Deployed 195a9b8 to current with MkDocs 1.3.0 and mike 1.1.2

current/eoepca/login-service/index.html

@@ -621,6 +621,26 @@
     Values
   </a>
 
+</li>
+
+        <li class="md-nav__item">
+  <a href="#post-deployment-manual-steps" class="md-nav__link">
+    Post-deployment Manual Steps
+  </a>
+
+    <nav class="md-nav" aria-label="Post-deployment Manual Steps">
+      <ul class="md-nav__list">
+
+          <li class="md-nav__item">
+  <a href="#uma-resource-lifetime" class="md-nav__link">
+    UMA Resource Lifetime
+  </a>
+
+</li>
+
+      </ul>
+    </nav>
+
 </li>
 
         <li class="md-nav__item">
@@ -875,6 +895,17 @@ <h2 id="values">Values<a class="headerlink" href="#values" title="Permanent link
 <p class="admonition-title">Note</p>
 <p>The <code>resources:</code> above have been limited for the benefit of a minikube deployment. For a production deployment the values should be tuned (upwards) according to operational needs.</p>
 </div>
+<h2 id="post-deployment-manual-steps">Post-deployment Manual Steps<a class="headerlink" href="#post-deployment-manual-steps" title="Permanent link">⚓︎</a></h2>
+<p>The deployment of the Login Service has been designed, as far as possible, to automate the configuration. However, there remain some steps that must be performed manually after the scripted deployment has completed&hellip;</p>
+<h3 id="uma-resource-lifetime">UMA Resource Lifetime<a class="headerlink" href="#uma-resource-lifetime" title="Permanent link">⚓︎</a></h3>
+<p>The Login Service maintains a background service that &lsquo;cleans&rsquo; UMA resources that are older than aa certain age - by default 30 days. This lifetime does not fit the approach we are adopting, and so we must update this lifetime value to avoid the unexpected removal of UMA resources that would cause unexpected failures in policy enforcement.</p>
+<p>The client that is created by the script <code>./deploy/bin/register-client</code> (as per above) needs to be manually adjusted using the Web UI of the Login Service&hellip;</p>
+<ul>
+<li>In a browser, navigate to the Login Service (Gluu) - https://auth.192-168-49-2.nip.io/ - and login as the <code>admin</code> user</li>
+<li>Open <code>OpenID Connection -&gt; Clients</code> and search for the client created earlier - <code>Application Hub</code></li>
+<li>Fix the setting <code>Authentication method for the Token Endpoint</code>  for the <code>ApplicationHub</code> - <code>client_secret_post</code> -&gt; <code>client_secret_basic</code></li>
+<li>Save the update</li>
+</ul>
 <h2 id="login-service-usage">Login Service Usage<a class="headerlink" href="#login-service-usage" title="Permanent link">⚓︎</a></h2>
 <p>Once the deployment has been completed successfully, the Login Service is accessed at the endpoint <code>https://auth.&lt;domain&gt;/</code>, configured by your domain - e.g. <a href="https://auth.192-168-49-2.nip.io/">https://auth.192-168-49-2.nip.io/</a>.</p>
 <p>Login as the <code>admin</code> user with the credentials configured in the helm values - ref. <code>adminPass</code> / <code>ldapPass</code>.</p>

current/quickstart/scripted-deployment/index.html

@@ -1175,9 +1175,9 @@ <h3 id="apply-protection">Apply Protection<a class="headerlink" href="#apply-pro
 <h2 id="post-deploy-manual-steps">Post-deploy Manual Steps<a class="headerlink" href="#post-deploy-manual-steps" title="Permanent link">⚓︎</a></h2>
 <p>The scripted deployment has been designed, as far as possible, to automate the configuration of the deployed components. However, there remain some steps that must be performed manually after the scripted deployment has completed&hellip;</p>
 <ul>
-<li>Fix the setting <code>UMA Resource Lifetime</code> - change <code>2592000</code> -&gt; <code>2147483647</code> secs</li>
-<li>Fix the setting <code>Authentication method for the Token Endpoint</code>  for the <code>ApplicationHub</code> - <code>client_secret_post</code> -&gt; <code>client_secret_basic</code></li>
-<li>Add groups <code>group-1</code>, <code>group-2</code>, <code>group-3</code> to ApplicationHub, and add users <code>eric</code>, <code>bob</code> to these groups</li>
+<li>Login Service: <a href="../../eoepca/login-service/#uma-resource-lifetime">UMA Resource Lifetime</a></li>
+<li>Application Hub: <a href="../../eoepca/application-hub/#oidc-client">OIDC Client</a></li>
+<li>Application Hub: <a href="../../eoepca/application-hub/#groups-and-users">Groups and Users</a></li>
 </ul>
 <h2 id="create-user-workspaces">Create User Workspaces<a class="headerlink" href="#create-user-workspaces" title="Permanent link">⚓︎</a></h2>
 <p>The protection steps created the test users <code>eric</code> and <code>bob</code>. For completeness we use the Workspace API to create their user workspaces, which hold their personal resources (data, processing results, etc.) within the platform - see <a href="../../eoepca/workspace/">Workspace</a>.</p>