• Home
• org.openidentityplatform.openam
• openam-auth-oauth2
• 15.1.3
• source code

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

ityplatform.openam.openam-auth-oauth2.15.1.3.source-code.amAuthOAuth.properties Maven / Gradle / Ivy

# The contents of this file are subject to the terms of the Common Development and
# Distribution License (the License). You may not use this file except in compliance with the
# License.
#
# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
# specific language governing permission and limitations under the License.
#
# When distributing Covered Software, include this CDDL Header Notice in each file and include
# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
# Header, with the fields enclosed by brackets [] replaced by your own identifying
# information: "Portions copyright [year] [name of copyright owner]".
#
# Copyright 2011-2015 ForgeRock AS.
#
# Portions Copyrighted 2012 Open Source Solution Technology Corporation
# Portions Copyrighted 2016 Nomura Research Institute, Ltd.

# module descriptor (shows up on OpenAM Console)
description = OAuth 2.0 / OpenID Connect

# localization for module configuration
a101=Client Id
a101.help=OAuth client_id parameter
a101.help.txt=For more information on the OAuth client_id parameter refer to the \
RFC 6749, section 2.3.1
a102=Client Secret
a102.help=OAuth client_secret parameter
a102.help.txt=For more information on the OAuth client_secret parameter refer to the \
RFC 6749, section 2.3.1
a103=Authentication Endpoint URL
a103.help=OAuth authentication endpoint URL
a103.help.txt=This is the URL endpoint for OAuth authentication provided by the OAuth Identity Provider
a104=Access Token Endpoint URL
a104.help=OAuth access token endpoint URL
a104.help.txt=This is the URL endpoint for access token retrieval provided by the OAuth Identity Provider. Refer to the \
RFC 6749, section 3.2
a105=User Profile Service URL
a105.help=User profile information URL
a105.help.txt=This URL endpoint provides user profile information and is provided by the OAuth Identity Provider

\
NB This URL should return JSON objects in response
a106=Scope
a106.help=OAuth scope; list of user profile properties
a106.help.txt=According to the OAuth 2.0 Authorization Framework, scope is a space-separated list of user profile attributes \
that the client application requires. The list depends on the permissions that the resource owner grants to the client \
application.

 \
Some authorization servers use non-standard separators for scopes. For example, Facebook takes a comma-separated list.

 \
Default: email, read_stream (Facebook example)
a107 = OAuth2 Access Token Profile Service Parameter name
a107.help = The name of the parameter that will contain the access token value when accessing the profile service
a108=Proxy URL
a108.help=The URL to the OpenAM OAuth proxy JSP
a108.help.txt=This URL should only be changed from the default, if an external server is performing the GET to POST proxying. \
The default is /openam/oauth2c/OAuthProxy.jsp
a108a=Account Provider
a108a.help=Name of the class implementing the account provider.
a108a.help.txt=This class is used by the module to find the account from the attributes mapped by the Account Mapper \
  org.forgerock.openam.authentication.modules.common.mapping.AccountProvider interface.\
  
String constructor parameters can be provided by appending | separated values.
a109=Account Mapper
a109.help=Name of the class implementing the attribute mapping for the account search.
a109.help.txt=This class is used by the module to map from the account information received from the OAuth Identity Provider into OpenAM.\


The class must implement the org.forgerock.openam.authentication.modules.common.mapping.AttributeMapper interface.\
  
Provided implementations are:\
  
org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper
\
  
org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper (can only be used when using the openid scope)
\
  String constructor parameters can be provided by appending | separated values.
a110=Account Mapper Configuration
a110.help=Mapping of OAuth account to local OpenAM account
a110.help.txt=Attribute configuration that will be used to map the account of the user authenticated in the OAuth 2.0 Provider to \
the local data store in the OpenAM. Example: OAuth2.0_attribute=local_attribute
a111=Attribute Mapper
a111.help=Name of the class that implements the attribute mapping
a111.help.txt=This class maps the OAuth properties into OpenAM properties. A custom attribute mapper can be provided.
\
  
A custom attribute mapper must implement the \
  org.forgerock.openam.authentication.modules.common.mapping.AttributeMapper interface.\
  
Provided implementations are:\
  
org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper
\
  
org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper (can only be used when using the openid scope)
\
  String constructor parameters can be provided by appending | separated values.
a112=Attribute Mapper Configuration
a112.help=Mapping of OAuth attributes to local OpenAM attributes
a112.help.txt=Attribute configuration that will be used to map the user info obtained from the OAuth 2.0 Provider to the local \
user data store in the OpenAM.

Example: OAuth2.0_attribute=local_attribute
a115=Save attributes in the session
a115.help=If this option is enabled, the attributes configured in the attribute mapper will be saved into the OpenAM session
a118=Email attribute in OAuth2 Response
a118.help=Attribute from the OAuth2 response used to send activation code emails.
a118.help.txt=The attribute in the response from the profile service in the OAuth 2.0 Provider that contains the email address of \
the authenticated user. This address will be used to send an email with an activation code when the accounts are allowed to be created \
dynamically.
a120=Create account if it does not exist
a120.help=If the OAuth2 account does not exist in the local OpenAM data store, an account will be created dynamically.
a120.help.txt=If this is enabled, the account mapper could create the account dynamically if there is no account mapped. Before \
creating the account, a dialog prompting for a password and asking for an activation code can be shown if the parameter "Prompt \
for password setting and activation code" is enabled.

If this flag is not enabled, 3 alternative options exist:

\
The accounts need to have a user profile in the OpenAM User Data Store
\
The user does not have a user profile and the "Ignore Profile" is set in the Authentication Service of the realm.
\
The account is mapped to an anonymous account (see parameter "Map to anonymous user" and "Anonymous User")
a122=Prompt for password setting and activation code
a122.help=Users must set a password and complete the activation flow during dynamic profile creation.
a122.help.txt=If this is enabled, the user must set a password before the system creates an account dynamically and an activation \
code will be sent to the user's email address. The account will be created only if the password and activation code are properly set. \

If this is disabled, the account will be created transparently without prompting the user.
a124=Map to anonymous user
a124.help=Enabled anonymous user access to OpenAM for OAuth authenticated users
a124.help.txt=If selected, the authenticated users in the OAuth 2.0 Provider will be mapped to the anonymous user configured in the \
next parameter.
If not selected the users authenticated will be mapped by the parameters configured in the account mapper.\


NB If Create account if it does not exist is enabled, that parameter takes precedence.
a126=Anonymous User
a126.help=Username of the OpenAM anonymous user
a126.help.txt=The username of the user that will represent the anonymous user. This user account must already exist in the realm.
a128=OAuth 2.0 Provider logout service
a128.help=The URL of the OAuth Identity Providers Logout service
a128.help.txt=OAuth 2.0 Identity Providers can have a logout service. If this logout functionality is required then the URL of \
the Logout endpoint should configured here.
a130=Logout options
a130.help=Controls how Logout options will be presented to the user.
a130.help.txt=The OAuth module has the following logout options for the user:

\
Prompt: Prompt the user to logout from the OAuth 2.0 Provider
\
Logout: Logout from the OAuth 2.0 Provider and do not prompt
\
Do not logout: Do not logout the user from the OAuth 2.0 Provider and do not prompt
a132=Mail Server Gateway implementation class
a132.help=The class used by the module to send email.
a132.help.txt=This class is used by the module to send email. A custom implementation can be provided.

\
The custom implementation must implement the org.forgerock.openam.authentication.modules.oauth2.EmailGateway
a134=SMTP host
a134.help=The mail host that will be used by the Email Gateway implementation
a136=SMTP port
a136.help=The TCP port that will be used by the SMTP gateway
a138=SMTP User Name
a138.help=If the SMTP Service requires authentication, configure the user name here
a140=SMTP User Password
a140.help=The Password of the SMTP User Name
a142=SMTP SSL Enabled
a142.help=Tick this option if the SMTP Server provides SSL
a144=SMTP From address
a144.help=The email address on behalf of whom the messages will be sent
a145=Code challenge algorithm
a145.help=The algorithm used to transform the code verifier into the code challenge
a145.help.txt=The Authorization Code Grant flow can be susceptible to an interception attack. This can be mitigated \
  against using a code challenge parameter. See - 
https://tools.ietf.org/html/draft-ietf-oauth-spop-12
a500 = Authentication Level
a500.help=The authentication level associated with this module.
a500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
associated with the module; 0 is the lowest (and the default).
#
# error messages
#
authFailed = Authentication failed due to unknown reason
json = Authentication failed with a json exception
ssoe = Authentication failed with a Single Sign On Exception
ire = Authentication failed with an Identity Repo Exception
unknownState = Authentication failed because the state was not valid
ioe = Authentication failed with an Input/Output exception while trying to get content
httpErrorCode = Authentication failed because the remote server responded with an HTTP error code {0}
malformedURL = Malformed URL when trying to access the profile service
invalidField = The input field {0} contains invalid data: {1}
audience = OpenID Connect ID token is not for this audience.
noState=Authorization request failed because there was no state parameter
incorrectState=Authorization request failed because the state parameter contained an unexpected value
#
# Mail parameters
#
messageSubject = Activation code
messageBody = Thanks for registering with us.\n\nA username will be created for you once you provide the activation code.\n\nPlease click the following link to create and activate your account:\n\n#ACTIVATION_LINK#\n\nIf you encounter an error message, you can also copy the activation code and paste it in the screen that is asking for it.\n\n\Your activation code is: #ACTIVATION_CODE#\n\nBest Regards,\n\nForgeRock
#
# Buttons in the Authentication Service Configuration
#
donotlogout = Do not logout
logout = Log out
prompt = Prompt
i18nTrue = true
i18nFalse = false
S256 = SHA 256
plain = Plain
#
# JSP messages
#
# Activation page
activationTitle = Activation Code Page
activationLabel = Activation Code
activationCodeMsg = You were sent an activation code to the email address configured in your profile.Please check your mail and click the link provided. If you have a problem when clicking the link, then copy and paste the activation code here and hit Enter. Thanks
emptyCode = The activation code can not be empty
errInvalidCode = The code introduced is not valid
submit = Submit
cancel = Cancel
#
# Password setting page
newPassLabel = New Password
confirmPassLabel = Confirm your password
termsAndCondsLabel = terms and conditions of service
passwordSetMsg = Please provide a password for your account.
passwordRules = The password must have at least 8characters
At least one uppercase and one lowercase character
At least one number
It can also contain the characters + = _
errLength = Error. Password must contain at least eight characters
errNumbers = Error. password must contain at least one number. 0-9
errLowercase = Error. password must contain at least one lowercase letter. a-z
errUppercase = Error. password must contain at least one uppercase letter. A-Z
errNoMatch = Error. The password and confirmation password do not match
errEmptyPass = Please enter a password and confirm it
errTandC = Please accept terms and conditions
errInvalidPass = The password provided contains invalid characters
#
# Logout Page
# #IDP# will be replaced by the name of the IdP during the presentation of the page
doYouWantToLogout = Do you also want to logout from #IDP# ?
loggingYouOut = Logging you out from the IdP
youVeBeenLogedOut = You have been loggedout from the OAuth 2.0 IdP
noSupportIFrames = Your browser does not support iframes
logmeout=Yes
donot=No
enableScripts=Please enable java scripts in your browser

# OpenID Connect validation settings
oidc.issuer_name=Name of OpenID Connect ID Token Issuer
oidc.issuer_name.help= Required when the 'openid' scope is included. Value must match the iss field in issued ID Token\
  
e.g. accounts.google.com
oidc.crypto_context_type=OpenID Connect validation configuration type
oidc.crypto_context_type.help=Required when the 'openid' scope is included. Please select either 1. the issuer discovery url, \
  2. the issuer jwk url, or 3. the client_secret.
oidc.crypto_context_value=OpenID Connect validation configuration value
oidc.crypto_context_value.help=Required when the 'openid' scope is included. The discovery url, or jwk url, or the \
  client_secret, corresponding to the selection above.
oidc.crypto_context_value.help.txt=If discovery or jwk url entered, entry must be in valid url format, 
\
  e.g. https://accounts.google.com/.well-known/openid-configuration
\
NB If client_secret entered, entry is ignored and the value of the Client Secret is used.

#for different settings
openam.auth.oauth2.custom.properties=Custom Properties