keycloak-aplcache

diff --git a/docbook/reference/en/en-US/master.xml b/docbook/reference/en/en-US/master.xml
index f3f6f40..ed7ef62 100755
--- a/docbook/reference/en/en-US/master.xml
+++ b/docbook/reference/en/en-US/master.xml
@@ -4,6 +4,7 @@
                 <!ENTITY License SYSTEM "modules/License.xml">
                 <!ENTITY Overview SYSTEM "modules/Overview.xml">
                 <!ENTITY Installation SYSTEM "modules/server-installation.xml">
+                <!ENTITY OpenShift SYSTEM "modules/openshift.xml">
                 <!ENTITY AdapterConfig SYSTEM "modules/adapter-config.xml">
                 <!ENTITY WildflyAdapter SYSTEM "modules/wildfly-adapter.xml">
                 <!ENTITY EAP6Adapter SYSTEM "modules/eap6-adapter.xml">
@@ -49,6 +50,7 @@
     &License;
     &Overview;
     &Installation;
+    &OpenShift;
     <chapter>
         <title>Adapters</title>
         <para>

diff --git a/docbook/reference/en/en-US/modules/openshift.xml b/docbook/reference/en/en-US/modules/openshift.xml
new file mode 100644
index 0000000..97b329a
--- /dev/null
+++ b/docbook/reference/en/en-US/modules/openshift.xml
@@ -0,0 +1,71 @@
+<chapter id="openshift">
+    <title>Running Keycloak Server on OpenShift</title>
+
+    <para>
+        Keycloak provides a OpenShift cartridge to make it easy to get it running on OpenShift. If you don't already
+        have
+        an account or don't know how to create applications go to
+        <ulink url="https://www.openshift.com/"/>
+        first. You can
+        create the Keycloak instance either with the web tool or the command line tool, both approaches are described
+        below.
+    </para>
+
+    <warning>
+        <para>
+            It's important that immediately after creating a Keycloak instance you open the <literal>Administration Console</literal>
+            and login to reset the password. If this is not done anyone can easily gain admin rights to your Keycloak instance.
+        </para>
+    </warning>
+
+    <section>
+        <title>Create Keycloak instance with the web tool</title>
+        <para>
+            Open
+            <ulink url="https://openshift.redhat.com/app/console/applications"/>
+            and click on<literal>Add Application</literal>.
+            Scroll down to the bottom of the page to find the
+            <literal>Code Anything</literal>
+            section. Insert
+            <literal>https://raw.github.com/keycloak/openshift-keycloak-cartridge/master/metadata/manifest.yml</literal>
+            into the
+            <literal>URL to a cartridge definition</literal>
+            field and click on<literal>Next</literal>. Fill in the
+            following form and click on<literal>Create Application</literal>.
+        </para>
+        <para>
+            Click on <literal>Continue to the application overview page</literal>. Under the list of applications you should
+            find your Keycloak instance and the status should be <literal>Started</literal>. Click on it to open the Keycloak
+            servers homepage.
+        </para>
+    </section>
+
+    <section>
+        <title>Create Keycloak instance with the web tool</title>
+        <para>
+            Run the following command from a terminal:
+            <programlisting>rhc app create &lt;APPLICATION NAME&gt; https://raw.github.com/keycloak/openshift-keycloak-cartridge/master/metadata/manifest.yml</programlisting>
+            Replace <literal>&lt;APPLICATION NAME&gt;</literal> with the name you want (for example keycloak).
+        </para>
+        <para>
+            Once the instance is created the rhc tool outputs details about it. Open the returned <literal>URL</literal> in a
+            browser to open the Keycloak servers homepage.
+        </para>
+    </section>
+
+    <section>
+        <title>Next steps</title>
+        <para>
+            The Keycloak servers homepage should show the Keycloak logo and <literal>Welcome to Keycloak</literal>.
+            There should also be a link to the <literal>Administration Console</literal>. Open that and log in using username
+            <literal>admin</literal> and password <literal>admin</literal>. On the first login you should be asked
+            to reset the password.
+        </para>
+        <tip>
+            <para>
+                On OpenShift Keycloak has been configured to only accept requests over https. If you try to use http
+                you should be redirected to https.
+            </para>
+        </tip>
+    </section>
+</chapter>

diff --git a/docbook/reference/en/en-US/modules/social-facebook.xml b/docbook/reference/en/en-US/modules/social-facebook.xml
index f173d21..bc87171 100644
--- a/docbook/reference/en/en-US/modules/social-facebook.xml
+++ b/docbook/reference/en/en-US/modules/social-facebook.xml
@@ -21,9 +21,7 @@
                 Once the app has been created click on <literal>Settings</literal> in sidebar on the left. Then click
                 on <literal>Advanced</literal>. Under <literal>Security</literal> make sure
                 <literal>Client OAuth Login</literal> is enabled. In <literal>Valid OAuth redirect URIs</literal> insert
-                the <link linkend="social-callbackurl">social callback url</link>. Facebook doesn't allow
-                <literal>localhost</literal> in the redirect URI, so if you are testing on a local server replace
-                <literal>localhost</literal> with <literal>127.0.0.1</literal>. Scroll down and click on the
+                the <link linkend="social-callbackurl">social callback url</link>. Scroll down and click on the
                 <literal>Save Changes</literal> button.
             </para>
         </listitem>
@@ -42,4 +40,10 @@
             </para>
         </listitem>
     </orderedlist>
+    <tip>
+        <para>
+            Facebook doesn't allow <literal>localhost</literal> in the redirect URI. To test on a local server
+            replace <literal>localhost</literal> with <literal>127.0.0.1</literal>.
+        </para>
+    </tip>
 </section>
\ No newline at end of file

diff --git a/docbook/reference/en/en-US/modules/social-twitter.xml b/docbook/reference/en/en-US/modules/social-twitter.xml
index 316a178..7f7f3fb 100644
--- a/docbook/reference/en/en-US/modules/social-twitter.xml
+++ b/docbook/reference/en/en-US/modules/social-twitter.xml
@@ -11,10 +11,7 @@
                 Log in to the <ulink url="https://dev.twitter.com/apps">Twitter Developer Console</ulink>. Click the
                 <literal>Create a new application</literal> button. Use any value for <literal>Name</literal>,
                 <literal>Description</literal> and <literal>Website</literal> you want. Insert the social callback url
-                in <literal>Callback URL</literal>. Twitter doesn't allow <literal>localhost</literal> in the redirect URI,
-                so if you are testing on a local server replace <literal>localhost</literal> with <literal>127.0.0.1</literal>.
-                Twitter also restricts connection to TLS/SSL connections only, this means that you have to use HTTPS to
-                access Keycloak in order to log in via Twitter. Then click <literal>Create your Twitter application</literal>.
+                in <literal>Callback URL</literal>. Then click <literal>Create your Twitter application</literal>.
             </para>
         </listitem>
         <listitem>
@@ -32,4 +29,12 @@
             </para>
         </listitem>
     </orderedlist>
+    <tip>
+        <para>
+            Twitter doesn't allow <literal>localhost</literal> in the redirect URI. To test on a local server
+            replace <literal>localhost</literal> with <literal>127.0.0.1</literal>.
+            Twitter also restricts connection to TLS/SSL connections only, so you are required to use HTTPS to access
+            Keycloak to enable log in with Twitter.
+        </para>
+    </tip>
 </section>
\ No newline at end of file