amAuthOAuth.properties revision f6e2cb3fcbf7ad3fb8f5a19414d54d5f2b774a63
3412N/A# Distribution License (the License). You may not use this file except in compliance with the
3412N/A# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
3412N/A# When distributing Covered Software, include this CDDL Header Notice in each file and include
3412N/A# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
3412N/Aa101.help.txt=For more information on the OAuth client_id parameter refer to the \
3412N/A<a href="http://tools.ietf.org/html/rfc6749#section-2.3.1" target="_blank">RFC 6749</a>, section 2.3.1
3412N/Aa102.help.txt=For more information on the OAuth client_secret parameter refer to the \
3412N/A<a href="http://tools.ietf.org/html/rfc6749#section-2.3.1" target="_blank">RFC 6749</a>, section 2.3.1
3412N/Aa103.help.txt=This is the URL endpoint for OAuth authentication provided by the OAuth Identity Provider
3412N/Aa104.help.txt=This is the URL endpoint for access token retrieval provided by the OAuth Identity Provider. Refer to the \
3412N/A<a href="http://tools.ietf.org/html/rfc6749#section-3.2" target="_blank">RFC 6749</a>, section 3.2
3412N/Aa105.help.txt=This URL endpoint provides user profile information and is provided by the OAuth Identity Provider<br/><br/>\
3412N/Aa106.help.txt=The OAuth scope is a list of values that define the type of information that can be retrieved from \
3412N/Athe user profile service. The values will depend on the type of permissions that the user has given to the user profile application \
3412N/Aa107.help = The name of the parameter that will contain the access token value when accessing the profile service
3412N/Aa108.help.txt=This URL should only be changed from the default, if an external server is performing the GET to POST proxying. \
3412N/AThe default is <code>/openam/oauth2c/OAuthProxy.jsp</code>
3412N/Aa108a.help=Name of the class implementing the account provider.
3412N/Aa108a.help.txt=This class is used by the module to find the account from the attributes mapped by the Account Mapper \
3412N/A <code>org.forgerock.openam.authentication.modules.common.mapping.AccountProvider</code> interface.\
3412N/A <br/>String constructor parameters can be provided by appending <code>|</code> separated values.
3412N/Aa109.help.txt=This class is used by the module to map from the account information received from the OAuth Identity Provider into OpenAM.\
3412N/A<br/><br/>The class must implement the <code>org.forgerock.openam.authentication.modules.common.mapping.AttributeMapper</code> interface.\
3412N/A <ul><li>org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper</li>\
3412N/A <li>org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper (can only be used when using the openid scope)</li></ul>\
3412N/Aa110.help.txt=Attribute configuration that will be used to map the account of the user authenticated in the OAuth 2.0 Provider to \
3412N/Aa111.help.txt=This class maps the OAuth properties into OpenAM properties. A custom attribute mapper can be provided.<br/>\
3412N/A <code>org.forgerock.openam.authentication.modules.common.mapping.AttributeMapper</code> interface.\
3412N/A <ul><li>org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper</li>\
3412N/A <li>org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper (can only be used when using the openid scope)</li></ul>\
3412N/Aa112.help.txt=Attribute configuration that will be used to map the user info obtained from the OAuth 2.0 Provider to the local \
3412N/Auser data store in the OpenAM.<br/><br/>Example: <code>OAuth2.0_attribute=local_attribute</code>
3412N/Aa115.help=If this option is enabled, the attributes configured in the attribute mapper will be saved into the OpenAM session
3412N/Aa118.help.txt=The attribute in the response from the profile service in the OAuth 2.0 Provider that contains the email address of \
3412N/Athe authenticated user. This address will be used to send an email with an activation code when the accounts are allowed to be created \
3412N/Aa120.help=If the OAuth2 account does not exist in the local OpenAM data store, an account will be created dynamically.
3412N/Aa120.help.txt=If this is enabled, the account mapper could create the account dynamically if there is no account mapped. Before \
3412N/Acreating the account, a dialog prompting for a password and asking for an activation code can be shown if the parameter "Prompt \
3412N/Afor password setting and activation code" is enabled.<br /><br />If this flag is not enabled, 3 alternative options exist:<br/><br/>\
3412N/A<li>The user does not have a user profile and the "Ignore Profile" is set in the Authentication Service of the realm.</li>\
3412N/A<li>The account is mapped to an anonymous account (see parameter "Map to anonymous user" and "Anonymous User")</li></ol>
3412N/Aa122.help=Users must set a password and complete the activation flow during dynamic profile creation.
3412N/Aa122.help.txt=If this is enabled, the user must set a password before the system creates an account dynamically and an activation \
3412N/Acode will be sent to the user's email address. The account will be created only if the password and activation code are properly set. \
3412N/A<br />If this is disabled, the account will be created transparently without prompting the user.
3412N/Aa124.help.txt=If selected, the authenticated users in the OAuth 2.0 Provider will be mapped to the anonymous user configured in the \
3412N/Anext parameter.<br/>If not selected the users authenticated will be mapped by the parameters configured in the account mapper.\
3412N/A<br/><br/><i>NB </i>If <i>Create account if it does not exist</i> is enabled, that parameter takes precedence.
3412N/Aa126.help.txt=The username of the user that will represent the anonymous user. This user account must already exist in the realm.
3412N/Aa128.help.txt=OAuth 2.0 Identity Providers can have a logout service. If this logout functionality is required then the URL of \
3412N/Aa130.help.txt=The OAuth module has the following logout options for the user:<br/><br/>\
3412N/A<li>Do not logout: Do not logout the user from the OAuth 2.0 Provider and do not prompt</li></ul>
3412N/Aa132.help.txt=This class is used by the module to send email. A custom implementation can be provided.<br/><br/>\
3412N/AThe custom implementation must implement the <code>org.forgerock.openam.authentication.modules.oauth2.EmailGateway</code>
3412N/Aa500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
3412N/Aioe = Authentication failed with an Input/Output exception while trying to get content
3412N/AhttpErrorCode = Authentication failed because the remote server responded with an HTTP error code {0}
3412N/AincorrectState=Authorization request failed because the state parameter contained an unexpected value
3412N/AmessageBody = Thanks for registering with us.\n\nA username will be created for you once you provide the activation code.\n\nPlease click the following link to create and activate your account:\n\n#ACTIVATION_LINK#\n\nIf you encounter an error message, you can also copy the activation code and paste it in the screen that is asking for it.\n\n\Your activation code is: #ACTIVATION_CODE#\n\nBest Regards,\n\nForgeRock
3412N/AactivationCodeMsg = You were sent an activation code to the email address configured in your profile.Please check your mail and click the link provided. If you have a problem when clicking the link, then copy and paste the activation code here and hit Enter. Thanks
3412N/ApasswordRules = The password must have at least 8characters<br/>At least one uppercase and one lowercase character<br/>At least one number<br/>It can also contain the characters + = _
3412N/Aoidc.issuer_name=Name of OpenID Connect ID Token Issuer
3412N/Aoidc.issuer_name.help= Required when the 'openid' scope is included. Value must match the iss field in issued ID Token\
3412N/Aoidc.crypto_context_type=OpenID Connect validation configuration type
3412N/Aoidc.crypto_context_type.help=Required when the 'openid' scope is included. Please select either 1. the issuer discovery url, \
3412N/Aoidc.crypto_context_value=OpenID Connect validation configuration value
3412N/Aoidc.crypto_context_value.help=Required when the 'openid' scope is included. The discovery url, or jwk url, or the \
3412N/Aoidc.crypto_context_value.help.txt=If discovery or jwk url entered, entry must be in valid url format, <br/>\