second pass edits and per-page descriptions

Author: anupras-mohapatra-arm

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/background.md

@@ -1,5 +1,6 @@
 ---
-title: Understand Keycloak on Azure Cobalt 100
+title: Understand Keycloak for identity and access management on Azure Cobalt 100-based virtual machines
+description: Learn how Keycloak provides IAM, OAuth2/OpenID Connect, and single sign-on for applications running on Arm-based Azure infrastructure.
 weight: 2
 
 layout: "learningpathall"
@@ -13,26 +14,28 @@ Keycloak benefits from the strong multi-core performance and energy efficiency o
 
 ## Azure Cobalt 100 Arm-based processor
 
-Azure’s Cobalt 100 is Microsoft’s first-generation, in-house Arm-based processor. Built on Arm Neoverse N2, Cobalt 100 is a 64-bit CPU that delivers strong performance and energy efficiency for cloud-native, scale-out Linux workloads. Running at 3.4 GHz, Cobalt 100 allocates a dedicated physical core for each vCPU, ensuring consistent and predictable performance.
+Azure’s Cobalt 100 is Microsoft’s first-generation, in-house Arm-based processor. Built on Arm Neoverse N2, Cobalt 100 is a 64-bit CPU that delivers strong performance and energy efficiency for cloud-native, scale-out Linux workloads. 
+
+Running at 3.4 GHz, Cobalt 100 allocates a dedicated physical core for each vCPU, ensuring consistent and predictable performance.
 
 To learn more, see the Microsoft blog [Announcing the preview of new Azure VMs based on the Azure Cobalt 100 processor](https://techcommunity.microsoft.com/blog/azurecompute/announcing-the-preview-of-new-azure-vms-based-on-the-azure-cobalt-100-processor/4146353).
 
 ## How Keycloak provides authentication and identity management
 
 Keycloak is an open-source identity and access management (IAM) platform that simplifies authentication and authorization for applications and services.
 
-Keycloak supports modern authentication standards such as OAuth2, OIDC, and SAML. It integrates with web applications, APIs, Kubernetes platforms, microservices, and enterprise identity systems, making it ideal for securing cloud-native workloads.
+Keycloak supports modern authentication standards such as OAuth2, OIDC, and Security Asserion Markup Language (SAML). It integrates with web applications, APIs, Kubernetes platforms, microservices, and enterprise identity systems, making it ideal for securing cloud-native workloads.
+
+Keycloak provides several important capabilities for authentication and security management. With single sign-on (SSO) support, you can authenticate once and access multiple applications without logging in again. 
 
-Keycloak provides several important capabilities for authentication and security management. You can use its single sign-on (SSO) support to authenticate once and access multiple applications without logging in again. With centralized identity management, you can manage users, roles, groups, and authentication policies from a single platform. With OAuth2 and OpenID Connect support, you get simplified secure API and application authentication workflows.
+With centralized identity management, you can manage users, roles, groups, and authentication policies from a single platform. With OAuth2 and OpenID Connect support, you get simplified secure API and application authentication workflows.
 
 Keycloak also supports multi-factor authentication (MFA) for stronger account security, user federation for integrating with enterprise identity systems such as LDAP and Active Directory, and role-based access control (RBAC) to control user permissions and application access.
 
 To learn more about Keycloak, see the official [Keycloak documentation](https://www.keycloak.org/documentation).
 
-In this Learning Path, you'll deploy Keycloak on an Azure Cobalt 100 Arm64 virtual machine and configure PostgreSQL as the backend database. You'll create realms, users, and OAuth2/OpenID Connect clients, then integrate a Flask application with Keycloak authentication.
-
 ## What you've learned and what's next
 
-You've now understood why Azure Cobalt 100 and Keycloak are a strong combination for scalable authentication and identity management workloads. You also learned how Keycloak provides support for centralized identity management.
+You've now learned why Azure Cobalt 100 and Keycloak are a strong combination for scalable authentication and identity management workloads. You also learned how Keycloak provides support for centralized identity management.
 
 Next, you'll create a virtual machine on Azure that you'll use to run Keycloak and a Flask OAuth2 demo application.

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/firewall.md

@@ -1,17 +1,18 @@
 ---
-title: Allow access to Keycloak and Flask application on Azure
+title: Allow access to Keycloak and the Flask application on Azure
+description: Learn how to configure Azure Network Security Group inbound rules for Keycloak, its health endpoint, and a Flask OAuth2 demo application.
 weight: 4
 
 ### FIXED, DO NOT MODIFY
 layout: learningpathall
 ---
 
-## Configure external traffic for Keycloak and Flask application
+## Configure external traffic for Keycloak and the Flask application
 
 To allow external traffic for Keycloak and the Flask OAuth2 demo application on the Azure virtual machine, open the required ports in the network security group (NSG). 
 
 {{% notice Note %}}
-For more information about Azure setup, see [Getting started with Microsoft Azure Platform](/learning-paths/servers-and-cloud-computing/csp/azure/).
+For more information about Azure setup, see [Getting started with Microsoft Azure](/learning-paths/servers-and-cloud-computing/csp/azure/).
 {{% /notice %}}
 
 ### Add inbound firewall rules in Azure
@@ -20,41 +21,33 @@ To expose the required ports for Keycloak and the Flask application, create fire
 
 1. Navigate to the [Azure portal](https://portal.azure.com), go to **Virtual Machines**, and select your virtual machine.
 
-![Azure Portal Virtual Machines page with the target Azure Cobalt 100 Arm64 virtual machine selected before configuring network access for Keycloak.#center](images/virtual_machine.png "Azure Virtual Machines page")
+![Azure Portal Virtual machines page with the target Azure Cobalt 100-based Arm64 virtual machine selected before configuring network access for Keycloak.#center](images/virtual_machine.png "Azure Virtual machines page")
 
 2. In the left menu, select **Networking**, then select **Network settings**.
 
-![Azure Portal Networking page showing the network settings attached to the Azure Cobalt 100 Arm64 virtual machine for configuring inbound access rules.#center](images/networking.png "Azure VM networking settings")
+![Azure Portal Networking page showing the network settings attached to the Azure Cobalt 100-based Arm64 virtual machine for configuring inbound access rules.#center](images/networking.png "Azure VM networking settings")
 
 3. Navigate to **Create port rule**, and select **Inbound port rule**.
 
 ![Azure Portal Create port rule menu with Inbound port rule selected for configuring Keycloak and Flask application access.#center](images/port_rule.png "Create inbound firewall rule")
 
 4. Configure inbound security rules for the following ports:
 
-| Port | Purpose |
-|---|---|
-| 8080 | Keycloak Admin Console |
-| 9000 | Keycloak health and management endpoint |
-| 5000 | Flask OAuth2 demo application |
+| Port | Purpose | Rule name |
+|---|---|---|
+| `8080` | Keycloak admin console | `allow-keycloak-8080` |
+| `9000` | Keycloak health and management endpoint | `allow-keycloak-9000` |
+| `5000` | Flask OAuth2 demo application | `allow-flask-5000` |
 
 Use the following settings for each rule:
 
 - **Source:** My IP address  
 - **Source IP addresses:** *(auto-populated with your current public IP)*  
-- **Source port ranges:** *  
+- **Source port ranges:** `* ` 
 - **Destination:** Any  
 - **Protocol:** TCP  
 - **Action:** Allow  
 
-Use these names:
-
-| Port | Rule Name |
-|---|---|
-| 8080 | allow-keycloak-8080 |
-| 9000 | allow-keycloak-9000 |
-| 5000 | allow-flask-5000 |
-
 {{% notice Note %}}
 Setting **Source** to **My IP address** restricts access to the ports to your current machine only. If your public IP changes or you need to access the services from another machine, update the source IP in the NSG rule.
 {{% /notice %}}
@@ -63,13 +56,13 @@ Setting **Source** to **My IP address** restricts access to the ports to your cu
 
 You can now access:
 
-- Keycloak Admin Console on port **8080**
-- Keycloak health endpoint on port **9000**
-- Flask OAuth2 demo application on port **5000**
+- The Keycloak admin console on port **8080**
+- The Keycloak health endpoint on port **9000**
+- The Flask OAuth2 demo application on port **5000**
 
 ## What you've learned and what's next
 
-You've now configured the Azure network security group to allow incoming traffic for Keycloak and the Flask OAuth2 demo application.
+You've now configured the Azure network security group to allow incoming traffic for Keycloak and the Flask OAuth2 demo application that you'll build in the following sections.
 
-Next, you'll install Keycloak on the VM, configure PostgreSQL as the backend database, and validate OAuth2/OpenID Connect authentication workflows using a demo Flask application.
+Next, you'll install Keycloak on the VM and configure PostgreSQL as the backend database.
 

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/instance.md

@@ -1,5 +1,6 @@
 ---
-title: Create an Arm64 virtual machine powered by Azure Cobalt 100
+title: Create an Azure Cobalt 100-based Arm64 virtual machine 
+description: Learn how to create an Azure Dpsv6 Arm64 virtual machine powered by Azure Cobalt 100 and connect to it with SSH.
 weight: 3
 
 ### FIXED, DO NOT MODIFY
@@ -8,7 +9,7 @@ layout: learningpathall
 
 ## Set up an Arm-based Azure virtual machine
 
-In this section, you'll launch the Azure portal to create a virtual machine (VM) with the Arm-based Azure Cobalt 100 processor.
+In this section, you'll launch the Azure portal to create a virtual machine (VM) powered by the Arm-based Azure Cobalt 100 processor.
 
 You'll create a general-purpose VM in the Dpsv6 series. For more information about this series of VMs, see the [Microsoft Azure guide for the Dpsv6 size series](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dpsv6-series).
 
@@ -20,7 +21,7 @@ To create an Azure virtual machine using the Azure portal:
 
 1. Launch the Azure portal and navigate to **Virtual Machines**.
 2. Select **Create**, and select **Virtual Machine** from the drop-down list.
-3. In the **Basic** tab, provide instance details such as **Virtual machine name** and **Region**.
+3. In the **Basics** tab, provide instance details such as **Virtual machine name** and **Region**.
 4. Select **Ubuntu Pro 24.04 LTS** as the image for your virtual machine, and select **Arm64** as the VM architecture.
 5. In the **Size** field, select **See all sizes** and select the D-Series v6 family of virtual machines.
 6. Select **D4ps_v6** from the list as shown in the following screenshot:
@@ -34,30 +35,30 @@ Azure generates an SSH key pair for you that you can save for future use. This m
 {{% /notice %}}
 
 8. Fill in the **Administrator username** for your VM.
-9. Select **Generate new key pair**, and select **RSA SSH Format** as the SSH Key Type.
+9. Select **Generate new key pair**, and select **RSA SSH Format** as the **SSH key type**.
 
 {{% notice Note %}}
 RSA offers better security with keys longer than 3072 bits.
 {{% /notice %}}
 
 10. Give your SSH key a key pair name.
-11. In the **Inbound port rules**, select **HTTP (80)** and **SSH (22)** as the inbound ports, as shown in the following screenshot:
+11. Under **Inbound port rules**, select **HTTP (80)** and **SSH (22)** as the inbound ports, as shown in the following screenshot:
 
 ![Azure Portal inbound port configuration showing SSH and HTTP selected. Check that the required access settings are in place before creating the virtual machine.#center](images/instance1.png "Configure inbound port rules for HTTP and SSH access")
 
 12. Select the **Review + Create** tab and review the configuration for your virtual machine. It should look like the following:
 
 ![Azure Portal Review + Create tab showing VM configuration summary ready for deployment#center](images/ubuntu-pro.png "Review VM configuration before creation")
 
-13. When you're happy with your selection, select the **Create** button and then **Download Private key and Create Resource**.
+13. When you're happy with your selection, select the **Create** button and then **Download private key and create resource**.
 
 ![Azure Portal showing Create button and SSH key download dialog#center](images/instance4.png "Download SSH key and create the virtual machine")
 
 Your VM should be ready and running in a few minutes. You can SSH into the virtual machine using the private key, along with the public IP details.
 
 ![Azure Portal deployment result showing that the virtual machine was created successfully. Look for the successful deployment status and the connection details you will use to access the virtual machine in the next step.#center](images/final-vm.png "Successful VM deployment confirmation")
 
-{{% notice Note %}}To learn more about Arm-based virtual machines in Azure, see the "Getting Started with Microsoft Azure" section in the [Get started with Arm-based cloud instances](/learning-paths/servers-and-cloud-computing/csp/azure/) Learning Path.{{% /notice %}}
+{{% notice Note %}}To learn more about Arm-based virtual machines in Azure, see the Azure section in the [Get started with Arm-based cloud instances](/learning-paths/servers-and-cloud-computing/csp/azure/) Learning Path.{{% /notice %}}
 
 ### Connect to your virtual machine
 
@@ -71,6 +72,6 @@ Replace `<your-key-name>` with the name of your SSH key pair and `YOUR_PUBLIC_IP
 
 ## What you've accomplished and what's next
 
-You've now created an Azure Cobalt 100-based Arm64 virtual machine running Ubuntu 24.04 LTS with SSH authentication configured. The virtual machine is now ready for installing PostgreSQL, Keycloak, and the Flask OAuth2 demo application.
+You've now created an Azure Cobalt 100-based Arm64 virtual machine running Ubuntu 24.04 LTS with SSH authentication configured. The virtual machine is ready for installing PostgreSQL, Keycloak, and the Flask OAuth2 demo application.
 
 Next, you'll set up firewall rules to allow external traffic for Keycloak and the demo Flask application. 

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/keycloak_deployment_azure_cobalt100.md

@@ -1,12 +1,13 @@
 ---
-title: Deploy Keycloak on an Arm-based virtual machine 
+title: Deploy Keycloak on an Azure Cobalt 100-based Arm64 virtual machine
+description: Learn how to install Keycloak, configure PostgreSQL, run Keycloak as a systemd service, and verify the admin console on an Arm64 Azure VM.
 weight: 5
 
 ### FIXED, DO NOT MODIFY
 layout: learningpathall
 ---
 
-## Set up Keycloak on the virtual machine
+## Set up Keycloak and dependencies on the virtual machine
 
 In this section, you'll install Keycloak on the virtual machine (VM) that you created earlier. You'll configure PostgreSQL as the backend database.
 
@@ -185,9 +186,9 @@ Enter password:
 Enter password again:
 ```
 
-When prompted for the username, press Enter.
+For the username, press Enter.
 
-When prompted for the password, enter the following password twice:
+For the password, enter the following password twice:
 
 ```text
 AdminPassword123!
@@ -275,7 +276,7 @@ View live Keycloak logs to confirm it started without errors, then press Ctrl+C
 sudo journalctl -u keycloak -f
 ```
 
-You can also optionally check whether Keycloak is listening to the expected ports:
+You can also optionally check whether Keycloak is listening on the expected ports:
 
 ```bash
 sudo ss -tulpn | grep -E '8080|9000'
@@ -327,16 +328,16 @@ sudo systemctl restart keycloak
 
 After restarting, open the admin console again and log in:
 
-![Keycloak login page running on the Azure Cobalt 100 Arm64 virtual machine after fixing the HTTPS required issue and successfully loading the authentication screen.#center](images/keycloak-ui.png "Keycloak login page on Azure Cobalt 100 Arm64")
+![Keycloak login page running on the Azure Cobalt 100-based Arm64 virtual machine after fixing the HTTPS required issue and successfully loading the authentication screen.#center](images/keycloak-ui.png "Keycloak login page")
 
-Log in with the admin credentials that you created earlier:
+Enter the admin credentials that you created earlier:
 
 ```text
 Username: admin
 Password: AdminPassword123!
 ```
 
-![Keycloak Admin Console welcome page showing the master realm dashboard after successful login on the Azure Cobalt 100 Arm64 virtual machine.#center](images/keycloak-welcome-page.png "Keycloak Admin Console welcome dashboard")
+![Keycloak Admin Console welcome page showing the master realm dashboard after successful login on the Azure Cobalt 100-based Arm64 virtual machine.#center](images/keycloak-welcome-page.png "Keycloak Admin Console welcome dashboard")
 
 ### Verify health endpoint
 
@@ -362,6 +363,6 @@ The output is similar to:
 
 ## What you've accomplished and what's next
 
-You now have Keycloak running successfully on an Arm-based VM with PostgreSQL integration, a systemd service, and a working admin console.
+You now have Keycloak running on an Azure Cobalt 100-based Arm64 VM with PostgreSQL integration, a systemd service, and a working admin console.
 
 Next, you'll configure a Flask application and integrate it with Keycloak using OAuth2/OpenID Connect authentication.