main/resources/amAuthSAML2.properties

	amAuthSAML2.properties revision 449854c2a07b50ea64d9d6a8b03d18d4afeeee43
# The contents of this file are subject to the terms of the Common Development and
# Distribution License (the License). You may not use this file except in compliance with the
# License.
#
# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
# specific language governing permission and limitations under the License.
#
# When distributing Covered Software, include this CDDL Header Notice in each file and include
# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
# Header, with the fields enclosed by brackets [] replaced by your own identifying
# information: "Portions copyright [year] [name of copyright owner]".
#
# Copyright 2015 ForgeRock AS.

authentication=Authentication Modules
iPlanetAMAuthSAML2ServiceDescription=SAML2
a500=Authentication Level
a500.help=The authentication level associated with this module.
a500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
associated with the module; 0 is the lowest (and the default).
a501=IdP Entity ID
a501.help=The entity name of the SAML2 IdP Service to use for this module (must be configured within this realm).
a502=MetaAlias
a502.help=MetaAlias for Service Provider. The format of this parameter is /realm_name/SP name.
a503=AllowCreate
a503.help=(Optional) Use this parameter to indicate whether the identity provider can create a new identifier for the \
  principal if none exists (true) or not (false).
a504=Linking Authentication Chain
a504.help=The authentication chain that will be executed when a user is required to be authenticated locally to \
  match their user account with that of a remotely authenticated assertion.
a505=AuthComparison
a505.help=(Optional) Use this parameter to specify a comparison method to evaluate the requested context classes or \
  statements. OpenAM accepts the following values: better, exact, maximum, and minimum.
a506=AuthnContextClassRef
a506.help=(Optional) Use this parameter to specify authentication context class references. Separate multiple values \
  with pipe characters (|).
a507=AuthnContextDeclRef
a507.help=(Optional) Use this parameter to specify authentication context declaration references. Separate multiple \
  values with pipe characters (|).
a508=ACS Binding
a508.help=Use this parameter to indicate what binding to use for the operation. For example, \
  specify binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST to use HTTP POST binding with a self-submitting form. \
  In addition to urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, you can also use \
  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact.
a510=ForceAuthn
a510.help=(Optional) Use this parameter to indicate whether the identity provider should force authentication (true) or \
  can reuse existing security contexts (false).
a511=isPassive
a511.help=(Optional) Use this parameter to indicate whether the identity provider should authenticate passively (true) \
  or not (false).
a512=nameIdFormat
a512.help=(Optional) Use this parameter to specify a SAML Name Identifier format identifier such as \
  urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient, or \
  urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
a514=Request Binding
a514.help=Use this parameter to indicate what binding to use for the authentication request. Valid values in \
  include urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (default) and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST.
a515=Single Logout Enabled
a515.help=Enable to attempt logout of the user's IdP session at the point of session logout. Required the  \
  org.forgerock.openam.authentication.modules.saml2.SAML2PostAuthenticationPlugin to be active on the chain which \
  includes this SAML2 module.
a516=Single Logout URL
a516.help=If Single Logout is enabled, this is the URL to which the user should be forwarded after successful \
  IdP logout.
invalidLoginState=Unexpected Error during SAML2 Login.
samlLocalAuthFailed=Failed local authentication.  Please try again.
samlLocalConfigFailed=Failed to load SAML2 Configuration.
localLinkError=Unable to link local user to remote user.
samlFailoverError=SAML2 Failover must be enabled for SAML2 auth to function.
badRequest=Proxy received bad request.
missingCookie=Proxy did not find expected cookie.
missingMeta=Proxy was unable to locate the meta manager.
metaError=There was an error in the metadata.
samlGet=Proxy was unable ot extract the SAML response.
samlVerify=Proxy was unable to verify the response.
samlFailover=Proxy was unable to verify SAML2 failover.
samlNullRequest=Unable to login without http request.  Programmatic login is not supported.