diff --git a/.ruby-version b/.ruby-version index f9892605c7..7bcbb3808b 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.4.4 +3.4.9 diff --git a/app/_event_gateway_policies/acl/index.md b/app/_event_gateway_policies/acl/index.md index 5ee70ef551..2870ffb6f3 100644 --- a/app/_event_gateway_policies/acl/index.md +++ b/app/_event_gateway_policies/acl/index.md @@ -65,7 +65,7 @@ rows: If your Kafka topics follow a naming convention with prefixes, you can easily organize them into categories with {{site.event_gateway}} by using a combination of namespaces, forwarding policies, and ACL policies. - use_case: "[How-to: Secure Kafka traffic in {{site.event_gateway_short}} with Kong Identity and ACLs](/how-to/event-gateway/kong-identity-oauth/)" description: | - Using [Kong Identity](/kong-identity/) as an auth server, verify client OAuth tokens through a virtual cluster, and apply an ACL policy to restrict access to a specific client. + Using [Kong Identity](/kong-identity/reference/) as an auth server, verify client OAuth tokens through a virtual cluster, and apply an ACL policy to restrict access to a specific client. {% endtable %} diff --git a/app/_how-tos/dev-portal/kong-identity-dcr.md b/app/_how-tos/dev-portal/kong-identity-dcr.md index ffbc7b0fcf..fa4775b0a8 100644 --- a/app/_how-tos/dev-portal/kong-identity-dcr.md +++ b/app/_how-tos/dev-portal/kong-identity-dcr.md @@ -27,7 +27,7 @@ search_aliases: tldr: q: How do I automatically create and manage Dev Portal applications in Kong Identity? a: | - You can use Dynamic Client Registration to automatically create Dev Portal applications in [Kong Identity](/kong-identity/). First, create an auth server for Kong Identity and copy your Issuer URL. Then, create a new DCR provider in your Dev Portal settings and create a new auth strategy for DCR. Apply the auth strategy to published APIs. + You can use Dynamic Client Registration to automatically create Dev Portal applications in [Kong Identity](/kong-identity/reference/). First, create an auth server for Kong Identity and copy your Issuer URL. Then, create a new DCR provider in your Dev Portal settings and create a new auth strategy for DCR. Apply the auth strategy to published APIs. prereqs: entities: diff --git a/app/_how-tos/event-gateway/kong-identity-oauth.md b/app/_how-tos/event-gateway/kong-identity-oauth.md index 8d00d54564..fb54916319 100644 --- a/app/_how-tos/event-gateway/kong-identity-oauth.md +++ b/app/_how-tos/event-gateway/kong-identity-oauth.md @@ -50,7 +50,7 @@ related_resources: - text: Event Gateway url: /event-gateway/ - text: "Kong Identity" - url: /kong-identity/ + url: /kong-identity/reference/ - text: Dynamic claim templating url: /kong-identity/#dynamic-claim-templates - text: Event Gateway ACL policy diff --git a/app/_how-tos/gateway/configure-kong-identity-oauth-introspection.md b/app/_how-tos/gateway/configure-kong-identity-oauth-introspection.md index ddeba6e1ca..b28b48f78b 100644 --- a/app/_how-tos/gateway/configure-kong-identity-oauth-introspection.md +++ b/app/_how-tos/gateway/configure-kong-identity-oauth-introspection.md @@ -17,6 +17,7 @@ works_on: - konnect tags: - authentication + - kong-identity description: Learn how to configure Kong Identity with OAuth 2.0 Introspection. tldr: @@ -42,7 +43,7 @@ faqs: automated_tests: false related_resources: - text: "Kong Identity" - url: /kong-identity/ + url: /kong-identity/reference/ - text: Dynamic claim templating url: /kong-identity/#dynamic-claim-templates - text: Configure the OIDC plugin with Kong Identity diff --git a/app/_how-tos/gateway/configure-kong-identity-oidc.md b/app/_how-tos/gateway/configure-kong-identity-oidc.md index 8045a4d7d3..6d9743a5ac 100644 --- a/app/_how-tos/gateway/configure-kong-identity-oidc.md +++ b/app/_how-tos/gateway/configure-kong-identity-oidc.md @@ -17,6 +17,7 @@ works_on: - konnect tags: - authentication + - kong-identity description: Learn how to configure Kong Identity with OIDC. tldr: @@ -49,7 +50,7 @@ faqs: automated_tests: false related_resources: - text: "Kong Identity" - url: /kong-identity/ + url: /kong-identity/reference/ - text: Dynamic claim templating url: /kong-identity/#dynamic-claim-templates - text: Configure the OAuth 2.0 Introspection plugin with Kong Identity diff --git a/app/_how-tos/gateway/configure-kong-identity-upstream-oauth.md b/app/_how-tos/gateway/configure-kong-identity-upstream-oauth.md index 0759f20293..f06addb2cb 100644 --- a/app/_how-tos/gateway/configure-kong-identity-upstream-oauth.md +++ b/app/_how-tos/gateway/configure-kong-identity-upstream-oauth.md @@ -17,6 +17,7 @@ works_on: - konnect tags: - authentication + - kong-identity description: Learn how to configure Kong Identity with Upstream OAuth. tldr: @@ -42,7 +43,7 @@ faqs: automated_tests: false related_resources: - text: "Kong Identity" - url: /kong-identity/ + url: /kong-identity/reference/ - text: Dynamic claim templating url: /kong-identity/#dynamic-claim-templates - text: Configure the OIDC plugin with Kong Identity diff --git a/app/_includes/how-tos/steps/konnect-identity-server-scope-claim-client.md b/app/_includes/how-tos/steps/konnect-identity-server-scope-claim-client.md index 4e5d91ea5f..8a08147db7 100644 --- a/app/_includes/how-tos/steps/konnect-identity-server-scope-claim-client.md +++ b/app/_includes/how-tos/steps/konnect-identity-server-scope-claim-client.md @@ -76,7 +76,7 @@ body: {% endkonnect_api_request %} -You can also configure dynamic custom claims with [dynamic claim templating](/kong-identity/#dynamic-claim-templates) to generate claims during runtime. +You can also configure dynamic custom claims with [dynamic claim templating](/kong-identity/reference/#dynamic-claim-templates) to generate claims during runtime. ## Create a client in the auth server diff --git a/app/_landing_pages/event-gateway.yaml b/app/_landing_pages/event-gateway.yaml index 3216168de5..5d8637b8ba 100644 --- a/app/_landing_pages/event-gateway.yaml +++ b/app/_landing_pages/event-gateway.yaml @@ -256,7 +256,7 @@ rows: - outcome: | Replace legacy auth methods with modern enterprise identity standards your team already uses feature: | - [OAuth](/kong-identity/) + [OAuth](/kong-identity/reference/) guide: | [Set up {{site.event_gateway_short}} with Kong Identity OAuth](/event-gateway/kong-identity-oauth/) - outcome: | diff --git a/app/_landing_pages/kong-identity.yaml b/app/_landing_pages/kong-identity.yaml new file mode 100644 index 0000000000..abd5aa30de --- /dev/null +++ b/app/_landing_pages/kong-identity.yaml @@ -0,0 +1,162 @@ +metadata: + title: "Kong Identity" + content_type: landing_page + description: "Unified machine-to-machine authentication platform within Kong Konnect." + products: + - konnect + works_on: + - konnect +rows: + - header: + type: h1 + text: "Kong Identity" + sub_text: "The unified machine-to-machine authentication platform" + + - header: + type: h2 + text: "Introducing Kong Identity" + columns: + - blocks: + - type: text + config: | + Kong Identity provides a single platform to manage traffic policy and identity policy with the [Konnect API](/api/konnect/kong-identity/v1/#/) for machine-to-machine authentication. Use Kong identity to: + * Create authorization servers per region. + * Issue and validate access tokens. + * Integrate secure auhtentication into Kong Gateway API. + - type: button + config: + text: "Learn how it works →" + url: "/kong-identity/reference/" + - blocks: + - type: image + config: + url: /assets/images/konnect/konnect-dashboard.png + alt_text: Image of the {{site.konnect_short_name}} dashboard + - header: + type: h2 + text: "Secure your APIs" + description: | + Set up and manage API access with Kong Identity + columns: + - blocks: + - type: card + config: + title: "Issue access tokens" + description: | + Use Kong Identity as the auth server. Issue and verify OAuth 2.0 / OIDC tokens without standing up a separate identity provider. + icon: /assets/icons/security.svg + ctas: + - text: Set up an authorization server + url: /kong-identity/reference/#configure-kong-identity + align: end + - blocks: + - type: card + config: + title: "" + description: | + + icon: /assets/icons/service-document.svg + ctas: + - text: + url: + align: end + - blocks: + - type: card + config: + title: "" + description: | + + icon: /assets/icons/data-object.svg + ctas: + - text: + url: + align: end + - header: + type: h2 + text: "Secure your event streams" + description: | + Authenticate Kafka clients connecting to your Event Gateway + columns: + - blocks: + - type: card + config: + title: "" + description: | + + icon: /assets/icons/security.svg + ctas: + - text: + url: + align: end + - blocks: + - type: card + config: + title: "" + description: | + + icon: /assets/icons/service-document.svg + ctas: + - text: + url: + align: end + - blocks: + - type: card + config: + title: "" + description: | + + icon: + ctas: + - text: + url: + align: end + - header: + type: h2 + text: "Plugins" + description: | + Combine Kong Identity with the available plugins: + columns: + - blocks: + - type: card + config: + title: "OpenID Connect" + description: | + Use the OpenID Connect (OIDC) plugin to integrate Kong Gateway with Kong Identity in Konnect for machine-to-machine API access. + icon: /assets/icons/plugins/openid-connect.png + ctas: + - text: Learn more + url: /plugins/openid-connect/ + align: end + - blocks: + - type: card + config: + title: "OAuth 2.0 Introspection plugin" + description: | + Validate access tokens using an OAuth 2.0 authorization server's introspection endpoint. + icon: /assets/icons/plugins/oauth2-introspection.png + ctas: + - text: Learn more + url: /plugins/oauth2-introspection/ + align: end + - blocks: + - type: card + config: + title: "Upstream OAuth" + description: | + Make your API Gateway support OAuth flows between Kong Gateway and the upstream API. The plugin supports storing tokens issued by the IdP in different backend formats. + icon: /assets/icons/plugins/upstream-oauth.png + ctas: + - text: Learn more + url: /plugins/upstream-oauth/ + align: end + + - header: + type: h2 + text: How-to guides + columns: + - blocks: + - type: how_to_list + config: + tags: + - kong-identity + quantity: 7 diff --git a/app/_redirects b/app/_redirects index d9630f9c4c..d57c132df9 100644 --- a/app/_redirects +++ b/app/_redirects @@ -259,3 +259,6 @@ /mcp/kong-mcp/tools/ /konnect-platform/konnect-mcp/tools/ /mcp/autogenerate-mcp-tools/ /mcp/map-api-to-mcp-tools/ /mcp/autogenerate-mcp-tools-for-weather-api/ /mcp/map-weather-api-to-mcp-tools/ + +# Kong Identity +/kong-identity/ /kong-identity/reference/ \ No newline at end of file diff --git a/app/konnect-platform/kong-identity.md b/app/konnect-platform/kong-identity.md index c66b08d7aa..e9860d6200 100644 --- a/app/konnect-platform/kong-identity.md +++ b/app/konnect-platform/kong-identity.md @@ -6,7 +6,7 @@ layout: reference products: - konnect -permalink: /kong-identity/ +permalink: /kong-identity/reference/ works_on: - konnect search_aliases: diff --git a/app/konnect-platform/teams-and-roles.md b/app/konnect-platform/teams-and-roles.md index 2fa926d530..26b0bab458 100644 --- a/app/konnect-platform/teams-and-roles.md +++ b/app/konnect-platform/teams-and-roles.md @@ -288,7 +288,7 @@ rows: #### Auth servers -The following table describes the predefined roles for [Kong Identity](/kong-identity/) authorization servers: +The following table describes the predefined roles for [Kong Identity](/kong-identity/reference/) authorization servers: {% table %}