# The contents of this file are subject to the terms of the Common Development and
# Distribution License (the License). You may not use this file except in compliance with the
# License.
#
# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
# specific language governing permission and limitations under the License.
#
# When distributing Covered Software, include this CDDL Header Notice in each file and include
# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
# Header, with the fields enclosed by brackets [] replaced by your own identifying
# information: "Portions copyright [year] [name of copyright owner]".
#
# Copyright 2015-2016 ForgeRock AS.
authentication=Authentication Modules
iPlanetAMAuthSAML2ServiceDescription=SAML2
a500=Authentication Level
a500.help=The authentication level associated with this module.
a500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
associated with the module; 0 is the lowest (and the default).
a501=IdP Entity ID
a501.help=The entity name of the SAML2 IdP Service to use for this module (must be configured within this realm).
a502=SP MetaAlias
a502.help=MetaAlias for Service Provider. The format of this parameter is <pre>/realm_name/SP</pre>
a503=Allow IdP to Create NameID
a503.help= Use this parameter to indicate whether the identity provider can create a new identifier for the \
principal if none exists (true) or not (false).
a504=Linking Authentication Chain
a504.help=The authentication chain that will be executed when a user is required to be authenticated locally to \
match their user account with that of a remotely authenticated assertion.
a505=Comparison Type
a505.help=(Optional) Use this parameter to specify a comparison method to evaluate the requested context classes or \
statements. OpenAM accepts the following values: <pre>better</pre>, <pre>exact</pre>, <pre>maximum</pre>, and \
<pre>minimum</pre>.
a506=Authentication Context Class Reference
a506.help=(Optional) Use this parameter to specify authentication context class references. Separate multiple values \
with pipe characters (|).
a507=Authentication Context Declaration Reference
a507.help=(Optional) Use this parameter to specify authentication context declaration references. Separate multiple \
values with pipe characters (|).
a508=Request Binding
a508.help=Use this parameter to indicate what binding the SP should use when communicating with the IdP.
a509=Response Binding
a509.help=Use this parameter to indicate what binding the IdP should use when communicating with this SP.
a510=Force IdP Authentication
a510.help=Use this parameter to indicate whether the identity provider should force authentication \
(true) or can reuse existing security contexts (false).
a511=Passive Authentication
a511.help=Use this parameter to indicate whether the identity provider should authenticate passively \
(true) or not (false).
a512=NameID Format
a512.help=(Optional) Use this parameter to specify a SAML Name Identifier format identifier such as \
<pre>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</pre> \
<pre>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</pre> \
<pre>urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified</pre>
a515=Single Logout Enabled
a515.help=Enable to attempt logout of the user's IdP session at the point of session logout. Required the \
<pre>org.forgerock.openam.authentication.modules.saml2.SAML2PostAuthenticationPlugin</pre> to be active on the chain \
that includes this SAML2 module.
a516=Single Logout URL
a516.help=If Single Logout is enabled, this is the URL to which the user should be forwarded after successful \
IdP logout. This must be a fully-qualified URL (start with http...), or the redirect will not function.
invalidLoginState=Unexpected Error during SAML2 Login.
samlLocalAuthFailed=Failed local authentication. Please try again.
samlLocalConfigFailed=Failed to load SAML2 Configuration.
localLinkError=Unable to link local user to remote user.
samlFailoverError=SAML2 Failover must be enabled for SAML2 auth to function.
badRequest=Proxy received bad request.
missingCookie=Proxy did not find expected cookie.
missingMeta=Proxy was unable to locate the meta manager.
metaError=There was an error in the metadata.
samlGet=Proxy was unable ot extract the SAML response.
samlVerify=Proxy was unable to verify the response.
samlFailover=Proxy was unable to verify SAML2 failover.
samlNullRequest=Unable to login without http request. Programmatic login is not supported.
HTTP-Redirect=HTTP-Redirect
HTTP-POST=HTTP-POST
HTTP-Artifact=HTTP-Artifact
Persistent=Persistent
Transient=Transient
Unspecified=Unspecified
true=true
false=false
exact=exact
better=better
maximum=maximum
minimum=minimum