fixed some styling and markeddownlint violation proposals #29

docs/blueprints/by-use-case/security/authentik/1_cce-authentik.md

@@ -5,6 +5,7 @@ tags: [cce, authentik, security, ingress, nginx-ingress]
 ---
 
 # Deploy Authentik on CCE
+
 This tutorial will guide you through the process of setting up authentik on your CCE Kubernetes environment.
 
 ### Prerequisites
@@ -18,13 +19,13 @@ Before starting the installation, ensure you have the following:
 
 Begin by generating secure passwords for the database and cache. Use one of these commands:
 
-```
+```shell
 pwgen -s 50 1
-``` 
+```
 
 or
 
-```
+```shell
 openssl rand 60 | base64 -w 0
 ```
 
@@ -56,38 +57,35 @@ redis:
     enabled: true
 ```
 
-:::note Notice
-Replace `PleaseGenerateASecureKey` and `ThisIsNotASecurePassword` with secure passwords you generated earlier.
-:::
+:::note
+
+- Replace `PleaseGenerateASecureKey` and `ThisIsNotASecurePassword` with secure passwords you generated earlier.
+- Here we are using nginx as ingress controller if you use other ingress controller (like traefik or kong) specify it under path `server.ingress.ingressClassName`. Also replace `authentik.test-domain.com` with the domain name you intend for Authentik.
 
-:::note Notice
-Here we are using nginx as ingress controller if you use other ingress controller (like traefik or kong) specify it under path `server.ingress.ingressClassName`. Also replace `authentik.test-domain.com` with the domain name you intend for Authentik.
 :::
 
 ### Installing Authentik Using Helm
 
 1. Add the authentik Helm repository:
 
-    ```
+    ```shell
     helm repo add authentik https://charts.goauthentik.io
     ```
 
 2. Update your Helm repositories:
 
-    ```
+    ```shell
     helm repo update
     ```
 
 3. Install authentik using Helm:
 
-    ```
+    ```shell
     helm upgrade --install authentik authentik/authentik -f values.yaml
     ```
 
    This command will install authentik or upgrade an existing installation using the values specified in your **values.yaml** file.
 
-
-
 ### Accessing Authentik
 
 Once the installation is complete, you can access authentik by following these steps:

docs/blueprints/by-use-case/security/authentik/2_identity-federation-github.md

@@ -31,13 +31,10 @@ Identity Federation with GitHub refers to the process of allowing users to authe
 - **Corporate Applications**: Employees can use their GitHub credentials to access internal corporate applications, streamlining the onboarding process and enhancing security.
 - **Open Source Projects**: Open source contributors can authenticate using their GitHub accounts, ensuring a seamless experience across various project management and collaboration tools.
 
-
 ## Connecting Authentik with GitHub for Federation and Social Login
 
-
 This guide will walk you through the process of setting up GitHub as an authentication source in authentik, allowing users to log in using their GitHub credentials.
 
-
 ### Prerequisites
 
 Before you begin, make sure you have:
@@ -48,6 +45,7 @@ Before you begin, make sure you have:
 
 :::note Note
 Throughout this guide, we'll use the following placeholders:
+
 - `authentik.test-domain.com` as the FQDN of your authentik installation
 - `test-domain.com` as your site's homepage URL
 :::
@@ -66,8 +64,7 @@ Throughout this guide, we'll use the following placeholders:
 5. On the next page, note down the *Client ID*
 6. Click *Generate a new client secret* and immediately copy it
 
-
-:::note NOTE
+:::caution
 You won't be able to see the client secret again, so make sure to save it securely.
 :::
 
@@ -81,7 +78,7 @@ You won't be able to see the client secret again, so make sure to save it secure
    - *Consumer Key*: Paste the Client ID from GitHub
    - *Consumer Secret*: Paste the Client Secret from GitHub
   ![image](/img/docs/blueprints/by-use-case/security/authentik/github-idp-configuration.png)
-    
+
 4. Save the configuration
 
 Your GitHub OAuth Source in authentik is now set up and ready to use.
@@ -110,8 +107,7 @@ To automatically add users who log in via GitHub to a default group in authentik
 4. Click *Edit Stage* of *default-user-settings-write*
 5. Set a default group under *Group* for the newly created users which login using github
    ![image](/img/docs/blueprints/by-use-case/security/authentik/configure-groups-enrollment-stage.png)
-6. Click *Update* 
-
+6. Click *Update*
 
 #### Step 4: Configure Post-Authentication Flow
 

docs/blueprints/by-use-case/security/authentik/3_authentik-as-identity-provider-iam.md

@@ -4,6 +4,7 @@ title: Authentik as an Identity Provider for IAM
 tags: [security, oauth2, iam, authentik]
 ---
 # Connecting Authentik with IAM for Login
+
 This guide will walk you through the process of integrating authentik, with Identity and Access Management (IAM) of Open Telekom Cloud using OAuth 2.0.
 
 ## Prerequisites
@@ -15,6 +16,7 @@ Before starting the integration, ensure you have:
 - Basic understanding of OAuth 2.0 concepts and flows
 
 ## Adding Groups in Scope Mapping for Authentik
+
 Scope Mapping in authentik allows you to control what information is shared with applications when users authenticate. Adding groups to scope mapping can be particularly useful for role-based access control in IAM. Here's how to set it up:
 
 1. Log in to your authentik admin interface
@@ -58,7 +60,6 @@ Scope Mapping in authentik allows you to control what information is shared with
    - Status: *Enabled*
   ![image](/img/docs/blueprints/by-use-case/security/authentik/create-idp-iam.png)
 
-
 ### Configure the IAM Identity Provider
 
 Find your newly created provider in Identity Providers list and click *Modify*:
@@ -67,13 +68,13 @@ Find your newly created provider in Identity Providers list and click *Modify*:
 
 Set the following values:
 
-   - **Access Type**: *Programmatic access and management console access*
-   - **Identity Provider URL**: URL of authentik (e.g. `https://test-domain.com/application/o/authentik-iam/`)
-   - **Client ID**: The id of your client as defined in *Configuring Authentik as an OAuth Provider*
-   - **Authorization Endpoint**: copy the value from key *authorization_endpoint* of the *OpenID Endpoint Configuration* (e.g. `https://test-domain.com/application/o/authorize/`)
-   - **Scopes**: Select the required scopes (e.g., openid, profile, email, groups)
-   - **Response Mode**: `form_post`
-   - **Signing Key**: Value of the key `jwks_uri` of the *OpenID Endpoint Configuration* JSON output
+- **Access Type**: *Programmatic access and management console access*
+- **Identity Provider URL**: URL of authentik (e.g. `https://test-domain.com/application/o/authentik-iam/`)
+- **Client ID**: The id of your client as defined in *Configuring Authentik as an OAuth Provider*
+- **Authorization Endpoint**: copy the value from key *authorization_endpoint* of the *OpenID Endpoint Configuration* (e.g. `https://test-domain.com/application/o/authorize/`)
+- **Scopes**: Select the required scopes (e.g., openid, profile, email, groups)
+- **Response Mode**: `form_post`
+- **Signing Key**: Value of the key `jwks_uri` of the *OpenID Endpoint Configuration* JSON output
    ![image](/img/docs/blueprints/by-use-case/security/authentik/configure-idp-iam.png)
 
 :::note Note
@@ -82,7 +83,7 @@ All of the links for your setup can be found in *Overview* page of the *OAuth2/O
 
 ## Configure the IAM Identity Provider Conversion Rules
 
-You can use [identity conversion rules](https://docs.otc.t-systems.com/identity-access-management/umn/user_guide/identity_providers/virtual_user_sso_via_openid_connect/step_2_configure_identity_conversion_rules.html) to map the identities of existing users to Open Telekom Cloud and control their access to cloud resources. 
+You can use [identity conversion rules](https://docs.otc.t-systems.com/identity-access-management/umn/user_guide/identity_providers/virtual_user_sso_via_openid_connect/step_2_configure_identity_conversion_rules.html) to map the identities of existing users to Open Telekom Cloud and control their access to cloud resources.
 
 By default federated users are named *FederationUser* in the Open Telekom Cloud platform. These users can only log in to
 the cloud platform and they do not have **any** other permissions. You can configure identity conversion rules on the
@@ -133,11 +134,12 @@ The *local* part defines the mapping between the remote properties and the local
 as the value of ``fidp-<user-email>`` and will automatically belong to the ``ecs-admin`` if it is a member of ``github-users``.
 
 :::warning
-Notice that the *ecs-admin* group is created in advanced so the IAM can find the group localy and it would automatically add all the users which belong to the *github-users* in remote identity provider to this local group. If it cannot match the user to any group the access of the user would be simply denied. 
+Notice that the *ecs-admin* group is created in advanced so the IAM can find the group localy and it would automatically add all the users which belong to the *github-users* in remote identity provider to this local group. If it cannot match the user to any group the access of the user would be simply denied.
 :::
 
 :::tip Tip
 You can find more detailed info about *Conversion Rules* under:
+
 - [Configure Identity Conversion Rules](https://docs.otc.t-systems.com/identity-access-management/umn/user_guide/identity_providers/virtual_user_sso_via_openid_connect/step_2_configure_identity_conversion_rules.html)
 - [Syntax of Identity Conversion Rules](https://docs.otc.t-systems.com/identity-access-management/umn/user_guide/identity_providers/syntax_of_identity_conversion_rules.html#en-us-topic-0079620340)
 :::

docs/blueprints/by-use-case/security/authentik/overview.md

@@ -50,7 +50,6 @@ Authentik integrates with a wide range of systems and protocols, including:
 - SCIM for user provisioning
 - Various MFA providers (TOTP, WebAuthn, etc.)
 
-
 :::warning Notice
 While Authentik provides a comprehensive identity management solution, proper configuration and security best practices are essential for maintaining a secure environment.
-:::
+:::