You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2021/11/20 17:08:28 UTC
[syncope] branch master updated: Getting Started Guide: reviewed for 3.0
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 65d06de Getting Started Guide: reviewed for 3.0
65d06de is described below
commit 65d06dee01b5a8bacbb4c4987901f1fde10bdeef
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Sat Nov 20 18:08:17 2021 +0100
Getting Started Guide: reviewed for 3.0
---
CONTRIBUTING.md | 2 +-
README.md | 2 +-
SECURITY.md | 2 +-
.../syncope/common/rest/api/beans/AnyQuery.java | 4 +-
.../init/ClassPathScanImplementationLookup.java | 2 +-
.../core/rest/cxf/IdRepoRESTCXFContext.java | 2 +-
.../core/rest/cxf/SyncopeOpenApiCustomizer.java | 4 +-
.../syncope/core/starter/SyncopeCoreStart.java | 6 +-
.../resources/docker-compose/docker-compose-ha.yml | 2 +-
pom.xml | 22 +-
.../asciidoc/getting-started/getting-started.adoc | 13 +-
.../asciidoc/getting-started/introduction.adoc | 68 ++++--
.../asciidoc/getting-started/movingForward.adoc | 13 +-
src/main/asciidoc/getting-started/obtain.adoc | 268 +++++++++++++++++----
.../getting-started/systemRequirements.adoc | 6 +-
src/main/asciidoc/images/architecture.png | Bin 66409 -> 131899 bytes
src/main/asciidoc/images/architecture.xml | 3 +-
src/main/asciidoc/images/iam-scenario.png | Bin 117042 -> 165091 bytes
src/main/asciidoc/images/iam-scenario.xml | 2 +-
.../asciidoc/reference-guide/reference-guide.adoc | 6 +-
.../workingwithapachesyncope/customization.adoc | 4 +-
.../workingwithapachesyncope/restfulservices.adoc | 20 +-
.../workingwithapachesyncope.adoc | 4 +-
src/site/site.xml | 2 +-
src/site/xdoc/architecture.xml | 2 +-
src/site/xdoc/mailing-lists.xml | 10 +-
src/site/xdoc/release-process.xml | 2 +-
standalone/src/main/resources/README | 4 +-
.../wa/starter/config/SyncopeWAConfiguration.java | 2 +-
29 files changed, 335 insertions(+), 142 deletions(-)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 7bc7e4b..c527cce 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -19,4 +19,4 @@ under the License.
**Apache Syncope** is an Open Source system for managing digital identities in enterprise environments,
implemented in Java EE technology and released under Apache 2.0 license.
-Would you like to contribute? Visit http://syncope.apache.org/contributing.html
+Would you like to contribute? Visit https://syncope.apache.org/contributing.html
diff --git a/README.md b/README.md
index e08fd64..da05e9a 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ under the License.
**Apache Syncope** is an Open Source system for managing digital identities in enterprise environments,
implemented in Java EE technology and released under Apache 2.0 license.
-More information at http://syncope.apache.org
+More information at https://syncope.apache.org
<a href="https://bestpractices.coreinfrastructure.org/projects/154">
<img src="https://bestpractices.coreinfrastructure.org/projects/154/badge"/>
diff --git a/SECURITY.md b/SECURITY.md
index 3950fe5..72c8f78 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -24,7 +24,7 @@ under the License.
| ------- | ------------------ |
| 3.0.x | :white_check_mark: |
| 2.1.x | :white_check_mark: |
-| 2.0.x | :white_check_mark: |
+| 2.0.x | :x: |
| 1.2.x | :x: |
| 1.1.x | :x: |
diff --git a/common/idrepo/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/AnyQuery.java b/common/idrepo/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/AnyQuery.java
index be38037..fa58223 100644
--- a/common/idrepo/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/AnyQuery.java
+++ b/common/idrepo/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/AnyQuery.java
@@ -68,7 +68,7 @@ public class AnyQuery extends AbstractQuery {
+ "primarily meant for containing Users, Groups and Any Objects", schema =
@Schema(implementation = String.class, defaultValue = SyncopeConstants.ROOT_REALM, externalDocs =
@ExternalDocumentation(description = "Apache Syncope Reference Guide",
- url = "http://syncope.apache.org/docs/2.1/reference-guide.html#realms")))
+ url = "https://syncope.apache.org/docs/3.0/reference-guide.html#realms")))
public String getRealm() {
return realm;
}
@@ -102,7 +102,7 @@ public class AnyQuery extends AbstractQuery {
+ "feed.", example = "username==rossini", schema =
@Schema(implementation = String.class, externalDocs =
@ExternalDocumentation(description = "Apache Syncope Reference Guide",
- url = "http://syncope.apache.org/docs/2.1/reference-guide.html#search")))
+ url = "https://syncope.apache.org/docs/3.0/reference-guide.html#search")))
@QueryParam(JAXRSService.PARAM_FIQL)
public void setFiql(final String fiql) {
this.fiql = fiql;
diff --git a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java
index 6b626db..67cfb70 100644
--- a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java
+++ b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java
@@ -95,7 +95,7 @@ public class ClassPathScanImplementationLookup implements ImplementationLookup {
@Override
public int getOrder() {
- return Ordered.HIGHEST_PRECEDENCE;
+ return Ordered.HIGHEST_PRECEDENCE + 1;
}
/**
diff --git a/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/IdRepoRESTCXFContext.java b/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/IdRepoRESTCXFContext.java
index cecbac3..595c714 100644
--- a/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/IdRepoRESTCXFContext.java
+++ b/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/IdRepoRESTCXFContext.java
@@ -258,7 +258,7 @@ public class IdRepoRESTCXFContext {
openapiFeature.setDescription("Apache Syncope " + version());
openapiFeature.setContactName("The Apache Syncope community");
openapiFeature.setContactEmail("dev@syncope.apache.org");
- openapiFeature.setContactUrl("http://syncope.apache.org");
+ openapiFeature.setContactUrl("https://syncope.apache.org");
openapiFeature.setScan(false);
openapiFeature.setResourcePackages(Set.of("org.apache.syncope.common.rest.api.service"));
diff --git a/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/SyncopeOpenApiCustomizer.java b/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/SyncopeOpenApiCustomizer.java
index 8e833d4..14686d6 100644
--- a/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/SyncopeOpenApiCustomizer.java
+++ b/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/SyncopeOpenApiCustomizer.java
@@ -125,7 +125,7 @@ public class SyncopeOpenApiCustomizer extends OpenApiCustomizer {
ExternalDocumentation extDoc = new ExternalDocumentation();
extDoc.setDescription("Apache Syncope Reference Guide");
- extDoc.setUrl("http://syncope.apache.org/docs/3.0/reference-guide.html#domains");
+ extDoc.setUrl("https://syncope.apache.org/docs/3.0/reference-guide.html#domains");
Schema<String> schema = new Schema<>();
schema.setDescription("Domains are built to facilitate multitenancy.");
@@ -146,7 +146,7 @@ public class SyncopeOpenApiCustomizer extends OpenApiCustomizer {
ExternalDocumentation extDoc = new ExternalDocumentation();
extDoc.setDescription("Apache Syncope Reference Guide");
- extDoc.setUrl("http://syncope.apache.org/docs/3.0/reference-guide.html#delegation");
+ extDoc.setUrl("https://syncope.apache.org/docs/3.0/reference-guide.html#delegation");
Schema<String> schema = new Schema<>();
schema.setDescription("Acton behalf of someone else");
diff --git a/core/starter/src/main/java/org/apache/syncope/core/starter/SyncopeCoreStart.java b/core/starter/src/main/java/org/apache/syncope/core/starter/SyncopeCoreStart.java
index 87b084f..d913674 100644
--- a/core/starter/src/main/java/org/apache/syncope/core/starter/SyncopeCoreStart.java
+++ b/core/starter/src/main/java/org/apache/syncope/core/starter/SyncopeCoreStart.java
@@ -26,15 +26,13 @@ import org.apache.syncope.core.persistence.api.SyncopeCoreLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.aop.support.AopUtils;
-import org.springframework.context.ApplicationListener;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.core.Ordered;
/**
* Take care of all initializations needed by Syncope Core to run up and safe.
*/
-public class SyncopeCoreStart extends KeymasterStart
- implements ApplicationListener<ContextRefreshedEvent>, Ordered {
+public class SyncopeCoreStart extends KeymasterStart implements Ordered {
private static final Logger LOG = LoggerFactory.getLogger(SyncopeCoreStart.class);
@@ -70,6 +68,6 @@ public class SyncopeCoreStart extends KeymasterStart
LOG.debug("[{}] Initialization completed", loaderName);
});
- serviceOps.register(getNetworkService());
+ super.onApplicationEvent(event);
}
}
diff --git a/docker/src/main/resources/docker-compose/docker-compose-ha.yml b/docker/src/main/resources/docker-compose/docker-compose-ha.yml
index b7cfbed..348d7ea 100644
--- a/docker/src/main/resources/docker-compose/docker-compose-ha.yml
+++ b/docker/src/main/resources/docker-compose/docker-compose-ha.yml
@@ -16,7 +16,7 @@
# under the License.
# Full deployment (Core, Console, Enduser) on PostgreSQL, with high-availability set for Core
-# http://syncope.apache.org/docs/reference-guide.html#high-availability
+# https://syncope.apache.org/docs/reference-guide.html#high-availability
version: '3.3'
diff --git a/pom.xml b/pom.xml
index 58c32e6..ffc50a9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -36,7 +36,7 @@ under the License.
<relativePath />
</parent>
- <url>http://syncope.apache.org/</url>
+ <url>https://syncope.apache.org/</url>
<inceptionYear>2010</inceptionYear>
@@ -81,8 +81,7 @@ under the License.
<post>user@syncope.apache.org</post>
<archive>https://lists.apache.org/list.html?user@syncope.apache.org</archive>
<otherArchives>
- <otherArchive>http://syncope.markmail.org/</otherArchive>
- <otherArchive>http://syncope-user.1051894.n5.nabble.com/</otherArchive>
+ <otherArchive>https://syncope.markmail.org/</otherArchive>
<otherArchive>http://www.mail-archive.com/user@syncope.apache.org/</otherArchive>
</otherArchives>
</mailingList>
@@ -93,8 +92,7 @@ under the License.
<post>dev@syncope.apache.org</post>
<archive>https://lists.apache.org/list.html?dev@syncope.apache.org</archive>
<otherArchives>
- <otherArchive>http://syncope.markmail.org/</otherArchive>
- <otherArchive>http://syncope-dev.1063484.n5.nabble.com/</otherArchive>
+ <otherArchive>https://syncope.markmail.org/</otherArchive>
<otherArchive>http://www.mail-archive.com/dev@syncope.apache.org/</otherArchive>
</otherArchives>
</mailingList>
@@ -105,7 +103,7 @@ under the License.
<post>commits@syncope.apache.org</post>
<archive>https://lists.apache.org/list.html?commits@syncope.apache.org</archive>
<otherArchives>
- <otherArchive>http://syncope.markmail.org/</otherArchive>
+ <otherArchive>https://syncope.markmail.org/</otherArchive>
<otherArchive>http://www.mail-archive.com/commits@syncope.apache.org/</otherArchive>
</otherArchives>
</mailingList>
@@ -2550,12 +2548,12 @@ under the License.
<link>http://www.slf4j.org/api/</link>
<link>http://connid.tirasa.net/apidocs/1.5/</link>
<link>http://cxf.apache.org/javadoc/latest/</link>
- <link>http://fasterxml.github.io/jackson-core/javadoc/2.12/</link>
- <link>http://fasterxml.github.io/jackson-databind/javadoc/2.12/</link>
- <link>http://fasterxml.github.io/jackson-annotations/javadoc/2.12/</link>
- <link>http://fasterxml.github.io/jackson-dataformat-xml/javadoc/2.12/</link>
- <link>http://fasterxml.github.io/jackson-dataformats-text/javadoc/yaml/2.12/</link>
- <link>http://fasterxml.github.io/jackson-dataformats-text/javadoc/csv/2.12/</link>
+ <link>http://fasterxml.github.io/jackson-core/javadoc/2.13/</link>
+ <link>http://fasterxml.github.io/jackson-databind/javadoc/2.13/</link>
+ <link>http://fasterxml.github.io/jackson-annotations/javadoc/2.13/</link>
+ <link>http://fasterxml.github.io/jackson-dataformat-xml/javadoc/2.13/</link>
+ <link>http://fasterxml.github.io/jackson-dataformats-text/javadoc/yaml/2.13/</link>
+ <link>http://fasterxml.github.io/jackson-dataformats-text/javadoc/csv/2.13/</link>
<link>https://www.javadoc.io/doc/org.apache.camel/camel-core/latest/</link>
<link>https://www.javadoc.io/doc/org.apache.camel/camel-spring/latest/</link>
<link>https://ci.apache.org/projects/wicket/apidocs/9.x/</link>
diff --git a/src/main/asciidoc/getting-started/getting-started.adoc b/src/main/asciidoc/getting-started/getting-started.adoc
index 956bb98..4b33504 100644
--- a/src/main/asciidoc/getting-started/getting-started.adoc
+++ b/src/main/asciidoc/getting-started/getting-started.adoc
@@ -21,7 +21,7 @@
// User manual: http://asciidoctor.org/docs/user-manual/
// Tricks: https://leanpub.com/awesomeasciidoctornotebook/read
-:homepage: http://syncope.apache.org
+:homepage: https://syncope.apache.org
:description: Several ways to get started with Apache Syncope
:keywords: Apache Syncope, IdM, provisioning, identity management, getting started, tutorial
@@ -41,16 +41,19 @@ image::http://syncope.apache.org/images/apache-syncope-logo-small.jpg[Apache Syn
[NOTE]
.This document is under active development and discussion!
If you find errors or omissions in this document, please don’t hesitate to
-http://syncope.apache.org/issue-management.html[submit an issue] or
+https://syncope.apache.org/issue-management.html[submit an issue] or
https://github.com/apache/syncope/pulls[open a pull request] with
a fix. We also encourage you to ask questions and discuss any aspects of the project on the
-http://syncope.apache.org/mailing-lists.html[mailing lists or IRC].
+https://syncope.apache.org/mailing-lists.html[mailing lists or IRC].
New contributors are always welcome!
[discrete]
== Preface
-This guide shows you how to get started with Apache Syncope services for identity management, provisioning, and
-compliance.
+This guide shows you how to get started with Apache Syncope services for:
+
+* identity management, provisioning and compliance;
+* access management, single sign-on, authentication and authorization;
+* API gateway, secure proxy, service mesh, request routing.
include::introduction.adoc[]
diff --git a/src/main/asciidoc/getting-started/introduction.adoc b/src/main/asciidoc/getting-started/introduction.adoc
index 44b7238..249eb3f 100644
--- a/src/main/asciidoc/getting-started/introduction.adoc
+++ b/src/main/asciidoc/getting-started/introduction.adoc
@@ -22,18 +22,26 @@
*Apache Syncope* is an Open Source system for managing digital identities in enterprise environments, implemented in
Java EE technology and released under the Apache 2.0 license.
-*Identity Management* (or IdM) means to manage user data on systems and applications, using the combination of
-business processes and IT. IdM involves considering user attributes, roles, resources and entitlements in trying to answer the
-following thorny question:
+Often, Identity Management and Access Management are jointly referred, mainly because their two management worlds likely
+coexist in the same project or in the same environment.
-[.text-center]
-_Who has access to What, When, How, and Why?_
+The two topics are however completely different: each one has its own context, its own rules, its own best practices.
+
+*Identity Management* (or IdM) consists of tools and practices to keep identity data consistent and synchronized across
+repositories, data formats and models.
+
+*Access Management* (or AM) is about systems, protocols and technologies supporting user _authentication_
+(how users are let accessing a given system) and __authorization__ (which capabilities each user owns on a given system).
+
+From the definitions above, Identity Management and Access Management can be seen as complementary: very often, the
+data synchronized by the former are then used by the latter to provide its features - e.g. authentication and
+authorization.
=== What is Identity Management, anyway?
****
-Account:: Computers work with records of data about people. Such records contain technical information needed by the system for
-which the account is created and managed.
+Account:: Computers work with records of data about people. Such records contain technical information needed by the
+system for which the account is created and managed.
(Digital) Identity:: A representation of a set of claims made by one digital subject about itself. *It's you!*
****
@@ -52,11 +60,28 @@ image::identityLifecycle.png[title="Identity Lifecycle",alt="Identity Lifecycle"
.Users, Groups and Any Objects
****
-With Apache Syncope 2.0.0, the managed identities are not limited anymore to Users and Groups. New object types can be
+Since Apache Syncope 2.0.0, the managed identities are not limited anymore to Users and Groups. New object types can be
defined so that Any Object's data can be managed through Syncope: workstations, printers, folders, sensors, services,
and so on. This positions Apache Syncope at the forefront for bringing Identity Management to the IoT world.
****
+=== What is Access Management, anyway?
+
+Authenticate, authorize and audit access to applications and IT systems: access management solutions help strengthen
+security and reduce risk by tightly controlling access to on-premises and cloud-based applications, services, and IT
+infrastructure. +
+Access Management help ensure the right users have access to the right resources at the right times for the right
+reasons.
+
+Single sign-on (SSO) is an authentication scheme that allows a user to access multiple, independent applications with a
+single set of login credentials, without re-entering authentication factors. +
+Very often, SSO is achieved by implementing some of the most popular protocols as
+https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language[SAML^] and http://openid.net/connect/[OpenID Connect^].
+
+Social login, designed to simplify logins, is a form of single sign-on using existing information from a social
+networking service to sign into a third party website instead of creating a new login account specifically for that
+website.
+
=== Identity and Access Management - Reference Scenario
[.text-center]
@@ -64,18 +89,13 @@ image::iam-scenario.png[title="IAM Scenario",alt="IAM Scenario"]
The picture above shows the technologies involved in a complete IAM solution:
-* *_Identity Store_* (as RDBMS, LDAP, Active Directory, meta- and virtual-directories) - the repository for account data
-* *_Provisioning Engine_* - synchronizes account data across Identity Stores and a broad range of data formats, models,
+* *_Identity Store_* (examples are relational databases, LDAP, Active Directory, meta- and virtual-directories,
+cloud resources, ...): the repository for account data
+* *_Identity Manager_*: synchronizes account data across Identity Stores and a broad range of data formats, models,
meanings and purposes
-* *_Access Manager_* - access mediator to all applications, focused on application front-end, taking care of
-authentication (https://en.wikipedia.org/wiki/Single_sign-on[Single Sign-On^]), authorization
-(http://oauth.net/[OAuth^], https://en.wikipedia.org/wiki/XACML[XACML^]) and federation
-(https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language[SAML^], http://openid.net/connect/[OpenID Connect^]).
-
-[NOTE]
-====
-From a technology point of view, *Apache Syncope* is primarily a *Provisioning Engine*.
-====
+* *_Access Manager_*: security mediator to all applications, focused on application front-end, taking care of
+authentication, authorization and federation
+* *_Secure Proxy_*: enforces security policies on API and legacy applications
==== Aren't Identity Stores enough?
@@ -94,13 +114,19 @@ are a few drawbacks with this approach:
[.text-center]
image::architecture.png[title="Architecture",alt="Architecture"]
+*_Keymaster_* allows for dynamic service discovery so that other components are able to find each other.
+
*_Admin UI_* is the web-based console for configuring and administering running deployments, with full support
for delegated administration.
*_End-user UI_* is the web-based application for self-registration, self-service and password reset.
-*_Core_* is the central component, providing all services offered by Apache Syncope. +
-It exposes a fully-compliant https://en.wikipedia.org/wiki/Java_API_for_RESTful_Web_Services[JAX-RS 2.0^]
+*_Web Access_* or *_WA_* is the central hub for authentication, authorization and single sign-on.
+
+*_Secure Remote Access_* or *_SRA_* is a security-enabled API gateway with HTTP reverse proxying capabilities.
+
+*_Core_* is the component providing IdM services and acting as central repository for other components' configuration. +
+It exposes a fully-compliant https://en.wikipedia.org/wiki/Java_API_for_RESTful_Web_Services[JAX-RS 2.1^]
https://en.wikipedia.org/wiki/Representational_state_transfer[RESTful^] interface which enables third-party applications,
written in any programming language, to consume IdM services.
diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc
index 80fe340..582d029 100644
--- a/src/main/asciidoc/getting-started/movingForward.adoc
+++ b/src/main/asciidoc/getting-started/movingForward.adoc
@@ -22,23 +22,24 @@
Once you have obtained a working installation of Apache Syncope using one of the methods reported above, you should consider
reading the
ifeval::["{backend}" == "html5"]
-http://syncope.apache.org/docs/reference-guide.html[Apache Syncope Reference Guide.]
+https://syncope.apache.org/docs/reference-guide.html[Apache Syncope Reference Guide.]
endif::[]
ifeval::["{backend}" == "pdf"]
-http://syncope.apache.org/docs/reference-guide.pdf[Apache Syncope Reference Guide.]
+https://syncope.apache.org/docs/reference-guide.pdf[Apache Syncope Reference Guide.]
endif::[]
to understand how to configure, extend, customize and deploy your new Apache Syncope project.
Before deploying your Apache Syncope installation into production, it is essential to ensure that the default values for
various security properties have been changed to values specific to your deployment.
-The following values must be changed from the defaults in the `security.properties` file:
+The following values must be changed from the defaults in the `core.properties` file:
-* *adminPassword* - The cleartext password as encoded per the "adminPasswordAlgorithm" value (SSHA256 by default), the default value of which is "password".
+* *adminPassword* - The cleartext password as encoded per the `adminPasswordAlgorithm` value (SSHA256 by default), the
+default value of which is "password".
* *secretKey* - The secret key value used for AES ciphering. Only required if either:
** the value for "*adminPasswordAlgorithm*" is "AES" or
-** the configuration parameter "password.cipher.algorithm" is changed to "AES" (See section 4.6.14 "Configuration Parameters" of
-the Reference Guide for more information).
+** the configuration parameter "password.cipher.algorithm" is changed to "AES" (See section 4.6.14 "Configuration
+Parameters" of the Reference Guide for more information).
* *anonymousKey* - The key value to use for anonymous requests.
* *jwsKey* - The symmetric signing key used to sign access tokens. See section 4.4.1 "REST Authentication and
Authorization" of the Reference Guide for more information.
diff --git a/src/main/asciidoc/getting-started/obtain.adoc b/src/main/asciidoc/getting-started/obtain.adoc
index be03468..9e2d27c 100644
--- a/src/main/asciidoc/getting-started/obtain.adoc
+++ b/src/main/asciidoc/getting-started/obtain.adoc
@@ -28,7 +28,7 @@ Tomcat-based environment that can be easily grabbed and put at work on any moder
[CAUTION]
.Target Audience
-First approach, especially with administration console and end-user; does not require technical skills. +
+First approach, especially with Admin and End-user UIs; does not require technical skills. +
*Not meant for any production environment.*
Getting ready in a few easy steps:
@@ -53,7 +53,7 @@ $ ./bin/startup.sh
----
[TIP]
-Please refer to the http://tomcat.apache.org/tomcat-8.5-doc/[Apache Tomcat documentation^] for more advanced setup and
+Please refer to the http://tomcat.apache.org/tomcat-9.0-doc/[Apache Tomcat documentation^] for more advanced setup and
instructions.
[[standalone-components]]
@@ -78,8 +78,18 @@ with
[source,java]
jdbc:h2:~/syncopedb;DB_CLOSE_DELAY=-1
-in `webapps/syncope/WEB-INF/classes/domains/Master.properties` (for `Master` domain) or
-`webapps/syncope/WEB-INF/classes/domains/Two.properties` (for `Two` domain) from the Apache Tomcat directory.
+in `webapps/syncope/WEB-INF/classes/core-embedded.properties` for `persistence.domain[0].jdbcURL` property (`Master`
+domain) and / or
+
+[source,java]
+jdbc:h2:mem:syncopetwo;DB_CLOSE_DELAY=-1
+
+with
+
+[source,java]
+jdbc:h2:~/syncopetwo;DB_CLOSE_DELAY=-1
+
+for `persistence.domain[1].jdbcURL` property (`Two` domain), from the Apache Tomcat directory.
This will create H2 database files in the home directory of the user running Apache Syncope.
Please refer to the http://www.h2database.com/[H2 documentation^] for more options.
@@ -103,6 +113,15 @@ https://docs.docker.com/compose/[Docker Compose^] or https://kubernetes.io/[Kube
==== Docker images
+All images share a commong set of environment variables:
+
+* `KEYMASTER_ADDRESS`: Keymaster address
+* `KEYMASTER_USERNAME`: username for Keymaster authentication
+* `KEYMASTER_PASSWORD`: password for Keymaster authentication
+* `SERVICE_DISCOVERY_ADDRESS`: address to publish to Keymaster for the current instance
+* `ANONYMOUS_USER`: username for service-to-service authentication
+* `ANONYMOUS_KEY`: password for service-to-service authentication
+
===== Core
Apache Syncope Core, see <<a-birds-eye-view-on-the-architecture,above>> for information.
@@ -111,8 +130,6 @@ Port exposed: `8080`.
Environment variables:
-* `DBMS`: which type of relational DBMS is to be used as internal storage for Syncope Core; valid values are
-`postgresql`, `mariadb`, `mssql`, `mysql`
* `DB_URL`: JDBC URL of internal storage
* `DB_USER`: username for internal storage authentication
* `DB_PASSWORD`: password for internal storage authentication
@@ -120,7 +137,7 @@ Environment variables:
* `DB_POOL_MIN`: internal storage connection pool: floor
* `OPENJPA_REMOTE_COMMIT`: configure multiple instances, with high availability; valid values are the ones accepted by
OpenJPA for
-http://openjpa.apache.org/builds/3.0.0/apache-openjpa/docs/ref_guide_event.html[remote event notification^] including
+http://openjpa.apache.org/builds/3.1.0/apache-openjpa/docs/ref_guide_event.html[remote event notification^] including
`sjvm` (single instance)
===== Console
@@ -129,27 +146,32 @@ Apache Syncope Admin UI, see <<a-birds-eye-view-on-the-architecture,above>> for
Port exposed: `8080`.
-Environment variables:
-
-* `CORE_SCHEME`: URL scheme to connect to Syncope Core; valid values are `http` or `https`
-* `CORE_HOST`: host name or IP address to connect to Syncope Core
-* `CORE_PORT`: port number to connect to Syncope Core
-
===== Enduser
Apache Syncope Enduser UI, see <<a-birds-eye-view-on-the-architecture,above>> for information.
Port exposed: `8080`.
+===== WA
+
+Apache Syncope Web Access, see <<a-birds-eye-view-on-the-architecture,above>> for information.
+
+Port exposed: `8080`.
+
Environment variables:
-* `CORE_SCHEME`: URL scheme to connect to Syncope Core; valid values are `http` or `https`
-* `CORE_HOST`: host name or IP address to connect to Syncope Core
-* `CORE_PORT`: port number to connect to Syncope Core
+* `CAS_SERVER_NAME`: public base URL to reach this instance; in case of clustered setup, this is the public-facing
+address and not the individual node address
+
+===== SRA
+
+Apache Syncope Secure Remote Access, see <<a-birds-eye-view-on-the-architecture,above>> for information.
+
+Port exposed: `8080`.
==== Docker Compose samples
-Besides the one reported below, more samples are
+Besides the ones reported below, more samples are
ifeval::["{snapshotOrRelease}" == "release"]
https://github.com/apache/syncope/tree/syncope-{docVersion}/docker/src/main/resources/docker-compose[available^].
endif::[]
@@ -157,11 +179,15 @@ ifeval::["{snapshotOrRelease}" == "snapshot"]
https://github.com/apache/syncope/tree/master/docker/src/main/resources/docker-compose[available^].
endif::[]
-.Syncope Core, Admin UI and Enduser UI with PostgreSQL
+.Core, Admin UI and Enduser UI with PostgreSQL, with embedded Keymaster
====
-The `docker-compose.yml` below will create and connect 4 Docker containers to provide a full-fledged, single
+The `docker-compose.yml` below will create and connect 4 Docker containers to provide an IdM-only, single
instance, Apache Syncope deployment. All referenced images are available on Docker Hub.
+[NOTE]
+In this sample we are configuring an embedded, REST-based Keymaster hence `KEYMASTER_USERNAME` / `KEYMASTER_PASSWORD`
+are passed with same values as `ANONYMOUS_USER` / `ANONYMOUS_KEY`.
+
[source,yaml,subs="verbatim,attributes"]
----
version: '3.3'
@@ -183,13 +209,19 @@ services:
- "18080:8080"
restart: always
environment:
- DBMS: postgresql
+ SPRING_PROFILES_ACTIVE: docker,postgresql
DB_URL: jdbc:postgresql://db:5432/syncope
DB_USER: syncope
DB_PASSWORD: syncope
DB_POOL_MAX: 10
DB_POOL_MIN: 2
OPENJPA_REMOTE_COMMIT: sjvm
+ KEYMASTER_ADDRESS: http://localhost:8080/syncope/rest/keymaster
+ KEYMASTER_USERNAME: ${ANONYMOUS_USER}
+ KEYMASTER_PASSWORD: ${ANONYMOUS_KEY}
+ SERVICE_DISCOVERY_ADDRESS: https://syncope:8080/syncope/rest/
+ ANONYMOUS_USER: ${ANONYMOUS_USER}
+ ANONYMOUS_KEY: ${ANONYMOUS_KEY}
syncope-console: // <3>
depends_on:
@@ -199,9 +231,13 @@ services:
- "28080:8080"
restart: always
environment:
- CORE_SCHEME: http
- CORE_HOST: syncope
- CORE_PORT: 8080
+ SPRING_PROFILES_ACTIVE: docker
+ KEYMASTER_ADDRESS: https://syncope:8080/syncope/rest/keymaster
+ KEYMASTER_USERNAME: ${ANONYMOUS_USER}
+ KEYMASTER_PASSWORD: ${ANONYMOUS_KEY}
+ SERVICE_DISCOVERY_ADDRESS: https://syncope-console:8080/syncope-console/
+ ANONYMOUS_USER: ${ANONYMOUS_USER}
+ ANONYMOUS_KEY: ${ANONYMOUS_KEY}
syncope-enduser: // <4>
depends_on:
@@ -211,17 +247,138 @@ services:
- "38080:8080"
restart: always
environment:
- CORE_SCHEME: http
- CORE_HOST: syncope
- CORE_PORT: 8080
+ SPRING_PROFILES_ACTIVE: docker
+ KEYMASTER_ADDRESS: https://syncope:8080/syncope/rest/keymaster
+ KEYMASTER_USERNAME: ${ANONYMOUS_USER}
+ KEYMASTER_PASSWORD: ${ANONYMOUS_KEY}
+ SERVICE_DISCOVERY_ADDRESS: https://syncope-enduser:8080/syncope-enduser/
+ ANONYMOUS_USER: ${ANONYMOUS_USER}
+ ANONYMOUS_KEY: ${ANONYMOUS_KEY}
----
<1> Database container for usage as internal storage, based on latest PostgreSQL image available
<2> Apache Syncope Core, single instance, port `18080` exposed
<3> Apache Syncope Admin UI, port `28080` exposed
-<4> Apache Syncope Enduser UI, port `38080` exposed, working with `Master` domain
+<4> Apache Syncope Enduser UI, port `38080` exposed
====
-How to start the containers:
+.Full deployment (Core, Admin UI, Enduser UI, WA, SRA) on PostgreSQL, with Keymaster on Zookeeper
+====
+The `docker-compose.yml` below will create and connect 7 Docker containers to provide a full-fledged, single
+instance, Apache Syncope deployment. All referenced images are available on Docker Hub.
+
+[NOTE]
+Zookeeper is configured without JAAS, hence empty `KEYMASTER_USERNAME` / `KEYMASTER_PASSWORD` are passed to other
+containers.
+
+[source,yaml,subs="verbatim,attributes"]
+----
+version: '3.3'
+
+services:
+ keymaster: // <1>
+ image: zookeeper:3.7.0
+ restart: always
+
+ db: // <2>
+ image: postgres:latest
+ restart: always
+ environment:
+ POSTGRES_DB: syncope
+ POSTGRES_USER: syncope
+ POSTGRES_PASSWORD: syncope
+
+ syncope: // <3>
+ depends_on:
+ - db
+ - keymaster
+ image: apache/syncope:{docVersion}
+ ports:
+ - "18080:8080"
+ restart: always
+ environment:
+ SPRING_PROFILES_ACTIVE: docker,postgresql
+ DB_URL: jdbc:postgresql://db:5432/syncope
+ DB_USER: syncope
+ DB_PASSWORD: syncope
+ DB_POOL_MAX: 10
+ DB_POOL_MIN: 2
+ OPENJPA_REMOTE_COMMIT: sjvm
+ KEYMASTER_ADDRESS: keymaster:2181
+ KEYMASTER_USERNAME: ${KEYMASTER_USERNAME:-}
+ KEYMASTER_PASSWORD: ${KEYMASTER_PASSWORD:-}
+ SERVICE_DISCOVERY_ADDRESS: https://syncope:8080/syncope/rest/
+
+ syncope-console: // <4>
+ depends_on:
+ - syncope
+ - keymaster
+ image: apache/syncope-console:{docVersion}
+ ports:
+ - "28080:8080"
+ restart: always
+ environment:
+ SPRING_PROFILES_ACTIVE: docker
+ KEYMASTER_ADDRESS: keymaster:2181
+ KEYMASTER_USERNAME: ${KEYMASTER_USERNAME:-}
+ KEYMASTER_PASSWORD: ${KEYMASTER_PASSWORD:-}
+ SERVICE_DISCOVERY_ADDRESS: https://syncope-console:8080/syncope-console/
+
+ syncope-enduser: // <5>
+ depends_on:
+ - syncope
+ - keymaster
+ image: apache/syncope-enduser:{docVersion}
+ ports:
+ - "38080:8080"
+ restart: always
+ environment:
+ SPRING_PROFILES_ACTIVE: docker
+ KEYMASTER_ADDRESS: keymaster:2181
+ KEYMASTER_USERNAME: ${KEYMASTER_USERNAME:-}
+ KEYMASTER_PASSWORD: ${KEYMASTER_PASSWORD:-}
+ SERVICE_DISCOVERY_ADDRESS: https://syncope-enduser:8080/syncope-enduser/
+
+ syncope-wa: // <6>
+ depends_on:
+ - syncope
+ - keymaster
+ image: apache/syncope-wa:{docVersion}
+ ports:
+ - "48080:8080"
+ restart: always
+ environment:
+ SPRING_PROFILES_ACTIVE: docker
+ KEYMASTER_ADDRESS: keymaster:2181
+ KEYMASTER_USERNAME: ${KEYMASTER_USERNAME:-}
+ KEYMASTER_PASSWORD: ${KEYMASTER_PASSWORD:-}
+ SERVICE_DISCOVERY_ADDRESS: https://syncope-wa:8080/syncope-wa/
+ CAS_SERVER_NAME: http://localhost:48080
+
+ syncope-sra: // <7>
+ depends_on:
+ - syncope
+ - keymaster
+ image: apache/syncope-sra:{docVersion}
+ ports:
+ - "58080:8080"
+ restart: always
+ environment:
+ SPRING_PROFILES_ACTIVE: docker
+ KEYMASTER_ADDRESS: keymaster:2181
+ KEYMASTER_USERNAME: ${KEYMASTER_USERNAME:-}
+ KEYMASTER_PASSWORD: ${KEYMASTER_PASSWORD:-}
+ SERVICE_DISCOVERY_ADDRESS: https://syncope-sra:8080/
+----
+<1> Apache Syncope Keymaster, based on https://zookeeper.apache.org/[Apache Zookeeper^]
+<2> Database container for usage as internal storage, based on latest PostgreSQL image available
+<3> Apache Syncope Core, single instance, port `18080` exposed
+<4> Apache Syncope Admin UI, port `28080` exposed
+<5> Apache Syncope Enduser UI, port `38080` exposed
+<6> Apache Syncope WA, port `48080` exposed
+<7> Apache Syncope SRA, port `58080` exposed
+====
+
+===== How to start the containers
. Save the example file locally.
. Download and start the containers:
@@ -236,15 +393,21 @@ The following services will be available:
[cols="1,2"]
|===
-| Complete REST API reference
-| http://localhost:18080/syncope/index.html
+| REST API reference
+| http://localhost:18080/syncope/
-| Administration console
-| http://localhost:28080/syncope-console +
+| Admin UI
+| http://localhost:28080/syncope-console/ +
Credentials: `admin` / `password`
| End-user UI
-| http://localhost:38080/syncope-enduser
+| http://localhost:38080/syncope-enduser/
+
+| WA (only with Example 2)
+| http://localhost:48080/syncope-wa/
+
+| SRA (only with Example 2)
+| http://localhost:58080/
|===
@@ -325,7 +488,7 @@ Provides access to the full capabilities of Apache Syncope, and almost all exten
[[maven-prerequisites]]
==== Prerequisites
- . http://maven.apache.org/[Apache Maven^] (version 3.0.3 or higher) installed
+ . http://maven.apache.org/[Apache Maven^] (version 3.5.0 or higher) installed
. Some basic knowledge about Maven
. Some basic knowledge about http://maven.apache.org/guides/introduction/introduction-to-archetypes.html[Maven archetypes^].
@@ -401,18 +564,20 @@ anonymousKey::
Provide any pseudo-random string here that will be used as an authentication key for anonymous requests.
Maven will create a project for you (in a newly created directory named after the value of the `artifactId` property
-specified above) containing four modules: `common`, `core`, `console` and `enduser`.
+specified above) containing seven modules: `common`, `core`, `console`, `enduser`, `wa`, `sra` and `fit`.
You are now able to perform the first build via
[source,bash]
$ mvn clean install
-After downloading all of the needed dependencies, three WAR files will be produced:
+After downloading all of the needed dependencies, the following artifacts will be produced:
. `core/target/syncope.war`
. `console/target/syncope-console.war`
. `enduser/target/syncope-enduser.war`
+. `wa/target/syncope-wa.war`
+. `sra/target/syncope-sra.jar`
If no failures are encountered, your basic Apache Syncope project is now ready to go.
@@ -421,10 +586,10 @@ If no failures are encountered, your basic Apache Syncope project is now ready t
Before actual deployment as executbale or onto a Java EE container, you need to further check the **Customization**
chapter of the
ifeval::["{backend}" == "html5"]
-http://syncope.apache.org/docs/reference-guide.html[Apache Syncope Reference Guide.]
+https://syncope.apache.org/docs/reference-guide.html[Apache Syncope Reference Guide.]
endif::[]
ifeval::["{backend}" == "pdf"]
-http://syncope.apache.org/docs/reference-guide.pdf[Apache Syncope Reference Guide.]
+https://syncope.apache.org/docs/reference-guide.pdf[Apache Syncope Reference Guide.]
endif::[]
====
@@ -452,14 +617,14 @@ configured for the embedded mode.
When building for production, instead, it is recommended to check the **Customization** chapter of
the
ifeval::["{backend}" == "html5"]
-http://syncope.apache.org/docs/reference-guide.html[Apache Syncope Reference Guide.]
+https://syncope.apache.org/docs/reference-guide.html[Apache Syncope Reference Guide.]
endif::[]
ifeval::["{backend}" == "pdf"]
-http://syncope.apache.org/docs/reference-guide.pdf[Apache Syncope Reference Guide.]
+https://syncope.apache.org/docs/reference-guide.pdf[Apache Syncope Reference Guide.]
endif::[]
====
-then, from the `enduser` subdirectory, execute:
+then, from the `fit` subdirectory, execute:
[source,bash]
$ mvn -P embedded,all
@@ -470,21 +635,27 @@ $ mvn -P embedded,all
|===
| Log files
-| Available under `core/target/log`, `console/target/log` and `enduser/target/log`
+| Available under `core/target/log`, `console/target/log`, `enduser/target/log`, `wa/target/log` and `sra/target/log`
| ConnId bundles
| Available under `core/target/bundles`
-| Complete REST API reference
-| http://localhost:9080/syncope/index.html
+| REST API reference
+| http://localhost:9080/syncope/
-| Administration console
+| Admini UI
| http://localhost:9080/syncope-console/ +
Credentials: `admin` / `password`
| End-user UI
| http://localhost:9080/syncope-enduser/
+| WA
+| http://localhost:9080/syncope-wa/
+
+| SRA
+| http://localhost:8080/
+
| Internal storage
| A SQL web interface is available at http://localhost:9080/syncope/h2 +
+
@@ -502,11 +673,8 @@ You can configure any LDAP client (such as http://jxplorer.org/[JXplorer^], for
bind DN: `uid=admin,ou=system` +
bind password: `secret`
-| External resource: SOAP
-| An example SOAP service is available at http://localhost:9080/syncope-fit-build-tools/cxf/soap
-
-| External resource: REST
-| An example REST service is available at http://localhost:9080/syncope-fit-build-tools/cxf/rest
+| External resource: SOAP and REST
+| Example SOAP and REST services are available at http://localhost:9080/syncope-fit-build-tools/cxf/
| External resource: database
| http://www.h2database.com/[H2^] TCP database is available. +
diff --git a/src/main/asciidoc/getting-started/systemRequirements.adoc b/src/main/asciidoc/getting-started/systemRequirements.adoc
index 40d40dc..5d4df3e 100644
--- a/src/main/asciidoc/getting-started/systemRequirements.adoc
+++ b/src/main/asciidoc/getting-started/systemRequirements.adoc
@@ -25,12 +25,12 @@ The hardware requirements depend greatly on the given deployment, in particular
managed entities (Users, Groups and Any Objects), their attributes and resources.
* CPU: dual core, 2 GHz (minimum)
- * RAM: 2 GB (minimum)
- * Disk: 100 MB (minimum)
+ * RAM: 4 GB (minimum)
+ * Disk: 200 MB (minimum)
=== Java
-Apache Syncope {docVersion} requires the latest JDK 11 that is available.
+Apache Syncope {docVersion} requires the latest JDK 11 that is available. Works with JDK 14 and JDK 17.
=== Java EE Container
diff --git a/src/main/asciidoc/images/architecture.png b/src/main/asciidoc/images/architecture.png
index 44cd8f4..35b6b92 100644
Binary files a/src/main/asciidoc/images/architecture.png and b/src/main/asciidoc/images/architecture.png differ
diff --git a/src/main/asciidoc/images/architecture.xml b/src/main/asciidoc/images/architecture.xml
index 8979964..4baab3c 100644
--- a/src/main/asciidoc/images/architecture.xml
+++ b/src/main/asciidoc/images/architecture.xml
@@ -16,6 +16,5 @@ software distributed under the License is distributed on an
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-
-->
-<mxfile modified="2018-12-18T12:13:50.602Z" host="www.draw.io" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/71.0.3578.80 Chrome/71.0.3578.80 Safari/537.36" version="10.0.2" etag="1SPHE1r1g3yMCpB044ps" type="device"><diagram id="0" name="Page-1">5Zptc+ooFMc/jS/tmOf40vrQdbZbO+q93b5Eg5HZGLIEq/bTLyRBQ0hv015i7+52OtNwCIT8+MM5h7RjDXfHOwKS7R84gFHH7AXHjjXqmKZhmy77wy2n3OI5Vm4ICQqKmy6GBXqFhbFXWPcogKl0I8U4oiiRjWscx3BNJRsgBB/k2zY4kp+agBAqhsUaRKr1CQV0m1 [...]
+<mxfile modified="2021-11-19T16:26:40.712Z" host="app.diagrams.net" agent="5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36" etag="TpRqIwXl23oWXvRkSgJr" version="15.8.2" type="device"><diagram id="0" name="Page-1">5L3XsuPIlQX6NXrUBEn4R3hHeI+XG/CGILz/+ovkqZK6ukozGqlbcyNuRZw4RALM3Llzm7V2Jk79BaLfOz9Gfal0adb85XFL979AzF8ejzuGQtcv0HJ8a8ER4qulGKv0W9vfG6zqzL413r61LlWaTT88OHddM1f9j41J17ZZMv/QFo1jt/34WN41P47aR0X2U4OVRM3PrV6VzuVXK/5A/94uZFVRfh/5jn6bXx [...]
diff --git a/src/main/asciidoc/images/iam-scenario.png b/src/main/asciidoc/images/iam-scenario.png
index 8a05b9e..9aa185e 100644
Binary files a/src/main/asciidoc/images/iam-scenario.png and b/src/main/asciidoc/images/iam-scenario.png differ
diff --git a/src/main/asciidoc/images/iam-scenario.xml b/src/main/asciidoc/images/iam-scenario.xml
index a9b0902..cf1a0d3 100644
--- a/src/main/asciidoc/images/iam-scenario.xml
+++ b/src/main/asciidoc/images/iam-scenario.xml
@@ -17,4 +17,4 @@ KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
-<mxfile type="device" userAgent="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0" version="5.2.7.0" editor="www.draw.io"><diagram>7Vtdb+I6E/41XFJBwlcvoS27r7TVqZaV9pyrKgQDVpM4xwkt3V+/42QmcT6gfCSBnncRiNhxbOeZx+PxjN0y79ztF2n560exYE7L6Cy2LfO+ZRjdQXcAfyrnPc4ZDDpxxkryBRZKM2b8F8NMKrbhCxZkCoZCOCH3s5m28Dxmh5k8S0rxli22FE62Vd9aUYtpxsy2nGLuT74I13HuyMDXUvlfGV+tqeXu4Da+M7fsl5UUGw/baxnmMvrEt12L6ope1HwAEKUQUI26crd3zFFAEkYxGtMdd5NOSuZhR/Y/ALfUA6+Ws8H3bBkDBx6dLAXUYHSC8B0RGPy7U [...]
+<mxfile host="app.diagrams.net" modified="2021-11-19T15:18:08.444Z" agent="5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36" version="15.8.2" etag="_I0Xl2ia8F_qiptCvOXk" type="device"><diagram id="0" name="Page-1">7Vxbc5s4FP41ebSHO/jRubY7zTatO9v2KSNjxdYGEAtyY/fXrwQSBiQ7tgET7yaTTOAghPyd71x0JHxhXoWruwTEi3s8g8GFoc1WF+b1hWHormPSf0yyziXOSMsF8wTNeKONYIJ+Qy4UzZZoBtNKQ4JxQFBcFfo4iqBPKjKQJPil2uwJB9WnxmAOJcHEB4Es/Y5mZJFLPcPZyD9ANF+IJ+vOKL8yBf7zPMHLiD [...]
diff --git a/src/main/asciidoc/reference-guide/reference-guide.adoc b/src/main/asciidoc/reference-guide/reference-guide.adoc
index b9947c0..1815e7b 100644
--- a/src/main/asciidoc/reference-guide/reference-guide.adoc
+++ b/src/main/asciidoc/reference-guide/reference-guide.adoc
@@ -21,7 +21,7 @@
// User manual: http://asciidoctor.org/docs/user-manual/
// Tricks: https://leanpub.com/awesomeasciidoctornotebook/read
-:homepage: http://syncope.apache.org
+:homepage: https://syncope.apache.org
:description: Comprehensive guide about Apache Syncope
:keywords: Apache Syncope, IdM, provisioning, identity management, reference, guide
@@ -41,10 +41,10 @@ image::http://syncope.apache.org/images/apache-syncope-logo-small.jpg[Apache Syn
[NOTE]
.This document is under active development and discussion!
If you find errors or omissions in this document, please don’t hesitate to
-http://syncope.apache.org/issue-management.html[submit an issue] or
+https://syncope.apache.org/issue-management.html[submit an issue] or
https://github.com/apache/syncope/pulls[open a pull request] with
a fix. We also encourage you to ask questions and discuss any aspects of the project on the
-http://syncope.apache.org/mailing-lists.html[mailing lists or IRC].
+https://syncope.apache.org/mailing-lists.html[mailing lists or IRC].
New contributors are always welcome!
[discrete]
diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
index 61aa172..cd439f8 100644
--- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
+++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
@@ -96,10 +96,10 @@ Please also note that the actual list of Spring context files to include might d
In general, the Embedded Mode (see the
ifeval::["{backend}" == "html5"]
-http://syncope.apache.org/docs/getting-started.html[Apache Syncope Getting Started Guide]
+https://syncope.apache.org/docs/getting-started.html[Apache Syncope Getting Started Guide]
endif::[]
ifeval::["{backend}" == "pdf"]
-http://syncope.apache.org/docs/getting-started.pdf[Apache Syncope Getting Started Guide]
+https://syncope.apache.org/docs/getting-started.pdf[Apache Syncope Getting Started Guide]
endif::[]
for details) allows the user to work comfortably from a single workstation, with no need of additional setup; it is
effectively implemented as the `all`
diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
index 8d9600c..b2cb2ad 100644
--- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
+++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
@@ -32,7 +32,7 @@ where `protocol`, `host` and `port` reflect your deployment.
.REST Reference
====
A complete REST reference generated from https://en.wikipedia.org/wiki/Web_Application_Description_Language[WADL^] is
-http://syncope.apache.org/rest/2.1/index.html[published^] as well as made available with each deployment at
+https://syncope.apache.org/rest/3.0/index.html[published^] as well as made available with each deployment at
....
protocol://host:port/syncope/
@@ -265,7 +265,7 @@ Accept: application/xml
Content-Length: 628
Content-Type: application/xml
^M
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?><syncope30:group xmlns:syncope30="http://syncope.apache.org/3.0">
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?><syncope30:group xmlns:syncope30="https://syncope.apache.org/3.0">
</syncope30:group>
--batch_61bfef8d-0a00-41aa-b775-7b6efff37652
Content-Type: application/http
@@ -341,7 +341,7 @@ X-Syncope-Domain: Master
X-Syncope-Key: 843b2fc3-b8a8-4a8b-bb2f-c3b8a87a8b2e
^M
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<syncope30:provisioningResult xmlns:syncope30="http://syncope.apache.org/3.0"></syncope30:provisioningResult>
+<syncope30:provisioningResult xmlns:syncope30="https://syncope.apache.org/3.0"></syncope30:provisioningResult>
--batch_61bfef8d-0a00-41aa-b775-7b6efff37652
Content-Type: application/http
Content-Transfer-Encoding: binary
@@ -573,7 +573,7 @@ than JSON (default), to select
https://en.wikipedia.org/wiki/HTTP_compression[HTTP compression^] or to set the
https://cxf.apache.org/javadoc/latest/org/apache/cxf/configuration/jsse/TLSClientParameters.html[TLS client configuration^]
(more options in the
-http://syncope.apache.org/apidocs/2.1/org/apache/syncope/client/lib/SyncopeClientFactoryBean.html[Javadoc^]):
+https://syncope.apache.org/apidocs/3.0/org/apache/syncope/client/lib/SyncopeClientFactoryBean.html[Javadoc^]):
[source,java]
----
@@ -606,7 +606,7 @@ SyncopeClient client = new SyncopeClientFactoryBean().
===== Usage
Select one of the
-http://syncope.apache.org/apidocs/2.1/org/apache/syncope/common/rest/api/service/package-summary.html[RESTful services^]
+https://syncope.apache.org/apidocs/3.0/org/apache/syncope/common/rest/api/service/package-summary.html[RESTful services^]
and invoke one of the available methods:
[source,java]
@@ -621,21 +621,21 @@ loggerService.update(LoggerType.LOG, loggerTO);
[NOTE]
More RESTful services could be available besides the
-http://syncope.apache.org/apidocs/2.1/org/apache/syncope/common/rest/api/service/package-summary.html[default set^],
+https://syncope.apache.org/apidocs/3.0/org/apache/syncope/common/rest/api/service/package-summary.html[default set^],
as there might be <<extensions,extensions>> installed in the given deployment; the
<<apache-camel-provisioning-manager>> provides the
-http://syncope.apache.org/apidocs/2.1/org/apache/syncope/common/rest/api/service/CamelRouteService.html[CamelRouteService^],
+https://syncope.apache.org/apidocs/3.0/org/apache/syncope/common/rest/api/service/CamelRouteService.html[CamelRouteService^],
for instance.
[TIP]
Advanced REST features are also available from `SyncopeClient` instances: check
-http://syncope.apache.org/apidocs/2.1/org/apache/syncope/client/lib/SyncopeClient.html[the javadoc^]
+https://syncope.apache.org/apidocs/3.0/org/apache/syncope/client/lib/SyncopeClient.html[the javadoc^]
for more information.
.Search for Users, Groups or Any Objects
====
All search operations return
-http://syncope.apache.org/apidocs/2.1/org/apache/syncope/common/lib/to/PagedResult.html[paged result handlers^]
+https://syncope.apache.org/apidocs/3.0/org/apache/syncope/common/lib/to/PagedResult.html[paged result handlers^]
which can be exploited both for getting the actual results and for extrapolating pagination coordinates.
[source,java]
@@ -722,7 +722,7 @@ Pair<Map<String, Set<String>>, UserTO> self = client.self();
UserTO userTO = self.getRight(); // <1>
Map<String, Set<String>> realm2entitlements = self.getLeft(); // <2>
----
-<1> http://syncope.apache.org/apidocs/2.1/org/apache/syncope/common/lib/to/UserTO.html[UserTO^] of the requesting user
+<1> https://syncope.apache.org/apidocs/3.0/org/apache/syncope/common/lib/to/UserTO.html[UserTO^] of the requesting user
<2> for each <<realms,realm>>, the owned <<entitlements,entitlements>>
====
diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/workingwithapachesyncope.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/workingwithapachesyncope.adoc
index c4b9639..b5fb7a6 100644
--- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/workingwithapachesyncope.adoc
+++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/workingwithapachesyncope.adoc
@@ -21,10 +21,10 @@
Before proceeding, please ensure that you have access to a running Apache Syncope deployment.
You can take a look at the
ifeval::["{backend}" == "html5"]
-http://syncope.apache.org/docs/getting-started.html[Apache Syncope Getting Started Guide]
+https://syncope.apache.org/docs/getting-started.html[Apache Syncope Getting Started Guide]
endif::[]
ifeval::["{backend}" == "pdf"]
-http://syncope.apache.org/docs/getting-started.pdf[Apache Syncope Getting Started Guide]
+https://syncope.apache.org/docs/getting-started.pdf[Apache Syncope Getting Started Guide]
endif::[]
to check system requirements and to choose among the various options for obtaining Apache Syncope.
diff --git a/src/site/site.xml b/src/site/site.xml
index 68ab69a..335b102 100644
--- a/src/site/site.xml
+++ b/src/site/site.xml
@@ -53,7 +53,7 @@ under the License.
<body>
<breadcrumbs>
<item name="Apache" href="http://www.apache.org/"/>
- <item name="Apache Syncope" href="http://syncope.apache.org/"/>
+ <item name="Apache Syncope" href="https://syncope.apache.org/"/>
</breadcrumbs>
<menu name="Apache Syncope™" inherit="top">
diff --git a/src/site/xdoc/architecture.xml b/src/site/xdoc/architecture.xml
index 97ed7a7..9082a1b 100644
--- a/src/site/xdoc/architecture.xml
+++ b/src/site/xdoc/architecture.xml
@@ -58,7 +58,7 @@ under the License.
<em>Core</em>
</strong> is the central component, providing all services offered by Apache Syncope.<br/>
It exposes a fully-compliant
- <a target="_blank" href="https://en.wikipedia.org/wiki/Java_API_for_RESTful_Web_Services">JAX-RS 2.0</a>
+ <a target="_blank" href="https://en.wikipedia.org/wiki/Java_API_for_RESTful_Web_Services">JAX-RS 2.1</a>
<a target="_blank" href="https://en.wikipedia.org/wiki/Representational_state_transfer">RESTful</a>
interface which enables third-party applications, written in any programming language, to consume IdM
services.
diff --git a/src/site/xdoc/mailing-lists.xml b/src/site/xdoc/mailing-lists.xml
index 1fb8845..b323f0d 100644
--- a/src/site/xdoc/mailing-lists.xml
+++ b/src/site/xdoc/mailing-lists.xml
@@ -53,7 +53,7 @@ under the License.
<a href="https://lists.apache.org/list.html?user@syncope.apache.org">lists.apache.org</a>
</td>
<td>
- <a href="http://syncope.markmail.org/">syncope.markmail.org</a>
+ <a href="https://syncope.markmail.org/">syncope.markmail.org</a>
</td>
</tr>
<tr class="a">
@@ -63,7 +63,7 @@ under the License.
<td>-</td>
<td>-</td>
<td>
- <a href="http://syncope-user.1051894.n5.nabble.com/">syncope-user.1051894.n5.nabble.com</a>
+ <a href="https://syncope-user.1051894.n5.nabble.com/">syncope-user.1051894.n5.nabble.com</a>
</td>
</tr>
<tr class="b">
@@ -91,7 +91,7 @@ under the License.
<a href="https://lists.apache.org/list.html?dev@syncope.apache.org">lists.apache.org</a>
</td>
<td>
- <a href="http://syncope.markmail.org/">syncope.markmail.org</a>
+ <a href="https://syncope.markmail.org/">syncope.markmail.org</a>
</td>
</tr>
<tr class="b">
@@ -101,7 +101,7 @@ under the License.
<td>-</td>
<td>-</td>
<td>
- <a href="http://syncope-dev.1063484.n5.nabble.com/">syncope-dev.1063484.n5.nabble.com</a>
+ <a href="https://syncope-dev.1063484.n5.nabble.com/">syncope-dev.1063484.n5.nabble.com</a>
</td>
</tr>
<tr class="a">
@@ -129,7 +129,7 @@ under the License.
<a href="https://lists.apache.org/list.html?commits@syncope.apache.org">lists.apache.org</a>
</td>
<td>
- <a href="http://syncope.markmail.org/">syncope.markmail.org</a>
+ <a href="https://syncope.markmail.org/">syncope.markmail.org</a>
</td>
</tr>
<tr class="a">
diff --git a/src/site/xdoc/release-process.xml b/src/site/xdoc/release-process.xml
index f13a710..ca4ba25 100644
--- a/src/site/xdoc/release-process.xml
+++ b/src/site/xdoc/release-process.xml
@@ -481,7 +481,7 @@ Maven staging repo:
https://repository.apache.org/content/repositories/orgapachesyncope-ZZZZ/
Staging site:
-http://syncope.apache.org/$VERSION/
+https://syncope.apache.org/$VERSION/
PGP release keys (signed using ABCDEFG):
https://downloads.apache.org/syncope/KEYS
diff --git a/standalone/src/main/resources/README b/standalone/src/main/resources/README
index 4b24189..62f9f9f 100644
--- a/standalone/src/main/resources/README
+++ b/standalone/src/main/resources/README
@@ -9,5 +9,5 @@ In order to run this distribution you must:
For more information about what features are available and how to access, check [2].
-[1] http://syncope.apache.org/docs/getting-started.html#standalone
-[2] http://syncope.apache.org/docs/getting-started.html#standalone-components
+[1] https://syncope.apache.org/docs/getting-started.html#standalone
+[2] https://syncope.apache.org/docs/getting-started.html#standalone-components
diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/SyncopeWAConfiguration.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/SyncopeWAConfiguration.java
index 206d10b..b8bd1ed 100644
--- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/SyncopeWAConfiguration.java
+++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/SyncopeWAConfiguration.java
@@ -119,7 +119,7 @@ public class SyncopeWAConfiguration {
contact(new Contact().
name("The Apache Syncope community").
email("dev@syncope.apache.org").
- url("http://syncope.apache.org")).
+ url("https://syncope.apache.org")).
version(version())).
schemaRequirement("BasicAuthentication",
new SecurityScheme().type(SecurityScheme.Type.HTTP).scheme("basic")).