Merge branch 'master' into KEYCLOAK-7020

2026-06-09 00:52:07 -04:00 · 2018-03-28 08:08:35 -05:00 · 2018-03-28 08:08:35 -05:00 · 35496e78a8
commit 35496e78a8
parent 8640764368 4fff06da89
16 changed files with 78 additions and 3 deletions
--- a/authorization_services/keycloak-images/resource/create.png
+++ b/authorization_services/keycloak-images/resource/create.png
--- a/authorization_services/rhsso-images/resource/create.png
+++ b/authorization_services/rhsso-images/resource/create.png
--- a/authorization_services/topics/policy-evaluation-api.adoc
+++ b/authorization_services/topics/policy-evaluation-api.adoc
@ -3,10 +3,10 @@

 When writing rule-based policies using JavaScript or JBoss Drools, {project_name} provides an Evaluation API that provides useful information to help determine whether a permission should be granted.

-This API consists of a few interfaces that provides you access to information such as:
+This API consists of a few interfaces that provide you access to information, such as

-* The permission being requested
-* The identity that is requesting the permission, from which you can obtain claims/attributes
+* The permission being evaluated, representing both the resource and scopes being requested.
+* The attributes associated with the resource being requested
 * Runtime environment and any other attribute associated with the execution context
 * Information about users such as group membership and roles

--- a/authorization_services/topics/resource-create.adoc
+++ b/authorization_services/topics/resource-create.adoc
@ -31,11 +31,20 @@ is usually the relative path used to serve these resources.
 +
 One or more scopes to associate with the resource.

+== Resource Attributes
+
+Resources may have attributes associated with them. These attributes can be used to provide additional information about
+a resource and to provide additional information to policies when evaluating permissions associated with a resource.
+
+Each attribute is a key and value pair where the value can be a set of one or many strings. Multiple values can be defined for an attribute by separating each value with a comma.
+
+
 == Typed Resources

 The type field of a resource can be used to group different resources together, so they can be protected using a common set of permissions.

 == Resource Owners
+
 Resources also have an owner. By default, resources are owned by the resource server.

 However, resources can also be associated with users, so you can create permissions based on the resource owner. For example, only the resource owner is allowed to delete or update a given resource.
--- a/server_admin/images/bitbucket-app-page.png
+++ b/server_admin/images/bitbucket-app-page.png
--- a/server_admin/images/bitbucket-developer-applications.png
+++ b/server_admin/images/bitbucket-developer-applications.png
--- a/server_admin/images/bitbucket-register-app.png
+++ b/server_admin/images/bitbucket-register-app.png
--- a/server_admin/images/gitlab-app-page.png
+++ b/server_admin/images/gitlab-app-page.png
--- a/server_admin/images/gitlab-developer-applications.png
+++ b/server_admin/images/gitlab-developer-applications.png
--- a/server_admin/keycloak-images/bitbucket-add-identity-provider.png
+++ b/server_admin/keycloak-images/bitbucket-add-identity-provider.png
--- a/server_admin/keycloak-images/gitlab-add-identity-provider.png
+++ b/server_admin/keycloak-images/gitlab-add-identity-provider.png
--- a/server_admin/rhsso-images/bitbucket-add-identity-provider.png
+++ b/server_admin/rhsso-images/bitbucket-add-identity-provider.png
--- a/server_admin/rhsso-images/gitlab-add-identity-provider.png
+++ b/server_admin/rhsso-images/gitlab-add-identity-provider.png
--- a/server_admin/topics.adoc
+++ b/server_admin/topics.adoc
@ -64,8 +64,10 @@ include::topics/identity-broker/overview.adoc[]
 include::topics/identity-broker/default-provider.adoc[]
 include::topics/identity-broker/configuration.adoc[]
 include::topics/identity-broker/social-login.adoc[]
+include::topics/identity-broker/social/bitbucket.adoc[]
 include::topics/identity-broker/social/facebook.adoc[]
 include::topics/identity-broker/social/github.adoc[]
+include::topics/identity-broker/social/gitlab.adoc[]
 include::topics/identity-broker/social/google.adoc[]
 include::topics/identity-broker/social/linked-in.adoc[]
 include::topics/identity-broker/social/microsoft.adoc[]
--- a/server_admin/topics/identity-broker/social/bitbucket.adoc
+++ b/server_admin/topics/identity-broker/social/bitbucket.adoc
@ -0,0 +1,35 @@
+==== Bitbucket
+There are a number of steps you have to complete to be able to login to Bitbucket.
+
+First, open the `Identity Providers` left menu item and select `Bitbucket` from the `Add provider` drop down list. This will bring you to the `Add identity provider` page.
+
+.Add Identity Provider
+image:{project_images}/bitbucket-add-identity-provider.png[]
+
+Before you can click `Save`, you must obtain a `Client ID` and `Client Secret` from Bitbucket.
+
+NOTE: You will the `Redirect URI` from this page in a later step, which you will provide to Bitbucket when you register {project_name} as a client there.
+
+.Add a New App
+To enable login with Bitbucket you must first register an application project in
+https://confluence.atlassian.com/bitbucket/oauth-on-bitbucket-cloud-238027431.html[OAuth on Bitbucket Cloud].
+
+NOTE: Bitbucket often changes the look and feel of application registration, so what you see on the Bitbucket site may differ. If in doubt, see the Bitbucket documentation.
+
+image:images/bitbucket-developer-applications.png[]
+
+Click the `Add consumer` button.
+
+.Register App
+image:images/bitbucket-register-app.png[]
+
+Copy the `Redirect URI` from the {project_name} `Add Identity Provider` page and enter it into the `Authorization callback URL` field on the Bitbucket `Register a new OAuth application` page.
+
+On the same page, mark the `Email` and `Read` boxes under `Account` to allow your application to read user email.
+
+.Bitbucket App Page
+image:images/bitbucket-app-page.png[]
+
+When you are done registering, click `Save`. This will open the application management page in Bitbucket. Find the client ID and secret from this page so you can enter them into the {project_name} `Add identity provider` page.
+
+To finish, return to {project_name} and enter them. Click `Save`.
--- a/server_admin/topics/identity-broker/social/gitlab.adoc
+++ b/server_admin/topics/identity-broker/social/gitlab.adoc
@ -0,0 +1,29 @@
+==== GitLab
+
+There are a number of steps you have to complete to be able to login to GitLab.
+
+First, go to the `Identity Providers` left menu item and select `GitLab` from the `Add provider` drop down list. This will bring you to the `Add identity provider` page.
+
+.Add Identity Provider
+image:{project_images}/gitlab-add-identity-provider.png[]
+
+Before you can click `Save`, you must obtain a `Client ID` and `Client Secret` from GitLab.
+
+NOTE: You will the `Redirect URI` from this page in a later step, which you will provide to GitLab when you register {project_name} as a client there.
+
+To enable login with GitLab you first have to register an application project in
+https://docs.gitlab.com/ee/integration/oauth_provider.html[GitLab as OAuth2 authentication service provider].
+
+NOTE: GitLab often changes the look and feel of application registration, so what you see on the GitLab site may differ. If in doubt, see the GitLab documentation.
+
+.Add a New App
+image:images/gitlab-developer-applications.png[]
+
+Copy the `Redirect URI` from the {project_name} `Add Identity Provider` page and enter it into the `Authorization callback URL` field on the GitLab `Register a new OAuth application` page.
+
+.GitLab App Page
+image:images/gitlab-app-page.png[]
+
+When you are done registering, click `Save application`. This will open the application management page in GitLab. Find the client ID and secret from this page so you can enter them into the {project_name} `Add identity provider` page.
+
+To finish, return to {project_name} and enter them. Click `Save`.