refactor: move images of the "identity" modules

modules/identity/pages/organization-overview.adoc

@@ -23,7 +23,7 @@ An organization is a collection of users, usually defined in a hierarchical stru
 Within the organization, users belong to one or more groups. +
 For each group a user belongs to, the user has a role. You can define roles as required. The combination of a group and a role for a user is called a membership. A user can have several memberships but each one must apply to a different group.
 
-image::images/images-6_0/admin_org_MyCorp_structure.png[The structure of MyCorp]
+image::images-6_0/admin_org_MyCorp_structure.png[The structure of MyCorp]
 
 In this corporation, there is a hierarchical structure, with the following units:
 
@@ -40,7 +40,7 @@ These hierarchical units can be used as groups within the Bonita organization. I
 
 A group can be created based on any set of criteria useful to a process. For example, if MyCorp is conducting trials of a new process to control just-in-time parts delivery from a supplier, you could create a group that contains the specific users involved in the trials. The figure below shows the groups in the MyCorp organization, seen in Bonita Studio.
 
-image::images/images-6_0/admin_org_mycorp_groups.png[The groups of MyCorp]
+image::images-6_0/admin_org_mycorp_groups.png[The groups of MyCorp]
 
 All the users who participate in a process must be in the same Bonita organization. For example, if you use a process to track order processing with a supplier, the supplier employees who perform steps in the process must be in the organization.
 

modules/identity/pages/rest-api-authorization.adoc

@@ -24,7 +24,7 @@ Upon login, a user is granted a set of permissions. These permissions define the
 
 == Summary
 
-For a new Bonita installation, a basic set of authorization checks is activated by default for the REST API. 
+For a new Bonita installation, a basic set of authorization checks is activated by default for the REST API.
 Here are the key points of the authorization's configuration :
 
 * The static check creates an authorization layer that exactly matches the standard Bonita Applications features and profiles.
@@ -394,7 +394,7 @@ To deactivate authorization, set the above property to `false`, then restart the
 
 [#troubleshooting]
 
-== image:images/troubleshooting.png[troubleshooting-icon] Troubleshooting
+== Troubleshooting
 
 To troubleshoot REST API permissions issues, you need to increase the xref:ROOT:logging.adoc[log level] to `DEBUG` (or `TRACE` for even more logs) for the packages `org.bonitasoft.authorization` and `com.bonitasoft.authorization` in order requests attempts to be displayed in the log files `bonita-*.log` (by default, they are not).
 
@@ -428,4 +428,4 @@ In Bonita Studio the loggers to see denied REST resources access are already con
 
 == Permissions and resources
 
-You can find the default REST API authorizations xref:api-permissions-overview.adoc[in this page].
+You can find the default REST API authorizations xref:api-permissions-overview.adoc[in this page].

modules/identity/pages/single-sign-on-with-kerberos.adoc

@@ -22,7 +22,7 @@ Bonita uses http://spnego.sourceforge.net/[Spnego] library that allows to reques
 
 Kerberos SSO with AD relies on a minimum on 3 physical machines that are member of the same AD domain:
 
-image:images/kerberos-ad.png[Kerberos with AD]
+image:kerberos-ad.png[Kerberos with AD]
 
 * Domain Controller: the AD domain controller providing the SSO tickets through the Kerberos KDC component.
 * Service Server: the server on which resides the service we want to access (Bonita for instance). This server is referred to as the "Principal". It uses the credentials of an AD service account and is member of the domain.
@@ -32,7 +32,7 @@ image:images/kerberos-ad.png[Kerberos with AD]
 
 The target architecture for integrating Kerberos SSO with Bonita and Spnego will involve a custom web application filter: Bonita Kerberos filter.
 
-image:images/kerberos-overview.png[Authentication over Kerberos]
+image:kerberos-overview.png[Authentication over Kerberos]
 
 The scenario covered by the filter is the following:
 
@@ -294,7 +294,7 @@ Note that if you try to access `http ://<bundle host>:<port>/bonita/login.jsp`,
 The most commonly used solution is to hide the logout button from the Bonita Layout. Users are logged in as long as they don't close their web browser and their session does not time out. +
 To do this, set the `logout.link.hidden` option to `true` in `authenticationManager-config.properties` located in `<BUNDLE_HOME>/setup/platform_conf/initial/tenant_template_portal` for not initialized platform or `<BUNDLE_HOME>/setup/platform_conf/current/tenant_template_portal` and `<BUNDLE_HOME>/setup/platform_conf/current/tenants/[TENANT_ID]/tenant_portal/`.
 
-== image:images/troubleshooting.png[troubleshooting-icon] Troubleshooting
+== Troubleshooting
 
 To troubleshoot Kerberos SSO login issues, you need to add a logging handler for the package `net.sourceforge.spnego` and increase the xref:ROOT:logging.adoc[log level] to `TRACE` and `DEBUG` for the packages `org.bonitasoft.console`, `org.bonitasoft.engine.authentication`, `com.bonitasoft.engine.authentication`, and `net.sourceforge.spnego` in order for errors to be displayed in the log files bonita.log (by default, they are not).
 

modules/identity/pages/single-sign-on-with-oidc.adoc

@@ -27,7 +27,7 @@ Only the *Authorization Code Flow* of OpenID Connect (with or without refresh to
 This is an overview that describes the steps of the authentication process on a Bonita bundle configured as an OIDC client:
 [#oidc-overview]
 
-image:images/oidc-overview.png[Authentication over OIDC]
+image:oidc-overview.png[Authentication over OIDC]
 
 Here are some details about the Bonita OIDC module,
 it is composed of:

modules/identity/pages/single-sign-on-with-saml.adoc

@@ -22,7 +22,7 @@ Bonita uses http://www.keycloak.org/[Keycloak] as SAML Service Provider adapter.
 
 This is an overview that relates the steps required to integrate a bonita bundle with an SAML Identity Provider.
 
-image:images/saml-overview.png[Authentication over SAML]
+image:saml-overview.png[Authentication over SAML]
 
 Here are some details about the Bonita SAML2 module,
 it is composed of:

modules/identity/pages/ssl.adoc

@@ -177,25 +177,31 @@ To activate the addition of the secure flag, edit the configuration file and cha
 
 For more information on this cookie see xref:ROOT:csrf-security.adoc[CSRF security].
 
-== image:images/troubleshooting.png[troubleshooting-icon] Troubleshooting
+[.troubleshooting-title]
+== Troubleshooting
 
-*Symptom:* +
+[.troubleshooting-section]
+--
+[.symptom]
 The following stacktrace appears in the Bonita Runtime log:
 
+[.symptom-description]
 [source,log]
 ----
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
  sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 ----
 
-*Cause:* +
+
+[.cause]#Potential cause#
+
 This issue arises for one of these reasons:
 
 * You are using a self-signed certificate
 * You are using a certificate that has been issued by an internal certificate authority
 * Your certificate is outdated
 
-*Solutions:* +
+[.solution]#Possible solution#
 
 . Make sure you have imported the public certificate of the target instance into the truststore according to the Connecting to SSLServices instructions listed above
 . Make sure any certificates have been imported into the correct truststore; you may have multiple JRE/JDKs
@@ -204,3 +210,6 @@ This issue arises for one of these reasons:
 . Verify that the target server is configured to serve SSL correctly. This can be done with an SSL Server Test tool
 . Make sure you used keytool to install the new certificate. More info http://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html[online].
 . Make sure your truststore is not out of date
+--
+
+

modules/identity/pages/user-authentication-overview.adoc

@@ -16,7 +16,7 @@ If you want to find out how to customize authentication refer to the dedicated d
 
 To help understand how user authentication is performed, let's take a typical case where a user accesses the Bonita Applications for the first time. This scenario is the default (no LDAP authentication, nor CAS).
 
-image::images/images-6_0/user_auth_schema_70.png[user authentication]
+image::images-6_0/user_auth_schema_70.png[user authentication]
 
 . In a web browser, the user types the URL of Bonita Applications
 (e.g. `+http://localhost:8080/bonita+`) that will initiate a