diff --git a/docs/documentation/aggregation/pom.xml b/docs/documentation/aggregation/pom.xml
index af92b7cdde..778c61ef0e 100644
--- a/docs/documentation/aggregation/pom.xml
+++ b/docs/documentation/aggregation/pom.xml
@@ -26,12 +26,6 @@
${project.version}
pom
-
- org.keycloak.documentation
- securing-apps
- ${project.version}
- pom
-
org.keycloak.documentation
server-admin
@@ -107,22 +101,6 @@
-
- copy-securing_apps
- process-resources
-
- copy-resources
-
-
- ${project.build.outputDirectory}/securing_apps/
-
-
- ../securing_apps/target/generated-docs
- **/**
-
-
-
-
copy-server_admin
process-resources
diff --git a/docs/documentation/aggregation/src/index.html b/docs/documentation/aggregation/src/index.html
index d5de0085c5..91ee2109e8 100644
--- a/docs/documentation/aggregation/src/index.html
+++ b/docs/documentation/aggregation/src/index.html
@@ -34,7 +34,6 @@ li a:hover {
- - Securing Apps
- Server Admin
- Server Development
- Authorization Services
diff --git a/docs/documentation/build-auto.sh b/docs/documentation/build-auto.sh
index 35a1dd55a2..308c2924b9 100755
--- a/docs/documentation/build-auto.sh
+++ b/docs/documentation/build-auto.sh
@@ -3,7 +3,7 @@
OPTS=$1
while true; do
- CHANGED=`inotifywait -r -e modify,move,create,delete authorization_services getting_started securing_apps server_admin server_development server_installation upgrading --format %w`
+ CHANGED=`inotifywait -r -e modify,move,create,delete authorization_services getting_started server_admin server_development server_installation upgrading --format %w`
GUIDE=`echo $CHANGED | cut -d '/' -f 1`
mvn clean install -f $GUIDE $OPTS
done
diff --git a/docs/documentation/pom.xml b/docs/documentation/pom.xml
index aae4b5da34..24fe1917d0 100644
--- a/docs/documentation/pom.xml
+++ b/docs/documentation/pom.xml
@@ -35,7 +35,6 @@
header-maven-plugin
api_documentation
authorization_services
- securing_apps
server_admin
server_development
release_notes
diff --git a/docs/documentation/release_notes/topics/23_0_0.adoc b/docs/documentation/release_notes/topics/23_0_0.adoc
index 4d5d34cfdd..63db11f55a 100644
--- a/docs/documentation/release_notes/topics/23_0_0.adoc
+++ b/docs/documentation/release_notes/topics/23_0_0.adoc
@@ -95,7 +95,7 @@ It is being replaced by the Elytron OIDC adapter,which is included in WildFly, a
The SAML adapter for WildFly and JBoss EAP is no longer distributed as a ZIP download, but rather a Galleon feature pack,
making it easier and more seamless to install.
-See the link:{adapterguide_link}[{adapterguide_name}] for the details.
+See the link:{securing_apps_link}[{securing_apps_name}] for the details.
endif::[]
diff --git a/docs/documentation/securing_apps/.asciidoctorconfig b/docs/documentation/securing_apps/.asciidoctorconfig
deleted file mode 100644
index 16c70ad6ae..0000000000
--- a/docs/documentation/securing_apps/.asciidoctorconfig
+++ /dev/null
@@ -1,2 +0,0 @@
-// show images in the preview when using an IDE like IntelliJ
-:imagesdir: {asciidoctorconfigdir}
\ No newline at end of file
diff --git a/docs/documentation/securing_apps/docinfo-footer.html b/docs/documentation/securing_apps/docinfo-footer.html
deleted file mode 120000
index a39d3bd0f6..0000000000
--- a/docs/documentation/securing_apps/docinfo-footer.html
+++ /dev/null
@@ -1 +0,0 @@
-../aggregation/navbar.html
\ No newline at end of file
diff --git a/docs/documentation/securing_apps/docinfo.html b/docs/documentation/securing_apps/docinfo.html
deleted file mode 120000
index 14514f94d2..0000000000
--- a/docs/documentation/securing_apps/docinfo.html
+++ /dev/null
@@ -1 +0,0 @@
-../aggregation/navbar-head.html
\ No newline at end of file
diff --git a/docs/documentation/securing_apps/images/keycloak_logo.png b/docs/documentation/securing_apps/images/keycloak_logo.png
deleted file mode 100644
index 4883f52302..0000000000
Binary files a/docs/documentation/securing_apps/images/keycloak_logo.png and /dev/null differ
diff --git a/docs/documentation/securing_apps/index.adoc b/docs/documentation/securing_apps/index.adoc
deleted file mode 100644
index 1540014600..0000000000
--- a/docs/documentation/securing_apps/index.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-:toc:
-:toclevels: 3
-:numbered:
-:linkattrs:
-
-include::topics/templates/document-attributes.adoc[]
-
-:secure_applications_and_services_guide:
-
-= {adapterguide_name}
-
-:release_header_guide: {adapterguide_name_short}
-:release_header_latest_link: {adapterguide_link_latest}
-include::topics/templates/release-header.adoc[]
-
-include::topics.adoc[]
\ No newline at end of file
diff --git a/docs/documentation/securing_apps/pom.xml b/docs/documentation/securing_apps/pom.xml
deleted file mode 100644
index 6d8dce060e..0000000000
--- a/docs/documentation/securing_apps/pom.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-
-
- 4.0.0
-
-
- org.keycloak.documentation
- documentation-parent
- 999.0.0-SNAPSHOT
- ../pom.xml
-
-
- Securing Applications and Services
- securing-apps
- pom
-
-
-
-
- org.keycloak.documentation
- header-maven-plugin
-
-
- add-file-headers
-
-
-
-
- org.asciidoctor
- asciidoctor-maven-plugin
-
-
- asciidoc-to-html
-
-
-
-
- maven-antrun-plugin
-
-
- echo-output
-
-
-
-
-
-
diff --git a/docs/documentation/securing_apps/topics.adoc b/docs/documentation/securing_apps/topics.adoc
deleted file mode 100644
index bacdcda71f..0000000000
--- a/docs/documentation/securing_apps/topics.adoc
+++ /dev/null
@@ -1,17 +0,0 @@
-include::topics/overview/overview.adoc[]
-
-include::topics/overview/basic-steps.adoc[]
-
-include::topics/overview/getting-started.adoc[]
-
-include::topics/overview/terminology.adoc[]
-
-include::topics/oidc/oidc-overview.adoc[]
-
-include::topics/saml/saml-overview.adoc[]
-ifeval::[{project_product}==true]
-include::topics/saml/java/java-adapters-product.adoc[]
-endif::[]
-include::topics/saml/saml-errors.adoc[]
-
-
diff --git a/docs/documentation/securing_apps/topics/oidc/oidc-overview.adoc b/docs/documentation/securing_apps/topics/oidc/oidc-overview.adoc
deleted file mode 100644
index 6b566c7978..0000000000
--- a/docs/documentation/securing_apps/topics/oidc/oidc-overview.adoc
+++ /dev/null
@@ -1,4 +0,0 @@
-[[_oidc]]
-== Using OpenID Connect to secure applications and services
-
-This section describes how you can secure applications and services with OpenID Connect using {project_name}.
diff --git a/docs/documentation/securing_apps/topics/saml/saml-overview.adoc b/docs/documentation/securing_apps/topics/saml/saml-overview.adoc
deleted file mode 100644
index 59cd9c535b..0000000000
--- a/docs/documentation/securing_apps/topics/saml/saml-overview.adoc
+++ /dev/null
@@ -1,5 +0,0 @@
-
-[[_saml]]
-== Using SAML to secure applications and services
-
-This section describes how you can secure applications and services with SAML using either {project_name} client adapters or generic SAML provider libraries.
\ No newline at end of file
diff --git a/docs/documentation/securing_apps/topics/templates b/docs/documentation/securing_apps/topics/templates
deleted file mode 120000
index d191264115..0000000000
--- a/docs/documentation/securing_apps/topics/templates
+++ /dev/null
@@ -1 +0,0 @@
-../../topics/templates
\ No newline at end of file
diff --git a/docs/documentation/server_admin/topics/authentication/authentication-sessions.adoc b/docs/documentation/server_admin/topics/authentication/authentication-sessions.adoc
index 36345b106a..bde07e7b93 100644
--- a/docs/documentation/server_admin/topics/authentication/authentication-sessions.adoc
+++ b/docs/documentation/server_admin/topics/authentication/authentication-sessions.adoc
@@ -19,7 +19,7 @@ authentication factor than the currently authenticated factor.
In some rare cases, it can happen that after authentication in the first browser tab, other browser tabs are not able to restart authentication because the authentication session is already
expired. In this case, the particular browser tab will redirect the error about the expired authentication session back to the client in a protocol specific way. For more details, see the corresponding sections
-of *OIDC documentation* in the link:{securing_apps_link}[securing apps] section and link:{adapterguide_link}#_saml-errors[SAML documentation]. When the client application receives such an error, it can immediately resubmit the OIDC/SAML authentication request to {project_name} as
+of *OIDC documentation* in the link:{securing_apps_link}[securing apps] section. When the client application receives such an error, it can immediately resubmit the OIDC/SAML authentication request to {project_name} as
this should usually automatically authenticate the user due to the existing SSO session as described earlier. As a result, the end user is authenticated automatically in all browser tabs.
-The *Keycloak JavaScript adapter* in the link:{securing_apps_link}[securing apps] section, link:{adapterguide_link}#_saml[{project_name} SAML adapter], and <<_identity_broker, {project_name} Identity provider>>
+The *Keycloak JavaScript adapter* in the link:{securing_apps_link}[securing apps] section, and <<_identity_broker, {project_name} Identity provider>>
support to handle this error automatically and retry the authentication to the {project_name} server in such a case.
diff --git a/docs/documentation/server_admin/topics/clients/client-policies.adoc b/docs/documentation/server_admin/topics/clients/client-policies.adoc
index 97d9202dea..c40923e340 100644
--- a/docs/documentation/server_admin/topics/clients/client-policies.adoc
+++ b/docs/documentation/server_admin/topics/clients/client-policies.adoc
@@ -37,8 +37,8 @@ Conformance to a required security standards and profiles such as FAPI and OAuth
== Protocol
-The client policy concept is independent of any specific protocol. {project_name} currently supports especially client profiles for the link:{securing_apps_link}[OpenID Connect (OIDC) protocol], but there is
-also a client profile available for the link:{adapterguide_link}#_saml[SAML protocol].
+The client policy concept is independent of any specific protocol. {project_name} currently supports especially client profiles for the link:{adminguide_link}#con-oidc_server_administration_guide[OpenID Connect (OIDC) protocol], but there is
+also a client profile available for the link:{adminguide_link}#_saml[SAML protocol].
== Architecture
diff --git a/docs/documentation/server_admin/topics/clients/oidc/con-basic-settings.adoc b/docs/documentation/server_admin/topics/clients/oidc/con-basic-settings.adoc
index 4a35b8c290..da3ada2e2a 100644
--- a/docs/documentation/server_admin/topics/clients/oidc/con-basic-settings.adoc
+++ b/docs/documentation/server_admin/topics/clients/oidc/con-basic-settings.adoc
@@ -38,11 +38,11 @@ This option handles link:https://fetch.spec.whatwg.org/[Cross-Origin Resource Sh
If browser JavaScript attempts an AJAX HTTP request to a server whose domain is different from the one that the
JavaScript code came from, the request must use CORS. The server must handle CORS requests, otherwise the browser will not display or allow the request to be processed. This protocol protects against XSS, CSRF, and other JavaScript-based attacks.
+
-Domain URLs listed here are embedded within the access token sent to the client application. The client application uses this information to decide whether to allow a CORS request to be invoked on it. Only {project_name} client adapters support this feature. See link:{adapterguide_link}[{adapterguide_name}] for more information.
+Domain URLs listed here are embedded within the access token sent to the client application. The client application uses this information to decide whether to allow a CORS request to be invoked on it. Only {project_name} client adapters support this feature. See link:{securing_apps_link}[{securing_apps_name}] for more information.
[[_admin-url]]
Admin URL:: Callback endpoint for a client. The server uses this URL to make callbacks like pushing revocation policies, performing backchannel logout, and other administrative operations. For {project_name} servlet adapters, this URL can be the root URL of the servlet application.
-For more information, see link:{adapterguide_link}[{adapterguide_name}].
+For more information, see link:{securing_apps_link}[{securing_apps_name}].
== Capability Config
[[_access-type]]
diff --git a/docs/documentation/server_development/topics/admin-rest-api.adoc b/docs/documentation/server_development/topics/admin-rest-api.adoc
index 37e74ad85e..17c4c5fc2a 100644
--- a/docs/documentation/server_development/topics/admin-rest-api.adoc
+++ b/docs/documentation/server_development/topics/admin-rest-api.adoc
@@ -97,5 +97,4 @@ endif::[]
=== Additional resources
[role="_additional-resources"]
* {adminguide_link}[{adminguide_name}]
-* {adapterguide_link}[{adapterguide_name}]
* {apidocs_link}[{apidocs_name}]
diff --git a/docs/documentation/server_development/topics/auth-spi.adoc b/docs/documentation/server_development/topics/auth-spi.adoc
index 509c244837..9542a63cda 100644
--- a/docs/documentation/server_development/topics/auth-spi.adoc
+++ b/docs/documentation/server_development/topics/auth-spi.adoc
@@ -1194,7 +1194,7 @@ or during `Service account` authentication (represented by OAuth2 `Client Creden
[role="_additional-resource"]
.Additional resources
-* For more details about {project_name} adapter and OAuth2 flows see link:{adapterguide_link}[{adapterguide_name}].
+* For more details about {project_name} adapter and OAuth2 flows see link:{securing_apps_link}[{securing_apps_name}].
==== Default implementations
diff --git a/docs/documentation/server_development/topics/saml-role-mappings-spi.adoc b/docs/documentation/server_development/topics/saml-role-mappings-spi.adoc
index 8c99f12449..98a7c7009b 100644
--- a/docs/documentation/server_development/topics/saml-role-mappings-spi.adoc
+++ b/docs/documentation/server_development/topics/saml-role-mappings-spi.adoc
@@ -11,7 +11,7 @@ Implementations can not only map roles into other roles but also add or remove r
roles assigned to the SAML principal) depending on the use case.
For details about the configuration of the role mappings provider for the SAML adapter as well as a description of the default
-implementations available see the link:{adapterguide_link}[{adapterguide_name}].
+implementations available see the link:{securing_apps_link}[{securing_apps_name}].
=== Implementing a custom role mappings provider
@@ -26,4 +26,4 @@ of the custom implementation must be added to the archive that also contains the
When the SP application is deployed, the role mappings provider that will be used is selected by the id that was set in
`keycloak-saml.xml` or in the `keycloak-saml` subsystem. So to enable your custom provider simply make sure that its id is
-properly set in the adapter configuration.
\ No newline at end of file
+properly set in the adapter configuration.
diff --git a/docs/documentation/tests/pom.xml b/docs/documentation/tests/pom.xml
index c65992a416..a8d4ec97ce 100644
--- a/docs/documentation/tests/pom.xml
+++ b/docs/documentation/tests/pom.xml
@@ -80,12 +80,6 @@
${project.version}
pom
-
- org.keycloak.documentation
- securing-apps
- ${project.version}
- pom
-
org.keycloak.documentation
server-admin
diff --git a/docs/documentation/tests/src/test/java/org/keycloak/documentation/test/Guides.java b/docs/documentation/tests/src/test/java/org/keycloak/documentation/test/Guides.java
index 8b7aa09f6a..1a1e84e552 100644
--- a/docs/documentation/tests/src/test/java/org/keycloak/documentation/test/Guides.java
+++ b/docs/documentation/tests/src/test/java/org/keycloak/documentation/test/Guides.java
@@ -12,7 +12,6 @@ public class Guides {
List g = new LinkedList<>();
g.add("authorization_services");
g.add("release_notes");
- g.add("securing_apps");
g.add("server_admin");
g.add("server_development");
g.add("upgrading");
diff --git a/docs/documentation/tests/src/test/resources/guide-url-fragments b/docs/documentation/tests/src/test/resources/guide-url-fragments
index c0d6feae62..2796a01598 100644
--- a/docs/documentation/tests/src/test/resources/guide-url-fragments
+++ b/docs/documentation/tests/src/test/resources/guide-url-fragments
@@ -1,9 +1,8 @@
api_documentation=api_documentation
authorization_services=authorization_services
getting_started=getting_started
-securing_apps=securing_apps
server_admin=server_admin
server_development=server_development
server_installation=server_installation
upgrading=upgrading
-release_notes=release_notes
\ No newline at end of file
+release_notes=release_notes
diff --git a/docs/documentation/topics/templates/document-attributes.adoc b/docs/documentation/topics/templates/document-attributes.adoc
index 0abccbae54..75503f62d5 100644
--- a/docs/documentation/topics/templates/document-attributes.adoc
+++ b/docs/documentation/topics/templates/document-attributes.adoc
@@ -40,13 +40,6 @@
:authorizationguide_name_short: Authorization Services
:authorizationguide_link: {project_doc_base_url}/authorization_services/
:authorizationguide_link_latest: {project_doc_base_url_latest}/authorization_services/
-:adapterguide_name: Securing Applications and Services Guide
-:adapterguide_name_short: Securing Apps
-:adapterguide_link: {project_doc_base_url}/securing_apps/
-:adapterguide_link_js_adapter: {adapterguide_link}#_javascript_adapter
-:adapterguide_link_nodejs_adapter: {adapterguide_link}#_nodejs_adapter
-:adapterguide_link_latest: {project_doc_base_url_latest}/securing_apps/
-:adapterguide_logout_link: {adapterguide_link}#_java_adapter_logout
:adminguide_name: Server Administration Guide
:adminguide_name_short: Server Administration
:adminguide_link: {project_doc_base_url}/server_admin/
@@ -128,4 +121,5 @@
:section: guide
:sections: guides
:securing_apps_name: Securing applications Guides
+:securing_apps_name_short: Securing applications
:securing_apps_link: https://www.keycloak.org/guides#securing-apps
diff --git a/docs/documentation/topics/templates/release-header.adoc b/docs/documentation/topics/templates/release-header.adoc
index 7ce98e925e..be4a8afaaf 100644
--- a/docs/documentation/topics/templates/release-header.adoc
+++ b/docs/documentation/topics/templates/release-header.adoc
@@ -6,7 +6,7 @@ ifeval::["{release_header_guide}" != "{gettingstarted_name_short}"]
* {gettingstarted_link}[{gettingstarted_name_short}]
endif::[]
ifeval::["{release_header_guide}" != "{adapterguide_name_short}"]
-* {adapterguide_link}[{adapterguide_name_short}]
+* {securing_apps_link}[{securing_apps_name_short}]
endif::[]
ifeval::["{release_header_guide}" != "{adminguide_name_short}"]
* {adminguide_link}[{adminguide_name_short}]
@@ -28,4 +28,4 @@ endif::[]
[.top-menu-version]
====
Version *{project_version}*
-====
\ No newline at end of file
+====
diff --git a/docs/documentation/upgrading/topics/changes/changes.adoc b/docs/documentation/upgrading/topics/changes/changes.adoc
index 64b5fcf414..b8a54a1c0d 100644
--- a/docs/documentation/upgrading/topics/changes/changes.adoc
+++ b/docs/documentation/upgrading/topics/changes/changes.adoc
@@ -1091,7 +1091,7 @@ There are now 3 separate adapter downloads for WildFly, JBoss EAP and JBoss AS7:
Make sure you grab the correct one.
You also need to update standalone.xml as the extension module and subsystem definition has changed.
-See link:{adapterguide_link}[{adapterguide_name}] for details.
+See link:{securing_apps_link}[{securing_apps_name}] for details.
=== Migrating from 1.2.0.Beta1 to 1.2.0.RC1
diff --git a/docs/guides/attributes.adoc b/docs/guides/attributes.adoc
index f63a909e49..c67289cd88 100644
--- a/docs/guides/attributes.adoc
+++ b/docs/guides/attributes.adoc
@@ -8,6 +8,8 @@
:authorizationguide_name: Authorization Services Guide
:authorizationguide_name_short: Authorization Services
:authorizationguide_link: {project_doc_base_url}/authorization_services/
+:developerguide_name: Server Developer Guide
+:developerguide_link: {project_doc_base_url}/server_development/
:section: guide
:sections: guides
:archivedownloadurl: https://github.com/keycloak/keycloak/releases/download/{version}/keycloak-{version}.zip
@@ -26,3 +28,4 @@
:quickstartRepo_dir: keycloak-quickstarts
:securing_apps_link: https://www.keycloak.org/guides#securing-apps
:kc_js_path: /js
+:kc_realms_path: /realms
diff --git a/docs/guides/securing-apps/client-registration-cli.adoc b/docs/guides/securing-apps/client-registration-cli.adoc
index 0c11325a36..3913a87e4c 100644
--- a/docs/guides/securing-apps/client-registration-cli.adoc
+++ b/docs/guides/securing-apps/client-registration-cli.adoc
@@ -3,7 +3,7 @@
<@tmpl.guide
title="Client registration CLI"
-priority=60
+priority=110
summary="Automating Client Registration with the CLI">
The Client Registration CLI is a command-line interface (CLI) tool for application developers to configure new clients in a self-service manner when integrating with {project_name}. It is specifically designed to interact with {project_name} Client Registration REST endpoints.
@@ -383,4 +383,4 @@ Run the [command]`kcreg update-token --help` command for more information about
+
A: This error means your client is configured with [filename]`Signed JWT` token credentials, which means you have to use the [command]`--keystore` parameter when logging in.
-
\ No newline at end of file
+
diff --git a/docs/guides/securing-apps/client-registration.adoc b/docs/guides/securing-apps/client-registration.adoc
index 93538a4561..531494c6ce 100644
--- a/docs/guides/securing-apps/client-registration.adoc
+++ b/docs/guides/securing-apps/client-registration.adoc
@@ -3,7 +3,7 @@
<@tmpl.guide
title="Client registration service"
-priority=50
+priority=100
summary="Using the client registration service">
In order for an application or service to utilize {project_name} it has to register a client in {project_name}.
@@ -218,4 +218,4 @@ realm roles or client roles of other clients.
* Client Disabled Policy - Newly registered client will be disabled. This means that admin needs to manually approve and enable all newly registered clients.
This policy is not used by default even for anonymous registration.
-
\ No newline at end of file
+
diff --git a/docs/guides/securing-apps/docker-registry.adoc b/docs/guides/securing-apps/docker-registry.adoc
index 071f87062c..79a745c9ea 100644
--- a/docs/guides/securing-apps/docker-registry.adoc
+++ b/docs/guides/securing-apps/docker-registry.adoc
@@ -3,7 +3,7 @@
<@tmpl.guide
title="Docker registry"
-priority=40
+priority=90
summary="Configuring a Docker registry to use {project_name}">
NOTE: Docker authentication is disabled by default. To enable see the https://www.keycloak.org/server/features[Enabling and disabling features] {section}.
@@ -64,4 +64,4 @@ Once the above configuration has taken place, and the keycloak server and Docker
Password: *******
Login Succeeded
-
\ No newline at end of file
+
diff --git a/docs/guides/securing-apps/javascript-adapter.adoc b/docs/guides/securing-apps/javascript-adapter.adoc
index 02a941ece6..df4ba8c6f4 100644
--- a/docs/guides/securing-apps/javascript-adapter.adoc
+++ b/docs/guides/securing-apps/javascript-adapter.adoc
@@ -3,7 +3,7 @@
<@tmpl.guide
title="{project_name} JavaScript adapter"
-priority=20
+priority=30
summary="Client-side JavaScript library that can be used to secure web applications.">
{project_name} comes with a client-side JavaScript library called `keycloak-js` that can be used to secure web applications. The adapter also comes with built-in support for Cordova applications.
@@ -216,8 +216,10 @@ The technical details for linking to an app differ on each platform and special
Please refer to the Android and iOS sections of the https://github.com/e-imaxina/cordova-plugin-deeplinks/blob/master/README.md[deeplinks plugin documentation] for further instructions.
Different kinds of links exist for opening apps:
-* custom schemes, such as `myapp://login` or `android-app://com.example.myapp/https/example.com/login`
+
+* custom schemes, such as `myapp://login` or `android-app://com.example.myapp/https/example.com/login`.
* https://developer.apple.com/ios/universal-links/[Universal Links (iOS)]) / https://developer.android.com/training/app-links/deep-linking[Deep Links (Android)].
+
While the former are easier to set up and tend to work more reliably, the latter offer extra security because they are unique and only the owner of a domain can register them. Custom-URLs are deprecated on iOS. For best reliability, we recommend that you use universal links combined with a fallback site that uses a custom-url link.
Furthermore, we recommend the following steps to improve compatibility with the adapter:
diff --git a/docs/guides/securing-apps/mod-auth-mellon.adoc b/docs/guides/securing-apps/mod-auth-mellon.adoc
index 81018a1095..a36d8b4a2f 100644
--- a/docs/guides/securing-apps/mod-auth-mellon.adoc
+++ b/docs/guides/securing-apps/mod-auth-mellon.adoc
@@ -3,7 +3,7 @@
<@tmpl.guide
title="mod_auth_mellon Apache Module"
-priority=30
+priority=80
summary="Configuring the mod_auth_mellon Apache module with {project_name}">
The https://github.com/latchset/mod_auth_mellon[mod_auth_mellon] is an authentication module for Apache. If your language/environment supports using Apache HTTPD as a proxy, then you can use mod_auth_mellon to secure your web application with SAML. For more details on this module see the _mod_auth_mellon_ GitHub repo.
diff --git a/docs/guides/securing-apps/mod-auth-openidc.adoc b/docs/guides/securing-apps/mod-auth-openidc.adoc
index b45df39ee8..8ceb2b660e 100644
--- a/docs/guides/securing-apps/mod-auth-openidc.adoc
+++ b/docs/guides/securing-apps/mod-auth-openidc.adoc
@@ -3,7 +3,7 @@
<@tmpl.guide
title="mod_auth_openidc Apache HTTPD Module"
-priority=40
+priority=50
summary="Configuring the mod_auth_openidc Apache module with {project_name}">
diff --git a/docs/guides/securing-apps/oidc-layers.adoc b/docs/guides/securing-apps/oidc-layers.adoc
index 704421a432..3eea1d15ac 100644
--- a/docs/guides/securing-apps/oidc-layers.adoc
+++ b/docs/guides/securing-apps/oidc-layers.adoc
@@ -3,7 +3,7 @@
<@tmpl.guide
title="Secure applications and services with OpenID Connect"
-priority=10
+priority=20
summary="Using OpenID Connect with Keycloak to secure applications and services">
<#include "partials/oidc/available-endpoints.adoc" />
diff --git a/docs/documentation/securing_apps/topics/overview/overview.adoc b/docs/guides/securing-apps/overview.adoc
similarity index 73%
rename from docs/documentation/securing_apps/topics/overview/overview.adoc
rename to docs/guides/securing-apps/overview.adoc
index 37654e21c6..e54603f91c 100644
--- a/docs/documentation/securing_apps/topics/overview/overview.adoc
+++ b/docs/guides/securing-apps/overview.adoc
@@ -1,4 +1,10 @@
-== Planning for securing applications and services
+<#import "/templates/guide.adoc" as tmpl>
+<#import "/templates/links.adoc" as links>
+
+<@tmpl.guide
+title="Planning for securing applications and services"
+priority=10
+summary="Introduction and basic concepts for securing applications">
As an OAuth2, OpenID Connect, and SAML compliant server, {project_name} can secure any application and service as long
as the technology stack they are using supports any of these protocols. For more details about the security protocols
@@ -13,4 +19,8 @@ a particular security protocol or to provide a more rich and tightly coupled int
are known by *Keycloak Client Adapters*, and they should be used as a last resort if you cannot rely on what is available
from the application ecosystem.
+include::partials/overview/basic-steps.adoc[]
+<#include "partials/overview/getting-started.adoc" />
+include::partials/overview/terminology.adoc[]
+
diff --git a/docs/documentation/securing_apps/topics/overview/basic-steps.adoc b/docs/guides/securing-apps/partials/overview/basic-steps.adoc
similarity index 89%
rename from docs/documentation/securing_apps/topics/overview/basic-steps.adoc
rename to docs/guides/securing-apps/partials/overview/basic-steps.adoc
index 4bdf39fc8b..753f7c256c 100644
--- a/docs/documentation/securing_apps/topics/overview/basic-steps.adoc
+++ b/docs/guides/securing-apps/partials/overview/basic-steps.adoc
@@ -1,4 +1,4 @@
-=== Basic steps to secure applications and services
+== Basic steps to secure applications and services
These are the basic steps for securing an application or a service in {project_name}.
@@ -17,4 +17,5 @@ These are the basic steps for securing an application or a service in {project_n
This guide provides the detailed instructions for these steps. You can find more details
in the link:{adminguide_link}[Server Administration Guide] about how to register a client to {project_name} through the
-administration console.
\ No newline at end of file
+administration console.
+
diff --git a/docs/documentation/securing_apps/topics/overview/getting-started.adoc b/docs/guides/securing-apps/partials/overview/getting-started.adoc
similarity index 69%
rename from docs/documentation/securing_apps/topics/overview/getting-started.adoc
rename to docs/guides/securing-apps/partials/overview/getting-started.adoc
index d5d960f1d1..5435b319de 100644
--- a/docs/documentation/securing_apps/topics/overview/getting-started.adoc
+++ b/docs/guides/securing-apps/partials/overview/getting-started.adoc
@@ -1,4 +1,4 @@
-=== Getting Started
+== Getting Started
The link:{quickstartRepo_link}[{quickstartRepo_name}] provides examples about how to secure applications and services
using different programming languages and frameworks. By going through their documentation and codebase, you will
@@ -7,35 +7,46 @@ understand the bare minimum changes required in your application and service in
Also, see the following sections for recommendations for trusted and well-known client-side implementations for both OpenID
Connect and SAML protocols.
-==== OpenID Connect
+=== OpenID Connect
ifeval::[{project_community}==true]
-===== Java
+==== Java
* {quickstartRepo_link}/tree/latest/jakarta/servlet-authz-client[Wildfly Elytron OIDC]
* {quickstartRepo_link}/tree/latest/spring/rest-authz-resource-server[Spring Boot]
endif::[]
-===== JavaScript (client-side)
-* JavaScript
-
-===== Node.js (server-side)
-* Node.js
+==== JavaScript (client-side)
+* <@links.securingapps id="javascript-adapter"/>
+==== Node.js (server-side)
+* <@links.securingapps id="nodejs-adapter"/>
ifeval::[{project_community}==true]
-===== C#
+==== C#
* https://github.com/dylanplecki/KeycloakOwinAuthentication[OWIN]
-===== Python
+==== Python
* https://pypi.org/project/oic/[oidc]
-===== Android
+==== Android
* https://github.com/openid/AppAuth-Android[AppAuth]
-===== iOS
+==== iOS
* https://github.com/openid/AppAuth-iOS[AppAuth]
-===== Apache HTTP Server
+==== Apache HTTP Server
* https://github.com/OpenIDC/mod_auth_openidc[mod_auth_openidc]
endif::[]
+=== SAML
+
+==== Java
+
+* <@links.securingapps id="saml-galleon-layers"/>
+
+ifeval::[{project_community}==true]
+==== Apache HTTP Server
+
+* <@links.securingapps id="mod-auth-mellon"/>
+endif::[]
+
diff --git a/docs/documentation/securing_apps/topics/overview/terminology.adoc b/docs/guides/securing-apps/partials/overview/terminology.adoc
similarity index 98%
rename from docs/documentation/securing_apps/topics/overview/terminology.adoc
rename to docs/guides/securing-apps/partials/overview/terminology.adoc
index cbf88ab8e3..9d978a755c 100644
--- a/docs/documentation/securing_apps/topics/overview/terminology.adoc
+++ b/docs/guides/securing-apps/partials/overview/terminology.adoc
@@ -1,4 +1,4 @@
-=== Terminology
+== Terminology
These terms are used in this guide:
diff --git a/docs/documentation/securing_apps/topics/saml/saml-errors.adoc b/docs/guides/securing-apps/partials/saml/saml-errors.adoc
similarity index 80%
rename from docs/documentation/securing_apps/topics/saml/saml-errors.adoc
rename to docs/guides/securing-apps/partials/saml/saml-errors.adoc
index 25eb9e90b1..b7c463c14f 100644
--- a/docs/documentation/securing_apps/topics/saml/saml-errors.adoc
+++ b/docs/guides/securing-apps/partials/saml/saml-errors.adoc
@@ -1,6 +1,6 @@
[[_saml-errors]]
-=== {project_name} specific errors
+== {project_name} specific errors
{project_name} server can send an error to the client application in the SAML response, which may contain a SAML status such as:
@@ -16,5 +16,6 @@
{project_name} sends this error when a user is authenticated and has an SSO session, but the authentication session expired in the current browser tab and hence {project_name} server cannot automatically do SSO
re-authentication of the user and redirect back to client with successful response. When a client application receives this type of error, it is ideal to retry authentication immediately and send a new
-SAML request to the {project_name} server, which should typically always authenticate the user due to the SSO session and redirect back. More details in
-the link:{adminguide_link}#_authentication-sessions[{adminguide_name}].
+SAML request to the {project_name} server, which should typically always authenticate the user due to the SSO session and redirect back.
+The SAML adapter performs that retry automatically if the commented status is returned by the server.
+More details in the link:{adminguide_link}#_authentication-sessions[{adminguide_name}].
diff --git a/docs/guides/securing-apps/saml-galleon-layers-detailed-config.adoc b/docs/guides/securing-apps/saml-galleon-layers-detailed-config.adoc
index 8c2682cdbd..ebfa1bd6b2 100644
--- a/docs/guides/securing-apps/saml-galleon-layers-detailed-config.adoc
+++ b/docs/guides/securing-apps/saml-galleon-layers-detailed-config.adoc
@@ -3,7 +3,7 @@
<@tmpl.guide
title="{project_name} SAML Galleon feature pack detailed configuration"
-priority=20
+priority=70
tileVisible="false"
summary="Detailed list of elements for the `keycloak-saml.xml` configuration file">
diff --git a/docs/guides/securing-apps/saml-galleon-layers.adoc b/docs/guides/securing-apps/saml-galleon-layers.adoc
index 2acf8c4f12..96c34cbb4f 100644
--- a/docs/guides/securing-apps/saml-galleon-layers.adoc
+++ b/docs/guides/securing-apps/saml-galleon-layers.adoc
@@ -3,7 +3,7 @@
<@tmpl.guide
title="{project_name} SAML Galleon feature pack for WildFly and EAP"
-priority=10
+priority=60
summary="Using {project_name} SAML Galleon feature pack to secure applications in WildFly and EAP">
The SAML adapter is distributed as a Galleon feature pack for wildfly 29 or newer. More details about the subject
@@ -20,5 +20,6 @@ include::partials/saml/assertion-api.adoc[]
include::partials/saml/error_handling.adoc[]
include::partials/saml/debugging.adoc[]
include::partials/saml/multi-tenancy.adoc[]
+include::partials/saml/saml-errors.adoc[]
diff --git a/docs/guides/securing-apps/token-exchange.adoc b/docs/guides/securing-apps/token-exchange.adoc
index 2d74fcb90e..1afe142a53 100644
--- a/docs/guides/securing-apps/token-exchange.adoc
+++ b/docs/guides/securing-apps/token-exchange.adoc
@@ -3,7 +3,7 @@
<@tmpl.guide
title="Using token exchange"
-priority=40
+priority=120
summary="Configuring and using Token exchange with {project_name}">
:tech_feature_name: Token Exchange