upload OpenAM docs after deploy 0cc8b06df0d792d9d04ad2813e580f320f35bfaa

Author: Open Identity Platform Community

openam/modules/ROOT/attachments/create-keystore.sh

@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+#
+# create-keystore.sh
+# copyright (c) 2016 ForgeRock AS.
+#
+# Keytool must be in your path
+#
+# Author: Craig McDonnell
+#
+
+signature_keystore=keystore-signature.jks
+verification_keystore=keystore-verifier.jks
+signature_cert=signature.cert
+storepass=password
+keypass=password
+storetype=JCEKS
+
+# Generate the keystore-signature.jks file
+
+keytool -genkeypair \
+        -alias "Signature" \
+        -dname CN=a \
+        -keystore $signature_keystore \
+        -storepass $storepass \
+        -storetype $storetype \
+        -keypass $keypass \
+        -keyalg RSA \
+        -sigalg SHA256withRSA
+
+# Generate Password
+
+keytool -genseckey \
+        -alias "Password" \
+        -keystore $signature_keystore \
+        -storepass $storepass \
+        -storetype $storetype \
+        -keypass $keypass \
+        -keyalg HmacSHA256 \
+        -keysize 256
+
+# Verify (on screen) contents of keystore-signature.jks
+
+keytool -list \
+        -keystore $signature_keystore \
+        -storepass $storepass \
+        -storetype $storetype
+
+# Export SecretKey for verifier
+
+keytool -importkeystore \
+        -srckeystore $signature_keystore \
+        -destkeystore $verification_keystore \
+        -srcstoretype $storetype \
+        -deststoretype $storetype \
+        -srcstorepass $storepass \
+        -deststorepass $storepass \
+        -srcalias Password \
+        -destalias Password \
+        -srckeypass $keypass \
+        -destkeypass $keypass
+
+# Export the PublicKey from the signature keystore
+
+keytool -exportcert \
+        -alias "Signature" \
+        -keystore $signature_keystore \
+        -storepass $storepass \
+        -storetype $storetype \
+        -file $signature_cert
+
+# Import the PublicKey into the verification keystore
+
+keytool -importcert \
+        -alias "Signature" \
+        -keystore $verification_keystore \
+        -storepass $storepass \
+        -storetype $storetype \
+        -file $signature_cert

openam/modules/ROOT/attachments/cts-add-indexes.txt

@@ -0,0 +1,82 @@
+#
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+#
+# Copyright (c) 2011-2018 ForgeRock AS. All Rights Reserved
+#
+# The contents of this file are subject to the terms
+# of the Common Development and Distribution License
+# (the License). You may not use this file except in
+# compliance with the License.
+#
+# You can obtain a copy of the License at
+# http://forgerock.org/license/CDDLv1.0.html
+# See the License for the specific language governing
+# permission and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL
+# Header Notice in each file and include the License file
+# at http://forgerock.org/license/CDDLv1.0.html
+# If applicable, add the following below the CDDL Header,
+# with the fields enclosed by brackets [] replaced by
+# your own identifying information:
+# "Portions Copyrighted [year] [name of copyright owner]"
+#
+
+# dsconfig batch file to add CTS indexes
+# 1. Save this file locally.
+# 2. On OpenDJ server, run:
+#    dsconfig -p 4444 -D "cn=Directory Manager" -w password \
+#    -F cts-add-indexes.txt -X -n
+
+create-backend-index --backend-name userRoot --index-name coreTokenExpirationDate \
+  --set index-type:ordering
+create-backend-index --backend-name userRoot --index-name coreTokenUserId \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenString01 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenString02 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenString03 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenString05 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenString08 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenString09 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenString10 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenString14 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenString15 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenInteger01 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenInteger02 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenInteger03 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenInteger04 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenInteger05 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenInteger06 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenInteger07 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenInteger08 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenInteger09 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenInteger10 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenDate01 \
+  --set index-type:ordering
+create-backend-index --backend-name userRoot --index-name coreTokenDate02 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenDate03 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenDate04 \
+  --set index-type:equality
+create-backend-index --backend-name userRoot --index-name coreTokenDate05 \
+  --set index-type:equality

openam/modules/admin-guide/pages/appendix-interface-stability.adoc

@@ -1,4 +1,3 @@
-:leveloffset: -1
 ////
   The contents of this file are subject to the terms of the Common Development and
   Distribution License (the License). You may not use this file except in compliance with the
@@ -19,6 +18,7 @@
 :figure-caption!:
 :example-caption!:
 :table-caption!:
+:leveloffset: -1"
 
 
 [appendix]

openam/modules/admin-guide/pages/chap-admin-tools.adoc

@@ -1,4 +1,3 @@
-:leveloffset: -1
 ////
   The contents of this file are subject to the terms of the Common Development and
   Distribution License (the License). You may not use this file except in compliance with the
@@ -19,6 +18,7 @@
 :figure-caption!:
 :example-caption!:
 :table-caption!:
+:leveloffset: -1"
 
 
 [#chap-admin-tools]

openam/modules/admin-guide/pages/chap-agents.adoc

@@ -1,4 +1,3 @@
-:leveloffset: -1
 ////
   The contents of this file are subject to the terms of the Common Development and
   Distribution License (the License). You may not use this file except in compliance with the
@@ -19,6 +18,7 @@
 :figure-caption!:
 :example-caption!:
 :table-caption!:
+:leveloffset: -1"
 
 
 [#chap-agents]

openam/modules/admin-guide/pages/chap-audit-logging.adoc

@@ -1,4 +1,3 @@
-:leveloffset: -1
 ////
   The contents of this file are subject to the terms of the Common Development and
   Distribution License (the License). You may not use this file except in compliance with the
@@ -19,6 +18,7 @@
 :figure-caption!:
 :example-caption!:
 :table-caption!:
+:leveloffset: -1"
 
 
 [#chap-audit-logging]
@@ -34,7 +34,7 @@ The Audit Logging Service uses a structured message format that adheres to a con
 
 [IMPORTANT]
 ====
-By default, OpenDJ 3.0 does not have audit logging enabled; thus, administrators must manually enable audit logging in the directory server. For more information, see link:https://backstage.forgerock.com/docs/opendj/3.5/admin-guide/#log-common-audit-ldap-csv[To Enable LDAP CSV Access Logs, window=\_blank] in the __OpenDJ Administration Guide__.
+By default, OpenDJ 3.0 does not have audit logging enabled; thus, administrators must manually enable audit logging in the directory server. For more information, see link:https://doc.openidentityplatform.org/opendj/admin-guide/chap-monitoring#log-common-audit-ldap-csv[To Enable LDAP CSV Access Logs, window=\_blank] in the __OpenDJ Administration Guide__.
 ====
 
 [#about-audit-logs]
@@ -238,7 +238,7 @@ OpenAM also supports another level of tamper evident security by periodically ad
 
 .. Click Is Enabled to turn on the tamper evident feature for CSV logs.
 
-.. In the Certificate Store Location field, enter the location of the keystore. You must manually create the keystore and place it in this location. You can use a simple script to create your Java keystore: link:../resources/create-keystore.sh[create-keystore.sh, window=\_blank].
+.. In the Certificate Store Location field, enter the location of the keystore. You must manually create the keystore and place it in this location. You can use a simple script to create your Java keystore: xref:ROOT:attachment$create-keystore.sh[create-keystore.sh, window=\_blank].
 +
 Default: `%BASE_DIR%/%SERVER_URI%/Logger.jks`
 

openam/modules/admin-guide/pages/chap-auth-services.adoc

@@ -1,4 +1,3 @@
-:leveloffset: -1
 ////
   The contents of this file are subject to the terms of the Common Development and
   Distribution License (the License). You may not use this file except in compliance with the
@@ -19,6 +18,7 @@
 :figure-caption!:
 :example-caption!:
 :table-caption!:
+:leveloffset: -1"
 
 
 [#chap-auth-services]

openam/modules/admin-guide/pages/chap-authz-policy.adoc

@@ -1,4 +1,3 @@
-:leveloffset: -1
 ////
   The contents of this file are subject to the terms of the Common Development and
   Distribution License (the License). You may not use this file except in compliance with the
@@ -19,6 +18,7 @@
 :figure-caption!:
 :example-caption!:
 :table-caption!:
+:leveloffset: -1"
 
 
 [#chap-authz-policy]

openam/modules/admin-guide/pages/chap-backup-restore.adoc

@@ -1,4 +1,3 @@
-:leveloffset: -1
 ////
   The contents of this file are subject to the terms of the Common Development and
   Distribution License (the License). You may not use this file except in compliance with the
@@ -19,6 +18,7 @@
 :figure-caption!:
 :example-caption!:
 :table-caption!:
+:leveloffset: -1"
 
 
 [#chap-backup-restore]
@@ -28,7 +28,7 @@ OpenAM stores configuration data in an LDAP directory server and in files. The d
 
 This chapter shows how to backup and restore OpenAM configuration data by backing up and restoring local configuration files and local (embedded) configuration directory server data. If your deployment uses an external configuration directory server, then refer to the documentation for your external directory server or work with your directory server administrator to back up and restore configuration data stored in the external directory service.
 
-For OpenDJ directory server you can find more information in the chapter on link:https://backstage.forgerock.com/docs/opendj/3.5/admin-guide/#chap-backup-restore[Backing Up and Restoring Data, window=\_blank].
+For OpenDJ directory server you can find more information in the chapter on link:https://doc.openidentityplatform.org/opendj/admin-guide/chap-backup-restore[Backing Up and Restoring Data, window=\_blank].
 This chapter aims to cover the following uses of backup data.
 
 . Recovery from server failure:
@@ -57,7 +57,7 @@ Have the following points in mind when using this procedure:
 
 * Use this procedure __only__ when OpenAM stores configuration data in the embedded OpenDJ directory server, which means that the embedded OpenDJ directory server files are co-located with other OpenAM configuration files.
 +
-If your deployment uses an external configuration directory server, then refer to the documentation for your external directory server or work with your directory server administrator to back up and restore configuration data stored in the external directory service. For OpenDJ directory server you can find more information in the chapter on link:https://backstage.forgerock.com/docs/opendj/3.5/admin-guide/#chap-backup-restore[Backing Up and Restoring Data, window=\_blank].
+If your deployment uses an external configuration directory server, then refer to the documentation for your external directory server or work with your directory server administrator to back up and restore configuration data stored in the external directory service. For OpenDJ directory server you can find more information in the chapter on link:https://doc.openidentityplatform.org/opendj/admin-guide/chap-backup-restore[Backing Up and Restoring Data, window=\_blank].
 
 * Do not restore configuration data from a backup of a different release of OpenAM. The structure of the configuration data can change from release to release.
 
@@ -74,7 +74,7 @@ Replication relies on historical data to resolve any conflicts that arise. If di
 +
 When the directory server encounters a gap in historical data it cannot correctly complete replication operations. You must make sure, therefore, that any data you restore from backup is not older than the replication purge delay. Otherwise your restoration operation could break replication with the likely result that you must restore all servers from backup, losing any changes that occurred in the meantime.
 +
-For more information about purge delay, see the OpenDJ __Administration Guide__ section on link:https://backstage.forgerock.com/docs/opendj/3.5/admin-guide/#restore-replica[To Restore a Replica, window=\_blank].
+For more information about purge delay, see the OpenDJ __Administration Guide__ section on link:https://doc.openidentityplatform.org/opendj/admin-guide/chap-backup-restore#restore-replica[To Restore a Replica, window=\_blank].
 
 
 Follow these steps for each OpenAM server that you want to back up:
@@ -117,7 +117,7 @@ Have the following points in mind when using this procedure:
 
 * Use this procedure __only__ when OpenAM stores configuration data in the embedded OpenDJ directory server, which means that the embedded OpenDJ directory server files are co-located with other OpenAM configuration files.
 +
-If your deployment uses an external configuration directory server, then refer to the documentation for your external directory server or work with your directory server administrator to back up and restore configuration data stored in the external directory service. For OpenDJ directory server, you can find more information in the chapter on link:https://backstage.forgerock.com/docs/opendj/3.5/admin-guide/#chap-backup-restore[Backing Up and Restoring Data, window=\_blank].
+If your deployment uses an external configuration directory server, then refer to the documentation for your external directory server or work with your directory server administrator to back up and restore configuration data stored in the external directory service. For OpenDJ directory server, you can find more information in the chapter on link:https://doc.openidentityplatform.org/opendj/admin-guide/chap-backup-restore[Backing Up and Restoring Data, window=\_blank].
 
 * Do not restore configuration data from a backup of a different release of OpenAM. The structure of the configuration data can change from release to release.
 
@@ -138,7 +138,7 @@ Replication relies on historical data to resolve any conflicts that arise. If di
 +
 When the directory server encounters a gap in historical data it cannot correctly complete replication operations. You must make sure, therefore, that any data you restore from backup is not older than the replication purge delay. Otherwise your restoration operation could break replication with the likely result that you must restore all servers from backup, losing any changes that occurred in the meantime.
 +
-For more information about purge delay, see the OpenDJ __Administration Guide__ section on link:https://backstage.forgerock.com/docs/opendj/3.5/admin-guide/#restore-replica[To Restore a Replica, window=\_blank].
+For more information about purge delay, see the OpenDJ __Administration Guide__ section on link:https://doc.openidentityplatform.org/opendj/admin-guide/chap-backup-restore#restore-replica[To Restore a Replica, window=\_blank].
 
 
 Follow these steps for each OpenAM server to restore. If you are restoring OpenAM after a failure, make sure you make a copy of any configuration and log files that you need to investigate the problem before restoring OpenAM from backup:
@@ -217,7 +217,7 @@ Use this procedure to recover from a serious configuration error by manually res
 +
 The OpenDJ change log provides an external change log mechanism that allows you to read changes made to directory data for replicated directory servers.
 +
-For instructions on reading the change log, see the OpenDJ __Administration Guide__ section on link:https://backstage.forgerock.com/docs/opendj/3.5/admin-guide/#repl-change-notification[Change Notification For Your Applications, window=\_blank].
+For instructions on reading the change log, see the OpenDJ __Administration Guide__ section on link:https://doc.openidentityplatform.org/opendj/admin-guide/chap-replication#repl-change-notification[Change Notification For Your Applications, window=\_blank].
 
 . Based on the data in the change log, determine what changes would reverse the configuration error.
 +
@@ -229,7 +229,7 @@ For changes that resulted in one attribute value being replaced by another, you
 
 . Use the OpenDJ `ldapmodify` command to apply the modification.
 +
-For instructions on making changes to directory data see the section on link:https://backstage.forgerock.com/docs/opendj/3.5/server-dev-guide/#write-ldap[Updating the Directory, window=\_blank] in the __OpenDJ Directory Server Developer's Guide__.
+For instructions on making changes to directory data see the section on link:https://doc.openidentityplatform.org/opendj/server-dev-guide/chap-ldap-operations#write-ldap[Updating the Directory, window=\_blank] in the __OpenDJ Directory Server Developer's Guide__.
 
 ====
 

openam/modules/admin-guide/pages/chap-cdsso.adoc

@@ -1,4 +1,3 @@
-:leveloffset: -1
 ////
   The contents of this file are subject to the terms of the Common Development and
   Distribution License (the License). You may not use this file except in compliance with the
@@ -19,6 +18,7 @@
 :figure-caption!:
 :example-caption!:
 :table-caption!:
+:leveloffset: -1"
 
 
 [#chap-cdsso]

openam/modules/admin-guide/pages/chap-certs-keystores.adoc

@@ -1,4 +1,3 @@
-:leveloffset: -1
 ////
   The contents of this file are subject to the terms of the Common Development and
   Distribution License (the License). You may not use this file except in compliance with the
@@ -19,6 +18,7 @@
 :figure-caption!:
 :example-caption!:
 :table-caption!:
+:leveloffset: -1"
 
 
 [#chap-certs-keystores]

openam/modules/admin-guide/pages/chap-change-hosts.adoc

@@ -1,4 +1,3 @@
-:leveloffset: -1
 ////
   The contents of this file are subject to the terms of the Common Development and
   Distribution License (the License). You may not use this file except in compliance with the
@@ -19,12 +18,13 @@
 :figure-caption!:
 :example-caption!:
 :table-caption!:
+:leveloffset: -1"
 
 
 [#chap-change-hosts]
 == Changing Host Names
 
-When you change the OpenAM host name, you must make manual changes to the configuration. This chapter describes what to do. If you must also move an embedded configuration directory from one host to another, see the OpenDJ __Administration Guide__ chapter, link:https://backstage.forgerock.com/docs/opendj/3.5/admin-guide/#chap-mv-servers[Moving Servers, window=\_blank].
+When you change the OpenAM host name, you must make manual changes to the configuration. This chapter describes what to do. If you must also move an embedded configuration directory from one host to another, see the OpenDJ __Administration Guide__ chapter, link:https://doc.openidentityplatform.org/opendj/admin-guide/chap-mv-servers[Moving Servers, window=\_blank].
 Changing OpenAM host names involves the following high-level steps.
 
 * Adding the new host name to the Realm/DNS Aliases list.

openam/modules/admin-guide/pages/chap-dashboard.adoc

@@ -1,4 +1,3 @@
-:leveloffset: -1
 ////
   The contents of this file are subject to the terms of the Common Development and
   Distribution License (the License). You may not use this file except in compliance with the
@@ -19,6 +18,7 @@
 :figure-caption!:
 :example-caption!:
 :table-caption!:
+:leveloffset: -1"
 
 
 [#chap-dashboard]