amAuthOAuth.properties revision dba6264e760052e4f42a5114d2690f1e188cb767
# The contents of this file are subject to the terms of the Common Development and
# Distribution License (the License). You may not use this file except in compliance with the
# License.
#
# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
# specific language governing permission and limitations under the License.
#
# When distributing Covered Software, include this CDDL Header Notice in each file and include
# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
# Header, with the fields enclosed by brackets [] replaced by your own identifying
# information: "Portions copyright [year] [name of copyright owner]".
#
# Copyright 2011-2015 ForgeRock AS.
#
# Portions Copyrighted 2012 Open Source Solution Technology Corporation
# Portions Copyrighted 2016 Nomura Research Institute, Ltd.
# module descriptor (shows up on OpenAM Console)
description = OAuth 2.0 / OpenID Connect
# localization for module configuration
a101=Client Id
a101.help=OAuth client_id parameter
a101.help.txt=For more information on the OAuth client_id parameter refer to the \
<a href="http://tools.ietf.org/html/rfc6749#section-2.3.1" target="_blank">RFC 6749</a>, section 2.3.1
a102=Client Secret
a102.help=OAuth client_secret parameter
a102.help.txt=For more information on the OAuth client_secret parameter refer to the \
<a href="http://tools.ietf.org/html/rfc6749#section-2.3.1" target="_blank">RFC 6749</a>, section 2.3.1
a103=Authentication Endpoint URL
a103.help=OAuth authentication endpoint URL
a103.help.txt=This is the URL endpoint for OAuth authentication provided by the OAuth Identity Provider
a104=Access Token Endpoint URL
a104.help=OAuth access token endpoint URL
a104.help.txt=This is the URL endpoint for access token retrieval provided by the OAuth Identity Provider. Refer to the \
<a href="http://tools.ietf.org/html/rfc6749#section-3.2" target="_blank">RFC 6749</a>, section 3.2
a105=User Profile Service URL
a105.help=User profile information URL
a105.help.txt=This URL endpoint provides user profile information and is provided by the OAuth Identity Provider<br/><br/>\
<i>NB </i>This URL should return JSON objects in response
a106=Scope
a106.help=OAuth scope; list of user profile properties
a106.help.txt=The OAuth scope is a list of values that define the type of information that can be retrieved from \
the user profile service. The values will depend on the type of permissions that the user has given to the user profile application \
in the OAuth 2.0 Provider.<br/><br/>Example: <code>email, read_stream</code>
a107 = OAuth2 Access Token Profile Service Parameter name
a107.help = The name of the parameter that will contain the access token value when accessing the profile service
a108=Proxy URL
a108.help=The URL to the OpenAM OAuth proxy JSP
a108.help.txt=This URL should only be changed from the default, if an external server is performing the GET to POST proxying. \
The default is <code>/openam/oauth2c/OAuthProxy.jsp</code>
a108a=Account Provider
a108a.help=Name of the class implementing the account provider.
a108a.help.txt=This class is used by the module to find the account from the attributes mapped by the Account Mapper \
<code>org.forgerock.openam.authentication.modules.common.mapping.AccountProvider</code> interface.\
<br/>String constructor parameters can be provided by appending <code>|</code> separated values.
a109=Account Mapper
a109.help=Name of the class implementing the attribute mapping for the account search.
a109.help.txt=This class is used by the module to map from the account information received from the OAuth Identity Provider into OpenAM.\
<br/><br/>The class must implement the <code>org.forgerock.openam.authentication.modules.common.mapping.AttributeMapper</code> interface.\
<br/>Provided implementations are:\
<ul><li>org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper</li>\
<li>org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper (can only be used when using the openid scope)</li></ul>\
String constructor parameters can be provided by appending <code>|</code> separated values.
a110=Account Mapper Configuration
a110.help=Mapping of OAuth account to local OpenAM account
a110.help.txt=Attribute configuration that will be used to map the account of the user authenticated in the OAuth 2.0 Provider to \
the local data store in the OpenAM. Example: <code>OAuth2.0_attribute=local_attribute</code>
a111=Attribute Mapper
a111.help=Name of the class that implements the attribute mapping
a111.help.txt=This class maps the OAuth properties into OpenAM properties. A custom attribute mapper can be provided.<br/>\
<br/>A custom attribute mapper must implement the \
<code>org.forgerock.openam.authentication.modules.common.mapping.AttributeMapper</code> interface.\
<br/>Provided implementations are:\
<ul><li>org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper</li>\
<li>org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper (can only be used when using the openid scope)</li></ul>\
String constructor parameters can be provided by appending <code>|</code> separated values.
a112=Attribute Mapper Configuration
a112.help=Mapping of OAuth attributes to local OpenAM attributes
a112.help.txt=Attribute configuration that will be used to map the user info obtained from the OAuth 2.0 Provider to the local \
user data store in the OpenAM.<br/><br/>Example: <code>OAuth2.0_attribute=local_attribute</code>
a115=Save attributes in the session
a115.help=If this option is enabled, the attributes configured in the attribute mapper will be saved into the OpenAM session
a118=Email attribute in OAuth2 Response
a118.help=Attribute from the OAuth2 response used to send activation code emails.
a118.help.txt=The attribute in the response from the profile service in the OAuth 2.0 Provider that contains the email address of \
the authenticated user. This address will be used to send an email with an activation code when the accounts are allowed to be created \
dynamically.
a120=Create account if it does not exist
a120.help=If the OAuth2 account does not exist in the local OpenAM data store, an account will be created dynamically.
a120.help.txt=If this is enabled, the account mapper could create the account dynamically if there is no account mapped. Before \
creating the account, a dialog prompting for a password and asking for an activation code can be shown if the parameter "Prompt \
for password setting and activation code" is enabled.<br /><br />If this flag is not enabled, 3 alternative options exist:<br/><br/>\
<ol><li>The accounts need to have a user profile in the OpenAM User Data Store</li>\
<li>The user does not have a user profile and the "Ignore Profile" is set in the Authentication Service of the realm.</li>\
<li>The account is mapped to an anonymous account (see parameter "Map to anonymous user" and "Anonymous User")</li></ol>
a122=Prompt for password setting and activation code
a122.help=Users must set a password and complete the activation flow during dynamic profile creation.
a122.help.txt=If this is enabled, the user must set a password before the system creates an account dynamically and an activation \
code will be sent to the user's email address. The account will be created only if the password and activation code are properly set. \
<br />If this is disabled, the account will be created transparently without prompting the user.
a124=Map to anonymous user
a124.help=Enabled anonymous user access to OpenAM for OAuth authenticated users
a124.help.txt=If selected, the authenticated users in the OAuth 2.0 Provider will be mapped to the anonymous user configured in the \
next parameter.<br/>If not selected the users authenticated will be mapped by the parameters configured in the account mapper.\
<br/><br/><i>NB </i>If <i>Create account if it does not exist</i> is enabled, that parameter takes precedence.
a126=Anonymous User
a126.help=Username of the OpenAM anonymous user
a126.help.txt=The username of the user that will represent the anonymous user. This user account must already exist in the realm.
a128=OAuth 2.0 Provider logout service
a128.help=The URL of the OAuth Identity Providers Logout service
a128.help.txt=OAuth 2.0 Identity Providers can have a logout service. If this logout functionality is required then the URL of \
the Logout endpoint should configured here.
a130=Logout options
a130.help=Controls how Logout options will be presented to the user.
a130.help.txt=The OAuth module has the following logout options for the user:<br/><br/>\
<ul><li>Prompt: Prompt the user to logout from the OAuth 2.0 Provider</li>\
<li>Logout: Logout from the OAuth 2.0 Provider and do not prompt</li>\
<li>Do not logout: Do not logout the user from the OAuth 2.0 Provider and do not prompt</li></ul>
a132=Mail Server Gateway implementation class
a132.help=The class used by the module to send email.
a132.help.txt=This class is used by the module to send email. A custom implementation can be provided.<br/><br/>\
The custom implementation must implement the <code>org.forgerock.openam.authentication.modules.oauth2.EmailGateway</code>
a134=SMTP host
a134.help=The mail host that will be used by the Email Gateway implementation
a136=SMTP port
a136.help=The TCP port that will be used by the SMTP gateway
a138=SMTP User Name
a138.help=If the SMTP Service requires authentication, configure the user name here
a140=SMTP User Password
a140.help=The Password of the SMTP User Name
a142=SMTP SSL Enabled
a142.help=Tick this option if the SMTP Server provides SSL
a144=SMTP From address
a144.help=The email address on behalf of whom the messages will be sent
a145=Code challenge algorithm
a145.help=The algorithm used to transform the code verifier into the code challenge
a145.help.txt=The Authorization Code Grant flow can be susceptible to an interception attack. This can be mitigated \
against using a code challenge parameter. See - <li>https://tools.ietf.org/html/draft-ietf-oauth-spop-12</li>
a500 = Authentication Level
a500.help=The authentication level associated with this module.
a500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
associated with the module; 0 is the lowest (and the default).
#
# error messages
#
authFailed = Authentication failed due to unknown reason
json = Authentication failed with a json exception
ssoe = Authentication failed with a Single Sign On Exception
ire = Authentication failed with an Identity Repo Exception
unknownState = Authentication failed because the state was not valid
ioe = Authentication failed with an Input/Output exception while trying to get content
httpErrorCode = Authentication failed because the remote server responded with an HTTP error code {0}
malformedURL = Malformed URL when trying to access the profile service
invalidField = The input field {0} contains invalid data: {1}
audience = OpenID Connect ID token is not for this audience.
noState=Authorization request failed because there was no state parameter
incorrectState=Authorization request failed because the state parameter contained an unexpected value
#
# Mail parameters
#
messageSubject = Activation code
messageBody = Thanks for registering with us.\n\nA username will be created for you once you provide the activation code.\n\nPlease click the following link to create and activate your account:\n\n#ACTIVATION_LINK#\n\nIf you encounter an error message, you can also copy the activation code and paste it in the screen that is asking for it.\n\n\Your activation code is: #ACTIVATION_CODE#\n\nBest Regards,\n\nForgeRock
#
# Buttons in the Authentication Service Configuration
#
donotlogout = Do not logout
logout = Log out
prompt = Prompt
i18nTrue = true
i18nFalse = false
S256 = SHA 256
plain = Plain
#
# JSP messages
#
# Activation page
activationTitle = Activation Code Page
activationLabel = Activation Code
activationCodeMsg = You were sent an activation code to the email address configured in your profile.Please check your mail and click the link provided. If you have a problem when clicking the link, then copy and paste the activation code here and hit Enter. Thanks
emptyCode = The activation code can not be empty
errInvalidCode = The code introduced is not valid
submit = Submit
cancel = Cancel
#
# Password setting page
newPassLabel = New Password
confirmPassLabel = Confirm your password
termsAndCondsLabel = terms and conditions of service
passwordSetMsg = Please provide a password for your account.
passwordRules = The password must have at least 8characters<br/>At least one uppercase and one lowercase character<br/>At least one number<br/>It can also contain the characters + = _
errLength = Error. Password must contain at least eight characters
errNumbers = Error. password must contain at least one number. 0-9
errLowercase = Error. password must contain at least one lowercase letter. a-z
errUppercase = Error. password must contain at least one uppercase letter. A-Z
errNoMatch = Error. The password and confirmation password do not match
errEmptyPass = Please enter a password and confirm it
errTandC = Please accept terms and conditions
errInvalidPass = The password provided contains invalid characters
#
# Logout Page
# #IDP# will be replaced by the name of the IdP during the presentation of the page
doYouWantToLogout = Do you also want to logout from #IDP# ?
loggingYouOut = Logging you out from the IdP
youVeBeenLogedOut = You have been loggedout from the OAuth 2.0 IdP
noSupportIFrames = Your browser does not support iframes
logmeout=Yes
donot=No
enableScripts=Please enable java scripts in your browser
# OpenID Connect validation settings
oidc.issuer_name=Name of OpenID Connect ID Token Issuer
oidc.issuer_name.help= Required when the 'openid' scope is included. Value must match the iss field in issued ID Token\
<br/>e.g. accounts.google.com
oidc.crypto_context_type=OpenID Connect validation configuration type
oidc.crypto_context_type.help=Required when the 'openid' scope is included. Please select either 1. the issuer discovery url, \
2. the issuer jwk url, or 3. the client_secret.
oidc.crypto_context_value=OpenID Connect validation configuration value
oidc.crypto_context_value.help=Required when the 'openid' scope is included. The discovery url, or jwk url, or the \
client_secret, corresponding to the selection above.
oidc.crypto_context_value.help.txt=If discovery or jwk url entered, entry must be in valid url format, <br/>\
e.g. https://accounts.google.com/.well-known/openid-configuration<br/>\
<i>NB </i>If client_secret entered, entry is ignored and the value of the Client Secret is used.