diff --git a/src/authentication/messages.json b/src/authentication/messages.json deleted file mode 100644 index 280bd4f303..0000000000 --- a/src/authentication/messages.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "authentication": { - "title": "Authentication", - "flows": "Flows", - "flowName": "Flow name", - "usedBy": "Used by", - "buildIn": "Built-in", - "appliedByProviders": "Applied by the following providers", - "appliedByClients": "Applied by the following clients", - "specificProviders": "Specific providers", - "specificClients": "Specific clients", - "default": "Default", - "notInUse": "Not in use", - "duplicate": "Duplicate", - "deleteConfirmFlow": "Delete flow?", - "deleteConfirmFlowMessage": "Are you sure you want to permanently delete the flow \"<1>{{flow}}\".", - "deleteFlowSuccess": "Flow successfully deleted", - "deleteFlowError": "Could not delete flow: {{error}}", - "duplicateFlow": "Duplicate flow", - "copyOf": "Copy of {{name}}", - "copyFlowSuccess": "Flow successfully duplicated", - "copyFlowError": "Could not duplicate flow: {{error}}" - } -} diff --git a/src/authentication/messages.ts b/src/authentication/messages.ts new file mode 100644 index 0000000000..f28ac21ec5 --- /dev/null +++ b/src/authentication/messages.ts @@ -0,0 +1,25 @@ +export default { + authentication: { + title: "Authentication", + flows: "Flows", + flowName: "Flow name", + usedBy: "Used by", + buildIn: "Built-in", + appliedByProviders: "Applied by the following providers", + appliedByClients: "Applied by the following clients", + specificProviders: "Specific providers", + specificClients: "Specific clients", + default: "Default", + notInUse: "Not in use", + duplicate: "Duplicate", + deleteConfirmFlow: "Delete flow?", + deleteConfirmFlowMessage: + 'Are you sure you want to permanently delete the flow "<1>{{flow}}".', + deleteFlowSuccess: "Flow successfully deleted", + deleteFlowError: "Could not delete flow: {{error}}", + duplicateFlow: "Duplicate flow", + copyOf: "Copy of {{name}}", + copyFlowSuccess: "Flow successfully duplicated", + copyFlowError: "Could not duplicate flow: {{error}}", + }, +}; diff --git a/src/client-scopes/help.json b/src/client-scopes/help.json deleted file mode 100644 index 061904f85f..0000000000 --- a/src/client-scopes/help.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "client-scopes-help": { - "name": "Name of the client scope. Must be unique in the realm. Name should not contain space characters as it is used as value of scope parameter", - "description": "Description of the client scope", - "protocol": "Which SSO protocol configuration is being supplied by this client scope", - "type": "Client scopes, which will be added as default scopes to each created client", - "displayOnConsentScreen": "If on, and this client scope is added to some client with consent required, the text specified by 'Consent Screen Text' will be displayed on consent screen. If off, this client scope will not be displayed on the consent screen", - "consentScreenText": "Text that will be shown on the consent screen when this client scope is added to some client with consent required. Defaults to name of client scope if it is not filled", - "includeInTokenScope": "If on, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. If off, this client scope will be omitted from the token and from the Token Introspection Endpoint response.", - "guiOrder": "Specify order of the provider in GUI (such as in Consent page) as integer", - "prefix": "A prefix for each Realm Role (optional).", - "multiValued": "Indicates if attribute supports multiple values. If true, the list of all values of this attribute will be set as claim. If false, just first value will be set as claim", - "tokenClaimName": "Name of the claim to insert into the token. This can be a fully qualified name like 'address.street'. In this case, a nested json object will be created. To prevent nesting and use dot literally, escape the dot with backslash (\\.).", - "claimJsonType": "JSON type that should be used to populate the json claim in the token. long, int, boolean, String and JSON are valid values.", - "protocolMapper": "Protocol...", - "mapperName": "Name of the mapper", - "role": "Role name you want changed. Click 'Select Role' button to browse roles, or just type it in the textbox. To reference an application role the syntax is appname.approle, i.e. myapp.myrole", - "newRoleName": "The new role name. The new name format corresponds to where in the access token the role will be mapped to. So, a new name of 'myapp.newname' will map the role to that position in the access token. A new name of 'newname' will map the role to the realm roles in the token." - } -} diff --git a/src/client-scopes/help.ts b/src/client-scopes/help.ts new file mode 100644 index 0000000000..e31e23bb60 --- /dev/null +++ b/src/client-scopes/help.ts @@ -0,0 +1,29 @@ +export default { + "client-scopes-help": { + name: "Name of the client scope. Must be unique in the realm. Name should not contain space characters as it is used as value of scope parameter", + description: "Description of the client scope", + protocol: + "Which SSO protocol configuration is being supplied by this client scope", + type: "Client scopes, which will be added as default scopes to each created client", + displayOnConsentScreen: + "If on, and this client scope is added to some client with consent required, the text specified by 'Consent Screen Text' will be displayed on consent screen. If off, this client scope will not be displayed on the consent screen", + consentScreenText: + "Text that will be shown on the consent screen when this client scope is added to some client with consent required. Defaults to name of client scope if it is not filled", + includeInTokenScope: + "If on, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. If off, this client scope will be omitted from the token and from the Token Introspection Endpoint response.", + guiOrder: + "Specify order of the provider in GUI (such as in Consent page) as integer", + prefix: "A prefix for each Realm Role (optional).", + multiValued: + "Indicates if attribute supports multiple values. If true, the list of all values of this attribute will be set as claim. If false, just first value will be set as claim", + tokenClaimName: + "Name of the claim to insert into the token. This can be a fully qualified name like 'address.street'. In this case, a nested json object will be created. To prevent nesting and use dot literally, escape the dot with backslash (\\.).", + claimJsonType: + "JSON type that should be used to populate the json claim in the token. long, int, boolean, String and JSON are valid values.", + protocolMapper: "Protocol...", + mapperName: "Name of the mapper", + role: "Role name you want changed. Click 'Select Role' button to browse roles, or just type it in the textbox. To reference an application role the syntax is appname.approle, i.e. myapp.myrole", + newRoleName: + "The new role name. The new name format corresponds to where in the access token the role will be mapped to. So, a new name of 'myapp.newname' will map the role to that position in the access token. A new name of 'newname' will map the role to the realm roles in the token.", + }, +}; diff --git a/src/client-scopes/messages.json b/src/client-scopes/messages.json deleted file mode 100644 index 79094fa70b..0000000000 --- a/src/client-scopes/messages.json +++ /dev/null @@ -1,61 +0,0 @@ -{ - "client-scopes": { - "createClientScope": "Create client scope", - "clientScopeList": "Client scopes", - "grantedClientScopes": "Granted client scopes", - "clientScopeDetails": "Client scope details", - "clientScopeExplain": "Client scopes allow you to define a common set of protocol mappers and roles, which are shared between multiple clients", - "searchFor": "Search for client scope", - "protocol": "Protocol", - "displayOrder": "Display order", - "type": "Type", - "deleteClientScope": "Delete client scope {{name}}", - "deleteClientScope_plural": "Delete {{count}} client scopes", - "deleteConfirm": "Are you sure you want to delete this client scope", - "changeType": "Change type", - "changeTypeIntro": "{{count}} selected client scopes will be changed to", - "clientScopeSuccess": "Scope mapping updated", - "clientScopeError": "Could not update scope mapping {{error}}", - "deletedSuccess": "The client scope has been deleted", - "deleteError": "Could not delete client scope: {{error}}", - "includeInTokenScope": "Include in token scope", - "realmRolePrefix": "Realm role prefix", - "multiValued": "Multivalued", - "tokenClaimName": "Token claim name", - "claimJsonType": "Claim JSON type", - "addClaimTo": "Add claim to", - "idToken": "ID token", - "accessToken": "Access token", - "userInfo": "User info", - "createSuccess": "Client scope created", - "createError": "Could not create client scope: '{{error}}'", - "updateSuccess": "Client scope updated", - "updateError": "Could not update client scope: '{{error}}'", - "addMapperExplain": "If you want more fine-grain control, you can create protocol mapper on this client", - "realmRoles": "Realm roles", - "selectARole": "Select a role", - "clientRoles": "Client roles", - "selectASourceOfRoles": "Select a source of roles", - "newRoleName": "New role name", - "searchClientByName": "Search client by name", - "clients": "Clients", - "mapperCreateSuccess": "New mapping has been added", - "mapperCreateError": "Could not create mapping: {{error}}", - "fromPredefinedMapper": "From predefined mappers", - "byConfiguration": "By configuration", - "emptyBuiltInMappersInstructions": "All built in mappers were added to this client", - "emptySecondaryAction": "Configure a new mapper", - "displayOnConsentScreen": "Display on consent screen", - "consentScreenText": "Consent screen text", - "guiOrder": "Display Order", - "shouldBeANumber": "Should be a number", - "chooseAMapperType": "Choose a mapper type", - "predefinedMappingDescription": "Choose one of the predefined mappings from this table", - "mappingTable": "Table with predefined mapping", - "roleGroup": "Use a realm role from:", - "clientGroup": "Use a client role from:", - "scope": "Scope", - "roleMappingUpdatedSuccess": "Role mapping updated", - "roleMappingUpdatedError": "Could not update role mapping {{error}}" - } -} diff --git a/src/client-scopes/messages.ts b/src/client-scopes/messages.ts new file mode 100644 index 0000000000..957a2a51c4 --- /dev/null +++ b/src/client-scopes/messages.ts @@ -0,0 +1,65 @@ +export default { + "client-scopes": { + createClientScope: "Create client scope", + clientScopeList: "Client scopes", + grantedClientScopes: "Granted client scopes", + clientScopeDetails: "Client scope details", + clientScopeExplain: + "Client scopes allow you to define a common set of protocol mappers and roles, which are shared between multiple clients", + searchFor: "Search for client scope", + protocol: "Protocol", + displayOrder: "Display order", + type: "Type", + deleteClientScope: "Delete client scope {{name}}", + deleteClientScope_plural: "Delete {{count}} client scopes", + deleteConfirm: "Are you sure you want to delete this client scope", + changeType: "Change type", + changeTypeIntro: "{{count}} selected client scopes will be changed to", + clientScopeSuccess: "Scope mapping updated", + clientScopeError: "Could not update scope mapping {{error}}", + deletedSuccess: "The client scope has been deleted", + deleteError: "Could not delete client scope: {{error}}", + includeInTokenScope: "Include in token scope", + realmRolePrefix: "Realm role prefix", + multiValued: "Multivalued", + tokenClaimName: "Token claim name", + claimJsonType: "Claim JSON type", + addClaimTo: "Add claim to", + idToken: "ID token", + accessToken: "Access token", + userInfo: "User info", + createSuccess: "Client scope created", + createError: "Could not create client scope: '{{error}}'", + updateSuccess: "Client scope updated", + updateError: "Could not update client scope: '{{error}}'", + addMapperExplain: + "If you want more fine-grain control, you can create protocol mapper on this client", + realmRoles: "Realm roles", + selectARole: "Select a role", + clientRoles: "Client roles", + selectASourceOfRoles: "Select a source of roles", + newRoleName: "New role name", + searchClientByName: "Search client by name", + clients: "Clients", + mapperCreateSuccess: "New mapping has been added", + mapperCreateError: "Could not create mapping: {{error}}", + fromPredefinedMapper: "From predefined mappers", + byConfiguration: "By configuration", + emptyBuiltInMappersInstructions: + "All built in mappers were added to this client", + emptySecondaryAction: "Configure a new mapper", + displayOnConsentScreen: "Display on consent screen", + consentScreenText: "Consent screen text", + guiOrder: "Display Order", + shouldBeANumber: "Should be a number", + chooseAMapperType: "Choose a mapper type", + predefinedMappingDescription: + "Choose one of the predefined mappings from this table", + mappingTable: "Table with predefined mapping", + roleGroup: "Use a realm role from:", + clientGroup: "Use a client role from:", + scope: "Scope", + roleMappingUpdatedSuccess: "Role mapping updated", + roleMappingUpdatedError: "Could not update role mapping {{error}}", + }, +}; diff --git a/src/clients/help.json b/src/clients/help.json deleted file mode 100644 index 0758a13341..0000000000 --- a/src/clients/help.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "clients-help": { - "enableDisable": "Disabled clients cannot initiate a login or have obtained access tokens.", - "clientType": "'OpenID connect' allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server.'SAML' enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO) and uses security tokens containing assertions to pass information.", - "serviceAccount": "Allows you to authenticate this client to Keycloak and retrieve access token dedicated to this client. In terms of OAuth2 specification, this enables support of 'Client Credentials Grant' for this client.", - "authentication": "This defines the type of the OIDC client. When it's ON, the OIDC type is set to confidential access type. When it's OFF, it is set to public access type", - "authorization": "Enable/Disable fine-grained authorization support for a client", - "directAccess": "This enables support for Direct Access Grants, which means that client has access to username/password of user and exchange it directly with Keycloak server for access token. In terms of OAuth2 specification, this enables support of 'Resource Owner Password Credentials Grant' for this client.", - "standardFlow": "This enables standard OpenID Connect redirect based authentication with authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Authorization Code Flow' for this client.", - "implicitFlow": "This enables support for OpenID Connect redirect based authentication without authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Implicit Flow' for this client.", - "rootURL": "Root URL appended to relative URLs", - "validRedirectURIs": "Valid URI pattern a browser can redirect to after a successful login or logout. Simple wildcards are allowed such as 'http://example.com/*'. Relative path can be specified too such as /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used. For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request.", - "webOrigins": "Allowed CORS origins. To permit all origins of Valid Redirect URIs, add '+'. This does not include the '*' wildcard though. To permit all origins, explicitly add '*'.", - "homeURL": "Default URL to use when the auth server needs to redirect or link back to the client.", - "adminURL": "URL to the admin interface of the client. Set this if the client supports the adapter REST API. This REST API allows the auth server to push revocation policies and other administrative tasks. Usually this is set to the base URL of the client.", - "clientId": "Specifies ID referenced in URI and tokens. For example 'my-client'. For SAML this is also the expected issuer value from authn requests", - "clientName": "Specifies display name of the client. For example 'My Client'. Supports keys for localized values as well. For example: ${my_client}", - "description": "Specifies description of the client. For example 'My Client for TimeSheets'. Supports keys for localized values as well. For example: ${my_client_description}", - "loginTheme": "Select theme for login, OTP, grant, registration, and forgot password pages.", - "encryptAssertions": "Should SAML assertions be encrypted with client's public key using AES?", - "clientSignature": "Will the client sign their saml requests and responses? And should they be validated?", - "downloadType": "this is information about the download type", - "details": "this is information about the details", - "createToken": "An initial access token can only be used to create clients", - "expiration": "Specifies how long the token should be valid", - "count": "Specifies how many clients can be created using the token", - "client-authenticator-type": "Client Authenticator used for authentication of this client against Keycloak server", - "registration-access-token": "The registration access token provides access for clients to the client registration service.", - "signature-algorithm": "JWA algorithm, which the client needs to use when signing a JWT for authentication. If left blank, the client is allowed to use any algorithm.", - "subject": "A regular expression for validating Subject DN in the Client Certificate. Use \"(.*?)(?:$)\" to match all kind of expressions.", - "evaluateExplain": "This page allows you to see all protocol mappers and role scope mappings", - "effectiveProtocolMappers": "Contains all default client scopes and selected optional scopes. All protocol mappers and role scope mappings of all those client scopes will be used when generating access token issued for your client", - "effectiveRoleScopeMappings": "Selected Optional Client Scopes, which will be used when issuing access token for this client. You can see above what value of OAuth Scope Parameter needs to be used when you want to have these optional client scopes applied when the initial OpenID Connect Authentication request will be sent from your client adapter", - "generatedAccessToken": "Example access token", - "scopeParameter": "You can copy/paste this value of scope parameter and use it in initial OpenID Connect Authentication Request sent from this client adapter. Default client scopes and selected optional client scopes will be used when generating token issued for this client", - "user": "Optionally select user, for whom the example access token will be generated. If you do not select a user, example access token will not be generated during evaluation", - "notBefore": "Revoke any tokens issued before this date for this client.", - "notBeforeIntro": "In order to successfully push a revocation policy to the client, you need to set an Admin URL under the <1>Settings tab for this client first", - "nodeReRegistrationTimeout": "Interval to specify max time for registered clients cluster nodes to re-register. If cluster node will not send re-registration request to Keycloak within this time, it will be unregistered from Keycloak", - "fineGrainOpenIdConnectConfiguration": "This section is used to configure advanced settings of this client related to OpenID connect protocol.", - "fineGrainSamlEndpointConfig": "This section to configure exact URLs for Assertion Consumer and Single Logout Service.", - "accessTokenSignatureAlgorithm": "JWA algorithm used for signing access tokens.", - "idTokenSignatureAlgorithm": "JWA algorithm used for signing ID tokens.", - "idTokenEncryptionKeyManagementAlgorithm": "JWA Algorithm used for key management in encrypting ID tokens. This option is needed if you want encrypted ID tokens. If left empty, ID Tokens are just signed, but not encrypted.", - "idTokenEncryptionContentEncryptionAlgorithm": "JWA Algorithm used for content encryption in encrypting ID tokens. This option is needed just if you want encrypted ID tokens. If left empty, ID Tokens are just signed, but not encrypted.", - "userInfoSignedResponseAlgorithm": "JWA algorithm used for signed User Info Endpoint response. If set to 'unsigned', User Info Response won't be signed and will be returned in application/json format.", - "requestObjectSignatureAlgorithm": "JWA algorithm, which client needs to use when sending OIDC request object specified by 'request' or 'request_uri' parameters. If set to 'any', Request object can be signed by any algorithm (including 'none' ).", - "requestObjectRequired": "Specifies if the client needs to provide a request object with their authorization requests, and what method they can use for this. If set to \"not required\", providing a request object is optional. In all other cases, providing a request object is mandatory. If set to \"request\", the request object must be provided by value. If set to \"request_uri\", the request object must be provided by reference. If set to \"request or request_uri\", either method can be used.", - "openIdConnectCompatibilityModes": "This section is used to configure settings for backward compatibility with older OpenID Connect / OAuth 2 adaptors. It's useful especially if your client uses older version of Keycloak / RH-SSO adapter.", - "excludeSessionStateFromAuthenticationResponse": "If this is on, the parameter 'session_state' will not be included in OpenID Connect Authentication Response. It is useful if your client uses older OIDC / OAuth2 adapter, which does not support 'session_state' parameter.", - "advancedSettingsOpenid-connect": "This section is used to configure advanced settings of this client related to OpenID Connect protocol", - "advancedSettingsSaml": "This section is used to configure advanced settings of this client", - "assertionLifespan": "Lifespan set in the SAML assertion conditions. After that time the assertion will be invalid. The \"SessionNotOnOrAfter\" attribute is not modified and continue using the \"SSO Session Max\" time defined at realm level.", - "accessTokenLifespan": "Max time before an access token is expired. This value is recommended to be short relative to the SSO timeout.", - "oAuthMutual": "This enables support for OAuth 2.0 Mutual TLS Certificate Bound Access Tokens, which means that keycloak bind an access token and a refresh token with a X.509 certificate of a token requesting client exchanged in mutual TLS between keycloak's Token Endpoint and this client. These tokens can be treated as Holder-of-Key tokens instead of bearer tokens.", - "keyForCodeExchange": "Choose which code challenge method for PKCE is used. If not specified, keycloak does not applies PKCE to a client unless the client sends an authorization request with appropriate code challenge and code exchange method.", - "assertionConsumerServicePostBindingURL": "SAML POST Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.", - "assertionConsumerServiceRedirectBindingURL": "SAML Redirect Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.", - "logoutServicePostBindingURL": "SAML POST Binding URL for the client's single logout service. You can leave this blank if you are using a different binding", - "logoutServiceRedirectBindingURL": "SAML Redirect Binding URL for the client's single logout service. You can leave this blank if you are using a different binding.", - "authenticationOverrides": "Override realm authentication flow bindings.", - "browserFlow": "Select the flow you want to use for browser authentication.", - "directGrant": "Select the flow you want to use for direct grant authentication.", - "useJwksUrl": "If the switch is on, client public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when client generates new keypair. If the switch is off, public key (or certificate) from the Keycloak DB is used, so when client keypair changes, you always need to import new key (or certificate) to the Keycloak DB as well.", - "certificate": "Client Certificate for validate JWT issued by client and signed by Client private key from your keystore.", - "jwksUrl": "URL where client keys in JWK format are stored. See JWK specification for more details. If you use Keycloak client adapter with \"jwt\" credential, you can use URL of your app with '/k_jwks' suffix. For example 'http://www.myhost.com/myapp/k_jwks' .", - "generateKeysDescription": "If you generate new keys, you can download the keystore with the private key automatically and save it on your client's side. Keycloak server will save just the certificate and public key, but not the private key.", - "archiveFormat": "Java keystore or PKCS12 archive format.", - "keyAlias": "Archive alias for your private key and certificate.", - "keyPassword": "Password to access the private key in the archive", - "storePassword": "Password to access the archive itself" - } -} diff --git a/src/clients/help.ts b/src/clients/help.ts new file mode 100644 index 0000000000..fa7650894f --- /dev/null +++ b/src/clients/help.ts @@ -0,0 +1,126 @@ +export default { + "clients-help": { + enableDisable: + "Disabled clients cannot initiate a login or have obtained access tokens.", + clientType: + "'OpenID connect' allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server.'SAML' enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO) and uses security tokens containing assertions to pass information.", + serviceAccount: + "Allows you to authenticate this client to Keycloak and retrieve access token dedicated to this client. In terms of OAuth2 specification, this enables support of 'Client Credentials Grant' for this client.", + authentication: + "This defines the type of the OIDC client. When it's ON, the OIDC type is set to confidential access type. When it's OFF, it is set to public access type", + authorization: + "Enable/Disable fine-grained authorization support for a client", + directAccess: + "This enables support for Direct Access Grants, which means that client has access to username/password of user and exchange it directly with Keycloak server for access token. In terms of OAuth2 specification, this enables support of 'Resource Owner Password Credentials Grant' for this client.", + standardFlow: + "This enables standard OpenID Connect redirect based authentication with authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Authorization Code Flow' for this client.", + implicitFlow: + "This enables support for OpenID Connect redirect based authentication without authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Implicit Flow' for this client.", + rootURL: "Root URL appended to relative URLs", + validRedirectURIs: + "Valid URI pattern a browser can redirect to after a successful login or logout. Simple wildcards are allowed such as 'http://example.com/*'. Relative path can be specified too such as /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used. For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request.", + webOrigins: + "Allowed CORS origins. To permit all origins of Valid Redirect URIs, add '+'. This does not include the '*' wildcard though. To permit all origins, explicitly add '*'.", + homeURL: + "Default URL to use when the auth server needs to redirect or link back to the client.", + adminURL: + "URL to the admin interface of the client. Set this if the client supports the adapter REST API. This REST API allows the auth server to push revocation policies and other administrative tasks. Usually this is set to the base URL of the client.", + clientId: + "Specifies ID referenced in URI and tokens. For example 'my-client'. For SAML this is also the expected issuer value from authn requests", + clientName: + "Specifies display name of the client. For example 'My Client'. Supports keys for localized values as well. For example: ${my_client}", + description: + "Specifies description of the client. For example 'My Client for TimeSheets'. Supports keys for localized values as well. For example: ${my_client_description}", + loginTheme: + "Select theme for login, OTP, grant, registration, and forgot password pages.", + encryptAssertions: + "Should SAML assertions be encrypted with client's public key using AES?", + clientSignature: + "Will the client sign their saml requests and responses? And should they be validated?", + downloadType: "this is information about the download type", + details: "this is information about the details", + createToken: "An initial access token can only be used to create clients", + expiration: "Specifies how long the token should be valid", + count: "Specifies how many clients can be created using the token", + "client-authenticator-type": + "Client Authenticator used for authentication of this client against Keycloak server", + "registration-access-token": + "The registration access token provides access for clients to the client registration service.", + "signature-algorithm": + "JWA algorithm, which the client needs to use when signing a JWT for authentication. If left blank, the client is allowed to use any algorithm.", + subject: + 'A regular expression for validating Subject DN in the Client Certificate. Use "(.*?)(?:$)" to match all kind of expressions.', + evaluateExplain: + "This page allows you to see all protocol mappers and role scope mappings", + effectiveProtocolMappers: + "Contains all default client scopes and selected optional scopes. All protocol mappers and role scope mappings of all those client scopes will be used when generating access token issued for your client", + effectiveRoleScopeMappings: + "Selected Optional Client Scopes, which will be used when issuing access token for this client. You can see above what value of OAuth Scope Parameter needs to be used when you want to have these optional client scopes applied when the initial OpenID Connect Authentication request will be sent from your client adapter", + generatedAccessToken: "Example access token", + scopeParameter: + "You can copy/paste this value of scope parameter and use it in initial OpenID Connect Authentication Request sent from this client adapter. Default client scopes and selected optional client scopes will be used when generating token issued for this client", + user: "Optionally select user, for whom the example access token will be generated. If you do not select a user, example access token will not be generated during evaluation", + notBefore: "Revoke any tokens issued before this date for this client.", + notBeforeIntro: + "In order to successfully push a revocation policy to the client, you need to set an Admin URL under the <1>Settings tab for this client first", + nodeReRegistrationTimeout: + "Interval to specify max time for registered clients cluster nodes to re-register. If cluster node will not send re-registration request to Keycloak within this time, it will be unregistered from Keycloak", + fineGrainOpenIdConnectConfiguration: + "This section is used to configure advanced settings of this client related to OpenID connect protocol.", + fineGrainSamlEndpointConfig: + "This section to configure exact URLs for Assertion Consumer and Single Logout Service.", + accessTokenSignatureAlgorithm: + "JWA algorithm used for signing access tokens.", + idTokenSignatureAlgorithm: "JWA algorithm used for signing ID tokens.", + idTokenEncryptionKeyManagementAlgorithm: + "JWA Algorithm used for key management in encrypting ID tokens. This option is needed if you want encrypted ID tokens. If left empty, ID Tokens are just signed, but not encrypted.", + idTokenEncryptionContentEncryptionAlgorithm: + "JWA Algorithm used for content encryption in encrypting ID tokens. This option is needed just if you want encrypted ID tokens. If left empty, ID Tokens are just signed, but not encrypted.", + userInfoSignedResponseAlgorithm: + "JWA algorithm used for signed User Info Endpoint response. If set to 'unsigned', User Info Response won't be signed and will be returned in application/json format.", + requestObjectSignatureAlgorithm: + "JWA algorithm, which client needs to use when sending OIDC request object specified by 'request' or 'request_uri' parameters. If set to 'any', Request object can be signed by any algorithm (including 'none' ).", + requestObjectRequired: + 'Specifies if the client needs to provide a request object with their authorization requests, and what method they can use for this. If set to "not required", providing a request object is optional. In all other cases, providing a request object is mandatory. If set to "request", the request object must be provided by value. If set to "request_uri", the request object must be provided by reference. If set to "request or request_uri", either method can be used.', + openIdConnectCompatibilityModes: + "This section is used to configure settings for backward compatibility with older OpenID Connect / OAuth 2 adaptors. It's useful especially if your client uses older version of Keycloak / RH-SSO adapter.", + excludeSessionStateFromAuthenticationResponse: + "If this is on, the parameter 'session_state' will not be included in OpenID Connect Authentication Response. It is useful if your client uses older OIDC / OAuth2 adapter, which does not support 'session_state' parameter.", + "advancedSettingsOpenid-connect": + "This section is used to configure advanced settings of this client related to OpenID Connect protocol", + advancedSettingsSaml: + "This section is used to configure advanced settings of this client", + assertionLifespan: + 'Lifespan set in the SAML assertion conditions. After that time the assertion will be invalid. The "SessionNotOnOrAfter" attribute is not modified and continue using the "SSO Session Max" time defined at realm level.', + accessTokenLifespan: + "Max time before an access token is expired. This value is recommended to be short relative to the SSO timeout.", + oAuthMutual: + "This enables support for OAuth 2.0 Mutual TLS Certificate Bound Access Tokens, which means that keycloak bind an access token and a refresh token with a X.509 certificate of a token requesting client exchanged in mutual TLS between keycloak's Token Endpoint and this client. These tokens can be treated as Holder-of-Key tokens instead of bearer tokens.", + keyForCodeExchange: + "Choose which code challenge method for PKCE is used. If not specified, keycloak does not applies PKCE to a client unless the client sends an authorization request with appropriate code challenge and code exchange method.", + assertionConsumerServicePostBindingURL: + "SAML POST Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.", + assertionConsumerServiceRedirectBindingURL: + "SAML Redirect Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.", + logoutServicePostBindingURL: + "SAML POST Binding URL for the client's single logout service. You can leave this blank if you are using a different binding", + logoutServiceRedirectBindingURL: + "SAML Redirect Binding URL for the client's single logout service. You can leave this blank if you are using a different binding.", + authenticationOverrides: "Override realm authentication flow bindings.", + browserFlow: "Select the flow you want to use for browser authentication.", + directGrant: + "Select the flow you want to use for direct grant authentication.", + useJwksUrl: + "If the switch is on, client public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when client generates new keypair. If the switch is off, public key (or certificate) from the Keycloak DB is used, so when client keypair changes, you always need to import new key (or certificate) to the Keycloak DB as well.", + certificate: + "Client Certificate for validate JWT issued by client and signed by Client private key from your keystore.", + jwksUrl: + "URL where client keys in JWK format are stored. See JWK specification for more details. If you use Keycloak client adapter with \"jwt\" credential, you can use URL of your app with '/k_jwks' suffix. For example 'http://www.myhost.com/myapp/k_jwks' .", + generateKeysDescription: + "If you generate new keys, you can download the keystore with the private key automatically and save it on your client's side. Keycloak server will save just the certificate and public key, but not the private key.", + archiveFormat: "Java keystore or PKCS12 archive format.", + keyAlias: "Archive alias for your private key and certificate.", + keyPassword: "Password to access the private key in the archive", + storePassword: "Password to access the archive itself", + }, +}; diff --git a/src/clients/messages.json b/src/clients/messages.json deleted file mode 100644 index 028f2f8dce..0000000000 --- a/src/clients/messages.json +++ /dev/null @@ -1,223 +0,0 @@ -{ - "clients": { - "clientType": "Client type", - "clientAuthorization": "Authorization", - "implicitFlow": "Implicit flow", - "createClient": "Create client", - "importClient": "Import client", - "homeURL": "Home URL", - "webOrigins": "Web origins", - "addWebOrigins": "Add web origins", - "adminURL": "Admin URL", - "formatOption": "Format option", - "encryptAssertions": "Encrypt assertions", - "clientSignature": "Client signature required", - "downloadAdaptorTitle": "Download adaptor configs", - "keys": "Keys", - "credentials": "Credentials", - "roles": "Roles", - "createRole": "Create role", - "noRoles": "No roles for this client", - "noRolesInstructions": "You haven't created any roles for this client. Create a role to get started.", - "clientScopes": "Client scopes", - "addClientScope": "Add client scope", - "addClientScopesTo": "Add client scopes to {{clientId}}", - "clientScopeRemoveSuccess": "Scope mapping successfully removed", - "clientScopeRemoveError": "Could not remove the scope mapping {{error}}", - "clientScopeSuccess": "Scope mapping successfully updated", - "clientScopeError": "Could not update the scope mapping {{error}}", - "searchByName": "Search by name", - "setup": "Setup", - "evaluate": "Evaluate", - "changeTypeTo": "Change type to", - "assignRole": "Assign role", - "unAssignRole": "Unassign", - "removeMappingTitle": "Remove mapping?", - "removeMappingConfirm": "Are you sure you want to remove this mapping?", - "removeMappingConfirm_plural": "Are you sure you want to remove {{count}} mappings", - "clientScopeSearch": { - "client": "Client scope", - "assigned": "Assigned type" - }, - "assignedClientScope": "Assigned client scope", - "assignedType": "Assigned type", - "hideInheritedRoles": "Hide inherited roles", - "inherentFrom": "Inherited from", - "emptyClientScopes": "This client doesn't have any added client scopes", - "emptyClientScopesInstructions": "There are currently no client scopes linked to this client. You can add existing client scopes to this client to share protocol mappers and roles.", - "emptyClientScopesPrimaryAction": "Add client scopes", - "scopeParameter": "Scope parameter", - "scopeParameterPlaceholder": "Select scope parameters", - "effectiveProtocolMappers": "Effective protocol mappers", - "effectiveRoleScopeMappings": "Effective role scope mappings", - "generatedAccessToken": "Generated access token", - "searchForProtocol": "Search protocol mapper", - "parentClientScope": "Parent client scope", - "searchForRole": "Search role", - "origin": "Origin", - "user": "User", - "details": "Details", - "noGeneratedAccessToken": "No generated access token", - "generatedAccessTokenIsDisabled": "Generated access token is disabled when no user is selected", - "clientList": "Clients", - "clientsList": "Clients list", - "initialAccessToken": "Initial access token", - "clientSettings": "Client details", - "selectEncryptionType": "Select Encryption type", - "generalSettings": "General Settings", - "capabilityConfig": "Capability config", - "clientsExplain": "Clients are applications and services that can request authentication of a user", - "createSuccess": "Client created successfully", - "createError": "Could not create client: '{{error}}'", - "clientImportError": "Could not import client: {{error}}", - "clientSaveSuccess": "Client successfully updated", - "clientSaveError": "Client could not be updated:", - "clientImportSuccess": "Client imported successfully", - "clientDelete": "Delete {{clientId}} ?", - "clientDeletedSuccess": "The client has been deleted", - "clientDeleteError": "Could not delete client: {{error}}", - "clientDeleteConfirmTitle": "Delete client?", - "disableConfirmTitle": "Disable client?", - "downloadAdapterConfig": "Download adapter config", - "disableConfirm": "If you disable this client, you cannot initiate a login or obtain access tokens.", - "clientDeleteConfirm": "If you delete this client, all associated data will be removed.", - "searchInitialAccessToken": "Search token", - "createToken": "Create initial access token", - "tokenDeleteConfirm": "Are you sure you want to permanently delete the initial access token {{id}}", - "tokenDeleteConfirmTitle": "Delete initial access token?", - "tokenDeleteSuccess": "initial access token created successfully", - "tokenDeleteError": "Could not delete initial access token: '{{error}}'", - "timestamp": "Created date", - "created": "Created", - "lastUpdated": "Last updated", - "expires": "Expires", - "count": "Count", - "remainingCount": "Remaining count", - "expiration": "Expiration", - "noTokens": "No initial access tokens", - "noTokensInstructions": "You haven't created any initial access tokens. Create an initial access token by clicking \"Create\".", - "tokenSaveSuccess": "New initial access token has been created", - "tokenSaveError": "Could not create initial access token {{error}}", - "initialAccessTokenDetails": "Initial access token details", - "copyInitialAccessToken": "Please copy and paste the initial access token before closing as it can not be retrieved later.", - "clientAuthentication": "Client authentication", - "authentication": "Authentication", - "authenticationFlow": "Authentication flow", - "standardFlow": "Standard flow", - "directAccess": "Direct access grants", - "serviceAccount": "Service accounts roles", - "enableServiceAccount": "Enable service account roles", - "assignRolesTo": "Assign roles to {{client}} account", - "searchByRoleName": "Search by role name", - "filterByOrigin": "Filter by Origin", - "realmRoles": "Realm roles", - "clients": "Clients", - "assign": "Assign", - "roleMappingUpdatedSuccess": "Role mapping updated", - "roleMappingUpdatedError": "Could not update role mapping {{error}}", - "displayOnClient": "Display client on screen", - "consentScreenText": "Client consent screen text", - "loginSettings": "Login settings", - "accessSettings": "Access settings", - "rootUrl": "Root URL", - "validRedirectUri": "Valid redirect URIs", - "addRedirectUri": "Add valid redirect URIs", - "loginTheme": "Login theme", - "consentRequired": "Consent required", - "clientAuthenticator": "Client Authenticator", - "changeAuthenticatorConfirmTitle": "Change to {{clientAuthenticatorType}}", - "changeAuthenticatorConfirm": "If you change authenticator to {{clientAuthenticatorType}}, the keycloak database will be updated and you may need to download a new adapter configuration for this client", - "signedJWTConfirm": "You should configure JWKS URL or keys in the \"Keys\" tab to change the parameters of Signed JWT authenticator.", - "anyAlgorithm": "Any algorithm", - "clientSecret": "Client secret", - "regenerate": "Regenerate", - "confirmClientSecretTitle": "Regenerate secret for this client?", - "confirmClientSecretBody": "If you regenerate secret, the Keycloak database will be updated and you will need to download a new adapter for this client.", - "confirmAccessTokenTitle": "Regenerate registration access token?", - "confirmAccessTokenBody": "If you regenerate registration access token, the access data regarding the client registration service will be updated.", - "clientSecretSuccess": "Client secret regenerated", - "clientSecretError": "Could not regenerate client secret due to: {{error}}", - "registrationAccessToken": "Registration access token", - "accessTokenSuccess": "Access token regenerated", - "accessTokenError": "Could not regenerate access token due to: {{error}}", - "signatureAlgorithm": "Signature algorithm", - "subject": "Subject DN", - "searchForClient": "Search for client", - "advanced": "Advanced", - "revocation": "Revocation", - "clustering": "Clustering", - "notBefore": "Not before", - "setToNow": "Set to now", - "noAdminUrlSet": "No push sent. No admin URI configured or no registered cluster nodes available", - "notBeforeSetToNow": "Not Before set for client", - "notBeforeNowClear": "Not Before cleared for client", - "notBeforePushFail": "Failed to push \"not before\" to: {{failedNodes}}", - "notBeforePushSuccess": "Successfully push \"not before\" to: {{successNodes}}", - "testClusterFail": "Failed verified availability for: {{failedNodes}}. Fix or unregister failed cluster nodes and try again", - "testClusterSuccess": "Successfully verified availability for: {{successNodes}}", - "deleteNode": "Delete node?", - "deleteNodeBody": "Are you sure you want to permanently delete the node \"{{node}}\"", - "deleteNodeSuccess": "Node successfully removed", - "deleteNodeFail": "Could not delete node: '{{error}}'", - "addedNodeSuccess": "Node successfully added", - "addedNodeFail": "Could not add node: '{{error}}'", - "addNode": "Add node", - "push": "Push", - "clear": "Clear", - "nodeReRegistrationTimeout": "Node Re-registration timeout", - "registeredClusterNodes": "Registered cluster nodes", - "nodeHost": "Node host", - "noNodes": "No nodes registered", - "noNodesInstructions": "There are no nodes registered, you can add one manually.", - "lastRegistration": "Last registration", - "testClusterAvailability": "Test cluster availability", - "registerNodeManually": "Register node manually", - "fineGrainOpenIdConnectConfiguration": "Fine grain OpenID connect configuration", - "fineGrainSamlEndpointConfig": "Fine Grain SAML Endpoint Configuration", - "accessTokenSignatureAlgorithm": "Access token signature algorithm", - "idTokenSignatureAlgorithm": "ID token signature algorithm", - "idTokenEncryptionKeyManagementAlgorithm": "ID token encryption key management algorithm", - "idTokenEncryptionContentEncryptionAlgorithm": "ID token encryption content encryption algorithm", - "userInfoSignedResponseAlgorithm": "User info signed response algorithm", - "requestObjectSignatureAlgorithm": "Request object signature algorithm", - "requestObjectRequired": "Request object required", - "requestObject": { - "not required": "Not required", - "request or request_uri": "Request or Request URI", - "request only": "Request only", - "request_uri only": "Request URI only" - }, - "openIdConnectCompatibilityModes": "Open ID Connect Compatibly Modes", - "excludeSessionStateFromAuthenticationResponse": "Exclude Session State From Authentication Response", - "assertionConsumerServicePostBindingURL": "Assertion Consumer Service POST Binding URL", - "assertionConsumerServiceRedirectBindingURL": "Assertion Consumer Service Redirect Binding URL", - "logoutServicePostBindingURL": "Logout Service POST Binding URL", - "logoutServiceRedirectBindingURL": "Logout Service Redirect Binding URL", - "advancedSettings": "Advanced Settings", - "assertionLifespan": "Assertion Lifespan", - "accessTokenLifespan": "Access Token Lifespan", - "oAuthMutual": "OAuth 2.0 Mutual TLS Certificate Bound Access Tokens Enabled", - "keyForCodeExchange": "Proof Key for Code Exchange Code Challenge Method", - "authenticationOverrides": "Authentication flow overrides", - "browserFlow": "Browser Flow", - "directGrant": "Direct Grant Flow", - "jwksUrlConfig": "JWKS URL configs", - "keysIntro": "If \"Use JWKS URL switch\" is on, you need to fill a valid JWKS URL. After saving, admin can download keys from the JWKS URL or keys will be downloaded automatically by Keycloak server when see the stuff signed by the unknown KID", - "useJwksUrl": "Use JWKS URL", - "certificate": "Certificate", - "jwksUrl": "JWKS URL", - "generateNewKeys": "Generate new keys", - "generateKeys": "Generate keys?", - "generate": "Generate", - "archiveFormat": "Archive format", - "keyAlias": "Key alias", - "keyPassword": "Key password", - "storePassword": "Store password", - "generateSuccess": "New key pair and certificate generated successfully", - "generateError": "Could not generate new key pair and certificate {{error}}", - "import": "Import", - "importFile": "Import file", - "importSuccess": "New certificate imported", - "importError": "Could not import certificate {{error}}" - } -} diff --git a/src/clients/messages.ts b/src/clients/messages.ts new file mode 100644 index 0000000000..3e11d149c0 --- /dev/null +++ b/src/clients/messages.ts @@ -0,0 +1,249 @@ +export default { + clients: { + clientType: "Client type", + clientAuthorization: "Authorization", + implicitFlow: "Implicit flow", + createClient: "Create client", + importClient: "Import client", + homeURL: "Home URL", + webOrigins: "Web origins", + addWebOrigins: "Add web origins", + adminURL: "Admin URL", + formatOption: "Format option", + encryptAssertions: "Encrypt assertions", + clientSignature: "Client signature required", + downloadAdaptorTitle: "Download adaptor configs", + keys: "Keys", + credentials: "Credentials", + roles: "Roles", + createRole: "Create role", + noRoles: "No roles for this client", + noRolesInstructions: + "You haven't created any roles for this client. Create a role to get started.", + clientScopes: "Client scopes", + addClientScope: "Add client scope", + addClientScopesTo: "Add client scopes to {{clientId}}", + clientScopeRemoveSuccess: "Scope mapping successfully removed", + clientScopeRemoveError: "Could not remove the scope mapping {{error}}", + clientScopeSuccess: "Scope mapping successfully updated", + clientScopeError: "Could not update the scope mapping {{error}}", + searchByName: "Search by name", + setup: "Setup", + evaluate: "Evaluate", + changeTypeTo: "Change type to", + assignRole: "Assign role", + unAssignRole: "Unassign", + removeMappingTitle: "Remove mapping?", + removeMappingConfirm: "Are you sure you want to remove this mapping?", + removeMappingConfirm_plural: + "Are you sure you want to remove {{count}} mappings", + clientScopeSearch: { + client: "Client scope", + assigned: "Assigned type", + }, + assignedClientScope: "Assigned client scope", + assignedType: "Assigned type", + hideInheritedRoles: "Hide inherited roles", + inherentFrom: "Inherited from", + emptyClientScopes: "This client doesn't have any added client scopes", + emptyClientScopesInstructions: + "There are currently no client scopes linked to this client. You can add existing client scopes to this client to share protocol mappers and roles.", + emptyClientScopesPrimaryAction: "Add client scopes", + scopeParameter: "Scope parameter", + scopeParameterPlaceholder: "Select scope parameters", + effectiveProtocolMappers: "Effective protocol mappers", + effectiveRoleScopeMappings: "Effective role scope mappings", + generatedAccessToken: "Generated access token", + searchForProtocol: "Search protocol mapper", + parentClientScope: "Parent client scope", + searchForRole: "Search role", + origin: "Origin", + user: "User", + details: "Details", + noGeneratedAccessToken: "No generated access token", + generatedAccessTokenIsDisabled: + "Generated access token is disabled when no user is selected", + clientList: "Clients", + clientsList: "Clients list", + initialAccessToken: "Initial access token", + clientSettings: "Client details", + selectEncryptionType: "Select Encryption type", + generalSettings: "General Settings", + capabilityConfig: "Capability config", + clientsExplain: + "Clients are applications and services that can request authentication of a user", + createSuccess: "Client created successfully", + createError: "Could not create client: '{{error}}'", + clientImportError: "Could not import client: {{error}}", + clientSaveSuccess: "Client successfully updated", + clientSaveError: "Client could not be updated:", + clientImportSuccess: "Client imported successfully", + clientDelete: "Delete {{clientId}} ?", + clientDeletedSuccess: "The client has been deleted", + clientDeleteError: "Could not delete client: {{error}}", + clientDeleteConfirmTitle: "Delete client?", + disableConfirmTitle: "Disable client?", + downloadAdapterConfig: "Download adapter config", + disableConfirm: + "If you disable this client, you cannot initiate a login or obtain access tokens.", + clientDeleteConfirm: + "If you delete this client, all associated data will be removed.", + searchInitialAccessToken: "Search token", + createToken: "Create initial access token", + tokenDeleteConfirm: + "Are you sure you want to permanently delete the initial access token {{id}}", + tokenDeleteConfirmTitle: "Delete initial access token?", + tokenDeleteSuccess: "initial access token created successfully", + tokenDeleteError: "Could not delete initial access token: '{{error}}'", + timestamp: "Created date", + created: "Created", + lastUpdated: "Last updated", + expires: "Expires", + count: "Count", + remainingCount: "Remaining count", + expiration: "Expiration", + noTokens: "No initial access tokens", + noTokensInstructions: + 'You haven\'t created any initial access tokens. Create an initial access token by clicking "Create".', + tokenSaveSuccess: "New initial access token has been created", + tokenSaveError: "Could not create initial access token {{error}}", + initialAccessTokenDetails: "Initial access token details", + copyInitialAccessToken: + "Please copy and paste the initial access token before closing as it can not be retrieved later.", + clientAuthentication: "Client authentication", + authentication: "Authentication", + authenticationFlow: "Authentication flow", + standardFlow: "Standard flow", + directAccess: "Direct access grants", + serviceAccount: "Service accounts roles", + enableServiceAccount: "Enable service account roles", + assignRolesTo: "Assign roles to {{client}} account", + searchByRoleName: "Search by role name", + filterByOrigin: "Filter by Origin", + realmRoles: "Realm roles", + clients: "Clients", + assign: "Assign", + roleMappingUpdatedSuccess: "Role mapping updated", + roleMappingUpdatedError: "Could not update role mapping {{error}}", + displayOnClient: "Display client on screen", + consentScreenText: "Client consent screen text", + loginSettings: "Login settings", + accessSettings: "Access settings", + rootUrl: "Root URL", + validRedirectUri: "Valid redirect URIs", + addRedirectUri: "Add valid redirect URIs", + loginTheme: "Login theme", + consentRequired: "Consent required", + clientAuthenticator: "Client Authenticator", + changeAuthenticatorConfirmTitle: "Change to {{clientAuthenticatorType}}", + changeAuthenticatorConfirm: + "If you change authenticator to {{clientAuthenticatorType}}, the keycloak database will be updated and you may need to download a new adapter configuration for this client", + signedJWTConfirm: + 'You should configure JWKS URL or keys in the "Keys" tab to change the parameters of Signed JWT authenticator.', + anyAlgorithm: "Any algorithm", + clientSecret: "Client secret", + regenerate: "Regenerate", + confirmClientSecretTitle: "Regenerate secret for this client?", + confirmClientSecretBody: + "If you regenerate secret, the Keycloak database will be updated and you will need to download a new adapter for this client.", + confirmAccessTokenTitle: "Regenerate registration access token?", + confirmAccessTokenBody: + "If you regenerate registration access token, the access data regarding the client registration service will be updated.", + clientSecretSuccess: "Client secret regenerated", + clientSecretError: "Could not regenerate client secret due to: {{error}}", + registrationAccessToken: "Registration access token", + accessTokenSuccess: "Access token regenerated", + accessTokenError: "Could not regenerate access token due to: {{error}}", + signatureAlgorithm: "Signature algorithm", + subject: "Subject DN", + searchForClient: "Search for client", + advanced: "Advanced", + revocation: "Revocation", + clustering: "Clustering", + notBefore: "Not before", + setToNow: "Set to now", + noAdminUrlSet: + "No push sent. No admin URI configured or no registered cluster nodes available", + notBeforeSetToNow: "Not Before set for client", + notBeforeNowClear: "Not Before cleared for client", + notBeforePushFail: 'Failed to push "not before" to: {{failedNodes}}', + notBeforePushSuccess: 'Successfully push "not before" to: {{successNodes}}', + testClusterFail: + "Failed verified availability for: {{failedNodes}}. Fix or unregister failed cluster nodes and try again", + testClusterSuccess: + "Successfully verified availability for: {{successNodes}}", + deleteNode: "Delete node?", + deleteNodeBody: + 'Are you sure you want to permanently delete the node "{{node}}"', + deleteNodeSuccess: "Node successfully removed", + deleteNodeFail: "Could not delete node: '{{error}}'", + addedNodeSuccess: "Node successfully added", + addedNodeFail: "Could not add node: '{{error}}'", + addNode: "Add node", + push: "Push", + clear: "Clear", + nodeReRegistrationTimeout: "Node Re-registration timeout", + registeredClusterNodes: "Registered cluster nodes", + nodeHost: "Node host", + noNodes: "No nodes registered", + noNodesInstructions: + "There are no nodes registered, you can add one manually.", + lastRegistration: "Last registration", + testClusterAvailability: "Test cluster availability", + registerNodeManually: "Register node manually", + fineGrainOpenIdConnectConfiguration: + "Fine grain OpenID connect configuration", + fineGrainSamlEndpointConfig: "Fine Grain SAML Endpoint Configuration", + accessTokenSignatureAlgorithm: "Access token signature algorithm", + idTokenSignatureAlgorithm: "ID token signature algorithm", + idTokenEncryptionKeyManagementAlgorithm: + "ID token encryption key management algorithm", + idTokenEncryptionContentEncryptionAlgorithm: + "ID token encryption content encryption algorithm", + userInfoSignedResponseAlgorithm: "User info signed response algorithm", + requestObjectSignatureAlgorithm: "Request object signature algorithm", + requestObjectRequired: "Request object required", + requestObject: { + "not required": "Not required", + "request or request_uri": "Request or Request URI", + "request only": "Request only", + "request_uri only": "Request URI only", + }, + openIdConnectCompatibilityModes: "Open ID Connect Compatibly Modes", + excludeSessionStateFromAuthenticationResponse: + "Exclude Session State From Authentication Response", + assertionConsumerServicePostBindingURL: + "Assertion Consumer Service POST Binding URL", + assertionConsumerServiceRedirectBindingURL: + "Assertion Consumer Service Redirect Binding URL", + logoutServicePostBindingURL: "Logout Service POST Binding URL", + logoutServiceRedirectBindingURL: "Logout Service Redirect Binding URL", + advancedSettings: "Advanced Settings", + assertionLifespan: "Assertion Lifespan", + accessTokenLifespan: "Access Token Lifespan", + oAuthMutual: "OAuth 2.0 Mutual TLS Certificate Bound Access Tokens Enabled", + keyForCodeExchange: "Proof Key for Code Exchange Code Challenge Method", + authenticationOverrides: "Authentication flow overrides", + browserFlow: "Browser Flow", + directGrant: "Direct Grant Flow", + jwksUrlConfig: "JWKS URL configs", + keysIntro: + 'If "Use JWKS URL switch" is on, you need to fill a valid JWKS URL. After saving, admin can download keys from the JWKS URL or keys will be downloaded automatically by Keycloak server when see the stuff signed by the unknown KID', + useJwksUrl: "Use JWKS URL", + certificate: "Certificate", + jwksUrl: "JWKS URL", + generateNewKeys: "Generate new keys", + generateKeys: "Generate keys?", + generate: "Generate", + archiveFormat: "Archive format", + keyAlias: "Key alias", + keyPassword: "Key password", + storePassword: "Store password", + generateSuccess: "New key pair and certificate generated successfully", + generateError: "Could not generate new key pair and certificate {{error}}", + import: "Import", + importFile: "Import file", + importSuccess: "New certificate imported", + importError: "Could not import certificate {{error}}", + }, +}; diff --git a/src/common-help.json b/src/common-help.json deleted file mode 100644 index 9cdba821f2..0000000000 --- a/src/common-help.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "common-help": { - "helpToggleInfo": "This toggle will enable / disable part of the help info in the console. Includes any help text, links and popovers.", - "showPassword": "Show password field in clear text", - "helpFileUpload": "Upload a JSON file" - } -} diff --git a/src/common-help.ts b/src/common-help.ts new file mode 100644 index 0000000000..c08e012fd4 --- /dev/null +++ b/src/common-help.ts @@ -0,0 +1,8 @@ +export default { + "common-help": { + helpToggleInfo: + "This toggle will enable / disable part of the help info in the console. Includes any help text, links and popovers.", + showPassword: "Show password field in clear text", + helpFileUpload: "Upload a JSON file", + }, +}; diff --git a/src/common-messages.json b/src/common-messages.json deleted file mode 100644 index ba7b2ba248..0000000000 --- a/src/common-messages.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "common": { - "fullName": "{{givenName}} {{familyName}}", - "unknownUser": "Anonymous", - - "add": "Add", - "yes": "Yes", - "no": "No", - "create": "Create", - "save": "Save", - "revert": "Revert", - "cancel": "Cancel", - "continue": "Continue", - "close": "Close", - "delete": "Delete", - "remove": "Remove", - "search": "Search", - "noSearchResults": "No search results", - "noSearchResultsInstructions": "Click on the search bar above to search", - "next": "Next", - "back": "Back", - "finish": "Finish", - "skipCustomizationAndFinish": "Skip customization and finish", - "export": "Export", - "action": "Action", - "download": "Download", - "resourceFile": "Resource file", - "clear": "Clear", - "clearFile": "Clear this file", - "clearFileExplain": "Are you sure you want to clear this file?", - "on": "On", - "off": "Off", - "enabled": "Enabled", - "disabled": "Disabled", - "disable": "Disable", - "selectOne": "Select an option", - "choose": "Choose...", - "any": "Any", - "none": "None", - "signOut": "Sign out", - "manageAccount": "Manage account", - "serverInfo": "Server info", - "realmInfo": "Realm info", - "help": "Help", - "helpLabel": "More help for {{label}}", - "helpEnabled": "Help on", - "helpDisabled": "Help off", - "documentation": "Documentation", - "enableHelpMode": "Enable help mode", - "learnMore": "Learn more", - "test": "Test", - "name": "Name", - "role": "Role", - "description": "Description", - "type": "Type", - "category": "Category", - "priority": "Priority", - "unexpectedError": "An unexpected error occurred: '{{error}}'", - "retry": "Retry", - "plus": "Plus", - "minus": "Minus", - - "clientScope": { - "default": "Default", - "optional": "Optional", - "none": "None" - }, - - "home": "Home", - "manage": "Manage", - "clients": "Clients", - "clientScopes": "Client scopes", - "realmRoles": "Realm roles", - "users": "Users", - "groups": "Groups", - "sessions": "Sessions", - "events": "Events", - "mappers": "Mappers", - - "configure": "Configure", - "realmSettings": "Realm settings", - "authentication": "Authentication", - "identityProviders": "Identity providers", - "userFederation": "User federation", - - "settings": "Settings", - - "required": "Required field", - "maxLength": "Max length {{length}}", - - "createRealm": "Create Realm", - "recent": "Recent", - - "jumpToSection": "Jump to section", - - "Sunday": "Sunday", - "Monday": "Monday", - "Tuesday": "Tuesday", - "Wednesday": "Wednesday", - "Thursday": "Thursday", - "Friday": "Friday", - "Saturday": "Saturday", - - "unitLabel": "Select a time unit", - "times": { - "seconds": "Seconds", - "minutes": "Minutes", - "hours": "Hours", - "days": "Days" - }, - - "attributes": "Attributes", - "clientId": "Client ID", - "id": "ID", - - "addMapper": "Add mapper", - "createNewMapper": "Create new mapper", - "searchForMapper": "Search for mapper", - "mapperType": "Mapper type", - "mappingDeletedSuccess": "Mapping successfully deleted", - "mappingDeletedError": "Could not delete mapping: '{{error}}'", - "mappingDetails": "Mapper details", - "mappingUpdatedSuccess": "Mapping successfully updated", - "mappingUpdatedError": "Could not update mapping: '{{error}}'", - "mappingCreatedSuccess": "Mapping successfully created", - "mappingCreatedError": "Could not create mapping: '{{error}}'", - "deleteMappingTitle": "Delete mapping?", - "deleteMappingConfirm": "Are you sure you want to delete this mapping?", - - "emptyMappers": "No mappers", - "emptyMappersInstructions": "If you want to add mappers, please click the button below to add some predefined mappers or to configure a new mapper.", - "emptyPrimaryAction": "Add predefined mapper", - - "leaveDirtyTitle": "Leave without saving?", - "leaveDirtyConfirm": "Do you want to leave this page without saving? Any unsaved changes will be lost.", - "leave": "Leave" - } -} diff --git a/src/common-messages.ts b/src/common-messages.ts new file mode 100644 index 0000000000..e473f436c0 --- /dev/null +++ b/src/common-messages.ts @@ -0,0 +1,140 @@ +export default { + common: { + fullName: "{{givenName}} {{familyName}}", + unknownUser: "Anonymous", + + add: "Add", + yes: "Yes", + no: "No", + create: "Create", + save: "Save", + revert: "Revert", + cancel: "Cancel", + continue: "Continue", + close: "Close", + delete: "Delete", + remove: "Remove", + search: "Search", + noSearchResults: "No search results", + noSearchResultsInstructions: "Click on the search bar above to search", + next: "Next", + back: "Back", + finish: "Finish", + skipCustomizationAndFinish: "Skip customization and finish", + export: "Export", + action: "Action", + download: "Download", + resourceFile: "Resource file", + clear: "Clear", + clearFile: "Clear this file", + clearFileExplain: "Are you sure you want to clear this file?", + on: "On", + off: "Off", + enabled: "Enabled", + disabled: "Disabled", + disable: "Disable", + selectOne: "Select an option", + choose: "Choose...", + any: "Any", + none: "None", + signOut: "Sign out", + manageAccount: "Manage account", + serverInfo: "Server info", + realmInfo: "Realm info", + help: "Help", + helpLabel: "More help for {{label}}", + helpEnabled: "Help on", + helpDisabled: "Help off", + documentation: "Documentation", + enableHelpMode: "Enable help mode", + learnMore: "Learn more", + test: "Test", + name: "Name", + role: "Role", + description: "Description", + type: "Type", + category: "Category", + priority: "Priority", + unexpectedError: "An unexpected error occurred: '{{error}}'", + retry: "Retry", + plus: "Plus", + minus: "Minus", + + clientScope: { + default: "Default", + optional: "Optional", + none: "None", + }, + + home: "Home", + manage: "Manage", + clients: "Clients", + clientScopes: "Client scopes", + realmRoles: "Realm roles", + users: "Users", + groups: "Groups", + sessions: "Sessions", + events: "Events", + mappers: "Mappers", + + configure: "Configure", + realmSettings: "Realm settings", + authentication: "Authentication", + identityProviders: "Identity providers", + userFederation: "User federation", + + settings: "Settings", + + required: "Required field", + maxLength: "Max length {{length}}", + + createRealm: "Create Realm", + recent: "Recent", + + jumpToSection: "Jump to section", + + Sunday: "Sunday", + Monday: "Monday", + Tuesday: "Tuesday", + Wednesday: "Wednesday", + Thursday: "Thursday", + Friday: "Friday", + Saturday: "Saturday", + + unitLabel: "Select a time unit", + times: { + seconds: "Seconds", + minutes: "Minutes", + hours: "Hours", + days: "Days", + }, + + attributes: "Attributes", + clientId: "Client ID", + id: "ID", + + addMapper: "Add mapper", + createNewMapper: "Create new mapper", + searchForMapper: "Search for mapper", + mapperType: "Mapper type", + mappingDeletedSuccess: "Mapping successfully deleted", + mappingDeletedError: "Could not delete mapping: '{{error}}'", + mappingDetails: "Mapper details", + mappingUpdatedSuccess: "Mapping successfully updated", + mappingUpdatedError: "Could not update mapping: '{{error}}'", + mappingCreatedSuccess: "Mapping successfully created", + mappingCreatedError: "Could not create mapping: '{{error}}'", + deleteMappingTitle: "Delete mapping?", + deleteMappingConfirm: "Are you sure you want to delete this mapping?", + + emptyMappers: "No mappers", + emptyMappersInstructions: + "If you want to add mappers, please click the button below to add some predefined mappers or to configure a new mapper.", + emptyPrimaryAction: "Add predefined mapper", + + leaveDirtyTitle: "Leave without saving?", + leaveDirtyConfirm: + "Do you want to leave this page without saving? Any unsaved changes will be lost.", + leave: "Leave", + }, +}; diff --git a/src/dashboard/messages.json b/src/dashboard/messages.json deleted file mode 100644 index 171682366c..0000000000 --- a/src/dashboard/messages.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "dashboard": { - "welcome": "Welcome to", - "introduction": "If you want to leave this page and mange this realm, please click the corresponding menu items in the left navigation bar.", - "serverInfo": "Server info", - "version": "Version", - "product": "Product", - "profile": "Profile", - "enabledFeatures": "Enabled features", - "experimental": "Experimental", - "preview": "Preview", - "infoEnabledFeatures": "Something about what enabled features are.", - "infoDisabledFeatures": "Something about what disabled features are.", - "disabledFeatures": "Disabled features" - } -} diff --git a/src/dashboard/messages.ts b/src/dashboard/messages.ts new file mode 100644 index 0000000000..fa27882293 --- /dev/null +++ b/src/dashboard/messages.ts @@ -0,0 +1,17 @@ +export default { + dashboard: { + welcome: "Welcome to", + introduction: + "If you want to leave this page and mange this realm, please click the corresponding menu items in the left navigation bar.", + serverInfo: "Server info", + version: "Version", + product: "Product", + profile: "Profile", + enabledFeatures: "Enabled features", + experimental: "Experimental", + preview: "Preview", + infoEnabledFeatures: "Something about what enabled features are.", + infoDisabledFeatures: "Something about what disabled features are.", + disabledFeatures: "Disabled features", + }, +}; diff --git a/src/events/messages.json b/src/events/messages.json deleted file mode 100644 index 0a9519636d..0000000000 --- a/src/events/messages.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "events": { - "title": "Events", - "eventExplain": "If you want to configure user events, Admin events or Event listeners, please enter <1>Event configs page realm settings to configure.", - "eventConfigs": "Event configs", - "userEvents": "User events", - "adminEvents": "Admin events", - "searchForEvent": "Search user event", - "refresh": "Refresh", - "emptyEvents": "No events logged", - "emptyEventsInstructions": "Configure event logging in the realm settings", - "time": "Time", - "user": "User", - "eventType": "Event type", - "ipAddress": "IP address", - "client": "Client", - "resourcePath": "Resource path", - "resourceType": "Resource type", - "operationType": "Operation type", - "auth": "Auth", - "attribute": "Attribute", - "value": "Value", - "representation": "Representation" - } -} \ No newline at end of file diff --git a/src/events/messages.ts b/src/events/messages.ts new file mode 100644 index 0000000000..19ae59894a --- /dev/null +++ b/src/events/messages.ts @@ -0,0 +1,26 @@ +export default { + events: { + title: "Events", + eventExplain: + "If you want to configure user events, Admin events or Event listeners, please enter <1>Event configs page realm settings to configure.", + eventConfigs: "Event configs", + userEvents: "User events", + adminEvents: "Admin events", + searchForEvent: "Search user event", + refresh: "Refresh", + emptyEvents: "No events logged", + emptyEventsInstructions: "Configure event logging in the realm settings", + time: "Time", + user: "User", + eventType: "Event type", + ipAddress: "IP address", + client: "Client", + resourcePath: "Resource path", + resourceType: "Resource type", + operationType: "Operation type", + auth: "Auth", + attribute: "Attribute", + value: "Value", + representation: "Representation", + }, +}; diff --git a/src/groups/messages.json b/src/groups/messages.json deleted file mode 100644 index 9ea0653a8f..0000000000 --- a/src/groups/messages.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "groups": { - "groups": "Groups", - "groupDetails": "Group details", - "childGroups": "Child groups", - "createGroup": "Create group", - "groupName": "Group name", - "searchForGroups": "Search for groups", - "searchGroups": "Search groups", - "searchGroup": "Search group", - "renameGroup": "Rename group", - "deleteGroup": "Delete group", - "leave": "Leave group", - "usersLeft": "{{count}} user left the group", - "usersLeft_plural": "{{count}} users left the group", - "usersLeftError": "Could not remove users from the group", - "usersAdded": "{{count}} user added to the group", - "usersAdded_plural": "{{count}} users added to the group", - "usersAddedError": "Could not add users to the group", - "search": "Search", - "members": "Members", - "searchMembers": "Search members", - "addMember": "Add member", - "includeSubGroups": "Include sub-group users", - "path": "Path", - "moveTo": "Move to", - "moveToGroup": "Move {{group1}} to {{group2}}", - "root": "Root", - "moveHere": "Move here", - "moveGroupEmpty": "No sub groups", - "moveGroupEmptyInstructions": "There are no sub groups, select 'Move here' to move the selected group as a subgroup of this group", - "moveGroupSuccess": "Group moved", - "moveGroupError": "Could not move group {{error}}", - "tableOfGroups": "Table of groups", - "groupsDescription": "Description goes here", - "groupCreated": "Group created", - "couldNotCreateGroup": "Could not create group {{error}}", - "createAGroup": "Create a group", - "renameAGroup": "Rename group", - "create": "Create", - "rename": "Rename", - "email": "Email", - "lastName": "Last name", - "firstName": "First name", - "membership": "Membership", - "noSearchResults": "No search results", - "noSearchResultsInstructions": "Click on the search bar above to search for groups", - "noGroupsInThisRealm": "No groups in this realm", - "noGroupsInThisRealmInstructions": "You haven't created any groups in this realm. Create a group to get started.", - "noGroupsInThisSubGroup": "No groups in this sub group", - "noGroupsInThisSubGroupInstructions": "You haven't created any groups in this sub group.", - "deleteConfirmTitle": "Delete group?", - "deleteConfirmTitle_plural": "Delete groups?", - "deleteConfirm": "Are you sure you want to delete this group", - "deleteConfirm_plural": "Are you sure you want to delete this groups.", - "groupDeleted": "Group deleted", - "groupDeleted_plural": "Groups deleted", - "groupDeleteError": "Error deleting group {error}", - "attributes": "Attributes", - "groupUpdated": "Group updated", - "groupUpdateError": "Error updating group {error}" - } -} diff --git a/src/groups/messages.ts b/src/groups/messages.ts new file mode 100644 index 0000000000..25811161fb --- /dev/null +++ b/src/groups/messages.ts @@ -0,0 +1,67 @@ +export default { + groups: { + groups: "Groups", + groupDetails: "Group details", + childGroups: "Child groups", + createGroup: "Create group", + groupName: "Group name", + searchForGroups: "Search for groups", + searchGroups: "Search groups", + searchGroup: "Search group", + renameGroup: "Rename group", + deleteGroup: "Delete group", + leave: "Leave group", + usersLeft: "{{count}} user left the group", + usersLeft_plural: "{{count}} users left the group", + usersLeftError: "Could not remove users from the group", + usersAdded: "{{count}} user added to the group", + usersAdded_plural: "{{count}} users added to the group", + usersAddedError: "Could not add users to the group", + search: "Search", + members: "Members", + searchMembers: "Search members", + addMember: "Add member", + includeSubGroups: "Include sub-group users", + path: "Path", + moveTo: "Move to", + moveToGroup: "Move {{group1}} to {{group2}}", + root: "Root", + moveHere: "Move here", + moveGroupEmpty: "No sub groups", + moveGroupEmptyInstructions: + "There are no sub groups, select 'Move here' to move the selected group as a subgroup of this group", + moveGroupSuccess: "Group moved", + moveGroupError: "Could not move group {{error}}", + tableOfGroups: "Table of groups", + groupsDescription: "Description goes here", + groupCreated: "Group created", + couldNotCreateGroup: "Could not create group {{error}}", + createAGroup: "Create a group", + renameAGroup: "Rename group", + create: "Create", + rename: "Rename", + email: "Email", + lastName: "Last name", + firstName: "First name", + membership: "Membership", + noSearchResults: "No search results", + noSearchResultsInstructions: + "Click on the search bar above to search for groups", + noGroupsInThisRealm: "No groups in this realm", + noGroupsInThisRealmInstructions: + "You haven't created any groups in this realm. Create a group to get started.", + noGroupsInThisSubGroup: "No groups in this sub group", + noGroupsInThisSubGroupInstructions: + "You haven't created any groups in this sub group.", + deleteConfirmTitle: "Delete group?", + deleteConfirmTitle_plural: "Delete groups?", + deleteConfirm: "Are you sure you want to delete this group", + deleteConfirm_plural: "Are you sure you want to delete this groups.", + groupDeleted: "Group deleted", + groupDeleted_plural: "Groups deleted", + groupDeleteError: "Error deleting group {error}", + attributes: "Attributes", + groupUpdated: "Group updated", + groupUpdateError: "Error updating group {error}", + }, +}; diff --git a/src/i18n.ts b/src/i18n.ts index 9da46a62aa..2b0cf60586 100644 --- a/src/i18n.ts +++ b/src/i18n.ts @@ -2,28 +2,28 @@ import i18n from "i18next"; import { initReactI18next } from "react-i18next"; // import backend from "i18next-http-backend"; -import common from "./common-messages.json"; -import help from "./common-help.json"; -import dashboard from "./dashboard/messages.json"; -import clients from "./clients/messages.json"; -import clientsHelp from "./clients/help.json"; -import clientScopes from "./client-scopes/messages.json"; -import clientScopesHelp from "./client-scopes/help.json"; -import groups from "./groups/messages.json"; -import realm from "./realm/messages.json"; -import roles from "./realm-roles/messages.json"; -import users from "./user/messages.json"; -import usersHelp from "./user/help.json"; -import sessions from "./sessions/messages.json"; -import events from "./events/messages.json"; -import realmSettings from "./realm-settings/messages.json"; -import realmSettingsHelp from "./realm-settings/help.json"; -import authentication from "./authentication/messages.json"; -import storybook from "./stories/messages.json"; -import userFederation from "./user-federation/messages.json"; -import userFederationHelp from "./user-federation/help.json"; -import identityProviders from "./identity-providers/messages.json"; -import identityProvidersHelp from "./identity-providers/help.json"; +import common from "./common-messages"; +import help from "./common-help"; +import dashboard from "./dashboard/messages"; +import clients from "./clients/messages"; +import clientsHelp from "./clients/help"; +import clientScopes from "./client-scopes/messages"; +import clientScopesHelp from "./client-scopes/help"; +import groups from "./groups/messages"; +import realm from "./realm/messages"; +import roles from "./realm-roles/messages"; +import users from "./user/messages"; +import usersHelp from "./user/help"; +import sessions from "./sessions/messages"; +import events from "./events/messages"; +import realmSettings from "./realm-settings/messages"; +import realmSettingsHelp from "./realm-settings/help"; +import authentication from "./authentication/messages"; +import storybook from "./stories/messages"; +import userFederation from "./user-federation/messages"; +import userFederationHelp from "./user-federation/help"; +import identityProviders from "./identity-providers/messages"; +import identityProvidersHelp from "./identity-providers/help"; const initOptions = { defaultNS: "common", diff --git a/src/identity-providers/help.json b/src/identity-providers/help.json deleted file mode 100644 index f5afa2b5db..0000000000 --- a/src/identity-providers/help.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "identity-providers-help": { - "redirectURI": "The redirect uri to use when configuring the identity provider.", - "alias": "The alias uniquely identifies an identity provider and it is also used to build the redirect uri.", - "displayName": "Friendly name for Identity Providers.", - "clientId": "The client identifier registered with the identity provider.", - "clientSecret": "The client secret registered with the identity provider. This field is able to obtain its value from vault, use ${vault.ID} format.", - "displayOrder": "Number defining the order of the providers in GUI (for example, on the Login page). The lowest number will be applied first.", - "useDiscoveryEndpoint": "If this setting is enabled, the discovery endpoint will be used to fetch the provider config. Keycloak can load the config from the endpoint and automatically update the config if the source has any updates", - "discoveryEndpoint": "Import metadata from a remote IDP discovery descriptor.", - "importConfig": "Import metadata from a downloaded IDP discovery descriptor.", - "passLoginHint": "Pass login_hint to identity provider.", - "passCurrentLocale": "Pass the current locale to the identity provider as a ui_locales parameter.", - "logoutUrl": "End session endpoint to use to logout user from external IDP.", - "backchannelLogout": "Does the external IDP support backchannel logout?", - "disableUserInfo": "Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.", - "userInfoUrl": "The User Info Url. This is optional.", - "issuer": "The issuer identifier for the issuer of the response. If not provided, no validation will be performed.", - "scopes": "The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'.", - "prompt": "Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.", - "acceptsPromptNone": "This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.", - "validateSignature": "Enable/disable signature validation of external IDP signatures.", - "useJwksUrl": "If the switch is on, identity provider public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when identity provider generates new keypair. If the switch is off, public key (or certificate) from the Keycloak DB is used, so when the identity provider keypair changes, you always need to import the new key to the Keycloak DB as well.", - "jwksUrl": "URL where identity provider keys in JWK format are stored. See JWK specification for more details. If you use external Keycloak identity provider, you can use URL like 'http://broker-keycloak:8180/auth/realms/test/protocol/openid-connect/certs' assuming your brokered Keycloak is running on 'http://broker-keycloak:8180' and its realm is 'test' .", - "allowedClockSkew": "Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is zero.", - "forwardParameters": "Non OpenID Connect/OAuth standard query parameters to be forwarded to external IDP from the initial application request to Authorization Endpoint. Multiple parameters can be entered, separated by comma (,).", - "clientAuthentication": "The client authentication method (cfr. https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication). In case of JWT signed with private key, the realm private key is used.", - "storeTokens": "Enable/disable if tokens must be stored after authenticating users.", - "trustEmail": "If enabled, email provided by this provider is not verified even if verification is enabled for the realm.", - "accountLinkingOnly": "If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider", - "hideOnLoginPage": "If hidden, login with this provider is possible only if requested explicitly, for example using the 'kc_idp_hint' parameter.", - "firstBrokerLoginFlowAlias": "Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that no Keycloak account is currently linked to the authenticated identity provider account.", - "postBrokerLoginFlowAlias": "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this to \"None\" if you need no any additional authenticators to be triggered after login with this identity provider. Also note that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.", - "syncMode": "Default sync mode for all mappers. The sync mode determines when user data will be synced using the mappers. Possible values are: 'legacy' to keep the behaviour before this option was introduced, 'import' to only import the user once during first login of the user with this identity provider, 'force' to always update the user during every login with this identity provider." - } -} diff --git a/src/identity-providers/help.ts b/src/identity-providers/help.ts new file mode 100644 index 0000000000..206857dbe9 --- /dev/null +++ b/src/identity-providers/help.ts @@ -0,0 +1,61 @@ +export default { + "identity-providers-help": { + redirectURI: + "The redirect uri to use when configuring the identity provider.", + alias: + "The alias uniquely identifies an identity provider and it is also used to build the redirect uri.", + displayName: "Friendly name for Identity Providers.", + clientId: "The client identifier registered with the identity provider.", + clientSecret: + "The client secret registered with the identity provider. This field is able to obtain its value from vault, use ${vault.ID} format.", + displayOrder: + "Number defining the order of the providers in GUI (for example, on the Login page). The lowest number will be applied first.", + useDiscoveryEndpoint: + "If this setting is enabled, the discovery endpoint will be used to fetch the provider config. Keycloak can load the config from the endpoint and automatically update the config if the source has any updates", + discoveryEndpoint: + "Import metadata from a remote IDP discovery descriptor.", + importConfig: "Import metadata from a downloaded IDP discovery descriptor.", + passLoginHint: "Pass login_hint to identity provider.", + passCurrentLocale: + "Pass the current locale to the identity provider as a ui_locales parameter.", + logoutUrl: "End session endpoint to use to logout user from external IDP.", + backchannelLogout: "Does the external IDP support backchannel logout?", + disableUserInfo: + "Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.", + userInfoUrl: "The User Info Url. This is optional.", + issuer: + "The issuer identifier for the issuer of the response. If not provided, no validation will be performed.", + scopes: + "The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'.", + prompt: + "Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.", + acceptsPromptNone: + "This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.", + validateSignature: + "Enable/disable signature validation of external IDP signatures.", + useJwksUrl: + "If the switch is on, identity provider public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when identity provider generates new keypair. If the switch is off, public key (or certificate) from the Keycloak DB is used, so when the identity provider keypair changes, you always need to import the new key to the Keycloak DB as well.", + jwksUrl: + "URL where identity provider keys in JWK format are stored. See JWK specification for more details. If you use external Keycloak identity provider, you can use URL like 'http://broker-keycloak:8180/auth/realms/test/protocol/openid-connect/certs' assuming your brokered Keycloak is running on 'http://broker-keycloak:8180' and its realm is 'test' .", + allowedClockSkew: + "Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is zero.", + forwardParameters: + "Non OpenID Connect/OAuth standard query parameters to be forwarded to external IDP from the initial application request to Authorization Endpoint. Multiple parameters can be entered, separated by comma (,).", + clientAuthentication: + "The client authentication method (cfr. https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication). In case of JWT signed with private key, the realm private key is used.", + storeTokens: + "Enable/disable if tokens must be stored after authenticating users.", + trustEmail: + "If enabled, email provided by this provider is not verified even if verification is enabled for the realm.", + accountLinkingOnly: + "If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider", + hideOnLoginPage: + "If hidden, login with this provider is possible only if requested explicitly, for example using the 'kc_idp_hint' parameter.", + firstBrokerLoginFlowAlias: + "Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that no Keycloak account is currently linked to the authenticated identity provider account.", + postBrokerLoginFlowAlias: + 'Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this to "None" if you need no any additional authenticators to be triggered after login with this identity provider. Also note that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.', + syncMode: + "Default sync mode for all mappers. The sync mode determines when user data will be synced using the mappers. Possible values are: 'legacy' to keep the behaviour before this option was introduced, 'import' to only import the user once during first login of the user with this identity provider, 'force' to always update the user during every login with this identity provider.", + }, +}; diff --git a/src/identity-providers/messages.json b/src/identity-providers/messages.json deleted file mode 100644 index 1b4b855c0e..0000000000 --- a/src/identity-providers/messages.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "identity-providers": { - "listExplain": "Through Identity Brokering it's easy to allow users to authenticate to Keycloak using external Identity Provider or Social Networks.", - "searchForProvider": "Search for provider", - "provider": "Provider details", - "addProvider": "Add provider", - "addKeycloakOpenIdProvider": "Add Keycloak OpenID Connect provider", - "addOpenIdProvider": "Add OpenID Connect provider", - "manageDisplayOrder": "Manage display order", - "deleteProvider": "Delete provider?", - "deleteConfirm": "Are you sure you want to permanently delete the provider '{{provider}}'", - "deletedSuccess": "Provider successfully deleted", - "deleteError": "Could not delete the provider {{error}}", - "disableProvider": "Disable provider?", - "disableConfirm": "Are you sure you want to disable the provider '{{provider}}'", - "disableSuccess": "Provider successfully disabled", - "disableError": "Could not disable the provider {{error}}", - "updateSuccess": "Provider successfully updated", - "updateError": "Could not update the provider {{error}}", - "getStarted": "To get started, select a provider from the list below.", - "addIdentityProvider": "Add {{provider}} provider", - "redirectURI": "Redirect URI", - "clientId": "Client ID", - "clientSecret": "Client Secret", - "displayOrder": "Display order", - "createSuccess": "Identity provider successfully created", - "createError": "Could not create the identity provider: {{error}}", - "oderDialogIntro": "The order that the providers are listed in the login page or the account console. You can drag the row handles to change the order.", - "manageOrderTableAria": "List of identity providers in the order listed on the login page", - "manageOrderItemAria": "Press space or enter to begin dragging, and use the arrow keys to navigate up or down. Press enter to confirm the drag, or any other key to cancel the drag operation.", - "onDragStart": "Dragging started for item {{id}}", - "onDragMove": "Dragging item {{id}}", - "onDragCancel": "Dragging cancelled. List is unchanged.", - "onDragFinish": "Dragging finished {{list}}", - "orderChangeSuccess": "Successfully changed display order of identity providers", - "orderChangeError": "Could not change display order of identity providers {{error}}", - "alias": "Alias", - "displayName": "Display name", - "useDiscoveryEndpoint": "Use discovery endpoint", - "discoveryEndpoint": "Discovery endpoint", - "importConfig": "Import config from file", - "showMetaData": "Show metadata", - "hideMetaData": "Hide metadata", - "noValidMetaDataFound": "No valid metadata was found at this URL", - "advanced": "Advanced", - "metadataOfDiscoveryEndpoint": "Metadata of the discovery endpoint", - "authorizationUrl": "Authorization URL", - "passLoginHint": "Pass login_hint", - "passCurrentLocale": "Pass current locale", - "tokenUrl": "Token URL", - "logoutUrl": "Logout URL", - "backchannelLogout": "Backchannel logout", - "disableUserInfo": "Disable user info", - "userInfoUrl": "User Info URL", - "issuer": "Issuer", - "scopes": "Scopes", - "prompt": "Prompt", - "prompts": { - "unspecified": "Unspecified", - "none": "None", - "consent": "Consent", - "login": "Login", - "select_account": "Select account" - }, - "clientAuthentication" : "Client authentication", - "clientAuthentications": { - "clientAuth_post": "Client secret sent as post", - "clientAuth_basic" : "Client secret sent as basic auth", - "clientAuth_secret_jwt" : "Client secret as jwt", - "clientAuth_privatekey_jwt" : "JWT signed with private key" - }, - "acceptsPromptNone": "Accepts prompt=none forward from client", - "validateSignature": "Validate Signatures", - "useJwksUrl": "Use JWKS URL", - "jwksUrl": "JWKS URL", - "allowedClockSkew": "Allowed clock skew", - "forwardParameters": "Forwarded query parameters", - "generalSettings": "General settings", - "oidcSettings": "OpenId Connect settings", - "advancedSettings": "Advanced settings", - "storeTokens": "Store tokens", - "trustEmail": "Trust Email", - "accountLinkingOnly": "Account linking only", - "hideOnLoginPage": "Hide on login page", - "firstBrokerLoginFlowAlias": "First login flow", - "postBrokerLoginFlowAlias": "Post login flow", - "syncMode": "Sync mode", - "syncModes": { - "import": "Import", - "legacy": "Legacy", - "force": "Force" - } - } -} diff --git a/src/identity-providers/messages.ts b/src/identity-providers/messages.ts new file mode 100644 index 0000000000..10239ce0ae --- /dev/null +++ b/src/identity-providers/messages.ts @@ -0,0 +1,102 @@ +export default { + "identity-providers": { + listExplain: + "Through Identity Brokering it's easy to allow users to authenticate to Keycloak using external Identity Provider or Social Networks.", + searchForProvider: "Search for provider", + provider: "Provider details", + addProvider: "Add provider", + addKeycloakOpenIdProvider: "Add Keycloak OpenID Connect provider", + addOpenIdProvider: "Add OpenID Connect provider", + manageDisplayOrder: "Manage display order", + deleteProvider: "Delete provider?", + deleteConfirm: + "Are you sure you want to permanently delete the provider '{{provider}}'", + deletedSuccess: "Provider successfully deleted", + deleteError: "Could not delete the provider {{error}}", + disableProvider: "Disable provider?", + disableConfirm: + "Are you sure you want to disable the provider '{{provider}}'", + disableSuccess: "Provider successfully disabled", + disableError: "Could not disable the provider {{error}}", + updateSuccess: "Provider successfully updated", + updateError: "Could not update the provider {{error}}", + getStarted: "To get started, select a provider from the list below.", + addIdentityProvider: "Add {{provider}} provider", + redirectURI: "Redirect URI", + clientId: "Client ID", + clientSecret: "Client Secret", + displayOrder: "Display order", + createSuccess: "Identity provider successfully created", + createError: "Could not create the identity provider: {{error}}", + oderDialogIntro: + "The order that the providers are listed in the login page or the account console. You can drag the row handles to change the order.", + manageOrderTableAria: + "List of identity providers in the order listed on the login page", + manageOrderItemAria: + "Press space or enter to begin dragging, and use the arrow keys to navigate up or down. Press enter to confirm the drag, or any other key to cancel the drag operation.", + onDragStart: "Dragging started for item {{id}}", + onDragMove: "Dragging item {{id}}", + onDragCancel: "Dragging cancelled. List is unchanged.", + onDragFinish: "Dragging finished {{list}}", + orderChangeSuccess: + "Successfully changed display order of identity providers", + orderChangeError: + "Could not change display order of identity providers {{error}}", + alias: "Alias", + displayName: "Display name", + useDiscoveryEndpoint: "Use discovery endpoint", + discoveryEndpoint: "Discovery endpoint", + importConfig: "Import config from file", + showMetaData: "Show metadata", + hideMetaData: "Hide metadata", + noValidMetaDataFound: "No valid metadata was found at this URL", + advanced: "Advanced", + metadataOfDiscoveryEndpoint: "Metadata of the discovery endpoint", + authorizationUrl: "Authorization URL", + passLoginHint: "Pass login_hint", + passCurrentLocale: "Pass current locale", + tokenUrl: "Token URL", + logoutUrl: "Logout URL", + backchannelLogout: "Backchannel logout", + disableUserInfo: "Disable user info", + userInfoUrl: "User Info URL", + issuer: "Issuer", + scopes: "Scopes", + prompt: "Prompt", + prompts: { + unspecified: "Unspecified", + none: "None", + consent: "Consent", + login: "Login", + select_account: "Select account", + }, + clientAuthentication: "Client authentication", + clientAuthentications: { + clientAuth_post: "Client secret sent as post", + clientAuth_basic: "Client secret sent as basic auth", + clientAuth_secret_jwt: "Client secret as jwt", + clientAuth_privatekey_jwt: "JWT signed with private key", + }, + acceptsPromptNone: "Accepts prompt=none forward from client", + validateSignature: "Validate Signatures", + useJwksUrl: "Use JWKS URL", + jwksUrl: "JWKS URL", + allowedClockSkew: "Allowed clock skew", + forwardParameters: "Forwarded query parameters", + generalSettings: "General settings", + oidcSettings: "OpenId Connect settings", + advancedSettings: "Advanced settings", + storeTokens: "Store tokens", + trustEmail: "Trust Email", + accountLinkingOnly: "Account linking only", + hideOnLoginPage: "Hide on login page", + firstBrokerLoginFlowAlias: "First login flow", + postBrokerLoginFlowAlias: "Post login flow", + syncMode: "Sync mode", + syncModes: { + import: "Import", + legacy: "Legacy", + force: "Force", + }, + }, +}; diff --git a/src/realm-roles/messages.json b/src/realm-roles/messages.json deleted file mode 100644 index a0ea513174..0000000000 --- a/src/realm-roles/messages.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "roles": { - "addAttributeText": "Add an attribute", - "deleteAttributeText": "Delete an attribute", - "associatedRolesText": "Associated roles", - "addAssociatedRolesText": "Add associated roles", - "addAssociatedRolesSuccess": "Associated roles have been added", - "associatedRolesModalTitle": "Add roles to {{name}}", - "title": "Realm roles", - "addRole": "Add role", - "createRole": "Create role", - "importRole": "Import role", - "roleID": "Role ID", - "homeURL": "Home URL", - "filterByClients": "Filter by clients", - "filterByRoles": "Filter by roles", - "roleExplain": "Realm-level roles are a global namespace to define your roles.", - "roleCreateExplain": "This is some description", - "roleName": "Role name", - "roleDetails": "Role details", - "composite": "Composite", - "deleteRole": "Delete this role", - "details": "Details", - "inheritedFrom": "Inherited from", - "roleList": "Role list", - "searchFor": "Search role by name", - "generalSettings": "General Settings", - "capabilityConfig": "Capability config", - "roleImportError": "Could not import role", - "roleCreated": "Role created", - "roleCreateError": "Could not create role: {{error}}", - "roleImportSuccess": "Role import successful", - "roleDeleteConfirm": "Delete role?", - "roleDeleteConfirmDialog": "This action will permanently delete the role {{selectedRoleName}} and cannot be undone.", - "roleDeletedSuccess": "The role has been deleted", - "roleDeleteError": "Could not delete role: {{error}}", - "defaultRole": "This role serves as a container for both realm and client default roles. It cannot be removed.", - "defaultRoleDeleteError": "You cannot delete a default role.", - "roleSaveSuccess": "The role has been saved", - "roleSaveError": "Could not save role: {{error}}", - "noRoles": "No roles in this realm", - "noRolesInstructions": "You haven't created any roles in this realm. Create a role to get started.", - "roleAuthentication": "Role authentication", - "removeAllAssociatedRoles": "Remove all associated roles", - "removeAssociatedRoles": "Remove associated roles", - "removeRoles": "Remove roles", - "removeAllAssociatedRolesConfirmDialog": "This action will remove the associated roles of {{name}}. Users who have permission to {{name}} will no longer have access to these roles.", - "roleRemoveAssociatedRoleConfirm": "Remove associated role?", - "roleRemoveAssociatedText": "This action will remove {{role}} from {{roleName}}. All the associated roles of {{role}} will also be removed.", - "compositeRoleOff": "Composite role turned off", - "associatedRolesRemoved": "Associated roles have been removed", - "compositesRemovedAlertDescription": "All the associated roles have been removed", - "whoWillAppearLinkText": "Who will appear in this user list?", - "whoWillAppearPopoverText": "This tab shows only the users who are assigned directly to this role. To see users who are assigned this role as an associated role or through a group, go to", - "whoWillAppearPopoverFooterText": "Users who have this role as an effective role cannot be added on this tab.", - "usersInRole": "Users in role", - "addUser": "Add user", - "removeUser": "Remove users", - "removeUserText": "Do you want to remove {{numSelected}} users?. These users will no longer have permissions of the role {{role}} and the associated roles of it.", - "noDirectUsers": "No direct users", - "noUsersEmptyStateDescription": "Only the users with this role directly assigned will appear under this tab. If you need to find users assigned to this role, go to", - "noUsersEmptyStateDescriptionContinued": "to find them. Users that already have this role as an effective role cannot be added here.", - "groups": "Groups", - "or": "or", - "users": "Users", - "userName": "Username", - "email": "Email", - "lastName": "Last name", - "firstName": "First name", - "clearAllFilters": "Clear all filters" - } -} diff --git a/src/realm-roles/messages.ts b/src/realm-roles/messages.ts new file mode 100644 index 0000000000..caf02932a5 --- /dev/null +++ b/src/realm-roles/messages.ts @@ -0,0 +1,84 @@ +export default { + roles: { + addAttributeText: "Add an attribute", + deleteAttributeText: "Delete an attribute", + associatedRolesText: "Associated roles", + addAssociatedRolesText: "Add associated roles", + addAssociatedRolesSuccess: "Associated roles have been added", + associatedRolesModalTitle: "Add roles to {{name}}", + title: "Realm roles", + addRole: "Add role", + createRole: "Create role", + importRole: "Import role", + roleID: "Role ID", + homeURL: "Home URL", + filterByClients: "Filter by clients", + filterByRoles: "Filter by roles", + roleExplain: + "Realm-level roles are a global namespace to define your roles.", + roleCreateExplain: "This is some description", + roleName: "Role name", + roleDetails: "Role details", + composite: "Composite", + deleteRole: "Delete this role", + details: "Details", + inheritedFrom: "Inherited from", + roleList: "Role list", + searchFor: "Search role by name", + generalSettings: "General Settings", + capabilityConfig: "Capability config", + roleImportError: "Could not import role", + roleCreated: "Role created", + roleCreateError: "Could not create role: {{error}}", + roleImportSuccess: "Role import successful", + roleDeleteConfirm: "Delete role?", + roleDeleteConfirmDialog: + "This action will permanently delete the role {{selectedRoleName}} and cannot be undone.", + roleDeletedSuccess: "The role has been deleted", + roleDeleteError: "Could not delete role: {{error}}", + defaultRole: + "This role serves as a container for both realm and client default roles. It cannot be removed.", + defaultRoleDeleteError: "You cannot delete a default role.", + roleSaveSuccess: "The role has been saved", + roleSaveError: "Could not save role: {{error}}", + noRoles: "No roles in this realm", + noRolesInstructions: + "You haven't created any roles in this realm. Create a role to get started.", + roleAuthentication: "Role authentication", + removeAllAssociatedRoles: "Remove all associated roles", + removeAssociatedRoles: "Remove associated roles", + removeRoles: "Remove roles", + removeAllAssociatedRolesConfirmDialog: + "This action will remove the associated roles of {{name}}. Users who have permission to {{name}} will no longer have access to these roles.", + roleRemoveAssociatedRoleConfirm: "Remove associated role?", + roleRemoveAssociatedText: + "This action will remove {{role}} from {{roleName}}. All the associated roles of {{role}} will also be removed.", + compositeRoleOff: "Composite role turned off", + associatedRolesRemoved: "Associated roles have been removed", + compositesRemovedAlertDescription: + "All the associated roles have been removed", + whoWillAppearLinkText: "Who will appear in this user list?", + whoWillAppearPopoverText: + "This tab shows only the users who are assigned directly to this role. To see users who are assigned this role as an associated role or through a group, go to", + whoWillAppearPopoverFooterText: + "Users who have this role as an effective role cannot be added on this tab.", + usersInRole: "Users in role", + addUser: "Add user", + removeUser: "Remove users", + removeUserText: + "Do you want to remove {{numSelected}} users?. These users will no longer have permissions of the role {{role}} and the associated roles of it.", + noDirectUsers: "No direct users", + noUsersEmptyStateDescription: + "Only the users with this role directly assigned will appear under this tab. If you need to find users assigned to this role, go to", + noUsersEmptyStateDescriptionContinued: + "to find them. Users that already have this role as an effective role cannot be added here.", + groups: "Groups", + or: "or", + users: "Users", + userName: "Username", + email: "Email", + lastName: "Last name", + firstName: "First name", + clearAllFilters: "Clear all filters", + }, +}; diff --git a/src/realm-settings/help.json b/src/realm-settings/help.json deleted file mode 100644 index e633046510..0000000000 --- a/src/realm-settings/help.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "realm-settings-help": { - "fromDisplayName": "A user-friendly name for the 'From' address (optional).", - "replyToDisplayName": "A user-friendly name for the 'Reply-To' address (optional).", - "envelopeFrom": "An email address used for bounces (optional).", - "password": "SMTP password. This field is able to obtain its value from vault, use ${vault.ID} format.", - "frontendUrl": "Set the frontend URL for the realm. Use in combination with the default hostname provider to override the base URL for frontend requests for a specific realm.", - "requireSsl": "Is HTTPS required? 'None' means HTTPS is not required for any client IP address. 'External requests' means localhost and private IP addresses can access without HTTPS. 'All requests' means HTTPS is required for all IP addresses.", - "userManagedAccess": "If enabled, users are allowed to manage their resources and permissions using the Account Management Console.", - "endpoints": "Shows the configuration of the protocol endpoints", - "loginTheme": "Select theme for login, OTP, grant, registration and forgot password pages.", - "accountTheme": "Select theme for user account management pages.", - "adminConsoleTheme": "Select theme for admin console.", - "emailTheme": "Select theme for emails that are sent by the server.", - "displayName": "Display name of provider when linked in admin console", - "priority": "Priority of the provider", - "enabled": "Set if the keys are enabled", - "active": "Set if the keys can be used for signing", - "AESKeySize": "Size in bytes for the generated AES key. Size 16 is for AES-128, Size 24 for AES-192, and Size 32 for AES-256. WARN: Bigger keys than 128 are not allowed on some JDK implementations.", - "save-user-events": "If enabled, login events are saved to the database, which makes events available to the admin and account management consoles.", - "save-admin-events": "If enabled, admin events are saved to the database, which makes events available to the admin console.", - "expiration": "Sets the expiration for events. Expired events are periodically deleted from the database.", - "admin-clearEvents": "Deletes all admin events in the database.", - "includeRepresentation": "Include JSON representation for create and update requests.", - "user-clearEvents": "Deletes all user events in the database.", - "ellipticCurve": "Elliptic curve used in ECDSA", - "secretSize": "Size in bytes for the generated secret", - "algorithm": "Intended algorithm for the key", - "keystore": "Path to keys file", - "keystorePassword": "Password for the keys", - "keyAlias": "Alias for the private key", - "keyPassword": "Password for the private key", - "privateRSAKey": "Private RSA Key encoded in PEM format", - "x509Certificate": "X509 Certificate encoded in PEM format", - "xFrameOptions": "Default value prevents pages from being included by non-origin iframes <1>Learn more", - "contentSecurityPolicy": "Default value prevents pages from being included by non-origin iframes <1>Learn more", - "contentSecurityPolicyReportOnly": "For testing Content Security Policies <1>Learn more", - "xContentTypeOptions": "Default value prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type <1>Learn more", - "xRobotsTag": "Prevent pages from appearing in search engines <1>Learn more", - "xXSSProtection": "Prevent pages from appearing in search engines <1>Learn more", - "strictTransportSecurity": "The Strict-Transport-Security HTTP header tells browsers to always use HTTPS. Once a browser sees this header, it will only visit the site over HTTPS for the time specified (1 year) at max-age, including the subdomains. <1>Learn more", - "failureFactor": "How many failures before wait is triggered.", - "permanentLockout": "Lock the user permanently when the user exceeds the maximum login failures.", - "waitIncrement": "When failure threshold has been met, how much time should the user be locked out?", - "maxFailureWait": "Max time a user will be locked out.", - "maxDeltaTime": "When will failure count be reset?", - "quickLoginCheckMilliSeconds": "If a failure happens concurrently too quickly, lock out the user.", - "minimumQuickLoginWait": "How long to wait after a quick login failure." - } -} diff --git a/src/realm-settings/help.ts b/src/realm-settings/help.ts new file mode 100644 index 0000000000..f582584b5b --- /dev/null +++ b/src/realm-settings/help.ts @@ -0,0 +1,71 @@ +export default { + "realm-settings-help": { + fromDisplayName: "A user-friendly name for the 'From' address (optional).", + replyToDisplayName: + "A user-friendly name for the 'Reply-To' address (optional).", + envelopeFrom: "An email address used for bounces (optional).", + password: + "SMTP password. This field is able to obtain its value from vault, use ${vault.ID} format.", + frontendUrl: + "Set the frontend URL for the realm. Use in combination with the default hostname provider to override the base URL for frontend requests for a specific realm.", + requireSsl: + "Is HTTPS required? 'None' means HTTPS is not required for any client IP address. 'External requests' means localhost and private IP addresses can access without HTTPS. 'All requests' means HTTPS is required for all IP addresses.", + userManagedAccess: + "If enabled, users are allowed to manage their resources and permissions using the Account Management Console.", + endpoints: "Shows the configuration of the protocol endpoints", + loginTheme: + "Select theme for login, OTP, grant, registration and forgot password pages.", + accountTheme: "Select theme for user account management pages.", + adminConsoleTheme: "Select theme for admin console.", + emailTheme: "Select theme for emails that are sent by the server.", + displayName: "Display name of provider when linked in admin console", + priority: "Priority of the provider", + enabled: "Set if the keys are enabled", + active: "Set if the keys can be used for signing", + AESKeySize: + "Size in bytes for the generated AES key. Size 16 is for AES-128, Size 24 for AES-192, and Size 32 for AES-256. WARN: Bigger keys than 128 are not allowed on some JDK implementations.", + "save-user-events": + "If enabled, login events are saved to the database, which makes events available to the admin and account management consoles.", + "save-admin-events": + "If enabled, admin events are saved to the database, which makes events available to the admin console.", + expiration: + "Sets the expiration for events. Expired events are periodically deleted from the database.", + "admin-clearEvents": "Deletes all admin events in the database.", + includeRepresentation: + "Include JSON representation for create and update requests.", + "user-clearEvents": "Deletes all user events in the database.", + ellipticCurve: "Elliptic curve used in ECDSA", + secretSize: "Size in bytes for the generated secret", + algorithm: "Intended algorithm for the key", + keystore: "Path to keys file", + keystorePassword: "Password for the keys", + keyAlias: "Alias for the private key", + keyPassword: "Password for the private key", + privateRSAKey: "Private RSA Key encoded in PEM format", + x509Certificate: "X509 Certificate encoded in PEM format", + xFrameOptions: + "Default value prevents pages from being included by non-origin iframes <1>Learn more", + contentSecurityPolicy: + "Default value prevents pages from being included by non-origin iframes <1>Learn more", + contentSecurityPolicyReportOnly: + "For testing Content Security Policies <1>Learn more", + xContentTypeOptions: + "Default value prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type <1>Learn more", + xRobotsTag: + "Prevent pages from appearing in search engines <1>Learn more", + xXSSProtection: + "Prevent pages from appearing in search engines <1>Learn more", + strictTransportSecurity: + "The Strict-Transport-Security HTTP header tells browsers to always use HTTPS. Once a browser sees this header, it will only visit the site over HTTPS for the time specified (1 year) at max-age, including the subdomains. <1>Learn more", + failureFactor: "How many failures before wait is triggered.", + permanentLockout: + "Lock the user permanently when the user exceeds the maximum login failures.", + waitIncrement: + "When failure threshold has been met, how much time should the user be locked out?", + maxFailureWait: "Max time a user will be locked out.", + maxDeltaTime: "When will failure count be reset?", + quickLoginCheckMilliSeconds: + "If a failure happens concurrently too quickly, lock out the user.", + minimumQuickLoginWait: "How long to wait after a quick login failure.", + }, +}; diff --git a/src/realm-settings/messages.json b/src/realm-settings/messages.json deleted file mode 100644 index 3b0a4c992b..0000000000 --- a/src/realm-settings/messages.json +++ /dev/null @@ -1,543 +0,0 @@ -{ - "realm-settings": { - "partialImport": "Partial import", - "partialExport": "Partial export", - "deleteRealm": "Delete realm", - "deleteConfirmTitle": "Delete realm?", - "deleteConfirm": "If you delete this realm, all associated data will be removed.", - "deleteProviderTitle": "Delete key provider?", - "deleteProviderConfirm": "Are you sure you want to permanently delete the key provider ", - "deleteProviderSuccess": "Success. The provider has been deleted.", - "deleteProviderError": "Error deleting the provider", - "deletedSuccess": "The realm has been deleted", - "deleteError": "Could not delete realm: {{error}}", - "disableConfirmTitle": "Disable realm?", - "disableConfirm": "User and clients can't access the realm if it's disabled. Are you sure you want to continue?", - "editProvider": "Edit provider", - "saveSuccess": "Realm successfully updated", - "saveProviderSuccess": "The provider has been saved successfully.", - "saveProviderError": "Error saving provider: ", - "saveError": "Realm could not be updated: {error}", - "general": "General", - "login": "Login", - "themes": "Themes", - "events": "Events", - "userEventsConfig": "User events configuration", - "userEventsSettings": "User events settings", - "adminEventsConfig": "Admin events config", - "adminEventsSettings": "Admin events settings", - "saveEvents": "Save events", - "expiration": "Expiration", - "clearEvents": "Clear user events", - "includeRepresentation": "Include representation", - "email": "Email", - "template": "Template", - "connectionAndAuthentication": "Connection & Authentication", - "from": "From", - "fromDisplayName": "From display name", - "replyTo": "Reply to", - "replyToDisplayName": "Reply to display name", - "envelopeFrom": "Envelope from", - "host": "Host", - "port": "Port", - "encryption": "Encryption", - "authentication": "Authentication", - "enableSSL": "Enable SSL", - "enableStartTLS": "Enable StartTLS", - "username": "Username", - "password": "Password", - "keys": "Keys", - "keysList": "Keys list", - "searchKey": "Search key", - "keystore": "Keystore", - "keystorePassword": "Keystore password", - "keyAlias": "Key alias", - "keyPassword": "Key password", - "providers": "Providers", - "algorithm": "Algorithm", - "aesGenerated": "aes-generated", - "ecdsaGenerated": "ecdsca-generated", - "hmacGenerated": "hmac-generated", - "javaKeystore": "java-keystore", - "rsa": "rsa", - "rsaGenerated": "rsa-generated", - "consoleDisplayName": "Console Display Name", - "AESKeySize": "AES Key Size", - "active": "Active", - "privateRSAKey": "Private RSA Key", - "x509Certificate": "X509 Certificate", - "ellipticCurve": "Elliptic Curve", - "secretSize": "Secret size", - "type": "Type", - "name": "Name", - "providerId": "ID", - "kid": "Kid", - "provider": "Provider", - "providerDescription": "Provider description", - "addProvider": "Add provider", - "publicKeys": "Public keys", - "activeKeys": "Active keys", - "passiveKeys": "Passive keys", - "disabledKeys": "Disabled keys", - "noKeys": "No keys", - "noKeysDescription": "You haven't created any ", - "certificate": "Certificate", - "userRegistration": "User registration", - "userRegistrationHelpText": "Enable/disable the registration page. A link for registration will show on login page too.", - "forgotPassword": "Forgot password", - "forgotPasswordHelpText": "Show a link on login page for user to click when they have forgotten their credentials.", - "rememberMe": "Remember me", - "rememberMeHelpText": "Show checkbox on login page to allow user to remain logged in between browser restarts until session expires.", - "emailAsUsername": "Email as username", - "emailAsUsernameHelpText": "Allow users to set email as username.", - "loginWithEmail": "Login with email", - "loginWithEmailHelpText": "Allow users to log in with their email address.", - "duplicateEmails": "Duplicate emails", - "duplicateEmailsHelpText": "Allow multiple users to have the same email address. Changing this setting will also clear the user's cache. It is recommended to manually update email constraints of existing users in the database after switching off support for duplicate email addresses.", - "provideEmailTitle": "Provide your email address", - "provideEmail": "To test connection, you should provide your email address first.", - "verifyEmail": "Verify email", - "verifyEmailHelpText": "Require user to verify their email address after initial login or after address changes are submitted.", - "testConnection": "Test connection", - "testConnectionSuccess": "Success! SMTP connection successful. E-mail was sent!", - "testConnectionError": "Error! Failed to send email.", - "realmId": "Realm ID", - "displayName": "Display name", - "htmlDisplayName": "HTML Display name", - "frontendUrl": "Frontend URL", - "requireSsl": "Require SSL", - "sslType": { - "all": "All requests", - "external": "External requests", - "none": "None" - }, - "selectATheme": "Select a theme", - "allSupportedLocales": { - "ca": "Català", - "cs": "Čeština", - "da": "Dansk", - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "hu": "Magyar", - "it": "Italiano", - "ja": "日本語", - "lt": "Lietuvių kalba", - "nl": "Nederlands", - "no": "Norsk", - "pl": "Polski", - "pt-BR": "Português (Brasil)", - "ru": "Русский", - "sk": "Slovenčina", - "sv": "Svenska", - "tr": "Türkçe", - "zh-CN": "中文" - }, - "placeholderText": "Select one", - "userManagedAccess": "User-managed access", - "endpoints": "Endpoints", - "openIDEndpointConfiguration": "OpenID Endpoint Configuration", - "samlIdentityProviderMetadata": "SAML 2.0 Identity Provider Metadata", - "loginTheme": "Login theme", - "accountTheme": "Account theme", - "adminTheme": "Admin console theme", - "emailTheme": "Email theme", - "internationalization": "Internationalization", - "localization": "Localization", - "key": "Key", - "value": "Value", - "pairCreatedSuccess": "Success! The localization text has been created.", - "pairCreatedError": "Error creating localization text.", - "supportedLocales": "Supported locales", - "defaultLocale": "Default locale", - "addMessageBundle": "Add message bundle", - "eventType": "Event saved type", - "searchEventType": "Search saved event type", - "addSavedTypes": "Add saved types", - "addTypes": "Add types", - "eventTypes": { - "SEND_RESET_PASSWORD": { - "name": "Send reset password", - "description": "Send reset password" - }, - "UPDATE_CONSENT_ERROR": { - "name": "Update consent error", - "description": "Update consent error" - }, - "GRANT_CONSENT": { - "name": "Grant consent", - "description": "Grant consent" - }, - "REMOVE_TOTP": { "name": "Remove totp", "description": "Remove totp" }, - "REVOKE_GRANT": { "name": "Revoke grant", "description": "Revoke grant" }, - "UPDATE_TOTP": { "name": "Update totp", "description": "Update totp" }, - "LOGIN_ERROR": { "name": "Login error", "description": "Login error" }, - "CLIENT_LOGIN": { "name": "Client login", "description": "Client login" }, - "RESET_PASSWORD_ERROR": { - "name": "Reset password error", - "description": "Reset password error" - }, - "IMPERSONATE_ERROR": { - "name": "Impersonate error", - "description": "Impersonate error" - }, - "CODE_TO_TOKEN_ERROR": { - "name": "Code to token error", - "description": "Code to token error" - }, - "CUSTOM_REQUIRED_ACTION": { - "name": "Custom required action", - "description": "Custom required action" - }, - "RESTART_AUTHENTICATION": { - "name": "Restart authentication", - "description": "Restart authentication" - }, - "IMPERSONATE": { "name": "Impersonate", "description": "Impersonate" }, - "UPDATE_PROFILE_ERROR": { - "name": "Update profile error", - "description": "Update profile error" - }, - "LOGIN": { "name": "Login", "description": "Login" }, - "UPDATE_PASSWORD_ERROR": { - "name": "Update password error", - "description": "Update password error" - }, - "CLIENT_INITIATED_ACCOUNT_LINKING": { - "name": "Client initiated account linking", - "description": "Client initiated account linking" - }, - "TOKEN_EXCHANGE": { - "name": "Token exchange", - "description": "Token exchange" - }, - "LOGOUT": { "name": "Logout", "description": "Logout" }, - "REGISTER": { "name": "Register", "description": "Register" }, - "DELETE_ACCOUNT_ERROR": { - "name": "Delete account error", - "description": "Delete account error" - }, - "CLIENT_REGISTER": { - "name": "Client register", - "description": "Client register" - }, - "IDENTITY_PROVIDER_LINK_ACCOUNT": { - "name": "Identity provider link account", - "description": "Identity provider link account" - }, - "DELETE_ACCOUNT": { - "name": "Delete account", - "description": "Delete account" - }, - "UPDATE_PASSWORD": { - "name": "Update password", - "description": "Update password" - }, - "CLIENT_DELETE": { - "name": "Client delete", - "description": "Client delete" - }, - "FEDERATED_IDENTITY_LINK_ERROR": { - "name": "Federated identity link error", - "description": "Federated identity link error" - }, - "IDENTITY_PROVIDER_FIRST_LOGIN": { - "name": "Identity provider first login", - "description": "Identity provider first login" - }, - "CLIENT_DELETE_ERROR": { - "name": "Client delete error", - "description": "Client delete error" - }, - "VERIFY_EMAIL": { "name": "Verify email", "description": "Verify email" }, - "CLIENT_LOGIN_ERROR": { - "name": "Client login error", - "description": "Client login error" - }, - "RESTART_AUTHENTICATION_ERROR": { - "name": "Restart authentication error", - "description": "Restart authentication error" - }, - "EXECUTE_ACTIONS": { - "name": "Execute actions", - "description": "Execute actions" - }, - "REMOVE_FEDERATED_IDENTITY_ERROR": { - "name": "Remove federated identity error", - "description": "Remove federated identity error" - }, - "TOKEN_EXCHANGE_ERROR": { - "name": "Token exchange error", - "description": "Token exchange error" - }, - "PERMISSION_TOKEN": { - "name": "Permission token", - "description": "Permission token" - }, - "SEND_IDENTITY_PROVIDER_LINK_ERROR": { - "name": "Send identity provider link error", - "description": "Send identity provider link error" - }, - "EXECUTE_ACTION_TOKEN_ERROR": { - "name": "Execute action token error", - "description": "Execute action token error" - }, - "SEND_VERIFY_EMAIL": { - "name": "Send verify email", - "description": "Send verify email" - }, - "EXECUTE_ACTIONS_ERROR": { - "name": "Execute actions error", - "description": "Execute actions error" - }, - "REMOVE_FEDERATED_IDENTITY": { - "name": "Remove federated identity", - "description": "Remove federated identity" - }, - "IDENTITY_PROVIDER_POST_LOGIN": { - "name": "Identity provider post login", - "description": "Identity provider post login" - }, - "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR": { - "name": "Identity provider link account error", - "description": "Identity provider link account error" - }, - "UPDATE_EMAIL": { "name": "Update email", "description": "Update email" }, - "REGISTER_ERROR": { - "name": "Register error", - "description": "Register error" - }, - "REVOKE_GRANT_ERROR": { - "name": "Revoke grant error", - "description": "Revoke grant error" - }, - "EXECUTE_ACTION_TOKEN": { - "name": "Execute action token", - "description": "Execute action token" - }, - "LOGOUT_ERROR": { "name": "Logout error", "description": "Logout error" }, - "UPDATE_EMAIL_ERROR": { - "name": "Update email error", - "description": "Update email error" - }, - "CLIENT_UPDATE_ERROR": { - "name": "Client update error", - "description": "Client update error" - }, - "UPDATE_PROFILE": { - "name": "Update profile", - "description": "Update profile" - }, - "CLIENT_REGISTER_ERROR": { - "name": "Client register error", - "description": "Client register error" - }, - "FEDERATED_IDENTITY_LINK": { - "name": "Federated identity link", - "description": "Federated identity link" - }, - "SEND_IDENTITY_PROVIDER_LINK": { - "name": "Send identity provider link", - "description": "Send identity provider link" - }, - "SEND_VERIFY_EMAIL_ERROR": { - "name": "Send verify email error", - "description": "Send verify email error" - }, - "RESET_PASSWORD": { - "name": "Reset password", - "description": "Reset password" - }, - "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR": { - "name": "Client initiated account linking error", - "description": "Client initiated account linking error" - }, - "UPDATE_CONSENT": { - "name": "Update consent", - "description": "Update consent" - }, - "REMOVE_TOTP_ERROR": { - "name": "Remove totp error", - "description": "Remove totp error" - }, - "VERIFY_EMAIL_ERROR": { - "name": "Verify email error", - "description": "Verify email error" - }, - "SEND_RESET_PASSWORD_ERROR": { - "name": "Send reset password error", - "description": "Send reset password error" - }, - "CLIENT_UPDATE": { - "name": "Client update", - "description": "Client update" - }, - "CUSTOM_REQUIRED_ACTION_ERROR": { - "name": "Custom required action error", - "description": "Custom required action error" - }, - "IDENTITY_PROVIDER_POST_LOGIN_ERROR": { - "name": "Identity provider post login error", - "description": "Identity provider post login error" - }, - "UPDATE_TOTP_ERROR": { - "name": "Update totp error", - "description": "Update totp error" - }, - "CODE_TO_TOKEN": { - "name": "Code to token", - "description": "Code to token" - }, - "GRANT_CONSENT_ERROR": { - "name": "Grant consent error", - "description": "Grant consent error" - }, - "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR": { - "name": "Identity provider first login error", - "description": "Identity provider first login error" - }, - "REGISTER_NODE_ERROR": { - "name": "Register node error", - "description": "Register node error" - }, - "PERMISSION_TOKEN_ERROR": { - "name": "Permission token error", - "description": "Permission token error" - }, - "IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR": { - "name": "Identity provider retrieve token error", - "description": "Identity provider retrieve token error" - }, - "CLIENT_INFO": { - "name": "Client info", - "description": "Client info" - }, - "VALIDATE_ACCESS_TOKEN": { - "name": "Validate access token", - "description": "Validate access token" - }, - "IDENTITY_PROVIDER_LOGIN": { - "name": "Identity provider login", - "description": "Identity provider login" - }, - "CLIENT_INFO_ERROR": { - "name": "Client info error", - "description": "Client info error" - }, - "INTROSPECT_TOKEN_ERROR": { - "name": "Introspect token error", - "description": "Introspect token error" - }, - "INTROSPECT_TOKEN": { - "name": "Introspect token", - "description": "Introspect token" - }, - "UNREGISTER_NODE": { - "name": "Unregister node", - "description": "Unregister node" - }, - "REGISTER_NODE": { - "name": "Register node", - "description": "Register node" - }, - "INVALID_SIGNATURE": { - "name": "Invalid signature", - "description": "Invalid signature" - }, - "USER_INFO_REQUEST_ERROR": { - "name": "User info request error", - "description": "User info request error" - }, - "REFRESH_TOKEN": { - "name": "Refresh token", - "description": "Refresh token" - }, - "IDENTITY_PROVIDER_RESPONSE": { - "name": "Identity provider response", - "description": "Identity provider response" - }, - "IDENTITY_PROVIDER_RETRIEVE_TOKEN": { - "name": "Identity provider retrieve token", - "description": "Identity provider retrieve token" - }, - "UNREGISTER_NODE_ERROR": { - "name": "Unregister node error", - "description": "Unregister node error" - }, - "VALIDATE_ACCESS_TOKEN_ERROR": { - "name": "Validate access token error", - "description": "Validate access token error" - }, - "INVALID_SIGNATURE_ERROR": { - "name": "Invalid signature error", - "description": "Invalid signature error" - }, - "USER_INFO_REQUEST": { - "name": "User info request", - "description": "User info request" - }, - "IDENTITY_PROVIDER_RESPONSE_ERROR": { - "name": "Identity provider response error", - "description": "Identity provider response error" - }, - "IDENTITY_PROVIDER_LOGIN_ERROR": { - "name": "Identity provider login error", - "description": "Identity provider login error" - }, - "REFRESH_TOKEN_ERROR": { - "name": "Refresh token error", - "description": "Refresh token error" - } - }, - "emptyEvents": "Nothing to add", - "emptyEventsInstructions": "There are no more events types left to add", - "eventConfigSuccessfully": "Successfully saved configuration", - "eventConfigError": "Could not save event configuration {{error}}", - "deleteEvents": "Clear events", - "deleteEventsConfirm": "If you clear all events of this realm, all records will be permanently cleared in the database", - "admin-events-cleared": "The admin events have been cleared", - "admin-events-cleared-error": "Could not clear the admin events {{error}}", - "user-events-cleared": "The user events have been cleared", - "user-events-cleared-error": "Could not clear the user events {{error}}", - "events-disable-title": "Unsave events?", - "events-disable-confirm": "If \"Save events\" is disabled, subsequent events will not be displayed in the \"Events\" menu", - "confirm": "Confirm", - "noMessageBundles": "No message bundles", - "noMessageBundlesInstructions": "Add a message bundle to get started.", - "messageBundleDescription": "You can edit the supported locales. If you haven't selected supported locales yet, you can only edit the English locale.", - "defaultRoles": "Default roles", - "defaultGroups": "Default groups", - "securityDefences": "Security defenses", - "headers": "Headers", - "bruteForceDetection": "Brute force detection", - "xFrameOptions": "X-Frame-Options", - "contentSecurityPolicy": "Content-Security-Policy", - "contentSecurityPolicyReportOnly": "Content-Security-Policy-Report-Only", - "xContentTypeOptions": "X-Content-Type-Options", - "xRobotsTag": "X-Robots-Tag", - "xXSSProtection": "X-XSS-Protection", - "strictTransportSecurity": "HTTP Strict Transport Security (HSTS)", - "failureFactor": "Max login failures", - "permanentLockout": "Permanent lockout", - "waitIncrement": "Wait increment", - "maxFailureWait": "Max wait", - "maxDeltaTime": "Failure reset time", - "quickLoginCheckMilliSeconds": "Quick login check milliseconds", - "minimumQuickLoginWaitSeconds": "Minimum quick login wait" - }, - "partial-import": { - "partialImportHeaderText": "Partial import allows you to import users, clients, and other resources from a previously exported json file.", - "selectRealm": "Select realm", - "chooseResources": "Choose the resources you want to import", - "selectIfResourceExists": "If a resource already exists, specify what should be done", - "import": "Import", - "FAIL": "Fail import", - "SKIP": "Skip", - "OVERWRITE": "Overwrite" - }, - "onDragStart": "Dragging started for item {{id}}", - "onDragMove": "Dragging item {{id}}", - "onDragCancel": "Dragging cancelled. List is unchanged.", - "onDragFinish": "Dragging finished {{list}}" -} diff --git a/src/realm-settings/messages.ts b/src/realm-settings/messages.ts new file mode 100644 index 0000000000..3fa5b072b8 --- /dev/null +++ b/src/realm-settings/messages.ts @@ -0,0 +1,558 @@ +export default { + "realm-settings": { + partialImport: "Partial import", + partialExport: "Partial export", + deleteRealm: "Delete realm", + deleteConfirmTitle: "Delete realm?", + deleteConfirm: + "If you delete this realm, all associated data will be removed.", + deleteProviderTitle: "Delete key provider?", + deleteProviderConfirm: + "Are you sure you want to permanently delete the key provider ", + deleteProviderSuccess: "Success. The provider has been deleted.", + deleteProviderError: "Error deleting the provider", + deletedSuccess: "The realm has been deleted", + deleteError: "Could not delete realm: {{error}}", + disableConfirmTitle: "Disable realm?", + disableConfirm: + "User and clients can't access the realm if it's disabled. Are you sure you want to continue?", + editProvider: "Edit provider", + saveSuccess: "Realm successfully updated", + saveProviderSuccess: "The provider has been saved successfully.", + saveProviderError: "Error saving provider: ", + saveError: "Realm could not be updated: {error}", + general: "General", + login: "Login", + themes: "Themes", + events: "Events", + userEventsConfig: "User events configuration", + userEventsSettings: "User events settings", + adminEventsConfig: "Admin events config", + adminEventsSettings: "Admin events settings", + saveEvents: "Save events", + expiration: "Expiration", + clearEvents: "Clear user events", + includeRepresentation: "Include representation", + email: "Email", + template: "Template", + connectionAndAuthentication: "Connection & Authentication", + from: "From", + fromDisplayName: "From display name", + replyTo: "Reply to", + replyToDisplayName: "Reply to display name", + envelopeFrom: "Envelope from", + host: "Host", + port: "Port", + encryption: "Encryption", + authentication: "Authentication", + enableSSL: "Enable SSL", + enableStartTLS: "Enable StartTLS", + username: "Username", + password: "Password", + keys: "Keys", + keysList: "Keys list", + searchKey: "Search key", + keystore: "Keystore", + keystorePassword: "Keystore password", + keyAlias: "Key alias", + keyPassword: "Key password", + providers: "Providers", + algorithm: "Algorithm", + aesGenerated: "aes-generated", + ecdsaGenerated: "ecdsca-generated", + hmacGenerated: "hmac-generated", + javaKeystore: "java-keystore", + rsa: "rsa", + rsaGenerated: "rsa-generated", + consoleDisplayName: "Console Display Name", + AESKeySize: "AES Key Size", + active: "Active", + privateRSAKey: "Private RSA Key", + x509Certificate: "X509 Certificate", + ellipticCurve: "Elliptic Curve", + secretSize: "Secret size", + type: "Type", + name: "Name", + providerId: "ID", + kid: "Kid", + provider: "Provider", + providerDescription: "Provider description", + addProvider: "Add provider", + publicKeys: "Public keys", + activeKeys: "Active keys", + passiveKeys: "Passive keys", + disabledKeys: "Disabled keys", + noKeys: "No keys", + noKeysDescription: "You haven't created any ", + certificate: "Certificate", + userRegistration: "User registration", + userRegistrationHelpText: + "Enable/disable the registration page. A link for registration will show on login page too.", + forgotPassword: "Forgot password", + forgotPasswordHelpText: + "Show a link on login page for user to click when they have forgotten their credentials.", + rememberMe: "Remember me", + rememberMeHelpText: + "Show checkbox on login page to allow user to remain logged in between browser restarts until session expires.", + emailAsUsername: "Email as username", + emailAsUsernameHelpText: "Allow users to set email as username.", + loginWithEmail: "Login with email", + loginWithEmailHelpText: "Allow users to log in with their email address.", + duplicateEmails: "Duplicate emails", + duplicateEmailsHelpText: + "Allow multiple users to have the same email address. Changing this setting will also clear the user's cache. It is recommended to manually update email constraints of existing users in the database after switching off support for duplicate email addresses.", + provideEmailTitle: "Provide your email address", + provideEmail: + "To test connection, you should provide your email address first.", + verifyEmail: "Verify email", + verifyEmailHelpText: + "Require user to verify their email address after initial login or after address changes are submitted.", + testConnection: "Test connection", + testConnectionSuccess: + "Success! SMTP connection successful. E-mail was sent!", + testConnectionError: "Error! Failed to send email.", + realmId: "Realm ID", + displayName: "Display name", + htmlDisplayName: "HTML Display name", + frontendUrl: "Frontend URL", + requireSsl: "Require SSL", + sslType: { + all: "All requests", + external: "External requests", + none: "None", + }, + selectATheme: "Select a theme", + allSupportedLocales: { + ca: "Català", + cs: "Čeština", + da: "Dansk", + de: "Deutsch", + en: "English", + es: "Español", + fr: "Français", + hu: "Magyar", + it: "Italiano", + ja: "日本語", + lt: "Lietuvių kalba", + nl: "Nederlands", + no: "Norsk", + pl: "Polski", + "pt-BR": "Português (Brasil)", + ru: "Русский", + sk: "Slovenčina", + sv: "Svenska", + tr: "Türkçe", + "zh-CN": "中文", + }, + placeholderText: "Select one", + userManagedAccess: "User-managed access", + endpoints: "Endpoints", + openIDEndpointConfiguration: "OpenID Endpoint Configuration", + samlIdentityProviderMetadata: "SAML 2.0 Identity Provider Metadata", + loginTheme: "Login theme", + accountTheme: "Account theme", + adminTheme: "Admin console theme", + emailTheme: "Email theme", + internationalization: "Internationalization", + localization: "Localization", + key: "Key", + value: "Value", + pairCreatedSuccess: "Success! The localization text has been created.", + pairCreatedError: "Error creating localization text.", + supportedLocales: "Supported locales", + defaultLocale: "Default locale", + addMessageBundle: "Add message bundle", + eventType: "Event saved type", + searchEventType: "Search saved event type", + addSavedTypes: "Add saved types", + addTypes: "Add types", + eventTypes: { + SEND_RESET_PASSWORD: { + name: "Send reset password", + description: "Send reset password", + }, + UPDATE_CONSENT_ERROR: { + name: "Update consent error", + description: "Update consent error", + }, + GRANT_CONSENT: { + name: "Grant consent", + description: "Grant consent", + }, + REMOVE_TOTP: { name: "Remove totp", description: "Remove totp" }, + REVOKE_GRANT: { name: "Revoke grant", description: "Revoke grant" }, + UPDATE_TOTP: { name: "Update totp", description: "Update totp" }, + LOGIN_ERROR: { name: "Login error", description: "Login error" }, + CLIENT_LOGIN: { name: "Client login", description: "Client login" }, + RESET_PASSWORD_ERROR: { + name: "Reset password error", + description: "Reset password error", + }, + IMPERSONATE_ERROR: { + name: "Impersonate error", + description: "Impersonate error", + }, + CODE_TO_TOKEN_ERROR: { + name: "Code to token error", + description: "Code to token error", + }, + CUSTOM_REQUIRED_ACTION: { + name: "Custom required action", + description: "Custom required action", + }, + RESTART_AUTHENTICATION: { + name: "Restart authentication", + description: "Restart authentication", + }, + IMPERSONATE: { name: "Impersonate", description: "Impersonate" }, + UPDATE_PROFILE_ERROR: { + name: "Update profile error", + description: "Update profile error", + }, + LOGIN: { name: "Login", description: "Login" }, + UPDATE_PASSWORD_ERROR: { + name: "Update password error", + description: "Update password error", + }, + CLIENT_INITIATED_ACCOUNT_LINKING: { + name: "Client initiated account linking", + description: "Client initiated account linking", + }, + TOKEN_EXCHANGE: { + name: "Token exchange", + description: "Token exchange", + }, + LOGOUT: { name: "Logout", description: "Logout" }, + REGISTER: { name: "Register", description: "Register" }, + DELETE_ACCOUNT_ERROR: { + name: "Delete account error", + description: "Delete account error", + }, + CLIENT_REGISTER: { + name: "Client register", + description: "Client register", + }, + IDENTITY_PROVIDER_LINK_ACCOUNT: { + name: "Identity provider link account", + description: "Identity provider link account", + }, + DELETE_ACCOUNT: { + name: "Delete account", + description: "Delete account", + }, + UPDATE_PASSWORD: { + name: "Update password", + description: "Update password", + }, + CLIENT_DELETE: { + name: "Client delete", + description: "Client delete", + }, + FEDERATED_IDENTITY_LINK_ERROR: { + name: "Federated identity link error", + description: "Federated identity link error", + }, + IDENTITY_PROVIDER_FIRST_LOGIN: { + name: "Identity provider first login", + description: "Identity provider first login", + }, + CLIENT_DELETE_ERROR: { + name: "Client delete error", + description: "Client delete error", + }, + VERIFY_EMAIL: { name: "Verify email", description: "Verify email" }, + CLIENT_LOGIN_ERROR: { + name: "Client login error", + description: "Client login error", + }, + RESTART_AUTHENTICATION_ERROR: { + name: "Restart authentication error", + description: "Restart authentication error", + }, + EXECUTE_ACTIONS: { + name: "Execute actions", + description: "Execute actions", + }, + REMOVE_FEDERATED_IDENTITY_ERROR: { + name: "Remove federated identity error", + description: "Remove federated identity error", + }, + TOKEN_EXCHANGE_ERROR: { + name: "Token exchange error", + description: "Token exchange error", + }, + PERMISSION_TOKEN: { + name: "Permission token", + description: "Permission token", + }, + SEND_IDENTITY_PROVIDER_LINK_ERROR: { + name: "Send identity provider link error", + description: "Send identity provider link error", + }, + EXECUTE_ACTION_TOKEN_ERROR: { + name: "Execute action token error", + description: "Execute action token error", + }, + SEND_VERIFY_EMAIL: { + name: "Send verify email", + description: "Send verify email", + }, + EXECUTE_ACTIONS_ERROR: { + name: "Execute actions error", + description: "Execute actions error", + }, + REMOVE_FEDERATED_IDENTITY: { + name: "Remove federated identity", + description: "Remove federated identity", + }, + IDENTITY_PROVIDER_POST_LOGIN: { + name: "Identity provider post login", + description: "Identity provider post login", + }, + IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR: { + name: "Identity provider link account error", + description: "Identity provider link account error", + }, + UPDATE_EMAIL: { name: "Update email", description: "Update email" }, + REGISTER_ERROR: { + name: "Register error", + description: "Register error", + }, + REVOKE_GRANT_ERROR: { + name: "Revoke grant error", + description: "Revoke grant error", + }, + EXECUTE_ACTION_TOKEN: { + name: "Execute action token", + description: "Execute action token", + }, + LOGOUT_ERROR: { name: "Logout error", description: "Logout error" }, + UPDATE_EMAIL_ERROR: { + name: "Update email error", + description: "Update email error", + }, + CLIENT_UPDATE_ERROR: { + name: "Client update error", + description: "Client update error", + }, + UPDATE_PROFILE: { + name: "Update profile", + description: "Update profile", + }, + CLIENT_REGISTER_ERROR: { + name: "Client register error", + description: "Client register error", + }, + FEDERATED_IDENTITY_LINK: { + name: "Federated identity link", + description: "Federated identity link", + }, + SEND_IDENTITY_PROVIDER_LINK: { + name: "Send identity provider link", + description: "Send identity provider link", + }, + SEND_VERIFY_EMAIL_ERROR: { + name: "Send verify email error", + description: "Send verify email error", + }, + RESET_PASSWORD: { + name: "Reset password", + description: "Reset password", + }, + CLIENT_INITIATED_ACCOUNT_LINKING_ERROR: { + name: "Client initiated account linking error", + description: "Client initiated account linking error", + }, + UPDATE_CONSENT: { + name: "Update consent", + description: "Update consent", + }, + REMOVE_TOTP_ERROR: { + name: "Remove totp error", + description: "Remove totp error", + }, + VERIFY_EMAIL_ERROR: { + name: "Verify email error", + description: "Verify email error", + }, + SEND_RESET_PASSWORD_ERROR: { + name: "Send reset password error", + description: "Send reset password error", + }, + CLIENT_UPDATE: { + name: "Client update", + description: "Client update", + }, + CUSTOM_REQUIRED_ACTION_ERROR: { + name: "Custom required action error", + description: "Custom required action error", + }, + IDENTITY_PROVIDER_POST_LOGIN_ERROR: { + name: "Identity provider post login error", + description: "Identity provider post login error", + }, + UPDATE_TOTP_ERROR: { + name: "Update totp error", + description: "Update totp error", + }, + CODE_TO_TOKEN: { + name: "Code to token", + description: "Code to token", + }, + GRANT_CONSENT_ERROR: { + name: "Grant consent error", + description: "Grant consent error", + }, + IDENTITY_PROVIDER_FIRST_LOGIN_ERROR: { + name: "Identity provider first login error", + description: "Identity provider first login error", + }, + REGISTER_NODE_ERROR: { + name: "Register node error", + description: "Register node error", + }, + PERMISSION_TOKEN_ERROR: { + name: "Permission token error", + description: "Permission token error", + }, + IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR: { + name: "Identity provider retrieve token error", + description: "Identity provider retrieve token error", + }, + CLIENT_INFO: { + name: "Client info", + description: "Client info", + }, + VALIDATE_ACCESS_TOKEN: { + name: "Validate access token", + description: "Validate access token", + }, + IDENTITY_PROVIDER_LOGIN: { + name: "Identity provider login", + description: "Identity provider login", + }, + CLIENT_INFO_ERROR: { + name: "Client info error", + description: "Client info error", + }, + INTROSPECT_TOKEN_ERROR: { + name: "Introspect token error", + description: "Introspect token error", + }, + INTROSPECT_TOKEN: { + name: "Introspect token", + description: "Introspect token", + }, + UNREGISTER_NODE: { + name: "Unregister node", + description: "Unregister node", + }, + REGISTER_NODE: { + name: "Register node", + description: "Register node", + }, + INVALID_SIGNATURE: { + name: "Invalid signature", + description: "Invalid signature", + }, + USER_INFO_REQUEST_ERROR: { + name: "User info request error", + description: "User info request error", + }, + REFRESH_TOKEN: { + name: "Refresh token", + description: "Refresh token", + }, + IDENTITY_PROVIDER_RESPONSE: { + name: "Identity provider response", + description: "Identity provider response", + }, + IDENTITY_PROVIDER_RETRIEVE_TOKEN: { + name: "Identity provider retrieve token", + description: "Identity provider retrieve token", + }, + UNREGISTER_NODE_ERROR: { + name: "Unregister node error", + description: "Unregister node error", + }, + VALIDATE_ACCESS_TOKEN_ERROR: { + name: "Validate access token error", + description: "Validate access token error", + }, + INVALID_SIGNATURE_ERROR: { + name: "Invalid signature error", + description: "Invalid signature error", + }, + USER_INFO_REQUEST: { + name: "User info request", + description: "User info request", + }, + IDENTITY_PROVIDER_RESPONSE_ERROR: { + name: "Identity provider response error", + description: "Identity provider response error", + }, + IDENTITY_PROVIDER_LOGIN_ERROR: { + name: "Identity provider login error", + description: "Identity provider login error", + }, + REFRESH_TOKEN_ERROR: { + name: "Refresh token error", + description: "Refresh token error", + }, + }, + emptyEvents: "Nothing to add", + emptyEventsInstructions: "There are no more events types left to add", + eventConfigSuccessfully: "Successfully saved configuration", + eventConfigError: "Could not save event configuration {{error}}", + deleteEvents: "Clear events", + deleteEventsConfirm: + "If you clear all events of this realm, all records will be permanently cleared in the database", + "admin-events-cleared": "The admin events have been cleared", + "admin-events-cleared-error": "Could not clear the admin events {{error}}", + "user-events-cleared": "The user events have been cleared", + "user-events-cleared-error": "Could not clear the user events {{error}}", + "events-disable-title": "Unsave events?", + "events-disable-confirm": + 'If "Save events" is disabled, subsequent events will not be displayed in the "Events" menu', + confirm: "Confirm", + noMessageBundles: "No message bundles", + noMessageBundlesInstructions: "Add a message bundle to get started.", + messageBundleDescription: + "You can edit the supported locales. If you haven't selected supported locales yet, you can only edit the English locale.", + defaultRoles: "Default roles", + defaultGroups: "Default groups", + securityDefences: "Security defenses", + headers: "Headers", + bruteForceDetection: "Brute force detection", + xFrameOptions: "X-Frame-Options", + contentSecurityPolicy: "Content-Security-Policy", + contentSecurityPolicyReportOnly: "Content-Security-Policy-Report-Only", + xContentTypeOptions: "X-Content-Type-Options", + xRobotsTag: "X-Robots-Tag", + xXSSProtection: "X-XSS-Protection", + strictTransportSecurity: "HTTP Strict Transport Security (HSTS)", + failureFactor: "Max login failures", + permanentLockout: "Permanent lockout", + waitIncrement: "Wait increment", + maxFailureWait: "Max wait", + maxDeltaTime: "Failure reset time", + quickLoginCheckMilliSeconds: "Quick login check milliseconds", + minimumQuickLoginWaitSeconds: "Minimum quick login wait", + }, + "partial-import": { + partialImportHeaderText: + "Partial import allows you to import users, clients, and other resources from a previously exported json file.", + selectRealm: "Select realm", + chooseResources: "Choose the resources you want to import", + selectIfResourceExists: + "If a resource already exists, specify what should be done", + import: "Import", + FAIL: "Fail import", + SKIP: "Skip", + OVERWRITE: "Overwrite", + }, + onDragStart: "Dragging started for item {{id}}", + onDragMove: "Dragging item {{id}}", + onDragCancel: "Dragging cancelled. List is unchanged.", + onDragFinish: "Dragging finished {{list}}", +}; diff --git a/src/realm/messages.json b/src/realm/messages.json deleted file mode 100644 index 13843d2a45..0000000000 --- a/src/realm/messages.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "realm": { - "uploadFile":"Upload JSON file", - "realmName":"Realm name", - "enabled":"Enabled", - "createRealm": "Create realm", - "realmExplain": "A realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are isolated from one another and can only manage and authenticate the users that they control.", - "noRealmRoles": "No realm roles", - "emptyStateText": "There aren't any realm roles in this realm. Create a realm role to get started.", - "saveRealmSuccess": "Realm created successfully", - "saveRealmError": "Could not create realm {{error}}" - } -} \ No newline at end of file diff --git a/src/realm/messages.ts b/src/realm/messages.ts new file mode 100644 index 0000000000..0de5e95c51 --- /dev/null +++ b/src/realm/messages.ts @@ -0,0 +1,15 @@ +export default { + realm: { + uploadFile: "Upload JSON file", + realmName: "Realm name", + enabled: "Enabled", + createRealm: "Create realm", + realmExplain: + "A realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are isolated from one another and can only manage and authenticate the users that they control.", + noRealmRoles: "No realm roles", + emptyStateText: + "There aren't any realm roles in this realm. Create a realm role to get started.", + saveRealmSuccess: "Realm created successfully", + saveRealmError: "Could not create realm {{error}}", + }, +}; diff --git a/src/sessions/messages.json b/src/sessions/messages.json deleted file mode 100644 index cda0944a74..0000000000 --- a/src/sessions/messages.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "sessions": { - "title": "Sessions", - "sessionExplain": "Some description about sessions", - "searchForSession": "Search session", - "subject": "Subject", - "lastAccess": "Last access", - "startDate": "Start date", - "accessedClients": "Accessed clients", - "sessionsType": { - "allSessions": "All session types", - "regularSSO": "Regular SSO", - "offline": "Offline", - "directGrant": "Direct grant", - "serviceAccount": "Service account" - } - } -} \ No newline at end of file diff --git a/src/sessions/messages.ts b/src/sessions/messages.ts new file mode 100644 index 0000000000..ca5d7ceef9 --- /dev/null +++ b/src/sessions/messages.ts @@ -0,0 +1,18 @@ +export default { + sessions: { + title: "Sessions", + sessionExplain: "Some description about sessions", + searchForSession: "Search session", + subject: "Subject", + lastAccess: "Last access", + startDate: "Start date", + accessedClients: "Accessed clients", + sessionsType: { + allSessions: "All session types", + regularSSO: "Regular SSO", + offline: "Offline", + directGrant: "Direct grant", + serviceAccount: "Service account", + }, + }, +}; diff --git a/src/stories/messages.json b/src/stories/messages.json deleted file mode 100644 index f116651f2c..0000000000 --- a/src/stories/messages.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "storybook": { - "helpPlaceholder": "Sometimes you need some help and it's nice when the app does that" - } -} diff --git a/src/stories/messages.ts b/src/stories/messages.ts new file mode 100644 index 0000000000..711d4e09e3 --- /dev/null +++ b/src/stories/messages.ts @@ -0,0 +1,6 @@ +export default { + storybook: { + helpPlaceholder: + "Sometimes you need some help and it's nice when the app does that", + }, +}; diff --git a/src/user-federation/help.json b/src/user-federation/help.json deleted file mode 100644 index 9b2e96affd..0000000000 --- a/src/user-federation/help.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "user-federation-help": { - "addKerberosWizardDescription": "Text needed here", - "addLdapWizardDescription": "Text needed here", - - "ldapGeneralOptionsSettingsDescription": "This section contains a few basic options common to all user storage providers.", - "consoleDisplayNameHelp": "Display name of provider when linked in admin console", - "vendorHelp": "LDAP vendor (provider)", - - "ldapConnectionAndAuthorizationSettingsDescription": "This section contains options related to the configuration of the connection to the LDAP server. It also contains options related to authentication of the LDAP connection to the LDAP server.", - "consoleDisplayConnectionUrlHelp": "Connection URL to your LDAP server", - "enableStartTlsHelp": "Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling", - "useTruststoreSpiHelp": "Specifies whether LDAP connection will use the Truststore SPI with the truststore configured in standalone.xml/domain.sml. 'Always' means that it will always use it. 'Never' means that it will not use it. 'Only for ldaps' means that it will use it if your connection URL use ldaps. Note that even if standalone.xml/domain.xml is not configured, the default java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.", - "connectionPoolingHelp": "Determines if Keycloak should use connection pooling for accessing LDAP server.", - "connectionTimeoutHelp": "LDAP connection timeout in milliseconds", - "bindTypeHelp": "Type of the authentication method used during LDAP bind operation. It is used in most of the requests sent to the LDAP server. Currently only 'none' (anonymous LDAP authentication) or 'simple' (bind credential + bind password authentication) mechanisms are available.", - "bindDnHelp": "DN of the LDAP admin, which will be used by Keycloak to access LDAP server", - "bindCredentialsHelp": "Password of LDAP admin. This field is able to obtain its value from vault, use ${vault.ID} format.", - - "ldapSearchingAndUpdatingSettingsDescription": "This section contains options related to searching the LDAP server for the available users.", - "editModeLdapHelp": "READ_ONLY is a read-only LDAP store. WRITABLE means data will be synced back to LDAP on demand. UNSYNCED means user data will be imported, but not synced back to LDAP.", - "usersDNHelp": "Full DN of LDAP tree where your users are. This DN is the parent of LDAP users. It could be for example 'ou=users,dc=example,dc=com' assuming that your typical user will have DN like 'uid='john',ou=users,dc=example,dc=com'.", - "usernameLdapAttributeHelp": "Name of the LDAP attribute, which is mapped as Keycloak username. For many LDAP server vendors it can be 'uid'. For Active directory it can be 'sAMAccountName' or 'cn'. The attribute should be filled for all LDAP user records you want to import from LDAP to Keycloak.", - "rdnLdapAttributeHelp": "Name of the LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as the Username LDAP attribute, however it is not required. For example for Active directory, it is common to use 'cn' as RDN attribute when username attribute might be 'sAMAccountName'.", - "uuidLdapAttributeHelp": "Name of the LDAP attribute, which is used as a unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors, it is 'entryUUID'; however some are different. For example, for Active directory it should be 'objectGUID'. If your LDAP server does not support the notion of UUID, you can use any other attribute that is supposed to be unique among LDAP users in tree. For example 'uid' or 'entryDN'.", - "userObjectClassesHelp": "All values of LDAP objectClass attribute for users in LDAP, divided by commas. For example: 'inetOrgPerson, organizationalPerson'. Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records are found just if they contain all those object classes.", - "userLdapFilterHelp": "Additional LDAP filter for filtering searched users. Leave this empty if you don't need an additional filter. Make sure that it starts with '(' and ends with ')'.", - "searchScopeHelp": "For one level, the search applies only for users in the DNs specified by User DNs. For subtree, the search applies to the whole subtree. See LDAP documentation for more details.", - "readTimeoutHelp": "LDAP read timeout in milliseconds. This timeout applies for LDAP read operations.", - "paginationHelp": "Whether the LDAP server supports pagination", - - "ldapSynchronizationSettingsDescription": "This section contains options related to synchronization of users from LDAP to the Keycloak database.", - "importUsersHelp": "If true, LDAP users will be imported into the Keycloak DB and synced by the configured sync policies.", - "batchSizeHelp": "Count of LDAP users to be imported from LDAP to Keycloak within a single transaction", - "periodicFullSyncHelp": "Whether periodic full synchronization of LDAP users to Keycloak should be enabled or not", - "fullSyncPeriodHelp": "Period for full synchronization in seconds", - "periodicChangedUsersSyncHelp": "Whether periodic synchronization of changed or newly created LDAP users to Keycloak should be enabled or not", - "changedUsersSyncHelp": "Period for synchronization of changed or newly created LDAP users in seconds", - - "ldapKerberosSettingsDescription": "This section contains options useful for the Kerberos integration. This is used only when the LDAP server is used together with Kerberos/SPNEGO for user authentication.", - "allowKerberosAuthenticationHelp": "Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will be provisioned from this LDAP server.", - "useKerberosForPasswordAuthenticationHelp": "User Kerberos login module for authenticating username/password against Kerberos server instead of authenticating against LDAP server with Directory Service API", - - "cacheSettingsDescription": "This section contains options useful for caching users, which were loaded from this user storage provider.", - "cachePolicyHelp": "Cache Policy for this storage provider. 'DEFAULT' is whatever the default settings are for the global cache. 'EVICT_DAILY' is a time of day every day that the cache will be invalidated. 'EVICT_WEEKLY' is a day of the week and time the cache will be invalidated. 'MAX_LIFESPAN' is the time in milliseconds that will be the lifespan of a cache entry.", - "evictionDayHelp": "Day of the week the entry will become invalid", - "evictionHourHelp": "Hour of the day the entry will become invalid", - "evictionMinuteHelp": "Minute of the hour the entry will become invalid", - "maxLifespanHelp": "Max lifespan of cache entry in milliseconds", - - "ldapAdvancedSettingsDescription": "This section contains all the other options for more fine-grained configuration of the LDAP storage provider.", - "enableLdapv3PasswordHelp": "Use the LDAPv3 Password Modify Extended Operation (RFC-3062). The password modify extended operation usually requires that LDAP user already has password in the LDAP server. So when this is used with 'Sync Registrations', it can be good to add also 'Hardcoded LDAP attribute mapper' with randomly generated initial password.", - "validatePasswordPolicyHelp": "Determines if Keycloak should validate the password with the realm password policy before updating it", - "trustEmailHelp": "If enabled, email provided by this provider is not verified even if verification is enabled for the realm.", - - "IDK-periodicChangedUsersSyncHelp": "Should newly created users be created within LDAP store? Priority affects which provider is chosen to sync the new user.", - - "kerberosWizardDescription": "Text needed here.", - - "kerberosRequiredSettingsDescription": "This section contains a few basic options common to all user storage providers.", - "kerberosRealmHelp": "Name of kerberos realm. For example, FOO.ORG", - "serverPrincipalHelp": "Full name of server principal for HTTP service including server and domain name. For example, HTTP/host.foo.org@FOO.ORG", - "keyTabHelp": "Location of Kerberos KeyTab file containing the credentials of server principal. For example, /etc/krb5.keytab", - "debugHelp": "Enable/disable debug logging to standard output for Krb5LoginModule.", - "allowPasswordAuthenticationHelp": "Enable/disable possibility of username/password authentication against Kerberos database", - "editModeKerberosHelp": "READ_ONLY means that password updates are not allowed and user always authenticates with Kerberos password. UNSYNCED means that the user can change the password in the Keycloak database and this one will be used instead of the Kerberos password.", - "updateFirstLoginHelp": "Update profile on first login", - - "mapperTypeMsadUserAccountControlManagerHelp": "Mapper specific to MSAD. It's able to integrate the MSAD user account state into Keycloak account state (account enabled, password is expired etc). It's using userAccountControl and pwdLastSet MSAD attributes for that. For example if pwdLastSet is 0, the Keycloak user is required to update the password; if userAccountControl is 514 (disabled account) the Keycloak user is disabled as well etc. Mapper is also able to handle the exception code from LDAP user authentication.", - "mapperTypeMsadLdsUserAccountControlMapperHelp": "Mapper specific to MSAD LDS. It's able to integrate the MSAD LDS user account state into Keycloak account state (account enabled, password is expired etc). It's using msDS-UserAccountDisabled and pwdLastSet is 0, the Keycloak user is required to update password, if msDS-UserAccountDisabled is 'TRUE' the Keycloak user is disabled as well etc. Mapper is also able to handle exception code from LDAP user authentication.", - "mapperTypeGroupLdapMapperHelp": "Used to map group mappings of groups from some LDAP DN to Keycloak group mappings", - "mapperTypeUserAttributeLdapMapperHelp": "Used to map single attribute from LDAP user to attribute of UserModel in Keycloak DB", - "mapperTypeRoleLdapMapperHelp": "Used to map role mappings of roles from some LDAP DN to Keycloak role mappings of either realm roles or client roles of particular client", - "mapperTypeHardcodedAttributeMapperHelp": "This mapper will hardcode any model user attribute and some property (like emailVerified or enabled) when importing user from LDAP.", - "mapperTypeHardcodedLdapRoleMapperHelp": "Users imported from LDAP will be automatically added into this configured role.", - "mapperTypeCertificateLdapMapperHelp": "Used to map single attribute which contains a certificate from LDAP user to attribute of UserModel in Keycloak DB", - "mapperTypeFullNameLdapMapperHelp": "Used to map the full-name of a user from single attribute in LDAP (usually 'cn' attribute) to firstName and lastName attributes of UserModel in Keycloak DB", - "mapperTypeHardcodedLdapGroupMapperHelp": "Users imported from LDAP will be automatically added into this configured group.", - "mapperTypeLdapAttributeMapperHelp": "This mapper is supported just if syncRegistrations is enabled. New users registered in Keycloak will be written to the LDAP with the hardcoded value of some specified attribute.", - - "passwordPolicyHintsEnabledHelp": "Applicable just for writable MSAD. If on, then updating password of MSAD user will use LDAP_SERVER_POLICY_HINTS_OID extension, which means that advanced MSAD password policies like 'password history' or 'minimal password age' will be applied. This extension works just for MSAD 2008 R2 or newer.", - - "nameHelp": "Name of the mapper", - "mapperTypeHelp": "Used to map single attribute from LDAP user to attribute of UserModel in Keycloak DB", - - "userModelAttributeHelp": "Name of the UserModel property or attribute you want to map the LDAP attribute into. For example 'firstName', 'lastName, 'email', 'street' etc.", - "ldapAttributeHelp": "Name of mapped attribute on LDAP object. For example 'cn', 'sn', 'mail', 'street', etc.", - "readOnlyHelp": "Read-only attribute is imported from LDAP to UserModel, but it's not saved back to LDAP when user is updated in Keycloak.", - "alwaysReadValueFromLdapHelp": "If on, then during reading of the LDAP attribute value will always used instead of the value from Keycloak DB.", - "isMandatoryInLdapHelp": "If true, attribute is mandatory in LDAP. Hence if there is no value in Keycloak DB, the empty value will be set to be propagated to LDAP.", - "isBinaryAttributeHelp": "Should be true for binary LDAP attributes.", - - "derFormattedHelp": "Activate this if the certificate is DER formatted in LDAP and not PEM formatted.", - - "ldapFullNameAttributeHelp": "Name of LDAP attribute, which contains fullName of user. Usually it will be 'cn',", - "fullNameLdapMapperReadOnlyHelp": "For Read-only, data is imported from LDAP to Keycloak DB, but it's not saved back to LDAP when user is updated in Keycloak.", - "fullNameLdapMapperWriteOnlyHelp": "For Write-only, is data propagated to LDAP when user is created or updated in Keycloak. But this mapper is not used to propagate data from LDAP back into Keycloak. This setting is useful if you configured separate firstName and lastName attribute mappers and you want to use those to read attribute from LDAP into Keycloak", - - "ldapGroupsDnHelp": "LDAP DN where groups of this tree are saved. For example 'ou=groups,dc=example,dc=org'", - "groupNameLdapAttributeHelp": "Name of LDAP attribute, which is used in group objects for name and RDN of group. Usually it will be 'cn'. In this case typical group/role object may have DN like 'cn=Group1,ouu=groups,dc=example,dc=org'.", - "groupObjectClassesHelp": "Object class (or classes) of the group object. It's divided by commas if more classes needed. In typical LDAP deployment it could be 'groupOfNames'. In Active Directory it's usually 'group'.", - "preserveGroupInheritanceHelp": "Flag whether group inheritance from LDAP should be propagated to Keycloak. If false, then all LDAP groups will be mapped as flat top-level groups in Keycloak. Otherwise group inheritance is preserved into Keycloak, but the group sync might fail if LDAP structure contains recursions or multiple parent groups per child groups.", - "ignoreMissingGroupsHelp": "Ignore missing groups in the group hierarchy.", - "userGroupsRetrieveStrategyHelp": "Specify how to retrieve groups of user. LOAD_GROUPS_BY_MEMBER_ATTRIBUTE means that roles of user will be retrieved by sending LDAP query to retrieve all groups where 'member' is our user. GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE means that groups of user will be retrieved from 'memberOf' attribute of our user or from the other attribute specified by 'Member-Of LDAP Attribute'.", - "mappedGroupAttributesHelp": "List of names of attributes divided by commas. This points to the list of attributes on LDAP group, which will be mapped as attributes of Group in Keycloak. Leave this empty if no additional group attributes are required to be mapped in Keycloak.", - "dropNonexistingGroupsDuringSyncHelp": "If this flag is true, then during sync of groups from LDAP to Keycloak, we will keep just those Keycloak groups that still exist in LDAP. The rest will be deleted.", - "groupsPathHelp": "Keycloak group path the LDAP groups are added to. For example if value '/Applications/App1' is used, then LDAP groups will be available in Keycloak under group 'App1', which is child of top level group 'Applications'. The default value is '/' so LDAP groups will be mapped to the Keycloak groups at the top level. The configured group path must already exist in the Keycloak when creating this mapper.", - - "ldapRolesDnHelp": "LDAP DN where roles of this tree are saved. For example, 'ou=finance,dc=example,dc=org'", - "roleNameLdapAttributeHelp": "Name of LDAP attribute, which is used in role objects for name and RDN of role. Usually it will be 'cn'. In this case typical group/role object may have DN like 'cn=role1,ou=finance,dc=example,dc=org'.", - "roleObjectClassesHelp": "Object class (or classes) of the role object. It's divided by commas if more classes are needed. In typical LDAP deployment it could be 'groupOfNames'. In Active Directory it's usually 'group'.", - "userRolesRetrieveStrategyHelp": "Specify how to retrieve roles of user. LOAD_ROLES_BY_MEMBER_ATTRIBUTE means that roles fo user will be retrieved by sending LDAP query to retrieve all roles where 'member' is our user. GET_ROLES_FROM_USER_MEMBEROF means that roles of user will be retrieved from 'memberOf' attribute of our user. Or from the other attributes specified by 'Member-Of LDAP Attribute'. LOAD_ROLES_BY_MEMBER_ATTRIBUTE is applicable just in Active Directory and it means that roles of user will be retrieved recursively with usage of LDAP_MATCHING_RULE_IN_CHAIN LDAP extension.", - "useRealmRolesMappingHelp": "If true, then LDAP role mappings will be mapped to realm role mappings in Keycloak. Otherwise it will be mapped to client role mappings.", - "clientIdHelp": "Client ID of client to which LDAP role mappings will be mapped. Applicable only if 'Use Realm Roles Mapping' is false.", - - "membershipLdapAttributeHelp": "Name of LDAP attribute on group, which is used for membership mappings. Usually it will be 'member'. However when 'Membership Attribute Type' is 'UID', then 'Membership LDAP Attribute' could be typically 'memberUid'.", - "membershipAttributeTypeHelp": "DN means that LDAP group has it's members declared in form of their full DN. For example 'member: uid=john,ou=users,dc=example,dc=com'. UID means that LDAP group has it's members declared in form of pure user uids. For example 'memberUid: john'.", - "membershipUserLdapAttributeHelp": "Used just if Membership Attribute Type is UID. It is the name of the LDAP attribute on user, which is used for membership mappings. Usually it will be 'uid'. For example if the value of 'Membership User LDAP Attribute' is 'uid' and LDAP group has 'memberUid: john', then it is expected that particular LDAP user will have attribute 'uid: john'.", - "ldapFilterHelp": "LDAP Filter adds an additional custom filter to the whole query for retrieve LDAP groups. Leave this empty if no additional filtering is needed and you want to retrieve all groups from LDAP. Otherwise make sure that filter starts with '(' and ends with ')'.", - "modeHelp": "LDAP_ONLY means that all group mappings of users are retrieved from LDAP and saved into LDAP. READ_ONLY is Read-only LDAP mode where group mappings are retrieved from both LDAP and DB and merged together. New group joins are not saved to LDAP but to DB. IMPORT is Read-only LDAP mode where group mappings are retrieved from LDAP just at the time when user is imported from LDAP and then they are saved to local keycloak DB.", - "memberofLdapAttributeHelp": "Used just when 'User Roles Retrieve Strategy' is GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE. It specifies the name of the LDAP attribute on the LDAP user, which contains the groups, which the user is member of. Usually it will be the default 'memberOf'.", - - "userModelAttributeNameHelp": "Name of the model attribute to be added when importing user from LDAP", - "attributeValueHelp": "Value of the model attribute to be added when importing user from LDAP", - - "roleHelp": "Role to grant to user. Click 'Select Role' button to browse roles, or just type it in the textbox. To reference an application role the syntax is appname.approle, i.e. myapp.myrole.", - - "groupHelp": "Users imported from LDAP will be automatically added into this configured group.", - - "ldapAttributeNameHelp": "Name of the LDAP attribute, which will be added to the new user during registration", - "ldapAttributeValueHelp": "Value of the LDAP attribute, which will be added to the new user during registration. You can either hardcode any value like 'foo' but you can also use some special tokens. Only supported token right now is '${RANDOM}', which will be replaced with some randomly generated string." - } -} diff --git a/src/user-federation/help.ts b/src/user-federation/help.ts new file mode 100644 index 0000000000..fe2fa1ce80 --- /dev/null +++ b/src/user-federation/help.ts @@ -0,0 +1,222 @@ +export default { + "user-federation-help": { + addKerberosWizardDescription: "Text needed here", + addLdapWizardDescription: "Text needed here", + + ldapGeneralOptionsSettingsDescription: + "This section contains a few basic options common to all user storage providers.", + consoleDisplayNameHelp: + "Display name of provider when linked in admin console", + vendorHelp: "LDAP vendor (provider)", + + ldapConnectionAndAuthorizationSettingsDescription: + "This section contains options related to the configuration of the connection to the LDAP server. It also contains options related to authentication of the LDAP connection to the LDAP server.", + consoleDisplayConnectionUrlHelp: "Connection URL to your LDAP server", + enableStartTlsHelp: + "Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling", + useTruststoreSpiHelp: + "Specifies whether LDAP connection will use the Truststore SPI with the truststore configured in standalone.xml/domain.sml. 'Always' means that it will always use it. 'Never' means that it will not use it. 'Only for ldaps' means that it will use it if your connection URL use ldaps. Note that even if standalone.xml/domain.xml is not configured, the default java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.", + connectionPoolingHelp: + "Determines if Keycloak should use connection pooling for accessing LDAP server.", + connectionTimeoutHelp: "LDAP connection timeout in milliseconds", + bindTypeHelp: + "Type of the authentication method used during LDAP bind operation. It is used in most of the requests sent to the LDAP server. Currently only 'none' (anonymous LDAP authentication) or 'simple' (bind credential + bind password authentication) mechanisms are available.", + bindDnHelp: + "DN of the LDAP admin, which will be used by Keycloak to access LDAP server", + bindCredentialsHelp: + "Password of LDAP admin. This field is able to obtain its value from vault, use ${vault.ID} format.", + + ldapSearchingAndUpdatingSettingsDescription: + "This section contains options related to searching the LDAP server for the available users.", + editModeLdapHelp: + "READ_ONLY is a read-only LDAP store. WRITABLE means data will be synced back to LDAP on demand. UNSYNCED means user data will be imported, but not synced back to LDAP.", + usersDNHelp: + "Full DN of LDAP tree where your users are. This DN is the parent of LDAP users. It could be for example 'ou=users,dc=example,dc=com' assuming that your typical user will have DN like 'uid='john',ou=users,dc=example,dc=com'.", + usernameLdapAttributeHelp: + "Name of the LDAP attribute, which is mapped as Keycloak username. For many LDAP server vendors it can be 'uid'. For Active directory it can be 'sAMAccountName' or 'cn'. The attribute should be filled for all LDAP user records you want to import from LDAP to Keycloak.", + rdnLdapAttributeHelp: + "Name of the LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as the Username LDAP attribute, however it is not required. For example for Active directory, it is common to use 'cn' as RDN attribute when username attribute might be 'sAMAccountName'.", + uuidLdapAttributeHelp: + "Name of the LDAP attribute, which is used as a unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors, it is 'entryUUID'; however some are different. For example, for Active directory it should be 'objectGUID'. If your LDAP server does not support the notion of UUID, you can use any other attribute that is supposed to be unique among LDAP users in tree. For example 'uid' or 'entryDN'.", + userObjectClassesHelp: + "All values of LDAP objectClass attribute for users in LDAP, divided by commas. For example: 'inetOrgPerson, organizationalPerson'. Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records are found just if they contain all those object classes.", + userLdapFilterHelp: + "Additional LDAP filter for filtering searched users. Leave this empty if you don't need an additional filter. Make sure that it starts with '(' and ends with ')'.", + searchScopeHelp: + "For one level, the search applies only for users in the DNs specified by User DNs. For subtree, the search applies to the whole subtree. See LDAP documentation for more details.", + readTimeoutHelp: + "LDAP read timeout in milliseconds. This timeout applies for LDAP read operations.", + paginationHelp: "Whether the LDAP server supports pagination", + + ldapSynchronizationSettingsDescription: + "This section contains options related to synchronization of users from LDAP to the Keycloak database.", + importUsersHelp: + "If true, LDAP users will be imported into the Keycloak DB and synced by the configured sync policies.", + batchSizeHelp: + "Count of LDAP users to be imported from LDAP to Keycloak within a single transaction", + periodicFullSyncHelp: + "Whether periodic full synchronization of LDAP users to Keycloak should be enabled or not", + fullSyncPeriodHelp: "Period for full synchronization in seconds", + periodicChangedUsersSyncHelp: + "Whether periodic synchronization of changed or newly created LDAP users to Keycloak should be enabled or not", + changedUsersSyncHelp: + "Period for synchronization of changed or newly created LDAP users in seconds", + + ldapKerberosSettingsDescription: + "This section contains options useful for the Kerberos integration. This is used only when the LDAP server is used together with Kerberos/SPNEGO for user authentication.", + allowKerberosAuthenticationHelp: + "Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will be provisioned from this LDAP server.", + useKerberosForPasswordAuthenticationHelp: + "User Kerberos login module for authenticating username/password against Kerberos server instead of authenticating against LDAP server with Directory Service API", + + cacheSettingsDescription: + "This section contains options useful for caching users, which were loaded from this user storage provider.", + cachePolicyHelp: + "Cache Policy for this storage provider. 'DEFAULT' is whatever the default settings are for the global cache. 'EVICT_DAILY' is a time of day every day that the cache will be invalidated. 'EVICT_WEEKLY' is a day of the week and time the cache will be invalidated. 'MAX_LIFESPAN' is the time in milliseconds that will be the lifespan of a cache entry.", + evictionDayHelp: "Day of the week the entry will become invalid", + evictionHourHelp: "Hour of the day the entry will become invalid", + evictionMinuteHelp: "Minute of the hour the entry will become invalid", + maxLifespanHelp: "Max lifespan of cache entry in milliseconds", + + ldapAdvancedSettingsDescription: + "This section contains all the other options for more fine-grained configuration of the LDAP storage provider.", + enableLdapv3PasswordHelp: + "Use the LDAPv3 Password Modify Extended Operation (RFC-3062). The password modify extended operation usually requires that LDAP user already has password in the LDAP server. So when this is used with 'Sync Registrations', it can be good to add also 'Hardcoded LDAP attribute mapper' with randomly generated initial password.", + validatePasswordPolicyHelp: + "Determines if Keycloak should validate the password with the realm password policy before updating it", + trustEmailHelp: + "If enabled, email provided by this provider is not verified even if verification is enabled for the realm.", + + "IDK-periodicChangedUsersSyncHelp": + "Should newly created users be created within LDAP store? Priority affects which provider is chosen to sync the new user.", + + kerberosWizardDescription: "Text needed here.", + + kerberosRequiredSettingsDescription: + "This section contains a few basic options common to all user storage providers.", + kerberosRealmHelp: "Name of kerberos realm. For example, FOO.ORG", + serverPrincipalHelp: + "Full name of server principal for HTTP service including server and domain name. For example, HTTP/host.foo.org@FOO.ORG", + keyTabHelp: + "Location of Kerberos KeyTab file containing the credentials of server principal. For example, /etc/krb5.keytab", + debugHelp: + "Enable/disable debug logging to standard output for Krb5LoginModule.", + allowPasswordAuthenticationHelp: + "Enable/disable possibility of username/password authentication against Kerberos database", + editModeKerberosHelp: + "READ_ONLY means that password updates are not allowed and user always authenticates with Kerberos password. UNSYNCED means that the user can change the password in the Keycloak database and this one will be used instead of the Kerberos password.", + updateFirstLoginHelp: "Update profile on first login", + + mapperTypeMsadUserAccountControlManagerHelp: + "Mapper specific to MSAD. It's able to integrate the MSAD user account state into Keycloak account state (account enabled, password is expired etc). It's using userAccountControl and pwdLastSet MSAD attributes for that. For example if pwdLastSet is 0, the Keycloak user is required to update the password; if userAccountControl is 514 (disabled account) the Keycloak user is disabled as well etc. Mapper is also able to handle the exception code from LDAP user authentication.", + mapperTypeMsadLdsUserAccountControlMapperHelp: + "Mapper specific to MSAD LDS. It's able to integrate the MSAD LDS user account state into Keycloak account state (account enabled, password is expired etc). It's using msDS-UserAccountDisabled and pwdLastSet is 0, the Keycloak user is required to update password, if msDS-UserAccountDisabled is 'TRUE' the Keycloak user is disabled as well etc. Mapper is also able to handle exception code from LDAP user authentication.", + mapperTypeGroupLdapMapperHelp: + "Used to map group mappings of groups from some LDAP DN to Keycloak group mappings", + mapperTypeUserAttributeLdapMapperHelp: + "Used to map single attribute from LDAP user to attribute of UserModel in Keycloak DB", + mapperTypeRoleLdapMapperHelp: + "Used to map role mappings of roles from some LDAP DN to Keycloak role mappings of either realm roles or client roles of particular client", + mapperTypeHardcodedAttributeMapperHelp: + "This mapper will hardcode any model user attribute and some property (like emailVerified or enabled) when importing user from LDAP.", + mapperTypeHardcodedLdapRoleMapperHelp: + "Users imported from LDAP will be automatically added into this configured role.", + mapperTypeCertificateLdapMapperHelp: + "Used to map single attribute which contains a certificate from LDAP user to attribute of UserModel in Keycloak DB", + mapperTypeFullNameLdapMapperHelp: + "Used to map the full-name of a user from single attribute in LDAP (usually 'cn' attribute) to firstName and lastName attributes of UserModel in Keycloak DB", + mapperTypeHardcodedLdapGroupMapperHelp: + "Users imported from LDAP will be automatically added into this configured group.", + mapperTypeLdapAttributeMapperHelp: + "This mapper is supported just if syncRegistrations is enabled. New users registered in Keycloak will be written to the LDAP with the hardcoded value of some specified attribute.", + + passwordPolicyHintsEnabledHelp: + "Applicable just for writable MSAD. If on, then updating password of MSAD user will use LDAP_SERVER_POLICY_HINTS_OID extension, which means that advanced MSAD password policies like 'password history' or 'minimal password age' will be applied. This extension works just for MSAD 2008 R2 or newer.", + + nameHelp: "Name of the mapper", + mapperTypeHelp: + "Used to map single attribute from LDAP user to attribute of UserModel in Keycloak DB", + + userModelAttributeHelp: + "Name of the UserModel property or attribute you want to map the LDAP attribute into. For example 'firstName', 'lastName, 'email', 'street' etc.", + ldapAttributeHelp: + "Name of mapped attribute on LDAP object. For example 'cn', 'sn', 'mail', 'street', etc.", + readOnlyHelp: + "Read-only attribute is imported from LDAP to UserModel, but it's not saved back to LDAP when user is updated in Keycloak.", + alwaysReadValueFromLdapHelp: + "If on, then during reading of the LDAP attribute value will always used instead of the value from Keycloak DB.", + isMandatoryInLdapHelp: + "If true, attribute is mandatory in LDAP. Hence if there is no value in Keycloak DB, the empty value will be set to be propagated to LDAP.", + isBinaryAttributeHelp: "Should be true for binary LDAP attributes.", + + derFormattedHelp: + "Activate this if the certificate is DER formatted in LDAP and not PEM formatted.", + + ldapFullNameAttributeHelp: + "Name of LDAP attribute, which contains fullName of user. Usually it will be 'cn',", + fullNameLdapMapperReadOnlyHelp: + "For Read-only, data is imported from LDAP to Keycloak DB, but it's not saved back to LDAP when user is updated in Keycloak.", + fullNameLdapMapperWriteOnlyHelp: + "For Write-only, is data propagated to LDAP when user is created or updated in Keycloak. But this mapper is not used to propagate data from LDAP back into Keycloak. This setting is useful if you configured separate firstName and lastName attribute mappers and you want to use those to read attribute from LDAP into Keycloak", + + ldapGroupsDnHelp: + "LDAP DN where groups of this tree are saved. For example 'ou=groups,dc=example,dc=org'", + groupNameLdapAttributeHelp: + "Name of LDAP attribute, which is used in group objects for name and RDN of group. Usually it will be 'cn'. In this case typical group/role object may have DN like 'cn=Group1,ouu=groups,dc=example,dc=org'.", + groupObjectClassesHelp: + "Object class (or classes) of the group object. It's divided by commas if more classes needed. In typical LDAP deployment it could be 'groupOfNames'. In Active Directory it's usually 'group'.", + preserveGroupInheritanceHelp: + "Flag whether group inheritance from LDAP should be propagated to Keycloak. If false, then all LDAP groups will be mapped as flat top-level groups in Keycloak. Otherwise group inheritance is preserved into Keycloak, but the group sync might fail if LDAP structure contains recursions or multiple parent groups per child groups.", + ignoreMissingGroupsHelp: "Ignore missing groups in the group hierarchy.", + userGroupsRetrieveStrategyHelp: + "Specify how to retrieve groups of user. LOAD_GROUPS_BY_MEMBER_ATTRIBUTE means that roles of user will be retrieved by sending LDAP query to retrieve all groups where 'member' is our user. GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE means that groups of user will be retrieved from 'memberOf' attribute of our user or from the other attribute specified by 'Member-Of LDAP Attribute'.", + mappedGroupAttributesHelp: + "List of names of attributes divided by commas. This points to the list of attributes on LDAP group, which will be mapped as attributes of Group in Keycloak. Leave this empty if no additional group attributes are required to be mapped in Keycloak.", + dropNonexistingGroupsDuringSyncHelp: + "If this flag is true, then during sync of groups from LDAP to Keycloak, we will keep just those Keycloak groups that still exist in LDAP. The rest will be deleted.", + groupsPathHelp: + "Keycloak group path the LDAP groups are added to. For example if value '/Applications/App1' is used, then LDAP groups will be available in Keycloak under group 'App1', which is child of top level group 'Applications'. The default value is '/' so LDAP groups will be mapped to the Keycloak groups at the top level. The configured group path must already exist in the Keycloak when creating this mapper.", + + ldapRolesDnHelp: + "LDAP DN where roles of this tree are saved. For example, 'ou=finance,dc=example,dc=org'", + roleNameLdapAttributeHelp: + "Name of LDAP attribute, which is used in role objects for name and RDN of role. Usually it will be 'cn'. In this case typical group/role object may have DN like 'cn=role1,ou=finance,dc=example,dc=org'.", + roleObjectClassesHelp: + "Object class (or classes) of the role object. It's divided by commas if more classes are needed. In typical LDAP deployment it could be 'groupOfNames'. In Active Directory it's usually 'group'.", + userRolesRetrieveStrategyHelp: + "Specify how to retrieve roles of user. LOAD_ROLES_BY_MEMBER_ATTRIBUTE means that roles fo user will be retrieved by sending LDAP query to retrieve all roles where 'member' is our user. GET_ROLES_FROM_USER_MEMBEROF means that roles of user will be retrieved from 'memberOf' attribute of our user. Or from the other attributes specified by 'Member-Of LDAP Attribute'. LOAD_ROLES_BY_MEMBER_ATTRIBUTE is applicable just in Active Directory and it means that roles of user will be retrieved recursively with usage of LDAP_MATCHING_RULE_IN_CHAIN LDAP extension.", + useRealmRolesMappingHelp: + "If true, then LDAP role mappings will be mapped to realm role mappings in Keycloak. Otherwise it will be mapped to client role mappings.", + clientIdHelp: + "Client ID of client to which LDAP role mappings will be mapped. Applicable only if 'Use Realm Roles Mapping' is false.", + + membershipLdapAttributeHelp: + "Name of LDAP attribute on group, which is used for membership mappings. Usually it will be 'member'. However when 'Membership Attribute Type' is 'UID', then 'Membership LDAP Attribute' could be typically 'memberUid'.", + membershipAttributeTypeHelp: + "DN means that LDAP group has it's members declared in form of their full DN. For example 'member: uid=john,ou=users,dc=example,dc=com'. UID means that LDAP group has it's members declared in form of pure user uids. For example 'memberUid: john'.", + membershipUserLdapAttributeHelp: + "Used just if Membership Attribute Type is UID. It is the name of the LDAP attribute on user, which is used for membership mappings. Usually it will be 'uid'. For example if the value of 'Membership User LDAP Attribute' is 'uid' and LDAP group has 'memberUid: john', then it is expected that particular LDAP user will have attribute 'uid: john'.", + ldapFilterHelp: + "LDAP Filter adds an additional custom filter to the whole query for retrieve LDAP groups. Leave this empty if no additional filtering is needed and you want to retrieve all groups from LDAP. Otherwise make sure that filter starts with '(' and ends with ')'.", + modeHelp: + "LDAP_ONLY means that all group mappings of users are retrieved from LDAP and saved into LDAP. READ_ONLY is Read-only LDAP mode where group mappings are retrieved from both LDAP and DB and merged together. New group joins are not saved to LDAP but to DB. IMPORT is Read-only LDAP mode where group mappings are retrieved from LDAP just at the time when user is imported from LDAP and then they are saved to local keycloak DB.", + memberofLdapAttributeHelp: + "Used just when 'User Roles Retrieve Strategy' is GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE. It specifies the name of the LDAP attribute on the LDAP user, which contains the groups, which the user is member of. Usually it will be the default 'memberOf'.", + + userModelAttributeNameHelp: + "Name of the model attribute to be added when importing user from LDAP", + attributeValueHelp: + "Value of the model attribute to be added when importing user from LDAP", + + roleHelp: + "Role to grant to user. Click 'Select Role' button to browse roles, or just type it in the textbox. To reference an application role the syntax is appname.approle, i.e. myapp.myrole.", + + groupHelp: + "Users imported from LDAP will be automatically added into this configured group.", + + ldapAttributeNameHelp: + "Name of the LDAP attribute, which will be added to the new user during registration", + ldapAttributeValueHelp: + "Value of the LDAP attribute, which will be added to the new user during registration. You can either hardcode any value like 'foo' but you can also use some special tokens. Only supported token right now is '${RANDOM}', which will be replaced with some randomly generated string.", + }, +}; diff --git a/src/user-federation/messages.json b/src/user-federation/messages.json deleted file mode 100644 index d205b4dd88..0000000000 --- a/src/user-federation/messages.json +++ /dev/null @@ -1,185 +0,0 @@ -{ - "user-federation": { - "userFederation": "User federation", - "descriptionLanding": "This is the description for the user federation landing page", - "userFederationExplanation": "Keycloak can federate external user databases. Out of the box we have support for LDAP and Active Directory.", - "getStarted": "To get started, select a provider from the list below.", - "providers": "Add providers", - "addKerberos": "Add Kerberos providers", - "addLdap": "Add LDAP providers", - "addOneLdap": "Add LDAP provider", - "addKerberosWizardTitle": "Add Kerberos user federation provider", - "addLdapWizardTitle": "Add LDAP user federation provider", - - "syncChangedUsers": "Sync changed users", - "syncAllUsers": "Sync all users", - "unlinkUsers": "Unlink users", - "removeImported": "Remove imported", - "deleteProvider": "Delete provider", - - "generalOptions": "General options", - "consoleDisplayName": "Console display name", - "vendor": "Vendor", - - "connectionAndAuthenticationSettings": "Connection and authentication settings", - "connectionURL": "Connection URL", - "enableStartTls": "Enable StartTLS", - "useTruststoreSpi": "Use Truststore SPI", - "connectionPooling": "Connection pooling", - "connectionTimeout": "Connection timeout", - "bindType": "Bind type", - "bindDn": "Bind DN", - "bindCredentials": "Bind credentials", - - "ldapSearchingAndUpdatingSettings": "LDAP searching and updating", - "editMode": "Edit mode", - "usersDN": "Users DN", - "usernameLdapAttribute": "Username LDAP attribute", - "rdnLdapAttribute": "RDN LDAP attribute", - "uuidLdapAttribute": "UUID LDAP attribute", - "userObjectClasses": "User object classes", - "userLdapFilter": "User LDAP filter", - "searchScope": "Search scope", - "readTimeout": "Read timeout", - "pagination": "Pagination", - - "synchronizationSettings": "Synchronization settings", - "importUsers": "Import users", - "batchSize": "Batch size", - "periodicFullSync": "Periodic full sync", - "fullSyncPeriod": "Full sync period", - "periodicChangedUsersSync": "Periodic changed users sync", - "changedUsersSyncPeriod": "Changed users sync period", - - "kerberosIntegration": "Kerberos integration", - "allowKerberosAuthentication": "Allow Kerberos authentication", - "useKerberosForPasswordAuthentication": "Use Kerberos for password authentication", - - "cacheSettings": "Cache settings", - "cachePolicy": "Cache policy", - "evictionDay": "Eviction day", - "evictionHour": "Eviction hour", - "evictionMinute": "Eviction minute", - "maxLifespan": "Max lifespan", - - "advancedSettings": "Advanced settings", - "enableLdapv3Password": "Enable the LDAPv3 password modify extended operation", - "validatePasswordPolicy": "Validate password policy", - "trustEmail": "Trust email", - - "requiredSettings": "Required Settings", - "kerberosRealm": "Kerberos realm", - "serverPrincipal": "Server principal", - "keyTab": "Key tab", - "debug": "Debug", - "allowPasswordAuthentication": "Allow password authentication", - "updateFirstLogin": "Update first login", - - "always": "Always", - "never": "Never", - "onlyLdaps": "Only for ldaps", - "oneLevel": "One Level", - "subtree": "Subtree", - - "saveSuccess": "User federation provider successfully saved", - "saveError": "User federation provider could not be saved: {{error}}", - "createSuccess": "User federation provider successfully created", - "createError": "User federation provider could not be created: {{error}}", - "testSuccess": "Successfully connected to LDAP", - "testError": "Error when trying to connect to LDAP. See server.log for details.", - - "learnMore": "Learn more", - "addNewProvider": "Add new provider", - "userFedDeletedSuccess": "The user federation provider has been deleted.", - "userFedDeleteError": "Could not delete user federation provider: '{{error}}'", - "userFedDeleteConfirmTitle": "Delete user federation provider?", - "userFedDeleteConfirm": "If you delete this user federation provider, all associated data will be removed.", - "userFedDisableConfirmTitle": "Disable user federation provider?", - "userFedDisableConfirm": "If you disable this user federation provider, it will not be considered for queries and imported users will be disabled and read-only until the provider is enabled again.", - - "removeImportedUsers": "Remove imported users?", - "removeImportedUsersMessage": "Do you really want to remove all imported users? The option \"Unlink users\" makes sense just for the Edit Mode \"Unsynced\" and there should be a warning that \"unlinked\" users without the password in the Keycloak database won't be able to authenticate.", - "removeImportedUsersSuccess": "Imported users have been removed.", - "removeImportedUsersError": "Could not remove imported users: '{{error}}'", - - "syncUsersSuccess": "Sync of users finished successfully.", - "syncUsersError": "Could not sync users: '{{error}}'", - - "unlinkUsersSuccess": "Unlink of users finished successfully.", - "unlinkUsersError": "Could not unlink users: '{{error}}'", - - "validateName": "You must enter a name", - "validateRealm":"You must enter a realm", - "validateServerPrincipal":"You must enter a server principal", - "validateKeyTab": "You must enter a key tab", - "validateConnectionUrl": "You must enter a connection URL", - "validateBindDn": "You must enter the DN of the LDAP admin", - "validateBindCredentials": "You must enter the password of the LDAP admin", - "validateUuidLDAPAttribute": "You must enter a UUID LDAP attribute", - "validateUserObjectClasses": "You must enter one or more user object classes", - "validateUsersDn": "You must enter users DN", - "validateUsernameLDAPAttribute": "You must enter a username LDAP attribute", - "validateRdnLdapAttribute": "You must enter an RDN LDAP attribute", - "validateCustomUserSearchFilter": "Filter must be enclosed in parentheses, for example: (filter)", - - "mapperTypeMsadUserAccountControlManager": "msad-user-account-control-mapper", - "mapperTypeMsadLdsUserAccountControlMapper": "msad-user-account-control-mapper", - "mapperTypeGroupLdapMapper": "group-ldap-mapper", - "mapperTypeUserAttributeLdapMapper": "user-attribute-ldap-mapper", - "mapperTypeRoleLdapMapper": "role-ldap-mapper", - "mapperTypeHardcodedAttributeMapper": "hardcoded-attribute-mapper", - "mapperTypeHardcodedLdapRoleMapper": "hardcoded-ldap-role-mapper", - "mapperTypeCertificateLdapMapper": "certificate-ldap-mapper", - "mapperTypeFullNameLdapMapper": "full-name-ldap-mapper", - "mapperTypeHardcodedLdapGroupMapper": "hardcoded-ldap-group-mapper", - "mapperTypeLdapAttributeMapper": "hardcoded-ldap-attribute-mapper", - - "ldapMappersList": "LDAP Mappers", - - "ldapFullNameAttribute": "LDAP full name attribute", - "writeOnly": "Write only", - - "ldapGroupsDn": "LDAP groups DN", - "groupNameLdapAttribute": "Group name LDAP attribute", - "groupObjectClasses": "Group object classes", - "preserveGroupInheritance": "Preserve group inheritance", - "ignoreMissingGroups": "Ignore missing groups", - "userGroupsRetrieveStrategy": "User groups retrieve strategy", - "mappedGroupAttributes": "Mapped group attributes", - "dropNonexistingGroupsDuringSync": "Drop non-existing groups during sync", - "groupsPath": "Groups path", - - "membershipLdapAttribute": "Membership LDAP attribute", - "membershipAttributeType": "Membership attribute type", - "membershipUserLdapAttribute": "Membership user LDAP attribute", - "ldapFilter": "LDAP filter", - "mode": "Mode", - "memberofLdapAttribute": "Member-of LDAP attribute", - - "ldapRolesDn": "LDAP roles DN", - "roleNameLdapAttribute": "Role name LDAP attribute", - "roleObjectClasses": "Role object classes", - "userRolesRetrieveStrategy": "User roles retrieve strategy", - "useRealmRolesMapping": "Use realm roles mapping", - - "ldapAttributeName": "LDAP attribute name", - "ldapAttributeValue": "LDAP attribute value", - - "userModelAttribute": "User model attribute", - "ldapAttribute": "LDAP attribute", - "readOnly": "Read only", - "alwaysReadValueFromLdap": "Always read value from LDAP", - "isMandatoryInLdap": "Is mandatory in LDAP", - "isBinaryAttribute": "Is binary attribute", - "derFormatted": "DER formatted", - - "passwordPolicyHintsEnabled": "Password policy hints enabled", - - "userModelAttributeName": "User model attribute name", - "attributeValue": "Attribute value", - - "selectRole": "Select role", - - "group": "Group" - } -} diff --git a/src/user-federation/messages.ts b/src/user-federation/messages.ts new file mode 100644 index 0000000000..a90b56f624 --- /dev/null +++ b/src/user-federation/messages.ts @@ -0,0 +1,197 @@ +export default { + "user-federation": { + userFederation: "User federation", + descriptionLanding: + "This is the description for the user federation landing page", + userFederationExplanation: + "Keycloak can federate external user databases. Out of the box we have support for LDAP and Active Directory.", + getStarted: "To get started, select a provider from the list below.", + providers: "Add providers", + addKerberos: "Add Kerberos providers", + addLdap: "Add LDAP providers", + addOneLdap: "Add LDAP provider", + addKerberosWizardTitle: "Add Kerberos user federation provider", + addLdapWizardTitle: "Add LDAP user federation provider", + + syncChangedUsers: "Sync changed users", + syncAllUsers: "Sync all users", + unlinkUsers: "Unlink users", + removeImported: "Remove imported", + deleteProvider: "Delete provider", + + generalOptions: "General options", + consoleDisplayName: "Console display name", + vendor: "Vendor", + + connectionAndAuthenticationSettings: + "Connection and authentication settings", + connectionURL: "Connection URL", + enableStartTls: "Enable StartTLS", + useTruststoreSpi: "Use Truststore SPI", + connectionPooling: "Connection pooling", + connectionTimeout: "Connection timeout", + bindType: "Bind type", + bindDn: "Bind DN", + bindCredentials: "Bind credentials", + + ldapSearchingAndUpdatingSettings: "LDAP searching and updating", + editMode: "Edit mode", + usersDN: "Users DN", + usernameLdapAttribute: "Username LDAP attribute", + rdnLdapAttribute: "RDN LDAP attribute", + uuidLdapAttribute: "UUID LDAP attribute", + userObjectClasses: "User object classes", + userLdapFilter: "User LDAP filter", + searchScope: "Search scope", + readTimeout: "Read timeout", + pagination: "Pagination", + + synchronizationSettings: "Synchronization settings", + importUsers: "Import users", + batchSize: "Batch size", + periodicFullSync: "Periodic full sync", + fullSyncPeriod: "Full sync period", + periodicChangedUsersSync: "Periodic changed users sync", + changedUsersSyncPeriod: "Changed users sync period", + + kerberosIntegration: "Kerberos integration", + allowKerberosAuthentication: "Allow Kerberos authentication", + useKerberosForPasswordAuthentication: + "Use Kerberos for password authentication", + + cacheSettings: "Cache settings", + cachePolicy: "Cache policy", + evictionDay: "Eviction day", + evictionHour: "Eviction hour", + evictionMinute: "Eviction minute", + maxLifespan: "Max lifespan", + + advancedSettings: "Advanced settings", + enableLdapv3Password: + "Enable the LDAPv3 password modify extended operation", + validatePasswordPolicy: "Validate password policy", + trustEmail: "Trust email", + + requiredSettings: "Required Settings", + kerberosRealm: "Kerberos realm", + serverPrincipal: "Server principal", + keyTab: "Key tab", + debug: "Debug", + allowPasswordAuthentication: "Allow password authentication", + updateFirstLogin: "Update first login", + + always: "Always", + never: "Never", + onlyLdaps: "Only for ldaps", + oneLevel: "One Level", + subtree: "Subtree", + + saveSuccess: "User federation provider successfully saved", + saveError: "User federation provider could not be saved: {{error}}", + createSuccess: "User federation provider successfully created", + createError: "User federation provider could not be created: {{error}}", + testSuccess: "Successfully connected to LDAP", + testError: + "Error when trying to connect to LDAP. See server.log for details.", + + learnMore: "Learn more", + addNewProvider: "Add new provider", + userFedDeletedSuccess: "The user federation provider has been deleted.", + userFedDeleteError: + "Could not delete user federation provider: '{{error}}'", + userFedDeleteConfirmTitle: "Delete user federation provider?", + userFedDeleteConfirm: + "If you delete this user federation provider, all associated data will be removed.", + userFedDisableConfirmTitle: "Disable user federation provider?", + userFedDisableConfirm: + "If you disable this user federation provider, it will not be considered for queries and imported users will be disabled and read-only until the provider is enabled again.", + + removeImportedUsers: "Remove imported users?", + removeImportedUsersMessage: + 'Do you really want to remove all imported users? The option "Unlink users" makes sense just for the Edit Mode "Unsynced" and there should be a warning that "unlinked" users without the password in the Keycloak database won\'t be able to authenticate.', + removeImportedUsersSuccess: "Imported users have been removed.", + removeImportedUsersError: "Could not remove imported users: '{{error}}'", + + syncUsersSuccess: "Sync of users finished successfully.", + syncUsersError: "Could not sync users: '{{error}}'", + + unlinkUsersSuccess: "Unlink of users finished successfully.", + unlinkUsersError: "Could not unlink users: '{{error}}'", + + validateName: "You must enter a name", + validateRealm: "You must enter a realm", + validateServerPrincipal: "You must enter a server principal", + validateKeyTab: "You must enter a key tab", + validateConnectionUrl: "You must enter a connection URL", + validateBindDn: "You must enter the DN of the LDAP admin", + validateBindCredentials: "You must enter the password of the LDAP admin", + validateUuidLDAPAttribute: "You must enter a UUID LDAP attribute", + validateUserObjectClasses: "You must enter one or more user object classes", + validateUsersDn: "You must enter users DN", + validateUsernameLDAPAttribute: "You must enter a username LDAP attribute", + validateRdnLdapAttribute: "You must enter an RDN LDAP attribute", + validateCustomUserSearchFilter: + "Filter must be enclosed in parentheses, for example: (filter)", + + mapperTypeMsadUserAccountControlManager: "msad-user-account-control-mapper", + mapperTypeMsadLdsUserAccountControlMapper: + "msad-user-account-control-mapper", + mapperTypeGroupLdapMapper: "group-ldap-mapper", + mapperTypeUserAttributeLdapMapper: "user-attribute-ldap-mapper", + mapperTypeRoleLdapMapper: "role-ldap-mapper", + mapperTypeHardcodedAttributeMapper: "hardcoded-attribute-mapper", + mapperTypeHardcodedLdapRoleMapper: "hardcoded-ldap-role-mapper", + mapperTypeCertificateLdapMapper: "certificate-ldap-mapper", + mapperTypeFullNameLdapMapper: "full-name-ldap-mapper", + mapperTypeHardcodedLdapGroupMapper: "hardcoded-ldap-group-mapper", + mapperTypeLdapAttributeMapper: "hardcoded-ldap-attribute-mapper", + + ldapMappersList: "LDAP Mappers", + + ldapFullNameAttribute: "LDAP full name attribute", + writeOnly: "Write only", + + ldapGroupsDn: "LDAP groups DN", + groupNameLdapAttribute: "Group name LDAP attribute", + groupObjectClasses: "Group object classes", + preserveGroupInheritance: "Preserve group inheritance", + ignoreMissingGroups: "Ignore missing groups", + userGroupsRetrieveStrategy: "User groups retrieve strategy", + mappedGroupAttributes: "Mapped group attributes", + dropNonexistingGroupsDuringSync: "Drop non-existing groups during sync", + groupsPath: "Groups path", + + membershipLdapAttribute: "Membership LDAP attribute", + membershipAttributeType: "Membership attribute type", + membershipUserLdapAttribute: "Membership user LDAP attribute", + ldapFilter: "LDAP filter", + mode: "Mode", + memberofLdapAttribute: "Member-of LDAP attribute", + + ldapRolesDn: "LDAP roles DN", + roleNameLdapAttribute: "Role name LDAP attribute", + roleObjectClasses: "Role object classes", + userRolesRetrieveStrategy: "User roles retrieve strategy", + useRealmRolesMapping: "Use realm roles mapping", + + ldapAttributeName: "LDAP attribute name", + ldapAttributeValue: "LDAP attribute value", + + userModelAttribute: "User model attribute", + ldapAttribute: "LDAP attribute", + readOnly: "Read only", + alwaysReadValueFromLdap: "Always read value from LDAP", + isMandatoryInLdap: "Is mandatory in LDAP", + isBinaryAttribute: "Is binary attribute", + derFormatted: "DER formatted", + + passwordPolicyHintsEnabled: "Password policy hints enabled", + + userModelAttributeName: "User model attribute name", + attributeValue: "Attribute value", + + selectRole: "Select role", + + group: "Group", + }, +}; diff --git a/src/user/help.json b/src/user/help.json deleted file mode 100644 index c19cf057d7..0000000000 --- a/src/user/help.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "users-help": { - "disabled": "A disabled user cannot log in.", - "emailVerified": "Has the user's email been verified?", - "requiredUserActions": "Require an action when the user logs in. 'Verify email' sends an email to the user to verify their email address. 'Update profile' requires user to enter in new personal information. 'Update password' requires user to enter in a new password. 'Configure OTP' requires setup of a mobile password generator.", - "groups": "Groups where the user has membership. To leave a group, select it and click Leave." - - } -} \ No newline at end of file diff --git a/src/user/help.ts b/src/user/help.ts new file mode 100644 index 0000000000..97585f5403 --- /dev/null +++ b/src/user/help.ts @@ -0,0 +1,10 @@ +export default { + "users-help": { + disabled: "A disabled user cannot log in.", + emailVerified: "Has the user's email been verified?", + requiredUserActions: + "Require an action when the user logs in. 'Verify email' sends an email to the user to verify their email address. 'Update profile' requires user to enter in new personal information. 'Update password' requires user to enter in a new password. 'Configure OTP' requires setup of a mobile password generator.", + groups: + "Groups where the user has membership. To leave a group, select it and click Leave.", + }, +}; diff --git a/src/user/messages.json b/src/user/messages.json deleted file mode 100644 index e117dbfe89..0000000000 --- a/src/user/messages.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "users": { - "title": "Users", - "searchForUser": "Search user", - "startBySearchingAUser": "Start by searching for users", - "createUser": "Create user", - "createNewUser": "Create new user", - "noUsersFound": "No users found", - "noUsersFoundError": "No users found due to {{error}}", - "noGroups": "No groups", - "noGroupsText": "You haven't added this user to any groups. Join a group to get started.", - "joinGroup": "Join Group", - "joinGroups": "Join Groups", - "join": "Join", - "joinGroupsFor": "Join groups for user {{username}}", - "selectGroups": "Select groups to join", - "searchForGroups": "Search for groups", - "leave": "Leave", - "leaveGroup": "Leave group {{name}}?", - "leaveGroupConfirmDialog": "Are you sure you want to remove {{username}} from the group {{groupname}}?", - "directMembership": "Direct membership", - "groupMembership": "Group membership", - "addedGroupMembership": "Added group membership", - "addedGroupMembershipError": "Error adding group membership", - "removedGroupMembership": "Removed group membership", - "removedGroupMembershipError": "Error removing group membership", - "path": "Path", - "emptyInstructions": "Change your search criteria or add a user", - "createdAt": "Created at", - "username": "Username", - "email": "Email", - "emailVerified": "Email verified", - "lastName": "Last name", - "firstName": "First name", - "status": "Status", - "disabled": "Disabled", - "emailInvalid": "You must enter a valid email.", - "temporaryDisabled": "Temporarily disabled", - "notVerified": "Not verified", - "requiredUserActions": "Required user actions", - "addUser": "Add user", - "deleteUser": "Delete user", - "deleteConfirm": "Delete user?", - "deleteConfirmDialog": "Are you sure you want to permanently delete {{count}} selected user", - "deleteConfirmDialog_plural": "Are you sure you want to permanently delete {{count}} selected users", - "userCreated": "The user has been created", - "userSaved": "The user has been saved", - "userDetails": "User details", - "userCreateError": "Could not create user: {{error}}", - "userDeletedSuccess": "The user has been deleted", - "userDeletedError": "The user could not be deleted {{error}}", - "configureOTP": "Configure OTP", - "updatePassword": "Update Password", - "updateProfile": "Update Profile", - "verifyEmail": "Verify Email", - "updateUserLocale": "Update User Locale", - "consents": "Consents", - "noConsents": "No consents", - "noConsentsText": "The consents will only be recorded when users try to access a client that is configured to require consent. In that case, users will get a consent page which asks them to grant access to the client.", - "whoWillAppearLinkText": "Who will appear in this group list?", - "whoWillAppearPopoverText": "Groups are hierarchical. When you select Direct Membership, you see only the child group that the user joined. Ancestor groups are not included.", - "revoke": "Revoke", - "revokeClientScopesTitle": "Revoke all granted client scopes?", - "revokeClientScopes": "Are you sure you want to revoke all granted client scopes for {{clientId}}?", - "deleteGrantsSuccess": "Grants successfully revoked.", - "deleteGrantsError": "Error deleting grants." - } -} diff --git a/src/user/messages.ts b/src/user/messages.ts new file mode 100644 index 0000000000..55ecb78c00 --- /dev/null +++ b/src/user/messages.ts @@ -0,0 +1,75 @@ +export default { + users: { + title: "Users", + searchForUser: "Search user", + startBySearchingAUser: "Start by searching for users", + createUser: "Create user", + createNewUser: "Create new user", + noUsersFound: "No users found", + noUsersFoundError: "No users found due to {{error}}", + noGroups: "No groups", + noGroupsText: + "You haven't added this user to any groups. Join a group to get started.", + joinGroup: "Join Group", + joinGroups: "Join Groups", + join: "Join", + joinGroupsFor: "Join groups for user {{username}}", + selectGroups: "Select groups to join", + searchForGroups: "Search for groups", + leave: "Leave", + leaveGroup: "Leave group {{name}}?", + leaveGroupConfirmDialog: + "Are you sure you want to remove {{username}} from the group {{groupname}}?", + directMembership: "Direct membership", + groupMembership: "Group membership", + addedGroupMembership: "Added group membership", + addedGroupMembershipError: "Error adding group membership", + removedGroupMembership: "Removed group membership", + removedGroupMembershipError: "Error removing group membership", + path: "Path", + emptyInstructions: "Change your search criteria or add a user", + createdAt: "Created at", + username: "Username", + email: "Email", + emailVerified: "Email verified", + lastName: "Last name", + firstName: "First name", + status: "Status", + disabled: "Disabled", + emailInvalid: "You must enter a valid email.", + temporaryDisabled: "Temporarily disabled", + notVerified: "Not verified", + requiredUserActions: "Required user actions", + addUser: "Add user", + deleteUser: "Delete user", + deleteConfirm: "Delete user?", + deleteConfirmDialog: + "Are you sure you want to permanently delete {{count}} selected user", + deleteConfirmDialog_plural: + "Are you sure you want to permanently delete {{count}} selected users", + userCreated: "The user has been created", + userSaved: "The user has been saved", + userDetails: "User details", + userCreateError: "Could not create user: {{error}}", + userDeletedSuccess: "The user has been deleted", + userDeletedError: "The user could not be deleted {{error}}", + configureOTP: "Configure OTP", + updatePassword: "Update Password", + updateProfile: "Update Profile", + verifyEmail: "Verify Email", + updateUserLocale: "Update User Locale", + consents: "Consents", + noConsents: "No consents", + noConsentsText: + "The consents will only be recorded when users try to access a client that is configured to require consent. In that case, users will get a consent page which asks them to grant access to the client.", + whoWillAppearLinkText: "Who will appear in this group list?", + whoWillAppearPopoverText: + "Groups are hierarchical. When you select Direct Membership, you see only the child group that the user joined. Ancestor groups are not included.", + revoke: "Revoke", + revokeClientScopesTitle: "Revoke all granted client scopes?", + revokeClientScopes: + "Are you sure you want to revoke all granted client scopes for {{clientId}}?", + deleteGrantsSuccess: "Grants successfully revoked.", + deleteGrantsError: "Error deleting grants.", + }, +};