Merge remote-tracking branch 'tmp/master'

.gitignore

@@ -31,7 +31,7 @@ catalog.xml
 # Packages #
 ############
 # it's better to unpack these files and commit the raw source
-# git has its own built in compression methods
+# git has its own built-in compression methods
 *.7z
 *.dmg
 *.gz

server_admin/README.adoc

@@ -0,0 +1,9 @@
+
+= Server Administration Guide
+
+image:images/keycloak_logo.png[alt="Keycloak"]
+
+{{book.project.name}} {{book.project.version}}
+
+http://www.keycloak.org
+

server_admin/SUMMARY.adoc

@@ -0,0 +1,109 @@
+= {{book.title}}
+
+. link:topics/overview.adoc[Overview]
+.. link:topics/overview/features.adoc[Features]
+.. link:topics/overview/how.adoc[How Does Security Work?]
+.. link:topics/overview/concepts.adoc[Core Concepts and Terms]
+. link:topics/initialization.adoc[Server Initialization]
+. link:topics/admin-console.adoc[Admin Console]
+.. link:topics/realms/master.adoc[The Master Realm]
+.. link:topics/realms/create.adoc[Creating a New Realm]
+.. link:topics/realms/ssl.adoc[Realm SSL Mode]
+.. link:topics/realms/cache.adoc[Clearing Server Caches]
+.. link:topics/realms/email.adoc[Email Settings]
+.. link:topics/realms/themes.adoc[Themes and Internationalization]
+. link:topics/users.adoc[User Management]
+.. link:topics/users/viewing.adoc[Viewing Users]
+.. link:topics/users/create-user.adoc[Creating New Users]
+.. link:topics/users/attributes.adoc[User Attributes]
+.. link:topics/users/credentials.adoc[Credentials]
+.. link:topics/users/required-actions.adoc[Required Actions]
+.. link:topics/users/impersonation.adoc[Impersonation]
+.. link:topics/users/user-registration.adoc[User Registration]
+... link:topics/users/recaptcha.adoc[Recaptcha Support]
+. link:topics/login-settings.adoc[Login Page Settings]
+.. link:topics/login-settings/forgot-password.adoc[Forgot Password]
+.. link:topics/login-settings/remember-me.adoc[Remember Me]
+. link:topics/authentication.adoc[Authentication]
+.. link:topics/authentication/password-policies.adoc[Password Policies]
+.. link:topics/authentication/otp-policies.adoc[OTP Policies]
+.. link:topics/authentication/flows.adoc[Authentication Flows]
+.. link:topics/authentication/kerberos.adoc[Kerberos]
+. link:topics/sso-protocols.adoc[SSO Protocols]
+.. link:topics/sso-protocols/oidc.adoc[OpenID Connect]
+.. link:topics/sso-protocols/saml.adoc[SAML]
+.. link:topics/sso-protocols/saml-vs-oidc.adoc[OIDC vs. SAML]
+. link:topics/clients.adoc[Managing Clients]
+.. link:topics/clients/client-oidc.adoc[OIDC Clients]
+... link:topics/clients/oidc/confidential.adoc[Confidential Client Credentials]
+... link:topics/clients/oidc/service-accounts.adoc[Service Accounts]
+.. link:topics/clients/client-saml.adoc[SAML Clients]
+... link:topics/clients/saml/idp-initiated-login.adoc[IDP Initiated Login]
+... link:topics/clients/saml/entity-descriptors.adoc[SAML Entity Descriptors]
+.. link:topics/clients/client-link.adoc[Client Links]
+.. link:topics/clients/protocol-mappers.adoc[Token and Assertion Mappings]
+.. link:topics/clients/installation.adoc[Generating Client Adapter Config]
+.. link:topics/clients/client-templates.adoc[Client Templates]
+. link:topics/roles.adoc[Roles]
+.. link:topics/roles/realm-roles.adoc[Realm Roles]
+.. link:topics/roles/client-roles.adoc[Client Roles]
+.. link:topics/roles/composite.adoc[Composite Roles]
+.. link:topics/roles/user-role-mappings.adoc[User Role Mappings]
+... link:topics/roles/user-role-mappings/default-roles.adoc[Default Roles]
+.. link:topics/roles/client-scope.adoc[Client Scope]
+. link:topics/groups.adoc[Groups]
+.. link:topics/groups/groups-vs-roles.adoc[Groups Vs. Roles]
+.. link:topics/groups/default-groups.adoc[Default Groups]
+. link:topics/admin-console-permissions.adoc[Admin Console Access Control and Permissions]
+.. link:topics/admin-console-permissions/master-realm.adoc[Master Realm]
+.. link:topics/admin-console-permissions/per-realm.adoc[Dedicated Realm Admin Consoles]
+. link:topics/realms/keys.adoc[Realm Keys]
+. link:topics/identity-broker.adoc[Identity Brokering]
+.. link:topics/identity-broker/overview.adoc[Brokering Overview]
+.. link:topics/identity-broker/default-provider.adoc[Default Provider]
+.. link:topics/identity-broker/configuration.adoc[General Configuration]
+.. link:topics/identity-broker/social-login.adoc[Social Login]
+... link:topics/identity-broker/social/google.adoc[Google]
+... link:topics/identity-broker/social/facebook.adoc[Facebook]
+... link:topics/identity-broker/social/twitter.adoc[Twitter]
+... link:topics/identity-broker/social/github.adoc[Github]
+... link:topics/identity-broker/social/linked-in.adoc[Linked-In]
+... link:topics/identity-broker/social/microsoft.adoc[Microsoft]
+... link:topics/identity-broker/social/stack-overflow.adoc[Stack Overflow]
+.. link:topics/identity-broker/oidc.adoc[OIDC Providers]
+.. link:topics/identity-broker/saml.adoc[SAML Providers]
+.. link:topics/identity-broker/suggested.adoc[Client Suggested Identity Provider]
+.. link:topics/identity-broker/mappers.adoc[Mapping Claims and Assertions]
+.. link:topics/identity-broker/session-data.adoc[Available User Session Data]
+.. link:topics/identity-broker/first-login-flow.adoc[First Login Flow]
+.. link:topics/identity-broker/tokens.adoc[Retrieving External IDP Tokens]
+. link:topics/sessions.adoc[User Session Management]
+.. link:topics/sessions/administering.adoc[Administering Sessions]
+.. link:topics/sessions/revocation.adoc[Revocation Policies]
+.. link:topics/sessions/timeouts.adoc[Session and Token Timeouts]
+.. link:topics/sessions/offline.adoc[Offline Access]
+. link:topics/user-federation.adoc[User Storage Federation]
+.. link:topics/user-federation/ldap.adoc[LDAP/AD Integration]
+.. link:topics/user-federation/sssd.adoc[SSSD and FreeIPA/IdM Integration]
+.. link:topics/user-federation/custom.adoc[Custom Providers]
+. link:topics/events.adoc[Auditing and Events]
+.. link:topics/events/login.adoc[Login Events]
+.. link:topics/events/admin.adoc[Admin Events]
+. link:topics/export-import.adoc[Export and Import]
+. link:topics/account.adoc[User Account Service]
+. link:topics/threat.adoc[Threat Model Mitigation]
+.. link:topics/threat/brute-force.adoc[Password Guess, Brute Force Attacks]
+.. link:topics/threat/clickjacking.adoc[Clickjacking]
+.. link:topics/threat/ssl.adoc[SSL/HTTPS Requirement]
+.. link:topics/threat/csrf.adoc[CSRF]
+.. link:topics/threat/redirect.adoc[Unspecific Redirect URIs]
+.. link:topics/threat/compromised-tokens.adoc[Compromised Access and Refresh tokens]
+.. link:topics/threat/compromised-codes.adoc[Compromised Access Codes]
+.. link:topics/threat/open-redirect.adoc[Open Redirectors]
+.. link:topics/threat/password-db-compromised.adoc[Password database compromised]
+.. link:topics/threat/scope.adoc[Limiting Scope]
+.. link:topics/threat/sql.adoc[SQL Injection Attacks]
+. link:topics/admin-cli.adoc[Admin CLI]
+{% if book.community %}
+. link:topics/MigrationFromOlderVersions.adoc[Migration from older versions]
+{% endif %}

server_admin/book-product.json

@@ -0,0 +1,37 @@
+{
+  "gitbook": "2.x.x",
+  "structure": {
+    "readme": "README.adoc"
+  },
+  "plugins": [
+    "toggle-chapters",
+    "ungrey",
+    "splitter"
+  ],
+  "variables": {
+    "title": "Server Administration Guide",
+    "project": {
+      "name": "Red Hat Single Sign-On",
+      "version": "7.1.0",
+      "doc_base_url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/",
+      "doc_info_version_url": "7.1-Beta"
+    },
+    "community": false,
+    "product": true,
+    "images": "rhsso-images",
+
+    "developerguide": {
+      "name": "Server Developer Guide",
+      "link": "/single/server-developer-guide/"
+
+    },
+    "installguide": {
+      "name": "Server Installation and Configuration Guide",
+      "link": "/single/server-installation-and-configuration-guide/"
+    },
+    "adapterguide": {
+      "name": "Securing Applications and Services Guide",
+      "link": "/single/securing-applications-and-services-guide/"
+    }
+  }
+}

server_admin/book.json

@@ -0,0 +1,35 @@
+{
+  "gitbook": "2.x.x",
+  "structure": {
+    "readme": "README.adoc"
+  },
+  "plugins": [
+    "toggle-chapters",
+    "ungrey",
+    "splitter"
+  ],
+  "variables": {
+    "title": "Server Administration Guide",
+    "project": {
+      "name": "Keycloak",
+      "version": "SNAPSHOT"
+    },
+    "community": true,
+    "product": false,
+    "images": "keycloak-images",
+
+    "developerguide": {
+      "name": "Server Developer Guide",
+      "link": "https://keycloak.gitbooks.io/server-developer-guide/content/"
+
+    },
+    "installguide": {
+      "name": "Server Installation and Configuration Guide",
+      "link": "https://keycloak.gitbooks.io/server-installation-and-configuration/content/"
+    },
+    "adapterguide": {
+      "name": "Securing Applications and Services Guide",
+      "link": "https://keycloak.gitbooks.io/securing-client-applications-guide/content/"
+    }
+  }
+}

server_admin/build.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+cd $(readlink -f `dirname $0`)
+
+python gitlab-conversion.py
+cd target
+asciidoctor master.adoc

server_admin/buildGuide.sh

@@ -0,0 +1,69 @@
+# Build the guide
+
+# Find the directory name and full path
+CURRENT_GUIDE=${PWD##*/}
+CURRENT_DIRECTORY=$(pwd)
+
+usage(){
+  cat <<EOM
+USAGE: $0 [OPTION]
+
+DESCRIPTION: Build the documentation in this directory.
+
+OPTIONS:
+  -h       Print help.
+
+EOM
+}
+
+while getopts "ht:" c
+ do
+     case "$c" in
+       h)         usage
+                  exit 1;;
+       \?)        echo "Unknown option: -$OPTARG." >&2
+                  usage
+                  exit 1;;
+     esac
+done
+
+if [ ! -d target ]; then
+   echo "You must run 'python gitlab-conversion.py' to convert the content before you run this script."
+   exit
+fi
+
+# Remove the html and build directories and then recreate the html/images/ directory
+if [ -d target/html ]; then
+-   rm -r target/html/
+fi
+if [ -d target/html ]; then
+   rm -r target/html/
+fi
+
+mkdir -p html
+cp -r target/images/ target/html/
+
+echo ""
+echo "********************************************"
+echo " Building $CURRENT_GUIDE                "
+echo "********************************************"
+echo ""
+echo "Building an asciidoctor version of the guide"
+asciidoctor -t -dbook -a toc -o target/html/$CURRENT_GUIDE.html target/master.adoc
+
+echo ""
+echo "Building a ccutil version of the guide"
+ccutil compile --lang en_US --format html-single --main-file target/master.adoc
+
+cd ..
+
+echo "View the asciidoctor build here: " file://$CURRENT_DIRECTORY/target/html/$CURRENT_GUIDE.html
+
+if [ -d  $CURRENT_DIRECTORY/build/tmp/en-US/html-single/ ]; then
+  echo "View the ccutil build here: " file://$CURRENT_DIRECTORY/build/tmp/en-US/html-single/index.html
+  exit 0
+else
+  echo -e "${RED}Build using ccutil failed!"
+  echo -e "${BLACK}See the log above for details."
+  exit 1
+fi

server_admin/gitlab-conversion.py

@@ -0,0 +1,113 @@
+import sys, os, re, json, shutil, errno
+
+def transform(root, f, targetdir):
+    full = os.path.join(root, f)
+    input = open(full, 'r').read()
+    dir = os.path.join(targetdir, root)
+    if not os.path.exists(dir):
+        os.makedirs(dir)
+    output = open(os.path.join(dir, f), 'w')
+    input = applyTransformation(input)
+    output.write(input)
+
+
+def applyTransformation(input):
+    for variable in re.findall(r"\{\{(.*?)\}\}", input):
+        tmp = variable.replace('.', '_')
+        input = input.replace(variable, tmp)
+    input = input.replace('{{', '{').replace('}}', '}')
+    input = re.sub(r"<<fake.+#", "<<", input)
+    for variable in re.findall(r"[ ]*{% if (.*?) %}", input):
+        tmp = variable.replace('.', '_')
+        input = input.replace(variable, tmp)
+    exp = re.compile("[ ]*{% if (.*?) %}(.*?)[ ]*{% endif %}", re.DOTALL)
+    input = re.sub(exp, "ifeval::[{\g<1>}==true]\g<2>endif::[]", input)
+    input = re.sub(r"image:(\.\./)*", "image:", input)
+    input = re.sub(r"image::(\.\./)*", "image::", input)
+    return input
+
+
+indir = 'topics'
+targetdir = 'target'
+if len(sys.argv) > 1:
+    targetdir = sys.argv[1]
+
+if os.path.exists(targetdir):
+    shutil.rmtree(targetdir)
+
+if os.path.isdir('images'):
+    shutil.copytree('images',os.path.join(targetdir, 'images'))
+if os.path.isdir('keycloak-images'):
+    shutil.copytree('keycloak-images',os.path.join(targetdir, 'keycloak-images'))
+if os.path.isdir('rhsso-images'):
+    shutil.copytree('rhsso-images',os.path.join(targetdir, 'rhsso-images'))
+
+shutil.copyfile('metadata.ini', os.path.join(targetdir, 'metadata.ini'));
+shutil.copyfile('master-docinfo.xml', os.path.join(targetdir, 'master-docinfo.xml'));
+
+tmp = os.path.join(targetdir, 'topics')
+if not os.path.exists(tmp):
+    os.makedirs(tmp)
+
+# transform files
+for root, dirs, filenames in os.walk(indir):
+    for f in filenames:
+        transform(root,f,targetdir)
+
+# Create master.doc includes
+input = open('SUMMARY.adoc', 'r').read()
+output = open(os.path.join(targetdir, 'master.adoc'), 'w')
+
+output.write("""
+:toc:
+:toclevels: 3
+:numbered:
+
+include::document-attributes.adoc[]
+""")
+
+input = re.sub(r"[ ]*\.+\s*link:(.*)\[(.*)\]", "include::\g<1>[]", input)
+input = applyTransformation(input)
+output.write(input)
+
+# parse book-product.json file and create document attributes
+with open('book-product.json') as data_file:
+    data = json.load(data_file)
+
+variables = data['variables']
+
+def makeAttributes(variables, variable, list):
+    for i in variables.keys():
+        if variable is None:
+            tmp = i
+        else:
+            tmp = variable + '_' + i
+        if isinstance(variables[i],dict):
+            makeAttributes(variables[i], tmp, list)
+        elif isinstance(variables[i],bool):
+            boolval = 'false'
+            if variables[i]:
+                boolval = 'true'
+            list.append({tmp: boolval})
+        else:
+            list.append({tmp: str(variables[i])})
+
+
+attributeList = []
+makeAttributes(variables, None, attributeList)
+
+output = open(os.path.join(targetdir, 'document-attributes.adoc'), 'w')
+for attribute in attributeList:
+    for k in attribute.keys():
+        output.write(':book_' + k + ": " + attribute[k] + "\n")
+
+print "Transformation complete!"
+
+
+
+
+
+
+
+
+