Fix issues reported by asciidoctor-dita-vale (Configuring User Authentication) (#4175)

* Drop attributes from RH and RHEL links
* Drop non-critical additional references
* Update xrefs
* Split off procedures
* Other minor changes

---------

Co-authored-by: Maximilian Kolb <[email protected]>

Author: aneta-petrova

guides/common/assembly_accessing-server.adoc

@@ -5,7 +5,9 @@ include::modules/con_accessing-server.adoc[]
 include::modules/proc_logging-in-to-the-projectwebui.adoc[leveloffset=+1]
 
 ifdef::katello,orcharhino,satellite[]
-include::modules/proc_importing-the-katello-root-ca-certificate.adoc[leveloffset=+1]
+include::modules/proc_importing-the-katello-root-ca-certificate-using-web-ui.adoc[leveloffset=+1]
+
+include::modules/proc_importing-the-katello-root-ca-certificate-using-cli.adoc[leveloffset=+1]
 endif::[]
 
 include::modules/proc_resetting-the-administrative-user-password.adoc[leveloffset=+1]

guides/common/modules/con_configuring-an-ldap-server-as-an-external-identity-provider-for-project.adoc

@@ -2,9 +2,6 @@
 
 [id="configuring-an-ldap-server-as-an-external-identity-provider-for-project_{context}"]
 = Configuring an LDAP server as an external identity provider for {Project}
-[[Using_LDAP_satellite]]
-// Satellite web UI links to this section under the anchor Using_LDAP_satellite.
-// Adding a secondary ID ([[secondary_ID]]) ensures that the link does not break.
 
 Lightweight Directory Access Protocol (LDAP) is a set of open protocols used to access centrally stored information over a network.
 With {Project}, you can use one or multiple LDAP directories for external authentication.
@@ -13,7 +10,7 @@ With {Project}, you can use one or multiple LDAP directories for external authen
 ====
 While you can configure the LDAP server integrated with {FreeIPA} as an external authentication source, {FreeIPA} users will not be able to log in by using single sign-on.
 Instead, consider configuring {FreeIPA} as an external identity provider.
-For more information, see xref:configuring-kerberos-sso-with-{FreeIPA-context}-in-{project-context}[].
+For more information, see xref:common/modules/con_configuring-kerberos-sso-with-freeipa-in-project.adoc#configuring-kerberos-sso-with-{FreeIPA-context}-in-{project-context}[].
 ====
 
 [IMPORTANT]

guides/common/modules/con_configuring-kerberos-sso-for-active-directory-users-in-project.adoc

@@ -17,9 +17,9 @@ You can also connect your {Project} deployment to AD in the following ways:
 
 * By using indirect AD integration.
 With indirect integration, your {ProjectServer} is connected to a {FreeIPA} server which is then connected to AD.
-For more information, see xref:configuring-kerberos-sso-with-{FreeIPA-context}-in-{project-context}[].
+For more information, see xref:common/modules/con_configuring-kerberos-sso-with-freeipa-in-project.adoc#configuring-kerberos-sso-with-{FreeIPA-context}-in-{project-context}[].
 * By attaching the LDAP server of the AD domain as an external authentication source with no single sign-on support.
-For more information, see xref:configuring-an-ldap-server-as-an-external-identity-provider-for-project_{context}[].
+For more information, see xref:common/modules/con_configuring-an-ldap-server-as-an-external-identity-provider-for-project.adoc#configuring-an-ldap-server-as-an-external-identity-provider-for-project_{context}[].
 ifndef::orcharhino[]
 For an example configuration, see https://access.redhat.com/solutions/1498773[How to configure Active Directory authentication with TLS on {Project}].
 endif::[]

guides/common/modules/con_configuring-kerberos-sso-with-freeipa-in-project.adoc

@@ -17,5 +17,5 @@ If cross-forest trust is configured between {FreeIPA} and Active{nbsp}Directory,
 When cross-forest trust is configured between {FreeIPA} and Active{nbsp}Directory, Active{nbsp}Directory users can log in to {Project} with their user principal name (UPN) and password.
 
 ifndef::orcharhino[]
-For information about {FreeIPA}, including its cross-forest trust functionality, see link:{RHELDocsBaseURL}9/html/planning_identity_management/index[{RHEL}{nbsp}9 _Planning Identity Management_] and link:{RHELDocsBaseURL}9/html/installing_identity_management/index[{RHEL}{nbsp}9 _Installing Identity Management_].
+For information about {FreeIPA}, including its cross-forest trust functionality, see link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/planning_identity_management/index[{RHEL}{nbsp}9 _Planning Identity Management_] and link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/installing_identity_management/index[{RHEL}{nbsp}9 _Installing Identity Management_].
 endif::[]

guides/common/modules/con_configuring-sso-and-2fa-with-keycloak-quarkus-in-project.adoc

@@ -22,7 +22,7 @@ ifndef::satellite,orcharhino[]
 endif::[]
 
 ifdef::satellite[]
-For information about {RHBK}, see link:{RHDocsBaseURL}red_hat_build_of_keycloak[{RHBK} documentation].
+For information about {RHBK}, see link:https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak[{RHBK} documentation].
 endif::[]
 ifndef::satellite[]
 For information about {keycloak}, see link:https://www.keycloak.org/documentation[{keycloak} documentation].

guides/common/modules/con_configuring-sso-and-2fa-with-keycloak-wildfly-in-project.adoc

@@ -12,7 +12,7 @@ ifndef::satellite[]
 The default {keycloak} distribution is now based on Quarkus.
 
 {keycloak-quarkus} replaces {keycloak-wildfly} in {Project} deployments.
-For information about configuring {keycloak-quarkus} authentication, see xref:configuring-sso-and-2fa-with-keycloak-in-project_keycloak-quarkus[].
+For information about configuring {keycloak-quarkus} authentication, see xref:common/modules/con_configuring-sso-and-2fa-with-keycloak-quarkus-in-project.adoc#configuring-sso-and-2fa-with-keycloak-in-project_keycloak-quarkus[].
 
 For information about migrating from {keycloak-wildfly} to {keycloak-quarkus}, see link:https://www.keycloak.org/migration/migrating-to-quarkus[Migrating to Quarkus distribution].
 ====
@@ -22,9 +22,9 @@ ifdef::satellite[]
 ====
 The {keycloak-wildfly}{nbsp}7 product family has reached End of Full Support.
 Use {keycloak-quarkus} instead in your {Project} deployments.
-For information about configuring {keycloak-quarkus} authentication, see xref:configuring-sso-and-2fa-with-keycloak-in-project_keycloak-quarkus[].
+For information about configuring {keycloak-quarkus} authentication, see xref:common/modules/con_configuring-sso-and-2fa-with-keycloak-quarkus-in-project.adoc#configuring-sso-and-2fa-with-keycloak-in-project_keycloak-quarkus[].
 
-For information about migrating from {keycloak-wildfly} to {keycloak-quarkus}, see link:{RHDocsBaseURL}red_hat_build_of_keycloak/26.0[documentation for {keycloak-quarkus}].
+For information about migrating from {keycloak-wildfly} to {keycloak-quarkus}, see link:https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/26.0[documentation for {keycloak-quarkus}].
 ====
 endif::[]
 
@@ -47,5 +47,5 @@ ifndef::satellite,orcharhino[]
 endif::[]
 
 ifdef::satellite[]
-For information about {RHSSO}, see link:{RHDocsBaseURL}red_hat_single_sign-on[{RHSSO} documentation].
+For information about {RHSSO}, see link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on[{RHSSO} documentation].
 endif::[]

guides/common/modules/con_prerequisites-for-configuring-project-with-keycloak-quarkus-authentication.adoc

@@ -26,7 +26,7 @@ On the {keycloak} side, ensure you meet the following requirements:
 To access a {keycloak} server initialized with `--http-relative-path=/auth` from its web UI, go to `https://_{keycloak-example-com}_:8443/auth`.
 ** If you want to use a different context path, make manual adjustments after the initialization with `/auth` or configure the `_foreman-openidc_oidc_keycloak_Foreman_Realm_.conf` file of the HTTPd service manually.
 ifndef::orcharhino[]
-For more information about configuring a different context path, see the {RHDocsBaseURL}red_hat_build_of_keycloak/24.0/html-single/server_guide/index#reverseproxy-different-context-path-on-reverse-proxy[_{RHBK} Administration Guide_].
+For more information about configuring a different context path, see the https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/24.0/html-single/server_guide/index#reverseproxy-different-context-path-on-reverse-proxy[_{RHBK} Administration Guide_].
 endif::[]
 * If `keycloak-httpd-client-install` version 1.3 or later is installed, your {keycloak} server does not need to be initialized with the `--http-relative-path=/auth` context path.
 * Your {keycloak} server uses HTTPS instead of HTTP.
@@ -35,5 +35,5 @@ endif::[]
 * A realm is created on the {keycloak} server for {Project} user accounts, for example `_{Project}_Realm_`.
 * User accounts have been imported or added to {keycloak}.
 ifndef::orcharhino[]
-For more information on importing or creating users, see the {RHDocsBaseURL}red_hat_build_of_keycloak/24.0/html/server_administration_guide/user-storage-federation[_{RHBK} Administration Guide_].
+For more information on importing or creating users, see the https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/24.0/html/server_administration_guide/user-storage-federation[_{RHBK} Administration Guide_].
 endif::[]

guides/common/modules/con_prerequisites-for-configuring-project-with-keycloak-wildfly-authentication.adoc

@@ -21,5 +21,5 @@ On the {keycloak} side, ensure you meet the following requirements:
 * A realm is created on the {keycloak} server for {Project} user accounts, for example `_{Project}_Realm_`.
 * User accounts have been imported or added to {keycloak}.
 ifndef::orcharhino[]
-For more information about importing or creating users, see the {RHDocsBaseURL}red_hat_single_sign-on/7.6/html/server_administration_guide/assembly-managing-users_server_administration_guide#proc-creating-user_server_administration_guide[_{RHSSO} Server Administration Guide_].
+For more information about importing or creating users, see the https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html/server_administration_guide/assembly-managing-users_server_administration_guide#proc-creating-user_server_administration_guide[_{RHSSO} Server Administration Guide_].
 endif::[]

guides/common/modules/proc_adding-a-remote-console-connection-for-a-host-on-proxmox.adoc

@@ -57,7 +57,7 @@ ifndef::foreman-deb[]
 endif::[]
 ifdef::katello,satellite,orcharhino[]
 . If you use a {customssl} certificate, import the SSL certificate from {ProjectServer} into your browser.
-For more information, see {ConfiguringUserAuthenticationDocURL}importing-the-katello-root-ca-certificate[Importing the Katello root CA certificate] in _{ConfiguringUserAuthenticationDocTitle}_.
+For more information, see {ConfiguringUserAuthenticationDocURL}importing-the-katello-root-ca-certificate-using-{project-context}-web-ui[Importing the Katello root CA certificate using {ProjectWebUI}] in _{ConfiguringUserAuthenticationDocTitle}_.
 +
 The remote console connection to your host will fail if you choose to temporarily accept not checking the certificates in your browser.
 endif::[]

guides/common/modules/proc_configuring-a-cross-forest-trust-between-freeipa-and-active-directory-for-project.adoc

@@ -7,20 +7,16 @@ When your {FreeIPA} deployment includes a cross-forest trust with Active Directo
 
 .Prerequisites
 * An existing {FreeIPA} server with a cross-forest trust with AD established.
-For more information, see link:{RHELDocsBaseURL}9/html/installing_trust_between_idm_and_ad[{RHEL}{nbsp}9 _Installing trust between IdM and AD_].
+For more information, see link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/installing_trust_between_idm_and_ad[{RHEL}{nbsp}9 _Installing trust between IdM and AD_].
 
 .Procedure
-
-On your {FreeIPA} server:
-
-. Enable HBAC:
-.. Create an external group and add the AD group to it.
-.. Add the new external group to a POSIX group.
-.. Use the POSIX group in a HBAC rule.
-
-On your {FreeIPA} server and all replicas in your {FreeIPA} topology, configure SSSD to transfer additional attributes of AD users:
-
-. Add the AD user attributes to the _nss_ and _domain_ sections in `/etc/sssd/sssd.conf`.
+. On your {FreeIPA} server:
+.. Enable HBAC:
+... Create an external group and add the AD group to it.
+... Add the new external group to a POSIX group.
+... Use the POSIX group in a HBAC rule.
+. On your {FreeIPA} server and all replicas in your {FreeIPA} topology, configure SSSD to transfer additional attributes of AD users:
+.. Add the AD user attributes to the _nss_ and _domain_ sections in `/etc/sssd/sssd.conf`.
 For example:
 +
 [options="nowrap", subs="+quotes,verbatim,attributes"]
@@ -37,26 +33,26 @@ user_attributes=+email, +firstname, +lastname
 allowed_uids = ipaapi, root
 user_attributes=+email, +firstname, +lastname
 ----
-. Clear the SSSD cache:
-.. Stop SSSD:
+.. Clear the SSSD cache:
+... Stop SSSD:
 +
 [options="nowrap", subs="+quotes,verbatim,attributes"]
 ----
 # systemctl stop sssd
 ----
-.. Clear the cache:
+... Clear the cache:
 +
 [options="nowrap", subs="+quotes,verbatim,attributes"]
 ----
 # sss_cache -E
 ----
-.. Start SSSD:
+... Start SSSD:
 +
 [options="nowrap", subs="+quotes,verbatim,attributes"]
 ----
 # systemctl start sssd
 ----
-. Verify the AD attributes value by using the `dbus-send` command on your {ProjectServer} and on your {FreeIPA} server.
+.. Verify the AD attributes value by using the `dbus-send` command on your {ProjectServer} and on your {FreeIPA} server.
 Make sure that both outputs match.
 +
 [options="nowrap", subs="+quotes,verbatim,attributes"]