OAuth2Provider.properties revision 33908fb93167e643fbb21b47d87c5b632df0dc59
#
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
#
# Copyright 2012-2014 ForgeRock AS.
#
# The contents of this file are subject to the terms
# of the Common Development and Distribution License
# (the License). You may not use this file except in
# compliance with the License.
#
# You can obtain a copy of the License at
# See the License for the specific language governing
# permission and limitations under the License.
#
# When distributing Covered Code, include this CDDL
# Header Notice in each file and include the License file
# If applicable, add the following below the CDDL Header,
# with the fields enclosed by brackets [] replaced by
# your own identifying information:
# "Portions copyright [year] [name of copyright owner]"
#
#
# Portions Copyrighted 2014 Nomura Research Institute, Ltd.
#
forgerock-oauth2-provider-description=OAuth2 Provider
a100=Authorization Code Lifetime (seconds)
a101=Refresh Token Lifetime (seconds)
a102=Access Token Lifetime (seconds)
a103=Issue Refresh Tokens
a103a=Issue Refresh Tokens on Refreshing Access Tokens
a104=Scope Implementation Class
a105=Response Type Plugins
a105.help=Response types are input as such, code|name of plugin class. For example, code|org.forgerock.openam.oauth2.CodeClass. \
If there is no implementation class none should be used in place of the class name. For example id_token|none.
a106=User Profile Attribute(s) the Resource Owner is Authenticated On
a106.help=If the attribute is mail and uid, then a search string of (|(mail=user)(uid=user)) will be used to get the \
user profile, where user is the username entered during authentication.
a107=Saved Consent Attribute Name
a107.help=To use saved consent a list attribute must be set up and the attribute name provided.
a108=Supported Scoped
a108.help=A list of scopes this authorization server supports.
a109=JSON Web Key URL
a109.help=The URL where the providers JSON Web Key can be retrieved.
a110=Subject Types supported
a110.help=List of subject types supported. Values are pairwise and public. Pairwise is the same as confidential.
a111=ID Token Signing Algorithms supported
a111.help=Algorithms supported to sign id_tokens.
a112=Supported Claims
a112.help=List of claims supported by the userinfo endpoint.
a113=OpenID Connect JWT Token Lifetime (seconds)
a113.help=The amount of time in seconds the JWT will be valid for.
a114=Alias of ID Token Signing Key
a114.help=The name of the key put in the keystore used to sign the ID Tokens issued by OpenAM.
a115=Allow Open Dynamic Client Registration
a115.help=Allow clients to register without an access token. If enabled, you should consider adding some form of rate \
limiting. See <a href="http://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration" \
target="_blank">Client Registration</a> in the OpenID Connect specification for details.
a116=Generate Registration Access Tokens
a116.help=Whether to generate Registration Access Tokens for clients that register via open dynamic client \
registration. Such tokens allow the client to access the <a \
href="http://openid.net/specs/openid-connect-registration-1_0.html#ClientConfigurationEndpoint" \
target="_blank">Client Configuration Endpoint</a> as per the OpenID Connect specification. This setting has \
no effect if open dynamic client registration is disabled.
a117=OpenID Connect acr_values to Auth Chain Mapping
a117.help=Maps OpenID Connect ACR values to authentication chains. See <a \
href="http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest" target="_blank">the acr_values parameter</a> \
in the OpenID Connect authentication request specification for more details.
a118=OpenID Connect default acr claim
a118.help=Default value to use as the 'acr' claim in an OpenID Connect ID Token when using the default authentication \
chain.
a119=OpenID Connect id_token amr values to Auth Module mappings
a119.help=If you require <code>amr</code> values to be returned in the OpenID Connect <code>id_token</code>, you can \
configure them here. Once authentication has completed, the authentication modules that were used from the \
authentication service will be mapped to the <code>amr</code> values. If you do not require amr values, or are not \
providing OpenID Connect tokens at all, this field can be left blank.