Add book-product.json and other fixes
This commit is contained in:
parent
087a4553c5
commit
e7cba649a3
11 changed files with 60 additions and 66 deletions
|
@ -1,10 +1,9 @@
|
||||||
|
|
||||||
Keycloak Server Administration Guide Documentation
|
= Server Administration Guide
|
||||||
======================
|
|
||||||
|
|
||||||
image:images/keycloak_logo.png[alt="Keycloak"]
|
image:images/keycloak_logo.png[alt="Keycloak"]
|
||||||
|
|
||||||
*Keycloak* _Documentation_ for {{book.versions.swarm}}
|
{{book.project.name}} {{book.project.version}}
|
||||||
|
|
||||||
http://www.keycloak.org
|
http://www.keycloak.org
|
||||||
|
|
||||||
|
|
35
book-product.json
Normal file
35
book-product.json
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
{
|
||||||
|
"gitbook": "2.x.x",
|
||||||
|
"structure": {
|
||||||
|
"readme": "README.adoc"
|
||||||
|
},
|
||||||
|
"plugins": [
|
||||||
|
"toggle-chapters",
|
||||||
|
"ungrey",
|
||||||
|
"splitter"
|
||||||
|
],
|
||||||
|
"variables": {
|
||||||
|
"title": "Server Administration Guide",
|
||||||
|
"project": {
|
||||||
|
"name": "Red Hat Single Sign-On",
|
||||||
|
"version": "7.0.0"
|
||||||
|
},
|
||||||
|
"community": false,
|
||||||
|
"product": true,
|
||||||
|
"images": "rhsso-images",
|
||||||
|
|
||||||
|
"developerguide": {
|
||||||
|
"name": "Server Developer Guide",
|
||||||
|
"link": "https://access.qa.redhat.com/documentation/en/red-hat-single-sign-on/7.0.0/server-developer-guide/"
|
||||||
|
|
||||||
|
},
|
||||||
|
"installguide": {
|
||||||
|
"name": "Server Installation and Configuration Guide",
|
||||||
|
"link": "https://access.qa.redhat.com/documentation/en/red-hat-single-sign-on/7.0.0/server-installation-and-configuration-guide/"
|
||||||
|
},
|
||||||
|
"adapterguide": {
|
||||||
|
"name": "Securing Applications and Services Guide",
|
||||||
|
"link": "https://access.qa.redhat.com/documentation/en/red-hat-single-sign-on/7.0.0/securing-applications-and-services-guide/"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
61
book.json
61
book.json
|
@ -9,76 +9,27 @@
|
||||||
"splitter"
|
"splitter"
|
||||||
],
|
],
|
||||||
"variables": {
|
"variables": {
|
||||||
"title": "Keycloak Administration Guide",
|
"title": "Server Administration Guide",
|
||||||
|
"project": {
|
||||||
|
"name": "Keycloak",
|
||||||
|
"version": "1.9.7.Final"
|
||||||
|
},
|
||||||
"community": true,
|
"community": true,
|
||||||
"product": false,
|
"product": false,
|
||||||
"images": "keycloak-images",
|
"images": "keycloak-images",
|
||||||
"appserver": {
|
|
||||||
"name": "Wildfly",
|
|
||||||
"version": "10",
|
|
||||||
"admindoc": {
|
|
||||||
"name": "JBoss EAP Administration and Configuration Guide",
|
|
||||||
"link": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Administration_and_Configuration_Guide/"
|
|
||||||
},
|
|
||||||
"datasource": {
|
|
||||||
"name": "JBoss EAP Administration and Configuration Guide",
|
|
||||||
"link": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Administration_and_Configuration_Guide/chap-Datasource_Management.html"
|
|
||||||
},
|
|
||||||
"network": {
|
|
||||||
"name": "JBoss EAP Administration and Configuration Guide",
|
|
||||||
"link": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Administration_and_Configuration_Guide/chap-Network_and_Port_Configuration.html#Configure_interfaces"
|
|
||||||
},
|
|
||||||
"socket": {
|
|
||||||
"name": "JBoss EAP Administration and Configuration Guide",
|
|
||||||
"link": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Administration_and_Configuration_Guide/sect-Socket_Binding_Groups.html"
|
|
||||||
},
|
|
||||||
"loadbalancer": {
|
|
||||||
"name": "JBoss EAP Administration and Configuration Guide",
|
|
||||||
"link": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Administration_and_Configuration_Guide/sect-Web_HTTP_Connectors_and_HTTP_Clustering.html"
|
|
||||||
},
|
|
||||||
"jgroups": {
|
|
||||||
"name": "JBoss EAP Administration and Configuration Guide",
|
|
||||||
"link": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Administration_and_Configuration_Guide/sect-JGroups.html"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"caching": {
|
|
||||||
"name": "JBoss Data Grid",
|
|
||||||
"version": "???",
|
|
||||||
"admindoc": {
|
|
||||||
"name": "JBoss Data Grid Administration and Configuration Guide",
|
|
||||||
"link": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/6.6/html/Administration_and_Configuration_Guide/index.html",
|
|
||||||
"eviction": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/7.0/html/Administration_and_Configuration_Guide/sect-Eviction_Strategies.html"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"jpa": {
|
|
||||||
"name": "Hibernate",
|
|
||||||
"version": "???",
|
|
||||||
"admindoc": {
|
|
||||||
"name": "JBoss Development Guide",
|
|
||||||
"link": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Development_Guide/sect-Java_Persistence_API_JPA.html#sect-Configuration2"
|
|
||||||
}
|
|
||||||
|
|
||||||
},
|
|
||||||
"developerguide": {
|
"developerguide": {
|
||||||
"name": "Server Developer Guide",
|
"name": "Server Developer Guide",
|
||||||
"link": "https://keycloak.gitbooks.io/server-developer-guide/content/"
|
"link": "https://keycloak.gitbooks.io/server-developer-guide/content/"
|
||||||
|
|
||||||
},
|
},
|
||||||
"adminguide": {
|
|
||||||
"name": "Server Administration Guide",
|
|
||||||
"link": "https://keycloak.gitbooks.io/server-adminstration-guide/content/"
|
|
||||||
},
|
|
||||||
"installguide": {
|
"installguide": {
|
||||||
"name": "Server Installation and Configuration Guide",
|
"name": "Server Installation and Configuration Guide",
|
||||||
"link": "https://keycloak.gitbooks.io/server-installation-and-configuration/content/"
|
"link": "https://keycloak.gitbooks.io/server-installation-and-configuration/content/"
|
||||||
},
|
},
|
||||||
"adapterguide": {
|
"adapterguide": {
|
||||||
"name": "Securing Client Applications Guide",
|
"name": "Securing Applications and Services Guide",
|
||||||
"link": "https://keycloak.gitbooks.io/securing-client-applications-guide/content/"
|
"link": "https://keycloak.gitbooks.io/securing-client-applications-guide/content/"
|
||||||
},
|
|
||||||
"project": {
|
|
||||||
"name": "Keycloak",
|
|
||||||
"version": "1.9.7.Final"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
7
build.sh
Executable file
7
build.sh
Executable file
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
cd $(readlink -f `dirname $0`)
|
||||||
|
|
||||||
|
python gitlab-conversion.py
|
||||||
|
cd target
|
||||||
|
asciidoctor master.adoc
|
|
@ -42,6 +42,9 @@ if os.path.isdir('keycloak-images'):
|
||||||
if os.path.isdir('rhsso-images'):
|
if os.path.isdir('rhsso-images'):
|
||||||
shutil.copytree('rhsso-images',os.path.join(targetdir, 'rhsso-images'))
|
shutil.copytree('rhsso-images',os.path.join(targetdir, 'rhsso-images'))
|
||||||
|
|
||||||
|
shutil.copyfile('metadata.ini', os.path.join(targetdir, 'metadata.ini'));
|
||||||
|
shutil.copyfile('master-docinfo.xml', os.path.join(targetdir, 'master-docinfo.xml'));
|
||||||
|
|
||||||
tmp = os.path.join(targetdir, 'topics')
|
tmp = os.path.join(targetdir, 'topics')
|
||||||
if not os.path.exists(tmp):
|
if not os.path.exists(tmp):
|
||||||
os.makedirs(tmp)
|
os.makedirs(tmp)
|
||||||
|
@ -67,8 +70,8 @@ input = re.sub(r"[ ]*\.+\s*link:(.*)\[(.*)\]", "include::\g<1>[]", input)
|
||||||
input = applyTransformation(input)
|
input = applyTransformation(input)
|
||||||
output.write(input)
|
output.write(input)
|
||||||
|
|
||||||
# parse book.json file and create document attributes
|
# parse book-product.json file and create document attributes
|
||||||
with open('book.json') as data_file:
|
with open('book-product.json') as data_file:
|
||||||
data = json.load(data_file)
|
data = json.load(data_file)
|
||||||
|
|
||||||
variables = data['variables']
|
variables = data['variables']
|
||||||
|
|
|
@ -23,7 +23,7 @@ The QR code you see in the screen shot can be scanned into the FreeOTP or Google
|
||||||
.OTP Authenticator
|
.OTP Authenticator
|
||||||
image:../{{book.images}}/account-service-authenticator.png[]
|
image:../{{book.images}}/account-service-authenticator.png[]
|
||||||
|
|
||||||
The `Federated Identity` menu item allows the user to link their account with an <<fake/../identity-broker.adoc#_identity-broker, identity broker>> (this is usually used to link social provier
|
The `Federated Identity` menu item allows the user to link their account with an <<fake/../identity-broker.adoc#_identity_broker, identity broker>> (this is usually used to link social provier
|
||||||
accounts together). This will show the list of external identity providers you have configured for your realm.
|
accounts together). This will show the list of external identity providers you have configured for your realm.
|
||||||
|
|
||||||
.Federated Identity
|
.Federated Identity
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
[[_identity_broker]]
|
[[_identity_broker]]
|
||||||
|
|
||||||
== Identity Brokering
|
== Identity Brokering
|
||||||
|
|
||||||
An Identity Broker is an intermediary service that connects multiple service providers with different identity providers.
|
An Identity Broker is an intermediary service that connects multiple service providers with different identity providers.
|
||||||
|
|
|
@ -12,7 +12,7 @@ users in the realm by clicking the `Logout all` button on the right side of this
|
||||||
==== Logout All Limitations
|
==== Logout All Limitations
|
||||||
|
|
||||||
Any SSO cookies set will now be invalid and clients that request authentication in active browser sessions will now have to
|
Any SSO cookies set will now be invalid and clients that request authentication in active browser sessions will now have to
|
||||||
re-login. Only certain clients are notified of this logout event, specifically clients that are using the {{book.projec.name}}
|
re-login. Only certain clients are notified of this logout event, specifically clients that are using the {{book.project.name}}
|
||||||
OIDC client adapter. Other client types (i.e. SAML) will not receive a backchannel logout request.
|
OIDC client adapter. Other client types (i.e. SAML) will not receive a backchannel logout request.
|
||||||
|
|
||||||
It is important to note that any outstanding access tokens are not revoked by clicking `Logout all`. They have to
|
It is important to note that any outstanding access tokens are not revoked by clicking `Logout all`. They have to
|
||||||
|
|
|
@ -26,5 +26,5 @@ Clients also need to have that role in their scope.
|
||||||
|
|
||||||
The client can request an offline token by adding the parameter `scope=offline_access` when sending authorization request to {{book.project.name}}.
|
The client can request an offline token by adding the parameter `scope=offline_access` when sending authorization request to {{book.project.name}}.
|
||||||
The {{book.project.name}} OIDC client adapter automatically adds this parameter when you use it to access secured URL of your application (i.e.
|
The {{book.project.name}} OIDC client adapter automatically adds this parameter when you use it to access secured URL of your application (i.e.
|
||||||
http://localhost:8080/customer-portal/secured?scope=offline_access ). The Direct Access Grant and Service Accounts also
|
$$http://localhost:8080/customer-portal/secured?scope=offline_access$$). The Direct Access Grant and Service Accounts also
|
||||||
support offline tokens if you include `scope=offline_access` in the body of the authentication request.
|
support offline tokens if you include `scope=offline_access` in the body of the authentication request.
|
||||||
|
|
|
@ -90,7 +90,7 @@ More info together with example is in <<fake/../../clients/oidc/service-accounts
|
||||||
|
|
||||||
Here's a list of OIDC endpoints that the {{book.project.name}} publishes. These URLs are useful if you are using a non-{{book.project.name}} client adapter to
|
Here's a list of OIDC endpoints that the {{book.project.name}} publishes. These URLs are useful if you are using a non-{{book.project.name}} client adapter to
|
||||||
talk OIDC with the auth server. These are all relative URLs and the root of the URL being the HTTP(S) protocol, hostname, and usually path prefixed with
|
talk OIDC with the auth server. These are all relative URLs and the root of the URL being the HTTP(S) protocol, hostname, and usually path prefixed with
|
||||||
_/auth_: i.e. https://localhost:8080/auth
|
_/auth_: i.e. $$https://localhost:8080/auth$$
|
||||||
|
|
||||||
/realms/\{realm-name}/protocol/openid-connect/token::
|
/realms/\{realm-name}/protocol/openid-connect/token::
|
||||||
This is the URL endpoint for obtaining a temporary code in the Authorization Code Flow or for obtaining tokens via the
|
This is the URL endpoint for obtaining a temporary code in the Authorization Code Flow or for obtaining tokens via the
|
||||||
|
|
|
@ -22,7 +22,7 @@ The downside of {{book.project.name}} brute force detection is that the server b
|
||||||
An attacker can simply try to guess passwords for as many accounts it knows and these account will be disabled. Eventually
|
An attacker can simply try to guess passwords for as many accounts it knows and these account will be disabled. Eventually
|
||||||
Eventually we will expand this functionality to take client IP address into account when deciding whether to block a user.
|
Eventually we will expand this functionality to take client IP address into account when deciding whether to block a user.
|
||||||
|
|
||||||
A better option might be a tool like http://fail2ban.org[Fail2Ban]. You can point this service at the {{book.project.name}} server's log file.
|
A better option might be a tool like http://www.fail2ban.org[Fail2Ban]. You can point this service at the {{book.project.name}} server's log file.
|
||||||
{{book.project.name}} logs every login failure and client IP address that had the failure. Fail2Ban can be used to modify
|
{{book.project.name}} logs every login failure and client IP address that had the failure. Fail2Ban can be used to modify
|
||||||
firewalls after it detects an attack to block connections from specific IP addresses.
|
firewalls after it detects an attack to block connections from specific IP addresses.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue