[ci skip] Autodoc commit for da10f1ba684d82d51c91550a62f2c694f025bb1d.

latest/_sources/authentication/tutorial-oidc-keycloak-rhel7/configure-cilogon.rst.txt

@@ -5,7 +5,7 @@ Configure Keycloak with CILogon
 
 We will now use Keycloak's admin Web UI to setup the ability to log existing users in with CILogon.
 
-When a user logs in with CILogon for the first time they will be redirected back to Keycloak to log in with their local (ie LDAP)
+When a user logs in with CILogon for the first time they will be redirected back to Keycloak to log in with their local (i.e., LDAP)
 credentials. This performs a mapping of their CILogon identity with their Keycloak identity.
 
 .. warning::
@@ -18,11 +18,11 @@ Register your Keycloak instance with CILogon
 
 #. Go to ``https://cilogon.org/oauth2/register`` and fill out the form
 
-  #. The Home URL will be the base URL of your Keycloak instance, eg: ``https://ondemand-idpdev.hpc.osc.edu``.
+  #. The Home URL will be the base URL of your Keycloak instance, e.g.: ``https://ondemand-idpdev.hpc.osc.edu``.
   #. The callback URL will be ``https://ondemand-idpdev.hpc.osc.edu/auth/realms/<REALM>/broker/cilogon/endpoint``.
      Replace ``https://ondemand-idpdev.hpc.osc.edu`` with your Keycloak instance
   #. The box for "Is this a public client?" should not be checked
-  #. For "Scopes" be sure to check "profile" and "org.cilogon.userinfo"
+  #. For "Scopes" be sure to check ``profile`` and ``org.cilogon.userinfo``
 
 You will be provided a Client ID and a Client Secret, be sure to save these values.
 Your registered client will not be usable until you receive an email from CILogon stating your client has been approved.
@@ -36,7 +36,7 @@ Add the CILogon Identity Provider
 #. Select the "Add provider..." drop down and choose "OpenID Connect v1.0"
 #. Fill in the fields as noted below
 
-   #. Alias: cilogon (This must be cilogon as this alias is used in the callback URL)
+   #. Alias: ``cilogon`` (This must be ``cilogon`` as this alias is used in the callback URL)
    #. Display Name: CILogon
    #. Enabled: ON
    #. First Login Flow: browser
@@ -46,7 +46,7 @@ Add the CILogon Identity Provider
    #. Client Authentication: Client secret sent as post
    #. Client ID: <Client ID provided by CILogon at registration>
    #. Client Secret: <Client Secret provided by CILogon at registration>
-   #. Default Scopes: "openid profile org.cilogon.userinfo"
+   #. Default Scopes: ``openid profile org.cilogon.userinfo``
 
 #. Click "Save"
 
@@ -56,7 +56,7 @@ Support users removing CILogon mappings
 In order for a user to remove an existing CILogon mapping in Keycloak they must navigate to ``https://ondemand-idpdev.hpc.osc.edu/auth/realms/<REALM>/account/identity``.
 Replace ``ondemand-idpdev.hpc.osc.edu`` with the web URL for your Keycloak instance.
 
-The URL can be added to the OnDemand Help dropdown with custom text to make it easier for users to access their Keycloak identity page.
+The URL can be added to the OnDemand Help drop-down with custom text to make it easier for users to access their Keycloak identity page.
 
 #. Add ``OOD_DASHBOARD_HELP_CUSTOM_URL`` to ``/etc/ood/config/apps/dashboard/env`` that points to the URL of the identity page for your Keycloak instance.
    Example: ``https://ondemand-idpdev.hpc.osc.edu/auth/realms/osc/account/identity``

latest/_sources/authentication/tutorial-oidc-keycloak-rhel7/configure-keycloak-webui.rst.txt

@@ -23,16 +23,16 @@ Configure LDAP
 ------------------------------------------
 
 #. Choose User Federation on the left (verify ondemand realm is current realm)
-#. Select "ldap" for provider
+#. Select ``ldap`` for provider
 
    #. Import Users set to OFF
    #. Edit Mode set to READ_ONLY
    #. Vendor set to other – for OpenLDAP
-   #. User Object Classes set to posixAccount – OSC specific and odd
-   #. Connection URL: ldaps://ldap1.infra.osc.edu:636 ldaps://ldap2.infra.osc.edu:636 – using multiple to demonstrate more than 1
-   #. User DN: ou=People,dc=osc,dc=edu
+   #. User Object Classes set to ``posixAccount`` – OSC specific and odd
+   #. Connection URL: ``ldaps://ldap1.infra.osc.edu:636 ldaps://ldap2.infra.osc.edu:636`` – using multiple to demonstrate more than 1
+   #. User DN: ``ou=People,dc=osc,dc=edu``
    #. Auth Type: none – OSC specific as we allow anonymous binds
-   #. Use Truststore SPI: never – OSC specific since our LDAP certificates are already trusted since from InCommon, leaving default is probably acceptable if no truststoreSpi defined in XML configs
+   #. Use Truststore SPI: never – OSC specific since our LDAP certificates are already trusted since from InCommon, leaving default is probably acceptable if no ``truststoreSpi`` defined in XML configurations.
 
 #. Save
 
@@ -48,8 +48,8 @@ Add OnDemand as a client
 
 #. Choose Clients, then click Create in top right corner
 
-   #. Client ID: ondemand-dev.hpc.osc.edu
-   #. Client Protocol: openid-connect
+   #. Client ID: ``ondemand-dev.hpc.osc.edu``
+   #. Client Protocol: ``openid-connect``
    #. Save (leave Root URL blank)
 
 #. Then edit Settings for the newly created client:
@@ -65,6 +65,6 @@ Add OnDemand as a client
 
 #. Finally, get the client secret to use with OnDemand installation:
 
-   #. Select the "Credentials" tab of the "Client" you are viewing i.e. "Clients >> ondemand-dev.hpc.osc.edu"
+   #. Select the "Credentials" tab of the "Client" you are viewing i.e. ``Clients >> ondemand-dev.hpc.osc.edu``
    #. Copy the value for "secret" for future use in this tutorial (and keep it secure).
 

latest/_sources/authentication/tutorial-oidc-keycloak-rhel7/install-keycloak.rst.txt

@@ -6,7 +6,7 @@ Install Keycloak
 We will install and launch Keycloak server behind Apache.
 
 Login to the host where you will install Keycloak. In this tutorial, we are
-installing Keycloak on the same host as OnDemand, which is webdev07.hpc.osc.edu.
+installing Keycloak on the same host as OnDemand, which is ``webdev07.hpc.osc.edu``.
 
 .. warning::
 
@@ -25,7 +25,7 @@ Initial Installation Steps
       sudo tar xzf keycloak-9.0.0.tar.gz
 
 
-#. Add keycloak user and change ownership of files
+#. Add ``keycloak`` user and change ownership of files
 
    .. code-block:: sh
 
@@ -38,13 +38,13 @@ Initial Installation Steps
 
       sudo install -d -o keycloak -g keycloak /var/lib/keycloak
 
-   This makes a home directory, which is needed when running API calls as keycloak user. Finally we set proper permissions:
+   This makes a home directory, which is needed when running API calls as ``keycloak`` user. Finally we set proper permissions:
 
    .. code-block:: sh
 
       sudo chown keycloak: -R keycloak-9.0.0
 
-#. Restrict access to keycloak-9.0.0/standalone, which will contain
+#. Restrict access to ``keycloak-9.0.0/standalone``, which will contain
    sensitive data for the Keycloak server
 
    .. code-block:: sh
@@ -60,7 +60,7 @@ Initial Installation Steps
       sudo yum install java-1.8.0-openjdk-devel
 
 
-#. Added 'admin' to '/opt/keycloak-9.0.0/standalone/configuration/keycloak-add-user.json', (re)start server to load user.
+#. Added 'admin' to ``/opt/keycloak-9.0.0/standalone/configuration/keycloak-add-user.json``, (re)start server to load user.
 
    If you are not already there:
 
@@ -87,22 +87,22 @@ Initial Installation Steps
       sudo -u keycloak ./bin/jboss-cli.sh 'embed-server,/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)'
       sudo -u keycloak ./bin/jboss-cli.sh 'embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)'
 
-   Or you can use a config.cli file that contains these commands. We have
+   Or you can use a ``config.cli`` file that contains these commands. We have
    provided an example file to make use of in this gist, with blocks commented
-   out so you can wget the file, edit as appropriate, and run via:
+   out so you can ``wget`` the file, edit as appropriate, and run via:
 
    .. code-block:: sh
 
       sudo -u keycloak ./bin/jboss-cli.sh --file=config.cli
 
-   Where the config.cli looks like:
+   Where the ``config.cli`` looks like:
 
    .. literalinclude:: example-keycloak-jboss-config.cli
 
 Start Keycloak Server
 -------------------------
 
-#. Create keycloak.service to start and stop the server:
+#. Create ``keycloak.service`` to start and stop the server:
 
    .. code-block:: sh
 
@@ -125,7 +125,7 @@ Start Keycloak Server
       EOF
 
 
-   Then start keycloak:
+   Then start ``keycloak``:
 
    .. code-block:: sh
 
@@ -148,7 +148,7 @@ Start Keycloak Server
 Place Apache in front of Keycloak
 ---------------------------------
 
-#. Define apache config to proxy keycloak requests
+#. Define apache configuration to proxy Keycloak requests.
 
    .. note::
 
@@ -164,7 +164,7 @@ Place Apache in front of Keycloak
    Add ``/opt/rh/httpd24/root/etc/httpd/conf.d/ood-keycloak.conf``, making changes
    for the appropriate SSL certificate locations. Notice we are proxying
    ``https://ondemand-idpdev.hpc.osc.edu`` to ``http://localhost:8080`` which is the default
-   port the Keycloak webserver runs as.
+   port the Keycloak web-server runs as.
 
    .. literalinclude:: example-keycloak-apache.conf
 
@@ -185,13 +185,13 @@ Differences if installing Keycloak on separate host
 When installing Keycloak on a separate host, the difference between this
 tutorial would be:
 
-#. throughout the rest of the tutorial replace ``https://ondemand-idpdev.hpc.osc.edu`` with the keycloak host
+#. throughout the rest of the tutorial replace ``https://ondemand-idpdev.hpc.osc.edu`` with the Keycloak host
 #. possibly use Apache 2.4 default distribution instead of software collections,
-   meaning that configuration would be at /etc/httpd/conf.d/ instead of
-   /opt/rh/httpd24/root/etc/httpd/conf.d/ and starting the
+   meaning that configuration would be at ``/etc/httpd/conf.d/`` instead of
+   ``/opt/rh/httpd24/root/etc/httpd/conf.d/`` and starting the
    service is likely ``sudo systemctl start httpd`` instead of ``sudo systemctl start httpd24-httpd``
 
-For example, if Keycloak were installed on a separate host idp.hpc.edu then the
-Apache config might look like:
+For example, if Keycloak were installed on a separate host ``idp.hpc.edu`` then the
+Apache configuration might look like:
 
 .. literalinclude:: example-keycloak-apache-separate-host.conf

latest/_sources/authentication/tutorial-oidc-keycloak-rhel7/install_mod_auth_openidc.rst.txt

@@ -3,21 +3,21 @@
 Configure OnDemand to authenticate with Keycloak
 ================================================
 
-OnDemand's Apache needs to use mod_auth_openidc to be able to act as an OpenID
-Connect client to Keycloak. We will install mod_auth_openidc and modify
-OnDemand's Apache configs to enable authentication via Keycloak.
+OnDemand's Apache needs to use ``mod_auth_openidc`` to be able to act as an OpenID
+Connect client to Keycloak. We will install ``mod_auth_openidc`` and modify
+OnDemand's Apache configurations to enable authentication via Keycloak.
 
-Install mod_auth_openidc
-------------------------
+Install ``mod_auth_openidc``
+----------------------------
 
-#. Install httpd24-mod_auth_openidc from ondemand-web repo
+#. Install ``httpd24-mod_auth_openidc`` from ondemand-web repository.
 
    .. code-block:: sh
 
       sudo yum install httpd24-mod_auth_openidc
 
 
-Re-generate main config using ood-portal-generator
+Re-generate main configuration using ood-portal-generator
 -----------------------------------------------------------
 
 #. Edit the YAML configuration file for the :ref:`ood-portal-generator` located
@@ -49,20 +49,20 @@ Re-generate main config using ood-portal-generator
 
    Notice that we are
 
-    * changing the Authentication directives for openid-connect
-    * specifying /oidc to be the sub-uri used by mod_auth_openidc
-    * specifying that /logout should redirect to this /oidc sub-uri to handle logout
+    * changing the Authentication directives for ``openid-connect``
+    * specifying ``/oidc`` to be the URI used by ``mod_auth_openidc``
+    * specifying that /logout should redirect to this ``/oidc`` URI to handle logout
       and specifying after logout, the user should be redirected back to OnDemand
       (which in this tutorial's case is ``https%3A%2F%2Fondemand-dev.hpc.osc.edu``,
-      the query param escaped format of ``https://ondemand-dev.hpc.osc.edu``)
+      the query parameter escaped format of ``https://ondemand-dev.hpc.osc.edu``)
 
 #. Then build and install the new Apache configuration file with:
 
    .. code-block:: sh
 
       sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal
 
-   The effect of this change in the Apache config (in case you want to apply the changes manually) are:
+   The effect of this change in the Apache configuration (in case you want to apply the changes manually) are:
 
    #. Change the authentication directives for all of the Locations that require authentication i.e.:
 
@@ -100,10 +100,10 @@ Re-generate main config using ood-portal-generator
            Require valid-user
          </Location>
 
-Add Keycloak config to OnDemand Apache for mod_auth_openidc
------------------------------------------------------------
+Add Keycloak configuration to OnDemand Apache for ``mod_auth_openidc``
+----------------------------------------------------------------------
 
-#. Add the file /opt/rh/httpd24/root/etc/httpd/conf.d/auth_openidc.conf with the contents:
+#. Add the file ``/opt/rh/httpd24/root/etc/httpd/conf.d/auth_openidc.conf`` with the contents:
 
    .. code-block:: none
 
@@ -140,7 +140,7 @@ Add Keycloak config to OnDemand Apache for mod_auth_openidc
 
 #. Then restart OnDemand's Apache. OnDemand should now be authenticating using KeyCloak.
 
-  Stop both servives:
+  Stop both services:
 
    .. code-block:: sh