Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-876

Server Admin Guide: mistakes in text

XMLWordPrintable

      I encountered a few things that should be probably changed.

      ____
      CHAPTER 15. AUDITING AND EVENTS
      15.1.1. Event Types
      Account events:
      Send Password Reset - A password reset email has been sent.

      ---the text is "Send Password Reset", but the actual event in admin console is named SEND_RESET_PASSWORD
      ____
      CHAPTER 15. AUDITING AND EVENTS
      15.1.1. Event Types
      Account events:
      Social Link - An account has been linked to a social provider.
      Remove Social Link - A social provider has been removed from an account.

      ---the text is "Social Link", but I couldn't find such event in the admin console, only SEND_IDENTITY_PROVIDER_LINK or FEDERATED_IDENTITY_LINK (the same with Remove Social Link)
      ____
      CHAPTER 16. EXPORT AND IMPORT
      Red Hat Single Sign-On has the ability export and import the entire database.

      ---should be "to export and import"
      ____
      17.1. THEMEABLE
      See the Server Developer Guide for more details. == Threat Model Mitigation

      ---probably something wrong with ". == " and it should be a headline ?
      ____
      17.4. SSL/HTTPS REQUIREMENT
      If you do not use SSL/HTTPS for all communication between the Red Hat Single Sign-On auth server and the clients it secures you will be very vulnerable to man in the middle attacks.

      — I would use "secures, you", it's less confusing
      ____
      17.7. COMPROMISED ACCESS AND REFRESH TOKENS
      This might seem like a no-brainer, but since Red Hat Single Sign-On does not have SSL enabled by default, many naive admins might not realize they have to do this.

      ---may seem a little offensive to use the term "naive admins"
      ____
      17.9. OPEN REDIRECTORS
      It is important that clients and applications register as specific a URI pattern as possible to mitigate open redirector attacks.

      ---I would use "as specific URI pattern as possible"
      ____
      CHAPTER 17. USER ACCOUNT SERVICE

      ---the screenshots for Account Service, Password Update, OTP Authenticator, Federated Identity, Sessions, Applications (from User Account Service page) have "English" next to the "Back to Security Admin Console" link, I didn't see the language choice when I opened it.

              zschwarz Zuzana Schwarzová (Inactive)
              zschwarz Zuzana Schwarzová (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: