Mark tech preview features
This commit is contained in:
parent
19535221bb
commit
bd409cb451
10 changed files with 43 additions and 38 deletions
|
@ -1,12 +1,8 @@
|
||||||
[[_overview]]
|
[[_overview]]
|
||||||
= Overview
|
= Overview
|
||||||
|
|
||||||
ifeval::[{project_product}==true]
|
:tech_feature_name: Authorization Services
|
||||||
NOTE: Authorization Services is a Technology Preview feature and is not fully supported. This feature is disabled by default.
|
include::templates/techpreview.adoc[]
|
||||||
|
|
||||||
To enable Authorization Services add the `standalone/configuration/profile.properties` file with the contents `profile=preview`
|
|
||||||
or start the server with `-Dkeycloak.profile=preview` to enable all technology preview features.
|
|
||||||
endif::[]
|
|
||||||
|
|
||||||
{project_name} supports fine-grained authorization policies and is able to combine different access control
|
{project_name} supports fine-grained authorization policies and is able to combine different access control
|
||||||
mechanisms such as:
|
mechanisms such as:
|
||||||
|
|
|
@ -103,6 +103,7 @@ else
|
||||||
echo ""
|
echo ""
|
||||||
for i in `find -maxdepth 2 -name master.adoc | xargs dirname | sort`; do
|
for i in `find -maxdepth 2 -name master.adoc | xargs dirname | sort`; do
|
||||||
TITLE=`getTitle $i`
|
TITLE=`getTitle $i`
|
||||||
|
GUIDE_DIR=`readlink -f $i`
|
||||||
echo "$TITLE"
|
echo "$TITLE"
|
||||||
echo " - AsciiDoctor: file://$GUIDE_DIR/target/html/index.html"
|
echo " - AsciiDoctor: file://$GUIDE_DIR/target/html/index.html"
|
||||||
echo " - ccutil: file://$GUIDE_DIR/build/tmp/en-US/html-single/index.html"
|
echo " - ccutil: file://$GUIDE_DIR/build/tmp/en-US/html-single/index.html"
|
||||||
|
|
|
@ -24,8 +24,8 @@ include::topics/oidc/java/jetty9-adapter.adoc[]
|
||||||
include::topics/oidc/java/jetty8-adapter.adoc[]
|
include::topics/oidc/java/jetty8-adapter.adoc[]
|
||||||
include::topics/oidc/java/spring-security-adapter.adoc[]
|
include::topics/oidc/java/spring-security-adapter.adoc[]
|
||||||
endif::[]
|
endif::[]
|
||||||
ifeval::[{project_community}==true]
|
|
||||||
include::topics/oidc/java/servlet-filter-adapter.adoc[]
|
include::topics/oidc/java/servlet-filter-adapter.adoc[]
|
||||||
|
ifeval::[{project_community}==true]
|
||||||
include::topics/oidc/java/jaas.adoc[]
|
include::topics/oidc/java/jaas.adoc[]
|
||||||
endif::[]
|
endif::[]
|
||||||
ifeval::[{project_community}==true]
|
ifeval::[{project_community}==true]
|
||||||
|
|
|
@ -13,51 +13,35 @@ ifeval::[{project_community}==true]
|
||||||
* <<_jetty8_adapter,Jetty 8>>
|
* <<_jetty8_adapter,Jetty 8>>
|
||||||
endif::[]
|
endif::[]
|
||||||
|
|
||||||
ifeval::[{project_community}==true]
|
|
||||||
* <<_servlet_filter_adapter,Servlet Filter>>
|
* <<_servlet_filter_adapter,Servlet Filter>>
|
||||||
* <<_spring_security_adapter,Spring Security>> (community)
|
* <<_spring_boot_adapter,Spring Boot>>
|
||||||
* <<_spring_boot_adapter,Spring Boot>> (community)
|
|
||||||
endif::[]
|
|
||||||
|
|
||||||
ifeval::[{project_community}==true]
|
ifeval::[{project_community}==true]
|
||||||
|
* <<_spring_security_adapter,Spring Security>>
|
||||||
|
endif::[]
|
||||||
|
|
||||||
===== JavaScript (client-side)
|
===== JavaScript (client-side)
|
||||||
* <<_javascript_adapter,JavaScript>>
|
* <<_javascript_adapter,JavaScript>>
|
||||||
endif::[]
|
|
||||||
|
|
||||||
===== Node.js (server-side)
|
===== Node.js (server-side)
|
||||||
* <<_nodejs_adapter,Node.js>>
|
* <<_nodejs_adapter,Node.js>>
|
||||||
|
|
||||||
===== JavaScript
|
|
||||||
* <<_javascript_adapter,JavaScript>>
|
|
||||||
|
|
||||||
ifeval::[{project_community}==true]
|
|
||||||
===== Node.js
|
|
||||||
* https://github.com/keycloak/keycloak-nodejs-connect[{project_name} Connect] (community)
|
|
||||||
endif::[]
|
|
||||||
|
|
||||||
ifeval::[{project_community}==true]
|
ifeval::[{project_community}==true]
|
||||||
==== C#
|
==== C#
|
||||||
* https://github.com/dylanplecki/KeycloakOwinAuthentication[OWIN] (community)
|
* https://github.com/dylanplecki/KeycloakOwinAuthentication[OWIN] (community)
|
||||||
endif::[]
|
|
||||||
|
|
||||||
ifeval::[{project_community}==true]
|
|
||||||
==== Python
|
==== Python
|
||||||
* https://pypi.python.org/pypi/oic/[oidc] (generic)
|
* https://pypi.python.org/pypi/oic/[oidc] (generic)
|
||||||
endif::[]
|
|
||||||
|
|
||||||
ifeval::[{project_community}==true]
|
|
||||||
==== Android
|
==== Android
|
||||||
* https://github.com/openid/AppAuth-Android[AppAuth] (generic)
|
* https://github.com/openid/AppAuth-Android[AppAuth] (generic)
|
||||||
* https://github.com/aerogear/aerogear-android-authz[AeroGear] (generic)
|
* https://github.com/aerogear/aerogear-android-authz[AeroGear] (generic)
|
||||||
endif::[]
|
|
||||||
|
|
||||||
ifeval::[{project_community}==true]
|
|
||||||
==== iOS
|
==== iOS
|
||||||
* https://github.com/openid/AppAuth-iOS[AppAuth] (generic)
|
* https://github.com/openid/AppAuth-iOS[AppAuth] (generic)
|
||||||
* https://github.com/aerogear/aerogear-ios-oauth2[AeroGear] (generic)
|
* https://github.com/aerogear/aerogear-ios-oauth2[AeroGear] (generic)
|
||||||
endif::[]
|
|
||||||
|
|
||||||
ifeval::[{project_community}==true]
|
|
||||||
===== Apache HTTP Server
|
===== Apache HTTP Server
|
||||||
* https://github.com/zmartzone/mod_auth_openidc[mod_auth_openidc]
|
* https://github.com/zmartzone/mod_auth_openidc[mod_auth_openidc]
|
||||||
endif::[]
|
endif::[]
|
||||||
|
|
|
@ -3,6 +3,9 @@
|
||||||
|
|
||||||
== Token Exchange
|
== Token Exchange
|
||||||
|
|
||||||
|
:tech_feature_name: Token Exchange
|
||||||
|
include::../templates/techpreview.adoc[]
|
||||||
|
|
||||||
In {project_name}, token exchange is the process of using a set of credentials or token to obtain an entirely different token.
|
In {project_name}, token exchange is the process of using a set of credentials or token to obtain an entirely different token.
|
||||||
A client may want to invoke on a less trusted application so it may want to downgrade the current token it has.
|
A client may want to invoke on a less trusted application so it may want to downgrade the current token it has.
|
||||||
A client may want to exchange a {project_token} for a token stored for a linked social provider account.
|
A client may want to exchange a {project_token} for a token stored for a linked social provider account.
|
||||||
|
|
|
@ -2,6 +2,9 @@
|
||||||
|
|
||||||
=== Fine Grain Admin Permissions
|
=== Fine Grain Admin Permissions
|
||||||
|
|
||||||
|
:tech_feature_name: Fine Grain Admin Permissions
|
||||||
|
include::../templates/techpreview.adoc[]
|
||||||
|
|
||||||
Sometimes roles like `manage-realm` or `manage-users` are too coarse grain and you want to create
|
Sometimes roles like `manage-realm` or `manage-users` are too coarse grain and you want to create
|
||||||
restricted admin accounts that have more fine grain permissions. {project_name} allows you to define
|
restricted admin accounts that have more fine grain permissions. {project_name} allows you to define
|
||||||
and assign restricted access policies for managing a realm. Things like:
|
and assign restricted access policies for managing a realm. Things like:
|
||||||
|
|
|
@ -2,6 +2,10 @@
|
||||||
[[crossdc-mode]]
|
[[crossdc-mode]]
|
||||||
=== Cross-Datacenter Replication Mode
|
=== Cross-Datacenter Replication Mode
|
||||||
|
|
||||||
|
:tech_feature_name: Cross-Datacenter Replication Mode
|
||||||
|
:tech_feature_disabled: false
|
||||||
|
include::../templates/techpreview.adoc[]
|
||||||
|
|
||||||
Cross-Datacenter Replication mode is for when you want to run {project_name} in a cluster across multiple data centers, most typically using data center sites that are in different geographic regions. When using this mode, each data center will have its own cluster of {project_name} servers.
|
Cross-Datacenter Replication mode is for when you want to run {project_name} in a cluster across multiple data centers, most typically using data center sites that are in different geographic regions. When using this mode, each data center will have its own cluster of {project_name} servers.
|
||||||
|
|
||||||
This documentation will refer the following example architecture diagram to illustrate and describe a simple Cross-Datacenter Replication use case.
|
This documentation will refer the following example architecture diagram to illustrate and describe a simple Cross-Datacenter Replication use case.
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
:project_name: Red Hat Single Sign-On
|
:project_name: Red Hat Single Sign-On
|
||||||
:project_community: false
|
:project_community: false
|
||||||
:project_product: true
|
:project_product: true
|
||||||
:project_version: 7.2.0.DR4
|
:project_version: 7.2.0.GA
|
||||||
:project_versionMvn: 3.3.0.Final-redhat1
|
:project_versionMvn: 3.4.2.Final-redhat1
|
||||||
:project_versionNpm: 3.3.0.Final-redhat1
|
:project_versionNpm: 3.4.2.Final-redhat1
|
||||||
:project_versionDoc: 7.2
|
:project_versionDoc: 7.2
|
||||||
:project_images: rhsso-images
|
:project_images: rhsso-images
|
||||||
:project_doc_base_url: https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/{project_versionDoc}/html-single
|
:project_doc_base_url: https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/{project_versionDoc}/html-single
|
||||||
|
@ -87,4 +87,4 @@
|
||||||
:fuseHawtioWARVersion: hawtio-wildfly-1.4.0.redhat-630254.war
|
:fuseHawtioWARVersion: hawtio-wildfly-1.4.0.redhat-630254.war
|
||||||
|
|
||||||
:subsystem_undertow_xml_urn: urn:jboss:domain:undertow:4.0
|
:subsystem_undertow_xml_urn: urn:jboss:domain:undertow:4.0
|
||||||
:saml_adapter_xsd_urn: http://www.keycloak.org/schema/keycloak_saml_adapter_1_9.xsd
|
:saml_adapter_xsd_urn: http://www.keycloak.org/schema/keycloak_saml_adapter_1_9.xsd
|
||||||
|
|
14
topics/templates/techpreview.adoc
Normal file
14
topics/templates/techpreview.adoc
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
ifeval::[{project_product}==true]
|
||||||
|
[NOTE]
|
||||||
|
====
|
||||||
|
ifeval::[{tech_feature_disabled}!=false]
|
||||||
|
{tech_feature_name} is *Technology Preview* and is not fully supported. This feature is disabled by default.
|
||||||
|
|
||||||
|
To enable start the server with `-Dkeycloak.profile=preview`. For more details see
|
||||||
|
link:{installguide_profile_link}[{installguide_profile_name}].
|
||||||
|
endif::[]
|
||||||
|
ifeval::[{tech_feature_disabled}==false]
|
||||||
|
{tech_feature_name} is *Technology Preview* and is not fully supported.
|
||||||
|
endif::[]
|
||||||
|
====
|
||||||
|
endif::[]
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
== Introduction
|
== Introduction
|
||||||
|
|
||||||
Red Hat Single Sign-On (RH-SSO) 7.1 is based on the Keycloak project and provides security for your web applications by
|
Red Hat Single Sign-On (RH-SSO) 7.2 is based on the Keycloak project and provides security for your web applications by
|
||||||
providing Web single sign-on capabilities based on popular standards such as SAML 2.0, OpenID Connect, and OAuth 2.0.
|
providing Web single sign-on capabilities based on popular standards such as SAML 2.0, OpenID Connect, and OAuth 2.0.
|
||||||
The Red Hat Single Sign-On Server can act as a SAML or OpenID Connect-based identity provider, mediating with your
|
The Red Hat Single Sign-On Server can act as a SAML or OpenID Connect-based identity provider, mediating with your
|
||||||
enterprise user directory or third-party SSO provider for identity information and your applications using standards-based
|
enterprise user directory or third-party SSO provider for identity information and your applications using standards-based
|
||||||
|
@ -14,30 +14,30 @@ RH-SSO instances from a single control point. The upgrade process differs depend
|
||||||
implemented. Specific instructions for each mode are provided where applicable.
|
implemented. Specific instructions for each mode are provided where applicable.
|
||||||
|
|
||||||
The purpose of this guide is to document the steps that are required to successfully upgrade from
|
The purpose of this guide is to document the steps that are required to successfully upgrade from
|
||||||
Red Hat Single Sign-On 7.0 to Red Hat Single Sign-On 7.1.
|
Red Hat Single Sign-On 7.1 to Red Hat Single Sign-On 7.2.
|
||||||
|
|
||||||
=== About Upgrades
|
=== About Upgrades
|
||||||
|
|
||||||
==== Major Upgrades
|
==== Major Upgrades
|
||||||
|
|
||||||
A major upgrade or migration is required when RH-SSO is upgraded from one major release to another, for example, from
|
A major upgrade or migration is required when RH-SSO is upgraded from one major release to another, for example, from
|
||||||
Red Hat Single Sign-On 7.0 to Red Hat Single Sign-On 8.0. There may be breaking API changes between major releases
|
Red Hat Single Sign-On 7.2 to Red Hat Single Sign-On 8.0. There may be breaking API changes between major releases
|
||||||
that could require rewriting parts of applications or server extensions.
|
that could require rewriting parts of applications or server extensions.
|
||||||
|
|
||||||
==== Minor Updates
|
==== Minor Updates
|
||||||
|
|
||||||
Red Hat Single Sign-On periodically provides point releases, which are minor updates that include bug fixes, security
|
Red Hat Single Sign-On periodically provides point releases, which are minor updates that include bug fixes, security
|
||||||
fixes, and new features. If you plan to upgrade from one Red Hat Single Sign-On point release to another, for example,
|
fixes, and new features. If you plan to upgrade from one Red Hat Single Sign-On point release to another, for example,
|
||||||
from Red Hat Single Sign-On 7.0 to Red Hat Single Sign-On 7.1, code changes should not be required for applications or
|
from Red Hat Single Sign-On 7.1 to Red Hat Single Sign-On 7.2, code changes should not be required for applications or
|
||||||
custom server extensions as long as no private, unsupported, or tech preview APIs are used.
|
custom server extensions as long as no private, unsupported, or tech preview APIs are used.
|
||||||
|
|
||||||
==== Micro Updates
|
==== Micro Updates
|
||||||
|
|
||||||
Red Hat Single Sign-On 7 also periodically provides micro releases that contain bug and security fixes.
|
Red Hat Single Sign-On 7 also periodically provides micro releases that contain bug and security fixes.
|
||||||
Micro releases increment the minor release version by the last digit, for example from 7.1.0 to 7.1.1. These release
|
Micro releases increment the minor release version by the last digit, for example from 7.2.0 to 7.2.1. These release
|
||||||
do not require migration and should not impact the server configuration files. The patch management system for ZIP
|
do not require migration and should not impact the server configuration files. The patch management system for ZIP
|
||||||
installations can also rollback the patch and server configuration.
|
installations can also rollback the patch and server configuration.
|
||||||
|
|
||||||
A micro release only contains the artifacts that have changed. For example if Red Hat Single Sign-On 7.1.1 contains changes to
|
A micro release only contains the artifacts that have changed. For example if Red Hat Single Sign-On 7.2.1 contains changes to
|
||||||
the server and the JavaScript adapter, but not the EAP adapter, only the server and JavaScript adapter are released and require
|
the server and the JavaScript adapter, but not the EAP adapter, only the server and JavaScript adapter are released and require
|
||||||
updating.
|
updating.
|
||||||
|
|
Loading…
Reference in a new issue