RHBK v24 support for RHDH 1.4

Author: hmanwani-rh

artifacts/attributes.adoc

@@ -35,6 +35,8 @@
 :openshift-cli: pass:quotes[OpenShift CLI (`oc`)]
 :rhsso-brand-name: Red Hat Single-Sign On
 :rhsso: RHSSO
+:rhbk-brand-name: Red Hat Build of Keycloak
+:rhbk: RHBK
 
 // Partner Platforms
 :aws-brand-name: Amazon Web Services

assemblies/assembly-authenticating-with-rhbk.adoc

@@ -0,0 +1,13 @@
+[id="assembly-authenticating-with-rhbk"]
+= Authenticating with {rhbk-brand-name} ({rhbk})
+
+To authenticate users with {rhbk-brand-name} ({rhbk}):
+
+. xref:enabling-authentication-with-rhbk[Enable the OpenID Connect (OIDC) authentication provider in RHDH].
+. xref:provisioning-users-from-rhbk-to-the-software-catalog[Provision users from {rhbk-brand-name} ({rhbk}) to the software catalog].
+
+include::modules/authentication/proc-enabling-authentication-with-rhbk.adoc[leveloffset=+1]
+
+include::modules/authentication/proc-provisioning-users-from-rhbk-to-the-software-catalog.adoc[leveloffset=+1]
+
+include::modules/authentication/proc-creating-a-custom-transformer-to-provision-users-from-rhbk-to-the-software-catalog.adoc[leveloffset=+1]

assemblies/assembly-authenticating-with-rhsso.adoc

@@ -53,7 +53,7 @@ Therefore, deleting users and groups by using {product-short} Web UI or REST API
 include::assembly-authenticating-with-the-guest-user.adoc[leveloffset=+1]
 
 
-include::assembly-authenticating-with-rhsso.adoc[leveloffset=+1]
+include::assembly-authenticating-with-rhbk.adoc[leveloffset=+1]
 
 
 include::assembly-authenticating-with-github.adoc[leveloffset=+1]

assemblies/assembly-enabling-authentication.adoc

@@ -1,10 +1,10 @@
-[id="creating-a-custom-transformer-to-provision-users-from-rhsso-to-the-software-catalog"]
-= Creating a custom transformer to provision users from {rhsso-brand-name} ({rhsso}) to the software catalog
+[id="creating-a-custom-transformer-to-provision-users-from-rhbk-to-the-software-catalog"]
+= Creating a custom transformer to provision users from {rhbk-brand-name} ({rhbk}) to the software catalog
 
-To customize how {rhsso} users and groups are mapped to {product} entities, you can create a backend module that uses the `keycloakTransformerExtensionPoint` to provide custom user and group transformers for the Keycloak backend.
+To customize how {rhbk} users and groups are mapped to {product} entities, you can create a backend module that uses the `keycloakTransformerExtensionPoint` to provide custom user and group transformers for the Keycloak backend.
 
 .Prerequisites
-* You have xref:provisioning-users-from-rhsso-to-the-software-catalog[enabled provisioning users from {rhsso-brand-name} ({rhsso}) to the software catalog].
+* You have xref:provisioning-users-from-rhbk-to-the-software-catalog[enabled provisioning users from {rhbk-brand-name} ({rhbk}) to the software catalog].
 
 .Procedure
 . Create a new backend module with the `yarn new` command.
@@ -85,8 +85,8 @@ Check the console logs to verify that the synchronization is completed.
 
 * After the first import is complete, navigate to the *Catalog* page and select **User** to view the list of users.
 
-* When you select a user, you see the information imported from {rhsso}.
+* When you select a user, you see the information imported from {rhbk}.
 
-* You can select a group, view the list, and access or review the information imported from {rhsso}.
+* You can select a group, view the list, and access or review the information imported from {rhbk}.
 
-* You can log in with an {rhsso} account.
+* You can log in with an {rhbk} account.

modules/authentication/proc-creating-a-custom-transformer-to-provision-users-from-rhsso-to-the-software-catalog.adoc renamed to modules/authentication/proc-creating-a-custom-transformer-to-provision-users-from-rhbk-to-the-software-catalog.adoc

@@ -1,45 +1,45 @@
-[id="enabling-authentication-with-rhsso"]
-= Enabling authentication with {rhsso-brand-name} ({rhsso})
+[id="enabling-authentication-with-rhbk"]
+= Enabling authentication with {rhbk-brand-name} ({rhbk})
 
-To authenticate users with Red Hat Single Sign-On ({rhsso}), enable the OpenID Connect (OIDC) authentication provider in {product}.
+To authenticate users with {rhbk-brand-name} ({rhbk}), enable the OpenID Connect (OIDC) authentication provider in {product}.
 
 
 .Prerequisites
 * You link:https://docs.redhat.com/en/documentation/red_hat_developer_hub/{product-version}/html/administration_guide_for_red_hat_developer_hub/assembly-add-custom-app-file-openshift_admin-rhdh[added a custom {product-short} application configuration], and have sufficient permissions to modify it.
-* You have sufficient permissions in {rhsso} to create and manage a realm.
+* You have sufficient permissions in {rhbk} to create and manage a realm.
 
 .Procedure
-. To allow {product-short} to authenticate with {rhsso}, complete the steps in {rhsso}, to link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#realms-apps_[create a realm and a user] and link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#registering-app_[register the {product-short} application]:
+. To allow {product-short} to authenticate with {rhbk}, complete the steps in {rhbk}, to link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#realms-apps_[create a realm and a user] and link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#registering-app_[register the {product-short} application]:
 
 .. Use an existing realm, or link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#create-realm_[create a realm], with a distinctive **Name** such as __<my_realm>__.
 Save the value for the next step:
-* **{rhsso} realm base URL**, such as: __<your_rhsso_URL>__/auth/realms/__<your_realm>__.
+* **{rhbk} realm base URL**, such as: __<your_rhbk_URL>__/realms/__<your_realm>__.
 
-.. To register your {product-short} in {rhsso}, in the created realm, link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#registering-app_[create a Client ID], with:
+.. To register your {product-short} in {rhbk}, in the created realm, link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#registering-app_[create a Client ID], with:
 ... **Client ID**: A distinctive client ID, such as __<{product-very-short}>__.
 ... **Valid redirect URIs**: Set to the OIDC handler URL: `https://__<RHDH_URL>__/api/auth/oidc/handler/frame`.
 ... Navigate to the **Credentials** tab and copy the **Client secret**.
 ... Save the values for the next step:
 * **Client ID**
 * **Client Secret**
 
-.. Configure your {rhsso} realm for performance and security:
+.. Configure your {rhbk} realm for performance and security:
 ... Navigate to the **Configure** > **Realm Settings**.
 ... Set the **Access Token Lifespan** to a value greater than five minutes (preferably 10 or 15 minutes) to prevent performance issues from frequent refresh token requests for every API call.
 ... Enable the **Revoke Refresh Token** option to improve security by enabling the refresh token rotation strategy.
 
 .. To prepare for the verification steps, in the same realm, get the credential information for an existing user or link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#create-user_[create a user]. Save the user credential information for the verification steps.
 
-. To add your {rhsso} credentials to your {product-short} secrets, edit your {product-short} secrets, such as `secrets-rhdh`, and add the following key/value pairs:
+. To add your {rhbk} credentials to your {product-short} secrets, edit your {product-short} secrets, such as `secrets-rhdh`, and add the following key/value pairs:
 +
 `AUTH_OIDC_CLIENT_ID`:: Enter the saved **Client ID**.
 `AUTH_OIDC_CLIENT_SECRET`:: Enter the saved **Client Secret**.
-`AUTH_OIDC_METADATA_URL`:: Enter the saved **{rhsso} realm base URL**.
+`AUTH_OIDC_METADATA_URL`:: Enter the saved **{rhbk} realm base URL**.
 
-. To set up the {rhsso} authentication provider in your {product-short} custom configuration, edit your custom {product-short} ConfigMap such as `app-config-rhdh`, and add the following lines to the `app-config-rhdh.yaml` content:
+. To set up the {rhbk} authentication provider in your {product-short} custom configuration, edit your custom {product-short} ConfigMap such as `app-config-rhdh`, and add the following lines to the `app-config-rhdh.yaml` content:
 +
 --
-.`app-config-rhdh.yaml` fragment with mandatory fields to enable authentication with {rhsso}
+.`app-config-rhdh.yaml` fragment with mandatory fields to enable authentication with {rhbk}
 [source,yaml]
 ----
 auth:
@@ -90,7 +90,7 @@ dangerouslyAllowSignInWithoutUserInCatalog: true
 
 `callbackUrl`::
 --
-{rhsso} callback URL.
+{rhbk} callback URL.
 
 .`app-config-rhdh.yaml` fragment with optional `callbackURL` field
 [source,yaml]
@@ -135,7 +135,7 @@ auth:
 
 `scope`::
 --
-{rhsso} scope.
+{rhbk} scope.
 
 .`app-config-rhdh.yaml` fragment with optional `scope` field
 [source,yaml]

modules/authentication/proc-enabling-authentication-with-rhsso.adoc renamed to modules/authentication/proc-enabling-authentication-with-rhbk.adoc

@@ -1,12 +1,12 @@
-[id="provisioning-users-from-rhsso-to-the-software-catalog"]
-= Provisioning users from {rhsso-brand-name} ({rhsso}) to the software catalog
+[id="provisioning-users-from-rhbk-to-the-software-catalog"]
+= Provisioning users from {rhbk-brand-name} ({rhbk}) to the software catalog
 
 .Prerequisites
-* You xref:enabling-authentication-with-rhsso[enabled authentication with {rhsso}].
+* You xref:enabling-authentication-with-rhbk[enabled authentication with {rhbk}].
 
 .Procedure
 
-* To enable {rhsso} member discovery, edit your custom {product-short} ConfigMap, such as `app-config-rhdh`, and add the following lines to the `app-config-rhdh.yaml` content:
+* To enable {rhbk} member discovery, edit your custom {product-short} ConfigMap, such as `app-config-rhdh`, and add the following lines to the `app-config-rhdh.yaml` content:
 +
 --
 [id=keycloakOrgProviderId]
@@ -27,13 +27,13 @@ catalog:
  Allow authentication only for users present in the {product-short} software catalog.
 
 `baseUrl`::
-Your {rhsso} server URL, defined when xref:enabling-authentication-with-rhsso[enabling authentication with {rhsso}].
+Your {rhbk} server URL, defined when xref:enabling-authentication-with-rhbk[enabling authentication with {rhbk}].
 
 `clientId`::
-Your {product-short} application client ID in {rhsso}, defined when xref:enabling-authentication-with-rhsso[enabling authentication with {rhsso}].
+Your {product-short} application client ID in {rhbk}, defined when xref:enabling-authentication-with-rhbk[enabling authentication with {rhbk}].
 
 `clientSecret`::
-Your {product-short} application client secret in {rhsso}, defined when xref:enabling-authentication-with-rhsso[enabling authentication with {rhsso}].
+Your {product-short} application client secret in {rhbk}, defined when xref:enabling-authentication-with-rhbk[enabling authentication with {rhbk}].
 
 Optional: Consider adding the following optional fields:
 
@@ -150,4 +150,4 @@ catalog:
 {"class":"KeycloakOrgEntityProvider","level":"info","message":"Committed 3 Keycloak users and 2 Keycloak groups in 0.0 seconds.","plugin":"catalog","service":"backstage","taskId":"KeycloakOrgEntityProvider:default:refresh","taskInstanceId":"bf0467ff-8ac4-4702-911c-380270e44dea","timestamp":"2024-09-25 13:58:04"}
 ----
 
-. Log in with an {rhsso} account.
+. Log in with an {rhbk} account.