[CMTOOL-356] [CMTOOL-357] Document new/updated migration tasks

docs/user-guides/migrations/eap8.0/eap7.0/src/main/asciidoc/topics/EAP7.0toEAP8.0-ServerMigration-ManagedDomain-DomainConfiguration-MigrateLegacySecurityDomains.adoc

@@ -0,0 +1,22 @@
+= Migrate Legacy Security Domains
+
+{server-target-productName} does not supports the legacy Security Domains framework, and the tool migrates any usage of such resources to instead use the default {server-target-productName} Elytron replacements.
+
+Please note that further manual Elytron configuration may be needed if the legacy Security Domain(s) being used were not the {server-source-productName}'s defaults!
+
+The console logs all configuration resources migrated to the default {server-target-productName} Elytron replacements, for each configuration profile.
+[source,options="nowrap"]
+----
+ WARN  Migrated ejb3 subsystem resource /profile/default/subsystem/ejb3/application-security-domain/other using legacy security domain other, to Elytron's default application Security Domain. Please note that further manual Elytron configuration may be needed if the legacy security domain being used was not the source server's default Application Domain configuration!
+ WARN  Migrated undertow subsystem resource /profile/default/subsystem/undertow/application-security-domain/other using legacy security domain other, to Elytron's default application Security Domain. Please note that further manual Elytron configuration may be needed if the legacy security domain being used was not the source server's default Application Domain configuration!
+ WARN  Migrated ejb3 subsystem resource /profile/full/subsystem/ejb3/application-security-domain/other using legacy security domain other, to Elytron's default application Security Domain. Please note that further manual Elytron configuration may be needed if the legacy security domain being used was not the source server's default Application Domain configuration!
+ WARN  Migrated undertow subsystem resource /profile/full/subsystem/undertow/application-security-domain/other using legacy security domain other, to Elytron's default application Security Domain. Please note that further manual Elytron configuration may be needed if the legacy security domain being used was not the source server's default Application Domain configuration!
+ WARN  Migrated messaging-activemq subsystem server resource /profile/full/subsystem/messaging-activemq/server/default, to Elytron's default application Security Domain. Please note that further manual Elytron configuration may be needed if the legacy security domain being used was not the source server's default Application Domain configuration!
+ WARN  Migrated iiop-openjdk subsystem resource using legacy security domain to Elytron defaults. Please note that further manual Elytron configuration should be needed!
+ WARN  Migrated ejb3 subsystem resource /profile/ha/subsystem/ejb3/application-security-domain/other using legacy security domain other, to Elytron's default application Security Domain. Please note that further manual Elytron configuration may be needed if the legacy security domain being used was not the source server's default Application Domain configuration!
+ WARN  Migrated undertow subsystem resource /profile/ha/subsystem/undertow/application-security-domain/other using legacy security domain other, to Elytron's default application Security Domain. Please note that further manual Elytron configuration may be needed if the legacy security domain being used was not the source server's default Application Domain configuration!
+ WARN  Migrated ejb3 subsystem resource /profile/full-ha/subsystem/ejb3/application-security-domain/other using legacy security domain other, to Elytron's default application Security Domain. Please note that further manual Elytron configuration may be needed if the legacy security domain being used was not the source server's default Application Domain configuration!
+ WARN  Migrated undertow subsystem resource /profile/full-ha/subsystem/undertow/application-security-domain/other using legacy security domain other, to Elytron's default application Security Domain. Please note that further manual Elytron configuration may be needed if the legacy security domain being used was not the source server's default Application Domain configuration!
+ WARN  Migrated messaging-activemq subsystem server resource /profile/full-ha/subsystem/messaging-activemq/server/default, to Elytron's default application Security Domain. Please note that further manual Elytron configuration may be needed if the legacy security domain being used was not the source server's default Application Domain configuration!
+ WARN  Migrated iiop-openjdk subsystem resource using legacy security domain to Elytron defaults. Please note that further manual Elytron configuration should be needed!
+----

docs/user-guides/migrations/eap8.0/eap7.0/src/main/asciidoc/topics/EAP7.0toEAP8.0-ServerMigration-ManagedDomain-DomainConfiguration-MigrateLegacySecurityRealms.adoc

@@ -0,0 +1,27 @@
+= Migrate Legacy Security Realms
+
+{server-target-productName} does not supports the legacy Security Realms framework, and the tool migrates any usage of such resources to instead use the default {server-target-productName} Elytron replacements.
+
+Please note that further manual Elytron configuration may be needed if the legacy security realm(s) being used were not the {server-source-productName}'s defaults!
+
+The console logs all configuration resources migrated to the default {server-target-productName} Elytron replacements, for each configuration profile.
+[source,options="nowrap"]
+----
+ INFO  Legacy security XML configuration retrieved.
+ WARN  Migrated Remoting subsystem's http connector resource /profile/full-ha/subsystem/remoting/http-connector/http-remoting-connector using a legacy security-realm, to Elytron's default application SASL Authentication Factory migration-defaultApplicationSaslAuthenticationFactory. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ WARN  Migrated Undertow subsystem https-listener resource /profile/full-ha/subsystem/undertow/server/default-server/https-listener/https using a legacy security-realm, to Elytron's default TLS ServerSSLContext migration-defaultTLSServerSSLContext. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ WARN  Migrated Undertow subsystem http-invoker resource /profile/full-ha/subsystem/undertow/server/default-server/host/default-host/setting/http-invoker using a legacy security-realm, to Elytron's default Application HTTP AuthenticationFactory migration-defaultApplicationHttpAuthenticationFactory. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ INFO  Legacy security realms migrated to Elytron.
+ WARN  Migrated Remoting subsystem's http connector resource /profile/full/subsystem/remoting/http-connector/http-remoting-connector using a legacy security-realm, to Elytron's default application SASL Authentication Factory migration-defaultApplicationSaslAuthenticationFactory. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ WARN  Migrated Undertow subsystem https-listener resource /profile/full/subsystem/undertow/server/default-server/https-listener/https using a legacy security-realm, to Elytron's default TLS ServerSSLContext migration-defaultTLSServerSSLContext. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ WARN  Migrated Undertow subsystem http-invoker resource /profile/full/subsystem/undertow/server/default-server/host/default-host/setting/http-invoker using a legacy security-realm, to Elytron's default Application HTTP AuthenticationFactory migration-defaultApplicationHttpAuthenticationFactory. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ INFO  Legacy security realms migrated to Elytron.
+ WARN  Migrated Remoting subsystem's http connector resource /profile/ha/subsystem/remoting/http-connector/http-remoting-connector using a legacy security-realm, to Elytron's default application SASL Authentication Factory migration-defaultApplicationSaslAuthenticationFactory. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ WARN  Migrated Undertow subsystem https-listener resource /profile/ha/subsystem/undertow/server/default-server/https-listener/https using a legacy security-realm, to Elytron's default TLS ServerSSLContext migration-defaultTLSServerSSLContext. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ WARN  Migrated Undertow subsystem http-invoker resource /profile/ha/subsystem/undertow/server/default-server/host/default-host/setting/http-invoker using a legacy security-realm, to Elytron's default Application HTTP AuthenticationFactory migration-defaultApplicationHttpAuthenticationFactory. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ INFO  Legacy security realms migrated to Elytron.
+ WARN  Migrated Remoting subsystem's http connector resource /profile/default/subsystem/remoting/http-connector/http-remoting-connector using a legacy security-realm, to Elytron's default application SASL Authentication Factory migration-defaultApplicationSaslAuthenticationFactory. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ WARN  Migrated Undertow subsystem https-listener resource /profile/default/subsystem/undertow/server/default-server/https-listener/https using a legacy security-realm, to Elytron's default TLS ServerSSLContext migration-defaultTLSServerSSLContext. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ WARN  Migrated Undertow subsystem http-invoker resource /profile/default/subsystem/undertow/server/default-server/host/default-host/setting/http-invoker using a legacy security-realm, to Elytron's default Application HTTP AuthenticationFactory migration-defaultApplicationHttpAuthenticationFactory. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ INFO  Legacy security realms migrated to Elytron.
+----

docs/user-guides/migrations/eap8.0/eap7.0/src/main/asciidoc/topics/EAP7.0toEAP8.0-ServerMigration-ManagedDomain-DomainConfiguration.adoc

@@ -18,6 +18,14 @@ include::ServerMigration-ServerConfiguration-MigrateReferencedModules.adoc[]
 
 include::ServerMigration-ServerConfiguration-MigrateReferencedPaths.adoc[]
 
+include::EAP7.0toEAP8.0-ServerMigration-ManagedDomain-DomainConfiguration-MigrateLegacySecurityRealms.adoc[]
+
+include::EAP7.0toEAP8.0-ServerMigration-ManagedDomain-DomainConfiguration-MigrateLegacySecurityDomains.adoc[]
+
+include::EAP7.0toEAP8.0-ServerMigration-ServerConfiguration-Subsystem-Migrate-keycloak.adoc[]
+
+include::EAP7.0toEAP8.0-ServerMigration-ServerConfiguration-Subsystem-Migrate-picketlink.adoc[]
+
 include::EAP7.0toEAP8.0-ServerMigration-ServerConfiguration-Subsystem-Update-infinispan.adoc[]
 
 include::EAP7.0toEAP8.0-ServerMigration-ServerConfiguration-Subsystem-Update-jgroups.adoc[]

docs/user-guides/migrations/eap8.0/eap7.0/src/main/asciidoc/topics/EAP7.0toEAP8.0-ServerMigration-ManagedDomain-HostConfiguration.adoc

@@ -20,8 +20,4 @@ include::ServerMigration-ServerConfiguration-Subsystem-Add-core-management.adoc[
 
 include::ServerMigration-ServerConfiguration-Subsystem-Add-elytron.adoc[]
 
-include::ServerMigration-ServerConfiguration-MigrateCompatibleSecurityRealms.adoc[]
-
-include::ServerMigration-ServerConfiguration-AddApplicationRealmSSLServerIdentity.adoc[]
-
 :leveloffset: -1

docs/user-guides/migrations/eap8.0/eap7.0/src/main/asciidoc/topics/EAP7.0toEAP8.0-ServerMigration-ServerConfiguration-Subsystem-Migrate-keycloak.adoc

@@ -0,0 +1,5 @@
+:subsystem-migrate-legacySubsystemName: keycloak
+:subsystem-migrate-legacyExtensionName: org.keycloak.keycloak-adapter-subsystem
+:subsystem-migrate-replacementSubsystemName: elytron-oidc-client
+
+include::ServerMigration-ServerConfiguration-Subsystem-Migrate.adoc[]

docs/user-guides/migrations/eap8.0/eap7.0/src/main/asciidoc/topics/EAP7.0toEAP8.0-ServerMigration-ServerConfiguration-Subsystem-Migrate-picketlink.adoc

@@ -0,0 +1,5 @@
+:subsystem-migrate-legacySubsystemName: picketlink-federation
+:subsystem-migrate-legacyExtensionName: org.wildfly.extension.picketlink
+:subsystem-migrate-replacementSubsystemName: keycloak-saml
+
+include::ServerMigration-ServerConfiguration-Subsystem-Migrate.adoc[]

docs/user-guides/migrations/eap8.0/eap7.0/src/main/asciidoc/topics/EAP7.0toEAP8.0-ServerMigration-ServerConfiguration-Subsystem-Update-jgroups.adoc

@@ -1,14 +1,11 @@
-= Update the JGroups Subsystem
+= Update jgroups Subsystem Configuration
 
-The JBoss Server Migration Tool does the following updates to any *jgroups* subsystem configuration found while migrating a server configuration:
+The JBoss Server Migration Tool currently is not capable to automate the migration of the `jgroups` subsystem configuration, and thus reverts it to the default {server-target-productName} `jgroups` configuration.
 
-* Replaces protocol `FRAG2` with `FRAG3`.
-
-If you prefer, you can set the `subsystem.jgroups.update.skip` environment property to `true` to skip automatic update of the *jgroups* subsystem configuration.
-
-Upon successful migration of the *jgroups* subsystem configuration, you should see the following message in the console:
+Please note that further manual `jgroups` subsystem configuration may be needed if the configuration being used was not the default {server-source-productName} `jgroups` subsystem configuration!
 
+The console logs a message when it updates the  `jgroups` subsystem configuration.
 [source,options="nowrap"]
 ----
- INFO  Subsystem jgroups updated.
-----
+ WARN  Configuration of JGroups protocols has been changed to match the default protocols of the target server. Please note that further manual configuration may be needed if the legacy configuration being used was not the source server's default configuration!
+----

docs/user-guides/migrations/eap8.0/eap7.0/src/main/asciidoc/topics/EAP7.0toEAP8.0-ServerMigration-StandaloneServer-StandaloneServerConfiguration-MigrateLegacySecurityDomains.adoc

@@ -0,0 +1,12 @@
+= Migrate Legacy Security Domains
+
+{server-target-productName} does not supports the legacy Security Domains framework, and the tool migrates any usage of such resources to instead use the default {server-target-productName} Elytron replacements.
+
+Please note that further manual Elytron configuration may be needed if the legacy Security Domain(s) being used were not the {server-source-productName}'s defaults!
+
+The console logs all configuration resources migrated to the default {server-target-productName} Elytron replacements.
+[source,options="nowrap"]
+----
+ WARN  Migrated ejb3 subsystem resource /subsystem/ejb3/application-security-domain/other using legacy security domain other, to Elytron's default application Security Domain. Please note that further manual Elytron configuration may be needed if the legacy security domain being used was not the source server's default Application Domain configuration!
+ WARN  Migrated undertow subsystem resource /subsystem/undertow/application-security-domain/other using legacy security domain other, to Elytron's default application Security Domain. Please note that further manual Elytron configuration may be needed if the legacy security domain being used was not the source server's default Application Domain configuration!
+----

docs/user-guides/migrations/eap8.0/eap7.0/src/main/asciidoc/topics/EAP7.0toEAP8.0-ServerMigration-StandaloneServer-StandaloneServerConfiguration-MigrateLegacySecurityRealms.adoc

@@ -0,0 +1,15 @@
+= Migrate Legacy Security Realms
+
+{server-target-productName} does not supports the legacy Security Realms framework, and the tool migrates any usage of such resources to instead use the default {server-target-productName} Elytron replacements.
+
+Please note that further manual Elytron configuration may be needed if the legacy security realm(s) being used were not the {server-source-productName}'s defaults!
+
+The console logs all configuration resources migrated to the default {server-target-productName} Elytron replacements.
+[source,options="nowrap"]
+----
+ INFO  Legacy security XML configuration retrieved.
+ WARN  Migrated Remoting subsystem's http connector resource /subsystem/remoting/http-connector/http-remoting-connector using a legacy security-realm, to Elytron's default application SASL Authentication Factory migration-defaultApplicationSaslAuthenticationFactory. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ WARN  Migrated Undertow subsystem https-listener resource /subsystem/undertow/server/default-server/https-listener/https using a legacy security-realm, to Elytron's default TLS ServerSSLContext migration-defaultTLSServerSSLContext. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ WARN  Migrated Undertow subsystem http-invoker resource /subsystem/undertow/server/default-server/host/default-host/setting/http-invoker using a legacy security-realm, to Elytron's default Application HTTP AuthenticationFactory migration-defaultApplicationHttpAuthenticationFactory. Please note that further manual Elytron configuration may be needed if the legacy security realm being used was not the source server's default Application Realm configuration!
+ INFO  Legacy security realms migrated to Elytron.
+----

docs/user-guides/migrations/eap8.0/eap7.0/src/main/asciidoc/topics/EAP7.0toEAP8.0-ServerMigration-StandaloneServer-StandaloneServerConfiguration.adoc

@@ -18,6 +18,14 @@ include::ServerMigration-ServerConfiguration-MigrateReferencedModules.adoc[]
 
 include::ServerMigration-ServerConfiguration-MigrateReferencedPaths.adoc[]
 
+include::EAP7.0toEAP8.0-ServerMigration-StandaloneServer-StandaloneServerConfiguration-MigrateLegacySecurityRealms.adoc[]
+
+include::EAP7.0toEAP8.0-ServerMigration-StandaloneServer-StandaloneServerConfiguration-MigrateLegacySecurityDomains.adoc[]
+
+include::EAP7.0toEAP8.0-ServerMigration-ServerConfiguration-Subsystem-Migrate-keycloak.adoc[]
+
+include::EAP7.0toEAP8.0-ServerMigration-ServerConfiguration-Subsystem-Migrate-picketlink.adoc[]
+
 include::EAP7.0toEAP8.0-ServerMigration-ServerConfiguration-Subsystem-Update-infinispan.adoc[]
 
 include::EAP7.0toEAP8.0-ServerMigration-ServerConfiguration-Subsystem-Update-jgroups.adoc[]
@@ -38,10 +46,6 @@ include::ServerMigration-ServerConfiguration-Subsystem-Add-metrics.adoc[]
 
 include::ServerMigration-ServerConfiguration-AddSocketBindingMulticastAddressExpressions.adoc[]
 
-include::ServerMigration-ServerConfiguration-MigrateCompatibleSecurityRealms.adoc[]
-
-include::ServerMigration-ServerConfiguration-AddApplicationRealmSSLServerIdentity.adoc[]
-
 include::ServerMigration-ServerConfiguration-MigrateDeployments.adoc[]
 
 :leveloffset: -1