Add book-product.json and other fixes

This commit is contained in:
Stian Thorgersen 2016-06-10 08:59:58 +02:00
parent 087a4553c5
commit e7cba649a3
11 changed files with 60 additions and 66 deletions

View file

@ -1,10 +1,9 @@
Keycloak Server Administration Guide Documentation = Server Administration Guide
======================
image:images/keycloak_logo.png[alt="Keycloak"] image:images/keycloak_logo.png[alt="Keycloak"]
*Keycloak* _Documentation_ for {{book.versions.swarm}} {{book.project.name}} {{book.project.version}}
http://www.keycloak.org http://www.keycloak.org

35
book-product.json Normal file
View file

@ -0,0 +1,35 @@
{
"gitbook": "2.x.x",
"structure": {
"readme": "README.adoc"
},
"plugins": [
"toggle-chapters",
"ungrey",
"splitter"
],
"variables": {
"title": "Server Administration Guide",
"project": {
"name": "Red Hat Single Sign-On",
"version": "7.0.0"
},
"community": false,
"product": true,
"images": "rhsso-images",
"developerguide": {
"name": "Server Developer Guide",
"link": "https://access.qa.redhat.com/documentation/en/red-hat-single-sign-on/7.0.0/server-developer-guide/"
},
"installguide": {
"name": "Server Installation and Configuration Guide",
"link": "https://access.qa.redhat.com/documentation/en/red-hat-single-sign-on/7.0.0/server-installation-and-configuration-guide/"
},
"adapterguide": {
"name": "Securing Applications and Services Guide",
"link": "https://access.qa.redhat.com/documentation/en/red-hat-single-sign-on/7.0.0/securing-applications-and-services-guide/"
}
}
}

View file

@ -9,76 +9,27 @@
"splitter" "splitter"
], ],
"variables": { "variables": {
"title": "Keycloak Administration Guide", "title": "Server Administration Guide",
"project": {
"name": "Keycloak",
"version": "1.9.7.Final"
},
"community": true, "community": true,
"product": false, "product": false,
"images": "keycloak-images", "images": "keycloak-images",
"appserver": {
"name": "Wildfly",
"version": "10",
"admindoc": {
"name": "JBoss EAP Administration and Configuration Guide",
"link": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Administration_and_Configuration_Guide/"
},
"datasource": {
"name": "JBoss EAP Administration and Configuration Guide",
"link": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Administration_and_Configuration_Guide/chap-Datasource_Management.html"
},
"network": {
"name": "JBoss EAP Administration and Configuration Guide",
"link": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Administration_and_Configuration_Guide/chap-Network_and_Port_Configuration.html#Configure_interfaces"
},
"socket": {
"name": "JBoss EAP Administration and Configuration Guide",
"link": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Administration_and_Configuration_Guide/sect-Socket_Binding_Groups.html"
},
"loadbalancer": {
"name": "JBoss EAP Administration and Configuration Guide",
"link": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Administration_and_Configuration_Guide/sect-Web_HTTP_Connectors_and_HTTP_Clustering.html"
},
"jgroups": {
"name": "JBoss EAP Administration and Configuration Guide",
"link": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Administration_and_Configuration_Guide/sect-JGroups.html"
}
},
"caching": {
"name": "JBoss Data Grid",
"version": "???",
"admindoc": {
"name": "JBoss Data Grid Administration and Configuration Guide",
"link": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/6.6/html/Administration_and_Configuration_Guide/index.html",
"eviction": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/7.0/html/Administration_and_Configuration_Guide/sect-Eviction_Strategies.html"
}
},
"jpa": {
"name": "Hibernate",
"version": "???",
"admindoc": {
"name": "JBoss Development Guide",
"link": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Development_Guide/sect-Java_Persistence_API_JPA.html#sect-Configuration2"
}
},
"developerguide": { "developerguide": {
"name": "Server Developer Guide", "name": "Server Developer Guide",
"link": "https://keycloak.gitbooks.io/server-developer-guide/content/" "link": "https://keycloak.gitbooks.io/server-developer-guide/content/"
}, },
"adminguide": {
"name": "Server Administration Guide",
"link": "https://keycloak.gitbooks.io/server-adminstration-guide/content/"
},
"installguide": { "installguide": {
"name": "Server Installation and Configuration Guide", "name": "Server Installation and Configuration Guide",
"link": "https://keycloak.gitbooks.io/server-installation-and-configuration/content/" "link": "https://keycloak.gitbooks.io/server-installation-and-configuration/content/"
}, },
"adapterguide": { "adapterguide": {
"name": "Securing Client Applications Guide", "name": "Securing Applications and Services Guide",
"link": "https://keycloak.gitbooks.io/securing-client-applications-guide/content/" "link": "https://keycloak.gitbooks.io/securing-client-applications-guide/content/"
},
"project": {
"name": "Keycloak",
"version": "1.9.7.Final"
} }
} }
} }

7
build.sh Executable file
View file

@ -0,0 +1,7 @@
#!/bin/bash
cd $(readlink -f `dirname $0`)
python gitlab-conversion.py
cd target
asciidoctor master.adoc

View file

@ -42,6 +42,9 @@ if os.path.isdir('keycloak-images'):
if os.path.isdir('rhsso-images'): if os.path.isdir('rhsso-images'):
shutil.copytree('rhsso-images',os.path.join(targetdir, 'rhsso-images')) shutil.copytree('rhsso-images',os.path.join(targetdir, 'rhsso-images'))
shutil.copyfile('metadata.ini', os.path.join(targetdir, 'metadata.ini'));
shutil.copyfile('master-docinfo.xml', os.path.join(targetdir, 'master-docinfo.xml'));
tmp = os.path.join(targetdir, 'topics') tmp = os.path.join(targetdir, 'topics')
if not os.path.exists(tmp): if not os.path.exists(tmp):
os.makedirs(tmp) os.makedirs(tmp)
@ -67,8 +70,8 @@ input = re.sub(r"[ ]*\.+\s*link:(.*)\[(.*)\]", "include::\g<1>[]", input)
input = applyTransformation(input) input = applyTransformation(input)
output.write(input) output.write(input)
# parse book.json file and create document attributes # parse book-product.json file and create document attributes
with open('book.json') as data_file: with open('book-product.json') as data_file:
data = json.load(data_file) data = json.load(data_file)
variables = data['variables'] variables = data['variables']

View file

@ -23,7 +23,7 @@ The QR code you see in the screen shot can be scanned into the FreeOTP or Google
.OTP Authenticator .OTP Authenticator
image:../{{book.images}}/account-service-authenticator.png[] image:../{{book.images}}/account-service-authenticator.png[]
The `Federated Identity` menu item allows the user to link their account with an <<fake/../identity-broker.adoc#_identity-broker, identity broker>> (this is usually used to link social provier The `Federated Identity` menu item allows the user to link their account with an <<fake/../identity-broker.adoc#_identity_broker, identity broker>> (this is usually used to link social provier
accounts together). This will show the list of external identity providers you have configured for your realm. accounts together). This will show the list of external identity providers you have configured for your realm.
.Federated Identity .Federated Identity

View file

@ -1,5 +1,4 @@
[[_identity_broker]] [[_identity_broker]]
== Identity Brokering == Identity Brokering
An Identity Broker is an intermediary service that connects multiple service providers with different identity providers. An Identity Broker is an intermediary service that connects multiple service providers with different identity providers.

View file

@ -12,7 +12,7 @@ users in the realm by clicking the `Logout all` button on the right side of this
==== Logout All Limitations ==== Logout All Limitations
Any SSO cookies set will now be invalid and clients that request authentication in active browser sessions will now have to Any SSO cookies set will now be invalid and clients that request authentication in active browser sessions will now have to
re-login. Only certain clients are notified of this logout event, specifically clients that are using the {{book.projec.name}} re-login. Only certain clients are notified of this logout event, specifically clients that are using the {{book.project.name}}
OIDC client adapter. Other client types (i.e. SAML) will not receive a backchannel logout request. OIDC client adapter. Other client types (i.e. SAML) will not receive a backchannel logout request.
It is important to note that any outstanding access tokens are not revoked by clicking `Logout all`. They have to It is important to note that any outstanding access tokens are not revoked by clicking `Logout all`. They have to

View file

@ -26,5 +26,5 @@ Clients also need to have that role in their scope.
The client can request an offline token by adding the parameter `scope=offline_access` when sending authorization request to {{book.project.name}}. The client can request an offline token by adding the parameter `scope=offline_access` when sending authorization request to {{book.project.name}}.
The {{book.project.name}} OIDC client adapter automatically adds this parameter when you use it to access secured URL of your application (i.e. The {{book.project.name}} OIDC client adapter automatically adds this parameter when you use it to access secured URL of your application (i.e.
http://localhost:8080/customer-portal/secured?scope=offline_access ). The Direct Access Grant and Service Accounts also $$http://localhost:8080/customer-portal/secured?scope=offline_access$$). The Direct Access Grant and Service Accounts also
support offline tokens if you include `scope=offline_access` in the body of the authentication request. support offline tokens if you include `scope=offline_access` in the body of the authentication request.

View file

@ -90,7 +90,7 @@ More info together with example is in <<fake/../../clients/oidc/service-accounts
Here's a list of OIDC endpoints that the {{book.project.name}} publishes. These URLs are useful if you are using a non-{{book.project.name}} client adapter to Here's a list of OIDC endpoints that the {{book.project.name}} publishes. These URLs are useful if you are using a non-{{book.project.name}} client adapter to
talk OIDC with the auth server. These are all relative URLs and the root of the URL being the HTTP(S) protocol, hostname, and usually path prefixed with talk OIDC with the auth server. These are all relative URLs and the root of the URL being the HTTP(S) protocol, hostname, and usually path prefixed with
_/auth_: i.e. https://localhost:8080/auth _/auth_: i.e. $$https://localhost:8080/auth$$
/realms/\{realm-name}/protocol/openid-connect/token:: /realms/\{realm-name}/protocol/openid-connect/token::
This is the URL endpoint for obtaining a temporary code in the Authorization Code Flow or for obtaining tokens via the This is the URL endpoint for obtaining a temporary code in the Authorization Code Flow or for obtaining tokens via the

View file

@ -22,7 +22,7 @@ The downside of {{book.project.name}} brute force detection is that the server b
An attacker can simply try to guess passwords for as many accounts it knows and these account will be disabled. Eventually An attacker can simply try to guess passwords for as many accounts it knows and these account will be disabled. Eventually
Eventually we will expand this functionality to take client IP address into account when deciding whether to block a user. Eventually we will expand this functionality to take client IP address into account when deciding whether to block a user.
A better option might be a tool like http://fail2ban.org[Fail2Ban]. You can point this service at the {{book.project.name}} server's log file. A better option might be a tool like http://www.fail2ban.org[Fail2Ban]. You can point this service at the {{book.project.name}} server's log file.
{{book.project.name}} logs every login failure and client IP address that had the failure. Fail2Ban can be used to modify {{book.project.name}} logs every login failure and client IP address that had the failure. Fail2Ban can be used to modify
firewalls after it detects an attack to block connections from specific IP addresses. firewalls after it detects an attack to block connections from specific IP addresses.