admin-messages_en.properties 148 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984
  1. consoleTitle=Keycloak Admin Console
  2. # Common messages
  3. enabled=Enabled
  4. hidden=Hidden
  5. link-only-column=Link only
  6. name=Name
  7. displayName=Display name
  8. displayNameHtml=HTML Display name
  9. save=Save
  10. cancel=Cancel
  11. next=Next
  12. onText=ON
  13. offText=OFF
  14. client=Client
  15. clients=Clients
  16. clear=Clear
  17. selectOne=Select One...
  18. true=True
  19. false=False
  20. endpoints=Endpoints
  21. # Angular date filter format strings: https://docs.angularjs.org/api/ng/filter/date
  22. dateFormat=shortDate
  23. timeFormat=mediumTime
  24. # Realm settings
  25. realm-detail.enabled.tooltip=Users and clients can only access a realm if it's enabled
  26. realm-detail.protocol-endpoints.tooltip=Shows the configuration of the protocol endpoints
  27. realm-detail.protocol-endpoints.oidc=OpenID Endpoint Configuration
  28. realm-detail.protocol-endpoints.saml=SAML 2.0 Identity Provider Metadata
  29. realm-detail.userManagedAccess.tooltip=If enabled, users are allowed to manage their resources and permissions using the Account Management Console.
  30. userProfileEnabled=User Profile Enabled
  31. userProfileEnabled.tooltip=If enabled, allows managing user profiles.
  32. userManagedAccess=User-Managed Access
  33. registrationAllowed=User registration
  34. registrationAllowed.tooltip=Enable/disable the registration page. A link for registration will show on login page too.
  35. registrationEmailAsUsername=Email as username
  36. registrationEmailAsUsername.tooltip=If enabled then username field is hidden from registration form and email is used as username for new user.
  37. editUsernameAllowed=Edit username
  38. editUsernameAllowed.tooltip=If enabled, the username field is editable, readonly otherwise.
  39. resetPasswordAllowed=Forgot password
  40. resetPasswordAllowed.tooltip=Show a link on login page for user to click on when they have forgotten their credentials.
  41. rememberMe=Remember Me
  42. rememberMe.tooltip=Show checkbox on login page to allow user to remain logged in between browser restarts until session expires.
  43. loginWithEmailAllowed=Login with email
  44. loginWithEmailAllowed.tooltip=Allow users to log in with their email address.
  45. duplicateEmailsAllowed=Duplicate emails
  46. duplicateEmailsAllowed.tooltip=Allow multiple users to have the same email address. Changing this setting will also clear the user's cache. It is recommended to manually update email constraints of existing users in the database after switching off support for duplicate email addresses.
  47. verifyEmail=Verify email
  48. verifyEmail.tooltip=Require users to verify their email address after initial login or after address changes are submitted.
  49. sslRequired=Require SSL
  50. sslRequired.option.all=all requests
  51. sslRequired.option.external=external requests
  52. sslRequired.option.none=none
  53. sslRequired.tooltip=Is HTTPS required? 'None' means HTTPS is not required for any client IP address. 'External requests' means localhost and private IP addresses can access without HTTPS. 'All requests' means HTTPS is required for all IP addresses.
  54. publicKeys=Public keys
  55. publicKey=Public key
  56. privateKey=Private key
  57. gen-new-keys=Generate new keys
  58. certificate=Certificate
  59. host=Host
  60. smtp-host=SMTP Host
  61. port=Port
  62. smtp-port=SMTP Port (defaults to 25)
  63. smtp-password.tooltip=SMTP password. This field is able to obtain its value from vault, use ${vault.ID} format.
  64. from=From
  65. fromDisplayName=From Display Name
  66. fromDisplayName.tooltip=A user-friendly name for the 'From' address (optional).
  67. replyTo=Reply To
  68. replyToDisplayName=Reply To Display Name
  69. replyToDisplayName.tooltip=A user-friendly name for the 'Reply-To' address (optional).
  70. envelopeFrom=Envelope From
  71. envelopeFrom.tooltip=An email address used for bounces (optional).
  72. sender-email-addr=Sender Email Address
  73. sender-email-addr-display=Display Name for Sender Email Address
  74. reply-to-email-addr=Reply To Email Address
  75. reply-to-email-addr-display=Display Name for Reply To Email Address
  76. sender-envelope-email-addr=Sender Envelope Email Address
  77. enable-ssl=Enable SSL
  78. enable-start-tls=Enable StartTLS
  79. enable-auth=Enable Authentication
  80. username=Username
  81. login-username=Login Username
  82. password=Password
  83. login-password=Login Password
  84. login-theme=Login Theme
  85. login-theme.tooltip=Select theme for login, OTP, grant, registration, and forgot password pages.
  86. account-theme=Account Theme
  87. account-theme.tooltip=Select theme for user account management pages.
  88. admin-console-theme=Admin Console Theme
  89. select-theme-admin-console=Select theme for admin console.
  90. email-theme=Email Theme
  91. select-theme-email=Select theme for emails that are sent by the server.
  92. i18n-enabled=Internationalization Enabled
  93. supported-locales=Supported Locales
  94. supported-locales.placeholder=Type a locale and enter
  95. default-locale=Default Locale
  96. localization-upload-file=Upload localization JSON file
  97. missing-locale=Missing locale.
  98. missing-file=Missing file. Please select a file to upload.
  99. localization-file.upload.success=The localization data has been loaded from file.
  100. localization-file.upload.error=The file can not be uploaded. Please verify the file.
  101. localization-show=Show realm specific localizations
  102. no-localizations-configured=No realm specific localizations configured
  103. add-localization-text=Add localization text
  104. localization-text.create.success=The localization text has been created.
  105. localization-text.update.success=The localization text has been updated.
  106. localization-text.remove.success=The localization text has been deleted.
  107. realm-cache-clear=Realm Cache
  108. realm-cache-clear.tooltip=Clears all entries from the realm cache (this will clear entries for all realms)
  109. user-cache-clear=User Cache
  110. user-cache-clear.tooltip=Clears all entries from the user cache (this will clear entries for all realms)
  111. keys-cache-clear=Keys Cache
  112. keys-cache-clear.tooltip=Clears all entries from the cache of external public keys. These are keys of external clients or identity providers. (this will clear entries for all realms)
  113. default-signature-algorithm=Default Signature Algorithm
  114. default-signature-algorithm.tooltip=Default algorithm used to sign tokens for the realm
  115. revoke-refresh-token=Revoke Refresh Token
  116. revoke-refresh-token.tooltip=If enabled a refresh token can only be used up to 'Refresh Token Max Reuse' and is revoked when a different token is used. Otherwise refresh tokens are not revoked when used and can be used multiple times.
  117. refresh-token-max-reuse=Refresh Token Max Reuse
  118. refresh-token-max-reuse.tooltip=Maximum number of times a refresh token can be reused. When a different token is used, revocation is immediate.
  119. sso-session-idle=SSO Session Idle
  120. seconds=Seconds
  121. minutes=Minutes
  122. hours=Hours
  123. days=Days
  124. sso-session-max=SSO Session Max
  125. sso-session-idle.tooltip=Time a session is allowed to be idle before it expires. Tokens and browser sessions are invalidated when a session is expired.
  126. sso-session-max.tooltip=Max time before a session is expired. Tokens and browser sessions are invalidated when a session is expired.
  127. sso-session-idle-remember-me=SSO Session Idle Remember Me
  128. sso-session-idle-remember-me.tooltip=Time a remember me session is allowed to be idle before it expires. Tokens and browser sessions are invalidated when a session is expired. If not set it uses the standard SSO Session Idle value.
  129. sso-session-max-remember-me=SSO Session Max Remember Me
  130. sso-session-max-remember-me.tooltip=Max time before a session is expired when the user has set the remember me option. Tokens and browser sessions are invalidated when a session is expired. If not set, it uses the standard SSO Session Max value.
  131. offline-session-idle=Offline Session Idle
  132. offline-session-idle.tooltip=Time an offline session is allowed to be idle before it expires. You need to use offline token to refresh at least once within this period; otherwise offline session will expire.
  133. realm-detail.hostname=Hostname
  134. realm-detail.hostname.tooltip=Set the hostname for the realm. Use in combination with the fixed hostname provider to override the server hostname for a specific realm.
  135. realm-detail.frontendUrl=Frontend URL
  136. realm-detail.frontendUrl.tooltip=Set the frontend URL for the realm. Use in combination with the default hostname provider to override the base URL for frontend requests for a specific realm.
  137. ## KEYCLOAK-7688 Offline Session Max for Offline Token
  138. offline-session-max-limited=Offline Session Max Limited
  139. offline-session-max-limited.tooltip=Enable Offline Session Max.
  140. offline-session-max=Offline Session Max
  141. offline-session-max.tooltip=Max time before an offline session is expired regardless of activity.
  142. client-session-idle=Client Session Idle
  143. client-session-idle.tooltip=Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value.
  144. client-session-max=Client Session Max
  145. client-session-max.tooltip=Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value.
  146. client-offline-session-idle=Client Offline Session Idle
  147. client-offline-session-idle.tooltip=Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value.
  148. client-offline-session-max=Client Offline Session Max
  149. client-offline-session-max.tooltip=Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value.
  150. access-token-lifespan=Access Token Lifespan
  151. access-token-lifespan.tooltip=Max time before an access token is expired. This value is recommended to be short relative to the SSO timeout.
  152. access-token-lifespan-for-implicit-flow=Access Token Lifespan For Implicit Flow
  153. access-token-lifespan-for-implicit-flow.tooltip=Max time before an access token issued during OpenID Connect Implicit Flow is expired. This value is recommended to be shorter than SSO timeout. There is no possibility to refresh token during implicit flow, that's why there is a separate timeout different to 'Access Token Lifespan'.
  154. action-token-generated-by-admin-lifespan=Default Admin-Initiated Action Lifespan
  155. action-token-generated-by-admin-lifespan.tooltip=Maximum time before an action permit sent to a user by administrator is expired. This value is recommended to be long to allow administrators send e-mails for users that are currently offline. The default timeout can be overridden immediately before issuing the token.
  156. action-token-generated-by-user-lifespan=User-Initiated Action Lifespan
  157. action-token-generated-by-user-lifespan.tooltip=Maximum time before an action permit sent by a user (such as a forgot password e-mail) is expired. This value is recommended to be short because it is expected that the user would react to self-created action quickly.
  158. saml-assertion-lifespan=Assertion Lifespan
  159. saml-assertion-lifespan.tooltip=Lifespan set in the SAML assertion conditions. After that time the assertion will be invalid. The "SessionNotOnOrAfter" attribute is not modified and continue using the "SSO Session Max" time defined at realm level.
  160. action-token-generated-by-user.execute-actions=Execute Actions
  161. action-token-generated-by-user.idp-verify-account-via-email=IdP Account E-mail Verification
  162. action-token-generated-by-user.reset-credentials=Forgot Password
  163. action-token-generated-by-user.verify-email=E-mail Verification
  164. action-token-generated-by-user.tooltip=Override default settings of maximum time before an action permit sent by a user (such as a forgot password e-mail) is expired for specific action. This value is recommended to be short because it is expected that the user would react to self-created action quickly.
  165. action-token-generated-by-user.reset=Reset
  166. action-token-generated-by-user.operation=Override User-Initiated Action Lifespan
  167. client-login-timeout=Client login timeout
  168. client-login-timeout.tooltip=Max time a client has to finish the access token protocol. This should normally be 1 minute.
  169. login-timeout=Login timeout
  170. login-timeout.tooltip=Max time a user has to complete a login. This is recommended to be relatively long, such as 30 minutes or more.
  171. login-action-timeout=Login action timeout
  172. login-action-timeout.tooltip=Max time a user has to complete login related actions like update password or configure totp. This is recommended to be relatively long, such as 5 minutes or more.
  173. oauth2-device-code-lifespan=OAuth 2.0 Device Code Lifespan
  174. oauth2-device-code-lifespan.tooltip=Max time before the device code and user code are expired. This value needs to be a long enough lifetime to be usable (allowing the user to retrieve their secondary device, navigate to the verification URI, login, etc.), but should be sufficiently short to limit the usability of a code obtained for phishing.
  175. oauth2-device-polling-interval=OAuth 2.0 Device Polling Interval
  176. oauth2-device-polling-interval.tooltip=The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.
  177. headers=Headers
  178. brute-force-detection=Brute Force Detection
  179. x-frame-options=X-Frame-Options
  180. x-frame-options-tooltip=Default value prevents pages from being included by non-origin iframes (click label for more information)
  181. content-sec-policy=Content-Security-Policy
  182. content-sec-policy-tooltip=Default value prevents pages from being included by non-origin iframes (click label for more information)
  183. content-sec-policy-report-only=Content-Security-Policy-Report-Only
  184. content-sec-policy-report-only-tooltip=For testing Content Security Policies
  185. content-type-options=X-Content-Type-Options
  186. content-type-options-tooltip=Default value prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type (click label for more information)
  187. robots-tag=X-Robots-Tag
  188. robots-tag-tooltip=Prevent pages from appearing in search engines (click label for more information)
  189. x-xss-protection=X-XSS-Protection
  190. x-xss-protection-tooltip=This header configures the Cross-site scripting (XSS) filter in your browser. Using the default behavior, the browser will prevent rendering of the page when a XSS attack is detected (click label for more information)
  191. strict-transport-security=HTTP Strict Transport Security (HSTS)
  192. strict-transport-security-tooltip=The Strict-Transport-Security HTTP header tells browsers to always use HTTPS. Once a browser sees this header, it will only visit the site over HTTPS for the time specified (1 year) at max-age, including the subdomains.
  193. permanent-lockout=Permanent Lockout
  194. permanent-lockout.tooltip=Lock the user permanently when the user exceeds the maximum login failures.
  195. max-login-failures=Max Login Failures
  196. max-login-failures.tooltip=How many failures before wait is triggered.
  197. wait-increment=Wait Increment
  198. wait-increment.tooltip=When failure threshold has been met, how much time should the user be locked out?
  199. quick-login-check-millis=Quick Login Check Milli Seconds
  200. quick-login-check-millis.tooltip=If a failure happens concurrently too quickly, lock out the user.
  201. min-quick-login-wait=Minimum Quick Login Wait
  202. min-quick-login-wait.tooltip=How long to wait after a quick login failure.
  203. max-wait=Max Wait
  204. max-wait.tooltip=Max time a user will be locked out.
  205. failure-reset-time=Failure Reset Time
  206. failure-reset-time.tooltip=When will failure count be reset?
  207. realm-tab-login=Login
  208. realm-tab-keys=Keys
  209. realm-tab-email=Email
  210. realm-tab-themes=Themes
  211. realm-tab-localization=Localization
  212. realm-tab-cache=Cache
  213. realm-tab-tokens=Tokens
  214. realm-tab-client-registration=Client Registration
  215. realm-tab-security-defenses=Security Defenses
  216. realm-tab-user-profile=User Profile
  217. realm-tab-general=General
  218. add-realm=Add realm
  219. #Session settings
  220. realm-sessions=Realm Sessions
  221. revocation=Revocation
  222. logout-all=Logout all
  223. active-sessions=Active Sessions
  224. offline-sessions=Offline Sessions
  225. sessions=Sessions
  226. not-before=Not Before
  227. not-before.tooltip=Revoke any tokens issued before this date.
  228. set-to-now=Set to now
  229. push=Push
  230. push.tooltip=For every client that has an admin URL, notify them of the new revocation policy.
  231. #Protocol Mapper
  232. usermodel.prop.label=Property
  233. usermodel.prop.tooltip=Name of the property method in the UserModel interface. For example, a value of 'email' would reference the UserModel.getEmail() method.
  234. usermodel.attr.label=User Attribute
  235. usermodel.attr.tooltip=Name of stored user attribute which is the name of an attribute within the UserModel.attribute map.
  236. userSession.modelNote.label=User Session Note
  237. userSession.modelNote.tooltip=Name of stored user session note within the UserSessionModel.note map.
  238. multivalued.label=Multivalued
  239. multivalued.tooltip=Indicates if attribute supports multiple values. If true, the list of all values of this attribute will be set as claim. If false, just first value will be set as claim
  240. aggregate.attrs.label=Aggregate attribute values
  241. aggregate.attrs.tooltip=Indicates if attribute values should be aggregated with the group attributes. If using OpenID Connect mapper the multivalued option needs to be enabled too in order to get all the values. Duplicated values are discarded and the order of values is not guaranteed with this option.
  242. selectRole.label=Select Role
  243. selectRole.tooltip=Enter role in the textbox to the left, or click this button to browse and select the role you want.
  244. selectGroup.label=Select Group
  245. selectGroup.tooltip=Enter group in the textbox to the left, or click this button to browse and select the group you want.
  246. tokenClaimName.label=Token Claim Name
  247. tokenClaimName.tooltip=Name of the claim to insert into the token. This can be a fully qualified name like 'address.street'. In this case, a nested json object will be created. To prevent nesting and use dot literally, escape the dot with backslash (\\.).
  248. jsonType.label=Claim JSON Type
  249. jsonType.tooltip=JSON type that should be used to populate the json claim in the token. long, int, boolean, String and JSON are valid values.
  250. includeInIdToken.label=Add to ID token
  251. includeInIdToken.tooltip=Should the claim be added to the ID token?
  252. includeInAccessToken.label=Add to access token
  253. includeInAccessToken.tooltip=Should the claim be added to the access token?
  254. includeInUserInfo.label=Add to userinfo
  255. includeInUserInfo.tooltip=Should the claim be added to the userinfo?
  256. usermodel.clientRoleMapping.clientId.label=Client ID
  257. usermodel.clientRoleMapping.clientId.tooltip=Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.
  258. usermodel.clientRoleMapping.rolePrefix.label=Client Role prefix
  259. usermodel.clientRoleMapping.rolePrefix.tooltip=A prefix for each client role (optional).
  260. usermodel.clientRoleMapping.tokenClaimName.tooltip=Name of the claim to insert into the token. This can be a fully qualified name like 'address.street'. In this case, a nested json object will be created. To prevent nesting and use dot literally, escape the dot with backslash (\\.). The special token ${client_id} can be used and this will be replaced by the actual client ID. Example usage is 'resource_access.${client_id}.roles'. This is useful especially when you are adding roles from all the clients (Hence 'Client ID' switch is unset) and you want client roles of each client stored separately.
  261. usermodel.realmRoleMapping.rolePrefix.label=Realm Role prefix
  262. usermodel.realmRoleMapping.rolePrefix.tooltip=A prefix for each Realm Role (optional).
  263. sectorIdentifierUri.label=Sector Identifier URI
  264. sectorIdentifierUri.tooltip=Providers that use pairwise sub values and support Dynamic Client Registration SHOULD use the sector_identifier_uri parameter. It provides a way for a group of websites under common administrative control to have consistent pairwise sub values independent of the individual domain names. It also provides a way for Clients to change redirect_uri domains without having to reregister all their users.
  265. pairwiseSubAlgorithmSalt.label=Salt
  266. pairwiseSubAlgorithmSalt.tooltip=Salt used when calculating the pairwise subject identifier. If left blank, a salt will be generated.
  267. addressClaim.street.label=User Attribute Name for Street
  268. addressClaim.street.tooltip=Name of User Attribute, which will be used to map to 'street_address' subclaim inside 'address' token claim. Defaults to 'street' .
  269. addressClaim.locality.label=User Attribute Name for Locality
  270. addressClaim.locality.tooltip=Name of User Attribute, which will be used to map to 'locality' subclaim inside 'address' token claim. Defaults to 'locality' .
  271. addressClaim.region.label=User Attribute Name for Region
  272. addressClaim.region.tooltip=Name of User Attribute, which will be used to map to 'region' subclaim inside 'address' token claim. Defaults to 'region' .
  273. addressClaim.postal_code.label=User Attribute Name for Postal Code
  274. addressClaim.postal_code.tooltip=Name of User Attribute, which will be used to map to 'postal_code' subclaim inside 'address' token claim. Defaults to 'postal_code' .
  275. addressClaim.country.label=User Attribute Name for Country
  276. addressClaim.country.tooltip=Name of User Attribute, which will be used to map to 'country' subclaim inside 'address' token claim. Defaults to 'country' .
  277. addressClaim.formatted.label=User Attribute Name for Formatted Address
  278. addressClaim.formatted.tooltip=Name of User Attribute, which will be used to map to 'formatted' subclaim inside 'address' token claim. Defaults to 'formatted' .
  279. included.client.audience.label=Included Client Audience
  280. included.client.audience.tooltip=The Client ID of the specified audience client will be included in audience (aud) field of the token. If there are existing audiences in the token, the specified value is just added to them. It won't override existing audiences.
  281. included.custom.audience.label=Included Custom Audience
  282. included.custom.audience.tooltip=This is used just if 'Included Client Audience' is not filled. The specified value will be included in audience (aud) field of the token. If there are existing audiences in the token, the specified value is just added to them. It won't override existing audiences.
  283. # client details
  284. clients.tooltip=Clients are trusted browser apps and web services in a realm. These clients can request a login. You can also define client specific roles.
  285. search.placeholder=Search...
  286. search.loading=Searching...
  287. create=Create
  288. import=Import
  289. client-id=Client ID
  290. base-url=Base URL
  291. actions=Actions
  292. not-defined=Not defined
  293. edit=Edit
  294. delete=Delete
  295. no-results=No results
  296. no-clients-available=No clients available
  297. add-client=Add Client
  298. select-file=Select file
  299. view-details=View details
  300. clear-import=Clear import
  301. client-id.tooltip=Specifies ID referenced in URI and tokens. For example 'my-client'. For SAML this is also the expected issuer value from authn requests
  302. client.name.tooltip=Specifies display name of the client. For example 'My Client'. Supports keys for localized values as well. For example\: ${my_client}
  303. client.enabled.tooltip=Disabled clients cannot initiate a login or have obtain access tokens.
  304. alwaysDisplayInConsole=Always Display in Console
  305. alwaysDisplayInConsole.tooltip=Always list this client in the Account Console, even if the user does not have an active session.
  306. consent-required=Consent Required
  307. consent-required.tooltip=If enabled, users have to consent to client access.
  308. client.display-on-consent-screen=Display Client On Consent Screen
  309. client.display-on-consent-screen.tooltip=Applicable just if Consent Required is on. If this switch is off, consent screen will contain just the consents corresponding to configured client scopes. If on, there will be also one item on consent screen about this client itself
  310. client.consent-screen-text=Client Consent Screen Text
  311. client.consent-screen-text.tooltip=Applicable just if 'Display Client On Consent Screen' is on for this client. Contains the text, which will be on consent screen about permissions specific just for this client
  312. client-protocol=Client Protocol
  313. client-protocol.tooltip='OpenID connect' allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server.'SAML' enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO) and uses security tokens containing assertions to pass information.
  314. access-type=Access Type
  315. access-type.tooltip='Confidential' clients require a secret to initiate login protocol. 'Public' clients do not require a secret. 'Bearer-only' clients are web services that never initiate a login.
  316. standard-flow-enabled=Standard Flow Enabled
  317. standard-flow-enabled.tooltip=This enables standard OpenID Connect redirect based authentication with authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Authorization Code Flow' for this client.
  318. implicit-flow-enabled=Implicit Flow Enabled
  319. implicit-flow-enabled.tooltip=This enables support for OpenID Connect redirect based authentication without authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Implicit Flow' for this client.
  320. direct-access-grants-enabled=Direct Access Grants Enabled
  321. direct-access-grants-enabled.tooltip=This enables support for Direct Access Grants, which means that client has access to username/password of user and exchange it directly with Keycloak server for access token. In terms of OAuth2 specification, this enables support of 'Resource Owner Password Credentials Grant' for this client.
  322. service-accounts-enabled=Service Accounts Enabled
  323. service-accounts-enabled.tooltip=Allows you to authenticate this client to Keycloak and retrieve access token dedicated to this client. In terms of OAuth2 specification, this enables support of 'Client Credentials Grant' for this client.
  324. oauth2-device-authorization-grant-enabled=OAuth 2.0 Device Authorization Grant Enabled
  325. oauth2-device-authorization-grant-enabled.tooltip=This enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser.
  326. oidc-ciba-grant-enabled=OIDC CIBA Grant Enabled
  327. oidc-ciba-grant-enabled.tooltip=This enables support for OIDC CIBA Grant, which means that the user is authenticated via some external authentication device instead of the user's browser.
  328. include-authnstatement=Include AuthnStatement
  329. include-authnstatement.tooltip=Should a statement specifying the method and timestamp be included in login responses?
  330. include-onetimeuse-condition=Include OneTimeUse Condition
  331. include-onetimeuse-condition.tooltip=Should a OneTimeUse Condition be included in login responses?
  332. artifact-binding = Force Artifact Binding
  333. artifact-binding.tooltip = Should response messages be returned to the client through the SAML ARTIFACT binding system?
  334. sign-documents=Sign Documents
  335. sign-documents.tooltip=Should SAML documents be signed by the realm?
  336. sign-documents-redirect-enable-key-info-ext=Optimize REDIRECT signing key lookup
  337. sign-documents-redirect-enable-key-info-ext.tooltip=When signing SAML documents in REDIRECT binding for SP that is secured by Keycloak adapter, should the ID of the signing key be included in SAML protocol message in <Extensions> element? This optimizes validation of the signature as the validating party uses a single key instead of trying every known key for validation.
  338. sign-assertions=Sign Assertions
  339. sign-assertions.tooltip=Should assertions inside SAML documents be signed? This setting is not needed if document is already being signed.
  340. signature-algorithm=Signature Algorithm
  341. signature-algorithm.tooltip=The signature algorithm to use to sign documents.
  342. canonicalization-method=Canonicalization Method
  343. canonicalization-method.tooltip=Canonicalization Method for XML signatures.
  344. encrypt-assertions=Encrypt Assertions
  345. encrypt-assertions.tooltip=Should SAML assertions be encrypted with client's public key using AES?
  346. client-signature-required=Client Signature Required
  347. client-signature-required.tooltip=Will the client sign their saml requests and responses? And should they be validated?
  348. force-post-binding=Force POST Binding
  349. force-post-binding.tooltip=Always use POST binding for responses.
  350. front-channel-logout=Front Channel Logout
  351. front-channel-logout.tooltip=When true, logout requires a browser redirect to client. When false, server performs a background invocation for logout.
  352. front-channel-logout-url=Front-Channel Logout URL
  353. front-channel-logout-url.tooltip=URL that will cause the client to log itself out when a logout request is sent to this realm (via end_session_endpoint). If not provided, it defaults to the base url.
  354. force-name-id-format=Force Name ID Format
  355. force-name-id-format.tooltip=Ignore requested NameID subject format and use admin console configured one.
  356. name-id-format=Name ID Format
  357. name-id-format.tooltip=The name ID format to use for the subject.
  358. mapper.nameid.format.tooltip=Name ID Format using Mapper
  359. root-url=Root URL
  360. root-url.tooltip=Root URL appended to relative URLs
  361. valid-redirect-uris=Valid Redirect URIs
  362. valid-redirect-uris.tooltip=Valid URI pattern a browser can redirect to after a successful login or logout. Simple wildcards are allowed such as 'http://example.com/*'. Relative path can be specified too such as /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used. For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request.
  363. base-url.tooltip=Default URL to use when the auth server needs to redirect or link back to the client.
  364. admin-url=Admin URL
  365. admin-url.tooltip=URL to the admin interface of the client. Set this if the client supports the adapter REST API. This REST API allows the auth server to push revocation policies and other administrative tasks. Usually this is set to the base URL of the client.
  366. master-saml-processing-url=Master SAML Processing URL
  367. master-saml-processing-url.tooltip=If configured, this URL will be used for every binding to both the SP's Assertion Consumer and Single Logout Services. This can be individually overridden for each binding and service in the Fine Grain SAML Endpoint Configuration.
  368. idp-sso-url-ref=IDP Initiated SSO URL Name
  369. idp-sso-url-ref.tooltip=URL fragment name to reference client when you want to do IDP Initiated SSO. Leaving this empty will disable IDP Initiated SSO. The URL you will reference from your browser will be: {server-root}/realms/{realm}/protocol/saml/clients/{client-url-name}
  370. idp-sso-url-ref.urlhint=Target IDP initiated SSO URL:
  371. idp-sso-relay-state=IDP Initiated SSO Relay State
  372. idp-sso-relay-state.tooltip=Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
  373. web-origins=Web Origins
  374. web-origins.tooltip=Allowed CORS origins. To permit all origins of Valid Redirect URIs, add '+'. This does not include the '*' wildcard though. To permit all origins, explicitly add '*'.
  375. backchannel-logout-url=Backchannel Logout URL
  376. backchannel-logout-url.tooltip=URL that will cause the client to log itself out when a logout request is sent to this realm (via end_session_endpoint). If omitted, no logout request will be sent to the client is this case.
  377. backchannel-logout-session-required=Backchannel Logout Session Required
  378. backchannel-logout-session-required.tooltip=Specifying whether a sid (session ID) Claim is included in the Logout Token when the Backchannel Logout URL is used.
  379. backchannel-logout-revoke-offline-sessions=Backchannel Logout Revoke Offline Sessions
  380. backchannel-logout-revoke-offline-sessions.tooltip=Specifying whether a "revoke_offline_access" event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event.
  381. fine-oidc-endpoint-conf=Fine Grain OpenID Connect Configuration
  382. fine-oidc-endpoint-conf.tooltip=Expand this section to configure advanced settings of this client related to OpenID Connect protocol
  383. access-token-signed-response-alg=Access Token Signature Algorithm
  384. access-token-signed-response-alg.tooltip=JWA algorithm used for signing access tokens.
  385. id-token-signed-response-alg=ID Token Signature Algorithm
  386. id-token-signed-response-alg.tooltip=JWA algorithm used for signing ID tokens.
  387. id-token-encrypted-response-alg=ID Token Encryption Key Management Algorithm
  388. id-token-encrypted-response-alg.tooltip=JWA Algorithm used for key management in encrypting ID tokens. This option is needed if you want encrypted ID tokens. If left empty, ID Tokens are just signed, but not encrypted.
  389. id-token-encrypted-response-enc=ID Token Encryption Content Encryption Algorithm
  390. id-token-encrypted-response-enc.tooltip=JWA Algorithm used for content encryption in encrypting ID tokens. This option is needed just if you want encrypted ID tokens. If left empty, ID Tokens are just signed, but not encrypted.
  391. user-info-signed-response-alg=User Info Signed Response Algorithm
  392. user-info-signed-response-alg.tooltip=JWA algorithm used for signed User Info Endpoint response. If set to 'unsigned', User Info Response won't be signed and will be returned in application/json format.
  393. request-object-signature-alg=Request Object Signature Algorithm
  394. request-object-signature-alg.tooltip=JWA algorithm, which client needs to use when sending OIDC request object specified by 'request' or 'request_uri' parameters. If set to 'any', Request object can be signed by any algorithm (including 'none' ).
  395. request-object-required=Request Object Required
  396. request-object-required.tooltip=Specifies if the client needs to provide a request object with their authorization requests, and what method they can use for this. If set to "not required", providing a request object is optional. In all other cases, providing a request object is mandatory. If set to "request", the request object must be provided by value. If set to "request_uri", the request object must be provided by reference. If set to "request or request_uri", either method can be used.
  397. request-object-encryption-alg=Request Object Encryption Algorithm
  398. request-object-encryption-alg.tooltip=JWE algorithm, which client needs to use when sending OIDC request object specified by 'request' or 'request_uri' parameters. If set to 'any', encryption is optional and any algorithm is allowed.
  399. request-object-encryption-enc=Request Object Content Encryption Algorithm
  400. request-object-encryption-enc.tooltip=JWE algorithm, which client needs to use when encrypting the content of the OIDC request object specified by 'request' or 'request_uri' parameters. If set to 'any', any algorithm is allowed.
  401. ciba-backchannel-token-delivery-mode=CIBA Backchannel Token Delivery Mode
  402. ciba-backchannel-token-delivery-mode.tooltip= CIBA mode, which will be used by this client. If not set, defaults to realm attribute set at the CIBA Policy (defaults to 'poll')
  403. ciba-backchannel-client-notification-endpoint=CIBA Backchannel Client Notification Endpoint
  404. ciba-backchannel-client-notification-endpoint.tooltip=Client Notification Endpoint URL used by the CIBA Ping mode.
  405. ciba-backchannel-auth-request-signing-alg=CIBA Backchannel Authentication Request Signature Algorithm
  406. ciba-backchannel-auth-request-signing-alg.tooltip=JWA algorithm, which client needs to use when sending CIBA backchannel authentication request specified by 'request' or 'request_uri' parameters. Only asymmetric algorithms are allowed according CIBA specification. If set to 'any', any algorithm is allowed.
  407. request-uris=Valid Request URIs
  408. request-uris.tooltip=List of valid URIs, which can be used as values of 'request_uri' parameter during OpenID Connect authentication request. There is support for the same capabilities like for Valid Redirect URIs. For example wildcards or relative paths.
  409. fine-saml-endpoint-conf=Fine Grain SAML Endpoint Configuration
  410. fine-saml-endpoint-conf.tooltip=Expand this section to configure exact URLs for Assertion Consumer and Single Logout Service.
  411. assertion-consumer-post-binding-url=Assertion Consumer Service POST Binding URL
  412. assertion-consumer-post-binding-url.tooltip=SAML POST Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.
  413. assertion-consumer-redirect-binding-url=Assertion Consumer Service Redirect Binding URL
  414. assertion-consumer-redirect-binding-url.tooltip=SAML Redirect Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.
  415. logout-service-post-binding-url=Logout Service POST Binding URL
  416. logout-service-post-binding-url.tooltip=SAML POST Binding URL for the client's single logout service. You can leave this blank if you are using a different binding
  417. logout-service-redir-binding-url=Logout Service Redirect Binding URL
  418. logout-service-redir-binding-url.tooltip=SAML Redirect Binding URL for the client's single logout service. You can leave this blank if you are using a different binding.
  419. logout-service-artifact-binding-url=Logout Service ARTIFACT Binding URL
  420. logout-service-artifact-binding-url.tooltip=SAML ARTIFACT Binding URL for the client's single logout service. You can leave this blank if you are using a different binding.
  421. artifact-binding-url= Artifact Binding URL
  422. artifact-binding-url.tooltip=URL to send the HTTP ARTIFACT messages to. You can leave this blank if you are using a different binding. This value should be set when forcing ARTIFACT binding together with IdP initiated login.
  423. artifact-resolution-service-url= Artifact Resolution Service
  424. artifact-resolution-service-url.tooltip= SAML Artifact resolution service for the client. This is the endpoint to which Keycloak will send a SOAP ArtifactResolve message. You can leave this blank if you do not have a URL for this binding.
  425. saml-signature-keyName-transformer=SAML Signature Key Name
  426. saml-signature-keyName-transformer.tooltip=Signed SAML documents contain identification of signing key in KeyName element. For Keycloak / RH-SSO counterparty, use KEY_ID, for MS AD FS use CERT_SUBJECT, for others check and use NONE if no other option works.
  427. oidc-compatibility-modes=OpenID Connect Compatibility Modes
  428. oidc-compatibility-modes.tooltip=Expand this section to configure settings for backwards compatibility with older OpenID Connect / OAuth2 adapters. It is useful especially if your client uses older version of Keycloak / RH-SSO adapter.
  429. exclude-session-state-from-auth-response=Exclude Session State From Authentication Response
  430. exclude-session-state-from-auth-response.tooltip=If this is on, the parameter 'session_state' will not be included in OpenID Connect Authentication Response. It is useful if your client uses older OIDC / OAuth2 adapter, which does not support 'session_state' parameter.
  431. use-refresh-tokens=Use Refresh Tokens
  432. use-refresh-tokens.tooltip=If this is on, a refresh_token will be created and added to the token response. If this is off then no refresh_token will be generated.
  433. use-refresh-token-for-client-credentials-grant=Use Refresh Tokens For Client Credentials Grant
  434. use-refresh-token-for-client-credentials-grant.tooltip=If this is on, a refresh_token will be created and added to the token response if the client_credentials grant is used. The OAuth 2.0 RFC6749 Section 4.4.3 states that a refresh_token should not be generated when client_credentials grant is used. If this is off then no refresh_token will be generated and the associated user session will be removed.
  435. authorization-signed-response-alg=Authorization Response Signature Algorithm
  436. authorization-signed-response-alg.tooltip=JWA algorithm used for signing authorization response tokens when the response mode is jwt.
  437. authorization-encrypted-response-alg=Authorization Response Encryption Key Management Algorithm
  438. authorization-encrypted-response-alg.tooltip=JWA Algorithm used for key management in encrypting the authorization response when the response mode is jwt. This option is needed if you want encrypted authorization response. If left empty, the authorization response is just signed, but not encrypted.
  439. authorization-encrypted-response-enc=Authorization Response Encryption Content Encryption Algorithm
  440. authorization-encrypted-response-enc.tooltip=JWA Algorithm used for content encryption in encrypting the authorization response when the response mode is jwt. This option is needed if you want encrypted authorization response. If left empty, the authorization response is just signed, but not encrypted.
  441. logo-uri=Logo URL
  442. logo-uri.tooltip=URL that references a logo for the Client application
  443. policy-uri=Policy URL
  444. policy-uri.tooltip=URL that the Relying Party Client provides to the End-User to read about the how the profile data will be used
  445. tos-uri=Terms of service URL
  446. tos-uri.tooltip=URL that the Relying Party Client provides to the End-User to read about the Relying Party's terms of service
  447. # client import
  448. import-client=Import Client
  449. format-option=Format Option
  450. select-format=Select a Format
  451. import-file=Import File
  452. # client tabs
  453. settings=Settings
  454. credentials=Credentials
  455. roles=Roles
  456. mappers=Mappers
  457. mappers.tooltip=Protocol mappers perform transformation on tokens and documents. They can do things like map user data into protocol claims, or just transform any requests going between the client and auth server.
  458. scope=Scope
  459. scope.tooltip=Scope mappings allow you to restrict which user role mappings are included within the access token requested by the client.
  460. sessions.tooltip=View active sessions for this client. Allows you to see which users are active and when they logged in.
  461. offline-access=Offline Access
  462. offline-access.tooltip=View offline sessions for this client. Allows you to see which users retrieve offline token and when they retrieve it. To revoke all tokens for the client, go to the Revocation tab and set Not Before to Now.
  463. clustering=Clustering
  464. installation=Installation
  465. installation.tooltip=Helper utility for generating various client adapter configuration formats which you can download or cut and paste to configure your clients.
  466. service-account-roles=Service Account Roles
  467. service-account-roles.tooltip=Allows you to authenticate role mappings for the service account dedicated to this client.
  468. # client credentials
  469. client-authenticator=Client Authenticator
  470. client-authenticator.tooltip=Client Authenticator used for authentication of this client against Keycloak server
  471. certificate.tooltip=Client Certificate for validate JWT issued by client and signed by Client private key from your keystore.
  472. publicKey.tooltip=Public Key for validate JWT issued by client and signed by Client private key.
  473. no-client-certificate-configured=No client certificate configured
  474. need-to-configure-keys=Configure JWKS URL or Signing key in the Keys tab
  475. gen-new-keys-and-cert=Generate new keys and certificate
  476. import-certificate=Import Certificate
  477. gen-client-private-key=Generate Client Private Key
  478. generate-private-key=Generate Private Key
  479. kid=Kid
  480. kid.tooltip=KID (Key ID) of the client public key from imported JWKS.
  481. token-endpoint-auth-signing-alg=Signature Algorithm
  482. token-endpoint-auth-signing-alg.tooltip=JWA algorithm, which the client needs to use when signing a JWT for authentication. If left blank, the client is allowed to use any algorithm.
  483. use-jwks-url=Use JWKS URL
  484. use-jwks-url.tooltip=If the switch is on, client public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when client generates new keypair. If the switch is off, public key (or certificate) from the Keycloak DB is used, so when client keypair changes, you always need to import new key (or certificate) to the Keycloak DB as well. This switch is mutually exclusive with the switch "Use JWKS".
  485. jwks-url=JWKS URL
  486. jwks-url.tooltip=URL where client keys in JWK format are stored. See JWK specification for more details. If you use Keycloak client adapter with "jwt" credential, you can use URL of your app with '/k_jwks' suffix. For example 'http://www.myhost.com/myapp/k_jwks' .
  487. use-jwks-string=Use JWKS
  488. use-jwks-string.tooltip=If the switch is on, client public keys will be configurable in JWKS. This switch is mutually exclusive with the switch "Use JWKS URL".
  489. jwks-string=JWKS
  490. jwks-string.tooltip=Client keys in JWK format. See JWK specification for more details.
  491. pkce-enabled=Use PKCE
  492. pkce-enabled.tooltip=Use PKCE (Proof of Key-code exchange) for IdP Brokering
  493. pkce-method=PKCE Method
  494. pkce-method.tooltip=PKCE Method to use
  495. pkce.plain.option=Plain
  496. pkce.s256.option=S256
  497. archive-format=Archive Format
  498. archive-format.tooltip=Java keystore or PKCS12 archive format.
  499. key-alias=Key Alias
  500. key-alias.tooltip=Archive alias for your private key and certificate.
  501. key-password=Key Password
  502. key-password.tooltip=Password to access the private key in the archive
  503. store-password=Store Password
  504. store-password.tooltip=Password to access the archive itself
  505. generate-and-download=Generate and Download
  506. client-certificate-import=Client Certificate Import
  507. import-client-certificate=Import Client Certificate
  508. jwt-import.key-alias.tooltip=Archive alias for your certificate.
  509. secret=Secret
  510. regenerate-secret=Regenerate Secret
  511. registrationAccessToken=Registration access token
  512. registrationAccessToken.regenerate=Regenerate registration access token
  513. registrationAccessToken.tooltip=The registration access token provides access for clients to the client registration service.
  514. add-role=Add Role
  515. role-name=Role Name
  516. composite=Composite
  517. description=Description
  518. no-client-roles-available=No client roles available
  519. composite-roles=Composite Roles
  520. composite-roles.tooltip=When this role is (un)assigned to a user any role associated with it will be (un)assigned implicitly.
  521. realm-roles=Realm Roles
  522. available-roles=Available Roles
  523. add-selected=Add selected
  524. associated-roles=Associated Roles
  525. composite.associated-realm-roles.tooltip=Realm level roles associated with this composite role.
  526. composite.available-realm-roles.tooltip=Realm level roles that you can associate to this composite role.
  527. remove-selected=Remove selected
  528. client-roles=Client Roles
  529. select-client-to-view-roles=Select client to view roles for client
  530. available-roles.tooltip=Roles from this client that you can associate to this composite role.
  531. client.associated-roles.tooltip=Client roles associated with this composite role.
  532. add-builtin=Add Builtin
  533. category=Category
  534. type=Type
  535. priority-order=Priority Order
  536. no-mappers-available=No mappers available
  537. add-builtin-protocol-mappers=Add Builtin Protocol Mappers
  538. add-builtin-protocol-mapper=Add Builtin Protocol Mapper
  539. scope-mappings=Scope Mappings
  540. full-scope-allowed=Full Scope Allowed
  541. full-scope-allowed.tooltip=Allows you to disable all restrictions.
  542. scope.available-roles.tooltip=Realm level roles that can be assigned to scope. Contains effectively assigned roles which are not directly assigned.
  543. assigned-roles=Assigned Roles
  544. assigned-roles.tooltip=Realm level roles assigned to scope.
  545. effective-roles=Effective Roles
  546. realm.effective-roles.tooltip=Assigned realm level roles that may have been inherited from a composite role.
  547. select-client-roles.tooltip=Select client to view roles for client
  548. assign.available-roles.tooltip=Client roles available to be assigned. Contains effectively assigned roles which are not directly assigned.
  549. client.assigned-roles.tooltip=Assigned client roles.
  550. client.effective-roles.tooltip=Assigned client roles that may have been inherited from a composite role.
  551. basic-configuration=Basic configuration
  552. node-reregistration-timeout=Node Re-registration Timeout
  553. node-reregistration-timeout.tooltip=Interval to specify max time for registered clients cluster nodes to re-register. If cluster node will not send re-registration request to Keycloak within this time, it will be unregistered from Keycloak
  554. registered-cluster-nodes=Registered cluster nodes
  555. register-node-manually=Register node manually
  556. test-cluster-availability=Test cluster availability
  557. last-registration=Last registration
  558. node-host=Node host
  559. no-registered-cluster-nodes=No registered cluster nodes available
  560. cluster-nodes=Cluster Nodes
  561. add-node=Add Node
  562. active-sessions.tooltip=Total number of active user sessions for this client.
  563. show-sessions=Show Sessions
  564. show-sessions.tooltip=Warning, this is a potentially expensive operation depending on the number of active sessions.
  565. user=User
  566. from-ip=From IP
  567. session-start=Session Start
  568. first-page=First Page
  569. previous-page=Previous Page
  570. next-page=Next Page
  571. client-revoke.not-before.tooltip=Revoke any tokens issued before this date for this client.
  572. client-revoke.push.tooltip=If the admin URL is configured for this client, push this policy to that client.
  573. select-a-format=Select a Format
  574. download=Download
  575. offline-tokens=Offline Tokens
  576. offline-tokens.tooltip=Total number of offline tokens for this client.
  577. show-offline-tokens=Show Offline Tokens
  578. show-offline-tokens.tooltip=Warning, this is a potentially expensive operation depending on the number of offline tokens.
  579. token-issued=Token Issued
  580. last-access=Last Access
  581. last-refresh=Last Refresh
  582. key-export=Key Export
  583. key-import=Key Import
  584. export-saml-key=Export SAML Key
  585. import-saml-key=Import SAML Key
  586. realm-certificate-alias=Realm Certificate Alias
  587. realm-certificate-alias.tooltip=Realm certificate is stored in archive too. This is the alias to it.
  588. signing-key=Signing Key
  589. saml-signing-key=SAML Signing Key.
  590. private-key=Private Key
  591. generate-new-keys=Generate new keys
  592. export=Export
  593. encryption-key=Encryption Key
  594. saml-encryption-key.tooltip=SAML Encryption Key.
  595. service-accounts=Service Accounts
  596. service-account.available-roles.tooltip=Realm level roles that can be assigned to service account. Contains effectively assigned roles which are not directly assigned.
  597. service-account=Service Account
  598. service-account.roles=Service Account Roles
  599. service-account.user=Service Account User
  600. service-account.user.tooltip=Username of the Service Account. To manage details and group mappings click on the username.
  601. service-account.assigned-roles.tooltip=Realm level roles assigned to service account.
  602. service-account-is-not-enabled-for=Service account is not enabled for {{client}}
  603. create-protocol-mappers=Create Protocol Mappers
  604. create-protocol-mapper=Create Protocol Mapper
  605. protocol=Protocol
  606. protocol.tooltip=Protocol...
  607. id=ID
  608. mapper.name.tooltip=Name of the mapper.
  609. mapper.consent-required.tooltip=When granting temporary access, must the user consent to providing this data to the client?
  610. consent-text=Consent Text
  611. consent-text.tooltip=Text to display on consent page.
  612. mapper-type=Mapper Type
  613. mapper-type.tooltip=Type of the mapper
  614. user-label=User Label
  615. data=Data
  616. show-data=Show data...
  617. position=Position
  618. # realm identity providers
  619. identity-providers=Identity Providers
  620. table-of-identity-providers=Table of identity providers
  621. add-provider.placeholder=Add provider...
  622. provider=Provider
  623. gui-order=GUI order
  624. first-broker-login-flow=First Login Flow
  625. post-broker-login-flow=Post Login Flow
  626. sync-mode=Sync Mode
  627. sync-mode.tooltip=Default sync mode for all mappers. The sync mode determines when user data will be synced using the mappers. Possible values are: 'legacy' to keep the behaviour before this option was introduced, 'import' to only import the user once during first login of the user with this identity provider, 'force' to always update the user during every login with this identity provider.
  628. sync-mode.inherit=inherit
  629. sync-mode.legacy=legacy
  630. sync-mode.import=import
  631. sync-mode.force=force
  632. sync-mode-override=Sync Mode Override
  633. sync-mode-override.tooltip=Overrides the default sync mode of the IDP for this mapper. Values are: 'legacy' to keep the behaviour before this option was introduced, 'import' to only import the user once during first login of the user with this identity provider, 'force' to always update the user during every login with this identity provider and 'inherit' to use the sync mode defined in the identity provider for this mapper.
  634. redirect-uri=Redirect URI
  635. redirect-uri.tooltip=The redirect uri to use when configuring the identity provider.
  636. alias=Alias
  637. display-name=Display Name
  638. identity-provider.alias.tooltip=The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
  639. identity-provider.display-name.tooltip=Friendly name for Identity Providers.
  640. identity-provider.enabled.tooltip=Enable/disable this identity provider.
  641. authenticate-by-default=Authenticate by Default
  642. identity-provider.authenticate-by-default.tooltip=Indicates if this provider should be tried by default for authentication even before displaying login screen.
  643. store-tokens=Store Tokens
  644. identity-provider.store-tokens.tooltip=Enable/disable if tokens must be stored after authenticating users.
  645. stored-tokens-readable=Stored Tokens Readable
  646. identity-provider.stored-tokens-readable.tooltip=Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
  647. disableUserInfo=Disable User Info
  648. identity-provider.disableUserInfo.tooltip=Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.
  649. userIp=Use userIp Param
  650. identity-provider.google-userIp.tooltip=Set 'userIp' query parameter when invoking on Google's User Info service. This will use the user's ip address. Useful if Google is throttling access to the User Info service.
  651. offlineAccess=Request refresh token
  652. identity-provider.google-offlineAccess.tooltip=Set 'access_type' query parameter to 'offline' when redirecting to google authorization endpoint, to get a refresh token back. Useful if planning to use Token Exchange to retrieve Google token to access Google APIs when the user is not at the browser.
  653. hostedDomain=Hosted Domain
  654. identity-provider.google-hostedDomain.tooltip=Set 'hd' query parameter when logging in with Google. Google will list accounts only for this domain. Keycloak validates that the returned identity token has a claim for this domain. When '*' is entered, any hosted account can be used.
  655. identity-provider.facebook-fetchedFields.label=Additional user's profile fields
  656. identity-provider.facebook-fetchedFields.tooltip=Provide additional fields which would be fetched using the profile request. This will be appended to the default set of 'id,name,email,first_name,last_name'.
  657. sandbox=Target Sandbox
  658. identity-provider.paypal-sandbox.tooltip=Target PayPal's sandbox environment
  659. update-profile-on-first-login=Update Profile on First Login
  660. on=On
  661. on-missing-info=On missing info
  662. off=Off
  663. update-profile-on-first-login.tooltip=Define conditions under which a user has to update their profile during first-time login.
  664. trust-email=Trust Email
  665. trust-email.tooltip=If enabled, email provided by this provider is not verified even if verification is enabled for the realm.
  666. link-only=Account Linking Only
  667. link-only.tooltip=If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider
  668. hide-on-login-page=Hide on Login Page
  669. hide-on-login-page.tooltip=If hidden, login with this provider is possible only if requested explicitly, for example using the 'kc_idp_hint' parameter.
  670. gui-order.tooltip=Number defining order of the provider in GUI (for example, on Login page).
  671. first-broker-login-flow.tooltip=Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that no Keycloak account is currently linked to the authenticated identity provider account.
  672. post-broker-login-flow.tooltip=Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Also note that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
  673. openid-connect-config=OpenID Connect Config
  674. openid-connect-config.tooltip=OIDC SP and external IDP configuration.
  675. authorization-url=Authorization URL
  676. authorization-url.tooltip=The Authorization Url.
  677. token-url=Token URL
  678. token-url.tooltip=The Token URL.
  679. loginHint=Pass login_hint
  680. loginHint.tooltip=Pass login_hint to identity provider.
  681. uiLocales=Pass current locale
  682. uiLocales.tooltip=Pass the current locale to the identity provider as a ui_locales parameter.
  683. logout-url=Logout URL
  684. identity-provider.logout-url.tooltip=End session endpoint to use to logout user from external IDP.
  685. backchannel-logout=Backchannel Logout
  686. backchannel-logout.tooltip=Does the external IDP support backchannel logout?
  687. user-info-url=User Info URL
  688. user-info-url.tooltip=The User Info Url. This is optional.
  689. client-auth=Client Authentication
  690. client-auth.tooltip=The client authentication method (cfr. https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication). In case of JWT signed with private key, the realm private key is used.
  691. client-auth.client_secret_post=Client secret sent as post
  692. client-auth.client_secret_basic=Client secret sent as basic auth
  693. client-auth.client_secret_jwt=Client secret as jwt
  694. client-auth.private_key_jwt=JWT signed with private key
  695. identity-provider.client-id.tooltip=The client or client identifier registered within the identity provider.
  696. client-secret=Client Secret
  697. client-assertion-signing-algorithm=Client Assertion Signature Algorithm
  698. client-assertion-signing-algorithm.tooltip=Signature algorithm to create JWT assertion as client authentication. In the case of JWT signed with private key or Client secret as jwt, it is required. If no algorithm is specified, the following algorithm is adapted. RS256 is adapted in the case of JWT signed with private key. HS256 is adapted in the case of Client secret as jwt.
  699. show-secret=Show secret
  700. hide-secret=Hide secret
  701. client-secret.tooltip=The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use ${vault.ID} format.
  702. issuer=Issuer
  703. issuer.tooltip=The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
  704. default-scopes=Default Scopes
  705. identity-provider.default-scopes.tooltip=The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'.
  706. prompt=Prompt
  707. unspecified.option=unspecified
  708. none.option=none
  709. consent.option=consent
  710. login.option=login
  711. select-account.option=select_account
  712. prompt.tooltip=Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.
  713. accepts-prompt-none-forward-from-client=Accepts prompt=none forward from client
  714. accepts-prompt-none-forward-from-client.tooltip=This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.
  715. validate-signatures=Validate Signatures
  716. identity-provider.validate-signatures.tooltip=Enable/disable signature validation of external IDP signatures.
  717. identity-provider.use-jwks-url.tooltip=If the switch is on, identity provider public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when identity provider generates new keypair. If the switch is off, public key (or certificate) from the Keycloak DB is used, so when the identity provider keypair changes, you always need to import the new key to the Keycloak DB as well.
  718. identity-provider.jwks-url.tooltip=URL where identity provider keys in JWK format are stored. See JWK specification for more details. If you use external Keycloak identity provider, you can use URL like 'http://broker-keycloak:8180/auth/realms/test/protocol/openid-connect/certs' assuming your brokered Keycloak is running on 'http://broker-keycloak:8180' and its realm is 'test' .
  719. validating-public-key=Validating Public Key
  720. identity-provider.validating-public-key.tooltip=The public key in PEM format that must be used to verify external IDP signatures.
  721. validating-public-key-id=Validating Public Key Id
  722. identity-provider.validating-public-key-id.tooltip=Explicit ID of the validating public key given above if the key ID. Leave blank if the key above should be used always, regardless of key ID specified by external IDP; set it if the key should only be used for verifying if the key ID from external IDP matches.
  723. allowed-clock-skew=Allowed clock skew
  724. identity-provider.allowed-clock-skew.tooltip=Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is zero.
  725. forwarded-query-parameters=Forwarded Query Parameters
  726. identity-provider.forwarded-query-parameters.tooltip=Non OpenID Connect/OAuth standard query parameters to be forwarded to external IDP from the initial application request to Authorization Endpoint. Multiple parameters can be entered, separated by comma (,).
  727. import-external-idp-config=Import External IDP Config
  728. import-external-idp-config.tooltip=Allows you to load external IDP metadata from a config file or to download it from a URL.
  729. import-from-url=Import from URL
  730. identity-provider.import-from-url.tooltip=Import metadata from a remote IDP discovery descriptor.
  731. import-from-file=Import from file
  732. identity-provider.import-from-file.tooltip=Import metadata from a downloaded IDP discovery descriptor.
  733. identity-provider.saml.entity-id=Service Provider Entity ID
  734. identity-provider.saml.entity-id.tooltip=The Entity ID that will be used to uniquely identify this SAML Service Provider
  735. identity-provider.saml.protocol-endpoints.saml=SAML 2.0 Service Provider Metadata
  736. identity-provider.saml.protocol-endpoints.saml.tooltip=Shows the configuration of the Service Provider endpoint
  737. identity-provider.saml.attribute-consuming-service-index=Attribute Consuming Service Index
  738. identity-provider.saml.attribute-consuming-service-index.tooltip=Index of the Attribute Consuming Service profile to request during authentication
  739. identity-provider.saml.attribute-consuming-service-name=Attribute Consuming Service Name
  740. identity-provider.saml.attribute-consuming-service-name.tooltip=Name of the Attribute Consuming Service profile to advertise in the SP metadata. Default value equal to the realm display name when configured, otherwise equal to the realm name.
  741. saml-config=SAML Config
  742. identity-provider.saml-config.tooltip=SAML SP and external IDP configuration.
  743. single-signon-service-url=Single Sign-On Service URL
  744. saml.single-signon-service-url.tooltip=The Url that must be used to send authentication requests (SAML AuthnRequest).
  745. single-logout-service-url=Single Logout Service URL
  746. saml.single-logout-service-url.tooltip=The Url that must be used to send logout requests.
  747. nameid-policy-format=NameID Policy Format
  748. nameid-policy-format.tooltip=Specifies the URI reference corresponding to a name identifier format. Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
  749. saml.principal-type=Principal Type
  750. saml.principal-type.tooltip=Way to identify and track external users from the assertion. Default is using Subject NameID, alternatively you can set up identifying attribute.
  751. saml.principal-attribute=Principal Attribute
  752. saml.principal-attribute.tooltip=Name or Friendly Name of the attribute used to identify external users.
  753. saml.allow-create=Allow create
  754. saml.allow-create.tooltip=Allow the external identity provider to create a new identifier to represent the principal
  755. http-post-binding-response=HTTP-POST Binding Response
  756. http-post-binding-response.tooltip=Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
  757. http-post-binding-for-authn-request=HTTP-POST Binding for AuthnRequest
  758. http-post-binding-for-authn-request.tooltip=Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
  759. http-post-binding-logout=HTTP-POST Binding Logout
  760. http-post-binding-logout.tooltip=Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
  761. want-authn-requests-signed=Want AuthnRequests Signed
  762. want-authn-requests-signed.tooltip=Indicates whether the identity provider expects a signed AuthnRequest.
  763. want-assertions-signed=Want Assertions Signed
  764. want-assertions-signed.tooltip=Indicates whether this service provider expects a signed Assertion.
  765. want-assertions-encrypted=Want Assertions Encrypted
  766. want-assertions-encrypted.tooltip=Indicates whether this service provider expects an encrypted Assertion.
  767. force-authentication=Force Authentication
  768. identity-provider.force-authentication.tooltip=Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
  769. validate-signature=Validate Signature
  770. saml.validate-signature.tooltip=Enable/disable signature validation of SAML responses.
  771. validating-x509-certificate=Validating X509 Certificates
  772. validating-x509-certificate.tooltip=The certificate in PEM format that must be used to check for signatures. Multiple certificates can be entered, separated by comma (,).
  773. saml.loginHint=Pass subject
  774. saml.loginHint.tooltip=During login phase, forward an optional login_hint query parameter to SAML AuthnRequest's Subject.
  775. saml.import-from-url.tooltip=Import metadata from a remote IDP SAML entity descriptor.
  776. identity-provider.saml.sign-sp-metadata=Sign Service Provider Metadata
  777. identity-provider.saml.sign-sp-metadata.tooltip=Enable/disable signature of the provider SAML metadata
  778. identity-provider.saml.requested-authncontext=Requested AuthnContext Constraints
  779. identity-provider.saml.requested-authncontext.tooltip=Allows the SP to specify the authentication context requirements of authentication statements returned.
  780. identity-provider.saml.authncontext-comparison-type=Comparison
  781. identity-provider.saml.authncontext-comparison-type.tooltip=Specifies the comparison method used to evaluate the requested context classes or statements. The default is "Exact".
  782. identity-provider.saml.authncontext-comparison-type.exact=Exact
  783. identity-provider.saml.authncontext-comparison-type.minimum=Minimum
  784. identity-provider.saml.authncontext-comparison-type.maximum=Maximum
  785. identity-provider.saml.authncontext-comparison-type.better=Better
  786. identity-provider.saml.authncontext-class-ref=AuthnContext ClassRefs
  787. identity-provider.saml.authncontext-class-ref.tooltip=Ordered list of requested AuthnContext ClassRefs.
  788. identity-provider.saml.authncontext-decl-ref=AuthnContext DeclRefs
  789. identity-provider.saml.authncontext-decl-ref.tooltip=Ordered list of requested AuthnContext DeclRefs.
  790. social.client-id.tooltip=The client identifier registered with the identity provider.
  791. social.client-secret.tooltip=The client secret registered with the identity provider. This field is able to obtain its value from vault, use ${vault.ID} format.
  792. social.default-scopes.tooltip=The scopes to be sent when asking for authorization. See the documentation for possible values, separator and default value'.
  793. key=Key
  794. stackoverflow.key.tooltip=The Key obtained from Stack Overflow client registration.
  795. openshift.base-url=Base Url
  796. openshift.base-url.tooltip=Base Url to OpenShift Online API
  797. openshift4.base-url=Base Url
  798. openshift4.base-url.tooltip=Base Url to OpenShift Online API
  799. gitlab-application-id=Application Id
  800. gitlab-application-secret=Application Secret
  801. gitlab.application-id.tooltip=Application Id for the application you created in your GitLab Applications account menu
  802. gitlab.application-secret.tooltip=Secret for the application that you created in your GitLab Applications account menu
  803. gitlab.default-scopes.tooltip=Scopes to ask for on login. Will always ask for openid. Additionally adds read_user if you do not specify anything.
  804. bitbucket-consumer-key=Consumer Key
  805. bitbucket-consumer-secret=Consumer Secret
  806. bitbucket.key.tooltip=Bitbucket OAuth Consumer Key
  807. bitbucket.secret.tooltip=Bitbucket OAuth Consumer Secret
  808. bitbucket.default-scopes.tooltip=Scopes to ask for on login. If you do not specify anything, scope defaults to 'email'.
  809. # User federation
  810. sync-ldap-roles-to-keycloak=Sync LDAP Roles To Keycloak
  811. sync-keycloak-roles-to-ldap=Sync Keycloak Roles To LDAP
  812. sync-ldap-groups-to-keycloak=Sync LDAP Groups To Keycloak
  813. sync-keycloak-groups-to-ldap=Sync Keycloak Groups To LDAP
  814. realms=Realms
  815. realm=Realm
  816. identity-provider-mappers=Identity Provider Mappers
  817. create-identity-provider-mapper=Create Identity Provider Mapper
  818. add-identity-provider-mapper=Add Identity Provider Mapper
  819. client.description.tooltip=Specifies description of the client. For example 'My Client for TimeSheets'. Supports keys for localized values as well. For example\: ${my_client_description}
  820. expires=Expires
  821. expiration=Expiration
  822. expiration.tooltip=Specifies how long the token should be valid
  823. count=Count
  824. count.tooltip=Specifies how many clients can be created using the token
  825. remainingCount=Remaining Count
  826. created=Created
  827. back=Back
  828. initial-access-tokens=Initial Access Tokens
  829. add-initial-access-tokens=Add Initial Access Token
  830. initial-access-token=Initial Access Token
  831. initial-access.copyPaste.tooltip=Copy/paste the initial access token before navigating away from this page as it is not possible to retrieve later
  832. continue=Continue
  833. initial-access-token.confirm.title=Copy Initial Access Token
  834. initial-access-token.confirm.text=Please copy and paste the initial access token before confirming as it cannot be retrieved later
  835. no-initial-access-available=No Initial Access Tokens available
  836. client-reg-policies=Client Registration Policies
  837. client-reg-policy.name.tooltip=Display Name of the policy
  838. anonymous-policies=Anonymous Access Policies
  839. anonymous-policies.tooltip=Those Policies are used when the Client Registration Service is invoked by unauthenticated request. This means that the request does not contain Initial Access Token nor Bearer Token.
  840. auth-policies=Authenticated Access Policies
  841. auth-policies.tooltip=Those Policies are used when Client Registration Service is invoked by authenticated request. This means that the request contains Initial Access Token or Bearer Token.
  842. policy-name=Policy Name
  843. no-client-reg-policies-configured=No Client Registration Policies
  844. trusted-hosts.label=Trusted Hosts
  845. trusted-hosts.tooltip=List of Hosts, which are trusted and are allowed to invoke Client Registration Service and/or be used as values of Client URIs. You can use hostnames or IP addresses. If you use star at the beginning (for example '*.example.com' ) then whole domain example.com will be trusted.
  846. host-sending-registration-request-must-match.label=Host Sending Client Registration Request Must Match
  847. host-sending-registration-request-must-match.tooltip=If on, any request to Client Registration Service is allowed just if it was sent from some trusted host or domain.
  848. client-uris-must-match.label=Client URIs Must Match
  849. client-uris-must-match.tooltip=If on, all Client URIs (Redirect URIs and others) are allowed just if they match some trusted host or domain.
  850. consent-required-for-all-mappers.label=Consent Required For Mappers
  851. consent-required-for-all-mappers.tooltip=If on, all newly registered protocol mappers will automatically have consentRequired switch on. This means that user will need to approve consent screen. NOTE: Consent screen is shown just if client has consentRequired switch on. So it is usually good to use this switch together with consent-required policy.
  852. allowed-client-scopes.label=Allowed Client Scopes
  853. allowed-client-scopes.tooltip=Whitelist of the client scopes, which can be used on a newly registered client. Attempt to register client with some client scope, which is not whitelisted, will be rejected. By default, the whitelist is either empty or contains just realm default client scopes (based on 'Allow Default Scopes' configuration property)
  854. allow-default-scopes.label=Allow Default Scopes
  855. allow-default-scopes.tooltip=If on, newly registered clients will be allowed to have client scopes mentioned in realm default client scopes or realm optional client scopes
  856. # Client Registration Policies providers
  857. allowed-protocol-mappers.label=Allowed Protocol Mappers
  858. allowed-protocol-mappers.tooltip=Whitelist of allowed protocol mapper providers. If there is an attempt to register client, which contains some protocol mappers, which were not whitelisted, registration request will be rejected.
  859. allowed-client-templates.label=Allowed Client Templates
  860. client-disabled.label=Client Disabled
  861. scope.label=Scope
  862. consent-required.label=Consent Required
  863. max-clients.label=Max Clients Per Realm
  864. max-clients.tooltip=It will not be allowed to register a new client if count of existing clients in realm is same or bigger than the configured limit.
  865. client-scopes=Client Scopes
  866. client-scopes.tooltip=Client scopes allow you to define a common set of protocol mappers and roles, which are shared between multiple clients
  867. # Client Policies
  868. realm-tab-client-policies=Client Policies
  869. client-policies-profiles=Profiles
  870. client-policies-profiles.tooltip=Client Profile allows to setup set of executors, which are enforced for various actions done with the client. Actions can be admin actions like creating or updating client, or user actions like authentication to the client.
  871. client-policies-policies=Policies
  872. client-policies-policies.tooltip=Client Policy allows to bind client profiles with various conditions to specify when exactly is enforced behaviour specified by executors of the particular client profile.
  873. client-profiles-form-view=Form View
  874. client-profiles-json-editor=JSON Editor
  875. global=Global
  876. executors=Executors
  877. client-profile-name.tooltip=Name of the client profile. Must be unique within the realm
  878. client-profile-executors.tooltip=Executors, which will be applied for this client profile
  879. no-executors-available=No Executors Available
  880. push-profile-to-json=Push Profile to JSON
  881. executor-type=Executor Type
  882. create-executor=Create Executor
  883. client-policy-name.tooltip=Name of the client policy. Must be unique within the realm.
  884. client-policy-enabled.tooltip=Specifies if client policy is enabled. Disabled policies are not considered at all during evaluation of client requests.
  885. conditions=Conditions
  886. client-policy-conditions.tooltip=Conditions, which will be evaluated to determine if client policy should be applied during particular action or not.
  887. no-conditions-available=No Conditions Available
  888. condition-type=Condition Type
  889. create-condition=Create Condition
  890. client-profiles=Client Profiles
  891. client-policies=Client Policies
  892. client-profiles.tooltip=Client Profiles applied on this policy
  893. add-profile.placeholder=Add client profile ...
  894. no-client-profiles-configured=No client profiles configured
  895. create-client-profile=Create Client Profile
  896. create-client-policy=Create Client Policy
  897. client-scopes-condition.label=Expected Scopes
  898. client-scopes-condition.tooltip=The list of expected client scopes. Condition evaluates to true if specified client request matches some of the client scopes. It depends also whether it should be default or optional client scope based on the 'Scope Type' configured.
  899. client-accesstype.label=Client Access Type
  900. client-accesstype.tooltip=Access Type of the client, for which the condition will be applied.
  901. client-roles.label=Client Roles
  902. client-roles-condition.tooltip=Client roles, which will be checked during this condition evaluation. Condition evaluates to true if client has at least one client role with the name as the client roles specified in the configuration.
  903. client-updater-source-groups.label=Groups
  904. client-updater-source-groups.tooltip=Name of groups to check. Condition evaluates to true if the entity, who creates/updates client is member of some of the specified groups. Configured groups are specified by their simple name, which must match to the name of the Keycloak group. No support for group hierarchy is used here.
  905. client-updater-trusted-hosts.label=Trusted hosts
  906. client-updater-trusted-hosts.tooltip=List of Hosts, which are trusted. In case that client registration/update request comes from the host/domain specified in this configuration, condition evaluates to true. You can use hostnames or IP addresses. If you use star at the beginning (for example '*.example.com' ) then whole domain example.com will be trusted.
  907. client-updater-source-roles.label=Updating entity role
  908. client-updater-source-roles.tooltip=The condition is checked during client registration/update requests and it evaluates to true if the entity (usually user), who is creating/updating client is member of the specified role. For reference the realm role, you can use the realm role name like 'my_realm_role' . For reference client role, you can use the client_id.role_name for example 'my_client.my_client_role' will refer to client role 'my_client_role' of client 'my_client'.
  909. groups=Groups
  910. group.add-selected.tooltip=Realm roles that can be assigned to the group. Contains effectively assigned roles which are not directly assigned.
  911. group.assigned-roles.tooltip=Realm roles mapped to the group
  912. group.effective-roles.tooltip=All realm role mappings. Some roles here might be inherited from a mapped composite role.
  913. group.available-roles.tooltip=Assignable roles from this client. Contains effectively assigned roles which are not directly assigned.
  914. group.assigned-roles-client.tooltip=Role mappings for this client.
  915. group.effective-roles-client.tooltip=Role mappings for this client. Some roles here might be inherited from a mapped composite role.
  916. group.move.success=Group moved.
  917. group.remove.confirm.title=Delete Group
  918. group.remove.confirm.message=Are you sure you want to permanently delete the group {{name}}?
  919. group.remove.success=The group has been deleted.
  920. group.fetch.fail=Unable to fetch {{params}}
  921. group.create.success=Group Created.
  922. group.edit.success=Your changes have been saved to the group.
  923. group.roles.add.success=Role mappings updated.
  924. group.roles.remove.success=Role mappings updated.
  925. group.default.add.error=Please select a group to add
  926. group.default.add.success=Added default group
  927. group.default.remove.success=Removed default group
  928. default-roles=Default Roles
  929. no-realm-roles-available=No realm roles available
  930. users=Users
  931. user.add-selected.tooltip=Realm roles that can be assigned to the user. Contains effectively assigned roles which are not directly assigned.
  932. user.assigned-roles.tooltip=Realm roles mapped to the user
  933. user.effective-roles.tooltip=All realm role mappings. Some roles here might be inherited from a mapped composite role.
  934. user.available-roles.tooltip=Assignable roles from this client. Contains effectively assigned roles which are not directly assigned.
  935. user.assigned-roles-client.tooltip=Role mappings for this client.
  936. user.effective-roles-client.tooltip=Role mappings for this client. Some roles here might be inherited from a mapped composite role.
  937. user.roles.add.success=Role mappings updated.
  938. user.roles.remove.success=Role mappings updated.
  939. user.logout.all.success=Logged out user in all clients
  940. user.logout.session.success=Logged out session
  941. user.fedid.link.remove.confirm.title=Delete Identity Provider Link
  942. user.fedid.link.remove.confirm.message=Are you sure you want to permanently delete the Identity Provider Link {{name}}?
  943. user.fedid.link.remove.success=The provider link has been deleted.
  944. user.fedid.link.add.success=Provider link has been created.
  945. user.consent.revoke.success=Grant revoked successfully
  946. user.consent.revoke.error=Grant couldn't be revoked
  947. user.remove.confirm.title=Delete User
  948. user.remove.confirm.message=Are you sure you want to permanently delete the user {{name}}?
  949. user.unlock.success=Any temporarily locked users are now unlocked.
  950. user.remove.success=The user has been deleted.
  951. user.remove.error=User couldn't be deleted
  952. user.create.success=The user has been created.
  953. user.edit.success=Your changes have been saved to the user.
  954. user.credential.update.success=Credentials saved!
  955. user.credential.update.error=Error while updating the credential. See console for more information.
  956. user.credential.remove.confirm.title=Delete credentials
  957. user.credential.remove.confirm.message=Are you sure you want to delete these users credentials?
  958. user.credential.remove.success=Credentials deleted!
  959. user.credential.remove.error=Error while deleting the credential. See console for more information.
  960. user.credential.move-top.error=Error while moving the credential to top. See console for more information.
  961. user.credential.move-up.error=Error while moving the credential up. See console for more information.
  962. user.credential.move-down.error=Error while moving the credential down. See console for more information.
  963. user.credential.fetch.error=Error while loading user credentials. See console for more information.
  964. user.credential.storage.fetch.error=Error while loading user storage credentials. See console for more information.
  965. user.password.error.not-matching=Password and confirmation does not match.
  966. user.password.reset.confirm.title=Reset password
  967. user.password.reset.confirm.message=Are you sure you want to reset the password for the user?
  968. user.password.reset.success=The password has been reset.
  969. user.password.set.confirm.title=Set password
  970. user.password.set.confirm.message=Are you sure you want to set a password for the user?
  971. user.password.set.success=The password has been set.
  972. user.credential.disable.confirm.title=Disable credentials
  973. user.credential.disable.confirm.message=Are you sure you want to disable these users credentials?
  974. user.credential.disable.confirm.success=Credentials disabled
  975. user.credential.disable.confirm.error=Failed to disable credentials
  976. user.actions-email.send.pending-changes.title=Cannot send email
  977. user.actions-email.send.pending-changes.message=You must save your current changes before you can send an email
  978. user.actions-email.send.confirm.title=Send Email
  979. user.actions-email.send.confirm.message=Are you sure you want to send email to user?
  980. user.actions-email.send.confirm.success=Email sent to user
  981. user.actions-email.send.confirm.error=Failed to send email to user
  982. user.storage.remove.confirm.title=Delete User storage provider
  983. user.storage.remove.confirm.message=Are you sure you want to permanently delete the user storage provider {{name}}?
  984. user.storage.remove.success=The provider has been deleted.
  985. user.storage.create.success=The provider has been created.
  986. user.storage.edit.success=The provider has been updated.
  987. user.storage.sync.success=Sync of users finished successfully. {{status}}
  988. user.storage.sync.error=Error during sync of users
  989. user.storage.remove-users.success=Remove imported users finished successfully.
  990. user.storage.remove-users.error=Error during remove
  991. user.storage.unlink.success=Unlink of users finished successfully.
  992. user.storage.unlink.error=Error during unlink
  993. user.groups.fetch.all.error=Unable to fetch all group memberships {{params}}
  994. user.groups.fetch.error=Unable to fetch {{params}}
  995. user.groups.join.error.no-group-selected=Please select a group to add
  996. user.groups.join.error.already-added=Group already added
  997. user.groups.join.success=Added group membership
  998. user.groups.leave.error.no-group-selected=Please select a group to remove
  999. user.groups.leave.success=Removed group membership
  1000. default.available-roles.tooltip=Realm level roles that can be assigned.
  1001. realm-default-roles=Realm Default Roles
  1002. realm-default-roles.tooltip=Realm level roles assigned to new users.
  1003. default.available-roles-client.tooltip=Roles from this client that are assignable as a default.
  1004. client-default-roles=Client Default Roles
  1005. client-default-roles.tooltip=Roles from this client assigned as a default role.
  1006. composite.available-roles.tooltip=Realm level roles that you can associate to this composite role.
  1007. composite.associated-roles.tooltip=Realm level roles associated with this composite role.
  1008. composite.available-roles-client.tooltip=Roles from this client that you can associate to this composite role.
  1009. composite.associated-roles-client.tooltip=Client roles associated with this composite role.
  1010. partial-import=Partial Import
  1011. partial-import.tooltip=Partial import allows you to import users, clients, and other resources from a previously exported json file.
  1012. file=File
  1013. exported-json-file=Exported json file
  1014. import-from-realm=Import from realm
  1015. import-users=Import users
  1016. import-groups=Import groups
  1017. import-clients=Import clients
  1018. import-identity-providers=Import identity providers
  1019. import-realm-roles=Import realm roles
  1020. import-client-roles=Import client roles
  1021. if-resource-exists=If a resource exists
  1022. fail=Fail
  1023. skip=Skip
  1024. overwrite=Overwrite
  1025. if-resource-exists.tooltip=Specify what should be done if you try to import a resource that already exists.
  1026. partial-export=Partial Export
  1027. partial-export.tooltip=Partial export allows you to export realm configuration, and other associated resources into a json file.
  1028. export-groups-and-roles=Export groups and roles
  1029. export-clients=Export clients
  1030. action=Action
  1031. role-selector=Role Selector
  1032. group-selector=Group Selector
  1033. realm-roles.tooltip=Realm roles that can be selected.
  1034. select-a-role=Select a role
  1035. select-realm-role=Select realm role
  1036. select-group=Select group
  1037. client-roles.tooltip=Client roles that can be selected.
  1038. select-client-role=Select client role
  1039. client-saml-endpoint=Client SAML Endpoint
  1040. add-client-scope=Add client scope
  1041. default-client-scopes=Default Client Scopes
  1042. default-client-scopes.tooltip=Client Scopes, which will be added automatically to each created client
  1043. default-client-scopes.default=Default Client Scopes
  1044. default-client-scopes.default.tooltip=Allow to define client scopes, which will be added as default scopes to each created client
  1045. default-client-scopes.default.available=Available Client Scopes
  1046. default-client-scopes.default.available.tooltip=Client scopes, which are not yet assigned as realm default scopes or realm optional scopes
  1047. default-client-scopes.default.assigned=Assigned Default Client Scopes
  1048. default-client-scopes.default.assigned.tooltip=Client scopes, which will be added as default scopes to each created client
  1049. default-client-scopes.optional=Optional Client Scopes
  1050. default-client-scopes.optional.tooltip=Allow to define client scopes, which will be added as optional scopes to each created client
  1051. default-client-scopes.optional.available=Available Client Scopes
  1052. default-client-scopes.optional.available.tooltip=Client scopes, which are not yet assigned as realm default scopes or realm optional scopes
  1053. default-client-scopes.optional.assigned=Assigned Optional Client Scopes
  1054. default-client-scopes.optional.assigned.tooltip=Client scopes, which will be added as optional scopes to each created client
  1055. client-scopes.setup=Setup
  1056. client-scopes.setup.tooltip=Allow to setup client scopes linked to this client
  1057. client-scopes.default=Default Client Scopes
  1058. client-scopes.default.tooltip=Default client scopes are always applied when issuing tokens for this client. Protocol mappers and role scope mappings are always applied regardless of value of used scope parameter in OIDC Authorization request
  1059. client-scopes.default.available=Available Client Scopes
  1060. client-scopes.default.available.tooltip=Client scopes, which are not yet assigned as default scopes or optional scopes
  1061. client-scopes.default.assigned=Assigned Default Client Scopes
  1062. client-scopes.default.assigned.tooltip=Client scopes, which will be used as default scopes when generating tokens for this client
  1063. client-scopes.optional=Optional Client Scopes
  1064. client-scopes.optional.tooltip=Optional client scopes are applied when issuing tokens for this client, however just in case when they are requested by scope parameter in OIDC Authorization request
  1065. client-scopes.optional.available=Available Client Scopes
  1066. client-scopes.optional.available.tooltip=Client scopes, which are not yet assigned as default scopes or optional scopes
  1067. client-scopes.optional.assigned=Assigned Optional Client Scopes
  1068. client-scopes.optional.assigned.tooltip=Client scopes, which may be used as optional scopes when generating tokens for this client
  1069. client-scopes.evaluate=Evaluate
  1070. client-scopes.evaluate.tooltip=Allow to see all protocol mappers and role scope mapping that will be used in the tokens issued to this client. Also allow to generate example access token based on provided scope parameter
  1071. scope-parameter=Scope Parameter
  1072. scope-parameter.tooltip=You can copy/paste this value of scope parameter and use it in initial OpenID Connect Authentication Request sent from this client adapter. Default client scopes and selected optional client scopes will be used when generating token issued for this client
  1073. client-scopes.evaluate.scopes=Client Scopes
  1074. client-scopes.evaluate.scopes.tooltip=Allow to select optional client scopes, which may be used when generating token issued for this client
  1075. client-scopes.evaluate.scopes.available=Available Optional Client Scopes
  1076. client-scopes.evaluate.scopes.available.tooltip=This contains Optional Client Scopes, which can be optionally used when issuing access token for this client
  1077. client-scopes.evaluate.scopes.assigned=Selected Optional Client Scopes
  1078. client-scopes.evaluate.scopes.assigned.tooltip=Selected Optional Client Scopes, which will be used when issuing access token for this client. You can see above what value of OAuth Scope Parameter needs to be used when you want to have these optional client scopes applied when the initial OpenID Connect Authentication request will be sent from your client adapter
  1079. client-scopes.evaluate.scopes.effective=Effective Client Scopes
  1080. client-scopes.evaluate.scopes.effective.tooltip=Contains all default client scopes and selected optional scopes. All protocol mappers and role scope mappings of all those client scopes will be used when generating access token issued for your client
  1081. client-scopes.evaluate.user.tooltip=Optionally select user, for whom the example access token will be generated. If you do not select a user, example access token will not be generated during evaluation
  1082. send-evaluation-request=Evaluate
  1083. send-evaluation-request.tooltip=Click this to see all protocol mappers and role scope mappings that will be used when issuing an access token for this client. It will also optionally generate example access token in case that some user was selected
  1084. evaluated-protocol-mappers=Effective Protocol Mappers
  1085. evaluated-protocol-mappers.tooltip=Shows all effective protocol mappers that will be used when issuing token for this client. Also contains protocol mappers of selected optional client scopes. For each protocol mapper, you can see from which client scope it is inherited from
  1086. evaluated-roles=Effective Role Scope Mappings
  1087. evaluated-roles.tooltip=Shows all effective roles scope mappings that will be used when issuing token for this client. Also contains role scope mappings of selected optional client scopes
  1088. parent-client-scope=Parent Client Scope
  1089. client-scopes.evaluate.not-granted-roles=Not Granted Roles
  1090. client-scopes.evaluate.not-granted-roles.tooltip=Client does not have scope mappings for these roles. Those roles will not be in the access token issued to this client even if the authenticated user is a member of them
  1091. client-scopes.evaluate.granted-realm-effective-roles=Granted Effective Realm Roles
  1092. client-scopes.evaluate.granted-realm-effective-roles.tooltip=Client has scope mappings for these roles. Those roles will be in the access token issued to this client if the authenticated user is a member of them
  1093. client-scopes.evaluate.granted-client-effective-roles=Granted Effective Client Roles
  1094. generated-access-token=Generated Access Token
  1095. generated-access-token.tooltip=See the example access token, which will be generated and sent to the client when selected user is authenticated. You can see claims and roles that the token will contain based on the effective protocol mappers and role scope mappings and also based on the claims/roles assigned to user himself
  1096. generated-id-token=Generated ID Token
  1097. generated-id-token.tooltip=See the example ID Token, which will be generated and sent to the client when selected user is authenticated. You can see claims and roles that the token will contain based on the effective protocol mappers and role scope mappings and also based on the claims/roles assigned to user himself
  1098. generated-user-info=Generated User Info
  1099. generated-user-info.tooltip=See the example User Info, which will be provided by the User Info Endpoint
  1100. manage=Manage
  1101. authentication=Authentication
  1102. user-federation=User Federation
  1103. user-storage=User Storage
  1104. events=Events
  1105. realm-settings=Realm Settings
  1106. configure=Configure
  1107. select-realm=Select realm
  1108. add=Add
  1109. client-storage=Client Storage
  1110. no-client-storage-providers-configured=No client storage providers configured
  1111. client-stores.tooltip=Keycloak can retrieve clients and their details from external stores.
  1112. client-scope.name.tooltip=Name of the client scope. Must be unique in the realm. Name should not contain space characters as it is used as value of scope parameter
  1113. client-scope.description.tooltip=Description of the client scope
  1114. client-scope.protocol.tooltip=Which SSO protocol configuration is being supplied by this client scope
  1115. client-scope.display-on-consent-screen=Display On Consent Screen
  1116. client-scope.display-on-consent-screen.tooltip=If on, and this client scope is added to some client with consent required, the text specified by 'Consent Screen Text' will be displayed on consent screen. If off, this client scope will not be displayed on the consent screen
  1117. client-scope.consent-screen-text=Consent Screen Text
  1118. client-scope.consent-screen-text.tooltip=Text that will be shown on the consent screen when this client scope is added to some client with consent required. Defaults to name of client scope if it is not filled
  1119. client-scope.gui-order=GUI order
  1120. client-scope.gui-order.tooltip=Specify order of the provider in GUI (such as in Consent page) as integer
  1121. client-scope.include-in-token-scope=Include In Token Scope
  1122. client-scope.include-in-token-scope.tooltip=If on, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. If off, this client scope will be omitted from the token and from the Token Introspection Endpoint response.
  1123. add-user-federation-provider=Add user federation provider
  1124. add-user-storage-provider=Add user storage provider
  1125. required-settings=Required Settings
  1126. provider-id=Provider ID
  1127. console-display-name=Console Display Name
  1128. console-display-name.tooltip=Display name of provider when linked in admin console.
  1129. priority=Priority
  1130. priority.tooltip=Priority of provider when doing a user lookup. Lowest first.
  1131. user-storage.enabled.tooltip=If provider is disabled, it will not be considered for queries and imported users will be disabled and read-only until the provider is enabled again.
  1132. sync-settings=Sync Settings
  1133. periodic-full-sync=Periodic Full Sync
  1134. periodic-full-sync.tooltip=Does periodic full synchronization of provider users to Keycloak should be enabled or not
  1135. full-sync-period=Full Sync Period
  1136. full-sync-period.tooltip=Period for full synchronization in seconds
  1137. periodic-changed-users-sync=Periodic Changed Users Sync
  1138. periodic-changed-users-sync.tooltip=Does periodic synchronization of changed or newly created provider users to Keycloak should be enabled or not
  1139. changed-users-sync-period=Changed Users Sync Period
  1140. changed-users-sync-period.tooltip=Period for synchronization of changed or newly created provider users in seconds
  1141. synchronize-changed-users=Synchronize changed users
  1142. synchronize-all-users=Synchronize all users
  1143. remove-imported-users=Remove imported
  1144. unlink-users=Unlink users
  1145. kerberos-realm=Kerberos Realm
  1146. kerberos-realm.tooltip=Name of kerberos realm. For example FOO.ORG
  1147. server-principal=Server Principal
  1148. server-principal.tooltip=Full name of server principal for HTTP service including server and domain name. For example 'HTTP/host.foo.org@FOO.ORG'. Use '*' to accept any service principal in the KeyTab file.
  1149. keytab=KeyTab
  1150. keytab.tooltip=Location of Kerberos KeyTab file containing the credentials of server principal. For example /etc/krb5.keytab
  1151. debug=Debug
  1152. debug.tooltip=Enable/disable debug logging to standard output for Krb5LoginModule.
  1153. allow-password-authentication=Allow Password Authentication
  1154. allow-password-authentication.tooltip=Enable/disable possibility of username/password authentication against Kerberos database
  1155. edit-mode=Edit Mode
  1156. edit-mode.tooltip=READ_ONLY means that password updates are not allowed and user always authenticates with Kerberos password. UNSYNCED means that the user can change the password in the Keycloak database and this one will be used instead of the Kerberos password
  1157. ldap.edit-mode.tooltip=READ_ONLY is a read-only LDAP store. WRITABLE means data will be synced back to LDAP on demand. UNSYNCED means user data will be imported, but not synced back to LDAP.
  1158. update-profile-first-login=Update Profile First Login
  1159. update-profile-first-login.tooltip=Update profile on first login
  1160. sync-registrations=Sync Registrations
  1161. ldap.sync-registrations.tooltip=Should newly created users be created within LDAP store? Priority effects which provider is chosen to sync the new user. This setting is effectively appplied only with WRITABLE edit mode.
  1162. import-enabled=Import Users
  1163. ldap.import-enabled.tooltip=If true, LDAP users will be imported into Keycloak DB and synced by the configured sync policies.
  1164. vendor=Vendor
  1165. ldap.vendor.tooltip=LDAP vendor (provider)
  1166. enable-usePasswordModifyExtendedOp=Enable the LDAPv3 Password Modify Extended Operation
  1167. ldap.usePasswordModifyExtendedOp.tooltip=Use the LDAPv3 Password Modify Extended Operation (RFC-3062). The password modify extended operation usually requires that LDAP user already has password in the LDAP server. So when this is used with 'Sync Registrations', it can be good to add also 'Hardcoded LDAP attribute mapper' with randomly generated initial password.
  1168. username-ldap-attribute=Username LDAP attribute
  1169. ldap-attribute-name-for-username=LDAP attribute name for username
  1170. username-ldap-attribute.tooltip=Name of LDAP attribute, which is mapped as Keycloak username. For many LDAP server vendors it can be 'uid'. For Active directory it can be 'sAMAccountName' or 'cn'. The attribute should be filled for all LDAP user records you want to import from LDAP to Keycloak.
  1171. rdn-ldap-attribute=RDN LDAP attribute
  1172. ldap-attribute-name-for-user-rdn=LDAP attribute name for user RDN
  1173. rdn-ldap-attribute.tooltip=Name of LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as Username LDAP attribute, however it is not required. For example for Active directory, it is common to use 'cn' as RDN attribute when username attribute might be 'sAMAccountName'.
  1174. uuid-ldap-attribute=UUID LDAP attribute
  1175. ldap-attribute-name-for-uuid=LDAP attribute name for UUID
  1176. uuid-ldap-attribute.tooltip=Name of LDAP attribute, which is used as unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors, it is 'entryUUID'; however some are different. For example for Active directory it should be 'objectGUID'. If your LDAP server does not support the notion of UUID, you can use any other attribute that is supposed to be unique among LDAP users in tree. For example 'uid' or 'entryDN'.
  1177. user-object-classes=User Object Classes
  1178. ldap-user-object-classes.placeholder=LDAP User Object Classes (div. by comma)
  1179. ldap-connection-url=LDAP connection URL
  1180. ldap-users-dn=LDAP Users DN
  1181. ldap-bind-dn=LDAP Bind DN
  1182. ldap-bind-credentials=LDAP Bind Credentials
  1183. ldap-filter=LDAP Filter
  1184. ldap.user-object-classes.tooltip=All values of LDAP objectClass attribute for users in LDAP divided by comma. For example: 'inetOrgPerson, organizationalPerson' . Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records are found just if they contain all those object classes.
  1185. connection-url=Connection URL
  1186. ldap.connection-url.tooltip=Connection URL to your LDAP server
  1187. test-connection=Test connection
  1188. users-dn=Users DN
  1189. ldap.users-dn.tooltip=Full DN of LDAP tree where your users are. This DN is the parent of LDAP users. It could be for example 'ou=users,dc=example,dc=com' assuming that your typical user will have DN like 'uid=john,ou=users,dc=example,dc=com'
  1190. authentication-type=Bind Type
  1191. ldap.authentication-type.tooltip=Type of the Authentication method used during LDAP Bind operation. It is used in most of the requests sent to the LDAP server. Currently only 'none' (anonymous LDAP authentication) or 'simple' (Bind credential + Bind password authentication) mechanisms are available
  1192. bind-dn=Bind DN
  1193. ldap.bind-dn.tooltip=DN of LDAP admin, which will be used by Keycloak to access LDAP server
  1194. bind-credential=Bind Credential
  1195. ldap.bind-credential.tooltip=Password of LDAP admin. This field is able to obtain its value from vault, use ${vault.ID} format.
  1196. test-authentication=Test authentication
  1197. custom-user-ldap-filter=Custom User LDAP Filter
  1198. ldap.custom-user-ldap-filter.tooltip=Additional LDAP Filter for filtering searched users. Leave this empty if you don't need additional filter. Make sure that it starts with '(' and ends with ')'
  1199. search-scope=Search Scope
  1200. ldap.search-scope.tooltip=For one level, the search applies only for users in the DNs specified by User DNs. For subtree, the search applies to the whole subtree. See LDAP documentation for more details
  1201. use-truststore-spi=Use Truststore SPI
  1202. ldap.use-truststore-spi.tooltip=Specifies whether LDAP connection will use the truststore SPI with the truststore configured in standalone.xml/domain.xml. 'Always' means that it will always use it. 'Never' means that it will not use it. 'Only for ldaps' means that it will use if your connection URL use ldaps. Note even if standalone.xml/domain.xml is not configured, the default Java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.
  1203. validate-password-policy=Validate Password Policy
  1204. connection-pooling=Connection Pooling
  1205. connection-pooling-settings=Connection Pooling Settings
  1206. connection-pooling-authentication=Connection Pooling Authentication
  1207. connection-pooling-authentication-default=none simple
  1208. connection-pooling-debug=Connection Pool Debug Level
  1209. connection-pooling-debug-default=off
  1210. connection-pooling-initsize=Connection Pool Initial Size
  1211. connection-pooling-initsize-default=1
  1212. connection-pooling-maxsize=Connection Pool Maximum Size
  1213. connection-pooling-maxsize-default=1000
  1214. connection-pooling-prefsize=Connection Pool Preferred Size
  1215. connection-pooling-prefsize-default=5
  1216. connection-pooling-protocol=Connection Pool Protocol
  1217. connection-pooling-protocol-default=plain ssl
  1218. connection-pooling-timeout=Connection Pool Timeout
  1219. connection-pooling-timeout-default=300000
  1220. ldap-connection-timeout=Connection Timeout
  1221. ldap.connection-timeout.tooltip=LDAP Connection Timeout in milliseconds
  1222. ldap-read-timeout=Read Timeout
  1223. ldap.read-timeout.tooltip=LDAP Read Timeout in milliseconds. This timeout applies for LDAP read operations
  1224. ldap.validate-password-policy.tooltip=Determines if Keycloak should validate the password with the realm password policy before updating the LDAP mapped user. When this is false, Keycloak password policy would not be applied, which means that password will be updated on LDAP server unless LDAP server itself has some password policy rules. This setting is possible only with WRITABLE edit mode.
  1225. ldap.connection-pooling.tooltip=Determines if Keycloak should use connection pooling for accessing LDAP server
  1226. ldap.connection-pooling.authentication.tooltip=A list of space-separated authentication types of connections that may be pooled. Valid types are "none", "simple", and "DIGEST-MD5".
  1227. ldap.connection-pooling.debug.tooltip=A string that indicates the level of debug output to produce. Valid values are "fine" (trace connection creation and removal) and "all" (all debugging information).
  1228. ldap.connection-pooling.initsize.tooltip=The string representation of an integer that represents the number of connections per connection identity to create when initially creating a connection for the identity.
  1229. ldap.connection-pooling.maxsize.tooltip=The string representation of an integer that represents the maximum number of connections per connection identity that can be maintained concurrently.
  1230. ldap.connection-pooling.prefsize.tooltip=The string representation of an integer that represents the preferred number of connections per connection identity that should be maintained concurrently.
  1231. ldap.connection-pooling.protocol.tooltip=A list of space-separated protocol types of connections that may be pooled. Valid types are "plain" and "ssl".
  1232. ldap.connection-pooling.timeout.tooltip=The string representation of an integer that represents the number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool.
  1233. ldap.pagination.tooltip=Does the LDAP server support pagination.
  1234. ldap.startTls.tooltip=Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling.
  1235. kerberos-integration=Kerberos Integration
  1236. allow-kerberos-authentication=Allow Kerberos authentication
  1237. ldap.allow-kerberos-authentication.tooltip=Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will be provisioned from this LDAP server
  1238. use-kerberos-for-password-authentication=Use Kerberos For Password Authentication
  1239. ldap.use-kerberos-for-password-authentication.tooltip=Use Kerberos login module for authenticate username/password against Kerberos server instead of authenticating against LDAP server with Directory Service API
  1240. batch-size=Batch Size
  1241. ldap.batch-size.tooltip=Count of LDAP users to be imported from LDAP to Keycloak within a single transaction.
  1242. ldap.periodic-full-sync.tooltip=Does periodic full synchronization of LDAP users to Keycloak should be enabled or not
  1243. ldap.periodic-changed-users-sync.tooltip=Does periodic synchronization of changed or newly created LDAP users to Keycloak should be enabled or not
  1244. ldap.changed-users-sync-period.tooltip=Period for synchronization of changed or newly created LDAP users in seconds
  1245. user-federation-mappers=User Federation Mappers
  1246. create-user-federation-mapper=Create user federation mapper
  1247. add-user-federation-mapper=Add user federation mapper
  1248. provider-name=Provider Name
  1249. no-user-federation-providers-configured=No user federation providers configured
  1250. no-user-storage-providers-configured=No user storage providers configured
  1251. add-identity-provider=Add identity provider
  1252. add-identity-provider-link=Add identity provider link
  1253. identity-provider=Identity Provider
  1254. identity-provider-user-id=Identity Provider User ID
  1255. identity-provider-user-id.tooltip=Unique ID of the user on the Identity Provider side
  1256. identity-provider-username=Identity Provider Username
  1257. identity-provider-username.tooltip=Username on the Identity Provider side
  1258. pagination=Pagination
  1259. browser-flow=Browser Flow
  1260. browser-flow.tooltip=Select the flow you want to use for browser authentication.
  1261. registration-flow=Registration Flow
  1262. registration-flow.tooltip=Select the flow you want to use for registration.
  1263. direct-grant-flow=Direct Grant Flow
  1264. direct-grant-flow.tooltip=Select the flow you want to use for direct grant authentication.
  1265. reset-credentials=Reset Credentials
  1266. reset-credentials.tooltip=Select the flow you want to use when the user has forgotten their credentials.
  1267. client-authentication=Client Authentication
  1268. client-authentication.tooltip=Select the flow you want to use for authentication of clients.
  1269. docker-auth=Docker Authentication
  1270. docker-auth.tooltip=Select the flow you want to use for authentication against a docker client.
  1271. new=New
  1272. copy=Copy
  1273. add-execution=Add execution
  1274. add-flow=Add flow
  1275. auth-type=Auth Type
  1276. requirement=Requirement
  1277. config=Config
  1278. no-executions-available=No executions available
  1279. authentication-flows=Authentication Flows
  1280. create-authenticator-config=Create authenticator config
  1281. authenticator.alias.tooltip=Name of the configuration
  1282. otp-type=OTP Type
  1283. time-based=Time Based
  1284. counter-based=Counter Based
  1285. otp-type.tooltip=totp is Time-Based One Time Password. 'hotp' is a counter base one time password in which the server keeps a counter to hash against.
  1286. otp-hash-algorithm=OTP Hash Algorithm
  1287. otp-hash-algorithm.tooltip=What hashing algorithm should be used to generate the OTP.
  1288. number-of-digits=Number of Digits
  1289. otp.number-of-digits.tooltip=How many digits should the OTP have?
  1290. look-ahead-window=Look Ahead Window
  1291. otp.look-ahead-window.tooltip=How far ahead should the server look just in case the token generator and server are out of time sync or counter sync?
  1292. initial-counter=Initial Counter
  1293. otp.initial-counter.tooltip=What should the initial counter value be?
  1294. otp-token-period=OTP Token Period
  1295. otp-token-period.tooltip=How many seconds should an OTP token be valid? Defaults to 30 seconds.
  1296. otp-supported-applications=Supported Applications
  1297. otp-supported-applications.tooltip=Applications that are known to work with the current OTP policy
  1298. table-of-password-policies=Table of Password Policies
  1299. add-policy.placeholder=Add policy...
  1300. policy-type=Policy Type
  1301. policy-value=Policy Value
  1302. webauthn-policy=WebAuthn Policy
  1303. webauthn-policy.tooltip=Policy for WebAuthn authentication. This one will be used by 'WebAuthn Register' required action and 'WebAuthn Authenticator' authenticator. Typical usage is, when WebAuthn will be used for the two-factor authentication.
  1304. webauthn-policy-passwordless=WebAuthn Passwordless Policy
  1305. webauthn-policy-passwordless.tooltip=Policy for passwordless WebAuthn authentication. This one will be used by 'Webauthn Register Passwordless' required action and 'WebAuthn Passwordless Authenticator' authenticator. Typical usage is, when WebAuthn will be used as first-factor authentication. Having both 'WebAuthn Policy' and 'WebAuthn Passwordless Policy' allows to use WebAuthn as both first factor and second factor authenticator in the same realm.
  1306. webauthn-rp-entity-name=Relying Party Entity Name
  1307. webauthn-rp-entity-name.tooltip=Human-readable server name as WebAuthn Relying Party
  1308. webauthn-signature-algorithms=Signature Algorithms
  1309. webauthn-signature-algorithms.tooltip=What signature algorithms should be used for Authentication Assertion.
  1310. webauthn-rp-id=Relying Party ID
  1311. webauthn-rp-id.tooltip=This is ID as WebAuthn Relying Party. It must be origin's effective domain.
  1312. webauthn-attestation-conveyance-preference=Attestation Conveyance Preference
  1313. webauthn-attestation-conveyance-preference.tooltip=Communicates to an authenticator the preference of how to generate an attestation statement.
  1314. webauthn-authenticator-attachment=Authenticator Attachment
  1315. webauthn-authenticator-attachment.tooltip=Communicates to an authenticator an acceptable attachment pattern.
  1316. webauthn-require-resident-key=Require Resident Key
  1317. webauthn-require-resident-key.tooltip=It tells an authenticator create a public key credential as Resident Key or not.
  1318. webauthn-user-verification-requirement=User Verification Requirement
  1319. webauthn-user-verification-requirement.tooltip=Communicates to an authenticator to confirm actually verifying a user.
  1320. webauthn-create-timeout=Timeout
  1321. webauthn-create-timeout.tooltip=Timeout value for creating user's public key credential in seconds. if set to 0, this timeout option is not adapted.
  1322. webauthn-avoid-same-authenticator-register=Avoid Same Authenticator Registration
  1323. webauthn-avoid-same-authenticator-register.tooltip=avoid registering the authenticator that has already been registered.
  1324. webauthn-acceptable-aaguids=Acceptable AAGUIDs
  1325. webauthn-acceptable-aaguids.tooltip=The list of AAGUID of which an authenticator can be registered.
  1326. manage-webauthn-authenticator=Manage WebAuthn Authenticator
  1327. public-key-credential-id=Public Key Credential ID
  1328. public-key-credential-aaguid=Public Key Credential AAGUID
  1329. public-key-credential-label=Public Key Credential Label
  1330. ciba-policy=CIBA Policy
  1331. ciba-backchannel-tokendelivery-mode=Backchannel Token Delivery Mode
  1332. ciba-backchannel-tokendelivery-mode.tooltip=Specifies how the CD(Consumption Device) gets the authentication result and related tokens. This mode will be used by default for the CIBA clients, which do not have other mode explicitly set. The default mode is 'poll'.
  1333. ciba-expires-in=Expires In
  1334. ciba-expires-in.tooltip=The expiration time of the "auth_req_id" in seconds since the authentication request was received.
  1335. ciba-interval=Interval
  1336. ciba-interval.tooltip=The minimum amount of time in seconds that the CD(Consumption Device) must wait between polling requests to the token endpoint.
  1337. ciba-auth-requested-user-hint=Authentication Requested User Hint
  1338. ciba-auth-requested-user-hint.tooltip=The way of identifying the end-user for whom authentication is being requested.
  1339. admin-events=Admin Events
  1340. admin-events.tooltip=Displays saved admin events for the realm. Events are related to admin account, for example a realm creation. To enable persisted events go to config.
  1341. login-events=Login Events
  1342. filter=Filter
  1343. update=Update
  1344. reset=Reset
  1345. operation-types=Operation Types
  1346. resource-types=Resource Types
  1347. select-operations.placeholder=Select operations...
  1348. select-resource-types.placeholder=Select resource types...
  1349. resource-path=Resource Path
  1350. resource-path.tooltip=Filter by resource path. Supports wildcard '*' (for example 'users/*').
  1351. date-(from)=Date (From)
  1352. date-(to)=Date (To)
  1353. authentication-details=Authentication Details
  1354. ip-address=IP Address
  1355. time=Time
  1356. operation-type=Operation Type
  1357. resource-type=Resource Type
  1358. auth=Auth
  1359. representation=Representation
  1360. register=Register
  1361. required-action=Required Action
  1362. default-action=Default Action
  1363. auth.default-action.tooltip=If enabled, any new user will have this required action assigned to it.
  1364. no-required-actions-configured=No required actions configured
  1365. defaults-to-id=Defaults to id
  1366. flows=Flows
  1367. bindings=Bindings
  1368. client-flow-bindings=Authentication Flow Overrides
  1369. client-flow-bindings.tooltip=Override realm authentication flow bindings.
  1370. required-actions=Required Actions
  1371. password-policy=Password Policy
  1372. otp-policy=OTP Policy
  1373. user-groups=User Groups
  1374. default-groups=Default Groups
  1375. groups.default-groups.tooltip=Set of groups that new users will automatically join.
  1376. cut=Cut
  1377. paste=Paste
  1378. create-group=Create group
  1379. create-authenticator-execution=Create Authenticator Execution
  1380. edit-flow=Edit Flow
  1381. create-form-action-execution=Create Form Action Execution
  1382. create-top-level-form=Create Top Level Form
  1383. flow.alias.tooltip=Specifies display name for the flow.
  1384. top-level-flow-type=Top Level Flow Type
  1385. flow.generic=generic
  1386. flow.client=client
  1387. top-level-flow-type.tooltip=What kind of top level flow is it? Type 'client' is used for authentication of clients (applications) when generic is for users and everything else
  1388. create-execution-flow=Create Execution Flow
  1389. flow-type=Flow Type
  1390. flow.form.type=form
  1391. flow.generic.type=generic
  1392. flow-type.tooltip=What kind of form is it
  1393. form-provider=Form Provider
  1394. default-groups.tooltip=Newly created or registered users will automatically be added to these groups
  1395. select-a-type.placeholder=select a type
  1396. available-groups=Available Groups
  1397. available-groups.tooltip=Select a group you want to add as a default.
  1398. value=Value
  1399. table-of-group-members=Table of group members
  1400. table-of-role-members=Table of role members
  1401. last-name=Last Name
  1402. first-name=First Name
  1403. email=Email
  1404. toggle-navigation=Toggle navigation
  1405. manage-account=Manage account
  1406. sign-out=Sign Out
  1407. server-info=Server Info
  1408. resource-not-found=Resource <strong>not found</strong>...
  1409. resource-not-found.instruction=We could not find the resource you are looking for. Please make sure the URL you entered is correct.
  1410. go-to-the-home-page=Go to the home page &raquo;
  1411. page-not-found=Page <strong>not found</strong>...
  1412. page-not-found.instruction=We could not find the page you are looking for. Please make sure the URL you entered is correct.
  1413. events.tooltip=Displays saved events for the realm. Events are related to user accounts, for example a user login. To enable persisted events go to config.
  1414. select-event-types.placeholder=Select event types...
  1415. events-config.tooltip=Displays configuration options to enable persistence of user and admin events.
  1416. select-an-action.placeholder=Select an action...
  1417. event-listeners.tooltip=Configure what listeners receive events for the realm.
  1418. login.save-events.tooltip=If enabled, login events are saved to the database, which makes events available to the admin and account management consoles.
  1419. clear-events.tooltip=Deletes all events in the database.
  1420. events.expiration.tooltip=Sets the expiration for events. Expired events are periodically deleted from the database.
  1421. admin-events-settings=Admin Events Settings
  1422. save-events=Save Events
  1423. admin.save-events.tooltip=If enabled, admin events are saved to the database, which makes events available to the admin console.
  1424. saved-types.tooltip=Configure what event types are saved.
  1425. include-representation=Include Representation
  1426. include-representation.tooltip=Include JSON representation for create and update requests.
  1427. clear-admin-events.tooltip=Deletes all admin events in the database.
  1428. server-version=Server Version
  1429. server-profile=Server Profile
  1430. server-disabled=Disabled Features
  1431. server-disabled.tooltip=Features that are not currently enabled. Some features are not enabled by default. This applies to all preview and experimental features.
  1432. server-preview=Preview Features
  1433. server-preview.tooltip=Preview features are not supported in production use and may be significantly changed or removed in the future.
  1434. server-experimental=Experimental Features
  1435. server-experimental.tooltip=Experimental features, which may not be fully functional. Never use experimental features in production.
  1436. info=Info
  1437. providers=Providers
  1438. server-time=Server Time
  1439. server-uptime=Server Uptime
  1440. profile=Profile
  1441. memory=Memory
  1442. total-memory=Total Memory
  1443. free-memory=Free Memory
  1444. used-memory=Used Memory
  1445. system=System
  1446. current-working-directory=Current Working Directory
  1447. java-version=Java Version
  1448. java-vendor=Java Vendor
  1449. java-runtime=Java Runtime
  1450. java-vm=Java VM
  1451. java-vm-version=Java VM Version
  1452. java-home=Java Home
  1453. user-name=User Name
  1454. user-timezone=User Timezone
  1455. user-locale=User Locale
  1456. system-encoding=System Encoding
  1457. operating-system=Operating System
  1458. os-architecture=OS Architecture
  1459. spi=SPI
  1460. granted-client-scopes=Granted Client Scopes
  1461. additional-grants=Additional Grants
  1462. consent-created-date=Created
  1463. consent-last-updated-date=Last updated
  1464. revoke=Revoke
  1465. new-password=New Password
  1466. password-confirmation=Password Confirmation
  1467. reset-password=Reset Password
  1468. set-password=Set Password
  1469. credentials.temporary.tooltip=If enabled, the user must change the password on next login
  1470. remove-totp=Remove OTP
  1471. credentials.remove-totp.tooltip=Remove one time password generator for user.
  1472. reset-actions=Reset Actions
  1473. credentials.reset-actions.tooltip=Set of actions to execute when sending the user a Reset Actions Email. 'Verify email' sends an email to the user to verify their email address. 'Update profile' requires user to enter in new personal information. 'Update password' requires user to enter in a new password. 'Configure OTP' requires setup of a mobile password generator.
  1474. reset-actions-email=Reset Actions Email
  1475. send-email=Send email
  1476. credentials.reset-actions-email.tooltip=Sends an email to user with an embedded link. Clicking the link enables the user to execute the reset actions without first logging in. For example, set the action to update password, click this button, and the user can change the password without logging in.
  1477. add-user=Add user
  1478. created-at=Created At
  1479. user-enabled=User Enabled
  1480. user-enabled.tooltip=A disabled user cannot login.
  1481. user-temporarily-locked=User Temporarily Locked
  1482. user-temporarily-locked.tooltip=The user may be locked due to multiple failed attempts to log in.
  1483. unlock-user=Unlock user
  1484. federation-link=Federation Link
  1485. email-verified=Email Verified
  1486. email-verified.tooltip=Has the user's email been verified?
  1487. groups-joining=Groups
  1488. groups-joining.tooltip=Groups the user will be joining. To add a group, search for any existing one and select it.
  1489. groups-joining-select.placeholder=Select existing group
  1490. groups-joining-no-selected=No group selected
  1491. groups-joining-path=Path
  1492. required-user-actions=Required User Actions
  1493. required-user-actions.tooltip=Require an action when the user logs in. 'Verify email' sends an email to the user to verify their email address. 'Update profile' requires user to enter in new personal information. 'Update password' requires user to enter in a new password. 'Configure OTP' requires setup of a mobile password generator.
  1494. locale=Locale
  1495. select-one.placeholder=Select one...
  1496. impersonate=Impersonate
  1497. impersonate-user=Impersonate user
  1498. impersonate-user.tooltip=Login as this user. If user is in same realm as you, your current login session will be logged out before you are logged in as this user.
  1499. identity-provider-alias=Identity Provider Alias
  1500. provider-user-id=Provider User ID
  1501. provider-username=Provider Username
  1502. no-identity-provider-links-available=No identity provider links available
  1503. group-membership=Group Membership
  1504. leave=Leave
  1505. group-membership.tooltip=Groups where the user has membership. To leave a group, select it and click Leave.
  1506. membership.available-groups.tooltip=Groups a user can join. Select a group and click Join.
  1507. table-of-realm-users=Table of Realm Users
  1508. view-all-users=View all users
  1509. view-all-groups=View all groups
  1510. view-all-roles=View all roles
  1511. unlock-users=Unlock users
  1512. no-users-available=No users available
  1513. users.instruction=Please enter a search, or click on view all users
  1514. clients.instruction=Please enter a search
  1515. consents=Consents
  1516. started=Started
  1517. logout-all-sessions=Log out all sessions
  1518. logout=Logout
  1519. new-name=New Name
  1520. new-description=New Description
  1521. ok=Ok
  1522. attributes=Attributes
  1523. role-mappings=Role Mappings
  1524. members=Members
  1525. details=Details
  1526. identity-provider-links=Identity Provider Links
  1527. register-required-action=Register required action
  1528. gender=Gender
  1529. address=Address
  1530. phone=Phone
  1531. profile-url=Profile URL
  1532. picture-url=Picture URL
  1533. website=Website
  1534. import-keys-and-cert=Import keys and cert
  1535. import-keys-and-cert.tooltip=Upload the client's key pair and cert.
  1536. upload-keys=Upload Keys
  1537. download-keys-and-cert=Download keys and cert
  1538. no-value-assigned.placeholder=No value assigned
  1539. remove=Remove
  1540. no-group-members=No group members
  1541. no-role-members=No role members
  1542. temporary=Temporary
  1543. join=Join
  1544. event-type=Event Type
  1545. events-config=Events Config
  1546. event-listeners=Event Listeners
  1547. login-events-settings=Login Events Settings
  1548. clear-events=Clear events
  1549. saved-types=Saved Types
  1550. clear-admin-events=Clear admin events
  1551. clear-changes=Clear changes
  1552. error=Error
  1553. # Authz
  1554. # Authz Common
  1555. authz-authorization=Authorization
  1556. authz-owner=Owner
  1557. authz-uri=URI
  1558. authz-uris=URIS
  1559. authz-scopes=Scopes
  1560. authz-resource=Resource
  1561. authz-resource-type=Resource Type
  1562. authz-resources=Resources
  1563. authz-scope=Scope
  1564. authz-authz-scopes=Authorization Scopes
  1565. authz-policies=Policies
  1566. authz-policy=Policy
  1567. authz-permissions=Permissions
  1568. authz-users=Users in Role
  1569. authz-evaluate=Evaluate
  1570. authz-icon-uri=Icon URI
  1571. authz-icon-uri.tooltip=An URI pointing to an icon.
  1572. authz-select-scope=Select a scope
  1573. authz-select-resource=Select a resource
  1574. authz-associated-policies=Associated Policies
  1575. authz-any-resource=Any resource
  1576. authz-any-scope=Any scope
  1577. authz-any-role=Any role
  1578. authz-policy-evaluation=Policy Evaluation
  1579. authz-select-user=Select a user
  1580. authz-select-client=Select a client
  1581. authz-entitlements=Entitlements
  1582. authz-no-resources=No resources
  1583. authz-result=Result
  1584. authz-authorization-services-enabled=Authorization Enabled
  1585. authz-authorization-services-enabled.tooltip=Enable/Disable fine-grained authorization support for a client
  1586. authz-required=Required
  1587. authz-show-details=Show Details
  1588. authz-hide-details=Hide Details
  1589. authz-associated-permissions=Associated Permissions
  1590. authz-no-permission-associated=No permissions associated
  1591. # Authz Settings
  1592. authz-import-config.tooltip=Import a JSON file containing authorization settings for this resource server.
  1593. authz-policy-enforcement-mode=Policy Enforcement Mode
  1594. authz-policy-enforcement-mode.tooltip=The policy enforcement mode dictates how policies are enforced when evaluating authorization requests. 'Enforcing' means requests are denied by default even when there is no policy associated with a given resource. 'Permissive' means requests are allowed even when there is no policy associated with a given resource. 'Disabled' completely disables the evaluation of policies and allows access to any resource.
  1595. authz-policy-enforcement-mode-enforcing=Enforcing
  1596. authz-policy-enforcement-mode-permissive=Permissive
  1597. authz-policy-enforcement-mode-disabled=Disabled
  1598. authz-remote-resource-management=Remote Resource Management
  1599. authz-remote-resource-management.tooltip=Should resources be managed remotely by the resource server? If false, resources can be managed only from this admin console.
  1600. authz-export-settings=Export Settings
  1601. authz-export-settings.tooltip=Export and download all authorization settings for this resource server.
  1602. authz-server-decision-strategy.tooltip=The decision strategy dictates how permissions are evaluated and how a final decision is obtained. 'Affirmative' means that at least one permission must evaluate to a positive decision in order to grant access to a resource and its scopes. 'Unanimous' means that all permissions must evaluate to a positive decision in order for the final decision to be also positive.
  1603. # Authz Resource List
  1604. authz-no-resources-available=No resources available.
  1605. authz-no-scopes-assigned=No scopes assigned.
  1606. authz-no-type-defined=No type defined.
  1607. authz-no-uri-defined=No URI defined.
  1608. authz-no-permission-assigned=No permission assigned.
  1609. authz-no-policy-assigned=No policy assigned.
  1610. authz-create-permission=Create Permission
  1611. # Authz Resource Detail
  1612. authz-add-resource=Add Resource
  1613. authz-resource-name.tooltip=A unique name for this resource. The name can be used to uniquely identify a resource, useful when querying for a specific resource.
  1614. authz-resource-owner.tooltip=The owner of this resource.
  1615. authz-resource-type.tooltip=The type of this resource. It can be used to group different resource instances with the same type.
  1616. authz-resource-uri.tooltip=Set of URIs which are protected by resource.
  1617. authz-resource-scopes.tooltip=The scopes associated with this resource.
  1618. authz-resource-attributes=Resource Attributes
  1619. authz-resource-attributes.tooltip=The attributes associated wth the resource.
  1620. authz-resource-user-managed-access-enabled=User-Managed Access Enabled
  1621. authz-resource-user-managed-access-enabled.tooltip=If enabled, the access to this resource can be managed by the resource owner.
  1622. # Authz Scope List
  1623. authz-add-scope=Add Scope
  1624. authz-no-scopes-available=No scopes available.
  1625. # Authz Scope Detail
  1626. authz-scope-name.tooltip=A unique name for this scope. The name can be used to uniquely identify a scope, useful when querying for a specific scope.
  1627. # Authz Policy List
  1628. authz-all-types=All types
  1629. authz-create-policy=Create Policy
  1630. authz-no-policies-available=No policies available.
  1631. # Authz Policy Detail
  1632. authz-policy-name.tooltip=The name of this policy.
  1633. authz-policy-description.tooltip=A description for this policy.
  1634. authz-policy-logic=Logic
  1635. authz-policy-logic-positive=Positive
  1636. authz-policy-logic-negative=Negative
  1637. authz-policy-logic.tooltip=The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
  1638. authz-policy-apply-policy=Apply Policy
  1639. authz-policy-apply-policy.tooltip=Specifies all the policies that must be applied to the scopes defined by this policy or permission.
  1640. authz-policy-decision-strategy=Decision Strategy
  1641. authz-policy-decision-strategy.tooltip=The decision strategy dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. 'Affirmative' means that at least one policy must evaluate to a positive decision in order for the final decision to be also positive. 'Unanimous' means that all policies must evaluate to a positive decision in order for the final decision to be also positive. 'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.
  1642. authz-policy-decision-strategy-affirmative=Affirmative
  1643. authz-policy-decision-strategy-unanimous=Unanimous
  1644. authz-policy-decision-strategy-consensus=Consensus
  1645. authz-select-a-policy=Select existing policy
  1646. authz-no-policies-assigned=No policies assigned.
  1647. # Authz Role Policy Detail
  1648. authz-add-role-policy=Add Role Policy
  1649. authz-no-roles-assigned=No roles assigned.
  1650. authz-policy-role-realm-roles.tooltip=Specifies the *realm* roles allowed by this policy.
  1651. authz-policy-role-clients.tooltip=Selects a client in order to filter the client roles that can be applied to this policy.
  1652. authz-policy-role-client-roles.tooltip=Specifies the client roles allowed by this policy.
  1653. # Authz User Policy Detail
  1654. authz-add-user-policy=Add User Policy
  1655. authz-no-users-assigned=No users assigned.
  1656. authz-policy-user-users.tooltip=Specifies which user(s) are allowed by this policy.
  1657. # Authz Client Policy Detail
  1658. authz-add-client-policy=Add Client Policy
  1659. authz-no-clients-assigned=No clients assigned.
  1660. authz-policy-client-clients.tooltip=Specifies which client(s) are allowed by this policy.
  1661. # Authz Time Policy Detail
  1662. authz-add-time-policy=Add Time Policy
  1663. authz-policy-time-not-before.tooltip=Defines the time before which the policy MUST NOT be granted. Only granted if current date/time is after or equal to this value.
  1664. authz-policy-time-not-on-after=Not On or After
  1665. authz-policy-time-not-on-after.tooltip=Defines the time after which the policy MUST NOT be granted. Only granted if current date/time is before or equal to this value.
  1666. authz-policy-time-day-month=Day of Month
  1667. authz-policy-time-day-month.tooltip=Defines the day of month when the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current day of month is between or equal to the two values you provided.
  1668. authz-policy-time-month=Month
  1669. authz-policy-time-month.tooltip=Defines the month which the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current month is between or equal to the two values you provided.
  1670. authz-policy-time-year=Year
  1671. authz-policy-time-year.tooltip=Defines the year when the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current year is between or equal to the two values you provided.
  1672. authz-policy-time-hour=Hour
  1673. authz-policy-time-hour.tooltip=Defines the hour when the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current hour is between or equal to the two values you provided.
  1674. authz-policy-time-minute=Minute
  1675. authz-policy-time-minute.tooltip=Defines the minute when the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current minute is between or equal to the two values you provided.
  1676. # Authz JS Policy Detail
  1677. authz-add-js-policy=Add JavaScript Policy
  1678. authz-policy-js-code=Code
  1679. authz-policy-js-code.tooltip=The JavaScript code providing the conditions for this policy.
  1680. # Authz Aggregated Policy Detail
  1681. authz-aggregated=Aggregated
  1682. authz-add-aggregated-policy=Add Aggregated Policy
  1683. # Authz Group Policy Detail
  1684. authz-add-group-policy=Add Group Policy
  1685. authz-no-groups-assigned=No groups assigned.
  1686. authz-policy-group-claim=Groups Claim
  1687. authz-policy-group-claim.tooltip=If defined, the policy will fetch user's groups from the given claim within an access token or ID token representing the identity asking permissions. If not defined, user's groups are obtained from your realm configuration.
  1688. authz-policy-group-groups.tooltip=Specifies the groups allowed by this policy.
  1689. # Authz Client Scope Policy Detail
  1690. authz-add-client-scope-policy=Add Client Scope Policy
  1691. authz-no-client-scopes-assigned=No client scopes assigned.
  1692. authz-policy-client-scope-client-scopes.tooltip=Specifies which client scope(s) are allowed by this policy.
  1693. select-a-client-scope=Select a client scope
  1694. # Authz Regex Policy Detail
  1695. authz-add-regex-policy=Add Regex Policy
  1696. regex=Regex
  1697. authz-policy-target-claim=Target Claim
  1698. authz-policy-target-claim.tooltip=Specifies the target claim which the policy will fetch.
  1699. authz-policy-regex-pattern=Regex Pattern
  1700. authz-policy-regex-pattern.tooltip=Specifies the regex pattern.
  1701. # Authz Permission List
  1702. authz-no-permissions-available=No permissions available.
  1703. # Authz Permission Detail
  1704. authz-permission-name.tooltip=The name of this permission.
  1705. authz-permission-description.tooltip=A description for this permission.
  1706. # Authz Resource Permission Detail
  1707. authz-add-resource-permission=Add Resource Permission
  1708. authz-permission-resource-apply-to-resource-type=Apply to Resource Type
  1709. authz-permission-resource-apply-to-resource-type.tooltip=Specifies if this permission should be applied to all resources with a given type. In this case, this permission will be evaluated for all instances of a given resource type.
  1710. authz-permission-resource-resource.tooltip=Specifies that this permission must be applied to a specific resource instance.
  1711. authz-permission-resource-type.tooltip=Specifies that this permission must be applied to all resources instances of a given type.
  1712. # Authz Scope Permission Detail
  1713. authz-add-scope-permission=Add Scope Permission
  1714. authz-permission-scope-resource.tooltip=Restrict the scopes to those associated with the selected resource. If not selected all scopes would be available.
  1715. authz-permission-scope-scope.tooltip=Specifies that this permission must be applied to one or more scopes.
  1716. # Authz Evaluation
  1717. authz-evaluation-identity-information=Identity Information
  1718. authz-evaluation-identity-information.tooltip=The available options to configure the identity information that will be used when evaluating policies.
  1719. authz-evaluation-client.tooltip=Select the client making this authorization request. If not provided, authorization requests would be done based on the client you are in.
  1720. authz-evaluation-user.tooltip=Select a user whose identity is going to be used to query permissions from the server.
  1721. authz-evaluation-role.tooltip=Select the roles you want to associate with the selected user.
  1722. authz-evaluation-new=New Evaluation
  1723. authz-evaluation-re-evaluate=Re-Evaluate
  1724. authz-evaluation-previous=Previous Evaluation
  1725. authz-evaluation-contextual-info=Contextual Information
  1726. authz-evaluation-contextual-info.tooltip=The available options to configure any contextual information that will be used when evaluating policies.
  1727. authz-evaluation-contextual-attributes=Contextual Attributes
  1728. authz-evaluation-contextual-attributes.tooltip=Any attribute provided by a running environment or execution context.
  1729. authz-evaluation-permissions.tooltip=The available options to configure the permissions to which policies will be applied.
  1730. authz-evaluation-evaluate=Evaluate
  1731. authz-evaluation-any-resource-with-scopes=Any resource with scope(s)
  1732. authz-evaluation-no-result=Could not obtain any result for the given authorization request. Check if the provided resource(s) or scope(s) are associated with any policy.
  1733. authz-evaluation-no-policies-resource=No policies were found for this resource.
  1734. authz-evaluation-result.tooltip=The overall result for this permission request.
  1735. authz-evaluation-scopes.tooltip=The list of allowed scopes.
  1736. authz-evaluation-policies.tooltip=Details about which policies were evaluated and their decisions.
  1737. authz-evaluation-authorization-data=Response
  1738. authz-evaluation-authorization-data.tooltip=Represents a token carrying authorization data as a result of the processing of an authorization request. This representation is basically what Keycloak issues to clients asking for permissions. Check the 'authorization' claim for the permissions that were granted based on the current authorization request.
  1739. authz-show-authorization-data=Show Authorization Data
  1740. keys=Keys
  1741. status=Status
  1742. keystore=Keystore
  1743. keystores=Keystores
  1744. add-keystore=Add Keystore
  1745. add-keystore.placeholder=Add keystore...
  1746. view=View
  1747. active=Active
  1748. passive=Passive
  1749. disabled=Disabled
  1750. algorithm=Algorithm
  1751. providerHelpText=Provider description
  1752. Sunday=Sunday
  1753. Monday=Monday
  1754. Tuesday=Tuesday
  1755. Wednesday=Wednesday
  1756. Thursday=Thursday
  1757. Friday=Friday
  1758. Saturday=Saturday
  1759. user-storage-cache-policy=Cache Settings
  1760. userStorage.cachePolicy=Cache Policy
  1761. userStorage.cachePolicy.option.DEFAULT=DEFAULT
  1762. userStorage.cachePolicy.option.EVICT_WEEKLY=EVICT_WEEKLY
  1763. userStorage.cachePolicy.option.EVICT_DAILY=EVICT_DAILY
  1764. userStorage.cachePolicy.option.MAX_LIFESPAN=MAX_LIFESPAN
  1765. userStorage.cachePolicy.option.NO_CACHE=NO_CACHE
  1766. userStorage.cachePolicy.tooltip=Cache Policy for this storage provider. 'DEFAULT' is whatever the default settings are for the global cache. 'EVICT_DAILY' is a time of day every day that the cache will be invalidated. 'EVICT_WEEKLY' is a day of the week and time the cache will be invalidated. 'MAX-LIFESPAN' is the time in milliseconds that will be the lifespan of a cache entry.
  1767. userStorage.cachePolicy.evictionDay=Eviction Day
  1768. userStorage.cachePolicy.evictionDay.tooltip=Day of the week the entry will become invalid on
  1769. userStorage.cachePolicy.evictionHour=Eviction Hour
  1770. userStorage.cachePolicy.evictionHour.tooltip=Hour of day the entry will become invalid on.
  1771. userStorage.cachePolicy.evictionMinute=Eviction Minute
  1772. userStorage.cachePolicy.evictionMinute.tooltip=Minute of day the entry will become invalid on.
  1773. userStorage.cachePolicy.maxLifespan=Max Lifespan
  1774. userStorage.cachePolicy.maxLifespan.tooltip=Max lifespan of cache entry in milliseconds.
  1775. user-origin-link=Storage Origin
  1776. user-origin.tooltip=UserStorageProvider the user was loaded from
  1777. user-link.tooltip=UserStorageProvider this locally stored user was imported from.
  1778. client-origin-link=Storage Origin
  1779. client-origin.tooltip=Provider the client was loaded from
  1780. client-storage-cache-policy=Cache Settings
  1781. clientStorage.cachePolicy=Cache Policy
  1782. clientStorage.cachePolicy.option.DEFAULT=DEFAULT
  1783. clientStorage.cachePolicy.option.EVICT_WEEKLY=EVICT_WEEKLY
  1784. clientStorage.cachePolicy.option.EVICT_DAILY=EVICT_DAILY
  1785. clientStorage.cachePolicy.option.MAX_LIFESPAN=MAX_LIFESPAN
  1786. clientStorage.cachePolicy.option.NO_CACHE=NO_CACHE
  1787. clientStorage.cachePolicy.tooltip=Cache Policy for this storage provider. 'DEFAULT' is whatever the default settings are for the global cache. 'EVICT_DAILY' is a time of day every day that the cache will be invalidated. 'EVICT_WEEKLY' is a day of the week and time the cache will be invalidated. 'MAX-LIFESPAN' is the time in milliseconds that will be the lifespan of a cache entry.
  1788. clientStorage.cachePolicy.evictionDay=Eviction Day
  1789. clientStorage.cachePolicy.evictionDay.tooltip=Day of the week the entry will become invalid on
  1790. clientStorage.cachePolicy.evictionHour=Eviction Hour
  1791. clientStorage.cachePolicy.evictionHour.tooltip=Hour of day the entry will become invalid on.
  1792. clientStorage.cachePolicy.evictionMinute=Eviction Minute
  1793. clientStorage.cachePolicy.evictionMinute.tooltip=Minute of day the entry will become invalid on.
  1794. clientStorage.cachePolicy.maxLifespan=Max Lifespan
  1795. clientStorage.cachePolicy.maxLifespan.tooltip=Max lifespan of cache entry in milliseconds.
  1796. client-storage-list-no-entries=Keycloak can federate external client databases. By default, we support Openshift OAuth clients and service accounts. To get started, select a provider from the dropdown below:
  1797. disable=Disable
  1798. disableable-credential-types=Disableable Types
  1799. credentials.disableable.tooltip=List of credential types that you can disable
  1800. disable-credential-types=Disable Credential Types
  1801. credentials.disable.tooltip=Click button to disable selected credential types
  1802. credential-types=Credential Types
  1803. manage-user-password=Manage Password
  1804. supported-user-storage-credential-types=Supported User Storage Credential Types
  1805. supported-user-storage-credential-types.tooltip=Credential types, which are provided by User Storage Provider and which are configured for this user. Validation and eventually update of the credentials of those types can be delegated to the User Storage Provider based on the configuration and implementation of the particular provider.
  1806. provided-by=Provided By
  1807. manage-credentials=Manage Credentials
  1808. manage-credentials.tooltip=Credentials, which are not provided by the user storage. They are saved in the local database.
  1809. disable-credentials=Disable Credentials
  1810. credential-reset-actions=Credential Reset
  1811. credential-reset-actions-timeout=Expires In
  1812. credential-reset-actions-timeout.tooltip=Maximum time before the action permit expires.
  1813. ldap-mappers=LDAP Mappers
  1814. create-ldap-mapper=Create LDAP mapper
  1815. map-role-mgmt-scope-description=Policies that decide if an administrator can map this role to a user or group
  1816. manage-authz-users-scope-description=Policies that decide if an administrator can manage all users in the realm
  1817. view-authz-users-scope-description=Policies that decide if an administrator can view all users in realm
  1818. permissions-enabled-role=Permissions Enabled
  1819. permissions-enabled-role.tooltip=Determines if fine grained permissions are enabled for managing this role. Disabling will delete all current permissions that have been set up.
  1820. manage-permissions-role.tooltip=Fine grained permissions for managing roles. For example, you can define different policies for who is allowed to map a role.
  1821. lookup=Lookup
  1822. manage-permissions-users.tooltip=Fine grained permissions for managing all users in realm. You can define different policies for who is allowed to manage users in the realm.
  1823. permissions-enabled-users=Permissions Enabled
  1824. permissions-enabled-users.tooltip=Determines if fined grain permissions are enabled for managing users. Disabling will delete all current permissions that have been set up.
  1825. manage-permissions-client.tooltip=Fine grained permissions for administrators that want to manage this client or apply roles defined by this client.
  1826. manage-permissions-group.tooltip=Fine grained permissions for administrators that want to manage this group or the members of this group.
  1827. manage-authz-group-scope-description=Policies that decide if an administrator can manage this group
  1828. view-authz-group-scope-description=Policies that decide if an administrator can view this group
  1829. view-members-authz-group-scope-description=Policies that decide if an administrator can view the members of this group
  1830. token-exchange-authz-client-scope-description=Policies that decide which clients are allowed exchange tokens for a token that is targeted to this client.
  1831. token-exchange-authz-idp-scope-description=Policies that decide which clients are allowed exchange tokens for an external token minted by this identity provider.
  1832. manage-authz-client-scope-description=Policies that decide if an administrator can manage this client
  1833. configure-authz-client-scope-description=Reduced management permissions for administrator. Cannot set scope, template, or protocol mappers.
  1834. view-authz-client-scope-description=Policies that decide if an administrator can view this client
  1835. map-roles-authz-client-scope-description=Policies that decide if an administrator can map roles defined by this client
  1836. map-roles-client-scope-authz-client-scope-description=Policies that decide if an administrator can apply roles defined by this client to the client scope of another client
  1837. map-roles-composite-authz-client-scope-description=Policies that decide if an administrator can apply roles defined by this client as a composite to another role
  1838. map-role-authz-role-scope-description=Policies that decide if an administrator can map this role to a user or group
  1839. map-role-client-scope-authz-role-scope-description=Policies that decide if an administrator can apply this role to the client scope of a client
  1840. map-role-composite-authz-role-scope-description=Policies that decide if an administrator can apply this role as a composite to another role
  1841. manage-group-membership-authz-users-scope-description=Policies that decide if an administrator can manage group membership for all users in the realm. This is used in conjunction with specific group policy
  1842. impersonate-authz-users-scope-description=Policies that decide if administrator can impersonate other users
  1843. map-roles-authz-users-scope-description=Policies that decide if administrator can map roles for all users
  1844. user-impersonated-authz-users-scope-description=Policies that decide which users can be impersonated. These policies are applied to the user being impersonated.
  1845. manage-membership-authz-group-scope-description=Policies that decide if an administrator can add or remove users from this group
  1846. manage-members-authz-group-scope-description=Policies that decide if an administrator can manage the members of this group
  1847. # KEYCLOAK-6771 Certificate Bound Token
  1848. # https://tools.ietf.org/html/draft-ietf-oauth-mtls-08#section-3
  1849. advanced-client-settings=Advanced Settings
  1850. advanced-client-settings.tooltip=Expand this section to configure advanced settings of this client
  1851. tls-client-certificate-bound-access-tokens=OAuth 2.0 Mutual TLS Certificate Bound Access Tokens Enabled
  1852. tls-client-certificate-bound-access-tokens.tooltip=This enables support for OAuth 2.0 Mutual TLS Certificate Bound Access Tokens, which means that keycloak bind an access token and a refresh token with a X.509 certificate of a token requesting client exchanged in mutual TLS between keycloak's Token Endpoint and this client. These tokens can be treated as Holder-of-Key tokens instead of bearer tokens.
  1853. # PAR request parameters.
  1854. require-pushed-authorization-requests=Pushed Authorization Request Required
  1855. require-pushed-authorization-requests.tooltip=Boolean parameter indicating whether the authorization server accepts authorization request data only via the pushed authorization request method.
  1856. request-uri-lifespan=Lifetime of the Request URI for Pushed Authorization Request
  1857. request-uri-lifespan.tooltip=Number that represents the lifetime of the request URI in minutes or hours, the default value is 1 minute.
  1858. subjectdn=Subject DN
  1859. subjectdn-tooltip=The expected Subject DN, which should match DN from client certificate. In case that 'Allow Regex Pattern Comparison' allowed, this can contain regular expression for validating Subject DN in the Client Certificate. Use "(.*?)(?:$)" to match all kind of expressions.
  1860. allow-regex-pattern-comparison=Allow Regex Pattern Comparison
  1861. allow-regex-pattern-comparison.tooltip=If OFF, then the Subject DN from given client certificate must exactly match the given DN from the 'Subject DN' property as described in the RFC8705 specification. The Subject DN can be in the RFC2553 or RFC1779 format. If ON, then the Subject DN from given client certificate should match regex specified by 'Subject DN' property.
  1862. pkce-code-challenge-method=Proof Key for Code Exchange Code Challenge Method
  1863. pkce-code-challenge-method.tooltip=Choose which code challenge method for PKCE is used. If not specified, keycloak does not applies PKCE to a client unless the client sends an authorization request with appropriate code challenge and code exchange method.
  1864. use-idtoken-as-detached-signature=Use ID Token as a Detached Signature
  1865. use-idtoken-as-detached-signature.tooltip=This makes ID token returned from Authorization Endpoint in OIDC Hybrid flow use as a detached signature defined in FAPI 1.0 Advanced Security Profile. Therefore, this ID token does not include an authenticated user's information.
  1866. key-not-allowed-here=Key '{{character}}' is not allowed here.
  1867. # KEYCLOAK-10927 Implement LDAPv3 Password Modify Extended Operation
  1868. advanced-ldap-settings=Advanced Settings
  1869. ldap-query-supported-extensions=Query Supported Extensions
  1870. ldap-query-supported-extensions.tooltip=This will query LDAP server for supported extensions, controls and features. Some advanced settings of the LDAP provider will be then automatically configured based on the capabilities/extensions/features supported by LDAP server. For example if LDAPv3 Password Modify extension is supported by LDAP server, corresponding switch will be enabled for LDAP provider.
  1871. notifications.info.header=Info!
  1872. notifications.success.header=Success!
  1873. notifications.error.header=Error!
  1874. notifications.warn.header=Warning!
  1875. dialogs.delete.title=Delete {{type}}
  1876. dialogs.delete.message=Are you sure you want to permanently delete the {{type}} {{name}}?
  1877. dialogs.delete.confirm=Delete
  1878. dialogs.cancel=Cancel
  1879. dialogs.ok=Ok
  1880. use=Use
  1881. user.profile.attribute=Attribute
  1882. user.profile.attribute.name=Name
  1883. user.profile.attribute.name.tooltip=The name of the attribute.
  1884. user.profile.attribute.displayName=Display name
  1885. user.profile.attribute.displayName.tooltip=Display name for the attribute. Supports keys for localized values as well. For example\: ${profile.attribute.phoneNumber}.
  1886. user.profile.attribute.selector.scopes=Enabled when scope
  1887. user.profile.attribute.selector.scopes.tooltip=Set the attribute as enabled only when a set of one or more scopes are requested by clients. This constraint only applies to flows where clients are able to ask for scopes (e.g.: during login or registration).
  1888. user.profile.attribute.required=Required
  1889. user.profile.attribute.required.tooltip=Set the attribute as required. If enabled, the attribute must be set by users and administrators. Otherwise, the attribute is optional.
  1890. user.profile.attribute.required.roles=Required for roles
  1891. user.profile.attribute.required.roles.tooltip=Set the attribute as required for specific types of users. If set to 'user', the attribute is required for users. If set to 'admin' the attribute is required only for administrators.
  1892. user.profile.attribute.required.scopes=Required for scopes
  1893. user.profile.attribute.required.scopes.tooltip=Set the attribute as required only when a set of one or more scopes are requested by clients. This constraint only applies to flows where clients are able to ask for scopes (e.g.: during login or registration).
  1894. user.profile.attribute.permission=Permission
  1895. user.profile.attribute.canUserView=Can user view?
  1896. user.profile.attribute.canUserView.tooltip=If enabled, users can view the attribute. Otherwise, users don't have access to the attribute.
  1897. user.profile.attribute.canUserEdit=Can user edit?
  1898. user.profile.attribute.canUserEdit.tooltip=If enabled, users can view and edit the attribute. Otherwise, users don't have access to write to the attribute.
  1899. user.profile.attribute.canAdminView=Can admin view?
  1900. user.profile.attribute.canAdminView.tooltip=If enabled, administrators can view the attribute. Otherwise, administrators don't have access to the attribute.
  1901. user.profile.attribute.canAdminEdit=Can admin edit?
  1902. user.profile.attribute.canAdminEdit.tooltip=If enabled, administrators can view and edit the attribute. Otherwise, administrators don't have access to write to the attribute.
  1903. user.profile.attribute.validation=Validation
  1904. user.profile.attribute.validation.add.validator=Add Validator
  1905. user.profile.attribute.validation.add.validator.tooltip=Select a validator to enforce specific constraints to the attribute value.
  1906. user.profile.attribute.validation.no.validators=No validators.
  1907. user.profile.attribute.annotation=Annotation
  1908. user.profile.attribute.group=Attribute Group
  1909. attribute-groups=Attribute Groups
  1910. user.profile.attributegroup.displayHeader=Display header
  1911. user.profile.attributegroup.displayHeader.tooltip=A user-friendly name for the group that should be used when rendering a group of attributes in user-facing forms. Supports keys for localized values as well. For example\: ${profile.attribute.group.address}.
  1912. user.profile.attributegroup.displayDescription=Display description
  1913. user.profile.attributegroup.displayDescription.tooltip=A text that should be used as a tooltip when rendering user-facing forms.
  1914. user.profile.attributegroup=Attribute Group
  1915. user.profile.attributegroup.name=Name
  1916. user.profile.attributegroup.name.tooltip=A unique name for the group. This name will be used to reference the group when binding an attribute to a group.
  1917. user.profile.attributegroup.annotation=Annotation