Convert chapter planning for securing applications and services to guides

Final removal of the securing_apps documentation Final checks for links, order and other minor things Closes #31328 Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-31 10:20:50 +02:00 · 2024-07-31 10:20:50 +02:00 · 942d5d0aa3
commit 942d5d0aa3
parent fed804160b
43 changed files with 79 additions and 182 deletions
--- a/docs/documentation/aggregation/pom.xml
+++ b/docs/documentation/aggregation/pom.xml
@ -26,12 +26,6 @@
            <version>${project.version}</version>
            <type>pom</type>
        </dependency>
        <dependency>
            <groupId>org.keycloak.documentation</groupId>
            <artifactId>securing-apps</artifactId>
            <version>${project.version}</version>
            <type>pom</type>
        </dependency>
        <dependency>
            <groupId>org.keycloak.documentation</groupId>
            <artifactId>server-admin</artifactId>
@ -107,22 +101,6 @@
                            </resources>
                        </configuration>
                    </execution>
                    <execution>
                        <id>copy-securing_apps</id>
                        <phase>process-resources</phase>
                        <goals>
                            <goal>copy-resources</goal>
                        </goals>
                        <configuration>
                            <outputDirectory>${project.build.outputDirectory}/securing_apps/</outputDirectory>
                            <resources>
                                <resource>
                                    <directory>../securing_apps/target/generated-docs</directory>
                                    <include>**/**</include>
                                </resource>
                            </resources>
                        </configuration>
                    </execution>
                    <execution>
                        <id>copy-server_admin</id>
                        <phase>process-resources</phase>
--- a/docs/documentation/aggregation/src/index.html
+++ b/docs/documentation/aggregation/src/index.html
@ -34,7 +34,6 @@ li a:hover {
 <body>
 <img src="keycloak_logo.png"/>
 <ul>
    <li><a href="securing_apps/${masterFile}.html">Securing Apps</a></li>
    <li><a href="server_admin/${masterFile}.html">Server Admin</a></li>
    <li><a href="server_development/${masterFile}.html">Server Development</a></li>
    <li><a href="authorization_services/${masterFile}.html">Authorization Services</a></li>
--- a/docs/documentation/build-auto.sh
+++ b/docs/documentation/build-auto.sh
@ -3,7 +3,7 @@
 OPTS=$1
 while true; do 
-    CHANGED=`inotifywait -r -e modify,move,create,delete authorization_services getting_started securing_apps server_admin server_development server_installation upgrading --format %w`
+    CHANGED=`inotifywait -r -e modify,move,create,delete authorization_services getting_started server_admin server_development server_installation upgrading --format %w`
    GUIDE=`echo $CHANGED | cut -d '/' -f 1`
    mvn clean install -f $GUIDE $OPTS  
 done
--- a/docs/documentation/pom.xml
+++ b/docs/documentation/pom.xml
@ -35,7 +35,6 @@
        <module>header-maven-plugin</module>
        <module>api_documentation</module>
        <module>authorization_services</module>
        <module>securing_apps</module>
        <module>server_admin</module>
        <module>server_development</module>
        <module>release_notes</module>
--- a/docs/documentation/release_notes/topics/23_0_0.adoc
+++ b/docs/documentation/release_notes/topics/23_0_0.adoc
@ -95,7 +95,7 @@ It is being replaced by the Elytron OIDC adapter,which is included in WildFly, a
 The SAML adapter for WildFly and JBoss EAP is no longer distributed as a ZIP download, but rather a Galleon feature pack,
 making it easier and more seamless to install.
-See the link:{adapterguide_link}[{adapterguide_name}] for the details.
+See the link:{securing_apps_link}[{securing_apps_name}] for the details.
 endif::[]
--- a/docs/documentation/securing_apps/.asciidoctorconfig
+++ b/docs/documentation/securing_apps/.asciidoctorconfig
@ -1,2 +0,0 @@
 // show images in the preview when using an IDE like IntelliJ
 :imagesdir: {asciidoctorconfigdir}
--- a/docs/documentation/securing_apps/docinfo-footer.html
+++ b/docs/documentation/securing_apps/docinfo-footer.html
@ -1 +0,0 @@
 ../aggregation/navbar.html
--- a/docs/documentation/securing_apps/docinfo.html
+++ b/docs/documentation/securing_apps/docinfo.html
@ -1 +0,0 @@
 ../aggregation/navbar-head.html
--- a/docs/documentation/securing_apps/images/keycloak_logo.png
+++ b/docs/documentation/securing_apps/images/keycloak_logo.png
--- a/docs/documentation/securing_apps/index.adoc
+++ b/docs/documentation/securing_apps/index.adoc
@ -1,16 +0,0 @@
 :toc:
 :toclevels: 3
 :numbered:
 :linkattrs:
 include::topics/templates/document-attributes.adoc[]
 :secure_applications_and_services_guide:
 = {adapterguide_name}
 :release_header_guide: {adapterguide_name_short}
 :release_header_latest_link: {adapterguide_link_latest}
 include::topics/templates/release-header.adoc[]
 include::topics.adoc[]
--- a/docs/documentation/securing_apps/pom.xml
+++ b/docs/documentation/securing_apps/pom.xml
@ -1,46 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.keycloak.documentation</groupId>
        <artifactId>documentation-parent</artifactId>
        <version>999.0.0-SNAPSHOT</version>
        <relativePath>../pom.xml</relativePath>
    </parent>
    <name>Securing Applications and Services</name>
    <artifactId>securing-apps</artifactId>
    <packaging>pom</packaging>
    <build>
        <plugins>
            <plugin>
                <groupId>org.keycloak.documentation</groupId>
                <artifactId>header-maven-plugin</artifactId>
                <executions>
                    <execution>
                        <id>add-file-headers</id>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <groupId>org.asciidoctor</groupId>
                <artifactId>asciidoctor-maven-plugin</artifactId>
                <executions>
                    <execution>
                        <id>asciidoc-to-html</id>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <artifactId>maven-antrun-plugin</artifactId>
                <executions>
                    <execution>
                        <id>echo-output</id>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
 </project>
--- a/docs/documentation/securing_apps/topics.adoc
+++ b/docs/documentation/securing_apps/topics.adoc
@ -1,17 +0,0 @@
 include::topics/overview/overview.adoc[]
 include::topics/overview/basic-steps.adoc[]
 include::topics/overview/getting-started.adoc[]
 include::topics/overview/terminology.adoc[]
 include::topics/oidc/oidc-overview.adoc[]
 include::topics/saml/saml-overview.adoc[]
 ifeval::[{project_product}==true]
 include::topics/saml/java/java-adapters-product.adoc[]
 endif::[]
 include::topics/saml/saml-errors.adoc[]
--- a/docs/documentation/securing_apps/topics/oidc/oidc-overview.adoc
+++ b/docs/documentation/securing_apps/topics/oidc/oidc-overview.adoc
@ -1,4 +0,0 @@
 [[_oidc]]
 == Using OpenID Connect to secure applications and services
 This section describes how you can secure applications and services with OpenID Connect using {project_name}.
--- a/docs/documentation/securing_apps/topics/saml/saml-overview.adoc
+++ b/docs/documentation/securing_apps/topics/saml/saml-overview.adoc
@ -1,5 +0,0 @@
 [[_saml]]
 ==  Using SAML to secure applications and services
 This section describes how you can secure applications and services with SAML using either {project_name} client adapters or generic SAML provider libraries.
--- a/docs/documentation/securing_apps/topics/templates
+++ b/docs/documentation/securing_apps/topics/templates
@ -1 +0,0 @@
 ../../topics/templates
--- a/docs/documentation/server_admin/topics/authentication/authentication-sessions.adoc
+++ b/docs/documentation/server_admin/topics/authentication/authentication-sessions.adoc
@ -19,7 +19,7 @@ authentication factor than the currently authenticated factor.
 In some rare cases, it can happen that after authentication in the first browser tab, other browser tabs are not able to restart authentication because the authentication session is already
 expired. In this case, the particular browser tab will redirect the error about the expired authentication session back to the client in a protocol specific way. For more details, see the corresponding sections
-of  *OIDC documentation* in the link:{securing_apps_link}[securing apps] section and  link:{adapterguide_link}#_saml-errors[SAML documentation]. When the client application receives such an error, it can immediately resubmit the OIDC/SAML authentication request to {project_name} as
+of  *OIDC documentation* in the link:{securing_apps_link}[securing apps] section. When the client application receives such an error, it can immediately resubmit the OIDC/SAML authentication request to {project_name} as
 this should usually automatically authenticate the user due to the existing SSO session as described earlier. As a result, the end user is authenticated automatically in all browser tabs.
-The *Keycloak JavaScript adapter* in the link:{securing_apps_link}[securing apps] section, link:{adapterguide_link}#_saml[{project_name} SAML adapter], and <<_identity_broker, {project_name} Identity provider>>
+The *Keycloak JavaScript adapter* in the link:{securing_apps_link}[securing apps] section, and <<_identity_broker, {project_name} Identity provider>>
 support to handle this error automatically and retry the authentication to the {project_name} server in such a case.
--- a/docs/documentation/server_admin/topics/clients/client-policies.adoc
+++ b/docs/documentation/server_admin/topics/clients/client-policies.adoc
@ -37,8 +37,8 @@ Conformance to a required security standards and profiles such as FAPI and OAuth
 == Protocol
-The client policy concept is independent of any specific protocol. {project_name} currently supports especially client profiles for the link:{securing_apps_link}[OpenID Connect (OIDC) protocol], but there is
+The client policy concept is independent of any specific protocol. {project_name} currently supports especially client profiles for the link:{adminguide_link}#con-oidc_server_administration_guide[OpenID Connect (OIDC) protocol], but there is
-also a client profile available for the link:{adapterguide_link}#_saml[SAML protocol].
+also a client profile available for the link:{adminguide_link}#_saml[SAML protocol].
 == Architecture
--- a/docs/documentation/server_admin/topics/clients/oidc/con-basic-settings.adoc
+++ b/docs/documentation/server_admin/topics/clients/oidc/con-basic-settings.adoc
@ -38,11 +38,11 @@ This option handles link:https://fetch.spec.whatwg.org/[Cross-Origin Resource Sh
 If browser JavaScript attempts an AJAX HTTP request to a server whose domain is different from the one that the
 JavaScript code came from, the request must use CORS. The server must handle CORS requests, otherwise the browser will not display or allow the request to be processed. This protocol protects against XSS, CSRF, and other JavaScript-based attacks.
 +
-Domain URLs listed here are embedded within the access token sent to the client application. The client application uses this information to decide whether to allow a CORS request to be invoked on it. Only {project_name} client adapters support this feature. See link:{adapterguide_link}[{adapterguide_name}] for more information.
+Domain URLs listed here are embedded within the access token sent to the client application. The client application uses this information to decide whether to allow a CORS request to be invoked on it. Only {project_name} client adapters support this feature. See link:{securing_apps_link}[{securing_apps_name}] for more information.
 [[_admin-url]]
 Admin URL:: Callback endpoint for a client. The server uses this URL to make callbacks like pushing revocation policies, performing backchannel logout, and other administrative operations. For {project_name} servlet adapters, this URL can be the root URL of the servlet application.
-For more information, see link:{adapterguide_link}[{adapterguide_name}].
+For more information, see link:{securing_apps_link}[{securing_apps_name}].
 == Capability Config
 [[_access-type]]
--- a/docs/documentation/server_development/topics/admin-rest-api.adoc
+++ b/docs/documentation/server_development/topics/admin-rest-api.adoc
@ -97,5 +97,4 @@ endif::[]
 === Additional resources
 [role="_additional-resources"]
 * {adminguide_link}[{adminguide_name}]
 * {adapterguide_link}[{adapterguide_name}]
 * {apidocs_link}[{apidocs_name}]
--- a/docs/documentation/server_development/topics/auth-spi.adoc
+++ b/docs/documentation/server_development/topics/auth-spi.adoc
@ -1194,7 +1194,7 @@ or during `Service account` authentication (represented by OAuth2 `Client Creden
 [role="_additional-resource"]
 .Additional resources
-* For more details about {project_name} adapter and OAuth2 flows see link:{adapterguide_link}[{adapterguide_name}].
+* For more details about {project_name} adapter and OAuth2 flows see link:{securing_apps_link}[{securing_apps_name}].
 ==== Default implementations
--- a/docs/documentation/server_development/topics/saml-role-mappings-spi.adoc
+++ b/docs/documentation/server_development/topics/saml-role-mappings-spi.adoc
@ -11,7 +11,7 @@ Implementations can not only map roles into other roles but also add or remove r
 roles assigned to the SAML principal) depending on the use case.
 For details about the configuration of the role mappings provider for the SAML adapter as well as a description of the default
-implementations available see the link:{adapterguide_link}[{adapterguide_name}].
+implementations available see the link:{securing_apps_link}[{securing_apps_name}].
 === Implementing a custom role mappings provider
@ -26,4 +26,4 @@ of the custom implementation must be added to the archive that also contains the
 When the SP application is deployed, the role mappings provider that will be used is selected by the id that was set in
 `keycloak-saml.xml` or in the `keycloak-saml` subsystem. So to enable your custom provider simply make sure that its id is
-properly set in the adapter configuration.
+properly set in the adapter configuration.
--- a/docs/documentation/tests/pom.xml
+++ b/docs/documentation/tests/pom.xml
@ -80,12 +80,6 @@
            <version>${project.version}</version>
            <type>pom</type>
        </dependency>
        <dependency>
            <groupId>org.keycloak.documentation</groupId>
            <artifactId>securing-apps</artifactId>
            <version>${project.version}</version>
            <type>pom</type>
        </dependency>
        <dependency>
            <groupId>org.keycloak.documentation</groupId>
            <artifactId>server-admin</artifactId>
--- a/docs/documentation/tests/src/test/java/org/keycloak/documentation/test/Guides.java
+++ b/docs/documentation/tests/src/test/java/org/keycloak/documentation/test/Guides.java
@ -12,7 +12,6 @@ public class Guides {
        List<String> g = new LinkedList<>();
        g.add("authorization_services");
        g.add("release_notes");
        g.add("securing_apps");
        g.add("server_admin");
        g.add("server_development");
        g.add("upgrading");
--- a/docs/documentation/tests/src/test/resources/guide-url-fragments
+++ b/docs/documentation/tests/src/test/resources/guide-url-fragments
@ -1,9 +1,8 @@
 api_documentation=api_documentation
 authorization_services=authorization_services
 getting_started=getting_started
 securing_apps=securing_apps
 server_admin=server_admin
 server_development=server_development
 server_installation=server_installation
 upgrading=upgrading
-release_notes=release_notes
+release_notes=release_notes
--- a/docs/documentation/topics/templates/document-attributes.adoc
+++ b/docs/documentation/topics/templates/document-attributes.adoc
@ -40,13 +40,6 @@
 :authorizationguide_name_short: Authorization Services
 :authorizationguide_link: {project_doc_base_url}/authorization_services/
 :authorizationguide_link_latest: {project_doc_base_url_latest}/authorization_services/
 :adapterguide_name: Securing Applications and Services Guide
 :adapterguide_name_short: Securing Apps
 :adapterguide_link: {project_doc_base_url}/securing_apps/
 :adapterguide_link_js_adapter: {adapterguide_link}#_javascript_adapter
 :adapterguide_link_nodejs_adapter: {adapterguide_link}#_nodejs_adapter
 :adapterguide_link_latest: {project_doc_base_url_latest}/securing_apps/
 :adapterguide_logout_link: {adapterguide_link}#_java_adapter_logout
 :adminguide_name: Server Administration Guide
 :adminguide_name_short: Server Administration
 :adminguide_link: {project_doc_base_url}/server_admin/
@ -128,4 +121,5 @@
 :section: guide
 :sections: guides
 :securing_apps_name: Securing applications Guides
 :securing_apps_name_short: Securing applications
 :securing_apps_link: https://www.keycloak.org/guides#securing-apps
--- a/docs/documentation/topics/templates/release-header.adoc
+++ b/docs/documentation/topics/templates/release-header.adoc
@ -6,7 +6,7 @@ ifeval::["{release_header_guide}" != "{gettingstarted_name_short}"]
 * {gettingstarted_link}[{gettingstarted_name_short}]
 endif::[]
 ifeval::["{release_header_guide}" != "{adapterguide_name_short}"]
-* {adapterguide_link}[{adapterguide_name_short}]
+* {securing_apps_link}[{securing_apps_name_short}]
 endif::[]
 ifeval::["{release_header_guide}" != "{adminguide_name_short}"]
 * {adminguide_link}[{adminguide_name_short}]
@ -28,4 +28,4 @@ endif::[]
 [.top-menu-version]
 ====
 Version *{project_version}*
-====
+====
--- a/docs/documentation/upgrading/topics/changes/changes.adoc
+++ b/docs/documentation/upgrading/topics/changes/changes.adoc
@ -1091,7 +1091,7 @@ There are now 3 separate adapter downloads for WildFly, JBoss EAP and JBoss AS7:
 Make sure you grab the correct one.
 You also need to update standalone.xml as the extension module and subsystem definition has changed.
-See link:{adapterguide_link}[{adapterguide_name}] for details.
+See link:{securing_apps_link}[{securing_apps_name}] for details.
 === Migrating from 1.2.0.Beta1 to 1.2.0.RC1
--- a/docs/guides/attributes.adoc
+++ b/docs/guides/attributes.adoc
@ -8,6 +8,8 @@
 :authorizationguide_name: Authorization Services Guide
 :authorizationguide_name_short: Authorization Services
 :authorizationguide_link: {project_doc_base_url}/authorization_services/
 :developerguide_name: Server Developer Guide
 :developerguide_link: {project_doc_base_url}/server_development/
 :section: guide
 :sections: guides
 :archivedownloadurl: https://github.com/keycloak/keycloak/releases/download/{version}/keycloak-{version}.zip
@ -26,3 +28,4 @@
 :quickstartRepo_dir: keycloak-quickstarts
 :securing_apps_link: https://www.keycloak.org/guides#securing-apps
 :kc_js_path: /js
 :kc_realms_path: /realms
--- a/docs/guides/securing-apps/client-registration-cli.adoc
+++ b/docs/guides/securing-apps/client-registration-cli.adoc
@ -3,7 +3,7 @@
 <@tmpl.guide
 title="Client registration CLI"
-priority=60
+priority=110
 summary="Automating Client Registration with the CLI">
 The Client Registration CLI is a command-line interface (CLI) tool for application developers to configure new clients in a self-service manner when integrating with {project_name}. It is specifically designed to interact with {project_name} Client Registration REST endpoints.
@ -383,4 +383,4 @@ Run the [command]`kcreg update-token --help` command for more information about
 +
 A: This error means your client is configured with [filename]`Signed JWT` token credentials, which means you have to use the [command]`--keystore` parameter when logging in.
-</@tmpl.guide>
+</@tmpl.guide>
--- a/docs/guides/securing-apps/client-registration.adoc
+++ b/docs/guides/securing-apps/client-registration.adoc
@ -3,7 +3,7 @@
 <@tmpl.guide
 title="Client registration service"
-priority=50
+priority=100
 summary="Using the client registration service">
 In order for an application or service to utilize {project_name} it has to register a client in {project_name}.
@ -218,4 +218,4 @@ realm roles or client roles of other clients.
 * Client Disabled Policy - Newly registered client will be disabled. This means that admin needs to manually approve and enable all newly registered clients.
 This policy is not used by default even for anonymous registration.
-</@tmpl.guide>
+</@tmpl.guide>
--- a/docs/guides/securing-apps/docker-registry.adoc
+++ b/docs/guides/securing-apps/docker-registry.adoc
@ -3,7 +3,7 @@
 <@tmpl.guide
 title="Docker registry"
-priority=40
+priority=90
 summary="Configuring a Docker registry to use {project_name}">
 NOTE: Docker authentication is disabled by default. To enable see the https://www.keycloak.org/server/features[Enabling and disabling features] {section}.
@ -64,4 +64,4 @@ Once the above configuration has taken place, and the keycloak server and Docker
 	Password: *******
 	Login Succeeded
-</@tmpl.guide>
+</@tmpl.guide>
--- a/docs/guides/securing-apps/javascript-adapter.adoc
+++ b/docs/guides/securing-apps/javascript-adapter.adoc
@ -3,7 +3,7 @@
 <@tmpl.guide
 title="{project_name} JavaScript adapter"
-priority=20
+priority=30
 summary="Client-side JavaScript library that can be used to secure web applications.">
 {project_name} comes with a client-side JavaScript library called `keycloak-js` that can be used to secure web applications. The adapter also comes with built-in support for Cordova applications.
@ -216,8 +216,10 @@ The technical details for linking to an app differ on each platform and special
 Please refer to the Android and iOS sections of the https://github.com/e-imaxina/cordova-plugin-deeplinks/blob/master/README.md[deeplinks plugin documentation] for further instructions.
 Different kinds of links exist for opening apps:
-* custom schemes, such as `myapp://login` or `android-app://com.example.myapp/https/example.com/login`
+
 * custom schemes, such as `myapp://login` or `android-app://com.example.myapp/https/example.com/login`.
 * https://developer.apple.com/ios/universal-links/[Universal Links (iOS)]) / https://developer.android.com/training/app-links/deep-linking[Deep Links (Android)].
 While the former are easier to set up and tend to work more reliably, the latter offer extra security because they are unique and only the owner of a domain can register them. Custom-URLs are deprecated on iOS.  For best reliability, we recommend that you use universal links combined with a fallback site that uses a custom-url link.
 Furthermore, we recommend the following steps to improve compatibility with the adapter:
--- a/docs/guides/securing-apps/mod-auth-mellon.adoc
+++ b/docs/guides/securing-apps/mod-auth-mellon.adoc
@ -3,7 +3,7 @@
 <@tmpl.guide
 title="mod_auth_mellon Apache Module"
-priority=30
+priority=80
 summary="Configuring the mod_auth_mellon Apache module with {project_name}">
 The https://github.com/latchset/mod_auth_mellon[mod_auth_mellon] is an authentication module for Apache. If your language/environment supports using Apache HTTPD as a proxy, then you can use mod_auth_mellon to secure your web application with SAML. For more details on this module see the _mod_auth_mellon_ GitHub repo.
--- a/docs/guides/securing-apps/mod-auth-openidc.adoc
+++ b/docs/guides/securing-apps/mod-auth-openidc.adoc
@ -3,7 +3,7 @@
 <@tmpl.guide
 title="mod_auth_openidc Apache HTTPD Module"
-priority=40
+priority=50
 summary="Configuring the mod_auth_openidc Apache module with {project_name}">
--- a/docs/guides/securing-apps/oidc-layers.adoc
+++ b/docs/guides/securing-apps/oidc-layers.adoc
@ -3,7 +3,7 @@
 <@tmpl.guide
 title="Secure applications and services with OpenID Connect"
-priority=10
+priority=20
 summary="Using OpenID Connect with Keycloak to secure applications and services">
 <#include "partials/oidc/available-endpoints.adoc" />
--- a/docs/documentation/securing_apps/topics/overview/overview.adoc
+++ b/docs/documentation/securing_apps/topics/overview/overview.adoc
@ -1,4 +1,10 @@
-== Planning for securing applications and services
+<#import "/templates/guide.adoc" as tmpl>
 <#import "/templates/links.adoc" as links>
 <@tmpl.guide
 title="Planning for securing applications and services"
 priority=10
 summary="Introduction and basic concepts for securing applications">
 As an OAuth2, OpenID Connect, and SAML compliant server, {project_name} can secure any application and service as long
 as the technology stack they are using supports any of these protocols. For more details about the security protocols
@ -13,4 +19,8 @@ a particular security protocol or to provide a more rich and tightly coupled int
 are known by *Keycloak Client Adapters*, and they should be used as a last resort if you cannot rely on what is available
 from the application ecosystem.
 include::partials/overview/basic-steps.adoc[]
 <#include "partials/overview/getting-started.adoc" />
 include::partials/overview/terminology.adoc[]
 </@tmpl.guide>
--- a/docs/documentation/securing_apps/topics/overview/basic-steps.adoc
+++ b/docs/documentation/securing_apps/topics/overview/basic-steps.adoc
@ -1,4 +1,4 @@
-=== Basic steps to secure applications and services
+== Basic steps to secure applications and services
 These are the basic steps for securing an application or a service in {project_name}.
@ -17,4 +17,5 @@ These are the basic steps for securing an application or a service in {project_n
 This guide provides the detailed instructions for these steps. You can find more details
 in the link:{adminguide_link}[Server Administration Guide] about how to register a client to {project_name} through the
-administration console.
+administration console.
--- a/docs/documentation/securing_apps/topics/overview/getting-started.adoc
+++ b/docs/documentation/securing_apps/topics/overview/getting-started.adoc
@ -1,4 +1,4 @@
-=== Getting Started
+== Getting Started
 The link:{quickstartRepo_link}[{quickstartRepo_name}] provides examples about how to secure applications and services
 using different programming languages and frameworks. By going through their documentation and codebase, you will
@ -7,35 +7,46 @@ understand the bare minimum changes required in your application and service in
 Also, see the following sections for recommendations for trusted and well-known client-side implementations for both OpenID
 Connect and SAML protocols.
-==== OpenID Connect
+=== OpenID Connect
 ifeval::[{project_community}==true]
-===== Java
+==== Java
 * {quickstartRepo_link}/tree/latest/jakarta/servlet-authz-client[Wildfly Elytron OIDC]
 * {quickstartRepo_link}/tree/latest/spring/rest-authz-resource-server[Spring Boot]
 endif::[]
-===== JavaScript (client-side)
+==== JavaScript (client-side)
-* JavaScript
+* <@links.securingapps id="javascript-adapter"/>
 ===== Node.js (server-side)
 * Node.js
 ==== Node.js (server-side)
 * <@links.securingapps id="nodejs-adapter"/>
 ifeval::[{project_community}==true]
-===== C#
+==== C#
 * https://github.com/dylanplecki/KeycloakOwinAuthentication[OWIN]
-===== Python
+==== Python
 * https://pypi.org/project/oic/[oidc]
-===== Android
+==== Android
 * https://github.com/openid/AppAuth-Android[AppAuth]
-===== iOS
+==== iOS
 * https://github.com/openid/AppAuth-iOS[AppAuth]
-===== Apache HTTP Server
+==== Apache HTTP Server
 * https://github.com/OpenIDC/mod_auth_openidc[mod_auth_openidc]
 endif::[]
 === SAML
 ==== Java
 * <@links.securingapps id="saml-galleon-layers"/>
 ifeval::[{project_community}==true]
 ==== Apache HTTP Server
 * <@links.securingapps id="mod-auth-mellon"/>
 endif::[]
--- a/docs/documentation/securing_apps/topics/overview/terminology.adoc
+++ b/docs/documentation/securing_apps/topics/overview/terminology.adoc
@ -1,4 +1,4 @@
-=== Terminology
+== Terminology
 These terms are used in this guide:
--- a/docs/documentation/securing_apps/topics/saml/saml-errors.adoc
+++ b/docs/documentation/securing_apps/topics/saml/saml-errors.adoc
@ -1,6 +1,6 @@
 [[_saml-errors]]
-=== {project_name} specific errors
+== {project_name} specific errors
 {project_name} server can send an error to the client application in the SAML response, which may contain a SAML status such as:
@ -16,5 +16,6 @@
 {project_name} sends this error when a user is authenticated and has an SSO session, but the authentication session expired in the current browser tab and hence {project_name} server cannot automatically do SSO
 re-authentication of the user and redirect back to client with successful response. When a client application receives this type of error, it is ideal to retry authentication immediately and send a new
-SAML request to the {project_name} server, which should typically always authenticate the user due to the SSO session and redirect back. More details in
+SAML request to the {project_name} server, which should typically always authenticate the user due to the SSO session and redirect back.
-the link:{adminguide_link}#_authentication-sessions[{adminguide_name}].
+The SAML adapter performs that retry automatically if the commented status is returned by the server.
 More details in the link:{adminguide_link}#_authentication-sessions[{adminguide_name}].
--- a/docs/guides/securing-apps/saml-galleon-layers-detailed-config.adoc
+++ b/docs/guides/securing-apps/saml-galleon-layers-detailed-config.adoc
@ -3,7 +3,7 @@
 <@tmpl.guide
 title="{project_name} SAML Galleon feature pack detailed configuration"
-priority=20
+priority=70
 tileVisible="false"
 summary="Detailed list of elements for the `keycloak-saml.xml` configuration file">
--- a/docs/guides/securing-apps/saml-galleon-layers.adoc
+++ b/docs/guides/securing-apps/saml-galleon-layers.adoc
@ -3,7 +3,7 @@
 <@tmpl.guide
 title="{project_name} SAML Galleon feature pack for WildFly and EAP"
-priority=10
+priority=60
 summary="Using {project_name} SAML Galleon feature pack to secure applications in WildFly and EAP">
 The SAML adapter is distributed as a Galleon feature pack for wildfly 29 or newer. More details about the subject
@ -20,5 +20,6 @@ include::partials/saml/assertion-api.adoc[]
 include::partials/saml/error_handling.adoc[]
 include::partials/saml/debugging.adoc[]
 include::partials/saml/multi-tenancy.adoc[]
 include::partials/saml/saml-errors.adoc[]
 </@tmpl.guide>
--- a/docs/guides/securing-apps/token-exchange.adoc
+++ b/docs/guides/securing-apps/token-exchange.adoc
@ -3,7 +3,7 @@
 <@tmpl.guide
 title="Using token exchange"
-priority=40
+priority=120
 summary="Configuring and using Token exchange with {project_name}">
 :tech_feature_name: Token Exchange
		`@ -1,2 +0,0 @@`
			`// show images in the preview when using an IDE like IntelliJ`
			`:imagesdir: {asciidoctorconfigdir}`
`@ -1,4 +1,4 @@`
	`=== Terminology`	`== Terminology`

	`These terms are used in this guide:`	`These terms are used in this guide:`