OAuth2Provider.properties revision e9f58f98089a4e4670e5ee2d3df315561084786e
0N/Ag101.help=The maximum execution time any individual script should take on the server (in seconds).
0N/Ag101.help.txt=Scripts will be forcibly stopped after this amount of execution time.
1539N/Ag103.help.txt=New threads will be created up to this size once the task queue reaches capacity. Has no effect if the \
4216N/Ag104.help=Size of queue to use for buffering script execution request when core pool is at capacity.
1539N/Ag104.help.txt=Use -1 for an unbounded queue (this disables the maximum pool size setting). For short, CPU-bound \
1539N/A scripts, consider a small pool size and larger queue length. For I/O-bound scripts (e.g., REST calls) consider \
1539N/A a larger maximum pool size and a smaller queue. Not hot-swappable: restart server for changes to take effect.
1539N/Ag105.help.txt=Length of time (in seconds) to wait before terminating threads that were started when the queue reached \
1539N/Ag106.help.txt=Each Java class accessed by a script must match at least one of these patterns. Use '*' as a wildcard, \
1539N/Ag107.help.txt=This blacklist is applied after the whitelist to apply additional restrictions. For instance you may \
1539N/A whitelist java.lang.* and then blacklist java.lang.System and java.lang.Runtime. It is recommended to always prefer \
1539N/Ag108.help=Indicates whether the system SecurityManager should also be consulted when checking access to Java classes.
1539N/Ag108.help.txt=If enabled, then the checkPackageAccess method will be called for each Java class accessed. If no \
1539N/Aa103a.help=Check to enable generation of refresh tokens when refreshing access tokens
1539N/Aa104aa.help=This is a script that will be run, when using an implementation of the \
1539N/A org.forgerock.openam.oauth2.OpenAMScopeValidator, when issuing an ID Token or making a request to the userinfo \
1539N/A endpoint that will gather and fill in all claims for the request. The script has access to the requested scopes, \
1539N/Aa104ab.help=This is the language of the OIDC claims script
a105.help=Response types are input as such, code|name of plugin class. For example, code|org.forgerock.openam.oauth2.CodeClass. \
If there is no implementation class none should be used in place of the class name. For example id_token|none.
a106.help=If the attribute is mail and uid, then a search string of (|(mail=user)(uid=user)) will be used to get the \
a107.help=To use saved consent a list attribute must be set up and the attribute name provided.
a108.help=A list of scopes this authorization server supports.
a109.help=The Remote URL where the providers JSON Web Key can be retrieved.
a110.help=List of subject types supported. Valid values are pairwise and public.
a111.help=Algorithms supported to sign id_tokens.
a112.help=List of claims supported by the userinfo endpoint.
a113.help=The amount of time in seconds the JWT will be valid for.
a114.help=The name of the key put in the keystore used to sign the ID Tokens issued by OpenAM.
a115.help=Allow clients to register without an access token. If enabled, you should consider adding some form of rate \
limiting. See <a href="http://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration" \
a116.help=Whether to generate Registration Access Tokens for clients that register via open dynamic client \
href="http://openid.net/specs/openid-connect-registration-1_0.html#ClientConfigurationEndpoint" \
target="_blank">Client Configuration Endpoint</a> as per the OpenID Connect specification. This setting has \
a117.help=Maps OpenID Connect ACR values to authentication chains. See <a \
href="http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest" target="_blank">the acr_values parameter</a> \
a118.help=Default value to use as the 'acr' claim in an OpenID Connect ID Token when using the default authentication \
a119.help=If you require <code>amr</code> values to be returned in the OpenID Connect <code>id_token</code>, you can \
configure them here. Once authentication has completed, the authentication modules that were used from the \
authentication service will be mapped to the <code>amr</code> values. If you do not require amr values, or are not \
a120.help=The attribute name of the modified timestamp in the identity repository (must also be added to the User \
a121.help=The attribute name of the created timestamp in the identity repository (must also be added to the User \
a122.help=List of scopes a client will be granted if they request registration without specifying which scopes they \
a123.help=If enabled, clients will be able to request individual claims using the "claims" Request Parameter \
a124.help=If pairwise subject types are supported, it is STRONGLY RECOMMENDED to set this value. It is used in \
the salting of hashes for returning specific sub claims to individuals using the same request_uri or \
a125.help=All id_tokens will contain scope-derived claims. Warning: not strictly spec-compliant.
a125.help.txt=The <a href="http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims">OpenID Connect \
specification</a> is ambiguous whether scope-derived claims should always be added to the ID Token. This is \
disabled by default in order to guarantee compliance, but can be enabled for situations where calling the \
a126.help=If enabled, Authorization Code requests will require a "code_challenge" attribute
.org/html/draft-ietf-oauth-spop-12">here</a>
a1075.help=The attribute for identities retrieved from the ID Repository that contains a displayable name for the user \