- added keycloak/github extra depths in chapters

doc/source/best-practices/security/keycloak_github.rst

@@ -38,8 +38,11 @@ Deploy Keycloak
 You can follow this blueprint to setup a working instance of Keycloak on CCE:
 :ref: `deploy_keycloak`.
 
+Configure Keycloak & IAM
+========================
+
 Create a new Realm
-==================
+++++++++++++++++++
 
 A realm manages users, credentials, roles, and groups. A user belongs to and logs into the realm he is assigned to.
 Realms are isolated from one another and can  manage and authenticate only those users that they belong to them.
@@ -52,7 +55,7 @@ this blueprint) and mark it as enabled:
 |
 
 Create a new Client
-===================
++++++++++++++++++++
 
 Clients are applications, or services, that can request the authentication of a user. Create a new client (let's call it
 ``otcac_test_company_1_client`` with type ``OpenID Connect`` and in the *Capability config* step of the wizard, activate the following Authentication
@@ -67,7 +70,7 @@ flows:
 |
 
 Configure Mappers
-=================
++++++++++++++++++
 
 Open the management console of the Client you just created, and navigate to the *Client scopes* tab. Click on the list
 item with the name: ``otcac_test_company_1_client-dedicated``:
@@ -106,7 +109,7 @@ OTC Conversion Rules. Disable the `Full group path` option:
 |
 
 Get OpenID Endpoint Configuration
-=================================
++++++++++++++++++++++++++++++++++
 
 Open `Realm Settings` and click on `OpenID Endpoint Configuration`:
 
@@ -124,8 +127,8 @@ You will be redirected to web page rendering, as JSON, all the endpoints and the
           grab some values from it, for our the next steps.
 
 
-Create a new OTC Identity Provider
-==================================
+Create a new IAM Identity Provider
+++++++++++++++++++++++++++++++++++
 
 For this step we will change to Open Telekom Cloud Console and particularly to IAM and Identity Providers. Create a new
 one, and set `Protocol` to ``OpenID Connect``, `SSO Type` to ``Virtual User`` and `Status` to ``Enabled``:
@@ -134,8 +137,8 @@ one, and set `Protocol` to ``OpenID Connect``, `SSO Type` to ``Virtual User`` an
 
 |
 
-Configure the OTC Identity Provider
-===================================
+Configure the IAM Identity Provider
++++++++++++++++++++++++++++++++++++
 
 Find your newly created provider in Identity Providers list and click `Modify`:
 
@@ -160,7 +163,7 @@ Save the changes, **but before closing this panel copy the value** of the `Ident
 need this value in the next step of this blueprint.
 
 Configure Client's Access Settings
-==================================
+++++++++++++++++++++++++++++++++++
 
 For this step we will switch back to Keycloak Administration Console, and navigate to `Access Settings` for our client:
 
@@ -174,11 +177,21 @@ Set the following values:
 - `Home URL`: ``https://auth.otc.t-systems.com``
 - `Valid redirect URIs`: ``https://auth.otc.t-systems.com/authui/oidc/post``
 
-Create new GitHub OAuth App
-===========================
+GitHub Integration
+==================
+
+Add GitHub as Identity Provider
++++++++++++++++++++++++++++++++
+
+Create new GitHub OAuth App
++++++++++++++++++++++++++++
+
+Configure GitHub Identity Provider
+++++++++++++++++++++++++++++++++++
+
+Configure the IAM Identity Provider Conversion Rules
+====================================================
 
-Add GitHub as Identity Provider to Keycloak
-===========================================
 
 .. Next steps & Related Resources