diff --git a/docs/docs-content/clusters/edge/edge-native-lifecycle.md b/docs/docs-content/clusters/edge/edge-native-lifecycle.md index 2b7ac2359d..0ec87019d4 100644 --- a/docs/docs-content/clusters/edge/edge-native-lifecycle.md +++ b/docs/docs-content/clusters/edge/edge-native-lifecycle.md @@ -36,7 +36,7 @@ SaaS or a self-hosted instance. The following diagram represents the deployment static IP address, network proxy, and SSL certificates with site user data or Palette Terminal User Interface (TUI). For more information, refer to [Deploy Edge Hosts On-Site](./site-deployment/site-installation/site-installation.md). -5. **Cluster formation**. One an Edge host is registered with Palette, the Edge host can be used to form a new cluster +5. **Cluster formation**. Once an Edge host is registered with Palette, the Edge host can be used to form a new cluster or be added to an existing cluster. Each cluster uses a cluster profile modeled in the **Modeling** stage. For more information, refer to [Cluster Definition](./site-deployment/cluster-deployment.md). diff --git a/docs/docs-content/release-notes/known-issues.md b/docs/docs-content/release-notes/known-issues.md index c86ad05f30..fb61368da6 100644 --- a/docs/docs-content/release-notes/known-issues.md +++ b/docs/docs-content/release-notes/known-issues.md @@ -16,6 +16,7 @@ The following table lists all known issues that are currently active and affecti | Description | Workaround | Publish Date | Product Component | | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | -------------------------- | +| Palette CLI users who authenticated with the `login` command and specified a Palette console endpoint that does not contain the tenant name are encountering issues with expired JWT tokens. | Re-authenticate using your tenant URL, for example, `https://my-org.console.spectrocloud.com.` If the issue persists after re-authenticating, remove the `~/.palette/palette.yaml` file that is auto-generated by the Palette CLI. Re-authenticate with the `login` command if other commands require it. | July 25, 2024 | CLI | | Adding new cloud providers, such as Nutanix, is currently unavailable. Private Cloud Gateway (PCG) deployments in new Nutanix environments fail to complete the installation. As a result, adding a new Nutanix environment to launch new host clusters is unavailable. This does not impact existing Nutanix deployments with a PCG deployed. | No workarounds are available. | July 20, 2024 | Clusters, Self-Hosted, PCG | | Single-node Private Cloud Gateway (PCG) clusters are experiencing an issue upgrading to 4.4.11. The vSphere CSI controller pod fails to start because there are no matching affinity rules. | Check out the [vSphere Controller Pod Fails to Start in Single Node PCG Cluster](../troubleshooting/pcg.md#scenario---vsphere-controller-pod-fails-to-start-in-single-node-pcg-cluster) guide for workaround steps. | July 20, 2024 | PCG | | When provisioning an Edge cluster, it's possible that some Operating System (OS) user credentials will be lost once the cluster is active. This is because the cloud-init stages from different sources merge during the deployment process, and sometimes, the same stages without distinct names overwrite each other. | Give each of your cloud-init stages in the OS pack and in the Edge installer **user-data** file a unique name. For more information about cloud-init stages and examples of cloud-init stages with names, refer to [Cloud-init Stages](../clusters/edge/edge-configuration/cloud-init.md). | July 17, 2024 | Edge | diff --git a/docs/docs-content/user-management/saml-sso/palette-sso-with-keycloak.md b/docs/docs-content/user-management/saml-sso/palette-sso-with-keycloak.md index 9a8c72868c..543a45b6fa 100644 --- a/docs/docs-content/user-management/saml-sso/palette-sso-with-keycloak.md +++ b/docs/docs-content/user-management/saml-sso/palette-sso-with-keycloak.md @@ -206,16 +206,40 @@ Use the following steps to validate the SSO configuration. ![Image of project roles highlighted](/keycloak/user-management_saml-sso_keycloak-15-palette-project.webp "Palette Project") -4. From the left **Main Menu**, select **Tenant Settings**. Next, click on **SSO** to access the SSO configuration page. +### Sync Keycloak Groups and Palette Teams + +1. Switch back to the Keycloak admin console and modify the **profile** Client Scope. Navigate to the left **Main Menu** + and select **Client Scope**. Click on the **Profile** button. + + ![Image of keycloak mappers highlighted](/keycloak/user-management_oidc-sso-keycloak-19-keycloak-client-scopes.webp "Palette Project") + +2. Within the **profile** Client scope details, click **Mappers**, then **Add mapper** and **By configuration**. + +3. Navigate to **Group Membership** in the Configure a new mapper modal. + +4. Next, ensure the **Name** and **Token Claim Name** fields are both **groups**. + + ![Image of keycloak client scopes highlighted](/keycloak/user-management_oidc-sso-keycloak-20-keycloak-mapper.webp "Palette Project") + +5. Deselect the radio button for **Full group path**. + +6. Save the add mapper page. + +You have now ensured that the groups for the Keycloak user are within the token attributes, ensure the Keycloak group +and the Palette group match. + +### Default Teams + +1. From the left **Main Menu**, select **Tenant Settings**. Next, click on **SSO** to access the SSO configuration page. Click on the **OIDC** tab to access the OIDC configuration page. Scroll down to the **SSO Admins** section and select the **admins** team from the **Default Team** drop-down Menu. Click on **Save**. -5. Navigate back to the Keycloak admin console. From the left **Main Menu** click on **Users**. Create a user and ensure +2. Navigate back to the Keycloak admin console. From the left **Main Menu** click on **Users**. Create a user and ensure the field **Username**, **Email**, and **First Name** are filled out. Click on **Save** to save the user. ![Keycloak's management portal with the User view in focus](/keycloak/user-management_saml-sso_keycloak-17-keycloak-user.webp "Keycloak user") -6. Next, click on the **Credentials** tab and assign the user password. +3. Next, click on the **Credentials** tab and assign the user password. ![Keycloak's management portal with the User view in focus that lists all current users](/keycloak/user-management_saml-sso_keycloak-18-keycloak-password.webp "Keycloak password") diff --git a/static/assets/docs/images/keycloak/user-management_oidc-sso-keycloak-19-keycloak-client-scopes.webp b/static/assets/docs/images/keycloak/user-management_oidc-sso-keycloak-19-keycloak-client-scopes.webp new file mode 100644 index 0000000000..6e5197f0c5 Binary files /dev/null and b/static/assets/docs/images/keycloak/user-management_oidc-sso-keycloak-19-keycloak-client-scopes.webp differ diff --git a/static/assets/docs/images/keycloak/user-management_oidc-sso-keycloak-20-keycloak-mapper.webp b/static/assets/docs/images/keycloak/user-management_oidc-sso-keycloak-20-keycloak-mapper.webp new file mode 100644 index 0000000000..94d1e4454d Binary files /dev/null and b/static/assets/docs/images/keycloak/user-management_oidc-sso-keycloak-20-keycloak-mapper.webp differ