[RHSSO-471] - Adding RH-SSO images

topics/getting-started/hello-world/before-start.adoc

@@ -9,7 +9,7 @@ Ensure you have a {{book.project.name}} instance running; the default configurat
 Administration Console, a page similar to this one is displayed:
 
 .{{book.project.name}} Administration Console
-image:../../images/getting-started/kc-start-page.png[alt="{{book.project.name}} Administration Console"]
+image:../../{{book.images}}/getting-started/kc-start-page.png[alt="{{book.project.name}} Administration Console"]
 
 The source code for the getting started tutorials can be obtained from the demo distributions. The authorization-related examples
 are located at *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz*.

topics/getting-started/hello-world/create-realm.adoc

@@ -12,7 +12,7 @@ To create a realm and a user complete the following steps:
 . Create a realm with a name *hello-world-authz*. Once created, a page similar to the following is displayed:
 +
 .Realm hello-world-authz
-image:../../../images/getting-started/hello-world/create-realm.png[alt="Realm hello-world-authz"]
+image:../../../{{book.images}}/getting-started/hello-world/create-realm.png[alt="Realm hello-world-authz"]
 
 . Create a user for your newly created realm. Click *Users*. The user list page opens.
 
@@ -21,12 +21,12 @@ image:../../../images/getting-started/hello-world/create-realm.png[alt="Realm he
 . Complete the fields as shown in the screenshot below to create a new user with the username of *alice* and then click *Save*.
 +
 .Add User
-image:../../../images/getting-started/hello-world/create-user.png[alt="Add User"]
+image:../../../{{book.images}}/getting-started/hello-world/create-user.png[alt="Add User"]
 
 . Set a password for the *alice* user by clicking the *Credentials* tab.
 +
 .Set User Password
-image:../../../images/getting-started/hello-world/reset-user-pwd.png[alt="Set User Password"]
+image:../../../{{book.images}}/getting-started/hello-world/reset-user-pwd.png[alt="Set User Password"]
 
 . Complete the *New Password* and *Password Confirmation* fields with a password and click the *Temporary* switch to *OFF*.
 

topics/getting-started/hello-world/create-resource-server.adoc

@@ -8,12 +8,12 @@ To create a new client, complete the following steps:
 . Click *Clients* to start creating a new client application and fill in the fields as shown in the screenshot below:
 +
 .Create Client Application
-image:../../../images/getting-started/hello-world/create-client.png[alt="Create Client Application"]
+image:../../../{{book.images}}/getting-started/hello-world/create-client.png[alt="Create Client Application"]
 
 . Click *Save*. The Client Details page is displayed.
 +
 .Client Details
-image:../../../images/getting-started/hello-world/enable-authz.png[alt="Client Details"]
+image:../../../{{book.images}}/getting-started/hello-world/enable-authz.png[alt="Client Details"]
 
 . On the Client Details page, click the *Authorization Enabled* switch to *ON*, and then click *Save*.
 A new *Authorization* tab is displayed for the client. 
@@ -21,7 +21,7 @@ A new *Authorization* tab is displayed for the client.
 . Click the *Authorization* tab and an Authorization Settings page similar to the following is displayed:
 +
 .Authorization Settings
-image:../../../images/getting-started/hello-world/authz-settings.png[alt="Authorization Settings"]
+image:../../../{{book.images}}/getting-started/hello-world/authz-settings.png[alt="Authorization Settings"]
 
 When you enable authorization services for a client application, {{book.project.name}} automatically creates several <<fake/../../../resource-server/default-config.adoc#_resource_server_default_config, default settings>> for your client authorization configuration.
 

topics/getting-started/hello-world/deploy.adoc

@@ -12,12 +12,12 @@ To obtain the adapter configuration from the {{book.project.name}} Administratio
 . Click *Clients*. In the client listing, click the *hello-world-authz-service* client application. The Client Details page opens.
 +
 .Client Details
-image:../../../images/getting-started/hello-world/enable-authz.png[alt="Client Details"]
+image:../../../{{book.images}}/getting-started/hello-world/enable-authz.png[alt="Client Details"]
 
 . Click the *Installation* tab. From the Format Option dropdown list, select *Keycloak OIDC JSON*. The adapter configuration is displayed in JSON format. Click *Download*.
 +
 .Adapter Configuration
-image:../../../images/getting-started/hello-world/adapter-config.png[alt="Adapter Configuration"]
+image:../../../{{book.images}}/getting-started/hello-world/adapter-config.png[alt="Adapter Configuration"]
 
 . Navigate to the *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz/hello-world-authz-service/src/main/webapp/WEB-INF* directory and locate the *keycloak.json* file. Replace its contents with the adapter configuration you obtained from step 2 and save the file.
 
@@ -44,12 +44,12 @@ mvn clean package wildfly:deploy
 If your application was successfully deployed you can access it at http://localhost:8080/hello-world-authz-service[http://localhost:8080/hello-world-authz-service]. The {{book.project.name}} Login page opens.
 
 .Login Page
-image:../../../images/getting-started/hello-world/login-page.png[alt="Login Page"]
+image:../../../{{book.images}}/getting-started/hello-world/login-page.png[alt="Login Page"]
 
 Log in as *alice* using the password you specified for that user. After authenticating, the following page is displayed:
 
 .Hello World Authz Main Page
-image:../../../images/getting-started/hello-world/main-page.png[alt="Hello World Authz Main Page"]
+image:../../../{{book.images}}/getting-started/hello-world/main-page.png[alt="Hello World Authz Main Page"]
 
 The <<fake/../../../resource-server/default-config.adoc#_resource_server_default_config, default settings>> defined by {{book.project.name}} when you enable authorization services for a client application provide a simple
 policy that always grants access to the resources protected by this policy.
@@ -68,7 +68,7 @@ $evaluation.deny();
 
 Now, log out of the demo application and log in again. You can no longer access the application.
 
-image:../../../images/getting-started/hello-world/access-denied-page.png[alt="Access Denied Page"]
+image:../../../{{book.images}}/getting-started/hello-world/access-denied-page.png[alt="Access Denied Page"]
 
 Let's fix that now, but instead of changing the `Default Policy` code we are going to change the `Logic` to `Negative` using the dropdown list below the policy code text area.
 That re-enables access to the application as we are negating the result of that policy, which is by default denying all requests for access. Again, before testing this change, be sure to log out and log in again.

topics/getting-started/overview.adoc

@@ -15,7 +15,7 @@ Ensure you have a {{book.project.name}} instance running; the default configurat
 Administration Console, a page similar to this one is displayed:
 
 .{{book.project.name}} Administration Console
-image:../../images/getting-started/kc-start-page.png[alt="{{book.project.name}} Administration Console"]
+image:../../{{book.images}}/getting-started/kc-start-page.png[alt="{{book.project.name}} Administration Console"]
 
 All source code for the getting started tutorials can be obtained from the demo distributions. The authorization-related examples
 are located at *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz*.

topics/permission/create-resource.adoc

@@ -6,7 +6,7 @@ A resource-based permission defines a set of one or more resources to protect us
 To create a new resource-based permission, select *Resource-based* in the dropdown list in the upper right corner of the permission listing.
 
 .Add Resource-Based Permission
-image:../../images/permission/create-resource.png[alt="Add Resource-Based Permission"]
+image:../../{{book.images}}/permission/create-resource.png[alt="Add Resource-Based Permission"]
 
 ==== Configuration
 

topics/permission/create-scope.adoc

@@ -6,7 +6,7 @@ A scope-based permission defines a set of one or more scopes to protect using a
 To create a new scope-based permission, select *Scope-based* in the dropdown list in the upper right corner of the permission listing.
 
 .Add Scope-Based Permission
-image:../../images/permission/create-scope.png[alt="Add Scope-Based Permission"]
+image:../../{{book.images}}/permission/create-scope.png[alt="Add Scope-Based Permission"]
 
 ==== Configuration
 

topics/permission/overview.adoc

@@ -7,7 +7,7 @@ After creating the resources you want to protect and the policies you want to us
 you can start managing permissions. To manage permissions, click the *Permissions* tab when editing a resource server.
 
 .Permissions
-image:../../images/permission/view.png[alt="Permissions"]
+image:../../{{book.images}}/permission/view.png[alt="Permissions"]
 
 Permissions can be created to protect two main types of objects:
 

topics/permission/typed-resource-permission.adoc

@@ -13,4 +13,4 @@ To create a typed resource permission, click <<fake/../create-resource.adoc#_per
 you can specify the type that you want to protect as well as the policies that are to be applied to govern access to all resources with type you have specified.
 
 .Example of a Typed Resource Permission
-image:../../images/typed-resource-perm-example.png[alt="Example of a Typed Resource Permission"]
+image:../../{{book.images}}/permission/typed-resource-perm-example.png[alt="Example of a Typed Resource Permission"]

topics/policy-evaluation-tool/overview.adoc

@@ -5,7 +5,7 @@ When designing your policies, you can simulate authorization requests to test ho
 
 You can access the Policy Evaluation Tool by clicking the `Evaluate` tab when editing a resource server. There you can specify different inputs to simulate real authorization requests and test the effect of your policies.
 
-image:../../images/policy-evaluation-tool.png[alt="Policy Evaluation Tool"]
+image:../../{{book.images}}/policy-evaluation-tool/policy-evaluation-tool.png[alt="Policy Evaluation Tool"]
 
 === Providing Identity Information
 

topics/policy/aggregated-policy.adoc

@@ -6,7 +6,7 @@ As mentioned previously, {{book.project.name}} allows you to build a policy of p
 To create a new aggregated policy, select *Aggregated* in the dropdown list located in the right upper corner of the permission listing.
 
 .Add an Aggregated Policy
-image:../../images/policy/create-aggregated.png[alt="Add Aggregated Policy"]
+image:../../{{book.images}}/policy/create-aggregated.png[alt="Add Aggregated Policy"]
 
 Let's suppose you have a resource called _Confidential Resource_ that can be accessed only by users from the _keycloak.org_ domain and from a certain range of IP addresses.
 You can create a single policy with both conditions. However, you want to reuse the domain part of this policy to apply to permissions that operates regardless of the originating network.

topics/policy/drools-policy.adoc

@@ -8,7 +8,7 @@ To create a new Rule-based policy, in the dropdown list in the right upper corne
  select *Rule*.
 
 .Add Rule Policy
-image:../../images/policy/create-drools.png[alt="Add Rule Policy"]
+image:../../{{book.images}}/policy/create-drools.png[alt="Add Rule Policy"]
 
 ==== Configuration
 

topics/policy/js-policy.adoc

@@ -7,7 +7,7 @@ supported by {{book.project.name}}, and provides flexibility to write any policy
 To create a new JavaScript-based policy, select *JavaScript* in the dropdown list in the upper right corner of the permission listing.
 
 .Add JavaScript Policy
-image:../../images/policy/create-js.png[alt="Add JavaScript Policy"]
+image:../../{{book.images}}/policy/create-js.png[alt="Add JavaScript Policy"]
 
 ==== Configuration
 

topics/policy/overview.adoc

@@ -6,7 +6,7 @@ As mentioned previously, policies define the conditions that must be satisfied b
 You can view all policies associated with a resource server by clicking the *Policy* tab when editing a resource server.
 
 .Policies
-image:../../images/policy/view.png[alt="Policies"]
+image:../../{{book.images}}/policy/view.png[alt="Policies"]
 
 On this tab, you can view the list of previously created policies as well as create and edit a policy.
 

topics/policy/role-policy-required-role.adoc

@@ -5,7 +5,7 @@ When creating a role-based policy, you can specify a specific role as `Required`
 only if the user requesting access has been granted *all* the *required* roles. Both realm and client roles can be configured as such.
 
 .Example of Required Role
-image:../../images/policy/create-role.png[alt="Example of Required Role"]
+image:../../{{book.images}}/policy/create-role.png[alt="Example of Required Role"]
 
 To specify a role as required, select the `Required` checkbox for the role you want to configure as required.
 

topics/policy/role-policy.adoc

@@ -10,7 +10,7 @@ Role policies can be useful when you need more restricted role-based access cont
 To create a new role-based policy, select *Role-Based* in the dropdown list in the upper right corner of the permission listing.
 
 .Add Role-Based Policy
-image:../../images/policy/create-role.png[alt="Add Role-Based Policy"]
+image:../../{{book.images}}/policy/create-role.png[alt="Add Role-Based Policy"]
 
 ==== Configuration
 

topics/policy/time-policy.adoc

@@ -6,7 +6,7 @@ You can use this type of policy to define time conditions for your permissions.
 To create a new time-based policy, select *Time* in the dropdown list in the upper right corner of the permission listing.
 
 .Add Time Policy
-image:../../images/policy/create-time.png[alt="Add Time Policy"]
+image:../../{{book.images}}/policy/create-time.png[alt="Add Time Policy"]
 
 ==== Configuration
 

topics/policy/user-policy.adoc

@@ -6,7 +6,7 @@ You can use this type of policy to define conditions for your permissions where
 To create a new user-based policy, select *User-Based* in the dropdown list in the upper right corner of the permission listing.
 
 .Add a User-Based Policy
-image:../../images/policy/create-user.png[alt="Add User-Based Policy"]
+image:../../{{book.images}}/policy/create-user.png[alt="Add User-Based Policy"]
 
 ==== Configuration
 

topics/resource-server/create-client.adoc

@@ -8,12 +8,12 @@ To create a client application, complete the following steps:
 . Click *Clients*.
 +
 .Clients
-image:../../images/resource-server/client-list.png[alt="Clients"]
+image:../../{{book.images}}/resource-server/client-list.png[alt="Clients"]
 
 . On this page, click *Create*.
 +
 .Create Client
-image:../../images/resource-server/client-create.png[alt="Create Client"]
+image:../../{{book.images}}/resource-server/client-create.png[alt="Create Client"]
 
 . Type the `Client ID` of the client. For example, _my-resource-server_.
 . Type the `Root URL` for your application. For example:
@@ -25,4 +25,4 @@ http://${host}:${port}/my-resource-server
 . Click *Save*. The client is created and the client Settings page opens. A page similar to the following is displayed:
 +
 .Client Settings
-image:../../images/resource-server/client-enable-authz.png[alt="Client Settings"]
+image:../../{{book.images}}/resource-server/client-enable-authz.png[alt="Client Settings"]

topics/resource-server/default-config.adoc

@@ -12,7 +12,7 @@ The default configuration consists of:
 The default protected resource is referred to as the *default resource* and you can view it if you navigate to the *Resources* tab.
 
 .Default Resource
-image:../../images/resource-server/default-resource.png[alt="Default Resource"]
+image:../../{{book.images}}/resource-server/default-resource.png[alt="Default Resource"]
 
 This resource defines a `Type`, namely `urn:my-resource-server:resources:default` and a `URI` `/*`. Here, the `URI` field defines a
 wildcard pattern that indicates to {{book.project.name}} that this resource represents all the paths in your application. In other words,
@@ -25,7 +25,7 @@ to the default resource or any other resource you create using the same type.
 The default policy is referred to as the *only from realm policy* and you can view it if you navigate to the *Policies* tab.
 
 .Default Policy
-image:../../images/resource-server/default-policy.png[alt="Default Policy"]
+image:../../{{book.images}}/resource-server/default-policy.png[alt="Default Policy"]
 
 This policy is a <<fake/../../policy/js-policy.adoc#_policy_js, JavaScript-based policy>> defining a condition that always grants access to the resources protected by this policy. If you click this policy you can see that it defines a rule as follows:
 
@@ -37,7 +37,7 @@ $evaluation.grant();
 Lastly, the default permission is referred to as the *default permission* and you can view it if you navigate to the *Permissions* tab.
 
 .Default Permission
-image:../../images/resource-server/default-permission.png[alt="Default Permission"]
+image:../../{{book.images}}/resource-server/default-permission.png[alt="Default Permission"]
 
 This permission is a <<fake/../../permission/create-resource.adoc#_permission_create_resource, resource-based permission>>, defining a set of one or more policies that are applied to all resources with a given type.
 

topics/resource-server/enable-authorization.adoc

@@ -4,12 +4,12 @@
 To turn your OIDC Client Application into a resource server and enable fine-grained authorization, click the *Authorization Enabled* switch to *ON* and click *Save*.
 
 .Enabling Authorization Services
-image:../../images/resource-server/client-enable-authz.png[alt="Enabling Authorization Services"]
+image:../../{{book.images}}/resource-server/client-enable-authz.png[alt="Enabling Authorization Services"]
 
 A new Authorization tab is displayed for this client. Click the *Authorization* tab and a page similar to the following is displayed:
 
 .Resource Server Settings
-image:../../images/resource-server/authz-settings.png[alt="Resource Server Settings"]
+image:../../{{book.images}}/resource-server/authz-settings.png[alt="Resource Server Settings"]
 
 The Authorization tab contains additional sub-tabs covering the different steps that you must follow to actually protect your application's resources. Each tab is covered separately by a specific topic in this documentation. But here is a quick description about each one:
 

topics/resource-server/import-config.adoc

@@ -14,12 +14,12 @@ To export a configuration file, complete the following steps:
 . Navigate to the *Resource Server Settings* page.
 +
 .Resource Server Settings
-image:../../images/resource-server/authz-settings.png[alt="Resource Server Settings"]
+image:../../{{book.images}}/resource-server/authz-settings.png[alt="Resource Server Settings"]
 
 . On this page, in the Export Settings section, click *Export*.
 +
 .Export Settings
-image:../../images/resource-server/authz-export.png[alt="Export Settings"]
+image:../../{{book.images}}/resource-server/authz-export.png[alt="Export Settings"]
 
 The configuration file is exported in JSON format and displayed in a text area, from which you can copy and paste. You can also click *Download* to download the configuration file and save it.