revision f5f8e9794583ee85bce482bed7461f5c3ad9181e
# Copyright (c) 2011 ForgeRock AS. All Rights Reserved
# Copyright (c) 2011 Cybernetica AS.
# The contents of this file are subject to the terms
# of the Common Development and Distribution License
# (the License). You may not use this file except in
# compliance with the License.
# You can obtain a copy of the License at
# See the License for the specific language governing
# permission and limitations under the License.
# When distributing Covered Code, include this CDDL
# Header Notice in each file and include the License file
# at
# If applicable, add the following below the CDDL Header,
# with the fields enclosed by brackets [] replaced by
# your own identifying information:
# "Portions Copyrighted [year] [name of copyright owner]"
# Portions Copyrighted 2012-2013 ForgeRock Inc
# Portions Copyrighted 2012 Open Source Solution Technology Corporation
# module descriptor (shows up on OpenAM Console)
description = OAuth 2.0
# localization for module configuration
a101=Client Id client_id parameter more information on the OAuth client_id parameter refer to the \
<a href="" target="_blank">OAuth IETF draft</a>, chapter 2.1
a102=Client Secret client_secret parameter more information on the OAuth client_secret parameter refer to the \
<a href="" target="_blank">OAuth IETF draft</a>, chapter 2.1
a103=Authentication Endpoint URL authentication endpoint URL is the URL endpoint for OAuth authentication provided by the OAuth Identity Provider
a104=Access Token Endpoint URL access token endpoint URL is the URL endpoint for access token retrieval provided by the OAuth Identity Provider. Refer to the \
<a href="" target="_blank">OAuth IETF draft</a>, chapter 3.2
a105=User Profile Service URL profile information URL URL endpoint provides user profile information and is provided by the OAuth Identity Provider<br/><br/>\
<i>NB </i>This URL should return JSON objects in response
a106=Scope scope; list of user profile properties OAuth scope is a comma-separated list of values that define the type of information that can be retrieved from \
the user profile service. The values will depend on the type of permissions that the user has given to the user profile application \
in the OAuth 2.0 Provider.<br/><br/>Example: <code>email, read_stream</code>
a107 = OAuth2 Access Token Profile Service Parameter name = The name of the parameter that will contain the access token value when accessing the profile service
a108=Proxy URL URL to the OpenAM OAuth proxy JSP URL should only be changed from the default, if an external server is performing the GET to POST proxying. \
The default is <code>/openam/oauth2c/OAuthProxy.jsp</code>
a109=Account Mapper of the class implementing the account mapping class is used by the module to map from the account information received from the OAuth Identity Provider into OpenAM.\
<br/><br/>The class must implement the <code>org.forgerock.openam.authentication.modules.oauth2.AccountMapper</code> interface.
a110=Account Mapper Configuration of OAuth account to local OpenAM account configuration that will be used to map the account of the user authenticated in the OAuth 2.0 Provider to \
the local data store in the OpenAM. Example: <code>OAuth2.0_attribute=local_attribute</code>
a111=Attribute Mapper of the class that implements the attribute mapping class maps the OAuth properties into OpenAM properties. A custom attribute mapper can be provided.<br/><br/>\
A custom attribute mapper must implement the <code>org.forgerock.openam.authentication.modules.oauth2.AttributeMapper</code> interface
a112=Attribute Mapper Configuration of OAuth attributes to local OpenAM attributes configuration that will be used to map the user info obtained from the OAuth 2.0 Provider to the local \
user data store in the OpenAM.<br/><br/>Example: <code>OAuth2.0_attribute=local_attribute</code>
a115=Save attributes in the session this option is enabled, the attributes configured in the attribute mapper will be saved into the OpenAM session
a118=Email attribute in OAuth2 Response from the OAuth2 response used to send activation code emails. attribute in the response from the profile service in the OAuth 2.0 Provider that contains the email address of \
the authenticated user. This address will be used to send an email with an activation code when the accounts are allowed to be created \
a120=Create account if it does not exist the OAuth2 account does not exist in the local OpenAM data store, an account will be created dynamically. this is enabled, the account mapper could create the account dynamically if there is no account mapped. Before \
creating the account, a dialog prompting for a password and asking for an activation code can be shown if the parameter "Prompt \
for password setting and activation code" is enabled.<br /><br />If this flag is not enabled, 3 alternative options exist:<br/><br/>\
<ol><li>The accounts need to have a user profile in the OpenAM User Data Store</li>\
<li>The user does not have a user profile and the "Ignore Profile" is set in the Authentication Service of the realm.</li>\
<li>The account is mapped to an anonymous account (see parameter "Map to anonymous user" and "Anonymous User")</li></ol>
a122=Prompt for password setting and activation code must set a password and complete the activation flow during dynamic profile creation. this is enabled, the user must set a password before the system creates an account dynamically and an activation \
code will be sent to the user's email address. The account will be created only if the password and activation code are properly set. \
<br />If this is disabled, the account will be created transparently without prompting the user.
a124=Map to anonymous user anonymous user access to OpenAM for OAuth authenticated users selected, the authenticated users in the OAuth 2.0 Provider will be mapped to the anonymous user configured in the \
next parameter.<br/>If not selected the users authenticated will be mapped by the parameters configured in the account mapper.\
<br/><br/><i>NB </i>If <i>Create account if it does not exist</i> is enabled, that parameter takes precedence.
a126=Anonymous User of the OpenAM anonymous user username of the user that will represent the anonymous user. This user account must already exist in the realm.
a128=OAuth 2.0 Provider logout service URL of the OAuth Identity Providers Logout service 2.0 Identity Providers can have a logout service. If this logout functionality is required then the URL of \
the Logout endpoint should configured here.
a130=Logout options how Logout options will be presented to the user. OAuth module has the following logout options for the user:<br/><br/>\
<ul><li>Prompt: Prompt the user to logout from the OAuth 2.0 Provider</li>\
<li>Logout: Logout from the OAuth 2.0 Provider and do not prompt</li>\
<li>Do not logout: Do not logout the user from the OAuth 2.0 Provider and do not prompt</li></ul>
a132=Mail Server Gateway implementation class class used by the module to send email. class is used by the module to send email. A custom implementation can be provided.<br/><br/>\
The custom implementation must implement the <code>org.forgerock.openam.authentication.modules.oauth2.EmailGateway</code>
a134=SMTP host mail host that will be used by the Email Gateway implementation
a136=SMTP port TCP port that will be used by the SMTP gateway
a138=SMTP User Name the SMTP Service requires authentication, configure the user name here
a140=SMTP User Password Password of the SMTP User Name
a142=SMTP SSL Enabled this option if the SMTP Server provides SSL
a144=SMTP From address email address on behalf of whom the messages will be sent
a500 = Authentication Level authentication level associated with this module. authentication module has an authentication level that can be used to indicate the level of security \
associated with the module; 0 is the lowest (and the default).
# error messages
authFailed = Authentication failed due to unknown reason
json = Authentication failed with a json exception
ssoe = Authentication failed with a Single Sign On Exception
ire = Authentication failed with an Identity Repo Exception
unknownState = Authentication failed because the state was not valid
ioe = Authentication failed with an Input/Output exception while trying to get content
httpErrorCode = Authentication failed because the remote server responded with an HTTP error code {0}
malformedURL = Malformed URL when trying to access the profile service
invalidField = The input field {0} contains invalid data: {1}
# Mail parameters
messageSubject = Activation code
messageBody = Thanks for registering with us.\n\nA username will be created for you once you provide the activation code.\n\nPlease click the following link to create and activate your account:\n\n#ACTIVATION_LINK#\n\nIf you encounter an error message, you can also copy the activation code and paste it in the screen that is asking for it.\n\n\Your activation code is: #ACTIVATION_CODE#\n\nBest Regards,\n\nForgeRock
# Buttons in the Authentication Srevice Configuration
donotlogout = Do not logout
logout = Log out
prompt = Prompt
i18nTrue = true
i18nFalse = false
# JSP messages
# Activation page
activationTitle = Activation Code Page
activationLabel = Activation Code
activationCodeMsg = You were sent an activation code to the email address configured in your profile.Please check your mail and click the link provided. If you have a problem when clicking the link, then copy and paste the activation code here and hit Enter. Thanks
emptyCode = The activation code can not be empty
errInvalidCode = The code introduced is not valid
submit = Submit
cancel = Cancel
# Password setting page
newPassLabel = New Password
confirmPassLabel = Confirm your password
termsAndCondsLabel = terms and conditions of service
passwordSetMsg = Please provide a password for your account.
passwordRules = The password must have at least 8characters<br/>At least one uppercase and one lowercase character<br/>At least one number<br/>It can also contain the characters + = _
errLength = Error. Password must contain at least eight characters
errNumbers = Error. password must contain at least one number. 0-9
errLowercase = Error. password must contain at least one lowercase letter. a-z
errUppercase = Error. password must contain at least one uppercase letter. A-Z
errNoMatch = Error. The password and confirmation password do not match
errEmptyPass = Please enter a password and confirm it
errTandC = Please accept terms and conditions
errInvalidPass = The password provided contains invalid characters
# Logout Page
# #IDP# will be replaced by the name of the IdP during the presentation of the page
doYouWantToLogout = Do you also want to logout from #IDP# ?
loggingYouOut = Logging you out from the IdP
youVeBeenLogedOut = You have been loggedout from the OAuth 2.0 IdP
noSupportIFrames = Your browser does not support iframes
enableScripts=Please enable java scripts in your browser