{ "fullName": "{{givenName}} {{familyName}}", "unknownUser": "Anonymous", "add": "Add", "yes": "Yes", "no": "No", "create": "Create", "save": "Save", "revert": "Revert", "cancel": "Cancel", "reload": "Reload", "continue": "Continue", "close": "Close", "delete": "Delete", "reset": "Reset", "remove": "Remove", "revoke": "Revoke", "search": "Search", "key": "Key", "value": "Value", "noSearchResults": "No search results", "noSearchResultsInstructions": "Click on the search bar above to search for groups", "clearAllFilters": "Clear all filters", "next": "Next", "back": "Back", "finish": "Finish", "skipCustomizationAndFinish": "Skip customization and finish", "export": "Export", "action": "Action", "download": "Download", "resourceFile": "Resource file", "clear": "Clear", "clearFile": "Clear this file", "clearFileExplain": "Are you sure you want to clear this file?", "on": "On", "off": "Off", "edit": "Edit", "enabled": "Enabled", "disabled": "Disabled", "disable": "Disable", "selectOne": "Select an option", "select": "Select", "choose": "Choose...", "any": "Any", "none": "None", "signOut": "Sign out", "manageAccount": "Manage account", "serverInfo": "Server info", "realmInfo": "Realm info", "help": "Help", "helpLabel": "More help for '{{label}}'", "helpEnabled": "Help on", "helpDisabled": "Help off", "documentation": "Documentation", "enableHelpMode": "Enable help mode", "enableHelp": "Help is enabled", "learnMore": "Learn more", "show": "Show", "hide": "Hide", "showRemaining": "Show ${remaining}", "more": "{{count}} more", "test": "Test", "testConnection": "Test connection", "name": "Name", "role": "Role", "description": "Description", "type": "Type", "category": "Category", "priority": "Priority", "unexpectedError": "An unexpected error occurred: '{{error}}'", "retry": "Press here to refresh and continue", "plus": "Plus", "minus": "Minus", "confirm": "Confirm", "clientScope": "Client scope", "allTypes": "All types", "home": "Home", "manage": "Manage", "clients": "Clients", "clientScopes": "Client scopes", "realmRoles": "Realm roles", "clientRoles": "Client roles", "users": "Users", "groups": "Groups", "sessions": "Sessions", "events": "Events", "mappers": "Mappers", "permissions": "Permissions", "permissionsList": "Permission list", "permissionsListIntro": "Edit the permission list by clicking the scope-name. It then redirects to the permission details page of the client named <1>{{realm}}", "usersPermissionsHint": "Fine grained permissions for managing all users in realm. You can define different policies for who is allowed to manage users in the realm.", "clientsPermissionsHint": "Fine grained permissions for administrators that want to manage this client or apply roles defined by this client.", "groupsPermissionsHint": "Determines if fine grained permissions are enabled for managing this role. Disabling will delete all current permissions that have been set up.", "rolesPermissionsHint": "Determines if fine grained permissions are enabled for managing this role. Disabling will delete all current permissions that have been set up.", "identityProvidersPermissionsHint": "Determines if fine grained permissions are enabled for managing this role. Disabling will delete all current permissions that have been set up.", "permissionsScopeName": "Scope-name", "permissionsEnabled": "Permissions enabled", "permissionsDisable": "Disable permissions?", "permissionsDisableConfirm": "If you disable the permissions, all the permissions in the list below will be delete automatically. In addition, the resources and scopes that are related will be removed", "scopePermissions": { "clients": { "manage-description": "Policies that decide if an administrator can manage this client", "configure-description": "Reduced management permissions for administrator. Cannot set scope, template, or protocol mappers.", "view-description": "Policies that decide if an administrator can view this client", "map-roles-description": "Policies that decide if an administrator can map roles defined by this client", "map-roles-client-scope-description": "Policies that decide if an administrator can apply roles defined by this client to the client scope of another client", "map-roles-composite-description": "Policies that decide if an administrator can apply roles defined by this client as a composite to another role", "token-exchange-description": "Policies that decide which clients are allowed exchange tokens for a token that is targeted to this client." }, "users": { "view-description": "Policies that decide if an administrator can view all users in realm", "manage-description": "Policies that decide if an administrator can manage all users in the realm", "map-roles-description": "Policies that decide if administrator can map roles for all users", "manage-group-membership-description": "Policies that decide if an administrator can manage group membership for all users in the realm. This is used in conjunction with specific group policy", "impersonate-description": "Policies that decide if administrator can impersonate other users", "user-impersonated-description": "Policies that decide which users can be impersonated. These policies are applied to the user being impersonated." }, "groups": { "view-description": "Policies that decide if an administrator can view this group", "manage-description": "Policies that decide if an administrator can manage this group", "view-members-description": "Policies that decide if an administrator can view the members of this group", "manage-members-description": "Policies that decide if an administrator can manage the members of this group", "manage-membership-description": "Policies that decide if an administrator can add or remove users from this group" }, "roles": { "map-role-description": "Policies that decide if an administrator can map this role to a user or group", "map-role-client-scope-description": "Policies that decide if an administrator can apply this role to the client scope of a client", "map-role-composite-description": "Policies that decide if an administrator can apply this role as a composite to another role" }, "identityProviders": { "token-exchange-description": "Policies that decide which clients are allowed exchange tokens for an external token minted by this identity provider." } }, "configure": "Configure", "realmSettings": "Realm settings", "authentication": "Authentication", "identityProviders": "Identity providers", "userFederation": "User federation", "settings": "Settings", "details": "Details", "required": "Required field", "maxLength": "Max length {{length}}", "lessThan": "Must be less than {{value}}", "greaterThan": "Must be greater than {{value}}", "createRealm": "Create realm", "recent": "Recent", "jumpToSection": "Jump to section", "Sunday": "Sunday", "Monday": "Monday", "Tuesday": "Tuesday", "Wednesday": "Wednesday", "Thursday": "Thursday", "Friday": "Friday", "Saturday": "Saturday", "filterByRoles": "Filter by realm roles", "filterByClients": "Filter by clients", "assignRole": "Assign role", "assign": "Assign", "unAssignRole": "Unassign", "hideInheritedRoles": "Hide inherited roles", "assignRolesTo": "Assign roles to {{client}}", "inherent": "Inherited", "unitLabel": "Select a time unit", "times": { "seconds": "Seconds", "minutes": "Minutes", "hours": "Hours", "days": "Days", "years": "Years" }, "attributes": "Attributes", "missingAttributes": "No attributes have been defined yet. Click the below button to add attributes, key and value are required for a key pair.", "addAttribute": "Add an attribute", "removeAttribute": "Remove attribute", "keyPlaceholder": "Type a key", "valuePlaceholder": "Type a value", "keyError": "A key must be provided.", "valueError": "A value must be provided.", "credentials": "Credentials", "clientId": "Client ID", "clientName": "Name", "id": "ID", "addMapper": "Add mapper", "createNewMapper": "Create new mapper", "searchForMapper": "Search for mapper", "mapperType": "Mapper type", "mappingDeletedSuccess": "Mapping successfully deleted", "mappingDeletedError": "Could not delete mapping: '{{error}}'", "mappingDetails": "Mapper details", "mappingUpdatedSuccess": "Mapping successfully updated", "mappingUpdatedError": "Could not update mapping: '{{error}}'", "mappingCreatedSuccess": "Mapping successfully created", "mappingCreatedError": "Could not create mapping: '{{error}}'", "deleteMappingTitle": "Delete mapping?", "deleteMappingConfirm": "Are you sure you want to delete this mapping?", "emptyMappers": "No mappers", "emptyMappersInstructions": "If you want to add mappers, please click the button below to add some predefined mappers or to configure a new mapper.", "emptyPrimaryAction": "Add predefined mapper", "leave": "Leave", "reorder": "Reorder", "onDragStart": "Dragging started for item {{item}}", "onDragMove": "Dragging item {{item}}", "onDragCancel": "Dragging cancelled. List is unchanged.", "onDragFinish": "Dragging finished {{list}}", "notFound": "Could not find the resource that you are looking for", "password": "Password", "passwordConfirmation": "Password confirmation", "temporaryPassword": "Temporary", "temporaryPasswordHelpText": "If enabled, the user must change the password on next login", "forbidden_one": "Forbidden, permission needed:", "forbidden_other": "Forbidden, permissions needed:", "noRealmRolesToAssign": "There are no realm roles to assign", "loadingRealms": "Loading realmsā€¦", "customAttribute": "Custom Attributeā€¦", "helpToggleInfo": "This toggle will enable / disable part of the help info in the UI. Includes any help text, links and popovers.", "showPassword": "Show password field in clear text", "helpFileUpload": "Upload a JSON file", "helpFileUploadClient": "Upload a JSON or XML file", "dragHelp": "Press space or enter to begin dragging, and use the arrow keys to navigate up or down. Press enter to confirm the drag, or any other key to cancel the drag operation.", "realmName": "Realm name", "welcome": "Welcome to", "introduction": "If you want to leave this page and manage this realm, please click the corresponding menu items in the left navigation bar.", "version": "Version", "product": "Product", "profile": "Profile", "enabledFeatures": "Enabled features", "experimental": "Experimental", "preview": "Preview", "supported": "Supported", "infoEnabledFeatures": "Shows enabled preview and experimental features.", "infoDisabledFeatures": "Shows all disabled features.", "disabledFeatures": "Disabled features", "providerInfo": "Provider info", "providers": "Add providers", "spi": "SPI", "showMore": "Show more", "showLess": "Show less", "memory": "Memory", "totalMemory": "Total memory", "freeMemory": "Free memory", "usedMemory": "Used memory", "protocolTypes": { "all": "All", "saml": "SAML", "openid-connect": "OpenID Connect" }, "protocol": "Protocol", "copy": "Copy", "copied": "Authorization details copied.", "copyError": "Error copying authorization details: {{error}}", "exportAuthDetailsSuccess": "Successfully exported authorization details.", "exportAuthDetailsError": "Error exporting authorization details: {{error}}", "clientType": "Client type", "clientAuthorization": "Authorization", "implicitFlow": "Implicit flow", "createClient": "Create client", "importClient": "Import client", "homeURL": "Home URL", "webOrigins": "Web origins", "addWebOrigins": "Add web origins", "adminURL": "Admin URL", "formatOption": "Format option", "encryptAssertions": "Encrypt assertions", "clientSignature": "Client signature required", "downloadAdaptorTitle": "Download adaptor configs", "privateKeyMask": "PRIVATE KEY NOT SET UP OR KNOWN", "keys": "Keys", "roles": "Roles", "createRole": "Create role", "noRoles": "No roles for this user", "noRolesInstructions": "You haven't assigned any roles to this user. Assign a role to get started.", "addClientScope": "Add client scope", "dedicatedScopeName": "{{clientName}}-dedicated", "dedicatedScopeDescription": "Dedicated scope and mappers for this client", "dedicatedScopes": "Dedicated scopes", "fullScopeAllowed": "Full scope allowed", "addClientScopesTo": "Add client scopes to {{clientName}}", "clientScopeRemoveSuccess": "Scope mapping successfully removed", "clientScopeRemoveError": "Could not remove the scope mapping {{error}}", "clientScopeSuccess": "Scope mapping updated", "clientScopeError": "Could not update scope mapping {{error}}", "searchByName": "Search by name", "setup": "Setup", "selectAUser": "Select a user", "selectARole": "Select a role", "client": "Client", "evaluateError": "Could not evaluate due to: {{error}}", "evaluate": "Evaluate", "reevaluate": "Re-evaluate", "showAuthData": "Show authorization data", "authData": "Authorization data", "authDataDescription": "Represents a token carrying authorization data as a result of the processing of an authorization request. This representation is basically what Keycloak issues to clients asking for permission. Check the `authorization` claim for the permissions that where granted based on the current authorization request. ", "results": "Results", "allResults": "All results", "resultPermit": "Result-Permit", "resultDeny": "Result-Deny", "permit": "Permit", "deny": "Deny", "unanimous": "Unanimous", "affirmative": "Affirmative", "consensus": "Consensus", "votedToStatus": " voted to {{status}}", "overallResults": "Overall Results", "grantedScopes": "Granted scopes", "deniedScopes": "Denied scopes", "permission": "Permission", "lastEvaluation": "Last Evaluation", "resourcesAndScopes": "Resources and Scopes", "authScopes": "Authorization scopes", "authDetails": "Authorization details", "anyResource": "Any resource", "anyScope": "Any scope", "selectScope": "Select a scope", "applyToResourceType": "Apply to Resource Type", "contextualInfo": "Contextual Information", "contextualAttributes": "Contextual Attributes", "selectOrTypeAKey": "Select or type a key", "custom": "Custom Attribute...", "kc": { "identity": { "authc": { "method": "Authentication Method" } }, "realm": { "name": "Realm" }, "time": { "date_time": "Date/Time (MM/dd/yyyy hh:mm:ss)" }, "client": { "network": { "ip_address": "Client IPv4 Address", "host": "Client Host" }, "user_agent": "Client/User Agent" } }, "oneTimePassword": "One-Time Password", "kerberos": "Kerberos", "removeMappingTitle": "Remove role?", "removeMappingConfirm_one": "Are you sure you want to remove this role?", "removeMappingConfirm_other": "Are you sure you want to remove {{count}} roles", "clientScopeSearch": { "name": "Name", "type": "Assigned type", "protocol": "Protocol" }, "authorization": "Authorization", "policyEnforcementMode": "Policy enforcement mode", "policyEnforcementModes": { "ENFORCING": "Enforcing", "PERMISSIVE": "Permissive", "DISABLED": "Disabled" }, "decisionStrategy": "Decision strategy", "decisionStrategies": { "UNANIMOUS": "Unanimous", "AFFIRMATIVE": "Affirmative", "CONSENSUS": "Consensus" }, "importResources": "The following settings and data will be imported:", "importWarning": "The data and settings imported above may overwrite the data and settings that already exist.", "importResourceSuccess": "The resource was successfully imported", "importResourceError": "Could not import the resource due to {{error}}", "createResource": "Create resource", "resourceDetails": "Resource details", "emptyPermissions": "No permissions", "emptyPermissionInstructions": "If you want to create a permission, please click the button below to create a resource-based or scope-based permission.", "noScopeCreateHint": "You'll need to create an authorization scope first.", "noResourceCreateHint": "There are no resources you can't create resource-based permission", "createResourceBasedPermission": "Create resource-based permission", "createScopeBasedPermission": "Create scope-based permission", "displayName": "Display name", "addUri": "Add URI", "authorizationScopes": "Authorization scopes", "iconUri": "Icon URI", "ownerManagedAccess": "User-Managed access enabled", "resourceAttribute": "Resource attribute", "createResourceSuccess": "Resource created successfully", "updateResourceSuccess": "Resource successfully updated", "resourceSaveError": "Could not persist resource due to {{error}}", "associatedPermissions": "Associated permission", "allowRemoteResourceManagement": "Remote resource management", "resources": "Resources", "resource": "Resource", "emptyResources": "No resources", "emptyResourcesInstructions": "If you want to create a resource, please click the button below.", "scope": "Scope", "owner": "Owner", "uris": "URIs", "scopes": "Scopes", "policies": "Policies", "createPermission": "Create permission", "permissionDetails": "Permission details", "deleteResource": "Permanently delete resource?", "deleteResourceConfirm": "If you delete this resource, some permissions will be affected.", "deleteResourceWarning": "The permissions below will be removed when they are no longer used by other resources:", "resourceDeletedSuccess": "The resource successfully deleted", "resourceDeletedError": "Could not remove the resource {{error}}", "identityInformation": "Identity Information", "searchForPermission": "Search for permission", "deleteScope": "Permanently delete authorization scope?", "deleteScopeConfirm": "If you delete this authorization scope, some permissions will be affected.", "deleteScopeWarning": "The permissions below will be removed when they are no longer used by other authorization scopes:", "resourceScopeSuccess": "The authorization scope successfully deleted", "resourceScopeError": "Could not remove the authorization scope due to {{error}}", "associatedPolicy": "Associated policy", "deletePermission": "Permanently delete permission?", "deletePermissionConfirm": "Are you sure you want to delete the permission {{permission}}", "permissionDeletedSuccess": "Successfully deleted permission", "permissionDeletedError": "Could not delete permission due to {{error}}", "applyToResourceTypeFlag": "Apply to resource type", "resourceType": "Resource type", "createPermissionSuccess": "Successfully created the permission", "updatePermissionSuccess": "Successfully updated the permission", "permissionSaveError": "Could not update the permission due to {{error}}", "createAuthorizationScope": "Create authorization scope", "authorizationScopeDetails": "Authorization scope details", "emptyAuthorizationScopes": "No authorization scopes", "emptyAuthorizationInstructions": "If you want to create authorization scopes, please click the button below to create the authorization scope", "createScopeSuccess": "Authorization scope created successfully", "updateScopeSuccess": "Authorization scope successfully updated", "scopeSaveError": "Could not persist authorization scope due to {{error}}", "createPolicy": "Create client policy", "policyDetails": "Policy details", "createPolicyOfType": "Create {{policyType}} policy", "dependentPermission": "Dependent permission", "deletePolicy": "Permanently delete policy?", "deletePolicyConfirm": "If you delete this policy, some permissions or aggregated policies will be affected.", "deletePolicyWarning": "The aggregated polices below will be removed automatically:", "policyDeletedSuccess": "The Policy successfully deleted", "policyDeletedError": "Could not remove the resource {{error}}", "emptyPolicies": "No policies", "emptyPoliciesInstructions": "If you want to create a policy, please click the button below to create the policy.", "chooseAPolicyType": "Choose a policy type", "chooseAPolicyTypeInstructions": "Choose one policy type from the list below and then you can configure a new policy for authorization. There are some types and description.", "policyProvider": { "regex": "Define regex conditions for your permissions.", "role": "Define conditions for your permissions where a set of one or more roles is permitted to access an object.", "js": "Define conditions for your permissions using JavaScript. It is one of the rule-based policy types supported by Keycloak, and provides flexibility to write any policy based on the Evaluation API.", "client": "Define conditions for your permissions where a set of one or more clients is permitted to access an object.", "time": "Define time conditions for your permissions.", "user": "Define conditions for your permissions where a set of one or more users is permitted to access an object.", "client-scope": "Define conditions for your permissions where a set of one or more client scopes is permitted to access an object.", "aggregate": "Reuse existing policies to build more complex ones and keep your permissions even more decoupled from the policies that are evaluated during the processing of authorization requests.", "group": "Define conditions for your permissions where a set of one or more groups (and their hierarchies) is permitted to access an object." }, "applyPolicy": "Apply policy", "addClientScopes": "Add client scopes", "emptyAddClientScopes": "No client scopes", "emptyAddClientScopesInstructions": "There are no client scopes left to add", "groupsClaim": "Groups claim", "addGroups": "Add groups", "requiredClient": "Please add at least one client.", "requiredClientScope": "Please add at least one client scope.", "requiredGroups": "Please add at least one group.", "requiredRoles": "Please add at least one role.", "addGroupsToGroupPolicy": "Add groups to group policy", "extendToChildren": "Extend to children", "targetClaim": "Target claim", "regexPattern": "Regex pattern", "addRoles": "Add roles", "startTime": "Start time", "repeat": "Repeat", "notRepeat": "Not repeat", "month": "Month", "dayMonth": "Day", "hour": "Hour", "minute": "Minute", "code": "Code", "expireTime": "Expire time", "logic": "Logic", "logicType": { "positive": "Positive", "negative": "Negative" }, "createPolicySuccess": "Successfully created the policy", "updatePolicySuccess": "Successfully updated the policy", "policySaveError": "Could not update the policy due to {{error}}", "assignedClientScope": "Assigned client scope", "assignedType": "Assigned type", "emptyClientScopes": "This client doesn't have any added client scopes", "emptyClientScopesInstructions": "There are currently no client scopes linked to this client. You can add existing client scopes to this client to share protocol mappers and roles.", "emptyClientScopesPrimaryAction": "Add client scopes", "scopeParameter": "Scope parameter", "scopeParameterPlaceholder": "Select scope parameters", "effectiveProtocolMappers": "Effective protocol mappers", "effectiveRoleScopeMappings": "Effective role scope mappings", "generatedAccessToken": "Generated access token", "generatedIdToken": "Generated ID token", "generatedIdTokenNo": "No generated id token", "generatedIdTokenIsDisabled": "Generated id token is disabled when no user is selected", "generatedUserInfo": "Generated user info", "generatedUserInfoNo": "No generated user info", "generatedUserInfoIsDisabled": "Generated user info is disabled when no user is selected", "searchForProtocol": "Search protocol mapper", "parentClientScope": "Parent client scope", "searchForRole": "Search role", "origin": "Origin", "user": "User", "generatedAccessTokenNo": "No generated access token", "generatedAccessTokenIsDisabled": "Generated access token is disabled when no user is selected", "clientList": "Clients", "clientsList": "Clients list", "initialAccessToken": "Initial access token", "expirationValueNotValid": "Value should should be greater or equal to 1", "clientSettings": "Client details", "selectEncryptionType": "Select Encryption type", "generalSettings": "General settings", "alwaysDisplayInUI": "Always display in UI", "capabilityConfig": "Capability config", "clientsExplain": "Clients are applications and services that can request authentication of a user.", "explainBearerOnly": "This is a special OIDC type. This client only allows bearer token requests and cannot participate in browser logins.", "createSuccess": "Identity provider successfully created", "createError": "Could not create the identity provider: {{error}}", "clientImportError": "Could not import client: {{error}}", "clientSaveSuccess": "Client successfully updated", "clientSaveError": "Client could not be updated: {{error}}", "clientImportSuccess": "Client imported successfully", "clientDelete": "Delete {{clientId}} ?", "clientDeletedSuccess": "The client has been deleted", "clientDeleteError": "Could not delete client: {{error}}", "clientDeleteConfirmTitle": "Delete client?", "disableConfirmTitle": "Disable realm?", "downloadAdapterConfig": "Download adapter config", "disableConfirm": "Are you sure you want to disable the provider '{{provider}}'", "clientDeleteConfirm": "If you delete this client, all associated data will be removed.", "searchInitialAccessToken": "Search token", "createToken": "Create initial access token", "tokenDeleteConfirm": "Are you sure you want to permanently delete the initial access token {{id}}", "tokenDeleteConfirmTitle": "Delete initial access token?", "tokenDeleteSuccess": "Initial access token deleted successfully", "tokenDeleteError": "Could not delete initial access token: '{{error}}'", "timestamp": "Created date", "created": "Created", "lastUpdated": "Last updated", "expires": "Expires", "count": "Count", "remainingCount": "Remaining count", "expiration": "Expiration", "noTokens": "No initial access tokens", "noTokensInstructions": "You haven't created any initial access tokens. Create an initial access token by clicking \"Create\".", "tokenSaveSuccess": "New initial access token has been created", "tokenSaveError": "Could not create initial access token {{error}}", "initialAccessTokenDetails": "Initial access token details", "copyInitialAccessToken": "Please copy and paste the initial access token before closing as it can not be retrieved later.", "copySuccess": "Successfully copied to clipboard!", "clipboardCopyError": "Error copying to clipboard.", "clipboardCopyDenied": "Your browser is blocking access to the clipboard.", "copyToClipboard": "Copy to clipboard", "clientRegistration": "Client registration", "anonymousAccessPolicies": "Anonymous access polices", "authenticatedAccessPolicies": "Authenticated access polices", "provider": "Provider", "providerId": "Provider ID", "providerCreateSuccess": "New client policy created successfully", "providerCreateError": "Could not create client policy due to {{error}}", "providerUpdatedSuccess": "Client policy updated successfully", "providerUpdatedError": "Could not update client policy due to {{error}}", "clientRegisterPolicyDeleteConfirmTitle": "Delete client registration policy?", "clientRegisterPolicyDeleteConfirm": "Are you sure you want to permanently delete the client registration policy {{name}}", "clientRegisterPolicyDeleteSuccess": "Client registration policy deleted successfully", "clientRegisterPolicyDeleteError": "Could not delete client registration policy: '{{error}}'", "chooseAPolicyProvider": "Choose a policy provider", "clientAuthentication": "Client authentication", "authenticationFlow": "Authentication flow", "standardFlow": "Standard flow", "directAccess": "Direct access grants", "serviceAccount": "Service accounts roles", "oauthDeviceAuthorizationGrant": "OAuth 2.0 Device Authorization Grant", "oidcCibaGrant": "OIDC CIBA Grant", "enableServiceAccount": "Enable service account roles", "searchByRoleName": "Search by role name", "roleMappingUpdatedSuccess": "Role mapping updated", "roleMappingUpdatedError": "Could not update role mapping {{error}}", "displayOnClient": "Display client on screen", "consentScreenText": "Consent screen text", "loginSettings": "Login settings", "logoutSettings": "Logout settings", "backchannelLogoutUrl": "Backchannel logout URL", "backchannelUrlInvalid": "Backchannel logout URL is not a valid URL", "backchannelLogoutSessionRequired": "Backchannel logout session required", "backchannelLogoutRevokeOfflineSessions": "Backchannel logout revoke offline sessions", "frontchannelLogout": "Front channel logout", "frontchannelLogoutUrl": "Front-channel logout URL", "frontchannelUrlInvalid": "Front-channel logout URL is not a valid URL", "accessSettings": "Access settings", "rootUrl": "Root URL", "validRedirectUri": "Valid redirect URIs", "validPostLogoutRedirectUri": "Valid post logout redirect URIs", "idpInitiatedSsoUrlName": "IDP-Initiated SSO URL name", "idpInitiatedSsoUrlNameHelp": "URL fragment name to reference client when you want to do IDP Initiated SSO. Leaving this empty will disable IDP Initiated SSO. The URL you will reference from your browser will be: {server-root}/realms/{realm}/protocol/saml/clients/{client-url-name}", "idpInitiatedSsoRelayState": "IDP Initiated SSO Relay State", "masterSamlProcessingUrl": "Master SAML Processing URL", "samlCapabilityConfig": "SAML capabilities", "signatureAndEncryption": "Signature and Encryption", "nameIdFormat": "Name ID format", "forceNameIdFormat": "Force name ID format", "forcePostBinding": "Force POST binding", "forceArtifactBinding": "Force artifact binding", "includeAuthnStatement": "Include AuthnStatement", "includeOneTimeUseCondition": "Include OneTimeUse Condition", "optimizeLookup": "Optimize REDIRECT signing key lookup", "allowEcpFlow": "Allow ECP flow", "signDocuments": "Sign documents", "signAssertions": "Sign assertions", "signatureKeyName": "SAML signature key name", "canonicalization": "Canonicalization method", "addRedirectUri": "Add valid redirect URIs", "addPostLogoutRedirectUri": "Add valid post logout redirect URIs", "loginTheme": "Login theme", "consentRequired": "Consent required", "clientAuthenticator": "Client Authenticator", "changeAuthenticatorConfirmTitle": "Change to {{clientAuthenticatorType}}?", "changeAuthenticatorConfirm": "If you change authenticator to {{clientAuthenticatorType}}, the Keycloak database will be updated and you may need to download a new adapter configuration for this client.", "signedJWTConfirm": "Generate a private key and certificate for the client from the Keys tab.", "anyAlgorithm": "Any algorithm", "clientSecret": "Client Secret", "regenerate": "Regenerate", "secretExpiresOn": "Secret expires on {{time}}", "secretRotated": "Secret rotated", "invalidateSecret": "Invalidate", "secretHasExpired": "Secret has expired, please generate a new one by clicking the \"Regenerate\" button above", "invalidateRotatedSecret": "Invalidate rotated secret?", "invalidateRotatedSecretExplain": "After invalidating rotated secret, the rotated secret will be removed automatically ", "invalidateRotatedSuccess": "Rotated secret successfully removed", "invalidateRotatedError": "Could not remove rotated secret: {{error}}", "confirmClientSecretTitle": "Regenerate secret for this client?", "confirmClientSecretBody": "If you regenerate secret, the Keycloak database will be updated and you will need to download a new adapter for this client.", "confirmAccessTokenTitle": "Regenerate registration access token?", "confirmAccessTokenBody": "If you regenerate registration access token, the access data regarding the client registration service will be updated.", "clientSecretSuccess": "Client secret regenerated", "clientSecretError": "Could not regenerate client secret due to: {{error}}", "signingKeysConfig": "Signing keys config", "signingKeysConfigExplain": "If you enable the \"Client signature required\" below, you must configure the signing keys by generating or importing keys, and the client will sign their saml requests and responses. The signature will be validated.", "encryptionKeysConfig": "Encryption keys config", "encryptionKeysConfigExplain": "If you enable the \"Encryption assertions\" below, you must configure the encryption keys by generating or importing keys, and the SAML assertions will be encrypted with the client's public key using AES.", "enableClientSignatureRequired": "Enable \"Client signature required\"?", "enableClientSignatureRequiredExplain": "If you enable \"Client signature required\", the adapter of this client will be updated. You may need to download a new adapter for this client. You need to generate or import keys for this client otherwise the authentication will not work.", "selectMethod": "Select method", "selectMethodType": { "generate": "Generate", "import": "Import" }, "realmCertificateAlias": "Realm certificate alias", "exportSamlKeyTitle": "Export SAML Keys", "samlKeysExportSuccess": "Successfully exported keys", "samlKeysExportError": "Could not export keys due to: {{error}}", "browse": "Browse", "importKey": "Import key", "disableSigning": "Disable \"{{key}}\"", "disableSigningExplain": "If you disable \"{{key}}\", the Keycloak database will be updated and you may need to download a new adapter for this client.", "reGenerateSigning": "Regenerate signing key for this client", "reGenerateSigningExplain": "If you regenerate signing key for client, the Keycloak database will be updated and you may need to download a new adapter for this client.", "registrationAccessToken": "Registration access token", "accessTokenSuccess": "Access token regenerated", "accessTokenError": "Could not regenerate access token due to: {{error}}", "signatureAlgorithm": "Signature algorithm", "allowRegexComparison": "Allow regex pattern comparison", "subject": "Subject DN", "searchForClient": "Search for client", "advanced": "Advanced", "revocation": "Revocation", "clustering": "Clustering", "notBefore": "Not before", "setToNow": "Set to now", "noAdminUrlSet": "No push sent. No admin URI configured or no registered cluster nodes available", "notBeforeSetToNow": "Not Before set for client", "notBeforeNowClear": "Not Before cleared for client", "notBeforePushFail": "Failed to push \"not before\" to: {{failedNodes}}", "notBeforePushSuccess": "Successfully push \"not before\" to: {{successNodes}}", "testClusterFail": "Failed verified availability for: {{failedNodes}}. Fix or unregister failed cluster nodes and try again", "testClusterSuccess": "Successfully verified availability for: {{successNodes}}", "deleteNode": "Delete node?", "deleteNodeBody": "Are you sure you want to permanently delete the node \"{{node}}\"", "deleteNodeSuccess": "Node successfully removed", "deleteNodeFail": "Could not delete node: '{{error}}'", "addedNodeSuccess": "Node successfully added", "addedNodeFail": "Could not add node: '{{error}}'", "addNode": "Add node", "push": "Push", "nodeReRegistrationTimeout": "Node Re-registration timeout", "registeredClusterNodes": "Registered cluster nodes", "nodeHost": "Node host", "noNodes": "No nodes registered", "noNodesInstructions": "There are no nodes registered, you can add one manually.", "lastRegistration": "Last registration", "testClusterAvailability": "Test cluster availability", "registerNodeManually": "Register node manually", "fineGrainOpenIdConnectConfiguration": "Fine grain OpenID Connect configuration", "fineGrainSamlEndpointConfig": "Fine Grain SAML Endpoint Configuration", "logoUrl": "Logo URL", "policyUrl": "Policy URL", "termsOfServiceUrl": "Terms of service URL", "accessTokenSignatureAlgorithm": "Access token signature algorithm", "idTokenSignatureAlgorithm": "ID token signature algorithm", "idTokenEncryptionKeyManagementAlgorithm": "ID token encryption key management algorithm", "userInfoResponseEncryptionKeyManagementAlgorithm": "User info response encryption key management algorithm", "userInfoResponseEncryptionContentEncryptionAlgorithm": "User info response encryption content encryption algorithm", "idTokenEncryptionContentEncryptionAlgorithm": "ID token encryption content encryption algorithm", "userInfoSignedResponseAlgorithm": "User info signed response algorithm", "requestObjectSignatureAlgorithm": "Request object signature algorithm", "requestObjectRequired": "Request object required", "requestObject": { "not required": "Not required", "request or request_uri": "Request or Request URI", "request only": "Request only", "request_uri only": "Request URI only" }, "requestObjectEncryption": "Request object encryption algorithm", "requestObjectEncoding": "Request object content encryption algorithm", "validRequestURIs": "Valid request URIs", "addRequestUri": "Add valid request URIs", "authorizationSignedResponseAlg": "Authorization response signature algorithm", "authorizationEncryptedResponseAlg": "Authorization response encryption key management algorithm", "authorizationEncryptedResponseEnc": "Authorization response encryption content encryption algorithm", "openIdConnectCompatibilityModes": "Open ID Connect Compatibility Modes", "excludeSessionStateFromAuthenticationResponse": "Exclude Session State From Authentication Response", "excludeIssuerFromAuthenticationResponse": "Exclude Issuer From Authentication Response", "useRefreshTokens": "Use refresh tokens", "useRefreshTokenForClientCredentialsGrant": "Use refresh tokens for client credentials grant", "useLowerCaseBearerType": "Use lower-case bearer type in token responses", "assertionConsumerServicePostBindingURL": "Assertion Consumer Service POST Binding URL", "assertionConsumerServiceRedirectBindingURL": "Assertion Consumer Service Redirect Binding URL", "logoutServicePostBindingURL": "Logout Service POST Binding URL", "logoutServiceRedirectBindingURL": "Logout Service Redirect Binding URL", "logoutServiceSoapBindingUrl": "Logout Service SOAP Binding URL", "logoutServiceArtifactBindingUrl": "Logout Service ARTIFACT Binding URL", "artifactBindingUrl": "Artifact Binding URL", "artifactResolutionService": "Artifact Resolution Service", "advancedSettings": "Advanced settings", "assertionLifespan": "Assertion Lifespan", "accessTokenLifespan": "Access Token Lifespan", "clientSessionIdle": "Client Session Idle", "clientSessionMax": "Client Session Max", "clientOfflineSessionIdle": "Client Offline Session Idle", "clientOfflineSessionMax": "Client Offline Session Max", "oAuthMutual": "OAuth 2.0 Mutual TLS Certificate Bound Access Tokens Enabled", "oAuthDPoP": "OAuth 2.0 DPoP Bound Access Tokens Enabled", "keyForCodeExchange": "Proof Key for Code Exchange Code Challenge Method", "pushedAuthorizationRequestRequired": "Pushed authorization request required", "acrToLoAMapping": "ACR to LoA Mapping", "defaultACRValues": "Default ACR Values", "authenticationOverrides": "Authentication flow overrides", "browserFlow": "Browser Flow", "directGrant": "Direct Grant Flow", "jwksUrlConfig": "JWKS URL configs", "keysIntro": "If \"Use JWKS URL switch\" is on, you need to fill a valid JWKS URL. After saving, admin can download keys from the JWKS URL or keys will be downloaded automatically by Keycloak server when an unknown KID is seen during client authentication.", "useJwksUrl": "Use JWKS URL", "certificate": "Certificate", "jwksUrl": "JWKS URL", "generateNewKeys": "Generate new keys", "generateKeys": "Generate keys?", "generate": "Generate", "archiveFormat": "Archive format", "keyAlias": "Key alias", "keyPassword": "Key password", "storePassword": "Store password", "generateSuccess": "New key pair and certificate generated successfully", "generateError": "Could not generate new key pair and certificate {{error}}", "import": "Import", "importFile": "Import file", "importSuccess": "New certificate imported", "importError": "Could not import certificate {{error}}", "importParseError": "Could not parse the file {{error}}", "tokenLifespan": { "inherited": "Inherits from realm settings", "expires": "Expires in", "never": "Never expires" }, "unsavedChangesTitle": "Unsaved changes", "unsavedChangesConfirm": "You have unsaved changes. Do you really want to leave the page?", "enableDisable": "Disabled clients cannot initiate a login or have obtained access tokens.", "clientTypeHelp": "'OpenID Connect' allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server.'SAML' enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO) and uses security tokens containing assertions to pass information.", "serviceAccountHelp": "Allows you to authenticate this client to Keycloak and retrieve access token dedicated to this client. In terms of OAuth2 specification, this enables support of 'Client Credentials Grant' for this client.", "manageServiceAccountUser": "To manage detail and group mappings, click on the username <1>{{link}}", "authenticationHelp": "This defines the type of the OIDC client. When it's ON, the OIDC type is set to confidential access type. When it's OFF, it is set to public access type", "authorizationHelp": "Enable/Disable fine-grained authorization support for a client", "authDetailsHelp": "Export and download all resource settings for this resource server.", "directAccessHelp": "This enables support for Direct Access Grants, which means that client has access to username/password of user and exchange it directly with Keycloak server for access token. In terms of OAuth2 specification, this enables support of 'Resource Owner Password Credentials Grant' for this client.", "standardFlowHelp": "This enables standard OpenID Connect redirect based authentication with authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Authorization Code Flow' for this client.", "implicitFlowHelp": "This enables support for OpenID Connect redirect based authentication without authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Implicit Flow' for this client.", "oauthDeviceAuthorizationGrantHelp": "This enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser.", "oidcCibaGrantHelp": "This enables support for OIDC CIBA Grant, which means that the user is authenticated via some external authentication device instead of the user's browser.", "rootURL": "Root URL appended to relative URLs", "validRedirectURIs": "Valid URI pattern a browser can redirect to after a successful login. Simple wildcards are allowed such as 'http://example.com/*'. Relative path can be specified too such as /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used. For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request.", "validPostLogoutRedirectURIs": "Valid URI pattern a browser can redirect to after a successful logout. A value of '+' or an empty field will use the list of valid redirect uris. A value of '-' will not allow any post logout redirect uris. Simple wildcards are allowed such as 'http://example.com/*'. Relative path can be specified too such as /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used.", "nameIdFormatHelp": "The name ID format to use for the subject.", "alwaysDisplayInUIHelp": "Always list this client in the Account UI, even if the user does not have an active session.", "forceNameIdFormatHelp": "Ignore requested NameID subject format and use Admin UI configured one.", "forcePostBindingHelp": "Always use POST binding for responses.", "forceArtifactBindingHelp": "Should response messages be returned to the client through the SAML ARTIFACT binding system?", "includeAuthnStatementHelp": "Should a statement specifying the method and timestamp be included in login responses?", "includeOneTimeUseConditionHelp": "Should a OneTimeUse Condition be included in login responses?", "optimizeLookupHelp": "When signing SAML documents in REDIRECT binding for SP that is secured by Keycloak adapter, should the ID of the signing key be included in SAML protocol message in element? This optimizes validation of the signature as the validating party uses a single key instead of trying every known key for validation.", "allowEcpFlowHelp": "This client is allowed to use ECP flow for authenticating users.", "signDocumentsHelp": "Should SAML documents be signed by the realm?", "signAssertionsHelp": "Should assertions inside SAML documents be signed? This setting is not needed if document is already being signed.", "signatureAlgorithmHelp": "The signature algorithm to use to sign documents. Note that 'SHA1' based algorithms are deprecated and can be removed in the future. It is recommended to stick to some more secure algorithm instead of '*_SHA1'", "signatureKeyNameHelp": "Signed SAML documents contain identification of signing key in KeyName element. For Keycloak / RH-SSO counterparty, use KEY_ID, for MS AD FS use CERT_SUBJECT, for others check and use NONE if no other option works.", "canonicalizationHelp": "Canonicalization Method for XML signatures.", "webOriginsHelp": "Allowed CORS origins. To permit all origins of Valid Redirect URIs, add '+'. This does not include the '*' wildcard though. To permit all origins, explicitly add '*'.", "homeURLHelp": "Default URL to use when the auth server needs to redirect or link back to the client.", "adminURLHelp": "URL to the admin interface of the client. Set this if the client supports the adapter REST API. This REST API allows the auth server to push revocation policies and other administrative tasks. Usually this is set to the base URL of the client.", "clientHelp": "Select the client making this authorization request. If not provided, authorization requests would be done based on the client you are in.", "clientIdHelp": "The client identifier registered with the identity provider.", "selectUser": "Select a user whose identity is going to be used to query permissions from the server.", "rolesHelp": "Select the roles you want to associate with the selected user.", "contextualAttributesHelp": "Any attribute provided by a running environment or execution context.", "resourceTypeHelp": "Specifies that this permission must be applied to all resource instances of a given type.", "applyToResourceTypeHelp": "Specifies if this permission should be applied to all resources with a given type. In this case, this permission will be evaluated for all instances of a given resource type.", "resourcesHelp": "Specifies that this permission must be applied to a specific resource instance.", "scopesSelect": "Specifies that this permission must be applied to one or more scopes.", "clientNameHelp": "Specifies display name of the client. For example 'My Client'. Supports keys for localized values as well. For example: ${my_client}", "descriptionHelp": "Help text for the description of the new flow", "loginThemeHelp": "Select theme for login, OTP, grant, registration and forgot password pages.", "encryptAssertionsHelp": "Should SAML assertions be encrypted with client's public key using AES?", "clientSignatureHelp": "Will the client sign their saml requests and responses? And should they be validated?", "downloadType": "this is information about the download type", "detailsHelp": "this is information about the details", "clientPolicyNameHelp": "Display name of the policy", "createTokenHelp": "An initial access token can only be used to create clients", "expirationHelp": "Sets the expiration for events. Expired events are periodically deleted from the database.", "countHelp": "Specifies how many clients can be created using the token", "clientAuthenticatorTypeHelp": "Client Authenticator used for authentication of this client against Keycloak server", "registrationAccessTokenHelp": "The registration access token provides access for clients to the client registration service.", "signature-algorithm": "JWA algorithm, which the client needs to use when signing a JWT for authentication. If left blank, the client is allowed to use any appropriate algorithm for the particular client authenticator.", "anonymousAccessPoliciesHelp": "Those Policies are used when the Client Registration Service is invoked by unauthenticated request. This means that the request does not contain Initial Access Token nor Bearer Token.", "authenticatedAccessPoliciesHelp": "Those Policies are used when Client Registration Service is invoked by authenticated request. This means that the request contains Initial Access Token or Bearer Token.", "allowRegexComparisonHelp": "If OFF, then the Subject DN from given client certificate must exactly match the given DN from the 'Subject DN' property as described in the RFC8705 specification. The Subject DN can be in the RFC2553 or RFC1779 format. If ON, then the Subject DN from given client certificate should match regex specified by 'Subject DN' property.", "subjectHelp": "A regular expression for validating Subject DN in the Client Certificate. Use \"(.*?)(?:$)\" to match all kind of expressions.", "evaluateExplain": "This page allows you to see all protocol mappers and role scope mappings", "effectiveProtocolMappersHelp": "Contains all default client scopes and selected optional scopes. All protocol mappers and role scope mappings of all those client scopes will be used when generating access token issued for your client", "effectiveRoleScopeMappingsHelp": "Selected Optional Client Scopes, which will be used when issuing access token for this client. You can see above what value of OAuth Scope Parameter needs to be used when you want to have these optional client scopes applied when the initial OpenID Connect Authentication request will be sent from your client adapter", "generatedAccessTokenHelp": "See the example access token, which will be generated and sent to the client when selected user is authenticated. You can see claims and roles that the token will contain based on the effective protocol mappers and role scope mappings and also based on the claims/roles assigned to user himself", "generatedIdTokenHelp": "See the example ID Token, which will be generated and sent to the client when selected user is authenticated. You can see claims and roles that the token will contain based on the effective protocol mappers and role scope mappings and also based on the claims/roles assigned to user himself", "generatedUserInfoHelp": "See the example User Info, which will be provided by the User Info Endpoint", "scopeParameterHelp": "You can copy/paste this value of scope parameter and use it in initial OpenID Connect Authentication Request sent from this client adapter. Default client scopes and selected optional client scopes will be used when generating token issued for this client", "userHelp": "Optionally select user, for whom the example access token will be generated. If you do not select a user, example access token will not be generated during evaluation", "notBeforeHelp": "Revoke any tokens issued before this time for this client. To push the policy, you should set an effective admin URL in the Settings tab first.", "notBeforeIntro": "In order to successfully push a revocation policy to the client, you need to set an Admin URL under the <1>Settings tab for this client first", "notBeforeTooltip": "The admin URL should be set in the Settings tab first.", "nodeReRegistrationTimeoutHelp": "Interval to specify max time for registered clients cluster nodes to re-register. If cluster node will not send re-registration request to Keycloak within this time, it will be unregistered from Keycloak", "fineGrainOpenIdConnectConfigurationHelp": "This section is used to configure advanced settings of this client related to OpenID Connect protocol.", "fineGrainSamlEndpointConfigHelp": "This section to configure exact URLs for Assertion Consumer and Single Logout Service.", "logoUrlHelp": "URL that references a logo for the Client application", "policyUrlHelp": "URL that the Relying Party Client provides to the End-User to read about the how the profile data will be used", "policyUsers": "Specifies which user(s) are allowed by this policy.", "termsOfServiceUrlHelp": "URL that the Relying Party Client provides to the End-User to read about the Relying Party's terms of service", "accessTokenSignatureAlgorithmHelp": "JWA algorithm used for signing access tokens.", "idTokenSignatureAlgorithmHelp": "JWA algorithm used for signing ID tokens.", "idTokenEncryptionKeyManagementAlgorithmHelp": "JWA Algorithm used for key management in encrypting ID tokens. This option is needed if you want encrypted ID tokens. If left empty, ID Tokens are just signed, but not encrypted.", "idTokenEncryptionContentEncryptionAlgorithmHelp": "JWA Algorithm used for content encryption in encrypting ID tokens. This option is needed just if you want encrypted ID tokens. If left empty, ID Tokens are just signed, but not encrypted.", "userInfoSignedResponseAlgorithmHelp": "JWA algorithm used for signed User Info Endpoint response. If set to 'unsigned', User Info Response won't be signed and will be returned in application/json format.", "userInfoResponseEncryptionKeyManagementAlgorithmHelp": "JWA Algorithm used for key management in encrypting User Info Endpoint responses. This option is needed if you want encrypted User Info Endpoint responses. If left empty, User Info Endpoint responses are not encrypted.", "userInfoResponseEncryptionContentEncryptionAlgorithmHelp": "JWA Algorithm used for content encryption in encrypting User Info Endpoint responses. If User Info response encryption key management algorithm is specified, the default for this value is A128CBC-HS256.", "requestObjectSignatureAlgorithmHelp": "JWA algorithm, which client needs to use when sending OIDC request object specified by 'request' or 'request_uri' parameters. If set to 'any', Request object can be signed by any algorithm (including 'none' ).", "requestObjectRequiredHelp": "Specifies if the client needs to provide a request object with their authorization requests, and what method they can use for this. If set to \"not required\", providing a request object is optional. In all other cases, providing a request object is mandatory. If set to \"request\", the request object must be provided by value. If set to \"request_uri\", the request object must be provided by reference. If set to \"request or request_uri\", either method can be used.", "requestObjectEncryptionHelp": "JWE algorithm, which client needs to use when sending OIDC request object specified by 'request' or 'request_uri' parameters. If set to 'any', encryption is optional and any algorithm is allowed.", "requestObjectEncodingHelp": "JWE algorithm, which client needs to use when encrypting the content of the OIDC request object specified by 'request' or 'request_uri' parameters. If set to 'any', any algorithm is allowed.", "validRequestURIsHelp": "List of valid URIs, which can be used as values of 'request_uri' parameter during OpenID Connect authentication request. There is support for the same capabilities like for Valid Redirect URIs. For example wildcards or relative paths.", "idpInitiatedSsoRelayStateHelp": "Relay state you want to send with SAML request when you want to do IDP Initiated SSO.", "masterSamlProcessingUrlHelp": "If configured, this URL will be used for every binding to both the SP's Assertion Consumer and Single Logout Services. This can be individually overridden for each binding and service in the Fine Grain SAML Endpoint Configuration.", "authorizationSignedResponseAlgHelp": "JWA algorithm used for signing authorization response tokens when the response mode is jwt.", "authorizationEncryptedResponseAlgHelp": "JWA Algorithm used for key management in encrypting the authorization response when the response mode is jwt. This option is needed if you want encrypted authorization response. If left empty, the authorization response is just signed, but not encrypted.", "authorizationEncryptedResponseEncHelp": "JWA Algorithm used for content encryption in encrypting the authorization response when the response mode is jwt. This option is needed if you want encrypted authorization response. If left empty, the authorization response is just signed, but not encrypted.", "openIdConnectCompatibilityModesHelp": "This section is used to configure settings for backward compatibility with older OpenID Connect / OAuth 2 adaptors. It's useful especially if your client uses older version of Keycloak / RH-SSO adapter.", "excludeSessionStateFromAuthenticationResponseHelp": "If this is on, the parameter 'session_state' will not be included in OpenID Connect Authentication Response. It is useful if your client uses older OIDC / OAuth2 adapter, which does not support 'session_state' parameter.", "excludeIssuerFromAuthenticationResponseHelp": "If this is on, the parameter 'iss' will not be included in OpenID Connect Authentication Response. It is useful if your client uses older OIDC / OAuth2 adapter, which does not support 'session_state' parameter.", "useRefreshTokensHelp": "If this is on, a refresh_token will be created and added to the token response. If this is off then no refresh_token will be generated.", "useRefreshTokenForClientCredentialsGrantHelp": "If this is on, a refresh_token will be created and added to the token response if the client_credentials grant is used. The OAuth 2.0 RFC6749 Section 4.4.3 states that a refresh_token should not be generated when client_credentials grant is used. If this is off then no refresh_token will be generated and the associated user session will be removed.", "useLowerCaseBearerTypeHelp": "If this is on, token responses will be set the with the type \"bearer\" in lower-case. By default, the server sets the type as \"Bearer\" as defined by RFC6750.", "advancedSettingsOpenid-connect": "This section is used to configure advanced settings of this client related to OpenID Connect protocol", "advancedSettingsSaml": "This section is used to configure advanced settings of this client", "assertionLifespanHelp": "Lifespan set in the SAML assertion conditions. After that time the assertion will be invalid. The \"SessionNotOnOrAfter\" attribute is not modified and continue using the \"SSO Session Max\" time defined at realm level.", "accessTokenLifespanHelp": "Max time before an access token is expired. This value is recommended to be short relative to the SSO timeout", "clientSessionIdleHelp": "Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. The option does not affect the global user SSO session. If not set, it uses the standard SSO Session Idle value.", "clientSessionMaxHelp": "Max time before a client session is expired. Tokens are invalidated when a session is expired. The option does not affect the global user SSO session. If not set, it uses the standard SSO Session Max value.", "clientOfflineSessionIdleHelp": "Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. The option does not affect the global user SSO session. If not set, it uses the realm Offline Session Idle value.", "clientOfflineSessionMaxHelp": "Max time before a client offline session is expired. If Offline Session Max Limited is enabled at realm level, offline tokens are invalidated when a client offline session is expired. The option does not affect the global user SSO session. If not set, it uses the realm Offline Session Max value.", "oAuthMutualHelp": "This enables support for OAuth 2.0 Mutual TLS Certificate Bound Access Tokens, which means that keycloak bind an access token and a refresh token with a X.509 certificate of a token requesting client exchanged in mutual TLS between keycloak's Token Endpoint and this client. These tokens can be treated as Holder-of-Key tokens instead of bearer tokens.", "oAuthDPoPHelp": "This enables support for Demonstrating Proof-of-Possession (DPoP) bound tokens. The access and refresh tokens are bound to the key stored on the user agent. In order to prove the possession of the key, the user agent must send a signed proof alongside the token.", "keyForCodeExchangeHelp": "Choose which code challenge method for PKCE is used. If not specified, keycloak does not applies PKCE to a client unless the client sends an authorization request with appropriate code challenge and code exchange method.", "pushedAuthorizationRequestRequiredHelp": "Boolean parameter indicating whether the authorization server accepts authorization request data only via the pushed authorization request method.", "acrToLoAMappingHelp": "Define which ACR (Authentication Context Class Reference) value is mapped to which LoA (Level of Authentication). The ACR can be any value, whereas the LoA must be numeric.", "defaultACRValuesHelp": "Default values to be used as voluntary ACR in case that there is no explicit ACR requested by 'claims' or 'acr_values' parameter in the OIDC request.", "assertionConsumerServicePostBindingURLHelp": "SAML POST Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.", "assertionConsumerServiceRedirectBindingURLHelp": "SAML Redirect Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.", "logoutServicePostBindingURLHelp": "SAML POST Binding URL for the client's single logout service. You can leave this blank if you are using a different binding", "logoutServiceRedirectBindingURLHelp": "SAML Redirect Binding URL for the client's single logout service. You can leave this blank if you are using a different binding.", "logoutServiceSoapBindingUrlHelp": "SAML SOAP Binding URL for the client's single logout service. You can leave this blank if you are using a different binding.", "logoutServiceArtifactBindingUrlHelp": "SAML ARTIFACT Binding URL for the client's single logout service. You can leave this blank if you are using a different binding.", "artifactBindingUrlHelp": "URL to send the HTTP ARTIFACT messages to. You can leave this blank if you are using a different binding. This value should be set when forcing ARTIFACT binding together with IdP initiated login.", "frontchannelLogoutHelp": "When true, logout requires a browser redirect to client. When false, server performs a background invocation for logout.", "frontchannelLogoutUrlHelp": "URL that will cause the client to log itself out when a logout request is sent to this realm (via end_session_endpoint). If not provided, it defaults to the base url.", "backchannelLogoutUrlHelp": "URL that will cause the client to log itself out when a logout request is sent to this realm (via end_session_endpoint). If omitted, no logout request will be sent to the client is this case.", "backchannelLogoutSessionRequiredHelp": "Specifying whether a sid (session ID) Claim is included in the Logout Token when the Backchannel Logout URL is used.", "backchannelLogoutRevokeOfflineSessionsHelp": "Specifying whether a \"revoke_offline_access\" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event.", "artifactResolutionServiceHelp": "SAML Artifact resolution service for the client. This is the endpoint to which Keycloak will send a SOAP ArtifactResolve message. You can leave this blank if you do not have a URL for this binding.", "authenticationOverridesHelp": "Override realm authentication flow bindings.", "browserFlowHelp": "Select the flow you want to use for browser authentication.", "directGrantHelp": "Select the flow you want to use for direct grant authentication.", "useJwksUrlHelp": "If the switch is on, identity provider public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when identity provider generates new keypair. If the switch is off, public key (or certificate) from the Keycloak DB is used, so when the identity provider keypair changes, you always need to import the new key to the Keycloak DB as well.", "certificateHelp": "Client Certificate for validate JWT issued by client and signed by Client private key from your keystore.", "jwksUrlHelp": "URL where identity provider keys in JWK format are stored. See JWK specification for more details. If you use external Keycloak identity provider, you can use URL like 'http://broker-keycloak:8180/realms/test/protocol/openid-connect/certs' assuming your brokered Keycloak is running on 'http://broker-keycloak:8180' and its realm is 'test' .", "generateKeysDescription": "If you generate new keys, you can download the keystore with the private key automatically and save it on your client's side. Keycloak server will save just the certificate and public key, but not the private key.", "archiveFormatHelp": "Java keystore or PKCS12 archive format.", "keyAliasHelp": "Alias for the private key", "keyPasswordHelp": "Password for the private key", "realmCertificateAliasHelp": "Realm certificate is stored in archive too. This is the alias to it.", "storePasswordHelp": "Password to access the archive itself", "consentRequiredHelp": "If enabled, users have to consent to client access.", "displayOnClientHelp": "Applicable only if 'Consent Required' is on for this client. If this switch is off, the consent screen will contain just the consents corresponding to configured client scopes. If on, there will be also one item on the consent screen about this client itself.", "consentScreenTextHelp": "Text that will be shown on the consent screen when this client scope is added to some client with consent required. Defaults to name of client scope if it is not filled", "importHelp": "Import a JSON file containing authorization settings for this resource server.", "policyEnforcementModeHelp": "The policy enforcement mode dictates how policies are enforced when evaluating authorization requests. 'Enforcing' means requests are denied by default even when there is no policy associated with a given resource. 'Permissive' means requests are allowed even when there is no policy associated with a given resource. 'Disabled' completely disables the evaluation of policies and allows access to any resource.", "decisionStrategyHelp": "The decision strategy dictates how permissions are evaluated and how a final decision is obtained. 'Affirmative' means that at least one permission must evaluate to a positive decision in order to grant access to a resource and its scopes. 'Unanimous' means that all permissions must evaluate to a positive decision in order for the final decision to be also positive.", "allowRemoteResourceManagementHelp": "Should resources be managed remotely by the resource server? If false, resources can be managed only from this Admin UI.", "resourceNameHelp": "A unique name for this resource. The name can be used to uniquely identify a resource, useful when querying for a specific resource.", "displayNameHelp": "Friendly name for Identity Providers.", "typeHelp": "Client scopes, which will be added as default scopes to each created client", "urisHelp": "Set of URIs which are protected by resource.", "scopesHelp": "The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'.", "dedicatedScopeExplain": "This is a client scope which includes the dedicated mappers and scope", "fullScopeAllowedHelp": "Allows you to disable all restrictions.", "iconUriHelp": "A URI pointing to an icon.", "ownerManagedAccessHelp": "If enabled, the access to this resource can be managed by the resource owner.", "resourceAttributeHelp": "The attributes associated wth the resource.", "resetActions": "Reset Actions", "lifespan": "Expires In", "scopeName": "A unique name for this scope. The name can be used to uniquely identify a scope, useful when querying for a specific scope.", "scopeDisplayNameHelp": "A unique name for this scope. The name can be used to uniquely identify a scope, useful when querying for a specific scope.", "policy-name": "The name of this policy.", "policy-description": "A description for this policy.", "policyDecisionStagey": "The decision strategy dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. 'Affirmative' means that at least one policy must evaluate to a positive decision in order for the final decision to be also positive. 'Unanimous' means that all policies must evaluate to a positive decision in order for the final decision to be also positive. 'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.", "applyPolicyHelp": "Specifies all the policies that must be applied to the scopes defined by this policy or permission.", "policyClientHelp": "Specifies which client(s) are allowed by this policy.", "groupsClaimHelp": "If defined, the policy will fetch user's groups from the given claim within an access token or ID token representing the identity asking permissions. If not defined, user's groups are obtained from your realm configuration.", "policyGroups": "Specifies which user(s) are allowed by this policy.", "targetClaimHelp": "Specifies the target claim which the policy will fetch.", "regexPatternHelp": "Specifies the regex pattern.", "policyRoles": "Specifies the client roles allowed by this policy.", "startTimeHelp": "Defines the time before which the policy MUST NOT be granted. Only granted if current date/time is after or equal to this value.", "expireTimeHelp": "Defines the time after which the policy MUST NOT be granted. Only granted if current date/time is before or equal to this value.", "monthHelp": "Defines the month which the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current month is between or equal to the two values you provided.", "dayMonthHelp": "Defines the day of month when the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current day of month is between or equal to the two values you provided.", "hourHelp": "Defines the hour when the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current hour is between or equal to the two values you provided.", "minuteHelp": "Defines the minute when the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current minute is between or equal to the two values you provided.", "policyCodeHelp": "The JavaScript code providing the conditions for this policy.", "logicHelp": "The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.", "permissionName": "The name of this permission.", "permissionDescription": "A description for this permission.", "applyToResourceTypeFlagHelp": "Specifies if this permission should be applied to all resources with a given type. In this case, this permission will be evaluated for all instances of a given resource type.", "permissionResources": "Specifies that this permission must be applied to a specific resource instance.", "permissionScopesHelp": "Specifies that this permission must be applied to one or more scopes.", "permissionPoliciesHelp": "Specifies all the policies that must be applied to the scopes defined by this policy or permission.", "permissionType": "Specifies that this permission must be applied to all resources instances of a given type.", "permissionDecisionStrategyHelp": "The decision strategy dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. 'Affirmative' means that at least one policy must evaluate to a positive decision in order for the final decision to be also positive. 'Unanimous' means that all policies must evaluate to a positive decision in order for the final decision to be also positive. 'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.", "permissionsEnabledHelp": "Determines if fine grained permissions are enabled for managing this role. Disabling will delete all current permissions that have been set up.", "createClientScope": "Create client scope", "clientScopeList": "Client scopes", "grantedClientScopes": "Granted client scopes", "clientScopeDetails": "Client scope details", "clientScopeExplain": "Client scopes are a common set of protocol mappers and roles that are shared between multiple clients.", "searchFor": "Search role by name", "dynamicScope": "Dynamic scope", "dynamicScopeFormat": "Dynamic scope format", "displayOrder": "Display order", "deleteClientScope_one": "Delete client scope {{name}}", "deleteClientScope_other": "Delete {{count}} client scopes", "deleteConfirm": "Are you sure you want to permanently delete the provider '{{provider}}'?", "changeTypeTo": "Change type to", "changeTypeIntro": "{{count}} selected client scopes will be changed to", "deletedSuccess": "Provider successfully deleted.", "deleteError": "Could not delete the provider {{error}}", "includeInTokenScope": "Include in token scope", "realmRolePrefix": "Realm role prefix", "userInfo": "User info", "updateSuccess": "Provider successfully updated", "updateError": "Could not update the provider {{error}}", "addMapperExplain": "If you want more fine-grain control, you can create protocol mapper on this client", "newRoleName": "New role name", "searchClientByName": "Search client by name", "mapperCreateSuccess": "Mapper created successfully.", "mapperCreateError": "Error creating mapper.", "fromPredefinedMapper": "From predefined mappers", "byConfiguration": "By configuration", "emptyBuiltInMappersInstructions": "All built in mappers were added to this client", "emptySecondaryAction": "Configure a new mapper", "displayOnConsentScreen": "Display on consent screen", "guiOrder": "Display Order", "shouldBeANumber": "Should be a number", "chooseAMapperType": "Choose a mapper type", "addPredefinedMappers": "Add predefined mappers", "predefinedMappingDescription": "Choose any of the predefined mappings from this table", "configureMappingDescription": "Choose any of the mappings from this table", "mappingTable": "Table with predefined mapping", "headerName": "header name", "nameHelp": "Help text for the name of the new flow", "dynamicScopeHelp": "If on, this scope will be considered a Dynamic Scope, which will be comprised of a static and a variable portion.", "dynamicScopeFormatHelp": "This is the regular expression that the system will use to extract the scope name and variable.", "protocolHelp": "Which SSO protocol configuration is being supplied by this client scope", "displayOnConsentScreenHelp": "If on, and this client scope is added to some client with consent required, the text specified by 'Consent Screen Text' will be displayed on consent screen. If off, this client scope will not be displayed on the consent screen", "includeInTokenScopeHelp": "If on, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. If off, this client scope will be omitted from the token and from the Token Introspection Endpoint response.", "guiOrderHelp": "Specify order of the provider in GUI (such as in Consent page) as integer", "prefix": "A prefix for each Realm Role (optional).", "multiValued": "Indicates if attribute supports multiple values. If true, the list of all values of this attribute will be set as claim. If false, just first value will be set as claim", "tokenClaimName": { "label": "Token Claim Name", "tooltip": "Name of the claim to insert into the token. This can be a fully qualified name like 'address.street'. In this case, a nested json object will be created. To prevent nesting and use dot literally, escape the dot with backslash (\\.)." }, "claimJsonType": "JSON type that should be used to populate the json claim in the token. long, int, boolean, String and JSON are valid values.", "protocolMapper": "Protocol...", "mapperNameHelp": "Name of the mapper", "roleHelp": "Role to grant to user if all attributes are present. Click 'Select Role' button to browse roles, or just type it in the textbox. To reference a client role the syntax is clientname.clientrole, i.e. myclient.myrole", "newRoleNameHelp": "The new role name. The new name format corresponds to where in the access token the role will be mapped to. So, a new name of 'myapp.newname' will map the role to that position in the access token. A new name of 'newname' will map the role to the realm roles in the token.", "rolesScope": "If there is no role scope mapping defined, each user is permitted to use this client scope. If there are role scope mappings defined, the user must be a member of at least one of the roles.", "groupDetails": "Group details", "childGroups": "Child groups", "createGroup": "Create group", "createChildGroup": "Create child group", "groupName": "Group name", "searchForGroups": "Search group", "global": "Global", "local": "Local", "searchGroups": "Search groups", "filterGroups": "Filter groups", "searchGroup": "Search group", "renameGroup": "Rename group", "deleteGroup": "Delete group", "usersLeft_one": "{{count}} user left the group", "usersLeft_other": "{{count}} users left the group", "usersLeftError": "Could not remove users from the group: {{error}}", "usersAdded_one": "{{count}} user added to the group", "usersAdded_other": "{{count}} users added to the group", "usersAddedError": "Could not add users to the group: {{error}}", "exactSearch": "Exact search", "members": "Members", "searchMembers": "Search members", "addMember": "Add member", "includeSubGroups": "Include sub-group users", "path": "Path", "moveTo": "Move to", "moveToGroup": "Move {{group1}} to {{group2}}", "root": "Root", "moveHere": "Move here", "moveGroupEmpty": "No sub groups", "moveGroupEmptyInstructions": "There are no sub groups, select 'Move here' to move the selected group as a subgroup of this group", "moveGroupSuccess": "Group moved", "moveGroupError": "Could not move group {{error}}", "tableOfGroups": "Table of groups", "groupsDescription": "A group is a set of attributes and role mappings that can be applied to a user. You can create, edit, and delete groups and manage their child-parent organization.", "groupCreated": "Group created", "couldNotCreateGroup": "Could not create group {{error}}", "createAGroup": "Create a group", "renameAGroup": "Rename group", "rename": "Rename", "email": "Email", "lastName": "Last name", "firstName": "First name", "membership": "Membership", "noGroupsInThisRealm": "No groups in this realm", "noGroupsInThisRealmInstructions": "You haven't created any groups in this realm. Create a group to get started.", "noGroupsInThisSubGroup": "No groups in this sub group", "noGroupsInThisSubGroupInstructions": "You haven't created any groups in this sub group.", "deleteConfirmTitle_one": "Delete group?", "deleteConfirmTitle_other": "Delete groups?", "deleteConfirm_one": "Are you sure you want to delete this group '{{groupName}}'.", "deleteConfirm_other": "Are you sure you want to delete these groups.", "groupDeleted_one": "Group deleted", "groupDeleted_other": "Groups deleted", "groupDeleteError": "Error deleting group {{error}}", "groupUpdated": "Group updated", "groupUpdateError": "Error updating group {{error}}", "roleMapping": "Role mapping", "noViewRights": "You do not have rights to view this group.", "uploadFile": "Upload JSON file", "invalidRealmName": "Realm name can't contain special characters", "realmExplain": "A realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are isolated from one another and can only manage and authenticate the users that they control.", "noRealmRoles": "No realm roles", "emptyStateText": "There aren't any realm roles in this realm. Create a realm role to get started.", "saveRealmSuccess": "Realm created successfully", "saveRealmError": "Could not create realm {{error}}", "deleteAttributeText": "Delete an attribute", "associatedRolesText": "Associated roles", "addAssociatedRolesText": "Add associated roles", "addAssociatedRolesSuccess": "Associated roles have been added", "addAssociatedRolesError": "Could not associate roles {{error}}", "associatedRolesModalTitle": "Add roles to {{name}}", "title": "Authentication", "addRole": "Add role", "importRole": "Import role", "roleID": "Role ID", "roleExplain": "Realm roles are the roles that you define for use in the current realm.", "roleCreateExplain": "This is some description", "roleName": "Role name", "roleDetails": "Role details", "composite": "Composite", "deleteRole": "Delete this role", "inheritedFrom": "Inherited from", "roleList": "Role list", "realmRolesList": "Realm roles", "roleImportError": "Could not import role", "roleCreated": "Role created", "roleCreateError": "Could not create role: {{error}}", "roleImportSuccess": "Role import successful", "roleDeleteConfirm": "Delete role?", "roleDeleteConfirmDialog": "This action will permanently delete the role \"{{selectedRoleName}}\" and cannot be undone.", "roleDeletedSuccess": "The role has been deleted", "roleDeleteError": "Could not delete role: {{error}}", "defaultRole": "This role serves as a container for both realm and client default roles. It cannot be removed.", "defaultRoleDeleteError": "You cannot delete a default role.", "roleSaveSuccess": "The role has been saved", "roleSaveError": "Could not save role: {{error}}", "roleAuthentication": "Role authentication", "removeAllAssociatedRoles": "Remove all associated roles", "removeAssociatedRoles": "Remove associated roles", "removeRoles": "Remove roles", "removeAllAssociatedRolesConfirmDialog": "This action will remove the associated roles of {{name}}. Users who have permission to {{name}} will no longer have access to these roles.", "roleRemoveAssociatedRoleConfirm": "Remove associated role?", "roleRemoveAssociatedText": "This action will remove {{role}} from {{roleName}}. All the associated roles of {{role}} will also be removed.", "compositeRoleOff": "Composite role turned off", "associatedRolesRemoved": "Associated roles have been removed", "compositesRemovedAlertDescription": "All the associated roles have been removed", "whoWillAppearLinkText": "Who will appear in this group list?", "whoWillAppearPopoverText": "Groups are hierarchical. When you select Direct Membership, you see only the child group that the user joined. Ancestor groups are not included.", "whoWillAppearPopoverFooterText": "Users who have this role as an effective role cannot be added on this tab.", "usersInRole": "Users in role", "addUser": "Add user", "removeUser": "Remove users", "removeUserText": "Do you want to remove {{numSelected}} users?. These users will no longer have permissions of the role {{role}} and the associated roles of it.", "noDirectUsers": "No direct users", "noUsersEmptyStateDescription": "Only the users with this role directly assigned will appear under this tab. If you need to find users assigned to this role, go to", "noUsersEmptyStateDescriptionContinued": "to find them. Users that already have this role as an effective role cannot be added here.", "or": "or", "userName": "Username", "noRolesAssociated": "No associated roles", "noRolesAssociatedInstructions": "To add roles to this role press the 'Add role' button", "usersExplain": "Users are the users in the current realm.", "userList": "User list", "searchForUser": "Search user", "searchType.default": "Default search", "searchType.attribute": "Attribute search", "selectAttribute": "Select attribute", "selectAttributes": "Select attributes", "searchUserByAttributeMissingKeyError": "Specify a attribute key", "searchUserByAttributeKeyAlreadyInUseError": "Attribute key already in use", "searchUserByAttributeMissingValueError": "Specify a attribute value", "searchUserByAttributeDescription": "It supports setting multiple attributes as the search filter by setting different keys or values. Only one value can be typed for a key.", "startBySearchingAUser": "Start by searching for users", "searchForUserDescription": "This realm may have a federated provider. Viewing all users may cause the system to slow down, but it can be done by searching for \"*\". Please search for a user above.", "createUser": "Create user", "createNewUser": "Create new user", "noUsersFound": "No users found", "noUsersFoundError": "No users found due to {{error}}", "noUsersFoundErrorStorage": "No users found, could be due to wrongly configured federated provider {{error}}", "noGroups": "No groups", "noGroupsText": "You haven't added this user to any groups. Join a group to get started.", "joinGroup": "Join Group", "joinGroups": "Join Groups", "join": "Join", "joinGroupsFor": "Join groups for user {{username}}", "selectGroups": "Select groups to join", "leaveGroup_one": "Leave group {{name}}?", "leaveGroup_other": "Leave groups?", "leaveGroupConfirmDialog_one": "Are you sure you want to remove {{username}} from the group {{groupname}}?", "leaveGroupConfirmDialog_other": "Are you sure you want to remove {{username}} from the {{count}} selected groups?", "directMembership": "Direct membership", "groupMembership": "Group membership", "addedGroupMembership": "Added group membership", "addedGroupMembershipError": "Error adding group membership", "removedGroupMembership": "Removed group membership", "removedGroupMembershipError": "Error removing group membership", "emptyInstructions": "Change your search criteria or add a user", "createdAt": "Created at", "username": "Username", "emailVerified": "Email verified", "status": "Status", "temporaryLocked": "Temporarily locked", "unlockSuccess": "User successfully unlocked", "unlockError": "Could not unlock user due to {{error}}", "emailInvalid": "You must enter a valid email.", "notVerified": "Not verified", "requiredUserActions": "Required user actions", "requiredActionPlaceholder": "Select action", "federationLink": "Federation link", "impersonate": "Impersonate", "impersonateConfirm": "Impersonate user?", "impersonateConfirmDialog": "Are you sure you want to log in as this user? If this user is in the same realm with you, your current login session will be logged out before you log in as this user.", "impersonateError": "Could not impersonate the user: {{error}}", "deleteUser": "Delete user", "deleteConfirmCurrentUser": "Are you sure you want to permanently delete this user", "deleteConfirmDialog_one": "Are you sure you want to permanently delete {{count}} selected user", "deleteConfirmDialog_other": "Are you sure you want to permanently delete {{count}} selected users", "userID": "User ID", "userCreated": "The user has been created", "userSaved": "The user has been saved", "userDetails": "User details", "userCreateError": "Could not create user: {{error}}", "userDeletedSuccess": "The user has been deleted", "userDeletedError": "The user could not be deleted {{error}}", "linkAccount": "Link account", "unlink": "Unlink", "unlinkAccount": "Unlink account", "unlinkAccountTitle": "Unlink account from {{provider}}?", "unlinkAccountConfirm": "Are you sure you want to permanently unlink this account from {{provider}}?", "link": "Link", "linkAccountTitle": "Link account to {{provider}}", "idpLinkSuccess": "Identity provider has been linked", "idpUnlinkSuccess": "The provider link has been removed", "idpType": { "social": "Social login", "custom": "Custom" }, "couldNotLinkIdP": "Could not link identity provider {{error}}", "verifyEmail": "Verify email", "updateUserLocale": "Update User Locale", "consents": "Consents", "noConsents": "No consents", "noConsentsText": "The consents will only be recorded when users try to access a client that is configured to require consent. In that case, users will get a consent page which asks them to grant access to the client.", "identityProvider": "Identity provider", "identityProviderLinks": "Identity provider links", "noProvidersLinked": "No identity providers linked. Choose one from the list below.", "noAvailableIdentityProviders": "No available identity providers.", "linkedIdPs": "Linked identity providers", "linkedIdPsText": "The identity providers which are already linked to this user account", "availableIdPs": "Available identity providers", "availableIdPsText": "All the configured identity providers in this realm are listed here. You can link the user account to any of the IdP accounts.", "revokeClientScopesTitle": "Revoke all granted client scopes?", "revokeClientScopes": "Are you sure you want to revoke all granted client scopes for {{clientId}}?", "deleteGrantsSuccess": "Grants successfully revoked.", "deleteGrantsError": "Error deleting grants.", "unlockAllUsers": "Unlock all users", "unlockUsersConfirm": "All the users that are temporarily locked will be unlocked.", "unlock": "Unlock", "unlockUsersSuccess": "Any temporarily locked users are now unlocked", "unlockUsersError": "Could not unlock all users {{error}}", "noCredentials": "No credentials", "noCredentialsText": "This user does not have any credentials. You can set password for this user.", "setPassword": "Set password", "setPasswordFor": "Set password for {{username}}", "defaultPasswordLabel": "My password", "savePasswordSuccess": "The password has been set successfully.", "savePasswordError": "Error saving password: {{error}}", "confirmPasswordDoesNotMatch": "Password and confirmation does not match.", "credentialType": "Type", "credentialUserLabel": "User Label", "credentialData": "Data", "credentialsList": "Credentials List", "setPasswordConfirm": "Set password?", "setPasswordConfirmText": "Are you sure you want to set the password for the user {{username}}?", "resetPasswordConfirmation": "New password confirmation", "savePassword": "Save password", "deleteCredentialsConfirmTitle": "Delete credentials?", "deleteCredentialsConfirm": "Are you sure you want to delete these users credentials?", "deleteCredentialsSuccess": "The credentials has been deleted successfully.", "deleteCredentialsError": "Error deleting users credentials: {{error}}", "deleteBtn": "Delete", "updatedCredentialMoveSuccess": "User Credential configuration has been saved", "updatedCredentialMoveError": "User Credential configuration hasn't been saved", "resetPasswordFor": "Reset password for {{username}}", "resetPasswordConfirm": "Reset password?", "resetPasswordConfirmText": "Are you sure you want to reset the password for the user {{username}}?", "resetPassword": "Reset password", "resetCredentialsSuccess": "The password has been reset successfully.", "resetCredentialsError": "Error resetting users credentials: {{error}}", "resetPasswordError": "Error resetting password: {{error}}", "resetPasswordBtn": "Reset password", "showPasswordDataName": "Name", "showPasswordDataValue": "Value", "showDataBtn": "Show data", "userCredentialsHelpText": "The top level handlers allow you to shift the priority of the credential for the user, the topmost credential having the highest priority. The handlers within one expandable panel allow you to change the visual order of the credentials, the topmost credential will show at the most left.", "userCredentialsHelpTextLabel": "User Credentials Help Text", "userLabel": "User label", "data": "Data", "providedBy": "Provided by", "passwordDataTitle": "Password data", "updateCredentialUserLabelSuccess": "The user label has been changed successfully.", "updateCredentialUserLabelError": "Error changing user label: {{error}}", "credentialReset": "Credentials Reset", "credentialResetBtn": "Credential Reset", "VERIFY_EMAIL": "Verify Email (VERIFY_EMAIL)", "UPDATE_PASSWORD": "Update password (UPDATE_PASSWORD)", "UPDATE_PROFILE": "Update Profile (UPDATE_PROFILE)", "CONFIGURE_TOTP": "Configure OTP (CONFIGURE_TOTP)", "TERMS_AND_CONDITIONS": "Terms and Conditions (TERMS_AND_CONDITIONS)", "hours": "Hours", "minutes": "Minutes", "seconds": "Seconds", "credentialResetConfirm": "Send Email", "credentialResetConfirmText": "Are you sure you want to send email to user", "credentialResetEmailSuccess": "Email sent to user.", "credentialResetEmailError": "Failed: {{error}}", "editUserLabel": "Edit User Label Button", "temporaryLockedHelp": "The user may be locked due to multiple failed attempts to log in.", "disabledHelp": "A disabled user cannot log in.", "emailVerifiedHelp": "Has the user's email been verified?", "requiredUserActionsHelp": "Require an action when the user logs in. 'Verify email' sends an email to the user to verify their email address. 'Update profile' requires user to enter in new personal information. 'Update password' requires user to enter in a new password. 'Configure OTP' requires setup of a mobile password generator.", "groupsHelp": "Groups where the user has membership. To leave a group, select it and click Leave.", "userIdHelperText": "Enter the unique ID of the user for this identity provider.", "usernameHelperText": "Enter the username of the user for this identity provider.", "federationLinkHelp": "UserStorageProvider this locally stored user was imported from.", "sessionExplain": "Sessions are sessions of users in this realm and the clients that they access within the session.", "searchForSession": "Search session", "lastAccess": "Last access", "started": "Started", "sessionsType": { "allSessions": "All session types", "regularSSO": "Regular SSO", "offline": "Offline", "directGrant": "Direct grant", "serviceAccount": "Service account" }, "revocationDescription": "This is a way to revoke all active sessions and access tokens. Not before means you can revoke any tokens issued before the date.", "notBeforeSuccess": "Success! \"Not before\" set for realm", "notBeforeError": "Error clearing \"Not Before\" for realm: {{error}}", "notBeforeClearedSuccess": "Success! \"Not Before\" cleared for realm.", "signOutAllActiveSessions": "Sign out all active sessions", "signOutAllActiveSessionsQuestion": "Sign out all active sessions?", "logoutAllSessions": "Logout all sessions", "logoutAllDescription": "If you sign out all active sessions, active subjects in this realm will be signed out.", "logoutAllSessionsError": "Error! Failed to log out of all sessions: {{error}}.", "setToNowError": "Error! Failed to set notBefore to current date and time.", "noSessions": "No sessions", "noSessionsDescription": "There are currently no active sessions in this realm.", "noSessionsForUser": "There are currently no active sessions for this user.", "noSessionsForClient": "There are currently no active sessions for this client.", "eventExplain": "Events are records of user and admin events in this realm. To configure the tracking of these events, go to <1>Event configs.", "eventConfigs": "Event configs", "userEvents": "User events", "adminEvents": "Admin events", "searchForUserEvent": "Search user event", "searchForAdminEvent": "Search admin event", "refresh": "Refresh", "emptyEvents": "Nothing to add", "emptyEventsInstructions": "There are no more events types left to add", "time": "Time", "userId": "User ID", "eventType": "Event saved type", "ipAddress": "IP address", "dateFrom": "Date(from)", "dateTo": "Date(to)", "searchUserEventsBtn": "Search events", "searchAdminEventsBtn": "Search admin events", "realm": "Realm", "resourcePath": "Resource path", "resourceTypes": "Resource types", "operationType": "Operation type", "operationTypes": "Operation types", "auth": "Auth", "attribute": "Attribute", "representation": "Representation", "noUserDetails": "No user details", "resetBtn": "Reset", "createGroupText": "Create attributes group", "editGroupText": "Edit attributes group", "tableTitle": "Attributes groups", "columnName": "Name", "columnDisplayName": "Display name", "columnDisplayDescription": "Display description", "emptyStateMessage": "No attributes groups", "emptyStateInstructions": "If you want to add an attributes group click the button below.", "deleteDialogTitle": "Delete attribute group?", "deleteDialogDescription": "Are you sure you want to permanently delete the attributes group <1>{{group}}?", "deleteSuccess": "Attributes group deleted.", "deleteAttributeGroupError": "Could not delete user attributes group: {{error}}", "nameField": "Name", "nameHintHelp": "A unique name for the group. This name will be used to reference the group when binding an attribute to a group.", "displayHeaderField": "Display name", "displayHeaderHintHelp": "A user-friendly name for the group that should be used when rendering a group of attributes in user-facing forms. Supports keys for localized values as well. For example: ${profile.attribute.group.address}.", "displayDescriptionField": "Display description", "displayDescriptionHintHelp": "A text that should be used as a tooltip when rendering user-facing forms.", "annotationsText": "Annotations", "inputType": "Input type", "inputHelperTextBefore": "Helper text (above) the input field", "inputHelperTextAfter": "Helper text (under) the input field", "inputOptionLabelsI18nPrefix": "Internationalization key prefix", "inputTypePlaceholder": "Input placeholder", "inputTypeSize": "Input size", "inputTypeCols": "Input cols", "inputTypeRows": "Input rows", "inputTypeStep": "Input step size", "removeAnnotationText": "Remove annotation", "keyLabel": "Key", "valueLabel": "Value", "realmSettingsExplain": "Realm settings are settings that control the options for users, applications, roles, and groups in the current realm.", "partialImport": "Partial import", "partialExport": "Partial export", "deleteRealm": "Delete realm", "deleteConfirmTitle": "Delete realm?", "dragInstruction": "Click and drag to change priority", "deleteProviderTitle": "Delete key provider?", "deleteProviderConfirm": "Are you sure you want to permanently delete the key provider {{provider}}?", "deleteProviderSuccess": "Success. The provider has been deleted.", "deleteProviderError": "Error deleting the provider", "deleteConditionSuccess": "The condition has been deleted", "disablePolicyConfirmTitle": "Disable policy?", "disablePolicyConfirm": "Users and clients can't access the policy if it's disabled. Are you sure you want to continue?", "editProvider": "Edit provider", "editableRowsTable": "Editable rows table", "saveSuccess": "User federation provider successfully saved", "saveProviderSuccess": "The provider has been saved successfully.", "saveProviderListSuccess": "The priority of the provider has been updated successfully.", "saveProviderError": "Error saving provider: {{error}}", "saveError": "User federation provider could not be saved: {{error}}", "general": "General", "login": "Login", "themes": "Themes", "eventListeners": "Event listeners", "eventListenersHelpTextHelp": "Configure what listeners receive events for the realm.", "saveEventListeners": "Save Event Listeners", "saveEventListenersSuccess": "Event listener has been updated.", "saveEventListenersError": "Error saving event listener: {{error}}", "userEventsSettings": "User events settings", "adminEventsSettings": "Admin events settings", "saveEvents": "Save events", "clearUserEvents": "Clear user events", "clearAdminEvents": "Clear admin events", "includeRepresentation": "Include representation", "template": "Template", "connectionAndAuthentication": "Connection & Authentication", "from": "From", "fromDisplayName": "From display name", "replyTo": "Reply to", "replyToDisplayName": "Reply to display name", "envelopeFrom": "Envelope from", "host": "Host", "port": "Port", "encryption": "Encryption", "enableSSL": "Enable SSL", "enableStartTLS": "Enable StartTLS", "keysList": "Keys list", "searchKey": "Search key", "keystore": "Keystore", "keystorePassword": "Keystore password", "algorithm": "Algorithm", "use": "Use", "aesGenerated": "aes-generated", "ecdsaGenerated": "ecdsca-generated", "hmacGenerated": "hmac-generated", "javaKeystore": "java-keystore", "rsa": "rsa", "rsaGenerated": "rsa-generated", "uiDisplayName": "UI display name", "AESKeySize": "AES Key Size", "active": "Active", "privateRSAKey": "Private RSA Key", "filenamePlaceholder": "Upload a PEM file or paste key below", "x509Certificate": "X509 Certificate", "ellipticCurve": "Elliptic Curve", "secretSize": "Secret size", "keySize": "Key size", "kid": "Kid", "providerDescription": "Provider description", "addProvider": "Add provider", "publicKeys": "Public keys", "validTo": "Valid to", "keysFilter": { "ACTIVE": "Active keys", "PASSIVE": "Passive keys", "DISABLED": "Disabled keys" }, "noKeys": "No keys", "noKeysDescription": "You haven't created any active keys", "userRegistration": "User registration", "loginScreenCustomization": "Login screen customization", "registrationAllowed": "User registration", "userRegistrationHelpText": "Enable/disable the registration page. A link for registration will show on login page too.", "resetPasswordAllowed": "Forgot password", "forgotPassword": "Forgot password", "forgotPasswordHelpText": "Show a link on login page for user to click when they have forgotten their credentials.", "rememberMe": "Remember me", "rememberMeHelpText": "Show checkbox on login page to allow user to remain logged in between browser restarts until session expires.", "emailSettings": "Email settings", "registrationEmailAsUsername": "Email as username", "emailAsUsernameHelpText": "Allow users to set email as username.", "loginWithEmailAllowed": "Login with email", "loginWithEmailHelpText": "Allow users to log in with their email address.", "duplicateEmailsAllowed": "Duplicate emails", "duplicateEmailsHelpText": "Allow multiple users to have the same email address. Changing this setting will also clear the user's cache. It is recommended to manually update email constraints of existing users in the database after switching off support for duplicate email addresses.", "verifyEmailHelpText": "Require user to verify their email address after initial login or after address changes are submitted.", "userInfoSettings": "User info settings", "editUsernameAllowed": "Edit username", "editUSernameHelp": "If enabled, the username is editable, otherwise it is read-only.", "enableSwitchSuccess": "{{switch}} changed successfully", "enableSwitchError": "Could not enable / disable due to {{error}}", "testingConnection": "Testing connection", "testConnectionHint": { "withEmail": "When testing the connection an e-mail will be sent to the current user ({{email}}).", "withoutEmail": "To test the connection you must first configure an e-mail address for the current user ({{userName}}).", "withoutEmailAction": "Configure e-mail address" }, "testConnectionSuccess": "Success! SMTP connection successful. E-mail was sent!", "testConnectionError": "Error! {{error}}", "realmId": "Realm ID", "htmlDisplayName": "HTML Display name", "frontendUrl": "Frontend URL", "requireSsl": "Require SSL", "sslType": { "all": "All requests", "external": "External requests", "none": "None" }, "selectATheme": "Select a theme", "placeholderText": "Select one", "userManagedAccess": "User-managed access", "userProfileEnabled": "User Profile Enabled", "endpoints": "Endpoints", "openIDEndpointConfiguration": "OpenID Endpoint Configuration", "samlIdentityProviderMetadata": "SAML 2.0 Identity Provider Metadata", "accountTheme": "Account theme", "adminTheme": "Admin theme", "emailTheme": "Email theme", "internationalization": "Internationalization", "localization": "Localization", "SSOSessionSettings": "SSO Session Settings", "SSOSessionIdle": "SSO Session Idle", "SSOSessionMax": "SSO Session Max", "SSOSessionIdleRememberMe": "SSO Session Idle Remember Me", "SSOSessionMaxRememberMe": "SSO Session Max Remember Me", "clientSessionSettings": "Client session settings", "offlineSessionSettings": "Offline session settings", "offlineSessionIdle": "Offline Session Idle", "offlineSessionMaxLimited": "Offline Session Max Limited", "offlineSessionMax": "Offline Session Max", "loginTimeout": "Login timeout", "loginActionTimeout": "Login action timeout", "refreshTokens": "Refresh tokens", "accessTokens": "Access tokens", "actionTokens": "Action tokens", "overrideActionTokens": "Override Action Tokens", "defaultSigAlg": "Default Signature Algorithm", "revokeRefreshToken": "Revoke Refresh Token", "refreshTokenMaxReuse": "Refresh Token Max Reuse", "accessTokenLifespanImplicitFlow": "Access Token Lifespan For Implicit Flow", "clientLoginTimeout": "Client Login Timeout", "userInitiatedActionLifespan": "User-Initiated Action Lifespan", "defaultAdminInitiated": "Default Admin-Initiated Action Lifespan", "oAuthDeviceCodeLifespan": "OAuth 2.0 Device Code Lifespan", "oAuthDevicePollingInterval": "OAuth 2.0 Device Polling Interval", "shortVerificationUri": "Short verification_uri in Device Authorization flow", "emailVerification": "Email Verification", "idpAccountEmailVerification": "IdP account email verification", "executeActions": "Execute actions", "clientPolicies": "Client policies", "noClientPolicies": "No client policies", "noClientPoliciesInstructions": "There are no client policies. Select 'Create client policy' to create a new client policy.", "createClientPolicy": "Create client policy", "createClientPolicySuccess": "New policy created", "updateClientPolicySuccess": "Client policy updated", "createClientPolicyError": "Could not create policy due to: {{error}}", "createClientConditionSuccess": "Condition created successfully.", "createClientConditionError": "Error creating condition: {{error}}", "updateClientConditionSuccess": "Condition updated successfully.", "deleteClientConditionSuccess": "Condition deleted successfully.", "deleteClientConditionError": "Error creating condition: {{error}}", "clientPolicySearch": "Search client policy", "policiesConfigType": "Configure via:", "policiesConfigTypes": { "formView": "Form view", "jsonEditor": "JSON editor" }, "deleteClientPolicy": "Delete client policy", "deleteClientPolicyConfirmTitle": "Delete policy?", "deleteClientPolicyConfirm": "This action will permanently delete the policy {{policyName}}. This cannot be undone.", "deleteClientPolicySuccess": "Client policy deleted", "deleteClientPolicyError": "Could not delete policy: {{error}}", "profiles": "Profiles", "clientPoliciesProfilesHelpText": "Client Profile allows to setup set of executors, which are enforced for various actions done with the client. Actions can be admin actions like creating or updating client, or user actions like authentication to the client.", "clientPoliciesProfiles": "Client Policies Profiles", "clientPoliciesPoliciesHelpText": "Client Policy allows to bind client profiles with various conditions to specify when exactly is enforced behavior specified by executors of the particular client profile.", "clientPoliciesPolicies": "Client Policies Policies", "clientPoliciesTab": "Client policies tab", "clientProfilesSubTab": "Client profiles subtab", "clientPoliciesSubTab": "Client policies subtab", "profilesConfigType": "Configure via:", "profilesConfigTypes": { "formView": "Form view", "jsonEditor": "JSON editor" }, "clientProfileSearch": "Search", "searchProfile": "Search profile", "clientProfileName": "Client profile name", "clientProfileDescription": "Description", "emptyClientProfiles": "No profiles", "emptyClientProfilesInstructions": "There are no profiles, select 'Create client profile' to create a new client profile", "deleteClientProfileConfirmTitle": "Delete profile?", "deleteClientProfileConfirm": "This action will permanently delete the profile {{profileName}}. This cannot be undone.", "deleteClientSuccess": "Client profile deleted", "deleteClientError": "Could not delete profile: {{error}}", "deleteClientPolicyProfileConfirmTitle": "Delete profile?", "deleteClientPolicyProfileConfirm": "This action will permanently delete {{profileName}} from the policy {{policyName}}. This cannot be undone.", "deleteClientPolicyProfileSuccess": "Profile successfully removed from the policy.", "deleteClientPolicyProfileError": "Could not delete profile from the policy: {{error}}", "createClientProfile": "Create client profile", "deleteClientProfile": "Delete this client profile", "createClientProfileSuccess": "New client profile created", "updateClientProfileSuccess": "Client profile updated successfully", "createClientProfileError": "Could not create client profile: '{{error}}'", "addClientProfileSuccess": "New client profile added", "addClientProfileError": "Could not create client profile: '{{error}}'", "createClientProfileNameHelperText": "The name must be unique within the realm", "newClientProfile": "Create client profile", "newClientProfileName": "Client profile name", "clientProfile": "Client profile details", "executorDetails": "Executor details", "executors": "Executors", "executorsHelpText": "Executors, which will be applied for this client profile", "executorsHelpItem": "Executors help item", "addExecutor": "Add executor", "executorType": "Executor type", "executorTypeSwitchHelpText": "Executor Type Switch Help Text", "executorTypeSelectHelpText": "Executor Type Select Help Text", "executorTypeSelectAlgorithm": "Executor Type Select Algorithm", "executorTypeTextHelpText": "Executor Type Text Help Text", "executorAuthenticatorMultiSelectHelpText": "Executor Authenticator MultiSelect Help Text", "executorClientAuthenticator": "Executor Client Authenticator", "executorsTable": "Executors table", "executorName": "Name", "emptyExecutors": "No executors configured", "addExecutorSuccess": "Success! Executor created successfully", "addExecutorError": "Executor not created", "updateExecutorSuccess": "Executor updated successfully", "updateExecutorError": "Executor not updated", "deleteExecutorProfileConfirmTitle": "Delete executor?", "deleteExecutorProfileConfirm": "The action will permanently delete {{executorName}}. This cannot be undone.", "deleteExecutorSuccess": "Success! The executor was deleted.", "deleteExecutorError": "Could not delete executor: {{error}}", "updateClientProfilesSuccess": "The client profiles configuration was updated", "updateClientProfilesError": "Provided JSON is incorrect: Unexpected token { in JSON", "deleteClientPolicyConditionConfirmTitle": "Delete condition?", "deleteClientPolicyConditionConfirm": "This action will permanently delete {{condition}}. This cannot be undone.", "selectACondition": "Select a condition", "conditions": "Conditions", "conditionType": "Condition type", "anyClient": "The condition is satisfied by any client on any event.", "clientAccesstype": "Client Access Type", "clientScopesCondition": "Expected Scopes", "updateClientContext": "Update Client Context", "clientUpdaterSourceGroups": "Groups", "clientUpdaterTrustedHosts": "Trusted Hosts", "clientUpdaterSourceRoles": "Updating entity role", "conditionsHelpItem": "Conditions help item", "addCondition": "Add condition", "editCondition": "Edit condition", "emptyConditions": "No conditions configured", "updateClientPoliciesSuccess": "The client policies configuration was updated", "updateClientPoliciesError": "Provided JSON is incorrect: Unexpected token { in JSON", "clientProfiles": "Client profiles", "clientProfilesHelpItem": "Client profiles help item", "addClientProfile": "Add client profile", "emptyProfiles": "No client profiles configured", "tokens": "Tokens", "userProfile": "User profile", "jsonEditor": "JSON editor", "attributesGroup": "Attributes group", "invalidJsonError": "Unable to save user profile, the provided information is not valid JSON.", "userProfileSuccess": "User profile settings successfully updated.", "userProfileError": "Could not update user profile settings: {{error}}", "recommendedSsoTimeout": "It is recommended for this value to be shorter than the SSO session idle timeout: {{time}}", "supportedLocales": "Supported locales", "defaultLocale": "Default locale", "selectLocales": "Select locales", "searchForMessageBundle": "Search for message bundle", "addMessageBundle": "Add message bundle", "addMessageBundleSuccess": "Success! The message bundle has been added.", "deleteMessageBundleSuccess": "Successfully removed the message from the bundle", "deleteMessageBundleError": "Error removing the message from the bundle, {{error}}", "rowEditBtnAriaLabel": "Edit {{messageBundle}}", "rowSaveBtnAriaLabel": "Save edits for {{messageBundle}}", "rowCancelBtnAriaLabel": "Cancel edits for {{messageBundle}}", "updateMessageBundleSuccess": "Success! Message bundle updated.", "updateMessageBundleError": "Error updating message bundle.", "addMessageBundleError": "Error creating message bundle, {{error}}", "allGroups": "All groups", "attributeName": "Attribute [Name]", "attributeDisplayName": "Display name", "attributeGroup": "Attribute group", "enabledWhen": "Enabled when", "requiredFor": "Required for", "requiredWhen": "Required when", "requiredForLabel": { "both": "Both users and admins", "users": "Only users", "admins": "Only admins" }, "whoCanEdit": "Who can edit?", "whoCanView": "Who can view?", "admin": "Admin", "addValidator": "Add validator", "validatorType": "Validator type", "addValidatorRole": "Add {{validatorName}} validator", "validatorDialogColNames": { "colName": "Role name", "colDescription": "Description" }, "validatorColNames": { "colName": "Validator name", "colConfig": "Config" }, "deleteValidatorConfirmTitle": "Delete validator?", "deleteValidatorConfirmMsg": "Are you sure you want to permanently delete the validator {{validatorName}}?", "validatorDeletedSuccess": "Success! User Profile configuration has been saved.", "validatorDeletedError": "Error saving User Profile: {{error}}", "emptyValidators": "No validators.", "updatedUserProfileSuccess": "User Profile configuration has been saved", "updatedUserProfileError": "User Profile configuration hasn't been saved", "createAttribute": "Create attribute", "editAttribute": "Edit attribute", "createAttributeSubTitle": "Create a new attribute", "createAttributeSuccess": "Success! User Profile configuration has been saved.", "createAttributeError": "Error! User Profile configuration has not been saved {{error}}.", "attributesDropdown": "Attributes dropdown", "deleteAttributeConfirmTitle": "Delete attribute?", "deleteAttributeConfirm": "Are you sure you want to permanently delete the attribute {{attributeName}}?", "deleteAttributeSuccess": "Attribute deleted", "deleteAttributeError": "Attribute not deleted", "always": "Always", "scopesAsRequested": "Scopes are requested", "validations": "Validations", "annotations": "Annotations", "addAnnotationText": "Add annotation", "validateName": "You must enter a name", "searchEventType": "Search saved event type", "addSavedTypes": "Add saved types", "addTypes": "Add types", "eventTypes": { "SEND_RESET_PASSWORD": { "name": "Send reset password", "description": "Send reset password" }, "UPDATE_CONSENT_ERROR": { "name": "Update consent error", "description": "Update consent error" }, "GRANT_CONSENT": { "name": "Grant consent", "description": "Grant consent" }, "REMOVE_TOTP": { "name": "Remove totp", "description": "Remove totp" }, "REVOKE_GRANT": { "name": "Revoke grant", "description": "Revoke grant" }, "UPDATE_TOTP": { "name": "Update totp", "description": "Update totp" }, "LOGIN_ERROR": { "name": "Login error", "description": "Login error" }, "CLIENT_LOGIN": { "name": "Client login", "description": "Client login" }, "RESET_PASSWORD_ERROR": { "name": "Reset password error", "description": "Reset password error" }, "IMPERSONATE_ERROR": { "name": "Impersonate error", "description": "Impersonate error" }, "CODE_TO_TOKEN_ERROR": { "name": "Code to token error", "description": "Code to token error" }, "CUSTOM_REQUIRED_ACTION": { "name": "Custom required action", "description": "Custom required action" }, "RESTART_AUTHENTICATION": { "name": "Restart authentication", "description": "Restart authentication" }, "IMPERSONATE": { "name": "Impersonate", "description": "Impersonate" }, "UPDATE_PROFILE_ERROR": { "name": "Update profile error", "description": "Update profile error" }, "LOGIN": { "name": "Login", "description": "Login" }, "UPDATE_PASSWORD_ERROR": { "name": "Update password error", "description": "Update password error" }, "CLIENT_INITIATED_ACCOUNT_LINKING": { "name": "Client initiated account linking", "description": "Client initiated account linking" }, "TOKEN_EXCHANGE": { "name": "Token exchange", "description": "Token exchange" }, "LOGOUT": { "name": "Logout", "description": "Logout" }, "REGISTER": { "name": "Register", "description": "Register" }, "DELETE_ACCOUNT_ERROR": { "name": "Delete account error", "description": "Delete account error" }, "CLIENT_REGISTER": { "name": "Client register", "description": "Client register" }, "IDENTITY_PROVIDER_LINK_ACCOUNT": { "name": "Identity provider link account", "description": "Identity provider link account" }, "DELETE_ACCOUNT": { "name": "Delete account", "description": "Delete account" }, "UPDATE_PASSWORD": { "name": "Update password", "description": "Update password" }, "CLIENT_DELETE": { "name": "Client delete", "description": "Client delete" }, "FEDERATED_IDENTITY_LINK_ERROR": { "name": "Federated identity link error", "description": "Federated identity link error" }, "IDENTITY_PROVIDER_FIRST_LOGIN": { "name": "Identity provider first login", "description": "Identity provider first login" }, "CLIENT_DELETE_ERROR": { "name": "Client delete error", "description": "Client delete error" }, "VERIFY_EMAIL": { "name": "Verify email", "description": "Verify email" }, "CLIENT_LOGIN_ERROR": { "name": "Client login error", "description": "Client login error" }, "RESTART_AUTHENTICATION_ERROR": { "name": "Restart authentication error", "description": "Restart authentication error" }, "EXECUTE_ACTIONS": { "name": "Execute actions", "description": "Execute actions" }, "REMOVE_FEDERATED_IDENTITY_ERROR": { "name": "Remove federated identity error", "description": "Remove federated identity error" }, "TOKEN_EXCHANGE_ERROR": { "name": "Token exchange error", "description": "Token exchange error" }, "PERMISSION_TOKEN": { "name": "Permission token", "description": "Permission token" }, "SEND_IDENTITY_PROVIDER_LINK_ERROR": { "name": "Send identity provider link error", "description": "Send identity provider link error" }, "EXECUTE_ACTION_TOKEN_ERROR": { "name": "Execute action token error", "description": "Execute action token error" }, "SEND_VERIFY_EMAIL": { "name": "Send verify email", "description": "Send verify email" }, "EXECUTE_ACTIONS_ERROR": { "name": "Execute actions error", "description": "Execute actions error" }, "REMOVE_FEDERATED_IDENTITY": { "name": "Remove federated identity", "description": "Remove federated identity" }, "IDENTITY_PROVIDER_POST_LOGIN": { "name": "Identity provider post login", "description": "Identity provider post login" }, "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR": { "name": "Identity provider link account error", "description": "Identity provider link account error" }, "UPDATE_EMAIL": { "name": "Update email", "description": "Update email" }, "REGISTER_ERROR": { "name": "Register error", "description": "Register error" }, "REVOKE_GRANT_ERROR": { "name": "Revoke grant error", "description": "Revoke grant error" }, "EXECUTE_ACTION_TOKEN": { "name": "Execute action token", "description": "Execute action token" }, "LOGOUT_ERROR": { "name": "Logout error", "description": "Logout error" }, "UPDATE_EMAIL_ERROR": { "name": "Update email error", "description": "Update email error" }, "CLIENT_UPDATE_ERROR": { "name": "Client update error", "description": "Client update error" }, "UPDATE_PROFILE": { "name": "Update profile", "description": "Update profile" }, "CLIENT_REGISTER_ERROR": { "name": "Client register error", "description": "Client register error" }, "FEDERATED_IDENTITY_LINK": { "name": "Federated identity link", "description": "Federated identity link" }, "SEND_IDENTITY_PROVIDER_LINK": { "name": "Send identity provider link", "description": "Send identity provider link" }, "SEND_VERIFY_EMAIL_ERROR": { "name": "Send verify email error", "description": "Send verify email error" }, "RESET_PASSWORD": { "name": "Reset password", "description": "Reset password" }, "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR": { "name": "Client initiated account linking error", "description": "Client initiated account linking error" }, "UPDATE_CONSENT": { "name": "Update consent", "description": "Update consent" }, "REMOVE_TOTP_ERROR": { "name": "Remove totp error", "description": "Remove totp error" }, "VERIFY_EMAIL_ERROR": { "name": "Verify email error", "description": "Verify email error" }, "SEND_RESET_PASSWORD_ERROR": { "name": "Send reset password error", "description": "Send reset password error" }, "CLIENT_UPDATE": { "name": "Client update", "description": "Client update" }, "CUSTOM_REQUIRED_ACTION_ERROR": { "name": "Custom required action error", "description": "Custom required action error" }, "IDENTITY_PROVIDER_POST_LOGIN_ERROR": { "name": "Identity provider post login error", "description": "Identity provider post login error" }, "UPDATE_TOTP_ERROR": { "name": "Update totp error", "description": "Update totp error" }, "CODE_TO_TOKEN": { "name": "Code to token", "description": "Code to token" }, "GRANT_CONSENT_ERROR": { "name": "Grant consent error", "description": "Grant consent error" }, "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR": { "name": "Identity provider first login error", "description": "Identity provider first login error" }, "REGISTER_NODE_ERROR": { "name": "Register node error", "description": "Register node error" }, "PERMISSION_TOKEN_ERROR": { "name": "Permission token error", "description": "Permission token error" }, "IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR": { "name": "Identity provider retrieve token error", "description": "Identity provider retrieve token error" }, "CLIENT_INFO": { "name": "Client info", "description": "Client info" }, "VALIDATE_ACCESS_TOKEN": { "name": "Validate access token", "description": "Validate access token" }, "IDENTITY_PROVIDER_LOGIN": { "name": "Identity provider login", "description": "Identity provider login" }, "CLIENT_INFO_ERROR": { "name": "Client info error", "description": "Client info error" }, "INTROSPECT_TOKEN_ERROR": { "name": "Introspect token error", "description": "Introspect token error" }, "INTROSPECT_TOKEN": { "name": "Introspect token", "description": "Introspect token" }, "UNREGISTER_NODE": { "name": "Unregister node", "description": "Unregister node" }, "REGISTER_NODE": { "name": "Register node", "description": "Register node" }, "INVALID_SIGNATURE": { "name": "Invalid signature", "description": "Invalid signature" }, "USER_INFO_REQUEST_ERROR": { "name": "User info request error", "description": "User info request error" }, "REFRESH_TOKEN": { "name": "Refresh token", "description": "Refresh token" }, "IDENTITY_PROVIDER_RESPONSE": { "name": "Identity provider response", "description": "Identity provider response" }, "IDENTITY_PROVIDER_RETRIEVE_TOKEN": { "name": "Identity provider retrieve token", "description": "Identity provider retrieve token" }, "UNREGISTER_NODE_ERROR": { "name": "Unregister node error", "description": "Unregister node error" }, "VALIDATE_ACCESS_TOKEN_ERROR": { "name": "Validate access token error", "description": "Validate access token error" }, "INVALID_SIGNATURE_ERROR": { "name": "Invalid signature error", "description": "Invalid signature error" }, "USER_INFO_REQUEST": { "name": "User info request", "description": "User info request" }, "IDENTITY_PROVIDER_RESPONSE_ERROR": { "name": "Identity provider response error", "description": "Identity provider response error" }, "IDENTITY_PROVIDER_LOGIN_ERROR": { "name": "Identity provider login error", "description": "Identity provider login error" }, "REFRESH_TOKEN_ERROR": { "name": "Refresh token error", "description": "Refresh token error" }, "VERIFY_PROFILE": { "name": "Verify profile", "description": "Verify profile" }, "VERIFY_PROFILE_ERROR": { "name": "Verify profile error", "description": "Verify profile error" }, "OAUTH2_DEVICE_CODE_TO_TOKEN": { "name": "Oauth2 device code to token", "description": "Oauth2 device code to token" }, "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR": { "name": "Oauth2 device code to token error", "description": "Oauth2 device code to token error" }, "OAUTH2_DEVICE_VERIFY_USER_CODE": { "name": "Oauth2 device verify user code", "description": "Oauth2 device verify user code" }, "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR": { "name": "Oauth2 device verify user code error", "description": "Oauth2 device verify user code error" }, "AUTHREQID_TO_TOKEN": { "name": "Authreqid to token", "description": "Authreqid to token" }, "AUTHREQID_TO_TOKEN_ERROR": { "name": "Authreqid to token error", "description": "Authreqid to token error" }, "OAUTH2_DEVICE_AUTH": { "name": "Oauth2 device authentication", "description": "Oauth2 device authentication" }, "OAUTH2_DEVICE_AUTH_ERROR": { "name": "Oauth2 device authentication error", "description": "Oauth2 device authentication error" }, "PUSHED_AUTHORIZATION_REQUEST": { "name": "Pushed authorization request", "description": "Pushed authorization request" }, "PUSHED_AUTHORIZATION_REQUEST_ERROR": { "name": "Pushed authorization request error", "description": "Pushed authorization request error" } }, "eventConfigSuccessfully": "Successfully saved configuration", "eventConfigError": "Could not save event configuration {{error}}", "deleteEvents": "Clear events", "deleteEventsConfirm": "If you clear all events of this realm, all records will be permanently cleared in the database", "admin-events-cleared": "The admin events have been cleared", "admin-events-cleared-error": "Could not clear the admin events {{error}}", "user-events-cleared": "The user events have been cleared", "user-events-cleared-error": "Could not clear the user events {{error}}", "events-disable-title": "Unsave events?", "events-disable-confirm": "If \"Save events\" is disabled, subsequent events will not be displayed in the \"Events\" menu", "noMessageBundles": "No message bundles", "noMessageBundlesInstructions": "Add a message bundle to get started.", "messageBundleDescription": "You can edit the supported locales. If you haven't selected supported locales yet, you can only edit the English locale.", "defaultRoles": "Default roles", "defaultGroups": "Default groups", "whatIsDefaultGroups": "What is the function of default groups?", "addDefaultGroups": "Add default groups", "removeConfirmTitle_one": "Remove group?", "removeConfirmTitle_other": "Remove groups?", "removeConfirm_one": "Are you sure you want to remove this group", "removeConfirm_other": "Are you sure you want to remove these groups.", "groupRemove_one": "Group removed", "groupRemove_other": "Groups removed", "groupRemoveError": "Error removing group {error}", "defaultGroupAdded_one": "New group added to the default groups", "defaultGroupAdded_other": "Added {{count}} groups to the default groups", "defaultGroupAddedError": "Error adding group(s) to the default group {error}", "noDefaultGroups": "No default groups", "noDefaultGroupsInstructions": "Default groups allow you to automatically assign group membership whenever any new user is created or imported throughout <1>identity brokering. Add default groups to get started", "securityDefences": "Security defenses", "headers": "Headers", "bruteForceDetection": "Brute force detection", "xFrameOptions": "X-Frame-Options", "contentSecurityPolicy": "Content-Security-Policy", "contentSecurityPolicyReportOnly": "Content-Security-Policy-Report-Only", "xContentTypeOptions": "X-Content-Type-Options", "xRobotsTag": "X-Robots-Tag", "xXSSProtection": "X-XSS-Protection", "strictTransportSecurity": "HTTP Strict Transport Security (HSTS)", "referrerPolicy": "Referrer Policy", "failureFactor": "Max login failures", "permanentLockout": "Permanent lockout", "waitIncrementSeconds": "Wait increment", "maxFailureWaitSeconds": "Max wait", "maxDeltaTimeSeconds": "Failure reset time", "quickLoginCheckMilliSeconds": "Quick login check milliseconds", "minimumQuickLoginWaitSeconds": "Minimum quick login wait", "partialExportHeaderText": "Partial export allows you to export realm configuration, and other associated resources into a json file.", "includeGroupsAndRoles": "Include groups and roles", "includeClients": "Include clients", "exportWarningTitle": "Export with caution", "exportWarningDescription": "If there is a great number of groups, roles or clients in your realm, the operation may make server unresponsive for a while.", "exportSuccess": "Realm successfully exported.", "exportFail": "Could not export realm: '{{error}}'", "partialImportHeaderText": "Partial import allows you to import users, clients, and other resources from a previously exported json file.", "selectRealm": "Select realm", "chooseResources": "Choose the resources you want to import", "selectIfResourceExists": "If a resource already exists, specify what should be done", "resourcesToImport": "Resources to import", "importFail": "Import failed: {{error}}", "FAIL": "Fail import", "SKIP": "Skip", "OVERWRITE": "Overwrite", "added": "Added", "skipped": "Skipped", "overwritten": "Overwritten", "importAdded_zero": "No records added.", "importAdded_one": "One record added.", "importAdded_other": "{{count}} records added.", "importOverwritten_zero": "No records overwritten.", "importOverwritten_one": "One record overwritten.", "importOverwritten_other": "{{count}} records overwritten.", "importSkipped_zero": "No records skipped.", "importSkipped_one": "One record skipped.", "importSkipped_other": "{{count}} records skipped.", "fromDisplayNameHelp": "A user-friendly name for the 'From' address (optional).", "replyToDisplayNameHelp": "A user-friendly name for the 'Reply-To' address (optional).", "envelopeFromHelp": "An email address used for bounces (optional).", "passwordHelp": "SMTP password. This field is able to obtain its value from vault, use ${vault.ID} format.", "frontendUrlHelp": "Set the frontend URL for the realm. Use in combination with the default hostname provider to override the base URL for frontend requests for a specific realm.", "requireSslHelp": "Is HTTPS required? 'None' means HTTPS is not required for any client IP address. 'External requests' means localhost and private IP addresses can access without HTTPS. 'All requests' means HTTPS is required for all IP addresses.", "userManagedAccessHelp": "If enabled, users are allowed to manage their resources and permissions using the Account Management UI.", "userProfileEnabledHelp": "If enabled, allows managing user profiles.", "endpointsHelp": "Shows the configuration of the Service Provider endpoint", "accountThemeHelp": "Select a theme for the user account management console.", "adminThemeHelp": "Select a theme for administration console.", "emailThemeHelp": "Select a theme for emails that are sent by the server.", "priorityHelp": "Priority of the provider", "enabledHelp": "Set if the keys are enabled", "activeHelp": "Set if the keys can be used for signing", "AESKeySizeHelp": "Size in bytes for the generated AES key. Size 16 is for AES-128, Size 24 for AES-192, and Size 32 for AES-256. WARN: Bigger keys than 128 are not allowed on some JDK implementations.", "save-user-events": "If enabled, user events are saved to the database, which makes events available to the admin and account management UIs.", "save-admin-events": "If enabled, admin events are saved to the database, which makes events available to the Admin UI.", "admin-clearEvents": "Deletes all admin events in the database.", "includeRepresentationHelp": "Include JSON representation for create and update requests.", "user-clearEvents": "Deletes all user events in the database.", "ellipticCurveHelp": "Elliptic curve used in ECDSA", "secretSizeHelp": "Size in bytes for the generated secret", "keySizeHelp": "Size for the generated keys", "algorithmHelp": "Intended algorithm for the key", "keystoreHelp": "Path to keys file", "keystorePasswordHelp": "Password for the keys", "privateRSAKeyHelp": "Private RSA Key encoded in PEM format", "x509CertificateHelp": "X509 Certificate encoded in PEM format", "xFrameOptionsHelp": "Default value prevents pages from being included by non-origin iframes <1>Learn more", "contentSecurityPolicyHelp": "Default value prevents pages from being included by non-origin iframes <1>Learn more", "contentSecurityPolicyReportOnlyHelp": "For testing Content Security Policies <1>Learn more", "xContentTypeOptionsHelp": "Default value prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type <1>Learn more", "xRobotsTagHelp": "Prevent pages from appearing in search engines <1>Learn more", "xXSSProtectionHelp": "This header configures the Cross-site scripting (XSS) filter in your browser. Using the default behaviour, the browser will prevent rendering of the page when a XSS attack is detected. <1>Learn more", "strictTransportSecurityHelp": "The Strict-Transport-Security HTTP header tells browsers to always use HTTPS. Once a browser sees this header, it will only visit the site over HTTPS for the time specified (1 year) at max-age, including the subdomains. <1>Learn more", "failureFactorHelp": "How many failures before wait is triggered.", "permanentLockoutHelp": "Lock the user permanently when the user exceeds the maximum login failures.", "waitIncrementSecondsHelp": "When failure threshold has been met, how much time should the user be locked out?", "maxFailureWaitSecondsHelp": "Max time a user will be locked out.", "maxDeltaTimeSecondsHelp": "When will failure count be reset?", "quickLoginCheckMilliSecondsHelp": "If a failure happens concurrently too quickly, lock out the user.", "minimumQuickLoginWaitSecondsHelp": "How long to wait after a quick login failure.", "ssoSessionIdle": "Time a session is allowed to be idle before it expires. Tokens and browser sessions are invalidated when a session is expired.", "ssoSessionMax": "Max time before a session is expired. Tokens and browser sessions are invalidated when a session is expired.", "ssoSessionIdleRememberMe": "Time a remember me session is allowed to be idle before it expires. Tokens and browser sessions are invalidated when a session is expired. If not set it uses the standard SSO Session Idle value.", "ssoSessionMaxRememberMe": "Max time before a session is expired when a user has set the remember me option. Tokens and browser sessions are invalidated when a session is expired. If not set it uses the standard SSO Session Max value.", "offlineSessionIdleHelp": "Time an offline session is allowed to be idle before it expires. You need to use offline token to refresh at least once within this period; otherwise offline session will expire.", "offlineSessionMaxLimitedHelp": "Enable offline session max", "offlineSessionMaxHelp": "Max time before an offline session is expired regardless of activity.", "loginTimeoutHelp": "Max time a user has to complete a login. This is recommended to be relatively long, such as 30 minutes or more", "loginActionTimeoutHelp": "Max time a user has to complete login related actions like update password or configure totp. This is recommended to be relatively long, such as 5 minutes or more", "defaultSigAlgHelp": "Default algorithm used to sign tokens for the realm", "revokeRefreshTokenHelp": "If enabled a refresh token can only be used up to 'Refresh Token Max Reuse' and is revoked when a different token is used. Otherwise refresh tokens are not revoked when used and can be used multiple times.", "refreshTokenMaxReuseHelp": "Maximum number of times a refresh token can be reused. When a different token is used, revocation is immediate.", "accessTokenLifespanImplicitFlowHelp": "Max time before an access token issued during OpenID Connect Implicit Flow is expired. This value is recommended to be shorter than the SSO timeout. There is no possibility to refresh token during implicit flow, that's why there is a separate timeout different to 'Access Token Lifespan'", "clientLoginTimeoutHelp": "Max time a client has to finish the access token protocol. This should normally be 1 minute.", "userInitiatedActionLifespanHelp": "Maximum time before an action permit sent by a user (such as a forgot password e-mail) is expired. This value is recommended to be short because it's expected that the user would react to self-created action quickly.", "defaultAdminInitiatedActionLifespanHelp": "Maximum time before an action permit sent to a user by administrator is expired. This value is recommended to be long to allow administrators to send e-mails for users that are currently offline. The default timeout can be overridden immediately before issuing the token.", "oAuthDeviceCodeLifespanHelp": "Max time before the device code and user code are expired. This value needs to be a long enough lifetime to be usable (allowing the user to retrieve their secondary device, navigate to the verification URI, login, etc.), but should be sufficiently short to limit the usability of a code obtained for phishing.", "oAuthDevicePollingIntervalHelp": "The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.", "shortVerificationUriTooltipHelp": "If set, this value will be return as verification_uri in Device Authorization flow. This uri need to redirect to {server-root}/realms/{realm}/device", "overrideActionTokensHelp": "Override default settings of maximum time before an action permit sent by a user (such as a forgot password e-mail) is expired for specific action. This value is recommended to be short because it's expected that the user would react to self-created action quickly.", "internationalizationHelp": "If enabled, you can choose which locales you support for this realm and which locale is the default.", "supportedLocalesHelp": "The locales to support for this realm. The user chooses one of these locales on the login screen.", "defaultLocaleHelp": "The initial locale to use. It is used on the login screen and other screens in the Admin UI and Account UI.", "conditionsHelp": "Conditions, which will be evaluated to determine if client policy should be applied during particular action or not.", "clientProfilesHelp": "Client profiles applied on this policy.", "clientAccessType": "It uses the client's access type (confidential, public, bearer-only) to determine whether the policy is applied. Condition is checked during most of OpenID Connect requests (Authorization requests, token requests, introspection endpoint request, etc.). Confidential client has enabled client authentication when public client has disabled client authentication. Bearer-only is a deprecated client type.", "clientAccesstypeTooltip": "Access Type of the client, for which the condition will be applied.", "clientRolesHelp": "The condition checks whether one of the specified client roles exists on the client to determine whether the policy is applied. This effectively allows client administrator to create client role of specified name on the client to make sure that particular client policy will be applied on requests of this client. Condition is checked during most of OpenID Connect requests (Authorization requests, token requests, introspection endpoint request, etc.)", "clientRolesConditionTooltip": "Client roles, which will be checked during this condition evaluation. Condition evaluates to true if client has at least one client role with the name as the client roles specified in the configuration.", "clientScopesHelp": "It uses the scopes requested or assigned in advance to the client to determine whether the policy is applied to this client. Condition is evaluated during OpenID Connect authorization request and/or token request.", "clientScopesConditionTooltip": "The list of expected client scopes. Condition evaluates to true if specified client request matches some of the client scopes. It depends also whether it should be default or optional client scope based on the 'Scope Type' configured.", "clientUpdaterContext": "The condition checks the context how is client created/updated to determine whether the policy is applied. For example it checks if client is created with admin REST API or OIDC dynamic client registration. And for the letter case if it is ANONYMOUS client registration or AUTHENTICATED client registration with Initial access token or Registration access token and so on.", "clientUpdaterSourceGroupsHelp": "The condition checks the group of the entity who tries to create/update the client to determine whether the policy is applied.", "clientUpdaterSourceGroupsTooltip": "Name of groups to check. Condition evaluates to true if the entity, who creates/updates client is member of some of the specified groups. Configured groups are specified by their simple name, which must match to the name of the Keycloak group. No support for group hierarchy is used here.", "clientUpdaterSourceHost": "The condition checks the host/domain of the entity who tries to create/update the client to determine whether the policy is applied.", "clientUpdaterTrustedHostsTooltip": "List of Hosts, which are trusted. In case that client registration/update request comes from the host/domain specified in this configuration, condition evaluates to true. You can use hostnames or IP addresses. If you use star at the beginning (for example '*.example.com' ) then whole domain example.com will be trusted.", "clientUpdaterSourceRolesHelp": "The condition checks the role of the entity who tries to create/update the client to determine whether the policy is applied.", "clientUpdaterSourceRolesTooltip": "The condition is checked during client registration/update requests and it evaluates to true if the entity (usually user), who is creating/updating client is member of the specified role. For reference the realm role, you can use the realm role name like 'my_realm_role' . For reference client role, you can use the client_id.role_name for example 'my_client.my_client_role' will refer to client role 'my_client_role' of client 'my_client'. ", "defaultGroupsHelp": "Default groups allow you to automatically assign groups membership whenever any new user is created or imported through <1>identity brokering.", "attributeGeneralSettingsDescription": "This section contains a few basic settings common to all attributes.", "attributeNameHelp": "Name of attribute to search for in assertion. You can leave this blank and specify a friendly name instead.", "attributeDisplayNameHelp": "Display name for the attribute. Supports keys for localized values as well. For example: ${profile.attribute.phoneNumber}.", "attributeGroupHelp": "user.profile.attribute.group.tooltip", "requiredHelp": "Set the attribute as required. If enabled, the attribute must be set by users and administrators. Otherwise, the attribute is optional.", "attributePermissionDescription": "This section contains permissions for who can edit and who can view the attribute.", "whoCanEditHelp": "If enabled, users or administrators can view and edit the attribute. Otherwise, users or administrators don't have access to write to the attribute.", "whoCanViewHelp": "If enabled, users or administrators can view the attribute. Otherwise, users or administrators don't have access to the attribute.", "editUsername": "If enabled, the username field is editable, readonly otherwise.", "authenticationExplain": "Authentication is the area where you can configure and manage different credential types.", "flows": "Flows", "requiredActions": "Required actions", "passwordPolicy": "Password policy", "otpPolicy": "OTP Policy", "webauthnPolicy": "Webauthn Policy", "webauthnPasswordlessPolicy": "Webauthn Passwordless Policy", "noPasswordPolicies": "No password policies", "noPasswordPoliciesInstructions": "You haven't added any password policies to this realm. Add a policy to get started.", "updatePasswordPolicySuccess": "Password policies successfully updated", "updatePasswordPolicyError": "Could not update the password policies: '{{error}}'", "webAuthnPolicyRpEntityName": "Relying party entity name", "addPolicy": "Add policy", "otpType": "OTP type", "policyType": { "totp": "Time based", "hotp": "Counter based" }, "otpHashAlgorithm": "OTP hash algorithm", "otpPolicyDigits": "Number of digits", "lookAround": "Look around window", "otpPolicyPeriod": "OTP Token period", "otpPolicyPeriodErrorHint": "Value needs to be between 1 second and 2 minutes", "otpPolicyCodeReusable": "Reusable token", "initialCounter": "Initial counter", "initialCounterErrorHint": "Value needs to be between 1 and 120", "supportedApplications": "Supported applications", "otpSupportedApplications": { "totpAppFreeOTPName": "FreeOTP", "totpAppGoogleName": "Google Authenticator", "totpAppMicrosoftAuthenticatorName": "Microsoft Authenticator" }, "updateOtpSuccess": "OTP policy successfully updated", "updateOtpError": "Could not update OTP policy: {{error}}", "cibaPolicy": "CIBA Policy", "cibaBackchannelTokenDeliveryMode": "Backchannel Token Delivery Mode", "cibaBackhannelTokenDeliveryModes": { "poll": "Poll", "ping": "Ping" }, "cibaExpiresIn": "Expires In", "cibaInterval": "Interval", "cibaAuthRequestedUserHint": "Authentication Requested User Hint", "updateCibaSuccess": "CIBA policy successfully updated", "updateCibaError": "Could not update CIBA policy: {{error}}", "webAuthnPolicySignatureAlgorithms": "Signature algorithms", "webAuthnPolicyRpId": "Relying party ID", "webAuthnPolicyAttestationConveyancePreference": "Attestation conveyance preference", "attestationPreference": { "not specified": "Not specified", "none": "None", "indirect": "Indirect", "direct": "Direct" }, "webAuthnPolicyAuthenticatorAttachment": "Authenticator Attachment", "authenticatorAttachment": { "not specified": "Not specified", "platform": "Platform", "cross-platform": "Cross platform" }, "webAuthnPolicyRequireResidentKey": "Require resident key", "residentKey": { "not specified": "Not specified", "Yes": "Yes", "No": "No" }, "webAuthnPolicyUserVerificationRequirement": "User verification requirement", "userVerify": { "not specified": "Not specified", "required": "Required", "preferred": "Preferred", "discouraged": "Discouraged" }, "webAuthnPolicyCreateTimeout": "Timeout", "webAuthnPolicyCreateTimeoutHint": "Timeout needs to be between 0 seconds and 8 hours", "webAuthnPolicyAvoidSameAuthenticatorRegister": "Avoid same authenticator registration", "webAuthnPolicyAcceptableAaguids": "Acceptable AAGUIDs", "addAaguids": "Add AAGUID", "webAuthnUpdateSuccess": "Updated webauthn policies successfully", "webAuthnUpdateError": "Could not update webauthn policies due to {{error}}", "flowName": "Flow name", "searchForFlow": "Search for flow", "usedBy": "Used by", "flowUsedBy": "Use of this flow", "flowUsedByDescription": "This flow is used by the following {{value}}", "buildIn": "Built-in", "appliedByProviders": "Applied by the following providers", "appliedByClients": "Applied by the following clients", "used": { "SPECIFIC_PROVIDERS": "Specific providers", "SPECIFIC_CLIENTS": "Specific clients", "DEFAULT": "Default", "notInUse": "Not in use" }, "duplicate": "Duplicate", "bindFlow": "Bind flow", "chooseBindingType": "Choose binding type", "flow": { "browser": "Browser flow", "registration": "Registration flow", "direct grant": "Direct grant flow", "reset credentials": "Reset credentials flow", "clients": "Client authentication flow", "docker auth": "Docker authentication flow" }, "editInfo": "Edit info", "editFlow": "Edit flow", "deleteConfirmFlow": "Delete flow?", "deleteConfirmFlowMessage": "Are you sure you want to permanently delete the flow \"<1>{{flow}}\".", "deleteFlowSuccess": "Flow successfully deleted", "deleteFlowError": "Could not delete flow: {{error}}", "duplicateFlow": "Duplicate flow", "deleteConfirmExecution": "Delete execution?", "deleteConfirmExecutionMessage": "Are you sure you want to permanently delete the execution \"<1>{{name}}\".", "deleteExecutionSuccess": "Execution successfully deleted", "deleteExecutionError": "Could not delete execution: {{error}}", "updateFlowSuccess": "Flow successfully updated", "updateFlowError": "Could not update flow: {{error}}", "copyOf": "Copy of {{name}}", "copyFlowSuccess": "Flow successfully duplicated", "copyFlowError": "Could not duplicate flow: {{error}}", "createFlow": "Create flow", "flowType": "Flow type", "flow-type": { "basic-flow": "Generic", "form-flow": "Form" }, "top-level-flow-type": { "basic-flow": "Basic flow", "client-flow": "Client flow" }, "flowCreatedSuccess": "Flow created", "flowCreateError": "Could not create flow: {{error}}", "flowDetails": "Flow details", "tableView": "Table view", "diagramView": "Diagram view", "emptyExecution": "No steps", "emptyExecutionInstructions": "You can start defining this flow by adding a sub-flow or an execution", "addExecutionTitle": "Add an execution", "addExecution": "Add execution", "addSubFlowTitle": "Add a sub-flow", "addSubFlow": "Add sub-flow", "addStep": "Add step", "addStepTo": "Add step to {{name}}", "steps": "Steps", "requirement": "Requirement", "requirements": { "REQUIRED": "Required", "ALTERNATIVE": "Alternative", "DISABLED": "Disabled", "CONDITIONAL": "Conditional" }, "executionConfig": "{{name}} config", "alias": "Alias", "configSaveSuccess": "Successfully saved the execution config", "configSaveError": "Could not save the execution config: {{error}}", "setAsDefaultAction": "Set as default action", "disabledOff": "Disabled off", "updatedRequiredActionSuccess": "Updated required action successfully", "updatedRequiredActionError": "Could not update required action: {{error}}", "createFlowHelp": "You can create a top level flow within this from", "flowTypeHelp": "What kind of form is it", "topLevelFlowTypeHelp": "What kind of top level flow is it? Type 'client' is used for authentication of clients (applications) when generic is for users and everything else", "addExecutionHelp": "Execution can have a wide range of actions, from sending a reset email to validating an OTP", "addSubFlowHelp": "Sub-Flows can be either generic or form. The form type is used to construct a sub-flow that generates a single flow for the user. Sub-flows are a special type of execution that evaluate as successful depending on how the executions they contain evaluate.", "aliasHelp": "The alias uniquely identifies an identity provider and it is also used to build the redirect uri.", "authDefaultActionTooltip": "If enabled, any new user will have this required action assigned to it.", "otpTypeHelp": "totp is Time-Based One Time Password. 'hotp' is a counter base one time password in which the server keeps a counter to hash against.", "webAuthnPolicyRpEntityNameHelp": "Human-readable server name as WebAuthn Relying Party", "otpHashAlgorithmHelp": "What hashing algorithm should be used to generate the OTP.", "otpPolicyDigitsHelp": "How many digits should the OTP have?", "lookAroundHelp": "How far around should the server look just in case the token generator and server are out of time sync or counter sync?", "otpPolicyPeriodHelp": "How many seconds should an OTP token be valid? Defaults to 30 seconds.", "otpPolicyCodeReusableHelp": "Possibility to use the same OTP code again after successful authentication.", "supportedApplicationsHelp": "Applications that are known to work with the current OTP policy", "webauthnIntro": "What is this form used for?", "webAuthnPolicyFormHelp": "Policy for WebAuthn authentication. This one will be used by 'WebAuthn Register' required action and 'WebAuthn Authenticator' authenticator. Typical usage is, when WebAuthn will be used for the two-factor authentication.", "webAuthnPolicyPasswordlessFormHelp": "Policy for passwordless WebAuthn authentication. This one will be used by 'Webauthn Register Passwordless' required action and 'WebAuthn Passwordless Authenticator' authenticator. Typical usage is, when WebAuthn will be used as first-factor authentication. Having both 'WebAuthn Policy' and 'WebAuthn Passwordless Policy' allows to use WebAuthn as both first factor and second factor authenticator in the same realm.", "webAuthnPolicySignatureAlgorithmsHelp": "What signature algorithms should be used for Authentication Assertion.", "webAuthnPolicyRpIdHelp": "This is ID as WebAuthn Relying Party. It must be origin's effective domain.", "webAuthnPolicyAttestationConveyancePreferenceHelp": "Communicates to an authenticator the preference of how to generate an attestation statement.", "webAuthnPolicyAuthenticatorAttachmentHelp": "Communicates to an authenticator an acceptable attachment pattern.", "webAuthnPolicyRequireResidentKeyHelp": "It tells an authenticator create a public key credential as Resident Key or not.", "webAuthnPolicyUserVerificationRequirementHelp": "Communicates to an authenticator to confirm actually verifying a user.", "webAuthnPolicyCreateTimeoutHelp": "Timeout value for creating user's public key credential in seconds. if set to 0, this timeout option is not adapted.", "webAuthnPolicyAvoidSameAuthenticatorRegisterHelp": "Avoid registering the authenticator that has already been registered.", "webAuthnPolicyAcceptableAaguidsHelp": "The list of AAGUID of which an authenticator can be registered.", "passwordPoliciesHelp": { "forceExpiredPasswordChange": "The number of days the password is valid before a new password is required.", "hashIterations": "The number of times a password is hashed before storage or verification. Default: 27,500.", "passwordHistory": "Prevents a recently used password from being reused.", "passwordBlacklist": "Prevents the use of a password that is in a blacklist file.", "regexPattern": "Requires that the password matches one or more defined Java regular expression patterns.", "length": "The minimum number of characters required for the password.", "notUsername": "The password cannot match the username.", "notEmail": "The password cannot match the email address of the user.", "specialChars": "The number of special characters required in the password string.", "upperCase": "The number of uppercase letters required in the password string.", "lowerCase": "The number of lowercase letters required in the password string.", "digits": "The number of numerical digits required in the password string.", "hashAlgorithm": "Applies a hashing algorithm to passwords, so they are not stored in clear text.", "maxLength": "The maximum number of characters allowed in the password." }, "cibaBackchannelTokenDeliveryModeHelp": "Specifies how the CD (Consumption Device) gets the authentication result and related tokens. This mode will be used by default for the CIBA clients, which do not have other mode explicitly set.", "cibaExpiresInHelp": "The expiration time of the \"auth_req_id\" in seconds since the authentication request was received.", "cibaIntervalHelp": "The minimum amount of time in seconds that the CD (Consumption Device) must wait between polling requests to the token endpoint. If set to 0, the CD must use 5 as the default value according to the CIBA specification.", "cibaAuthRequestedUserHintHelp": "The way of identifying the end-user for whom authentication is being requested. Currently only \"login_hint\" is supported.", "descriptionLanding": "This is the description for the user federation landing page", "userFederationExplain": "User federation provides access to external databases and directories, such as LDAP and Active Directory.", "getStarted": "To get started, select a provider from the list below.", "addProvider_one": "Add {{provider}} provider", "addProvider_other": "Add {{provider}} providers", "addKerberosWizardTitle": "Add Kerberos user federation provider", "addLdapWizardTitle": "Add LDAP user federation provider", "syncChangedUsers": "Sync changed users", "syncAllUsers": "Sync all users", "syncLDAPGroupsSuccessful": "Data successfully synced {{result}}", "syncLDAPGroupsError": "Data could not be synced due {{error}}", "unlinkUsers": "Unlink users", "removeImported": "Remove imported", "deleteProvider": "Delete provider?", "generalOptions": "General options", "vendor": "Vendor", "connectionAndAuthenticationSettings": "Connection and authentication settings", "connectionURL": "Connection URL", "enableStartTls": "Enable StartTLS", "useTruststoreSpi": "Use Truststore SPI", "connectionPooling": "Connection pooling", "connectionTimeout": "Connection timeout", "bindType": "Bind type", "bindDn": "Bind DN", "bindCredentials": "Bind credentials", "ldapSearchingAndUpdatingSettings": "LDAP searching and updating", "editMode": "Edit mode", "usersDN": "Users DN", "usernameLdapAttribute": "Username LDAP attribute", "rdnLdapAttribute": "RDN LDAP attribute", "uuidLdapAttribute": "UUID LDAP attribute", "userObjectClasses": "User object classes", "userLdapFilter": "User LDAP filter", "searchScope": "Search scope", "readTimeout": "Read timeout", "pagination": "Pagination", "synchronizationSettings": "Synchronization settings", "syncRegistrations": "Sync Registrations", "importUsers": "Import users", "batchSize": "Batch size", "periodicFullSync": "Periodic full sync", "fullSyncPeriod": "Full sync period", "periodicChangedUsersSync": "Periodic changed users sync", "changedUsersSyncPeriod": "Changed users sync period", "kerberosIntegration": "Kerberos integration", "allowKerberosAuthentication": "Allow Kerberos authentication", "useKerberosForPasswordAuthentication": "Use Kerberos for password authentication", "cacheSettings": "Cache settings", "cachePolicy": "Cache policy", "evictionDay": "Eviction day", "evictionHour": "Eviction hour", "evictionMinute": "Eviction minute", "maxLifespan": "Max lifespan", "ms": "milliseconds", "enableLdapv3Password": "Enable the LDAPv3 password modify extended operation", "validatePasswordPolicy": "Validate password policy", "trustEmail": "Trust Email", "requiredSettings": "Required Settings", "kerberosRealm": "Kerberos realm", "serverPrincipal": "Server principal", "keyTab": "Key tab", "krbPrincipalAttribute": "Kerberos principal attribute", "debug": "Debug", "allowPasswordAuthentication": "Allow password authentication", "updateFirstLogin": "Update first login", "never": "Never", "oneLevel": "One Level", "subtree": "Subtree", "queryExtensions": "Query Supported Extensions", "testAuthentication": "Test authentication", "testSuccess": "Successfully connected to LDAP", "testError": "Error when trying to connect to LDAP: '{{error}}'", "managePriorities": "Manage priorities", "managePriorityOrder": "Manage priority order", "managePriorityInfo": "Priority is the order of providers when doing a user lookup. You can drag the row handlers to change the priorities.", "orderChangeSuccess": "Successfully changed display order of identity providers", "orderChangeError": "Could not change display order of identity providers {{error}}", "addNewProvider": "Add new provider", "addCustomProvider": "Add custom provider", "providerDetails": "Provider details", "userFedDeletedSuccess": "The user federation provider has been deleted.", "userFedDeleteError": "Could not delete user federation provider: '{{error}}'", "userFedDeleteConfirmTitle": "Delete user federation provider?", "userFedDeleteConfirm": "If you delete this user federation provider, all associated data will be removed.", "userFedDisableConfirmTitle": "Disable user federation provider?", "userFedDisableConfirm": "If you disable this user federation provider, it will not be considered for queries and imported users will be disabled and read-only until the provider is enabled again.", "userFedUnlinkUsersConfirmTitle": "Unlink all users?", "userFedUnlinkUsersConfirm": "Do you want to unlink all the users? Any users without a password in the database will not be able to authenticate anymore.", "removeImportedUsers": "Remove imported users?", "removeImportedUsersMessage": "Do you really want to remove all imported users? The option \"Unlink users\" makes sense just for the Edit Mode \"Unsynced\" and there should be a warning that \"unlinked\" users without the password in Keycloak database won't be able to authenticate.", "removeImportedUsersSuccess": "Imported users have been removed.", "removeImportedUsersError": "Could not remove imported users: '{{error}}'", "syncUsersSuccess": "Sync of users finished successfully.", "syncUsersError": "Could not sync users: '{{error}}'", "unlinkUsersSuccess": "Unlink of users finished successfully.", "unlinkUsersError": "Could not unlink users: '{{error}}'", "validateRealm": "You must enter a realm", "validateServerPrincipal": "You must enter a server principal", "validateKeyTab": "You must enter a key tab", "validateConnectionUrl": "You must enter a connection URL", "validateBindDn": "You must enter the DN of the LDAP admin", "validateBindCredentials": "You must enter the password of the LDAP admin", "validateUuidLDAPAttribute": "You must enter a UUID LDAP attribute", "validateUserObjectClasses": "You must enter one or more user object classes", "validateEditMode": "You must select an edit mode", "validateUsersDn": "You must enter users DN", "validateUsernameLDAPAttribute": "You must enter a username LDAP attribute", "validateRdnLdapAttribute": "You must enter an RDN LDAP attribute", "validateCustomUserSearchFilter": "Filter must be enclosed in parentheses, for example: (filter)", "mapperTypeMsadUserAccountControlManager": "msad-user-account-control-mapper", "mapperTypeMsadLdsUserAccountControlMapper": "msad-user-account-control-mapper", "mapperTypeGroupLdapMapper": "group-ldap-mapper", "mapperTypeUserAttributeLdapMapper": "user-attribute-ldap-mapper", "mapperTypeRoleLdapMapper": "role-ldap-mapper", "mapperTypeHardcodedAttributeMapper": "hardcoded-attribute-mapper", "mapperTypeHardcodedLdapRoleMapper": "hardcoded-ldap-role-mapper", "mapperTypeCertificateLdapMapper": "certificate-ldap-mapper", "mapperTypeFullNameLdapMapper": "full-name-ldap-mapper", "mapperTypeHardcodedLdapGroupMapper": "hardcoded-ldap-group-mapper", "mapperTypeLdapAttributeMapper": "hardcoded-ldap-attribute-mapper", "ldapMappersList": "LDAP Mappers", "ldapFullNameAttribute": "LDAP full name attribute", "writeOnly": "Write only", "ldapGroupsDn": "LDAP groups DN", "groupNameLdapAttribute": "Group name LDAP attribute", "groupObjectClasses": "Group object classes", "preserveGroupInheritance": "Preserve group inheritance", "ignoreMissingGroups": "Ignore missing groups", "userGroupsRetrieveStrategy": "User groups retrieve strategy", "mappedGroupAttributes": "Mapped group attributes", "dropNonexistingGroupsDuringSync": "Drop non-existing groups during sync", "groupsPath": "Groups path", "membershipLdapAttribute": "Membership LDAP attribute", "membershipAttributeType": "Membership attribute type", "membershipUserLdapAttribute": "Membership user LDAP attribute", "ldapFilter": "LDAP filter", "mode": "Mode", "memberofLdapAttribute": "Member-of LDAP attribute", "ldapRolesDn": "LDAP roles DN", "roleNameLdapAttribute": "Role name LDAP attribute", "roleObjectClasses": "Role object classes", "userRolesRetrieveStrategy": "User roles retrieve strategy", "useRealmRolesMapping": "Use realm roles mapping", "ldapAttributeName": "LDAP attribute name", "ldapAttributeValue": "LDAP attribute value", "userModelAttribute": "User model attribute", "ldapAttribute": "LDAP attribute", "readOnly": "Read only", "alwaysReadValueFromLdap": "Always read value from LDAP", "isMandatoryInLdap": "Is mandatory in LDAP", "attributeDefaultValue": "Attribute default value", "isBinaryAttribute": "Is binary attribute", "derFormatted": "DER formatted", "passwordPolicyHintsEnabled": "Password policy hints enabled", "userModelAttributeName": "User model attribute name", "attributeValue": "Attribute Value", "selectRole": { "label": "Select Role", "tooltip": "Enter role in the textbox to the left, or click this button to browse and select the role you want." }, "group": "Group", "providerType": "Provider Type", "parentId": "Parent ID", "kerberosPrincipal": "Kerberos Principal", "kerberosKeyTab": "Kerberos Key Tab", "sync-ldap-roles-to-keycloak": "Sync LDAP roles to Keycloak", "sync-keycloak-roles-to-ldap": "Sync Keycloak roles to LDAP", "sync-ldap-groups-to-keycloak": "Sync LDAP groups to Keycloak", "sync-keycloak-groups-to-ldap": "Sync Keycloak groups to LDAP", "addKerberosWizardDescription": "Text needed here", "addLdapWizardDescription": "Text needed here", "ldapGeneralOptionsSettingsDescription": "This section contains a few basic options common to all user storage providers.", "uiDisplayNameHelp": "Display name of provider when linked in the Admin UI", "vendorHelp": "LDAP vendor (provider)", "ldapConnectionAndAuthorizationSettingsDescription": "This section contains options related to the configuration of the connection to the LDAP server. It also contains options related to authentication of the LDAP connection to the LDAP server.", "consoleDisplayConnectionUrlHelp": "Connection URL to your LDAP server", "enableStartTlsHelp": "Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling", "useTruststoreSpiHelp": "Specifies whether LDAP connection will use the Truststore SPI with the truststore configured in command-line options. 'Always' means that it will always use it. 'Never' means that it will not use it. Note that even if Keycloak truststore is not configured, the default java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.", "connectionPoolingHelp": "Determines if Keycloak should use connection pooling for accessing LDAP server.", "connectionTimeoutHelp": "LDAP connection timeout in milliseconds", "bindTypeHelp": "Type of the authentication method used during LDAP bind operation. It is used in most of the requests sent to the LDAP server. Currently only 'none' (anonymous LDAP authentication) or 'simple' (bind credential + bind password authentication) mechanisms are available.", "bindDnHelp": "DN of the LDAP admin, which will be used by Keycloak to access LDAP server", "bindCredentialsHelp": "Password of LDAP admin. This field is able to obtain its value from vault, use ${vault.ID} format.", "ldapSearchingAndUpdatingSettingsDescription": "This section contains options related to searching the LDAP server for the available users.", "editModeLdapHelp": "READ_ONLY is a read-only LDAP store. WRITABLE means data will be synced back to LDAP on demand. UNSYNCED means user data will be imported, but not synced back to LDAP.", "usersDNHelp": "Full DN of LDAP tree where your users are. This DN is the parent of LDAP users. It could be for example 'ou=users,dc=example,dc=com' assuming that your typical user will have DN like 'uid='john',ou=users,dc=example,dc=com'.", "usernameLdapAttributeHelp": "Name of the LDAP attribute, which is mapped as Keycloak username. For many LDAP server vendors it can be 'uid'. For Active directory it can be 'sAMAccountName' or 'cn'. The attribute should be filled for all LDAP user records you want to import from LDAP to Keycloak.", "rdnLdapAttributeHelp": "Name of the LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as the Username LDAP attribute, however it is not required. For example for Active directory, it is common to use 'cn' as RDN attribute when username attribute might be 'sAMAccountName'.", "uuidLdapAttributeHelp": "Name of the LDAP attribute, which is used as a unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors, it is 'entryUUID'; however some are different. For example, for Active directory it should be 'objectGUID'. If your LDAP server does not support the notion of UUID, you can use any other attribute that is supposed to be unique among LDAP users in tree. For example 'uid' or 'entryDN'.", "userObjectClassesHelp": "All values of LDAP objectClass attribute for users in LDAP, divided by commas. For example: 'inetOrgPerson, organizationalPerson'. Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records are found just if they contain all those object classes.", "userLdapFilterHelp": "Additional LDAP filter for filtering searched users. Leave this empty if you don't need an additional filter. Make sure that it starts with '(' and ends with ')'.", "searchScopeHelp": "For one level, the search applies only for users in the DNs specified by User DNs. For subtree, the search applies to the whole subtree. See LDAP documentation for more details.", "readTimeoutHelp": "LDAP read timeout in milliseconds. This timeout applies for LDAP read operations.", "paginationHelp": "Whether the LDAP server supports pagination", "ldapSynchronizationSettingsDescription": "This section contains options related to synchronization of users from LDAP to the Keycloak database.", "syncRegistrationsHelp": "Should newly created users be created within LDAP store? Priority effects which provider is chosen to sync the new user. This setting is effectively appplied only with WRITABLE edit mode.", "importUsersHelp": "If true, LDAP users will be imported into the Keycloak DB and synced by the configured sync policies.", "batchSizeHelp": "Count of LDAP users to be imported from LDAP to Keycloak within a single transaction", "periodicFullSyncHelp": "Whether periodic full synchronization of LDAP users to Keycloak should be enabled or not", "fullSyncPeriodHelp": "Period for full synchronization in seconds", "periodicChangedUsersSyncHelp": "Whether periodic synchronization of changed or newly created LDAP users to Keycloak should be enabled or not", "changedUsersSyncHelp": "Period for synchronization of changed or newly created LDAP users in seconds", "ldapKerberosSettingsDescription": "This section contains options useful for the Kerberos integration. This is used only when the LDAP server is used together with Kerberos/SPNEGO for user authentication.", "allowKerberosAuthenticationHelp": "Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will be provisioned from this LDAP server.", "useKerberosForPasswordAuthenticationHelp": "User Kerberos login module for authenticating username/password against Kerberos server instead of authenticating against LDAP server with Directory Service API", "cacheSettingsDescription": "This section contains options useful for caching users, which were loaded from this user storage provider.", "cachePolicyHelp": "Cache Policy for this storage provider. 'DEFAULT' is whatever the default settings are for the global cache. 'EVICT_DAILY' is a time of day every day that the cache will be invalidated. 'EVICT_WEEKLY' is a day of the week and time the cache will be invalidated. 'MAX_LIFESPAN' is the time in milliseconds that will be the lifespan of a cache entry.", "evictionDayHelp": "Day of the week the entry will become invalid", "evictionHourHelp": "Hour of the day the entry will become invalid", "evictionMinuteHelp": "Minute of the hour the entry will become invalid", "maxLifespanHelp": "Max lifespan of cache entry in milliseconds", "ldapAdvancedSettingsDescription": "This section contains all the other options for more fine-grained configuration of the LDAP storage provider.", "enableLdapv3PasswordHelp": "Use the LDAPv3 Password Modify Extended Operation (RFC-3062). The password modify extended operation usually requires that LDAP user already has password in the LDAP server. So when this is used with 'Sync Registrations', it can be good to add also 'Hardcoded LDAP attribute mapper' with randomly generated initial password.", "validatePasswordPolicyHelp": "Determines if Keycloak should validate the password with the realm password policy before updating it. For the case when user's password is saved in LDAP, some Keycloak password policies will not work (Not Recently Used, Expire Password, Hashing Iterations, Hashing Algorithm) due the fact that Keycloak does not have direct control over the password storage. It is needed to enable password policies at the LDAP server layer if you want to leverage those password policies.", "trustEmailHelp": "If enabled, email provided by this provider is not verified even if verification is enabled for the realm.", "IDK-periodicChangedUsersSyncHelp": "Should newly created users be created within LDAP store? Priority affects which provider is chosen to sync the new user.", "kerberosWizardDescription": "Text needed here.", "kerberosRequiredSettingsDescription": "This section contains a few basic options common to all user storage providers.", "kerberosRealmHelp": "Name of kerberos realm. For example, FOO.ORG", "serverPrincipalHelp": "Full name of server principal for HTTP service including server and domain name. For example, HTTP/host.foo.org@FOO.ORG", "keyTabHelp": "Location of Kerberos KeyTab file containing the credentials of server principal. For example, /etc/krb5.keytab", "krbPrincipalAttributeHelp": "Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'.", "debugHelp": "Enable/disable debug logging to standard output for Krb5LoginModule.", "allowPasswordAuthenticationHelp": "Enable/disable possibility of username/password authentication against Kerberos database", "editModeKerberosHelp": "READ_ONLY means that password updates are not allowed and user always authenticates with Kerberos password. UNSYNCED means that the user can change the password in the Keycloak database and this one will be used instead of the Kerberos password.", "updateFirstLoginHelp": "Update profile on first login", "mapperTypeMsadUserAccountControlManagerHelp": "Mapper specific to MSAD. It's able to integrate the MSAD user account state into Keycloak account state (account enabled, password is expired etc). It's using userAccountControl and pwdLastSet MSAD attributes for that. For example if pwdLastSet is 0, the Keycloak user is required to update the password; if userAccountControl is 514 (disabled account) the Keycloak user is disabled as well etc. Mapper is also able to handle the exception code from LDAP user authentication.", "mapperTypeMsadLdsUserAccountControlMapperHelp": "Mapper specific to MSAD LDS. It's able to integrate the MSAD LDS user account state into Keycloak account state (account enabled, password is expired etc). It's using msDS-UserAccountDisabled and pwdLastSet is 0, the Keycloak user is required to update password, if msDS-UserAccountDisabled is 'TRUE' the Keycloak user is disabled as well etc. Mapper is also able to handle exception code from LDAP user authentication.", "mapperTypeGroupLdapMapperHelp": "Used to map group mappings of groups from some LDAP DN to Keycloak group mappings", "mapperTypeRoleLdapMapperHelp": "Used to map role mappings of roles from some LDAP DN to Keycloak role mappings of either realm roles or client roles of particular client", "mapperTypeHardcodedAttributeMapperHelp": "This mapper will hardcode any model user attribute and some property (like emailVerified or enabled) when importing user from LDAP.", "mapperTypeHardcodedLdapRoleMapperHelp": "Users imported from LDAP will be automatically added into this configured role.", "mapperTypeCertificateLdapMapperHelp": "Used to map single attribute which contains a certificate from LDAP user to attribute of UserModel in Keycloak DB", "mapperTypeFullNameLdapMapperHelp": "Used to map the full-name of a user from single attribute in LDAP (usually 'cn' attribute) to firstName and lastName attributes of UserModel in Keycloak DB", "mapperTypeHardcodedLdapGroupMapperHelp": "Users imported from LDAP will be automatically added into this configured group.", "mapperTypeLdapAttributeMapperHelp": "This mapper is supported just if syncRegistrations is enabled. New users registered in Keycloak will be written to the LDAP with the hardcoded value of some specified attribute.", "passwordPolicyHintsEnabledHelp": "Applicable just for writable MSAD. If on, then updating password of MSAD user will use LDAP_SERVER_POLICY_HINTS_OID extension, which means that advanced MSAD password policies like 'password history' or 'minimal password age' will be applied. This extension works just for MSAD 2008 R2 or newer.", "nameHelpHelp": "Name of the mapper", "mapperTypeHelp": "Used to map single attribute from LDAP user to attribute of UserModel in Keycloak DB", "userModelAttributeHelp": "Name of the UserModel property or attribute you want to map the LDAP attribute into. For example 'firstName', 'lastName, 'email', 'street' etc.", "ldapAttributeHelp": "Name of mapped attribute on LDAP object. For example 'cn', 'sn', 'mail', 'street', etc.", "readOnlyHelp": "Read-only attribute is imported from LDAP to UserModel, but it's not saved back to LDAP when user is updated in Keycloak.", "alwaysReadValueFromLdapHelp": "If on, then during reading of the LDAP attribute value will always used instead of the value from Keycloak DB.", "isMandatoryInLdapHelp": "If true, attribute is mandatory in LDAP. Hence if there is no value in Keycloak DB, the empty value will be set to be propagated to LDAP.", "attributeDefaultValueHelp": "If there is no value in Keycloak DB and attribute is mandatory in LDAP, this value will be propagated to LDAP.", "isBinaryAttributeHelp": "Should be true for binary LDAP attributes.", "derFormattedHelp": "Activate this if the certificate is DER formatted in LDAP and not PEM formatted.", "ldapFullNameAttributeHelp": "Name of the LDAP attribute, which contains the fullName of the user. Usually it will be 'cn'.", "fullNameLdapReadOnlyHelp": "For Read-only, data is imported from LDAP to Keycloak DB, but it's not saved back to LDAP when the user is updated in Keycloak.", "fullNameLdapWriteOnlyHelp": "For Write-only, data is propagated to LDAP when a user is created or updated in Keycloak. But this mapper is not used to propagate data from LDAP back into Keycloak. This setting is useful if you configured separate firstName and lastName attribute mappers and you want to use those to read the attribute from LDAP into Keycloak.", "ldapGroupsDnHelp": "LDAP DN where groups of this tree are saved. For example 'ou=groups,dc=example,dc=org'", "groupNameLdapAttributeHelp": "Name of LDAP attribute, which is used in group objects for name and RDN of group. Usually it will be 'cn'. In this case typical group/role object may have DN like 'cn=Group1,ouu=groups,dc=example,dc=org'.", "groupObjectClassesHelp": "Object class (or classes) of the group object. It's divided by commas if more classes needed. In typical LDAP deployment it could be 'groupOfNames'. In Active Directory it's usually 'group'.", "preserveGroupInheritanceHelp": "Flag whether group inheritance from LDAP should be propagated to Keycloak. If false, then all LDAP groups will be mapped as flat top-level groups in Keycloak. Otherwise group inheritance is preserved into Keycloak, but the group sync might fail if LDAP structure contains recursions or multiple parent groups per child groups.", "ignoreMissingGroupsHelp": "Ignore missing groups in the group hierarchy.", "userGroupsRetrieveStrategyHelp": "Specify how to retrieve groups of user. LOAD_GROUPS_BY_MEMBER_ATTRIBUTE means that roles of user will be retrieved by sending LDAP query to retrieve all groups where 'member' is our user. GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE means that groups of user will be retrieved from 'memberOf' attribute of our user or from the other attribute specified by 'Member-Of LDAP Attribute'.", "mappedGroupAttributesHelp": "List of names of attributes divided by commas. This points to the list of attributes on LDAP group, which will be mapped as attributes of Group in Keycloak. Leave this empty if no additional group attributes are required to be mapped in Keycloak.", "dropNonexistingGroupsDuringSyncHelp": "If this flag is true, then during sync of groups from LDAP to Keycloak, we will keep just those Keycloak groups that still exist in LDAP. The rest will be deleted.", "groupsPathHelp": "Keycloak group path the LDAP groups are added to. For example if value '/Applications/App1' is used, then LDAP groups will be available in Keycloak under group 'App1', which is child of top level group 'Applications'. The default value is '/' so LDAP groups will be mapped to the Keycloak groups at the top level. The configured group path must already exist in the Keycloak when creating this mapper.", "ldapRolesDnHelp": "LDAP DN where roles of this tree are saved. For example, 'ou=finance,dc=example,dc=org'", "roleNameLdapAttributeHelp": "Name of LDAP attribute, which is used in role objects for name and RDN of role. Usually it will be 'cn'. In this case typical group/role object may have DN like 'cn=role1,ou=finance,dc=example,dc=org'.", "roleObjectClassesHelp": "Object class (or classes) of the role object. It's divided by commas if more classes are needed. In typical LDAP deployment it could be 'groupOfNames'. In Active Directory it's usually 'group'.", "userRolesRetrieveStrategyHelp": "Specify how to retrieve roles of user. LOAD_ROLES_BY_MEMBER_ATTRIBUTE means that roles fo user will be retrieved by sending LDAP query to retrieve all roles where 'member' is our user. GET_ROLES_FROM_USER_MEMBEROF means that roles of user will be retrieved from 'memberOf' attribute of our user. Or from the other attributes specified by 'Member-Of LDAP Attribute'. LOAD_ROLES_BY_MEMBER_ATTRIBUTE is applicable just in Active Directory and it means that roles of user will be retrieved recursively with usage of LDAP_MATCHING_RULE_IN_CHAIN LDAP extension.", "useRealmRolesMappingHelp": "If true, then LDAP role mappings will be mapped to realm role mappings in Keycloak. Otherwise it will be mapped to client role mappings.", "clientIdHelpHelp": "Client ID of client to which LDAP role mappings will be mapped. Applicable only if 'Use Realm Roles Mapping' is false.", "membershipLdapAttributeHelp": "Name of LDAP attribute on group, which is used for membership mappings. Usually it will be 'member'. However when 'Membership Attribute Type' is 'UID', then 'Membership LDAP Attribute' could be typically 'memberUid'.", "membershipAttributeTypeHelp": "DN means that LDAP group has it's members declared in form of their full DN. For example 'member: uid=john,ou=users,dc=example,dc=com'. UID means that LDAP group has it's members declared in form of pure user uids. For example 'memberUid: john'.", "membershipUserLdapAttributeHelp": "Used just if Membership Attribute Type is UID. It is the name of the LDAP attribute on user, which is used for membership mappings. Usually it will be 'uid'. For example if the value of 'Membership User LDAP Attribute' is 'uid' and LDAP group has 'memberUid: john', then it is expected that particular LDAP user will have attribute 'uid: john'.", "ldapFilterHelp": "LDAP Filter adds an additional custom filter to the whole query for retrieve LDAP groups. Leave this empty if no additional filtering is needed and you want to retrieve all groups from LDAP. Otherwise make sure that filter starts with '(' and ends with ')'.", "modeHelp": "LDAP_ONLY means that all group mappings of users are retrieved from LDAP and saved into LDAP. READ_ONLY is Read-only LDAP mode where group mappings are retrieved from both LDAP and DB and merged together. New group joins are not saved to LDAP but to DB. IMPORT is Read-only LDAP mode where group mappings are retrieved from LDAP just at the time when user is imported from LDAP and then they are saved to local keycloak DB.", "memberofLdapAttributeHelp": "Used just when 'User Roles Retrieve Strategy' is GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE. It specifies the name of the LDAP attribute on the LDAP user, which contains the groups, which the user is member of. Usually it will be the default 'memberOf'.", "userModelAttributeNameHelp": "Name of the model attribute to be added when importing user from LDAP", "attributeValueHelp": "Value the attribute must have. If the attribute is a list, then the value must be contained in the list.", "roleHelpHelp": "Role to grant to user. Click 'Select Role' button to browse roles, or just type it in the textbox. To reference an application role the syntax is appname.approle, i.e. myapp.myrole.", "groupHelp": "Group to add the user in. Fill the full path of the group including path. For example: '/root-group/child-group'.", "ldapAttributeNameHelp": "Name of the LDAP attribute, which will be added to the new user during registration", "ldapAttributeValueHelp": "Value of the LDAP attribute, which will be added to the new user during registration. You can either hardcode any value like 'foo' but you can also use some special tokens. Only supported token right now is '${RANDOM}', which will be replaced with some randomly generated string.", "listExplain": "Identity providers are social networks or identity brokers that allow users to authenticate to Keycloak.", "searchForProvider": "Search for provider", "addIdPMapper": "Add Identity Provider Mapper", "editIdPMapper": "Edit Identity Provider Mapper", "mappersList": "Mappers list", "noMappers": "No Mappers", "noMappersInstructions": "There are currently no mappers for this identity provider.", "addKeycloakOpenIdProvider": "Add Keycloak OpenID Connect provider", "addOpenIdProvider": "Add OpenID Connect provider", "addSamlProvider": "Add SAML provider", "manageDisplayOrder": "Manage display order", "deleteProviderMapper": "Delete mapper?", "deleteMapperConfirm": "Are you sure you want to permanently delete the mapper {{mapper}}?", "deleteMapperSuccess": "Mapper successfully deleted.", "disableProvider": "Disable provider?", "disableSuccess": "Provider successfully disabled", "disableError": "Could not disable the provider {{error}}", "addIdentityProvider": "Add {{provider}} provider", "redirectURI": "Redirect URI", "samlEndpointsLabel": "SAML 2.0 Service Provider Metadata", "orderDialogIntro": "The order that the providers are listed in the login page or the Account UI. You can drag the row handles to change the order.", "manageOrderTableAria": "List of identity providers in the order listed on the login page", "useDiscoveryEndpoint": "Use discovery endpoint", "discoveryEndpoint": "Discovery endpoint", "useEntityDescriptor": "Use entity descriptor", "samlEntityDescriptor": "SAML entity descriptor", "ssoServiceUrl": "Single Sign-On service URL", "singleLogoutServiceUrl": "Single logout service URL", "nameIdPolicyFormat": "NameID policy format", "persistent": "Persistent", "transient": "Transient", "x509": "X.509 Subject Name", "windowsDomainQN": "Windows Domain Qualified Name", "unspecified": "Unspecified", "principalType": "Principal type", "principalAttribute": "Principal attribute", "allowCreate": "Allow create", "subjectNameId": "Subject NameID", "attributeFriendlyName": "Attribute [Friendly Name]", "claim": "Claim", "claimValue": "Claim Value", "claims": "Claims", "socialProfileJSONFieldPath": "Social Profile JSON Field Path", "mapperAttributeName": "Attribute Name", "mapperUserAttributeName": "User Attribute Name", "mapperAttributeFriendlyName": "Friendly name", "httpPostBindingResponse": "HTTP-POST binding response", "httpPostBindingAuthnRequest": "HTTP-POST binding for AuthnRequest", "httpPostBindingLogout": "HTTP-POST binding logout", "wantAuthnRequestsSigned": "Want AuthnRequests signed", "encryptionAlgorithm": "Encryption Algorithm", "samlSignatureKeyName": "SAML signature key name", "wantAssertionsSigned": "Want Assertions signed", "wantAssertionsEncrypted": "Want Assertions encrypted", "forceAuthentication": "Force authentication", "validatingX509Certs": "Validating X509 certificates", "signServiceProviderMetadata": "Sign service provider metadata", "passSubject": "Pass subject", "serviceProviderEntityId": "Service provider entity ID", "identityProviderEntityId": "Identity provider entity ID", "importConfig": "Import config from file", "showMetaData": "Show metadata", "hideMetaData": "Hide metadata", "noValidMetaDataFound": "No valid metadata was found at this URL: '{{error}}'", "metadataOfDiscoveryEndpoint": "Metadata of the discovery endpoint", "authorizationUrl": "Authorization URL", "passLoginHint": "Pass login_hint", "passMaxAge": "Pass max_age", "passCurrentLocale": "Pass current locale", "tokenUrl": "Token URL", "logoutUrl": "Logout URL", "backchannelLogout": "Backchannel logout", "disableUserInfo": "Disable user info", "isAccessTokenJWT": "Access Token is JWT", "userInfoUrl": "User Info URL", "issuer": "Issuer", "prompt": "Prompt", "prompts": { "unspecified": "Unspecified", "none": "None", "consent": "Consent", "login": "Login", "select_account": "Select account" }, "clientAuthentications": { "client_secret_post": "Client secret sent as post", "client_secret_basic": "Client secret sent as basic auth", "client_secret_jwt": "Client secret as jwt", "private_key_jwt": "JWT signed with private key" }, "clientAssertionSigningAlg": "Client assertion signature algorithm", "algorithmNotSpecified": "Algorithm not specified", "acceptsPromptNone": "Accepts prompt=none forward from client", "validateSignature": "Validate Signatures", "validatingPublicKey": "Validating public key", "validatingPublicKeyId": "Validating public key id", "pkceEnabled": "Use PKCE", "pkceMethod": "PKCE Method", "allowedClockSkew": "Allowed clock skew", "attributeConsumingServiceIndex": "Attribute Consuming Service Index", "attributeConsumingServiceName": "Attribute Consuming Service Name", "forwardParameters": "Forwarded query parameters", "oidcSettings": "OpenID Connect settings", "samlSettings": "SAML settings", "reqAuthnConstraints": "Requested AuthnContext Constraints", "keyID": "KEY_ID", "NONE": "NONE", "certSubject": "CERT_SUBJECT", "storeTokens": "Store tokens", "storedTokensReadable": "Stored tokens readable", "comparison": "Comparison", "authnContextClassRefs": "AuthnContext ClassRefs", "addAuthnContextClassRef": "Add AuthnContext ClassRef", "authnContextDeclRefs": "AuthnContext DeclRefs", "addAuthnContextDeclRef": "Add AuthnContext DeclRef", "accountLinkingOnly": "Account linking only", "hideOnLoginPage": "Hide on login page", "filteredByClaim": "Verify essential claim", "claimFilterName": "Essential claim", "claimFilterValue": "Essential claim value", "firstBrokerLoginFlowAlias": "First login flow", "postBrokerLoginFlowAlias": "Post login flow", "syncMode": "Sync mode", "syncModes": { "inherit": "Inherit", "import": "Import", "legacy": "Legacy", "force": "Force" }, "syncModeOverride": "Sync mode override", "regexAttributeValues": "Regex Attribute Values", "regexClaimValues": "Regex Claim Values", "mapperSaveSuccess": "Mapper saved successfully.", "mapperSaveError": "Error saving mapper: {{error}}", "userAttribute": "User Attribute", "userAttributeValue": "User Attribute Value", "userSessionAttribute": "User Session Attribute", "userSessionAttributeValue": "User Session Attribute Value", "target": "Target", "targetOptions": { "local": "LOCAL", "brokerId": "BROKER_ID", "brokerUsername": "BROKER_USERNAME" }, "redirectURIHelp": "The redirect uri to use when configuring the identity provider.", "clientSecretHelp": "The client secret registered with the identity provider. This field is able to obtain its value from vault, use ${vault.ID} format.", "displayOrderHelp": "Number defining the order of the providers in GUI (for example, on the Login page). The lowest number will be applied first.", "useDiscoveryEndpointHelp": "If this setting is enabled, the discovery endpoint will be used to fetch the provider config. Keycloak can load the config from the endpoint and automatically update the config if the source has any updates", "discoveryEndpointHelp": "Import metadata from a remote IDP discovery descriptor.", "importConfigHelp": "Import metadata from a downloaded IDP discovery descriptor.", "passLoginHintHelp": "Pass login_hint to identity provider.", "passMaxAgeHelp": "Pass max_age to identity provider.", "passCurrentLocaleHelp": "Pass the current locale to the identity provider as a ui_locales parameter.", "logoutUrlHelp": "End session endpoint to use to logout user from external IDP.", "backchannelLogoutHelp": "Does the external IDP support backchannel logout?", "disableUserInfoHelp": "Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.", "isAccessTokenJWTHelp": "The Access Token received from the Identity Provider is a JWT and its claims will be accessible for mappers.", "userInfoUrlHelp": "The User Info Url. This is optional.", "issuerHelp": "The issuer identifier for the issuer of the response. If not provided, no validation will be performed.", "promptHelp": "Specifies whether the Authorization Server prompts the End-User for re-authentication and consent.", "acceptsPromptNoneHelp": "This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.", "validateSignatureHelp": "Enable/disable signature validation of external IDP signatures.", "validatingPublicKeyHelp": "The public key in PEM format that must be used to verify external IDP signatures.", "validatingPublicKeyIdHelp": "Explicit ID of the validating public key given above if the key ID. Leave blank if the key above should be used always, regardless of key ID specified by external IDP; set it if the key should only be used for verifying if the key ID from external IDP matches.", "pkceEnabledHelp": "Use PKCE (Proof of Key-code exchange) for IdP Brokering", "pkceMethodHelp": "PKCE Method to use", "allowedClockSkewHelp": "Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is zero.", "attributeConsumingServiceIndexHelp": "Index of the Attribute Consuming Service profile to request during authentication.", "attributeConsumingServiceNameHelp": "Name of the Attribute Consuming Service profile to advertise in the SP metadata.", "forwardParametersHelp": "Non OpenID Connect/OAuth standard query parameters to be forwarded to external IDP from the initial application request to Authorization Endpoint. Multiple parameters can be entered, separated by comma (,).", "clientAuthenticationHelp": "The client authentication method (cfr. https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication). In case of JWT signed with private key, the realm private key is used.", "clientAssertionSigningAlgHelp": "Signature algorithm to create JWT assertion as client authentication. In the case of JWT signed with private key or Client secret as jwt, it is required. If no algorithm is specified, the following algorithm is adapted. RS256 is adapted in the case of JWT signed with private key. HS256 is adapted in the case of Client secret as jwt.", "storeTokensHelp": "Enable/disable if tokens must be stored after authenticating users.", "storedTokensReadableHelp": "Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.", "accountLinkingOnlyHelp": "If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider", "hideOnLoginPageHelp": "If hidden, login with this provider is possible only if requested explicitly, for example using the 'kc_idp_hint' parameter.", "filteredByClaimHelp": "If true, ID tokens issued by the identity provider must have a specific claim. Otherwise, the user can not authenticate through this broker.", "claimFilterNameHelp": "Name of the essential claim", "claimFilterValueHelp": "Value of the essential claim (with regex support)", "firstBrokerLoginFlowAliasHelp": "Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that no Keycloak account is currently linked to the authenticated identity provider account.", "postBrokerLoginFlowAliasHelp": "Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this to \"None\" if you need no any additional authenticators to be triggered after login with this identity provider. Also note that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.", "syncModeHelp": "Default sync mode for all mappers. The sync mode determines when user data will be synced using the mappers. Possible values are: 'legacy' to keep the behaviour before this option was introduced, 'import' to only import the user once during first login of the user with this identity provider, 'force' to always update the user during every login with this identity provider.", "serviceProviderEntityIdHelp": "The Entity ID that will be used to uniquely identify this SAML Service Provider.", "identityProviderEntityIdHelp": "The Entity ID used to validate the Issuer for received SAML assertions. If empty, no Issuer validation is performed.", "useEntityDescriptorHelp": "Import metadata from a remote IDP SAML entity descriptor.", "samlEntityDescriptorHelp": "Allows you to load external IDP metadata from a config file or to download it from a URL.", "ssoServiceUrlHelp": "The Url that must be used to send authentication requests (SAML AuthnRequest).", "singleLogoutServiceUrlHelp": "The Url that must be used to send logout requests.", "nameIdPolicyFormatHelp": "Specifies the URI reference corresponding to a name identifier format.", "principalTypeHelp": "Way to identify and track external users from the assertion. Default is using Subject NameID, alternatively you can set up identifying attribute.", "principalAttributeHelp": "Name or Friendly Name of the attribute used to identify external users.", "allowCreateHelp": "Allow the external identity provider to create a new identifier to represent the principal.", "httpPostBindingResponseHelp": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.", "httpPostBindingAuthnRequestHelp": "Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.", "httpPostBindingLogoutHelp": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.", "wantAuthnRequestsSignedHelp": "Indicates whether the identity provider expects a signed AuthnRequest.", "encryptionAlgorithmHelp": "Encryption algorithm, which is used by SAML IDP for encryption of SAML documents, assertions or IDs. The corresponding decryption key for decrypt SAML document parts will be chosen based on this configured algorithm and should be available in realm keys for the encryption (ENC) usage. If algorithm is not configured, then any supported algorithm is allowed and decryption key will be chosen based on the algorithm configured in SAML document itself.", "samlSignatureKeyNameHelp": "Signed SAML documents contain identification of signing key in KeyName element. For Keycloak / RH-SSO counter-party, use KEY_ID, for MS AD FS use CERT_SUBJECT, for others check and use NONE if no other option works.", "wantAssertionsSignedHelp": "Indicates whether this service provider expects a signed Assertion.", "wantAssertionsEncryptedHelp": "Indicates whether this service provider expects an encrypted Assertion.", "forceAuthenticationHelp": "Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.", "validateSignatures": "Enable/disable signature validation of SAML responses.", "validatingX509CertsHelp": "The certificate in PEM format that must be used to check for signatures. Multiple certificates can be entered, separated by comma (,).", "signServiceProviderMetadataHelp": "Enable/disable signature of the provider SAML metadata.", "passSubjectHelp": "During login phase, forward an optional login_hint query parameter to SAML AuthnRequest's Subject.", "comparisonHelp": "Specifies the comparison method used to evaluate the requested context classes or statements. The default is \"Exact\".", "authnContextClassRefsHelp": "Ordered list of requested AuthnContext ClassRefs.", "authnContextDeclRefsHelp": "Ordered list of requested AuthnContext DeclRefs.", "addIdpMapperNameHelp": "Name of the mapper.", "syncModeOverrideHelp": "Overrides the default sync mode of the IDP for this mapper. Values are: 'legacy' to keep the behaviour before this option was introduced, 'import' to only import the user once during first login of the user with this identity provider, 'force' to always update the user during every login with this identity provider and 'inherit' to use the sync mode defined in the identity provider for this mapper.", "advancedAttributeToRole": "If the set of attributes exists and can be matched, grant the user the specified realm or client role.", "usernameTemplateImporter": "Format the username to import.", "hardcodedUserSessionAttribute": "When a user is imported from a provider, hardcode a value to a specific user session attribute.", "externalRoleToRole": "Looks for an external role in a keycloak access token. If external role exists, grant the user the specified realm or client role.", "advancedClaimToRole": "If all claims exist, grant the user the specified realm or client role.", "claimToRole": "If a claim exists, grant the user the specified realm or client role.", "oidcAttributeImporter": "Import declared claim if it exists in ID, access token, or the claim set returned by the user profile endpoint into the specified user property or attribute.", "attributeImporter": "Import declared SAML attribute if it exists in assertion into the specified user property or attribute.", "hardcodedRole": "When user is imported from provider, hardcode a role mapping for it.", "hardcodedAttribute": "When user is imported from provider, hardcode a value to a specific user attribute.", "samlAttributeToRole": "If an attribute exists, grant the user the specified realm or client role.", "templateHelp": "Template to use to format the username to import. Substitutions are enclosed in ${}. For example: '${ALIAS}.${CLAIM.sub}'. ALIAS is the provider alias. CLAIM. references an ID or Access token claim. The substitution can be converted to upper or lower case by appending |uppercase or |lowercase to the substituted value, e.g. '${CLAIM.sub | lowercase}", "targetHelp": "Destination field for the mapper. LOCAL (default) means that the changes are applied to the username stored in local database upon user import. BROKER_ID and BROKER_USERNAME means that the changes are stored into the ID or username used for federation user lookup, respectively.", "userSessionAttributeHelp": "Name of user session attribute you want to hardcode", "userAttributeHelp": "Name of user attribute you want to hardcode", "claimHelp": "Name of claim to search for in token. You can reference nested claims by using a '.', i.e. 'address.locality'. To use dot (.) literally, escape it with backslash. (\\.)", "socialProfileJSONFieldPathHelp": "Path of field in Social Provider User Profile JSON data to get value from. You can use dot notation for nesting and square brackets for array index. E.g. 'contact.address[0].country'.", "userAttributeValueHelp": "Value you want to hardcode", "friendlyName": "Friendly name of attribute to search for in assertion. You can leave this blank and specify a name instead.", "userAttributeName": "User attribute name to store SAML attribute. Use email, lastName, and firstName to map to those predefined user properties.", "socialUserAttributeName": "User attribute name to store information.", "attributesHelp": "Name and (regex) value of the attributes to search for in token. The configured name of an attribute is searched in SAML attribute name and attribute friendly name fields. Every given attribute description must be met to set the role. If the attribute is an array, then the value must be contained in the array. If an attribute can be found several times, then one match is sufficient.", "regexAttributeValuesHelp": "If enabled attribute values are interpreted as regular expressions.", "addMultivaluedLabel": "Add {{fieldLabel}}", "selectGroup": "Select group", "usermodel": { "prop": { "label": "Property", "tooltip": "Name of the property method in the UserModel interface. For example, a value of 'email' would reference the UserModel.getEmail() method." }, "attr": { "label": "User Attribute", "tooltip": "Name of stored user attribute which is the name of an attribute within the UserModel.attribute map." }, "clientRoleMapping": { "clientId": { "label": "Client ID", "tooltip": "Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token." }, "rolePrefix": { "label": "Client Role prefix", "tooltip": "A prefix for each client role (optional)." }, "tokenClaimName": { "tooltip": "Name of the claim to insert into the token. This can be a fully qualified name like 'address.street'. In this case, a nested json object will be created. To prevent nesting and use dot literally, escape the dot with backslash (\\.). The special token ${client_id} can be used and this will be replaced by the actual client ID. Example usage is 'resource_access.${client_id}.roles'. This is useful especially when you are adding roles from all the clients (Hence 'Client ID' switch is unset) and you want client roles of each client stored separately." } }, "realmRoleMapping": { "rolePrefix": { "label": "Realm Role prefix", "tooltip": "A prefix for each Realm Role (optional)." } } }, "userSession": { "modelNote": { "label": "User Session Note", "tooltip": "Name of stored user session note within the UserSessionModel.note map." } }, "multivalued": { "label": "Multivalued", "tooltip": "Indicates if attribute supports multiple values. If true, the list of all values of this attribute will be set as claim. If false, just first value will be set as claim" }, "aggregate": { "attrs": { "label": "Aggregate attribute values", "tooltip": "Indicates if attribute values should be aggregated with the group attributes. If using OpenID Connect mapper the multivalued option needs to be enabled too in order to get all the values. Duplicated values are discarded and the order of values is not guaranteed with this option." } }, "jsonType": { "label": "Claim JSON Type", "tooltip": "JSON type that should be used to populate the json claim in the token. long, int, boolean, String and JSON are valid values." }, "includeInIdToken": { "label": "Add to ID token", "tooltip": "Should the claim be added to the ID token?" }, "includeInAccessToken": { "label": "Add to access token", "tooltip": "Should the claim be added to the access token?" }, "includeInAccessTokenResponse": { "label": "Add to access token response", "tooltip": "Should the claim be added to the access token response? Should only be used for informative and non-sensitive data" }, "includeInUserInfo": { "label": "Add to userinfo", "tooltip": "Should the claim be added to the userinfo?" }, "sectorIdentifierUri": { "label": "Sector Identifier URI", "tooltip": "Providers that use pairwise sub values and support Dynamic Client Registration SHOULD use the sector_identifier_uri parameter. It provides a way for a group of websites under common administrative control to have consistent pairwise sub values independent of the individual domain names. It also provides a way for Clients to change redirect_uri domains without having to reregister all their users." }, "pairwiseSubAlgorithmSalt": { "label": "Salt", "tooltip": "Salt used when calculating the pairwise subject identifier. If left blank, a salt will be generated." }, "addressClaim": { "street": { "label": "User Attribute Name for Street", "tooltip": "Name of User Attribute, which will be used to map to 'street_address' subclaim inside 'address' token claim. Defaults to 'street' ." }, "locality": { "label": "User Attribute Name for Locality", "tooltip": "Name of User Attribute, which will be used to map to 'locality' subclaim inside 'address' token claim. Defaults to 'locality' ." }, "region": { "label": "User Attribute Name for Region", "tooltip": "Name of User Attribute, which will be used to map to 'region' subclaim inside 'address' token claim. Defaults to 'region' ." }, "postal_code": { "label": "User Attribute Name for Postal Code", "tooltip": "Name of User Attribute, which will be used to map to 'postal_code' subclaim inside 'address' token claim. Defaults to 'postal_code' ." }, "country": { "label": "User Attribute Name for Country", "tooltip": "Name of User Attribute, which will be used to map to 'country' subclaim inside 'address' token claim. Defaults to 'country' ." }, "formatted": { "label": "User Attribute Name for Formatted Address", "tooltip": "Name of User Attribute, which will be used to map to 'formatted' subclaim inside 'address' token claim. Defaults to 'formatted' ." } }, "included": { "client": { "audience": { "label": "Included Client Audience", "tooltip": "The Client ID of the specified audience client will be included in audience (aud) field of the token. If there are existing audiences in the token, the specified value is just added to them. It won't override existing audiences." } }, "custom": { "audience": { "label": "Included Custom Audience", "tooltip": "This is used just if 'Included Client Audience' is not filled. The specified value will be included in audience (aud) field of the token. If there are existing audiences in the token, the specified value is just added to them. It won't override existing audiences." } } }, "name-id-format": "Name ID Format", "mapper": { "nameid": { "format": { "tooltip": "Name ID Format using Mapper" } } }, "client-scopes-condition": { "label": "Expected Scopes", "tooltip": "The list of expected client scopes. Condition evaluates to true if specified client request matches some of the client scopes. It depends also whether it should be default or optional client scope based on the 'Scope Type' configured." }, "client-accesstype": { "label": "Client Access Type", "tooltip": "Access Type of the client, for which the condition will be applied. Confidential client has enabled client authentication when public client has disabled client authentication. Bearer-only is a deprecated client type." }, "client-roles": { "label": "Client Roles" }, "client-roles-condition": { "tooltip": "Client roles, which will be checked during this condition evaluation. Condition evaluates to true if client has at least one client role with the name as the client roles specified in the configuration." }, "client-updater-source-groups": { "label": "Groups", "tooltip": "Name of groups to check. Condition evaluates to true if the entity, who creates/updates client is member of some of the specified groups. Configured groups are specified by their simple name, which must match to the name of the Keycloak group. No support for group hierarchy is used here." }, "client-updater-trusted-hosts": { "label": "Trusted hosts", "tooltip": "List of Hosts, which are trusted. In case that client registration/update request comes from the host/domain specified in this configuration, condition evaluates to true. You can use hostnames or IP addresses. If you use star at the beginning (for example '*.example.com' ) then whole domain example.com will be trusted." }, "client-updater-source-roles": { "label": "Updating entity role", "tooltip": "The condition is checked during client registration/update requests and it evaluates to true if the entity (usually user), who is creating/updating client is member of the specified role. For reference the realm role, you can use the realm role name like 'my_realm_role' . For reference client role, you can use the client_id.role_name for example 'my_client.my_client_role' will refer to client role 'my_client_role' of client 'my_client'." }, "allowed-client-scopes": { "label": "Allowed Client Scopes", "tooltip": "Whitelist of the client scopes, which can be used on a newly registered client. Attempt to register client with some client scope, which is not whitelisted, will be rejected. By default, the whitelist is either empty or contains just realm default client scopes (based on 'Allow Default Scopes' configuration property)" }, "allow-default-scopes": { "label": "Allow Default Scopes", "tooltip": "If on, newly registered clients will be allowed to have client scopes mentioned in realm default client scopes or realm optional client scopes" }, "allowed-protocol-mappers": { "label": "Allowed Protocol Mappers", "tooltip": "Whitelist of allowed protocol mapper providers. If there is an attempt to register client, which contains some protocol mappers, which were not whitelisted, registration request will be rejected." }, "max-clients": { "label": "Max Clients Per Realm", "tooltip": "It will not be allowed to register a new client if count of existing clients in realm is same or bigger than the configured limit." }, "trusted-hosts": { "label": "Trusted Hosts", "tooltip": "List of Hosts, which are trusted and are allowed to invoke Client Registration Service and/or be used as values of Client URIs. You can use hostnames or IP addresses. If you use star at the beginning (for example '*.example.com' ) then whole domain example.com will be trusted." }, "host-sending-registration-request-must-match": { "label": "Host Sending Client Registration Request Must Match", "tooltip": "If on, any request to Client Registration Service is allowed just if it was sent from some trusted host or domain." }, "client-uris-must-match": { "label": "Client URIs Must Match", "tooltip": "If on, all Client URIs (Redirect URIs and others) are allowed just if they match some trusted host or domain." }, "clientScopeType": { "default": "Default", "optional": "Optional", "none": "None" }, "createIdentityProviderSuccess": "Identity provider successfully created", "createIdentityProviderError": "Could not create the identity provider: {{error}}", "createClientError": "Could not create client: '{{error}}'", "createClientSuccess": "Client created successfully", "createClientScopeSuccess": "Client scope created", "createClientScopeError": "Could not create client scope: '{{error}}'", "createUserProviderSuccess": "User federation provider successfully created", "createUserProviderError": "User federation provider could not be created: {{error}}", "flowNameHelp": "Help text for the name of the new flow", "flowDescriptionHelp": "Help text for the description of the new flow", "flowNameDescriptionHelp": "Help text for the name description of the new flow", "noRoles-clientScopes": "No roles for this client scope", "noRolesInstructions-clientScopes": "You haven't created any roles for this client scope. Create a role to get started.", "noRoles-user": "No roles for this user", "noRolesInstructions-user": "You haven't assigned any roles to this user. Assign a role to get started.", "noRoles-client": "No roles for this client", "noRolesInstructions-client": "You haven't created any roles for this client. Create a role to get started.", "noRoles-groups": "No roles for this group", "noRolesInstructions-groups": "You haven't created any roles for this group. Create a role to get started.", "noRoles-roles": "No roles in this realm", "noRolesInstructions-roles": "You haven't created any roles in this realm. Create a role to get started.", "userRoleMappingUpdatedSuccess": "User role mapping successfully updated", "realmNameField": "Realm name", "searchForClientScope": "Search for client scope", "searchForRoles": "Search role by name", "titleAuthentication": "Authentication", "titleEvents": "Events", "titleRoles": "Realm roles", "titleUsers": "Users", "titleSessions": "Sessions", "deleteConfirmClientScopes": "Are you sure you want to delete this client scope", "deleteConfirmUsers": "Delete user?", "deleteConfirmGroup_one": "Are you sure you want to delete this group '{{groupName}}'.", "deleteConfirmGroup_other": "Are you sure you want to delete these groups.", "deleteConfirmIdentityProvider": "Are you sure you want to permanently delete the provider '{{provider}}'?", "deleteConfirmRealmSetting": "If you delete this realm, all associated data will be removed.", "whoWillAppearLinkTextRoles": "Who will appear in this user list?", "whoWillAppearLinkTextUsers": "Who will appear in this group list?", "whoWillAppearPopoverTextRoles": "This tab shows only the users who are assigned directly to this role. To see users who are assigned this role as an associated role or through a group, go to", "whoWillAppearPopoverTextUsers": "Groups are hierarchical. When you select Direct Membership, you see only the child group that the user joined. Ancestor groups are not included.", "deletedSuccessClientScope": "The client scope has been deleted", "deletedSuccessIdentityProvider": "Provider successfully deleted.", "deletedSuccessRealmSetting": "The realm has been deleted", "deletedErrorClientScope": "Could not delete client scope: {{error}}", "deletedErrorIdentityProvider": "Could not delete the provider {{error}}", "deletedErrorRealmSetting": "Could not delete realm: {{error}}", "realmSaveSuccess": "Realm successfully updated", "userProviderSaveSuccess": "User federation provider successfully saved", "realmSaveError": "Realm could not be updated: {{error}}", "userProviderSaveError": "User federation provider could not be saved: {{error}}", "validateAttributeName": "Attribute configuration without name is not allowed.", "disableConfirmIdentityProvider": "Are you sure you want to disable the provider '{{provider}}'", "disableConfirmRealm": "User and clients can't access the realm if it's disabled. Are you sure you want to continue?", "updateSuccessClientScope": "Client scope updated", "updateErrorClientScope": "Could not update client scope: '{{error}}'", "updateSuccessIdentityProvider": "Provider successfully updated", "updateErrorIdentityProvider": "Could not update the provider {{error}}", "orderChangeSuccessUserFed": "Successfully changed the priority order of user federation providers", "orderChangeErrorUserFed": "Could not change the priority order of user federation providers {{error}}", "disableNonceHelp": "Do not send the nonce parameter in the authentication request. The nonce parameter is sent and verified by default.", "disableNonce": "Disable nonce", "authenticationAliasHelp": "Name of the configuration", "authenticationFlowTypeHelp": "What kind of form is it", "authenticationCreateFlowHelp": "Create flow", "clientScopesRolesScope": "If there is no role scope mapping defined, each user is permitted to use this client scope. If there are role scope mappings defined, the user must be a member of at least one of the roles.", "scopeNameHelp": "Name of the client scope. Must be unique in the realm. Name should not contain space characters as it is used as value of scope parameter", "scopeDescriptionHelp": "Description of the client scope", "clientScopeTypes": { "default": "Default", "optional": "Optional", "none": "None" }, "realmNameTitle": "{{name}} realm", "scopeTypeHelp": "Client scopes, which will be added as default scopes to each created client", "clientDescriptionHelp": "Specifies description of the client. For example 'My Client for TimeSheets'. Supports keys for localized values as well. For example: ${my_client_description}", "clientsClientTypeHelp": "'OpenID Connect' allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server.'SAML' enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO) and uses security tokens containing assertions to pass information.", "clientsClientScopesHelp": "The scopes associated with this resource." }