forked from keycloak/keycloak
-
Notifications
You must be signed in to change notification settings - Fork 0
/
messages_en.properties
3001 lines (3001 loc) · 216 KB
/
messages_en.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
cancel=Cancel
deleteConfirm_other=Are you sure you want to delete these groups.
trusted-hosts.label=Trusted Hosts
deletedSuccess=Provider successfully deleted.
searchAttributes=Search attributes
userID=User ID
anyResource=Any resource
importAdded_zero=No records added.
createClientPolicy=Create client policy
clientSignature=Client signature required
persistent=Persistent
sync-ldap-roles-to-keycloak=Sync LDAP roles to Keycloak
eventTypes.PERMISSION_TOKEN.name=Permission token
permissionsDisable=Disable permissions?
eventTypes.FEDERATED_IDENTITY_LINK_ERROR.description=Federated identity link error
secretHasExpired=Secret has expired, please generate a new one by clicking the "Regenerate" button above
requiredRoles=Please add at least one role.
addLdapWizardTitle=Add LDAP user federation provider
wantAssertionsSignedHelp=Indicates whether this service provider expects a signed Assertion.
disableConfirm=Are you sure you want to disable '{{name}}'
eventTypes.CUSTOM_REQUIRED_ACTION.description=Custom required action
flowName=Flow name
userInfoResponseEncryptionContentEncryptionAlgorithm=User info response encryption content encryption algorithm
eventTypes.IDENTITY_PROVIDER_FIRST_LOGIN_ERROR.name=Identity provider first login error
searchByRoleName=Search by role name
credentialType=Type
passLoginHint=Pass login_hint
openIdConnectCompatibilityModesHelp=This section is used to configure settings for backward compatibility with older OpenID Connect / OAuth 2 adaptors. It's useful especially if your client uses older version of Keycloak / RH-SSO adapter.
emptyClientScopes=This client doesn't have any added client scopes
requiredGroups=Please add at least one group.
httpPostBindingAuthnRequestHelp=Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
policyEnforcementMode=Policy enforcement mode
eventTypes.CLIENT_UPDATE.name=Client update
addMultivaluedLabel=Add {{fieldLabel}}
notRepeat=Not repeat
secretRotated=Secret rotated
userFedDeleteConfirmTitle=Delete user federation provider?
userCredentialsHelpTextLabel=User Credentials Help Text
role=Role
displayName=Display name
applyToResourceTypeHelp=Specifies if this permission should be applied to all resources with a given type. In this case, this permission will be evaluated for all instances of a given resource type.
cibaIntervalHelp=The minimum amount of time in seconds that the CD (Consumption Device) must wait between polling requests to the token endpoint. If set to 0, the CD must use 5 as the default value according to the CIBA specification.
envelopeFrom=Envelope from
eventTypes.UPDATE_TOTP.name=Update totp
updateCibaError=Could not update CIBA policy\: {{error}}
policyUrl=Policy URL
clientDescriptionHelp=Specifies description of the client. For example 'My Client for TimeSheets'. Supports keys for localized values as well. For example\: ${my_client_description}
rolesPermissionsHint=Determines if fine grained permissions are enabled for managing this role. Disabling will delete all current permissions that have been set up.
passwordPoliciesHelp.regexPattern=Requires that the password matches one or more defined Java regular expression patterns.
oAuthDPoP=OAuth 2.0 DPoP Bound Access Tokens Enabled
invalidRealmName=Realm name can't contain special characters
validRedirectURIsHelp=Valid URI pattern a browser can redirect to after a successful login. Simple wildcards are allowed such as 'http\://example.com/*'. Relative path can be specified too such as /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used. For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request.
realmNameTitle={{name}} realm
subjectNameId=Subject NameID
credentialsList=Credentials List
usermodel.clientRoleMapping.clientId.label=Client ID
clientId=Client ID
serviceProviderEntityId=Service provider entity ID
internationalizationHelp=If enabled, you can choose which locales you support for this realm and which locale is the default.
managePriorityOrder=Manage priority order
contextualAttributesHelp=Any attribute provided by a running environment or execution context.
clientLoginTimeoutHelp=Max time a client has to finish the access token protocol. This should normally be 1 minute.
emptyMappers=No mappers
artifactBindingUrlHelp=URL to send the HTTP ARTIFACT messages to. You can leave this blank if you are using a different binding. This value should be set when forcing ARTIFACT binding together with IdP initiated login.
artifactBindingUrl=Artifact Binding URL
clientsList=Clients list
userId=User ID
eventTypes.CLIENT_UPDATE_ERROR.description=Client update error
eventTypes.UPDATE_EMAIL.description=Update email
eventTypes.VALIDATE_ACCESS_TOKEN.description=Validate access token
dedicatedScopeExplain=This is a client scope which includes the dedicated mappers and scope
updateOtpError=Could not update OTP policy\: {{error}}
addressClaim.postal_code.label=User Attribute Name for Postal Code
defaultRoles=Default roles
samlSignatureKeyNameHelp=Signed SAML documents contain identification of signing key in KeyName element. For Keycloak / RH-SSO counter-party, use KEY_ID, for MS AD FS use CERT_SUBJECT, for others check and use NONE if no other option works.
clientScopeTypes.default=Default
invalidateRotatedSecret=Invalidate rotated secret?
noDirectUsers=No direct users
whoCanEditHelp=If enabled, users or administrators can view and edit the attribute. Otherwise, users or administrators don't have access to write to the attribute.
eventTypes.LOGIN.name=Login
addressClaim.country.tooltip=Name of User Attribute, which will be used to map to 'country' subclaim inside 'address' token claim. Defaults to 'country' .
uuidLdapAttribute=UUID LDAP attribute
scopeNameHelp=Name of the client scope. Must be unique in the realm. Name should not contain space characters as it is used as value of scope parameter
requiredUserActions=Required user actions
noConsentsText=The consents will only be recorded when users try to access a client that is configured to require consent. In that case, users will get a consent page which asks them to grant access to the client.
addStep=Add step
clientAssertionAudience=Client assertion audience
permissionPoliciesHelp=Specifies all the policies that must be applied to the scopes defined by this policy or permission.
userInitiatedActionLifespanHelp=Maximum time before an action permit sent by a user (such as a forgot password e-mail) is expired. This value is recommended to be short because it's expected that the user would react to self-created action quickly.
clearFileExplain=Are you sure you want to clear this file?
userModelAttribute=User model attribute
eventTypes.LOGOUT_ERROR.name=Logout error
allowRemoteResourceManagement=Remote resource management
syncRegistrationsHelp=Should newly created users be created within LDAP store? Priority effects which provider is chosen to sync the new user. This setting is effectively appplied only with WRITABLE edit mode.
resetPasswordAllowed=Forgot password
emptyExecution=No steps
passwordPolicyHintsEnabledHelp=Applicable just for writable MSAD. If on, then updating password of MSAD user will use LDAP_SERVER_POLICY_HINTS_OID extension, which means that advanced MSAD password policies like 'password history' or 'minimal password age' will be applied. This extension works just for MSAD 2008 R2 or newer.
expirationValueNotValid=Value should should be greater or equal to 1
eventTypes.UPDATE_CONSENT.name=Update consent
forceArtifactBinding=Force artifact binding
eventTypes.REFRESH_TOKEN_ERROR.description=Refresh token error
eventTypes.IMPERSONATE.name=Impersonate
updateFirstLogin=Update first login
columnDisplayDescription=Display description
flowUsedBy=Use of this flow
client-updater-trusted-hosts.label=Trusted hosts
updateExecutorSuccess=Executor updated successfully
ldapAttributeHelp=Name of mapped attribute on LDAP object. For example 'cn', 'sn', 'mail', 'street', etc.
assertionLifespan=Assertion Lifespan
export=Export
claimFilterNameHelp=Name of the essential claim
revocationDescription=This is a way to revoke all active sessions and access tokens. Not before means you can revoke any tokens issued before the date.
eventTypes.CODE_TO_TOKEN_ERROR.description=Code to token error
termsOfServiceUrl=Terms of service URL
requestObject.request_uri\ only=Request URI only
passwordPolicy=Password policy
backchannelLogout=Backchannel logout
addressClaim.street.label=User Attribute Name for Street
rolesScope=If there is no role scope mapping defined, each user is permitted to use this client scope. If there are role scope mappings defined, the user must be a member of at least one of the roles.
applyToResourceTypeFlag=Apply to resource type
offlineSessionIdleHelp=Time an offline session is allowed to be idle before it expires. You need to use offline token to refresh at least once within this period; otherwise offline session will expire.
eventTypes.UPDATE_TOTP.description=Update totp
testError=Error when trying to connect to LDAP\: '{{error}}'
groupObjectClassesHelp=Object class (or classes) of the group object. It's divided by commas if more classes needed. In typical LDAP deployment it could be 'groupOfNames'. In Active Directory it's usually 'group'.
filterByClients=Filter by clients
claims=Claims
createPolicyOfType=Create {{policyType}} policy
realmRolePrefix=Realm role prefix
flowUsedByDescription=This flow is used by the following {{value}}
createClientScope=Create client scope
includeRepresentation=Include representation
expireTimeHelp=Defines the time after which the policy MUST NOT be granted. Only granted if current date/time is before or equal to this value.
singleLogoutServiceUrl=Single logout service URL
noRolesInstructions-roles=You haven't created any roles in this realm. Create a role to get started.
editIdPMapper=Edit Identity Provider Mapper
representation=Representation
remove=Remove
userProfile=User profile
unmanagedAttributes=Unmanaged Attributes
unmanagedAttributesHelpText=Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. \
By default, unmanaged attributes are `Disabled` and are not available from any context such as registration, account, and the administration console. \
By setting `Enabled`, unmanaged attributes are fully recognized by the server and accessible through all contexts, useful if you are starting migrating an existing realm to the declarative user profile and you don't have yet all user attributes defined in the user profile configuration. \
By setting `Only administrators can write`, unmanaged attributes can be managed only through the administration console and API, useful if you have already defined any custom attribute that can be managed by users but you are unsure about adding other attributes that should only be managed by administrators. \
By setting `Only administrators can view`, unmanaged attributes are read-only and only available through the administration console and API.
unmanagedAttributePolicy.DISABLED=Disabled
unmanagedAttributePolicy.ENABLED=Enabled
unmanagedAttributePolicy.ADMIN_VIEW=Only administrators can view
unmanagedAttributePolicy.ADMIN_EDIT=Only administrators can write
confirmPasswordDoesNotMatch=Password and confirmation does not match.
eventTypes.DELETE_ACCOUNT_ERROR.description=Delete account error
provider=Provider
flows=Flows
passwordPoliciesHelp.length=The minimum number of characters required for the password.
root=Root
removeImportedUsersSuccess=Imported users have been removed.
eventTypes.VERIFY_PROFILE_ERROR.name=Verify profile error
signAssertionsHelp=Should assertions inside SAML documents be signed? This setting is not needed if document is already being signed.
authnContextClassRefsHelp=Ordered list of requested AuthnContext ClassRefs.
sessionsType.directGrant=Direct grant
validateSignature=Validate Signatures
useLowerCaseBearerType=Use lower-case bearer type in token responses
headers=Headers
ldapAttributeNameHelp=Name of the LDAP attribute, which will be added to the new user during registration
createAGroup=Create a group
effectiveProtocolMappersHelp=Contains all default client scopes and selected optional scopes. All protocol mappers and role scope mappings of all those client scopes will be used when generating access token issued for your client
exportSuccess=Realm successfully exported.
scopePermissions.groups.manage-description=Policies that decide if an administrator can manage this group
testClusterFail=Failed verified availability for\: {{failedNodes}}. Fix or unregister failed cluster nodes and try again
eventExplain=Events are records of user and admin events in this realm. To configure the tracking of these events, go to <1>Event configs</1>.
queryExtensions=Query Supported Extensions
signingKeysConfig=Signing keys config
validateBindDn=You must enter the DN of the LDAP admin
addedGroupMembership=Added group membership
resourceDeletedSuccess=The resource successfully deleted
userObjectClasses=User object classes
useRefreshTokensHelp=If this is on, a refresh_token will be created and added to the token response. If this is off then no refresh_token will be generated.
getStarted=To get started, select a provider from the list below.
times.hours=Hours
signedJWTConfirm=Generate a private key and certificate for the client from the Keys tab.
permit=Permit
webOrigins=Web origins
searchAdminEventsBtn=Search admin events
deleteDialogDescription=Are you sure you want to permanently delete the attributes group <1>{{group}}</1>?
importResourceSuccess=The resource was successfully imported
inputTypeCols=Input cols
eventTypes.LOGOUT.description=Logout
deleteNodeBody=Are you sure you want to permanently delete the node "{{node}}"
lifespan=Expires In
storedTokensReadableHelp=Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
authenticationFlowTypeHelp=What kind of form is it
usersAdded_one={{count}} user added to the group
resourcesAndScopes=Resources and Scopes
editUsernameHelp=If enabled, the username field is editable, readonly otherwise.
eventTypes.UPDATE_CONSENT_ERROR.description=Update consent error
overrideActionTokensHelp=Override default settings of maximum time before an action permit sent by a user (such as a forgot password e-mail) is expired for specific action. This value is recommended to be short because it's expected that the user would react to self-created action quickly.
searchByName=Search by name
executorTypeSwitchHelpText=Executor Type Switch Help Text
attributeConsumingServiceNameHelp=Name of the Attribute Consuming Service profile to advertise in the SP metadata.
overrideActionTokens=Override Action Tokens
deleteGrantsError=Error deleting grants.
defaultGroupAdded_other=Added {{count}} groups to the default groups
used.SPECIFIC_CLIENTS=Specific clients
freeMemory=Free memory
applyPolicy=Apply policy
userFedDeleteConfirm=If you delete this user federation provider, all associated data will be removed.
directGrantHelp=Select the flow you want to use for direct grant authentication.
unlockUsersSuccess=Any temporarily locked users are now unlocked
jsonType.tooltip=JSON type that should be used to populate the json claim in the token. long, int, boolean, String and JSON are valid values.
emptyPrimaryAction=Add predefined mapper
enableClientSignatureRequired=Enable "Client signature required"?
supportedApplicationsHelp=Applications that are known to work with the current OTP policy
enableStartTLS=Enable StartTLS
syncModeOverride=Sync mode override
addAssociatedRolesError=Could not associate roles {{error}}
removeUserText=Do you want to remove {{numSelected}} users?. These users will no longer have permissions of the role {{role}} and the associated roles of it.
diagramView=Diagram view
removeImportedUsers=Remove imported users?
conditionsHelpItem=Conditions help item
accountLinkingOnly=Account linking only
clientPoliciesPoliciesHelpText=Client Policy allows to bind client profiles with various conditions to specify when exactly is enforced behavior specified by executors of the particular client profile.
anyClient=The condition is satisfied by any client on any event.
editFlow=Edit flow
noDefaultGroupsInstructions=Default groups allow you to automatically assign group membership whenever any new user is created or imported throughout <1>identity brokering</1>. Add default groups to get started
tokenSaveSuccess=New initial access token has been created
usermodel.attr.label=User Attribute
eventTypes.REGISTER.name=Register
eventTypes.USER_DISABLED_BY_PERMANENT_LOCKOUT.name=User disabled by permanent lockout
eventTypes.USER_DISABLED_BY_PERMANENT_LOCKOUT_ERROR.name=User disabled by permanent lockout error
deleteUser=Delete user
addedNodeSuccess=Node successfully added
eventTypes.INTROSPECT_TOKEN_ERROR.description=Introspect token error
webAuthnPolicyUserVerificationRequirementHelp=Communicates to an authenticator to confirm actually verifying a user.
syncModes.import=Import
realmSaveError=Realm could not be updated\: {{error}}
authDataDescription=Represents a token carrying authorization data as a result of the processing of an authorization request. This representation is basically what Keycloak issues to clients asking for permission. Check the `authorization` claim for the permissions that where granted based on the current authorization request.
allowRemoteResourceManagementHelp=Should resources be managed remotely by the resource server? If false, resources can be managed only from this Admin UI.
generatedAccessTokenIsDisabled=Generated access token is disabled when no user is selected
addNewProvider=Add new provider
userInfoResponseEncryptionKeyManagementAlgorithm=User info response encryption key management algorithm
changedUsersSyncPeriod=Changed users sync period
keystoreHelp=Path to keys file
userRegistration=User registration
save=Save
helpFileUploadClient=Upload a JSON or XML file
generateSuccess=New key pair and certificate generated successfully
userAttributeValueHelp=Value you want to hardcode
whoCanViewHelp=If enabled, users or administrators can view the attribute. Otherwise, users or administrators don't have access to the attribute.
eventTypes.IDENTITY_PROVIDER_LOGIN.description=Identity provider login
includeClients=Include clients
copySuccess=Successfully copied to clipboard\!
eventTypes.LOGOUT_ERROR.description=Logout error
clientProfilesHelp=Client profiles applied on this policy.
deleteClientPolicyError=Could not delete policy\: {{error}}
selectAttribute=Select attribute
resourceAttributeHelp=The attributes associated wth the resource.
updateCredentialUserLabelSuccess=The user label has been changed successfully.
product=Product
credentialUserLabel=User Label
passwordPoliciesHelp.passwordBlacklist=Prevents the use of a password that is in a blacklist file.
bindTypeHelp=Type of the authentication method used during LDAP bind operation. It is used in most of the requests sent to the LDAP server. Currently only 'none' (anonymous LDAP authentication) or 'simple' (bind credential + bind password authentication) mechanisms are available.
whoWillAppearPopoverText=Groups are hierarchical. When you select Direct Membership, you see only the child group that the user joined. Ancestor groups are not included.
eventTypes.VERIFY_EMAIL.description=Verify email
eventTypes.REFRESH_TOKEN_ERROR.name=Refresh token error
partialImportHeaderText=Partial import allows you to import users, clients, and other resources from a previously exported json file.
disableSuccess=Provider successfully disabled
validatingPublicKeyIdHelp=Explicit ID of the validating public key given above if the key ID. Leave blank if the key above should be used always, regardless of key ID specified by external IDP; set it if the key should only be used for verifying if the key ID from external IDP matches.
eventTypes.IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR.name=Identity provider link account error
subtree=Subtree
userFederation=User federation
effectiveRoleScopeMappingsHelp=Selected Optional Client Scopes, which will be used when issuing access token for this client. You can see above what value of OAuth Scope Parameter needs to be used when you want to have these optional client scopes applied when the initial OpenID Connect Authentication request will be sent from your client adapter
disable=Disable
membershipLdapAttribute=Membership LDAP attribute
availableIdPs=Available identity providers
updateClientConditionSuccess=Condition updated successfully.
attributes=Attributes
roleDeleteConfirmDialog=This action will permanently delete the role "{{selectedRoleName}}" and cannot be undone.
clientDelete=Delete {{clientId}} ?
userDeletedSuccess=The user has been deleted
revokeClientScopesTitle=Revoke all granted client scopes?
contentSecurityPolicyReportOnlyHelp=For testing Content Security Policies <1>Learn more</1>
eventTypes.PERMISSION_TOKEN.description=Permission token
allow-default-scopes.label=Allow Default Scopes
minuteHelp=Defines the minute when the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current minute is between or equal to the two values you provided.
updateCibaSuccess=CIBA policy successfully updated
newRoleNameHelp=The new role name. The new name format corresponds to where in the access token the role will be mapped to. So, a new name of 'myapp.newname' will map the role to that position in the access token. A new name of 'newname' will map the role to the realm roles in the token.
mapperTypeFullNameLdapMapper=full-name-ldap-mapper
searchUserByAttributeMissingKeyError=Specify a attribute key
eventTypes.INVALID_SIGNATURE.name=Invalid signature
topLevelFlowTypeHelp=What kind of top level flow is it? Type 'client' is used for authentication of clients (applications) when generic is for users and everything else
authDetailsHelp=Export and download all resource settings for this resource server.
policyProvider.regex=Define regex conditions for your permissions.
clientImportError=Could not import client\: {{error}}
members=Members
scopePermissions.clients.token-exchange-description=Policies that decide which clients are allowed exchange tokens for a token that is targeted to this client.
realmCertificateAliasHelp=Realm certificate is stored in archive too. This is the alias to it.
scopePermissions.roles.map-role-client-scope-description=Policies that decide if an administrator can apply this role to the client scope of a client
createIdentityProviderError=Could not create the identity provider\: {{error}}
eventTypes.SEND_VERIFY_EMAIL_ERROR.description=Send verify email error
deleteClientPolicyConfirm=This action will permanently delete the policy {{policyName}}. This cannot be undone.
cibaAuthRequestedUserHint=Authentication Requested User Hint
samlKeysExportError=Could not export keys due to\: {{error}}
webAuthnPolicyCreateTimeout=Timeout
comparison=Comparison
passwordPoliciesHelp.digits=The number of numerical digits required in the password string.
deletedSuccessClientScope=The client scope has been deleted
notBeforeError=Error clearing "Not Before" for realm\: {{error}}
columnDisplayName=Display name
noUsersFoundErrorStorage=No users found, could be due to wrongly configured federated provider {{error}}
lookAround=Look around window
storeTokensHelp=Enable/disable if tokens must be stored after authenticating users.
revert=Revert
eventTypes.IDENTITY_PROVIDER_RETRIEVE_TOKEN.description=Identity provider retrieve token
dependentPermission=Dependent permission
disableNonce=Disable nonce
addAssociatedRolesSuccess=Associated roles have been added
groupDeleted_one=Group deleted
userHelp=Optionally select user, for whom the example access token will be generated. If you do not select a user, example access token will not be generated during evaluation
loginScreenCustomization=Login screen customization
policiesConfigType=Configure via\:
exportWarningTitle=Export with caution
emailVerifiedHelp=Has the user's email been verified?
duplicateFlow=Duplicate flow
addExecution=Add execution
noSearchResultsInstructions=Click on the search bar above to search again
addedNodeFail=Could not add node\: '{{error}}'
groupMembership=Group membership
maxLength=Max length {{length}}
prompts.unspecified=Unspecified
revokeClientScopes=Are you sure you want to revoke all granted client scopes for {{clientId}}?
cibaBackhannelTokenDeliveryModes.poll=Poll
policies=Policies
parentClientScope=Parent client scope
reorder=Reorder
allTypes=All types
backchannelLogoutSessionRequired=Backchannel logout session required
ldapFilter=LDAP filter
eventTypes.PUSHED_AUTHORIZATION_REQUEST_ERROR.name=Pushed authorization request error
editAttribute=Edit attribute
webAuthnPolicyRpEntityNameHelp=Human-readable server name as WebAuthn Relying Party
postBrokerLoginFlowAlias=Post login flow
refreshTokenMaxReuse=Refresh Token Max Reuse
partialExportHeaderText=Partial export allows you to export realm configuration, and other associated resources into a json file.
clientScopes=Client scopes
loadingRealms=Loading realms…
eventTypes.SEND_RESET_PASSWORD_ERROR.description=Send reset password error
httpPostBindingLogout=HTTP-POST binding logout
updateMessageBundleSuccess=Success\! Message bundle updated.
permissionDescription=A description for this permission.
policyClientHelp=Specifies which client(s) are allowed by this policy.
multivalued.label=Multivalued
buildIn=Built-in
roleCreateExplain=This is some description
scopePermissions.identityProviders.token-exchange-description=Policies that decide which clients are allowed exchange tokens for an external token minted by this identity provider.
algorithmNotSpecified=Algorithm not specified
jwtX509HeadersEnabled=Add X.509 Headers to the JWT
rememberMe=Remember me
flow.registration=Registration flow
showLess=Show less
registeredClusterNodes=Registered cluster nodes
connectionAndAuthenticationSettings=Connection and authentication settings
deleteConfirmUsers=Delete user?
storePassword=Store password
defaultGroups=Default groups
eventTypes.TOKEN_EXCHANGE_ERROR.name=Token exchange error
flow.browser=Browser flow
unlinkUsersSuccess=Unlink of users finished successfully.
addressClaim.street.tooltip=Name of User Attribute, which will be used to map to 'street_address' subclaim inside 'address' token claim. Defaults to 'street' .
webAuthnPolicyCreateTimeoutHint=Timeout needs to be between 0 seconds and 8 hours
addValidator=Add validator
attributeImporter=Import declared SAML attribute if it exists in assertion into the specified user property or attribute.
userInfoSettings=User info settings
createAttributeError=Error\! User Profile configuration has not been saved {{error}}.
password=Password
eventTypes.VERIFY_EMAIL.name=Verify email
httpPostBindingResponseHelp=Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
mapperTypeHardcodedAttributeMapper=hardcoded-attribute-mapper
eventTypes.IMPERSONATE.description=Impersonate
forbidden_other=Forbidden, permissions needed\:
clientAuthorization=Authorization
identityProvidersPermissionsHint=Determines if fine grained permissions are enabled for managing this role. Disabling will delete all current permissions that have been set up.
removeMappingConfirm_other=Are you sure you want to remove {{count}} roles
kerberosWizardDescription=Text needed here.
welcome=Welcome to
events=Events
importHelp=Import a JSON file containing authorization settings for this resource server.
mapperType=Mapper type
importResources=The following settings and data will be imported\:
validateConnectionUrl=You must enter a connection URL
attributeConsumingServiceIndexHelp=Index of the Attribute Consuming Service profile to request during authentication.
clientSessionSettings=Client session settings
cibaAuthRequestedUserHintHelp=The way of identifying the end-user for whom authentication is being requested. Currently only "login_hint" is supported.
leaveGroupConfirmDialog_other=Are you sure you want to remove {{username}} from the {{count}} selected groups?
createTokenHelp=An initial access token can only be used to create clients
removeImportedUsersError=Could not remove imported users\: '{{error}}'
eventTypes.OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR.description=Oauth2 device code to token error
typeHelp=Client scopes, which will be added as default scopes to each created client
linkedIdPs=Linked identity providers
htmlDisplayName=HTML Display name
groupObjectClasses=Group object classes
requiredActionPlaceholder=Select action
bindCredentials=Bind credentials
logoutSettings=Logout settings
validateServerPrincipal=You must enter a server principal
addMessageBundle=Add message bundle
realmName=Realm name
searchEventType=Search saved event type
idpInitiatedSsoRelayStateHelp=Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
otpHashAlgorithmHelp=What hashing algorithm should be used to generate the OTP.
joinGroup=Join Group
eventTypes.REMOVE_TOTP_ERROR.description=Remove totp error
eventTypes.EXECUTE_ACTION_TOKEN_ERROR.description=Execute action token error
unlinkAccountConfirm=Are you sure you want to permanently unlink this account from {{provider}}?
x509CertificateHelp=X509 Certificate encoded in PEM format
samlEndpointsLabel=SAML 2.0 Service Provider Metadata
passCurrentLocaleHelp=Pass the current locale to the identity provider as a ui_locales parameter.
lessThan=Must be less than {{value}}
webAuthnPolicyRequireResidentKeyHelp=It tells an authenticator create a public key credential as Resident Key or not.
logoutServiceRedirectBindingURL=Logout Service Redirect Binding URL
createIdentityProviderSuccess=Identity provider successfully created
emptyMappersInstructions=If you want to add mappers, please click the button below to add some predefined mappers or to configure a new mapper.
dayMonth=Day
clientRolesHelp=The condition checks whether one of the specified client roles exists on the client to determine whether the policy is applied. This effectively allows client administrator to create client role of specified name on the client to make sure that particular client policy will be applied on requests of this client. Condition is checked during most of OpenID Connect requests (Authorization requests, token requests, introspection endpoint request, etc.)
validatingX509Certs=Validating X509 certificates
eventTypes.CLIENT_UPDATE.description=Client update
searchInitialAccessToken=Search token
guiOrder=Display Order
friendlyName=Friendly name of attribute to search for in assertion. You can leave this blank and specify a name instead.
testSuccess=Successfully connected to LDAP
userInfoUrl=User Info URL
displayOnConsentScreen=Display on consent screen
noClientPolicies=No client policies
defaultAdminInitiatedActionLifespanHelp=Maximum time before an action permit sent to a user by administrator is expired. This value is recommended to be long to allow administrators to send e-mails for users that are currently offline. The default timeout can be overridden immediately before issuing the token.
syncUsersSuccess=Sync of users finished successfully.
updatedCredentialMoveError=User Credential configuration hasn't been saved
searchForRoles=Search role by name
refresh=Refresh
roleDeletedSuccess=The role has been deleted
advancedClaimToRole=If all claims exist, grant the user the specified realm or client role.
directGrant=Direct Grant Flow
maxLifespanHelp=Max lifespan of cache entry in milliseconds
associatedRolesModalTitle=Add roles to {{name}}
nameIdFormatHelp=The name ID format to use for the subject.
detailsHelp=this is information about the details
adminEvents=Admin events
serviceAccountHelp=Allows you to authenticate this client to Keycloak and retrieve access token dedicated to this client. In terms of OAuth2 specification, this enables support of 'Client Credentials Grant' for this client.
urisHelp=Set of URIs which are protected by resource.
eventTypes.IDENTITY_PROVIDER_RESPONSE.name=Identity provider response
confirmClientSecretTitle=Regenerate secret for this client?
serverPrincipal=Server principal
deleteConfirmGroup_one=Are you sure you want to delete this group '{{groupName}}'.
signDocuments=Sign documents
noTokens=No initial access tokens
addMapper=Add mapper
webauthnPolicy=Webauthn Policy
userAttributeName=User attribute name to store SAML attribute. Use email, lastName, and firstName to map to those predefined user properties.
displayDescriptionField=Display description
eventTypes.DELETE_ACCOUNT.description=Delete account
eventTypes.RESTART_AUTHENTICATION_ERROR.description=Restart authentication error
evictionHour=Eviction hour
notBefore=Not before
onDragFinish=Dragging finished {{list}}
otpSupportedApplications.totpAppMicrosoftAuthenticatorName=Microsoft Authenticator
ldapMappersList=LDAP Mappers
bindDnHelp=DN of the LDAP admin, which will be used by Keycloak to access LDAP server
newClientProfileName=Client profile name
eventTypes.OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR.name=Oauth2 device code to token error
eventTypes.TOKEN_EXCHANGE.description=Token exchange
continue=Continue
editProvider=Edit provider
included.client.audience.label=Included Client Audience
backchannelLogoutUrlHelp=URL that will cause the client to log itself out when a logout request is sent to this realm (via end_session_endpoint). If omitted, no logout request will be sent to the client is this case.
updateScopeSuccess=Authorization scope successfully updated
userInfoResponseEncryptionKeyManagementAlgorithmHelp=JWA Algorithm used for key management in encrypting User Info Endpoint responses. This option is needed if you want encrypted User Info Endpoint responses. If left empty, User Info Endpoint responses are not encrypted.
authnContextDeclRefsHelp=Ordered list of requested AuthnContext DeclRefs.
inherent=Inherited
tableTitle=Attributes groups
generateNewKeys=Generate new keys
updateClientPolicySuccess=Client policy updated
unlock=Unlock
validateRealm=You must enter a realm
attributeValue=Attribute Value
eventTypes.CLIENT_DELETE_ERROR.description=Client delete error
clientScopesHelp=It uses the scopes requested or assigned in advance to the client to determine whether the policy is applied to this client. Condition is evaluated during OpenID Connect authorization request and/or token request.
revokeRefreshToken=Revoke Refresh Token
mappingUpdatedSuccess=Mapping successfully updated
logoUrlHelp=URL that references a logo for the Client application
operationTypes=Operation types
loginWithEmailAllowed=Login with email
expireTime=Expire time
requestObject.request\ or\ request_uri=Request or Request URI
policyProvider.user=Define conditions for your permissions where a set of one or more users is permitted to access an object.
protocolTypes.openid-connect=OpenID Connect
clientTypeHelp='OpenID Connect' allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server.'SAML' enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO) and uses security tokens containing assertions to pass information.
addOpenIdProvider=Add OpenID Connect provider
memory=Memory
eventTypes.CLIENT_LOGIN.name=Client login
mapper.nameid.format.tooltip=Name ID Format using Mapper
hideOnLoginPageHelp=If hidden, login with this provider is possible only if requested explicitly, for example using the 'kc_idp_hint' parameter.
eventTypes.UPDATE_PROFILE.description=Update profile
assignRolesTo=Assign roles to {{client}}
orderChangeError=Could not change display order of identity providers {{error}}
policyProvider.client-scope=Define conditions for your permissions where a set of one or more client scopes is permitted to access an object.
secretExpiresOn=Secret expires on {{time}}
searchClientByName=Search client by name
loginTimeout=Login timeout
attributeName=Attribute [Name]
updateError=Could not update the provider {{error}}
importUsersHelp=If true, LDAP users will be imported into the Keycloak DB and synced by the configured sync policies.
emptyClientProfilesInstructions=There are no profiles, select 'Create client profile' to create a new client profile
policyProvider.js=Define conditions for your permissions using JavaScript. It is one of the rule-based policy types supported by Keycloak, and provides flexibility to write any policy based on the Evaluation API.
idpType.social=Social login
krbPrincipalAttribute=Kerberos principal attribute
fineGrainSamlEndpointConfig=Fine Grain SAML Endpoint Configuration
hours=Hours
eventTypes.RESET_PASSWORD_ERROR.name=Reset password error
yes=Yes
showRemaining=Show ${remaining}
searchProfile=Search profile
eventTypes.UPDATE_EMAIL_ERROR.name=Update email error
removeConfirm_other=Are you sure you want to remove these groups.
renameGroup=Rename group
configure=Configure
searchScopeHelp=For one level, the search applies only for users in the DNs specified by User DNs. For subtree, the search applies to the whole subtree. See LDAP documentation for more details.
jumpToSection=Jump to section
noUsersEmptyStateDescription=Only the users with this role directly assigned will appear under this tab. If you need to find users assigned to this role, go to
manage=Manage
searchForSession=Search session
temporaryLockedHelp=The user may be locked due to multiple failed attempts to log in.
kerberosIntegration=Kerberos integration
useEntityDescriptorHelp=Import metadata from a remote IDP SAML entity descriptor.
decisionStrategies.CONSENSUS=Consensus
saveProviderSuccess=The provider has been saved successfully.
dedicatedScopes=Dedicated scopes
noSessionsDescription=There are currently no active sessions in this realm.
createGroupText=Create attributes group
otpPolicyCodeReusable=Reusable token
addRedirectUri=Add valid redirect URIs
time=Time
disableSigningExplain=If you disable "{{key}}", the Keycloak database will be updated and you may need to download a new adapter for this client.
mapperTypeRoleLdapMapperHelp=Used to map role mappings of roles from some LDAP DN to Keycloak role mappings of either realm roles or client roles of particular client
used.DEFAULT=Default
authenticationCreateFlowHelp=Create flow
credentialResetEmailSuccess=Email sent to user.
sslType.all=All requests
discoveryEndpointHelp=Import metadata from a remote IDP discovery descriptor.
excludeSessionStateFromAuthenticationResponse=Exclude Session State From Authentication Response
required=Required field
linkedIdPsText=The identity providers which are already linked to this user account
lastUpdated=Last updated
credentialResetBtn=Credential Reset
socialProfileJSONFieldPathHelp=Path of field in Social Provider User Profile JSON data to get value from. You can use dot notation for nesting and square brackets for array index. E.g. 'contact.address[0].country'.
userModelAttributeHelp=Name of the UserModel property or attribute you want to map the LDAP attribute into. For example 'firstName', 'lastName, 'email', 'street' etc.
userList=User list
eventTypes.RESET_PASSWORD.name=Reset password
exportWarningDescription=If there is a great number of groups, roles or clients in your realm, the operation may make server unresponsive for a while.
importRole=Import role
deleteClientProfileConfirm=This action will permanently delete the profile {{profileName}}. This cannot be undone.
signServiceProviderMetadataHelp=Enable/disable signature of the provider SAML metadata.
oAuthMutual=OAuth 2.0 Mutual TLS Certificate Bound Access Tokens Enabled
keystore=Keystore
eventTypes.EXECUTE_ACTION_TOKEN.description=Execute action token
eventTypes.CLIENT_INFO.description=Client info
updateClientProfilesError=Provided JSON is incorrect\: Unexpected token { in JSON
canonicalizationHelp=Canonicalization Method for XML signatures.
authorizationHelp=Enable/Disable fine-grained authorization support for a client
sessions=Sessions
mapperCreateSuccess=Mapper created successfully.
fullSyncPeriodHelp=Period for full synchronization in seconds
resourceTypeHelp=Specifies that this permission must be applied to all resource instances of a given type.
encryptionAlgorithmHelp=Encryption algorithm, which is used by SAML IDP for encryption of SAML documents, assertions or IDs. The corresponding decryption key for decrypt SAML document parts will be chosen based on this configured algorithm and should be available in realm keys for the encryption (ENC) usage. If algorithm is not configured, then any supported algorithm is allowed and decryption key will be chosen based on the algorithm configured in SAML document itself.
socialUserAttributeName=User attribute name to store information.
priority=Priority
jsonType.label=Claim JSON Type
fullScopeAllowed=Full scope allowed
syncModes.inherit=Inherit
masterSamlProcessingUrlHelp=If configured, this URL will be used for every binding to both the SP's Assertion Consumer and Single Logout Services. This can be individually overridden for each binding and service in the Fine Grain SAML Endpoint Configuration.
addedGroupMembershipError=Error adding group membership
authenticatorAttachment.platform=Platform
configSaveSuccess=Successfully saved the execution config
regenerate=Regenerate
ignoreMissingGroups=Ignore missing groups
sslType.external=External requests
showMetaData=Show metadata
webAuthnPolicyAttestationConveyancePreferenceHelp=Communicates to an authenticator the preference of how to generate an attestation statement.
top-level-flow-type.basic-flow=Basic flow
groupRemoveError=Error removing group {error}
temporaryPasswordHelpText=If enabled, the user must change the password on next login
requestObjectEncryption=Request object encryption algorithm
exportAuthDetailsSuccess=Successfully exported authorization details.
connectionPooling=Connection pooling
wantAuthnRequestsSignedHelp=Indicates whether the identity provider expects a signed AuthnRequest.
policyCodeHelp=The JavaScript code providing the conditions for this policy.
eventTypes.IMPERSONATE_ERROR.description=Impersonate error
eventTypes.IDENTITY_PROVIDER_RESPONSE.description=Identity provider response
shouldBeANumber=Should be a number
validatorDialogColNames.colDescription=Description
requestObjectEncoding=Request object content encryption algorithm
idTokenEncryptionKeyManagementAlgorithmHelp=JWA Algorithm used for key management in encrypting ID tokens. This option is needed if you want encrypted ID tokens. If left empty, ID Tokens are just signed, but not encrypted.
idpInitiatedSsoUrlNameHelp=URL fragment name to reference client when you want to do IDP Initiated SSO. Leaving this empty will disable IDP Initiated SSO. The URL you will reference from your browser will be\: {server-root}/realms/{realm}/protocol/saml/clients/{client-url-name}
keyPassword=Key password
attributeFriendlyName=Attribute [Friendly Name]
clearAllFilters=Clear all filters
scopePermissions.clients.map-roles-composite-description=Policies that decide if an administrator can apply roles defined by this client as a composite to another role
roleObjectClassesHelp=Object class (or classes) of the role object. It's divided by commas if more classes are needed. In typical LDAP deployment it could be 'groupOfNames'. In Active Directory it's usually 'group'.
emptyAddClientScopes=No client scopes
changeTypeTo=Change type to
generateKeys=Generate keys?
searchForUser=Search user
groupRemove_one=Group removed
savePasswordError=Error saving password\: {{error}}
allGroups=All groups
deleteNode=Delete node?
rdnLdapAttributeHelp=Name of the LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as the Username LDAP attribute, however it is not required. For example for Active directory, it is common to use 'cn' as RDN attribute when username attribute might be 'sAMAccountName'.
addAaguids=Add AAGUID
createPolicy=Create client policy
disablePolicyConfirm=Users and clients can't access the policy if it's disabled. Are you sure you want to continue?
useDiscoveryEndpoint=Use discovery endpoint
clearAdminEvents=Clear admin events
eventTypes.CLIENT_DELETE.name=Client delete
clientLoginTimeout=Client Login Timeout
mapperSaveSuccess=Mapper saved successfully.
noRolesAssociatedInstructions=To add roles to this role press the 'Add role' button
alwaysDisplayInUIHelp=Always list this client in the Account UI, even if the user does not have an active session.
eventTypes.UPDATE_PASSWORD.name=Update password
eventTypes.UPDATE_CONSENT.description=Update consent
realmSaveSuccess=Realm successfully updated
notBeforePushFail=Failed to push "not before" to\: {{failedNodes}}
executorTypeTextHelpText=Executor Type Text Help Text
eventTypes.IDENTITY_PROVIDER_LOGIN_ERROR.description=Identity provider login error
readTimeout=Read timeout
userInfoResponseEncryptionContentEncryptionAlgorithmHelp=JWA Algorithm used for content encryption in encrypting User Info Endpoint responses. If User Info response encryption key management algorithm is specified, the default for this value is A128CBC-HS256.
accessTokenSignatureAlgorithm=Access token signature algorithm
createUser=Create user
logoutAllDescription=If you sign out all active sessions, active subjects in this realm will be signed out.
credentialResetEmailError=Failed\: {{error}}
flow-type.form-flow=Form
useKerberosForPasswordAuthenticationHelp=User Kerberos login module for authenticating username/password against Kerberos server instead of authenticating against LDAP server with Directory Service API
guiOrderHelp=Specify order of the provider in GUI (such as in Consent page) as integer
signDocumentsHelp=Should SAML documents be signed by the realm?
resetPassword=Reset password
requireSslHelp=Is HTTPS required? 'None' means HTTPS is not required for any client IP address. 'External requests' means localhost and private IP addresses can access without HTTPS. 'All requests' means HTTPS is required for all IP addresses.
policyDeletedSuccess=The Policy successfully deleted
manageServiceAccountUser=To manage detail and group mappings, click on the username <1>{{link}}</1>
addClientProfileSuccess=New client profile added
helpDisabled=Help off
deleteResource=Permanently delete resource?
validRequestURIsHelp=List of valid URIs, which can be used as values of 'request_uri' parameter during OpenID Connect authentication request. There is support for the same capabilities like for Valid Redirect URIs. For example wildcards or relative paths.
emptyAddClientScopesInstructions=There are no client scopes left to add
changeTypeIntro={{count}} selected client scopes will be changed to
secretSizeHelp=Size in bytes for the generated secret
clientSecret=Client Secret
inputType=Input type
claimHelp=Name of claim to search for in token. You can reference nested claims by using a '.', i.e. 'address.locality'. To use dot (.) literally, escape it with backslash. (\\.)
regexClaimValues=Regex Claim Values
iconUri=Icon URI
allowed-protocol-mappers.label=Allowed Protocol Mappers
group=Group
addAssociatedRolesText=Add associated roles
enabledFeatures=Enabled features
groupsClaimHelp=If defined, the policy will fetch user's groups from the given claim within an access token or ID token representing the identity asking permissions. If not defined, user's groups are obtained from your realm configuration.
createGroup=Create group
validatingPublicKeyId=Validating public key id
clientAuthentications.client_secret_jwt=JWT signed with client secret
created=Created
minutes=Minutes
displayOnClient=Display client on screen
certSubject=CERT_SUBJECT
userCredentialsHelpText=The top level handlers allow you to shift the priority of the credential for the user, the topmost credential having the highest priority. The handlers within one expandable panel allow you to change the visual order of the credentials, the topmost credential will show at the most left.
ldapAdvancedSettingsDescription=This section contains all the other options for more fine-grained configuration of the LDAP storage provider.
usersDN=Users DN
secretSize=Secret size
included.custom.audience.label=Included Custom Audience
max-clients.label=Max Clients Per Realm
requestObjectSignatureAlgorithm=Request object signature algorithm
searchForGroups=Search group
noRolesAssociated=No associated roles
eventTypes.IDENTITY_PROVIDER_POST_LOGIN_ERROR.name=Identity provider post login error
emptyStateMessage=No attributes groups
tokenLifespan.expires=Expires in
oidcAttributeImporter=Import declared claim if it exists in ID, access token, or the claim set returned by the user profile endpoint into the specified user property or attribute.
requestObject.request\ only=Request only
waitIncrementSeconds=Wait increment
requiredForLabel.admins=Only admins
clientScopeSuccess=Scope mapping updated
clientPolicySearch=Search client policy
refreshTokens=Refresh tokens
eventTypes.UPDATE_EMAIL_ERROR.description=Update email error
credentials=Credentials
webAuthnPolicyCreateTimeoutHelp=Timeout value for creating user's public key credential in seconds. if set to 0, this timeout option is not adapted.
policyType.hotp=Counter based
claimFilterValue=Essential claim value
eventTypes.REGISTER_ERROR.name=Register error
priorityHelp=Priority of the provider
emptyPolicies=No policies
manageOrderTableAria=List of identity providers in the order listed on the login page
disableError=Could not disable the provider {{error}}
anyAlgorithm=Any algorithm
enableSSL=Enable SSL
general=General
failureFactor=Max login failures
updateClientPoliciesSuccess=The client policies configuration was updated
advancedSettings=Advanced settings
attributeValueHelp=Value the attribute must have. If the attribute is a list, then the value must be contained in the list.
eventTypes.FEDERATED_IDENTITY_LINK.description=Federated identity link
adminTheme=Admin theme
alias=Alias
eventTypes.SEND_IDENTITY_PROVIDER_LINK_ERROR.name=Send identity provider link error
userEvents=User events
inputTypePlaceholder=Input placeholder
otpPolicyPeriodErrorHint=Value needs to be between 1 second and 2 minutes
introduction=If you want to leave this page and manage this realm, please click the corresponding menu items in the left navigation bar.
clearUserEvents=Clear user events
descriptionHelp=Help text for the description of the new flow
addCustomProvider=Add custom provider
permissionType=Specifies that this permission must be applied to all resources instances of a given type.
policyEnforcementModes.ENFORCING=Enforcing
rowSaveBtnAriaLabel=Save edits for {{messageBundle}}
permanentLockout=Permanent lockout
debug=Debug
webAuthnPolicyRequireResidentKey=Require resident key
notBeforePushSuccess=Successfully push "not before" to\: {{successNodes}}
unlockUsersConfirm=All the users that are temporarily locked will be unlocked.
clear=Clear
idpType.custom=Custom
eventTypes.LOGOUT.name=Logout
deletedErrorClientScope=Could not delete client scope\: {{error}}
groupsClaim=Groups claim
roleMappingUpdatedError=Could not update role mapping {{error}}
client-updater-source-groups.label=Groups
frontchannelLogoutUrlHelp=URL that will cause the client to log itself out when a logout request is sent to this realm (via end_session_endpoint). If not provided, it defaults to the base url.
authenticationOverridesHelp=Override realm authentication flow bindings.
requiredActions=Required actions
selectLocales=Select locales
policyDecisionStagey=The decision strategy dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. 'Affirmative' means that at least one policy must evaluate to a positive decision in order for the final decision to be also positive. 'Unanimous' means that all policies must evaluate to a positive decision in order for the final decision to be also positive. 'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.
usermodel.prop.tooltip=Name of the property method in the UserModel interface. For example, a value of 'email' would reference the UserModel.getEmail() method.
kc.identity.authc.method=Authentication Method
regexAttributeValues=Regex Attribute Values
otpTypeHelp=totp is Time-Based One Time Password. 'hotp' is a counter base one time password in which the server keeps a counter to hash against.
setAsDefaultAction=Set as default action
keyForCodeExchange=Proof Key for Code Exchange Code Challenge Method
clientProfiles=Client profiles
endpointsHelp=Shows the configuration of the Service Provider endpoint
mapperTypeLdapAttributeMapper=hardcoded-ldap-attribute-mapper
unlockAllUsers=Unlock all users
noGroupsText=You haven't added this user to any groups. Join a group to get started.
createClientPolicyError=Could not create policy due to\: {{error}}
eventTypes.EXECUTE_ACTIONS_ERROR.name=Execute actions error
path=Path
overwritten=Overwritten
mapperNameHelp=Name of the mapper
deleteProviderError=Error deleting the provider
supportedLocalesHelp=The locales to support for this realm. The user chooses one of these locales on the login screen.
comparisonHelp=Specifies the comparison method used to evaluate the requested context classes or statements. The default is "Exact".
generatedIdTokenIsDisabled=Generated id token is disabled when no user is selected
nodeHost=Node host
eventTypes.REGISTER_NODE_ERROR.description=Register node error
eventListenersHelpTextHelp=Configure what listeners receive events for the realm.
acrToLoAMapping=ACR to LoA Mapping
advancedSettingsSaml=This section is used to configure advanced settings of this client
resetCredentialsError=Error resetting users credentials\: {{error}}
eventTypes.INTROSPECT_TOKEN.name=Introspect token
unspecified=Unspecified
deleteMappingTitle=Delete mapping?
profile=Profile
active=Active
generateKeysDescription=If you generate new keys, you can download the keystore with the private key automatically and save it on your client's side. Keycloak server will save just the certificate and public key, but not the private key.
addSubFlowTitle=Add a sub-flow
useTruststoreSpiHelp=Specifies whether LDAP connection will use the Truststore SPI with the truststore configured in command-line options. 'Always' means that it will always use it. 'Never' means that it will not use it. Note that even if Keycloak truststore is not configured, the default java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.
forcePostBindingHelp=Always use POST binding for responses.
executorName=Name
VERIFY_EMAIL=Verify Email (VERIFY_EMAIL)
realmCertificateAlias=Realm certificate alias
roleName=Role name
addOrigins=Add Origin
evictionDayHelp=Day of the week the entry will become invalid
actionTokens=Action tokens
permissionResources=Specifies that this permission must be applied to a specific resource instance.
testConnectionHint.withoutEmail=To test the connection you must first configure an e-mail address for the current user ({{userName}}).
includeOneTimeUseConditionHelp=Should a OneTimeUse Condition be included in login responses?
availableIdPsText=All the configured identity providers in this realm are listed here. You can link the user account to any of the IdP accounts.
accessTokenLifespanHelp=Max time before an access token is expired. This value is recommended to be short relative to the SSO timeout
editableRowsTable=Editable rows table
redirectURIHelp=The redirect uri to use when configuring the identity provider.
permissionsEnabled=Permissions enabled
saveRealmError=Could not create realm {{error}}
attestationPreference.none=None
pairwiseSubAlgorithmSalt.label=Salt
addGroupsToGroupPolicy=Add groups to group policy
deniedScopes=Denied scopes
updateClientProfilesSuccess=The client profiles configuration was updated
flow.docker\ auth=Docker authentication flow
useEntityDescriptor=Use entity descriptor
loginActionTimeout=Login action timeout
windowsDomainQN=Windows Domain Qualified Name
deleteClientError=Could not delete profile\: {{error}}
validRedirectURIs=Valid URI pattern a browser can redirect to after a successful login. Simple wildcards are allowed such as 'http\://example.com/*'. Relative path can be specified too such as /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used. For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request.
UPDATE_PROFILE=Update Profile (UPDATE_PROFILE)
assertionConsumerServicePostBindingURL=Assertion Consumer Service POST Binding URL
removeImported=Remove imported
endpoints=Endpoints
roleSaveError=Could not save role\: {{error}}
keySize=Key size
membershipUserLdapAttributeHelp=Used just if Membership Attribute Type is UID. It is the name of the LDAP attribute on user, which is used for membership mappings. Usually it will be 'uid'. For example if the value of 'Membership User LDAP Attribute' is 'uid' and LDAP group has 'memberUid\: john', then it is expected that particular LDAP user will have attribute 'uid\: john'.
validatingX509CertsHelp=The certificate in PEM format that must be used to check for signatures. Multiple certificates can be entered, separated by comma (,). The action "Import keys" can be used to re-import certificates from the "Metadata descriptor URL" (if present) into this option. The configuration should be saved after the import to definitely store the new certificates.
samlCapabilityConfig=SAML capabilities
accessTokenSignatureAlgorithmHelp=JWA algorithm used for signing access tokens.
derFormatted=DER formatted
periodicChangedUsersSyncHelp=Whether periodic synchronization of changed or newly created LDAP users to Keycloak should be enabled or not
signatureAlgorithmHelp=The signature algorithm to use to sign documents. Note that 'SHA1' based algorithms are deprecated and can be removed in the future. It is recommended to stick to some more secure algorithm instead of '*_SHA1'
allow-default-scopes.tooltip=If on, newly registered clients will be allowed to have client scopes mentioned in realm default client scopes or realm optional client scopes
emailVerified=Email verified
addExecutionHelp=Execution can have a wide range of actions, from sending a reset email to validating an OTP
requestObjectRequiredHelp=Specifies if the client needs to provide a request object with their authorization requests, and what method they can use for this. If set to "not required", providing a request object is optional. In all other cases, providing a request object is mandatory. If set to "request", the request object must be provided by value. If set to "request_uri", the request object must be provided by reference. If set to "request or request_uri", either method can be used.
clientScopesRolesScope=If there is no role scope mapping defined, each user is permitted to use this client scope. If there are role scope mappings defined, the user must be a member of at least one of the roles.
passwordPoliciesHelp.notUsername=The password cannot match the username.
removeConfirm_one=Are you sure you want to remove this group
createUserProviderSuccess=User federation provider successfully created
countHelp=Specifies how many clients can be created using the token
mapperTypeHardcodedLdapGroupMapper=hardcoded-ldap-group-mapper
Monday=Monday
resetCredentialsSuccess=The password has been reset successfully.
added=Added
authnContextDeclRefs=AuthnContext DeclRefs
clientAssertionAudienceHelp=The audience to use for the client assertion. The default value is the IDP's token endpoint URL.
externalRoleToRole=Looks for an external role in a keycloak access token. If external role exists, grant the user the specified realm or client role.
attributeGroup=Attribute group
deleteExecutionError=Could not delete execution\: {{error}}
hideInheritedRoles=Hide inherited roles
consentRequired=Consent required
selectMethodType.import=Import
standardFlow=Standard flow
votedToStatus=\ voted to {{status}}
credentialResetConfirmText=Are you sure you want to send email to user
clientScopeType.default=Default
helpFileUpload=Upload a JSON file
addProvider_one=Add {{provider}} provider
clientPoliciesPolicies=Client Policies Policies
editUSernameHelp=If enabled, the username is editable, otherwise it is read-only.
removeAllAssociatedRoles=Remove all associated roles
flowCreatedSuccess=Flow created
fineGrainOpenIdConnectConfiguration=Fine grain OpenID Connect configuration
flow.reset\ credentials=Reset credentials flow
eventTypes.DELETE_ACCOUNT_ERROR.name=Delete account error
eventTypes.CLIENT_DELETE_ERROR.name=Client delete error
noRolesInstructions-client=You haven't created any roles for this client. Create a role to get started.
test=Test
leaveGroup_one=Leave group {{name}}?
count=Count
noPasswordPoliciesInstructions=You haven't added any password policies to this realm. Add a policy to get started.
testAuthentication=Test authentication
groupNameLdapAttributeHelp=Name of LDAP attribute, which is used in group objects for name and RDN of group. Usually it will be 'cn'. In this case typical group/role object may have DN like 'cn\=Group1,ouu\=groups,dc\=example,dc\=org'.
deleteError=Could not delete the provider {{error}}
attributeDisplayName=Display name
pkceEnabled=Use PKCE
userProviderSaveSuccess=User federation provider successfully saved
month=Month
valueLabel=Value
dropNonexistingGroupsDuringSyncHelp=If this flag is true, then during sync of groups from LDAP to Keycloak, we will keep just those Keycloak groups that still exist in LDAP. The rest will be deleted.
expiration=Expiration
addKerberosWizardTitle=Add Kerberos user federation provider
noPasswordPolicies=No password policies
resourceTypes=Resource types
deleteConfirmTitle_one=Delete group?
eventTypes.UPDATE_PROFILE_ERROR.description=Update profile error
webAuthnUpdateSuccess=Updated webauthn policies successfully
authorizationSignedResponseAlg=Authorization response signature algorithm
mapperTypeFullNameLdapMapperHelp=Used to map the full-name of a user from single attribute in LDAP (usually 'cn' attribute) to firstName and lastName attributes of UserModel in Keycloak DB
includeInUserInfo.label=Add to userinfo
onDragMove=Dragging item {{item}}
back=Back
deleteScopeConfirm=If you delete this authorization scope, some permissions will be affected.
updateOtpSuccess=OTP policy successfully updated
title=Authentication
deleteAttributeError=Attribute not deleted
enableClientSignatureRequiredExplain=If you enable "Client signature required", the adapter of this client will be updated. You may need to download a new adapter for this client. You need to generate or import keys for this client otherwise the authentication will not work.
policiesConfigTypes.formView=Form view
residentKey.No=No
nodeReRegistrationTimeout=Node Re-registration timeout
fineGrainSamlEndpointConfigHelp=This section to configure exact URLs for Assertion Consumer and Single Logout Service.
connectionURL=Connection URL
validateCustomUserSearchFilter=Filter must be enclosed in parentheses, for example\: (filter)
accessTokenLifespan=Access Token Lifespan
loginWithEmailHelpText=Allow users to log in with their email address.
eventTypes.IDENTITY_PROVIDER_LINK_ACCOUNT.name=Identity provider link account
deleteMessageBundleSuccess=Successfully removed the message from the bundle
retry=Press here to refresh and continue
selectAttributes=Select attributes
firstBrokerLoginFlowAliasHelp=Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that no Keycloak account is currently linked to the authenticated identity provider account.
owner=Owner
eventTypes.VERIFY_PROFILE.description=Verify profile
executorAuthenticatorMultiSelectHelpText=Executor Authenticator MultiSelect Help Text
eventTypes.FEDERATED_IDENTITY_LINK_ERROR.name=Federated identity link error
eventTypes.EXECUTE_ACTIONS.name=Execute actions
encryptAssertions=Encrypt assertions
disableConfirmTitle=Disable realm?
disableConfirmTitleClient=Disable client?
dirableConfirmClient=Are you sure you want to disable this client?
custom=Custom Attribute...
keyTab=Key tab
addSamlProvider=Add SAML provider
permission=Permission
saveEventListeners=Save Event Listeners
capabilityConfig=Capability config
mapperTypeMsadUserAccountControlManagerHelp=Mapper specific to MSAD. It's able to integrate the MSAD user account state into Keycloak account state (account enabled, password is expired etc). It's using userAccountControl and pwdLastSet MSAD attributes for that. For example if pwdLastSet is 0, the Keycloak user is required to update the password; if userAccountControl is 514 (disabled account) the Keycloak user is disabled as well etc. Mapper is also able to handle the exception code from LDAP user authentication.
home=Home
bindFlow=Bind flow
userAttributeValue=User Attribute Value
browserFlowHelp=Select the flow you want to use for browser authentication.
tokenLifespan.never=Never expires
notFound=Could not find the resource that you are looking for
passMaxAge=Pass max_age
disablePolicyConfirmTitle=Disable policy?
eventTypes.LOGIN_ERROR.description=Login error
linkAccount=Link account
attestationPreference.direct=Direct
eventTypes.OAUTH2_DEVICE_AUTH_ERROR.description=Oauth2 device authentication error
unlinkUsers=Unlink users
userLdapFilter=User LDAP filter
emailVerification=Email Verification
configSaveError=Could not save the execution config\: {{error}}
clientAuthenticatorTypeHelp=Client Authenticator used for authentication of this client against Keycloak server
cachePolicyHelp=Cache Policy for this storage provider. 'DEFAULT' is whatever the default settings are for the global cache. 'EVICT_DAILY' is a time of day every day that the cache will be invalidated. 'EVICT_WEEKLY' is a day of the week and time the cache will be invalidated. 'MAX_LIFESPAN' is the time in milliseconds that will be the lifespan of a cache entry.
eventTypes.CUSTOM_REQUIRED_ACTION_ERROR.description=Custom required action error
eventTypes.SEND_RESET_PASSWORD.name=Send reset password
requiredFor=Required for
scopePermissions.users.map-roles-description=Policies that decide if administrator can map roles for all users
bindCredentialsHelp=Password of LDAP admin. This field is able to obtain its value from vault, use ${vault.ID} format.
searchForAdminEvent=Search admin event
unitLabel=Select a time unit
webAuthnPolicySignatureAlgorithms=Signature algorithms
eventTypes.GRANT_CONSENT_ERROR.name=Grant consent error
action=Action
shortVerificationUri=Short verification_uri in Device Authorization flow
placeholderText=Select one
deleteCredentialsError=Error deleting users credentials\: {{error}}
authDefaultActionTooltip=If enabled, any new user will have this required action assigned to it.
validateBindCredentials=You must enter the password of the LDAP admin
evictionMinuteHelp=Minute of the hour the entry will become invalid
includeAuthnStatement=Include AuthnStatement
validatorType=Validator type
attributesHelp=Name and (regex) value of the attributes to search for in token. The configured name of an attribute is searched in SAML attribute name and attribute friendly name fields. Every given attribute description must be met to set the role. If the attribute is an array, then the value must be contained in the array. If an attribute can be found several times, then one match is sufficient.
samlAttributeToRole=If an attribute exists, grant the user the specified realm or client role.
enableStartTls=Enable StartTLS
addIdPMapper=Add Identity Provider Mapper
createPermissionSuccess=Successfully created the permission
roleAuthentication=Role authentication
homeURL=Home URL
eventTypes.REVOKE_GRANT_ERROR.name=Revoke grant error
contentSecurityPolicyReportOnly=Content-Security-Policy-Report-Only
firstBrokerLoginFlowAlias=First login flow
missingAttributes=No {{label}} have been defined yet. Click the below button to add {{label}}, key and value are required for a key pair.
testConnectionError=Error\! {{error}}
authenticatedAccessPoliciesHelp=Those Policies are used when Client Registration Service is invoked by authenticated request. This means that the request contains Initial Access Token or Bearer Token.
deleteClientPolicyProfileSuccess=Profile successfully removed from the policy.
reGenerateSigningExplain=If you regenerate signing key for client, the Keycloak database will be updated and you may need to download a new adapter for this client.
evaluate=Evaluate
enableLdapv3Password=Enable the LDAPv3 password modify extended operation
status=Status
dragInstruction=Click and drag to change priority
clients=Clients
clientName=Name
syncModes.force=Force
deleteMappingConfirm=Are you sure you want to delete this mapping?
createClientProfileSuccess=New client profile created
eventTypes.CLIENT_LOGIN_ERROR.description=Client login error
explainBearerOnly=This is a special OIDC type. This client only allows bearer token requests and cannot participate in browser logins.
noTranslationsInstructions=Add a translation to get started.
clearFile=Clear this file
allowCreate=Allow create
providerUpdatedError=Could not update client policy due to {{error}}
usersAddedError=Could not add users to the group\: {{error}}
orderChangeErrorUserFed=Could not change the priority order of user federation providers {{error}}
scopeParameterPlaceholder=Select scope parameters
deleteClientPolicyConfirmTitle=Delete policy?
validateRdnLdapAttribute=You must enter an RDN LDAP attribute
policyUrlHelp=URL that the Relying Party Client provides to the End-User to read about the how the profile data will be used
fromDisplayName=From display name
affirmative=Affirmative
clientRoles=Client roles
removeRoles=Remove roles
flowNameDescriptionHelp=Help text for the name description of the new flow
maxFailureWaitSecondsHelp=Max time a user will be locked out.
groupsPath=Groups path
useRealmRolesMapping=Use realm roles mapping
identityProviderEntityId=Identity provider entity ID
userInfoSignedResponseAlgorithm=User info signed response algorithm
selectGroup=Select group
scopePermissions.groups.view-members-description=Policies that decide if an administrator can view the members of this group
tableOfGroups=Table of groups
allowed-protocol-mappers.tooltip=Whitelist of allowed protocol mapper providers. If there is an attempt to register client, which contains some protocol mappers, which were not whitelisted, registration request will be rejected.
policyProvider.role=Define conditions for your permissions where a set of one or more roles is permitted to access an object.
targetOptions.brokerId=BROKER_ID
eventTypes.VERIFY_PROFILE.name=Verify profile
useRealmRolesMappingHelp=If true, then LDAP role mappings will be mapped to realm role mappings in Keycloak. Otherwise it will be mapped to client role mappings.
forwardParameters=Forwarded query parameters
isAccessTokenJWTHelp=The Access Token received from the Identity Provider is a JWT and its claims will be accessible for mappers.
frontchannelLogoutUrl=Front-channel logout URL
testConnectionHint.withoutEmailAction=Configure e-mail address
webAuthnUpdateError=Could not update webauthn policies due to {{error}}
paginationHelp=Whether the LDAP server supports pagination