Merge pull request #3373 from anupras-mohapatra-arm/servers-and-cloud-computing

Keycloak on Azure LP editorial review

Author: jasonrandrews

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/_index.md

@@ -1,9 +1,5 @@
 ---
-title: Deploy Keycloak on Azure Cobalt 100 Arm64 virtual machines for identity and access management
-
-draft: true
-cascade:
-    draft: true
+title: Deploy Keycloak on Azure Cobalt 100-based Arm64 virtual machines for identity and access management
 
 description: Learn how to install and configure Keycloak on an Azure Cobalt 100 Arm64 virtual machine, integrate it with PostgreSQL, configure OAuth2/OpenID Connect authentication, and secure applications using centralized identity management.
 
@@ -12,14 +8,14 @@ minutes_to_complete: 90
 who_is_this_for: This is an introductory topic for developers, DevOps engineers, platform engineers, and cloud architects who want to deploy centralized authentication and identity management using Keycloak on Arm-based cloud environments.
 
 learning_objectives:
-    - Install and configure Keycloak on Azure Cobalt 100 Arm64 virtual machines
+    - Install and configure Keycloak on Azure Cobalt 100-based Arm64 virtual machines
     - Configure PostgreSQL as the backend database for Keycloak
     - Configure realms, users, and OAuth2/OpenID Connect clients
     - Integrate a Flask application with Keycloak authentication
     - Validate OAuth2/OpenID Connect authentication workflows
 
 prerequisites:
-  - A [Microsoft Azure account](https://azure.microsoft.com/) with access to Cobalt 100 based instances (Dpsv6)
+  - A [Microsoft Azure account](https://azure.microsoft.com/) with access to Cobalt 100-based instances (Dpsv6)
   - Basic knowledge of Linux command-line operations
   - Familiarity with SSH and remote server access
   - Basic understanding of authentication, OAuth2, and identity management concepts

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/background.md

@@ -1,44 +1,39 @@
 ---
-title: Understand Keycloak on Azure Cobalt 100
+title: Understand Keycloak for identity and access management on Azure Cobalt 100-based virtual machines
+description: Learn how Keycloak provides IAM, OAuth2/OpenID Connect, and single sign-on for applications running on Arm-based Azure infrastructure.
 weight: 2
 
 layout: "learningpathall"
 ---
 
 ## Why run Keycloak on Azure Cobalt 100
 
-Keycloak on Arm-based Azure Cobalt 100 processors delivers scalable and efficient identity and access management for modern cloud-native applications. Azure Cobalt 100 processors provide dedicated physical cores per vCPU, which helps deliver predictable performance for authentication workloads, user management, and OAuth2/OpenID Connect flows.
+Keycloak delivers scalable and efficient identity and access management for modern cloud-native applications. Azure Cobalt 100 processors provide dedicated physical cores per vCPU, which helps deliver predictable performance for authentication workloads, user management, and OAuth2/OpenID Connect (OIDC) flows.
 
 Keycloak benefits from the strong multi-core performance and energy efficiency of Arm-based Azure infrastructure, making it well suited for enterprise authentication systems, API security, and cloud-native identity platforms.
 
 ## Azure Cobalt 100 Arm-based processor
 
-Azure’s Cobalt 100 is Microsoft’s first-generation, in-house Arm-based processor. Built on Arm Neoverse N2, Cobalt 100 is a 64-bit CPU that delivers strong performance and energy efficiency for cloud-native, scale-out Linux workloads. These workloads include web and application servers, data analytics, open-source databases, and caching systems. Running at 3.4 GHz, Cobalt 100 allocates a dedicated physical core for each vCPU, ensuring consistent and predictable performance.
+Azure’s Cobalt 100 is Microsoft’s first-generation, in-house Arm-based processor. Built on Arm Neoverse N2, Cobalt 100 is a 64-bit CPU that delivers strong performance and energy efficiency for cloud-native, scale-out Linux workloads. 
 
-To learn more, see the Microsoft blog [Announcing the preview of new Azure VMs based on the Azure Cobalt 100 processor](https://techcommunity.microsoft.com/blog/azurecompute/announcing-the-preview-of-new-azure-vms-based-on-the-azure-cobalt-100-processor/4146353).
-
-## How Keycloak improves authentication and identity management
-
-Keycloak is an open-source Identity and Access Management (IAM) platform that simplifies authentication and authorization for applications and services.
+Running at 3.4 GHz, Cobalt 100 allocates a dedicated physical core for each vCPU, ensuring consistent and predictable performance.
 
-Keycloak supports modern authentication standards such as:
-
-- OAuth2
-- OpenID Connect (OIDC)
-- SAML
+To learn more, see the Microsoft blog [Announcing the preview of new Azure VMs based on the Azure Cobalt 100 processor](https://techcommunity.microsoft.com/blog/azurecompute/announcing-the-preview-of-new-azure-vms-based-on-the-azure-cobalt-100-processor/4146353).
 
-Keycloak provides centralized authentication, allowing users to log in once and securely access multiple applications using Single Sign-On (SSO).
+## How Keycloak provides authentication and identity management
 
-Keycloak integrates with web applications, APIs, Kubernetes platforms, microservices, and enterprise identity systems, making it ideal for securing cloud-native workloads.
+Keycloak is an open-source identity and access management (IAM) platform that simplifies authentication and authorization for applications and services.
 
-To learn more, see the official [Keycloak documentation](https://www.keycloak.org/documentation).
+Keycloak supports modern authentication standards such as OAuth2, OIDC, and Security Asserion Markup Language (SAML). It integrates with web applications, APIs, Kubernetes platforms, microservices, and enterprise identity systems, making it ideal for securing cloud-native workloads.
 
-Keycloak provides several important capabilities for authentication and security management. Its Single Sign-On (SSO) support lets users authenticate once and access multiple applications without logging in again. Centralized Identity Management means you can manage users, roles, groups, and authentication policies from a single platform, while OAuth2 and OpenID Connect support simplifies secure API and application authentication workflows.
+Keycloak provides several important capabilities for authentication and security management. With single sign-on (SSO) support, you can authenticate once and access multiple applications without logging in again. With centralized identity management, you can manage users, roles, groups, and authentication policies from a single platform. With OAuth2 and OpenID Connect support, you get simplified secure API and application authentication workflows.
 
-Keycloak also supports Multi-factor Authentication (MFA) for stronger account security, User Federation for integrating with enterprise identity systems such as LDAP and Active Directory, and Role-Based Access Control (RBAC) to control user permissions and application access.
+Keycloak also supports multi-factor authentication (MFA) for stronger account security, user federation for integrating with enterprise identity systems such as LDAP and Active Directory, and role-based access control (RBAC) to control user permissions and application access.
 
-In this Learning Path, you'll deploy Keycloak on an Azure Cobalt 100 Arm64 virtual machine and configure PostgreSQL as the backend database. You'll create realms, users, and OAuth2/OpenID Connect clients, then integrate a Flask application with Keycloak authentication.
+To learn more about Keycloak, see the official [Keycloak documentation](https://www.keycloak.org/documentation).
 
 ## What you've learned and what's next
 
-You now understand why Azure Cobalt 100 and Keycloak are a strong combination for scalable authentication and identity management workloads. Next, you'll create the virtual machine that will run Keycloak and the Flask OAuth2 demo application throughout this Learning Path.
+You've now learned why Azure Cobalt 100 and Keycloak are a strong combination for scalable authentication and identity management workloads. You also learned how Keycloak provides support for centralized identity management.
+
+Next, you'll create a virtual machine on Azure that you'll use to run Keycloak and a Flask OAuth2 demo application.

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/firewall.md

@@ -1,60 +1,53 @@
 ---
-title: Allow access to Keycloak and Flask application on Azure
+title: Allow access to Keycloak and the Flask application on Azure
+description: Learn how to configure Azure Network Security Group inbound rules for Keycloak, its health endpoint, and a Flask OAuth2 demo application.
 weight: 4
 
 ### FIXED, DO NOT MODIFY
 layout: learningpathall
 ---
 
-## Configure external traffic for Keycloak and Flask application
+## Configure external traffic for Keycloak and the Flask application
 
-To allow external traffic for Keycloak and the Flask OAuth2 demo application on an Azure virtual machine, open the required ports in the Network Security Group (NSG). The NSG can be attached to the virtual machine's network interface or subnet.
+To allow external traffic for Keycloak and the Flask OAuth2 demo application on the Azure virtual machine, open the required ports in the network security group (NSG). 
 
 {{% notice Note %}}
-For more information about Azure setup, see [Getting started with Microsoft Azure Platform](/learning-paths/servers-and-cloud-computing/csp/azure/).
+For more information about Azure setup, see [Getting started with Microsoft Azure](/learning-paths/servers-and-cloud-computing/csp/azure/).
 {{% /notice %}}
 
 ### Add inbound firewall rules in Azure
 
-To expose the required ports for Keycloak and the Flask application, create firewall rules.
+To expose the required ports for Keycloak and the Flask application, create firewall rules:
 
 1. Navigate to the [Azure portal](https://portal.azure.com), go to **Virtual Machines**, and select your virtual machine.
 
-![Azure Portal Virtual Machines page with the target Azure Cobalt 100 Arm64 virtual machine selected before configuring network access for Keycloak.#center](images/virtual_machine.png "Azure Virtual Machines page")
+![Azure Portal Virtual machines page with the target Azure Cobalt 100-based Arm64 virtual machine selected before configuring network access for Keycloak.#center](images/virtual_machine.png "Azure Virtual machines page")
 
 2. In the left menu, select **Networking**, then select **Network settings**.
 
-![Azure Portal Networking page showing the network settings attached to the Azure Cobalt 100 Arm64 virtual machine for configuring inbound access rules.#center](images/networking.png "Azure VM networking settings")
+![Azure Portal Networking page showing the network settings attached to the Azure Cobalt 100-based Arm64 virtual machine for configuring inbound access rules.#center](images/networking.png "Azure VM networking settings")
 
 3. Navigate to **Create port rule**, and select **Inbound port rule**.
 
 ![Azure Portal Create port rule menu with Inbound port rule selected for configuring Keycloak and Flask application access.#center](images/port_rule.png "Create inbound firewall rule")
 
 4. Configure inbound security rules for the following ports:
 
-| Port | Purpose |
-|---|---|
-| 8080 | Keycloak Admin Console |
-| 9000 | Keycloak health and management endpoint |
-| 5000 | Flask OAuth2 demo application |
+| Port | Purpose | Rule name |
+|---|---|---|
+| `8080` | Keycloak admin console | `allow-keycloak-8080` |
+| `9000` | Keycloak health and management endpoint | `allow-keycloak-9000` |
+| `5000` | Flask OAuth2 demo application | `allow-flask-5000` |
 
 Use the following settings for each rule:
 
 - **Source:** My IP address  
 - **Source IP addresses:** *(auto-populated with your current public IP)*  
-- **Source port ranges:** *  
+- **Source port ranges:** `* ` 
 - **Destination:** Any  
 - **Protocol:** TCP  
 - **Action:** Allow  
 
-Use these names:
-
-| Port | Rule Name |
-|---|---|
-| 8080 | allow-keycloak-8080 |
-| 9000 | allow-keycloak-9000 |
-| 5000 | allow-flask-5000 |
-
 {{% notice Note %}}
 Setting **Source** to **My IP address** restricts access to the ports to your current machine only. If your public IP changes or you need to access the services from another machine, update the source IP in the NSG rule.
 {{% /notice %}}
@@ -63,12 +56,13 @@ Setting **Source** to **My IP address** restricts access to the ports to your cu
 
 You can now access:
 
-- Keycloak Admin Console on port **8080**
-- Keycloak health endpoint on port **9000**
-- Flask OAuth2 demo application on port **5000**
+- The Keycloak admin console on port **8080**
+- The Keycloak health endpoint on port **9000**
+- The Flask OAuth2 demo application on port **5000**
 
 ## What you've learned and what's next
 
-You've now configured the Azure Network Security Group to allow incoming traffic for Keycloak and the Flask OAuth2 demo application.
+You've now configured the Azure network security group to allow incoming traffic for Keycloak and the Flask OAuth2 demo application that you'll build in the following sections.
+
+Next, you'll install Keycloak on the VM and configure PostgreSQL as the backend database.
 
-Next, you'll deploy Keycloak, configure PostgreSQL integration, and validate OAuth2/OpenID Connect authentication workflows using the Flask application.

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/instance.md

@@ -1,65 +1,66 @@
 ---
-title: Create an Azure Cobalt 100 Arm64 virtual machine
+title: Create an Azure Cobalt 100-based Arm64 virtual machine 
+description: Learn how to create an Azure Dpsv6 Arm64 virtual machine powered by Azure Cobalt 100 and connect to it with SSH.
 weight: 3
 
 ### FIXED, DO NOT MODIFY
 layout: learningpathall
 ---
 
-## Set up the Azure virtual machine
+## Set up an Arm-based Azure virtual machine
 
-In this section, you'll launch the Azure portal to create a virtual machine (VM) with the Arm-based Azure Cobalt 100 processor.
+In this section, you'll launch the Azure portal to create a virtual machine (VM) powered by the Arm-based Azure Cobalt 100 processor.
 
-This Learning Path focuses on general-purpose virtual machines in the Dpsv6 series. For more information, see the [Microsoft Azure guide for the Dpsv6 size series](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dpsv6-series).
+You'll create a general-purpose VM in the Dpsv6 series. For more information about this series of VMs, see the [Microsoft Azure guide for the Dpsv6 size series](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dpsv6-series).
 
-While the steps to create this instance are included here for convenience, you can also see [Deploy a Cobalt 100 virtual machine on Azure Learning Path](/learning-paths/servers-and-cloud-computing/cobalt/).
+For more detailed steps to create a VM, see the [Deploy a Cobalt 100 virtual machine on Azure Learning Path](/learning-paths/servers-and-cloud-computing/cobalt/).
 
-### Create an Arm-based virtual machine in the Azure portal
+### Use the Azure portal to create a virtual machine 
 
 To create an Azure virtual machine using the Azure portal:
 
 1. Launch the Azure portal and navigate to **Virtual Machines**.
 2. Select **Create**, and select **Virtual Machine** from the drop-down list.
-3. In the **Basic** tab, fill in the instance details such as **Virtual machine name** and **Region**.
+3. In the **Basics** tab, provide instance details such as **Virtual machine name** and **Region**.
 4. Select **Ubuntu Pro 24.04 LTS** as the image for your virtual machine, and select **Arm64** as the VM architecture.
 5. In the **Size** field, select **See all sizes** and select the D-Series v6 family of virtual machines.
-6. Select **D4ps_v6** from the list as shown in the diagram below:
+6. Select **D4ps_v6** from the list as shown in the following screenshot:
 
 ![Azure Portal showing D-Series v6 VM size selection with D4ps_v6 highlighted#center](images/instance.png "Select D4ps_v6 from the D-Series v6 family")
 
 7. For **Authentication type**, select **SSH public key**.
 
 {{% notice Note %}}
-Azure generates an SSH key pair for you and lets you save it for future use. This method is fast, secure, and easy for connecting to your virtual machine.
+Azure generates an SSH key pair for you that you can save for future use. This method is fast, secure, and easy for connecting to your VM.
 {{% /notice %}}
 
 8. Fill in the **Administrator username** for your VM.
-9. Select **Generate new key pair**, and select **RSA SSH Format** as the SSH Key Type.
+9. Select **Generate new key pair**, and select **RSA SSH Format** as the **SSH key type**.
 
 {{% notice Note %}}
 RSA offers better security with keys longer than 3072 bits.
 {{% /notice %}}
 
 10. Give your SSH key a key pair name.
-11. In the **Inbound port rules**, select **HTTP (80)** and **SSH (22)** as the inbound ports, as shown in the following image:
+11. Under **Inbound port rules**, select **HTTP (80)** and **SSH (22)** as the inbound ports, as shown in the following screenshot:
 
 ![Azure Portal inbound port configuration showing SSH and HTTP selected. Check that the required access settings are in place before creating the virtual machine.#center](images/instance1.png "Configure inbound port rules for HTTP and SSH access")
 
 12. Select the **Review + Create** tab and review the configuration for your virtual machine. It should look like the following:
 
 ![Azure Portal Review + Create tab showing VM configuration summary ready for deployment#center](images/ubuntu-pro.png "Review VM configuration before creation")
 
-13. When you're happy with your selection, select the **Create** button and then **Download Private key and Create Resource**.
+13. When you're happy with your selection, select the **Create** button and then **Download private key and create resource**.
 
 ![Azure Portal showing Create button and SSH key download dialog#center](images/instance4.png "Download SSH key and create the virtual machine")
 
-Your virtual machine should be ready and running in a few minutes. You can SSH into the virtual machine using the private key, along with the public IP details.
+Your VM should be ready and running in a few minutes. You can SSH into the virtual machine using the private key, along with the public IP details.
 
 ![Azure Portal deployment result showing that the virtual machine was created successfully. Look for the successful deployment status and the connection details you will use to access the virtual machine in the next step.#center](images/final-vm.png "Successful VM deployment confirmation")
 
-{{% notice Note %}}To learn more about Arm-based virtual machines in Azure, see "Getting Started with Microsoft Azure" in [Get started with Arm-based cloud instances](/learning-paths/servers-and-cloud-computing/csp/azure/).{{% /notice %}}
+{{% notice Note %}}To learn more about Arm-based virtual machines in Azure, see the Azure section in the [Get started with Arm-based cloud instances](/learning-paths/servers-and-cloud-computing/csp/azure/) Learning Path.{{% /notice %}}
 
-### Connect to your virtual machine
+## Connect to your virtual machine
 
 Use the private key file you downloaded and the public IP address shown in the Azure portal to connect to your virtual machine.
 
@@ -71,6 +72,6 @@ Replace `<your-key-name>` with the name of your SSH key pair and `YOUR_PUBLIC_IP
 
 ## What you've accomplished and what's next
 
-You've created an Azure Cobalt 100 Arm64 virtual machine running Ubuntu 24.04 LTS with SSH authentication configured. The virtual machine is now ready for installing PostgreSQL, Keycloak, and the Flask OAuth2 demo application.
+You've now created an Azure Cobalt 100-based Arm64 virtual machine running Ubuntu 24.04 LTS with SSH authentication configured. The virtual machine is ready for installing PostgreSQL, Keycloak, and the Flask OAuth2 demo application.
 
-Next, you'll install Keycloak on the VM, configure PostgreSQL as the backend database, and deploy a demo OAuth2/OpenID Connect application using Flask.
+Next, you'll set up firewall rules to allow external traffic for Keycloak and the demo Flask application.