From e78628282a02f15b1c0dc4172c6f0174cbd3f6b3 Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Thu, 21 Apr 2016 10:26:04 -0400 Subject: [PATCH] more --- topics/cache.adoc | 8 ++++---- topics/clustering.adoc | 9 +++++---- topics/installation.adoc | 2 +- topics/installation/directory-structure.adoc | 2 +- .../installation/distribution-files-community.adoc | 2 +- .../installation/distribution-files-product.adoc | 2 +- topics/installation/system-requirements.adoc | 2 +- topics/openshift.adoc | 8 ++++---- topics/overview.adoc | 2 +- topics/preface.adoc | 3 +-- topics/proxy.adoc | 14 +++++++------- 11 files changed, 27 insertions(+), 27 deletions(-) diff --git a/topics/cache.adoc b/topics/cache.adoc index 02326fb3fc..c4e0293594 100755 --- a/topics/cache.adoc +++ b/topics/cache.adoc @@ -1,10 +1,10 @@ -= Server Cache +== Server Cache By default, Keycloak caches realm metadata and users. There are two separate caches, one for realm metadata (realm, application, client, roles, etc...) and one for users. These caches greatly improves the performance of the server. -== Eviction and Expiration +=== Eviction and Expiration By default the user cache contains a maximum of 10000 entries. This is not 10000 users, but 10000 entries in the cache. @@ -12,7 +12,7 @@ You can change the maximum number of entries by editing the server configuration Locate the element `cache-container name="keycloak"` and change the eviction policy for the `users` cache. For more information see https://docs.jboss.org/author/display/WFLY10/Infinispan+Subsystem[Infinispan Subsystem documentation]. -== Disabling Caches +=== Disabling Caches To disable the realm or user cache, you must edit the `keycloak-server.json` file in your distribution. Here's what the config looks like initially. @@ -51,7 +51,7 @@ To disable the cache set the enabled field to false for the cache you want to di }, ---- -== Clear Caches +=== Clear Caches To clear the realm or user cache, go to the Keycloak admin console Realm Settings->Cache Config page. On this page you can clear the realm cache or the user cache. diff --git a/topics/clustering.adoc b/topics/clustering.adoc index 2f644235dd..495b596536 100755 --- a/topics/clustering.adoc +++ b/topics/clustering.adoc @@ -1,4 +1,5 @@ [[_clustering]] +== Clustering Keycloak doesn't replicate realms and users, but instead relies on all nodes using the same database. This can be a relational database or Mongo. @@ -24,7 +25,7 @@ Typically you won't need to increase/decrease the default value, but just in cas ---- or similarly if you're using Mongo (just by replace `jpa` with `mongo`) -== Configure Infinispan +=== Configure Infinispan Keycloak uses http://www.infinispan.org/[Infinispan] caches to share information between nodes. @@ -56,7 +57,7 @@ For non-cluster configuration (server executed with `standalone.xml` ) is the in For cluster configuration, you can edit the configuration of `infinispan/Keycloak` container in `standalone/configuration/standalone-ha.xml` (or `standalone-keycloak-ha.xml` if you are using overlay or demo distribution) . -== Start in HA mode +=== Start in HA mode To start the server in HA mode, start it with: @@ -73,7 +74,7 @@ or if you are using overlay or demo distribution with: Alternatively you can copy `standalone/config/standalone-ha.xml` to `standalone/config/standalone.xml` to make it the default server config. -== Enabling cluster security +=== Enabling cluster security By default there's nothing to prevent unauthorized nodes from joining the cluster and sending potentially malicious messages to the cluster. However, as there's no sensitive data sent there's not much that can be achieved. @@ -133,7 +134,7 @@ Copy this keystore to all nodes (for example to standalone/configuration). Then ---- See the http://www.jgroups.org/manual/index.html#ENCRYPT[JGroups manual] for more details. -== Troubleshooting +=== Troubleshooting Note that when you run cluster, you should see message similar to this in the log of both cluster nodes: diff --git a/topics/installation.adoc b/topics/installation.adoc index 97769fdf49..a2f982f931 100755 --- a/topics/installation.adoc +++ b/topics/installation.adoc @@ -1,4 +1,4 @@ -= Installation +== Installation This chapter reviews what binaries you need to install to run the {{book.project.name}} Server on a specific machine. It describes the directory structure and files of the distribution. Finally, it describes how to install {{book.project.name}} diff --git a/topics/installation/directory-structure.adoc b/topics/installation/directory-structure.adoc index 99b074bffa..8185828180 100755 --- a/topics/installation/directory-structure.adoc +++ b/topics/installation/directory-structure.adoc @@ -1,4 +1,4 @@ -= Distribution Directory Structure +=== Distribution Directory Structure This chapter walks you through the directory structure of the server distribution. diff --git a/topics/installation/distribution-files-community.adoc b/topics/installation/distribution-files-community.adoc index 5fe3b8a7d3..34d2976175 100755 --- a/topics/installation/distribution-files-community.adoc +++ b/topics/installation/distribution-files-community.adoc @@ -1,4 +1,4 @@ -= Installing Distribution Files +=== Installing Distribution Files The Keycloak Server has three downloadable distributions: diff --git a/topics/installation/distribution-files-product.adoc b/topics/installation/distribution-files-product.adoc index 8608a574d8..c81e06ccff 100755 --- a/topics/installation/distribution-files-product.adoc +++ b/topics/installation/distribution-files-product.adoc @@ -1,4 +1,4 @@ -= Installing Distribution Files +=== Installing Distribution Files The Keycloak Server is contained in one distribution file: diff --git a/topics/installation/system-requirements.adoc b/topics/installation/system-requirements.adoc index 18c9abdcfd..bc3260f08e 100755 --- a/topics/installation/system-requirements.adoc +++ b/topics/installation/system-requirements.adoc @@ -1,4 +1,4 @@ -= System Requirements +=== System Requirements These are the requirements to run the {{book.project.name}} authentication server: diff --git a/topics/openshift.adoc b/topics/openshift.adoc index 690fc8b675..3213e02a42 100755 --- a/topics/openshift.adoc +++ b/topics/openshift.adoc @@ -1,6 +1,6 @@ [[_openshift]] -= Running Keycloak Server on OpenShift +== Running Keycloak Server on OpenShift Keycloak provides a OpenShift cartridge to make it easy to get it running on OpenShift. If you don't already have an account or don't know how to create applications go to https://www.openshift.com/ first. @@ -9,7 +9,7 @@ You can create the Keycloak instance either with the web tool or the command lin WARNING: It's important that immediately after creating a Keycloak instance you open the `Administration Console` and login to reset the password. If this is not done anyone can easily gain admin rights to your Keycloak instance. -== Create Keycloak instance with the web tool +=== Create Keycloak instance with the web tool . Open https://openshift.redhat.com/app/console/applications and click on `Add Application`. . Scroll down to the bottom of the page to find the `Code Anything` section. @@ -19,7 +19,7 @@ If this is not done anyone can easily gain admin rights to your Keycloak instanc . Under the list of applications you should find your Keycloak instance and the status should be `Started`. . Click on it to open the Keycloak servers homepage. -== Create Keycloak instance with the command-line tool +=== Create Keycloak instance with the command-line tool . Run the following command from a terminal: @@ -33,7 +33,7 @@ rhc app create http://cartreflect-claytondev.rhcloud.com/gith Once the instance is created the rhc tool outputs details about it. Open the returned `URL` in a browser to open the Keycloak servers homepage. -== Next steps +=== Next steps The Keycloak servers homepage shows the Keycloak logo and `Welcome to Keycloak`. There is also a link to the `Administration Console`. diff --git a/topics/overview.adoc b/topics/overview.adoc index 87ab32f51e..82e921621c 100755 --- a/topics/overview.adoc +++ b/topics/overview.adoc @@ -1,4 +1,4 @@ -= Guide Overview +== Guide Overview The purpose of this guide is to walk through the steps that need to be completed prior to booting up the {{book.project.name}} server for the first time. If you just want to test drive {{book.project.name}}, it pretty much runs out of the box with its diff --git a/topics/preface.adoc b/topics/preface.adoc index 302e9b41a0..5d4804787f 100755 --- a/topics/preface.adoc +++ b/topics/preface.adoc @@ -1,5 +1,5 @@ -= Preface +== Preface In some of the example listings, what is meant to be displayed on one line does not fit inside the available page width.These lines have been broken up. A '\' at the end of a line means that a break has been introduced to fit in the page, with the following lines indented. So: @@ -18,6 +18,5 @@ Let's pretend to have an extremely long line that does not fit This one is short ---- -Attributes from book.json? {book.project.name} diff --git a/topics/proxy.adoc b/topics/proxy.adoc index fc82e140af..9135b8f5f8 100755 --- a/topics/proxy.adoc +++ b/topics/proxy.adoc @@ -1,11 +1,11 @@ [[_proxy]] -= Keycloak Security Proxy +== Keycloak Security Proxy Keycloak has an HTTP(S) proxy that you can put in front of web applications and services where it is not possible to install the keycloak adapter. You can set up URL filters so that certain URLs are secured either by browser login and/or bearer token authentication. You can also define role constraints for URL patterns within your applications. -== Proxy Install and Run +=== Proxy Install and Run Download the keycloak proxy distribution from the Keycloak download pages and unzip it. [source] @@ -23,7 +23,7 @@ $ java -jar bin/launcher.jar [your-config.json] If you do not specify a path to the proxy config file, the launcher will look in the current working directory for the file named `proxy.json` -== Proxy Configuration +=== Proxy Configuration Here's an example configuration file. [source] @@ -81,7 +81,7 @@ Here's an example configuration file. } ---- -=== Basic Config +==== Basic Config The basic configuration options for the server are as follows: @@ -147,7 +147,7 @@ adapter-config:: Same configuration as any other keycloak adapter. See <<_adapter_config,Adapter Config>> -==== Constraint Config +===== Constraint Config Next under each application you can define one or more constraints in the `constraints` array attribute. A constraint defines a URL pattern relative to the base-path. @@ -182,7 +182,7 @@ permit-and-inject:: authenticate:: Require authentication for this pattern, but no role mapping. _OPTIONAL._. -=== Header Names Config +==== Header Names Config Next under the list of applications you can override the defaults for the names of the header fields injected by the proxy (see Keycloak Identity Headers). This mapping is optional. @@ -206,7 +206,7 @@ keycloak-access-token:: e.g. MYAPP_ACCESS_TOKEN -== Keycloak Identity Headers +=== Keycloak Identity Headers When forwarding requests to the proxied server, Keycloak Proxy will set some additional headers with values from the OIDC identity token it received for authentication.