9420670f14
Closes #21652
51 lines
5.5 KiB
JSON
51 lines
5.5 KiB
JSON
{
|
|
"name": "Help text for the name of the new flow",
|
|
"description": "Help text for the description of the new flow",
|
|
"createFlow": "You can create a top level flow within this from",
|
|
"flowType": "What kind of form is it",
|
|
"topLevelFlowType": "What kind of top level flow is it? Type 'client' is used for authentication of clients (applications) when generic is for users and everything else",
|
|
"addExecution": "Execution can have a wide range of actions, from sending a reset email to validating an OTP",
|
|
"addSubFlow": "Sub-Flows can be either generic or form. The form type is used to construct a sub-flow that generates a single flow for the user. Sub-flows are a special type of execution that evaluate as successful depending on how the executions they contain evaluate.",
|
|
"alias": "Name of the configuration",
|
|
"authDefaultActionTooltip": "If enabled, any new user will have this required action assigned to it.",
|
|
"otpType": "totp is Time-Based One Time Password. 'hotp' is a counter base one time password in which the server keeps a counter to hash against.",
|
|
"webAuthnPolicyRpEntityName": "Human-readable server name as WebAuthn Relying Party",
|
|
"otpHashAlgorithm": "What hashing algorithm should be used to generate the OTP.",
|
|
"otpPolicyDigits": "How many digits should the OTP have?",
|
|
"lookAround": "How far around should the server look just in case the token generator and server are out of time sync or counter sync?",
|
|
"otpPolicyPeriod": "How many seconds should an OTP token be valid? Defaults to 30 seconds.",
|
|
"otpPolicyCodeReusable": "Possibility to use the same OTP code again after successful authentication.",
|
|
"supportedApplications": "Applications that are known to work with the current OTP policy",
|
|
"webauthnIntro": "What is this form used for?",
|
|
"webAuthnPolicyFormHelp": "Policy for WebAuthn authentication. This one will be used by 'WebAuthn Register' required action and 'WebAuthn Authenticator' authenticator. Typical usage is, when WebAuthn will be used for the two-factor authentication.",
|
|
"webAuthnPolicyPasswordlessFormHelp": "Policy for passwordless WebAuthn authentication. This one will be used by 'Webauthn Register Passwordless' required action and 'WebAuthn Passwordless Authenticator' authenticator. Typical usage is, when WebAuthn will be used as first-factor authentication. Having both 'WebAuthn Policy' and 'WebAuthn Passwordless Policy' allows to use WebAuthn as both first factor and second factor authenticator in the same realm.",
|
|
"webAuthnPolicySignatureAlgorithms": "What signature algorithms should be used for Authentication Assertion.",
|
|
"webAuthnPolicyRpId": "This is ID as WebAuthn Relying Party. It must be origin's effective domain.",
|
|
"webAuthnPolicyAttestationConveyancePreference": "Communicates to an authenticator the preference of how to generate an attestation statement.",
|
|
"webAuthnPolicyAuthenticatorAttachment": "Communicates to an authenticator an acceptable attachment pattern.",
|
|
"webAuthnPolicyRequireResidentKey": "It tells an authenticator create a public key credential as Resident Key or not.",
|
|
"webAuthnPolicyUserVerificationRequirement": "Communicates to an authenticator to confirm actually verifying a user.",
|
|
"webAuthnPolicyCreateTimeout": "Timeout value for creating user's public key credential in seconds. if set to 0, this timeout option is not adapted.",
|
|
"webAuthnPolicyAvoidSameAuthenticatorRegister": "Avoid registering the authenticator that has already been registered.",
|
|
"webAuthnPolicyAcceptableAaguids": "The list of AAGUID of which an authenticator can be registered.",
|
|
"passwordPolicies": {
|
|
"forceExpiredPasswordChange": "The number of days the password is valid before a new password is required.",
|
|
"hashIterations": "The number of times a password is hashed before storage or verification. Default: 27,500.",
|
|
"passwordHistory": "Prevents a recently used password from being reused.",
|
|
"passwordBlacklist": "Prevents the use of a password that is in a blacklist file.",
|
|
"regexPattern": "Requires that the password matches one or more defined Java regular expression patterns.",
|
|
"length": "The minimum number of characters required for the password.",
|
|
"notUsername": "The password cannot match the username.",
|
|
"notEmail": "The password cannot match the email address of the user.",
|
|
"specialChars": "The number of special characters required in the password string.",
|
|
"upperCase": "The number of uppercase letters required in the password string.",
|
|
"lowerCase": "The number of lowercase letters required in the password string.",
|
|
"digits": "The number of numerical digits required in the password string.",
|
|
"hashAlgorithm": "Applies a hashing algorithm to passwords, so they are not stored in clear text.",
|
|
"maxLength": "The maximum number of characters allowed in the password."
|
|
},
|
|
"cibaBackchannelTokenDeliveryMode": "Specifies how the CD (Consumption Device) gets the authentication result and related tokens. This mode will be used by default for the CIBA clients, which do not have other mode explicitly set.",
|
|
"cibaExpiresIn": "The expiration time of the \"auth_req_id\" in seconds since the authentication request was received.",
|
|
"cibaInterval": "The minimum amount of time in seconds that the CD (Consumption Device) must wait between polling requests to the token endpoint. If set to 0, the CD must use 5 as the default value according to the CIBA specification.",
|
|
"cibaAuthRequestedUserHint": "The way of identifying the end-user for whom authentication is being requested. Currently only \"login_hint\" is supported."
|
|
}
|