diff --git a/themes/src/main/resources/theme/base/account/messages/messages_de.properties b/themes/src/main/resources/theme/base/account/messages/messages_de.properties
index 33d080dbb1..50082325d8 100644
--- a/themes/src/main/resources/theme/base/account/messages/messages_de.properties
+++ b/themes/src/main/resources/theme/base/account/messages/messages_de.properties
@@ -71,7 +71,7 @@ applications=Applicationen
account=Benutzerkonto
federatedIdentity=Federated Identity
authenticator=Authenticator
-sessions=Sessions
+sessions=Sessionen
log=Log
configureAuthenticators=Authenticators konfigurieren
diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_de.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_de.properties
index bc463fca12..c3332d79b5 100644
--- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_de.properties
+++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_de.properties
@@ -1,6 +1,8 @@
# Common messages
enabled=de Enabled
name=de Name
+displayName=de Display name
+displayNameHtml=de HTML Display name
save=de Save
cancel=de Cancel
onText=AN
@@ -50,7 +52,6 @@ login-username=de Login Username
password=de Password
login-password=de Login Password
login-theme=de Login Theme
-select-one=de Select one...
login-theme.tooltip=de Select theme for login, TOTP, grant, registration, and forgot password pages.
account-theme=de Account Theme
account-theme.tooltip=de Select theme for user account management pages.
@@ -62,10 +63,12 @@ i18n-enabled=de Internationalization Enabled
supported-locales=de Supported Locales
supported-locales.placeholder=de Type a locale and enter
default-locale=de Default Locale
-realm-cache-enabled=de Realm Cache Enabled
-realm-cache-enabled.tooltip=de Enable/disable cache for realm, client and role data.
-user-cache-enabled=de User Cache Enabled
-user-cache-enabled.tooltip=de Enable/disable user and user role mapping cache.
+realm-cache-clear=de Realm Cache
+realm-cache-clear.tooltip=de Clears all entries from the realm cache (this will clear entries for all realms)
+user-cache-clear=de User Cache
+user-cache-clear.tooltip=de Clears all entries from the user cache (this will clear entries for all realms)
+revoke-refresh-token=de Revoke Refresh Token
+revoke-refresh-token.tooltip=de If enabled refresh tokens can only be used once. Otherwise refresh tokens are not revoked when used and can be used multiple times.
sso-session-idle=de SSO Session Idle
seconds=de Seconds
minutes=de Minutes
@@ -74,8 +77,12 @@ days=de Days
sso-session-max=de SSO Session Max
sso-session-idle.tooltip=de Time a session is allowed to be idle before it expires. Tokens and browser sessions are invalidated when a session is expired.
sso-session-max.tooltip=de Max time before a session is expired. Tokens and browser sessions are invalidated when a session is expired.
+offline-session-idle=de Offline Session Idle
+offline-session-idle.tooltip=de Time an offline session is allowed to be idle before it expires. You need to use offline token to refresh at least once within this period, otherwise offline session will expire.
access-token-lifespan=de Access Token Lifespan
access-token-lifespan.tooltip=de Max time before an access token is expired. This value is recommended to be short relative to the SSO timeout.
+access-token-lifespan-for-implicit-flow=de Access Token Lifespan For Implicit Flow
+access-token-lifespan-for-implicit-flow.tooltip=de Max time before an access token issued during OpenID Connect Implicit Flow is expired. This value is recommended to be shorter than SSO timeout. There is no possibility to refresh token during implicit flow, that's why there is separate timeout different to 'Access Token Lifespan'.
client-login-timeout=de Client login timeout
client-login-timeout.tooltip=de Max time an client has to finish the access token protocol. This should normally be 1 minute.
login-timeout=de Login timeout
@@ -105,14 +112,15 @@ realm-tab-email=de Email
realm-tab-themes=de Themes
realm-tab-cache=de Cache
realm-tab-tokens=de Tokens
+realm-tab-client-initial-access=de Initial Access Tokens
realm-tab-security-defenses=de Security Defenses
realm-tab-general=de General
-add-realm=de Add Realm
+add-realm=de Add realm
#Session settings
realm-sessions=de Realm Sessions
revocation=de Revocation
-logout-all=de Logout All
+logout-all=de Logout all
active-sessions=de Active Sessions
sessions=de Sessions
not-before=de Not Before
@@ -137,7 +145,7 @@ tokenClaimName.tooltip=de Name of the claim to insert into the token. This can
jsonType.label=de Claim JSON Type
jsonType.tooltip=de JSON type that should be used to populate the json claim in the token. long, int, boolean, and String are valid values.
includeInIdToken.label=de Add to ID token
-includeInIdTokenTooltip.Should the claim be added to the ID token?
+includeInIdToken.tooltip=de Should the claim be added to the ID token?
includeInAccessToken.label=de Add to access token
includeInAccessToken.tooltip=de Should the claim be added to the access token?
@@ -170,6 +178,12 @@ client-protocol=de Client Protocol
client-protocol.tooltip=de 'OpenID connect' allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server.'SAML' enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO) and uses security tokens containing assertions to pass information.
access-type=de Access Type
access-type.tooltip=de 'Confidential' clients require a secret to initiate login protocol. 'Public' clients do not require a secret. 'Bearer-only' clients are web services that never initiate a login.
+standard-flow-enabled=de Standard Flow Enabled
+standard-flow-enabled.tooltip=de This enables standard OpenID Connect redirect based authentication with authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Authorization Code Flow' for this client.
+implicit-flow-enabled=de Implicit Flow Enabled
+implicit-flow-enabled.tooltip=de This enables support for OpenID Connect redirect based authentication without authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Implicit Flow' for this client.
+direct-access-grants-enabled=de Direct Access Grants Enabled
+direct-access-grants-enabled.tooltip=de This enables support for Direct Access Grants, which means that client has access to username/password of user and exchange it directly with Keycloak server for access token. In terms of OAuth2 specification, this enables support of 'Resource Owner Password Credentials Grant' for this client.
service-accounts-enabled=de Service Accounts Enabled
service-accounts-enabled.tooltip=de Allows you to authenticate this client to Keycloak and retrieve access token dedicated to this client.
include-authnstatement=de Include AuthnStatement
@@ -267,6 +281,9 @@ import-client-certificate=de Import Client Certificate
jwt-import.key-alias.tooltip=de Archive alias for your certificate.
secret=de Secret
regenerate-secret=de Regenerate Secret
+registrationAccessToken=de Registration access token
+registrationAccessToken.regenerate=de Regenerate registration access token
+registrationAccessToken.tooltip=de The registration access token provides access for clients to the client registration service.
add-role=de Add Role
role-name=de Role Name
composite=de Composite
@@ -334,6 +351,8 @@ offline-tokens.tooltip=de Total number of offline tokens for this client.
show-offline-tokens=de Show Offline Tokens
show-offline-tokens.tooltip=de Warning, this is a potentially expensive operation depending on number of offline tokens.
token-issued=de Token Issued
+last-access=de Last Access
+last-refresh=de Last Refresh
key-export=de Key Export
key-import=de Key Import
export-saml-key=de Export SAML Key
@@ -354,13 +373,14 @@ service-account-is-not-enabled-for=de Service account is not enabled for {{clien
create-protocol-mappers=de Create Protocol Mappers
create-protocol-mapper=de Create Protocol Mapper
protocol=de Protocol
-protocol.tooltip=de Protocol.
+protocol.tooltip=de Protocol...
id=de ID
mapper.name.tooltip=de Name of the mapper.
mapper.consent-required.tooltip=de When granting temporary access, must the user consent to providing this data to the client?
consent-text=de Consent Text
consent-text.tooltip=de Text to display on consent page.
mapper-type=de Mapper Type
+mapper-type.tooltip=de Type of the mapper
select-role=de Select role
select-role.tooltip=de Enter role in the textbox to the left, or click this button to browse and select the role you want.
@@ -370,6 +390,8 @@ table-of-identity-providers=de Table of identity providers
add-provider.placeholder=de Add provider...
provider=de Provider
gui-order=de GUI order
+first-broker-login-flow=de First Login Flow
+post-broker-login-flow=de Post Login Flow
redirect-uri=de Redirect URI
redirect-uri.tooltip=de The redirect uri to use when configuring the identity provider.
alias=de Alias
@@ -389,6 +411,8 @@ update-profile-on-first-login.tooltip=de Define conditions under which a user ha
trust-email=de Trust Email
trust-email.tooltip=de If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
gui-order.tooltip=de Number defining order of the provider in GUI (eg. on Login page).
+first-broker-login-flow.tooltip=de Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account.
+post-broker-login-flow.tooltip=de Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
openid-connect-config=de OpenID Connect Config
openid-connect-config.tooltip=de OIDC SP and external IDP configuration.
authorization-url=de Authorization URL
@@ -461,3 +485,417 @@ identity-provider-mappers=de Identity Provider Mappers
create-identity-provider-mapper=de Create Identity Provider Mapper
add-identity-provider-mapper=de Add Identity Provider Mapper
client.description.tooltip=de Specifies description of the client. For example 'My Client for TimeSheets'. Supports keys for localized values as well. For example\: ${my_client_description}
+
+expires=de Expires
+expiration=de Expiration
+expiration.tooltip=de Specifies how long the token should be valid
+count=de Count
+count.tooltip=de Specifies how many clients can be created using the token
+remainingCount=de Remaining Count
+created=de Created
+back=de Back
+initial-access-tokens=de Initial Access Tokens
+add-initial-access-tokens=de Add Initial Access Token
+initial-access-token=de Initial Access Token
+initial-access.copyPaste.tooltip=de Copy/paste the initial access token before navigating away from this page as it's not posible to retrieve later
+continue=de Continue
+initial-access-token.confirm.title=de Copy Initial Access Token
+initial-access-token.confirm.text=de Please copy and paste the initial access token before confirming as it can't be retrieved later
+
+client-templates=de Client Templates
+client-templates.tooltip=de Client templates allow you to define common configuration that is shared between multiple clients
+
+groups=de Groups
+
+group.add-selected.tooltip=de Realm roles that can be assigned to the group.
+group.assigned-roles.tooltip=de Realm roles mapped to the group
+group.effective-roles.tooltip=de All realm role mappings. Some roles here might be inherited from a mapped composite role.
+group.available-roles.tooltip=de Assignable roles from this client.
+group.assigned-roles-client.tooltip=de Role mappings for this client.
+group.effective-roles-client.tooltip=de Role mappings for this client. Some roles here might be inherited from a mapped composite role.
+
+default-roles=de Default Roles
+no-realm-roles-available=de No realm roles available
+
+users=de Users
+user.add-selected.tooltip=de Realm roles that can be assigned to the user.
+user.assigned-roles.tooltip=de Realm roles mapped to the user
+user.effective-roles.tooltip=de All realm role mappings. Some roles here might be inherited from a mapped composite role.
+user.available-roles.tooltip=de Assignable roles from this client.
+user.assigned-roles-client.tooltip=de Role mappings for this client.
+user.effective-roles-client.tooltip=de Role mappings for this client. Some roles here might be inherited from a mapped composite role.
+default.available-roles.tooltip=de Realm level roles that can be assigned.
+realm-default-roles=de Realm Default Roles
+realm-default-roles.tooltip=de Realm level roles assigned to new users.
+default.available-roles-client.tooltip=de Roles from this client that are assignable as a default.
+client-default-roles=de Client Default Roles
+client-default-roles.tooltip=de Roles from this client assigned as a default role.
+composite.available-roles.tooltip=de Realm level roles associated with this composite role.
+composite.associated-roles.tooltip=de Realm level roles associated with this composite role.
+composite.available-roles-client.tooltip=de Roles from this client that you can associate to this composite role.
+composite.associated-roles-client.tooltip=de Client roles associated with this composite role.
+partial-import=de Partial Import
+
+file=de File
+import-from-realm=de Import from realm
+import-users=de Import users
+import-clients=de Import clients
+import-identity-providers=de Import identity providers
+import-realm-roles=de Import realm roles
+import-client-roles=de Import client roles
+if-resource-exists=de If a resource exists
+fail=de Fail
+skip=de Skip
+overwrite=de Overwrite
+if-resource-exists.tooltip=de Specify what should be done if you try to import a resource that already exists.
+
+action=de Action
+role-selector=de Role Selector
+realm-roles.tooltip=de Realm roles that can be selected.
+
+select-a-role=de Select a role
+select-realm-role=de Select realm role
+client-roles.tooltip=de Client roles that can be selected.
+select-client-role=de Select client role
+
+client-template=de Client Template
+client-template.tooltip=de Client template this client inherits configuration from
+client-saml-endpoint=de Client SAML Endpoint
+add-client-template=de Add client template
+
+manage=de Manage
+authentication=de Authentication
+user-federation=de User Federation
+events=de Events
+realm-settings=de Realm Settings
+configure=de Configure
+select-realm=de Select realm
+add=de Add
+
+client-template.name.tooltip=de Name of the client template. Must be unique in the realm
+client-template.description.tooltip=de Description of the client template
+client-template.protocol.tooltip=de Which SSO protocol configuration is being supplied by this client template
+
+add-user-federation-provider=de Add user federation provider
+required-settings=de Required Settings
+provider-id=de Provider ID
+console-display-name=de Console Display Name
+console-display-name.tooltip=de Display name of provider when linked in admin console.
+priority=de Priority
+priority.tooltip=de Priority of provider when doing a user lookup. Lowest first.
+sync-settings=de Sync Settings
+periodic-full-sync=de Periodic Full Sync
+periodic-full-sync.tooltip=de Does periodic full synchronization of provider users to Keycloak should be enabled or not
+full-sync-period=de Full Sync Period
+full-sync-period.tooltip=de Period for full synchronization in seconds
+periodic-changed-users-sync=de Periodic Changed Users Sync
+periodic-changed-users-sync.tooltip=de Does periodic synchronization of changed or newly created provider users to Keycloak should be enabled or not
+changed-users-sync-period=de Changed Users Sync Period
+changed-users-sync-period.tooltip=de Period for synchronization of changed or newly created provider users in seconds
+synchronize-changed-users=de Synchronize changed users
+synchronize-all-users=de Synchronize all users
+kerberos-realm=de Kerberos Realm
+kerberos-realm.tooltip=de Name of kerberos realm. For example FOO.ORG
+server-principal=de Server Principal
+server-principal.tooltip=de Full name of server principal for HTTP service including server and domain name. For example HTTP/host.foo.org@FOO.ORG
+keytab=de KeyTab
+keytab.tooltip=de Location of Kerberos KeyTab file containing the credentials of server principal. For example /etc/krb5.keytab
+debug=de Debug
+debug.tooltip=de Enable/disable debug logging to standard output for Krb5LoginModule.
+allow-password-authentication=de Allow Password Authentication
+allow-password-authentication.tooltip=de Enable/disable possibility of username/password authentication against Kerberos database
+edit-mode=de Edit Mode
+edit-mode.tooltip=de READ_ONLY means that password updates are not allowed and user always authenticates with Kerberos password. UNSYNCED means user can change his password in Keycloak database and this one will be used instead of Kerberos password then
+ldap.edit-mode.tooltip=de READ_ONLY is a read only LDAP store. WRITABLE means data will be synced back to LDAP on demand. UNSYNCED means user data will be imported, but not synced back to LDAP.
+update-profile-first-login=de Update Profile First Login
+update-profile-first-login.tooltip=de Update profile on first login
+sync-registrations=de Sync Registrations
+ldap.sync-registrations.tooltip=de Should newly created users be created within LDAP store? Priority effects which provider is chose to sync the new user.
+vendor=de Vendor
+ldap.vendor.tooltip=de LDAP vendor (provider)
+username-ldap-attribute=de Username LDAP attribute
+ldap-attribute-name-for-username=de LDAP attribute name for username
+username-ldap-attribute.tooltip=de Name of LDAP attribute, which is mapped as Keycloak username. For many LDAP server vendors it can be 'uid'. For Active directory it can be 'sAMAccountName' or 'cn'. The attribute should be filled for all LDAP user records you want to import from LDAP to Keycloak.
+rdn-ldap-attribute=de RDN LDAP attribute
+ldap-attribute-name-for-user-rdn=de LDAP attribute name for user RDN
+rdn-ldap-attribute.tooltip=de Name of LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as Username LDAP attribute, however it's not required. For example for Active directory it's common to use 'cn' as RDN attribute when username attribute might be 'sAMAccountName'.
+uuid-ldap-attribute=de UUID LDAP attribute
+ldap-attribute-name-for-uuid=de LDAP attribute name for UUID
+uuid-ldap-attribute.tooltip=de Name of LDAP attribute, which is used as unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors it's 'entryUUID' however some are different. For example for Active directory it should be 'objectGUID'. If your LDAP server really doesn't support the notion of UUID, you can use any other attribute, which is supposed to be unique among LDAP users in tree. For example 'uid' or 'entryDN'.
+user-object-classes=de User Object Classes
+ldap-user-object-classes.placeholder=de LDAP User Object Classes (div. by comma)
+
+ldap-connection-url=de LDAP connection URL
+ldap-users-dn=de LDAP Users DN
+ldap-bind-dn=de LDAP Bind DN
+ldap-bind-credentials=de LDAP Bind Credentials
+ldap-filter=de LDAP Filter
+ldap.user-object-classes.tooltip=de All values of LDAP objectClass attribute for users in LDAP divided by comma. For example: 'inetOrgPerson, organizationalPerson' . Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records are found just if they contain all those object classes.\
+
+connection-url=de Connection URL
+ldap.connection-url.tooltip=de Connection URL to your LDAP server
+test-connection=de Test connection
+users-dn=de Users DN
+ldap.users-dn.tooltip=de Full DN of LDAP tree where your users are. This DN is parent of LDAP users. It could be for example 'ou=users,dc=example,dc=com' assuming that your typical user will have DN like 'uid=john,ou=users,dc=example,dc=com'
+authentication-type=de Authentication Type
+ldap.authentication-type.tooltip=de LDAP Authentication type. Right now just 'none' (anonymous LDAP authentication) or 'simple' (Bind credential + Bind password authentication) mechanisms are available
+bind-dn=de Bind DN
+ldap.bind-dn.tooltip=de DN of LDAP admin, which will be used by Keycloak to access LDAP server
+bind-credential=de Bind Credential
+ldap.bind-credential.tooltip=de Password of LDAP admin
+test-authentication=de Test authentication
+custom-user-ldap-filter=de Custom User LDAP Filter
+ldap.custom-user-ldap-filter.tooltip=de Additional LDAP Filter for filtering searched users. Leave this empty if you don't need additional filter. Make sure that it starts with '(' and ends with ')'
+search-scope=de Search Scope
+ldap.search-scope.tooltip=de For one level, we search for users just in DNs specified by User DNs. For subtree, we search in whole of their subtree. See LDAP documentation for more details
+connection-pooling=de Connection Pooling
+ldap.connection-pooling.tooltip=de Does Keycloak should use connection pooling for accessing LDAP server
+ldap.pagination.tooltip=de Does the LDAP server support pagination.
+kerberos-integration=de Kerberos Integration
+allow-kerberos-authentication=de Allow Kerberos authentication
+ldap.allow-kerberos-authentication.tooltip=de Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will be provisioned from this LDAP server
+use-kerberos-for-password-authentication=de Use Kerberos For Password Authentication
+ldap.use-kerberos-for-password-authentication.tooltip=de Use Kerberos login module for authenticate username/password against Kerberos server instead of authenticating against LDAP server with Directory Service API
+batch-size=de Batch Size
+ldap.batch-size.tooltip=de Count of LDAP users to be imported from LDAP to Keycloak within single transaction.
+ldap.periodic-full-sync.tooltip=de Does periodic full synchronization of LDAP users to Keycloak should be enabled or not
+ldap.periodic-changed-users-sync.tooltip=de Does periodic synchronization of changed or newly created LDAP users to Keycloak should be enabled or not
+ldap.changed-users-sync-period.tooltip=de Period for synchronization of changed or newly created LDAP users in seconds
+user-federation-mappers=de User Federation Mappers
+create-user-federation-mapper=de Create user federation mapper
+add-user-federation-mapper=de Add user federation mapper
+provider-name=de Provider Name
+no-user-federation-providers-configured=de No user federation providers configured
+add-identity-provider=de Add identity provider
+add-identity-provider-link=de Add identity provider link
+identity-provider=de Identity Provider
+identity-provider-user-id=de Identity Provider User ID
+identity-provider-user-id.tooltip=de Unique ID of the user on the Identity Provider side
+identity-provider-username=de Identity Provider Username
+identity-provider-username.tooltip=de Username on the Identity Provider side
+pagination=de Pagination
+
+browser-flow=de Browser Flow
+browser-flow.tooltip=de Select the flow you want to use for browser authentication.
+registration-flow=de Registration Flow
+registration-flow.tooltip=de Select the flow you want to use for registration.
+direct-grant-flow=de Direct Grant Flow
+direct-grant-flow.tooltip=de Select the flow you want to use for direct grant authentication.
+reset-credentials=de Reset Credentials
+reset-credentials.tooltip=de Select the flow you want to use when the user has forgotten their credentials.
+client-authentication=de Client Authentication
+client-authentication.tooltip=de Select the flow you want to use for authentication of clients.
+new=de New
+copy=de Copy
+add-execution=de Add execution
+add-flow=de Add flow
+auth-type=de Auth Type
+requirement=de Requirement
+config=de Config
+no-executions-available=de No executions available
+authentication-flows=de Authentication Flows
+create-authenticator-config=de Create authenticator config
+authenticator.alias.tooltip=de Name of the configuration
+otp-type=de OTP Type
+time-based=de Time Based
+counter-based=de Counter Based
+otp-type.tooltip=de totp is Time-Based One Time Password. 'hotp' is a counter base one time password in which the server keeps a counter to hash against.
+otp-hash-algorithm=de OTP Hash Algorithm
+otp-hash-algorithm.tooltip=de What hashing algorithm should be used to generate the OTP.
+number-of-digits=de Number of Digits
+otp.number-of-digits.tooltip=de How many digits should the OTP have?
+look-ahead-window=de Look Ahead Window
+otp.look-ahead-window.tooltip=de How far ahead should the server look just in case the token generator and server are out of time sync or counter sync?
+initial-counter=de Initial Counter
+otp.initial-counter.tooltip=de What should the initial counter value be?
+otp-token-period=de OTP Token Period
+otp-token-period.tooltip=de How many seconds should an OTP token be valid? Defaults to 30 seconds.
+table-of-password-policies=de Table of Password Policies
+add-policy.placeholder=de Add policy...
+policy-type=de Policy Type
+policy-value=de Policy Value
+admin-events=de Admin Events
+admin-events.tooltip=de Displays saved admin events for the realm. Events are related to admin account, for example a realm creation. To enable persisted events go to config.
+login-events=de Login Events
+filter=de Filter
+update=de Update
+reset=de Reset
+operation-types=de Operation Types
+select-operations.placeholder=de Select operations...
+resource-path=de Resource Path
+resource-path.tooltip=de Filter by resource path. Supports wildcards '*' to match a single part of the path and '**' matches multiple parts. For example 'realms/*/clients/asbc' matches client with id asbc in any realm, while or 'realms/master/**' matches anything in the master realm.
+date-(from)=de Date (From)
+date-(to)=de Date (To)
+authentication-details=de Authentication Details
+ip-address=de IP Address
+time=de Time
+operation-type=de Operation Type
+auth=de Auth
+representation=de Representation
+register=de Register
+required-action=de Required Action
+default-action=de Default Action
+auth.default-action.tooltip=de If enabled, any new user will have this required action assigned to it.
+no-required-actions-configured=de No required actions configured
+defaults-to-id=de Defaults to id
+flows=de Flows
+bindings=de Bindings
+required-actions=de Required Actions
+password-policy=de Password Policy
+otp-policy=de OTP Policy
+user-groups=de User Groups
+default-groups=de Default Groups
+groups.default-groups.tooltip=de Set of groups that new users will automatically join.
+cut=de Cut
+paste=de Paste
+
+create-group=de Create group
+create-authenticator-execution=de Create Authenticator Execution
+create-form-action-execution=de Create Form Action Execution
+create-top-level-form=de Create Top Level Form
+flow.alias.tooltip=de Specifies display name for the flow.
+top-level-flow-type=de Top Level Flow Type
+flow.generic=de generic
+flow.client=de client
+top-level-flow-type.tooltip=de What kind of top level flow is it? Type 'client' is used for authentication of clients (applications) when generic is for users and everything else
+create-execution-flow=de Create Execution Flow
+flow-type=de Flow Type
+flow.form.type=de form
+flow-type.tooltip=de What kind of form is it
+form-provider=de Form Provider
+default-groups.tooltip=de Newly created or registered users will automatically be added to these groups
+select-a-type.placeholder=de select a type
+available-groups=de Available Groups
+available-groups.tooltip=de Select a group you want to add as a default.
+value=de Value
+table-of-group-members=de Table of group members
+last-name=de Last Name
+first-name=de First Name
+email=de Email
+toggle-navigation=de Toggle navigation
+manage-account=de Manage account
+sign-out=de Sign Out
+server-info=de Server Info
+resource-not-found=de Resource not found...
+resource-not-found.instruction=de We could not find the resource you are looking for. Please make sure the URL you entered is correct.
+go-to-the-home-page=de Go to the home page »
+page-not-found=de Page not found...
+page-not-found.instruction=de We could not find the page you are looking for. Please make sure the URL you entered is correct.
+events.tooltip=de Displays saved events for the realm. Events are related to user accounts, for example a user login. To enable persisted events go to config.
+select-event-types.placeholder=de Select event types...
+events-config.tooltip=de Displays configuration options to enable persistence of user and admin events.
+select-an-action.placeholder=de Select an action...
+event-listeners.tooltip=de Configure what listeners receive events for the realm.
+login.save-events.tooltip=de If enabled login events are saved to the database which makes events available to the admin and account management consoles.
+clear-events.tooltip=de Deletes all events in the database.
+events.expiration.tooltip=de Sets the expiration for events. Expired events are periodically deleted from the database.
+admin-events-settings=de Admin Events Settings
+save-events=de Save events
+admin.save-events.tooltip=de If enabled admin events are saved to the database which makes events available to the admin console.
+saved-types.tooltip=de Configure what event types are saved.
+include-representation=de Include Representation
+include-representation.tooltip=de Include JSON representation for create and update requests.
+clear-admin-events.tooltip=de Deletes all admin events in the database.
+server-version=de Server Version
+info=de Info
+providers=de Providers
+server-time=de Server Time
+server-uptime=de Server Uptime
+memory=de Memory
+total-memory=de Total Memory
+free-memory=de Free Memory
+used-memory=de Used Memory
+system=de System
+current-working-directory=de Current Working Directory
+java-version=de Java Version
+java-vendor=de Java Vendor
+java-runtime=de Java Runtime
+java-vm=de Java VM
+java-vm-version=de Java VM Version
+java-home=de Java Home
+user-name=de User Name
+user-timezone=de User Timezone
+user-locale=de User Locale
+system-encoding=de System Encoding
+operating-system=de Operating System
+os-architecture=de OS Architecture
+spi=de SPI
+granted-roles=de Granted Roles
+granted-protocol-mappers=de Granted Protocol Mappers
+additional-grants=de Additional Grants
+revoke=de Revoke
+new-password=de New Password
+password-confirmation=de Password Confirmation
+credentials.temporary.tooltip=de If enabled user is required to change password on next login
+remove-totp=de Remove TOTP
+credentials.remove-totp.tooltip=de Remove one time password generator for user.
+reset-actions=de Reset Actions
+credentials.reset-actions.tooltip=de Set of actions to execute when sending the user a Reset Actions Email. 'Verify email' sends an email to the user to verify their email address. 'Update profile' requires user to enter in new personal information. 'Update password' requires user to enter in a new password. 'Configure TOTP' requires setup of a mobile password generator.
+reset-actions-email=de Reset Actions Email
+send-email=de Send email
+credentials.reset-actions-email.tooltip=de Sends an email to user with an embedded link. Clicking on link will allow the user to execute the reset actions. They will not have to login prior to this. For example, set the action to update password, click this button, and the user will be able to change their password without logging in.
+add-user=de Add user
+created-at=de Created At
+user-enabled=de User Enabled
+user-enabled.tooltip=de A disabled user cannot login.
+user-temporarily-locked=de User Temporarily Locked
+user-temporarily-locked.tooltip=de The user may have been locked due to failing to login too many times.
+unlock-user=de Unlock user
+federation-link=de Federation Link
+email-verified=de Email Verified
+email-verified.tooltip=de Has the user's email been verified?
+required-user-actions=de Required User Actions
+required-user-actions.tooltip=de Require an action when the user logs in. 'Verify email' sends an email to the user to verify their email address. 'Update profile' requires user to enter in new personal information. 'Update password' requires user to enter in a new password. 'Configure TOTP' requires setup of a mobile password generator.
+locale=de Locale
+select-one.placeholder=de Select one...
+impersonate=de Impersonate
+impersonate-user=de Impersonate user
+impersonate-user.tooltip=de Login as this user. If user is in same realm as you, your current login session will be logged out before you are logged in as this user.
+identity-provider-alias=de Identity Provider Alias
+provider-user-id=de Provider User ID
+provider-username=de Provider Username
+no-identity-provider-links-available=de No identity provider links available
+group-membership=de Group Membership
+leave=de Leave
+group-membership.tooltip=de Groups user is a member of. Select a listed group and click the Leave button to leave the group.
+membership.available-groups.tooltip=de Groups a user can join. Select a group and click the join button.
+table-of-realm-users=de Table of Realm Users
+view-all-users=de View all users
+unlock-users=de Unlock users
+no-users-available=de No users available
+users.instruction=de Please enter a search, or click on view all users
+consents=de Consents
+started=de Started
+logout-all-sessions=de Logout all sessions
+logout=de Logout
+new-name=de New Name
+ok=de Ok
+attributes=de Attributes
+role-mappings=de Role Mappings
+members=de Members
+details=de Details
+identity-provider-links=de Identity Provider Links
+register-required-action=de Register required action
+gender=de Gender
+address=de Address
+phone=de Phone
+profile-url=de Profile URL
+picture-url=de Picture URL
+website=de Website
+import-keys-and-cert=de Import keys and cert
+import-keys-and-cert.tooltip=de Upload the client's key pair and cert.
+upload-keys=de Upload Keys
+download-keys-and-cert=de Download keys and cert
+no-value-assigned.placeholder=de No value assigned
+remove=de Remove
+no-group-members=de No group members
+temporary=de Temporary
+join=de Join
+event-type=de Event Type
+events-config=de Events Config
+event-listeners=de Event Listeners
+login-events-settings=de Login Events Settings
+clear-events=de Clear Events
+saved-types=de Saved Types
+clear-admin-events=de Clear admin events
+clear-changes=de Clear changes
diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
index 3adb152559..3c1a17d7dd 100755
--- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
+++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
@@ -54,7 +54,6 @@ login-username=Login Username
password=Password
login-password=Login Password
login-theme=Login Theme
-select-one=Select one...
login-theme.tooltip=Select theme for login, TOTP, grant, registration, and forgot password pages.
account-theme=Account Theme
account-theme.tooltip=Select theme for user account management pages.
@@ -118,12 +117,12 @@ realm-tab-tokens=Tokens
realm-tab-client-initial-access=Initial Access Tokens
realm-tab-security-defenses=Security Defenses
realm-tab-general=General
-add-realm=Add Realm
+add-realm=Add realm
#Session settings
realm-sessions=Realm Sessions
revocation=Revocation
-logout-all=Logout All
+logout-all=Logout all
active-sessions=Active Sessions
sessions=Sessions
not-before=Not Before
@@ -148,7 +147,7 @@ tokenClaimName.tooltip=Name of the claim to insert into the token. This can be
jsonType.label=Claim JSON Type
jsonType.tooltip=JSON type that should be used to populate the json claim in the token. long, int, boolean, and String are valid values.
includeInIdToken.label=Add to ID token
-includeInIdTokenTooltip.Should the claim be added to the ID token?
+includeInIdToken.tooltip=Should the claim be added to the ID token?
includeInAccessToken.label=Add to access token
includeInAccessToken.tooltip=Should the claim be added to the access token?
@@ -171,7 +170,7 @@ select-file=Select file
view-details=View details
clear-import=Clear import
client-id.tooltip=Specifies ID referenced in URI and tokens. For example 'my-client'. For SAML this is also the expected issuer value from authn requests
-client.name.tooltip=Specifies display name of the client. For example 'My Client'. Supports keys for localized values as well. For example\: ${my_client}
+client.name.tooltip=Specifies display name of the client. For example 'My Client'. Supports keys for localized values as well. For example\\: ${my_client}
client.enabled.tooltip=Disabled clients cannot initiate a login or have obtain access tokens.
consent-required=Consent Required
consent-required.tooltip=If enabled users have to consent to client access.
@@ -374,14 +373,14 @@ service-account-is-not-enabled-for=Service account is not enabled for {{client}}
create-protocol-mappers=Create Protocol Mappers
create-protocol-mapper=Create Protocol Mapper
protocol=Protocol
-protocol.tooltip=Protocol.
+protocol.tooltip=Protocol...
id=ID
mapper.name.tooltip=Name of the mapper.
mapper.consent-required.tooltip=When granting temporary access, must the user consent to providing this data to the client?
consent-text=Consent Text
consent-text.tooltip=Text to display on consent page.
mapper-type=Mapper Type
-
+mapper-type.tooltip=Type of the mapper
# realm identity providers
identity-providers=Identity Providers
table-of-identity-providers=Table of identity providers
@@ -488,14 +487,14 @@ realm=Realm
identity-provider-mappers=Identity Provider Mappers
create-identity-provider-mapper=Create Identity Provider Mapper
add-identity-provider-mapper=Add Identity Provider Mapper
-client.description.tooltip=Specifies description of the client. For example 'My Client for TimeSheets'. Supports keys for localized values as well. For example\: ${my_client_description}
+client.description.tooltip=Specifies description of the client. For example 'My Client for TimeSheets'. Supports keys for localized values as well. For example\\: ${my_client_description}
expires=Expires
expiration=Expiration
expiration.tooltip=Specifies how long the token should be valid
count=Count
count.tooltip=Specifies how many clients can be created using the token
-remainingCount=Remaining count
+remainingCount=Remaining Count
created=Created
back=Back
initial-access-tokens=Initial Access Tokens
@@ -505,3 +504,402 @@ initial-access.copyPaste.tooltip=Copy/paste the initial access token before navi
continue=Continue
initial-access-token.confirm.title=Copy Initial Access Token
initial-access-token.confirm.text=Please copy and paste the initial access token before confirming as it can't be retrieved later
+
+client-templates=Client Templates
+client-templates.tooltip=Client templates allow you to define common configuration that is shared between multiple clients
+
+groups=Groups
+
+group.add-selected.tooltip=Realm roles that can be assigned to the group.
+group.assigned-roles.tooltip=Realm roles mapped to the group
+group.effective-roles.tooltip=All realm role mappings. Some roles here might be inherited from a mapped composite role.
+group.available-roles.tooltip=Assignable roles from this client.
+group.assigned-roles-client.tooltip=Role mappings for this client.
+group.effective-roles-client.tooltip=Role mappings for this client. Some roles here might be inherited from a mapped composite role.
+
+default-roles=Default Roles
+no-realm-roles-available=No realm roles available
+
+users=Users
+user.add-selected.tooltip=Realm roles that can be assigned to the user.
+user.assigned-roles.tooltip=Realm roles mapped to the user
+user.effective-roles.tooltip=All realm role mappings. Some roles here might be inherited from a mapped composite role.
+user.available-roles.tooltip=Assignable roles from this client.
+user.assigned-roles-client.tooltip=Role mappings for this client.
+user.effective-roles-client.tooltip=Role mappings for this client. Some roles here might be inherited from a mapped composite role.
+default.available-roles.tooltip=Realm level roles that can be assigned.
+realm-default-roles=Realm Default Roles
+realm-default-roles.tooltip=Realm level roles assigned to new users.
+default.available-roles-client.tooltip=Roles from this client that are assignable as a default.
+client-default-roles=Client Default Roles
+client-default-roles.tooltip=Roles from this client assigned as a default role.
+composite.available-roles.tooltip=Realm level roles associated with this composite role.
+composite.associated-roles.tooltip=Realm level roles associated with this composite role.
+composite.available-roles-client.tooltip=Roles from this client that you can associate to this composite role.
+composite.associated-roles-client.tooltip=Client roles associated with this composite role.
+partial-import=Partial Import
+
+file=File
+import-from-realm=Import from realm
+import-users=Import users
+import-clients=Import clients
+import-identity-providers=Import identity providers
+import-realm-roles=Import realm roles
+import-client-roles=Import client roles
+if-resource-exists=If a resource exists
+fail=Fail
+skip=Skip
+overwrite=Overwrite
+if-resource-exists.tooltip=Specify what should be done if you try to import a resource that already exists.
+
+action=Action
+role-selector=Role Selector
+realm-roles.tooltip=Realm roles that can be selected.
+
+select-a-role=Select a role
+select-realm-role=Select realm role
+client-roles.tooltip=Client roles that can be selected.
+select-client-role=Select client role
+
+client-template=Client Template
+client-template.tooltip=Client template this client inherits configuration from
+client-saml-endpoint=Client SAML Endpoint
+add-client-template=Add client template
+
+manage=Manage
+authentication=Authentication
+user-federation=User Federation
+events=Events
+realm-settings=Realm Settings
+configure=Configure
+select-realm=Select realm
+add=Add
+
+client-template.name.tooltip=Name of the client template. Must be unique in the realm
+client-template.description.tooltip=Description of the client template
+client-template.protocol.tooltip=Which SSO protocol configuration is being supplied by this client template
+
+add-user-federation-provider=Add user federation provider
+required-settings=Required Settings
+provider-id=Provider ID
+console-display-name=Console Display Name
+console-display-name.tooltip=Display name of provider when linked in admin console.
+priority=Priority
+priority.tooltip=Priority of provider when doing a user lookup. Lowest first.
+sync-settings=Sync Settings
+periodic-full-sync=Periodic Full Sync
+periodic-full-sync.tooltip=Does periodic full synchronization of provider users to Keycloak should be enabled or not
+full-sync-period=Full Sync Period
+full-sync-period.tooltip=Period for full synchronization in seconds
+periodic-changed-users-sync=Periodic Changed Users Sync
+periodic-changed-users-sync.tooltip=Does periodic synchronization of changed or newly created provider users to Keycloak should be enabled or not
+changed-users-sync-period=Changed Users Sync Period
+changed-users-sync-period.tooltip=Period for synchronization of changed or newly created provider users in seconds
+synchronize-changed-users=Synchronize changed users
+synchronize-all-users=Synchronize all users
+kerberos-realm=Kerberos Realm
+kerberos-realm.tooltip=Name of kerberos realm. For example FOO.ORG
+server-principal=Server Principal
+server-principal.tooltip=Full name of server principal for HTTP service including server and domain name. For example HTTP/host.foo.org@FOO.ORG
+keytab=KeyTab
+keytab.tooltip=Location of Kerberos KeyTab file containing the credentials of server principal. For example /etc/krb5.keytab
+debug=Debug
+debug.tooltip=Enable/disable debug logging to standard output for Krb5LoginModule.
+allow-password-authentication=Allow Password Authentication
+allow-password-authentication.tooltip=Enable/disable possibility of username/password authentication against Kerberos database
+edit-mode=Edit Mode
+edit-mode.tooltip=READ_ONLY means that password updates are not allowed and user always authenticates with Kerberos password. UNSYNCED means user can change his password in Keycloak database and this one will be used instead of Kerberos password then
+ldap.edit-mode.tooltip=READ_ONLY is a read only LDAP store. WRITABLE means data will be synced back to LDAP on demand. UNSYNCED means user data will be imported, but not synced back to LDAP.
+update-profile-first-login=Update Profile First Login
+update-profile-first-login.tooltip=Update profile on first login
+sync-registrations=Sync Registrations
+ldap.sync-registrations.tooltip=Should newly created users be created within LDAP store? Priority effects which provider is chose to sync the new user.
+vendor=Vendor
+ldap.vendor.tooltip=LDAP vendor (provider)
+username-ldap-attribute=Username LDAP attribute
+ldap-attribute-name-for-username=LDAP attribute name for username
+username-ldap-attribute.tooltip=Name of LDAP attribute, which is mapped as Keycloak username. For many LDAP server vendors it can be 'uid'. For Active directory it can be 'sAMAccountName' or 'cn'. The attribute should be filled for all LDAP user records you want to import from LDAP to Keycloak.
+rdn-ldap-attribute=RDN LDAP attribute
+ldap-attribute-name-for-user-rdn=LDAP attribute name for user RDN
+rdn-ldap-attribute.tooltip=Name of LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as Username LDAP attribute, however it's not required. For example for Active directory it's common to use 'cn' as RDN attribute when username attribute might be 'sAMAccountName'.
+uuid-ldap-attribute=UUID LDAP attribute
+ldap-attribute-name-for-uuid=LDAP attribute name for UUID
+uuid-ldap-attribute.tooltip=Name of LDAP attribute, which is used as unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors it's 'entryUUID' however some are different. For example for Active directory it should be 'objectGUID'. If your LDAP server really doesn't support the notion of UUID, you can use any other attribute, which is supposed to be unique among LDAP users in tree. For example 'uid' or 'entryDN'.
+user-object-classes=User Object Classes
+ldap-user-object-classes.placeholder=LDAP User Object Classes (div. by comma)
+
+ldap-connection-url=LDAP connection URL
+ldap-users-dn=LDAP Users DN
+ldap-bind-dn=LDAP Bind DN
+ldap-bind-credentials=LDAP Bind Credentials
+ldap-filter=LDAP Filter
+ldap.user-object-classes.tooltip=All values of LDAP objectClass attribute for users in LDAP divided by comma. For example: 'inetOrgPerson, organizationalPerson' . Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records are found just if they contain all those object classes.
+
+connection-url=Connection URL
+ldap.connection-url.tooltip=Connection URL to your LDAP server
+test-connection=Test connection
+users-dn=Users DN
+ldap.users-dn.tooltip=Full DN of LDAP tree where your users are. This DN is parent of LDAP users. It could be for example 'ou=users,dc=example,dc=com' assuming that your typical user will have DN like 'uid=john,ou=users,dc=example,dc=com'
+authentication-type=Authentication Type
+ldap.authentication-type.tooltip=LDAP Authentication type. Right now just 'none' (anonymous LDAP authentication) or 'simple' (Bind credential + Bind password authentication) mechanisms are available
+bind-dn=Bind DN
+ldap.bind-dn.tooltip=DN of LDAP admin, which will be used by Keycloak to access LDAP server
+bind-credential=Bind Credential
+ldap.bind-credential.tooltip=Password of LDAP admin
+test-authentication=Test authentication
+custom-user-ldap-filter=Custom User LDAP Filter
+ldap.custom-user-ldap-filter.tooltip=Additional LDAP Filter for filtering searched users. Leave this empty if you don't need additional filter. Make sure that it starts with '(' and ends with ')'
+search-scope=Search Scope
+ldap.search-scope.tooltip=For one level, we search for users just in DNs specified by User DNs. For subtree, we search in whole of their subtree. See LDAP documentation for more details
+connection-pooling=Connection Pooling
+ldap.connection-pooling.tooltip=Does Keycloak should use connection pooling for accessing LDAP server
+ldap.pagination.tooltip=Does the LDAP server support pagination.
+kerberos-integration=Kerberos Integration
+allow-kerberos-authentication=Allow Kerberos authentication
+ldap.allow-kerberos-authentication.tooltip=Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will be provisioned from this LDAP server
+use-kerberos-for-password-authentication=Use Kerberos For Password Authentication
+ldap.use-kerberos-for-password-authentication.tooltip=Use Kerberos login module for authenticate username/password against Kerberos server instead of authenticating against LDAP server with Directory Service API
+batch-size=Batch Size
+ldap.batch-size.tooltip=Count of LDAP users to be imported from LDAP to Keycloak within single transaction.
+ldap.periodic-full-sync.tooltip=Does periodic full synchronization of LDAP users to Keycloak should be enabled or not
+ldap.periodic-changed-users-sync.tooltip=Does periodic synchronization of changed or newly created LDAP users to Keycloak should be enabled or not
+ldap.changed-users-sync-period.tooltip=Period for synchronization of changed or newly created LDAP users in seconds
+user-federation-mappers=User Federation Mappers
+create-user-federation-mapper=Create user federation mapper
+add-user-federation-mapper=Add user federation mapper
+provider-name=Provider Name
+no-user-federation-providers-configured=No user federation providers configured
+add-identity-provider=Add identity provider
+add-identity-provider-link=Add identity provider link
+identity-provider=Identity Provider
+identity-provider-user-id=Identity Provider User ID
+identity-provider-user-id.tooltip=Unique ID of the user on the Identity Provider side
+identity-provider-username=Identity Provider Username
+identity-provider-username.tooltip=Username on the Identity Provider side
+pagination=Pagination
+
+browser-flow=Browser Flow
+browser-flow.tooltip=Select the flow you want to use for browser authentication.
+registration-flow=Registration Flow
+registration-flow.tooltip=Select the flow you want to use for registration.
+direct-grant-flow=Direct Grant Flow
+direct-grant-flow.tooltip=Select the flow you want to use for direct grant authentication.
+reset-credentials=Reset Credentials
+reset-credentials.tooltip=Select the flow you want to use when the user has forgotten their credentials.
+client-authentication=Client Authentication
+client-authentication.tooltip=Select the flow you want to use for authentication of clients.
+new=New
+copy=Copy
+add-execution=Add execution
+add-flow=Add flow
+auth-type=Auth Type
+requirement=Requirement
+config=Config
+no-executions-available=No executions available
+authentication-flows=Authentication Flows
+create-authenticator-config=Create authenticator config
+authenticator.alias.tooltip=Name of the configuration
+otp-type=OTP Type
+time-based=Time Based
+counter-based=Counter Based
+otp-type.tooltip=totp is Time-Based One Time Password. 'hotp' is a counter base one time password in which the server keeps a counter to hash against.
+otp-hash-algorithm=OTP Hash Algorithm
+otp-hash-algorithm.tooltip=What hashing algorithm should be used to generate the OTP.
+number-of-digits=Number of Digits
+otp.number-of-digits.tooltip=How many digits should the OTP have?
+look-ahead-window=Look Ahead Window
+otp.look-ahead-window.tooltip=How far ahead should the server look just in case the token generator and server are out of time sync or counter sync?
+initial-counter=Initial Counter
+otp.initial-counter.tooltip=What should the initial counter value be?
+otp-token-period=OTP Token Period
+otp-token-period.tooltip=How many seconds should an OTP token be valid? Defaults to 30 seconds.
+table-of-password-policies=Table of Password Policies
+add-policy.placeholder=Add policy...
+policy-type=Policy Type
+policy-value=Policy Value
+admin-events=Admin Events
+admin-events.tooltip=Displays saved admin events for the realm. Events are related to admin account, for example a realm creation. To enable persisted events go to config.
+login-events=Login Events
+filter=Filter
+update=Update
+reset=Reset
+operation-types=Operation Types
+select-operations.placeholder=Select operations...
+resource-path=Resource Path
+resource-path.tooltip=Filter by resource path. Supports wildcards '*' to match a single part of the path and '**' matches multiple parts. For example 'realms/*/clients/asbc' matches client with id asbc in any realm, while or 'realms/master/**' matches anything in the master realm.
+date-(from)=Date (From)
+date-(to)=Date (To)
+authentication-details=Authentication Details
+ip-address=IP Address
+time=Time
+operation-type=Operation Type
+auth=Auth
+representation=Representation
+register=Register
+required-action=Required Action
+default-action=Default Action
+auth.default-action.tooltip=If enabled, any new user will have this required action assigned to it.
+no-required-actions-configured=No required actions configured
+defaults-to-id=Defaults to id
+flows=Flows
+bindings=Bindings
+required-actions=Required Actions
+password-policy=Password Policy
+otp-policy=OTP Policy
+user-groups=User Groups
+default-groups=Default Groups
+groups.default-groups.tooltip=Set of groups that new users will automatically join.
+cut=Cut
+paste=Paste
+
+create-group=Create group
+create-authenticator-execution=Create Authenticator Execution
+create-form-action-execution=Create Form Action Execution
+create-top-level-form=Create Top Level Form
+flow.alias.tooltip=Specifies display name for the flow.
+top-level-flow-type=Top Level Flow Type
+flow.generic=generic
+flow.client=client
+top-level-flow-type.tooltip=What kind of top level flow is it? Type 'client' is used for authentication of clients (applications) when generic is for users and everything else
+create-execution-flow=Create Execution Flow
+flow-type=Flow Type
+flow.form.type=form
+flow-type.tooltip=What kind of form is it
+form-provider=Form Provider
+default-groups.tooltip=Newly created or registered users will automatically be added to these groups
+select-a-type.placeholder=select a type
+available-groups=Available Groups
+available-groups.tooltip=Select a group you want to add as a default.
+value=Value
+table-of-group-members=Table of group members
+last-name=Last Name
+first-name=First Name
+email=Email
+toggle-navigation=Toggle navigation
+manage-account=Manage account
+sign-out=Sign Out
+server-info=Server Info
+resource-not-found=Resource not found...
+resource-not-found.instruction=We could not find the resource you are looking for. Please make sure the URL you entered is correct.
+go-to-the-home-page=Go to the home page »
+page-not-found=Page not found...
+page-not-found.instruction=We could not find the page you are looking for. Please make sure the URL you entered is correct.
+events.tooltip=Displays saved events for the realm. Events are related to user accounts, for example a user login. To enable persisted events go to config.
+select-event-types.placeholder=Select event types...
+events-config.tooltip=Displays configuration options to enable persistence of user and admin events.
+select-an-action.placeholder=Select an action...
+event-listeners.tooltip=Configure what listeners receive events for the realm.
+login.save-events.tooltip=If enabled login events are saved to the database which makes events available to the admin and account management consoles.
+clear-events.tooltip=Deletes all events in the database.
+events.expiration.tooltip=Sets the expiration for events. Expired events are periodically deleted from the database.
+admin-events-settings=Admin Events Settings
+save-events=Save Events
+admin.save-events.tooltip=If enabled admin events are saved to the database which makes events available to the admin console.
+saved-types.tooltip=Configure what event types are saved.
+include-representation=Include Representation
+include-representation.tooltip=Include JSON representation for create and update requests.
+clear-admin-events.tooltip=Deletes all admin events in the database.
+server-version=Server Version
+info=Info
+providers=Providers
+server-time=Server Time
+server-uptime=Server Uptime
+memory=Memory
+total-memory=Total Memory
+free-memory=Free Memory
+used-memory=Used Memory
+system=System
+current-working-directory=Current Working Directory
+java-version=Java Version
+java-vendor=Java Vendor
+java-runtime=Java Runtime
+java-vm=Java VM
+java-vm-version=Java VM Version
+java-home=Java Home
+user-name=User Name
+user-timezone=User Timezone
+user-locale=User Locale
+system-encoding=System Encoding
+operating-system=Operating System
+os-architecture=OS Architecture
+spi=SPI
+granted-roles=Granted Roles
+granted-protocol-mappers=Granted Protocol Mappers
+additional-grants=Additional Grants
+revoke=Revoke
+new-password=New Password
+password-confirmation=Password Confirmation
+credentials.temporary.tooltip=If enabled user is required to change password on next login
+remove-totp=Remove TOTP
+credentials.remove-totp.tooltip=Remove one time password generator for user.
+reset-actions=Reset Actions
+credentials.reset-actions.tooltip=Set of actions to execute when sending the user a Reset Actions Email. 'Verify email' sends an email to the user to verify their email address. 'Update profile' requires user to enter in new personal information. 'Update password' requires user to enter in a new password. 'Configure TOTP' requires setup of a mobile password generator.
+reset-actions-email=Reset Actions Email
+send-email=Send email
+credentials.reset-actions-email.tooltip=Sends an email to user with an embedded link. Clicking on link will allow the user to execute the reset actions. They will not have to login prior to this. For example, set the action to update password, click this button, and the user will be able to change their password without logging in.
+add-user=Add user
+created-at=Created At
+user-enabled=User Enabled
+user-enabled.tooltip=A disabled user cannot login.
+user-temporarily-locked=User Temporarily Locked
+user-temporarily-locked.tooltip=The user may have been locked due to failing to login too many times.
+unlock-user=Unlock user
+federation-link=Federation Link
+email-verified=Email Verified
+email-verified.tooltip=Has the user's email been verified?
+required-user-actions=Required User Actions
+required-user-actions.tooltip=Require an action when the user logs in. 'Verify email' sends an email to the user to verify their email address. 'Update profile' requires user to enter in new personal information. 'Update password' requires user to enter in a new password. 'Configure TOTP' requires setup of a mobile password generator.
+locale=Locale
+select-one.placeholder=Select one...
+impersonate=Impersonate
+impersonate-user=Impersonate user
+impersonate-user.tooltip=Login as this user. If user is in same realm as you, your current login session will be logged out before you are logged in as this user.
+identity-provider-alias=Identity Provider Alias
+provider-user-id=Provider User ID
+provider-username=Provider Username
+no-identity-provider-links-available=No identity provider links available
+group-membership=Group Membership
+leave=Leave
+group-membership.tooltip=Groups user is a member of. Select a listed group and click the Leave button to leave the group.
+membership.available-groups.tooltip=Groups a user can join. Select a group and click the join button.
+table-of-realm-users=Table of Realm Users
+view-all-users=View all users
+unlock-users=Unlock users
+no-users-available=No users available
+users.instruction=Please enter a search, or click on view all users
+consents=Consents
+started=Started
+logout-all-sessions=Logout all sessions
+logout=Logout
+new-name=New Name
+ok=Ok
+attributes=Attributes
+role-mappings=Role Mappings
+members=Members
+details=Details
+identity-provider-links=Identity Provider Links
+register-required-action=Register required action
+gender=Gender
+address=Address
+phone=Phone
+profile-url=Profile URL
+picture-url=Picture URL
+website=Website
+import-keys-and-cert=Import keys and cert
+import-keys-and-cert.tooltip=Upload the client's key pair and cert.
+upload-keys=Upload Keys
+download-keys-and-cert=Download keys and cert
+no-value-assigned.placeholder=No value assigned
+remove=Remove
+no-group-members=No group members
+temporary=Temporary
+join=Join
+event-type=Event Type
+events-config=Events Config
+event-listeners=Event Listeners
+login-events-settings=Login Events Settings
+clear-events=Clear events
+saved-types=Saved Types
+clear-admin-events=Clear admin events
+clear-changes=Clear changes
+
diff --git a/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js b/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
index f300616aa4..5531c00954 100755
--- a/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
+++ b/themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
@@ -390,6 +390,7 @@ module.controller('RealmThemeCtrl', function($scope, Current, Realm, realm, serv
});
module.controller('RealmCacheCtrl', function($scope, realm, RealmClearUserCache, RealmClearRealmCache, Notifications) {
+ $scope.realm = angular.copy(realm);
$scope.clearUserCache = function() {
RealmClearUserCache.save({ realm: realm.realm}, function () {
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/authentication-flow-bindings.html b/themes/src/main/resources/theme/base/admin/resources/partials/authentication-flow-bindings.html
index 59a211f3de..8a9d0e1ecd 100755
--- a/themes/src/main/resources/theme/base/admin/resources/partials/authentication-flow-bindings.html
+++ b/themes/src/main/resources/theme/base/admin/resources/partials/authentication-flow-bindings.html
@@ -1,66 +1,66 @@