation* fields with a password and click the *Temporary* switch to *OFF*.
+. Complete the *New Password* and *Password Confirmation* fields and toggle *Temporary* to *OFF*.
 
+ifeval::[{project_community}==true]
+. Click *Save*.
+. Click *Save password*.
+endif::[]
+ifeval::[{project_product}==true]
 . Click *Set Password* to set the user's password.
+endif::[]

authorization_services/topics/hello-world-create-resource-server.adoc

@@ -5,20 +5,36 @@ You can enable authorization services in an existing client application configur
 
 .Procedure
 
-. Click *Clients* to start creating a client application.
+. Click *Clients* in the menu.
 
+ifeval::[{project_community}==true]
+. Fill in the *Client type*.
+endif::[]
+ifeval::[{project_product}==true]
 . Fill in the *Client ID*, *Client Protocol*, and *Root URL* fields.
+endif::[]
+
+ifeval::[{project_community}==true]
+. Click *Next*.
+. Toggle *Client authentication* to *ON*.
+. Toggle *Authorization* to *ON*.
+. Click *Save*.
+. Scroll down to the *Capability config* section.
+. Fill in the *Root URL* field.
+. Click *Save*.
+endif::[]
+
 +
 .Create client application
 image:{project_images}/getting-started/hello-world/create-client.png[alt="Create client application"]
 
+ifeval::[{project_product}==true]
 . Click *Save*.
 +
 The Client Settings page is displayed.
-
 . Select *confidential* in the *Access Type* field and toggle *Authorization Enabled* to *ON*
-
 . Click *Save*.
+endif::[]
 +
 A new *Authorization* tab is displayed for the client.
 +

authorization_services/topics/hello-world-deploy.adoc

@@ -48,9 +48,14 @@ You must first obtain the adapter configuration before building and deploying th
 .Client Settings
 image:{project_images}/getting-started/hello-world/enable-authz.png[alt="Client Settings"]
 
+ifeval::[{project_community}==true]
+. From the *Action* list, select *Download adapter config*.
+endif::[]
+ifeval::[{project_product}==true]
 . Click the *Installation* tab.
+endif::[]
 
-. From the Format Option item list, select *Keycloak OIDC JSON*.
+. From the Format Option list, select *Keycloak OIDC JSON*.
 +
 The adapter configuration is displayed in JSON format.
 

authorization_services/topics/permission-create-resource.adoc

@@ -3,7 +3,12 @@
 
 A resource-based permission defines a set of one or more resources to protect using a set of one or more authorization policies.
 
+ifeval::[{project_community}==true]
+To create a new resource-based permission, select *Create resource-based permission* from the *Create permission* dropdown.
+endif::[]
+ifeval::[{project_product}==true]
 To create a new resource-based permission, select *Resource-based* in the item list in the upper right corner of the permission listing.
+endif::[]
 
 .Add Resource Permission
 image:{project_images}/permission/create-resource.png[alt="Add Resource Permission"]
@@ -32,7 +37,12 @@ Defines the resource type to protect. When defined, this permission is evaluated
 +
 Defines a set of one or more resources to protect.
 
+ifeval::[{project_community}==true]
+* *Policy*
+endif::[]
+ifeval::[{project_product}==true]
 * *Apply Policy*
+endif::[]
 +
 Defines a set of one or more policies to associate with a permission. To associate a policy you can either select an existing policy
 or create a new one by selecting the type of the policy you want to create.

authorization_services/topics/permission-create-scope.adoc

@@ -3,7 +3,12 @@
 
 A scope-based permission defines a set of one or more scopes to protect using a set of one or more authorization policies. Unlike resource-based permissions, you can use this permission type to create permissions not only for a resource, but also for the scopes associated with it, providing more granularity when defining the permissions that govern your resources and the actions that can be performed on them.
 
+ifeval::[{project_community}==true]
+To create a new scope-based permission, select *Create scope-based permission* from the *Create permission* dropdown.
+endif::[]
+ifeval::[{project_product}==true]
 To create a new scope-based permission, select *Scope-based* in the item list in the upper right corner of the permission listing.
+endif::[]
 
 .Add Scope Permission
 image:{project_images}/permission/create-scope.png[alt="Add Scope Permission"]
@@ -27,7 +32,12 @@ Restricts the scopes to those associated with the selected resource. If none is
 +
 Defines a set of one or more scopes to protect.
 
+ifeval::[{project_community}==true]
+* *Policy*
+endif::[]
+ifeval::[{project_product}==true]
 * *Apply Policy*
+endif::[]
 +
 Defines a set of one or more policies to associate with a permission. To associate a policy you can either select an existing policy
 or create a new one by selecting the type of the policy you want to create.

authorization_services/topics/policy-aggregated-policy.adoc

@@ -3,7 +3,12 @@
 
 As mentioned previously, {project_name} allows you to build a policy of policies, a concept referred to as policy aggregation. You can use policy aggregation to reuse existing policies to build more complex ones and keep your permissions even more decoupled from the policies that are evaluated during the processing of authorization requests.
 
+ifeval::[{project_community}==true]
+To create a new aggregated policy, select *Aggregated* from the policy type list.
+endif::[]
+ifeval::[{project_product}==true]
 To create a new aggregated policy, select *Aggregated* in the item list located in the right upper corner of the policy listing.
+endif::[]
 
 .Add an aggregated policy
 image:{project_images}/policy/create-aggregated.png[alt="Add aggregated policy"]

authorization_services/topics/policy-client-policy.adoc

@@ -3,10 +3,15 @@
 
 You can use this type of policy to define conditions for your permissions where a set of one or more clients is permitted to access an object.
 
+ifeval::[{project_community}==true]
+To create a new client-based policy, select *Client* from the policy type list.
+endif::[]
+ifeval::[{project_product}==true]
 To create a new client-based policy, select *Client* in the item list in the upper right corner of the policy listing.
+endif::[]
 
 .Add a Client Policy
-image:images/policy/create-client.png[alt="Add a Client Policy"]
+image:{project_images}/policy/create-client.png[alt="Add a Client Policy"]
 
 == Configuration
 
@@ -21,7 +26,7 @@ A string containing details about this policy.
 +
 * *Clients*
 +
-Specifies which clients are given access by this policy.
+Specifies which clients have givenGroup-based policy access by this policy.
 +
 * *Logic*
 +

authorization_services/topics/policy-client-scope-policy-required-client-scope.adoc

@@ -4,7 +4,7 @@
 When creating a client scope-based policy, you can specify a specific client scope as `Required`. When you do that, the policy will grant access only if the client requesting access has been granted *all* the *required* client scopes.
 
 .Example of required client scope
-image:images/policy/create-client-scope.png[alt="Example of required client scope"]
+image:{project_images}/policy/create-client-scope.png[alt="Example of required client scope"]
 
 To specify a client scope as required, select the `Required` checkbox for the client scope you want to configure as required.
 

authorization_services/topics/policy-client-scope-policy.adoc

@@ -5,10 +5,15 @@ You can use this type of policy to define conditions for your permissions where
 
 By default, client scopes added to this policy are not specified as required and the policy will grant access if the client requesting access has been granted any of these client scopes. However, you can specify a specific client scope as <<_policy_client_scope_required, required>> if you want to enforce a specific client scope.
 
+ifeval::[{project_community}==true]
+To create a new client scope-based policy, select *Client Scope* from the policy type list.
+endif::[]
+ifeval::[{project_product}==true]
 To create a new client scope-based policy, select *Client Scope* in the item list in the upper right corner of the policy listing.
+endif::[]
 
 .Add Client Scope Policy
-image:images/policy/create-client-scope.png[alt="Add Client Scope Policy"]
+image:{project_images}/policy/create-client-scope.png[alt="Add Client Scope Policy"]
 
 == Configuration
 

authorization_services/topics/policy-group-policy.adoc

@@ -3,7 +3,12 @@
 
 You can use this type of policy to define conditions for your permissions where a set of one or more groups (and their hierarchies) is permitted to access an object.
 
+ifeval::[{project_community}==true]
+To create a new group-based policy, select *Group* from the policy type list.
+endif::[]
+ifeval::[{project_product}==true]
 To create a new group-based policy, select *Group* in the item list in the upper right corner of the policy listing.
+endif::[]
 
 Group Policy
 image:{project_images}/policy/create-group.png[alt="Add Group Policy"]

authorization_services/topics/policy-overview.adoc

@@ -12,6 +12,12 @@ image:{project_images}/policy/view.png[alt="Policies"]
 +
 On this tab, you can view the list of previously created policies as well as create and edit a policy.
 
+ifeval::[{project_community}==true]
+. To create a new policy, click *Create policy*, then select a policy type from the list.
+endif::[]
+ifeval::[{project_product}==true]
 . To create a new policy, select a policy type from the *Create policy* item list in the upper right corner.
+endif::[]
+
 +
 Details about each policy type are described in this section.

authorization_services/topics/policy-regex-policy.adoc

@@ -3,10 +3,15 @@
 
 You can use this type of policy to define regex conditions for your permissions.
 
+ifeval::[{project_community}==true]
+To create a new regex-based policy, select *Regex* from the policy type list.
+endif::[]
+ifeval::[{project_product}==true]
 To create a new regex-based policy, select *Regex* in the item list in the upper right corner of the policy listing.
+endif::[]
 
 .Add Regex Policy
-image:images/policy/create-regex.png[alt="Add Regex Policy"]
+image:{project_images}/policy/create-regex.png[alt="Add Regex Policy"]
 
 == Configuration
 

authorization_services/topics/policy-role-policy.adoc

@@ -7,7 +7,12 @@ By default, roles added to this policy are not specified as required and the pol
 
 Role policies can be useful when you need more restricted role-based access control (RBAC), where specific roles must be enforced to grant access to an object. For instance, you can enforce that a user must consent to allowing a client application (which is acting on the user's behalf) to access the user's resources. You can use {project_name} Client Scope Mapping to enable consent pages or even enforce clients to explicitly provide a scope when obtaining access tokens from a {project_name} server.
 
+ifeval::[{project_community}==true]
+To create a new role-based policy, select *Role* from the policy type list.
+endif::[]
+ifeval::[{project_product}==true]
 To create a new role-based policy, select *Role* in the item list in the upper right corner of the policy listing.
+endif::[]
 
 .Add Role Policy
 image:{project_images}/policy/create-role.png[alt="Add Role Policy"]

authorization_services/topics/policy-time-policy.adoc

@@ -19,6 +19,15 @@ can identify them more easily.
 +
 A string containing details about this policy.
 +
+ifeval::[{project_community}==true]
+* *Start time*
++
+Defines the time before which access must *not* be granted. Permission is granted only if the current date/time is later than or equal to this value.
+* *Expire time*
++
+Defines the time after which access must *not* be granted. Permission is granted only if the current date/time is earlier than or equal to this value.
+endif::[]
+ifeval::[{project_product}==true]
 * *Not Before*
 +
 Defines the time before which access must *not* be granted. Permission is granted only if the current date/time is later than or equal to this value.
@@ -27,27 +36,27 @@ Defines the time before which access must *not* be granted. Permission is grante
 * *Not On or After*
 +
 Defines the time after which access must *not* be granted. Permission is granted only if the current date/time is earlier than or equal to this value.
-+
+endif::[]
+
+ifeval::[{project_community}==true]
+Select *Repeat* to repeat access being granted on a specific *Day of Month*, *Month*, *Year*, *Hour* or *Minute*.
+endif::[]
+
 * *Day of Month*
 +
 Defines the day of month that access must be granted. You can also specify a range of dates. In this case, permission is granted only if the current day of the month is between or equal to the two values specified.
-+
 * *Month*
 +
 Defines the month that access must be granted. You can also specify a range of months. In this case, permission is granted only if the current month is between or equal to the two values specified.
-+
 * *Year*
 +
 Defines the year that access must be granted. You can also specify a range of years. In this case, permission is granted only if the current year is between or equal to the two values specified.
-+
 * *Hour*
 +
 Defines the hour that access must be granted. You can also specify a range of hours. In this case, permission is granted only if current hour is between or equal to the two values specified.
-+
 * *Minute*
 +
 Defines the minute that access must be granted. You can also specify a range of minutes. In this case, permission is granted only if the current minute is between or equal to the two values specified.
-+
 * *Logic*
 +
 The logic of this policy to apply after the other conditions have been evaluated.

authorization_services/topics/resource-create.adoc

@@ -4,7 +4,12 @@
 Creating a resource is straightforward and generic. Your main concern is the granularity of the resources you create. In other words, resources can
 be created to represent a set of one or more resources and the way you define them is crucial to managing permissions.
 
+ifeval::[{project_community}==true]
+To create a new resource, click *Create resource*.
+endif::[]
+ifeval::[{project_product}==true]
 To create a new resource, click *Create* in the right upper corner of the resource listing.
+endif::[]
 
 .Add resource
 image:{project_images}/resource/create.png[alt="Add resource"]

authorization_services/topics/resource-server-create-client.adoc

@@ -8,14 +8,24 @@ The first step to enable {project_name} Authorization Services is to create the
 . Click *Clients*.
 +
 .Clients
-image:{project_images}/resource-server/client-list.png[alt="Clients"]
+image:{project_images}/resource-server/client-list.png[Clients]
 
+ifeval::[{project_community}==true]
+. On this page, click *Create client*.
+endif::[]
+ifeval::[{project_product}==true]
 . On this page, click *Create*.
+endif::[]
 +
 .Add Client
-image:{project_images}/resource-server/client-create.png[alt="Add Client"]
+image:{project_images}/resource-server/client-create.png[Add Client]
 
 . Type the `Client ID` of the client. For example, _my-resource-server_.
+ifeval::[{project_community}==true]
+. Click *Next*.
+. Toggle *Client authentication* to ON.
+. Click *Save*.
+endif::[]
 . Type the `Root URL` for your application. For example:
 +
 ```

authorization_services/topics/resource-server-enable-authorization.adoc

@@ -1,10 +1,23 @@
 [[_resource_server_enable_authorization]]
 = Enabling authorization services
 
-To turn your OIDC Client Application into a resource server and enable fine-grained authorization, select *Access type* *confidential* and click the *Authorization Enabled* switch to *ON* then click *Save*.
+ifeval::[{project_community}==true]
+You can turn your OIDC client into a resource server and enable fine-grained authorization.
 
+ .Procedure
+  . Toggle *Authorization Enabled* to *ON*.
+  . Click *Save*.
+endif::[]
+ifeval::[{project_product}==true]
+You can now turn your OIDC client into a resource server and enable fine-grained authorization.
+ .Procedure
+  . Set *Access type* to *confidential*.
+  . Toggle *Authorization Enabled* to *ON*.
+  . Click *Save*.
+endif::[]
++
 .Enabling authorization services
-image:{project_images}/resource-server/client-enable-authz.png[alt="Enabling authorization services"]
+image:{project_images}/resource-server/client-enable-authz.png[Enabling authorization services]
 
 A new Authorization tab is displayed for this client. Click the *Authorization* tab and a page similar to the following is displayed:
 

authorization_services/topics/resource-server-import-config.adoc

@@ -11,12 +11,18 @@ The configuration settings for a resource server (or client) can be exported and
 
 .Procedure
 
-. Navigate to the *Resource Server Settings* page.
-. Click the *Export Settings* tab.
-. On this page, click *Export*.
+. Click *Clients* in the menu.
+. Click the client you created as a resource server.
+ifeval::[{project_community}==true]
+. Click the *Export* tab.
+endif::[]
+ifeval::[{project_product}==true]
+. Click *Clients* in the menu.
+. Click the client you created as a resource server.
+endif::[]
 +
 .Export Settings
-image:{project_images}/resource-server/authz-export.png[alt="Export Settings"]
+image:{project_images}/resource-server/authz-export.png[Export Settings]
 
 The configuration file is exported in JSON format and displayed in a text area, from which you can copy and paste. You can also click *Download* to download the configuration file and save it.
 
@@ -29,6 +35,11 @@ You can import a configuration file for a resource server.
 . Navigate to the *Resource Server Settings* page.
 +
 .Import Settings
-image:{project_images}/resource-server/authz-settings.png[alt="Import Settings"]
+image:{project_images}/resource-server/authz-settings.png[Import Settings]
 
+ifeval::[{project_community}==true]
+. Click *Import* and choose a file containing the configuration that you want to import.
+endif::[]
+ifeval::[{project_product}==true]
 . Click *Select file* and choose a file containing the configuration that you want to import.
+endif::[]