1524 lines
108 KiB
Properties
1524 lines
108 KiB
Properties
consoleTitle=Keycloak Admin Konsole
|
|
|
|
# Common messages
|
|
enabled=Aktiv
|
|
hidden=Versteckt
|
|
link-only-column=Nur Link
|
|
name=Name
|
|
displayName=Anzeigename
|
|
displayNameHtml=HTML-Anzeigename
|
|
save=Speichern
|
|
cancel=Abbrechen
|
|
onText=EIN
|
|
offText=AUS
|
|
client=Client
|
|
clients=Clients
|
|
clear=Zur\u00FCcksetzen
|
|
selectOne=Bitte w\u00E4hlen...
|
|
|
|
true=Ja
|
|
false=Nein
|
|
|
|
endpoints=Endpoints
|
|
|
|
# Realm settings
|
|
realm-detail.enabled.tooltip=Benutzer und Clients k\u00F6nnen das Realm nur verwenden, wenn es aktiviert ist
|
|
#realm-detail.oidc-endpoints.tooltip=Shows the configuration of the OpenID Connect endpoints
|
|
#realm-detail.userManagedAccess.tooltip=If enabled, users are allowed to manage their resources and permissions using the Account Management Console.
|
|
#userManagedAccess=User-Managed Access
|
|
registrationAllowed=Benutzerregistrierung
|
|
registrationAllowed.tooltip=Aktiviere/deaktiviere die Seite zur Benutzerregistrierung. Auf der Loginseite wird ein entsprechender Link angezeigt.
|
|
registrationEmailAsUsername=E-Mail-Adresse als Benutzername
|
|
registrationEmailAsUsername.tooltip=Wenn aktiviert, wird das Feld "Benutzername" auf der Registrierungsformular nicht angezeigt und als Benutzername wird stattdessen die E-Mail verwendet.
|
|
editUsernameAllowed=Benutzername editierbar
|
|
editUsernameAllowed.tooltip=Wenn aktiv, kann der Benutzername editiert werden.
|
|
resetPasswordAllowed=Passwort-Vergessen
|
|
resetPasswordAllowed.tooltip=Zeigt einen Link auf der Loginseite, auf den die Benutzer klicken k\u00F6nnen, wenn sie ihr Passwort vergessen haben.
|
|
rememberMe=Angemeldet bleiben
|
|
rememberMe.tooltip=Zeigt eine Auswahlbox auf der Loginseite, die es dem Benutzer erlaubt, zwischen Browser-Neustarts eingeloggt zu bleiben, bis die Session abl\u00E4uft.
|
|
#loginWithEmailAllowed=Login with email
|
|
#loginWithEmailAllowed.tooltip=Allow users to log in with their email address.
|
|
#duplicateEmailsAllowed=Duplicate emails
|
|
#duplicateEmailsAllowed.tooltip=Allow multiple users to have the same email address. Changing this setting will also clear the users cache. It is recommended to manually update email constraints of existing users in the database after switching off support for duplicate email addresses.
|
|
verifyEmail=E-Mail verifizieren
|
|
#verifyEmail.tooltip=Require users to verify their email address after initial login or after address changes are submitted.
|
|
#sslRequired=Require SSL
|
|
#sslRequired.option.all=all requests
|
|
#sslRequired.option.external=external requests
|
|
#sslRequired.option.none=none
|
|
#sslRequired.tooltip=Is HTTPS required? 'None' means HTTPS is not required for any client IP address. 'External requests' means localhost and private IP addresses can access without HTTPS. 'All requests' means HTTPS is required for all IP addresses.
|
|
#publicKeys=Public keys
|
|
#publicKey=Public key
|
|
#privateKey=Private key
|
|
#gen-new-keys=Generate new keys
|
|
certificate=Zertifikat
|
|
host=Host
|
|
smtp-host=SMTP Host
|
|
port=Port
|
|
smtp-port=SMTP Port (Standardwert ist 25)
|
|
from=Von
|
|
#fromDisplayName=From Display Name
|
|
#fromDisplayName.tooltip=A user-friendly name for the 'From' address (optional).
|
|
#replyTo=Reply To
|
|
#replyToDisplayName=Reply To Display Name
|
|
#replyToDisplayName.tooltip=A user-friendly name for the 'Reply-To' address (optional).
|
|
#envelopeFrom=Envelope From
|
|
#envelopeFrom.tooltip=An email address used for bounces (optional).
|
|
sender-email-addr=E-Mail-Adresse des Absenders
|
|
#sender-email-addr-display=Display Name for Sender Email Address
|
|
#reply-to-email-addr=Reply To Email Address
|
|
#reply-to-email-addr-display=Display Name for Reply To Email Address
|
|
#sender-envelope-email-addr=Sender Envelope Email Address
|
|
enable-ssl=SSL aktivieren
|
|
#enable-start-tls=Enable StartTLS
|
|
#enable-auth=Enable Authentication
|
|
username=Benutzername
|
|
login-username=Login Benutzername
|
|
password=Passwort
|
|
login-password=Login Passwort
|
|
#login-theme=Login Theme
|
|
#login-theme.tooltip=Select theme for login, OTP, grant, registration, and forgot password pages.
|
|
#account-theme=Account Theme
|
|
#account-theme.tooltip=Select theme for user account management pages.
|
|
#admin-console-theme=Admin Console Theme
|
|
#select-theme-admin-console=Select theme for admin console.
|
|
#email-theme=Email Theme
|
|
#select-theme-email=Select theme for emails that are sent by the server.
|
|
i18n-enabled=Internationalisierung aktiv
|
|
supported-locales=Unterst\u00FCtzte Sprachen
|
|
#supported-locales.placeholder=Type a locale and enter
|
|
#default-locale=Default Locale
|
|
#realm-cache-clear=Realm Cache
|
|
#realm-cache-clear.tooltip=Clears all entries from the realm cache (this will clear entries for all realms)
|
|
#user-cache-clear=User Cache
|
|
#user-cache-clear.tooltip=Clears all entries from the user cache (this will clear entries for all realms)
|
|
#keys-cache-clear=Keys Cache
|
|
#keys-cache-clear.tooltip=Clears all entries from the cache of external public keys. These are keys of external clients or identity providers. (this will clear entries for all realms)
|
|
#revoke-refresh-token=Revoke Refresh Token
|
|
#revoke-refresh-token.tooltip=If enabled a refresh token can only be used up to 'Refresh Token Max Reuse' and is revoked when a different token is used. Otherwise refresh tokens are not revoked when used and can be used multiple times.
|
|
#refresh-token-max-reuse=Refresh Token Max Reuse
|
|
#refresh-token-max-reuse.tooltip=Maximum number of times a refresh token can be reused. When a different token is used, revocation is immediate.
|
|
#sso-session-idle=SSO Session Idle
|
|
seconds=Sekunden
|
|
minutes=Minuten
|
|
hours=Stunden
|
|
days=Tage
|
|
#sso-session-max=SSO Session Max
|
|
#sso-session-idle.tooltip=Time a session is allowed to be idle before it expires. Tokens and browser sessions are invalidated when a session is expired.
|
|
#sso-session-max.tooltip=Max time before a session is expired. Tokens and browser sessions are invalidated when a session is expired.
|
|
#offline-session-idle=Offline Session Idle
|
|
#offline-session-idle.tooltip=Time an offline session is allowed to be idle before it expires. You need to use offline token to refresh at least once within this period, otherwise offline session will expire.
|
|
#realm-detail.hostname=Hostname
|
|
#realm-detail.hostname.tooltip=Set the hostname for the realm. Use in combination with the fixed hostname provider to override the server hostname for a specific realm.
|
|
|
|
## KEYCLOAK-7688 Offline Session Max for Offline Token
|
|
#offline-session-max-limited=Offline Session Max Limited
|
|
#offline-session-max-limited.tooltip=Enable Offline Session Max.
|
|
#offline-session-max=Offline Session Max
|
|
#offline-session-max.tooltip=Max time before an offline session is expired regardless of activity.
|
|
|
|
#access-token-lifespan=Access Token Lifespan
|
|
#access-token-lifespan.tooltip=Max time before an access token is expired. This value is recommended to be short relative to the SSO timeout.
|
|
#access-token-lifespan-for-implicit-flow=Access Token Lifespan For Implicit Flow
|
|
#access-token-lifespan-for-implicit-flow.tooltip=Max time before an access token issued during OpenID Connect Implicit Flow is expired. This value is recommended to be shorter than SSO timeout. There is no possibility to refresh token during implicit flow, that's why there is separate timeout different to 'Access Token Lifespan'.
|
|
#action-token-generated-by-admin-lifespan=Default Admin-Initiated Action Lifespan
|
|
#action-token-generated-by-admin-lifespan.tooltip=Maximum time before an action permit sent to a user by admin is expired. This value is recommended to be long to allow admins send e-mails for users that are currently offline. The default timeout can be overridden right before issuing the token.
|
|
#action-token-generated-by-user-lifespan=User-Initiated Action Lifespan
|
|
#action-token-generated-by-user-lifespan.tooltip=Maximum time before an action permit sent by a user (e.g. forgot password e-mail) is expired. This value is recommended to be short because it is expected that the user would react to self-created action quickly.
|
|
|
|
#action-token-generated-by-user.execute-actions=Execute Actions
|
|
#action-token-generated-by-user.idp-verify-account-via-email=IdP Account E-mail Verification
|
|
#action-token-generated-by-user.reset-credentials=Forgot Password
|
|
#action-token-generated-by-user.verify-email=E-mail Verification
|
|
#action-token-generated-by-user.tooltip=Override default settings of maximum time before an action permit sent by a user (e.g. forgot password e-mail) is expired for specific action. This value is recommended to be short because it is expected that the user would react to self-created action quickly.
|
|
#action-token-generated-by-user.reset=Reset
|
|
#action-token-generated-by-user.operation=Override User-Initiated Action Lifespan
|
|
|
|
#client-login-timeout=Client login timeout
|
|
#client-login-timeout.tooltip=Max time a client has to finish the access token protocol. This should normally be 1 minute.
|
|
#login-timeout=Login timeout
|
|
#login-timeout.tooltip=Max time a user has to complete a login. This is recommended to be relatively long. 30 minutes or more.
|
|
#login-action-timeout=Login action timeout
|
|
#login-action-timeout.tooltip=Max time a user has to complete login related actions like update password or configure totp. This is recommended to be relatively long. 5 minutes or more.
|
|
#headers=Headers
|
|
#brute-force-detection=Brute Force Detection
|
|
#x-frame-options=X-Frame-Options
|
|
#x-frame-options-tooltip=Default value prevents pages from being included via non-origin iframes (click label for more information)
|
|
#content-sec-policy=Content-Security-Policy
|
|
#content-sec-policy-tooltip=Default value prevents pages from being included via non-origin iframes (click label for more information)
|
|
#content-type-options=X-Content-Type-Options
|
|
#content-type-options-tooltip=Default value prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type (click label for more information)
|
|
#robots-tag=X-Robots-Tag
|
|
#robots-tag-tooltip=Prevent pages from appearing in search engines (click label for more information)
|
|
#x-xss-protection=X-XSS-Protection
|
|
#x-xss-protection-tooltip=This header configures the Cross-site scripting (XSS) filter in your browser. Using the default behavior, the browser will prevent rendering of the page when a XSS attack is detected (click label for more information)
|
|
#strict-transport-security=HTTP Strict Transport Security (HSTS)
|
|
#strict-transport-security-tooltip=The Strict-Transport-Security HTTP header tells browsers to always use HTTPS. Once a browser sees this header, it will only visit the site over HTTPS for the time specified (1 year) at max-age, including the subdomains.
|
|
#permanent-lockout=Permanent Lockout
|
|
#permanent-lockout.tooltip=Lock the user permanently when the user exceeds the maximum login failures.
|
|
#max-login-failures=Max Login Failures
|
|
#max-login-failures.tooltip=How many failures before wait is triggered.
|
|
#wait-increment=Wait Increment
|
|
#wait-increment.tooltip=When failure threshold has been met, how much time should the user be locked out?
|
|
#quick-login-check-millis=Quick Login Check Milli Seconds
|
|
#quick-login-check-millis.tooltip=If a failure happens concurrently too quickly, lock out the user.
|
|
#min-quick-login-wait=Minimum Quick Login Wait
|
|
#min-quick-login-wait.tooltip=How long to wait after a quick login failure.
|
|
#max-wait=Max Wait
|
|
#max-wait.tooltip=Max time a user will be locked out.
|
|
#failure-reset-time=Failure Reset Time
|
|
#failure-reset-time.tooltip=When will failure count be reset?
|
|
#realm-tab-login=Login
|
|
#realm-tab-keys=Keys
|
|
#realm-tab-email=Email
|
|
#realm-tab-themes=Themes
|
|
#realm-tab-cache=Cache
|
|
#realm-tab-tokens=Tokens
|
|
#realm-tab-client-registration=Client Registration
|
|
#realm-tab-security-defenses=Security Defenses
|
|
#realm-tab-general=General
|
|
#add-realm=Add realm
|
|
|
|
#Session settings
|
|
realm-sessions=Realm-Sessions
|
|
#revocation=Revocation
|
|
logout-all=Alle ausloggen
|
|
active-sessions=Aktive Sessions
|
|
offline-sessions=Offline-Sessions
|
|
sessions=Sessions
|
|
#not-before=Not Before
|
|
#not-before.tooltip=Revoke any tokens issued before this date.
|
|
#set-to-now=Set to now
|
|
#push=Push
|
|
#push.tooltip=For every client that has an admin URL, notify them of the new revocation policy.
|
|
|
|
#Protocol Mapper
|
|
#usermodel.prop.label=Property
|
|
#usermodel.prop.tooltip=Name of the property method in the UserModel interface. For example, a value of 'email' would reference the UserModel.getEmail() method.
|
|
#usermodel.attr.label=User Attribute
|
|
#usermodel.attr.tooltip=Name of stored user attribute which is the name of an attribute within the UserModel.attribute map.
|
|
#userSession.modelNote.label=User Session Note
|
|
#userSession.modelNote.tooltip=Name of stored user session note within the UserSessionModel.note map.
|
|
#multivalued.label=Multivalued
|
|
#multivalued.tooltip=Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim
|
|
#selectRole.label=Select Role
|
|
#selectRole.tooltip=Enter role in the textbox to the left, or click this button to browse and select the role you want.
|
|
#tokenClaimName.label=Token Claim Name
|
|
#tokenClaimName.tooltip=Name of the claim to insert into the token. This can be a fully qualified name like 'address.street'. In this case, a nested json object will be created. To prevent nesting and use dot literally, escape the dot with backslash (\\.).
|
|
#jsonType.label=Claim JSON Type
|
|
#jsonType.tooltip=JSON type that should be used to populate the json claim in the token. long, int, boolean, and String are valid values.
|
|
#includeInIdToken.label=Add to ID token
|
|
#includeInIdToken.tooltip=Should the claim be added to the ID token?
|
|
#includeInAccessToken.label=Add to access token
|
|
#includeInAccessToken.tooltip=Should the claim be added to the access token?
|
|
#includeInUserInfo.label=Add to userinfo
|
|
#includeInUserInfo.tooltip=Should the claim be added to the userinfo?
|
|
#usermodel.clientRoleMapping.clientId.label=Client ID
|
|
#usermodel.clientRoleMapping.clientId.tooltip=Client ID for role mappings
|
|
#usermodel.clientRoleMapping.rolePrefix.label=Client Role prefix
|
|
#usermodel.clientRoleMapping.rolePrefix.tooltip=A prefix for each client role (optional).
|
|
#usermodel.realmRoleMapping.rolePrefix.label=Realm Role prefix
|
|
#usermodel.realmRoleMapping.rolePrefix.tooltip=A prefix for each Realm Role (optional).
|
|
#sectorIdentifierUri.label=Sector Identifier URI
|
|
#sectorIdentifierUri.tooltip=Providers that use pairwise sub values and support Dynamic Client Registration SHOULD use the sector_identifier_uri parameter. It provides a way for a group of websites under common administrative control to have consistent pairwise sub values independent of the individual domain names. It also provides a way for Clients to change redirect_uri domains without having to reregister all of their users.
|
|
#pairwiseSubAlgorithmSalt.label=Salt
|
|
#pairwiseSubAlgorithmSalt.tooltip=Salt used when calculating the pairwise subject identifier. If left blank, a salt will be generated.
|
|
#addressClaim.street.label=User Attribute Name for Street
|
|
#addressClaim.street.tooltip=Name of User Attribute, which will be used to map to 'street_address' subclaim inside 'address' token claim. Defaults to 'street' .
|
|
#addressClaim.locality.label=User Attribute Name for Locality
|
|
#addressClaim.locality.tooltip=Name of User Attribute, which will be used to map to 'locality' subclaim inside 'address' token claim. Defaults to 'locality' .
|
|
#addressClaim.region.label=User Attribute Name for Region
|
|
#addressClaim.region.tooltip=Name of User Attribute, which will be used to map to 'region' subclaim inside 'address' token claim. Defaults to 'region' .
|
|
#addressClaim.postal_code.label=User Attribute Name for Postal Code
|
|
#addressClaim.postal_code.tooltip=Name of User Attribute, which will be used to map to 'postal_code' subclaim inside 'address' token claim. Defaults to 'postal_code' .
|
|
#addressClaim.country.label=User Attribute Name for Country
|
|
#addressClaim.country.tooltip=Name of User Attribute, which will be used to map to 'country' subclaim inside 'address' token claim. Defaults to 'country' .
|
|
#addressClaim.formatted.label=User Attribute Name for Formatted Address
|
|
#addressClaim.formatted.tooltip=Name of User Attribute, which will be used to map to 'formatted' subclaim inside 'address' token claim. Defaults to 'formatted' .
|
|
|
|
# client details
|
|
#clients.tooltip=Clients are trusted browser apps and web services in a realm. These clients can request a login. You can also define client specific roles.
|
|
search.placeholder=Suchen...
|
|
create=Erstellen
|
|
import=Importieren
|
|
client-id=Client-ID
|
|
base-url=Basis-URL
|
|
actions=Aktionen
|
|
not-defined=Nicht definiert
|
|
edit=Bearbeiten
|
|
delete=L\u00F6schen
|
|
no-results=Keine Resultate
|
|
no-clients-available=Keine Clients verf\u00FCgbar
|
|
add-client=Client hinzuf\u00FCgen
|
|
#select-file=Select file
|
|
#view-details=View details
|
|
#clear-import=Clear import
|
|
#client-id.tooltip=Specifies ID referenced in URI and tokens. For example 'my-client'. For SAML this is also the expected issuer value from authn requests
|
|
#client.name.tooltip=Specifies display name of the client. For example 'My Client'. Supports keys for localized values as well. For example\: ${my_client}
|
|
#client.enabled.tooltip=Disabled clients cannot initiate a login or have obtain access tokens.
|
|
#consent-required=Consent Required
|
|
#consent-required.tooltip=If enabled users have to consent to client access.
|
|
#client.display-on-consent-screen=Display Client On Consent Screen
|
|
#client.display-on-consent-screen.tooltip=Applicable just if Consent Required is on. If this switch is off, then consent screen will contain just the consents corresponding to configured client scopes. If on, then there will be also one item on consent screen about this client itself
|
|
#client.consent-screen-text=Client Consent Screen Text
|
|
#client.consent-screen-text.tooltip=Applicable just if 'Display Client On Consent Screen' is on for this client. Contains the text, which will be on consent screen about permissions specific just for this client
|
|
#client-protocol=Client Protocol
|
|
#client-protocol.tooltip='OpenID connect' allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server.'SAML' enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO) and uses security tokens containing assertions to pass information.
|
|
#access-type=Access Type
|
|
#access-type.tooltip='Confidential' clients require a secret to initiate login protocol. 'Public' clients do not require a secret. 'Bearer-only' clients are web services that never initiate a login.
|
|
#standard-flow-enabled=Standard Flow Enabled
|
|
#standard-flow-enabled.tooltip=This enables standard OpenID Connect redirect based authentication with authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Authorization Code Flow' for this client.
|
|
#implicit-flow-enabled=Implicit Flow Enabled
|
|
#implicit-flow-enabled.tooltip=This enables support for OpenID Connect redirect based authentication without authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Implicit Flow' for this client.
|
|
#direct-access-grants-enabled=Direct Access Grants Enabled
|
|
#direct-access-grants-enabled.tooltip=This enables support for Direct Access Grants, which means that client has access to username/password of user and exchange it directly with Keycloak server for access token. In terms of OAuth2 specification, this enables support of 'Resource Owner Password Credentials Grant' for this client.
|
|
#service-accounts-enabled=Service Accounts Enabled
|
|
#service-accounts-enabled.tooltip=Allows you to authenticate this client to Keycloak and retrieve access token dedicated to this client. In terms of OAuth2 specification, this enables support of 'Client Credentials Grant' for this client.
|
|
#include-authnstatement=Include AuthnStatement
|
|
#include-authnstatement.tooltip=Should a statement specifying the method and timestamp be included in login responses?
|
|
#include-onetimeuse-condition=Include OneTimeUse Condition
|
|
#include-onetimeuse-condition.tooltip=Should a OneTimeUse Condition be included in login responses?
|
|
#sign-documents=Sign Documents
|
|
#sign-documents.tooltip=Should SAML documents be signed by the realm?
|
|
#sign-documents-redirect-enable-key-info-ext=Optimize REDIRECT signing key lookup
|
|
#sign-documents-redirect-enable-key-info-ext.tooltip=When signing SAML documents in REDIRECT binding for SP that is secured by Keycloak adapter, should the ID of the signing key be included in SAML protocol message in <Extensions> element? This optimizes validation of the signature as the validating party uses a single key instead of trying every known key for validation.
|
|
#sign-assertions=Sign Assertions
|
|
#sign-assertions.tooltip=Should assertions inside SAML documents be signed? This setting isn't needed if document is already being signed.
|
|
#signature-algorithm=Signature Algorithm
|
|
#signature-algorithm.tooltip=The signature algorithm to use to sign documents.
|
|
#canonicalization-method=Canonicalization Method
|
|
#canonicalization-method.tooltip=Canonicalization Method for XML signatures.
|
|
#encrypt-assertions=Encrypt Assertions
|
|
#encrypt-assertions.tooltip=Should SAML assertions be encrypted with client's public key using AES?
|
|
#client-signature-required=Client Signature Required
|
|
#client-signature-required.tooltip=Will the client sign their saml requests and responses? And should they be validated?
|
|
#force-post-binding=Force POST Binding
|
|
#force-post-binding.tooltip=Always use POST binding for responses.
|
|
#front-channel-logout=Front Channel Logout
|
|
#front-channel-logout.tooltip=When true, logout requires a browser redirect to client. When false, server performs a background invocation for logout.
|
|
#force-name-id-format=Force Name ID Format
|
|
#force-name-id-format.tooltip=Ignore requested NameID subject format and use admin console configured one.
|
|
#name-id-format=Name ID Format
|
|
#name-id-format.tooltip=The name ID format to use for the subject.
|
|
#root-url=Root URL
|
|
#root-url.tooltip=Root URL appended to relative URLs
|
|
#valid-redirect-uris=Valid Redirect URIs
|
|
#valid-redirect-uris.tooltip=Valid URI pattern a browser can redirect to after a successful login or logout. Simple wildcards are allowed i.e. 'http://example.com/*'. Relative path can be specified too i.e. /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used. For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request.
|
|
#base-url.tooltip=Default URL to use when the auth server needs to redirect or link back to the client.
|
|
#admin-url=Admin URL
|
|
#admin-url.tooltip=URL to the admin interface of the client. Set this if the client supports the adapter REST API. This REST API allows the auth server to push revocation policies and other administrative tasks. Usually this is set to the base URL of the client.
|
|
#master-saml-processing-url=Master SAML Processing URL
|
|
#master-saml-processing-url.tooltip=If configured, this URL will be used for every binding to both the SP's Assertion Consumer and Single Logout Services. This can be individually overiden for each binding and service in the Fine Grain SAML Endpoint Configuration.
|
|
#idp-sso-url-ref=IDP Initiated SSO URL Name
|
|
#idp-sso-url-ref.tooltip=URL fragment name to reference client when you want to do IDP Initiated SSO. Leaving this empty will disable IDP Initiated SSO. The URL you will reference from your browser will be: {server-root}/realms/{realm}/protocol/saml/clients/{client-url-name}
|
|
#idp-sso-url-ref.urlhint=Target IDP initiated SSO URL:
|
|
#idp-sso-relay-state=IDP Initiated SSO Relay State
|
|
#idp-sso-relay-state.tooltip=Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
|
|
web-origins=Web Origins
|
|
web-origins.tooltip=Erlaubte CORS Origins. Um alle Origins der Valid Redirect URIs zu erlauben, fügen Sie ein '+' hinzu. Dabei wird der '*' Platzhalter nicht mit übernommen. Um alle Origins zu erlauben, geben Sie explizit einen Eintrag mit '*' an.
|
|
#fine-oidc-endpoint-conf=Fine Grain OpenID Connect Configuration
|
|
#fine-oidc-endpoint-conf.tooltip=Expand this section to configure advanced settings of this client related to OpenID Connect protocol
|
|
#user-info-signed-response-alg=User Info Signed Response Algorithm
|
|
#user-info-signed-response-alg.tooltip=JWA algorithm used for signed User Info Endpoint response. If set to 'unsigned', then User Info Response won't be signed and will be returned in application/json format.
|
|
#request-object-signature-alg=Request Object Signature Algorithm
|
|
#request-object-signature-alg.tooltip=JWA algorithm, which client needs to use when sending OIDC request object specified by 'request' or 'request_uri' parameters. If set to 'any', then Request object can be signed by any algorithm (including 'none' ).
|
|
#request-object-required=Request Object Required
|
|
#request-object-required-alg.tooltip=Specifies if the client needs to provide a request object with their authorization requests, and what method they can use for this. If set to "not required", providing a request object is optional. In all other cases providing a request object is mandatory. If set to "request", the request object must be provided by value. If set to "request_uri", the request object must be provided by reference. If set to "request or request_uri", either method can be used.
|
|
#fine-saml-endpoint-conf=Fine Grain SAML Endpoint Configuration
|
|
#fine-saml-endpoint-conf.tooltip=Expand this section to configure exact URLs for Assertion Consumer and Single Logout Service.
|
|
#assertion-consumer-post-binding-url=Assertion Consumer Service POST Binding URL
|
|
#assertion-consumer-post-binding-url.tooltip=SAML POST Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.
|
|
#assertion-consumer-redirect-binding-url=Assertion Consumer Service Redirect Binding URL
|
|
#assertion-consumer-redirect-binding-url.tooltip=SAML Redirect Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.
|
|
#logout-service-post-binding-url=Logout Service POST Binding URL
|
|
#logout-service-post-binding-url.tooltip=SAML POST Binding URL for the client's single logout service. You can leave this blank if you are using a different binding
|
|
#logout-service-redir-binding-url=Logout Service Redirect Binding URL
|
|
#logout-service-redir-binding-url.tooltip=SAML Redirect Binding URL for the client's single logout service. You can leave this blank if you are using a different binding.
|
|
#saml-signature-keyName-transformer=SAML Signature Key Name
|
|
#saml-signature-keyName-transformer.tooltip=Signed SAML documents contain identification of signing key in KeyName element. For Keycloak / RH-SSO counterparty, use KEY_ID, for MS AD FS use CERT_SUBJECT, for others check and use NONE if no other option works.
|
|
#oidc-compatibility-modes=OpenID Connect Compatibility Modes
|
|
#oidc-compatibility-modes.tooltip=Expand this section to configure settings for backwards compatibility with older OpenID Connect / OAuth2 adapters. It is useful especially if your client uses older version of Keycloak / RH-SSO adapter.
|
|
#exclude-session-state-from-auth-response=Exclude Session State From Authentication Response
|
|
#exclude-session-state-from-auth-response.tooltip=If this is on, the parameter 'session_state' will not be included in OpenID Connect Authentication Response. It is useful if your client uses older OIDC / OAuth2 adapter, which does not support 'session_state' parameter.
|
|
|
|
# client import
|
|
#import-client=Import Client
|
|
#format-option=Format Option
|
|
#select-format=Select a Format
|
|
#import-file=Import File
|
|
|
|
# client tabs
|
|
settings=Einstellungen
|
|
credentials=Passw\u00F6rter
|
|
#saml-keys=SAML Keys
|
|
roles=Rollen
|
|
#mappers=Mappers
|
|
#mappers.tooltip=Protocol mappers perform transformation on tokens and documents. They can do things like map user data into protocol claims, or just transform any requests going between the client and auth server.
|
|
#scope=Scope
|
|
#scope.tooltip=Scope mappings allow you to restrict which user role mappings are included within the access token requested by the client.
|
|
#sessions.tooltip=View active sessions for this client. Allows you to see which users are active and when they logged in.
|
|
#offline-access=Offline Access
|
|
#offline-access.tooltip=View offline sessions for this client. Allows you to see which users retrieve offline token and when they retrieve it. To revoke all tokens for the client, go to Revocation tab and set not before value to now.
|
|
#clustering=Clustering
|
|
#installation=Installation
|
|
#installation.tooltip=Helper utility for generating various client adapter configuration formats which you can download or cut and paste to configure your clients.
|
|
#service-account-roles=Service Account Roles
|
|
#service-account-roles.tooltip=Allows you to authenticate role mappings for the service account dedicated to this client.
|
|
|
|
# client credentials
|
|
#client-authenticator=Client Authenticator
|
|
#client-authenticator.tooltip=Client Authenticator used for authentication this client against Keycloak server
|
|
#certificate.tooltip=Client Certificate for validate JWT issued by client and signed by Client private key from your keystore.
|
|
#publicKey.tooltip=Public Key for validate JWT issued by client and signed by Client private key.
|
|
#no-client-certificate-configured=No client certificate configured
|
|
#gen-new-keys-and-cert=Generate new keys and certificate
|
|
#import-certificate=Import Certificate
|
|
#gen-client-private-key=Generate Client Private Key
|
|
#generate-private-key=Generate Private Key
|
|
#kid=Kid
|
|
#kid.tooltip=KID (Key ID) of the client public key from imported JWKS.
|
|
#use-jwks-url=Use JWKS URL
|
|
#use-jwks-url.tooltip=If the switch is on, then client public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when client generates new keypair. If the switch is off, then public key (or certificate) from the Keycloak DB is used, so when client keypair changes, you always need to import new key (or certificate) to the Keycloak DB as well.
|
|
#jwks-url=JWKS URL
|
|
#jwks-url.tooltip=URL where client keys in JWK format are stored. See JWK specification for more details. If you use Keycloak client adapter with "jwt" credential, then you can use URL of your app with '/k_jwks' suffix. For example 'http://www.myhost.com/myapp/k_jwks' .
|
|
#archive-format=Archive Format
|
|
#archive-format.tooltip=Java keystore or PKCS12 archive format.
|
|
#key-alias=Key Alias
|
|
#key-alias.tooltip=Archive alias for your private key and certificate.
|
|
#key-password=Key Password
|
|
#key-password.tooltip=Password to access the private key in the archive
|
|
#store-password=Store Password
|
|
#store-password.tooltip=Password to access the archive itself
|
|
#generate-and-download=Generate and Download
|
|
#client-certificate-import=Client Certificate Import
|
|
#import-client-certificate=Import Client Certificate
|
|
#jwt-import.key-alias.tooltip=Archive alias for your certificate.
|
|
#secret=Secret
|
|
#regenerate-secret=Regenerate Secret
|
|
#registrationAccessToken=Registration access token
|
|
#registrationAccessToken.regenerate=Regenerate registration access token
|
|
#registrationAccessToken.tooltip=The registration access token provides access for clients to the client registration service.
|
|
add-role=Rolle hinzuf\u00FCgen
|
|
role-name=Rollenname
|
|
#composite=Composite
|
|
description=Beschreibung
|
|
no-client-roles-available=Keine Client-Rollen verf\u00FCgbar
|
|
#composite-roles=Composite Roles
|
|
#composite-roles.tooltip=When this role is (un)assigned to a user any role associated with it will be (un)assigned implicitly.
|
|
realm-roles=Realm-Rollen
|
|
available-roles=Verf\u00FCgbare Rollen
|
|
add-selected=Ausgew\u00E4hlte hinzuf\u00FCgen
|
|
#associated-roles=Associated Roles
|
|
#composite.associated-realm-roles.tooltip=Realm level roles associated with this composite role.
|
|
#composite.available-realm-roles.tooltip=Realm level roles that you can associate to this composite role.
|
|
remove-selected=Ausgew\u00E4hlte entfernen
|
|
client-roles=Client-Rollen
|
|
select-client-to-view-roles=W\u00E4hlen Sie einen Client um die Rollen daf\u00FCr zu sehen
|
|
#available-roles.tooltip=Roles from this client that you can associate to this composite role.
|
|
#client.associated-roles.tooltip=Client roles associated with this composite role.
|
|
#add-builtin=Add Builtin
|
|
category=Kategorie
|
|
type=Typ
|
|
#no-mappers-available=No mappers available
|
|
#add-builtin-protocol-mappers=Add Builtin Protocol Mappers
|
|
#add-builtin-protocol-mapper=Add Builtin Protocol Mapper
|
|
#scope-mappings=Scope Mappings
|
|
#full-scope-allowed=Full Scope Allowed
|
|
#full-scope-allowed.tooltip=Allows you to disable all restrictions.
|
|
#scope.available-roles.tooltip=Realm level roles that can be assigned to scope.
|
|
assigned-roles=Zugewiesene Rollen
|
|
#assigned-roles.tooltip=Realm level roles assigned to scope.
|
|
effective-roles=Effektive Rollen
|
|
#realm.effective-roles.tooltip=Assigned realm level roles that may have been inherited from a composite role.
|
|
#select-client-roles.tooltip=Select client to view roles for client
|
|
#assign.available-roles.tooltip=Client roles available to be assigned.
|
|
#client.assigned-roles.tooltip=Assigned client roles.
|
|
#client.effective-roles.tooltip=Assigned client roles that may have been inherited from a composite role.
|
|
#basic-configuration=Basic configuration
|
|
#node-reregistration-timeout=Node Re-registration Timeout
|
|
#node-reregistration-timeout.tooltip=Interval to specify max time for registered clients cluster nodes to re-register. If cluster node won't send re-registration request to Keycloak within this time, it will be unregistered from Keycloak
|
|
#registered-cluster-nodes=Registered cluster nodes
|
|
#register-node-manually=Register node manually
|
|
#test-cluster-availability=Test cluster availability
|
|
#last-registration=Last registration
|
|
#node-host=Node host
|
|
#no-registered-cluster-nodes=No registered cluster nodes available
|
|
#cluster-nodes=Cluster Nodes
|
|
#add-node=Add Node
|
|
#active-sessions.tooltip=Total number of active user sessions for this client.
|
|
#show-sessions=Show Sessions
|
|
#show-sessions.tooltip=Warning, this is a potentially expensive operation depending on number of active sessions.
|
|
user=Benutzer
|
|
#from-ip=From IP
|
|
#session-start=Session Start
|
|
first-page=Erste Seite
|
|
previous-page=Vorherige Seite
|
|
next-page=N\u00E4chste Seite
|
|
#client-revoke.not-before.tooltip=Revoke any tokens issued before this date for this client.
|
|
#client-revoke.push.tooltip=If admin URL is configured for this client, push this policy to that client.
|
|
#select-a-format=Select a Format
|
|
#download=Download
|
|
#offline-tokens=Offline Tokens
|
|
#offline-tokens.tooltip=Total number of offline tokens for this client.
|
|
#show-offline-tokens=Show Offline Tokens
|
|
#show-offline-tokens.tooltip=Warning, this is a potentially expensive operation depending on number of offline tokens.
|
|
#token-issued=Token Issued
|
|
last-access=Letzter Zugriff
|
|
last-refresh=Letzte Aktualisierung
|
|
#key-export=Key Export
|
|
#key-import=Key Import
|
|
#export-saml-key=Export SAML Key
|
|
#import-saml-key=Import SAML Key
|
|
#realm-certificate-alias=Realm Certificate Alias
|
|
#realm-certificate-alias.tooltip=Realm certificate is stored in archive too. This is the alias to it.
|
|
#signing-key=Signing Key
|
|
#saml-signing-key=SAML Signing Key.
|
|
#private-key=Private Key
|
|
#generate-new-keys=Generate new keys
|
|
#export=Export
|
|
#encryption-key=Encryption Key
|
|
#saml-encryption-key.tooltip=SAML Encryption Key.
|
|
#service-accounts=Service Accounts
|
|
#service-account.available-roles.tooltip=Realm level roles that can be assigned to service account.
|
|
#service-account.assigned-roles.tooltip=Realm level roles assigned to service account.
|
|
#service-account-is-not-enabled-for=Service account is not enabled for {{client}}
|
|
#create-protocol-mappers=Create Protocol Mappers
|
|
#create-protocol-mapper=Create Protocol Mapper
|
|
#protocol=Protocol
|
|
#protocol.tooltip=Protocol...
|
|
#id=ID
|
|
#mapper.name.tooltip=Name of the mapper.
|
|
#mapper.consent-required.tooltip=When granting temporary access, must the user consent to providing this data to the client?
|
|
#consent-text=Consent Text
|
|
#consent-text.tooltip=Text to display on consent page.
|
|
#mapper-type=Mapper Type
|
|
#mapper-type.tooltip=Type of the mapper
|
|
# realm identity providers
|
|
#identity-providers=Identity Providers
|
|
#table-of-identity-providers=Table of identity providers
|
|
#add-provider.placeholder=Add provider...
|
|
#provider=Provider
|
|
#gui-order=GUI order
|
|
#first-broker-login-flow=First Login Flow
|
|
#post-broker-login-flow=Post Login Flow
|
|
sync-mode=Synchronisationsmodus
|
|
sync-mode.tooltip=Standardsyncmodus für alle Mapper. Mögliche Werte sind: 'Legacy' um das alte Verhalten beizubehalten, 'Importieren' um den Nutzer einmalig zu importieren, 'Erzwingen' um den Nutzer immer zu importieren.
|
|
sync-mode.inherit=Standard erben
|
|
sync-mode.legacy=Legacy
|
|
sync-mode.import=Importieren
|
|
sync-mode.force=Erzwingen
|
|
sync-mode-override=Überschriebene Synchronisation
|
|
sync-mode-override.tooltip=Überschreibt den normalen Synchronisationsmodus des IDP für diesen Mapper. Were sind 'Legacy' um das alte Verhalten beizubehalten, 'Importieren' um den Nutzer einmalig zu importieren, 'Erzwingen' um den Nutzer immer zu updaten.
|
|
#redirect-uri=Redirect URI
|
|
#redirect-uri.tooltip=The redirect uri to use when configuring the identity provider.
|
|
#alias=Alias
|
|
#display-name=Display Name
|
|
#identity-provider.alias.tooltip=The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
|
|
#identity-provider.display-name.tooltip=Friendly name for Identity Providers.
|
|
#identity-provider.enabled.tooltip=Enable/disable this identity provider.
|
|
#authenticate-by-default=Authenticate by Default
|
|
#identity-provider.authenticate-by-default.tooltip=Indicates if this provider should be tried by default for authentication even before displaying login screen.
|
|
#store-tokens=Store Tokens
|
|
#identity-provider.store-tokens.tooltip=Enable/disable if tokens must be stored after authenticating users.
|
|
#stored-tokens-readable=Stored Tokens Readable
|
|
#identity-provider.stored-tokens-readable.tooltip=Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
|
|
#disableUserInfo=Disable User Info
|
|
#identity-provider.disableUserInfo.tooltip=Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.
|
|
#userIp=Use userIp Param
|
|
#identity-provider.google-userIp.tooltip=Set 'userIp' query parameter when invoking on Google's User Info service. This will use the user's ip address. Useful if Google is throttling access to the User Info service.
|
|
#hostedDomain=Hosted Domain
|
|
#identity-provider.google-hostedDomain.tooltip=Set 'hd' query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak validates that the returned identity token has a claim for this domain. When '*' is entered any hosted account can be used.
|
|
#sandbox=Target Sandbox
|
|
#identity-provider.paypal-sandbox.tooltip=Target PayPal's sandbox environment
|
|
#update-profile-on-first-login=Update Profile on First Login
|
|
#on=On
|
|
#on-missing-info=On missing info
|
|
#off=Off
|
|
#update-profile-on-first-login.tooltip=Define conditions under which a user has to update their profile during first-time login.
|
|
#trust-email=Trust Email
|
|
#trust-email.tooltip=If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
|
|
#link-only=Account Linking Only
|
|
#link-only.tooltip=If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider
|
|
#hide-on-login-page=Hide on Login Page
|
|
#hide-on-login-page.tooltip=If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.
|
|
#gui-order.tooltip=Number defining order of the provider in GUI (eg. on Login page).
|
|
#first-broker-login-flow.tooltip=Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account.
|
|
#post-broker-login-flow.tooltip=Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
|
|
#openid-connect-config=OpenID Connect Config
|
|
#openid-connect-config.tooltip=OIDC SP and external IDP configuration.
|
|
#authorization-url=Authorization URL
|
|
#authorization-url.tooltip=The Authorization Url.
|
|
#token-url=Token URL
|
|
#token-url.tooltip=The Token URL.
|
|
#loginHint=Pass login_hint
|
|
#loginHint.tooltip=Pass login_hint to identity provider.
|
|
logout-url=Logout-URL
|
|
#identity-provider.logout-url.tooltip=End session endpoint to use to logout user from external IDP.
|
|
#backchannel-logout=Backchannel Logout
|
|
#backchannel-logout.tooltip=Does the external IDP support backchannel logout?
|
|
#user-info-url=User Info URL
|
|
#user-info-url.tooltip=The User Info Url. This is optional.
|
|
#identity-provider.client-id.tooltip=The client or client identifier registered within the identity provider.
|
|
#client-secret=Client Secret
|
|
#show-secret=Show secret
|
|
#hide-secret=Hide secret
|
|
#client-secret.tooltip=The client or client secret registered within the identity provider.
|
|
#issuer=Issuer
|
|
#issuer.tooltip=The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
|
|
#default-scopes=Default Scopes
|
|
#identity-provider.default-scopes.tooltip=The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'.
|
|
#prompt=Prompt
|
|
#unspecified.option=unspecified
|
|
#none.option=none
|
|
#consent.option=consent
|
|
#login.option=login
|
|
#select-account.option=select_account
|
|
#prompt.tooltip=Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.
|
|
#validate-signatures=Validate Signatures
|
|
#identity-provider.validate-signatures.tooltip=Enable/disable signature validation of external IDP signatures.
|
|
#identity-provider.use-jwks-url.tooltip=If the switch is on, then identity provider public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when identity provider generates new keypair. If the switch is off, then public key (or certificate) from the Keycloak DB is used, so when identity provider keypair changes, you always need to import new key to the Keycloak DB as well.
|
|
#identity-provider.jwks-url.tooltip=URL where identity provider keys in JWK format are stored. See JWK specification for more details. If you use external Keycloak identity provider, then you can use URL like 'http://broker-keycloak:8180/auth/realms/test/protocol/openid-connect/certs' assuming your brokered Keycloak is running on 'http://broker-keycloak:8180' and its realm is 'test' .
|
|
#validating-public-key=Validating Public Key
|
|
#identity-provider.validating-public-key.tooltip=The public key in PEM format that must be used to verify external IDP signatures.
|
|
#validating-public-key-id=Validating Public Key Id
|
|
#identity-provider.validating-public-key-id.tooltip=Explicit ID of the validating public key given above if the key ID. Leave blank if the key above should be used always, regardless of key ID specified by external IDP; set it if the key should only be used for verifying if key ID from external IDP matches.
|
|
#allowed-clock-skew=Allowed clock skew
|
|
#identity-provider.allowed-clock-skew.tooltip=Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is zero.
|
|
#forwarded-query-parameters=Forwarded Query Parameters
|
|
#identity-provider.forwarded-query-parameters.tooltip=Non OpenID Connect/OAuth standard query parameters to be forwarded to external IDP from the initial application request to Authorization Endpoint. Multiple parameters can be entered, separated by comma (,).
|
|
#import-external-idp-config=Import External IDP Config
|
|
#import-external-idp-config.tooltip=Allows you to load external IDP metadata from a config file or to download it from a URL.
|
|
#import-from-url=Import from URL
|
|
#identity-provider.import-from-url.tooltip=Import metadata from a remote IDP discovery descriptor.
|
|
#import-from-file=Import from file
|
|
#identity-provider.import-from-file.tooltip=Import metadata from a downloaded IDP discovery descriptor.
|
|
#saml-config=SAML Config
|
|
#identity-provider.saml-config.tooltip=SAML SP and external IDP configuration.
|
|
#single-signon-service-url=Single Sign-On Service URL
|
|
#saml.single-signon-service-url.tooltip=The Url that must be used to send authentication requests (SAML AuthnRequest).
|
|
#single-logout-service-url=Single Logout Service URL
|
|
#saml.single-logout-service-url.tooltip=The Url that must be used to send logout requests.
|
|
#nameid-policy-format=NameID Policy Format
|
|
#nameid-policy-format.tooltip=Specifies the URI reference corresponding to a name identifier format. Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
|
|
#http-post-binding-response=HTTP-POST Binding Response
|
|
#http-post-binding-response.tooltip=Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
|
|
#http-post-binding-for-authn-request=HTTP-POST Binding for AuthnRequest
|
|
#http-post-binding-for-authn-request.tooltip=Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
|
|
#http-post-binding-logout=HTTP-POST Binding Logout
|
|
#http-post-binding-logout.tooltip=Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
|
|
#want-authn-requests-signed=Want AuthnRequests Signed
|
|
#want-authn-requests-signed.tooltip=Indicates whether the identity provider expects a signed AuthnRequest.
|
|
#want-assertions-signed=Want Assertions Signed
|
|
#want-assertions-signed.tooltip=Indicates whether this service provider expects a signed Assertion.
|
|
#want-assertions-encrypted=Want Assertions Encrypted
|
|
#want-assertions-encrypted.tooltip=Indicates whether this service provider expects an encrypted Assertion.
|
|
#force-authentication=Force Authentication
|
|
#identity-provider.force-authentication.tooltip=Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
|
|
#validate-signature=Validate Signature
|
|
#saml.validate-signature.tooltip=Enable/disable signature validation of SAML responses.
|
|
#validating-x509-certificate=Validating X509 Certificates
|
|
#validating-x509-certificate.tooltip=The certificate in PEM format that must be used to check for signatures. Multiple certificates can be entered, separated by comma (,).
|
|
#saml.import-from-url.tooltip=Import metadata from a remote IDP SAML entity descriptor.
|
|
#social.client-id.tooltip=The client identifier registered with the identity provider.
|
|
#social.client-secret.tooltip=The client secret registered with the identity provider.
|
|
#social.default-scopes.tooltip=The scopes to be sent when asking for authorization. See documentation for possible values, separator and default value'.
|
|
key=Key
|
|
#stackoverflow.key.tooltip=The Key obtained from Stack Overflow client registration.
|
|
#openshift.base-url=Base Url
|
|
#openshift.base-url.tooltip=Base Url to OpenShift Online API
|
|
#openshift4.base-url=Base Url
|
|
#openshift4.base-url.tooltip=Base Url to OpenShift Online API
|
|
#gitlab-application-id=Application Id
|
|
#gitlab-application-secret=Application Secret
|
|
#gitlab.application-id.tooltip=Application Id for the application you created in your GitLab Applications account menu
|
|
#gitlab.application-secret.tooltip=Secret for the application that you created in your GitLab Applications account menu
|
|
#gitlab.default-scopes.tooltip=Scopes to ask for on login. Will always ask for openid. Additionally adds api if you do not specify anything.
|
|
#bitbucket-consumer-key=Consumer Key
|
|
#bitbucket-consumer-secret=Consumer Secret
|
|
#bitbucket.key.tooltip=Bitbucket OAuth Consumer Key
|
|
#bitbucket.secret.tooltip=Bitbucket OAuth Consumer Secret
|
|
#bitbucket.default-scopes.tooltip=Scopes to ask for on login. If you do not specify anything, scope defaults to 'email'.
|
|
# User federation
|
|
#sync-ldap-roles-to-keycloak=Sync LDAP Roles To Keycloak
|
|
#sync-keycloak-roles-to-ldap=Sync Keycloak Roles To LDAP
|
|
#sync-ldap-groups-to-keycloak=Sync LDAP Groups To Keycloak
|
|
#sync-keycloak-groups-to-ldap=Sync Keycloak Groups To LDAP
|
|
realms=Realms
|
|
#realm=Realm
|
|
#identity-provider-mappers=Identity Provider Mappers
|
|
#create-identity-provider-mapper=Create Identity Provider Mapper
|
|
#add-identity-provider-mapper=Add Identity Provider Mapper
|
|
#client.description.tooltip=Specifies description of the client. For example 'My Client for TimeSheets'. Supports keys for localized values as well. For example\: ${my_client_description}
|
|
#expires=Expires
|
|
#expiration=Expiration
|
|
#expiration.tooltip=Specifies how long the token should be valid
|
|
#count=Count
|
|
#count.tooltip=Specifies how many clients can be created using the token
|
|
#remainingCount=Remaining Count
|
|
#created=Created
|
|
#back=Back
|
|
#initial-access-tokens=Initial Access Tokens
|
|
#add-initial-access-tokens=Add Initial Access Token
|
|
#initial-access-token=Initial Access Token
|
|
#initial-access.copyPaste.tooltip=Copy/paste the initial access token before navigating away from this page as it's not possible to retrieve later
|
|
#continue=Continue
|
|
#initial-access-token.confirm.title=Copy Initial Access Token
|
|
#initial-access-token.confirm.text=Please copy and paste the initial access token before confirming as it can't be retrieved later
|
|
#no-initial-access-available=No Initial Access Tokens available
|
|
#client-reg-policies=Client Registration Policies
|
|
#client-reg-policy.name.tooltip=Display Name of the policy
|
|
#anonymous-policies=Anonymous Access Policies
|
|
#anonymous-policies.tooltip=Those Policies are used when Client Registration Service is invoked by unauthenticated request. This means request doesn't contain Initial Access Token nor Bearer Token.
|
|
#auth-policies=Authenticated Access Policies
|
|
#auth-policies.tooltip=Those Policies are used when Client Registration Service is invoked by authenticated request. This means request contains Initial Access Token or Bearer Token.
|
|
#policy-name=Policy Name
|
|
#no-client-reg-policies-configured=No Client Registration Policies
|
|
#trusted-hosts.label=Trusted Hosts
|
|
#trusted-hosts.tooltip=List of Hosts, which are trusted and are allowed to invoke Client Registration Service and/or be used as values of Client URIs. You can use hostnames or IP addresses. If you use star at the beginning (for example '*.example.com' ) then whole domain example.com will be trusted.
|
|
#host-sending-registration-request-must-match.label=Host Sending Client Registration Request Must Match
|
|
#host-sending-registration-request-must-match.tooltip=If on, then any request to Client Registration Service is allowed just if it was sent from some trusted host or domain.
|
|
#client-uris-must-match.label=Client URIs Must Match
|
|
#client-uris-must-match.tooltip=If on, then all Client URIs (Redirect URIs and others) are allowed just if they match some trusted host or domain.
|
|
#allowed-protocol-mappers.label=Allowed Protocol Mappers
|
|
#allowed-protocol-mappers.tooltip=Whitelist of allowed protocol mapper providers. If there is an attempt to register client, which contains some protocol mappers, which were not whitelisted, then registration request will be rejected.
|
|
#consent-required-for-all-mappers.label=Consent Required For Mappers
|
|
#consent-required-for-all-mappers.tooltip=If on, then all newly registered protocol mappers will automatically have consentRequired switch on. This means that user will need to approve consent screen. NOTE: Consent screen is shown just if client has consentRequired switch on. So it's usually good to use this switch together with consent-required policy.
|
|
#allowed-client-scopes.label=Allowed Client Scopes
|
|
#allowed-client-scopes.tooltip=Whitelist of the client scopes, which can be used on newly registered client. Attempt to register client with some client scope, which is not whitelisted, will be rejected. By default, the whitelist is either empty or contains just realm default client scopes (based on 'Allow Default Scopes' configuration property)
|
|
#allow-default-scopes.label=Allow Default Scopes
|
|
#allow-default-scopes.tooltip=If on, then newly registered clients will be allowed to have client scopes mentioned in realm default client scopes or realm optional client scopes
|
|
#max-clients.label=Max Clients Per Realm
|
|
#max-clients.tooltip=It won't be allowed to register new client if count of existing clients in realm is same or bigger than configured limit.
|
|
|
|
#client-scopes=Client Scopes
|
|
#client-scopes.tooltip=Client scopes allow you to define common set of protocol mappers and roles, that are shared between multiple clients
|
|
|
|
groups=Gruppen
|
|
|
|
group.add-selected.tooltip=Realm-Rollen die zu der Gruppen hinzugef\u00FCgt werden k\u00F6nnen.
|
|
group.assigned-roles.tooltip=Realm-Rollen die zur Gruppe zugeordnet sind
|
|
#group.effective-roles.tooltip=All realm role mappings. Some roles here might be inherited from a mapped composite role.
|
|
#group.available-roles.tooltip=Assignable roles from this client.
|
|
#group.assigned-roles-client.tooltip=Role mappings for this client.
|
|
#group.effective-roles-client.tooltip=Role mappings for this client. Some roles here might be inherited from a mapped composite role.
|
|
|
|
default-roles=Standardrollen
|
|
no-realm-roles-available=Keine Realm-Rollen verf\u00FCgbar
|
|
|
|
users=Benutzer
|
|
user.add-selected.tooltip=Realm-Rollen, die dem Benutzer zugewiesen werden k\u00F6nnen.
|
|
user.assigned-roles.tooltip=Realm-Rollen, die dem Benutzer zugewiesen sind.
|
|
user.effective-roles.tooltip=Alle Realm-Rollen-Zuweisungen. Einige Rollen hier k\u00F6nnen von zusammengesetzten Rollen geerbt sein.
|
|
#user.available-roles.tooltip=Assignable roles from this client.
|
|
#user.assigned-roles-client.tooltip=Role mappings for this client.
|
|
#user.effective-roles-client.tooltip=Role mappings for this client. Some roles here might be inherited from a mapped composite role.
|
|
#default.available-roles.tooltip=Realm level roles that can be assigned.
|
|
#realm-default-roles=Realm Default Roles
|
|
#realm-default-roles.tooltip=Realm level roles assigned to new users.
|
|
#default.available-roles-client.tooltip=Roles from this client that are assignable as a default.
|
|
#client-default-roles=Client Default Roles
|
|
#client-default-roles.tooltip=Roles from this client assigned as a default role.
|
|
#composite.available-roles.tooltip=Realm level roles that you can associate to this composite role.
|
|
#composite.associated-roles.tooltip=Realm level roles associated with this composite role.
|
|
#composite.available-roles-client.tooltip=Roles from this client that you can associate to this composite role.
|
|
#composite.associated-roles-client.tooltip=Client roles associated with this composite role.
|
|
#partial-import=Partial Import
|
|
#partial-import.tooltip=Partial import allows you to import users, clients, and other resources from a previously exported json file.
|
|
|
|
#file=File
|
|
#exported-json-file=Exported json file
|
|
#import-from-realm=Import from realm
|
|
#import-users=Import users
|
|
#import-groups=Import groups
|
|
#import-clients=Import clients
|
|
#import-identity-providers=Import identity providers
|
|
#import-realm-roles=Import realm roles
|
|
#import-client-roles=Import client roles
|
|
#if-resource-exists=If a resource exists
|
|
#fail=Fail
|
|
#skip=Skip
|
|
#overwrite=Overwrite
|
|
#if-resource-exists.tooltip=Specify what should be done if you try to import a resource that already exists.
|
|
|
|
#partial-export=Partial Export
|
|
#partial-export.tooltip=Partial export allows you to export realm configuration, and other associated resources into a json file.
|
|
#export-groups-and-roles=Export groups and roles
|
|
#export-clients=Export clients
|
|
|
|
action=Aktion
|
|
#role-selector=Role Selector
|
|
#realm-roles.tooltip=Realm roles that can be selected.
|
|
|
|
#select-a-role=Select a role
|
|
#select-realm-role=Select realm role
|
|
#client-roles.tooltip=Client roles that can be selected.
|
|
#select-client-role=Select client role
|
|
|
|
#client-saml-endpoint=Client SAML Endpoint
|
|
#add-client-scope=Add client scope
|
|
|
|
#default-client-scopes=Default Client Scopes
|
|
#default-client-scopes.tooltip=Client Scopes, which will be added automatically to each created client
|
|
#default-client-scopes.default=Default Client Scopes
|
|
#default-client-scopes.default.tooltip=Allow to define client scopes, which will be added as default scopes to each created client
|
|
#default-client-scopes.default.available=Available Client Scopes
|
|
#default-client-scopes.default.available.tooltip=Client scopes, which are not yet assigned as realm default scopes or realm optional scopes
|
|
#default-client-scopes.default.assigned=Assigned Default Client Scopes
|
|
#default-client-scopes.default.assigned.tooltip=Client scopes, which will be added as default scopes to each created client
|
|
#default-client-scopes.optional=Optional Client Scopes
|
|
#default-client-scopes.optional.tooltip=Allow to define client scopes, which will be added as optional scopes to each created client
|
|
#default-client-scopes.optional.available=Available Client Scopes
|
|
#default-client-scopes.optional.available.tooltip=Client scopes, which are not yet assigned as realm default scopes or realm optional scopes
|
|
#default-client-scopes.optional.assigned=Assigned Optional Client Scopes
|
|
#default-client-scopes.optional.assigned.tooltip=Client scopes, which will be added as optional scopes to each created client
|
|
|
|
#client-scopes.setup=Setup
|
|
#client-scopes.setup.tooltip=Allow to setup client scopes linked to this client
|
|
#client-scopes.default=Default Client Scopes
|
|
#client-scopes.default.tooltip=Default client scopes are always applied when issuing tokens for this client. Protocol mappers and role scope mappings are always applied regardless of value of used scope parameter in OIDC Authorization request
|
|
#client-scopes.default.available=Available Client Scopes
|
|
#client-scopes.default.available.tooltip=Client scopes, which are not yet assigned as default scopes or optional scopes
|
|
#client-scopes.default.assigned=Assigned Default Client Scopes
|
|
#client-scopes.default.assigned.tooltip=Client scopes, which will be used as default scopes when generating tokens for this client
|
|
#client-scopes.optional=Optional Client Scopes
|
|
#client-scopes.optional.tooltip=Optional client scopes are applied when issuing tokens for this client, however just in case when they are requested by scope parameter in OIDC Authorization request
|
|
#client-scopes.optional.available=Available Client Scopes
|
|
#client-scopes.optional.available.tooltip=Client scopes, which are not yet assigned as default scopes or optional scopes
|
|
#client-scopes.optional.assigned=Assigned Optional Client Scopes
|
|
#client-scopes.optional.assigned.tooltip=Client scopes, which may be used as optional scopes when generating tokens for this client
|
|
|
|
#client-scopes.evaluate=Evaluate
|
|
#client-scopes.evaluate.tooltip=Allow to see all protocol mappers and role scope mappings, which will be used in the tokens issued to this client. Also allow to generate example access token based on provided scope parameter
|
|
#scope-parameter=Scope Parameter
|
|
#scope-parameter.tooltip=You can copy/paste this value of scope parameter and use it in initial OpenID Connect Authentication Request sent from this client adapter. Default client scopes and selected optional client scopes will be used when generating token issued for this client
|
|
#client-scopes.evaluate.scopes=Client Scopes
|
|
#client-scopes.evaluate.scopes.tooltip=Allow to select optional client scopes, which may be used when generating token issued for this client
|
|
#client-scopes.evaluate.scopes.available=Available Optional Client Scopes
|
|
#client-scopes.evaluate.scopes.available.tooltip=This contains Optional Client Scopes, which can be optionally used when issuing access token for this client
|
|
#client-scopes.evaluate.scopes.assigned=Selected Optional Client Scopes
|
|
#client-scopes.evaluate.scopes.assigned.tooltip=Selected Optional Client Scopes, which will be used when issuing access token for this client. You can see above what value of OAuth Scope Parameter need to be used when you want to have these optional client scopes applied when the initial OpenID Connect Authentication request will be sent from your client adapter
|
|
#client-scopes.evaluate.scopes.effective=Effective Client Scopes
|
|
#client-scopes.evaluate.scopes.effective.tooltip=Contains all default client scopes and selected optional scopes. All protocol mappers and role scope mappings of all those client scopes will be used when generating access token issued for your client
|
|
#client-scopes.evaluate.user.tooltip=Optionally select user, for whom the example access token will be generated. If you don't select any user, then example access token won't be generated during evaluation
|
|
#send-evaluation-request=Evaluate
|
|
#send-evaluation-request.tooltip=Click this to see all protocol mappers and role scope mappings, which will be used when issuing access token for this client. It will also optionally generate example access token in case that some user was selected
|
|
|
|
#evaluated-protocol-mappers=Effective Protocol Mappers
|
|
#evaluated-protocol-mappers.tooltip=Allow you to see all effective protocol mappers, which will be used when issuing token for this client. Contains also protocol mappers of selected optional client scopes. For each protocol mapper, you can see from which client scope it is inherited from
|
|
#evaluated-roles=Effective Role Scope Mappings
|
|
#evaluated-roles.tooltip=Allow you to see all effective roles scope mappings, which will be used when issuing token for this client. Contains also role scope mappings of selected optional client scopes
|
|
#parent-client-scope=Parent Client Scope
|
|
#client-scopes.evaluate.not-granted-roles=Not Granted Roles
|
|
#client-scopes.evaluate.not-granted-roles.tooltip=Client doesn't have scope mappings for these roles. Those roles won't be in the access token issued to this client even if authenticated user is member of them
|
|
#client-scopes.evaluate.granted-realm-effective-roles=Granted Effective Realm Roles
|
|
#client-scopes.evaluate.granted-realm-effective-roles.tooltip=Client has scope mappings for these roles. Those roles will be in the access token issued to this client if authenticated user is member of them
|
|
#client-scopes.evaluate.granted-client-effective-roles=Granted Effective Client Roles
|
|
#generated-access-token=Generated Access Token
|
|
#generated-access-token.tooltip=See the example token, which will be generated and sent to the client when selected user is authenticated. You can see claims and roles, which the token will contain based on the effective protocol mappers and role scope mappings and also based on the claims/roles assigned to user himself
|
|
|
|
manage=Verwalten
|
|
authentication=Authentifizierung
|
|
#user-federation=User Federation
|
|
#user-storage=User Storage
|
|
events=Ereignisse
|
|
realm-settings=Realm-Einstellungen
|
|
configure=Konfigurieren
|
|
select-realm=Realm ausw\u00E4hlen
|
|
add=Hinzuf\u00FCgen
|
|
|
|
#client-storage=Client Storage
|
|
#no-client-storage-providers-configured=No client storage providers configured
|
|
#client-stores.tooltip=Keycloak can retrieve clients and their details from external stores.
|
|
|
|
#client-scope.name.tooltip=Name of the client scope. Must be unique in the realm. Name shouldn't contain space characters as it's used as value of scope parameter
|
|
#client-scope.description.tooltip=Description of the client scope
|
|
#client-scope.protocol.tooltip=Which SSO protocol configuration is being supplied by this client scope
|
|
#client-scope.display-on-consent-screen=Display On Consent Screen
|
|
#client-scope.display-on-consent-screen.tooltip=If on, and this client scope is added to some client with consent required, then the text specified by 'Consent Screen Text' will be displayed on consent screen. If off, then this client scope won't be displayed on consent screen
|
|
#client-scope.consent-screen-text=Consent Screen Text
|
|
#client-scope.consent-screen-text.tooltip=Text, which will be shown on consent screen when this client scope is added to some client with consent required. Defaults to name of client scope if it's not filled
|
|
|
|
#add-user-federation-provider=Add user federation provider
|
|
#add-user-storage-provider=Add user storage provider
|
|
#required-settings=Required Settings
|
|
#provider-id=Provider ID
|
|
#console-display-name=Console Display Name
|
|
#console-display-name.tooltip=Display name of provider when linked in admin console.
|
|
#priority=Priority
|
|
#priority.tooltip=Priority of provider when doing a user lookup. Lowest first.
|
|
#user-storage.enabled.tooltip=If provider is disabled it will not be considered for queries and imported users will be disabled and read-only until the provider is enabled again.
|
|
#sync-settings=Sync Settings
|
|
#periodic-full-sync=Periodic Full Sync
|
|
#periodic-full-sync.tooltip=Does periodic full synchronization of provider users to Keycloak should be enabled or not
|
|
#full-sync-period=Full Sync Period
|
|
#full-sync-period.tooltip=Period for full synchronization in seconds
|
|
#periodic-changed-users-sync=Periodic Changed Users Sync
|
|
#periodic-changed-users-sync.tooltip=Does periodic synchronization of changed or newly created provider users to Keycloak should be enabled or not
|
|
#changed-users-sync-period=Changed Users Sync Period
|
|
#changed-users-sync-period.tooltip=Period for synchronization of changed or newly created provider users in seconds
|
|
#synchronize-changed-users=Synchronize changed users
|
|
#synchronize-all-users=Synchronize all users
|
|
#remove-imported-users=Remove imported
|
|
unlink-users=Benutzer entsperren
|
|
#kerberos-realm=Kerberos Realm
|
|
#kerberos-realm.tooltip=Name of kerberos realm. For example FOO.ORG
|
|
#server-principal=Server Principal
|
|
#server-principal.tooltip=Full name of server principal for HTTP service including server and domain name. For example HTTP/host.foo.org@FOO.ORG
|
|
#keytab=KeyTab
|
|
#keytab.tooltip=Location of Kerberos KeyTab file containing the credentials of server principal. For example /etc/krb5.keytab
|
|
#debug=Debug
|
|
#debug.tooltip=Enable/disable debug logging to standard output for Krb5LoginModule.
|
|
#allow-password-authentication=Allow Password Authentication
|
|
#allow-password-authentication.tooltip=Enable/disable possibility of username/password authentication against Kerberos database
|
|
#edit-mode=Edit Mode
|
|
#edit-mode.tooltip=READ_ONLY means that password updates are not allowed and user always authenticates with Kerberos password. UNSYNCED means user can change his password in Keycloak database and this one will be used instead of Kerberos password then
|
|
#ldap.edit-mode.tooltip=READ_ONLY is a read-only LDAP store. WRITABLE means data will be synced back to LDAP on demand. UNSYNCED means user data will be imported, but not synced back to LDAP.
|
|
#update-profile-first-login=Update Profile First Login
|
|
#update-profile-first-login.tooltip=Update profile on first login
|
|
#sync-registrations=Sync Registrations
|
|
#ldap.sync-registrations.tooltip=Should newly created users be created within LDAP store? Priority effects which provider is chose to sync the new user.
|
|
#import-enabled=Import Users
|
|
#ldap.import-enabled.tooltip=If true, LDAP users will be imported into Keycloak DB and synced via the configured sync policies.
|
|
#vendor=Vendor
|
|
#ldap.vendor.tooltip=LDAP vendor (provider)
|
|
#username-ldap-attribute=Username LDAP attribute
|
|
#ldap-attribute-name-for-username=LDAP attribute name for username
|
|
#username-ldap-attribute.tooltip=Name of LDAP attribute, which is mapped as Keycloak username. For many LDAP server vendors it can be 'uid'. For Active directory it can be 'sAMAccountName' or 'cn'. The attribute should be filled for all LDAP user records you want to import from LDAP to Keycloak.
|
|
#rdn-ldap-attribute=RDN LDAP attribute
|
|
#ldap-attribute-name-for-user-rdn=LDAP attribute name for user RDN
|
|
#rdn-ldap-attribute.tooltip=Name of LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as Username LDAP attribute, however it's not required. For example for Active directory it's common to use 'cn' as RDN attribute when username attribute might be 'sAMAccountName'.
|
|
#uuid-ldap-attribute=UUID LDAP attribute
|
|
#ldap-attribute-name-for-uuid=LDAP attribute name for UUID
|
|
#uuid-ldap-attribute.tooltip=Name of LDAP attribute, which is used as unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors it's 'entryUUID' however some are different. For example for Active directory it should be 'objectGUID'. If your LDAP server really doesn't support the notion of UUID, you can use any other attribute, which is supposed to be unique among LDAP users in tree. For example 'uid' or 'entryDN'.
|
|
#user-object-classes=User Object Classes
|
|
#ldap-user-object-classes.placeholder=LDAP User Object Classes (div. by comma)
|
|
#ldap-connection-url=LDAP connection URL
|
|
#ldap-users-dn=LDAP Users DN
|
|
#ldap-bind-dn=LDAP Bind DN
|
|
#ldap-bind-credentials=LDAP Bind Credentials
|
|
#ldap-filter=LDAP Filter
|
|
#ldap.user-object-classes.tooltip=All values of LDAP objectClass attribute for users in LDAP divided by comma. For example: 'inetOrgPerson, organizationalPerson' . Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records are found just if they contain all those object classes.
|
|
#connection-url=Connection URL
|
|
#ldap.connection-url.tooltip=Connection URL to your LDAP server
|
|
#test-connection=Test connection
|
|
#users-dn=Users DN
|
|
#ldap.users-dn.tooltip=Full DN of LDAP tree where your users are. This DN is parent of LDAP users. It could be for example 'ou=users,dc=example,dc=com' assuming that your typical user will have DN like 'uid=john,ou=users,dc=example,dc=com'
|
|
#authentication-type=Authentication Type
|
|
#ldap.authentication-type.tooltip=LDAP Authentication type. Right now just 'none' (anonymous LDAP authentication) or 'simple' (Bind credential + Bind password authentication) mechanisms are available
|
|
#bind-dn=Bind DN
|
|
#ldap.bind-dn.tooltip=DN of LDAP admin, which will be used by Keycloak to access LDAP server
|
|
#bind-credential=Bind Credential
|
|
#ldap.bind-credential.tooltip=Password of LDAP admin
|
|
#test-authentication=Test authentication
|
|
#custom-user-ldap-filter=Custom User LDAP Filter
|
|
#ldap.custom-user-ldap-filter.tooltip=Additional LDAP Filter for filtering searched users. Leave this empty if you don't need additional filter. Make sure that it starts with '(' and ends with ')'
|
|
#search-scope=Search Scope
|
|
#ldap.search-scope.tooltip=For one level, we search for users just in DNs specified by User DNs. For subtree, we search in whole of their subtree. See LDAP documentation for more details
|
|
#use-truststore-spi=Use Truststore SPI
|
|
#ldap.use-truststore-spi.tooltip=Specifies whether LDAP connection will use the truststore SPI with the truststore configured in standalone.xml/domain.xml. 'Always' means that it will always use it. 'Never' means that it won't use it. 'Only for ldaps' means that it will use if your connection URL use ldaps. Note even if standalone.xml/domain.xml is not configured, the default Java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.
|
|
#validate-password-policy=Validate Password Policy
|
|
#connection-pooling=Connection Pooling
|
|
#connection-pooling-settings=Connection Pooling Settings
|
|
#connection-pooling-authentication=Connection Pooling Authentication
|
|
#connection-pooling-authentication-default=none simple
|
|
#connection-pooling-debug=Connection Pool Debug Level
|
|
#connection-pooling-debug-default=off
|
|
#connection-pooling-initsize=Connection Pool Initial Size
|
|
#connection-pooling-initsize-default=1
|
|
#connection-pooling-maxsize=Connection Pool Maximum Size
|
|
#connection-pooling-maxsize-default=1000
|
|
#connection-pooling-prefsize=Connection Pool Preferred Size
|
|
#connection-pooling-prefsize-default=5
|
|
#connection-pooling-protocol=Connection Pool Protocol
|
|
#connection-pooling-protocol-default=plain
|
|
#connection-pooling-timeout=Connection Pool Timeout
|
|
#connection-pooling-timeout-default=300000
|
|
#ldap-connection-timeout=Connection Timeout
|
|
#ldap.connection-timeout.tooltip=LDAP Connection Timeout in milliseconds
|
|
#ldap-read-timeout=Read Timeout
|
|
#ldap.read-timeout.tooltip=LDAP Read Timeout in milliseconds. This timeout applies for LDAP read operations
|
|
#ldap.validate-password-policy.tooltip=Does Keycloak should validate the password with the realm password policy before updating it
|
|
#ldap.connection-pooling.tooltip=Does Keycloak should use connection pooling for accessing LDAP server
|
|
#ldap.connection-pooling.authentication.tooltip=A list of space-separated authentication types of connections that may be pooled. Valid types are "none", "simple", and "DIGEST-MD5".
|
|
#ldap.connection-pooling.debug.tooltip=A string that indicates the level of debug output to produce. Valid values are "fine" (trace connection creation and removal) and "all" (all debugging information).
|
|
#ldap.connection-pooling.initsize.tooltip=The string representation of an integer that represents the number of connections per connection identity to create when initially creating a connection for the identity.
|
|
#ldap.connection-pooling.maxsize.tooltip=The string representation of an integer that represents the maximum number of connections per connection identity that can be maintained concurrently.
|
|
#ldap.connection-pooling.prefsize.tooltip=The string representation of an integer that represents the preferred number of connections per connection identity that should be maintained concurrently.
|
|
#ldap.connection-pooling.protocol.tooltip=A list of space-separated protocol types of connections that may be pooled. Valid types are "plain" and "ssl".
|
|
#ldap.connection-pooling.timeout.tooltip=The string representation of an integer that represents the number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool.
|
|
#ldap.pagination.tooltip=Does the LDAP server support pagination.
|
|
#kerberos-integration=Kerberos Integration
|
|
#allow-kerberos-authentication=Allow Kerberos authentication
|
|
#ldap.allow-kerberos-authentication.tooltip=Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will be provisioned from this LDAP server
|
|
#use-kerberos-for-password-authentication=Use Kerberos For Password Authentication
|
|
#ldap.use-kerberos-for-password-authentication.tooltip=Use Kerberos login module for authenticate username/password against Kerberos server instead of authenticating against LDAP server with Directory Service API
|
|
#batch-size=Batch Size
|
|
#ldap.batch-size.tooltip=Count of LDAP users to be imported from LDAP to Keycloak within single transaction.
|
|
#ldap.periodic-full-sync.tooltip=Does periodic full synchronization of LDAP users to Keycloak should be enabled or not
|
|
#ldap.periodic-changed-users-sync.tooltip=Does periodic synchronization of changed or newly created LDAP users to Keycloak should be enabled or not
|
|
#ldap.changed-users-sync-period.tooltip=Period for synchronization of changed or newly created LDAP users in seconds
|
|
#user-federation-mappers=User Federation Mappers
|
|
#create-user-federation-mapper=Create user federation mapper
|
|
#add-user-federation-mapper=Add user federation mapper
|
|
#provider-name=Provider Name
|
|
#no-user-federation-providers-configured=No user federation providers configured
|
|
#no-user-storage-providers-configured=No user storage providers configured
|
|
#add-identity-provider=Add identity provider
|
|
#add-identity-provider-link=Add identity provider link
|
|
#identity-provider=Identity Provider
|
|
#identity-provider-user-id=Identity Provider User ID
|
|
#identity-provider-user-id.tooltip=Unique ID of the user on the Identity Provider side
|
|
#identity-provider-username=Identity Provider Username
|
|
#identity-provider-username.tooltip=Username on the Identity Provider side
|
|
#pagination=Pagination
|
|
#browser-flow=Browser Flow
|
|
#browser-flow.tooltip=Select the flow you want to use for browser authentication.
|
|
#registration-flow=Registration Flow
|
|
#registration-flow.tooltip=Select the flow you want to use for registration.
|
|
#direct-grant-flow=Direct Grant Flow
|
|
#direct-grant-flow.tooltip=Select the flow you want to use for direct grant authentication.
|
|
#reset-credentials=Reset Credentials
|
|
#reset-credentials.tooltip=Select the flow you want to use when the user has forgotten their credentials.
|
|
#client-authentication=Client Authentication
|
|
#client-authentication.tooltip=Select the flow you want to use for authentication of clients.
|
|
#docker-auth=Docker Authentication
|
|
#docker-auth.tooltip=Select the flow you want to use for authentication against a docker client.
|
|
new=Neu
|
|
copy=Kopieren
|
|
#add-execution=Add execution
|
|
#add-flow=Add flow
|
|
#auth-type=Auth Type
|
|
#requirement=Requirement
|
|
#config=Config
|
|
#no-executions-available=No executions available
|
|
#authentication-flows=Authentication Flows
|
|
#create-authenticator-config=Create authenticator config
|
|
#authenticator.alias.tooltip=Name of the configuration
|
|
#otp-type=OTP Type
|
|
#time-based=Time Based
|
|
#counter-based=Counter Based
|
|
#otp-type.tooltip=totp is Time-Based One Time Password. 'hotp' is a counter base one time password in which the server keeps a counter to hash against.
|
|
#otp-hash-algorithm=OTP Hash Algorithm
|
|
#otp-hash-algorithm.tooltip=What hashing algorithm should be used to generate the OTP.
|
|
#number-of-digits=Number of Digits
|
|
#otp.number-of-digits.tooltip=How many digits should the OTP have?
|
|
#look-ahead-window=Look Ahead Window
|
|
#otp.look-ahead-window.tooltip=How far ahead should the server look just in case the token generator and server are out of time sync or counter sync?
|
|
#initial-counter=Initial Counter
|
|
#otp.initial-counter.tooltip=What should the initial counter value be?
|
|
#otp-token-period=OTP Token Period
|
|
#otp-token-period.tooltip=How many seconds should an OTP token be valid? Defaults to 30 seconds.
|
|
#otp-supported-applications=Supported Applications
|
|
#otp-supported-applications.tooltip=Applications that are known to work with the current OTP policy
|
|
#table-of-password-policies=Table of Password Policies
|
|
#add-policy.placeholder=Add policy...
|
|
#policy-type=Policy Type
|
|
#policy-value=Policy Value
|
|
#admin-events=Admin Events
|
|
#admin-events.tooltip=Displays saved admin events for the realm. Events are related to admin account, for example a realm creation. To enable persisted events go to config.
|
|
#login-events=Login Events
|
|
#filter=Filter
|
|
#update=Update
|
|
#reset=Reset
|
|
#operation-types=Operation Types
|
|
#resource-types=Resource Types
|
|
#select-operations.placeholder=Select operations...
|
|
#select-resource-types.placeholder=Select resource types...
|
|
#resource-path=Resource Path
|
|
#resource-path.tooltip=Filter by resource path. Supports wildcard '*' (for example 'users/*').
|
|
#date-(from)=Date (From)
|
|
#date-(to)=Date (To)
|
|
#authentication-details=Authentication Details
|
|
ip-address=IP-Adresse
|
|
time=Zeit
|
|
#operation-type=Operation Type
|
|
#resource-type=Resource Type
|
|
#auth=Auth
|
|
#representation=Representation
|
|
register=Registrieren
|
|
#required-action=Required Action
|
|
#default-action=Default Action
|
|
#auth.default-action.tooltip=If enabled, any new user will have this required action assigned to it.
|
|
#no-required-actions-configured=No required actions configured
|
|
#defaults-to-id=Defaults to id
|
|
#flows=Flows
|
|
#bindings=Bindings
|
|
#client-flow-bindings=Authentication Flow Overrides
|
|
#client-flow-bindings.tooltip=Override realm authentication flow bindings.
|
|
#required-actions=Required Actions
|
|
#password-policy=Password Policy
|
|
#otp-policy=OTP Policy
|
|
user-groups=Benutzergruppen
|
|
default-groups=Standardgruppen
|
|
#groups.default-groups.tooltip=Set of groups that new users will automatically join.
|
|
cut=Ausschneiden
|
|
paste=Einf\u00FCgen
|
|
create-group=Gruppe erstellen
|
|
#create-authenticator-execution=Create Authenticator Execution
|
|
#create-form-action-execution=Create Form Action Execution
|
|
#create-top-level-form=Create Top Level Form
|
|
#flow.alias.tooltip=Specifies display name for the flow.
|
|
#top-level-flow-type=Top Level Flow Type
|
|
#flow.generic=generic
|
|
#flow.client=client
|
|
#top-level-flow-type.tooltip=What kind of top level flow is it? Type 'client' is used for authentication of clients (applications) when generic is for users and everything else
|
|
#create-execution-flow=Create Execution Flow
|
|
#flow-type=Flow Type
|
|
#flow.form.type=form
|
|
#flow.generic.type=generic
|
|
#flow-type.tooltip=What kind of form is it
|
|
#form-provider=Form Provider
|
|
#default-groups.tooltip=Newly created or registered users will automatically be added to these groups
|
|
select-a-type.placeholder=Typ ausw\u00E4hlen
|
|
available-groups=Verf\u00FCgbare Gruppen
|
|
#available-groups.tooltip=Select a group you want to add as a default.
|
|
value=Wert
|
|
#table-of-group-members=Table of group members
|
|
#table-of-role-members=Table of role members
|
|
last-name=Nachname
|
|
first-name=Vorname
|
|
email=Email
|
|
toggle-navigation=Navigation ein-/ausschalten
|
|
manage-account=Konto verwalten
|
|
sign-out=Abmelden
|
|
server-info=Server-Info
|
|
#resource-not-found=Resource <strong>not found</strong>...
|
|
#resource-not-found.instruction=We could not find the resource you are looking for. Please make sure the URL you entered is correct.
|
|
#go-to-the-home-page=Go to the home page »
|
|
#page-not-found=Page <strong>not found</strong>...
|
|
#page-not-found.instruction=We could not find the page you are looking for. Please make sure the URL you entered is correct.
|
|
#events.tooltip=Displays saved events for the realm. Events are related to user accounts, for example a user login. To enable persisted events go to config.
|
|
#select-event-types.placeholder=Select event types...
|
|
#events-config.tooltip=Displays configuration options to enable persistence of user and admin events.
|
|
select-an-action.placeholder=Aktion w\u00E4hlen...
|
|
#event-listeners.tooltip=Configure what listeners receive events for the realm.
|
|
#login.save-events.tooltip=If enabled login events are saved to the database which makes events available to the admin and account management consoles.
|
|
#clear-events.tooltip=Deletes all events in the database.
|
|
#events.expiration.tooltip=Sets the expiration for events. Expired events are periodically deleted from the database.
|
|
#admin-events-settings=Admin Events Settings
|
|
#save-events=Save Events
|
|
#admin.save-events.tooltip=If enabled admin events are saved to the database which makes events available to the admin console.
|
|
#saved-types.tooltip=Configure what event types are saved.
|
|
#include-representation=Include Representation
|
|
#include-representation.tooltip=Include JSON representation for create and update requests.
|
|
#clear-admin-events.tooltip=Deletes all admin events in the database.
|
|
#server-version=Server Version
|
|
#server-profile=Server Profile
|
|
#server-disabled=Server Disabled Features
|
|
#info=Info
|
|
#providers=Providers
|
|
#server-time=Server Time
|
|
#server-uptime=Server Uptime
|
|
#memory=Memory
|
|
#total-memory=Total Memory
|
|
#free-memory=Free Memory
|
|
#used-memory=Used Memory
|
|
#system=System
|
|
#current-working-directory=Current Working Directory
|
|
#java-version=Java Version
|
|
#java-vendor=Java Vendor
|
|
#java-runtime=Java Runtime
|
|
#java-vm=Java VM
|
|
#java-vm-version=Java VM Version
|
|
#java-home=Java Home
|
|
#user-name=User Name
|
|
#user-timezone=User Timezone
|
|
#user-locale=User Locale
|
|
#system-encoding=System Encoding
|
|
#operating-system=Operating System
|
|
#os-architecture=OS Architecture
|
|
#spi=SPI
|
|
granted-client-scopes=Gew\u00E4hrte Client-Scopes
|
|
additional-grants=Zus\u00E4tzliche Befugnisse
|
|
consent-created-date=Erstellt
|
|
consent-last-updated-date=Zuletzt aktualisiert
|
|
revoke=Widerrufen
|
|
new-password=Neues Passwort
|
|
password-confirmation=Passwort best\u00E4tigen
|
|
reset-password=Passwort zur\u00FCcksetzen
|
|
credentials.temporary.tooltip=Wenn eingeschaltet, ist der Benutzer beim n\u00E4chsten Login aufgefordert, dass Passwort zu \u00E4ndern.
|
|
#remove-totp=Remove OTP
|
|
#credentials.remove-totp.tooltip=Remove one time password generator for user.
|
|
reset-actions=Zur\u00FCcksetz-Aktionen
|
|
credentials.reset-actions.tooltip=Liste von Aktionen, die der Benutzer ausf\u00FChren soll, wenn er eine E-Mail zum Zur\u00FCcksetzen des Passworts erh\u00E4lt. 'Verify email' sendet bem Benutzer eine E-Mail um seine E-Mail-Adresse zu verifizieren. 'Update profile' verlangt vom Benutzer, dass er seine Profil-Informationen eingibt. 'Update password' verlangt vom Benutzer, dass er ein neues Passwort definiert. 'Configure OTP' verlangt vom Benutzer, dass er einen mobilen Passwort-Generator aufsetzt.
|
|
reset-actions-email=E-Mail zum Zur\u00FCcksetzen des Passworts senden
|
|
send-email=E-Mail senden
|
|
credentials.reset-actions-email.tooltip=Sendet eine E-Mail an den Benutzer mit einem eingebetteten Link. Wenn der Benutzer auf den Link klickt, kann er die Zur\u00FCcksetz-Aktion auszuf\u00FChren. Vorher muss sich der Benutzer nicht einloggen. Z.B. kann die Aktion 'update password' ausgew\u00E4hlt werden und dieser Button geklickt werden. Der Benutzer kann dann sein Passwort \u00E4ndern, ohne sich einzuloggen.
|
|
add-user=Benutzer hinzuf\u00FCgen
|
|
created-at=Erstellt am
|
|
user-enabled=Benutzer aktiv
|
|
user-enabled.tooltip=Ein deaktivierter Benutzer kann sich nicht einloggen
|
|
user-temporarily-locked=Benutzer tempor\u00E4r gesperrt
|
|
user-temporarily-locked.tooltip=Der Benutzer wurde vor\u00FCbergehend wegen zuvieler ung\u00FCltiger Loginversuche gesperrt.
|
|
unlock-user=Benutzer entsperren
|
|
#federation-link=Federation Link
|
|
email-verified=E-Mail verifiziert
|
|
email-verified.tooltip=Wurde die E-Mail des Benutzers verifiziert?
|
|
required-user-actions=Verlangte Benutzeraktionen
|
|
required-user-actions.tooltip=Verlangt eine Aktion wenn sich der Benutzer einloggt. 'E-Mail Verifizieren' sendet eine E-Mail an den Benutzer, um die G\u00FCltigkeit seiner E-Mailadresse zu pr\u00FCfen. 'Profil aktualisieren' verlangt, dass Benutzer ihre pers\u00F6nlichen Angaben eingeben. 'Passwort aktualisieren' zwingt Benutzer ein neues Passwort zu setzen. 'OTP konfigurieren' zwingt Benutzer einen mobilen Passwort-Generator einzurichten (i.e. Google Authenticator)
|
|
locale=Locale
|
|
#select-one.placeholder=Select one...
|
|
#impersonate=Impersonate
|
|
#impersonate-user=Impersonate user
|
|
#impersonate-user.tooltip=Login as this user. If user is in same realm as you, your current login session will be logged out before you are logged in as this user.
|
|
#identity-provider-alias=Identity Provider Alias
|
|
#provider-user-id=Provider User ID
|
|
#provider-username=Provider Username
|
|
#no-identity-provider-links-available=No identity provider links available
|
|
group-membership=Gruppen-Mitglied
|
|
leave=Verlassen
|
|
#group-membership.tooltip=Groups user is a member of. Select a listed group and click the Leave button to leave the group.
|
|
#membership.available-groups.tooltip=Groups a user can join. Select a group and click the join button.
|
|
#table-of-realm-users=Table of Realm Users
|
|
view-all-users=Zeige alle Benutzer
|
|
view-all-groups=Zeige alle Rollen
|
|
unlock-users=Benutzer entsperren
|
|
no-users-available=Keine Benutzer verf\u00FCgbar
|
|
#users.instruction=Please enter a search, or click on view all users
|
|
consents=Einwilligungen
|
|
started=Gestartet
|
|
logout-all-sessions=Alle Sessions ausloggen
|
|
logout=Ausloggen
|
|
new-name=Neuer Name
|
|
ok=Ok
|
|
attributes=Attribute
|
|
role-mappings=Rollenzuweisungen
|
|
members=Mitglieder
|
|
details=Details
|
|
#identity-provider-links=Identity Provider Links
|
|
#register-required-action=Register required action
|
|
gender=Geschlecht
|
|
address=Adresse
|
|
phone=Telefon
|
|
#profile-url=Profile URL
|
|
#picture-url=Picture URL
|
|
#website=Website
|
|
#import-keys-and-cert=Import keys and cert
|
|
#import-keys-and-cert.tooltip=Upload the client's key pair and cert.
|
|
#upload-keys=Upload Keys
|
|
#download-keys-and-cert=Download keys and cert
|
|
#no-value-assigned.placeholder=No value assigned
|
|
remove=Entfernen
|
|
#no-group-members=No group members
|
|
#no-role-members=No role members
|
|
temporary=Tempor\u00E4r
|
|
join=Beitreten
|
|
#event-type=Event Type
|
|
#events-config=Events Config
|
|
#event-listeners=Event Listeners
|
|
#login-events-settings=Login Events Settings
|
|
#clear-events=Clear events
|
|
#saved-types=Saved Types
|
|
#clear-admin-events=Clear admin events
|
|
#clear-changes=Clear changes
|
|
#error=Error
|
|
# Authz
|
|
# Authz Common
|
|
#authz-authorization=Authorization
|
|
#authz-owner=Owner
|
|
#authz-uri=URI
|
|
#authz-uris=URIS
|
|
#authz-scopes=Scopes
|
|
#authz-resource=Resource
|
|
#authz-resource-type=Resource Type
|
|
#authz-resources=Resources
|
|
#authz-scope=Scope
|
|
#authz-authz-scopes=Authorization Scopes
|
|
#authz-policies=Policies
|
|
#authz-policy=Policy
|
|
#authz-permissions=Permissions
|
|
#authz-users=Users in Role
|
|
#authz-evaluate=Evaluate
|
|
#authz-icon-uri=Icon URI
|
|
#authz-icon-uri.tooltip=An URI pointing to an icon.
|
|
#authz-select-scope=Select a scope
|
|
#authz-select-resource=Select a resource
|
|
#authz-associated-policies=Associated Policies
|
|
#authz-any-resource=Any resource
|
|
#authz-any-scope=Any scope
|
|
#authz-any-role=Any role
|
|
#authz-policy-evaluation=Policy Evaluation
|
|
#authz-select-client=Select a client
|
|
#authz-select-user=Select a user
|
|
#authz-entitlements=Entitlements
|
|
#authz-no-resources=No resources
|
|
#authz-result=Result
|
|
#authz-authorization-services-enabled=Authorization Enabled
|
|
#authz-authorization-services-enabled.tooltip=Enable/Disable fine-grained authorization support for a client
|
|
#authz-required=Required
|
|
#authz-show-details=Show Details
|
|
#authz-hide-details=Hide Details
|
|
#authz-associated-permissions=Associated Permissions
|
|
#authz-no-permission-associated=No permissions associated
|
|
# Authz Settings
|
|
#authz-import-config.tooltip=Import a JSON file containing authorization settings for this resource server.
|
|
#authz-policy-enforcement-mode=Policy Enforcement Mode
|
|
#authz-policy-enforcement-mode.tooltip=The policy enforcement mode dictates how policies are enforced when evaluating authorization requests. 'Enforcing' means requests are denied by default even when there is no policy associated with a given resource. 'Permissive' means requests are allowed even when there is no policy associated with a given resource. 'Disabled' completely disables the evaluation of policies and allows access to any resource.
|
|
#authz-policy-enforcement-mode-enforcing=Enforcing
|
|
#authz-policy-enforcement-mode-permissive=Permissive
|
|
#authz-policy-enforcement-mode-disabled=Disabled
|
|
#authz-remote-resource-management=Remote Resource Management
|
|
#authz-remote-resource-management.tooltip=Should resources be managed remotely by the resource server? If false, resources can be managed only from this admin console.
|
|
#authz-export-settings=Export Settings
|
|
#authz-export-settings.tooltip=Export and download all authorization settings for this resource server.
|
|
# Authz Resource List
|
|
#authz-no-resources-available=No resources available.
|
|
#authz-no-scopes-assigned=No scopes assigned.
|
|
#authz-no-type-defined=No type defined.
|
|
#authz-no-uri-defined=No URI defined.
|
|
#authz-no-permission-assigned=No permission assigned.
|
|
#authz-no-policy-assigned=No policy assigned.
|
|
#authz-create-permission=Create Permission
|
|
# Authz Resource Detail
|
|
#authz-add-resource=Add Resource
|
|
#authz-resource-name.tooltip=A unique name for this resource. The name can be used to uniquely identify a resource, useful when querying for a specific resource.
|
|
#authz-resource-owner.tooltip=The owner of this resource.
|
|
#authz-resource-type.tooltip=The type of this resource. It can be used to group different resource instances with the same type.
|
|
#authz-resource-uri.tooltip=Set of URIs which are protected by resource.
|
|
#authz-resource-scopes.tooltip=The scopes associated with this resource.
|
|
#authz-resource-attributes=Resource Attributes
|
|
#authz-resource-attributes.tooltip=The attributes associated wth the resource.
|
|
#authz-resource-user-managed-access-enabled=User-Managed Access Enabled
|
|
#authz-resource-user-managed-access-enabled.tooltip=If enabled this access to this resource can be managed by the resource owner.
|
|
|
|
# Authz Scope List
|
|
#authz-add-scope=Add Scope
|
|
#authz-no-scopes-available=No scopes available.
|
|
# Authz Scope Detail
|
|
#authz-scope-name.tooltip=A unique name for this scope. The name can be used to uniquely identify a scope, useful when querying for a specific scope.
|
|
# Authz Policy List
|
|
#authz-all-types=All types
|
|
#authz-create-policy=Create Policy
|
|
#authz-no-policies-available=No policies available.
|
|
# Authz Policy Detail
|
|
#authz-policy-name.tooltip=The name of this policy.
|
|
#authz-policy-description.tooltip=A description for this policy.
|
|
#authz-policy-logic=Logic
|
|
#authz-policy-logic-positive=Positive
|
|
#authz-policy-logic-negative=Negative
|
|
#authz-policy-logic.tooltip=The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
|
|
#authz-policy-apply-policy=Apply Policy
|
|
#authz-policy-apply-policy.tooltip=Specifies all the policies that must be applied to the scopes defined by this policy or permission.
|
|
#authz-policy-decision-strategy=Decision Strategy
|
|
#authz-policy-decision-strategy.tooltip=The decision strategy dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. 'Affirmative' means that at least one policy must evaluate to a positive decision in order for the final decision to be also positive. 'Unanimous' means that all policies must evaluate to a positive decision in order for the final decision to be also positive. 'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.
|
|
#authz-policy-decision-strategy-affirmative=Affirmative
|
|
#authz-policy-decision-strategy-unanimous=Unanimous
|
|
#authz-policy-decision-strategy-consensus=Consensus
|
|
#authz-select-a-policy=Select existing policy
|
|
#authz-no-policies-assigned=No policies assigned.
|
|
# Authz Role Policy Detail
|
|
#authz-add-role-policy=Add Role Policy
|
|
#authz-no-roles-assigned=No roles assigned.
|
|
#authz-policy-role-realm-roles.tooltip=Specifies the *realm* roles allowed by this policy.
|
|
#authz-policy-role-clients.tooltip=Selects a client in order to filter the client roles that can be applied to this policy.
|
|
#authz-policy-role-client-roles.tooltip=Specifies the client roles allowed by this policy.
|
|
# Authz User Policy Detail
|
|
#authz-add-user-policy=Add User Policy
|
|
#authz-no-users-assigned=No users assigned.
|
|
#authz-policy-user-users.tooltip=Specifies which user(s) are allowed by this policy.
|
|
# Authz Client Policy Detail
|
|
#authz-add-client-policy=Add Client Policy
|
|
#authz-no-clients-assigned=No clients assigned.
|
|
#authz-policy-client-clients.tooltip=Specifies which client(s) are allowed by this policy.
|
|
# Authz Time Policy Detail
|
|
#authz-add-time-policy=Add Time Policy
|
|
#authz-policy-time-not-before.tooltip=Defines the time before which the policy MUST NOT be granted. Only granted if current date/time is after or equal to this value.
|
|
#authz-policy-time-not-on-after=Not On or After
|
|
#authz-policy-time-not-on-after.tooltip=Defines the time after which the policy MUST NOT be granted. Only granted if current date/time is before or equal to this value.
|
|
#authz-policy-time-day-month=Day of Month
|
|
#authz-policy-time-day-month.tooltip=Defines the day of month which the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current day of month is between or equal to the two values you provided.
|
|
#authz-policy-time-month=Month
|
|
#authz-policy-time-month.tooltip=Defines the month which the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current month is between or equal to the two values you provided.
|
|
#authz-policy-time-year=Year
|
|
#authz-policy-time-year.tooltip=Defines the year which the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current year is between or equal to the two values you provided.
|
|
#authz-policy-time-hour=Hour
|
|
#authz-policy-time-hour.tooltip=Defines the hour which the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current hour is between or equal to the two values you provided.
|
|
#authz-policy-time-minute=Minute
|
|
#authz-policy-time-minute.tooltip=Defines the minute which the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current minute is between or equal to the two values you provided.
|
|
# Authz Drools Policy Detail
|
|
#authz-add-drools-policy=Add Rules Policy
|
|
#authz-policy-drools-maven-artifact-resolve=Resolve
|
|
#authz-policy-drools-maven-artifact=Policy Maven Artifact
|
|
#authz-policy-drools-maven-artifact.tooltip=A Maven GAV pointing to an artifact from where the rules would be loaded from. Once you have provided the GAV, you can click *Resolve* to load both *Module* and *Session* fields.
|
|
#authz-policy-drools-module=Module
|
|
#authz-policy-drools-module.tooltip=The module used by this policy. You must provide a module in order to select a specific session from where rules will be loaded from.
|
|
#authz-policy-drools-session=Session
|
|
#authz-policy-drools-session.tooltip=The session used by this policy. The session provides all the rules to evaluate when processing the policy.
|
|
#authz-policy-drools-update-period=Update Period
|
|
#authz-policy-drools-update-period.tooltip=Specifies an interval for scanning for artifact updates.
|
|
# Authz JS Policy Detail
|
|
#authz-add-js-policy=Add JavaScript Policy
|
|
#authz-policy-js-code=Code
|
|
#authz-policy-js-code.tooltip=The JavaScript code providing the conditions for this policy.
|
|
# Authz Aggregated Policy Detail
|
|
#authz-aggregated=Aggregated
|
|
#authz-add-aggregated-policy=Add Aggregated Policy
|
|
# Authz Group Policy Detail
|
|
#authz-add-group-policy=Add Group Policy
|
|
#authz-no-groups-assigned=No groups assigned.
|
|
#authz-policy-group-claim=Groups Claim
|
|
#authz-policy-group-claim.tooltip=If defined, the policy will fetch user's groups from the given claim within an access token or ID token representing the identity asking permissions. If not defined, user's groups are obtained from your realm configuration.
|
|
#authz-policy-group-groups.tooltip=Specifies the groups allowed by this policy.
|
|
|
|
# Authz Permission List
|
|
#authz-no-permissions-available=No permissions available.
|
|
|
|
# Authz Permission Detail
|
|
#authz-permission-name.tooltip=The name of this permission.
|
|
#authz-permission-description.tooltip=A description for this permission.
|
|
|
|
# Authz Resource Permission Detail
|
|
#authz-add-resource-permission=Add Resource Permission
|
|
#authz-permission-resource-apply-to-resource-type=Apply to Resource Type
|
|
#authz-permission-resource-apply-to-resource-type.tooltip=Specifies if this permission would be applied to all resources with a given type. In this case, this permission will be evaluated for all instances of a given resource type.
|
|
#authz-permission-resource-resource.tooltip=Specifies that this permission must be applied to a specific resource instance.
|
|
#authz-permission-resource-type.tooltip=Specifies that this permission must be applied to all resources instances of a given type.
|
|
|
|
# Authz Scope Permission Detail
|
|
#authz-add-scope-permission=Add Scope Permission
|
|
#authz-permission-scope-resource.tooltip=Restrict the scopes to those associated with the selected resource. If not selected all scopes would be available.
|
|
#authz-permission-scope-scope.tooltip=Specifies that this permission must be applied to one or more scopes.
|
|
|
|
# Authz Evaluation
|
|
#authz-evaluation-identity-information=Identity Information
|
|
#authz-evaluation-identity-information.tooltip=The available options to configure the identity information that will be used when evaluating policies.
|
|
#authz-evaluation-client.tooltip=Select the client making this authorization request. If not provided, authorization requests would be done based on the client you are in.
|
|
#authz-evaluation-user.tooltip=Select a user whose identity is going to be used to query permissions from the server.
|
|
#authz-evaluation-role.tooltip=Select the roles you want to associate with the selected user.
|
|
#authz-evaluation-new=New Evaluation
|
|
#authz-evaluation-re-evaluate=Re-Evaluate
|
|
#authz-evaluation-previous=Previous Evaluation
|
|
#authz-evaluation-contextual-info=Contextual Information
|
|
#authz-evaluation-contextual-info.tooltip=The available options to configure any contextual information that will be used when evaluating policies.
|
|
#authz-evaluation-contextual-attributes=Contextual Attributes
|
|
#authz-evaluation-contextual-attributes.tooltip=Any attribute provided by a running environment or execution context.
|
|
#authz-evaluation-permissions.tooltip=The available options to configure the permissions to which policies will be applied.
|
|
#authz-evaluation-evaluate=Evaluate
|
|
#authz-evaluation-any-resource-with-scopes=Any resource with scope(s)
|
|
#authz-evaluation-no-result=Could not obtain any result for the given authorization request. Check if the provided resource(s) or scope(s) are associated with any policy.
|
|
#authz-evaluation-no-policies-resource=No policies were found for this resource.
|
|
#authz-evaluation-result.tooltip=The overall result for this permission request.
|
|
#authz-evaluation-scopes.tooltip=The list of allowed scopes.
|
|
#authz-evaluation-policies.tooltip=Details about which policies were evaluated and their decisions.
|
|
#authz-evaluation-authorization-data=Response
|
|
#authz-evaluation-authorization-data.tooltip=Represents a token carrying authorization data as a result of the processing of an authorization request. This representation is basically what Keycloak issues to clients asking for permissions. Check the 'authorization' claim for the permissions that were granted based on the current authorization request.
|
|
#authz-show-authorization-data=Show Authorization Data
|
|
|
|
keys=Keys
|
|
status=Status
|
|
#keystore=Keystore
|
|
#keystores=Keystores
|
|
#add-keystore=Add Keystore
|
|
#add-keystore.placeholder=Add keystore...
|
|
#view=View
|
|
active=Aktiv
|
|
#passive=Passive
|
|
#disabled=Disabled
|
|
#algorithms=Algorithms
|
|
#providerHelpText=Provider description
|
|
|
|
Sunday=Sonntag
|
|
Monday=Montag
|
|
Tuesday=Dienstag
|
|
Wednesday=Mittwoch
|
|
Thursday=Donnerstag
|
|
Friday=Freitag
|
|
Saturday=Samstag
|
|
|
|
#user-storage-cache-policy=Cache Settings
|
|
#userStorage.cachePolicy=Cache Policy
|
|
#userStorage.cachePolicy.option.DEFAULT=DEFAULT
|
|
#userStorage.cachePolicy.option.EVICT_WEEKLY=EVICT_WEEKLY
|
|
#userStorage.cachePolicy.option.EVICT_DAILY=EVICT_DAILY
|
|
#userStorage.cachePolicy.option.MAX_LIFESPAN=MAX_LIFESPAN
|
|
#userStorage.cachePolicy.option.NO_CACHE=NO_CACHE
|
|
#userStorage.cachePolicy.tooltip=Cache Policy for this storage provider. 'DEFAULT' is whatever the default settings are for the global cache. 'EVICT_DAILY' is a time of day every day that the cache will be invalidated. 'EVICT_WEEKLY' is a day of the week and time the cache will be invalidated. 'MAX-LIFESPAN' is the time in milliseconds that will be the lifespan of a cache entry.
|
|
#userStorage.cachePolicy.evictionDay=Eviction Day
|
|
#userStorage.cachePolicy.evictionDay.tooltip=Day of the week the entry will become invalid on
|
|
#userStorage.cachePolicy.evictionHour=Eviction Hour
|
|
#userStorage.cachePolicy.evictionHour.tooltip=Hour of day the entry will become invalid on.
|
|
#userStorage.cachePolicy.evictionMinute=Eviction Minute
|
|
#userStorage.cachePolicy.evictionMinute.tooltip=Minute of day the entry will become invalid on.
|
|
#userStorage.cachePolicy.maxLifespan=Max Lifespan
|
|
#userStorage.cachePolicy.maxLifespan.tooltip=Max lifespan of cache entry in milliseconds.
|
|
#user-origin-link=Storage Origin
|
|
#user-origin.tooltip=UserStorageProvider the user was loaded from
|
|
#user-link.tooltip=UserStorageProvider this locally stored user was imported from.
|
|
#client-origin-link=Storage Origin
|
|
#client-origin.tooltip=Provider the client was loaded from
|
|
|
|
#client-storage-cache-policy=Cache Settings
|
|
#clientStorage.cachePolicy=Cache Policy
|
|
#clientStorage.cachePolicy.option.DEFAULT=DEFAULT
|
|
#clientStorage.cachePolicy.option.EVICT_WEEKLY=EVICT_WEEKLY
|
|
#clientStorage.cachePolicy.option.EVICT_DAILY=EVICT_DAILY
|
|
#clientStorage.cachePolicy.option.MAX_LIFESPAN=MAX_LIFESPAN
|
|
#clientStorage.cachePolicy.option.NO_CACHE=NO_CACHE
|
|
#clientStorage.cachePolicy.tooltip=Cache Policy for this storage provider. 'DEFAULT' is whatever the default settings are for the global cache. 'EVICT_DAILY' is a time of day every day that the cache will be invalidated. 'EVICT_WEEKLY' is a day of the week and time the cache will be invalidated. 'MAX-LIFESPAN' is the time in milliseconds that will be the lifespan of a cache entry.
|
|
#clientStorage.cachePolicy.evictionDay=Eviction Day
|
|
#clientStorage.cachePolicy.evictionDay.tooltip=Day of the week the entry will become invalid on
|
|
#clientStorage.cachePolicy.evictionHour=Eviction Hour
|
|
#clientStorage.cachePolicy.evictionHour.tooltip=Hour of day the entry will become invalid on.
|
|
#clientStorage.cachePolicy.evictionMinute=Eviction Minute
|
|
#clientStorage.cachePolicy.evictionMinute.tooltip=Minute of day the entry will become invalid on.
|
|
#clientStorage.cachePolicy.maxLifespan=Max Lifespan
|
|
#clientStorage.cachePolicy.maxLifespan.tooltip=Max lifespan of cache entry in milliseconds.
|
|
|
|
#client-storage-list-no-entries=Keycloak can federate external client databases. Out of the box we have support for Openshift OAuth clients and service accounts. To get started select a provider from the dropdown below:
|
|
|
|
|
|
disable=Deaktivieren
|
|
disableable-credential-types=Deaktivierbare Typen
|
|
credentials.disableable.tooltip=Liste von Zugangstypen, die deaktiviert werden k\u00F6nnen.
|
|
disable-credential-types=Zugangstypen deaktivieren
|
|
credentials.disable.tooltip=Dr\u00FCcken Sie den Button, um die ausgew\u00E4hlten Zugangstypen zu sperren.
|
|
credential-types=Zugangstypen
|
|
manage-user-password=Zugang verwalten
|
|
disable-credentials=Zugang deaktivieren
|
|
credential-reset-actions=Zugang zur\u00FCcksetzen
|
|
credential-reset-actions-timeout=L\u00E4uft ab in
|
|
credential-reset-actions-timeout.tooltip=Maximale Zeit in der die Aktion zugelassen ist.
|
|
#ldap-mappers=LDAP Mappers
|
|
#create-ldap-mapper=Create LDAP mapper
|
|
#map-role-mgmt-scope-description=Policies that decide if an admin can map this role to a user or group
|
|
#manage-authz-users-scope-description=Policies that decide if an admin can manage all users in the realm
|
|
#view-authz-users-scope-description=Policies that decide if an admin can view all users in realm
|
|
permissions-enabled-role=Berechtigungen aktiv
|
|
permissions-enabled-role.tooltip=Legt fest, ob feingranulare Berechtigungen f\u00FCr diese Rolle aktiv sein sollen. Wird diese Option deaktiviert, werden alle aktuell aufgesetzten Berechtigungen gel\u00F6scht.
|
|
manage-permissions-role.tooltip=Feingranulare Berechtigungen f\u00FCr Rollen. Zum Beispiel k\u00F6nnen Berechtigungen eingerichtet werden, die festlegen, wer berechtigt, ist eine Rolle zuzuweisen.
|
|
lookup=Suche
|
|
manage-permissions-users.tooltip=Feingranulare Berechtigungen f\u00FCr alle Benutzer in diesem Realm. Es k\u00F6nnen verschiedene Einstellungen definiert werden, wer in diesem Realm berechtigt ist, Benutzer zu verwalten.
|
|
permissions-enabled-users=Berechtigungen aktiv
|
|
permissions-enabled-users.tooltip=Legt fest, ob feingranulare Berechtigungen f\u00FCr Benutzer aktiv sein sollen. Wird diese Option deaktiviert, werden alle aktuell aufgesetzten Berechtigungen gel\u00F6scht.
|
|
#manage-permissions-client.tooltip=Fine grain permissions for admins that want to manage this client or apply roles defined by this client.
|
|
#manage-permissions-group.tooltip=Fine grain permissions for admins that want to manage this group or the members of this group.
|
|
#manage-authz-group-scope-description=Policies that decide if an admin can manage this group
|
|
#view-authz-group-scope-description=Policies that decide if an admin can view this group
|
|
#view-members-authz-group-scope-description=Policies that decide if an admin can manage the members of this group
|
|
#token-exchange-authz-client-scope-description=Policies that decide which clients are allowed exchange tokens for a token that is targeted to this client.
|
|
#token-exchange-authz-idp-scope-description=Policies that decide which clients are allowed exchange tokens for an external token minted by this identity provider.
|
|
#manage-authz-client-scope-description=Policies that decide if an admin can manage this client
|
|
#configure-authz-client-scope-description=Reduced management permissions for admin. Cannot set scope, template, or protocol mappers.
|
|
#view-authz-client-scope-description=Policies that decide if an admin can view this client
|
|
#map-roles-authz-client-scope-description=Policies that decide if an admin can map roles defined by this client
|
|
#map-roles-client-scope-authz-client-scope-description=Policies that decide if an admin can apply roles defined by this client to the client scope of another client
|
|
#map-roles-composite-authz-client-scope-description=Policies that decide if an admin can apply roles defined by this client as a composite to another role
|
|
#map-role-authz-role-scope-description=Policies that decide if an admin can map this role to a user or group
|
|
#map-role-client-scope-authz-role-scope-description=Policies that decide if an admin can apply this role to the client scope of a client
|
|
#map-role-composite-authz-role-scope-description=Policies that decide if an admin can apply this role as a composite to another role
|
|
#manage-group-membership-authz-users-scope-description=Policies that decide if an admin can manage group membership for all users in the realm. This is used in conjunction with specific group policy
|
|
#impersonate-authz-users-scope-description=Policies that decide if admin can impersonate other users
|
|
#map-roles-authz-users-scope-description=Policies that decide if admin can map roles for all users
|
|
#user-impersonated-authz-users-scope-description=Policies that decide which users can be impersonated. These policies are applied to the user being impersonated.
|
|
#manage-membership-authz-group-scope-description=Policies that decide if admin can add or remove users from this group
|
|
#manage-members-authz-group-scope-description=Policies that decide if an admin can manage the members of this group
|
|
|
|
# KEYCLOAK-6771 Certificate Bound Token
|
|
# https://tools.ietf.org/html/draft-ietf-oauth-mtls-08#section-3
|
|
#advanced-client-settings=Advanced Settings
|
|
#advanced-client-settings.tooltip=Expand this section to configure advanced settings of this client
|
|
#tls-client-certificate-bound-access-tokens=OAuth 2.0 Mutual TLS Certificate Bound Access Tokens Enabled
|
|
#tls-client-certificate-bound-access-tokens.tooltip=This enables support for OAuth 2.0 Mutual TLS Certificate Bound Access Tokens, which means that keycloak bind an access token and a refresh token with a X.509 certificate of a token requesting client exchanged in mutual TLS between keycloak's Token Endpoint and this client. These tokens can be treated as Holder-of-Key tokens instead of bearer tokens.
|
|
#subjectdn=Subject DN
|
|
#subjectdn-tooltip=A regular expression for validating Subject DN in the Client Certificate. Use "(.*?)(?:$)" to match all kind of expressions.
|