more

2016-04-21 10:26:04 -04:00 · 2016-04-21 10:26:04 -04:00 · e78628282a
commit e78628282a
parent 32186bd07a
11 changed files with 27 additions and 27 deletions
--- a/topics/cache.adoc
+++ b/topics/cache.adoc
@ -1,10 +1,10 @@
-= Server Cache
+== Server Cache

 By default, Keycloak caches realm metadata and users.
 There are two separate caches, one for realm metadata (realm, application, client, roles, etc...) and one for users.
 These caches greatly improves the performance of the server. 

-== Eviction and Expiration
+=== Eviction and Expiration

 By default the user cache contains a maximum of 10000 entries.
 This is not 10000 users, but 10000 entries in the cache.
@ -12,7 +12,7 @@ You can change the maximum number of entries by editing the server configuration
 Locate the element `cache-container name="keycloak"` and change the eviction policy for the `users` cache.
 For more information see https://docs.jboss.org/author/display/WFLY10/Infinispan+Subsystem[Infinispan Subsystem documentation]. 

-== Disabling Caches
+=== Disabling Caches

 To disable the realm or user cache, you must edit the `keycloak-server.json` file in your distribution.
 Here's what the config looks like initially. 
@ -51,7 +51,7 @@ To disable the cache set the enabled field to false for the cache you want to di
    },
 ----        

-== Clear Caches
+=== Clear Caches

 To clear the realm or user cache, go to the Keycloak admin console Realm Settings->Cache Config page.
 On this page you can clear the realm cache or the user cache.
--- a/topics/clustering.adoc
+++ b/topics/clustering.adoc
@ -1,4 +1,5 @@
 [[_clustering]]
+== Clustering

 Keycloak doesn't replicate realms and users, but instead relies on all nodes using the same database.
 This can be a relational database or Mongo.
@ -24,7 +25,7 @@ Typically you won't need to increase/decrease the default value, but just in cas
 ----                
 or similarly if you're using Mongo (just by replace `jpa` with `mongo`) 

-== Configure Infinispan
+=== Configure Infinispan

 Keycloak uses http://www.infinispan.org/[Infinispan] caches to share information between nodes. 

@ -56,7 +57,7 @@ For non-cluster configuration (server executed with `standalone.xml` ) is the in

 For cluster configuration, you can edit the configuration of `infinispan/Keycloak` container in `standalone/configuration/standalone-ha.xml` (or `standalone-keycloak-ha.xml` if you are using overlay or demo distribution) . 

-== Start in HA mode
+=== Start in HA mode

 To start the server in HA mode, start it with: 

@ -73,7 +74,7 @@ or if you are using overlay or demo distribution with:

 Alternatively you can copy `standalone/config/standalone-ha.xml` to `standalone/config/standalone.xml`            to make it the default server config. 

-== Enabling cluster security
+=== Enabling cluster security

 By default there's nothing to prevent unauthorized nodes from joining the cluster and sending potentially malicious messages to the cluster.
 However, as there's no sensitive data sent there's not much that can be achieved.
@ -133,7 +134,7 @@ Copy this keystore to all nodes (for example to standalone/configuration). Then
 ----            
 See the http://www.jgroups.org/manual/index.html#ENCRYPT[JGroups manual] for more details. 

-== Troubleshooting
+=== Troubleshooting

 Note that when you run cluster, you should see message similar to this in the log of both cluster nodes: 

--- a/topics/installation.adoc
+++ b/topics/installation.adoc
@ -1,4 +1,4 @@
-= Installation
+== Installation

 This chapter reviews what binaries you need to install to run the {{book.project.name}} Server on a specific machine.
 It describes the directory structure and files of the distribution.  Finally, it describes how to install {{book.project.name}}
--- a/topics/installation/directory-structure.adoc
+++ b/topics/installation/directory-structure.adoc
@ -1,4 +1,4 @@
-= Distribution Directory Structure
+=== Distribution Directory Structure

 This chapter walks you through the directory structure of the server distribution.

--- a/topics/installation/distribution-files-community.adoc
+++ b/topics/installation/distribution-files-community.adoc
@ -1,4 +1,4 @@
-= Installing Distribution Files
+=== Installing Distribution Files

 The Keycloak Server has three downloadable distributions:

--- a/topics/installation/distribution-files-product.adoc
+++ b/topics/installation/distribution-files-product.adoc
@ -1,4 +1,4 @@
-= Installing Distribution Files
+=== Installing Distribution Files

 The Keycloak Server is contained in one distribution file:

--- a/topics/installation/system-requirements.adoc
+++ b/topics/installation/system-requirements.adoc
@ -1,4 +1,4 @@
-= System Requirements
+=== System Requirements

 These are the requirements to run the {{book.project.name}} authentication server:

--- a/topics/openshift.adoc
+++ b/topics/openshift.adoc
@ -1,6 +1,6 @@
 [[_openshift]]

-= Running Keycloak Server on OpenShift
+== Running Keycloak Server on OpenShift

 Keycloak provides a OpenShift cartridge to make it easy to get it running on OpenShift.
 If you don't already have an account or don't know how to create applications go to https://www.openshift.com/        first.
@ -9,7 +9,7 @@ You can create the Keycloak instance either with the web tool or the command lin
 WARNING: It's important that immediately after creating a Keycloak instance you open the `Administration Console`            and login to reset the password.
 If this is not done anyone can easily gain admin rights to your Keycloak instance. 

-== Create Keycloak instance with the web tool
+=== Create Keycloak instance with the web tool

 . Open https://openshift.redhat.com/app/console/applications and click on `Add Application`.
 . Scroll down to the bottom of the page to find the `Code Anything` section.
@ -19,7 +19,7 @@ If this is not done anyone can easily gain admin rights to your Keycloak instanc
 . Under the list of applications you should find your Keycloak instance and the status should be `Started`.
 . Click on it to open the Keycloak servers homepage. 

-== Create Keycloak instance with the command-line tool
+=== Create Keycloak instance with the command-line tool

 . Run the following command from a terminal: 

@ -33,7 +33,7 @@ rhc app create <APPLICATION NAME> http://cartreflect-claytondev.rhcloud.com/gith
 Once the instance is created the rhc tool outputs details about it.
 Open the returned `URL` in a browser to open the Keycloak servers homepage. 

-== Next steps
+=== Next steps

 The Keycloak servers homepage shows the Keycloak logo and `Welcome to Keycloak`.
 There is also a link to the `Administration Console`.
--- a/topics/overview.adoc
+++ b/topics/overview.adoc
@ -1,4 +1,4 @@
-= Guide Overview
+== Guide Overview

 The purpose of this guide is to walk through the steps that need to be completed prior to booting up the
 {{book.project.name}} server for the first time.  If you just want to test drive {{book.project.name}}, it pretty much runs out of the box with its
--- a/topics/preface.adoc
+++ b/topics/preface.adoc
@ -1,5 +1,5 @@

-= Preface
+== Preface

 In some of the example listings, what is meant to be displayed on one line does not fit inside the available page width.These lines have been broken up. A '\' at the end of a line means that a break has been introduced to fit in the page, with the following lines indented.
 So: 
@ -18,6 +18,5 @@ Let's pretend to have an extremely long line that does not fit
 This one is short
 ----

-Attributes from book.json?  {book.project.name}


--- a/topics/proxy.adoc
+++ b/topics/proxy.adoc
@ -1,11 +1,11 @@
 [[_proxy]]
-= Keycloak Security Proxy
+== Keycloak Security Proxy

 Keycloak has an HTTP(S) proxy that you can put in front of web applications and services where it is not possible to install the keycloak adapter.
 You can set up URL filters so that certain URLs are secured either by browser login and/or bearer token authentication.
 You can also define role constraints for URL patterns within your applications. 

-== Proxy Install and Run
+=== Proxy Install and Run

 Download the keycloak proxy distribution from the Keycloak download pages and unzip it. 
 [source]
@ -23,7 +23,7 @@ $ java -jar bin/launcher.jar [your-config.json]

 If you do not specify a path to the proxy config file, the launcher will look in the current working directory for the file named `proxy.json`        

-== Proxy Configuration
+=== Proxy Configuration

 Here's an example configuration file. 
 [source]
@ -81,7 +81,7 @@ Here's an example configuration file.
 }
 ----        

-=== Basic Config
+==== Basic Config

 The basic configuration options for the server are as follows: 

@ -147,7 +147,7 @@ adapter-config::
  Same configuration as any other keycloak adapter.
  See <<_adapter_config,Adapter Config>>                                        

-==== Constraint Config
+===== Constraint Config

 Next under each application you can define one or more constraints in the `constraints` array attribute.
 A constraint defines a URL pattern relative to the base-path.
@ -182,7 +182,7 @@ permit-and-inject::
 authenticate::
  Require authentication for this pattern, but no role mapping. _OPTIONAL._.                 

-=== Header Names Config
+==== Header Names Config

 Next under the list of applications you can override the defaults for the names of the header fields injected by the proxy (see Keycloak Identity Headers). This mapping is optional. 

@ -206,7 +206,7 @@ keycloak-access-token::
  e.g.
  MYAPP_ACCESS_TOKEN             

-== Keycloak Identity Headers
+=== Keycloak Identity Headers

 When forwarding requests to the proxied server, Keycloak Proxy will set some additional headers with values from the OIDC identity token it received for authentication.