Merge pull request #5120 from himeshsiriwardana/additional-7-1-bug-fixes

multiple bug fixes for IS 7.1

en/identity-server/7.0.0/docs/deploy/security/security-guidelines/network-level-security-guidelines.md

@@ -33,13 +33,15 @@ Firmware updates for your network devices should be applied regularly.
 
 ## Contexts
 
-Access to the `/services` and `/carbon` contexts should be blocked from the DMZ level, i.e., from the proxy server, load balancer, and/or firewall.
+Access to the  `/console`, `/services` and `/carbon` contexts should be blocked from the DMZ level, i.e., from the proxy server, load balancer, and/or firewall.
+
+- The `/console` context is used in WSO2 Identity Server to expose the Console. The Console is a user interface for performing administrative operations of the product.
 
 - The `/services` context is used in WSO2 Identity Server to expose admin services. These admin services are used for performing administrative operations using SOAP requests.
 
-- The `/carbon` context is used in WSO2 Identity Server to expose the Management Console. The Management Console is a user interface for performing some of the administrative operations of a product.
+- The `/carbon` context is used in WSO2 Identity Server to expose the legacy management console and offers some limited administrative functions.
 
-- In addition to the `/services` and `/carbon` contexts, be sure to expose only the required applications in your product to users beyond the DMZ level in your network.
+- In addition to the `/carbon`, `/services` and `/carbon` contexts, be sure to expose only the required applications in your product to users beyond the DMZ level in your network.
 
 !!! tip
     It is recommended to identify and use components listed under the allowlist when allowing access to resources in your product from the DMZ level.

en/identity-server/next/docs/deploy/get-started/install.md

@@ -372,7 +372,7 @@ Extract the WSO2 product that you want to run as a Linux service and set the env
     esac
     ```
 
-    ??? note "Example startup script written for WSO2 Identity Server 7.0.0"
+    ??? note "Example startup script written for WSO2 Identity Server {{is_version}}"
         ``` bash
         #! /bin/sh
         ### BEGIN INIT INFO
@@ -384,7 +384,7 @@ Extract the WSO2 product that you want to run as a Linux service and set the env
         # Short-Description: starts the wso2 identity server
         ### END INIT INFO
         export JAVA_HOME="/usr/lib/jvm/java-11-openjdk-amd64"
-        export CARBON_HOME="/home/ubuntu/wso2is-7.0.0"
+        export CARBON_HOME="/home/ubuntu/wso2is-{{is_version}}"
 
         startcmd="${CARBON_HOME}""/bin/wso2server.sh start > /dev/null &"
         restartcmd="${CARBON_HOME}""/bin/wso2server.sh restart > /dev/null &"
@@ -579,7 +579,7 @@ Copy the `wrapper.conf` file found in the `<IS_HOME>/bin/yajsw/` directory and p
 
 #### Set up `carbon_home`
 
-Extract the Carbon-based product that you want to run as a Windows service, and then set the Windows environment variable `carbon_home` to the directory from which you extracted the product. For example, if you want to run WSO2 Identity Server as a Windows service, you would set `carbon_home` to the extracted `wso2is-7.0.0` directory.
+Extract the Carbon-based product that you want to run as a Windows service, and then set the Windows environment variable `carbon_home` to the directory from which you extracted the product. For example, if you want to run WSO2 Identity Server as a Windows service, you would set `carbon_home` to the extracted `wso2is-{{is_version}}` directory.
 
 #### Run the product in console mode
 

en/identity-server/next/docs/deploy/monitor/remote-log-publishing.md

@@ -1,8 +1,8 @@
 # Remote Log Publishing
 
-The Remote Log Publishing feature in {{ product_name }} allows organizations to securely transmit and store [audit logs]({{base_path}}/deploy/monitor/monitor-logs/) on an external server. This capability ensures that critical log data is not only preserved in a secure location but also remains readily accessible for thorough analysis and compliance auditing.
+The Remote Log Publishing feature in {{ product_name }} allows organizations to securely transmit and store [audit logs]({{base_path}}/deploy/monitor/monitor-logs/) in an external server. This capability ensures that critical log data is not only preserved in a secure location but also remains readily accessible for thorough analysis and compliance auditing.
 
-## Setting Up Remote Audit Log Publishing
+## Set up
 
 !!! note "Before you begin"
 
@@ -11,9 +11,10 @@ The Remote Log Publishing feature in {{ product_name }} allows organizations to
 
 Follow the steps below to configure remote log publishing to an external system:
 
-1. On the {{ product_name }} Console, go to **Server**.
-2. Click **Remote Log Publishing**.
-3. Enter the following details of the remote log publisher and click **Update**:
+1. On the {{ product_name }} Console, click the **Root Organization** dropdown at the top and click **Manage Root Organizations**.
+2. Click on the gear icon to enter the system settings.
+
+3. Enter the following details in the **Remote Log Publishing** tab and click **Update**:
 
     <table>
         <tr>
@@ -27,42 +28,42 @@ Follow the steps below to configure remote log publishing to an external system:
             <td><code>https://logserver.example.com/store</code></td>
         </tr>
         <tr>
-            <td>Connection Timeout</td>
+            <td>Connection timeout</td>
             <td>The timeout in milliseconds for connecting to the remote server.</td>
             <td><code>2000</code></td>
         </tr>
         <tr>
-            <td>Verify Hostname</td>
-            <td>Whether to verify the remote server's hostname against its SSL certificate.</td>
+            <td>Verify the hostname</td>
+            <td>Select to verify the remote server's hostname against its SSL certificate.</td>
             <td><code>true</code> or <code>false</code></td>
         </tr>
         <tr>
-            <td>Remote Server Username</td>
+            <td>Remote server username</td>
             <td>The username for basic authentication with the remote server.</td>
             <td><code>admin</code></td>
         </tr>
         <tr>
-            <td>Remote Server Password</td>
+            <td>Remote server password</td>
             <td>The password for basic authentication with the remote server.</td>
             <td><code>admin_password</code></td>
         </tr>
         <tr>
-            <td>Keystore Location</td>
+            <td>Keystore location</td>
             <td>The file path to the keystore for SSL connections.</td>
             <td><code>/etc/identity/keystore.jks</code></td>
         </tr>
         <tr>
-            <td>Keystore Password</td>
+            <td>Keystore password</td>
             <td>The password for the keystore.</td>
             <td><code>keystore_password</code></td>
         </tr>
         <tr>
-            <td>Truststore Location</td>
+            <td>Truststore location</td>
             <td>The file path to the truststore for SSL connections.</td>
             <td><code>/etc/identity/truststore.jks</code></td>
         </tr>
         <tr>
-            <td>Truststore Password</td>
+            <td>Truststore password</td>
             <td>The password for the truststore.</td>
             <td><code>truststore_password</code></td>
         </tr>

en/identity-server/next/docs/deploy/security/configure-admin-advisory-banner.md

@@ -7,9 +7,9 @@ The Admin Advisory Banner feature in {{ product_name }} enhances security by dis
 
 Follow the steps below to configure the Admin Advisory Banner:
 
-1. Navigate to the {{ product_name }} Console.
-2. Go to the **Server** section to click the **Admin Advisory Banner** settings.
-3. Toggle the **Enabled** switch to activate or deactivate the advisory banner.
+1. On the {{ product_name }} Console, click the **Root Organization** dropdown at the top and click **Manage Root Organizations**.
+2. Click on the gear icon to enter the system settings.
+3. Select the **Admin Advisory Banner** tab and turn the **Enabled** toggle on/off to activate/deactivate the advisory banner.
 4. Enter the desired warning message in the **Banner content** text box. This message will be displayed on the login page to warn administrators about monitoring policies.
 5. Click the **Update** button to save the changes and implement the banner with the specified message.
 

en/identity-server/next/docs/deploy/security/security-guidelines/network-level-security-guidelines.md

@@ -33,13 +33,15 @@ Firmware updates for your network devices should be applied regularly.
 
 ## Contexts
 
-Access to the `/services` and `/carbon` contexts should be blocked from the DMZ level, i.e., from the proxy server, load balancer, and/or firewall.
+Access to the  `/console`, `/services` and `/carbon` contexts should be blocked from the DMZ level, i.e., from the proxy server, load balancer, and/or firewall.
+
+- The `/console` context is used in WSO2 Identity Server to expose the Console. The Console is a user interface for performing administrative operations of the product.
 
 - The `/services` context is used in WSO2 Identity Server to expose admin services. These admin services are used for performing administrative operations using SOAP requests.
 
-- The `/carbon` context is used in WSO2 Identity Server to expose the Management Console. The Management Console is a user interface for performing some of the administrative operations of a product.
+- The `/carbon` context is used in WSO2 Identity Server to expose the legacy management console and offers some limited administrative functions.
 
-- In addition to the `/services` and `/carbon` contexts, be sure to expose only the required applications in your product to users beyond the DMZ level in your network.
+- In addition to the `/carbon`, `/services` and `/carbon` contexts, be sure to expose only the required applications in your product to users beyond the DMZ level in your network.
 
 !!! tip
     It is recommended to identify and use components listed under the allowlist when allowing access to resources in your product from the DMZ level.

en/identity-server/next/docs/get-started/subscribe-for-ai-features.md → en/identity-server/next/docs/get-started/subscribe-to-ai-features.md

@@ -1,4 +1,4 @@
-# Subscribe for AI features
+# Subscribe to AI features
 
 {{product_name}} brings AI-powered simplicity to your application setup, making it faster and smarter. With intuitive, text-driven intelligent features, you can streamline complex tasks effortlessly. Currently, {{product_name}} offers the following AI-driven capabilities:
 

en/identity-server/next/mkdocs.yml

@@ -340,6 +340,7 @@ plugins:
         # To address the broken links in the API Authorization guides due to the directory structure mismatch is Asgardeo and IS
         'guides/api-authorization.md': 'guides/authorization/api-authorization/api-authorization.md'
         'guides/authorization/impersonation/user-impersonation.md': 'guides/authorization/user-impersonation.md'
+        'get-started/subscribe-for-ai-features.md': 'get-started/subscribe-to-ai-features.md'
 
 # Navigation
 nav:
@@ -367,7 +368,7 @@ nav:
         - Web apps:
           - OIDC Java EE: get-started/try-your-own-app/java-ee-oidc.md
           - SAML Java EE: get-started/try-your-own-app/java-ee-saml.md
-    - Subscribe for AI features: get-started/subscribe-for-ai-features.md
+    - Subscribe to AI features: get-started/subscribe-to-ai-features.md
     - About this release: get-started/about-this-release.md
   - Guides: 
       - Guides: guides/index.md
@@ -741,7 +742,6 @@ nav:
         - WSO2 clusters with Nginx: deploy/front-with-the-nginx-load-balancer.md
         - Databases for clustering: deploy/set-up-separate-databases-for-clustering.md
         - Change the hostname: deploy/change-the-hostname.md
-        - Enable adaptive authentication: deploy/enable-adaptive-authentication.md
         - Configure Hazelcast: deploy/configure-hazelcast.md
         - Backup and recovery recommendations: deploy/backup-and-recovery-recommendations.md
         - Troubleshoot in production environments: deploy/monitor/troubleshoot-in-production-environments.md

en/includes/guides/authentication/login-flow-ai.md

@@ -8,7 +8,7 @@ AI-powered login flow generation simplifies the setup of authentication sequence
 {% if product_name == "WSO2 Identity Server" and is_version != "7.0.0" %}
 !!! note "Enable AI-powered features"
 
-    To enable AI-powered features, {{product_name}} requires a subscription key from the [WSO2 AI subscription portal](https://ai-subscriptions.wso2.com/){target="_blank"}. See the [guide]({{base_path}}/get-started/subscribe-for-ai-features/) for step by step instructions.
+    To enable AI-powered features, {{product_name}} requires a subscription key from the [WSO2 AI subscription portal](https://ai-subscriptions.wso2.com/){target="_blank"}. See the [guide]({{base_path}}/get-started/subscribe-to-ai-features/) for step by step instructions.
 
 {% endif %}
 ## Generate login flows with Login Flow AI

en/includes/guides/authentication/oidc/implement-device-flow.md

@@ -6,28 +6,29 @@ Refer [how the device authorization flow work]({{base_path}}/references/grant-ty
 
 ## Prerequisites
 
-??? note "[Optional] Update device flow configurations"
-    The device authorization grant is available by default in WSO2 Identity Server. If you need to update configurations, navigate to `<IS_HOME>/repository/conf/deployment.toml` and update the configurations in `[oauth.grant_type.device_code]` section as required.
+1. You need to have an application registered in {{ product_name }}. If you don't already have one, register a [standard-based OIDC application]({{base_path}}/guides/applications/register-standard-based-app/).
 
-    ```
-    [oauth.grant_type.device_code]
-    key_length = 7
-    expiry_time = "10m"
-    polling_interval = "5s"
-    key_set = "BCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz23456789"
-    ```
+2. Create a [user account]({{base_path}}/guides/users/manage-users/).
+
+3. (Optional) Update device flow configurations.
 
-    | Parameter | Description   |
-    |-----------|---------------|
-    | `key_length`  | The length of the user code.  |
-    | `expiry_time` | The expiry time of the user code and the device code. |
-    | `polling_interval`    | The minimum delay of the client between each polling request to the token endpoint.   |
-    | `key_set`   | The set of characters that is used to generate the user code.   |
+    ??? note "Device flow configurations"
+        The device authorization grant is available by default in WSO2 Identity Server. If you need to update configurations, navigate to `<IS_HOME>/repository/conf/deployment.toml` and update the configurations in `[oauth.grant_type.device_code]` section as required.
 
-To get started, you need to have an application registered in {{ product_name }}. If you don't already have one, [register a web app with OIDC]({{base_path}}/guides/applications/register-oidc-web-app/).
+        ```
+        [oauth.grant_type.device_code]
+        key_length = 7
+        expiry_time = "10m"
+        polling_interval = "5s"
+        key_set = "BCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz23456789"
+        ```
 
-!!! note
-    Note that only users can log in to business applications. Therefore, to test login on your application, you need a [user account]({{base_path}}/guides/users/manage-users/).
+        | Parameter | Description   |
+        |-----------|---------------|
+        | `key_length`  | The length of the user code.  |
+        | `expiry_time` | The expiry time of the user code and the device code. |
+        | `polling_interval`    | The minimum delay of the client between each polling request to the token endpoint.   |
+        | `key_set`   | The set of characters that is used to generate the user code.   |
 
 ## Get the required codes
 First, your app must initiate a login request to the authorization endpoint of {{ product_name }}. After redirecting to {{ product_name }}, the user should be prompted with a login page if the user is not authenticated.

en/includes/guides/authentication/social-login/add-facebook-login.md

@@ -36,18 +36,18 @@ To register an app on Facebook:
 
 8. Under **Facebook Login** > **Quickstart**, click **Go to quickstart**.
 
-9. Select **Web** as the platform for this app and provide the following **Site URL** with your organization name and click **Save**.
+9. Select **Web** as the platform for this app and provide the following **Site URL** and click **Save**.
 
-    ```bash no-line-numbers
-    https://api.asgardeo.io/t/<organization_name>
+    ```bash
+    {{ product_url_format }}
     ```
 
 10. Return to the **Use cases** > **Customize** section and under **Facebook login** > **Settings**, click **Go to settings**.
 
 11. Add the following as the **Valid OAuth Redirect URIs** and click **Save changes**.
 
     ```bash
-    {{ product_url_format }}
+    {{ product_url_format }}/commonauth
     ```
 
 12. Enable **Client OAuth Login** and **Web OAuth Login** (these are enabled by default) and save the changes.

en/includes/guides/authentication/user-attributes/enable-attributes-for-oidc-app.md

@@ -151,8 +151,11 @@ _A sample userinfo response is given below:_
 
 1. On the {{ product_name }} Console, go to **Applications**.
 2. Select your application and go to its **User Attributes** tab.
+{% if product_name == "Asgardeo" or (product_name == "WSO2 Identity Server" and is_version != "7.0.0") %}
 3. Scroll down and under **Linked Accounts**, select **Prioritize local account attributes**.
-
+{% else %}
+3. Scroll down and under **Linked Accounts**, select **Validate linked local account**.
+{% endif %}
     ![Prioritize local account attributes]({{base_path}}/assets/img/guides/applications/attributes/oidc/prioritize-local-account-attributes.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
 
 Once enabled, the tokens issued from this application during federated authentication with an [external identity provider]({{base_path}}/guides/authentication/#supported-external-idps) will contain the attributes of the local account which is linked with the entity identified by the subject claim of the token issued by the external identity provider.