Typos & Doc

doc/sources/admin/authopenidconnect.rst

@@ -256,6 +256,4 @@ Options
     with ``verify_hostname => 0`` and ``SSL_verify_mode => 0``.
 
 
-    Go to:
+    Go to: ``General Parameters > Advanced Parameters > Security > SSL options for server requests``
-
-    ``General Parameters > Advanced Parameters > Security > SSL options for server requests``

doc/sources/admin/idpopenidconnect.rst

@@ -162,7 +162,7 @@ Exported attributes
 
 .. warning::
 
-   By default, only `standard OpenID Connect claims <http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims>`__ are visible to applications. If you want to add non-standard attributes, you must create a new scope in the *Scope values content* section and make your application request it
+   By default, only `standard OpenID Connect claims <http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims>`__ are exposed to applications. If you want to add non-standard attributes, you must create a new scope in the *Scope values content* section and make your application request it.
 
 For each OpenID Connect attribute you want to release to applications, you can define:
 
@@ -281,8 +281,8 @@ Options
       sharing consent screen (consent will be accepted by default).
       Bypassing the consent is **not** compliant with OpenID Connect
       standard.
-   -  **User attribute**: session field that will be used as main
+   -  **User attribute**: Session field that will be used as main
-      identifier (``sub``)
+      identifier (``sub``). Default value is ``whatToTrace``.
    -  **Force claims to be returned in ID Token**: This options will
       make user attributes from the requested scope appear as ID Token
       claims.

doc/sources/admin/openidconnectservice.rst

@@ -35,13 +35,12 @@ values unless you have a specific need to change them.
 Authentication context
 ~~~~~~~~~~~~~~~~~~~~~~
 
-You can associate here an authentication context to an authentication
+You can associate here an authentication context to an authentication level.
-level.
 
 Security
 ~~~~~~~~
 
--  **Keys** : define public/private key pair to do asymmetric signature. A JWKS
+-  **Keys**: Define public/private key pair to do asymmetric signature. A JWKS
    ``kid`` (Key ID) is automatically derived when generating new keys.
 -  **Dynamic Registration**: Set to 1 to allow clients to register
    themselves. This may be a security risk as this will create a new
@@ -93,9 +92,8 @@ is registered through the ``/oauth2/register`` endpoint:
 Key rotation script
 -------------------
 
-OpenID Connect specification let the possibility to rotate keys to
+OpenID Connect specifications allow to rotate keys to improve security.
-improve security. LL::NG provide a script to do this, that should be put
+LL::NG provides a script to do this, that should be used in a cronjob.
-in a cronjob.
 
 The script is ``/usr/share/lemonldap-ng/bin/rotateOidcKeys``. It can be
 run for example each week:
@@ -107,7 +105,7 @@ run for example each week:
 
 .. tip::
 
-    Set the correct Apache user, else generated configuration will
+    Set the correct Web server user, else generated configuration will
     not be readable by LL::NG.
 
 Session management