SUMMARY.adoc

{{book.title}}

1. Overview

   1. Features

   2. How Does Security Work?

   3. Core Concepts and Terms

2. Server Initialization

3. Admin Console

   1. The Master Realm

   2. Creating a New Realm

   3. Realm SSL Mode

   4. Realm Key Pairs

   5. Clearing Server Caches

   6. Email Settings

   7. Themes and Internationalization

4. User Management

   1. Viewing Users

   2. Creating New Users

   3. User Attributes

   4. Credentials

   5. Required Actions

   6. Impersonation

   7. User Registration

      1. Recaptcha Support

5. Login Page Settings

   1. Forgot Password

   2. Remember Me

6. Authentication

   1. Password Policies

   2. OTP Policies

   3. Authentication Flows

   4. Kerberos

7. SSO Protocols

   1. OpenID Connect

   2. SAML

   3. OIDC vs. SAML

8. Managing Clients

   1. OIDC Clients

      1. Confidential Client Credentials

      2. Service Accounts

   2. SAML Clients

      1. IDP Initiated Login

      2. SAML Entity Descriptors {% if book.community %}

   3. Client Links {% endif %}

   4. Token and Assertion Mappings

   5. Generating Client Adapter Config

   6. Client Templates

9. Roles

   1. Realm Roles

   2. Client Roles

   3. Composite Roles

   4. User Role Mappings

      1. Default Roles

   5. Client Scope

10. Groups

    1. Groups Vs. Roles

    2. Default Groups

11. Admin Console Access Control and Permissions

    1. Master Realm

    2. Dedicated Realm Admin Consoles

12. Identity Brokering

    1. Brokering Overview

    2. General Configuration

    3. Social Login

       1. Google

       2. Facebook

       3. Twitter

       4. Github

       5. Linked-In

       6. Microsoft

       7. Stack Overflow

    4. OIDC Providers

    5. SAML Providers

    6. Client Suggested Identity Provider

    7. Mapping Claims and Assertions

    8. Available User Session Data

    9. First Login Flow

    10. Retrieving External IDP Tokens

13. User Session Management

    1. Administering Sessions

    2. Revocation Policies

    3. Session and Token Timeouts

    4. Offline Access

14. User Storage Federation

    1. LDAP/AD Integration {% if book.community %}

    2. Custom Providers {% endif %}

15. Auditing and Events

    1. Login Events

    2. Admin Events

16. Export and Import

17. User Account Service

18. Threat Model Mitigation

    1. Password Guess, Brute Force Attacks

    2. Clickjacking

    3. SSL/HTTPS Requirement

    4. CSRF

    5. Unspecific Redirect URIs

    6. Compromised Access and Refresh tokens

    7. Compromised Access Codes

    8. Open Redirectors

    9. Password database compromised

    10. Limiting Scope

    11. SQL Injection Attacks {% if book.community %}

19. Migration from older versions {% endif %}