Merge remote-tracking branch 'origin/master'

docs/misc/self-registration/index.adoc

@@ -9,6 +9,11 @@
 :page-since: "3.5"
 :page-upkeep-status: yellow
 
+[TIP]
+.MidPoint 4.6 and later
+
+This configuration is valid in midPoint 4.6 and later. For configuration before 4.6 please see xref:./configuration-before-4-6/[Self Registration Configuration before 4.6].
+
 Self registration in midPoint provides possibility for unauthenticated user to enroll to midPoint and request assignments.
 By default, self registration is disabled.
 Following text describes how to enable self registration in midPoint.
@@ -32,23 +37,15 @@ After this, self registration process is enabled globally (in the multi-tenant e
     ....
    <globalSecurityPolicyRef oid="28bf845a-b107-11e3-85bc-001e8c717e5b" type="c:SecurityPolicyType"/>
     ....
-   <defaultHostname>http://localhost:8080/midpoint</defaultHostname>
+   <publicHttpUrlPattern>http://localhost:8080/midpoint</publicHttpUrlPattern>
     ....
 </systemConfiguration>
 ----
 
 In the example above, you can see globalSecurityPolicyRef which refers to the security policy which will be used and checked if the self registration is enabled.
-The above example also works with *defaultHostname* attribute.
+The above example also works with *publicHttpUrlPattern* attribute.
 This value is used while generating confirmation link for self registration verification process.
 
-
-[WARNING]
-.Change from 4.1
-====
-From 4.1 please you use _publicHttpUrlPattern_ instead of _defaultHostname_.
-====
-
-
 == Configuring Security Policy
 
 Configuration for self registration is in Security Policy object and it is separated into three parts - registration, authentication and credentials.
@@ -74,7 +71,7 @@ The configuration for self registration can look like following:
          <name>selfRegistration</name>
          <initialLifecycleState>draft</initialLifecycleState>
          <displayName>Self Registration</displayName>
-         <additionalAuthenticationName>confirmationLink</additionalAuthenticationName>
+         <additionalAuthenticationSequence>confirmationLink</additionalAuthenticationSequence>
          <defaultRole oid="00000000-0000-0000-0000-000000000008" type="c:RoleType"/>
       </selfRegistration>
    </registration>
@@ -85,13 +82,6 @@ For this newly created user, lifecycle state is set to the draft.
 Until user doesn't confirm his/her registration it cannot do anything, it is disabled and no roles are assigned.
 After confirmation, specified default roles are assigned to the user.
 
-[WARNING]
-.Deprecated From MidPoint 4.1 and will be removed in 4.5
-====
-Configuration attribute '_securityPolicy/authentication/mailAuthentication_' is deprecated. Please use _xref:/midpoint/reference/security/authentication/flexible-authentication/configuration/[Flexible Authentication]_ for configuration of authentication sequence for self registration and set name of authentication sequence to _additionalAuthenticationName_.
-====
-
-
 == Self Post-Registration (or Invite) For Existing Users in MidPoint
 
 This scenario can be used for various scenarios, e.g:
@@ -121,7 +111,7 @@ For such scenarios, the configuration can look like following:
          <initialLifecycleState>proposed</initialLifecycleState>
          <requiredLifecycleState>draft</requiredLifecycleState>
          <displayName>Self Registration</displayName>
-         <additionalAuthenticationName>confirmationLink</additionalAuthenticationName>
+         <additionalAuthenticationSequence>confirmationLink</additionalAuthenticationSequence>
          <defaultRole oid="00000000-0000-0000-0000-000000000008" type="c:RoleType"/>
       </selfRegistration>
    </registration>
@@ -132,29 +122,12 @@ The lifecycle state which is required to successfully register the user is speci
 This is to support situations, where all potential users are pre-created/pre-registered by administrators (but  they are not active until they don't  register and confirm the registration).
 After user fills in registration form and submits it, existing user is modified in midPoint with the configured lifecycle state (initialLifecycleState attribute).
 This newly created user is disabled and doesn't have any roles assigned until he/she confirms the registration.
-Confirmation of registration is configurable using additionalAuthenticationName attribute.
+Confirmation of registration is configurable using additionalAuthenticationSequence attribute.
 After user successfully confirms the registration, default roles are assigned to him/her - default roles are configured using defaultRole attribute.
 
 
 === Authentication Part
 
-[source,xml]
-----
-   <authentication>
-      <mailAuthentication>
-         <name>confirmationLink</name>
-         <displayName>Additional mail authentication</displayName>
-         <mailNonce>mailNonce</mailNonce>
-      </mailAuthentication>
-   </authentication>
-----
-
-[WARNING]
-.Deprecated From MidPoint 4.1 and will be removed in 4.5
-====
-Configuration attribute '_securityPolicy/authentication/mailAuthentication_' is deprecated. Please use _xref:/midpoint/reference/security/authentication/flexible-authentication/configuration/[Flexible Authentication]_.
-====
-
 [source, xml]
 ----
 <authentication>
@@ -183,8 +156,8 @@ Configuration attribute '_securityPolicy/authentication/mailAuthentication_' is
 </authentication>
 ----
 
-Authentication part contains configuration for the method used for registration confirmation.
-Examples above uses mail authentication which means that the user receives the mail with the confirmation link.
+Authentication part contains configuration for the sequence used for registration confirmation.
+Examples above uses mailNonce authentication sequence which means that the user receives the mail with the confirmation link.
 After clicking on the link in the mail midPoint tries to confirm the user.
 
 === Credentials Part
@@ -403,4 +376,6 @@ image::confirmation-success.png[]
 
 * xref:/midpoint/reference/admin-gui/custom-forms/[Custom Forms]
 
-* xref:/midpoint/reference/security/credentials/password-policy/[Password Policy]
+* xref:/midpoint/reference/security/credentials/password-policy/[Password Policy]
+
+* xref:/midpoint/reference/security/authentication/flexible-authentication/configuration/[Flexible Authentication]

docs/security/authentication/flexible-authentication/configuration.adoc

@@ -899,6 +899,8 @@ Definition for OpenID Provider. Possible attributes are:
 
 |===
 
+Required attribute is only 'issuerUri', because midPoint get configuration for all other uris from 'issuerUri'/.well-known/openid-configuration. MidPoint can write error to log file, that some from optional configuration uris is null and required. This error we can see when 'issuerUri'/.well-known/openid-configuration is unavailable.
+
 .Example of Client configuration with client authentication for client signed JWT
 [source,xml]
 ----

docs/security/credentials/password-reset/configuration-before-4-6.adoc

@@ -1,5 +1,5 @@
 = Password Reset Configuration before 4.6
-:page-nav-title: Password Reset
+:page-nav-title: Password Reset before 4.6
 :page-wiki-name: Reset Password Configuration
 :page-wiki-id: 24084529
 :page-wiki-metadata-create-user: katkav

docs/security/credentials/password-reset/index.adoc

@@ -1,11 +1,5 @@
 = Password Reset Configuration
 :page-nav-title: Password Reset
-:page-wiki-name: Reset Password Configuration
-:page-wiki-id: 24084529
-:page-wiki-metadata-create-user: katkav
-:page-wiki-metadata-create-date: 2016-11-18T12:26:50.495+01:00
-:page-wiki-metadata-modify-user: honchar
-:page-wiki-metadata-modify-date: 2020-09-29T12:28:10.324+02:00
 :page-toc: top
 :page-upkeep-status: red