[keycloak-dev] typos in manual
乗松隆志 / NORIMATSU,TAKASHI
takashi.norimatsu.ws at hitachi.com
Mon Mar 27 02:25:37 EDT 2017
Dear all,
I've been engaging in applying keycloak onto the systems whose emphasis are on high-security.
By the way, I've found some typos in RH-SSO and keycloak's manuals, and an erroneous description on RH-SSO and keycloak's UI, as follows.
I'm not sure it be appropriate that I post such the issue onto this dev mailing list. If not, please tell me.
1) On 3.19.7 Compromised Access Codes of Server Administration Guide for keycloak 3.0.0 and before, we'd like to use "Authorization Codes" instead of "Access Codes".
The same is applied on 17.8 Compromised Access Code of Server Administration Guide for RH-SSO 7.1beta and before.
2) On 3.14.3 Session and Token Timeouts for keycloak 3.0.0 and before, we'd like to use "Authorization Code Flow in OIDC" instead of "Authentication Code Flow in OIDC".
The same is applied on 13.3 Session and Token Timeouts of Server Administration Guide for RH-SSO 7.1beta and before.
3) On "Security Defences" of "Realm Settings" for keycloak 3.0.0 and before, the description of the tooltip for "Content-Security-Policy" is the same as "X-Frame-Options".
However, CSP is the different mechanism against X-Frame-Options according to https://www.w3.org/TR/CSP/.
we'd better consider other description. For example, "Default value prevents pages from accessing non-origin resources(click label for more information)".
Regards.
Takashi Norimatsu
More information about the keycloak-dev
mailing list