aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Magorsch <arzano@gentoo.org>2020-05-22 16:57:43 +0200
committerMax Magorsch <arzano@gentoo.org>2020-05-22 16:57:43 +0200
commita005ba8e29ff68950bc6b9c93898ddb34fb25d60 (patch)
tree24e4051efc3e19c04095aa0ce3695c5c7dd43110
downloadtyrian-keycloak-theme-a005ba8e29ff68950bc6b9c93898ddb34fb25d60.tar.gz
tyrian-keycloak-theme-a005ba8e29ff68950bc6b9c93898ddb34fb25d60.tar.bz2
tyrian-keycloak-theme-a005ba8e29ff68950bc6b9c93898ddb34fb25d60.zip
Initial version of the theme
Please note that this is currently still a WIP and likely to change a lot in future. Signed-off-by: Max Magorsch <arzano@gentoo.org>
-rw-r--r--README.md6
-rw-r--r--account/account.ftl70
-rw-r--r--account/applications.ftl76
-rw-r--r--account/federatedIdentity.ftl42
-rw-r--r--account/log.ftl35
-rw-r--r--account/messages/messages_ca.properties147
-rw-r--r--account/messages/messages_de.properties169
-rw-r--r--account/messages/messages_en.properties358
-rw-r--r--account/messages/messages_es.properties147
-rw-r--r--account/messages/messages_fr.properties166
-rw-r--r--account/messages/messages_it.properties153
-rw-r--r--account/messages/messages_ja.properties352
-rw-r--r--account/messages/messages_lt.properties154
-rw-r--r--account/messages/messages_nl.properties133
-rw-r--r--account/messages/messages_no.properties165
-rw-r--r--account/messages/messages_pl.properties1
-rw-r--r--account/messages/messages_pt_BR.properties149
-rw-r--r--account/messages/messages_ru.properties155
-rw-r--r--account/messages/messages_sk.properties196
-rw-r--r--account/messages/messages_sv.properties150
-rw-r--r--account/messages/messages_tr.properties341
-rw-r--r--account/messages/messages_zh_CN.properties166
-rw-r--r--account/password.ftl59
-rw-r--r--account/resource-detail.ftl277
-rw-r--r--account/resources.ftl399
-rw-r--r--account/sessions.ftl44
-rw-r--r--account/template.ftl83
-rw-r--r--account/theme.properties1
-rw-r--r--account/totp.ftl141
-rw-r--r--admin/index.ftl113
-rw-r--r--admin/messages/admin-messages_ca.properties466
-rw-r--r--admin/messages/admin-messages_de.properties1523
-rw-r--r--admin/messages/admin-messages_en.properties1623
-rw-r--r--admin/messages/admin-messages_es.properties467
-rw-r--r--admin/messages/admin-messages_fr.properties142
-rw-r--r--admin/messages/admin-messages_it.properties0
-rw-r--r--admin/messages/admin-messages_ja.properties1547
-rw-r--r--admin/messages/admin-messages_lt.properties1207
-rw-r--r--admin/messages/admin-messages_nl.properties0
-rw-r--r--admin/messages/admin-messages_no.properties1115
-rw-r--r--admin/messages/admin-messages_pl.properties1
-rw-r--r--admin/messages/admin-messages_pt_BR.properties1085
-rw-r--r--admin/messages/admin-messages_ru.properties1265
-rw-r--r--admin/messages/admin-messages_zh_CN.properties1216
-rw-r--r--admin/messages/messages_ca.properties8
-rw-r--r--admin/messages/messages_de.properties28
-rw-r--r--admin/messages/messages_en.properties29
-rw-r--r--admin/messages/messages_es.properties8
-rw-r--r--admin/messages/messages_fr.properties8
-rw-r--r--admin/messages/messages_it.properties0
-rw-r--r--admin/messages/messages_ja.properties30
-rw-r--r--admin/messages/messages_lt.properties25
-rw-r--r--admin/messages/messages_nl.properties27
-rw-r--r--admin/messages/messages_no.properties14
-rw-r--r--admin/messages/messages_pl.properties1
-rw-r--r--admin/messages/messages_pt_BR.properties18
-rw-r--r--admin/messages/messages_ru.properties26
-rw-r--r--admin/messages/messages_zh_CN.properties26
-rw-r--r--admin/resources/js/app.js3391
-rw-r--r--admin/resources/js/authz/authz-app.js527
-rw-r--r--admin/resources/js/authz/authz-controller.js2914
-rw-r--r--admin/resources/js/authz/authz-services.js218
-rw-r--r--admin/resources/js/controllers/clients.js3456
-rw-r--r--admin/resources/js/controllers/groups.js616
-rw-r--r--admin/resources/js/controllers/realm.js3028
-rw-r--r--admin/resources/js/controllers/roles.js48
-rw-r--r--admin/resources/js/controllers/users.js1866
-rw-r--r--admin/resources/js/loaders.js552
-rw-r--r--admin/resources/js/services.js2146
-rw-r--r--admin/resources/partials/authentication-flow-bindings.html83
-rw-r--r--admin/resources/partials/authentication-flows.html69
-rw-r--r--admin/resources/partials/authenticator-config.html52
-rw-r--r--admin/resources/partials/authz/mgmt/broker-permissions.html40
-rw-r--r--admin/resources/partials/authz/mgmt/client-permissions.html39
-rw-r--r--admin/resources/partials/authz/mgmt/client-role-permissions.html40
-rw-r--r--admin/resources/partials/authz/mgmt/group-permissions.html39
-rw-r--r--admin/resources/partials/authz/mgmt/realm-role-permissions.html39
-rw-r--r--admin/resources/partials/authz/mgmt/users-permissions.html35
-rw-r--r--admin/resources/partials/authz/permission/provider/resource-server-policy-resource-detail.html131
-rw-r--r--admin/resources/partials/authz/permission/provider/resource-server-policy-scope-detail.html134
-rw-r--r--admin/resources/partials/authz/permission/resource-server-permission-list.html118
-rw-r--r--admin/resources/partials/authz/policy/provider/resource-server-policy-aggregate-detail.html123
-rw-r--r--admin/resources/partials/authz/policy/provider/resource-server-policy-client-detail.html93
-rw-r--r--admin/resources/partials/authz/policy/provider/resource-server-policy-group-detail.html126
-rw-r--r--admin/resources/partials/authz/policy/provider/resource-server-policy-js-detail.html69
-rw-r--r--admin/resources/partials/authz/policy/provider/resource-server-policy-role-detail.html169
-rw-r--r--admin/resources/partials/authz/policy/provider/resource-server-policy-time-detail.html119
-rw-r--r--admin/resources/partials/authz/policy/provider/resource-server-policy-user-detail.html93
-rw-r--r--admin/resources/partials/authz/policy/resource-server-policy-evaluate-result.html72
-rw-r--r--admin/resources/partials/authz/policy/resource-server-policy-evaluate.html267
-rw-r--r--admin/resources/partials/authz/policy/resource-server-policy-list.html117
-rw-r--r--admin/resources/partials/authz/resource-server-detail.html77
-rw-r--r--admin/resources/partials/authz/resource-server-export-settings.html35
-rw-r--r--admin/resources/partials/authz/resource-server-list.html49
-rw-r--r--admin/resources/partials/authz/resource-server-resource-detail.html126
-rw-r--r--admin/resources/partials/authz/resource-server-resource-list.html169
-rw-r--r--admin/resources/partials/authz/resource-server-scope-detail.html50
-rw-r--r--admin/resources/partials/authz/resource-server-scope-list.html102
-rw-r--r--admin/resources/partials/brute-force.html114
-rw-r--r--admin/resources/partials/claims.html62
-rw-r--r--admin/resources/partials/client-clustering-node.html37
-rw-r--r--admin/resources/partials/client-clustering.html76
-rw-r--r--admin/resources/partials/client-credentials-generic.html14
-rw-r--r--admin/resources/partials/client-credentials-jwt-key-export.html57
-rw-r--r--admin/resources/partials/client-credentials-jwt-key-import.html62
-rw-r--r--admin/resources/partials/client-credentials-jwt.html74
-rw-r--r--admin/resources/partials/client-credentials-secret-jwt.html17
-rw-r--r--admin/resources/partials/client-credentials-secret.html17
-rw-r--r--admin/resources/partials/client-credentials-x509.html21
-rw-r--r--admin/resources/partials/client-credentials.html38
-rw-r--r--admin/resources/partials/client-detail.html640
-rw-r--r--admin/resources/partials/client-import.html46
-rw-r--r--admin/resources/partials/client-initial-access-create.html63
-rw-r--r--admin/resources/partials/client-initial-access.html55
-rw-r--r--admin/resources/partials/client-installation.html36
-rw-r--r--admin/resources/partials/client-keys.html146
-rw-r--r--admin/resources/partials/client-list.html68
-rw-r--r--admin/resources/partials/client-mappers-add.html53
-rw-r--r--admin/resources/partials/client-mappers.html55
-rw-r--r--admin/resources/partials/client-offline-sessions.html59
-rw-r--r--admin/resources/partials/client-protocol-mapper-detail.html13
-rw-r--r--admin/resources/partials/client-reg-policies.html106
-rw-r--r--admin/resources/partials/client-reg-policy-detail.html68
-rw-r--r--admin/resources/partials/client-reg-trusted-host-create.html55
-rw-r--r--admin/resources/partials/client-reg-trusted-host-detail.html64
-rw-r--r--admin/resources/partials/client-registration-access-token.html18
-rw-r--r--admin/resources/partials/client-revocation.html30
-rw-r--r--admin/resources/partials/client-role-attributes.html45
-rw-r--r--admin/resources/partials/client-role-detail.html140
-rw-r--r--admin/resources/partials/client-role-list.html64
-rw-r--r--admin/resources/partials/client-role-users.html52
-rw-r--r--admin/resources/partials/client-saml-key-export.html63
-rw-r--r--admin/resources/partials/client-saml-key-import.html62
-rw-r--r--admin/resources/partials/client-saml-keys.html66
-rw-r--r--admin/resources/partials/client-scope-detail.html84
-rw-r--r--admin/resources/partials/client-scope-list.html60
-rw-r--r--admin/resources/partials/client-scope-mappers-add.html53
-rw-r--r--admin/resources/partials/client-scope-mappers.html55
-rw-r--r--admin/resources/partials/client-scope-mappings.html127
-rw-r--r--admin/resources/partials/client-scope-protocol-mapper-detail.html13
-rw-r--r--admin/resources/partials/client-scope-scope-mappings.html116
-rw-r--r--admin/resources/partials/client-scopes-evaluate.html260
-rw-r--r--admin/resources/partials/client-scopes-realm-default.html99
-rw-r--r--admin/resources/partials/client-scopes-setup.html123
-rw-r--r--admin/resources/partials/client-service-account-roles.html127
-rw-r--r--admin/resources/partials/client-sessions.html57
-rw-r--r--admin/resources/partials/client-storage-generic.html207
-rw-r--r--admin/resources/partials/client-storage-list.html67
-rw-r--r--admin/resources/partials/create-client.html72
-rw-r--r--admin/resources/partials/create-execution.html31
-rw-r--r--admin/resources/partials/create-flow-execution.html55
-rw-r--r--admin/resources/partials/create-flow.html43
-rw-r--r--admin/resources/partials/create-group.html25
-rw-r--r--admin/resources/partials/default-groups.html91
-rw-r--r--admin/resources/partials/defense-headers.html71
-rw-r--r--admin/resources/partials/forbidden.html7
-rw-r--r--admin/resources/partials/group-attributes.html41
-rw-r--r--admin/resources/partials/group-detail.html28
-rw-r--r--admin/resources/partials/group-list.html50
-rw-r--r--admin/resources/partials/group-members.html48
-rw-r--r--admin/resources/partials/group-role-mappings.html111
-rw-r--r--admin/resources/partials/home.html4
-rw-r--r--admin/resources/partials/identity-provider-mapper-detail.html84
-rw-r--r--admin/resources/partials/identity-provider-mappers.html49
-rw-r--r--admin/resources/partials/menu.html26
-rw-r--r--admin/resources/partials/modal/realm-events-admin-auth.html8
-rw-r--r--admin/resources/partials/modal/realm-events-admin-representation.html3
-rw-r--r--admin/resources/partials/modal/role-selector.html39
-rw-r--r--admin/resources/partials/modal/unregistered-required-action-selector.html21
-rw-r--r--admin/resources/partials/modal/view-key.html18
-rw-r--r--admin/resources/partials/modal/view-object.html3
-rw-r--r--admin/resources/partials/notfound.html7
-rw-r--r--admin/resources/partials/otp-policy.html88
-rw-r--r--admin/resources/partials/pagenotfound.html7
-rw-r--r--admin/resources/partials/partial-export.html34
-rw-r--r--admin/resources/partials/partial-import.html130
-rw-r--r--admin/resources/partials/password-policy.html51
-rw-r--r--admin/resources/partials/protocol-mapper-detail.html64
-rw-r--r--admin/resources/partials/realm-cache-settings.html30
-rw-r--r--admin/resources/partials/realm-create.html45
-rw-r--r--admin/resources/partials/realm-default-roles.html88
-rw-r--r--admin/resources/partials/realm-detail.html82
-rw-r--r--admin/resources/partials/realm-events-admin.html134
-rw-r--r--admin/resources/partials/realm-events-config.html106
-rw-r--r--admin/resources/partials/realm-events.html124
-rw-r--r--admin/resources/partials/realm-identity-provider-bitbucket.html142
-rw-r--r--admin/resources/partials/realm-identity-provider-export.html23
-rw-r--r--admin/resources/partials/realm-identity-provider-facebook-ext.html0
-rw-r--r--admin/resources/partials/realm-identity-provider-facebook.html1
-rw-r--r--admin/resources/partials/realm-identity-provider-github-ext.html0
-rw-r--r--admin/resources/partials/realm-identity-provider-github.html1
-rw-r--r--admin/resources/partials/realm-identity-provider-gitlab.html142
-rw-r--r--admin/resources/partials/realm-identity-provider-google-ext.html21
-rw-r--r--admin/resources/partials/realm-identity-provider-google.html1
-rw-r--r--admin/resources/partials/realm-identity-provider-instagram-ext.html0
-rw-r--r--admin/resources/partials/realm-identity-provider-instagram.html1
-rw-r--r--admin/resources/partials/realm-identity-provider-keycloak-oidc.html1
-rw-r--r--admin/resources/partials/realm-identity-provider-linkedin-ext.html0
-rw-r--r--admin/resources/partials/realm-identity-provider-linkedin.html1
-rw-r--r--admin/resources/partials/realm-identity-provider-microsoft-ext.html0
-rw-r--r--admin/resources/partials/realm-identity-provider-microsoft.html1
-rw-r--r--admin/resources/partials/realm-identity-provider-oidc.html355
-rw-r--r--admin/resources/partials/realm-identity-provider-openshift-v3-ext.html7
-rw-r--r--admin/resources/partials/realm-identity-provider-openshift-v3.html164
-rw-r--r--admin/resources/partials/realm-identity-provider-openshift-v4-ext.html7
-rw-r--r--admin/resources/partials/realm-identity-provider-openshift-v4.html164
-rw-r--r--admin/resources/partials/realm-identity-provider-paypal-ext.html7
-rw-r--r--admin/resources/partials/realm-identity-provider-paypal.html1
-rw-r--r--admin/resources/partials/realm-identity-provider-saml.html315
-rw-r--r--admin/resources/partials/realm-identity-provider-social.html157
-rw-r--r--admin/resources/partials/realm-identity-provider-stackoverflow-ext.html7
-rw-r--r--admin/resources/partials/realm-identity-provider-stackoverflow.html1
-rw-r--r--admin/resources/partials/realm-identity-provider-twitter-ext.html0
-rw-r--r--admin/resources/partials/realm-identity-provider-twitter.html1
-rw-r--r--admin/resources/partials/realm-identity-provider.html81
-rw-r--r--admin/resources/partials/realm-keys-disabled.html70
-rw-r--r--admin/resources/partials/realm-keys-generic.html69
-rw-r--r--admin/resources/partials/realm-keys-passive.html70
-rw-r--r--admin/resources/partials/realm-keys-providers.html75
-rw-r--r--admin/resources/partials/realm-keys.html71
-rw-r--r--admin/resources/partials/realm-list.html20
-rw-r--r--admin/resources/partials/realm-login-settings.html87
-rw-r--r--admin/resources/partials/realm-role-users.html50
-rw-r--r--admin/resources/partials/realm-smtp.html96
-rw-r--r--admin/resources/partials/realm-theme-settings.html97
-rw-r--r--admin/resources/partials/realm-tokens.html328
-rw-r--r--admin/resources/partials/required-actions.html38
-rw-r--r--admin/resources/partials/role-attributes.html41
-rw-r--r--admin/resources/partials/role-detail.html135
-rw-r--r--admin/resources/partials/role-list.html63
-rw-r--r--admin/resources/partials/role-mappings.html119
-rw-r--r--admin/resources/partials/server-info-providers.html55
-rw-r--r--admin/resources/partials/server-info.html135
-rw-r--r--admin/resources/partials/session-realm.html34
-rw-r--r--admin/resources/partials/session-revocation.html30
-rw-r--r--admin/resources/partials/user-attributes.html41
-rw-r--r--admin/resources/partials/user-consents.html41
-rw-r--r--admin/resources/partials/user-credentials.html179
-rw-r--r--admin/resources/partials/user-detail.html150
-rw-r--r--admin/resources/partials/user-federated-identity-detail.html53
-rw-r--r--admin/resources/partials/user-federated-identity-list.html41
-rw-r--r--admin/resources/partials/user-federation.html69
-rw-r--r--admin/resources/partials/user-group-membership.html114
-rw-r--r--admin/resources/partials/user-list.html69
-rw-r--r--admin/resources/partials/user-offline-sessions.html35
-rw-r--r--admin/resources/partials/user-sessions.html43
-rw-r--r--admin/resources/partials/user-storage-generic.html246
-rw-r--r--admin/resources/partials/user-storage-kerberos.html264
-rw-r--r--admin/resources/partials/user-storage-ldap-mapper-detail.html64
-rw-r--r--admin/resources/partials/user-storage-ldap-mappers.html46
-rw-r--r--admin/resources/partials/user-storage-ldap.html549
-rw-r--r--admin/resources/partials/user-storage.html45
-rw-r--r--admin/resources/partials/webauthn-policy-passwordless.html177
-rw-r--r--admin/resources/partials/webauthn-policy.html159
-rw-r--r--admin/resources/templates/authz/kc-authz-modal.html11
-rw-r--r--admin/resources/templates/authz/kc-tabs-resource-server.html14
-rw-r--r--admin/resources/templates/kc-component-config.html67
-rw-r--r--admin/resources/templates/kc-copy.html18
-rw-r--r--admin/resources/templates/kc-dropdown.html12
-rw-r--r--admin/resources/templates/kc-menu.html63
-rw-r--r--admin/resources/templates/kc-modal-message.html10
-rw-r--r--admin/resources/templates/kc-modal.html11
-rw-r--r--admin/resources/templates/kc-paging.html25
-rw-r--r--admin/resources/templates/kc-provider-config.html91
-rw-r--r--admin/resources/templates/kc-switch.html12
-rw-r--r--admin/resources/templates/kc-tabs-authentication.html15
-rw-r--r--admin/resources/templates/kc-tabs-client-role.html17
-rw-r--r--admin/resources/templates/kc-tabs-client-scope.html20
-rw-r--r--admin/resources/templates/kc-tabs-client.html63
-rw-r--r--admin/resources/templates/kc-tabs-clients.html16
-rw-r--r--admin/resources/templates/kc-tabs-group-list.html11
-rw-r--r--admin/resources/templates/kc-tabs-group.html17
-rw-r--r--admin/resources/templates/kc-tabs-identity-provider.html17
-rw-r--r--admin/resources/templates/kc-tabs-ldap.html12
-rw-r--r--admin/resources/templates/kc-tabs-realm.html19
-rw-r--r--admin/resources/templates/kc-tabs-role.html16
-rw-r--r--admin/resources/templates/kc-tabs-user-storage.html11
-rw-r--r--admin/resources/templates/kc-tabs-user.html18
-rw-r--r--admin/resources/templates/kc-tabs-users.html11
-rw-r--r--admin/theme.properties1
-rw-r--r--email/html/email-test.ftl5
-rw-r--r--email/html/email-verification-with-code.ftl5
-rw-r--r--email/html/email-verification.ftl5
-rw-r--r--email/html/event-login_error.ftl5
-rw-r--r--email/html/event-remove_totp.ftl5
-rw-r--r--email/html/event-update_password.ftl5
-rw-r--r--email/html/event-update_totp.ftl5
-rw-r--r--email/html/executeActions.ftl9
-rw-r--r--email/html/identity-provider-link.ftl5
-rw-r--r--email/html/password-reset.ftl5
-rw-r--r--email/messages/messages_ca.properties21
-rw-r--r--email/messages/messages_de.properties24
-rw-r--r--email/messages/messages_en.properties51
-rw-r--r--email/messages/messages_es.properties21
-rw-r--r--email/messages/messages_fr.properties21
-rw-r--r--email/messages/messages_it.properties24
-rw-r--r--email/messages/messages_ja.properties52
-rw-r--r--email/messages/messages_lt.properties25
-rw-r--r--email/messages/messages_nl.properties38
-rw-r--r--email/messages/messages_no.properties24
-rw-r--r--email/messages/messages_pl.properties56
-rw-r--r--email/messages/messages_pt_BR.properties51
-rw-r--r--email/messages/messages_ru.properties25
-rw-r--r--email/messages/messages_sk.properties48
-rw-r--r--email/messages/messages_sv.properties25
-rw-r--r--email/messages/messages_tr.properties51
-rw-r--r--email/messages/messages_zh_CN.properties25
-rw-r--r--email/text/email-test.ftl2
-rw-r--r--email/text/email-verification-with-code.ftl2
-rw-r--r--email/text/email-verification.ftl2
-rw-r--r--email/text/event-login_error.ftl2
-rw-r--r--email/text/event-remove_totp.ftl2
-rw-r--r--email/text/event-update_password.ftl2
-rw-r--r--email/text/event-update_totp.ftl2
-rw-r--r--email/text/executeActions.ftl4
-rw-r--r--email/text/identity-provider-link.ftl2
-rw-r--r--email/text/password-reset.ftl2
-rw-r--r--email/theme.properties1
-rw-r--r--login/cli_splash.ftl7
-rw-r--r--login/code.ftl19
-rw-r--r--login/error.ftl13
-rw-r--r--login/info.ftl24
-rw-r--r--login/login-config-totp-text.ftl31
-rw-r--r--login/login-config-totp.ftl93
-rw-r--r--login/login-idp-link-confirm.ftl13
-rw-r--r--login/login-idp-link-email.ftl16
-rw-r--r--login/login-oauth-grant.ftl41
-rw-r--r--login/login-otp.ftl70
-rw-r--r--login/login-page-expired.ftl11
-rw-r--r--login/login-password.ftl33
-rw-r--r--login/login-reset-password.ftl34
-rw-r--r--login/login-update-password.ftl45
-rw-r--r--login/login-update-profile.ftl61
-rw-r--r--login/login-username.ftl60
-rw-r--r--login/login-verify-email-code-text.ftl2
-rw-r--r--login/login-verify-email.ftl13
-rw-r--r--login/login-x509-info.ftl55
-rw-r--r--login/login.ftl98
-rw-r--r--login/login.ftl.html98
-rw-r--r--login/messages/messages_ca.properties200
-rw-r--r--login/messages/messages_de.properties264
-rw-r--r--login/messages/messages_en.properties371
-rw-r--r--login/messages/messages_es.properties200
-rw-r--r--login/messages/messages_fr.properties275
-rw-r--r--login/messages/messages_it.properties213
-rw-r--r--login/messages/messages_ja.properties323
-rw-r--r--login/messages/messages_lt.properties216
-rw-r--r--login/messages/messages_nl.properties294
-rw-r--r--login/messages/messages_no.properties228
-rw-r--r--login/messages/messages_pl.properties311
-rw-r--r--login/messages/messages_pt_BR.properties370
-rw-r--r--login/messages/messages_ru.properties217
-rw-r--r--login/messages/messages_sk.properties262
-rw-r--r--login/messages/messages_sv.properties213
-rw-r--r--login/messages/messages_tr.properties313
-rw-r--r--login/messages/messages_zh_CN.properties231
-rw-r--r--login/register.ftl86
-rw-r--r--login/resources/js/base64url.js114
-rw-r--r--login/saml-post-form.ftl25
-rw-r--r--login/select-authenticator.ftl42
-rw-r--r--login/template.ftl303
-rw-r--r--login/terms.ftl15
-rw-r--r--login/theme.properties1
-rw-r--r--login/webauthn-authenticate.ftl107
-rw-r--r--login/webauthn-error.ftl55
-rw-r--r--login/webauthn-register.ftl166
366 files changed, 56991 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..08e0aa4
--- /dev/null
+++ b/README.md
@@ -0,0 +1,6 @@
+Tyrian Keycloak Theme
+=====================
+
+Tyrian theme for sso.gentoo.org based on the Keycloak base theme.
+
+Please note: This is currently still a WIP and likely to change in future.
diff --git a/account/account.ftl b/account/account.ftl
new file mode 100644
index 0000000..9254b96
--- /dev/null
+++ b/account/account.ftl
@@ -0,0 +1,70 @@
+<#import "template.ftl" as layout>
+<@layout.mainLayout active='account' bodyClass='user'; section>
+
+ <div class="row">
+ <div class="col-md-10">
+ <h2>${msg("editAccountHtmlTitle")}</h2>
+ </div>
+ <div class="col-md-2 subtitle">
+ <span class="subtitle"><span class="required">*</span> ${msg("requiredFields")}</span>
+ </div>
+ </div>
+
+ <form action="${url.accountUrl}" class="form-horizontal" method="post">
+
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+
+ <#if !realm.registrationEmailAsUsername>
+ <div class="form-group ${messagesPerField.printIfExists('username','has-error')}">
+ <div class="col-sm-2 col-md-2">
+ <label for="username" class="control-label">${msg("username")}</label> <#if realm.editUsernameAllowed><span class="required">*</span></#if>
+ </div>
+
+ <div class="col-sm-10 col-md-10">
+ <input type="text" class="form-control" id="username" name="username" <#if !realm.editUsernameAllowed>disabled="disabled"</#if> value="${(account.username!'')}"/>
+ </div>
+ </div>
+ </#if>
+
+ <div class="form-group ${messagesPerField.printIfExists('email','has-error')}">
+ <div class="col-sm-2 col-md-2">
+ <label for="email" class="control-label">${msg("email")}</label> <span class="required">*</span>
+ </div>
+
+ <div class="col-sm-10 col-md-10">
+ <input type="text" class="form-control" id="email" name="email" autofocus value="${(account.email!'')}"/>
+ </div>
+ </div>
+
+ <div class="form-group ${messagesPerField.printIfExists('firstName','has-error')}">
+ <div class="col-sm-2 col-md-2">
+ <label for="firstName" class="control-label">${msg("firstName")}</label> <span class="required">*</span>
+ </div>
+
+ <div class="col-sm-10 col-md-10">
+ <input type="text" class="form-control" id="firstName" name="firstName" value="${(account.firstName!'')}"/>
+ </div>
+ </div>
+
+ <div class="form-group ${messagesPerField.printIfExists('lastName','has-error')}">
+ <div class="col-sm-2 col-md-2">
+ <label for="lastName" class="control-label">${msg("lastName")}</label> <span class="required">*</span>
+ </div>
+
+ <div class="col-sm-10 col-md-10">
+ <input type="text" class="form-control" id="lastName" name="lastName" value="${(account.lastName!'')}"/>
+ </div>
+ </div>
+
+ <div class="form-group">
+ <div id="kc-form-buttons" class="col-md-offset-2 col-md-10 submit">
+ <div class="">
+ <#if url.referrerURI??><a href="${url.referrerURI}">${kcSanitize(msg("backToApplication")?no_esc)}</a></#if>
+ <button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Save">${msg("doSave")}</button>
+ <button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Cancel">${msg("doCancel")}</button>
+ </div>
+ </div>
+ </div>
+ </form>
+
+</@layout.mainLayout>
diff --git a/account/applications.ftl b/account/applications.ftl
new file mode 100644
index 0000000..a8edc38
--- /dev/null
+++ b/account/applications.ftl
@@ -0,0 +1,76 @@
+<#import "template.ftl" as layout>
+<@layout.mainLayout active='applications' bodyClass='applications'; section>
+
+ <div class="row">
+ <div class="col-md-10">
+ <h2>${msg("applicationsHtmlTitle")}</h2>
+ </div>
+ </div>
+
+ <form action="${url.applicationsUrl}" method="post">
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+ <input type="hidden" id="referrer" name="referrer" value="${stateChecker}">
+
+ <table class="table table-striped table-bordered">
+ <thead>
+ <tr>
+ <td>${msg("application")}</td>
+ <td>${msg("availableRoles")}</td>
+ <td>${msg("grantedPermissions")}</td>
+ <td>${msg("additionalGrants")}</td>
+ <td>${msg("action")}</td>
+ </tr>
+ </thead>
+
+ <tbody>
+ <#list applications.applications as application>
+ <tr>
+ <td>
+ <#if application.effectiveUrl?has_content><a href="${application.effectiveUrl}"></#if>
+ <#if application.client.name?has_content>${advancedMsg(application.client.name)}<#else>${application.client.clientId}</#if>
+ <#if application.effectiveUrl?has_content></a></#if>
+ </td>
+
+ <td>
+ <#list application.realmRolesAvailable as role>
+ <#if role.description??>${advancedMsg(role.description)}<#else>${advancedMsg(role.name)}</#if>
+ <#if role_has_next>, </#if>
+ </#list>
+ <#list application.resourceRolesAvailable?keys as resource>
+ <#if application.realmRolesAvailable?has_content>, </#if>
+ <#list application.resourceRolesAvailable[resource] as clientRole>
+ <#if clientRole.roleDescription??>${advancedMsg(clientRole.roleDescription)}<#else>${advancedMsg(clientRole.roleName)}</#if>
+ ${msg("inResource")} <strong><#if clientRole.clientName??>${advancedMsg(clientRole.clientName)}<#else>${clientRole.clientId}</#if></strong>
+ <#if clientRole_has_next>, </#if>
+ </#list>
+ </#list>
+ </td>
+
+ <td>
+ <#if application.client.consentRequired>
+ <#list application.clientScopesGranted as claim>
+ ${advancedMsg(claim)}<#if claim_has_next>, </#if>
+ </#list>
+ <#else>
+ <strong>${msg("fullAccess")}</strong>
+ </#if>
+ </td>
+
+ <td>
+ <#list application.additionalGrants as grant>
+ ${advancedMsg(grant)}<#if grant_has_next>, </#if>
+ </#list>
+ </td>
+
+ <td>
+ <#if (application.client.consentRequired && application.clientScopesGranted?has_content) || application.additionalGrants?has_content>
+ <button type='submit' class='${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!}' id='revoke-${application.client.clientId}' name='clientId' value="${application.client.id}">${msg("revoke")}</button>
+ </#if>
+ </td>
+ </tr>
+ </#list>
+ </tbody>
+ </table>
+ </form>
+
+</@layout.mainLayout> \ No newline at end of file
diff --git a/account/federatedIdentity.ftl b/account/federatedIdentity.ftl
new file mode 100644
index 0000000..c2eb769
--- /dev/null
+++ b/account/federatedIdentity.ftl
@@ -0,0 +1,42 @@
+<#import "template.ftl" as layout>
+<@layout.mainLayout active='social' bodyClass='social'; section>
+
+ <div class="row">
+ <div class="col-md-10">
+ <h2>${msg("federatedIdentitiesHtmlTitle")}</h2>
+ </div>
+ </div>
+
+ <div id="federated-identities">
+ <#list federatedIdentity.identities as identity>
+ <div class="row margin-bottom">
+ <div class="col-sm-2 col-md-2">
+ <label for="${identity.providerId!}" class="control-label">${identity.displayName!}</label>
+ </div>
+ <div class="col-sm-5 col-md-5">
+ <input disabled="true" class="form-control" value="${identity.userName!}">
+ </div>
+ <div class="col-sm-5 col-md-5">
+ <#if identity.connected>
+ <#if federatedIdentity.removeLinkPossible>
+ <form action="${url.socialUrl}" method="post" class="form-inline">
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+ <input type="hidden" id="action" name="action" value="remove">
+ <input type="hidden" id="providerId" name="providerId" value="${identity.providerId!}">
+ <button id="remove-link-${identity.providerId!}" class="btn btn-default">${msg("doRemove")}</button>
+ </form>
+ </#if>
+ <#else>
+ <form action="${url.socialUrl}" method="post" class="form-inline">
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+ <input type="hidden" id="action" name="action" value="add">
+ <input type="hidden" id="providerId" name="providerId" value="${identity.providerId!}">
+ <button id="add-link-${identity.providerId!}" class="btn btn-default">${msg("doAdd")}</button>
+ </form>
+ </#if>
+ </div>
+ </div>
+ </#list>
+ </div>
+
+</@layout.mainLayout>
diff --git a/account/log.ftl b/account/log.ftl
new file mode 100644
index 0000000..29046cf
--- /dev/null
+++ b/account/log.ftl
@@ -0,0 +1,35 @@
+<#import "template.ftl" as layout>
+<@layout.mainLayout active='log' bodyClass='log'; section>
+
+ <div class="row">
+ <div class="col-md-10">
+ <h2>${msg("accountLogHtmlTitle")}</h2>
+ </div>
+ </div>
+
+ <table class="table table-striped table-bordered">
+ <thead>
+ <tr>
+ <td>${msg("date")}</td>
+ <td>${msg("event")}</td>
+ <td>${msg("ip")}</td>
+ <td>${msg("client")}</td>
+ <td>${msg("details")}</td>
+ </tr>
+ </thead>
+
+ <tbody>
+ <#list log.events as event>
+ <tr>
+ <td>${event.date?datetime}</td>
+ <td>${event.event}</td>
+ <td>${event.ipAddress}</td>
+ <td>${event.client!}</td>
+ <td><#list event.details as detail>${detail.key} = ${detail.value} <#if detail_has_next>, </#if></#list></td>
+ </tr>
+ </#list>
+ </tbody>
+
+ </table>
+
+</@layout.mainLayout> \ No newline at end of file
diff --git a/account/messages/messages_ca.properties b/account/messages/messages_ca.properties
new file mode 100644
index 0000000..a1b8f91
--- /dev/null
+++ b/account/messages/messages_ca.properties
@@ -0,0 +1,147 @@
+doSave=Desa
+doCancel=Cancel\u00B7la
+doLogOutAllSessions=Desconnecta de totes les sessions
+doRemove=Elimina
+doAdd=Afegeix
+doSignOut=Desconnectar
+
+editAccountHtmlTitle=Edita compte
+federatedIdentitiesHtmlTitle=Identitats federades
+accountLogHtmlTitle=Registre del compte
+changePasswordHtmlTitle=Canvia contrasenya
+sessionsHtmlTitle=Sessions
+accountManagementTitle=Gesti\u00F3 de Compte Keycloak
+authenticatorTitle=Autenticador
+applicationsHtmlTitle=Aplicacions
+
+authenticatorCode=Codi d''un sol \u00FAs
+email=Email
+firstName=Nom
+givenName=Nom de pila
+fullName=Nom complet
+lastName=Cognoms
+familyName=Cognom
+password=Contrasenya
+passwordConfirm=Confirma la contrasenya
+passwordNew=Nova contrasenya
+username=Usuari
+address=Adre\u00E7a
+street=Carrer
+locality=Ciutat o Municipi
+region=Estat, Prov\u00EDncia, o Regi\u00F3
+postal_code=Postal code
+country=Pa\u00EDs
+emailVerified=Email verificat
+gssDelegationCredential=GSS Delegation Credential
+
+role_admin=Administrador
+role_realm-admin=Administrador del domini
+role_create-realm=Crear domini
+role_view-realm=Veure domini
+role_view-users=Veure usuaris
+role_view-applications=Veure aplicacions
+role_view-clients=Veure clients
+role_view-events=Veure events
+role_view-identity-providers=Veure prove\u00EFdors d''identitat
+role_manage-realm=Gestionar domini
+role_manage-users=Gestinar usuaris
+role_manage-applications=Gestionar aplicacions
+role_manage-identity-providers=Gestionar prove\u00EFdors d''identitat
+role_manage-clients=Gestionar clients
+role_manage-events=Gestionar events
+role_view-profile=Veure perfil
+role_manage-account=Gestionar compte
+role_read-token=Llegir token
+role_offline-access=Acc\u00E9s sense connexi\u00F3
+client_account=Compte
+client_security-admin-console=Consola d''Administraci\u00F3 de Seguretat
+client_realm-management=Gesti\u00F3 de domini
+client_broker=Broker
+
+
+requiredFields=Camps obligatoris
+allFieldsRequired=Tots els camps obligatoris
+
+backToApplication=&laquo; Torna a l''aplicaci\u00F3
+backTo=Torna a {0}
+
+date=Data
+event=Event
+ip=IP
+client=Client
+clients=Clients
+details=Detalls
+started=Iniciat
+lastAccess=\u00DAltim acc\u00E9s
+expires=Expira
+applications=Aplicacions
+
+account=Compte
+federatedIdentity=Identitat federada
+authenticator=Autenticador
+sessions=Sessions
+log=Registre
+
+application=Aplicaci\u00F3
+availablePermissions=Permisos disponibles
+grantedPermissions=Permisos concedits
+grantedPersonalInfo=Informaci\u00F3 personal concedida
+additionalGrants=Permisos addicionals
+action=Acci\u00F3
+inResource=a
+fullAccess=Acc\u00E9s total
+offlineToken=Codi d''autoritzaci\u00F3 offline
+revoke=Revocar perm\u00EDs
+
+configureAuthenticators=Autenticadors configurats
+mobile=M\u00F2bil
+totpStep1=Instal\u00B7la <a href=\"https://freeotp.github.io/\" target=\"_blank\">FreeOTP</a> o Google Authenticator al teu tel\u00E8fon m\u00F2bil. Les dues aplicacions estan disponibles a <a href=\"https://play.google.com\">Google Play</a> i en l''App Store d''Apple.
+totpStep2=Obre l''aplicaci\u00F3 i escaneja el codi o introdueix la clau.
+totpStep3=Introdueix el codi \u00FAnic que et mostra l''aplicaci\u00F3 d''autenticaci\u00F3 i fes clic a Envia per finalitzar la configuraci\u00F3
+
+missingUsernameMessage=Si us plau indica el teu usuari.
+missingFirstNameMessage=Si us plau indica el nom.
+invalidEmailMessage=Email no v\u00E0lid
+missingLastNameMessage=Si us plau indica els teus cognoms.
+missingEmailMessage=Si us plau indica l''email.
+missingPasswordMessage=Si us plau indica la contrasenya.
+notMatchPasswordMessage=Les contrasenyes no coincideixen.
+
+missingTotpMessage=Si us plau indica el teu codi d''autenticaci\u00F3
+invalidPasswordExistingMessage=La contrasenya actual no \u00E9s correcta.
+invalidPasswordConfirmMessage=La confirmaci\u00F3 de contrasenya no coincideix.
+invalidTotpMessage=El c\u00F3digo de autenticaci\u00F3n no es v\u00E1lido.
+
+usernameExistsMessage=L''usuari ja existeix
+emailExistsMessage=L''email ja existeix
+
+readOnlyUserMessage=No pots actualitzar el teu usuari perqu\u00E8 el teu compte \u00E9s de nom\u00E9s lectura.
+readOnlyPasswordMessage=No pots actualitzar la contrasenya perqu\u00E8 el teu compte \u00E9s de nom\u00E9s lectura.
+
+successTotpMessage=Aplicaci\u00F3 d''autenticaci\u00F3 m\u00F2bil configurada.
+successTotpRemovedMessage=Aplicaci\u00F3 d''autenticaci\u00F3 m\u00F2bil eliminada.
+
+successGrantRevokedMessage=Perm\u00EDs revocat correctament
+
+accountUpdatedMessage=El teu compte s''ha actualitzat.
+accountPasswordUpdatedMessage=La contrasenya s''ha actualitzat.
+
+missingIdentityProviderMessage=Prove\u00EFdor d''identitat no indicat.
+invalidFederatedIdentityActionMessage=Acci\u00F3 no v\u00E0lida o no indicada.
+identityProviderNotFoundMessage=No s''ha trobat un prove\u00EFdor d''identitat.
+federatedIdentityLinkNotActiveMessage=Aquesta identitat ja no est\u00E0 activa
+federatedIdentityRemovingLastProviderMessage=No pots eliminar l''\u00FAltima identitat federada perqu\u00E8 no tens fixada una contrasenya.
+identityProviderRedirectErrorMessage=Error en la redirecci\u00F3 al prove\u00EFdor d''identitat
+identityProviderRemovedMessage=Prove\u00EFdor d''identitat esborrat correctament.
+
+accountDisabledMessage=El compte est\u00E0 desactivada, contacteu amb l''administrador.
+
+accountTemporarilyDisabledMessage=El compte est\u00E0 temporalment desactivat, contacta amb l''administrador o intenta-ho de nou m\u00E9s tard.
+invalidPasswordMinLengthMessage=Contrasenya incorrecta: longitud m\u00EDnima {0}.
+invalidPasswordMinLowerCaseCharsMessage=Contrasenya incorrecta: ha de contenir almenys {0} lletres min\u00FAscules.
+invalidPasswordMinDigitsMessage=Contrase\u00F1a incorrecta: debe contener al menos {0} caracteres num\u00E9ricos.
+invalidPasswordMinUpperCaseCharsMessage=Contrasenya incorrecta: ha de contenir almenys {0} lletres maj\u00FAscules.
+invalidPasswordMinSpecialCharsMessage=Contrasenya incorrecta: ha de contenir almenys {0} car\u00E0cters especials.
+invalidPasswordNotUsernameMessage=Contrasenya incorrecta: no pot ser igual al nom d''usuari.
+invalidPasswordRegexPatternMessage=Contrasenya incorrecta: no compleix l''expressi\u00F3 regular.
+invalidPasswordHistoryMessage=Contrasenya incorrecta: no pot ser igual a cap de les \u00FAltimes {0} contrasenyes. \ No newline at end of file
diff --git a/account/messages/messages_de.properties b/account/messages/messages_de.properties
new file mode 100644
index 0000000..0c8b087
--- /dev/null
+++ b/account/messages/messages_de.properties
@@ -0,0 +1,169 @@
+doSave=Speichern
+doCancel=Abbrechen
+doLogOutAllSessions=Alle Sitzungen abmelden
+doRemove=Entfernen
+doAdd=Hinzuf\u00FCgen
+doSignOut=Abmelden
+
+editAccountHtmlTitle=Benutzerkonto bearbeiten
+federatedIdentitiesHtmlTitle=F\u00F6derierte Identit\u00E4ten
+accountLogHtmlTitle=Benutzerkonto Log
+changePasswordHtmlTitle=Passwort \u00C4ndern
+sessionsHtmlTitle=Sitzungen
+accountManagementTitle=Keycloak Benutzerkontoverwaltung
+authenticatorTitle=Mehrfachauthentifizierung
+applicationsHtmlTitle=Applikationen
+
+authenticatorCode=One-time Code
+email=E-Mail
+firstName=Vorname
+givenName=Vorname
+fullName=Voller Name
+lastName=Nachname
+familyName=Nachname
+password=Passwort
+passwordConfirm=Passwort best\u00E4tigen
+passwordNew=Neues Passwort
+username=Benutzername
+address=Adresse
+street=Stra\u00DFe
+region=Staat, Provinz, Region
+postal_code=PLZ
+locality=Stadt oder Ortschaft
+country=Land
+emailVerified=E-Mail verifiziert
+gssDelegationCredential=GSS delegierte Berechtigung
+
+role_admin=Admin
+role_realm-admin=Realm Admin
+role_create-realm=Realm erstellen
+role_view-realm=Realm ansehen
+role_view-users=Benutzer ansehen
+role_view-applications=Applikationen ansehen
+role_view-clients=Clients ansehen
+role_view-events=Events ansehen
+role_view-identity-providers=Identity Provider ansehen
+role_manage-realm=Realm verwalten
+role_manage-users=Benutzer verwalten
+role_manage-applications=Applikationen verwalten
+role_manage-identity-providers=Identity Provider verwalten
+role_manage-clients=Clients verwalten
+role_manage-events=Events verwalten
+role_view-profile=Profile ansehen
+role_manage-account=Profile verwalten
+role_manage-account-links=Profil-Links verwalten
+role_read-token=Token lesen
+role_offline-access=Offline-Zugriff
+role_uma_authorization=Berechtigungen einholen
+client_account=Clientkonto
+client_security-admin-console=Security Adminkonsole
+client_realm-management=Realm-Management
+client_broker=Broker
+
+
+requiredFields=Erforderliche Felder
+allFieldsRequired=Alle Felder sind erforderlich
+
+backToApplication=&laquo; Zur\u00FCck zur Applikation
+backTo=Zur\u00FCck zu {0}
+
+date=Datum
+event=Ereignis
+ip=IP
+client=Client
+clients=Clients
+details=Details
+started=Startdatum
+lastAccess=Letzter Zugriff
+expires=Ablaufdatum
+applications=Applikationen
+
+account=Benutzerkonto
+federatedIdentity=F\u00F6derierte Identit\u00E4t
+authenticator=Mehrfachauthentifizierung
+sessions=Sitzungen
+log=Log
+
+application=Applikation
+availablePermissions=verf\u00FCgbare Berechtigungen
+grantedPermissions=gew\u00E4hrte Berechtigungen
+grantedPersonalInfo=gew\u00E4hrte pers\u00F6nliche Informationen
+additionalGrants=zus\u00E4tzliche Berechtigungen
+action=Aktion
+inResource=in
+fullAccess=Vollzugriff
+offlineToken=Offline-Token
+revoke=Berechtigung widerrufen
+
+configureAuthenticators=Mehrfachauthentifizierung konfigurieren
+mobile=Mobil
+totpStep1=Installieren Sie eine der folgenden Applikationen auf Ihrem Smartphone:
+totpStep2=\u00D6ffnen Sie die Applikation und scannen Sie den Barcode.
+totpStep3=Geben Sie den von der Applikation generierten One-time Code ein und klicken Sie auf Speichern.
+
+totpManualStep2=\u00D6ffnen Sie die Applikation und geben Sie den folgenden Schl\u00FCssel ein.
+totpManualStep3=Verwenden Sie die folgenden Konfigurationswerte, falls Sie diese f\u00FCr die Applikation anpassen k\u00F6nnen:
+totpUnableToScan=Sie k\u00F6nnen den Barcode nicht scannen?
+totpScanBarcode=Barcode scannen?
+
+totp.totp=zeitbasiert (time-based)
+totp.hotp=z\u00E4hlerbasiert (counter-based)
+
+totpType=Typ
+totpAlgorithm=Algorithmus
+totpDigits=Ziffern
+totpInterval=Intervall
+totpCounter=Z\u00E4hler
+
+missingUsernameMessage=Bitte geben Sie einen Benutzernamen ein.
+missingFirstNameMessage=Bitte geben Sie einen Vornamen ein.
+invalidEmailMessage=Ung\u00FCltige E-Mail Adresse.
+missingLastNameMessage=Bitte geben Sie einen Nachnamen ein.
+missingEmailMessage=Bitte geben Sie eine E-Mail Adresse ein.
+missingPasswordMessage=Bitte geben Sie ein Passwort ein.
+notMatchPasswordMessage=Die Passw\u00F6rter sind nicht identisch.
+
+missingTotpMessage=Bitte geben Sie den One-time Code ein.
+invalidPasswordExistingMessage=Das aktuelle Passwort ist ung\u00FCltig.
+invalidPasswordConfirmMessage=Die Passwortbest\u00E4tigung ist nicht identisch.
+invalidTotpMessage=Ung\u00FCltiger One-time Code.
+
+usernameExistsMessage=Der Benutzername existiert bereits.
+emailExistsMessage=Die E-Mail-Adresse existiert bereits.
+
+readOnlyUserMessage=Sie k\u00F6nnen Ihr Benutzerkonto nicht \u00E4ndern, da es schreibgesch\u00FCtzt ist.
+readOnlyUsernameMessage=Sie k\u00F6nnen Ihren Benutzernamen nicht \u00E4ndern, da er schreibgesch\u00FCtzt ist.
+readOnlyPasswordMessage=Sie k\u00F6nnen Ihr Passwort nicht \u00E4ndern, da es schreibgesch\u00FCtzt ist.
+
+successTotpMessage=Mehrfachauthentifizierung erfolgreich konfiguriert.
+successTotpRemovedMessage=Mehrfachauthentifizierung erfolgreich entfernt.
+
+successGrantRevokedMessage=Berechtigung erfolgreich widerrufen.
+
+accountUpdatedMessage=Ihr Benutzerkonto wurde aktualisiert.
+accountPasswordUpdatedMessage=Ihr Passwort wurde aktualisiert.
+
+missingIdentityProviderMessage=Identity Provider nicht angegeben.
+invalidFederatedIdentityActionMessage=Ung\u00FCltige oder fehlende Aktion.
+identityProviderNotFoundMessage=Angegebener Identity Provider nicht gefunden.
+federatedIdentityLinkNotActiveMessage=Diese Identit\u00E4t ist nicht mehr aktiv.
+federatedIdentityRemovingLastProviderMessage=Sie k\u00F6nnen den letzten Eintrag nicht entfernen, da Sie kein Passwort haben.
+identityProviderRedirectErrorMessage=Fehler bei der Weiterleitung zum Identity Provider.
+identityProviderRemovedMessage=Identity Provider erfolgreich entfernt.
+identityProviderAlreadyLinkedMessage=Die f\u00F6derierte Identit\u00E4t von {0} ist bereits einem anderen Benutzer zugewiesen.
+staleCodeAccountMessage=Diese Seite ist nicht mehr g\u00FCltig, bitte versuchen Sie es noch einmal.
+consentDenied=Einverst\u00E4ndnis verweigert.
+
+accountDisabledMessage=Ihr Benutzerkonto ist gesperrt, bitte kontaktieren Sie den Admin.
+
+accountTemporarilyDisabledMessage=Ihr Benutzerkonto ist tempor\u00E4r gesperrt, bitte kontaktieren Sie den Admin oder versuchen Sie es sp\u00E4ter noch einmal.
+invalidPasswordMinLengthMessage=Ung\u00FCltiges Passwort: Es muss mindestens {0} Zeichen lang sein.
+invalidPasswordMinLowerCaseCharsMessage=Ung\u00FCltiges Passwort\: Es muss mindestens {0} Kleinbuchstaben beinhalten.
+invalidPasswordMinDigitsMessage=Ung\u00FCltiges Passwort: Es muss mindestens {0} Zahl(en) beinhalten.
+invalidPasswordMinUpperCaseCharsMessage=Ung\u00FCltiges Passwort: Es muss mindestens {0} Gro\u00DFbuchstaben beinhalten.
+invalidPasswordMinSpecialCharsMessage=Ung\u00FCltiges Passwort: Es muss mindestens {0} Sonderzeichen beinhalten.
+invalidPasswordNotUsernameMessage=Ung\u00FCltiges Passwort: Es darf nicht gleich sein wie der Benutzername.
+invalidPasswordRegexPatternMessage=Ung\u00FCltiges Passwort: Es entspricht nicht dem Regex-Muster.
+invalidPasswordHistoryMessage=Ung\u00FCltiges Passwort: Es darf nicht einem der letzten {0} Passw\u00F6rter entsprechen.
+invalidPasswordBlacklistedMessage=Ung\u00FCltiges Passwort: Das Passwort steht auf der Blocklist (schwarzen Liste).
+invalidPasswordGenericMessge=Ung\u00FCltiges Passwort: Das neue Passwort verletzt die Passwort-Richtlinien. \ No newline at end of file
diff --git a/account/messages/messages_en.properties b/account/messages/messages_en.properties
new file mode 100644
index 0000000..9a04144
--- /dev/null
+++ b/account/messages/messages_en.properties
@@ -0,0 +1,358 @@
+doSave=Save
+doCancel=Cancel
+doLogOutAllSessions=Log out all sessions
+doRemove=Remove
+doAdd=Add
+doSignOut=Sign Out
+doLogIn=Log In
+doLink=Link
+
+
+editAccountHtmlTitle=Edit Account
+personalInfoHtmlTitle=Personal Info
+federatedIdentitiesHtmlTitle=Federated Identities
+accountLogHtmlTitle=Account Log
+changePasswordHtmlTitle=Change Password
+deviceActivityHtmlTitle=Device Activity
+sessionsHtmlTitle=Sessions
+accountManagementTitle=Keycloak Account Management
+authenticatorTitle=Authenticator
+applicationsHtmlTitle=Applications
+linkedAccountsHtmlTitle=Linked Accounts
+
+accountManagementWelcomeMessage=Welcome to Keycloak Account Management
+personalInfoIntroMessage=Manage your basic information
+accountSecurityTitle=Account Security
+accountSecurityIntroMessage=Control your password and account access
+applicationsIntroMessage=Track and manage your app permission to access your account
+resourceIntroMessage=Share your resources among team members
+passwordLastUpdateMessage=Your password was updated at
+updatePasswordTitle=Update Password
+updatePasswordMessageTitle=Make sure you choose a strong password
+updatePasswordMessage=A strong password contains a mix of numbers, letters, and symbols. It is hard to guess, does not resemble a real word, and is only used for this account.
+personalSubTitle=Your Personal Info
+personalSubMessage=Manage this basic information: your first name, last name and email
+
+authenticatorCode=One-time code
+email=Email
+firstName=First name
+givenName=Given name
+fullName=Full name
+lastName=Last name
+familyName=Family name
+password=Password
+currentPassword=Current Password
+passwordConfirm=Confirmation
+passwordNew=New Password
+username=Username
+address=Address
+street=Street
+locality=City or Locality
+region=State, Province, or Region
+postal_code=Zip or Postal code
+country=Country
+emailVerified=Email verified
+gssDelegationCredential=GSS Delegation Credential
+
+profileScopeConsentText=User profile
+emailScopeConsentText=Email address
+addressScopeConsentText=Address
+phoneScopeConsentText=Phone number
+offlineAccessScopeConsentText=Offline Access
+samlRoleListScopeConsentText=My Roles
+rolesScopeConsentText=User roles
+
+role_admin=Admin
+role_realm-admin=Realm Admin
+role_create-realm=Create realm
+role_view-realm=View realm
+role_view-users=View users
+role_view-applications=View applications
+role_view-clients=View clients
+role_view-events=View events
+role_view-identity-providers=View identity providers
+role_view-consent=View consents
+role_manage-realm=Manage realm
+role_manage-users=Manage users
+role_manage-applications=Manage applications
+role_manage-identity-providers=Manage identity providers
+role_manage-clients=Manage clients
+role_manage-events=Manage events
+role_view-profile=View profile
+role_manage-account=Manage account
+role_manage-account-links=Manage account links
+role_manage-consent=Manage consents
+role_read-token=Read token
+role_offline-access=Offline access
+role_uma_authorization=Obtain permissions
+client_account=Account
+client_account-console=Account Console
+client_security-admin-console=Security Admin Console
+client_admin-cli=Admin CLI
+client_realm-management=Realm Management
+client_broker=Broker
+
+
+requiredFields=Required fields
+allFieldsRequired=All fields required
+
+backToApplication=&laquo; Back to application
+backTo=Back to {0}
+
+date=Date
+event=Event
+ip=IP
+client=Client
+clients=Clients
+details=Details
+started=Started
+lastAccess=Last Access
+expires=Expires
+applications=Applications
+
+account=Account
+federatedIdentity=Federated Identity
+authenticator=Authenticator
+device-activity=Device Activity
+sessions=Sessions
+log=Log
+
+application=Application
+availableRoles=Available Roles
+grantedPermissions=Granted Permissions
+grantedPersonalInfo=Granted Personal Info
+additionalGrants=Additional Grants
+action=Action
+inResource=in
+fullAccess=Full Access
+offlineToken=Offline Token
+revoke=Revoke Grant
+
+configureAuthenticators=Configured Authenticators
+mobile=Mobile
+totpStep1=Install one of the following applications on your mobile:
+totpStep2=Open the application and scan the barcode:
+totpStep3=Enter the one-time code provided by the application and click Save to finish the setup.
+totpStep3DeviceName=Provide a Device Name to help you manage your OTP devices.
+
+totpManualStep2=Open the application and enter the key:
+totpManualStep3=Use the following configuration values if the application allows setting them:
+totpUnableToScan=Unable to scan?
+totpScanBarcode=Scan barcode?
+
+totp.totp=Time-based
+totp.hotp=Counter-based
+
+totpType=Type
+totpAlgorithm=Algorithm
+totpDigits=Digits
+totpInterval=Interval
+totpCounter=Counter
+totpDeviceName=Device Name
+
+missingUsernameMessage=Please specify username.
+missingFirstNameMessage=Please specify first name.
+invalidEmailMessage=Invalid email address.
+missingLastNameMessage=Please specify last name.
+missingEmailMessage=Please specify email.
+missingPasswordMessage=Please specify password.
+notMatchPasswordMessage=Passwords don''t match.
+invalidUserMessage=Invalid user
+
+missingTotpMessage=Please specify authenticator code.
+missingTotpDeviceNameMessage=Please specify device name.
+invalidPasswordExistingMessage=Invalid existing password.
+invalidPasswordConfirmMessage=Password confirmation doesn''t match.
+invalidTotpMessage=Invalid authenticator code.
+
+usernameExistsMessage=Username already exists.
+emailExistsMessage=Email already exists.
+
+readOnlyUserMessage=You can''t update your account as it is read-only.
+readOnlyUsernameMessage=You can''t update your username as it is read-only.
+readOnlyPasswordMessage=You can''t update your password as your account is read-only.
+
+successTotpMessage=Mobile authenticator configured.
+successTotpRemovedMessage=Mobile authenticator removed.
+
+successGrantRevokedMessage=Grant revoked successfully.
+
+accountUpdatedMessage=Your account has been updated.
+accountPasswordUpdatedMessage=Your password has been updated.
+
+missingIdentityProviderMessage=Identity provider not specified.
+invalidFederatedIdentityActionMessage=Invalid or missing action.
+identityProviderNotFoundMessage=Specified identity provider not found.
+federatedIdentityLinkNotActiveMessage=This identity is not active anymore.
+federatedIdentityRemovingLastProviderMessage=You can''t remove last federated identity as you don''t have a password.
+identityProviderRedirectErrorMessage=Failed to redirect to identity provider.
+identityProviderRemovedMessage=Identity provider removed successfully.
+identityProviderAlreadyLinkedMessage=Federated identity returned by {0} is already linked to another user.
+staleCodeAccountMessage=The page expired. Please try one more time.
+consentDenied=Consent denied.
+
+accountDisabledMessage=Account is disabled, contact your administrator.
+
+accountTemporarilyDisabledMessage=Account is temporarily disabled, contact your administrator or try again later.
+invalidPasswordMinLengthMessage=Invalid password: minimum length {0}.
+invalidPasswordMinLowerCaseCharsMessage=Invalid password: must contain at least {0} lower case characters.
+invalidPasswordMinDigitsMessage=Invalid password: must contain at least {0} numerical digits.
+invalidPasswordMinUpperCaseCharsMessage=Invalid password: must contain at least {0} upper case characters.
+invalidPasswordMinSpecialCharsMessage=Invalid password: must contain at least {0} special characters.
+invalidPasswordNotUsernameMessage=Invalid password: must not be equal to the username.
+invalidPasswordRegexPatternMessage=Invalid password: fails to match regex pattern(s).
+invalidPasswordHistoryMessage=Invalid password: must not be equal to any of last {0} passwords.
+invalidPasswordBlacklistedMessage=Invalid password: password is blacklisted.
+invalidPasswordGenericMessage=Invalid password: new password doesn''t match password policies.
+
+# Authorization
+myResources=My Resources
+myResourcesSub=My resources
+doDeny=Deny
+doRevoke=Revoke
+doApprove=Approve
+doRemoveSharing=Remove Sharing
+doRemoveRequest=Remove Request
+peopleAccessResource=People with access to this resource
+resourceManagedPolicies=Permissions granting access to this resource
+resourceNoPermissionsGrantingAccess=No permissions granting access to this resource
+anyAction=Any action
+description=Description
+name=Name
+scopes=Scopes
+resource=Resource
+user=User
+peopleSharingThisResource=People sharing this resource
+shareWithOthers=Share with others
+needMyApproval=Need my approval
+requestsWaitingApproval=Your requests waiting approval
+icon=Icon
+requestor=Requestor
+owner=Owner
+resourcesSharedWithMe=Resources shared with me
+permissionRequestion=Permission Requestion
+permission=Permission
+shares=share(s)
+notBeingShared=This resource is not being shared.
+notHaveAnyResource=You don't have any resources
+noResourcesSharedWithYou=There are no resources shared with you
+havePermissionRequestsWaitingForApproval=You have {0} permission request(s) waiting for approval.
+clickHereForDetails=Click here for details.
+resourceIsNotBeingShared=The resource is not being shared
+
+locale_ca=Catal\u00e0
+locale_de=Deutsch
+locale_en=English
+locale_es=Espa\u00f1ol
+locale_fr=Fran\u00e7ais
+locale_it=Italian
+locale_ja=\u65e5\u672c\u8a9e
+locale_nl=Nederlands
+locale_no=Norsk
+locale_lt=Lietuvi\u0173
+locale_pt-BR=Portugu\u00eas (Brasil)
+locale_ru=\u0420\u0443\u0441\u0441\u043a\u0438\u0439
+locale_sk=Sloven\u010dina
+locale_sv=Svenska
+locale_tr=Turkish
+locale_zh-CN=\u4e2d\u6587\u7b80\u4f53
+
+# Applications
+applicaitonName=Name
+applicationType=Application Type
+applicationInUse=In-use app only
+clearAllFilter=Clear all filters
+activeFilters=Active filters
+filterByName=Filter By Name ...
+allApps=All applications
+internalApps=Internal applications
+thirdpartyApps=Third-Party applications
+appResults=Results
+clientNotFoundMessage=Client not found.
+
+# Linked account
+authorizedProvider=Authorized Provider
+authorizedProviderMessage=Authorized Providers linked with your account
+identityProvider=Identity Provider
+identityProviderMessage=To link your account with identity providers you have configured
+socialLogin=Social Login
+userDefined=User Defined
+removeAccess=Remove Access
+removeAccessMessage=You will need to grant access again, if you want to use this app account.
+
+#Authenticator
+authenticatorStatusMessage=Two-factor authentication is currently
+authenticatorFinishSetUpTitle=Your Two-Factor Authentication
+authenticatorFinishSetUpMessage=Each time you sign in to your Keycloak account, you will be asked to provide a two-factor authentication code.
+authenticatorSubTitle=Set Up Two-Factor Authentication
+authenticatorSubMessage=To enhance the security of your account, enable at least one of the available two-factor authentication methods.
+authenticatorMobileTitle=Mobile Authenticator
+authenticatorMobileMessage=Use mobile Authenticator to get Verification codes as the two-factor authentication.
+authenticatorMobileFinishSetUpMessage=The authenticator has been bound to your phone.
+authenticatorActionSetup=Set up
+authenticatorSMSTitle=SMS Code
+authenticatorSMSMessage=Keycloak will send the Verification code to your phone as the two-factor authentication.
+authenticatorSMSFinishSetUpMessage=Text messages are sent to
+authenticatorDefaultStatus=Default
+authenticatorChangePhone=Change Phone Number
+authenticatorBackupCodesTitle=Backup Codes
+authenticatorBackupCodesMessage=Get your 8-digit backup codes
+authenticatorBackupCodesFinishSetUpMessage=12 backup codes were generated at this time. Each one can be used once.
+
+#Authenticator - Mobile Authenticator setup
+authenticatorMobileSetupTitle=Mobile Authenticator Setup
+smscodeIntroMessage=Enter your phone number and a verification code will be sent to your phone.
+mobileSetupStep1=Install an authenticator application on your phone. The applications listed here are supported.
+mobileSetupStep2=Open the application and scan the barcode:
+mobileSetupStep3=Enter the one-time code provided by the application and click Save to finish the setup.
+scanBarCode=Want to scan the barcode?
+enterBarCode=Enter the one-time code
+doCopy=Copy
+doFinish=Finish
+
+#Authenticator - SMS Code setup
+authenticatorSMSCodeSetupTitle=SMS Code Setup
+chooseYourCountry=Choose your country
+enterYourPhoneNumber=Enter your phone number
+sendVerficationCode=Send Verification Code
+enterYourVerficationCode=Enter your verification code
+
+#Authenticator - backup Code setup
+authenticatorBackupCodesSetupTitle=Backup Codes Setup
+backupcodesIntroMessage=If you lose access to your phone, you can still log into your account through backup codes. Keep them somewhere safe and accessible.
+realmName=Realm
+doDownload=Download
+doPrint=Print
+backupCodesTips-1=Each backup code can be used once.
+backupCodesTips-2=These codes were generated on
+generateNewBackupCodes=Generate New Backup Codes
+backupCodesTips-3=When you generate new backup codes, the current codes will not work anymore.
+backtoAuthenticatorPage=Back to Authenticator Page
+
+
+#Resources
+resources=Resources
+sharedwithMe=Shared with Me
+share=Share
+sharedwith=Shared with
+accessPermissions=Access Permissions
+permissionRequests=Permission Requests
+approve=Approve
+approveAll=Approve all
+people=people
+perPage=per page
+currentPage=Current Page
+sharetheResource=Share the resource
+group=Group
+selectPermission=Select Permission
+addPeople=Add people to share your resource with
+addTeam=Add team to share your resource with
+myPermissions=My Permissions
+waitingforApproval=Waiting for approval
+anyPermission=Any Permission
+
+# Openshift messages
+openshift.scope.user_info=User information
+openshift.scope.user_check-access=User access information
+openshift.scope.user_full=Full Access
+openshift.scope.list-projects=List projects
diff --git a/account/messages/messages_es.properties b/account/messages/messages_es.properties
new file mode 100644
index 0000000..fd36e59
--- /dev/null
+++ b/account/messages/messages_es.properties
@@ -0,0 +1,147 @@
+doSave=Guardar
+doCancel=Cancelar
+doLogOutAllSessions=Desconectar de todas las sesiones
+doRemove=Eliminar
+doAdd=A\u00F1adir
+doSignOut=Desconectar
+
+editAccountHtmlTitle=Editar cuenta
+federatedIdentitiesHtmlTitle=Identidades federadas
+accountLogHtmlTitle=Registro de la cuenta
+changePasswordHtmlTitle=Cambiar contrase\u00F1a
+sessionsHtmlTitle=Sesiones
+accountManagementTitle=Gesti\u00F3n de Cuenta Keycloak
+authenticatorTitle=Autenticador
+applicationsHtmlTitle=Aplicaciones
+
+authenticatorCode=C\u00F3digo de un solo uso
+email=Email
+firstName=Nombre
+givenName=Nombre de pila
+fullName=Nombre completo
+lastName=Apellidos
+familyName=Apellido
+password=Contrase\u00F1a
+passwordConfirm=Confirma la contrase\u00F1a
+passwordNew=Nueva contrase\u00F1a
+username=Usuario
+address=Direcci\u00F3n
+street=Calle
+locality=Ciudad o Municipio
+region=Estado, Provincia, o Regi\u00F3n
+postal_code=C\u00F3digo Postal
+country=Pa\u00EDs
+emailVerified=Email verificado
+gssDelegationCredential=GSS Delegation Credential
+
+role_admin=Administrador
+role_realm-admin=Administrador del dominio
+role_create-realm=Crear dominio
+role_view-realm=Ver dominio
+role_view-users=Ver usuarios
+role_view-applications=Ver aplicaciones
+role_view-clients=Ver clientes
+role_view-events=Ver eventos
+role_view-identity-providers=Ver proveedores de identidad
+role_manage-realm=Gestionar dominio
+role_manage-users=Gestionar usuarios
+role_manage-applications=Gestionar aplicaciones
+role_manage-identity-providers=Gestionar proveedores de identidad
+role_manage-clients=Gestionar clientes
+role_manage-events=Gestionar eventos
+role_view-profile=Ver perfil
+role_manage-account=Gestionar cuenta
+role_read-token=Leer token
+role_offline-access=Acceso sin conexi\u00F3n
+client_account=Cuenta
+client_security-admin-console=Consola de Administraci\u00F3n de Seguridad
+client_realm-management=Gesti\u00F3n de dominio
+client_broker=Broker
+
+
+requiredFields=Campos obligatorios
+allFieldsRequired=Todos los campos obligatorios
+
+backToApplication=&laquo; Volver a la aplicaci\u00F3n
+backTo=Volver a {0}
+
+date=Fecha
+event=Evento
+ip=IP
+client=Cliente
+clients=Clientes
+details=Detalles
+started=Iniciado
+lastAccess=\u00DAltimo acceso
+expires=Expira
+applications=Aplicaciones
+
+account=Cuenta
+federatedIdentity=Identidad federada
+authenticator=Autenticador
+sessions=Sesiones
+log=Regisro
+
+application=Aplicaci\u00F3n
+availablePermissions=Permisos disponibles
+grantedPermissions=Permisos concedidos
+grantedPersonalInfo=Informaci\u00F3n personal concedida
+additionalGrants=Permisos adicionales
+action=Acci\u00F3n
+inResource=en
+fullAccess=Acceso total
+offlineToken=C\u00F3digo de autorizaci\u00F3n offline
+revoke=Revocar permiso
+
+configureAuthenticators=Autenticadores configurados
+mobile=M\u00F3vil
+totpStep1=Instala <a href=\"https://freeotp.github.io/\" target=\"_blank\">FreeOTP</a> o Google Authenticator en tu tel\u00E9fono m\u00F3vil. Ambas aplicaciones est\u00E1n disponibles en <a href=\"https://play.google.com\">Google Play</a> y en la App Store de Apple.
+totpStep2=Abre la aplicaci\u00F3n y escanea el c\u00F3digo o introduce la clave.
+totpStep3=Introduce el c\u00F3digo \u00FAnico que te muestra la aplicaci\u00F3n de autenticaci\u00F3n y haz clic en Enviar para finalizar la configuraci\u00F3n
+
+missingUsernameMessage=Por favor indica tu usuario.
+missingFirstNameMessage=Por favor indica el nombre.
+invalidEmailMessage=Email no v\u00E1lido
+missingLastNameMessage=Por favor indica tus apellidos.
+missingEmailMessage=Por favor indica el email.
+missingPasswordMessage=Por favor indica tu contrase\u00F1a.
+notMatchPasswordMessage=Las contrase\u00F1as no coinciden.
+
+missingTotpMessage=Por favor indica tu c\u00F3digo de autenticaci\u00F3n
+invalidPasswordExistingMessage=La contrase\u00F1a actual no es correcta.
+invalidPasswordConfirmMessage=La confirmaci\u00F3n de contrase\u00F1a no coincide.
+invalidTotpMessage=El c\u00F3digo de autenticaci\u00F3n no es v\u00E1lido.
+
+usernameExistsMessage=El usuario ya existe
+emailExistsMessage=El email ya existe
+
+readOnlyUserMessage=No puedes actualizar tu usuario porque tu cuenta es de solo lectura.
+readOnlyPasswordMessage=No puedes actualizar tu contrase\u00F1a porque tu cuenta es de solo lectura.
+
+successTotpMessage=Aplicaci\u00F3n de autenticaci\u00F3n m\u00F3vil configurada.
+successTotpRemovedMessage=Aplicaci\u00F3n de autenticaci\u00F3n m\u00F3vil eliminada.
+
+successGrantRevokedMessage=Permiso revocado correctamente
+
+accountUpdatedMessage=Tu cuenta se ha actualizado.
+accountPasswordUpdatedMessage=Tu contrase\u00F1a se ha actualizado.
+
+missingIdentityProviderMessage=Proveedor de identidad no indicado.
+invalidFederatedIdentityActionMessage=Acci\u00F3n no v\u00E1lida o no indicada.
+identityProviderNotFoundMessage=No se encontr\u00F3 un proveedor de identidad.
+federatedIdentityLinkNotActiveMessage=Esta identidad ya no est\u00E1 activa
+federatedIdentityRemovingLastProviderMessage=No puedes eliminar la \u00FAltima identidad federada porque no tienes fijada una contrase\u00F1a.
+identityProviderRedirectErrorMessage=Error en la redirecci\u00F3n al proveedor de identidad
+identityProviderRemovedMessage=Proveedor de identidad borrado correctamente.
+
+accountDisabledMessage=La cuenta est\u00E1 desactivada, contacta con el administrador.
+
+accountTemporarilyDisabledMessage=La cuenta est\u00E1 temporalmente desactivada, contacta con el administrador o int\u00E9ntalo de nuevo m\u00E1s tarde.
+invalidPasswordMinLengthMessage=Contrase\u00F1a incorrecta: longitud m\u00EDnima {0}.
+invalidPasswordMinLowerCaseCharsMessage=Contrase\u00F1a incorrecta: debe contener al menos {0} letras min\u00FAsculas.
+invalidPasswordMinDigitsMessage=Contrase\u00F1a incorrecta: debe contener al menos {0} caracteres num\u00E9ricos.
+invalidPasswordMinUpperCaseCharsMessage=Contrase\u00F1a incorrecta: debe contener al menos {0} letras may\u00FAsculas.
+invalidPasswordMinSpecialCharsMessage=Contrase\u00F1a incorrecta: debe contener al menos {0} caracteres especiales.
+invalidPasswordNotUsernameMessage=Contrase\u00F1a incorrecta: no puede ser igual al nombre de usuario.
+invalidPasswordRegexPatternMessage=Contrase\u00F1a incorrecta: no cumple la expresi\u00F3n regular.
+invalidPasswordHistoryMessage=Contrase\u00F1a incorrecta: no puede ser igual a ninguna de las \u00FAltimas {0} contrase\u00F1as. \ No newline at end of file
diff --git a/account/messages/messages_fr.properties b/account/messages/messages_fr.properties
new file mode 100644
index 0000000..f18bf47
--- /dev/null
+++ b/account/messages/messages_fr.properties
@@ -0,0 +1,166 @@
+# TIPS to encode UTF-8 to ISO
+# native2ascii -encoding ISO8859_1 srcFile > dstFile
+
+doSave=Sauvegarder
+doCancel=Annuler
+doLogOutAllSessions=D\u00e9connexion de toutes les sessions
+doRemove=Supprimer
+doAdd=Ajouter
+doSignOut=D\u00e9connexion
+
+editAccountHtmlTitle=\u00c9dition du compte
+federatedIdentitiesHtmlTitle=Identit\u00e9s f\u00e9d\u00e9r\u00e9es
+accountLogHtmlTitle=Acc\u00e8s au compte
+changePasswordHtmlTitle=Changer de mot de passe
+sessionsHtmlTitle=Sessions
+accountManagementTitle=Gestion du compte Keycloak
+authenticatorTitle=Authentification
+applicationsHtmlTitle=Applications
+
+authenticatorCode=Mot de passe unique
+email=Courriel
+firstName=Pr\u00e9nom
+givenName=Pr\u00e9nom
+fullName=Nom complet
+lastName=Nom
+familyName=Nom de famille
+password=Mot de passe
+passwordConfirm=Confirmation
+passwordNew=Nouveau mot de passe
+username=Compte
+address=Adresse
+street=Rue
+locality=Ville ou Localit\u00e9
+region=\u00c9tat, Province ou R\u00e9gion
+postal_code=Code Postal
+country=Pays
+emailVerified=Courriel v\u00e9rifi\u00e9
+gssDelegationCredential=Accr\u00e9ditation de d\u00e9l\u00e9gation GSS
+
+role_admin=Administrateur
+role_realm-admin=Administrateur du domaine
+role_create-realm=Cr\u00e9er un domaine
+role_view-realm=Voir un domaine
+role_view-users=Voir les utilisateurs
+role_view-applications=Voir les applications
+role_view-clients=Voir les clients
+role_view-events=Voir les \u00e9v\u00e9nements
+role_view-identity-providers=Voir les fournisseurs d''identit\u00e9s
+role_manage-realm=G\u00e9rer le domaine
+role_manage-users=G\u00e9rer les utilisateurs
+role_manage-applications=G\u00e9rer les applications
+role_manage-identity-providers=G\u00e9rer les fournisseurs d''identit\u00e9s
+role_manage-clients=G\u00e9rer les clients
+role_manage-events=G\u00e9rer les \u00e9v\u00e9nements
+role_view-profile=Voir le profil
+role_manage-account=G\u00e9rer le compte
+role_read-token=Lire le jeton d''authentification
+role_offline-access=Acc\u00e8s hors-ligne
+client_account=Compte
+client_security-admin-console=Console d''administration de la s\u00e9curit\u00e9
+client_admin-cli=Admin CLI
+client_realm-management=Gestion du domaine
+client_broker=Broker
+
+
+requiredFields=Champs obligatoires
+allFieldsRequired=Tous les champs sont obligatoires
+
+backToApplication=&laquo; Revenir \u00e0 l''application
+backTo=Revenir \u00e0 {0}
+
+date=Date
+event=Ev\u00e9nement
+ip=IP
+client=Client
+clients=Clients
+details=D\u00e9tails
+started=D\u00e9but
+lastAccess=Dernier acc\u00e8s
+expires=Expiration
+applications=Applications
+
+account=Compte
+federatedIdentity=Identit\u00e9 f\u00e9d\u00e9r\u00e9e
+authenticator=Authentification
+sessions=Sessions
+log=Connexion
+
+application=Application
+availablePermissions=Permissions disponibles
+grantedPermissions=Permissions accord\u00e9es
+grantedPersonalInfo=Informations personnelles accord\u00e9es
+additionalGrants=Droits additionnels
+action=Action
+inResource=dans
+fullAccess=Acc\u00e8s complet
+offlineToken=Jeton d''authentification hors-ligne
+revoke=R\u00e9voquer un droit
+
+configureAuthenticators=Authentifications configur\u00e9es.
+mobile=T\u00e9l\u00e9phone mobile
+totpStep1=Installez une des applications suivantes sur votre mobile
+totpStep2=Ouvrez l''application et scannez le code-barres ou entrez la clef.
+totpStep3=Entrez le code \u00e0 usage unique fourni par l''application et cliquez sur Sauvegarder pour terminer.
+
+totpManualStep2=Ouvrez l''application et entrez la clef
+totpManualStep3=Utilisez les valeurs de configuration suivante si l''application les autorise
+totpUnableToScan=Impossible de scanner ?
+totpScanBarcode=Scanner le code-barres ?
+
+totp.totp=Bas\u00e9 sur le temps
+totp.hotp=Bas\u00e9 sur un compteur
+
+totpType=Type
+totpAlgorithm=Algorithme
+totpDigits=Chiffres
+totpInterval=Intervalle
+totpCounter=Compteur
+
+missingUsernameMessage=Veuillez entrer votre nom d''utilisateur.
+missingFirstNameMessage=Veuillez entrer votre pr\u00e9nom.
+invalidEmailMessage=Courriel invalide.
+missingLastNameMessage=Veuillez entrer votre nom.
+missingEmailMessage=Veuillez entrer votre courriel.
+missingPasswordMessage=Veuillez entrer votre mot de passe.
+notMatchPasswordMessage=Les mots de passe ne sont pas identiques
+
+missingTotpMessage=Veuillez entrer le code d''authentification.
+invalidPasswordExistingMessage=Mot de passe existant invalide.
+invalidPasswordConfirmMessage=Le mot de passe de confirmation ne correspond pas.
+invalidTotpMessage=Le code d''authentification est invalide.
+
+usernameExistsMessage=Le nom d''utilisateur existe d\u00e9j\u00e0.
+emailExistsMessage=Le courriel existe d\u00e9j\u00e0.
+
+readOnlyUserMessage=Vous ne pouvez pas mettre \u00e0 jour votre compte car il est en lecture seule.
+readOnlyPasswordMessage=Vous ne pouvez pas mettre \u00e0 jour votre mot de passe car votre compte est en lecture seule.
+
+successTotpMessage=L''authentification via t\u00e9l\u00e9phone mobile est configur\u00e9e.
+successTotpRemovedMessage=L''authentification via t\u00e9l\u00e9phone mobile est supprim\u00e9e.
+
+successGrantRevokedMessage=Droit r\u00e9voqu\u00e9 avec succ\u00e8s.
+
+accountUpdatedMessage=Votre compte a \u00e9t\u00e9 mis \u00e0 jour.
+accountPasswordUpdatedMessage=Votre mot de passe a \u00e9t\u00e9 mis \u00e0 jour.
+
+missingIdentityProviderMessage=Le fournisseur d''identit\u00e9 n''est pas sp\u00e9cifi\u00e9.
+invalidFederatedIdentityActionMessage=Action manquante ou invalide.
+identityProviderNotFoundMessage=Le fournisseur d''identit\u00e9 sp\u00e9cifi\u00e9 n''est pas trouv\u00e9.
+federatedIdentityLinkNotActiveMessage=Cette identit\u00e9 n''est plus active dor\u00e9navant.
+federatedIdentityRemovingLastProviderMessage=Vous ne pouvez pas supprimer votre derni\u00e8re f\u00e9d\u00e9ration d''identit\u00e9 sans avoir de mot de passe sp\u00e9cifi\u00e9.
+identityProviderRedirectErrorMessage=Erreur de redirection vers le fournisseur d''identit\u00e9.
+identityProviderRemovedMessage=Le fournisseur d''identit\u00e9 a \u00e9t\u00e9 supprim\u00e9 correctement.
+identityProviderAlreadyLinkedMessage=Le fournisseur d''identit\u00e9 retourn\u00e9 par {0} est d\u00e9j\u00e0 li\u00e9 \u00e0 un autre utilisateur.
+
+accountDisabledMessage=Ce compte est d\u00e9sactiv\u00e9, veuillez contacter votre administrateur.
+
+accountTemporarilyDisabledMessage=Ce compte est temporairement d\u00e9sactiv\u00e9, veuillez contacter votre administrateur ou r\u00e9essayez plus tard.
+invalidPasswordMinLengthMessage=Mot de passe invalide: longueur minimale {0}.
+invalidPasswordMinLowerCaseCharsMessage=Mot de passe invalide: doit contenir au moins {0} lettre(s) en minuscule.
+invalidPasswordMinDigitsMessage=Mot de passe invalide: doit contenir au moins {0} chiffre(s).
+invalidPasswordMinUpperCaseCharsMessage=Mot de passe invalide: doit contenir au moins {0} lettre(s) en majuscule.
+invalidPasswordMinSpecialCharsMessage=Mot de passe invalide: doit contenir au moins {0} caract\u00e8re(s) sp\u00e9ciaux.
+invalidPasswordNotUsernameMessage=Mot de passe invalide: ne doit pas \u00eatre identique au nom d''utilisateur.
+invalidPasswordRegexPatternMessage=Mot de passe invalide: ne valide pas l''expression rationnelle.
+invalidPasswordHistoryMessage=Mot de passe invalide: ne doit pas \u00eatre \u00e9gal aux {0} derniers mots de passe.
diff --git a/account/messages/messages_it.properties b/account/messages/messages_it.properties
new file mode 100644
index 0000000..611bed1
--- /dev/null
+++ b/account/messages/messages_it.properties
@@ -0,0 +1,153 @@
+doSave=Salva
+doCancel=Annulla
+doLogOutAllSessions=Effettua il blog out da tutte le sessioni
+doRemove=Elimina
+doAdd=Aggiungi
+doSignOut=Esci
+
+editAccountHtmlTitle=Modifica Account
+federatedIdentitiesHtmlTitle=Federated Identities
+accountLogHtmlTitle=Account Log
+changePasswordHtmlTitle=Cambia Password
+sessionsHtmlTitle=Sessioni
+accountManagementTitle=Keycloak Account Management
+authenticatorTitle=Authenticator
+applicationsHtmlTitle=Applicazioni
+
+authenticatorCode=Codice One-time
+email=Email
+firstName=Nome
+givenName=Nome
+fullName=Nome Completo
+lastName=Cognome
+familyName=Cognome
+password=Password
+passwordConfirm=Conferma Password
+passwordNew=Nuova Password
+username=Username
+address=Indirizzo
+street=Via
+locality=Citt\u00e0 o Localit\u00e0
+region=Stato, Provincia, o Regione
+postal_code=CAP
+country=Paese
+emailVerified=Email verificata
+gssDelegationCredential=Credenziali GSS Delegation
+
+role_admin=Admin
+role_realm-admin=Realm Admin
+role_create-realm=Crea realm
+role_view-realm=Visualizza realm
+role_view-users=Visualizza utenti
+role_view-applications=Visualizza applicazioni
+role_view-clients=Visualizza client
+role_view-events=Visualizza eventi
+role_view-identity-providers=Visualizza identity provider
+role_manage-realm=Gestisci realm
+role_manage-users=Gestisci utenti
+role_manage-applications=Gestisci applicazioni
+role_manage-identity-providers=Gestisci identity provider
+role_manage-clients=Gestisci i client
+role_manage-events=Gestisci eventi
+role_view-profile=Visualizza profilo
+role_manage-account=Gestisci account
+role_read-token=Leggi token
+role_offline-access=Accesso offline
+role_uma_authorization=Ottieni permessi
+client_account=Account
+client_security-admin-console=Security Admin Console
+client_admin-cli=Admin CLI
+client_realm-management=Gestione Realm
+client_broker=Broker
+
+
+requiredFields=Campi obbligatori
+allFieldsRequired=Tutti campi obbligatori
+
+backToApplication=&laquo; Torna all''applicazione
+backTo=Torna a {0}
+
+date=Data
+event=Evento
+ip=IP
+client=Client
+clients=Clients
+details=Dettagli
+started=Iniziato
+lastAccess=Ultimo accesso
+expires=Scade
+applications=Applicazioni
+
+account=Account
+federatedIdentity=Federated Identity
+authenticator=Authenticator
+sessions=Sessioni
+log=Log
+
+application=Applicazione
+availablePermissions=Permessi disponibili
+grantedPermissions=Permessi concessi
+grantedPersonalInfo=Informazioni Personali concesse
+additionalGrants=Concessioni addizionali
+action=Azione
+inResource=in
+fullAccess=Accesso completo
+offlineToken=Token offline
+revoke=Revoca concessione
+
+configureAuthenticators=Configura Authenticators
+mobile=Mobile
+totpStep1=Installa <a href="https://freeotp.github.io/" target="_blank">FreeOTP</a> o <a href="http://code.google.com/p/google-authenticator/" target="_blank">Google Authenticator</a> sul tuo dispositivo mobile.
+totpStep2=Apri l''applicazione e scansiona il barcode o scrivi la chiave.
+totpStep3=Scrivi il codice one-time fornito dall''applicazione e clicca Salva per completare il setup.
+
+missingUsernameMessage=Inserisci la username.
+missingFirstNameMessage=Inserisci il nome.
+invalidEmailMessage=Indirizzo email non valido.
+missingLastNameMessage=Inserisci il cognome.
+missingEmailMessage=Inserisci l''indirizzo email.
+missingPasswordMessage=Inserisci la password.
+notMatchPasswordMessage=Le password non corrispondono.
+
+missingTotpMessage=Inserisci il codice di autenticazione.
+invalidPasswordExistingMessage=Password esistente non valida.
+invalidPasswordConfirmMessage=La password di conferma non coincide.
+invalidTotpMessage=Codice di autenticazione non valido.
+
+usernameExistsMessage=Username gi\u00e0 esistente.
+emailExistsMessage=Email gi\u00e0 esistente.
+
+readOnlyUserMessage=Non puoi aggiornare il tuo account dal momento che \u00e8 in modalit\u00e0 sola lettura.
+readOnlyPasswordMessage=Non puoi aggiornare il tuo account dal momento che \u00e8 in modalit\u00e0 sola lettura.
+
+successTotpMessage=Mobile authenticator configurato.
+successTotpRemovedMessage=Mobile authenticator eliminato.
+
+successGrantRevokedMessage=Concessione revocata correttamente.
+
+accountUpdatedMessage=Il tuo account \u00e8 stato aggiornato.
+accountPasswordUpdatedMessage=La tua password \u00e8 stata aggiornata.
+
+missingIdentityProviderMessage=Identity provider non specificata.
+invalidFederatedIdentityActionMessage=Azione non valida o mancante.
+identityProviderNotFoundMessage=L''identity provider specificato non \u00e8 stato trovato.
+federatedIdentityLinkNotActiveMessage=Questo identity non \u00e8 pi\u00f9 attivo.
+federatedIdentityRemovingLastProviderMessage=Non puoi rimuovere l''ultimo federated identity dal momento che non hai pi\u00f9 la password.
+identityProviderRedirectErrorMessage=Il reindirizzamento all''identity provider \u00e8 fallito.
+identityProviderRemovedMessage=Identity provider eliminato correttamente.
+identityProviderAlreadyLinkedMessage=Federated identity ritornata da {0} \u00e8 gi\u00e0 collegata ad un altro utente.
+staleCodeAccountMessage=La pagina \u00e8 scaduta. Riprova di nuovo.
+consentDenied=Permesso negato.
+
+accountDisabledMessage=Account disabilitato, contatta l''amministratore.
+
+accountTemporarilyDisabledMessage=L''account \u00e8 temporaneamente disabilitato, contatta l''amministratore o riprova pi\u00f9 tardi.
+invalidPasswordMinLengthMessage=Password non valida: lunghezza minima {0}.
+invalidPasswordMinLowerCaseCharsMessage=Password non valida: deve contenere almeno {0} caratteri minuscoli.
+invalidPasswordMinDigitsMessage=Password non valida: deve contenere almeno {0} numeri.
+invalidPasswordMinUpperCaseCharsMessage=Password non valida: deve contenere almeno {0} caratteri maiuscoli.
+invalidPasswordMinSpecialCharsMessage=Password non valida: deve contenere almeno {0} caratteri speciali.
+invalidPasswordNotUsernameMessage=Password non valida: non deve essere uguale alla username.
+invalidPasswordRegexPatternMessage=Password non valida: fallito il match con una o pi\u00f9 espressioni regolari.
+invalidPasswordHistoryMessage=Password non valida: non deve essere uguale a nessuna delle ultime {0} password.
+invalidPasswordGenericMessage=Password non valida: la nuova password non rispetta le indicazioni previste.
diff --git a/account/messages/messages_ja.properties b/account/messages/messages_ja.properties
new file mode 100644
index 0000000..de3cee1
--- /dev/null
+++ b/account/messages/messages_ja.properties
@@ -0,0 +1,352 @@
+# encoding: utf-8
+doSave=保存
+doCancel=キャンセル
+doLogOutAllSessions=全セッションからログアウト
+doRemove=削除
+doAdd=追加
+doSignOut=サインアウト
+doLogIn=ログイン
+doLink=リンク
+
+
+editAccountHtmlTitle=アカウントの編集
+personalInfoHtmlTitle=個人情報
+federatedIdentitiesHtmlTitle=Federated Identities
+accountLogHtmlTitle=アカウントログ
+changePasswordHtmlTitle=パスワード変更
+deviceActivityHtmlTitle=デバイスアクティビティ
+sessionsHtmlTitle=セッション
+accountManagementTitle=Keycloak アカウント管理
+authenticatorTitle=Authenticator
+applicationsHtmlTitle=アプリケーション
+linkedAccountsHtmlTitle=リンクされたアカウント
+
+accountManagementWelcomeMessage=Keycloak アカウント管理へようこそ
+personalInfoIntroMessage=基本情報を管理する
+accountSecurityTitle=アカウントセキュリティ
+accountSecurityIntroMessage=パスワードとアカウントアクセスを制御する
+applicationsIntroMessage=アプリのアカウントへのアクセス権を追跡して管理する
+resourceIntroMessage=チームメンバー間でリソースを共有する
+passwordLastUpdateMessage=パスワードは更新されました
+updatePasswordTitle=パスワードの更新
+updatePasswordMessageTitle=強力なパスワードを選択してください
+updatePasswordMessage=強力なパスワードは、数字、文字、記号を含みます。推測が難しく、実在する言葉に似ておらず、このアカウントだけで使用されています。
+personalSubTitle=個人情報
+personalSubMessage=この基本情報を管理してください:名、姓、メール
+
+authenticatorCode=ワンタイムコード
+email=Eメール
+firstName=名
+givenName=名
+fullName=氏名
+lastName=姓
+familyName=姓
+password=パスワード
+currentPassword=現在のパスワード
+passwordConfirm=新しいパスワード (確認)
+passwordNew=新しいパスワード
+username=ユーザー名
+address=住所
+street=番地
+locality=市区町村
+region=都道府県
+postal_code=郵便番号
+country=国
+emailVerified=確認済みEメール
+gssDelegationCredential=GSS 代行クレデンシャル
+
+profileScopeConsentText=ユーザープロフィール
+emailScopeConsentText=メールアドレス
+addressScopeConsentText=アドレス
+phoneScopeConsentText=電話番号
+offlineAccessScopeConsentText=オフラインアクセス
+samlRoleListScopeConsentText=ロール
+rolesScopeConsentText=ユーザーロール
+
+role_admin=管理者
+role_realm-admin=レルムの管理
+role_create-realm=レルムの作成
+role_view-realm=レルムの参照
+role_view-users=ユーザーの参照
+role_view-applications=アプリケーションの参照
+role_view-clients=クライアントの参照
+role_view-events=イベントの参照
+role_view-identity-providers=アイデンティティ プロバイダーの参照
+role_manage-realm=レルムの管理
+role_manage-users=ユーザーの管理
+role_manage-applications=アプリケーションの管理
+role_manage-identity-providers=アイデンティティ プロバイダーの管理
+role_manage-clients=クライアントの管理
+role_manage-events=イベントの管理
+role_view-profile=プロフィールの参照
+role_manage-account=アカウントの管理
+role_manage-account-links=アカウントリンクの管理
+role_read-token=トークンの参照
+role_offline-access=オフラインアクセス
+role_uma_authorization=アクセス権の取得
+client_account=アカウント
+client_security-admin-console=セキュリティ管理コンソール
+client_admin-cli=管理 CLI
+client_realm-management=レルム管理
+client_broker=ブローカー
+
+
+requiredFields=必須
+allFieldsRequired=全ての入力項目が必須
+
+backToApplication=&laquo; アプリケーションに戻る
+backTo={0} に戻る
+
+date=日付
+event=イベント
+ip=IP
+client=クライアント
+clients=クライアント
+details=詳細
+started=開始
+lastAccess=最終アクセス
+expires=有効期限
+applications=アプリケーション
+
+account=アカウント
+federatedIdentity=Federated Identity
+authenticator=Authenticator
+device-activity=デバイスアクティビティ
+sessions=セッション
+log=ログ
+
+application=アプリケーション
+availableRoles=利用可能なロール
+grantedPermissions=許可されたアクセス権
+grantedPersonalInfo=許可された個人情報
+additionalGrants=追加の許可
+action=アクション
+inResource=in
+fullAccess=フルアクセス
+offlineToken=オフライントークン
+revoke=許可の取り消し
+
+configureAuthenticators=設定済みの Authenticator
+mobile=モバイル
+totpStep1=モバイルに以下のアプリケーションのいずれかをインストールしてください。
+totpStep2=アプリケーションを開き、バーコードをスキャンしてください。
+totpStep3=アプリケーションで提供されたワンタイムコードを入力して保存をクリックし、セットアップを完了してください。
+
+totpManualStep2=アプリケーションを開き、キーを入力してください。
+totpManualStep3=アプリケーションが設定できる場合は、次の設定値を使用してください。
+totpUnableToScan=スキャンできませんか?
+totpScanBarcode=バーコードをスキャンしますか?
+
+totp.totp=時間ベース
+totp.hotp=カウンターベース
+
+totpType=タイプ
+totpAlgorithm=アルゴリズム
+totpDigits=数字
+totpInterval=間隔
+totpCounter=カウンター
+
+missingUsernameMessage=ユーザー名を入力してください。
+missingFirstNameMessage=名を入力してください。
+invalidEmailMessage=無効なメールアドレスです。
+missingLastNameMessage=姓を入力してください。
+missingEmailMessage=Eメールを入力してください。
+missingPasswordMessage=パスワードを入力してください。
+notMatchPasswordMessage=パスワードが一致していません。
+invalidUserMessage=無効なユーザーです。
+
+missingTotpMessage=Authenticator コードを入力してください。
+invalidPasswordExistingMessage=無効な既存のパスワードです。
+invalidPasswordConfirmMessage=新しいパスワード (確認) と一致していません。
+invalidTotpMessage=無効な Authenticator コードです。
+
+usernameExistsMessage=既に存在するユーザー名です。
+emailExistsMessage=既に存在するEメールです。
+
+readOnlyUserMessage=読み取り専用のため、アカウントを更新することはできません。
+readOnlyUsernameMessage=読み取り専用のため、ユーザー名を更新することはできません。
+readOnlyPasswordMessage=読み取り専用のため、パスワードを更新することはできません。
+
+successTotpMessage=モバイル Authenticator が設定されました。
+successTotpRemovedMessage=モバイル Authenticator が削除されました。
+
+successGrantRevokedMessage=許可が正常に取り消しされました。
+
+accountUpdatedMessage=アカウントが更新されました。
+accountPasswordUpdatedMessage=パスワードが更新されました。
+
+missingIdentityProviderMessage=アイデンティティ プロバイダーが指定されていません。
+invalidFederatedIdentityActionMessage=無効または存在しないアクションです。
+identityProviderNotFoundMessage=指定されたアイデンティティ プロバイダーが見つかりません。
+federatedIdentityLinkNotActiveMessage=このアイデンティティは有効ではありません。
+federatedIdentityRemovingLastProviderMessage=パスワードがないため最後の Federated Identity を削除できません。
+identityProviderRedirectErrorMessage=アイデンティティ プロバイダーへのリダイレクトに失敗しました。
+identityProviderRemovedMessage=アイデンティティ プロバイダーが正常に削除されました。
+identityProviderAlreadyLinkedMessage={0}から返された Federated Identity は既に他のユーザーに関連付けされています。
+staleCodeAccountMessage=有効期限切れです。再度お試しください。
+consentDenied=同意が拒否されました。
+
+accountDisabledMessage=アカウントが無効です。管理者に連絡してください。
+
+accountTemporarilyDisabledMessage=アカウントが一時的に無効です。管理者に連絡、またはしばらく時間をおいてから再度お試しください。
+invalidPasswordMinLengthMessage=無効なパスワード: 最小 {0} の長さが必要です。
+invalidPasswordMinLowerCaseCharsMessage=無効なパスワード: 少なくとも {0} 文字の小文字を含む必要があります。
+invalidPasswordMinDigitsMessage=無効なパスワード: 少なくとも {0} 文字の数字を含む必要があります。
+invalidPasswordMinUpperCaseCharsMessage=無効なパスワード: 少なくとも {0} 文字の大文字を含む必要があります。
+invalidPasswordMinSpecialCharsMessage=無効なパスワード: 少なくとも {0} 文字の特殊文字を含む必要があります。
+invalidPasswordNotUsernameMessage=無効なパスワード: ユーザー名と同じパスワードは禁止されています。
+invalidPasswordRegexPatternMessage=無効なパスワード: 正規表現パターンと一致しません。
+invalidPasswordHistoryMessage=無効なパスワード: 最近の {0} パスワードのいずれかと同じパスワードは禁止されています。
+invalidPasswordBlacklistedMessage=無効なパスワード: パスワードがブラックリストに含まれています。
+invalidPasswordGenericMessage=無効なパスワード: 新しいパスワードはパスワードポリシーと一致しません。
+
+# Authorization
+myResources=マイリソース
+myResourcesSub=マイリソース
+doDeny=拒否
+doRevoke=取り消し
+doApprove=承認
+doRemoveSharing=共有の削除
+doRemoveRequest=リクエストの削除
+peopleAccessResource=このリソースにアクセスできる人
+resourceManagedPolicies=このリソースへのアクセスを許可するアクセス権
+resourceNoPermissionsGrantingAccess=このリソースへのアクセスを許可する権限はありません
+anyAction=任意のアクション
+description=説明
+name=名前
+scopes=スコープ
+resource=リソース
+user=ユーザー
+peopleSharingThisResource=このリソースを共有している人
+shareWithOthers=他人と共有
+needMyApproval=承認が必要
+requestsWaitingApproval=承認待ちのリクエスト
+icon=アイコン
+requestor=リクエスター
+owner=オーナー
+resourcesSharedWithMe=共有しているリソース
+permissionRequestion=パーミッションリクエスト
+permission=パーミッション
+shares=共有(複数)
+notBeingShared=このリソースは共有されていません。
+notHaveAnyResource=リソースがありません。
+noResourcesSharedWithYou=共有しているリソースはありません
+havePermissionRequestsWaitingForApproval=承認待ちの{0}個のパーミッションリクエストがあります。
+clickHereForDetails=詳細はこちらをクリックしてください。
+resourceIsNotBeingShared=リソースは共有されていません。
+
+locale_ca=Catal\u00e0
+locale_de=Deutsch
+locale_en=English
+locale_es=Espa\u00f1ol
+locale_fr=Fran\u00e7ais
+locale_it=Italian
+locale_ja=\u65e5\u672c\u8a9e
+locale_nl=Nederlands
+locale_no=Norsk
+locale_lt=Lietuvi\u0173
+locale_pt-BR=Portugu\u00eas (Brasil)
+locale_ru=\u0420\u0443\u0441\u0441\u043a\u0438\u0439
+locale_sk=Sloven\u010dina
+locale_sv=Svenska
+locale_tr=Turkish
+locale_zh-CN=\u4e2d\u6587\u7b80\u4f53
+
+# Applications
+applicaitonName=名前
+applicationType=アプリケーションタイプ
+applicationInUse=使用中のアプリケーションのみ
+clearAllFilter=すべてのフィルターをクリア
+activeFilters=アクティブなフィルター
+filterByName=名前でフィルタリング ...
+allApps=すべてのアプリケーション
+internalApps=内部アプリケーション
+thirdpartyApps=サードパーティのアプリケーション
+appResults=結果
+
+# Linked account
+authorizedProvider=認可済みプロバイダー
+authorizedProviderMessage=アカウントにリンクされた認可済みプロバイダー
+identityProvider=アイデンティティー・プロバイダー
+identityProviderMessage=アカウントと設定したアイデンティティー・プロバイダーをリンクするには
+socialLogin=ソーシャル・ログイン
+userDefined=ユーザー定義
+removeAccess=アクセス権の削除
+removeAccessMessage=このアプリ・アカウントを使用する場合は、アクセス権を再度付与する必要があります。
+
+#Authenticator
+authenticatorStatusMessage=2要素認証は現在
+authenticatorFinishSetUpTitle=あなたの2要素認証
+authenticatorFinishSetUpMessage=Keycloakアカウントにサインインするたびに、2要素認証コードを入力するように求められます。
+authenticatorSubTitle=2要素認証を設定する
+authenticatorSubMessage=アカウントのセキュリティーを強化するには、利用可能な2要素認証の方式のうち少なくとも1つを有効にします。
+authenticatorMobileTitle=モバイル・オーセンティケーター
+authenticatorMobileMessage=モバイル・オーセンティケーターを使用して、2要素認証として確認コードを取得します。
+authenticatorMobileFinishSetUpMessage=オーセンティケーターはあなたの携帯電話にバインドされています。
+authenticatorActionSetup=セットアップ
+authenticatorSMSTitle=SMSコード
+authenticatorSMSMessage=Keycloakは、2要素認証として確認コードを携帯電話に送信します。
+authenticatorSMSFinishSetUpMessage=テキスト・メッセージが次の電話番号宛に送信されます:
+authenticatorDefaultStatus=デフォルト
+authenticatorChangePhone=電話番号の変更
+authenticatorBackupCodesTitle=バックアップ・コード
+authenticatorBackupCodesMessage=8桁のバックアップ・コードの入手
+authenticatorBackupCodesFinishSetUpMessage=この時点で12個のバックアップ・コードが生成されました。それぞれ一度だけ使用できます。
+
+#Authenticator - Mobile Authenticator setup
+authenticatorMobileSetupTitle=モバイル・オーセンティケーターのセットアップ
+smscodeIntroMessage=電話番号を入力すると、確認コードがあなたの電話に送信されます。
+mobileSetupStep1=携帯電話にオーセンティケーター・アプリケーションをインストールします。ここにリストされているアプリケーションがサポートされています。
+mobileSetupStep2=アプリケーションを開き、バーコードをスキャンしてください。
+mobileSetupStep3=アプリケーションから提供されたワンタイムコードを入力し、保存をクリックしてセットアップを終了します。
+scanBarCode=バーコードをスキャンしますか?
+enterBarCode=ワンタイムコードを入力してください
+doCopy=コピー
+doFinish=終了
+
+#Authenticator - SMS Code setup
+authenticatorSMSCodeSetupTitle=SMSコードのセットアップ
+chooseYourCountry=国を選んでください
+enterYourPhoneNumber=電話番号を入力してください
+sendVerficationCode=確認コードの送信
+enterYourVerficationCode=確認コードを入力してください
+
+#Authenticator - backup Code setup
+authenticatorBackupCodesSetupTitle=バックアップコードのセットアップ
+backupcodesIntroMessage=携帯電話にアクセスできない場合でも、バックアップコードを使用してアカウントにログインできます。どこか安全でアクセス可能な場所に保管してください。
+realmName=レルム
+doDownload=ダウンロード
+doPrint=印刷
+backupCodesTips-1=各バックアップコードは1回使用できます。
+backupCodesTips-2=これらのコードはこの日に生成されました:
+generateNewBackupCodes=新しいバックアップコードを生成する
+backupCodesTips-3=新しいバックアップコードを生成すると、現在のコードは機能しなくなります。
+backtoAuthenticatorPage=オーセンティケーター・ページに戻る
+
+
+#Resources
+resources=リソース
+sharedwithMe=私と共有
+share=共有
+sharedwith=共有
+accessPermissions=アクセス・パーミッション
+permissionRequests=パーミッション・リクエスト
+approve=承認
+approveAll=すべて承認
+people=人
+perPage=1ページあたり
+currentPage=現在のページ
+sharetheResource=リソースの共有
+group=グループ
+selectPermission=パーミッションを選択
+addPeople=あなたのリソースを共有する人を追加
+addTeam=あなたのリソースを共有するチームを追加
+myPermissions=私のパーミッション
+waitingforApproval=承認待ち
+anyPermission=任意のパーミッション
+
+# Openshift messages
+openshift.scope.user_info=ユーザー情報
+openshift.scope.user_check-access=ユーザーアクセス情報
+openshift.scope.user_full=フルアクセス
+openshift.scope.list-projects=プロジェクトの一覧表示 \ No newline at end of file
diff --git a/account/messages/messages_lt.properties b/account/messages/messages_lt.properties
new file mode 100644
index 0000000..d6e4016
--- /dev/null
+++ b/account/messages/messages_lt.properties
@@ -0,0 +1,154 @@
+# encoding: utf-8
+doSave=Saugoti
+doCancel=Atšaukti
+
+doLogOutAllSessions=Atjungti visas sesijas
+doRemove=Šalinti
+doAdd=Pridėti
+doSignOut=Atsijungti
+
+editAccountHtmlTitle=Redaguoti paskyrą
+federatedIdentitiesHtmlTitle=Susietos paskyros
+accountLogHtmlTitle=Paskyros žurnalas
+changePasswordHtmlTitle=Keisti slaptažodį
+sessionsHtmlTitle=Prisijungimo sesijos
+accountManagementTitle=Keycloak Naudotojų Administravimas
+authenticatorTitle=Autentifikatorius
+applicationsHtmlTitle=Programos
+
+authenticatorCode=Vienkartinis kodas
+email=El. paštas
+firstName=Vardas
+givenName=Pavardė
+fullName=Pilnas vardas
+lastName=Pavardė
+familyName=Pavardė
+password=Slaptažodis
+passwordConfirm=Pakartotas slaptažodis
+passwordNew=Naujas slaptažodis
+username=Naudotojo vardas
+address=Adresas
+street=Gatvė
+locality=Miestas arba vietovė
+region=Rajonas
+postal_code=Pašto kodas
+country=Šalis
+emailVerified=El. pašto adresas patvirtintas
+gssDelegationCredential=GSS prisijungimo duomenų delegavimas
+
+role_admin=Administratorius
+role_realm-admin=Srities administravimas
+role_create-realm=Kurti sritį
+role_view-realm=Peržiūrėti sritį
+role_view-users=Peržiūrėti naudotojus
+role_view-applications=Peržiūrėti programas
+role_view-clients=Peržiūrėti klientines programas
+role_view-events=Peržiūrėti įvykių žurnalą
+role_view-identity-providers=Peržiūrėti tapatybės teikėjus
+role_manage-realm=Valdyti sritis
+role_manage-users=Valdyti naudotojus
+role_manage-applications=Valdyti programas
+role_manage-identity-providers=Valdyti tapatybės teikėjus
+role_manage-clients=Valdyti programas
+role_manage-events=Valdyti įvykius
+role_view-profile=Peržiūrėti paskyrą
+role_manage-account=Valdyti paskyrą
+role_read-token=Skaityti prieigos rakšą
+role_offline-access=Darbas neprisijungus
+role_uma_authorization=Įgauti UMA autorizavimo teises
+client_account=Paskyra
+client_security-admin-console=Saugumo administravimo konsolė
+client_admin-cli=Administravimo CLI
+client_realm-management=Srities valdymas
+client_broker=Tarpininkas
+
+
+requiredFields=Privalomi laukai
+allFieldsRequired=Visi laukai yra privalomi
+
+backToApplication=&laquo; Grįžti į programą
+backTo=Atgal į {0}
+
+date=Data
+event=Įvykis
+ip=IP
+client=Klientas
+clients=Klientai
+details=Detaliau
+started=Sukūrimo laikas
+lastAccess=Vėliausia prieiga
+expires=Galioja iki
+applications=Programos
+
+account=Paskyra
+federatedIdentity=Susieta tapatybė
+authenticator=Autentifikatorius
+sessions=Sesijos
+log=Įvykiai
+
+application=Programa
+availablePermissions=Galimos teisės
+grantedPermissions=Įgalintos teisės
+grantedPersonalInfo=Įgalinta asmeninė informacija
+additionalGrants=Papildomi įgaliojimai
+action=Veiksmas
+inResource=yra
+fullAccess=Pilna prieiga
+offlineToken=Režimo neprisijungus raktas (token)
+revoke=Atšaukti įgaliojimą
+
+configureAuthenticators=Sukonfigūruotas autentifikatorius
+mobile=Mobilus
+totpStep1=Įdiekite <a href="https://freeotp.github.io/" target="_blank">FreeOTP</a> arba Google Authenticator savo įrenginyje. Programėlės prieinamos <a href="https://play.google.com">Google Play</a> ir Apple App Store.
+totpStep2=Atidarykite programėlę ir nuskenuokite barkodą arba įveskite kodą.
+totpStep3=Įveskite programėlėje sugeneruotą vieną kartą galiojantį kodą ir paspauskite Saugoti norėdami prisijungti.
+
+missingUsernameMessage=Prašome įvesti naudotojo vardą.
+missingFirstNameMessage=Prašome įvesti vardą.
+invalidEmailMessage=Neteisingas el. pašto adresas.
+missingLastNameMessage=Prašome įvesti pavardę.
+missingEmailMessage=Prašome įvesti el. pašto adresą.
+missingPasswordMessage=Prašome įvesti slaptažodį.
+notMatchPasswordMessage=Slaptažodžiai nesutampa.
+
+missingTotpMessage=Prašome įvesti autentifikacijos kodą.
+invalidPasswordExistingMessage=Neteisingas dabartinis slaptažodis.
+invalidPasswordConfirmMessage=Pakartotas slaptažodis nesutampa.
+invalidTotpMessage=Neteisingas autentifikacijos kodas.
+
+usernameExistsMessage=Toks naudotojas jau egzistuoja.
+emailExistsMessage=El. pašto adresas jau egzistuoja.
+
+readOnlyUserMessage=Tik skaitymui sukonfigūruotos paskyros duomenų atnaujinti neleidžiama.
+readOnlyPasswordMessage=Tik skaitymui sukonfigūruotos paskyros slaptažodžio atnaujinti neleidžiama.
+
+successTotpMessage=Mobilus autentifikatorius sukonfigūruotas.
+successTotpRemovedMessage=Mobilus autentifikatorius pašalintas.
+
+successGrantRevokedMessage=Įgalinimas pašalintas sėkmingai.
+
+accountUpdatedMessage=Jūsų paskyros duomenys sėkmingai atnaujinti.
+accountPasswordUpdatedMessage=Jūsų paskyros slaptažodis pakeistas.
+
+missingIdentityProviderMessage=Nenurodytas tapatybės teikėjas.
+invalidFederatedIdentityActionMessage=Neteisingas arba nežinomas veiksmas.
+identityProviderNotFoundMessage=Nurodytas tapatybės teikėjas nerastas.
+federatedIdentityLinkNotActiveMessage=Nurodyta susieta tapatybė neaktyvi.
+federatedIdentityRemovingLastProviderMessage=Jūs negalite pašalinti paskutinio tapatybės teikėjo sąsajos, nes Jūs neturite nusistatę paskyros slaptažodžio.
+identityProviderRedirectErrorMessage=Klaida nukreipiant į tapatybės teikėjo puslapį.
+identityProviderRemovedMessage=Tapatybės teikėjas sėkmingai pašalintas.
+identityProviderAlreadyLinkedMessage=Susieta tapatybė iš {0} jau susieta su kita paskyra.
+staleCodeAccountMessage=Puslapio galiojimas baigėsi. Bandykite dar kartą.
+consentDenied=Prieiga draudžiama.
+
+accountDisabledMessage=Paskyros galiojimas sustabdytas, kreipkitės į administratorių.
+
+accountTemporarilyDisabledMessage=Paskyros galiojimas laikinai sustabdytas. Kreipkitės į administratorių arba pabandykite vėliau.
+invalidPasswordMinLengthMessage=Per trumpas slaptažodis: mažiausias ilgis {0}.
+invalidPasswordMinLowerCaseCharsMessage=Neteisingas slaptažodis: privaloma įvesti {0} mažąją raidę.
+invalidPasswordMinDigitsMessage=Neteisingas slaptažodis: privaloma įvesti {0} skaitmenį.
+invalidPasswordMinUpperCaseCharsMessage=Neteisingas slaptažodis: privaloma įvesti {0} didžiąją raidę.
+invalidPasswordMinSpecialCharsMessage=Neteisingas slaptažodis: privaloma įvesti {0} specialų simbolį.
+invalidPasswordNotUsernameMessage=Neteisingas slaptažodis: slaptažodis negali sutapti su naudotojo vardu.
+invalidPasswordRegexPatternMessage=Neteisingas slaptažodis: slaptažodis netenkina regex taisyklės(ių).
+invalidPasswordHistoryMessage=Neteisingas slaptažodis: slaptažodis negali sutapti su prieš tai buvusiais {0} slaptažodžiais. \ No newline at end of file
diff --git a/account/messages/messages_nl.properties b/account/messages/messages_nl.properties
new file mode 100644
index 0000000..80e5503
--- /dev/null
+++ b/account/messages/messages_nl.properties
@@ -0,0 +1,133 @@
+doSave=Opslaan
+doCancel=Annuleer
+doLogOutAllSessions=Alle sessies uitloggen
+doRemove=Verwijder
+doAdd=Voeg toe
+doSignOut=Afmelden
+editAccountHtmlTitle=Bewerk account
+federatedIdentitiesHtmlTitle=Federated Identities
+accountLogHtmlTitle=Account log
+changePasswordHtmlTitle=Verander wachtwoord
+sessionsHtmlTitle=Sessies
+accountManagementTitle=Keycloak Accountbeheer
+authenticatorTitle=Authenticator
+applicationsHtmlTitle=Toepassingen
+authenticatorCode=Eenmalige code
+email=E-mailadres
+firstName=Voornaam
+givenName=Voornaam
+fullName=Volledige naam
+lastName=Achternaam
+familyName=Achternaam
+password=Wachtwoord
+passwordConfirm=Bevestiging
+passwordNew=Nieuw Wachtwoord
+username=Gebruikersnaam
+address=Adres
+street=Straat
+locality=Stad of plaats
+region=Staat, provincie of regio
+postal_code=Postcode
+country=Land
+emailVerified=E-mailadres geverifieerd
+gssDelegationCredential=GSS gedelegeerde aanmeldgegevens
+role_admin=Beheer
+role_realm-admin=Realmbeheer
+role_create-realm=Creëer realm
+role_view-realm=Bekijk realm
+role_view-users=Bekijk gebruikers
+role_view-applications=Bekijk toepassingen
+role_view-clients=Bekijk clients
+role_view-events=Bekijk gebeurtenissen
+role_view-identity-providers=Bekijk identity providers
+role_manage-realm=Beheer realm
+role_manage-users=Beheer gebruikers
+role_manage-applications=Beheer toepassingen
+role_manage-identity-providers=Beheer identity providers
+role_manage-clients=Beheer clients
+role_manage-events=Beheer gebeurtenissen
+role_view-profile=Bekijk profiel
+role_manage-account=Beheer account
+role_manage-account-links=Beheer accountkoppelingen
+role_read-token=Lees token
+role_offline-access=Offline toegang
+role_uma_authorization=Verkrijg UMA rechten
+client_account=Account
+client_security-admin-console=Console Veligheidsbeheer
+client_admin-cli=Beheer CLI
+client_realm-management=Realmbeheer
+client_broker=Broker
+requiredFields=Verplichte velden
+allFieldsRequired=Alle velden verplicht
+backToApplication=&laquo; Terug naar toepassing
+backTo=Terug naar {0}
+date=Datum
+event=Gebeurtenis
+ip=IP
+client=Client
+clients=Clients
+details=Details
+started=Gestart
+lastAccess=Laatste toegang
+expires=Vervalt
+applications=Toepassingen
+account=Account
+federatedIdentity=Federated Identity
+authenticator=Authenticator
+sessions=Sessies
+log=Log
+application=Toepassing
+availablePermissions=Beschikbare rechten
+grantedPermissions=Gegunde rechten
+grantedPersonalInfo=Gegunde Persoonsgegevens
+additionalGrants=Verdere vergunningen
+action=Actie
+inResource=in
+fullAccess=Volledige toegang
+offlineToken=Offline Token
+revoke=Vergunning intrekken
+configureAuthenticators=Ingestelde authenticators
+mobile=Mobiel nummer
+totpStep1=Installeer een van de onderstaande applicaties op uw mobiele apparaat:
+totpStep2=Open de toepassing en scan de QR-code of voer de sleutel in.
+totpStep3=Voer de door de toepassing gegeven eenmalige code in en klik op Opslaan om de configuratie af te ronden.
+missingUsernameMessage=Gebruikersnaam ontbreekt.
+missingFirstNameMessage=Voornaam onbreekt.
+invalidEmailMessage=Ongeldig e-mailadres.
+missingLastNameMessage=Achternaam ontbreekt.
+missingEmailMessage=E-mailadres ontbreekt.
+missingPasswordMessage=Wachtwoord ontbreekt.
+notMatchPasswordMessage=Wachtwoorden komen niet overeen.
+missingTotpMessage=Authenticatiecode ontbreekt.
+invalidPasswordExistingMessage=Ongeldig bestaand wachtwoord.
+invalidPasswordConfirmMessage=Wachtwoordbevestiging komt niet overeen.
+invalidTotpMessage=Ongeldige authenticatiecode.
+emailExistsMessage=E-mailadres bestaat reeds.
+readOnlyUserMessage=U kunt uw account niet bijwerken aangezien het account alleen-lezen is.
+readOnlyPasswordMessage=U kunt uw wachtwoord niet wijzigen omdat uw account alleen-lezen is.
+successTotpMessage=Mobiele authenticator geconfigureerd.
+successTotpRemovedMessage=Mobiele authenticator verwijderd.
+successGrantRevokedMessage=Vergunning succesvol ingetrokken
+accountUpdatedMessage=Uw account is gewijzigd.
+accountPasswordUpdatedMessage=Uw wachtwoord is gewijzigd.
+missingIdentityProviderMessage=Geen identity provider aangegeven.
+invalidFederatedIdentityActionMessage=Ongeldige of ontbrekende actie op federated identity.
+identityProviderNotFoundMessage=Gespecificeerde identity provider niet gevonden.
+federatedIdentityLinkNotActiveMessage=Deze federated identity is niet langer geldig.
+federatedIdentityRemovingLastProviderMessage=U kunt de laatste federated identity provider niet verwijderen aangezien u dan niet langer zou kunnen inloggen.
+identityProviderRedirectErrorMessage=Kon niet herverwijzen naar identity provider.
+identityProviderRemovedMessage=Identity provider met succes verwijderd.
+identityProviderAlreadyLinkedMessage=Door {0} teruggegeven federated identity is al gekoppeld aan een andere gebruiker.
+staleCodeAccountMessage=De pagina is verlopen. Probeer het nogmaals.
+consentDenied=Toestemming geweigerd
+accountDisabledMessage=Account is gedeactiveerd. Contacteer de beheerder.
+accountTemporarilyDisabledMessage=Account is tijdelijk deactiveerd, neem contact op met de beheerder of probeer het later opnieuw.
+invalidPasswordMinLengthMessage=Ongeldig wachtwoord: de minimale lengte is {0} karakters.
+invalidPasswordMinLowerCaseCharsMessage=Ongeldig wachtwoord: het moet minstens {0} kleine letters bevatten.
+invalidPasswordMinDigitsMessage=Ongeldig wachtwoord: het moet minstens {0} getallen bevatten.
+invalidPasswordMinUpperCaseCharsMessage=Ongeldig wachtwoord: het moet minstens {0} hoofdletters bevatten.
+invalidPasswordMinSpecialCharsMessage=Ongeldig wachtwoord: het moet minstens {0} speciale karakters bevatten.
+invalidPasswordNotUsernameMessage=Ongeldig wachtwoord: het mag niet overeenkomen met de gebruikersnaam.
+invalidPasswordRegexPatternMessage=Ongeldig wachtwoord: het voldoet niet aan het door de beheerder ingestelde patroon.
+invalidPasswordHistoryMessage=Ongeldig wachtwoord: het mag niet overeen komen met een van de laatste {0} wachtwoorden.
+invalidPasswordGenericMessage=Ongeldig wachtwoord: het nieuwe wachtwoord voldoet niet aan het wachtwoordbeleid.
diff --git a/account/messages/messages_no.properties b/account/messages/messages_no.properties
new file mode 100644
index 0000000..6fac5fb
--- /dev/null
+++ b/account/messages/messages_no.properties
@@ -0,0 +1,165 @@
+doSave=Lagre
+doCancel=Avbryt
+doLogOutAllSessions=Logg ut av alle sesjoner
+doRemove=Fjern
+doAdd=Legg til
+doSignOut=Logg ut
+
+editAccountHtmlTitle=Rediger konto
+federatedIdentitiesHtmlTitle=Federerte identiteter
+accountLogHtmlTitle=Kontologg
+changePasswordHtmlTitle=Endre passord
+sessionsHtmlTitle=Sesjoner
+accountManagementTitle=Keycloak kontoadministrasjon
+authenticatorTitle=Autentikator
+applicationsHtmlTitle=Applikasjoner
+
+authenticatorCode=Engangskode
+email=E-post
+firstName=Fornavn
+givenName=Fornavn
+fullName=Fullt navn
+lastName=Etternavn
+familyName=Etternavn
+password=Passord
+passwordConfirm=Bekreftelse
+passwordNew=Nytt passord
+username=Brukernavn
+address=Adresse
+street=Gate-/veinavn + husnummer
+locality=By
+region=Fylke
+postal_code=Postnummer
+country=Land
+emailVerified=E-post bekreftet
+gssDelegationCredential=GSS legitimasjonsdelegering
+
+role_admin=Administrator
+role_realm-admin=Administrator for sikkerhetsdomene
+role_create-realm=Opprette sikkerhetsdomene
+role_view-realm=Se sikkerhetsdomene
+role_view-users=Se brukere
+role_view-applications=Se applikasjoner
+role_view-clients=Se klienter
+role_view-events=Se hendelser
+role_view-identity-providers=Se identitetsleverand\u00F8rer
+role_manage-realm=Administrere sikkerhetsdomene
+role_manage-users=Administrere brukere
+role_manage-applications=Administrere applikasjoner
+role_manage-identity-providers=Administrere identitetsleverand\u00F8rer
+role_manage-clients=Administrere klienter
+role_manage-events=Administrere hendelser
+role_view-profile=Se profil
+role_manage-account=Administrere konto
+role_read-token=Lese token
+role_offline-access=Frakoblet tilgang
+role_uma_authorization=Skaffe tillatelser
+client_account=Konto
+client_security-admin-console=Sikkerhetsadministrasjonskonsoll
+client_admin-cli=Kommandolinje-grensesnitt for administrator
+client_realm-management=Sikkerhetsdomene-administrasjon
+client_broker=Broker
+
+
+requiredFields=Obligatoriske felt
+allFieldsRequired=Alle felt m\u00E5 fylles ut
+
+backToApplication=&laquo; Tilbake til applikasjonen
+backTo=Tilbake til {0}
+
+date=Dato
+event=Hendelse
+ip=IP
+client=Klient
+clients=Klienter
+details=Detaljer
+started=Startet
+lastAccess=Sist benyttet
+expires=Utl\u00F8per
+applications=Applikasjoner
+
+account=Konto
+federatedIdentity=Federert identitet
+authenticator=Autentikator
+sessions=Sesjoner
+log=Logg
+
+application=Applikasjon
+availablePermissions=Tilgjengelige rettigheter
+grantedPermissions=Innvilgede rettigheter
+grantedPersonalInfo=Innvilget personlig informasjon
+additionalGrants=Ekstra rettigheter
+action=Handling
+inResource=i
+fullAccess=Full tilgang
+offlineToken=Offline token
+revoke=Opphev rettighet
+
+configureAuthenticators=Konfigurerte autentikatorer
+mobile=Mobiltelefon
+totpStep1=Installer ett av f\u00F8lgende programmer p\u00E5 mobilen din.
+totpStep2=\u00C5pne applikasjonen og skann strekkoden eller skriv inn koden.
+totpStep3=Skriv inn engangskoden gitt av applikasjonen og klikk Lagre for \u00E5 fullf\u00F8re.
+
+missingUsernameMessage=Vennligst oppgi brukernavn.
+missingFirstNameMessage=Vennligst oppgi fornavn.
+invalidEmailMessage=Ugyldig e-postadresse.
+missingLastNameMessage=Vennligst oppgi etternavn.
+missingEmailMessage=Vennligst oppgi e-postadresse.
+missingPasswordMessage=Vennligst oppgi passord.
+notMatchPasswordMessage=Passordene er ikke like.
+
+missingTotpMessage=Vennligst oppgi engangskode.
+invalidPasswordExistingMessage=Ugyldig eksisterende passord.
+invalidPasswordConfirmMessage=Passordene er ikke like.
+invalidTotpMessage=Ugyldig engangskode.
+
+usernameExistsMessage=Brukernavnet finnes allerede.
+emailExistsMessage=E-postadressen finnes allerede.
+
+readOnlyUserMessage=Du kan ikke oppdatere kontoen din ettersom den er skrivebeskyttet.
+readOnlyPasswordMessage=Du kan ikke oppdatere passordet ditt ettersom kontoen din er skrivebeskyttet.
+
+successTotpMessage=Autentikator for mobiltelefon er konfigurert.
+successTotpRemovedMessage=Autentikator for mobiltelefon er fjernet.
+
+successGrantRevokedMessage=Vellykket oppheving av rettighet.
+
+accountUpdatedMessage=Kontoen din har blitt oppdatert.
+accountPasswordUpdatedMessage=Ditt passord har blitt oppdatert.
+
+missingIdentityProviderMessage=Identitetsleverand\u00F8r er ikke spesifisert.
+invalidFederatedIdentityActionMessage=Ugyldig eller manglende handling.
+identityProviderNotFoundMessage=Spesifisert identitetsleverand\u00F8r ikke funnet.
+federatedIdentityLinkNotActiveMessage=Denne identiteten er ikke lenger aktiv.
+federatedIdentityRemovingLastProviderMessage=Du kan ikke fjerne siste federerte identitet ettersom du ikke har et passord.
+identityProviderRedirectErrorMessage=Redirect til identitetsleverand\u00F8r feilet.
+identityProviderRemovedMessage=Fjerning av identitetsleverand\u00F8r var vellykket.
+identityProviderAlreadyLinkedMessage=Federert identitet returnert av {0} er allerede koblet til en annen bruker.
+staleCodeAccountMessage=Siden har utl\u00F8pt. Vennligst pr\u00F8v en gang til.
+consentDenied=Samtykke avsl\u00E5tt.
+
+accountDisabledMessage=Konto er deaktivert, kontakt administrator.
+
+accountTemporarilyDisabledMessage=Konto er midlertidig deaktivert, kontakt administrator eller pr\u00F8v igjen senere.
+invalidPasswordMinLengthMessage=Ugyldig passord: minimum lengde {0}.
+invalidPasswordMinLowerCaseCharsMessage=Ugyldig passord: m\u00E5 inneholde minimum {0} sm\u00E5 bokstaver.
+invalidPasswordMinDigitsMessage=Ugyldig passord: m\u00E5 inneholde minimum {0} sifre.
+invalidPasswordMinUpperCaseCharsMessage=Ugyldig passord: m\u00E5 inneholde minimum {0} store bokstaver.
+invalidPasswordMinSpecialCharsMessage=Ugyldig passord: m\u00E5 inneholde minimum {0} spesialtegn.
+invalidPasswordNotUsernameMessage=Ugyldig passord: kan ikke v\u00E6re likt brukernavn.
+invalidPasswordRegexPatternMessage=Ugyldig passord: tilfredsstiller ikke kravene for passord-m\u00F8nster.
+invalidPasswordHistoryMessage=Ugyldig passord: kan ikke v\u00E6re likt noen av de {0} foreg\u00E5ende passordene.
+
+locale_ca=Catal\u00E0
+locale_de=Deutsch
+locale_en=English
+locale_es=Espa\u00F1ol
+locale_fr=Fran\u00e7ais
+locale_it=Italian
+locale_ja=\u65E5\u672C\u8A9E
+locale_no=Norsk
+locale_nl=Nederlands
+locale_pt-BR=Portugu\u00EAs (Brasil)
+locale_ru=\u0420\u0443\u0441\u0441\u043A\u0438\u0439
+locale_zh-CN=\u4e2d\u6587\u7b80\u4f53
diff --git a/account/messages/messages_pl.properties b/account/messages/messages_pl.properties
new file mode 100644
index 0000000..dd55d69
--- /dev/null
+++ b/account/messages/messages_pl.properties
@@ -0,0 +1 @@
+# encoding: UTF-8
diff --git a/account/messages/messages_pt_BR.properties b/account/messages/messages_pt_BR.properties
new file mode 100644
index 0000000..80e8515
--- /dev/null
+++ b/account/messages/messages_pt_BR.properties
@@ -0,0 +1,149 @@
+doSave=Salvar
+doCancel=Cancelar
+doLogOutAllSessions=Sair de todas as sess\u00F5es
+doRemove=Remover
+doAdd=Adicionar
+doSignOut=Sair
+
+editAccountHtmlTitle=Editar Conta
+federatedIdentitiesHtmlTitle=Identidades Federadas
+accountLogHtmlTitle=Log da conta
+changePasswordHtmlTitle=Alterar senha
+sessionsHtmlTitle=Sess\u00F5es
+accountManagementTitle=Gerenciamento de Conta
+authenticatorTitle=Autenticator
+applicationsHtmlTitle=Aplicativos
+
+authenticatorCode=C\u00F3digo autenticador
+email=E-mail
+firstName=Primeiro nome
+givenName=Primeiro nome
+fullName=Nome completo
+lastName=Sobrenome
+familyName=Sobrenome
+password=Senha
+passwordConfirm=Confirma\u00E7\u00E3o
+passwordNew=Nova senha
+username=Nome de us\u00FAario
+address=Endere\u00E7o
+street=Logradouro
+locality=Cidade ou Localidade
+region=Estado
+postal_code=CEP
+country=Pa\u00EDs
+emailVerified=E-mail verificado
+gssDelegationCredential=GSS Delega\u00E7\u00E3o de Credencial
+
+role_admin=Admin
+role_realm-admin=Realm Admin
+role_create-realm=Cria realm
+role_view-realm=Visualiza realm
+role_view-users=Visualiza usu\u00E1rios
+role_view-applications=Visualiza aplica\u00E7\u00F5es
+role_view-clients=Visualiza clientes
+role_view-events=Visualiza eventos
+role_view-identity-providers=Visualiza provedores de identidade
+role_manage-realm=Gerencia realm
+role_manage-users=Gerencia usu\u00E1rios
+role_manage-applications=Gerencia aplica\u00E7\u00F5es
+role_manage-identity-providers=Gerencia provedores de identidade
+role_manage-clients=Gerencia clientes
+role_manage-events=Gerencia eventos
+role_view-profile=Visualiza perfil
+role_manage-account=Gerencia conta
+role_read-token=L\u00EA token
+role_offline-access=Acesso Offline
+role_uma_authorization=Obter permiss\u00F5es
+client_account=Conta
+client_security-admin-console=Console de Administra\u00E7\u00E3o de Seguran\u00E7a
+client_admin-cli=Admin CLI
+client_realm-management=Gerenciamento de Realm
+client_broker=Broker
+
+requiredFields=Campos obrigat\u00F3rios
+allFieldsRequired=Todos os campos s\u00E3o obrigat\u00F3rios
+
+backToApplication=&laquo; Voltar para aplica\u00E7\u00E3o
+backTo=Voltar para {0}
+
+date=Data
+event=Evento
+ip=IP
+client=Cliente
+clients=Clientes
+details=Detalhes
+started=Iniciado
+lastAccess=\u00DAltimo acesso
+expires=Expira
+applications=Aplicativos
+
+account=Conta
+federatedIdentity=Identidade Federada
+authenticator=Autenticador
+sessions=Sess\u00F5es
+log=Log
+
+application=Aplicativo
+availablePermissions=Permiss\u00F5es Dispon\u00EDveis
+grantedPermissions=Permiss\u00F5es Concedidas
+grantedPersonalInfo=Informa\u00E7\u00F5es Pessoais Concedidas
+additionalGrants=Concess\u00F5es Adicionais
+action=A\u00E7\u00E3o
+inResource=em
+fullAccess=Acesso Completo
+offlineToken=Offline Token
+revoke=Revogar Concess\u00F5es
+
+configureAuthenticators=Autenticadores Configurados
+mobile=Mobile
+totpStep1=Instalar <a href="https://freeotp.github.io/" target="_blank">FreeOTP</a> ou Google Authenticator em seu dispositivo. Ambas aplica\u00E7\u00F5es est\u00E3o dispon\u00EDveis no <a href="https://play.google.com">Google Play</a> e na Apple App Store.
+totpStep2=Abra o aplicativo e escaneie o c\u00F3digo de barras ou entre com o c\u00F3digo.
+totpStep3=Digite o c\u00F3digo fornecido pelo aplicativo e clique em Salvar para concluir a configura\u00E7\u00E3o.
+
+missingUsernameMessage=Por favor, especifique o nome de usu\u00E1rio.
+missingFirstNameMessage=Por favor, informe o primeiro nome.
+invalidEmailMessage=E-mail inv\u00E1lido.
+missingLastNameMessage=Por favor, informe o sobrenome.
+missingEmailMessage=Por favor, informe o e-mail.
+missingPasswordMessage=Por favor, informe a senha.
+notMatchPasswordMessage=As senhas n\u00E3o coincidem.
+
+missingTotpMessage=Por favor, informe o c\u00F3digo autenticador.
+invalidPasswordExistingMessage=Senha atual inv\u00E1lida.
+invalidPasswordConfirmMessage=A senha de confirma\u00E7\u00E3o n\u00E3o coincide.
+invalidTotpMessage=C\u00F3digo autenticador inv\u00E1lido.
+
+usernameExistsMessage=Este nome de usu\u00E1rio j\u00E1 existe.
+emailExistsMessage=Este e-mail j\u00E1 existe.
+
+readOnlyUserMessage=Voc\u00EA n\u00E3o pode atualizar sua conta, uma vez que \u00E9 apenas de leitura
+readOnlyPasswordMessage=Voc\u00EA n\u00E3o pode atualizar sua senha, sua conta \u00E9 somente leitura
+
+successTotpMessage=Autenticador mobile configurado.
+successTotpRemovedMessage=Autenticador mobile removido.
+
+successGrantRevokedMessage=Concess\u00F5es revogadas com sucesso.
+
+accountUpdatedMessage=Sua conta foi atualizada
+accountPasswordUpdatedMessage=Sua senha foi atualizada
+
+missingIdentityProviderMessage=Provedor de identidade n\u00E3o especificado
+invalidFederatedIdentityActionMessage=A\u00E7\u00E3o inv\u00E1lida ou ausente
+identityProviderNotFoundMessage=O provedor de identidade especificado n\u00E3o foi encontrado
+federatedIdentityLinkNotActiveMessage=Esta identidade n\u00E3o est\u00E1 mais em atividade
+federatedIdentityRemovingLastProviderMessage=Voc\u00EA n\u00E3o pode remover a \u00FAltima identidade federada como voc\u00EA n\u00E3o tem senha
+identityProviderRedirectErrorMessage=Falha ao redirecionar para o provedor de identidade
+identityProviderRemovedMessage=Provedor de identidade removido com sucesso
+identityProviderAlreadyLinkedMessage=Identidade federada retornado por {0} j\u00E1 est\u00E1 ligado a outro usu\u00E1rio.
+
+accountDisabledMessage=Conta desativada, contate o administrador
+
+accountTemporarilyDisabledMessage=A conta est\u00E1 temporariamente indispon\u00EDvel, contate o administrador ou tente novamente mais tarde
+invalidPasswordMinLengthMessage=Senha inv\u00E1lida\: comprimento m\u00EDnimo {0}
+invalidPasswordMinLowerCaseCharsMessage=Senha inv\u00E1lida\: deve conter pelo menos {0} caractere(s) min\u00FAsculo
+invalidPasswordMinDigitsMessage=Senha inv\u00E1lida\: deve conter pelo menos {0} n\u00FAmero(s)
+invalidPasswordMinUpperCaseCharsMessage=Senha inv\u00E1lida\: deve conter pelo menos {0} caractere(s) mai\u00FAsculo
+invalidPasswordMinSpecialCharsMessage=Senha inv\u00E1lida\: deve conter pelo menos {0} caractere(s) especial
+invalidPasswordNotUsernameMessage=Senha inv\u00E1lida\: n\u00E3o deve ser igual ao nome de usu\u00E1rio
+invalidPasswordRegexPatternMessage=Senha inv\u00E1lida\: n\u00E3o corresponde ao padr\u00E3o da express\u00E3o regular.
+invalidPasswordHistoryMessage=Senha inv\u00E1lida\: n\u00E3o pode ser igual a qualquer uma das {0} \u00FAltimas senhas. \ No newline at end of file
diff --git a/account/messages/messages_ru.properties b/account/messages/messages_ru.properties
new file mode 100644
index 0000000..a9716b8
--- /dev/null
+++ b/account/messages/messages_ru.properties
@@ -0,0 +1,155 @@
+# encoding: utf-8
+doSave=Сохранить
+doCancel=Отмена
+doLogOutAllSessions=Выйти из всех сессий
+doRemove=Удалить
+doAdd=Добавить
+doSignOut=Выход
+
+editAccountHtmlTitle=Изменение учетной записи
+federatedIdentitiesHtmlTitle=Федеративные идентификаторы
+accountLogHtmlTitle=Лог учетной записи
+changePasswordHtmlTitle=Смена пароля
+sessionsHtmlTitle=Сессии
+accountManagementTitle=Управление учетной записью
+authenticatorTitle=Аутентификатор
+applicationsHtmlTitle=Приложения
+
+authenticatorCode=Одноразовый код
+email=E-mail
+firstName=Имя
+givenName=Имя
+fullName=Полное имя
+lastName=Фамилия
+familyName=Фамилия
+password=Пароль
+passwordConfirm=Подтверждение пароля
+passwordNew=Новый пароль
+username=Имя пользователя
+address=Адрес
+street=Улица
+locality=Город
+region=Регион
+postal_code=Почтовый индекс
+country=Страна
+emailVerified=E-mail подтвержден
+gssDelegationCredential=Делегирование учетных данных через GSS
+
+role_admin=Администратор
+role_realm-admin=Администратор realm
+role_create-realm=Создать realm
+role_view-realm=Просмотр realm
+role_view-users=Просмотр пользователей
+role_view-applications=Просмотр приложений
+role_view-clients=Просмотр клиентов
+role_view-events=Просмотр событий
+role_view-identity-providers=Просмотр провайдеров учетных записей
+role_manage-realm=Управление realm
+role_manage-users=Управление пользователями
+role_manage-applications=Управление приложениями
+role_manage-identity-providers=Управление провайдерами учетных записей
+role_manage-clients=Управление клиентами
+role_manage-events=Управление событиями
+role_view-profile=Просмотр профиля
+role_manage-account=Управление учетной записью
+role_read-token=Чтение токена
+role_offline-access=Доступ оффлайн
+role_uma_authorization=Получение разрешений
+client_account=Учетная запись
+client_security-admin-console=Консоль администратора безопасности
+client_admin-cli=Командный интерфейс администратора
+client_realm-management=Управление Realm
+client_broker=Брокер
+
+
+requiredFields=Обязательные поля
+allFieldsRequired=Все поля обязательны
+
+backToApplication=&laquo; Назад в приложение
+backTo=Назад в {0}
+
+date=Дата
+event=Событие
+ip=IP
+client=Клиент
+clients=Клиенты
+details=Детали
+started=Начата
+lastAccess=Последний доступ
+expires=Истекает
+applications=Приложения
+
+account=Учетная запись
+federatedIdentity=Федеративный идентификатор
+authenticator=Аутентификатор
+sessions=Сессии
+log=Журнал
+
+application=Приложение
+availablePermissions=Доступные разрешения
+grantedPermissions=Согласованные разрешения
+grantedPersonalInfo=Согласованная персональная информация
+additionalGrants=Дополнительные согласования
+action=Действие
+inResource=в
+fullAccess=Полный доступ
+offlineToken=Оффлайн токен
+revoke=Отозвать согласование
+
+configureAuthenticators=Сконфигурированные аутентификаторы
+mobile=Мобильное приложение
+totpStep1=Установите <a href="https://freeotp.github.io/" target="_blank">FreeOTP</a> или Google Authenticator. Оба приложения доступны на <a href="https://play.google.com">Google Play</a> и в Apple App Store.
+totpStep2=Откройте приложение и просканируйте баркод, либо введите ключ.
+totpStep3=Введите одноразовый код, выданный приложением, и нажмите сохранить для завершения установки.
+
+missingUsernameMessage=Введите имя пользователя.
+missingFirstNameMessage=Введите имя.
+invalidEmailMessage=Введите корректный E-mail.
+missingLastNameMessage=Введите фамилию.
+missingEmailMessage=Введите E-mail.
+missingPasswordMessage=Введите пароль.
+notMatchPasswordMessage=Пароли не совпадают.
+
+missingTotpMessage=Введите код аутентификатора.
+invalidPasswordExistingMessage=Существующий пароль неверный.
+invalidPasswordConfirmMessage=Подтверждение пароля не совпадает.
+invalidTotpMessage=Неверный код аутентификатора.
+
+usernameExistsMessage=Имя пользователя уже существует.
+emailExistsMessage=E-mail уже существует.
+
+readOnlyUserMessage=Вы не можете обновить информацию вашей учетной записи, т.к. она доступна только для чтения.
+readOnlyPasswordMessage=Вы не можете обновить пароль вашей учетной записи, т.к. он доступен только для чтения.
+
+successTotpMessage=Аутентификатор в мобильном приложении сконфигурирован.
+successTotpRemovedMessage=Аутентификатор в мобильном приложении удален.
+
+successGrantRevokedMessage=Согласование отозвано успешно.
+
+accountUpdatedMessage=Ваша учетная запись обновлена.
+accountPasswordUpdatedMessage=Ваш пароль обновлен.
+
+missingIdentityProviderMessage=Провайдер учетных записей не задан.
+invalidFederatedIdentityActionMessage=Некорректное или недопустимое действие.
+identityProviderNotFoundMessage=Заданный провайдер учетных записей не найден.
+federatedIdentityLinkNotActiveMessage=Идентификатор больше не активен.
+federatedIdentityRemovingLastProviderMessage=Вы не можете удалить последний федеративный идентификатор, т.к. Вы не имеете пароля.
+identityProviderRedirectErrorMessage=Ошибка перенаправления в провайдер учетных записей.
+identityProviderRemovedMessage=Провайдер учетных записей успешно удален.
+identityProviderAlreadyLinkedMessage=Федеративный идентификатор, возвращенный {0} уже используется другим пользователем.
+staleCodeAccountMessage=Страница устарела. Попробуйте еще раз.
+consentDenied=В согласовании отказано.
+
+accountDisabledMessage=Учетная запись заблокирована, обратитесь к администратору.
+
+accountTemporarilyDisabledMessage=Учетная запись временно заблокирована, обратитесь к администратору или попробуйте позже.
+invalidPasswordMinLengthMessage=Некорректный пароль: длина пароля должна быть не менее {0} символа(ов).
+invalidPasswordMinLowerCaseCharsMessage=Некорректный пароль: пароль должен содержать не менее {0} символа(ов) в нижнем регистре.
+invalidPasswordMinDigitsMessage=Некорректный пароль: пароль должен содержать не менее {0} цифр(ы).
+invalidPasswordMinUpperCaseCharsMessage=Некорректный пароль: пароль должен содержать не менее {0} символа(ов) в верхнем регистре.
+invalidPasswordMinSpecialCharsMessage=Некорректный пароль: пароль должен содержать не менее {0} спецсимвола(ов).
+invalidPasswordNotUsernameMessage=Некорректный пароль: пароль не должен совпадать с именем пользователя.
+invalidPasswordRegexPatternMessage=Некорректный пароль: пароль не удовлетворяет регулярному выражению.
+invalidPasswordHistoryMessage=Некорректный пароль: пароль не должен совпадать с последним(и) {0} паролями.
+invalidPasswordGenericMessage=Некорректный пароль: новый пароль не соответствует правилам пароля.
+
diff --git a/account/messages/messages_sk.properties b/account/messages/messages_sk.properties
new file mode 100644
index 0000000..32cafc6
--- /dev/null
+++ b/account/messages/messages_sk.properties
@@ -0,0 +1,196 @@
+# encoding: utf-8
+doSave=Uložiť
+doCancel=Zrušiť
+doLogOutAllSessions=Odhlásenie všetkých relácií
+doRemove=Odstrániť
+doAdd=Pridať
+doSignOut=Odhlásiť
+
+editAccountHtmlTitle=Upraviť účet
+federatedIdentitiesHtmlTitle=Prepojená identita
+accountLogHtmlTitle=Denník zmien užívateľských účtov
+changePasswordHtmlTitle=Zmena hesla
+sessionsHtmlTitle=Relácie
+accountManagementTitle=Správa účtu Keycloak
+authenticatorTitle=Autentifikátor
+applicationsHtmlTitle=Aplikácie
+
+authenticatorCode=Jednorázový kód
+email=E-mail
+firstName=Meno
+givenName=Meno pri narodení
+fullName=Celé meno
+lastName=Priezvisko
+familyName=Rodné meno
+password=Heslo
+passwordConfirm=Potrvrdenie hesla
+passwordNew=Nové heslo
+username=Meno používateľa
+address=Adresa
+street=Ulica
+locality=Mesto alebo lokalita
+region=Kraj
+postal_code=PSČ
+country=Štát
+emailVerified=E-mail overený
+gssDelegationCredential=GSS delegované oprávnenie
+
+role_admin=Administrátor
+role_realm-admin=Administrátor realmu
+role_create-realm=Vytvoriť realm
+role_view-realm=Zobraziť realm
+role_view-users=Zobraziť používateľov
+role_view-applications=Zobraziť aplikácie
+role_view-clients=Zobraziť klientov
+role_view-events=Zobraziť udalosti
+role_view-identity-providers=Zobraziť klientov poskytovateľov identity
+role_manage-realm=Spravovať realm
+role_manage-users=Spravovať používateľov
+role_manage-applications=Spravovať aplikácie
+role_manage-identity-providers=Spravovať poskytovateľov identity
+role_manage-clients=Spravovať klientov
+role_manage-events=Spravovať udalosti
+role_view-profile=Zobraziť profil
+role_manage-account=Spravovať účet
+role_manage-account-links=Spravovať odkazy na účet
+role_read-token=Čítať token
+role_offline-access=Offline prístup
+role_uma_authorization=Autorizácia používateľom riadeného prístupu
+client_account=Účet klienta
+client_security-admin-console=Bezpečnostná administrátorská konzola
+client_admin-cli=Spravovať CLI klienta
+client_realm-management=Spravovať realmy klienta
+client_broker=Broker
+
+
+requiredFields=Povinné polia
+allFieldsRequired=Všetky požadované polia
+
+backToApplication=&laquo; Späť na aplikáciu
+backTo=Späť na {0}
+
+date=Dátum
+event=Udalosť
+ip=IP
+client=Klient
+clients=Klienti
+details=Podrobnosti
+started=Začíname
+lastAccess=Posledný prístup
+expires=Vyprší
+applications=Aplikácie
+
+account=Účet
+federatedIdentity=Prepojená identita
+authenticator=Autentifikátor
+sessions=Relácie
+log=Denník
+
+application=Aplikácia
+availablePermissions=Dostupné oprávnenia
+grantedPermissions=Pridelené oprávnenia
+grantedPersonalInfo=Poskytnuté osobné informácie
+additionalGrants=Dodatočné oprávnenia
+action=Akcia
+inResource=v
+fullAccess=Úplný prístup
+offlineToken=Offline token
+revoke=Zrušiť oprávnenie
+
+configureAuthenticators=Nakonfigurované autentifikátory
+mobile=Mobilný
+totpStep1=Nainštalujte vo svojom zariadení <a href="https://freeotp.github.io/" target="_blank"> FreeOTP </a> alebo Google Authenticator. Obidve aplikácie sú k dispozícii v <a href="https://play.google.com"> Google Play </a> a Apple App Store.
+totpStep2=Otvorte aplikáciu a naskenujte čiarový kód alebo zadajte kľúč.
+totpStep3=Zadajte jednorazový kód poskytnutý aplikáciou a kliknutím na tlačidlo Uložiť dokončíte nastavenie.
+
+totpManualStep2=Otvorte aplikáciu a zadajte kľúč
+totpManualStep3=Použite nasledujúce hodnoty konfigurácie, ak aplikácia umožňuje ich nastavenie
+totpUnableToScan=Nemožno skenovať?
+totpScanBarcode=Skenovanie čiarového kódu?
+
+totp.totp=Založené na čase
+totp.hotp=Založené na počítadle
+
+totpType=Typ
+totpAlgorithm=Algoritmus
+totpDigits=Číslica
+totpInterval=Interval
+totpCounter=Počítadlo
+
+missingUsernameMessage=Zadajte používateľské meno.
+missingFirstNameMessage=Zadajte meno.
+invalidEmailMessage=Neplatná e-mailová adresa.
+missingLastNameMessage=Zadajte priezvisko.
+missingEmailMessage=Zadajte e-mail.
+missingPasswordMessage=Zadajte heslo, prosím.
+notMatchPasswordMessage=Heslá sa nezhodujú.
+
+missingTotpMessage=Zadajte jednorazový kód, prosím
+invalidPasswordExistingMessage=Neplatné existujúce heslo.
+invalidPasswordConfirmMessage=Potvrdenie hesla sa nezhoduje.
+invalidTotpMessage=Neplatný jednorazový kód.
+
+usernameExistsMessage=Užívateľské meno už existuje.
+emailExistsMessage=E-mail už existuje.
+
+readOnlyUserMessage=Váš účet nemôžete aktualizovať, pretože je iba na čítanie.
+readOnlyUsernameMessage=Nemôžete aktualizovať svoje používateľské meno, pretože je iba na čítanie.
+readOnlyPasswordMessage=Heslo nemôžete aktualizovať, pretože váš účet je iba na čítanie.
+
+successTotpMessage=Konfigurácia mobilného autentifikátora.
+successTotpRemovedMessage=Mobilný autentifikátor bol odstránený.
+
+successGrantRevokedMessage=Oprávnenie bolo úspešne zrušené.
+
+accountUpdatedMessage=Váš účet bol aktualizovaný.
+accountPasswordUpdatedMessage=Vaše heslo bolo aktualizované.
+
+missingIdentityProviderMessage=Poskytovateľ identity nie je zadaný.
+invalidFederatedIdentityActionMessage=Neplatná alebo chýbajúca akcia.
+identityProviderNotFoundMessage=Zadaný poskytovateľ identity nenájdený.
+federatedIdentityLinkNotActiveMessage=Identita už nie je aktívna.
+federatedIdentityRemovingLastProviderMessage=Nemôžete odstrániť poslednú spojenú identitu, pretože nemáte heslo.
+identityProviderRedirectErrorMessage=Nepodarilo sa presmerovať na poskytovateľa identity.
+identityProviderRemovedMessage=Poskytovateľ identity bol úspešne odstránený.
+identityProviderAlreadyLinkedMessage=Spojená identita vrátená {0} je už prepojená s iným používateľom.
+staleCodeAccountMessage=Platnosť vypršala. Skúste ešte raz.
+consentDenied=Súhlas bol zamietnutý.
+
+accountDisabledMessage=Účet je zakázaný, kontaktujte správcu.
+
+accountTemporarilyDisabledMessage=Účet je dočasne zakázaný, kontaktujte administrátora alebo skúste neskôr.
+invalidPasswordMinLengthMessage=Neplatné heslo: minimálna dĺžka {0}.
+invalidPasswordMinLowerCaseCharsMessage=Neplatné heslo: musí obsahovať minimálne {0} malé písmená.
+invalidPasswordMinDigitsMessage=Neplatné heslo: musí obsahovať aspoň {0} číslic.
+invalidPasswordMinUpperCaseCharsMessage=Neplatné heslo: musí obsahovať aspoň {0} veľké písmená.
+invalidPasswordMinSpecialCharsMessage=Neplatné heslo: musí obsahovať aspoň {0} špeciálne znaky.
+invalidPasswordNotUsernameMessage=Neplatné heslo: nesmie byť rovnaké ako používateľské meno.
+invalidPasswordRegexPatternMessage=Neplatné heslo: nezodpovedá regulárnemu výrazu.
+invalidPasswordHistoryMessage=Neplatné heslo: nesmie sa rovnať žiadnemu z posledných {0} hesiel.
+invalidPasswordBlacklistedMessage=Neplatné heslo: heslo je na čiernej listine.
+invalidPasswordGenericMessage=Neplatné heslo: nové heslo nezodpovedá pravidlám hesiel.
+
+# Authorization
+myResources=Moje Zdroje
+myResourcesSub=Moje zdroje
+doDeny=Zakázať
+doRevoke=Odvolať
+doApprove=Schváliť
+doRemoveSharing=Odstránenie zdieľania
+doRemoveRequest=Odstrániť požiadavku
+peopleAccessResource=Ľudia s prístupom k tomuto zdroju
+name=Názov
+scopes=Rozsahy
+resource=Zdroj
+user=Používateľ
+peopleSharingThisResource=Ľudia zdieľajúci tento zdroj
+shareWithOthers=Zdieľať s ostatnými
+needMyApproval=Potrebuje môj súhlas
+requestsWaitingApproval=Vaše požiadavky čakajú na schválenie
+icon=Ikona
+requestor=Žiadateľ
+owner=Vlastník
+resourcesSharedWithMe=Zdroje zdieľané so mnou
+permissionRequestion=Žiadosti o povolenie
+permission=Oprávnenie
+shares=podiel (y)
diff --git a/account/messages/messages_sv.properties b/account/messages/messages_sv.properties
new file mode 100644
index 0000000..cc134cd
--- /dev/null
+++ b/account/messages/messages_sv.properties
@@ -0,0 +1,150 @@
+# encoding: utf-8
+doSave=Spara
+doCancel=Avbryt
+doLogOutAllSessions=Logga ut från samtliga sessioner
+doRemove=Ta bort
+doAdd=Lägg till
+doSignOut=Logga ut
+
+editAccountHtmlTitle=Redigera konto
+federatedIdentitiesHtmlTitle=Federerade identiteter
+accountLogHtmlTitle=Kontologg
+changePasswordHtmlTitle=Byt lösenord
+sessionsHtmlTitle=Sessioner
+accountManagementTitle=Kontohantering för Keycloak
+authenticatorTitle=Autentiserare
+applicationsHtmlTitle=Applikationer
+
+authenticatorCode=Engångskod
+email=E-post
+firstName=Förnamn
+lastName=Efternamn
+password=Lösenord
+passwordConfirm=Bekräftelse
+passwordNew=Nytt lösenord
+username=Användarnamn
+address=Adress
+street=Gata
+locality=Postort
+region=Stat, Provins eller Region
+postal_code=Postnummer
+country=Land
+emailVerified=E-post verifierad
+gssDelegationCredential=GSS Delegation Credential
+
+role_admin=Administratör
+role_realm-admin=Realm-administratör
+role_create-realm=Skapa realm
+role_view-realm=Visa realm
+role_view-users=Visa användare
+role_view-applications=Visa applikationer
+role_view-clients=Visa klienter
+role_view-events=Visa event
+role_view-identity-providers=Visa identitetsleverantörer
+role_manage-realm=Hantera realm
+role_manage-users=Hantera användare
+role_manage-applications=Hantera applikationer
+role_manage-identity-providers=Hantera identitetsleverantörer
+role_manage-clients=Hantera klienter
+role_manage-events=Hantera event
+role_view-profile=Visa profil
+role_manage-account=Hantera konto
+role_read-token=Läs element
+role_offline-access=Åtkomst offline
+role_uma_authorization=Erhåll tillstånd
+client_account=Konto
+client_security-admin-console=Säkerhetsadministratörskonsol
+client_admin-cli=Administratörs-CLI
+client_realm-management=Realmhantering
+
+
+requiredFields=Obligatoriska fält
+allFieldsRequired=Samtliga fält krävs
+
+backToApplication=&laquo; Tillbaka till applikationen
+backTo=Tillbaka till {0}
+
+date=Datum
+event=Event
+ip=IP
+client=Klient
+clients=Klienter
+details=Detaljer
+started=Startade
+lastAccess=Senast åtkomst
+expires=Upphör
+applications=Applikationer
+
+account=Konto
+federatedIdentity=Federerad identitet
+authenticator=Autentiserare
+sessions=Sessioner
+log=Logg
+
+application=Applikation
+availablePermissions=Tillgängliga rättigheter
+grantedPermissions=Beviljade rättigheter
+grantedPersonalInfo=Medgiven personlig information
+additionalGrants=Ytterligare medgivanden
+action=Åtgärd
+inResource=i
+fullAccess=Fullständig åtkomst
+offlineToken=Offline token
+revoke=Upphäv rättighet
+
+configureAuthenticators=Konfigurerade autentiserare
+mobile=Mobil
+totpStep1=Installera <a href="https://freeotp.github.io/" target="_blank">FreeOTP</a> eller Google Authenticator på din enhet. Båda applikationerna finns tillgängliga på <a href="https://play.google.com">Google Play</a> och Apple App Store.
+totpStep2=Öppna applikationen och skanna streckkoden eller skriv i nyckeln.
+totpStep3=Fyll i engångskoden som tillhandahålls av applikationen och klicka på Spara för att avsluta inställningarna.
+
+missingUsernameMessage=Vänligen ange användarnamn.
+missingFirstNameMessage=Vänligen ange förnamn.
+invalidEmailMessage=Ogiltig e-postadress.
+missingLastNameMessage=Vänligen ange efternamn.
+missingEmailMessage=Vänligen ange e-post.
+missingPasswordMessage=Vänligen ange lösenord.
+notMatchPasswordMessage=Lösenorden matchar inte.
+
+missingTotpMessage=Vänligen ange autentiseringskoden.
+invalidPasswordExistingMessage=Det nuvarande lösenordet är ogiltigt.
+invalidPasswordConfirmMessage=Lösenordsbekräftelsen matchar inte.
+invalidTotpMessage=Autentiseringskoden är ogiltig.
+
+usernameExistsMessage=Användarnamnet finns redan.
+emailExistsMessage=E-posten finns redan.
+
+readOnlyUserMessage=Du kan inte uppdatera ditt konto eftersom det är skrivskyddat.
+readOnlyPasswordMessage=Du kan inte uppdatera ditt lösenord eftersom ditt konto är skrivskyddat.
+
+successTotpMessage=Mobilautentiseraren är inställd.
+successTotpRemovedMessage=Mobilautentiseraren är borttagen.
+
+successGrantRevokedMessage=Upphävandet av rättigheten lyckades.
+
+accountUpdatedMessage=Ditt konto har uppdaterats.
+accountPasswordUpdatedMessage=Ditt lösenord har uppdaterats.
+
+missingIdentityProviderMessage=Identitetsleverantör är inte angiven.
+invalidFederatedIdentityActionMessage=Åtgärden är ogiltig eller saknas.
+identityProviderNotFoundMessage=Angiven identitetsleverantör hittas inte.
+federatedIdentityLinkNotActiveMessage=Den här identiteten är inte längre aktiv.
+federatedIdentityRemovingLastProviderMessage=Du kan inte ta bort senaste federerade identiteten eftersom du inte har ett lösenord.
+identityProviderRedirectErrorMessage=Misslyckades med att omdirigera till identitetsleverantör.
+identityProviderRemovedMessage=Borttagningen av identitetsleverantören lyckades.
+identityProviderAlreadyLinkedMessage=Den federerade identiteten som returnerades av {0} är redan länkad till en annan användare.
+staleCodeAccountMessage=Sidan har upphört att gälla. Vänligen försök igen.
+consentDenied=Samtycket förnekades.
+
+accountDisabledMessage=Kontot är inaktiverat, kontakta administratör.
+
+accountTemporarilyDisabledMessage=Kontot är tillfälligt inaktiverat, kontakta administratör eller försök igen senare.
+invalidPasswordMinLengthMessage=Ogiltigt lösenord. Minsta längd är {0}.
+invalidPasswordMinLowerCaseCharsMessage=Ogiltigt lösenord: måste innehålla minst {0} små bokstäver.
+invalidPasswordMinDigitsMessage=Ogiltigt lösenord: måste innehålla minst {0} siffror.
+invalidPasswordMinUpperCaseCharsMessage=Ogiltigt lösenord: måste innehålla minst {0} stora bokstäver.
+invalidPasswordMinSpecialCharsMessage=Ogiltigt lösenord: måste innehålla minst {0} specialtecken.
+invalidPasswordNotUsernameMessage=Ogiltigt lösenord: Får inte vara samma som användarnamnet.
+invalidPasswordRegexPatternMessage=Ogiltigt lösenord: matchar inte kravet för lösenordsmönster.
+invalidPasswordHistoryMessage=Ogiltigt lösenord: Får inte vara samma som de senaste {0} lösenorden.
+invalidPasswordGenericMessage=Ogiltigt lösenord: Det nya lösenordet stämmer inte med lösenordspolicyn. \ No newline at end of file
diff --git a/account/messages/messages_tr.properties b/account/messages/messages_tr.properties
new file mode 100644
index 0000000..c83126d
--- /dev/null
+++ b/account/messages/messages_tr.properties
@@ -0,0 +1,341 @@
+doSave=Kaydet
+doCancel=\u0130ptal
+doLogOutAllSessions=T\u00FCm Oturumlar\u0131 Kapat
+doRemove=Sil
+doAdd=Ekle
+doSignOut=\u00C7\u0131k\u0131\u015F
+doLogIn=Oturum a\u00E7
+doLink=Ba\u011Flant\u0131
+
+
+editAccountHtmlTitle=Hesab\u0131m
+personalInfoHtmlTitle=Ki\u015Fisel bilgi
+federatedIdentitiesHtmlTitle=De\u011Fi\u015Ftirilen Kimlikler
+accountLogHtmlTitle=Kullan\u0131c\u0131 Loglar\u0131
+changePasswordHtmlTitle=\u015Eifre De\u011Fi\u015Ftirme
+deviceActivityHtmlTitle=Cihaz Etkinli\u011Fi
+sessionsHtmlTitle=Oturum
+accountManagementTitle=Keycloak Kullan\u0131c\u0131 Hesab\u0131 Y\u00F6netimi
+authenticatorTitle=Kimlik Do\u011Frulama
+applicationsHtmlTitle=Uygulama
+linkedAccountsHtmlTitle=Ba\u011Flant\u0131l\u0131 Hesaplar
+
+accountManagementWelcomeMessage=Keycloak Hesap Y\u00F6netimine Ho\u015F Geldiniz
+personalInfoIntroMessage=Temel bilgilerinizi y\u00F6netin
+accountSecurityTitle=Hesap G\u00FCvenli\u011Fi
+accountSecurityIntroMessage=\u015Eifrenizi ve hesap eri\u015Fiminizi kontrol edin
+applicationsIntroMessage=Hesab\u0131n\u0131za eri\u015Fmek i\u00E7in uygulama izninizi takip edin ve y\u00F6netin
+resourceIntroMessage=Kaynaklar\u0131n\u0131z\u0131 ekip \u00FCyeleri aras\u0131nda payla\u015F\u0131n
+passwordLastUpdateMessage=\u015Eifreniz g\u00FCncellendi
+updatePasswordTitle=\u015Eifre g\u00FCncelle
+updatePasswordMessageTitle=G\u00FC\u00E7l\u00FC bir \u015Fifre se\u00E7ti\u011Finizden emin olun
+updatePasswordMessage=G\u00FC\u00E7l\u00FC bir \u015Fifre, say\u0131lar, harfler ve sembollerin kar\u0131\u015F\u0131m\u0131ndan olu\u015Fmal\u0131d\u0131r. Tahmin etmesi zor ve ger\u00E7ek bir kelimeye benzemeyen \u015Fifre sadece bu hesap i\u00E7in kullan\u0131l\u0131r.
+personalSubTitle=Ki\u015Fisel Bilgileriniz
+personalSubMessage=Bu temel bilgileri y\u00F6netin: ad\u0131n\u0131z, soyad\u0131n\u0131z ve e-posta adresiniz
+
+authenticatorCode=Kimlik Do\u011Frulama Kodu
+email=E-Mail
+firstName=Ad
+givenName=Ad
+fullName=Ad Soyad
+lastName=Soyad
+familyName=Soyad
+password=\u015Eifre
+currentPassword=\u015Eimdiki \u015Eifre
+passwordConfirm=\u015Eifre Do\u011Frulama
+passwordNew=Yeni \u015Eifre
+username=Kullan\u0131c\u0131 Ad\u0131
+address=Adres
+street=Cadde
+region=B\u00F6lge
+postal_code=Posta Kodu
+locality=\u015Eehir
+country=\u00DClke
+emailVerified=E-Mail Do\u011Fruland\u0131
+gssDelegationCredential=GSS Yetki Bilgisi
+
+profileScopeConsentText=Kullan\u0131c\u0131 profili
+emailScopeConsentText=Email adresi
+addressScopeConsentText=Adres
+phoneScopeConsentText=Telefon numaras\u0131
+offlineAccessScopeConsentText=\u00C7evrimd\u0131\u015F\u0131 Eri\u015Fim
+samlRoleListScopeConsentText=Rollerim
+rolesScopeConsentText=Kullan\u0131c\u0131 rolleri
+
+role_admin=Admin
+role_realm-admin=Realm Admin
+role_create-realm=Realm Olu\u015Ftur
+role_view-realm=Realm g\u00F6r\u00FCnt\u00FCle
+role_view-users=Kullan\u0131c\u0131lar\u0131 g\u00F6r\u00FCnt\u00FCle
+role_view-applications=Uygulamalar\u0131 g\u00F6r\u00FCnt\u00FCle
+role_view-clients=\u0130stemci g\u00F6r\u00FCnt\u00FCle
+role_view-events=Olay g\u00F6r\u00FCnt\u00FCle
+role_view-identity-providers=Kimlik Sa\u011Flay\u0131c\u0131lar
+role_manage-realm=Realm y\u00F6net
+role_manage-users=Kullan\u0131c\u0131lar\u0131 y\u00F6net
+role_manage-applications=Uygulamalar\u0131 y\u00F6net
+role_manage-identity-providers=Kimlik Sa\u011Flay\u0131c\u0131lar\u0131 Y\u00F6net
+role_manage-clients=\u0130stemci y\u00F6net
+role_manage-events=Olay y\u00F6net
+role_view-profile=Profilleri g\u00F6r\u00FCnt\u00FCle
+role_manage-account=Profilleri Y\u00F6net
+role_manage-account-links=Profil ba\u011Flant\u0131lar\u0131n\u0131 y\u00F6net
+role_read-token=Token oku
+role_offline-access=\u00C7evirimd\u0131\u015F\u0131 Yetki
+role_uma_authorization=\u0130zinleri Al
+client_account=M\u00FC\u015Fteri Hesab\u0131
+client_security-admin-console=G\u00FCvenlik Y\u00F6netici Konsolu
+client_admin-cli=Admin CLI
+client_realm-management=Realm-Management
+client_broker=Broker
+
+requiredFields=Zorunlu Alanlar
+allFieldsRequired=T\u00FCm Alanlar Zorunlu
+
+backToApplication=&laquo; Uygulamaya D\u00F6n
+backTo=Geri D\u00F6n {0}
+
+date=G\u00FCn
+event=Olay
+ip=IP
+client=\u0130stemci
+clients=\u0130stemciler
+details=Detaylar
+started=Ba\u015Flang\u0131\u00E7 Tarihi
+lastAccess=Son Eri\u015Fim Tarihi
+expires=Son Kullanma Tarihi
+applications=Uygulama
+
+account=Hesap
+federatedIdentity=Federal Kimlik
+authenticator=Kimlik Do\u011Frulama
+device-activity=Cihaz Etkinli\u011Fi
+sessions=Oturum
+log=Log
+
+application=Uygulama
+availablePermissions=Kullan\u0131labilir \u0130zinler
+availableRoles=Kullan\u0131labilir Roller
+grantedPermissions=Verilen \u0130zinler
+grantedPersonalInfo=\u0130zin Verilen Ki\u015Fisel Bilgiler
+additionalGrants=Ek \u0130zinler
+action=Aksiyon
+inResource=Kaynak
+fullAccess=Tam Yetki
+offlineToken=\u00C7evirimd\u0131\u015F\u0131-Token
+revoke=\u0130zni \u0130ptal et
+
+configureAuthenticators=\u00C7oklu Kimlik Do\u011Frulama
+mobile=Mobil
+totpStep1=Ak\u0131ll\u0131 Telefonunuza a\u015Fa\u011F\u0131daki uygulamalardan birini y\u00FCkleyin:
+totpStep2=Uygulamay\u0131 a\u00E7\u0131n ve barkodu okutun.
+totpStep3=Uygulama taraf\u0131ndan olu\u015Fturulan tek seferlik kodu girin ve Kaydet''i t\u0131klay\u0131n.
+
+totpManualStep2=Uygulamay\u0131 a\u00E7\u0131n ve a\u015Fa\u011F\u0131daki anahtar\u0131 girin.
+totpManualStep3=Bunlar\u0131 uygulama i\u00E7in \u00F6zelle\u015Ftirebilirseniz a\u015Fa\u011F\u0131daki yap\u0131land\u0131rma de\u011Ferlerini kullan\u0131n:
+totpUnableToScan=Barkodu tarayam\u0131yor musunuz?
+totpScanBarcode=Barkod Tara?
+
+totp.totp=Zaman bazl\u0131 (time-based)
+totp.hotp=Saya\u00E7 tabanl\u0131 (counter-based)
+
+totpType=Tip
+totpAlgorithm=Algoritma
+totpDigits=Basamak
+totpInterval=Aral\u0131k
+totpCounter=Saya\u00E7
+
+missingUsernameMessage=L\u00FCtfen bir kullan\u0131c\u0131 ad\u0131 giriniz.
+missingFirstNameMessage=L\u00FCtfen bir ad girin.
+invalidEmailMessage=Ge\u00E7ersiz e-posta adresi.
+missingLastNameMessage=L\u00FCtfen bir soyad\u0131 giriniz.
+missingEmailMessage=L\u00FCtfen bir e-mail adresi giriniz.
+missingPasswordMessage=L\u00FCtfen bir \u015Fifre giriniz.
+notMatchPasswordMessage=\u015Eifreler ayn\u0131 de\u011Fil.
+
+missingTotpMessage=L\u00FCtfen tek seferlik kodu girin.
+invalidPasswordExistingMessage=Mevcut \u015Fifre ge\u00E7ersiz.
+invalidPasswordConfirmMessage=\u015Eifre onay\u0131 ayn\u0131 de\u011Fil.
+invalidTotpMessage=Ge\u00E7ersiz tek seferlik kod.
+
+usernameExistsMessage=Kullan\u0131c\u0131 ad\u0131 zaten mevcut.
+emailExistsMessage=E-posta adresi zaten mevcut.
+
+readOnlyUserMessage=Yazma korumal\u0131 oldu\u011Fundan kullan\u0131c\u0131 hesab\u0131n\u0131z\u0131 de\u011Fi\u015Ftiremezsiniz.
+readOnlyUsernameMessage=Yazma korumal\u0131 oldu\u011Fundan kullan\u0131c\u0131 ad\u0131n\u0131z\u0131 de\u011Fi\u015Ftiremezsiniz.
+readOnlyPasswordMessage=Yazma korumal\u0131 oldu\u011Fundan \u015Fifrenizi de\u011Fi\u015Ftiremezsiniz.
+
+successTotpMessage=\u00C7oklu kimlik do\u011Frulamas\u0131 ba\u015Far\u0131yla yap\u0131land\u0131r\u0131ld\u0131.
+successTotpRemovedMessage=\u00C7oklu kimlik do\u011Frulama ba\u015Far\u0131yla kald\u0131r\u0131ld\u0131.
+
+successGrantRevokedMessage=\u0130zin ba\u015Far\u0131yla iptal edildi.
+
+accountUpdatedMessage=Kullan\u0131c\u0131 hesab\u0131n\u0131z g\u00FCncellendi.
+accountPasswordUpdatedMessage=\u015Eifreniz g\u00FCncellendi.
+
+missingIdentityProviderMessage=Kimlik Sa\u011Flay\u0131c\u0131s\u0131 belirtilmemi\u015F.
+invalidFederatedIdentityActionMessage=Ge\u00E7ersiz veya eksik eylem.
+identityProviderNotFoundMessage=Belirtilen Kimlik Sa\u011Flay\u0131c\u0131 bulunamad\u0131.
+federatedIdentityLinkNotActiveMessage=Bu kimlik art\u0131k aktif de\u011Fil.
+federatedIdentityRemovingLastProviderMessage=\u015Eifreniz olmad\u0131\u011F\u0131 i\u00E7in son giri\u015Fi kald\u0131ramazs\u0131n\u0131z.
+identityProviderRedirectErrorMessage=Kimlik sa\u011Flay\u0131c\u0131ya iletilirken hata olu\u015Ftu.
+identityProviderRemovedMessage=Kimlik Sa\u011Flay\u0131c\u0131s\u0131 ba\u015Far\u0131yla kald\u0131r\u0131ld\u0131.
+identityProviderAlreadyLinkedMessage=De\u011Fi\u015Ftirilmi\u015F {0} kimli\u011Fi ba\u015Fka bir kullan\u0131c\u0131ya atanm\u0131\u015F.
+staleCodeAccountMessage=Bu sayfa art\u0131k ge\u00E7erli de\u011Fil, l\u00FCtfen tekrar deneyin.
+consentDenied=Onay reddedildi.
+
+accountDisabledMessage=Hesab\u0131n\u0131z kilitlendi, l\u00FCtfen y\u00F6neticiyle ileti\u015Fime ge\u00E7in.
+
+accountTemporarilyDisabledMessage=Hesab\u0131n\u0131z ge\u00E7ici olarak kilitlendi, l\u00FCtfen y\u00F6neticiyle ileti\u015Fime ge\u00E7in veya daha sonra tekrar deneyin.
+invalidPasswordMinLengthMessage=Ge\u00E7ersiz \u015Eifre: En az {0} karakter uzunlu\u011Funda olmal\u0131.
+invalidPasswordMinLowerCaseCharsMessage=Ge\u00E7ersiz \u015Eifre \: En az {0} k\u00FC\u00E7\u00FCk harf i\u00E7ermelidir.
+invalidPasswordMinDigitsMessage=Ge\u00E7ersiz \u015Eifre: En az {0} say\u0131(lar) i\u00E7ermelidir.
+invalidPasswordMinUpperCaseCharsMessage=Ge\u00E7ersiz \u015Eifre: En az {0} b\u00FCy\u00FCk harf i\u00E7ermelidir.
+invalidPasswordMinSpecialCharsMessage=Ge\u00E7ersiz \u015Eifre: En az {0} \u00F6zel karakter i\u00E7ermelidir.
+invalidPasswordNotUsernameMessage=Ge\u00E7ersiz \u015Eifre: Kullan\u0131c\u0131 ad\u0131yla ayn\u0131 olamaz.
+invalidPasswordRegexPatternMessage=Ge\u00E7ersiz \u015Eifre: Regex Patternine uygun de\u011Fil.
+invalidPasswordHistoryMessage=Ge\u00E7ersiz \u015Eifre: Son {0} \u015Fifreden biri olamaz.
+invalidPasswordBlacklistedMessage=Ge\u00E7ersiz \u015Eifre: \u015Eifre bloklanm\u0131\u015F \u015Fifreler listesindedir (kara liste).
+invalidPasswordGenericMessge=Ge\u00E7ersiz \u015Eifre: Yeni \u015Fifre, \u015Fifre kurallar\u0131n\u0131 ihlal ediyor.
+
+
+
+# Authorization
+myResources=Kaynaklar\u0131m
+myResourcesSub=Kaynaklar\u0131m
+doDeny=Reddet
+doRevoke=Geri al
+doApprove=Onayla
+doRemoveSharing=Payla\u015F\u0131m\u0131 Kald\u0131r
+doRemoveRequest=\u0130ste\u011Fi Kald\u0131r
+peopleAccessResource=Bu kayna\u011Fa eri\u015Fimi olan ki\u015Filer
+resourceManagedPolicies=Bu kayna\u011Fa eri\u015Fim izni veren izinler
+resourceNoPermissionsGrantingAccess=Bu kayna\u011Fa eri\u015Fim izni verilmeyen izin yok
+anyAction=Herhangi bir eylem
+description=A\u00E7\u0131klama
+name=\u0130sim
+scopes=Kapsam
+resource=Kaynak
+user=Kullan\u0131c\u0131
+peopleSharingThisResource=Bu kayna\u011F\u0131 payla\u015Fan kullan\u0131c\u0131lar
+shareWithOthers=Ba\u015Fkalar\u0131yla payla\u015F
+needMyApproval=Onay\u0131m gerekli
+requestsWaitingApproval=Talepleriniz onay bekliyor
+icon=Icon
+requestor=Talep eden
+owner=Sahip
+resourcesSharedWithMe=Kaynaklar benimle payla\u015F\u0131ld\u0131
+permissionRequestion=\u0130zin Talepleri
+permission=\u0130zin
+shares=Payla\u015F\u0131m(lar)
+
+locale_ca=Katalanca
+locale_de=Almanca
+locale_en=\u0130ngilizce
+locale_es=\u0130spanyolca
+locale_fr=Frans\u0131zca
+locale_it=\u0130talyanca
+locale_ja=Japonca
+locale_nl=Felemenk\u00E7e
+locale_no=Norve\u00E7ce
+locale_pl=Leh\u00E7e
+locale_pt_BR=Portekizce
+locale_pt-BR=Portekizce
+locale_ru=Rus\u00E7a
+locale_lt=Litvanca
+locale_zh-CN=\u00C7ince
+locale_sk=Slovak\u00E7a
+locale_sv=\u0130sve\u00E7\u00E7e
+locale_tr=T\u00FCrk\u00E7e
+
+# Applications
+applicaitonName=\u0130sim
+applicationType=Uygulama Tipi
+applicationInUse=Yaln\u0131zca uygulama i\u00E7i kullan\u0131m
+clearAllFilter=T\u00FCm filtreleri temizle
+activeFilters=Aktif filtreler
+filterByName=\u0130sme G\u00F6re Filtrele ...
+allApps=B\u00FCt\u00FCn uygulamalar
+internalApps=\u0130\u00E7 uygulamalar
+thirdpartyApps=\u00DC\u00E7\u00FCnc\u00FC parti uygulamalar
+appResults=Sonu\u00E7lar
+
+# Linked account
+authorizedProvider=Yetkili Tedarik\u00E7i
+authorizedProviderMessage=Yetkili Sa\u011Flay\u0131c\u0131lar hesab\u0131n\u0131zla ba\u011Flant\u0131l\u0131
+identityProvider=Kimlik Sa\u011Flay\u0131c\u0131s\u0131
+identityProviderMessage=Hesab\u0131n\u0131z\u0131 yap\u0131land\u0131rd\u0131\u011F\u0131n\u0131z kimlik sa\u011Flay\u0131c\u0131lar\u0131yla ba\u011Flamak i\u00E7in
+socialLogin=Sosyal Giri\u015F
+userDefined=Kullan\u0131c\u0131 tan\u0131ml\u0131
+removeAccess=Eri\u015Fimi Kald\u0131r
+removeAccessMessage=Bu uygulama hesab\u0131n\u0131 kullanmak istiyorsan\u0131z tekrar eri\u015Fim vermeniz gerekir.
+
+#Authenticator
+authenticatorStatusMessage=\u0130ki fakt\u00F6rl\u00FC kimlik do\u011Frulama aktif
+authenticatorFinishSetUpTitle=\u0130ki Fakt\u00F6rl\u00FC Do\u011Frulama
+authenticatorFinishSetUpMessage=Keycloak hesab\u0131n\u0131zda her oturum a\u00E7t\u0131\u011F\u0131n\u0131zda, iki fakt\u00F6rl\u00FC bir do\u011Frulama kodu girmeniz istenecektir.
+authenticatorSubTitle=\u0130ki Fakt\u00F6rl\u00FC Kimlik Do\u011Frulamay\u0131 Ayarlama
+authenticatorSubMessage=Hesab\u0131n\u0131z\u0131n g\u00FCvenli\u011Fini art\u0131rmak i\u00E7in mevcut iki fakt\u00F6rl\u00FC kimlik do\u011Frulama y\u00F6ntemlerinden en az birini etkinle\u015Ftirin.
+authenticatorMobileTitle=Mobil Kimlik Do\u011Frulay\u0131c\u0131
+authenticatorMobileMessage=Do\u011Frulama kodlar\u0131n\u0131 iki fakt\u00F6rl\u00FC kimlik do\u011Frulama olarak almak i\u00E7in mobil Do\u011Frulay\u0131c\u0131''y\u0131 kullan\u0131n.
+authenticatorMobileFinishSetUpMessage=Do\u011Frulay\u0131c\u0131, telefonunuza ba\u011Fl\u0131.
+authenticatorActionSetup=Kur
+authenticatorSMSTitle=SMS Kodu
+authenticatorSMSMessage=Keycloak, do\u011Frulama kodunu telefonunuza iki fakt\u00F6rl\u00FC kimlik do\u011Frulamas\u0131 olarak g\u00F6nderecektir.
+authenticatorSMSFinishSetUpMessage=K\u0131sa mesajlar g\u00F6nderilir
+authenticatorDefaultStatus=Varsay\u0131lan
+authenticatorChangePhone=Telefon Numaras\u0131n\u0131 De\u011Fi\u015Ftir
+authenticatorBackupCodesTitle=Yedekleme Kodlar\u0131
+authenticatorBackupCodesMessage=8 haneli yedek kodlar\u0131n\u0131z\u0131 al\u0131n
+authenticatorBackupCodesFinishSetUpMessage=\u015Eu anda 12 haneli yedek kod olu\u015Fturuldu. Her biri bir kez kullan\u0131labilir.
+
+#Authenticator - Mobile Authenticator setup
+authenticatorMobileSetupTitle=Mobil Kimlik Do\u011Frulama Kurulumu
+smscodeIntroMessage=Telefon numaran\u0131z\u0131 girin ve telefonunuza bir do\u011Frulama kodu g\u00F6nderilecektir.
+mobileSetupStep1=Telefonunuza bir kimlik do\u011Frulama uygulamas\u0131 y\u00FCkleyin. Burada listelenen uygulamalar desteklenmektedir.
+mobileSetupStep2=Uygulamay\u0131 a\u00E7\u0131n ve barkodu taray\u0131n.
+mobileSetupStep3=Uygulama taraf\u0131ndan sa\u011Flanan tek seferlik kodu girin ve kurulumu tamamlamak i\u00E7in Kaydet''e t\u0131klay\u0131n.
+scanBarCode=Barkodu taramak ister misiniz?
+enterBarCode=Tek seferlik kodu girin
+doCopy=Kopyala
+doFinish=Bitir
+
+#Authenticator - SMS Code setup
+authenticatorSMSCodeSetupTitle=SMS Kodu Kurulumu
+chooseYourCountry=\u00DClkenizi se\u00E7in
+enterYourPhoneNumber=Telefon numaran\u0131z\u0131 girin
+sendVerficationCode=Do\u011Frulama kodu G\u00F6nder
+enterYourVerficationCode=Onaylama kodunu girin
+
+#Authenticator - backup Code setup
+authenticatorBackupCodesSetupTitle=Yedekleme Kodlar\u0131 Kurulumu
+backupcodesIntroMessage=Telefonunuza eri\u015Fimi kaybederseniz, yine de yedek kodlar arac\u0131l\u0131\u011F\u0131yla hesab\u0131n\u0131za giri\u015F yapabilirsiniz. Onlar\u0131 g\u00FCvenli ve eri\u015Filebilir bir yerde saklay\u0131n.
+realmName=Realm
+doDownload=\u0130ndir
+doPrint=Yazd\u0131r
+backupCodesTips-1=Her yedek kod bir kez kullan\u0131labilir.
+backupCodesTips-2=Bu kodlar \u00FCzerinde olu\u015Fturuldu
+generateNewBackupCodes=Yeni Yedekleme Kodlar\u0131 Olu\u015Ftur
+backupCodesTips-3=Yeni yedek kodlar olu\u015Fturdu\u011Funuzda, mevcut kodlar art\u0131k \u00E7al\u0131\u015Fmayacakt\u0131r.
+backtoAuthenticatorPage=Kimlik Do\u011Frulay\u0131c\u0131 Sayfas\u0131na Geri D\u00F6n
+
+#Resources
+resources=Kaynaklar
+sharedwithMe=Benimle payla\u015Ft\u0131
+share=Payla\u015F\u0131m
+sharedwith=\u0130le payla\u015Ft\u0131
+accessPermissions=Eri\u015Fim \u0130zinleri
+permissionRequests=\u0130zin \u0130stekleri
+approve=Onayla
+approveAll=T\u00FCm\u00FCn\u00FC onayla
+people=\u0130nsanlar
+perPage=Sayfa ba\u015F\u0131na
+currentPage=Ge\u00E7erli sayfa
+sharetheResource=Kayna\u011F\u0131 payla\u015F
+group=Grup
+selectPermission=\u0130zin Se\u00E7
+addPeople=Kayna\u011F\u0131n\u0131z\u0131 payla\u015Fmak i\u00E7in kullan\u0131c\u0131 ekleyin
+addTeam=Kayna\u011F\u0131n\u0131z\u0131 payla\u015Fmak i\u00E7in ekip ekleyin
+myPermissions=\u0130zinlerim
+waitingforApproval=Onay bekleniyor
+anyPermission=Herhangi bir izin
diff --git a/account/messages/messages_zh_CN.properties b/account/messages/messages_zh_CN.properties
new file mode 100644
index 0000000..9e9a8a6
--- /dev/null
+++ b/account/messages/messages_zh_CN.properties
@@ -0,0 +1,166 @@
+# encoding: utf-8
+doSave=保存
+doCancel=取消
+doLogOutAllSessions=登出所有会话
+doRemove=删除
+doAdd=添加
+doSignOut=登出
+
+editAccountHtmlTitle=编辑账户
+federatedIdentitiesHtmlTitle=链接的身份
+accountLogHtmlTitle=账户日志
+changePasswordHtmlTitle=更改密码
+sessionsHtmlTitle=会话
+accountManagementTitle=Keycloak账户管理
+authenticatorTitle=认证者
+applicationsHtmlTitle=应用
+
+authenticatorCode=一次性认证码
+email=电子邮件
+firstName=名
+givenName=姓
+fullName=全名
+lastName=姓
+familyName=姓
+password=密码
+passwordConfirm=确认
+passwordNew=新密码
+username=用户名
+address=地址
+street=街道
+locality=城市住所
+region=省,自治区,直辖市
+postal_code=邮政编码
+country=国家
+emailVerified=验证过的Email
+gssDelegationCredential=GSS Delegation Credential
+
+role_admin=管理员
+role_realm-admin=域管理员
+role_create-realm=创建域
+role_view-realm=查看域
+role_view-users=查看用户
+role_view-applications=查看应用
+role_view-clients=查看客户
+role_view-events=查看事件
+role_view-identity-providers=查看身份提供者
+role_manage-realm=管理域
+role_manage-users=管理用户
+role_manage-applications=管理应用
+role_manage-identity-providers=管理身份提供者
+role_manage-clients=管理客户
+role_manage-events=管理事件
+role_view-profile=查看用户信息
+role_manage-account=管理账户
+role_read-token=读取 token
+role_offline-access=离线访问
+role_uma_authorization=获取授权
+client_account=账户
+client_security-admin-console=安全管理终端
+client_admin-cli=管理命令行
+client_realm-management=域管理
+client_broker=代理
+
+
+requiredFields=必填项
+allFieldsRequired=所有项必填
+
+backToApplication=« 回到应用
+backTo=回到 {0}
+
+date=日期
+event=事件
+ip=IP
+client=客户端
+clients=客户端
+details=详情
+started=开始
+lastAccess=最后一次访问
+expires=过期时间
+applications=应用
+
+account=账户
+federatedIdentity=关联身份
+authenticator=认证方
+sessions=会话
+log=日志
+
+application=应用
+availablePermissions=可用权限
+grantedPermissions=授予权限
+grantedPersonalInfo=授权的个人信息
+additionalGrants=可授予的权限
+action=操作
+inResource=in
+fullAccess=所有权限
+offlineToken=离线 token
+revoke=收回授权
+
+configureAuthenticators=配置的认证者
+mobile=手机
+totpStep1=在你的设备上安装 <a href="https://fedorahosted.org/freeotp/" target="_blank">FreeOTP</a> 或者 Google Authenticator.两个应用可以从 <a href="https://play.google.com">Google Play</a> 和 Apple App Store下载。
+totpStep2=打开应用扫描二维码输入验证码
+totpStep3=输入应用提供的一次性验证码单击保存
+
+missingUsernameMessage=请指定用户名
+missingFirstNameMessage=请指定名
+invalidEmailMessage=无效的电子邮箱地址
+missingLastNameMessage=请指定姓
+missingEmailMessage=请指定邮件地址
+missingPasswordMessage=请输入密码
+notMatchPasswordMessage=密码不匹配
+
+missingTotpMessage=请指定认证者代码
+invalidPasswordExistingMessage=无效的旧密码
+invalidPasswordConfirmMessage=确认密码不相符
+invalidTotpMessage=无效的认证码
+
+usernameExistsMessage=用户名已经存在
+emailExistsMessage=电子邮箱已经存在
+
+readOnlyUserMessage=无法修改账户,因为它是只读的。
+readOnlyPasswordMessage=不可以更该账户因为它是只读的。
+
+successTotpMessage=手机认证者配置完毕
+successTotpRemovedMessage=手机认证者已删除
+
+successGrantRevokedMessage=授权成功回收
+
+accountUpdatedMessage=您的账户已经更新
+accountPasswordUpdatedMessage=您的密码已经修改
+
+missingIdentityProviderMessage=身份提供者未指定
+invalidFederatedIdentityActionMessage=无效或者缺少操作
+identityProviderNotFoundMessage=指定的身份提供者未找到
+federatedIdentityLinkNotActiveMessage=这个身份不再使用了。
+federatedIdentityRemovingLastProviderMessage=你不可以移除最后一个身份提供者因为你没有设置密码
+identityProviderRedirectErrorMessage=尝试重定向到身份提供商失败
+identityProviderRemovedMessage=身份提供商成功删除
+identityProviderAlreadyLinkedMessage=链接的身份 {0} 已经连接到已有用户。
+staleCodeAccountMessage=页面过期。请再试一次。
+consentDenied=不同意
+
+accountDisabledMessage=账户已经关闭,请联系管理员
+
+accountTemporarilyDisabledMessage=账户暂时关闭,请联系管理员或稍后再试。
+invalidPasswordMinLengthMessage=无效的密码:最短长度 {0}.
+invalidPasswordMinLowerCaseCharsMessage=无效的密码: 至少包含 {0} 小写字母。
+invalidPasswordMinDigitsMessage=无效的密码: 至少包含 {0} 数字。
+invalidPasswordMinUpperCaseCharsMessage=无效的密码: 至少包含 {0} 大写字母
+invalidPasswordMinSpecialCharsMessage=无效的密码: 至少包含 {0} 个特殊字符
+invalidPasswordNotUsernameMessage=无效的密码: 不能与用户名相同
+invalidPasswordRegexPatternMessage=无效的密码: 无法与正则表达式匹配
+invalidPasswordHistoryMessage=无效的密码: 不能与之前的{0} 个旧密码相同
+locale_ca=Català
+locale_de=Deutsch
+locale_en=English
+locale_es=Español
+locale_fr=Français
+locale_it=Italian
+locale_ja=日本語
+locale_nl=Nederlands
+locale_no=Norsk
+locale_lt=Lietuvių
+locale_pt-BR=Português (Brasil)
+locale_ru=Русский
+locale_zh-CN=中文简体
diff --git a/account/password.ftl b/account/password.ftl
new file mode 100644
index 0000000..4a043f2
--- /dev/null
+++ b/account/password.ftl
@@ -0,0 +1,59 @@
+<#import "template.ftl" as layout>
+<@layout.mainLayout active='password' bodyClass='password'; section>
+
+ <div class="row">
+ <div class="col-md-10">
+ <h2>${msg("changePasswordHtmlTitle")}</h2>
+ </div>
+ <div class="col-md-2 subtitle">
+ <span class="subtitle">${msg("allFieldsRequired")}</span>
+ </div>
+ </div>
+
+ <form action="${url.passwordUrl}" class="form-horizontal" method="post">
+ <input type="text" id="username" name="username" value="${(account.username!'')}" autocomplete="username" readonly="readonly" style="display:none;">
+
+ <#if password.passwordSet>
+ <div class="form-group">
+ <div class="col-sm-2 col-md-2">
+ <label for="password" class="control-label">${msg("password")}</label>
+ </div>
+
+ <div class="col-sm-10 col-md-10">
+ <input type="password" class="form-control" id="password" name="password" autofocus autocomplete="current-password">
+ </div>
+ </div>
+ </#if>
+
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+
+ <div class="form-group">
+ <div class="col-sm-2 col-md-2">
+ <label for="password-new" class="control-label">${msg("passwordNew")}</label>
+ </div>
+
+ <div class="col-sm-10 col-md-10">
+ <input type="password" class="form-control" id="password-new" name="password-new" autocomplete="new-password">
+ </div>
+ </div>
+
+ <div class="form-group">
+ <div class="col-sm-2 col-md-2">
+ <label for="password-confirm" class="control-label" class="two-lines">${msg("passwordConfirm")}</label>
+ </div>
+
+ <div class="col-sm-10 col-md-10">
+ <input type="password" class="form-control" id="password-confirm" name="password-confirm" autocomplete="new-password">
+ </div>
+ </div>
+
+ <div class="form-group">
+ <div id="kc-form-buttons" class="col-md-offset-2 col-md-10 submit">
+ <div class="">
+ <button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Save">${msg("doSave")}</button>
+ </div>
+ </div>
+ </div>
+ </form>
+
+</@layout.mainLayout>
diff --git a/account/resource-detail.ftl b/account/resource-detail.ftl
new file mode 100644
index 0000000..2c963d7
--- /dev/null
+++ b/account/resource-detail.ftl
@@ -0,0 +1,277 @@
+<#import "template.ftl" as layout>
+<@layout.mainLayout active='authorization' bodyClass='authorization'; section>
+
+ <style>
+ .search-box,.close-icon,.search-wrapper {
+ position: relative;
+ }
+ .search-wrapper {
+ width: 500px;
+ margin: auto;
+ margin-top: 50px;
+ }
+ .search-box {
+ font-weight: 600;
+ color: white;
+ border: 1px solid #006e9c;
+ outline: 0;
+ border-radius: 15px;
+ background-color: #0085cf;
+ padding: 2px 5px;
+
+ }
+ .search-box:focus {
+ box-shadow: 0 0 15px 5px #b0e0ee;
+ border: 2px solid #bebede;
+ }
+ .close-icon {
+ border:1px solid transparent;
+ background-color: transparent;
+ display: inline-block;
+ float: right;
+ outline: 0;
+ cursor: pointer;
+ }
+ .close-icon:after {
+ display: block;
+ width: 15px;
+ height: 15px;
+ background-color: #FA9595;
+ z-index:1;
+ right: 35px;
+ top: 0;
+ bottom: 0;
+ margin: auto;
+ padding: 2px;
+ border-radius: 50%;
+ text-align: center;
+ color: white;
+ font-weight: normal;
+ font-size: 12px;
+ box-shadow: 0 0 2px #E50F0F;
+ cursor: pointer;
+ }
+ .search-box:not(:valid) ~ .close-icon {
+ display: none;
+ }
+ </style>
+ <script>
+ function removeScopeElm(elm) {
+ elm.parentNode.removeChild(elm);
+ }
+
+ function removeAllScopes(id) {
+ var scopesElm = document.getElementsByName('removeScope-' + id);
+
+ for (i = 0; i < scopesElm.length; i++) {
+ var td = scopesElm[i].parentNode.parentNode;
+ var tr = td.parentNode;
+ var tbody = tr.parentNode;
+ tbody.removeChild(tr);
+ }
+ }
+
+ function getChildren(parent, childId) {
+ var childNodes = [];
+
+ for (i = 0; i < parent.childNodes.length; i++) {
+ if (parent.childNodes[i].id == childId) {
+ childNodes.push(parent.childNodes[i]);
+ }
+ }
+
+ return childNodes;
+ }
+ </script>
+
+ <div class="row">
+ <div class="col-md-10">
+ <h2>
+ <a href="${url.resourceUrl}">${msg("myResources")}</a> <i class="fa fa-angle-right"></i> <#if authorization.resource.displayName??>${authorization.resource.displayName}<#else>${authorization.resource.name}</#if>
+ </h2>
+ </div>
+ </div>
+
+ <#if authorization.resource.iconUri??>
+ <img src="${authorization.resource.iconUri}">
+ <br/>
+ </#if>
+
+ <div class="row">
+ <div class="col-md-10">
+ <h3>
+ ${msg("peopleAccessResource")}
+ </h3>
+ </div>
+ </div>
+ <div class="row">
+ <div class="col-md-12">
+ <table class="table table-striped table-bordered">
+ <thead>
+ <tr>
+ <th>${msg("user")}</th>
+ <th>${msg("permission")}</th>
+ <th>${msg("date")}</th>
+ <th>${msg("action")}</th>
+ </tr>
+ </thead>
+ <tbody>
+ <#if authorization.resource.shares?size != 0>
+ <#list authorization.resource.shares as permission>
+ <form action="${url.getResourceGrant(authorization.resource.id)}" name="revokeForm-${authorization.resource.id}-${permission.requester.username}" method="post">
+ <input type="hidden" name="action" value="revoke">
+ <input type="hidden" name="requester" value="${permission.requester.username}">
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+ <tr>
+ <td>
+ <#if permission.requester.email??>${permission.requester.email}<#else>${permission.requester.username}</#if>
+ </td>
+ <td>
+ <#if permission.scopes?size != 0>
+ <#list permission.scopes as scope>
+ <#if scope.granted && scope.scope??>
+ <div class="search-box">
+ <#if scope.scope.displayName??>
+ ${scope.scope.displayName}
+ <#else>
+ ${scope.scope.name}
+ </#if>
+ <button class="close-icon" type="button" name="removeScope-${authorization.resource.id}-${permission.requester.username}" onclick="removeScopeElm(this.parentNode);document.forms['revokeForm-${authorization.resource.id}-${permission.requester.username}'].submit();"><i class="fa fa-times" aria-hidden="true"></i></button>
+ <input type="hidden" name="permission_id" value="${scope.id}"/>
+ </div>
+ <#else>
+ ${msg("anyPermission")}
+ </#if>
+ </#list>
+ <#else>
+ Any action
+ </#if>
+ </td>
+ <td>
+ ${permission.createdDate?datetime}
+ </td>
+ <td width="20%" align="middle" style="vertical-align: middle">
+ <a href="#" id="revoke-${authorization.resource.name}-${permission.requester.username}" onclick="removeAllScopes('${authorization.resource.id}-${permission.requester.username}');document.forms['revokeForm-${authorization.resource.id}-${permission.requester.username}'].submit();" type="submit" class="btn btn-primary">${msg("doRevoke")}</a>
+ </td>
+ </tr>
+ </form>
+ </#list>
+ <#else>
+ <tr>
+ <td colspan="4">${msg("resourceIsNotBeingShared")}</td>
+ </tr>
+ </#if>
+ </tbody>
+ </table>
+ </form>
+ </div>
+ </div>
+ <div class="row">
+ <div class="col-md-10">
+ <h3>
+ ${msg("resourceManagedPolicies")}
+ </h3>
+ </div>
+ </div>
+ <div class="row">
+ <div class="col-md-12">
+ <table class="table table-striped table-bordered">
+ <thead>
+ <tr>
+ <th>${msg("description")}</th>
+ <th>${msg("permission")}</th>
+ <th>${msg("action")}</th>
+ </tr>
+ </thead>
+ <tbody>
+ <#if authorization.resource.policies?size != 0>
+ <#list authorization.resource.policies as permission>
+ <form action="${url.getResourceGrant(authorization.resource.id)}" name="revokePolicyForm-${authorization.resource.id}-${permission.id}" method="post">
+ <input type="hidden" name="action" value="revokePolicy">
+ <input type="hidden" name="permission_id" value="${permission.id}"/>
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+ <tr>
+ <td>
+ <#if permission.description??>
+ ${permission.description}
+ </#if>
+ </td>
+ <td>
+ <#if permission.scopes?size != 0>
+ <#list permission.scopes as scope>
+ <div class="search-box">
+ <#if scope.displayName??>
+ ${scope.displayName}
+ <#else>
+ ${scope.name}
+ </#if>
+ <button class="close-icon" type="button" name="removePolicyScope-${authorization.resource.id}-${permission.id}-${scope.id}" onclick="removeScopeElm(this.parentNode);document.forms['revokePolicyForm-${authorization.resource.id}-${permission.id}'].submit();"><i class="fa fa-times" aria-hidden="true"></i></button>
+ <input type="hidden" name="permission_id" value="${permission.id}:${scope.id}"/>
+ </div>
+ </#list>
+ <#else>
+ ${msg("anyAction")}
+ </#if>
+ </td>
+ <td width="20%" align="middle" style="vertical-align: middle">
+ <a href="#" id="revokePolicy-${authorization.resource.name}-${permission.id}" onclick="document.forms['revokePolicyForm-${authorization.resource.id}-${permission.id}']['action'].value = 'revokePolicyAll';document.forms['revokePolicyForm-${authorization.resource.id}-${permission.id}'].submit();" type="submit" class="btn btn-primary">${msg("doRevoke")}</a>
+ </td>
+ </tr>
+ </form>
+ </#list>
+ <#else>
+ <tr>
+ <td colspan="3">
+ ${msg("resourceNoPermissionsGrantingAccess")}
+ </td>
+ </tr>
+ </#if>
+ </tbody>
+ </table>
+ </form>
+ </div>
+ </div>
+ <div class="row">
+ <div class="col-md-10">
+ <h3>
+ ${msg("shareWithOthers")}
+ </h3>
+ </div>
+ </div>
+ <div class="row">
+ <div class="col-md-10">
+ <form action="${url.getResourceShare(authorization.resource.id)}" name="shareForm" method="post">
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+ <div class="col-sm-3 col-md-3">
+ <label for="password" class="control-label">${msg("username")} or ${msg("email")} </label> <span class="required">*</span>
+ </div>
+ <div class="col-sm-8 col-md-8">
+ <div class="row">
+ <div class="col-md-12">
+ <input type="text" class="form-control" id="user_id" name="user_id" autofocus autocomplete="off">
+ </div>
+ <div class="col-md-12">
+ <br/>
+ <#list authorization.resource.scopes as scope>
+ <div id="scope" class="search-box">
+ <#if scope.displayName??>
+ ${scope.displayName}
+ <#else>
+ ${scope.name}
+ </#if>
+ <button class="close-icon" id="share-remove-scope-${authorization.resource.name}-${scope.name}" type="button" onclick="if (getChildren(this.parentNode.parentNode, 'scope').length > 1) {removeScopeElm(this.parentNode)}"><i class="fa fa-times" aria-hidden="true"></i></button>
+ <input type="hidden" name="scope_id" value="${scope.id}"/>
+ </div>
+ </#list>
+ </div>
+ <div class="col-md-12">
+ <br/>
+ <a href="#" onclick="document.forms['shareForm'].submit()" type="submit" id="share-button" class="btn btn-primary">${msg("share")}</a>
+ </div>
+ </div>
+ </div>
+ </form>
+ </div>
+ </div>
+ <br/>
+</@layout.mainLayout>
diff --git a/account/resources.ftl b/account/resources.ftl
new file mode 100644
index 0000000..011e181
--- /dev/null
+++ b/account/resources.ftl
@@ -0,0 +1,399 @@
+<#import "template.ftl" as layout>
+<@layout.mainLayout active='authorization' bodyClass='authorization'; section>
+ <style>
+ .search-box,.close-icon,.search-wrapper {
+ position: relative;
+ }
+ .search-wrapper {
+ width: 500px;
+ margin: auto;
+ margin-top: 50px;
+ }
+ .search-box {
+ font-weight: 600;
+ color: white;
+ border: 1px solid #006e9c;
+ outline: 0;
+ border-radius: 15px;
+ background-color: #0085cf;
+ padding: 2px 5px;
+ }
+ .search-box:focus {
+ box-shadow: 0 0 15px 5px #b0e0ee;
+ border: 2px solid #bebede;
+ }
+ .close-icon {
+ border:1px solid transparent;
+ background-color: transparent;
+ display: inline-block;
+ float: right;
+ outline: 0;
+ cursor: pointer;
+ }
+ .close-icon:after {
+ display: block;
+ width: 15px;
+ height: 15px;
+ background-color: #FA9595;
+ z-index:1;
+ right: 35px;
+ top: 0;
+ bottom: 0;
+ margin: auto;
+ padding: 2px;
+ border-radius: 50%;
+ text-align: center;
+ color: white;
+ font-weight: normal;
+ font-size: 12px;
+ box-shadow: 0 0 2px #E50F0F;
+ cursor: pointer;
+ }
+ .search-box:not(:valid) ~ .close-icon {
+ display: none;
+ }
+ </style>
+ <script>
+ function showHideActions(elm) {
+ if (elm.style.display == 'none') {
+ elm.style.display = '';
+ } else {
+ elm.style.display = 'none';
+ }
+ }
+ function removeScopeElm(elm) {
+ var td = elm.parentNode;
+ var tr = td.parentNode;
+ var tbody = tr.parentNode;
+
+ td.removeChild(elm);
+
+ var childCount = td.childNodes.length - 1;
+
+ for (i = 0; i < td.childNodes.length; i++) {
+ if (!td.childNodes[i].tagName || td.childNodes[i].tagName.toUpperCase() != 'DIV') {
+ td.removeChild(td.childNodes[i]);
+ childCount--;
+ }
+ }
+
+ if (childCount <= 0) {
+ tbody.removeChild(tr);
+ }
+ }
+
+ function removeAllScopes(id) {
+ var scopesElm = document.getElementsByName('removeScope-' + id);
+
+ for (i = 0; i < scopesElm.length; i++) {
+ var td = scopesElm[i].parentNode.parentNode;
+ var tr = td.parentNode;
+ var tbody = tr.parentNode;
+ tbody.removeChild(tr);
+ }
+ }
+
+ function selectAllCheckBoxes(formName, elm, name) {
+ var shares = document.forms[formName].getElementsByTagName('input');
+
+ for (i = 0; i < shares.length; i++) {
+ if (shares[i].name == name) {
+ shares[i].checked = elm.checked;
+ }
+ }
+ }
+ </script>
+ <div class="row">
+ <div class="col-md-10">
+ <h2>
+ ${msg("myResources")}
+ </h2>
+ </div>
+ </div>
+
+ <#if authorization.resourcesWaitingApproval?size != 0>
+ <div class="row">
+ <div class="col-md-12">
+ <h3>
+ ${msg("needMyApproval")}
+ </h3>
+ </div>
+ </div>
+ <div class="row">
+ <div class="col-md-12">
+ <table class="table table-striped table-bordered">
+ <thead>
+ <tr>
+ <th>${msg("resource")}</th>
+ <th>${msg("requestor")}</th>
+ <th>${msg("permissionRequestion")}</th>
+ <th>${msg("action")}</th>
+ </tr>
+ </thead>
+ <tbody>
+ <#list authorization.resourcesWaitingApproval as resource>
+ <#list resource.permissions as permission>
+ <form action="${url.getResourceGrant(resource.id)}" name="approveForm-${resource.id}-${permission.requester.username}" method="post">
+ <input type="hidden" name="action" value="grant">
+ <input type="hidden" name="requester" value="${permission.requester.username}">
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+ <tr>
+ <td>
+ <#if resource.displayName??>${resource.displayName}<#else>${resource.name}</#if>
+ </td>
+ <td>
+ <#if permission.requester.email??>${permission.requester.email}<#else>${permission.requester.username}</#if>
+ </td>
+ <td>
+ <#list permission.scopes as scope>
+ <#if scope.scope??>
+ <div class="search-box">
+ <#if scope.scope.displayName??>
+ ${scope.scope.displayName}
+ <#else>
+ ${scope.scope.name}
+ </#if>
+ <button class="close-icon" type="button" id="grant-remove-scope-${resource.name}-${permission.requester.username}-${scope.scope.name}" name="removeScope-${resource.id}-${permission.requester.username}" onclick="removeScopeElm(this.parentNode);document.forms['approveForm-${resource.id}-${permission.requester.username}']['action'].value = 'deny';document.forms['approveForm-${resource.id}-${permission.requester.username}'].submit();"><i class="fa fa-times" aria-hidden="true"></i></button>
+ <input type="hidden" name="permission_id" value="${scope.id}"/>
+ </div>
+ <#else>
+ ${msg("anyPermission")}
+ </#if>
+ </#list>
+ </td>
+ <td width="20%" align="middle" style="vertical-align: middle">
+ <a href="#" id="grant-${resource.name}-${permission.requester.username}" onclick="document.forms['approveForm-${resource.id}-${permission.requester.username}']['action'].value = 'grant';document.forms['approveForm-${resource.id}-${permission.requester.username}'].submit();" type="submit" class="btn btn-primary">${msg("doApprove")}</a>
+ <a href="#" id="deny-${resource.name}-${permission.requester.username}" onclick="removeAllScopes('${resource.id}-${permission.requester.username}');document.forms['approveForm-${resource.id}-${permission.requester.username}']['action'].value = 'deny';document.forms['approveForm-${resource.id}-${permission.requester.username}'].submit();" type="submit" class="btn btn-danger">${msg("doDeny")}</a>
+ </td>
+ </tr>
+ </form>
+ </#list>
+ </#list>
+ </tbody>
+ </table>
+ </div>
+ </div>
+ </#if>
+
+ <div class="row">
+ <div class="col-md-12">
+ <h3>
+ ${msg("myResourcesSub")}
+ </h3>
+ </div>
+ </div>
+ <div class="row">
+ <div class="col-md-12">
+ <table class="table table-striped table-bordered">
+ <thead>
+ <tr>
+ <th>${msg("resource")}</th>
+ <th>${msg("application")}</th>
+ <th>${msg("peopleSharingThisResource")}</th>
+ </tr>
+ </thead>
+
+ <tbody>
+ <#if authorization.resources?size != 0>
+ <#list authorization.resources as resource>
+ <tr>
+ <td>
+ <a id="detail-${resource.name}" href="${url.getResourceDetailUrl(resource.id)}">
+ <#if resource.displayName??>${resource.displayName}<#else>${resource.name}</#if>
+ </a>
+ </td>
+ <td>
+ <#if resource.resourceServer.baseUri??>
+ <a href="${resource.resourceServer.baseUri}">${resource.resourceServer.name}</a>
+ <#else>
+ ${resource.resourceServer.name}
+ </#if>
+ </td>
+ <td>
+ <#if resource.shares?size != 0>
+ <a href="${url.getResourceDetailUrl(resource.id)}">${resource.shares?size} <i class="fa fa-users"></i></a>
+ <#else>
+ ${msg("notBeingShared")}
+ </#if>
+ </td>
+ </tr>
+ </#list>
+ <#else>
+ <tr>
+ <td colspan="4">${msg("notHaveAnyResource")}</td>
+ </tr>
+ </#if>
+ </tbody>
+ </table>
+ </div>
+ </div>
+
+ <div class="row">
+ <div class="col-md-12">
+ <h3>
+ ${msg("resourcesSharedWithMe")}
+ </h3>
+ </div>
+ </div>
+ <div class="row">
+ <div class="col-md-12">
+ <form action="${url.resourceUrl}" name="shareForm" method="post">
+ <input type="hidden" name="action" value="cancel"/>
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+ <table class="table table-striped table-bordered">
+ <thead>
+ <tr>
+ <th width="5%"><input type="checkbox" onclick="selectAllCheckBoxes('shareForm', this, 'resource_id');" <#if authorization.sharedResources?size == 0>disabled="true"</#if></td>
+ <th>${msg("resource")}</th>
+ <th>${msg("owner")}</th>
+ <th>${msg("application")}</th>
+ <th>${msg("permission")}</th>
+ <th>${msg("date")}</th>
+ </tr>
+ </thead>
+ <tbody>
+ <#if authorization.sharedResources?size != 0>
+ <#list authorization.sharedResources as resource>
+ <tr>
+ <td>
+ <input type="checkbox" name="resource_id" value="${resource.id}"/>
+ </td>
+ <td>
+ <#if resource.displayName??>${resource.displayName}<#else>${resource.name}</#if>
+ </td>
+ <td>
+ <#if resource.owner.email??>${resource.owner.email}<#else>${resource.owner.username}</#if>
+ </td>
+ <td>
+ <a href="${resource.resourceServer.baseUri}">${resource.resourceServer.name}</a>
+ </td>
+ <td>
+ <#if resource.permissions?size != 0>
+ <ul>
+ <#list resource.permissions as permission>
+ <#list permission.scopes as scope>
+ <#if scope.granted && scope.scope??>
+ <li>
+ <#if scope.scope.displayName??>
+ ${scope.scope.displayName}
+ <#else>
+ ${scope.scope.name}
+ </#if>
+ </li>
+ <#else>
+ ${msg("anyPermission")}
+ </#if>
+ </#list>
+ </#list>
+ </ul>
+ <#else>
+ Any action
+ </#if>
+ </td>
+ <td>
+ ${resource.permissions[0].grantedDate?datetime}
+ </td>
+ </tr>
+ </#list>
+ <#else>
+ <tr>
+ <td colspan="6">${msg("noResourcesSharedWithYou")}</td>
+ </tr>
+ </#if>
+ </tbody>
+ </table>
+ </form>
+ </div>
+ <#if authorization.sharedResources?size != 0>
+ <div class="col-md-12">
+ <a href="#" onclick="document.forms['shareForm'].submit();" type="submit" class="btn btn-danger">${msg("doRemoveSharing")}</a>
+ </div>
+ </#if>
+ </div>
+
+ <#if authorization.resourcesWaitingOthersApproval?size != 0>
+ <br/>
+ <div class="row">
+ <div class="col-md-12">
+ <h3>
+ ${msg("requestsWaitingApproval")}
+ </h3>
+ </div>
+ </div>
+ <div class="row">
+ <div class="col-md-12">
+ <i class="pficon pficon-info"></i> ${msg("havePermissionRequestsWaitingForApproval",authorization.resourcesWaitingOthersApproval?size)}
+ <a href="#" onclick="document.getElementById('waitingApproval').style.display=''">${msg("clickHereForDetails")}</a>
+ <div class="row">
+ <div class="col-md-12"></div>
+ </div>
+ <div class="row">
+ <div class="col-md-12"></div>
+ </div>
+ <div class="row">
+ <div class="col-md-12"></div>
+ </div>
+ <div class="row" id="waitingApproval" style="display:none">
+ <div class="col-md-12">
+ <form action="${url.resourceUrl}" name="waitingApprovalForm" method="post">
+ <input type="hidden" name="action" value="cancelRequest"/>
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+ <table class="table table-striped table-bordered">
+ <thead>
+ <tr>
+ <th width="5%"><input type="checkbox" onclick="selectAllCheckBoxes('waitingApprovalForm', this, 'resource_id');" <#if authorization.resourcesWaitingOthersApproval?size == 0>disabled="true"</#if></th>
+ <th>${msg("resource")}</th>
+ <th>${msg("owner")}</th>
+ <th>${msg("action")}</th>
+ <th>${msg("date")}</th>
+ </tr>
+ </thead>
+ <tbody>
+ <#list authorization.resourcesWaitingOthersApproval as resource>
+ <tr>
+ <td>
+ <input type="checkbox" name="resource_id" value="${resource.id}"/>
+ </td>
+ <td>
+ <#if resource.displayName??>${resource.displayName}<#else>${resource.name}</#if>
+ </td>
+ <td>
+ <#if resource.owner.email??>${resource.owner.email}<#else>${resource.owner.username}</#if>
+ </td>
+ <td>
+ <ul>
+ <#list resource.permissions as permission>
+ <#list permission.scopes as scope>
+ <li>
+ <#if scope.scope??>
+ <#if scope.scope.displayName??>
+ ${scope.scope.displayName}
+ <#else>
+ ${scope.scope.name}
+ </#if>
+ <#else>
+ ${msg("anyPermission")}
+ </#if>
+ </li>
+ </#list>
+ </#list>
+ </ul>
+ </td>
+ <td>
+ ${resource.permissions[0].createdDate?datetime}
+ </td>
+ </tr>
+ </#list>
+ </tbody>
+ </table>
+ </form>
+ </div>
+ <div class="col-md-12">
+ <a href="#" onclick="document.forms['waitingApprovalForm'].submit();" type="submit" class="btn btn-danger">${msg("doRemoveRequest")}</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </#if>
+
+</@layout.mainLayout> \ No newline at end of file
diff --git a/account/sessions.ftl b/account/sessions.ftl
new file mode 100644
index 0000000..89dbf65
--- /dev/null
+++ b/account/sessions.ftl
@@ -0,0 +1,44 @@
+<#import "template.ftl" as layout>
+<@layout.mainLayout active='sessions' bodyClass='sessions'; section>
+
+ <div class="row">
+ <div class="col-md-10">
+ <h2>${msg("sessionsHtmlTitle")}</h2>
+ </div>
+ </div>
+
+ <table class="table table-striped table-bordered">
+ <thead>
+ <tr>
+ <td>${msg("ip")}</td>
+ <td>${msg("started")}</td>
+ <td>${msg("lastAccess")}</td>
+ <td>${msg("expires")}</td>
+ <td>${msg("clients")}</td>
+ </tr>
+ </thead>
+
+ <tbody>
+ <#list sessions.sessions as session>
+ <tr>
+ <td>${session.ipAddress}</td>
+ <td>${session.started?datetime}</td>
+ <td>${session.lastAccess?datetime}</td>
+ <td>${session.expires?datetime}</td>
+ <td>
+ <#list session.clients as client>
+ ${client}<br/>
+ </#list>
+ </td>
+ </tr>
+ </#list>
+ </tbody>
+
+ </table>
+
+ <form action="${url.sessionsUrl}" method="post">
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+ <button id="logout-all-sessions" class="btn btn-default">${msg("doLogOutAllSessions")}</button>
+ </form>
+
+</@layout.mainLayout>
diff --git a/account/template.ftl b/account/template.ftl
new file mode 100644
index 0000000..fc4ebe3
--- /dev/null
+++ b/account/template.ftl
@@ -0,0 +1,83 @@
+<#macro mainLayout active bodyClass>
+<!doctype html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <meta name="robots" content="noindex, nofollow">
+
+ <title>${msg("accountManagementTitle")}</title>
+ <link rel="icon" href="${url.resourcesPath}/img/favicon.ico">
+ <#if properties.styles?has_content>
+ <#list properties.styles?split(' ') as style>
+ <link href="${url.resourcesPath}/${style}" rel="stylesheet" />
+ </#list>
+ </#if>
+ <#if properties.scripts?has_content>
+ <#list properties.scripts?split(' ') as script>
+ <script type="text/javascript" src="${url.resourcesPath}/${script}"></script>
+ </#list>
+ </#if>
+</head>
+<body class="admin-console user ${bodyClass}">
+
+ <header class="navbar navbar-default navbar-pf navbar-main header">
+ <nav class="navbar" role="navigation">
+ <div class="navbar-header">
+ <div class="container">
+ <h1 class="navbar-title">Keycloak</h1>
+ </div>
+ </div>
+ <div class="navbar-collapse navbar-collapse-1">
+ <div class="container">
+ <ul class="nav navbar-nav navbar-utility">
+ <#if realm.internationalizationEnabled>
+ <li>
+ <div class="kc-dropdown" id="kc-locale-dropdown">
+ <a href="#" id="kc-current-locale-link">${locale.current}</a>
+ <ul>
+ <#list locale.supported as l>
+ <li class="kc-dropdown-item"><a href="${l.url}">${l.label}</a></li>
+ </#list>
+ </ul>
+ </div>
+ <li>
+ </#if>
+ <#if referrer?has_content && referrer.url?has_content><li><a href="${referrer.url}" id="referrer">${msg("backTo",referrer.name)}</a></li></#if>
+ <li><a href="${url.logoutUrl}">${msg("doSignOut")}</a></li>
+ </ul>
+ </div>
+ </div>
+ </nav>
+ </header>
+
+ <div class="container">
+ <div class="bs-sidebar col-sm-3">
+ <ul>
+ <li class="<#if active=='account'>active</#if>"><a href="${url.accountUrl}">${msg("account")}</a></li>
+ <#if features.passwordUpdateSupported><li class="<#if active=='password'>active</#if>"><a href="${url.passwordUrl}">${msg("password")}</a></li></#if>
+ <li class="<#if active=='totp'>active</#if>"><a href="${url.totpUrl}">${msg("authenticator")}</a></li>
+ <#if features.identityFederation><li class="<#if active=='social'>active</#if>"><a href="${url.socialUrl}">${msg("federatedIdentity")}</a></li></#if>
+ <li class="<#if active=='sessions'>active</#if>"><a href="${url.sessionsUrl}">${msg("sessions")}</a></li>
+ <li class="<#if active=='applications'>active</#if>"><a href="${url.applicationsUrl}">${msg("applications")}</a></li>
+ <#if features.log><li class="<#if active=='log'>active</#if>"><a href="${url.logUrl}">${msg("log")}</a></li></#if>
+ <#if realm.userManagedAccessAllowed && features.authorization><li class="<#if active=='authorization'>active</#if>"><a href="${url.resourceUrl}">${msg("myResources")}</a></li></#if>
+ </ul>
+ </div>
+
+ <div class="col-sm-9 content-area">
+ <#if message?has_content>
+ <div class="alert alert-${message.type}">
+ <#if message.type=='success' ><span class="pficon pficon-ok"></span></#if>
+ <#if message.type=='error' ><span class="pficon pficon-error-circle-o"></span></#if>
+ <span class="kc-feedback-text">${kcSanitize(message.summary)?no_esc}</span>
+ </div>
+ </#if>
+
+ <#nested "content">
+ </div>
+ </div>
+
+</body>
+</html>
+</#macro> \ No newline at end of file
diff --git a/account/theme.properties b/account/theme.properties
new file mode 100644
index 0000000..1b3474b
--- /dev/null
+++ b/account/theme.properties
@@ -0,0 +1 @@
+locales=ca,de,en,es,fr,it,ja,lt,nl,no,pl,pt-BR,ru,sk,sv,tr,zh-CN
diff --git a/account/totp.ftl b/account/totp.ftl
new file mode 100644
index 0000000..987fe24
--- /dev/null
+++ b/account/totp.ftl
@@ -0,0 +1,141 @@
+<#import "template.ftl" as layout>
+<@layout.mainLayout active='totp' bodyClass='totp'; section>
+
+ <div class="row">
+ <div class="col-md-10">
+ <h2>${msg("authenticatorTitle")}</h2>
+ </div>
+ <#if totp.otpCredentials?size == 0>
+ <div class="col-md-2 subtitle">
+ <span class="subtitle"><span class="required">*</span> ${msg("requiredFields")}</span>
+ </div>
+ </#if>
+ </div>
+
+ <#if totp.enabled>
+ <table class="table table-bordered table-striped">
+ <thead>
+ <#if totp.otpCredentials?size gt 1>
+ <tr>
+ <th colspan="4">${msg("configureAuthenticators")}</th>
+ </tr>
+ <#else>
+ <tr>
+ <th colspan="3">${msg("configureAuthenticators")}</th>
+ </tr>
+ </#if>
+ </thead>
+ <tbody>
+ <#list totp.otpCredentials as credential>
+ <tr>
+ <td class="provider">${msg("mobile")}</td>
+ <#if totp.otpCredentials?size gt 1>
+ <td class="provider">${credential.id}</td>
+ </#if>
+ <td class="provider">${credential.userLabel!}</td>
+ <td class="action">
+ <form action="${url.totpUrl}" method="post" class="form-inline">
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+ <input type="hidden" id="submitAction" name="submitAction" value="Delete">
+ <input type="hidden" id="credentialId" name="credentialId" value="${credential.id}">
+ <button id="remove-mobile" class="btn btn-default">
+ <i class="pficon pficon-delete"></i>
+ </button>
+ </form>
+ </td>
+ </tr>
+ </#list>
+ </tbody>
+ </table>
+ <#else>
+
+ <hr/>
+
+ <ol>
+ <li>
+ <p>${msg("totpStep1")}</p>
+
+ <ul>
+ <#list totp.policy.supportedApplications as app>
+ <li>${app}</li>
+ </#list>
+ </ul>
+ </li>
+
+ <#if mode?? && mode = "manual">
+ <li>
+ <p>${msg("totpManualStep2")}</p>
+ <p><span id="kc-totp-secret-key">${totp.totpSecretEncoded}</span></p>
+ <p><a href="${totp.qrUrl}" id="mode-barcode">${msg("totpScanBarcode")}</a></p>
+ </li>
+ <li>
+ <p>${msg("totpManualStep3")}</p>
+ <ul>
+ <li id="kc-totp-type">${msg("totpType")}: ${msg("totp." + totp.policy.type)}</li>
+ <li id="kc-totp-algorithm">${msg("totpAlgorithm")}: ${totp.policy.getAlgorithmKey()}</li>
+ <li id="kc-totp-digits">${msg("totpDigits")}: ${totp.policy.digits}</li>
+ <#if totp.policy.type = "totp">
+ <li id="kc-totp-period">${msg("totpInterval")}: ${totp.policy.period}</li>
+ <#elseif totp.policy.type = "hotp">
+ <li id="kc-totp-counter">${msg("totpCounter")}: ${totp.policy.initialCounter}</li>
+ </#if>
+ </ul>
+ </li>
+ <#else>
+ <li>
+ <p>${msg("totpStep2")}</p>
+ <p><img src="data:image/png;base64, ${totp.totpSecretQrCode}" alt="Figure: Barcode"></p>
+ <p><a href="${totp.manualUrl}" id="mode-manual">${msg("totpUnableToScan")}</a></p>
+ </li>
+ </#if>
+ <li>
+ <p>${msg("totpStep3")}</p>
+ <p>${msg("totpStep3DeviceName")}</p>
+ </li>
+ </ol>
+
+ <hr/>
+
+ <form action="${url.totpUrl}" class="form-horizontal" method="post">
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+ <div class="form-group">
+ <div class="col-sm-2 col-md-2">
+ <label for="totp" class="control-label">${msg("authenticatorCode")}</label> <span class="required">*</span>
+ </div>
+
+ <div class="col-sm-10 col-md-10">
+ <input type="text" class="form-control" id="totp" name="totp" autocomplete="off" autofocus>
+ <input type="hidden" id="totpSecret" name="totpSecret" value="${totp.totpSecret}"/>
+ </div>
+
+
+ </div>
+
+ <div class="form-group" ${messagesPerField.printIfExists('userLabel',properties.kcFormGroupErrorClass!)}">
+ <div class="col-sm-2 col-md-2">
+ <label for="userLabel" class="control-label">${msg("totpDeviceName")}</label> <#if totp.otpCredentials?size gte 1><span class="required">*</span></#if>
+ </div>
+
+ <div class="col-sm-10 col-md-10">
+ <input type="text" class="form-control" id="userLabel" name="userLabel" autocomplete="off">
+ </div>
+ </div>
+
+ <div class="form-group">
+ <div id="kc-form-buttons" class="col-md-offset-2 col-md-10 submit">
+ <div class="">
+ <button type="submit"
+ class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}"
+ id="saveTOTPBtn" name="submitAction" value="Save">${msg("doSave")}
+ </button>
+ <button type="submit"
+ class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}"
+ id="cancelTOTPBtn" name="submitAction" value="Cancel">${msg("doCancel")}
+ </button>
+ </div>
+ </div>
+ </div>
+ </form>
+ </#if>
+
+</@layout.mainLayout>
diff --git a/admin/index.ftl b/admin/index.ftl
new file mode 100644
index 0000000..b54cebf
--- /dev/null
+++ b/admin/index.ftl
@@ -0,0 +1,113 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title></title>
+
+ <meta charset="utf-8">
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <meta name="robots" content="noindex, nofollow">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+ <link rel="shortcut icon" href="${resourceUrl}/img/favicon.ico">
+ <#if properties.styles?has_content>
+ <#list properties.styles?split(' ') as style>
+ <link href="${resourceUrl}/${style}" rel="stylesheet" />
+ </#list>
+ </#if>
+
+ <script type="text/javascript">
+ var authServerUrl = '${authServerUrl}';
+ var authUrl = '${authUrl}';
+ var consoleBaseUrl = '${consoleBaseUrl}';
+ var resourceUrl = '${resourceUrl}';
+ var masterRealm = '${masterRealm}';
+ var resourceVersion = '${resourceVersion}';
+ </script>
+
+ <!-- Minimized versions (for those that have one) -->
+ <script src="${resourceUrl}/node_modules/jquery/dist/jquery.min.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/node_modules/select2/select2.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/node_modules/angular/angular.min.js"></script>
+ <script src="${resourceUrl}/node_modules/angular-resource/angular-resource.min.js"></script>
+ <script src="${resourceUrl}/node_modules/angular-route/angular-route.min.js"></script>
+ <script src="${resourceUrl}/node_modules/angular-cookies/angular-cookies.min.js"></script>
+ <script src="${resourceUrl}/node_modules/angular-sanitize/angular-sanitize.min.js"></script>
+ <script src="${resourceUrl}/node_modules/angular-translate/dist/angular-translate.min.js"></script>
+ <script src="${resourceUrl}/node_modules/angular-translate-loader-url/angular-translate-loader-url.min.js"></script>
+ <script src="${resourceUrl}/node_modules/angular-ui-select2/src/select2.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/node_modules/autofill-event/autofill-event.js"></script>
+
+
+ <!-- Unminimized versions
+ <script src="${resourceUrl}/node_modules/jquery/dist/jquery.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/node_modules/select2/select2.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/node_modules/angular/angular.js"></script>
+ <script src="${resourceUrl}/node_modules/angular-resource/angular-resource.js"></script>
+ <script src="${resourceUrl}/node_modules/angular-route/angular-route.js"></script>
+ <script src="${resourceUrl}/node_modules/angular-cookies/angular-cookies.js"></script>
+ <script src="${resourceUrl}/node_modules/angular-sanitize/angular-sanitize.js"></script>
+ <script src="${resourceUrl}/node_modules/angular-translate/dist/angular-translate.js"></script>
+ <script src="${resourceUrl}/node_modules/angular-translate-loader-url/angular-translate-loader-url.js"></script>
+ <script src="${resourceUrl}/node_modules/angular-ui-select2/src/select2.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/node_modules/autofill-event/autofill-event.js"></script>
+ -->
+
+ <!-- Libraries not managed by yarn -->
+ <script src="${resourceUrl}/lib/angular/ui-bootstrap-tpls-0.11.0.js"></script>
+ <script src="${resourceUrl}/lib/angular/treeview/angular.treeview.js"></script>
+ <script src="${resourceUrl}/lib/fileupload/angular-file-upload.min.js"></script>
+ <script src="${resourceUrl}/lib/filesaver/FileSaver.js"></script>
+ <script src="${resourceUrl}/lib/ui-ace/min/ace.js"></script>
+ <script src="${resourceUrl}/lib/ui-ace/ui-ace.min.js"></script>
+
+ <script src="${authUrl}/js/keycloak.js?version=${resourceVersion}" type="text/javascript"></script>
+
+ <script src="${resourceUrl}/js/app.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/js/controllers/realm.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/js/controllers/clients.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/js/controllers/users.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/js/controllers/groups.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/js/controllers/roles.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/js/loaders.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/js/services.js" type="text/javascript"></script>
+
+ <!-- Authorization -->
+ <script src="${resourceUrl}/js/authz/authz-app.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/js/authz/authz-controller.js" type="text/javascript"></script>
+ <script src="${resourceUrl}/js/authz/authz-services.js" type="text/javascript"></script>
+
+ <#if properties.scripts?has_content>
+ <#list properties.scripts?split(' ') as script>
+ <script type="text/javascript" src="${resourceUrl}/${script}"></script>
+ </#list>
+ </#if>
+</head>
+<body data-ng-controller="GlobalCtrl" data-ng-cloak data-ng-show="auth.user">
+
+<nav class="navbar navbar-default navbar-pf" role="navigation" data-ng-include data-src="resourceUrl + '/partials/menu.html'">
+</nav>
+
+<div class="container-fluid">
+<div class="row">
+ <div data-ng-view id="view"></div>
+</div>
+</div>
+
+<div class="feedback-aligner" data-ng-show="notification.display">
+ <div class="alert alert-{{notification.type}} alert-dismissable">
+ <button type="button" class="close" data-ng-click="notification.remove()" id="notification-close">
+ <span class="pficon pficon-close"/>
+ </button>
+
+ <span class="pficon pficon-ok" ng-show="notification.type == 'success'"></span>
+ <span class="pficon pficon-info" ng-show="notification.type == 'info'"></span>
+ <span class="pficon pficon-warning-triangle-o" ng-show="notification.type == 'warning'"></span>
+ <span class="pficon pficon-error-circle-o" ng-show="notification.type == 'danger'"></span>
+ <strong>{{notification.header}}</strong> {{notification.message}}
+ </div>
+</div>
+
+<div id="loading" class="loading">Loading...</div>
+
+</body>
+</html> \ No newline at end of file
diff --git a/admin/messages/admin-messages_ca.properties b/admin/messages/admin-messages_ca.properties
new file mode 100644
index 0000000..edb0575
--- /dev/null
+++ b/admin/messages/admin-messages_ca.properties
@@ -0,0 +1,466 @@
+# Common messages
+enabled=Habilitat
+name=Nom
+save=Desar
+cancel=Cancel\u00B7la
+onText=SI
+offText=NO
+client=Client
+clients=Clients
+clear=Neteja
+selectOne=Selecciona un...
+
+true=S\u00ED
+false=No
+
+
+# Realm settings
+realm-detail.enabled.tooltip=Els usuaris i clients nom\u00E9s poden accedir a un domini si est\u00E0 habilitat
+registrationAllowed=Registre d''usuari
+registrationAllowed.tooltip=Habilitar/deshabilitar la p\u00E0gina de registre. Un enlla\u00E7 per al registre es mostrar\u00E0 tamb\u00E9 a la p\u00E0gina d''inici de sessi\u00F3.
+registrationEmailAsUsername=Email com a nom d''usuari
+registrationEmailAsUsername.tooltip=Si est\u00E0 habilitat el nom d''usuari queda ocult del formulari de registre i l''email es fa servir com a nom d''usuari per als nous usuaris.
+editUsernameAllowed=Edita el nom d''usuari
+editUsernameAllowed.tooltip=Si est\u00E0 habilitat, el nom d''usuari \u00E9s editable, altrament \u00E9s de nom\u00E9s lectura.
+resetPasswordAllowed=Oblit contrasenya
+resetPasswordAllowed.tooltip=Mostra un enlla\u00E7 a la p\u00E0gina d''inici de sessi\u00F3 perqu\u00E8 l''usuari faci clic quan ha oblidat les seves credencials.
+rememberMe=Mantenir connectat
+rememberMe.tooltip=Mostra la casella de selecci\u00F3 en la p\u00E0gina d''inici de sessi\u00F3 per a permetre a l''usuari estar connectat entre reinicis del navegador fins que la sessi\u00F3 expiri.
+verifyEmail=Verificar email
+verifyEmail.tooltip=For\u00E7ar l''usuari a verificar la seva adre\u00E7a de correu electr\u00F2nic la primera vegada que inici\u00EF sessi\u00F3.
+sslRequired=Sol\u00B7licitar SSL
+sslRequired.option.all=totes les peticions
+sslRequired.option.external=peticions externes
+sslRequired.option.none=cap
+sslRequired.tooltip=\u00C9s HTTP obligatori? ''cap'' significa que HTTPS no \u00E9s obligatori per cap direcic\u00F3n IP de client, ''peticions externes'' indica que localhost i les adreces IP privades poden accedir sense HTTPS, ''totes les peticions'' vol dir que HTTPS \u00E9s obligatori per a totes les adreces IP.
+publicKey=Clau p\u00FAblica
+gen-new-keys=Generar noves claus
+certificate=Certificat
+host=Host
+smtp-host=Host SMTP
+port=Port
+smtp-port=Port SMTP (per defecte 25)
+from=Des de
+sender-email-addr=Email del emissor
+enable-ssl=Habilitar SSL
+enable-start-tls=Habilitar StartTLS
+enable-auth=Habilitar autenticaci\u00F3
+username=Usuari
+login-username=Usuari
+password=Contrasenya
+login-password=Contrasenya
+login-theme=Tema d''inici de sessi\u00F3
+select-one=Selecciona un...
+login-theme.tooltip=Selecciona el tema per a les p\u00E0gines d''inici de sessi\u00F3, OTP, permisos, registre i recordatori de contrasenya.
+account-theme=Tema de compte
+account-theme.tooltip=Selecciona el tema per a les p\u00E0gines de gesti\u00F3 del compte d''usuari.
+admin-console-theme=Tema de consola d''administraci\u00F3
+select-theme-admin-console=Selecciona el tema per a la consola d''administraci\u00F3.
+email-theme=Tema d''email
+select-theme-email=Selecciona el tema per als correus electr\u00F2nics que s\u00F3n enviats pel servidor.
+i18n-enabled=Internacionalitzaci\u00F3 activa
+supported-locales=Idiomes suportats
+supported-locales.placeholder=Indica l''idioma i prem Intro
+default-locale=Idioma per defecte
+realm-cache-enabled=Cach\u00E9 de domini habilitada
+realm-cache-enabled.tooltip=Activar/desactivar la cach\u00E9 per al domini, client i dades de rols.
+user-cache-enabled=Cach\u00E9 d''usuari habilitada
+user-cache-enabled.tooltip=Habilitar/deshabilitar la cach\u00E9 d''usuaris i d''assignacions d''usuaris a rols.
+revoke-refresh-token=Revocar el token d''actualitzaci\u00F3
+revoke-refresh-token.tooltip=Si est\u00E0 activat els tokens d''actualitzaci\u00F3 nom\u00E9s poden usar-se una vegada. En un altre cas els tokens d''actualitzaci\u00F3 no es revoquen quan s''utilitzen i poden ser usat m\u00FAltiples vegades.
+sso-session-idle=Sessions SSO inactives
+seconds=Segons
+minutes=Minuts
+hours=Hores
+days=Dies
+sso-session-max=Temps m\u00E0xim sessi\u00F3 SSO
+sso-session-idle.tooltip=Temps m\u00E0xim que una sessi\u00F3 pot estar inactiva abans que expiri. Els tokens i sessions de navegador s\u00F3n invalidades quan la sessi\u00F3 expira.
+sso-session-max.tooltip=Temps m\u00E0xim abans que una sessi\u00F3 expiri. Els tokens i sessions de navegador s\u00F3n invalidats quan una sessi\u00F3 expira.
+offline-session-idle=Inactivitat de sessi\u00F3 sense connexi\u00F3
+offline-session-idle.tooltip=Temps m\u00E0xim inactiu d''una sessi\u00F3 sense connexi\u00F3 abans que expiri. Necessites fer servi un token sense connexi\u00F3 per refrescar almenys una vegada dins d'aquest per\u00EDode, en un altre cas la sessi\u00F3 sense connexi\u00F3 expirar\u00E0.
+access-token-lifespan=Durada del token d''acc\u00E9s
+access-token-lifespan.tooltip=Temps m\u00E0xim abans que un token d''acc\u00E9s expiri. Es recomana que aquest valor sigui curt en relaci\u00F3 al temps m\u00E0xim de SSO
+client-login-timeout=Temps m\u00E0xim d''autenticaci\u00F3
+client-login-timeout.tooltip=Temps m\u00E0xim que un client t\u00E9 per finalitzar el protocol d''obtenci\u00F3 del token d''acc\u00E9s. Hauria de ser normalment de l''ordre d''1 minut.
+login-timeout=Temps m\u00E0xim de desconnexi\u00F3
+login-timeout.tooltip=Temps m\u00E0xim que un usuari t\u00E9 per completar l''inici de sessi\u00F3. Es recomana que sigui relativament alt. 30 minuts o m\u00E9s.
+login-action-timeout=Temps m\u00E0xim d''acci\u00F3 en l''inici de sessi\u00F3
+login-action-timeout.tooltip=Temps m\u00E0xim que un usuari t\u00E9 per completar accions relacionades amb l''inici de sessi\u00F3, com l''actualitzaci\u00F3 de contrasenya o configuraci\u00F3 de OTP. \u00C9s recomanat que sigui relativament alt. 5 minuts o m\u00E9s.
+headers=Cap\u00E7aleres
+brute-force-detection=Detecci\u00F3 d''atacs per for\u00E7a bruta
+x-frame-options=X-Frame-Options
+click-label-for-info=Fes clic a l''enlla\u00E7 de l''etiqueta per obtenir m\u00E9s informaci\u00F3. El valor per defecte evita que les p\u00E0gines siguin incloses des d'iframes externs.
+content-sec-policy=Content-Security-Policy
+max-login-failures=Nombre m\u00E0xim d''errors d''inici de sessi\u00F3
+max-login-failures.tooltip=Indica quants errors es permeten abans que es dispari una espera.
+wait-increment=Increment d''espera
+wait-increment.tooltip=Quan s''ha arribat al llindar d''error, quant de temps ha d''estar un usuari bloquejat?
+quick-login-check-millis=Temps en mil\u00B7lisegons entre inicis de sessi\u00F3 r\u00E0pids
+quick-login-check-millis.tooltip=Si ocorren errors de forma concurrent i molt r\u00E0pida, bloquejar a l''usuari.
+min-quick-login-wait=Temps m\u00EDnim entre errors de connexi\u00F3 r\u00E0pids
+min-quick-login-wait.tooltip=Quant de temps s''ha d''esperar despr\u00E9s d''un error en un intent r\u00E0pid d''identificaci\u00F3
+max-wait=Espera m\u00E0xima
+max-wait.tooltip=Temps m\u00E0xim que un usuari queda bloquejat.
+failure-reset-time=Reinici del comptador d''errors
+failure-reset-time.tooltip=Quan s''ha de reiniciar el comptador d''errors?
+realm-tab-login=Inici de sessi\u00F3
+realm-tab-keys=Claus
+realm-tab-email=Email
+realm-tab-themes=Temes
+realm-tab-cache=Cach\u00E9
+realm-tab-tokens=Tokens
+realm-tab-security-defenses=Defenses de seguretat
+realm-tab-general=General
+add-realm=Afegir domini
+
+#Session settings
+realm-sessions=Sessions de domini
+revocation=Revocaci\u00F3
+logout-all=Desconnectar tot
+active-sessions=Sessions actives
+sessions=Sessions
+not-before=No abans de
+not-before.tooltip=Revocar qualsevol token em\u00E8s abans d''aquesta data.
+set-to-now=Fixar a ara
+push=Push
+push.tooltip=Per a cada client que t\u00E9 un URL d''administraci\u00F3, notificar les noves pol\u00EDtiques de revocaci\u00F3.
+
+#Protocol Mapper
+usermodel.prop.label=Propietat
+usermodel.prop.tooltip=Nom del m\u00E8tode de propietat en la interf\u00EDcie UserModel. Per exemple, un valor de ''email'' faria refer\u00E8ncia al m\u00E8tode UserModel.getEmail().
+usermodel.attr.label=Atribut d''usuari
+usermodel.attr.tooltip=Nom de l''atribut d''usuari emmagatzemat que \u00E9s el nom de l''atribut dins el map UserModel.attribute.
+userSession.modelNote.label=Nota sessi\u00F3 usuari
+userSession.modelNote.tooltip=Nom de la nota emmagatzemada en la sessi\u00F3 d''usuari dins del mapa UserSessionModel.note
+multivalued.label=Valors m\u00FAltiples
+multivalued.tooltip=Indica si l''atribut suporta m\u00FAltiples valors. Si est\u00E0 habilitat, la llista de tots els valors d''aquest atribut es fixar\u00E0 com a reclamaci\u00F3. Si est\u00E0 deshabilitat, nom\u00E9s el primer valor ser\u00E0 fixat com a reclamaci\u00F3.
+selectRole.label=Selecciona rol
+selectRole.tooltip=Introdueix el rol a la caixa de text de l''esquerra, o fes clic a aquest bot\u00F3 per navegar i buscar el rol que vols.
+tokenClaimName.label=Nom de reclam del token
+tokenClaimName.tooltip=Nom del reclam a inserir en el testimoni. Pot ser un nom complet com ''address.street''. En aquest cas, es crear\u00E0 un objecte JSON niat.
+jsonType.label=Tipus JSON de reclamaci\u00F3
+jsonType.tooltip=El tipus de JSON que hauria de fer-se servir per omplir la petici\u00F3 de JSON en el token. long, int, boolean i String s\u00F3n valors v\u00E0lids
+includeInIdToken.label=Afegir al token d''ID
+includeInAccessToken.label=Afegir al token d''acc\u00E9s
+includeInAccessToken.tooltip=S''hauria d'afegir la identitat reclamada al token d''acc\u00E9s?
+
+
+# client details
+clients.tooltip=Els clients s\u00F3n aplicacions de navegador de confian\u00E7a i serveis web d''un domini. Aquests clients poden sol\u00B7licitar un inici de sessi\u00F3. Tamb\u00E9 pots definir rols espec\u00EDfics de client.
+search.placeholder=Cercar...
+create=Crea
+import=Importar
+client-id=ID Client
+base-url=URL Base
+actions=Accions
+not-defined=No definit
+edit=Edita
+delete=Esborra
+no-results=Sense resultats
+no-clients-available=No hi ha clients disponibles
+add-client=Afegir Client
+select-file=Selecciona arxiu
+view-details=Veure detalls
+clear-import=Neteja importaci\u00F3
+client-id.tooltip=Indica l''identificador (ID) referenciat en URIs i tokens. Per exemple ''my-client''
+client.name.tooltip=Indica el nom visible del client. Per exemple ''My Client''. Tamb\u00E9 suporta claus per valors localitzats. Per exemple: ${my_client}
+client.enabled.tooltip=Els clients deshabilitats no poden iniciar una identificaci\u00F3 o obtenir codis d''acc\u00E9s.
+consent-required=Consentiment necessari
+consent-required.tooltip=Si est\u00E0 habilitat, els usuaris han de consentir l''acc\u00E9s del client.
+direct-grants-only=Nom\u00E9s permisos directes
+direct-grants-only.tooltip=Quan est\u00E0 habilitat, el client nom\u00E9s pot obtenir permisos de l''API REST.
+client-protocol=Protocol del Client
+client-protocol.tooltip=''OpenID connect'' permet als clients verificar la identitat de l''usuari final basat en l''autenticaci\u00F3 realitzada per un servidor d''autoritzaci\u00F3. ''SAML'' habilita l''autenticaci\u00F3 i autoritzaci\u00F3 d''escenaris basats en web incloent cross-domain i single sign-on (SSO) i utilitza tokens de seguretat que contenen afirmacions per passar informaci\u00F3.
+access-type=Tipus d''acc\u00E9s
+access-type.tooltip=Els clients ''Confidential'' necessiten un secret per iniciar el protocol d''identificaci\u00F3. Els clients ''Public'' no requereixen un secret. Els clients 'Bearer-only' s\u00F3n serveis web que mai inicien un login.
+service-accounts-enabled=Comptes de servei habilitades
+service-accounts-enabled.tooltip=Permetre autenticar aquest client contra Keycloak i rebre un token d''acc\u00E9s dedicat per a aquest client.
+include-authnstatement=Incloure AuthnStatement
+include-authnstatement.tooltip=Hauria d''incloure''s una declaraci\u00F3 especificant el m\u00E8tode i la marca de temps en la resposta d''inici de sessi\u00F3?
+sign-documents=Signar documents
+sign-documents.tooltip=Hauria el domini de signar els documents SAML?
+sign-assertions=Signar assercions
+sign-assertions.tooltip=Haurien de signar-se les assercions en documents SAML? Aquest ajust no \u00E9s necessari si el document ja s''est\u00E0 signant.
+signature-algorithm=Algorisme de signatura
+signature-algorithm.tooltip=L''algorisme de signatura usat per signar els documents.
+canonicalization-method=M\u00E8tode de canonicalitzaci\u00F3
+canonicalization-method.tooltip=M\u00E8tode de canonicalitzaci\u00F3 per a les signatures XML
+encrypt-assertions=Xifrar afirmacions
+encrypt-assertions.tooltip=Haurien de xifrar-se les afirmacions SAML amb la clau p\u00FAblica del client fent servir AES?
+client-signature-required=Signatura de Client requerida
+client-signature-required.tooltip=Signar\u00E0 el client les seves peticions i respostes SAML? I haurien de ser validades?
+force-post-binding=For\u00E7ar enlla\u00E7os POST
+force-post-binding.tooltip=Fer servir sempre POST per a les respostes
+front-channel-logout=Desconnexi\u00F3 en primer pla (Front Channel)
+front-channel-logout.tooltip=Quan est\u00E0 activat, la desconnexi\u00F3 requereix una redirecci\u00F3 del navegador cap al client. Quan no est\u00E0 activat, el servidor realitza una invovaci\u00F3n de desconnexi\u00F3 en segon pla.
+force-name-id-format=For\u00E7ar format NameID
+force-name-id-format.tooltip=Ignorar la petici\u00F3 de subjecte NameID i fer servir la configurada a la consola d''administraci\u00F3.
+name-id-format=Format de NameID
+name-id-format.tooltip=El format de NameID que es far\u00E0 servir per al t\u00EDtol
+root-url=URL arrel
+root-url.tooltip=URL arrel afegida a les URL relatives
+valid-redirect-uris=URIs de redirecci\u00F3 v\u00E0lides
+valid-redirect-uris.tooltip=Patr\u00F3 d''URI v\u00E0lida per a la qual un navegador pot sol\u00B7licitar la redirecci\u00F3 despr\u00E9s d''un inici o tancament de sessi\u00F3 completat. Es permeten comodins simples p.ex. ''http://example.com/*''. Tamb\u00E9 es poden indicar rutes relatives p.ex. ''/my/relative/path/*''. Les rutes relatives generaran un URI de redirecci\u00F3 fent servir el host i port de la petici\u00F3. Per SAML, s''han de fixar patrons d''URI v\u00E0lids si vols confiar en l''URL del servei del consumidor indicada en la petici\u00F3 d''inici de sessi\u00F3.
+base-url.tooltip=URL per defecte per utilitzar quan el servidor d''autoritzaci\u00F3 necessita redirigir o enviar de tornada al client.
+admin-url=URL d''administraci\u00F3
+admin-url.tooltip=URL a la interf\u00EDcie d''administraci\u00F3 del client. Fixa aquest valor si el client suporta l''adaptador de REST. Aquesta API REST permet al servidor d''autenticaci\u00F3 enviar al client pol\u00EDtiques de revocaci\u00F3 i altres tasques administratives. Normalment es fixa a l''URL base del client.
+master-saml-processing-url=URL principal de processament SAML
+master-saml-processing-url.tooltip=Si est\u00E0 configurada, aquesta URL es fara servir per a cada enlla\u00E7 al prove\u00EFdor del servei del consumidor d''assercions i serveis de desconnexi\u00F3 \u00FAnics. Pot ser sobreescrit de forma individual per a cada enlla\u00E7 i servei en el punt final de configuraci\u00F3 fina de SAML.
+idp-sso-url-ref=Nom de la URL d''un SSO iniciat per l''IDP
+idp-sso-url-ref.tooltip=Nom del fragment de l''URL per referenciar al client quan vols un SSO iniciat per l''IDP. Deixant aix\u00F2 buit desactiva els SSO iniciats per l''IDP. L''URL referenciada des del navegador ser\u00E0: {server-root}/realms/{realm}/protocol/saml/clients/{client-url-name}
+idp-sso-relay-state=Estat de retransmissi\u00F3 d''un SSO iniciat per l''IDP
+idp-sso-relay-state.tooltip=Estat de retransmissi\u00F3 que vols enviar amb una petici\u00F3 SAML quan s''inicia un SSO iniciat per l''IDP
+web-origins=Or\u00EDgens web
+web-origins.tooltip=Or\u00EDgens CORS permesos. Per permetre tots els or\u00EDgens d''URIs de redirecci\u00F3 v\u00E0lides afegeix ''+''. Per permetre tots els or\u00EDgens afegeix ''*''.
+fine-saml-endpoint-conf=Fine Grain SAML Endpoint Configuration
+fine-saml-endpoint-conf.tooltip=Expandeix aquesta secci\u00F3 per configurar les URL exactes per Assertion Consumer i Single Logout Service.
+assertion-consumer-post-binding-url=Assertion Consumer Service POST Binding URL
+assertion-consumer-post-binding-url.tooltip=SAML POST Binding URL for the client''s assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.
+assertion-consumer-redirect-binding-url=Assertion Consumer Service Redirect Binding URL
+assertion-consumer-redirect-binding-url.tooltip=Assertion Consumer Service Redirect Binding URL
+logout-service-post-binding-url=URL d''enlla\u00E7 SAML POST per a la desconnexi\u00F3
+logout-service-post-binding-url.tooltip=URL d''enlla\u00E7 SAML POST per a la desconnexi\u00F3 \u00FAnica del client. Pots deixar-ho en blanc si est\u00E0s fent servir un enlla\u00E7 diferent.
+logout-service-redir-binding-url=URL d''enlla\u00E7 SAML de redirecci\u00F3 per a la desconnexi\u00F3
+logout-service-redir-binding-url.tooltip=URL d''enlla\u00E7 SAML de redirecci\u00F3 per a la desconnexi\u00F3 \u00FAnica del client. Pots deixar-ho en blanc si est\u00E0s fent servir un enlla\u00E7 diferent.
+
+# client import
+import-client=Importar Client
+format-option=Format
+select-format=Selecciona un format
+import-file=Arxiu d''Importaci\u00F3
+
+# client tabs
+settings=Ajustos
+credentials=Credencials
+saml-keys=Claus SAML
+roles=Rols
+mappers=Assignadors
+mappers.tooltip=Els assignadors de protocols realitzen transformacions en tokens i documents. Poden fer coses com assignar dades d''usuari en peticions de protocol, o simplement transformar qualsevol petici\u00F3 entre el client i el servidor d''autenticaci\u00F3.
+scope=\u00C0mbit
+scope.tooltip=Les assignacions d''\u00E0mbit et permeten restringir que assignacions de rols d''usuari s''inclouen en el testimoni d''acc\u00E9s sol\u00B7licitat pel client.
+sessions.tooltip=Veure sessions actives per a aquest client. Permet veure quins usuaris estan actius i quan es van identificar.
+offline-access=Acc\u00E9s sense connexi\u00F3
+offline-access.tooltip=Veure sessions sense connexi\u00F3 per aquest client. Et permet veure que usuaris han sol\u00B7licitat tokens sense connexi\u00F3 i quan els van sol\u00B7licitar. Per revocar tots els tokens del client, accedeix a la pestanya de Revocaci\u00F3 i fixa el valor \"No abans de\" a \"now\".
+clustering=Clustering
+installation=Instal\u00B7laci\u00F3
+installation.tooltip=Eina d''ajuda per generar la configuraci\u00F3 de diversos formats d''adaptadors de client que pots descarregar o copiar i enganxar per configurar teus clients.
+service-account-roles=Rols de compte de servei
+service-account-roles.tooltip=Permetre autenticar assignacions de rol per el compte de servei dedicat a aquest client.
+
+# client credentials
+client-authenticator=Client autenticador
+client-authenticator.tooltip=Client autenticador usat per autenticar aquest client contra el servidor Keycloak
+certificate.tooltip=Certificat de client per validar els JWT emesos per aquest client i signats amb la clau privada del client del teu magatzem de claus.
+no-client-certificate-configured=No s''ha configurat el certificat de client
+gen-new-keys-and-cert=Generar noves claus i certificat
+import-certificate=Importar Certificat
+gen-client-private-key=Generar clau privada de client
+generate-private-key=Generar clau privada
+archive-format=Format d''Arxiu
+archive-format.tooltip=Format d''arxiu Java keystore o PKCS12
+key-alias=\u00C0lies de clau
+key-alias.tooltip=\u00C0lies de l''arxiu de la teva clau privada i certificat.
+key-password=Contrasenya de la clau
+key-password.tooltip=Contrasenya per accedir a la clau privada continguda en l''arxiu
+store-password=Contrasenya del magatzem
+store-password.tooltip=Contrasenya per accedir a l''arxiu
+generate-and-download=Generar i descarregar
+client-certificate-import=Importaci\u00F3 de certificat de client
+import-client-certificate=Importar Certificat de Client
+jwt-import.key-alias.tooltip=\u00C0lies de l''arxiu del teu certificat.
+secret=Secret
+regenerate-secret=Regenerar secret
+add-role=Afegir rol
+role-name=Nom de rol
+composite=Compost
+description=Descripci\u00F3
+no-client-roles-available=No hi ha rols de client disponibles
+scope-param-required=Par\u00E0metre d''\u00E0mbit obligatori
+scope-param-required.tooltip=Aquest rol nom\u00E9s ser\u00E0 concedit si el par\u00E0metre d''\u00E0mbit amb el nom del rol \u00E9s usat durant la petici\u00F3 d''autoritzaci\u00F3/obtenci\u00F3 de token.
+composite-roles=Rols compostos
+composite-roles.tooltip=Quan aquest paper \u00E9s assignat/desassignat a un usuari qualsevol rol associat amb ell ser\u00E0 assignat/desassignat de forma impl\u00EDcita.
+realm-roles=Rols de domini
+available-roles=Rols Disponibles
+add-selected=Afegeix seleccionat
+associated-roles=Rols Associats
+composite.associated-realm-roles.tooltip=Rols a nivell de domini associats amb aquest rol compost.
+composite.available-realm-roles.tooltip=Rols a nivell de domini disponibles en aquest paper compost.
+remove-selected=Esborrar seleccionats
+client-roles=Rols de Client
+select-client-to-view-roles=Selecciona el client per veure els seus rols
+available-roles.tooltip=Rols d''aquest client que pots associar a aquest rol compost.
+client.associated-roles.tooltip=Rols de client associats amb aquest rol compost.
+add-builtin=Afegeix Builtin
+category=Categoria
+type=Tipus
+no-mappers-available=No hi ha assignadors disponibles
+add-builtin-protocol-mappers=Afegeix Builtin Protocol Mappers
+add-builtin-protocol-mapper=Afegeix Builtin Protocol Mapper
+scope-mappings=Assignacions d''\u00E0mbit
+full-scope-allowed=Permet tots els \u00E0mbits
+full-scope-allowed.tooltip=Permet deshabilitar totes les restriccions.
+scope.available-roles.tooltip=Rols de domini que poden ser assignats a l''\u00E0mbit
+assigned-roles=Rols Assignats
+assigned-roles.tooltip=Rols a nivell de domini assignats a aquest \u00E0mbit.
+effective-roles=Rols efectius
+realm.effective-roles.tooltip=Rols de domini assignats que poden haver estat heretats d''un rol compost.
+select-client-roles.tooltip=Selecciona el client per veure els seus rols
+assign.available-roles.tooltip=Rols de clients disponibles per ser assignats.
+client.assigned-roles.tooltip=Rols de client assignats
+client.effective-roles.tooltip=Rols de client assignats que poden haver estat heretats des d''un rol compost.
+basic-configuration=Configuraci\u00F3 b\u00E0sica
+node-reregistration-timeout=Temps d''espera de re-registre de node
+node-reregistration-timeout.tooltip=Indica el m\u00E0xim interval de temps perqu\u00E8 els nodes del cl\u00FAster registrats es tornin a registrar. Si el node del cl\u00FAster no envia una petici\u00F3 de re-registre a Keycloak dins d''aquest interval, ser\u00E0 desregistrat de Keycloak
+registered-cluster-nodes=Registrar nodes de cl\u00FAster
+register-node-manually=Registrar node manualment
+test-cluster-availability=Provar disponibilitat del cl\u00FAster
+last-registration=\u00DAltim registre
+node-host=Host del node
+no-registered-cluster-nodes=No hi ha nodes de cl\u00FAster registrats disponibles
+cluster-nodes=Nodes de cl\u00FAster
+add-node=Afegir Node
+active-sessions.tooltip=Nombre total de sessions actives per a aquest client.
+show-sessions=Mostrar sessions
+show-sessions.tooltip=Advert\u00E8ncia, aquesta \u00E9s una operaci\u00F3 potencialment costosa depenent del nombre de sessions actives.
+user=Usuari
+from-ip=Des de IP
+session-start=Inici de sessi\u00F3
+first-page=Primera p\u00E0gina
+previous-page=P\u00E0gina Anterior
+next-page=P\u00E0gina seg\u00FCent
+client-revoke.not-before.tooltip=Revocar tots els tokens emesos abans d''aquesta data per a aquest client.
+client-revoke.push.tooltip=Si l''URL d''administraci\u00F3 est\u00E0 configurada per a aquest client, envia aquesta pol\u00EDtica a aquest client.
+select-a-format=Selecciona un format
+download=Descarrega
+offline-tokens=Tokens sense connexi\u00F3
+offline-tokens.tooltip=Nombre total de tokens sense connexi\u00F3 d''aquest client.
+show-offline-tokens=Mostrar tokens sense connexi\u00F3
+show-offline-tokens.tooltip=Advert\u00E8ncia, aquesta \u00E9s una operaci\u00F3 potencialment costosa depenent del nombre de tokens sense connexi\u00F3.
+token-issued=Token expedit
+last-access=\u00DAltim Acc\u00E9s
+last-refresh=\u00DAltima actualitzaci\u00F3
+key-export=Exportar clau
+key-import=Importar clau
+export-saml-key=Exporta clau SAML
+import-saml-key=Importar clau SAML
+realm-certificate-alias=\u00C0lies del certificat del domini
+realm-certificate-alias.tooltip=El certificat del domini \u00E9s emmagatzemat en arxiu. Aquest \u00E9s l''\u00E0lies a aquest.
+signing-key=Clau de firma
+saml-signing-key=Clau de firma SAML.
+private-key=Clau Privada
+generate-new-keys=Generar noves claus
+export=Exporta
+encryption-key=Clau de xifrat
+saml-encryption-key.tooltip=Clau de xifrat de SAML
+service-accounts=Comptes de servei
+service-account.available-roles.tooltip=Rols de domini que poden ser assignats al compte del servei.
+service-account.assigned-roles.tooltip=Rols de domini assignats al compte del servei.
+service-account-is-not-enabled-for=El compte del servei no est\u00E0 habilitada per {{client}}
+create-protocol-mappers=Crea assignadors de protocol
+create-protocol-mapper=Crea assignador de protocol
+protocol=Protocol
+protocol.tooltip=Protocol.
+id=ID
+mapper.name.tooltip=Nom de l''assignador.
+mapper.consent-required.tooltip=Quan es concedeix acc\u00E9s temporal, \u00E9s necessari el consentiment de l''usuari per a proporcinar aquestes dades al client?
+consent-text=Text del consentiment
+consent-text.tooltip=Text per mostrar a la p\u00E0gina de consentiment.
+mapper-type=Tipus d''assignador
+
+# realm identity providers
+identity-providers=Prove\u00EFdors d''identitat
+table-of-identity-providers=Taula de prove\u00EFdors d''identitat
+add-provider.placeholder=Afegir prove\u00EFdor...
+provider=Prove\u00EFdor
+gui-order=Ordre en la interf\u00EDcie gr\u00E0fica (GUI)
+redirect-uri=URI de redirecci\u00F3
+redirect-uri.tooltip=L''URI de redirecci\u00F3 usada per configurar el prove\u00EFdor d''identitat.
+alias=\u00C0lies
+identity-provider.alias.tooltip=L''\u00E0lies que identifica de forma \u00FAnica un prove\u00EFdor d''identitat, es far servir tamb\u00E9 per construir la URI de redirecci\u00F3.
+identity-provider.enabled.tooltip=Habilita/deshabilita aquest prove\u00EFdor d''identitat.
+authenticate-by-default=Autenticar per defecte
+identity-provider.authenticate-by-default.tooltip=Indica si aquest prove\u00EFdor hauria de ser provat per defecte per autenticacaci\u00F3n fins i tot abans de mostrar la p\u00E0gina d''inici de sessi\u00F3.
+store-tokens=Emmagatzemar tokens
+identity-provider.store-tokens.tooltip=Habilitar/deshabilitar si els tokens han de ser emmagatzemats despr\u00E9s d''autenticar als usuaris.
+stored-tokens-readable=Tokens emmagatzemats llegibles
+identity-provider.stored-tokens-readable.tooltip=Habilitar/deshabilitar si els nous usuaris poden llegir els tokens emmagatzemats. Aix\u00F2 assigna el rol ''broker.read-token''.
+update-profile-on-first-login=Actualitzar perfil al primer inici de sessi\u00F3
+on=Activat
+on-missing-info=Si falta informaci\u00F3
+off=Desactivat
+update-profile-on-first-login.tooltip=Defineix condicions sota les quals un usuari ha de actualitzar el seu perfil durant el primer inici de sessi\u00F3.
+trust-email=Confiar en l''email
+trust-email.tooltip=Si est\u00E0 habilitat, l''email rebut d''aquest prove\u00EFdor no es verificar\u00E0 encara que la verificaci\u00F3 estigui habilitada per al domini.
+gui-order.tooltip=N\u00FAmero que defineix l''ordre del prove\u00EFdor en la interf\u00EDcie gr\u00E0fica (GUI) (ex. a la p\u00E0gina d''inici de sessi\u00F3)
+openid-connect-config=Configuraci\u00F3 d''OpenID Connect
+openid-connect-config.tooltip=Configuraci\u00F3 d''OIDC SP i IDP externs
+authorization-url=URL d''autoritzaci\u00F3
+authorization-url.tooltip=La URL d''autoritzaci\u00F3.
+token-url=Token URL
+token-url.tooltip=L''URL del token.
+logout-url=URL de desconnexi\u00F3
+identity-provider.logout-url.tooltip=Punt de tancament de sessi\u00F3 per utilitzar en la desconnexi\u00F3 d''usuaris des d''un prove\u00EFdor d''identitat (IDP) extern.
+backchannel-logout=Backchannel Logout
+backchannel-logout.tooltip=Does the external IDP support backchannel logout?
+user-info-url=URL d''informaci\u00F3 d''usuari
+user-info-url.tooltip=L''URL d''informaci\u00F3 d''usuari. Opcional.
+identity-provider.client-id.tooltip=El client o identificador de client registrat en el prove\u00EFdor d''identitat.
+client-secret=Secret de Client
+show-secret=Mostrar secret
+hide-secret=Amaga secret
+client-secret.tooltip=El client o el secret de client registrat en el prove\u00EFdor d''identitat.
+issuer=Emissor
+issuer.tooltip=L''identificador de l''emissor per a l''emissor de la resposta. Si no s''indica, no es realitzar\u00E0 cap validaci\u00F3.
+default-scopes=\u00C0mbits per defecte
+identity-provider.default-scopes.tooltip=Els \u00E0mbits que s''enviaran quan es sol\u00B7liciti autoritzaci\u00F3. Pot ser una llista d''\u00E0mbits separats per espais. El valor per defecte \u00E9s ''openid''.
+prompt=Prompt
+unspecified.option=no especificat
+none.option=cap
+consent.option=consentiment
+login.option=login
+select-account.option=select_account
+prompt.tooltip=Indica si el servidor d''autoritzaci\u00F3 sol\u00B7licita a l''usuari final per reautenticaci\u00F3n i consentiment.
+validate-signatures=Validar signatures
+identity-provider.validate-signatures.tooltip=Habilitar/deshabilitar la validaci\u00F3 de signatures de prove\u00EFdors d''identitat (IDP) externs
+validating-public-key=Validant clau p\u00FAblica
+identity-provider.validating-public-key.tooltip=La clau p\u00FAblica en format PEM que ha de fer-se servir per verificar les signatures de prove\u00EFdors d''identitat (IDP) externs.
+import-external-idp-config=Importar configuraci\u00F3 externa d''IDP
+import-external-idp-config.tooltip=Et permet carregar metadades d''un prove\u00EFdor d''identitat (IDP) extern d''un arxiu de coniguraci\u00F3n o descarregar des d''una URL.
+import-from-url=Importar des d''URL
+identity-provider.import-from-url.tooltip=Importa metadades des d''un descriptor d''un prove\u00EFdor d''identitat (IDP) remot.
+import-from-file=Importa des d''arxiu
+identity-provider.import-from-file.tooltip=Importa metadades des d''un descriptor d''un prove\u00EFdor d''identitat (IDP) descarregat.
+saml-config=Configuraci\u00F3 SAML
+identity-provider.saml-config.tooltip=Configuraci\u00F3 de prove\u00EFdor SAML i IDP extern
+single-signon-service-url=URL de servei de connexi\u00F3 \u00FAnic (SSO)
+saml.single-signon-service-url.tooltip=L''URL que s''ha de fer servir per enviar peticions d''autenticaci\u00F3 (SAML AuthnRequest).
+single-logout-service-url=URL de servei de desconnexi\u00F3 \u00FAnic
+saml.single-logout-service-url.tooltip=L''URL que ha de fer-se servir per enviar peticions de desconnexi\u00F3.
+nameid-policy-format=Format de pol\u00EDtica NameID
+nameid-policy-format.tooltip=Indica la refer\u00E8ncia a la URI corresponent a un format de NameID. El valor per defecte \u00E9s urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
+http-post-binding-response=HTTP-POST enlla\u00E7 de resposta
+http-post-binding-response.tooltip=Indica si es respon a les peticions fent servir HTTP-POST. Si no est\u00E0 activat, es far servir HTTP-REDIRECT.
+http-post-binding-for-authn-request=HTTP-POST per AuthnRequest
+http-post-binding-for-authn-request.tooltip=Indica si AuthnRequest ha de ser enviat usant HTTP-POST. Si no est\u00E0 activat es fa HTTP-REDIRECT.
+want-authn-requests-signed=Signar AuthnRequests
+want-authn-requests-signed.tooltip=Indica si el prove\u00EFdor d''identitat espera rebre signades les AuthnRequest.
+force-authentication=For\u00E7ar autenticaci\u00F3
+identity-provider.force-authentication.tooltip=Indica si el prove\u00EFdor d''identitat ha d'autenticar en presentar directament les credencials en lloc de dependre d''un context de seguretat previ.
+validate-signature=Validar signatura
+saml.validate-signature.tooltip=Habilitar/deshabilitar la validaci\u00F3 de signatura en respostes SAML.
+validating-x509-certificate=Validant certificat X509
+validating-x509-certificate.tooltip=El certificat en format PEM que ha de fer-se servir per comprovar les signatures.
+saml.import-from-url.tooltip=Importar metadades des d''un descriptor d'entitat remot d''un IDP de SAML
+social.client-id.tooltip=L''identificador del client registrat amb el prove\u00EFdor d''identitat.
+social.client-secret.tooltip=El secret del client registrat amb el prove\u00EFdor d''identitat.
+social.default-scopes.tooltip=\u00C0mbits que s''enviaran quan es sol\u00B7liciti autoritzaci\u00F3. Veure la documentaci\u00F3 per als possibles valors, separador i valor per defecte.
+key=Clau
+stackoverflow.key.tooltip=La clau obtinguda en el registre del client de Stack Overflow.
+
+realms=Dominis
+realm=Domini
+
+identity-provider-mappers=Assignadors de prove\u00EFdors d''identitat (IDP)
+create-identity-provider-mapper=Crea assignador de prove\u00EFdor d''identitat (IDP)
+add-identity-provider-mapper=Afegeix assignador de prove\u00EFdor d''identitat
+client.description.tooltip=Indica la descripci\u00F3 del client. Per exemple ''My Client for TimeSheets''. Tamb\u00E9 suporta claus per a valors localitzats. Per exemple: ${my_client_description}
diff --git a/admin/messages/admin-messages_de.properties b/admin/messages/admin-messages_de.properties
new file mode 100644
index 0000000..4ed733c
--- /dev/null
+++ b/admin/messages/admin-messages_de.properties
@@ -0,0 +1,1523 @@
+consoleTitle=Keycloak Admin Konsole
+
+# Common messages
+enabled=Aktiv
+hidden=Versteckt
+link-only-column=Nur Link
+name=Name
+displayName=Anzeigename
+displayNameHtml=HTML-Anzeigename
+save=Speichern
+cancel=Abbrechen
+onText=EIN
+offText=AUS
+client=Client
+clients=Clients
+clear=Zur\u00FCcksetzen
+selectOne=Bitte w\u00E4hlen...
+
+true=Ja
+false=Nein
+
+endpoints=Endpoints
+
+# Realm settings
+realm-detail.enabled.tooltip=Benutzer und Clients k\u00F6nnen das Realm nur verwenden, wenn es aktiviert ist
+#realm-detail.oidc-endpoints.tooltip=Shows the configuration of the OpenID Connect endpoints
+#realm-detail.userManagedAccess.tooltip=If enabled, users are allowed to manage their resources and permissions using the Account Management Console.
+#userManagedAccess=User-Managed Access
+registrationAllowed=Benutzerregistrierung
+registrationAllowed.tooltip=Aktiviere/deaktiviere die Seite zur Benutzerregistrierung. Auf der Loginseite wird ein entsprechender Link angezeigt.
+registrationEmailAsUsername=E-Mail-Adresse als Benutzername
+registrationEmailAsUsername.tooltip=Wenn aktiviert, wird das Feld "Benutzername" auf der Registrierungsformular nicht angezeigt und als Benutzername wird stattdessen die E-Mail verwendet.
+editUsernameAllowed=Benutzername editierbar
+editUsernameAllowed.tooltip=Wenn aktiv, kann der Benutzername editiert werden.
+resetPasswordAllowed=Passwort-Vergessen
+resetPasswordAllowed.tooltip=Zeigt einen Link auf der Loginseite, auf den die Benutzer klicken k\u00F6nnen, wenn sie ihr Passwort vergessen haben.
+rememberMe=Angemeldet bleiben
+rememberMe.tooltip=Zeigt eine Auswahlbox auf der Loginseite, die es dem Benutzer erlaubt, zwischen Browser-Neustarts eingeloggt zu bleiben, bis die Session abl\u00E4uft.
+#loginWithEmailAllowed=Login with email
+#loginWithEmailAllowed.tooltip=Allow users to log in with their email address.
+#duplicateEmailsAllowed=Duplicate emails
+#duplicateEmailsAllowed.tooltip=Allow multiple users to have the same email address. Changing this setting will also clear the users cache. It is recommended to manually update email constraints of existing users in the database after switching off support for duplicate email addresses.
+verifyEmail=E-Mail verifizieren
+#verifyEmail.tooltip=Require users to verify their email address after initial login or after address changes are submitted.
+#sslRequired=Require SSL
+#sslRequired.option.all=all requests
+#sslRequired.option.external=external requests
+#sslRequired.option.none=none
+#sslRequired.tooltip=Is HTTPS required? 'None' means HTTPS is not required for any client IP address. 'External requests' means localhost and private IP addresses can access without HTTPS. 'All requests' means HTTPS is required for all IP addresses.
+#publicKeys=Public keys
+#publicKey=Public key
+#privateKey=Private key
+#gen-new-keys=Generate new keys
+certificate=Zertifikat
+host=Host
+smtp-host=SMTP Host
+port=Port
+smtp-port=SMTP Port (Standardwert ist 25)
+from=Von
+#fromDisplayName=From Display Name
+#fromDisplayName.tooltip=A user-friendly name for the 'From' address (optional).
+#replyTo=Reply To
+#replyToDisplayName=Reply To Display Name
+#replyToDisplayName.tooltip=A user-friendly name for the 'Reply-To' address (optional).
+#envelopeFrom=Envelope From
+#envelopeFrom.tooltip=An email address used for bounces (optional).
+sender-email-addr=E-Mail-Adresse des Absenders
+#sender-email-addr-display=Display Name for Sender Email Address
+#reply-to-email-addr=Reply To Email Address
+#reply-to-email-addr-display=Display Name for Reply To Email Address
+#sender-envelope-email-addr=Sender Envelope Email Address
+enable-ssl=SSL aktivieren
+#enable-start-tls=Enable StartTLS
+#enable-auth=Enable Authentication
+username=Benutzername
+login-username=Login Benutzername
+password=Passwort
+login-password=Login Passwort
+#login-theme=Login Theme
+#login-theme.tooltip=Select theme for login, OTP, grant, registration, and forgot password pages.
+#account-theme=Account Theme
+#account-theme.tooltip=Select theme for user account management pages.
+#admin-console-theme=Admin Console Theme
+#select-theme-admin-console=Select theme for admin console.
+#email-theme=Email Theme
+#select-theme-email=Select theme for emails that are sent by the server.
+i18n-enabled=Internationalisierung aktiv
+supported-locales=Unterst\u00FCtzte Sprachen
+#supported-locales.placeholder=Type a locale and enter
+#default-locale=Default Locale
+#realm-cache-clear=Realm Cache
+#realm-cache-clear.tooltip=Clears all entries from the realm cache (this will clear entries for all realms)
+#user-cache-clear=User Cache
+#user-cache-clear.tooltip=Clears all entries from the user cache (this will clear entries for all realms)
+#keys-cache-clear=Keys Cache
+#keys-cache-clear.tooltip=Clears all entries from the cache of external public keys. These are keys of external clients or identity providers. (this will clear entries for all realms)
+#revoke-refresh-token=Revoke Refresh Token
+#revoke-refresh-token.tooltip=If enabled a refresh token can only be used up to 'Refresh Token Max Reuse' and is revoked when a different token is used. Otherwise refresh tokens are not revoked when used and can be used multiple times.
+#refresh-token-max-reuse=Refresh Token Max Reuse
+#refresh-token-max-reuse.tooltip=Maximum number of times a refresh token can be reused. When a different token is used, revocation is immediate.
+#sso-session-idle=SSO Session Idle
+seconds=Sekunden
+minutes=Minuten
+hours=Stunden
+days=Tage
+#sso-session-max=SSO Session Max
+#sso-session-idle.tooltip=Time a session is allowed to be idle before it expires. Tokens and browser sessions are invalidated when a session is expired.
+#sso-session-max.tooltip=Max time before a session is expired. Tokens and browser sessions are invalidated when a session is expired.
+#offline-session-idle=Offline Session Idle
+#offline-session-idle.tooltip=Time an offline session is allowed to be idle before it expires. You need to use offline token to refresh at least once within this period, otherwise offline session will expire.
+#realm-detail.hostname=Hostname
+#realm-detail.hostname.tooltip=Set the hostname for the realm. Use in combination with the fixed hostname provider to override the server hostname for a specific realm.
+
+## KEYCLOAK-7688 Offline Session Max for Offline Token
+#offline-session-max-limited=Offline Session Max Limited
+#offline-session-max-limited.tooltip=Enable Offline Session Max.
+#offline-session-max=Offline Session Max
+#offline-session-max.tooltip=Max time before an offline session is expired regardless of activity.
+
+#access-token-lifespan=Access Token Lifespan
+#access-token-lifespan.tooltip=Max time before an access token is expired. This value is recommended to be short relative to the SSO timeout.
+#access-token-lifespan-for-implicit-flow=Access Token Lifespan For Implicit Flow
+#access-token-lifespan-for-implicit-flow.tooltip=Max time before an access token issued during OpenID Connect Implicit Flow is expired. This value is recommended to be shorter than SSO timeout. There is no possibility to refresh token during implicit flow, that's why there is separate timeout different to 'Access Token Lifespan'.
+#action-token-generated-by-admin-lifespan=Default Admin-Initiated Action Lifespan
+#action-token-generated-by-admin-lifespan.tooltip=Maximum time before an action permit sent to a user by admin is expired. This value is recommended to be long to allow admins send e-mails for users that are currently offline. The default timeout can be overridden right before issuing the token.
+#action-token-generated-by-user-lifespan=User-Initiated Action Lifespan
+#action-token-generated-by-user-lifespan.tooltip=Maximum time before an action permit sent by a user (e.g. forgot password e-mail) is expired. This value is recommended to be short because it is expected that the user would react to self-created action quickly.
+
+#action-token-generated-by-user.execute-actions=Execute Actions
+#action-token-generated-by-user.idp-verify-account-via-email=IdP Account E-mail Verification
+#action-token-generated-by-user.reset-credentials=Forgot Password
+#action-token-generated-by-user.verify-email=E-mail Verification
+#action-token-generated-by-user.tooltip=Override default settings of maximum time before an action permit sent by a user (e.g. forgot password e-mail) is expired for specific action. This value is recommended to be short because it is expected that the user would react to self-created action quickly.
+#action-token-generated-by-user.reset=Reset
+#action-token-generated-by-user.operation=Override User-Initiated Action Lifespan
+
+#client-login-timeout=Client login timeout
+#client-login-timeout.tooltip=Max time a client has to finish the access token protocol. This should normally be 1 minute.
+#login-timeout=Login timeout
+#login-timeout.tooltip=Max time a user has to complete a login. This is recommended to be relatively long. 30 minutes or more.
+#login-action-timeout=Login action timeout
+#login-action-timeout.tooltip=Max time a user has to complete login related actions like update password or configure totp. This is recommended to be relatively long. 5 minutes or more.
+#headers=Headers
+#brute-force-detection=Brute Force Detection
+#x-frame-options=X-Frame-Options
+#x-frame-options-tooltip=Default value prevents pages from being included via non-origin iframes (click label for more information)
+#content-sec-policy=Content-Security-Policy
+#content-sec-policy-tooltip=Default value prevents pages from being included via non-origin iframes (click label for more information)
+#content-type-options=X-Content-Type-Options
+#content-type-options-tooltip=Default value prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type (click label for more information)
+#robots-tag=X-Robots-Tag
+#robots-tag-tooltip=Prevent pages from appearing in search engines (click label for more information)
+#x-xss-protection=X-XSS-Protection
+#x-xss-protection-tooltip=This header configures the Cross-site scripting (XSS) filter in your browser. Using the default behavior, the browser will prevent rendering of the page when a XSS attack is detected (click label for more information)
+#strict-transport-security=HTTP Strict Transport Security (HSTS)
+#strict-transport-security-tooltip=The Strict-Transport-Security HTTP header tells browsers to always use HTTPS. Once a browser sees this header, it will only visit the site over HTTPS for the time specified (1 year) at max-age, including the subdomains.
+#permanent-lockout=Permanent Lockout
+#permanent-lockout.tooltip=Lock the user permanently when the user exceeds the maximum login failures.
+#max-login-failures=Max Login Failures
+#max-login-failures.tooltip=How many failures before wait is triggered.
+#wait-increment=Wait Increment
+#wait-increment.tooltip=When failure threshold has been met, how much time should the user be locked out?
+#quick-login-check-millis=Quick Login Check Milli Seconds
+#quick-login-check-millis.tooltip=If a failure happens concurrently too quickly, lock out the user.
+#min-quick-login-wait=Minimum Quick Login Wait
+#min-quick-login-wait.tooltip=How long to wait after a quick login failure.
+#max-wait=Max Wait
+#max-wait.tooltip=Max time a user will be locked out.
+#failure-reset-time=Failure Reset Time
+#failure-reset-time.tooltip=When will failure count be reset?
+#realm-tab-login=Login
+#realm-tab-keys=Keys
+#realm-tab-email=Email
+#realm-tab-themes=Themes
+#realm-tab-cache=Cache
+#realm-tab-tokens=Tokens
+#realm-tab-client-registration=Client Registration
+#realm-tab-security-defenses=Security Defenses
+#realm-tab-general=General
+#add-realm=Add realm
+
+#Session settings
+realm-sessions=Realm-Sessions
+#revocation=Revocation
+logout-all=Alle ausloggen
+active-sessions=Aktive Sessions
+offline-sessions=Offline-Sessions
+sessions=Sessions
+#not-before=Not Before
+#not-before.tooltip=Revoke any tokens issued before this date.
+#set-to-now=Set to now
+#push=Push
+#push.tooltip=For every client that has an admin URL, notify them of the new revocation policy.
+
+#Protocol Mapper
+#usermodel.prop.label=Property
+#usermodel.prop.tooltip=Name of the property method in the UserModel interface. For example, a value of 'email' would reference the UserModel.getEmail() method.
+#usermodel.attr.label=User Attribute
+#usermodel.attr.tooltip=Name of stored user attribute which is the name of an attribute within the UserModel.attribute map.
+#userSession.modelNote.label=User Session Note
+#userSession.modelNote.tooltip=Name of stored user session note within the UserSessionModel.note map.
+#multivalued.label=Multivalued
+#multivalued.tooltip=Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim
+#selectRole.label=Select Role
+#selectRole.tooltip=Enter role in the textbox to the left, or click this button to browse and select the role you want.
+#tokenClaimName.label=Token Claim Name
+#tokenClaimName.tooltip=Name of the claim to insert into the token. This can be a fully qualified name like 'address.street'. In this case, a nested json object will be created. To prevent nesting and use dot literally, escape the dot with backslash (\\.).
+#jsonType.label=Claim JSON Type
+#jsonType.tooltip=JSON type that should be used to populate the json claim in the token. long, int, boolean, and String are valid values.
+#includeInIdToken.label=Add to ID token
+#includeInIdToken.tooltip=Should the claim be added to the ID token?
+#includeInAccessToken.label=Add to access token
+#includeInAccessToken.tooltip=Should the claim be added to the access token?
+#includeInUserInfo.label=Add to userinfo
+#includeInUserInfo.tooltip=Should the claim be added to the userinfo?
+#usermodel.clientRoleMapping.clientId.label=Client ID
+#usermodel.clientRoleMapping.clientId.tooltip=Client ID for role mappings
+#usermodel.clientRoleMapping.rolePrefix.label=Client Role prefix
+#usermodel.clientRoleMapping.rolePrefix.tooltip=A prefix for each client role (optional).
+#usermodel.realmRoleMapping.rolePrefix.label=Realm Role prefix
+#usermodel.realmRoleMapping.rolePrefix.tooltip=A prefix for each Realm Role (optional).
+#sectorIdentifierUri.label=Sector Identifier URI
+#sectorIdentifierUri.tooltip=Providers that use pairwise sub values and support Dynamic Client Registration SHOULD use the sector_identifier_uri parameter. It provides a way for a group of websites under common administrative control to have consistent pairwise sub values independent of the individual domain names. It also provides a way for Clients to change redirect_uri domains without having to reregister all of their users.
+#pairwiseSubAlgorithmSalt.label=Salt
+#pairwiseSubAlgorithmSalt.tooltip=Salt used when calculating the pairwise subject identifier. If left blank, a salt will be generated.
+#addressClaim.street.label=User Attribute Name for Street
+#addressClaim.street.tooltip=Name of User Attribute, which will be used to map to 'street_address' subclaim inside 'address' token claim. Defaults to 'street' .
+#addressClaim.locality.label=User Attribute Name for Locality
+#addressClaim.locality.tooltip=Name of User Attribute, which will be used to map to 'locality' subclaim inside 'address' token claim. Defaults to 'locality' .
+#addressClaim.region.label=User Attribute Name for Region
+#addressClaim.region.tooltip=Name of User Attribute, which will be used to map to 'region' subclaim inside 'address' token claim. Defaults to 'region' .
+#addressClaim.postal_code.label=User Attribute Name for Postal Code
+#addressClaim.postal_code.tooltip=Name of User Attribute, which will be used to map to 'postal_code' subclaim inside 'address' token claim. Defaults to 'postal_code' .
+#addressClaim.country.label=User Attribute Name for Country
+#addressClaim.country.tooltip=Name of User Attribute, which will be used to map to 'country' subclaim inside 'address' token claim. Defaults to 'country' .
+#addressClaim.formatted.label=User Attribute Name for Formatted Address
+#addressClaim.formatted.tooltip=Name of User Attribute, which will be used to map to 'formatted' subclaim inside 'address' token claim. Defaults to 'formatted' .
+
+# client details
+#clients.tooltip=Clients are trusted browser apps and web services in a realm. These clients can request a login. You can also define client specific roles.
+search.placeholder=Suchen...
+create=Erstellen
+import=Importieren
+client-id=Client-ID
+base-url=Basis-URL
+actions=Aktionen
+not-defined=Nicht definiert
+edit=Bearbeiten
+delete=L\u00F6schen
+no-results=Keine Resultate
+no-clients-available=Keine Clients verf\u00FCgbar
+add-client=Client hinzuf\u00FCgen
+#select-file=Select file
+#view-details=View details
+#clear-import=Clear import
+#client-id.tooltip=Specifies ID referenced in URI and tokens. For example 'my-client'. For SAML this is also the expected issuer value from authn requests
+#client.name.tooltip=Specifies display name of the client. For example 'My Client'. Supports keys for localized values as well. For example\: ${my_client}
+#client.enabled.tooltip=Disabled clients cannot initiate a login or have obtain access tokens.
+#consent-required=Consent Required
+#consent-required.tooltip=If enabled users have to consent to client access.
+#client.display-on-consent-screen=Display Client On Consent Screen
+#client.display-on-consent-screen.tooltip=Applicable just if Consent Required is on. If this switch is off, then consent screen will contain just the consents corresponding to configured client scopes. If on, then there will be also one item on consent screen about this client itself
+#client.consent-screen-text=Client Consent Screen Text
+#client.consent-screen-text.tooltip=Applicable just if 'Display Client On Consent Screen' is on for this client. Contains the text, which will be on consent screen about permissions specific just for this client
+#client-protocol=Client Protocol
+#client-protocol.tooltip='OpenID connect' allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server.'SAML' enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO) and uses security tokens containing assertions to pass information.
+#access-type=Access Type
+#access-type.tooltip='Confidential' clients require a secret to initiate login protocol. 'Public' clients do not require a secret. 'Bearer-only' clients are web services that never initiate a login.
+#standard-flow-enabled=Standard Flow Enabled
+#standard-flow-enabled.tooltip=This enables standard OpenID Connect redirect based authentication with authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Authorization Code Flow' for this client.
+#implicit-flow-enabled=Implicit Flow Enabled
+#implicit-flow-enabled.tooltip=This enables support for OpenID Connect redirect based authentication without authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Implicit Flow' for this client.
+#direct-access-grants-enabled=Direct Access Grants Enabled
+#direct-access-grants-enabled.tooltip=This enables support for Direct Access Grants, which means that client has access to username/password of user and exchange it directly with Keycloak server for access token. In terms of OAuth2 specification, this enables support of 'Resource Owner Password Credentials Grant' for this client.
+#service-accounts-enabled=Service Accounts Enabled
+#service-accounts-enabled.tooltip=Allows you to authenticate this client to Keycloak and retrieve access token dedicated to this client. In terms of OAuth2 specification, this enables support of 'Client Credentials Grant' for this client.
+#include-authnstatement=Include AuthnStatement
+#include-authnstatement.tooltip=Should a statement specifying the method and timestamp be included in login responses?
+#include-onetimeuse-condition=Include OneTimeUse Condition
+#include-onetimeuse-condition.tooltip=Should a OneTimeUse Condition be included in login responses?
+#sign-documents=Sign Documents
+#sign-documents.tooltip=Should SAML documents be signed by the realm?
+#sign-documents-redirect-enable-key-info-ext=Optimize REDIRECT signing key lookup
+#sign-documents-redirect-enable-key-info-ext.tooltip=When signing SAML documents in REDIRECT binding for SP that is secured by Keycloak adapter, should the ID of the signing key be included in SAML protocol message in <Extensions> element? This optimizes validation of the signature as the validating party uses a single key instead of trying every known key for validation.
+#sign-assertions=Sign Assertions
+#sign-assertions.tooltip=Should assertions inside SAML documents be signed? This setting isn't needed if document is already being signed.
+#signature-algorithm=Signature Algorithm
+#signature-algorithm.tooltip=The signature algorithm to use to sign documents.
+#canonicalization-method=Canonicalization Method
+#canonicalization-method.tooltip=Canonicalization Method for XML signatures.
+#encrypt-assertions=Encrypt Assertions
+#encrypt-assertions.tooltip=Should SAML assertions be encrypted with client's public key using AES?
+#client-signature-required=Client Signature Required
+#client-signature-required.tooltip=Will the client sign their saml requests and responses? And should they be validated?
+#force-post-binding=Force POST Binding
+#force-post-binding.tooltip=Always use POST binding for responses.
+#front-channel-logout=Front Channel Logout
+#front-channel-logout.tooltip=When true, logout requires a browser redirect to client. When false, server performs a background invocation for logout.
+#force-name-id-format=Force Name ID Format
+#force-name-id-format.tooltip=Ignore requested NameID subject format and use admin console configured one.
+#name-id-format=Name ID Format
+#name-id-format.tooltip=The name ID format to use for the subject.
+#root-url=Root URL
+#root-url.tooltip=Root URL appended to relative URLs
+#valid-redirect-uris=Valid Redirect URIs
+#valid-redirect-uris.tooltip=Valid URI pattern a browser can redirect to after a successful login or logout. Simple wildcards are allowed i.e. 'http://example.com/*'. Relative path can be specified too i.e. /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used. For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request.
+#base-url.tooltip=Default URL to use when the auth server needs to redirect or link back to the client.
+#admin-url=Admin URL
+#admin-url.tooltip=URL to the admin interface of the client. Set this if the client supports the adapter REST API. This REST API allows the auth server to push revocation policies and other administrative tasks. Usually this is set to the base URL of the client.
+#master-saml-processing-url=Master SAML Processing URL
+#master-saml-processing-url.tooltip=If configured, this URL will be used for every binding to both the SP's Assertion Consumer and Single Logout Services. This can be individually overiden for each binding and service in the Fine Grain SAML Endpoint Configuration.
+#idp-sso-url-ref=IDP Initiated SSO URL Name
+#idp-sso-url-ref.tooltip=URL fragment name to reference client when you want to do IDP Initiated SSO. Leaving this empty will disable IDP Initiated SSO. The URL you will reference from your browser will be: {server-root}/realms/{realm}/protocol/saml/clients/{client-url-name}
+#idp-sso-url-ref.urlhint=Target IDP initiated SSO URL:
+#idp-sso-relay-state=IDP Initiated SSO Relay State
+#idp-sso-relay-state.tooltip=Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
+web-origins=Web Origins
+web-origins.tooltip=Erlaubte CORS Origins. Um alle Origins der Valid Redirect URIs zu erlauben, fügen Sie ein '+' hinzu. Dabei wird der '*' Platzhalter nicht mit übernommen. Um alle Origins zu erlauben, geben Sie explizit einen Eintrag mit '*' an.
+#fine-oidc-endpoint-conf=Fine Grain OpenID Connect Configuration
+#fine-oidc-endpoint-conf.tooltip=Expand this section to configure advanced settings of this client related to OpenID Connect protocol
+#user-info-signed-response-alg=User Info Signed Response Algorithm
+#user-info-signed-response-alg.tooltip=JWA algorithm used for signed User Info Endpoint response. If set to 'unsigned', then User Info Response won't be signed and will be returned in application/json format.
+#request-object-signature-alg=Request Object Signature Algorithm
+#request-object-signature-alg.tooltip=JWA algorithm, which client needs to use when sending OIDC request object specified by 'request' or 'request_uri' parameters. If set to 'any', then Request object can be signed by any algorithm (including 'none' ).
+#request-object-required=Request Object Required
+#request-object-required-alg.tooltip=Specifies if the client needs to provide a request object with their authorization requests, and what method they can use for this. If set to "not required", providing a request object is optional. In all other cases providing a request object is mandatory. If set to "request", the request object must be provided by value. If set to "request_uri", the request object must be provided by reference. If set to "request or request_uri", either method can be used.
+#fine-saml-endpoint-conf=Fine Grain SAML Endpoint Configuration
+#fine-saml-endpoint-conf.tooltip=Expand this section to configure exact URLs for Assertion Consumer and Single Logout Service.
+#assertion-consumer-post-binding-url=Assertion Consumer Service POST Binding URL
+#assertion-consumer-post-binding-url.tooltip=SAML POST Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.
+#assertion-consumer-redirect-binding-url=Assertion Consumer Service Redirect Binding URL
+#assertion-consumer-redirect-binding-url.tooltip=SAML Redirect Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.
+#logout-service-post-binding-url=Logout Service POST Binding URL
+#logout-service-post-binding-url.tooltip=SAML POST Binding URL for the client's single logout service. You can leave this blank if you are using a different binding
+#logout-service-redir-binding-url=Logout Service Redirect Binding URL
+#logout-service-redir-binding-url.tooltip=SAML Redirect Binding URL for the client's single logout service. You can leave this blank if you are using a different binding.
+#saml-signature-keyName-transformer=SAML Signature Key Name
+#saml-signature-keyName-transformer.tooltip=Signed SAML documents contain identification of signing key in KeyName element. For Keycloak / RH-SSO counterparty, use KEY_ID, for MS AD FS use CERT_SUBJECT, for others check and use NONE if no other option works.
+#oidc-compatibility-modes=OpenID Connect Compatibility Modes
+#oidc-compatibility-modes.tooltip=Expand this section to configure settings for backwards compatibility with older OpenID Connect / OAuth2 adapters. It is useful especially if your client uses older version of Keycloak / RH-SSO adapter.
+#exclude-session-state-from-auth-response=Exclude Session State From Authentication Response
+#exclude-session-state-from-auth-response.tooltip=If this is on, the parameter 'session_state' will not be included in OpenID Connect Authentication Response. It is useful if your client uses older OIDC / OAuth2 adapter, which does not support 'session_state' parameter.
+
+# client import
+#import-client=Import Client
+#format-option=Format Option
+#select-format=Select a Format
+#import-file=Import File
+
+# client tabs
+settings=Einstellungen
+credentials=Passw\u00F6rter
+#saml-keys=SAML Keys
+roles=Rollen
+#mappers=Mappers
+#mappers.tooltip=Protocol mappers perform transformation on tokens and documents. They can do things like map user data into protocol claims, or just transform any requests going between the client and auth server.
+#scope=Scope
+#scope.tooltip=Scope mappings allow you to restrict which user role mappings are included within the access token requested by the client.
+#sessions.tooltip=View active sessions for this client. Allows you to see which users are active and when they logged in.
+#offline-access=Offline Access
+#offline-access.tooltip=View offline sessions for this client. Allows you to see which users retrieve offline token and when they retrieve it. To revoke all tokens for the client, go to Revocation tab and set not before value to now.
+#clustering=Clustering
+#installation=Installation
+#installation.tooltip=Helper utility for generating various client adapter configuration formats which you can download or cut and paste to configure your clients.
+#service-account-roles=Service Account Roles
+#service-account-roles.tooltip=Allows you to authenticate role mappings for the service account dedicated to this client.
+
+# client credentials
+#client-authenticator=Client Authenticator
+#client-authenticator.tooltip=Client Authenticator used for authentication this client against Keycloak server
+#certificate.tooltip=Client Certificate for validate JWT issued by client and signed by Client private key from your keystore.
+#publicKey.tooltip=Public Key for validate JWT issued by client and signed by Client private key.
+#no-client-certificate-configured=No client certificate configured
+#gen-new-keys-and-cert=Generate new keys and certificate
+#import-certificate=Import Certificate
+#gen-client-private-key=Generate Client Private Key
+#generate-private-key=Generate Private Key
+#kid=Kid
+#kid.tooltip=KID (Key ID) of the client public key from imported JWKS.
+#use-jwks-url=Use JWKS URL
+#use-jwks-url.tooltip=If the switch is on, then client public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when client generates new keypair. If the switch is off, then public key (or certificate) from the Keycloak DB is used, so when client keypair changes, you always need to import new key (or certificate) to the Keycloak DB as well.
+#jwks-url=JWKS URL
+#jwks-url.tooltip=URL where client keys in JWK format are stored. See JWK specification for more details. If you use Keycloak client adapter with "jwt" credential, then you can use URL of your app with '/k_jwks' suffix. For example 'http://www.myhost.com/myapp/k_jwks' .
+#archive-format=Archive Format
+#archive-format.tooltip=Java keystore or PKCS12 archive format.
+#key-alias=Key Alias
+#key-alias.tooltip=Archive alias for your private key and certificate.
+#key-password=Key Password
+#key-password.tooltip=Password to access the private key in the archive
+#store-password=Store Password
+#store-password.tooltip=Password to access the archive itself
+#generate-and-download=Generate and Download
+#client-certificate-import=Client Certificate Import
+#import-client-certificate=Import Client Certificate
+#jwt-import.key-alias.tooltip=Archive alias for your certificate.
+#secret=Secret
+#regenerate-secret=Regenerate Secret
+#registrationAccessToken=Registration access token
+#registrationAccessToken.regenerate=Regenerate registration access token
+#registrationAccessToken.tooltip=The registration access token provides access for clients to the client registration service.
+add-role=Rolle hinzuf\u00FCgen
+role-name=Rollenname
+#composite=Composite
+description=Beschreibung
+no-client-roles-available=Keine Client-Rollen verf\u00FCgbar
+#composite-roles=Composite Roles
+#composite-roles.tooltip=When this role is (un)assigned to a user any role associated with it will be (un)assigned implicitly.
+realm-roles=Realm-Rollen
+available-roles=Verf\u00FCgbare Rollen
+add-selected=Ausgew\u00E4hlte hinzuf\u00FCgen
+#associated-roles=Associated Roles
+#composite.associated-realm-roles.tooltip=Realm level roles associated with this composite role.
+#composite.available-realm-roles.tooltip=Realm level roles that you can associate to this composite role.
+remove-selected=Ausgew\u00E4hlte entfernen
+client-roles=Client-Rollen
+select-client-to-view-roles=W\u00E4hlen Sie einen Client um die Rollen daf\u00FCr zu sehen
+#available-roles.tooltip=Roles from this client that you can associate to this composite role.
+#client.associated-roles.tooltip=Client roles associated with this composite role.
+#add-builtin=Add Builtin
+category=Kategorie
+type=Typ
+#no-mappers-available=No mappers available
+#add-builtin-protocol-mappers=Add Builtin Protocol Mappers
+#add-builtin-protocol-mapper=Add Builtin Protocol Mapper
+#scope-mappings=Scope Mappings
+#full-scope-allowed=Full Scope Allowed
+#full-scope-allowed.tooltip=Allows you to disable all restrictions.
+#scope.available-roles.tooltip=Realm level roles that can be assigned to scope.
+assigned-roles=Zugewiesene Rollen
+#assigned-roles.tooltip=Realm level roles assigned to scope.
+effective-roles=Effektive Rollen
+#realm.effective-roles.tooltip=Assigned realm level roles that may have been inherited from a composite role.
+#select-client-roles.tooltip=Select client to view roles for client
+#assign.available-roles.tooltip=Client roles available to be assigned.
+#client.assigned-roles.tooltip=Assigned client roles.
+#client.effective-roles.tooltip=Assigned client roles that may have been inherited from a composite role.
+#basic-configuration=Basic configuration
+#node-reregistration-timeout=Node Re-registration Timeout
+#node-reregistration-timeout.tooltip=Interval to specify max time for registered clients cluster nodes to re-register. If cluster node won't send re-registration request to Keycloak within this time, it will be unregistered from Keycloak
+#registered-cluster-nodes=Registered cluster nodes
+#register-node-manually=Register node manually
+#test-cluster-availability=Test cluster availability
+#last-registration=Last registration
+#node-host=Node host
+#no-registered-cluster-nodes=No registered cluster nodes available
+#cluster-nodes=Cluster Nodes
+#add-node=Add Node
+#active-sessions.tooltip=Total number of active user sessions for this client.
+#show-sessions=Show Sessions
+#show-sessions.tooltip=Warning, this is a potentially expensive operation depending on number of active sessions.
+user=Benutzer
+#from-ip=From IP
+#session-start=Session Start
+first-page=Erste Seite
+previous-page=Vorherige Seite
+next-page=N\u00E4chste Seite
+#client-revoke.not-before.tooltip=Revoke any tokens issued before this date for this client.
+#client-revoke.push.tooltip=If admin URL is configured for this client, push this policy to that client.
+#select-a-format=Select a Format
+#download=Download
+#offline-tokens=Offline Tokens
+#offline-tokens.tooltip=Total number of offline tokens for this client.
+#show-offline-tokens=Show Offline Tokens
+#show-offline-tokens.tooltip=Warning, this is a potentially expensive operation depending on number of offline tokens.
+#token-issued=Token Issued
+last-access=Letzter Zugriff
+last-refresh=Letzte Aktualisierung
+#key-export=Key Export
+#key-import=Key Import
+#export-saml-key=Export SAML Key
+#import-saml-key=Import SAML Key
+#realm-certificate-alias=Realm Certificate Alias
+#realm-certificate-alias.tooltip=Realm certificate is stored in archive too. This is the alias to it.
+#signing-key=Signing Key
+#saml-signing-key=SAML Signing Key.
+#private-key=Private Key
+#generate-new-keys=Generate new keys
+#export=Export
+#encryption-key=Encryption Key
+#saml-encryption-key.tooltip=SAML Encryption Key.
+#service-accounts=Service Accounts
+#service-account.available-roles.tooltip=Realm level roles that can be assigned to service account.
+#service-account.assigned-roles.tooltip=Realm level roles assigned to service account.
+#service-account-is-not-enabled-for=Service account is not enabled for {{client}}
+#create-protocol-mappers=Create Protocol Mappers
+#create-protocol-mapper=Create Protocol Mapper
+#protocol=Protocol
+#protocol.tooltip=Protocol...
+#id=ID
+#mapper.name.tooltip=Name of the mapper.
+#mapper.consent-required.tooltip=When granting temporary access, must the user consent to providing this data to the client?
+#consent-text=Consent Text
+#consent-text.tooltip=Text to display on consent page.
+#mapper-type=Mapper Type
+#mapper-type.tooltip=Type of the mapper
+# realm identity providers
+#identity-providers=Identity Providers
+#table-of-identity-providers=Table of identity providers
+#add-provider.placeholder=Add provider...
+#provider=Provider
+#gui-order=GUI order
+#first-broker-login-flow=First Login Flow
+#post-broker-login-flow=Post Login Flow
+sync-mode=Synchronisationsmodus
+sync-mode.tooltip=Standardsyncmodus für alle Mapper. Mögliche Werte sind: 'Legacy' um das alte Verhalten beizubehalten, 'Importieren' um den Nutzer einmalig zu importieren, 'Erzwingen' um den Nutzer immer zu importieren.
+sync-mode.inherit=Standard erben
+sync-mode.legacy=Legacy
+sync-mode.import=Importieren
+sync-mode.force=Erzwingen
+sync-mode-override=Überschriebene Synchronisation
+sync-mode-override.tooltip=Überschreibt den normalen Synchronisationsmodus des IDP für diesen Mapper. Were sind 'Legacy' um das alte Verhalten beizubehalten, 'Importieren' um den Nutzer einmalig zu importieren, 'Erzwingen' um den Nutzer immer zu updaten.
+#redirect-uri=Redirect URI
+#redirect-uri.tooltip=The redirect uri to use when configuring the identity provider.
+#alias=Alias
+#display-name=Display Name
+#identity-provider.alias.tooltip=The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
+#identity-provider.display-name.tooltip=Friendly name for Identity Providers.
+#identity-provider.enabled.tooltip=Enable/disable this identity provider.
+#authenticate-by-default=Authenticate by Default
+#identity-provider.authenticate-by-default.tooltip=Indicates if this provider should be tried by default for authentication even before displaying login screen.
+#store-tokens=Store Tokens
+#identity-provider.store-tokens.tooltip=Enable/disable if tokens must be stored after authenticating users.
+#stored-tokens-readable=Stored Tokens Readable
+#identity-provider.stored-tokens-readable.tooltip=Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
+#disableUserInfo=Disable User Info
+#identity-provider.disableUserInfo.tooltip=Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.
+#userIp=Use userIp Param
+#identity-provider.google-userIp.tooltip=Set 'userIp' query parameter when invoking on Google's User Info service. This will use the user's ip address. Useful if Google is throttling access to the User Info service.
+#hostedDomain=Hosted Domain
+#identity-provider.google-hostedDomain.tooltip=Set 'hd' query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak validates that the returned identity token has a claim for this domain. When '*' is entered any hosted account can be used.
+#sandbox=Target Sandbox
+#identity-provider.paypal-sandbox.tooltip=Target PayPal's sandbox environment
+#update-profile-on-first-login=Update Profile on First Login
+#on=On
+#on-missing-info=On missing info
+#off=Off
+#update-profile-on-first-login.tooltip=Define conditions under which a user has to update their profile during first-time login.
+#trust-email=Trust Email
+#trust-email.tooltip=If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
+#link-only=Account Linking Only
+#link-only.tooltip=If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider
+#hide-on-login-page=Hide on Login Page
+#hide-on-login-page.tooltip=If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.
+#gui-order.tooltip=Number defining order of the provider in GUI (eg. on Login page).
+#first-broker-login-flow.tooltip=Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account.
+#post-broker-login-flow.tooltip=Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
+#openid-connect-config=OpenID Connect Config
+#openid-connect-config.tooltip=OIDC SP and external IDP configuration.
+#authorization-url=Authorization URL
+#authorization-url.tooltip=The Authorization Url.
+#token-url=Token URL
+#token-url.tooltip=The Token URL.
+#loginHint=Pass login_hint
+#loginHint.tooltip=Pass login_hint to identity provider.
+logout-url=Logout-URL
+#identity-provider.logout-url.tooltip=End session endpoint to use to logout user from external IDP.
+#backchannel-logout=Backchannel Logout
+#backchannel-logout.tooltip=Does the external IDP support backchannel logout?
+#user-info-url=User Info URL
+#user-info-url.tooltip=The User Info Url. This is optional.
+#identity-provider.client-id.tooltip=The client or client identifier registered within the identity provider.
+#client-secret=Client Secret
+#show-secret=Show secret
+#hide-secret=Hide secret
+#client-secret.tooltip=The client or client secret registered within the identity provider.
+#issuer=Issuer
+#issuer.tooltip=The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
+#default-scopes=Default Scopes
+#identity-provider.default-scopes.tooltip=The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'.
+#prompt=Prompt
+#unspecified.option=unspecified
+#none.option=none
+#consent.option=consent
+#login.option=login
+#select-account.option=select_account
+#prompt.tooltip=Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.
+#validate-signatures=Validate Signatures
+#identity-provider.validate-signatures.tooltip=Enable/disable signature validation of external IDP signatures.
+#identity-provider.use-jwks-url.tooltip=If the switch is on, then identity provider public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when identity provider generates new keypair. If the switch is off, then public key (or certificate) from the Keycloak DB is used, so when identity provider keypair changes, you always need to import new key to the Keycloak DB as well.
+#identity-provider.jwks-url.tooltip=URL where identity provider keys in JWK format are stored. See JWK specification for more details. If you use external Keycloak identity provider, then you can use URL like 'http://broker-keycloak:8180/auth/realms/test/protocol/openid-connect/certs' assuming your brokered Keycloak is running on 'http://broker-keycloak:8180' and its realm is 'test' .
+#validating-public-key=Validating Public Key
+#identity-provider.validating-public-key.tooltip=The public key in PEM format that must be used to verify external IDP signatures.
+#validating-public-key-id=Validating Public Key Id
+#identity-provider.validating-public-key-id.tooltip=Explicit ID of the validating public key given above if the key ID. Leave blank if the key above should be used always, regardless of key ID specified by external IDP; set it if the key should only be used for verifying if key ID from external IDP matches.
+#allowed-clock-skew=Allowed clock skew
+#identity-provider.allowed-clock-skew.tooltip=Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is zero.
+#forwarded-query-parameters=Forwarded Query Parameters
+#identity-provider.forwarded-query-parameters.tooltip=Non OpenID Connect/OAuth standard query parameters to be forwarded to external IDP from the initial application request to Authorization Endpoint. Multiple parameters can be entered, separated by comma (,).
+#import-external-idp-config=Import External IDP Config
+#import-external-idp-config.tooltip=Allows you to load external IDP metadata from a config file or to download it from a URL.
+#import-from-url=Import from URL
+#identity-provider.import-from-url.tooltip=Import metadata from a remote IDP discovery descriptor.
+#import-from-file=Import from file
+#identity-provider.import-from-file.tooltip=Import metadata from a downloaded IDP discovery descriptor.
+#saml-config=SAML Config
+#identity-provider.saml-config.tooltip=SAML SP and external IDP configuration.
+#single-signon-service-url=Single Sign-On Service URL
+#saml.single-signon-service-url.tooltip=The Url that must be used to send authentication requests (SAML AuthnRequest).
+#single-logout-service-url=Single Logout Service URL
+#saml.single-logout-service-url.tooltip=The Url that must be used to send logout requests.
+#nameid-policy-format=NameID Policy Format
+#nameid-policy-format.tooltip=Specifies the URI reference corresponding to a name identifier format. Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
+#http-post-binding-response=HTTP-POST Binding Response
+#http-post-binding-response.tooltip=Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
+#http-post-binding-for-authn-request=HTTP-POST Binding for AuthnRequest
+#http-post-binding-for-authn-request.tooltip=Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
+#http-post-binding-logout=HTTP-POST Binding Logout
+#http-post-binding-logout.tooltip=Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
+#want-authn-requests-signed=Want AuthnRequests Signed
+#want-authn-requests-signed.tooltip=Indicates whether the identity provider expects a signed AuthnRequest.
+#want-assertions-signed=Want Assertions Signed
+#want-assertions-signed.tooltip=Indicates whether this service provider expects a signed Assertion.
+#want-assertions-encrypted=Want Assertions Encrypted
+#want-assertions-encrypted.tooltip=Indicates whether this service provider expects an encrypted Assertion.
+#force-authentication=Force Authentication
+#identity-provider.force-authentication.tooltip=Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
+#validate-signature=Validate Signature
+#saml.validate-signature.tooltip=Enable/disable signature validation of SAML responses.
+#validating-x509-certificate=Validating X509 Certificates
+#validating-x509-certificate.tooltip=The certificate in PEM format that must be used to check for signatures. Multiple certificates can be entered, separated by comma (,).
+#saml.import-from-url.tooltip=Import metadata from a remote IDP SAML entity descriptor.
+#social.client-id.tooltip=The client identifier registered with the identity provider.
+#social.client-secret.tooltip=The client secret registered with the identity provider.
+#social.default-scopes.tooltip=The scopes to be sent when asking for authorization. See documentation for possible values, separator and default value'.
+key=Key
+#stackoverflow.key.tooltip=The Key obtained from Stack Overflow client registration.
+#openshift.base-url=Base Url
+#openshift.base-url.tooltip=Base Url to OpenShift Online API
+#openshift4.base-url=Base Url
+#openshift4.base-url.tooltip=Base Url to OpenShift Online API
+#gitlab-application-id=Application Id
+#gitlab-application-secret=Application Secret
+#gitlab.application-id.tooltip=Application Id for the application you created in your GitLab Applications account menu
+#gitlab.application-secret.tooltip=Secret for the application that you created in your GitLab Applications account menu
+#gitlab.default-scopes.tooltip=Scopes to ask for on login. Will always ask for openid. Additionally adds api if you do not specify anything.
+#bitbucket-consumer-key=Consumer Key
+#bitbucket-consumer-secret=Consumer Secret
+#bitbucket.key.tooltip=Bitbucket OAuth Consumer Key
+#bitbucket.secret.tooltip=Bitbucket OAuth Consumer Secret
+#bitbucket.default-scopes.tooltip=Scopes to ask for on login. If you do not specify anything, scope defaults to 'email'.
+# User federation
+#sync-ldap-roles-to-keycloak=Sync LDAP Roles To Keycloak
+#sync-keycloak-roles-to-ldap=Sync Keycloak Roles To LDAP
+#sync-ldap-groups-to-keycloak=Sync LDAP Groups To Keycloak
+#sync-keycloak-groups-to-ldap=Sync Keycloak Groups To LDAP
+realms=Realms
+#realm=Realm
+#identity-provider-mappers=Identity Provider Mappers
+#create-identity-provider-mapper=Create Identity Provider Mapper
+#add-identity-provider-mapper=Add Identity Provider Mapper
+#client.description.tooltip=Specifies description of the client. For example 'My Client for TimeSheets'. Supports keys for localized values as well. For example\: ${my_client_description}
+#expires=Expires
+#expiration=Expiration
+#expiration.tooltip=Specifies how long the token should be valid
+#count=Count
+#count.tooltip=Specifies how many clients can be created using the token
+#remainingCount=Remaining Count
+#created=Created
+#back=Back
+#initial-access-tokens=Initial Access Tokens
+#add-initial-access-tokens=Add Initial Access Token
+#initial-access-token=Initial Access Token
+#initial-access.copyPaste.tooltip=Copy/paste the initial access token before navigating away from this page as it's not possible to retrieve later
+#continue=Continue
+#initial-access-token.confirm.title=Copy Initial Access Token
+#initial-access-token.confirm.text=Please copy and paste the initial access token before confirming as it can't be retrieved later
+#no-initial-access-available=No Initial Access Tokens available
+#client-reg-policies=Client Registration Policies
+#client-reg-policy.name.tooltip=Display Name of the policy
+#anonymous-policies=Anonymous Access Policies
+#anonymous-policies.tooltip=Those Policies are used when Client Registration Service is invoked by unauthenticated request. This means request doesn't contain Initial Access Token nor Bearer Token.
+#auth-policies=Authenticated Access Policies
+#auth-policies.tooltip=Those Policies are used when Client Registration Service is invoked by authenticated request. This means request contains Initial Access Token or Bearer Token.
+#policy-name=Policy Name
+#no-client-reg-policies-configured=No Client Registration Policies
+#trusted-hosts.label=Trusted Hosts
+#trusted-hosts.tooltip=List of Hosts, which are trusted and are allowed to invoke Client Registration Service and/or be used as values of Client URIs. You can use hostnames or IP addresses. If you use star at the beginning (for example '*.example.com' ) then whole domain example.com will be trusted.
+#host-sending-registration-request-must-match.label=Host Sending Client Registration Request Must Match
+#host-sending-registration-request-must-match.tooltip=If on, then any request to Client Registration Service is allowed just if it was sent from some trusted host or domain.
+#client-uris-must-match.label=Client URIs Must Match
+#client-uris-must-match.tooltip=If on, then all Client URIs (Redirect URIs and others) are allowed just if they match some trusted host or domain.
+#allowed-protocol-mappers.label=Allowed Protocol Mappers
+#allowed-protocol-mappers.tooltip=Whitelist of allowed protocol mapper providers. If there is an attempt to register client, which contains some protocol mappers, which were not whitelisted, then registration request will be rejected.
+#consent-required-for-all-mappers.label=Consent Required For Mappers
+#consent-required-for-all-mappers.tooltip=If on, then all newly registered protocol mappers will automatically have consentRequired switch on. This means that user will need to approve consent screen. NOTE: Consent screen is shown just if client has consentRequired switch on. So it's usually good to use this switch together with consent-required policy.
+#allowed-client-scopes.label=Allowed Client Scopes
+#allowed-client-scopes.tooltip=Whitelist of the client scopes, which can be used on newly registered client. Attempt to register client with some client scope, which is not whitelisted, will be rejected. By default, the whitelist is either empty or contains just realm default client scopes (based on 'Allow Default Scopes' configuration property)
+#allow-default-scopes.label=Allow Default Scopes
+#allow-default-scopes.tooltip=If on, then newly registered clients will be allowed to have client scopes mentioned in realm default client scopes or realm optional client scopes
+#max-clients.label=Max Clients Per Realm
+#max-clients.tooltip=It won't be allowed to register new client if count of existing clients in realm is same or bigger than configured limit.
+
+#client-scopes=Client Scopes
+#client-scopes.tooltip=Client scopes allow you to define common set of protocol mappers and roles, that are shared between multiple clients
+
+groups=Gruppen
+
+group.add-selected.tooltip=Realm-Rollen die zu der Gruppen hinzugef\u00FCgt werden k\u00F6nnen.
+group.assigned-roles.tooltip=Realm-Rollen die zur Gruppe zugeordnet sind
+#group.effective-roles.tooltip=All realm role mappings. Some roles here might be inherited from a mapped composite role.
+#group.available-roles.tooltip=Assignable roles from this client.
+#group.assigned-roles-client.tooltip=Role mappings for this client.
+#group.effective-roles-client.tooltip=Role mappings for this client. Some roles here might be inherited from a mapped composite role.
+
+default-roles=Standardrollen
+no-realm-roles-available=Keine Realm-Rollen verf\u00FCgbar
+
+users=Benutzer
+user.add-selected.tooltip=Realm-Rollen, die dem Benutzer zugewiesen werden k\u00F6nnen.
+user.assigned-roles.tooltip=Realm-Rollen, die dem Benutzer zugewiesen sind.
+user.effective-roles.tooltip=Alle Realm-Rollen-Zuweisungen. Einige Rollen hier k\u00F6nnen von zusammengesetzten Rollen geerbt sein.
+#user.available-roles.tooltip=Assignable roles from this client.
+#user.assigned-roles-client.tooltip=Role mappings for this client.
+#user.effective-roles-client.tooltip=Role mappings for this client. Some roles here might be inherited from a mapped composite role.
+#default.available-roles.tooltip=Realm level roles that can be assigned.
+#realm-default-roles=Realm Default Roles
+#realm-default-roles.tooltip=Realm level roles assigned to new users.
+#default.available-roles-client.tooltip=Roles from this client that are assignable as a default.
+#client-default-roles=Client Default Roles
+#client-default-roles.tooltip=Roles from this client assigned as a default role.
+#composite.available-roles.tooltip=Realm level roles that you can associate to this composite role.
+#composite.associated-roles.tooltip=Realm level roles associated with this composite role.
+#composite.available-roles-client.tooltip=Roles from this client that you can associate to this composite role.
+#composite.associated-roles-client.tooltip=Client roles associated with this composite role.
+#partial-import=Partial Import
+#partial-import.tooltip=Partial import allows you to import users, clients, and other resources from a previously exported json file.
+
+#file=File
+#exported-json-file=Exported json file
+#import-from-realm=Import from realm
+#import-users=Import users
+#import-groups=Import groups
+#import-clients=Import clients
+#import-identity-providers=Import identity providers
+#import-realm-roles=Import realm roles
+#import-client-roles=Import client roles
+#if-resource-exists=If a resource exists
+#fail=Fail
+#skip=Skip
+#overwrite=Overwrite
+#if-resource-exists.tooltip=Specify what should be done if you try to import a resource that already exists.
+
+#partial-export=Partial Export
+#partial-export.tooltip=Partial export allows you to export realm configuration, and other associated resources into a json file.
+#export-groups-and-roles=Export groups and roles
+#export-clients=Export clients
+
+action=Aktion
+#role-selector=Role Selector
+#realm-roles.tooltip=Realm roles that can be selected.
+
+#select-a-role=Select a role
+#select-realm-role=Select realm role
+#client-roles.tooltip=Client roles that can be selected.
+#select-client-role=Select client role
+
+#client-saml-endpoint=Client SAML Endpoint
+#add-client-scope=Add client scope
+
+#default-client-scopes=Default Client Scopes
+#default-client-scopes.tooltip=Client Scopes, which will be added automatically to each created client
+#default-client-scopes.default=Default Client Scopes
+#default-client-scopes.default.tooltip=Allow to define client scopes, which will be added as default scopes to each created client
+#default-client-scopes.default.available=Available Client Scopes
+#default-client-scopes.default.available.tooltip=Client scopes, which are not yet assigned as realm default scopes or realm optional scopes
+#default-client-scopes.default.assigned=Assigned Default Client Scopes
+#default-client-scopes.default.assigned.tooltip=Client scopes, which will be added as default scopes to each created client
+#default-client-scopes.optional=Optional Client Scopes
+#default-client-scopes.optional.tooltip=Allow to define client scopes, which will be added as optional scopes to each created client
+#default-client-scopes.optional.available=Available Client Scopes
+#default-client-scopes.optional.available.tooltip=Client scopes, which are not yet assigned as realm default scopes or realm optional scopes
+#default-client-scopes.optional.assigned=Assigned Optional Client Scopes
+#default-client-scopes.optional.assigned.tooltip=Client scopes, which will be added as optional scopes to each created client
+
+#client-scopes.setup=Setup
+#client-scopes.setup.tooltip=Allow to setup client scopes linked to this client
+#client-scopes.default=Default Client Scopes
+#client-scopes.default.tooltip=Default client scopes are always applied when issuing tokens for this client. Protocol mappers and role scope mappings are always applied regardless of value of used scope parameter in OIDC Authorization request
+#client-scopes.default.available=Available Client Scopes
+#client-scopes.default.available.tooltip=Client scopes, which are not yet assigned as default scopes or optional scopes
+#client-scopes.default.assigned=Assigned Default Client Scopes
+#client-scopes.default.assigned.tooltip=Client scopes, which will be used as default scopes when generating tokens for this client
+#client-scopes.optional=Optional Client Scopes
+#client-scopes.optional.tooltip=Optional client scopes are applied when issuing tokens for this client, however just in case when they are requested by scope parameter in OIDC Authorization request
+#client-scopes.optional.available=Available Client Scopes
+#client-scopes.optional.available.tooltip=Client scopes, which are not yet assigned as default scopes or optional scopes
+#client-scopes.optional.assigned=Assigned Optional Client Scopes
+#client-scopes.optional.assigned.tooltip=Client scopes, which may be used as optional scopes when generating tokens for this client
+
+#client-scopes.evaluate=Evaluate
+#client-scopes.evaluate.tooltip=Allow to see all protocol mappers and role scope mappings, which will be used in the tokens issued to this client. Also allow to generate example access token based on provided scope parameter
+#scope-parameter=Scope Parameter
+#scope-parameter.tooltip=You can copy/paste this value of scope parameter and use it in initial OpenID Connect Authentication Request sent from this client adapter. Default client scopes and selected optional client scopes will be used when generating token issued for this client
+#client-scopes.evaluate.scopes=Client Scopes
+#client-scopes.evaluate.scopes.tooltip=Allow to select optional client scopes, which may be used when generating token issued for this client
+#client-scopes.evaluate.scopes.available=Available Optional Client Scopes
+#client-scopes.evaluate.scopes.available.tooltip=This contains Optional Client Scopes, which can be optionally used when issuing access token for this client
+#client-scopes.evaluate.scopes.assigned=Selected Optional Client Scopes
+#client-scopes.evaluate.scopes.assigned.tooltip=Selected Optional Client Scopes, which will be used when issuing access token for this client. You can see above what value of OAuth Scope Parameter need to be used when you want to have these optional client scopes applied when the initial OpenID Connect Authentication request will be sent from your client adapter
+#client-scopes.evaluate.scopes.effective=Effective Client Scopes
+#client-scopes.evaluate.scopes.effective.tooltip=Contains all default client scopes and selected optional scopes. All protocol mappers and role scope mappings of all those client scopes will be used when generating access token issued for your client
+#client-scopes.evaluate.user.tooltip=Optionally select user, for whom the example access token will be generated. If you don't select any user, then example access token won't be generated during evaluation
+#send-evaluation-request=Evaluate
+#send-evaluation-request.tooltip=Click this to see all protocol mappers and role scope mappings, which will be used when issuing access token for this client. It will also optionally generate example access token in case that some user was selected
+
+#evaluated-protocol-mappers=Effective Protocol Mappers
+#evaluated-protocol-mappers.tooltip=Allow you to see all effective protocol mappers, which will be used when issuing token for this client. Contains also protocol mappers of selected optional client scopes. For each protocol mapper, you can see from which client scope it is inherited from
+#evaluated-roles=Effective Role Scope Mappings
+#evaluated-roles.tooltip=Allow you to see all effective roles scope mappings, which will be used when issuing token for this client. Contains also role scope mappings of selected optional client scopes
+#parent-client-scope=Parent Client Scope
+#client-scopes.evaluate.not-granted-roles=Not Granted Roles
+#client-scopes.evaluate.not-granted-roles.tooltip=Client doesn't have scope mappings for these roles. Those roles won't be in the access token issued to this client even if authenticated user is member of them
+#client-scopes.evaluate.granted-realm-effective-roles=Granted Effective Realm Roles
+#client-scopes.evaluate.granted-realm-effective-roles.tooltip=Client has scope mappings for these roles. Those roles will be in the access token issued to this client if authenticated user is member of them
+#client-scopes.evaluate.granted-client-effective-roles=Granted Effective Client Roles
+#generated-access-token=Generated Access Token
+#generated-access-token.tooltip=See the example token, which will be generated and sent to the client when selected user is authenticated. You can see claims and roles, which the token will contain based on the effective protocol mappers and role scope mappings and also based on the claims/roles assigned to user himself
+
+manage=Verwalten
+authentication=Authentifizierung
+#user-federation=User Federation
+#user-storage=User Storage
+events=Ereignisse
+realm-settings=Realm-Einstellungen
+configure=Konfigurieren
+select-realm=Realm ausw\u00E4hlen
+add=Hinzuf\u00FCgen
+
+#client-storage=Client Storage
+#no-client-storage-providers-configured=No client storage providers configured
+#client-stores.tooltip=Keycloak can retrieve clients and their details from external stores.
+
+#client-scope.name.tooltip=Name of the client scope. Must be unique in the realm. Name shouldn't contain space characters as it's used as value of scope parameter
+#client-scope.description.tooltip=Description of the client scope
+#client-scope.protocol.tooltip=Which SSO protocol configuration is being supplied by this client scope
+#client-scope.display-on-consent-screen=Display On Consent Screen
+#client-scope.display-on-consent-screen.tooltip=If on, and this client scope is added to some client with consent required, then the text specified by 'Consent Screen Text' will be displayed on consent screen. If off, then this client scope won't be displayed on consent screen
+#client-scope.consent-screen-text=Consent Screen Text
+#client-scope.consent-screen-text.tooltip=Text, which will be shown on consent screen when this client scope is added to some client with consent required. Defaults to name of client scope if it's not filled
+
+#add-user-federation-provider=Add user federation provider
+#add-user-storage-provider=Add user storage provider
+#required-settings=Required Settings
+#provider-id=Provider ID
+#console-display-name=Console Display Name
+#console-display-name.tooltip=Display name of provider when linked in admin console.
+#priority=Priority
+#priority.tooltip=Priority of provider when doing a user lookup. Lowest first.
+#user-storage.enabled.tooltip=If provider is disabled it will not be considered for queries and imported users will be disabled and read-only until the provider is enabled again.
+#sync-settings=Sync Settings
+#periodic-full-sync=Periodic Full Sync
+#periodic-full-sync.tooltip=Does periodic full synchronization of provider users to Keycloak should be enabled or not
+#full-sync-period=Full Sync Period
+#full-sync-period.tooltip=Period for full synchronization in seconds
+#periodic-changed-users-sync=Periodic Changed Users Sync
+#periodic-changed-users-sync.tooltip=Does periodic synchronization of changed or newly created provider users to Keycloak should be enabled or not
+#changed-users-sync-period=Changed Users Sync Period
+#changed-users-sync-period.tooltip=Period for synchronization of changed or newly created provider users in seconds
+#synchronize-changed-users=Synchronize changed users
+#synchronize-all-users=Synchronize all users
+#remove-imported-users=Remove imported
+unlink-users=Benutzer entsperren
+#kerberos-realm=Kerberos Realm
+#kerberos-realm.tooltip=Name of kerberos realm. For example FOO.ORG
+#server-principal=Server Principal
+#server-principal.tooltip=Full name of server principal for HTTP service including server and domain name. For example HTTP/host.foo.org@FOO.ORG
+#keytab=KeyTab
+#keytab.tooltip=Location of Kerberos KeyTab file containing the credentials of server principal. For example /etc/krb5.keytab
+#debug=Debug
+#debug.tooltip=Enable/disable debug logging to standard output for Krb5LoginModule.
+#allow-password-authentication=Allow Password Authentication
+#allow-password-authentication.tooltip=Enable/disable possibility of username/password authentication against Kerberos database
+#edit-mode=Edit Mode
+#edit-mode.tooltip=READ_ONLY means that password updates are not allowed and user always authenticates with Kerberos password. UNSYNCED means user can change his password in Keycloak database and this one will be used instead of Kerberos password then
+#ldap.edit-mode.tooltip=READ_ONLY is a read-only LDAP store. WRITABLE means data will be synced back to LDAP on demand. UNSYNCED means user data will be imported, but not synced back to LDAP.
+#update-profile-first-login=Update Profile First Login
+#update-profile-first-login.tooltip=Update profile on first login
+#sync-registrations=Sync Registrations
+#ldap.sync-registrations.tooltip=Should newly created users be created within LDAP store? Priority effects which provider is chose to sync the new user.
+#import-enabled=Import Users
+#ldap.import-enabled.tooltip=If true, LDAP users will be imported into Keycloak DB and synced via the configured sync policies.
+#vendor=Vendor
+#ldap.vendor.tooltip=LDAP vendor (provider)
+#username-ldap-attribute=Username LDAP attribute
+#ldap-attribute-name-for-username=LDAP attribute name for username
+#username-ldap-attribute.tooltip=Name of LDAP attribute, which is mapped as Keycloak username. For many LDAP server vendors it can be 'uid'. For Active directory it can be 'sAMAccountName' or 'cn'. The attribute should be filled for all LDAP user records you want to import from LDAP to Keycloak.
+#rdn-ldap-attribute=RDN LDAP attribute
+#ldap-attribute-name-for-user-rdn=LDAP attribute name for user RDN
+#rdn-ldap-attribute.tooltip=Name of LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as Username LDAP attribute, however it's not required. For example for Active directory it's common to use 'cn' as RDN attribute when username attribute might be 'sAMAccountName'.
+#uuid-ldap-attribute=UUID LDAP attribute
+#ldap-attribute-name-for-uuid=LDAP attribute name for UUID
+#uuid-ldap-attribute.tooltip=Name of LDAP attribute, which is used as unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors it's 'entryUUID' however some are different. For example for Active directory it should be 'objectGUID'. If your LDAP server really doesn't support the notion of UUID, you can use any other attribute, which is supposed to be unique among LDAP users in tree. For example 'uid' or 'entryDN'.
+#user-object-classes=User Object Classes
+#ldap-user-object-classes.placeholder=LDAP User Object Classes (div. by comma)
+#ldap-connection-url=LDAP connection URL
+#ldap-users-dn=LDAP Users DN
+#ldap-bind-dn=LDAP Bind DN
+#ldap-bind-credentials=LDAP Bind Credentials
+#ldap-filter=LDAP Filter
+#ldap.user-object-classes.tooltip=All values of LDAP objectClass attribute for users in LDAP divided by comma. For example: 'inetOrgPerson, organizationalPerson' . Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records are found just if they contain all those object classes.
+#connection-url=Connection URL
+#ldap.connection-url.tooltip=Connection URL to your LDAP server
+#test-connection=Test connection
+#users-dn=Users DN
+#ldap.users-dn.tooltip=Full DN of LDAP tree where your users are. This DN is parent of LDAP users. It could be for example 'ou=users,dc=example,dc=com' assuming that your typical user will have DN like 'uid=john,ou=users,dc=example,dc=com'
+#authentication-type=Authentication Type
+#ldap.authentication-type.tooltip=LDAP Authentication type. Right now just 'none' (anonymous LDAP authentication) or 'simple' (Bind credential + Bind password authentication) mechanisms are available
+#bind-dn=Bind DN
+#ldap.bind-dn.tooltip=DN of LDAP admin, which will be used by Keycloak to access LDAP server
+#bind-credential=Bind Credential
+#ldap.bind-credential.tooltip=Password of LDAP admin
+#test-authentication=Test authentication
+#custom-user-ldap-filter=Custom User LDAP Filter
+#ldap.custom-user-ldap-filter.tooltip=Additional LDAP Filter for filtering searched users. Leave this empty if you don't need additional filter. Make sure that it starts with '(' and ends with ')'
+#search-scope=Search Scope
+#ldap.search-scope.tooltip=For one level, we search for users just in DNs specified by User DNs. For subtree, we search in whole of their subtree. See LDAP documentation for more details
+#use-truststore-spi=Use Truststore SPI
+#ldap.use-truststore-spi.tooltip=Specifies whether LDAP connection will use the truststore SPI with the truststore configured in standalone.xml/domain.xml. 'Always' means that it will always use it. 'Never' means that it won't use it. 'Only for ldaps' means that it will use if your connection URL use ldaps. Note even if standalone.xml/domain.xml is not configured, the default Java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.
+#validate-password-policy=Validate Password Policy
+#connection-pooling=Connection Pooling
+#connection-pooling-settings=Connection Pooling Settings
+#connection-pooling-authentication=Connection Pooling Authentication
+#connection-pooling-authentication-default=none simple
+#connection-pooling-debug=Connection Pool Debug Level
+#connection-pooling-debug-default=off
+#connection-pooling-initsize=Connection Pool Initial Size
+#connection-pooling-initsize-default=1
+#connection-pooling-maxsize=Connection Pool Maximum Size
+#connection-pooling-maxsize-default=1000
+#connection-pooling-prefsize=Connection Pool Preferred Size
+#connection-pooling-prefsize-default=5
+#connection-pooling-protocol=Connection Pool Protocol
+#connection-pooling-protocol-default=plain
+#connection-pooling-timeout=Connection Pool Timeout
+#connection-pooling-timeout-default=300000
+#ldap-connection-timeout=Connection Timeout
+#ldap.connection-timeout.tooltip=LDAP Connection Timeout in milliseconds
+#ldap-read-timeout=Read Timeout
+#ldap.read-timeout.tooltip=LDAP Read Timeout in milliseconds. This timeout applies for LDAP read operations
+#ldap.validate-password-policy.tooltip=Does Keycloak should validate the password with the realm password policy before updating it
+#ldap.connection-pooling.tooltip=Does Keycloak should use connection pooling for accessing LDAP server
+#ldap.connection-pooling.authentication.tooltip=A list of space-separated authentication types of connections that may be pooled. Valid types are "none", "simple", and "DIGEST-MD5".
+#ldap.connection-pooling.debug.tooltip=A string that indicates the level of debug output to produce. Valid values are "fine" (trace connection creation and removal) and "all" (all debugging information).
+#ldap.connection-pooling.initsize.tooltip=The string representation of an integer that represents the number of connections per connection identity to create when initially creating a connection for the identity.
+#ldap.connection-pooling.maxsize.tooltip=The string representation of an integer that represents the maximum number of connections per connection identity that can be maintained concurrently.
+#ldap.connection-pooling.prefsize.tooltip=The string representation of an integer that represents the preferred number of connections per connection identity that should be maintained concurrently.
+#ldap.connection-pooling.protocol.tooltip=A list of space-separated protocol types of connections that may be pooled. Valid types are "plain" and "ssl".
+#ldap.connection-pooling.timeout.tooltip=The string representation of an integer that represents the number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool.
+#ldap.pagination.tooltip=Does the LDAP server support pagination.
+#kerberos-integration=Kerberos Integration
+#allow-kerberos-authentication=Allow Kerberos authentication
+#ldap.allow-kerberos-authentication.tooltip=Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will be provisioned from this LDAP server
+#use-kerberos-for-password-authentication=Use Kerberos For Password Authentication
+#ldap.use-kerberos-for-password-authentication.tooltip=Use Kerberos login module for authenticate username/password against Kerberos server instead of authenticating against LDAP server with Directory Service API
+#batch-size=Batch Size
+#ldap.batch-size.tooltip=Count of LDAP users to be imported from LDAP to Keycloak within single transaction.
+#ldap.periodic-full-sync.tooltip=Does periodic full synchronization of LDAP users to Keycloak should be enabled or not
+#ldap.periodic-changed-users-sync.tooltip=Does periodic synchronization of changed or newly created LDAP users to Keycloak should be enabled or not
+#ldap.changed-users-sync-period.tooltip=Period for synchronization of changed or newly created LDAP users in seconds
+#user-federation-mappers=User Federation Mappers
+#create-user-federation-mapper=Create user federation mapper
+#add-user-federation-mapper=Add user federation mapper
+#provider-name=Provider Name
+#no-user-federation-providers-configured=No user federation providers configured
+#no-user-storage-providers-configured=No user storage providers configured
+#add-identity-provider=Add identity provider
+#add-identity-provider-link=Add identity provider link
+#identity-provider=Identity Provider
+#identity-provider-user-id=Identity Provider User ID
+#identity-provider-user-id.tooltip=Unique ID of the user on the Identity Provider side
+#identity-provider-username=Identity Provider Username
+#identity-provider-username.tooltip=Username on the Identity Provider side
+#pagination=Pagination
+#browser-flow=Browser Flow
+#browser-flow.tooltip=Select the flow you want to use for browser authentication.
+#registration-flow=Registration Flow
+#registration-flow.tooltip=Select the flow you want to use for registration.
+#direct-grant-flow=Direct Grant Flow
+#direct-grant-flow.tooltip=Select the flow you want to use for direct grant authentication.
+#reset-credentials=Reset Credentials
+#reset-credentials.tooltip=Select the flow you want to use when the user has forgotten their credentials.
+#client-authentication=Client Authentication
+#client-authentication.tooltip=Select the flow you want to use for authentication of clients.
+#docker-auth=Docker Authentication
+#docker-auth.tooltip=Select the flow you want to use for authentication against a docker client.
+new=Neu
+copy=Kopieren
+#add-execution=Add execution
+#add-flow=Add flow
+#auth-type=Auth Type
+#requirement=Requirement
+#config=Config
+#no-executions-available=No executions available
+#authentication-flows=Authentication Flows
+#create-authenticator-config=Create authenticator config
+#authenticator.alias.tooltip=Name of the configuration
+#otp-type=OTP Type
+#time-based=Time Based
+#counter-based=Counter Based
+#otp-type.tooltip=totp is Time-Based One Time Password. 'hotp' is a counter base one time password in which the server keeps a counter to hash against.
+#otp-hash-algorithm=OTP Hash Algorithm
+#otp-hash-algorithm.tooltip=What hashing algorithm should be used to generate the OTP.
+#number-of-digits=Number of Digits
+#otp.number-of-digits.tooltip=How many digits should the OTP have?
+#look-ahead-window=Look Ahead Window
+#otp.look-ahead-window.tooltip=How far ahead should the server look just in case the token generator and server are out of time sync or counter sync?
+#initial-counter=Initial Counter
+#otp.initial-counter.tooltip=What should the initial counter value be?
+#otp-token-period=OTP Token Period
+#otp-token-period.tooltip=How many seconds should an OTP token be valid? Defaults to 30 seconds.
+#otp-supported-applications=Supported Applications
+#otp-supported-applications.tooltip=Applications that are known to work with the current OTP policy
+#table-of-password-policies=Table of Password Policies
+#add-policy.placeholder=Add policy...
+#policy-type=Policy Type
+#policy-value=Policy Value
+#admin-events=Admin Events
+#admin-events.tooltip=Displays saved admin events for the realm. Events are related to admin account, for example a realm creation. To enable persisted events go to config.
+#login-events=Login Events
+#filter=Filter
+#update=Update
+#reset=Reset
+#operation-types=Operation Types
+#resource-types=Resource Types
+#select-operations.placeholder=Select operations...
+#select-resource-types.placeholder=Select resource types...
+#resource-path=Resource Path
+#resource-path.tooltip=Filter by resource path. Supports wildcard '*' (for example 'users/*').
+#date-(from)=Date (From)
+#date-(to)=Date (To)
+#authentication-details=Authentication Details
+ip-address=IP-Adresse
+time=Zeit
+#operation-type=Operation Type
+#resource-type=Resource Type
+#auth=Auth
+#representation=Representation
+register=Registrieren
+#required-action=Required Action
+#default-action=Default Action
+#auth.default-action.tooltip=If enabled, any new user will have this required action assigned to it.
+#no-required-actions-configured=No required actions configured
+#defaults-to-id=Defaults to id
+#flows=Flows
+#bindings=Bindings
+#client-flow-bindings=Authentication Flow Overrides
+#client-flow-bindings.tooltip=Override realm authentication flow bindings.
+#required-actions=Required Actions
+#password-policy=Password Policy
+#otp-policy=OTP Policy
+user-groups=Benutzergruppen
+default-groups=Standardgruppen
+#groups.default-groups.tooltip=Set of groups that new users will automatically join.
+cut=Ausschneiden
+paste=Einf\u00FCgen
+create-group=Gruppe erstellen
+#create-authenticator-execution=Create Authenticator Execution
+#create-form-action-execution=Create Form Action Execution
+#create-top-level-form=Create Top Level Form
+#flow.alias.tooltip=Specifies display name for the flow.
+#top-level-flow-type=Top Level Flow Type
+#flow.generic=generic
+#flow.client=client
+#top-level-flow-type.tooltip=What kind of top level flow is it? Type 'client' is used for authentication of clients (applications) when generic is for users and everything else
+#create-execution-flow=Create Execution Flow
+#flow-type=Flow Type
+#flow.form.type=form
+#flow.generic.type=generic
+#flow-type.tooltip=What kind of form is it
+#form-provider=Form Provider
+#default-groups.tooltip=Newly created or registered users will automatically be added to these groups
+select-a-type.placeholder=Typ ausw\u00E4hlen
+available-groups=Verf\u00FCgbare Gruppen
+#available-groups.tooltip=Select a group you want to add as a default.
+value=Wert
+#table-of-group-members=Table of group members
+#table-of-role-members=Table of role members
+last-name=Nachname
+first-name=Vorname
+email=Email
+toggle-navigation=Navigation ein-/ausschalten
+manage-account=Konto verwalten
+sign-out=Abmelden
+server-info=Server-Info
+#resource-not-found=Resource <strong>not found</strong>...
+#resource-not-found.instruction=We could not find the resource you are looking for. Please make sure the URL you entered is correct.
+#go-to-the-home-page=Go to the home page &raquo;
+#page-not-found=Page <strong>not found</strong>...
+#page-not-found.instruction=We could not find the page you are looking for. Please make sure the URL you entered is correct.
+#events.tooltip=Displays saved events for the realm. Events are related to user accounts, for example a user login. To enable persisted events go to config.
+#select-event-types.placeholder=Select event types...
+#events-config.tooltip=Displays configuration options to enable persistence of user and admin events.
+select-an-action.placeholder=Aktion w\u00E4hlen...
+#event-listeners.tooltip=Configure what listeners receive events for the realm.
+#login.save-events.tooltip=If enabled login events are saved to the database which makes events available to the admin and account management consoles.
+#clear-events.tooltip=Deletes all events in the database.
+#events.expiration.tooltip=Sets the expiration for events. Expired events are periodically deleted from the database.
+#admin-events-settings=Admin Events Settings
+#save-events=Save Events
+#admin.save-events.tooltip=If enabled admin events are saved to the database which makes events available to the admin console.
+#saved-types.tooltip=Configure what event types are saved.
+#include-representation=Include Representation
+#include-representation.tooltip=Include JSON representation for create and update requests.
+#clear-admin-events.tooltip=Deletes all admin events in the database.
+#server-version=Server Version
+#server-profile=Server Profile
+#server-disabled=Server Disabled Features
+#info=Info
+#providers=Providers
+#server-time=Server Time
+#server-uptime=Server Uptime
+#memory=Memory
+#total-memory=Total Memory
+#free-memory=Free Memory
+#used-memory=Used Memory
+#system=System
+#current-working-directory=Current Working Directory
+#java-version=Java Version
+#java-vendor=Java Vendor
+#java-runtime=Java Runtime
+#java-vm=Java VM
+#java-vm-version=Java VM Version
+#java-home=Java Home
+#user-name=User Name
+#user-timezone=User Timezone
+#user-locale=User Locale
+#system-encoding=System Encoding
+#operating-system=Operating System
+#os-architecture=OS Architecture
+#spi=SPI
+granted-client-scopes=Gew\u00E4hrte Client-Scopes
+additional-grants=Zus\u00E4tzliche Befugnisse
+consent-created-date=Erstellt
+consent-last-updated-date=Zuletzt aktualisiert
+revoke=Widerrufen
+new-password=Neues Passwort
+password-confirmation=Passwort best\u00E4tigen
+reset-password=Passwort zur\u00FCcksetzen
+credentials.temporary.tooltip=Wenn eingeschaltet, ist der Benutzer beim n\u00E4chsten Login aufgefordert, dass Passwort zu \u00E4ndern.
+#remove-totp=Remove OTP
+#credentials.remove-totp.tooltip=Remove one time password generator for user.
+reset-actions=Zur\u00FCcksetz-Aktionen
+credentials.reset-actions.tooltip=Liste von Aktionen, die der Benutzer ausf\u00FChren soll, wenn er eine E-Mail zum Zur\u00FCcksetzen des Passworts erh\u00E4lt. 'Verify email' sendet bem Benutzer eine E-Mail um seine E-Mail-Adresse zu verifizieren. 'Update profile' verlangt vom Benutzer, dass er seine Profil-Informationen eingibt. 'Update password' verlangt vom Benutzer, dass er ein neues Passwort definiert. 'Configure OTP' verlangt vom Benutzer, dass er einen mobilen Passwort-Generator aufsetzt.
+reset-actions-email=E-Mail zum Zur\u00FCcksetzen des Passworts senden
+send-email=E-Mail senden
+credentials.reset-actions-email.tooltip=Sendet eine E-Mail an den Benutzer mit einem eingebetteten Link. Wenn der Benutzer auf den Link klickt, kann er die Zur\u00FCcksetz-Aktion auszuf\u00FChren. Vorher muss sich der Benutzer nicht einloggen. Z.B. kann die Aktion 'update password' ausgew\u00E4hlt werden und dieser Button geklickt werden. Der Benutzer kann dann sein Passwort \u00E4ndern, ohne sich einzuloggen.
+add-user=Benutzer hinzuf\u00FCgen
+created-at=Erstellt am
+user-enabled=Benutzer aktiv
+user-enabled.tooltip=Ein deaktivierter Benutzer kann sich nicht einloggen
+user-temporarily-locked=Benutzer tempor\u00E4r gesperrt
+user-temporarily-locked.tooltip=Der Benutzer wurde vor\u00FCbergehend wegen zuvieler ung\u00FCltiger Loginversuche gesperrt.
+unlock-user=Benutzer entsperren
+#federation-link=Federation Link
+email-verified=E-Mail verifiziert
+email-verified.tooltip=Wurde die E-Mail des Benutzers verifiziert?
+required-user-actions=Verlangte Benutzeraktionen
+required-user-actions.tooltip=Verlangt eine Aktion wenn sich der Benutzer einloggt. 'E-Mail Verifizieren' sendet eine E-Mail an den Benutzer, um die G\u00FCltigkeit seiner E-Mailadresse zu pr\u00FCfen. 'Profil aktualisieren' verlangt, dass Benutzer ihre pers\u00F6nlichen Angaben eingeben. 'Passwort aktualisieren' zwingt Benutzer ein neues Passwort zu setzen. 'OTP konfigurieren' zwingt Benutzer einen mobilen Passwort-Generator einzurichten (i.e. Google Authenticator)
+locale=Locale
+#select-one.placeholder=Select one...
+#impersonate=Impersonate
+#impersonate-user=Impersonate user
+#impersonate-user.tooltip=Login as this user. If user is in same realm as you, your current login session will be logged out before you are logged in as this user.
+#identity-provider-alias=Identity Provider Alias
+#provider-user-id=Provider User ID
+#provider-username=Provider Username
+#no-identity-provider-links-available=No identity provider links available
+group-membership=Gruppen-Mitglied
+leave=Verlassen
+#group-membership.tooltip=Groups user is a member of. Select a listed group and click the Leave button to leave the group.
+#membership.available-groups.tooltip=Groups a user can join. Select a group and click the join button.
+#table-of-realm-users=Table of Realm Users
+view-all-users=Zeige alle Benutzer
+view-all-groups=Zeige alle Rollen
+unlock-users=Benutzer entsperren
+no-users-available=Keine Benutzer verf\u00FCgbar
+#users.instruction=Please enter a search, or click on view all users
+consents=Einwilligungen
+started=Gestartet
+logout-all-sessions=Alle Sessions ausloggen
+logout=Ausloggen
+new-name=Neuer Name
+ok=Ok
+attributes=Attribute
+role-mappings=Rollenzuweisungen
+members=Mitglieder
+details=Details
+#identity-provider-links=Identity Provider Links
+#register-required-action=Register required action
+gender=Geschlecht
+address=Adresse
+phone=Telefon
+#profile-url=Profile URL
+#picture-url=Picture URL
+#website=Website
+#import-keys-and-cert=Import keys and cert
+#import-keys-and-cert.tooltip=Upload the client's key pair and cert.
+#upload-keys=Upload Keys
+#download-keys-and-cert=Download keys and cert
+#no-value-assigned.placeholder=No value assigned
+remove=Entfernen
+#no-group-members=No group members
+#no-role-members=No role members
+temporary=Tempor\u00E4r
+join=Beitreten
+#event-type=Event Type
+#events-config=Events Config
+#event-listeners=Event Listeners
+#login-events-settings=Login Events Settings
+#clear-events=Clear events
+#saved-types=Saved Types
+#clear-admin-events=Clear admin events
+#clear-changes=Clear changes
+#error=Error
+# Authz
+# Authz Common
+#authz-authorization=Authorization
+#authz-owner=Owner
+#authz-uri=URI
+#authz-uris=URIS
+#authz-scopes=Scopes
+#authz-resource=Resource
+#authz-resource-type=Resource Type
+#authz-resources=Resources
+#authz-scope=Scope
+#authz-authz-scopes=Authorization Scopes
+#authz-policies=Policies
+#authz-policy=Policy
+#authz-permissions=Permissions
+#authz-users=Users in Role
+#authz-evaluate=Evaluate
+#authz-icon-uri=Icon URI
+#authz-icon-uri.tooltip=An URI pointing to an icon.
+#authz-select-scope=Select a scope
+#authz-select-resource=Select a resource
+#authz-associated-policies=Associated Policies
+#authz-any-resource=Any resource
+#authz-any-scope=Any scope
+#authz-any-role=Any role
+#authz-policy-evaluation=Policy Evaluation
+#authz-select-client=Select a client
+#authz-select-user=Select a user
+#authz-entitlements=Entitlements
+#authz-no-resources=No resources
+#authz-result=Result
+#authz-authorization-services-enabled=Authorization Enabled
+#authz-authorization-services-enabled.tooltip=Enable/Disable fine-grained authorization support for a client
+#authz-required=Required
+#authz-show-details=Show Details
+#authz-hide-details=Hide Details
+#authz-associated-permissions=Associated Permissions
+#authz-no-permission-associated=No permissions associated
+# Authz Settings
+#authz-import-config.tooltip=Import a JSON file containing authorization settings for this resource server.
+#authz-policy-enforcement-mode=Policy Enforcement Mode
+#authz-policy-enforcement-mode.tooltip=The policy enforcement mode dictates how policies are enforced when evaluating authorization requests. 'Enforcing' means requests are denied by default even when there is no policy associated with a given resource. 'Permissive' means requests are allowed even when there is no policy associated with a given resource. 'Disabled' completely disables the evaluation of policies and allows access to any resource.
+#authz-policy-enforcement-mode-enforcing=Enforcing
+#authz-policy-enforcement-mode-permissive=Permissive
+#authz-policy-enforcement-mode-disabled=Disabled
+#authz-remote-resource-management=Remote Resource Management
+#authz-remote-resource-management.tooltip=Should resources be managed remotely by the resource server? If false, resources can be managed only from this admin console.
+#authz-export-settings=Export Settings
+#authz-export-settings.tooltip=Export and download all authorization settings for this resource server.
+# Authz Resource List
+#authz-no-resources-available=No resources available.
+#authz-no-scopes-assigned=No scopes assigned.
+#authz-no-type-defined=No type defined.
+#authz-no-uri-defined=No URI defined.
+#authz-no-permission-assigned=No permission assigned.
+#authz-no-policy-assigned=No policy assigned.
+#authz-create-permission=Create Permission
+# Authz Resource Detail
+#authz-add-resource=Add Resource
+#authz-resource-name.tooltip=A unique name for this resource. The name can be used to uniquely identify a resource, useful when querying for a specific resource.
+#authz-resource-owner.tooltip=The owner of this resource.
+#authz-resource-type.tooltip=The type of this resource. It can be used to group different resource instances with the same type.
+#authz-resource-uri.tooltip=Set of URIs which are protected by resource.
+#authz-resource-scopes.tooltip=The scopes associated with this resource.
+#authz-resource-attributes=Resource Attributes
+#authz-resource-attributes.tooltip=The attributes associated wth the resource.
+#authz-resource-user-managed-access-enabled=User-Managed Access Enabled
+#authz-resource-user-managed-access-enabled.tooltip=If enabled this access to this resource can be managed by the resource owner.
+
+# Authz Scope List
+#authz-add-scope=Add Scope
+#authz-no-scopes-available=No scopes available.
+# Authz Scope Detail
+#authz-scope-name.tooltip=A unique name for this scope. The name can be used to uniquely identify a scope, useful when querying for a specific scope.
+# Authz Policy List
+#authz-all-types=All types
+#authz-create-policy=Create Policy
+#authz-no-policies-available=No policies available.
+# Authz Policy Detail
+#authz-policy-name.tooltip=The name of this policy.
+#authz-policy-description.tooltip=A description for this policy.
+#authz-policy-logic=Logic
+#authz-policy-logic-positive=Positive
+#authz-policy-logic-negative=Negative
+#authz-policy-logic.tooltip=The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
+#authz-policy-apply-policy=Apply Policy
+#authz-policy-apply-policy.tooltip=Specifies all the policies that must be applied to the scopes defined by this policy or permission.
+#authz-policy-decision-strategy=Decision Strategy
+#authz-policy-decision-strategy.tooltip=The decision strategy dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. 'Affirmative' means that at least one policy must evaluate to a positive decision in order for the final decision to be also positive. 'Unanimous' means that all policies must evaluate to a positive decision in order for the final decision to be also positive. 'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.
+#authz-policy-decision-strategy-affirmative=Affirmative
+#authz-policy-decision-strategy-unanimous=Unanimous
+#authz-policy-decision-strategy-consensus=Consensus
+#authz-select-a-policy=Select existing policy
+#authz-no-policies-assigned=No policies assigned.
+# Authz Role Policy Detail
+#authz-add-role-policy=Add Role Policy
+#authz-no-roles-assigned=No roles assigned.
+#authz-policy-role-realm-roles.tooltip=Specifies the *realm* roles allowed by this policy.
+#authz-policy-role-clients.tooltip=Selects a client in order to filter the client roles that can be applied to this policy.
+#authz-policy-role-client-roles.tooltip=Specifies the client roles allowed by this policy.
+# Authz User Policy Detail
+#authz-add-user-policy=Add User Policy
+#authz-no-users-assigned=No users assigned.
+#authz-policy-user-users.tooltip=Specifies which user(s) are allowed by this policy.
+# Authz Client Policy Detail
+#authz-add-client-policy=Add Client Policy
+#authz-no-clients-assigned=No clients assigned.
+#authz-policy-client-clients.tooltip=Specifies which client(s) are allowed by this policy.
+# Authz Time Policy Detail
+#authz-add-time-policy=Add Time Policy
+#authz-policy-time-not-before.tooltip=Defines the time before which the policy MUST NOT be granted. Only granted if current date/time is after or equal to this value.
+#authz-policy-time-not-on-after=Not On or After
+#authz-policy-time-not-on-after.tooltip=Defines the time after which the policy MUST NOT be granted. Only granted if current date/time is before or equal to this value.
+#authz-policy-time-day-month=Day of Month
+#authz-policy-time-day-month.tooltip=Defines the day of month which the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current day of month is between or equal to the two values you provided.
+#authz-policy-time-month=Month
+#authz-policy-time-month.tooltip=Defines the month which the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current month is between or equal to the two values you provided.
+#authz-policy-time-year=Year
+#authz-policy-time-year.tooltip=Defines the year which the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current year is between or equal to the two values you provided.
+#authz-policy-time-hour=Hour
+#authz-policy-time-hour.tooltip=Defines the hour which the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current hour is between or equal to the two values you provided.
+#authz-policy-time-minute=Minute
+#authz-policy-time-minute.tooltip=Defines the minute which the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current minute is between or equal to the two values you provided.
+# Authz Drools Policy Detail
+#authz-add-drools-policy=Add Rules Policy
+#authz-policy-drools-maven-artifact-resolve=Resolve
+#authz-policy-drools-maven-artifact=Policy Maven Artifact
+#authz-policy-drools-maven-artifact.tooltip=A Maven GAV pointing to an artifact from where the rules would be loaded from. Once you have provided the GAV, you can click *Resolve* to load both *Module* and *Session* fields.
+#authz-policy-drools-module=Module
+#authz-policy-drools-module.tooltip=The module used by this policy. You must provide a module in order to select a specific session from where rules will be loaded from.
+#authz-policy-drools-session=Session
+#authz-policy-drools-session.tooltip=The session used by this policy. The session provides all the rules to evaluate when processing the policy.
+#authz-policy-drools-update-period=Update Period
+#authz-policy-drools-update-period.tooltip=Specifies an interval for scanning for artifact updates.
+# Authz JS Policy Detail
+#authz-add-js-policy=Add JavaScript Policy
+#authz-policy-js-code=Code
+#authz-policy-js-code.tooltip=The JavaScript code providing the conditions for this policy.
+# Authz Aggregated Policy Detail
+#authz-aggregated=Aggregated
+#authz-add-aggregated-policy=Add Aggregated Policy
+# Authz Group Policy Detail
+#authz-add-group-policy=Add Group Policy
+#authz-no-groups-assigned=No groups assigned.
+#authz-policy-group-claim=Groups Claim
+#authz-policy-group-claim.tooltip=If defined, the policy will fetch user's groups from the given claim within an access token or ID token representing the identity asking permissions. If not defined, user's groups are obtained from your realm configuration.
+#authz-policy-group-groups.tooltip=Specifies the groups allowed by this policy.
+
+# Authz Permission List
+#authz-no-permissions-available=No permissions available.
+
+# Authz Permission Detail
+#authz-permission-name.tooltip=The name of this permission.
+#authz-permission-description.tooltip=A description for this permission.
+
+# Authz Resource Permission Detail
+#authz-add-resource-permission=Add Resource Permission
+#authz-permission-resource-apply-to-resource-type=Apply to Resource Type
+#authz-permission-resource-apply-to-resource-type.tooltip=Specifies if this permission would be applied to all resources with a given type. In this case, this permission will be evaluated for all instances of a given resource type.
+#authz-permission-resource-resource.tooltip=Specifies that this permission must be applied to a specific resource instance.
+#authz-permission-resource-type.tooltip=Specifies that this permission must be applied to all resources instances of a given type.
+
+# Authz Scope Permission Detail
+#authz-add-scope-permission=Add Scope Permission
+#authz-permission-scope-resource.tooltip=Restrict the scopes to those associated with the selected resource. If not selected all scopes would be available.
+#authz-permission-scope-scope.tooltip=Specifies that this permission must be applied to one or more scopes.
+
+# Authz Evaluation
+#authz-evaluation-identity-information=Identity Information
+#authz-evaluation-identity-information.tooltip=The available options to configure the identity information that will be used when evaluating policies.
+#authz-evaluation-client.tooltip=Select the client making this authorization request. If not provided, authorization requests would be done based on the client you are in.
+#authz-evaluation-user.tooltip=Select a user whose identity is going to be used to query permissions from the server.
+#authz-evaluation-role.tooltip=Select the roles you want to associate with the selected user.
+#authz-evaluation-new=New Evaluation
+#authz-evaluation-re-evaluate=Re-Evaluate
+#authz-evaluation-previous=Previous Evaluation
+#authz-evaluation-contextual-info=Contextual Information
+#authz-evaluation-contextual-info.tooltip=The available options to configure any contextual information that will be used when evaluating policies.
+#authz-evaluation-contextual-attributes=Contextual Attributes
+#authz-evaluation-contextual-attributes.tooltip=Any attribute provided by a running environment or execution context.
+#authz-evaluation-permissions.tooltip=The available options to configure the permissions to which policies will be applied.
+#authz-evaluation-evaluate=Evaluate
+#authz-evaluation-any-resource-with-scopes=Any resource with scope(s)
+#authz-evaluation-no-result=Could not obtain any result for the given authorization request. Check if the provided resource(s) or scope(s) are associated with any policy.
+#authz-evaluation-no-policies-resource=No policies were found for this resource.
+#authz-evaluation-result.tooltip=The overall result for this permission request.
+#authz-evaluation-scopes.tooltip=The list of allowed scopes.
+#authz-evaluation-policies.tooltip=Details about which policies were evaluated and their decisions.
+#authz-evaluation-authorization-data=Response
+#authz-evaluation-authorization-data.tooltip=Represents a token carrying authorization data as a result of the processing of an authorization request. This representation is basically what Keycloak issues to clients asking for permissions. Check the 'authorization' claim for the permissions that were granted based on the current authorization request.
+#authz-show-authorization-data=Show Authorization Data
+
+keys=Keys
+status=Status
+#keystore=Keystore
+#keystores=Keystores
+#add-keystore=Add Keystore
+#add-keystore.placeholder=Add keystore...
+#view=View
+active=Aktiv
+#passive=Passive
+#disabled=Disabled
+#algorithms=Algorithms
+#providerHelpText=Provider description
+
+Sunday=Sonntag
+Monday=Montag
+Tuesday=Dienstag
+Wednesday=Mittwoch
+Thursday=Donnerstag
+Friday=Freitag
+Saturday=Samstag
+
+#user-storage-cache-policy=Cache Settings
+#userStorage.cachePolicy=Cache Policy
+#userStorage.cachePolicy.option.DEFAULT=DEFAULT
+#userStorage.cachePolicy.option.EVICT_WEEKLY=EVICT_WEEKLY
+#userStorage.cachePolicy.option.EVICT_DAILY=EVICT_DAILY
+#userStorage.cachePolicy.option.MAX_LIFESPAN=MAX_LIFESPAN
+#userStorage.cachePolicy.option.NO_CACHE=NO_CACHE
+#userStorage.cachePolicy.tooltip=Cache Policy for this storage provider. 'DEFAULT' is whatever the default settings are for the global cache. 'EVICT_DAILY' is a time of day every day that the cache will be invalidated. 'EVICT_WEEKLY' is a day of the week and time the cache will be invalidated. 'MAX-LIFESPAN' is the time in milliseconds that will be the lifespan of a cache entry.
+#userStorage.cachePolicy.evictionDay=Eviction Day
+#userStorage.cachePolicy.evictionDay.tooltip=Day of the week the entry will become invalid on
+#userStorage.cachePolicy.evictionHour=Eviction Hour
+#userStorage.cachePolicy.evictionHour.tooltip=Hour of day the entry will become invalid on.
+#userStorage.cachePolicy.evictionMinute=Eviction Minute
+#userStorage.cachePolicy.evictionMinute.tooltip=Minute of day the entry will become invalid on.
+#userStorage.cachePolicy.maxLifespan=Max Lifespan
+#userStorage.cachePolicy.maxLifespan.tooltip=Max lifespan of cache entry in milliseconds.
+#user-origin-link=Storage Origin
+#user-origin.tooltip=UserStorageProvider the user was loaded from
+#user-link.tooltip=UserStorageProvider this locally stored user was imported from.
+#client-origin-link=Storage Origin
+#client-origin.tooltip=Provider the client was loaded from
+
+#client-storage-cache-policy=Cache Settings
+#clientStorage.cachePolicy=Cache Policy
+#clientStorage.cachePolicy.option.DEFAULT=DEFAULT
+#clientStorage.cachePolicy.option.EVICT_WEEKLY=EVICT_WEEKLY
+#clientStorage.cachePolicy.option.EVICT_DAILY=EVICT_DAILY
+#clientStorage.cachePolicy.option.MAX_LIFESPAN=MAX_LIFESPAN
+#clientStorage.cachePolicy.option.NO_CACHE=NO_CACHE
+#clientStorage.cachePolicy.tooltip=Cache Policy for this storage provider. 'DEFAULT' is whatever the default settings are for the global cache. 'EVICT_DAILY' is a time of day every day that the cache will be invalidated. 'EVICT_WEEKLY' is a day of the week and time the cache will be invalidated. 'MAX-LIFESPAN' is the time in milliseconds that will be the lifespan of a cache entry.
+#clientStorage.cachePolicy.evictionDay=Eviction Day
+#clientStorage.cachePolicy.evictionDay.tooltip=Day of the week the entry will become invalid on
+#clientStorage.cachePolicy.evictionHour=Eviction Hour
+#clientStorage.cachePolicy.evictionHour.tooltip=Hour of day the entry will become invalid on.
+#clientStorage.cachePolicy.evictionMinute=Eviction Minute
+#clientStorage.cachePolicy.evictionMinute.tooltip=Minute of day the entry will become invalid on.
+#clientStorage.cachePolicy.maxLifespan=Max Lifespan
+#clientStorage.cachePolicy.maxLifespan.tooltip=Max lifespan of cache entry in milliseconds.
+
+#client-storage-list-no-entries=Keycloak can federate external client databases. Out of the box we have support for Openshift OAuth clients and service accounts. To get started select a provider from the dropdown below:
+
+
+disable=Deaktivieren
+disableable-credential-types=Deaktivierbare Typen
+credentials.disableable.tooltip=Liste von Zugangstypen, die deaktiviert werden k\u00F6nnen.
+disable-credential-types=Zugangstypen deaktivieren
+credentials.disable.tooltip=Dr\u00FCcken Sie den Button, um die ausgew\u00E4hlten Zugangstypen zu sperren.
+credential-types=Zugangstypen
+manage-user-password=Zugang verwalten
+disable-credentials=Zugang deaktivieren
+credential-reset-actions=Zugang zur\u00FCcksetzen
+credential-reset-actions-timeout=L\u00E4uft ab in
+credential-reset-actions-timeout.tooltip=Maximale Zeit in der die Aktion zugelassen ist.
+#ldap-mappers=LDAP Mappers
+#create-ldap-mapper=Create LDAP mapper
+#map-role-mgmt-scope-description=Policies that decide if an admin can map this role to a user or group
+#manage-authz-users-scope-description=Policies that decide if an admin can manage all users in the realm
+#view-authz-users-scope-description=Policies that decide if an admin can view all users in realm
+permissions-enabled-role=Berechtigungen aktiv
+permissions-enabled-role.tooltip=Legt fest, ob feingranulare Berechtigungen f\u00FCr diese Rolle aktiv sein sollen. Wird diese Option deaktiviert, werden alle aktuell aufgesetzten Berechtigungen gel\u00F6scht.
+manage-permissions-role.tooltip=Feingranulare Berechtigungen f\u00FCr Rollen. Zum Beispiel k\u00F6nnen Berechtigungen eingerichtet werden, die festlegen, wer berechtigt, ist eine Rolle zuzuweisen.
+lookup=Suche
+manage-permissions-users.tooltip=Feingranulare Berechtigungen f\u00FCr alle Benutzer in diesem Realm. Es k\u00F6nnen verschiedene Einstellungen definiert werden, wer in diesem Realm berechtigt ist, Benutzer zu verwalten.
+permissions-enabled-users=Berechtigungen aktiv
+permissions-enabled-users.tooltip=Legt fest, ob feingranulare Berechtigungen f\u00FCr Benutzer aktiv sein sollen. Wird diese Option deaktiviert, werden alle aktuell aufgesetzten Berechtigungen gel\u00F6scht.
+#manage-permissions-client.tooltip=Fine grain permissions for admins that want to manage this client or apply roles defined by this client.
+#manage-permissions-group.tooltip=Fine grain permissions for admins that want to manage this group or the members of this group.
+#manage-authz-group-scope-description=Policies that decide if an admin can manage this group
+#view-authz-group-scope-description=Policies that decide if an admin can view this group
+#view-members-authz-group-scope-description=Policies that decide if an admin can manage the members of this group
+#token-exchange-authz-client-scope-description=Policies that decide which clients are allowed exchange tokens for a token that is targeted to this client.
+#token-exchange-authz-idp-scope-description=Policies that decide which clients are allowed exchange tokens for an external token minted by this identity provider.
+#manage-authz-client-scope-description=Policies that decide if an admin can manage this client
+#configure-authz-client-scope-description=Reduced management permissions for admin. Cannot set scope, template, or protocol mappers.
+#view-authz-client-scope-description=Policies that decide if an admin can view this client
+#map-roles-authz-client-scope-description=Policies that decide if an admin can map roles defined by this client
+#map-roles-client-scope-authz-client-scope-description=Policies that decide if an admin can apply roles defined by this client to the client scope of another client
+#map-roles-composite-authz-client-scope-description=Policies that decide if an admin can apply roles defined by this client as a composite to another role
+#map-role-authz-role-scope-description=Policies that decide if an admin can map this role to a user or group
+#map-role-client-scope-authz-role-scope-description=Policies that decide if an admin can apply this role to the client scope of a client
+#map-role-composite-authz-role-scope-description=Policies that decide if an admin can apply this role as a composite to another role
+#manage-group-membership-authz-users-scope-description=Policies that decide if an admin can manage group membership for all users in the realm. This is used in conjunction with specific group policy
+#impersonate-authz-users-scope-description=Policies that decide if admin can impersonate other users
+#map-roles-authz-users-scope-description=Policies that decide if admin can map roles for all users
+#user-impersonated-authz-users-scope-description=Policies that decide which users can be impersonated. These policies are applied to the user being impersonated.
+#manage-membership-authz-group-scope-description=Policies that decide if admin can add or remove users from this group
+#manage-members-authz-group-scope-description=Policies that decide if an admin can manage the members of this group
+
+# KEYCLOAK-6771 Certificate Bound Token
+# https://tools.ietf.org/html/draft-ietf-oauth-mtls-08#section-3
+#advanced-client-settings=Advanced Settings
+#advanced-client-settings.tooltip=Expand this section to configure advanced settings of this client
+#tls-client-certificate-bound-access-tokens=OAuth 2.0 Mutual TLS Certificate Bound Access Tokens Enabled
+#tls-client-certificate-bound-access-tokens.tooltip=This enables support for OAuth 2.0 Mutual TLS Certificate Bound Access Tokens, which means that keycloak bind an access token and a refresh token with a X.509 certificate of a token requesting client exchanged in mutual TLS between keycloak's Token Endpoint and this client. These tokens can be treated as Holder-of-Key tokens instead of bearer tokens.
+#subjectdn=Subject DN
+#subjectdn-tooltip=A regular expression for validating Subject DN in the Client Certificate. Use "(.*?)(?:$)" to match all kind of expressions.
diff --git a/admin/messages/admin-messages_en.properties b/admin/messages/admin-messages_en.properties
new file mode 100644
index 0000000..6b5c42f
--- /dev/null
+++ b/admin/messages/admin-messages_en.properties
@@ -0,0 +1,1623 @@
+consoleTitle=Keycloak Admin Console
+
+# Common messages
+enabled=Enabled
+hidden=Hidden
+link-only-column=Link only
+name=Name
+displayName=Display name
+displayNameHtml=HTML Display name
+save=Save
+cancel=Cancel
+next=Next
+onText=ON
+offText=OFF
+client=Client
+clients=Clients
+clear=Clear
+selectOne=Select One...
+
+true=True
+false=False
+
+endpoints=Endpoints
+
+# Realm settings
+realm-detail.enabled.tooltip=Users and clients can only access a realm if it's enabled
+realm-detail.protocol-endpoints.tooltip=Shows the configuration of the protocol endpoints
+realm-detail.protocol-endpoints.oidc=OpenID Endpoint Configuration
+realm-detail.protocol-endpoints.saml=SAML 2.0 Identity Provider Metadata
+realm-detail.userManagedAccess.tooltip=If enabled, users are allowed to manage their resources and permissions using the Account Management Console.
+userManagedAccess=User-Managed Access
+registrationAllowed=User registration
+registrationAllowed.tooltip=Enable/disable the registration page. A link for registration will show on login page too.
+registrationEmailAsUsername=Email as username
+registrationEmailAsUsername.tooltip=If enabled then username field is hidden from registration form and email is used as username for new user.
+editUsernameAllowed=Edit username
+editUsernameAllowed.tooltip=If enabled, the username field is editable, readonly otherwise.
+resetPasswordAllowed=Forgot password
+resetPasswordAllowed.tooltip=Show a link on login page for user to click on when they have forgotten their credentials.
+rememberMe=Remember Me
+rememberMe.tooltip=Show checkbox on login page to allow user to remain logged in between browser restarts until session expires.
+loginWithEmailAllowed=Login with email
+loginWithEmailAllowed.tooltip=Allow users to log in with their email address.
+duplicateEmailsAllowed=Duplicate emails
+duplicateEmailsAllowed.tooltip=Allow multiple users to have the same email address. Changing this setting will also clear the user's cache. It is recommended to manually update email constraints of existing users in the database after switching off support for duplicate email addresses.
+verifyEmail=Verify email
+verifyEmail.tooltip=Require users to verify their email address after initial login or after address changes are submitted.
+sslRequired=Require SSL
+sslRequired.option.all=all requests
+sslRequired.option.external=external requests
+sslRequired.option.none=none
+sslRequired.tooltip=Is HTTPS required? 'None' means HTTPS is not required for any client IP address. 'External requests' means localhost and private IP addresses can access without HTTPS. 'All requests' means HTTPS is required for all IP addresses.
+publicKeys=Public keys
+publicKey=Public key
+privateKey=Private key
+gen-new-keys=Generate new keys
+certificate=Certificate
+host=Host
+smtp-host=SMTP Host
+port=Port
+smtp-port=SMTP Port (defaults to 25)
+smtp-password.tooltip=SMTP password. This field is able to obtain its value from vault, use ${vault.ID} format.
+from=From
+fromDisplayName=From Display Name
+fromDisplayName.tooltip=A user-friendly name for the 'From' address (optional).
+replyTo=Reply To
+replyToDisplayName=Reply To Display Name
+replyToDisplayName.tooltip=A user-friendly name for the 'Reply-To' address (optional).
+envelopeFrom=Envelope From
+envelopeFrom.tooltip=An email address used for bounces (optional).
+sender-email-addr=Sender Email Address
+sender-email-addr-display=Display Name for Sender Email Address
+reply-to-email-addr=Reply To Email Address
+reply-to-email-addr-display=Display Name for Reply To Email Address
+sender-envelope-email-addr=Sender Envelope Email Address
+enable-ssl=Enable SSL
+enable-start-tls=Enable StartTLS
+enable-auth=Enable Authentication
+username=Username
+login-username=Login Username
+password=Password
+login-password=Login Password
+login-theme=Login Theme
+login-theme.tooltip=Select theme for login, OTP, grant, registration, and forgot password pages.
+account-theme=Account Theme
+account-theme.tooltip=Select theme for user account management pages.
+admin-console-theme=Admin Console Theme
+select-theme-admin-console=Select theme for admin console.
+email-theme=Email Theme
+select-theme-email=Select theme for emails that are sent by the server.
+i18n-enabled=Internationalization Enabled
+supported-locales=Supported Locales
+supported-locales.placeholder=Type a locale and enter
+default-locale=Default Locale
+realm-cache-clear=Realm Cache
+realm-cache-clear.tooltip=Clears all entries from the realm cache (this will clear entries for all realms)
+user-cache-clear=User Cache
+user-cache-clear.tooltip=Clears all entries from the user cache (this will clear entries for all realms)
+keys-cache-clear=Keys Cache
+keys-cache-clear.tooltip=Clears all entries from the cache of external public keys. These are keys of external clients or identity providers. (this will clear entries for all realms)
+default-signature-algorithm=Default Signature Algorithm
+default-signature-algorithm.tooltip=Default algorithm used to sign tokens for the realm
+revoke-refresh-token=Revoke Refresh Token
+revoke-refresh-token.tooltip=If enabled a refresh token can only be used up to 'Refresh Token Max Reuse' and is revoked when a different token is used. Otherwise refresh tokens are not revoked when used and can be used multiple times.
+refresh-token-max-reuse=Refresh Token Max Reuse
+refresh-token-max-reuse.tooltip=Maximum number of times a refresh token can be reused. When a different token is used, revocation is immediate.
+sso-session-idle=SSO Session Idle
+seconds=Seconds
+minutes=Minutes
+hours=Hours
+days=Days
+sso-session-max=SSO Session Max
+sso-session-idle.tooltip=Time a session is allowed to be idle before it expires. Tokens and browser sessions are invalidated when a session is expired.
+sso-session-max.tooltip=Max time before a session is expired. Tokens and browser sessions are invalidated when a session is expired.
+sso-session-idle-remember-me=SSO Session Idle Remember Me
+sso-session-idle-remember-me.tooltip=Time a remember me session is allowed to be idle before it expires. Tokens and browser sessions are invalidated when a session is expired. If not set it uses the standard SSO Session Idle value.
+sso-session-max-remember-me=SSO Session Max Remember Me
+sso-session-max-remember-me.tooltip=Max time before a session is expired when the user has set the remember me option. Tokens and browser sessions are invalidated when a session is expired. If not set, it uses the standard SSO Session Max value.
+offline-session-idle=Offline Session Idle
+offline-session-idle.tooltip=Time an offline session is allowed to be idle before it expires. You need to use offline token to refresh at least once within this period; otherwise offline session will expire.
+realm-detail.hostname=Hostname
+realm-detail.hostname.tooltip=Set the hostname for the realm. Use in combination with the fixed hostname provider to override the server hostname for a specific realm.
+realm-detail.frontendUrl=Frontend URL
+realm-detail.frontendUrl.tooltip=Set the frontend URL for the realm. Use in combination with the default hostname provider to override the base URL for frontend requests for a specific realm.
+
+## KEYCLOAK-7688 Offline Session Max for Offline Token
+offline-session-max-limited=Offline Session Max Limited
+offline-session-max-limited.tooltip=Enable Offline Session Max.
+offline-session-max=Offline Session Max
+offline-session-max.tooltip=Max time before an offline session is expired regardless of activity.
+client-session-idle=Client Session Idle
+client-session-idle.tooltip=Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value.
+client-session-max=Client Session Max
+client-session-max.tooltip=Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value.
+access-token-lifespan=Access Token Lifespan
+access-token-lifespan.tooltip=Max time before an access token is expired. This value is recommended to be short relative to the SSO timeout.
+access-token-lifespan-for-implicit-flow=Access Token Lifespan For Implicit Flow
+access-token-lifespan-for-implicit-flow.tooltip=Max time before an access token issued during OpenID Connect Implicit Flow is expired. This value is recommended to be shorter than SSO timeout. There is no possibility to refresh token during implicit flow, that's why there is a separate timeout different to 'Access Token Lifespan'.
+action-token-generated-by-admin-lifespan=Default Admin-Initiated Action Lifespan
+action-token-generated-by-admin-lifespan.tooltip=Maximum time before an action permit sent to a user by administrator is expired. This value is recommended to be long to allow administrators send e-mails for users that are currently offline. The default timeout can be overridden immediately before issuing the token.
+action-token-generated-by-user-lifespan=User-Initiated Action Lifespan
+action-token-generated-by-user-lifespan.tooltip=Maximum time before an action permit sent by a user (such as a forgot password e-mail) is expired. This value is recommended to be short because it is expected that the user would react to self-created action quickly.
+saml-assertion-lifespan=Assertion Lifespan
+saml-assertion-lifespan.tooltip=Lifespan set in the SAML assertion conditions. After that time the assertion will be invalid. The "SessionNotOnOrAfter" attribute is not modified and continue using the "SSO Session Max" time defined at realm level.
+
+action-token-generated-by-user.execute-actions=Execute Actions
+action-token-generated-by-user.idp-verify-account-via-email=IdP Account E-mail Verification
+action-token-generated-by-user.reset-credentials=Forgot Password
+action-token-generated-by-user.verify-email=E-mail Verification
+action-token-generated-by-user.tooltip=Override default settings of maximum time before an action permit sent by a user (such as a forgot password e-mail) is expired for specific action. This value is recommended to be short because it is expected that the user would react to self-created action quickly.
+action-token-generated-by-user.reset=Reset
+action-token-generated-by-user.operation=Override User-Initiated Action Lifespan
+
+client-login-timeout=Client login timeout
+client-login-timeout.tooltip=Max time a client has to finish the access token protocol. This should normally be 1 minute.
+login-timeout=Login timeout
+login-timeout.tooltip=Max time a user has to complete a login. This is recommended to be relatively long, such as 30 minutes or more.
+login-action-timeout=Login action timeout
+login-action-timeout.tooltip=Max time a user has to complete login related actions like update password or configure totp. This is recommended to be relatively long, such as 5 minutes or more.
+headers=Headers
+brute-force-detection=Brute Force Detection
+x-frame-options=X-Frame-Options
+x-frame-options-tooltip=Default value prevents pages from being included by non-origin iframes (click label for more information)
+content-sec-policy=Content-Security-Policy
+content-sec-policy-tooltip=Default value prevents pages from being included by non-origin iframes (click label for more information)
+content-sec-policy-report-only=Content-Security-Policy-Report-Only
+content-sec-policy-report-only-tooltip=For testing Content Security Policies
+content-type-options=X-Content-Type-Options
+content-type-options-tooltip=Default value prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type (click label for more information)
+robots-tag=X-Robots-Tag
+robots-tag-tooltip=Prevent pages from appearing in search engines (click label for more information)
+x-xss-protection=X-XSS-Protection
+x-xss-protection-tooltip=This header configures the Cross-site scripting (XSS) filter in your browser. Using the default behavior, the browser will prevent rendering of the page when a XSS attack is detected (click label for more information)
+strict-transport-security=HTTP Strict Transport Security (HSTS)
+strict-transport-security-tooltip=The Strict-Transport-Security HTTP header tells browsers to always use HTTPS. Once a browser sees this header, it will only visit the site over HTTPS for the time specified (1 year) at max-age, including the subdomains.
+permanent-lockout=Permanent Lockout
+permanent-lockout.tooltip=Lock the user permanently when the user exceeds the maximum login failures.
+max-login-failures=Max Login Failures
+max-login-failures.tooltip=How many failures before wait is triggered.
+wait-increment=Wait Increment
+wait-increment.tooltip=When failure threshold has been met, how much time should the user be locked out?
+quick-login-check-millis=Quick Login Check Milli Seconds
+quick-login-check-millis.tooltip=If a failure happens concurrently too quickly, lock out the user.
+min-quick-login-wait=Minimum Quick Login Wait
+min-quick-login-wait.tooltip=How long to wait after a quick login failure.
+max-wait=Max Wait
+max-wait.tooltip=Max time a user will be locked out.
+failure-reset-time=Failure Reset Time
+failure-reset-time.tooltip=When will failure count be reset?
+realm-tab-login=Login
+realm-tab-keys=Keys
+realm-tab-email=Email
+realm-tab-themes=Themes
+realm-tab-cache=Cache
+realm-tab-tokens=Tokens
+realm-tab-client-registration=Client Registration
+realm-tab-security-defenses=Security Defenses
+realm-tab-general=General
+add-realm=Add realm
+
+#Session settings
+realm-sessions=Realm Sessions
+revocation=Revocation
+logout-all=Logout all
+active-sessions=Active Sessions
+offline-sessions=Offline Sessions
+sessions=Sessions
+not-before=Not Before
+not-before.tooltip=Revoke any tokens issued before this date.
+set-to-now=Set to now
+push=Push
+push.tooltip=For every client that has an admin URL, notify them of the new revocation policy.
+
+#Protocol Mapper
+usermodel.prop.label=Property
+usermodel.prop.tooltip=Name of the property method in the UserModel interface. For example, a value of 'email' would reference the UserModel.getEmail() method.
+usermodel.attr.label=User Attribute
+usermodel.attr.tooltip=Name of stored user attribute which is the name of an attribute within the UserModel.attribute map.
+userSession.modelNote.label=User Session Note
+userSession.modelNote.tooltip=Name of stored user session note within the UserSessionModel.note map.
+multivalued.label=Multivalued
+multivalued.tooltip=Indicates if attribute supports multiple values. If true, the list of all values of this attribute will be set as claim. If false, just first value will be set as claim
+aggregate.attrs.label=Aggregate attribute values
+aggregate.attrs.tooltip=Indicates if attribute values should be aggregated with the group attributes. If using OpenID Connect mapper the multivalued option needs to be enabled too in order to get all the values. Duplicated values are discarded and the order of values is not guaranteed with this option.
+selectRole.label=Select Role
+selectRole.tooltip=Enter role in the textbox to the left, or click this button to browse and select the role you want.
+tokenClaimName.label=Token Claim Name
+tokenClaimName.tooltip=Name of the claim to insert into the token. This can be a fully qualified name like 'address.street'. In this case, a nested json object will be created. To prevent nesting and use dot literally, escape the dot with backslash (\\.).
+jsonType.label=Claim JSON Type
+jsonType.tooltip=JSON type that should be used to populate the json claim in the token. long, int, boolean, String and JSON are valid values.
+includeInIdToken.label=Add to ID token
+includeInIdToken.tooltip=Should the claim be added to the ID token?
+includeInAccessToken.label=Add to access token
+includeInAccessToken.tooltip=Should the claim be added to the access token?
+includeInUserInfo.label=Add to userinfo
+includeInUserInfo.tooltip=Should the claim be added to the userinfo?
+usermodel.clientRoleMapping.clientId.label=Client ID
+usermodel.clientRoleMapping.clientId.tooltip=Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.
+usermodel.clientRoleMapping.rolePrefix.label=Client Role prefix
+usermodel.clientRoleMapping.rolePrefix.tooltip=A prefix for each client role (optional).
+usermodel.clientRoleMapping.tokenClaimName.tooltip=Name of the claim to insert into the token. This can be a fully qualified name like 'address.street'. In this case, a nested json object will be created. To prevent nesting and use dot literally, escape the dot with backslash (\\.). The special token ${client_id} can be used and this will be replaced by the actual client ID. Example usage is 'resource_access.${client_id}.roles'. This is useful especially when you are adding roles from all the clients (Hence 'Client ID' switch is unset) and you want client roles of each client stored separately.
+usermodel.realmRoleMapping.rolePrefix.label=Realm Role prefix
+usermodel.realmRoleMapping.rolePrefix.tooltip=A prefix for each Realm Role (optional).
+sectorIdentifierUri.label=Sector Identifier URI
+sectorIdentifierUri.tooltip=Providers that use pairwise sub values and support Dynamic Client Registration SHOULD use the sector_identifier_uri parameter. It provides a way for a group of websites under common administrative control to have consistent pairwise sub values independent of the individual domain names. It also provides a way for Clients to change redirect_uri domains without having to reregister all their users.
+pairwiseSubAlgorithmSalt.label=Salt
+pairwiseSubAlgorithmSalt.tooltip=Salt used when calculating the pairwise subject identifier. If left blank, a salt will be generated.
+addressClaim.street.label=User Attribute Name for Street
+addressClaim.street.tooltip=Name of User Attribute, which will be used to map to 'street_address' subclaim inside 'address' token claim. Defaults to 'street' .
+addressClaim.locality.label=User Attribute Name for Locality
+addressClaim.locality.tooltip=Name of User Attribute, which will be used to map to 'locality' subclaim inside 'address' token claim. Defaults to 'locality' .
+addressClaim.region.label=User Attribute Name for Region
+addressClaim.region.tooltip=Name of User Attribute, which will be used to map to 'region' subclaim inside 'address' token claim. Defaults to 'region' .
+addressClaim.postal_code.label=User Attribute Name for Postal Code
+addressClaim.postal_code.tooltip=Name of User Attribute, which will be used to map to 'postal_code' subclaim inside 'address' token claim. Defaults to 'postal_code' .
+addressClaim.country.label=User Attribute Name for Country
+addressClaim.country.tooltip=Name of User Attribute, which will be used to map to 'country' subclaim inside 'address' token claim. Defaults to 'country' .
+addressClaim.formatted.label=User Attribute Name for Formatted Address
+addressClaim.formatted.tooltip=Name of User Attribute, which will be used to map to 'formatted' subclaim inside 'address' token claim. Defaults to 'formatted' .
+included.client.audience.label=Included Client Audience
+included.client.audience.tooltip=The Client ID of the specified audience client will be included in audience (aud) field of the token. If there are existing audiences in the token, the specified value is just added to them. It won't override existing audiences.
+included.custom.audience.label=Included Custom Audience
+included.custom.audience.tooltip=This is used just if 'Included Client Audience' is not filled. The specified value will be included in audience (aud) field of the token. If there are existing audiences in the token, the specified value is just added to them. It won't override existing audiences.
+
+# client details
+clients.tooltip=Clients are trusted browser apps and web services in a realm. These clients can request a login. You can also define client specific roles.
+search.placeholder=Search...
+search.loading=Searching...
+create=Create
+import=Import
+client-id=Client ID
+base-url=Base URL
+actions=Actions
+not-defined=Not defined
+edit=Edit
+delete=Delete
+no-results=No results
+no-clients-available=No clients available
+add-client=Add Client
+select-file=Select file
+view-details=View details
+clear-import=Clear import
+client-id.tooltip=Specifies ID referenced in URI and tokens. For example 'my-client'. For SAML this is also the expected issuer value from authn requests
+client.name.tooltip=Specifies display name of the client. For example 'My Client'. Supports keys for localized values as well. For example\: ${my_client}
+client.enabled.tooltip=Disabled clients cannot initiate a login or have obtain access tokens.
+alwaysDisplayInConsole=Always Display in Console
+alwaysDisplayInConsole.tooltip=Always list this client in the Account Console, even if the user does not have an active session.
+consent-required=Consent Required
+consent-required.tooltip=If enabled, users have to consent to client access.
+client.display-on-consent-screen=Display Client On Consent Screen
+client.display-on-consent-screen.tooltip=Applicable just if Consent Required is on. If this switch is off, consent screen will contain just the consents corresponding to configured client scopes. If on, there will be also one item on consent screen about this client itself
+client.consent-screen-text=Client Consent Screen Text
+client.consent-screen-text.tooltip=Applicable just if 'Display Client On Consent Screen' is on for this client. Contains the text, which will be on consent screen about permissions specific just for this client
+client-protocol=Client Protocol
+client-protocol.tooltip='OpenID connect' allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server.'SAML' enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO) and uses security tokens containing assertions to pass information.
+access-type=Access Type
+access-type.tooltip='Confidential' clients require a secret to initiate login protocol. 'Public' clients do not require a secret. 'Bearer-only' clients are web services that never initiate a login.
+standard-flow-enabled=Standard Flow Enabled
+standard-flow-enabled.tooltip=This enables standard OpenID Connect redirect based authentication with authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Authorization Code Flow' for this client.
+implicit-flow-enabled=Implicit Flow Enabled
+implicit-flow-enabled.tooltip=This enables support for OpenID Connect redirect based authentication without authorization code. In terms of OpenID Connect or OAuth2 specifications, this enables support of 'Implicit Flow' for this client.
+direct-access-grants-enabled=Direct Access Grants Enabled
+direct-access-grants-enabled.tooltip=This enables support for Direct Access Grants, which means that client has access to username/password of user and exchange it directly with Keycloak server for access token. In terms of OAuth2 specification, this enables support of 'Resource Owner Password Credentials Grant' for this client.
+service-accounts-enabled=Service Accounts Enabled
+service-accounts-enabled.tooltip=Allows you to authenticate this client to Keycloak and retrieve access token dedicated to this client. In terms of OAuth2 specification, this enables support of 'Client Credentials Grant' for this client.
+include-authnstatement=Include AuthnStatement
+include-authnstatement.tooltip=Should a statement specifying the method and timestamp be included in login responses?
+include-onetimeuse-condition=Include OneTimeUse Condition
+include-onetimeuse-condition.tooltip=Should a OneTimeUse Condition be included in login responses?
+sign-documents=Sign Documents
+sign-documents.tooltip=Should SAML documents be signed by the realm?
+sign-documents-redirect-enable-key-info-ext=Optimize REDIRECT signing key lookup
+sign-documents-redirect-enable-key-info-ext.tooltip=When signing SAML documents in REDIRECT binding for SP that is secured by Keycloak adapter, should the ID of the signing key be included in SAML protocol message in <Extensions> element? This optimizes validation of the signature as the validating party uses a single key instead of trying every known key for validation.
+sign-assertions=Sign Assertions
+sign-assertions.tooltip=Should assertions inside SAML documents be signed? This setting is not needed if document is already being signed.
+signature-algorithm=Signature Algorithm
+signature-algorithm.tooltip=The signature algorithm to use to sign documents.
+canonicalization-method=Canonicalization Method
+canonicalization-method.tooltip=Canonicalization Method for XML signatures.
+encrypt-assertions=Encrypt Assertions
+encrypt-assertions.tooltip=Should SAML assertions be encrypted with client's public key using AES?
+client-signature-required=Client Signature Required
+client-signature-required.tooltip=Will the client sign their saml requests and responses? And should they be validated?
+force-post-binding=Force POST Binding
+force-post-binding.tooltip=Always use POST binding for responses.
+front-channel-logout=Front Channel Logout
+front-channel-logout.tooltip=When true, logout requires a browser redirect to client. When false, server performs a background invocation for logout.
+force-name-id-format=Force Name ID Format
+force-name-id-format.tooltip=Ignore requested NameID subject format and use admin console configured one.
+name-id-format=Name ID Format
+name-id-format.tooltip=The name ID format to use for the subject.
+root-url=Root URL
+root-url.tooltip=Root URL appended to relative URLs
+valid-redirect-uris=Valid Redirect URIs
+valid-redirect-uris.tooltip=Valid URI pattern a browser can redirect to after a successful login or logout. Simple wildcards are allowed such as 'http://example.com/*'. Relative path can be specified too such as /my/relative/path/*. Relative paths are relative to the client root URL, or if none is specified the auth server root URL is used. For SAML, you must set valid URI patterns if you are relying on the consumer service URL embedded with the login request.
+base-url.tooltip=Default URL to use when the auth server needs to redirect or link back to the client.
+admin-url=Admin URL
+admin-url.tooltip=URL to the admin interface of the client. Set this if the client supports the adapter REST API. This REST API allows the auth server to push revocation policies and other administrative tasks. Usually this is set to the base URL of the client.
+master-saml-processing-url=Master SAML Processing URL
+master-saml-processing-url.tooltip=If configured, this URL will be used for every binding to both the SP's Assertion Consumer and Single Logout Services. This can be individually overriden for each binding and service in the Fine Grain SAML Endpoint Configuration.
+idp-sso-url-ref=IDP Initiated SSO URL Name
+idp-sso-url-ref.tooltip=URL fragment name to reference client when you want to do IDP Initiated SSO. Leaving this empty will disable IDP Initiated SSO. The URL you will reference from your browser will be: {server-root}/realms/{realm}/protocol/saml/clients/{client-url-name}
+idp-sso-url-ref.urlhint=Target IDP initiated SSO URL:
+idp-sso-relay-state=IDP Initiated SSO Relay State
+idp-sso-relay-state.tooltip=Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
+web-origins=Web Origins
+web-origins.tooltip=Allowed CORS origins. To permit all origins of Valid Redirect URIs, add '+'. This does not include the '*' wildcard though. To permit all origins, explicitly add '*'.
+fine-oidc-endpoint-conf=Fine Grain OpenID Connect Configuration
+fine-oidc-endpoint-conf.tooltip=Expand this section to configure advanced settings of this client related to OpenID Connect protocol
+access-token-signed-response-alg=Access Token Signature Algorithm
+access-token-signed-response-alg.tooltip=JWA algorithm used for signing access tokens.
+id-token-signed-response-alg=ID Token Signature Algorithm
+id-token-signed-response-alg.tooltip=JWA algorithm used for signing ID tokens.
+id-token-encrypted-response-alg=ID Token Encryption Key Management Algorithm
+id-token-encrypted-response-alg.tooltip=JWA Algorithm used for key management in encrypting ID tokens. This option is needed if you want encrypted ID tokens. If left empty, ID Tokens are just signed, but not encrypted.
+id-token-encrypted-response-enc=ID Token Encryption Content Encryption Algorithm
+id-token-encrypted-response-enc.tooltip=JWA Algorithm used for content encryption in encrypting ID tokens. This option is needed just if you want encrypted ID tokens. If left empty, ID Tokens are just signed, but not encrypted.
+user-info-signed-response-alg=User Info Signed Response Algorithm
+user-info-signed-response-alg.tooltip=JWA algorithm used for signed User Info Endpoint response. If set to 'unsigned', User Info Response won't be signed and will be returned in application/json format.
+request-object-signature-alg=Request Object Signature Algorithm
+request-object-signature-alg.tooltip=JWA algorithm, which client needs to use when sending OIDC request object specified by 'request' or 'request_uri' parameters. If set to 'any', Request object can be signed by any algorithm (including 'none' ).
+request-object-required=Request Object Required
+request-object-required.tooltip=Specifies if the client needs to provide a request object with their authorization requests, and what method they can use for this. If set to "not required", providing a request object is optional. In all other cases, providing a request object is mandatory. If set to "request", the request object must be provided by value. If set to "request_uri", the request object must be provided by reference. If set to "request or request_uri", either method can be used.
+fine-saml-endpoint-conf=Fine Grain SAML Endpoint Configuration
+fine-saml-endpoint-conf.tooltip=Expand this section to configure exact URLs for Assertion Consumer and Single Logout Service.
+assertion-consumer-post-binding-url=Assertion Consumer Service POST Binding URL
+assertion-consumer-post-binding-url.tooltip=SAML POST Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.
+assertion-consumer-redirect-binding-url=Assertion Consumer Service Redirect Binding URL
+assertion-consumer-redirect-binding-url.tooltip=SAML Redirect Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.
+logout-service-post-binding-url=Logout Service POST Binding URL
+logout-service-post-binding-url.tooltip=SAML POST Binding URL for the client's single logout service. You can leave this blank if you are using a different binding
+logout-service-redir-binding-url=Logout Service Redirect Binding URL
+logout-service-redir-binding-url.tooltip=SAML Redirect Binding URL for the client's single logout service. You can leave this blank if you are using a different binding.
+saml-signature-keyName-transformer=SAML Signature Key Name
+saml-signature-keyName-transformer.tooltip=Signed SAML documents contain identification of signing key in KeyName element. For Keycloak / RH-SSO counterparty, use KEY_ID, for MS AD FS use CERT_SUBJECT, for others check and use NONE if no other option works.
+oidc-compatibility-modes=OpenID Connect Compatibility Modes
+oidc-compatibility-modes.tooltip=Expand this section to configure settings for backwards compatibility with older OpenID Connect / OAuth2 adapters. It is useful especially if your client uses older version of Keycloak / RH-SSO adapter.
+exclude-session-state-from-auth-response=Exclude Session State From Authentication Response
+exclude-session-state-from-auth-response.tooltip=If this is on, the parameter 'session_state' will not be included in OpenID Connect Authentication Response. It is useful if your client uses older OIDC / OAuth2 adapter, which does not support 'session_state' parameter.
+
+# client import
+import-client=Import Client
+format-option=Format Option
+select-format=Select a Format
+import-file=Import File
+
+# client tabs
+settings=Settings
+credentials=Credentials
+saml-keys=SAML Keys
+roles=Roles
+mappers=Mappers
+mappers.tooltip=Protocol mappers perform transformation on tokens and documents. They can do things like map user data into protocol claims, or just transform any requests going between the client and auth server.
+scope=Scope
+scope.tooltip=Scope mappings allow you to restrict which user role mappings are included within the access token requested by the client.
+sessions.tooltip=View active sessions for this client. Allows you to see which users are active and when they logged in.
+offline-access=Offline Access
+offline-access.tooltip=View offline sessions for this client. Allows you to see which users retrieve offline token and when they retrieve it. To revoke all tokens for the client, go to the Revocation tab and set Not Before to Now.
+clustering=Clustering
+installation=Installation
+installation.tooltip=Helper utility for generating various client adapter configuration formats which you can download or cut and paste to configure your clients.
+service-account-roles=Service Account Roles
+service-account-roles.tooltip=Allows you to authenticate role mappings for the service account dedicated to this client.
+
+# client credentials
+client-authenticator=Client Authenticator
+client-authenticator.tooltip=Client Authenticator used for authentication of this client against Keycloak server
+certificate.tooltip=Client Certificate for validate JWT issued by client and signed by Client private key from your keystore.
+publicKey.tooltip=Public Key for validate JWT issued by client and signed by Client private key.
+no-client-certificate-configured=No client certificate configured
+gen-new-keys-and-cert=Generate new keys and certificate
+import-certificate=Import Certificate
+gen-client-private-key=Generate Client Private Key
+generate-private-key=Generate Private Key
+kid=Kid
+kid.tooltip=KID (Key ID) of the client public key from imported JWKS.
+use-jwks-url=Use JWKS URL
+use-jwks-url.tooltip=If the switch is on, client public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when client generates new keypair. If the switch is off, public key (or certificate) from the Keycloak DB is used, so when client keypair changes, you always need to import new key (or certificate) to the Keycloak DB as well.
+jwks-url=JWKS URL
+jwks-url.tooltip=URL where client keys in JWK format are stored. See JWK specification for more details. If you use Keycloak client adapter with "jwt" credential, you can use URL of your app with '/k_jwks' suffix. For example 'http://www.myhost.com/myapp/k_jwks' .
+archive-format=Archive Format
+archive-format.tooltip=Java keystore or PKCS12 archive format.
+key-alias=Key Alias
+key-alias.tooltip=Archive alias for your private key and certificate.
+key-password=Key Password
+key-password.tooltip=Password to access the private key in the archive
+store-password=Store Password
+store-password.tooltip=Password to access the archive itself
+generate-and-download=Generate and Download
+client-certificate-import=Client Certificate Import
+import-client-certificate=Import Client Certificate
+jwt-import.key-alias.tooltip=Archive alias for your certificate.
+secret=Secret
+regenerate-secret=Regenerate Secret
+registrationAccessToken=Registration access token
+registrationAccessToken.regenerate=Regenerate registration access token
+registrationAccessToken.tooltip=The registration access token provides access for clients to the client registration service.
+add-role=Add Role
+role-name=Role Name
+composite=Composite
+description=Description
+no-client-roles-available=No client roles available
+composite-roles=Composite Roles
+composite-roles.tooltip=When this role is (un)assigned to a user any role associated with it will be (un)assigned implicitly.
+realm-roles=Realm Roles
+available-roles=Available Roles
+add-selected=Add selected
+associated-roles=Associated Roles
+composite.associated-realm-roles.tooltip=Realm level roles associated with this composite role.
+composite.available-realm-roles.tooltip=Realm level roles that you can associate to this composite role.
+remove-selected=Remove selected
+client-roles=Client Roles
+select-client-to-view-roles=Select client to view roles for client
+available-roles.tooltip=Roles from this client that you can associate to this composite role.
+client.associated-roles.tooltip=Client roles associated with this composite role.
+add-builtin=Add Builtin
+category=Category
+type=Type
+priority-order=Priority Order
+no-mappers-available=No mappers available
+add-builtin-protocol-mappers=Add Builtin Protocol Mappers
+add-builtin-protocol-mapper=Add Builtin Protocol Mapper
+scope-mappings=Scope Mappings
+full-scope-allowed=Full Scope Allowed
+full-scope-allowed.tooltip=Allows you to disable all restrictions.
+scope.available-roles.tooltip=Realm level roles that can be assigned to scope.
+assigned-roles=Assigned Roles
+assigned-roles.tooltip=Realm level roles assigned to scope.
+effective-roles=Effective Roles
+realm.effective-roles.tooltip=Assigned realm level roles that may have been inherited from a composite role.
+select-client-roles.tooltip=Select client to view roles for client
+assign.available-roles.tooltip=Client roles available to be assigned.
+client.assigned-roles.tooltip=Assigned client roles.
+client.effective-roles.tooltip=Assigned client roles that may have been inherited from a composite role.
+basic-configuration=Basic configuration
+node-reregistration-timeout=Node Re-registration Timeout
+node-reregistration-timeout.tooltip=Interval to specify max time for registered clients cluster nodes to re-register. If cluster node will not send re-registration request to Keycloak within this time, it will be unregistered from Keycloak
+registered-cluster-nodes=Registered cluster nodes
+register-node-manually=Register node manually
+test-cluster-availability=Test cluster availability
+last-registration=Last registration
+node-host=Node host
+no-registered-cluster-nodes=No registered cluster nodes available
+cluster-nodes=Cluster Nodes
+add-node=Add Node
+active-sessions.tooltip=Total number of active user sessions for this client.
+show-sessions=Show Sessions
+show-sessions.tooltip=Warning, this is a potentially expensive operation depending on the number of active sessions.
+user=User
+from-ip=From IP
+session-start=Session Start
+first-page=First Page
+previous-page=Previous Page
+next-page=Next Page
+client-revoke.not-before.tooltip=Revoke any tokens issued before this date for this client.
+client-revoke.push.tooltip=If the admin URL is configured for this client, push this policy to that client.
+select-a-format=Select a Format
+download=Download
+offline-tokens=Offline Tokens
+offline-tokens.tooltip=Total number of offline tokens for this client.
+show-offline-tokens=Show Offline Tokens
+show-offline-tokens.tooltip=Warning, this is a potentially expensive operation depending on the number of offline tokens.
+token-issued=Token Issued
+last-access=Last Access
+last-refresh=Last Refresh
+key-export=Key Export
+key-import=Key Import
+export-saml-key=Export SAML Key
+import-saml-key=Import SAML Key
+realm-certificate-alias=Realm Certificate Alias
+realm-certificate-alias.tooltip=Realm certificate is stored in archive too. This is the alias to it.
+signing-key=Signing Key
+saml-signing-key=SAML Signing Key.
+private-key=Private Key
+generate-new-keys=Generate new keys
+export=Export
+encryption-key=Encryption Key
+saml-encryption-key.tooltip=SAML Encryption Key.
+service-accounts=Service Accounts
+service-account.available-roles.tooltip=Realm level roles that can be assigned to service account.
+service-account.assigned-roles.tooltip=Realm level roles assigned to service account.
+service-account-is-not-enabled-for=Service account is not enabled for {{client}}
+create-protocol-mappers=Create Protocol Mappers
+create-protocol-mapper=Create Protocol Mapper
+protocol=Protocol
+protocol.tooltip=Protocol...
+id=ID
+mapper.name.tooltip=Name of the mapper.
+mapper.consent-required.tooltip=When granting temporary access, must the user consent to providing this data to the client?
+consent-text=Consent Text
+consent-text.tooltip=Text to display on consent page.
+mapper-type=Mapper Type
+mapper-type.tooltip=Type of the mapper
+user-label=User Label
+data=Data
+show-data=Show data...
+position=Position
+# realm identity providers
+identity-providers=Identity Providers
+table-of-identity-providers=Table of identity providers
+add-provider.placeholder=Add provider...
+provider=Provider
+gui-order=GUI order
+first-broker-login-flow=First Login Flow
+post-broker-login-flow=Post Login Flow
+sync-mode=Sync Mode
+sync-mode.tooltip=Default sync mode for all mappers. The sync mode determines when user data will be synced using the mappers. Possible values are: 'legacy' to keep the behaviour before this option was introduced, 'import' to only import the user once during first login of the user with this identity provider, 'force' to always update the user during every login with this identity provider".
+sync-mode.inherit=inherit
+sync-mode.legacy=legacy
+sync-mode.import=import
+sync-mode.force=force
+sync-mode-override=Sync Mode Override
+sync-mode-override.tooltip=Overrides the default sync mode of the IDP for this mapper. Values are: 'legacy' to keep the behaviour before this option was introduced, 'import' to only import the user once during first login of the user with this identity provider, 'force' to always update the user during every login with this identity provider" and 'inherit' to use the sync mode defined in the identity provider for this mapper.
+redirect-uri=Redirect URI
+redirect-uri.tooltip=The redirect uri to use when configuring the identity provider.
+alias=Alias
+display-name=Display Name
+identity-provider.alias.tooltip=The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
+identity-provider.display-name.tooltip=Friendly name for Identity Providers.
+identity-provider.enabled.tooltip=Enable/disable this identity provider.
+authenticate-by-default=Authenticate by Default
+identity-provider.authenticate-by-default.tooltip=Indicates if this provider should be tried by default for authentication even before displaying login screen.
+store-tokens=Store Tokens
+identity-provider.store-tokens.tooltip=Enable/disable if tokens must be stored after authenticating users.
+stored-tokens-readable=Stored Tokens Readable
+identity-provider.stored-tokens-readable.tooltip=Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
+disableUserInfo=Disable User Info
+identity-provider.disableUserInfo.tooltip=Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.
+userIp=Use userIp Param
+identity-provider.google-userIp.tooltip=Set 'userIp' query parameter when invoking on Google's User Info service. This will use the user's ip address. Useful if Google is throttling access to the User Info service.
+offlineAccess=Request refresh token
+identity-provider.google-offlineAccess.tooltip=Set 'access_type' query parameter to 'offline' when redirecting to google authorization endpoint, to get a refresh token back. Useful if planning to use Token Exchange to retrieve Google token to access Google APIs when the user is not at the browser.
+hostedDomain=Hosted Domain
+identity-provider.google-hostedDomain.tooltip=Set 'hd' query parameter when logging in with Google. Google will list accounts only for this domain. Keycloak validates that the returned identity token has a claim for this domain. When '*' is entered, any hosted account can be used.
+sandbox=Target Sandbox
+identity-provider.paypal-sandbox.tooltip=Target PayPal's sandbox environment
+update-profile-on-first-login=Update Profile on First Login
+on=On
+on-missing-info=On missing info
+off=Off
+update-profile-on-first-login.tooltip=Define conditions under which a user has to update their profile during first-time login.
+trust-email=Trust Email
+trust-email.tooltip=If enabled, email provided by this provider is not verified even if verification is enabled for the realm.
+link-only=Account Linking Only
+link-only.tooltip=If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider
+hide-on-login-page=Hide on Login Page
+hide-on-login-page.tooltip=If hidden, login with this provider is possible only if requested explicitly, for example using the 'kc_idp_hint' parameter.
+gui-order.tooltip=Number defining order of the provider in GUI (for example, on Login page).
+first-broker-login-flow.tooltip=Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that no Keycloak account is currently linked to the authenticated identity provider account.
+post-broker-login-flow.tooltip=Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Also note that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
+openid-connect-config=OpenID Connect Config
+openid-connect-config.tooltip=OIDC SP and external IDP configuration.
+authorization-url=Authorization URL
+authorization-url.tooltip=The Authorization Url.
+token-url=Token URL
+token-url.tooltip=The Token URL.
+loginHint=Pass login_hint
+loginHint.tooltip=Pass login_hint to identity provider.
+uiLocales=Pass current locale
+uiLocales.tooltip=Pass the current locale to the identity provider as a ui_locales parameter.
+logout-url=Logout URL
+identity-provider.logout-url.tooltip=End session endpoint to use to logout user from external IDP.
+backchannel-logout=Backchannel Logout
+backchannel-logout.tooltip=Does the external IDP support backchannel logout?
+user-info-url=User Info URL
+user-info-url.tooltip=The User Info Url. This is optional.
+client-auth=Client Authentication
+client-auth.tooltip=The client authentication method (cfr. https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication). In case of JWT signed with private key, the realm private key is used.
+client-auth.client_secret_post=Client secret sent as post
+client-auth.client_secret_basic=Client secret sent as basic auth
+client-auth.client_secret_jwt=Client secret as jwt
+client-auth.private_key_jwt=JWT signed with private key
+identity-provider.client-id.tooltip=The client or client identifier registered within the identity provider.
+client-secret=Client Secret
+show-secret=Show secret
+hide-secret=Hide secret
+client-secret.tooltip=The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use ${vault.ID} format.
+issuer=Issuer
+issuer.tooltip=The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
+default-scopes=Default Scopes
+identity-provider.default-scopes.tooltip=The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'.
+prompt=Prompt
+unspecified.option=unspecified
+none.option=none
+consent.option=consent
+login.option=login
+select-account.option=select_account
+prompt.tooltip=Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.
+accepts-prompt-none-forward-from-client=Accepts prompt=none forward from client
+accepts-prompt-none-forward-from-client.tooltip=This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.
+validate-signatures=Validate Signatures
+identity-provider.validate-signatures.tooltip=Enable/disable signature validation of external IDP signatures.
+identity-provider.use-jwks-url.tooltip=If the switch is on, identity provider public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded again when identity provider generates new keypair. If the switch is off, public key (or certificate) from the Keycloak DB is used, so when the identity provider keypair changes, you always need to import the new key to the Keycloak DB as well.
+identity-provider.jwks-url.tooltip=URL where identity provider keys in JWK format are stored. See JWK specification for more details. If you use external Keycloak identity provider, you can use URL like 'http://broker-keycloak:8180/auth/realms/test/protocol/openid-connect/certs' assuming your brokered Keycloak is running on 'http://broker-keycloak:8180' and its realm is 'test' .
+validating-public-key=Validating Public Key
+identity-provider.validating-public-key.tooltip=The public key in PEM format that must be used to verify external IDP signatures.
+validating-public-key-id=Validating Public Key Id
+identity-provider.validating-public-key-id.tooltip=Explicit ID of the validating public key given above if the key ID. Leave blank if the key above should be used always, regardless of key ID specified by external IDP; set it if the key should only be used for verifying if the key ID from external IDP matches.
+allowed-clock-skew=Allowed clock skew
+identity-provider.allowed-clock-skew.tooltip=Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is zero.
+forwarded-query-parameters=Forwarded Query Parameters
+identity-provider.forwarded-query-parameters.tooltip=Non OpenID Connect/OAuth standard query parameters to be forwarded to external IDP from the initial application request to Authorization Endpoint. Multiple parameters can be entered, separated by comma (,).
+import-external-idp-config=Import External IDP Config
+import-external-idp-config.tooltip=Allows you to load external IDP metadata from a config file or to download it from a URL.
+import-from-url=Import from URL
+identity-provider.import-from-url.tooltip=Import metadata from a remote IDP discovery descriptor.
+import-from-file=Import from file
+identity-provider.import-from-file.tooltip=Import metadata from a downloaded IDP discovery descriptor.
+saml-config=SAML Config
+identity-provider.saml-config.tooltip=SAML SP and external IDP configuration.
+single-signon-service-url=Single Sign-On Service URL
+saml.single-signon-service-url.tooltip=The Url that must be used to send authentication requests (SAML AuthnRequest).
+single-logout-service-url=Single Logout Service URL
+saml.single-logout-service-url.tooltip=The Url that must be used to send logout requests.
+nameid-policy-format=NameID Policy Format
+nameid-policy-format.tooltip=Specifies the URI reference corresponding to a name identifier format. Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
+saml.principal-type=Principal Type
+saml.principal-type.tooltip=Way to identify and track external users from the assertion. Default is using Subject NameID, alternatively you can set up identifying attribute.
+saml.principal-attribute=Principal Attribute
+saml.principal-attribute.tooltip=Name or Friendly Name of the attribute used to identify external users.
+http-post-binding-response=HTTP-POST Binding Response
+http-post-binding-response.tooltip=Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
+http-post-binding-for-authn-request=HTTP-POST Binding for AuthnRequest
+http-post-binding-for-authn-request.tooltip=Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
+http-post-binding-logout=HTTP-POST Binding Logout
+http-post-binding-logout.tooltip=Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
+want-authn-requests-signed=Want AuthnRequests Signed
+want-authn-requests-signed.tooltip=Indicates whether the identity provider expects a signed AuthnRequest.
+want-assertions-signed=Want Assertions Signed
+want-assertions-signed.tooltip=Indicates whether this service provider expects a signed Assertion.
+want-assertions-encrypted=Want Assertions Encrypted
+want-assertions-encrypted.tooltip=Indicates whether this service provider expects an encrypted Assertion.
+force-authentication=Force Authentication
+identity-provider.force-authentication.tooltip=Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
+validate-signature=Validate Signature
+saml.validate-signature.tooltip=Enable/disable signature validation of SAML responses.
+validating-x509-certificate=Validating X509 Certificates
+validating-x509-certificate.tooltip=The certificate in PEM format that must be used to check for signatures. Multiple certificates can be entered, separated by comma (,).
+saml.import-from-url.tooltip=Import metadata from a remote IDP SAML entity descriptor.
+social.client-id.tooltip=The client identifier registered with the identity provider.
+social.client-secret.tooltip=The client secret registered with the identity provider. This field is able to obtain its value from vault, use ${vault.ID} format.
+social.default-scopes.tooltip=The scopes to be sent when asking for authorization. See the documentation for possible values, separator and default value'.
+key=Key
+stackoverflow.key.tooltip=The Key obtained from Stack Overflow client registration.
+openshift.base-url=Base Url
+openshift.base-url.tooltip=Base Url to OpenShift Online API
+openshift4.base-url=Base Url
+openshift4.base-url.tooltip=Base Url to OpenShift Online API
+gitlab-application-id=Application Id
+gitlab-application-secret=Application Secret
+gitlab.application-id.tooltip=Application Id for the application you created in your GitLab Applications account menu
+gitlab.application-secret.tooltip=Secret for the application that you created in your GitLab Applications account menu
+gitlab.default-scopes.tooltip=Scopes to ask for on login. Will always ask for openid. Additionally adds api if you do not specify anything.
+bitbucket-consumer-key=Consumer Key
+bitbucket-consumer-secret=Consumer Secret
+bitbucket.key.tooltip=Bitbucket OAuth Consumer Key
+bitbucket.secret.tooltip=Bitbucket OAuth Consumer Secret
+bitbucket.default-scopes.tooltip=Scopes to ask for on login. If you do not specify anything, scope defaults to 'email'.
+# User federation
+sync-ldap-roles-to-keycloak=Sync LDAP Roles To Keycloak
+sync-keycloak-roles-to-ldap=Sync Keycloak Roles To LDAP
+sync-ldap-groups-to-keycloak=Sync LDAP Groups To Keycloak
+sync-keycloak-groups-to-ldap=Sync Keycloak Groups To LDAP
+realms=Realms
+realm=Realm
+identity-provider-mappers=Identity Provider Mappers
+create-identity-provider-mapper=Create Identity Provider Mapper
+add-identity-provider-mapper=Add Identity Provider Mapper
+client.description.tooltip=Specifies description of the client. For example 'My Client for TimeSheets'. Supports keys for localized values as well. For example\: ${my_client_description}
+expires=Expires
+expiration=Expiration
+expiration.tooltip=Specifies how long the token should be valid
+count=Count
+count.tooltip=Specifies how many clients can be created using the token
+remainingCount=Remaining Count
+created=Created
+back=Back
+initial-access-tokens=Initial Access Tokens
+add-initial-access-tokens=Add Initial Access Token
+initial-access-token=Initial Access Token
+initial-access.copyPaste.tooltip=Copy/paste the initial access token before navigating away from this page as it is not possible to retrieve later
+continue=Continue
+initial-access-token.confirm.title=Copy Initial Access Token
+initial-access-token.confirm.text=Please copy and paste the initial access token before confirming as it cannot be retrieved later
+no-initial-access-available=No Initial Access Tokens available
+client-reg-policies=Client Registration Policies
+client-reg-policy.name.tooltip=Display Name of the policy
+anonymous-policies=Anonymous Access Policies
+anonymous-policies.tooltip=Those Policies are used when the Client Registration Service is invoked by unauthenticated request. This means that the request does not contain Initial Access Token nor Bearer Token.
+auth-policies=Authenticated Access Policies
+auth-policies.tooltip=Those Policies are used when Client Registration Service is invoked by authenticated request. This means that the request contains Initial Access Token or Bearer Token.
+policy-name=Policy Name
+no-client-reg-policies-configured=No Client Registration Policies
+trusted-hosts.label=Trusted Hosts
+trusted-hosts.tooltip=List of Hosts, which are trusted and are allowed to invoke Client Registration Service and/or be used as values of Client URIs. You can use hostnames or IP addresses. If you use star at the beginning (for example '*.example.com' ) then whole domain example.com will be trusted.
+host-sending-registration-request-must-match.label=Host Sending Client Registration Request Must Match
+host-sending-registration-request-must-match.tooltip=If on, any request to Client Registration Service is allowed just if it was sent from some trusted host or domain.
+client-uris-must-match.label=Client URIs Must Match
+client-uris-must-match.tooltip=If on, all Client URIs (Redirect URIs and others) are allowed just if they match some trusted host or domain.
+allowed-protocol-mappers.label=Allowed Protocol Mappers
+allowed-protocol-mappers.tooltip=Whitelist of allowed protocol mapper providers. If there is an attempt to register client, which contains some protocol mappers, which were not whitelisted, registration request will be rejected.
+consent-required-for-all-mappers.label=Consent Required For Mappers
+consent-required-for-all-mappers.tooltip=If on, all newly registered protocol mappers will automatically have consentRequired switch on. This means that user will need to approve consent screen. NOTE: Consent screen is shown just if client has consentRequired switch on. So it is usually good to use this switch together with consent-required policy.
+allowed-client-scopes.label=Allowed Client Scopes
+allowed-client-scopes.tooltip=Whitelist of the client scopes, which can be used on a newly registered client. Attempt to register client with some client scope, which is not whitelisted, will be rejected. By default, the whitelist is either empty or contains just realm default client scopes (based on 'Allow Default Scopes' configuration property)
+allow-default-scopes.label=Allow Default Scopes
+allow-default-scopes.tooltip=If on, newly registered clients will be allowed to have client scopes mentioned in realm default client scopes or realm optional client scopes
+max-clients.label=Max Clients Per Realm
+max-clients.tooltip=It will not be allowed to register a new client if count of existing clients in realm is same or bigger than the configured limit.
+
+client-scopes=Client Scopes
+client-scopes.tooltip=Client scopes allow you to define a common set of protocol mappers and roles, which are shared between multiple clients
+
+groups=Groups
+
+group.add-selected.tooltip=Realm roles that can be assigned to the group.
+group.assigned-roles.tooltip=Realm roles mapped to the group
+group.effective-roles.tooltip=All realm role mappings. Some roles here might be inherited from a mapped composite role.
+group.available-roles.tooltip=Assignable roles from this client.
+group.assigned-roles-client.tooltip=Role mappings for this client.
+group.effective-roles-client.tooltip=Role mappings for this client. Some roles here might be inherited from a mapped composite role.
+
+default-roles=Default Roles
+no-realm-roles-available=No realm roles available
+
+users=Users
+user.add-selected.tooltip=Realm roles that can be assigned to the user.
+user.assigned-roles.tooltip=Realm roles mapped to the user
+user.effective-roles.tooltip=All realm role mappings. Some roles here might be inherited from a mapped composite role.
+user.available-roles.tooltip=Assignable roles from this client.
+user.assigned-roles-client.tooltip=Role mappings for this client.
+user.effective-roles-client.tooltip=Role mappings for this client. Some roles here might be inherited from a mapped composite role.
+default.available-roles.tooltip=Realm level roles that can be assigned.
+realm-default-roles=Realm Default Roles
+realm-default-roles.tooltip=Realm level roles assigned to new users.
+default.available-roles-client.tooltip=Roles from this client that are assignable as a default.
+client-default-roles=Client Default Roles
+client-default-roles.tooltip=Roles from this client assigned as a default role.
+composite.available-roles.tooltip=Realm level roles that you can associate to this composite role.
+composite.associated-roles.tooltip=Realm level roles associated with this composite role.
+composite.available-roles-client.tooltip=Roles from this client that you can associate to this composite role.
+composite.associated-roles-client.tooltip=Client roles associated with this composite role.
+partial-import=Partial Import
+partial-import.tooltip=Partial import allows you to import users, clients, and other resources from a previously exported json file.
+
+file=File
+exported-json-file=Exported json file
+import-from-realm=Import from realm
+import-users=Import users
+import-groups=Import groups
+import-clients=Import clients
+import-identity-providers=Import identity providers
+import-realm-roles=Import realm roles
+import-client-roles=Import client roles
+if-resource-exists=If a resource exists
+fail=Fail
+skip=Skip
+overwrite=Overwrite
+if-resource-exists.tooltip=Specify what should be done if you try to import a resource that already exists.
+
+partial-export=Partial Export
+partial-export.tooltip=Partial export allows you to export realm configuration, and other associated resources into a json file.
+export-groups-and-roles=Export groups and roles
+export-clients=Export clients
+
+action=Action
+role-selector=Role Selector
+realm-roles.tooltip=Realm roles that can be selected.
+
+select-a-role=Select a role
+select-realm-role=Select realm role
+client-roles.tooltip=Client roles that can be selected.
+select-client-role=Select client role
+
+client-saml-endpoint=Client SAML Endpoint
+add-client-scope=Add client scope
+
+default-client-scopes=Default Client Scopes
+default-client-scopes.tooltip=Client Scopes, which will be added automatically to each created client
+default-client-scopes.default=Default Client Scopes
+default-client-scopes.default.tooltip=Allow to define client scopes, which will be added as default scopes to each created client
+default-client-scopes.default.available=Available Client Scopes
+default-client-scopes.default.available.tooltip=Client scopes, which are not yet assigned as realm default scopes or realm optional scopes
+default-client-scopes.default.assigned=Assigned Default Client Scopes
+default-client-scopes.default.assigned.tooltip=Client scopes, which will be added as default scopes to each created client
+default-client-scopes.optional=Optional Client Scopes
+default-client-scopes.optional.tooltip=Allow to define client scopes, which will be added as optional scopes to each created client
+default-client-scopes.optional.available=Available Client Scopes
+default-client-scopes.optional.available.tooltip=Client scopes, which are not yet assigned as realm default scopes or realm optional scopes
+default-client-scopes.optional.assigned=Assigned Optional Client Scopes
+default-client-scopes.optional.assigned.tooltip=Client scopes, which will be added as optional scopes to each created client
+
+client-scopes.setup=Setup
+client-scopes.setup.tooltip=Allow to setup client scopes linked to this client
+client-scopes.default=Default Client Scopes
+client-scopes.default.tooltip=Default client scopes are always applied when issuing tokens for this client. Protocol mappers and role scope mappings are always applied regardless of value of used scope parameter in OIDC Authorization request
+client-scopes.default.available=Available Client Scopes
+client-scopes.default.available.tooltip=Client scopes, which are not yet assigned as default scopes or optional scopes
+client-scopes.default.assigned=Assigned Default Client Scopes
+client-scopes.default.assigned.tooltip=Client scopes, which will be used as default scopes when generating tokens for this client
+client-scopes.optional=Optional Client Scopes
+client-scopes.optional.tooltip=Optional client scopes are applied when issuing tokens for this client, however just in case when they are requested by scope parameter in OIDC Authorization request
+client-scopes.optional.available=Available Client Scopes
+client-scopes.optional.available.tooltip=Client scopes, which are not yet assigned as default scopes or optional scopes
+client-scopes.optional.assigned=Assigned Optional Client Scopes
+client-scopes.optional.assigned.tooltip=Client scopes, which may be used as optional scopes when generating tokens for this client
+
+client-scopes.evaluate=Evaluate
+client-scopes.evaluate.tooltip=Allow to see all protocol mappers and role scope mapping that will be used in the tokens issued to this client. Also allow to generate example access token based on provided scope parameter
+scope-parameter=Scope Parameter
+scope-parameter.tooltip=You can copy/paste this value of scope parameter and use it in initial OpenID Connect Authentication Request sent from this client adapter. Default client scopes and selected optional client scopes will be used when generating token issued for this client
+client-scopes.evaluate.scopes=Client Scopes
+client-scopes.evaluate.scopes.tooltip=Allow to select optional client scopes, which may be used when generating token issued for this client
+client-scopes.evaluate.scopes.available=Available Optional Client Scopes
+client-scopes.evaluate.scopes.available.tooltip=This contains Optional Client Scopes, which can be optionally used when issuing access token for this client
+client-scopes.evaluate.scopes.assigned=Selected Optional Client Scopes
+client-scopes.evaluate.scopes.assigned.tooltip=Selected Optional Client Scopes, which will be used when issuing access token for this client. You can see above what value of OAuth Scope Parameter needs to be used when you want to have these optional client scopes applied when the initial OpenID Connect Authentication request will be sent from your client adapter
+client-scopes.evaluate.scopes.effective=Effective Client Scopes
+client-scopes.evaluate.scopes.effective.tooltip=Contains all default client scopes and selected optional scopes. All protocol mappers and role scope mappings of all those client scopes will be used when generating access token issued for your client
+client-scopes.evaluate.user.tooltip=Optionally select user, for whom the example access token will be generated. If you do not select a user, example access token will not be generated during evaluation
+send-evaluation-request=Evaluate
+send-evaluation-request.tooltip=Click this to see all protocol mappers and role scope mappings that will be used when issuing an access token for this client. It will also optionally generate example access token in case that some user was selected
+
+evaluated-protocol-mappers=Effective Protocol Mappers
+evaluated-protocol-mappers.tooltip=Shows all effective protocol mappers that will be used when issuing token for this client. Also contains protocol mappers of selected optional client scopes. For each protocol mapper, you can see from which client scope it is inherited from
+evaluated-roles=Effective Role Scope Mappings
+evaluated-roles.tooltip=Shows all effective roles scope mappings that will be used when issuing token for this client. Also contains role scope mappings of selected optional client scopes
+parent-client-scope=Parent Client Scope
+client-scopes.evaluate.not-granted-roles=Not Granted Roles
+client-scopes.evaluate.not-granted-roles.tooltip=Client does not have scope mappings for these roles. Those roles will not be in the access token issued to this client even if the authenticated user is a member of them
+client-scopes.evaluate.granted-realm-effective-roles=Granted Effective Realm Roles
+client-scopes.evaluate.granted-realm-effective-roles.tooltip=Client has scope mappings for these roles. Those roles will be in the access token issued to this client if the authenticated user is a member of them
+client-scopes.evaluate.granted-client-effective-roles=Granted Effective Client Roles
+generated-access-token=Generated Access Token
+generated-access-token.tooltip=See the example token, which will be generated and sent to the client when selected user is authenticated. You can see claims and roles that the token will contain based on the effective protocol mappers and role scope mappings and also based on the claims/roles assigned to user himself
+
+manage=Manage
+authentication=Authentication
+user-federation=User Federation
+user-storage=User Storage
+events=Events
+realm-settings=Realm Settings
+configure=Configure
+select-realm=Select realm
+add=Add
+
+client-storage=Client Storage
+no-client-storage-providers-configured=No client storage providers configured
+client-stores.tooltip=Keycloak can retrieve clients and their details from external stores.
+
+client-scope.name.tooltip=Name of the client scope. Must be unique in the realm. Name should not contain space characters as it is used as value of scope parameter
+client-scope.description.tooltip=Description of the client scope
+client-scope.protocol.tooltip=Which SSO protocol configuration is being supplied by this client scope
+client-scope.display-on-consent-screen=Display On Consent Screen
+client-scope.display-on-consent-screen.tooltip=If on, and this client scope is added to some client with consent required, the text specified by 'Consent Screen Text' will be displayed on consent screen. If off, this client scope will not be displayed on the consent screen
+client-scope.consent-screen-text=Consent Screen Text
+client-scope.consent-screen-text.tooltip=Text that will be shown on the consent screen when this client scope is added to some client with consent required. Defaults to name of client scope if it is not filled
+client-scope.gui-order=GUI order
+client-scope.gui-order.tooltip=Specify order of the provider in GUI (such as in Consent page) as integer
+client-scope.include-in-token-scope=Include In Token Scope
+client-scope.include-in-token-scope.tooltip=If on, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. If off, this client scope will be omitted from the token and from the Token Introspection Endpoint response.
+
+add-user-federation-provider=Add user federation provider
+add-user-storage-provider=Add user storage provider
+required-settings=Required Settings
+provider-id=Provider ID
+console-display-name=Console Display Name
+console-display-name.tooltip=Display name of provider when linked in admin console.
+priority=Priority
+priority.tooltip=Priority of provider when doing a user lookup. Lowest first.
+user-storage.enabled.tooltip=If provider is disabled, it will not be considered for queries and imported users will be disabled and read-only until the provider is enabled again.
+sync-settings=Sync Settings
+periodic-full-sync=Periodic Full Sync
+periodic-full-sync.tooltip=Does periodic full synchronization of provider users to Keycloak should be enabled or not
+full-sync-period=Full Sync Period
+full-sync-period.tooltip=Period for full synchronization in seconds
+periodic-changed-users-sync=Periodic Changed Users Sync
+periodic-changed-users-sync.tooltip=Does periodic synchronization of changed or newly created provider users to Keycloak should be enabled or not
+changed-users-sync-period=Changed Users Sync Period
+changed-users-sync-period.tooltip=Period for synchronization of changed or newly created provider users in seconds
+synchronize-changed-users=Synchronize changed users
+synchronize-all-users=Synchronize all users
+remove-imported-users=Remove imported
+unlink-users=Unlink users
+kerberos-realm=Kerberos Realm
+kerberos-realm.tooltip=Name of kerberos realm. For example FOO.ORG
+server-principal=Server Principal
+server-principal.tooltip=Full name of server principal for HTTP service including server and domain name. For example HTTP/host.foo.org@FOO.ORG
+keytab=KeyTab
+keytab.tooltip=Location of Kerberos KeyTab file containing the credentials of server principal. For example /etc/krb5.keytab
+debug=Debug
+debug.tooltip=Enable/disable debug logging to standard output for Krb5LoginModule.
+allow-password-authentication=Allow Password Authentication
+allow-password-authentication.tooltip=Enable/disable possibility of username/password authentication against Kerberos database
+edit-mode=Edit Mode
+edit-mode.tooltip=READ_ONLY means that password updates are not allowed and user always authenticates with Kerberos password. UNSYNCED means that the user can change the password in the Keycloak database and this one will be used instead of the Kerberos password
+ldap.edit-mode.tooltip=READ_ONLY is a read-only LDAP store. WRITABLE means data will be synced back to LDAP on demand. UNSYNCED means user data will be imported, but not synced back to LDAP.
+update-profile-first-login=Update Profile First Login
+update-profile-first-login.tooltip=Update profile on first login
+sync-registrations=Sync Registrations
+ldap.sync-registrations.tooltip=Should newly created users be created within LDAP store? Priority effects which provider is chosen to sync the new user.
+import-enabled=Import Users
+ldap.import-enabled.tooltip=If true, LDAP users will be imported into Keycloak DB and synced by the configured sync policies.
+vendor=Vendor
+ldap.vendor.tooltip=LDAP vendor (provider)
+username-ldap-attribute=Username LDAP attribute
+ldap-attribute-name-for-username=LDAP attribute name for username
+username-ldap-attribute.tooltip=Name of LDAP attribute, which is mapped as Keycloak username. For many LDAP server vendors it can be 'uid'. For Active directory it can be 'sAMAccountName' or 'cn'. The attribute should be filled for all LDAP user records you want to import from LDAP to Keycloak.
+rdn-ldap-attribute=RDN LDAP attribute
+ldap-attribute-name-for-user-rdn=LDAP attribute name for user RDN
+rdn-ldap-attribute.tooltip=Name of LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as Username LDAP attribute, however it is not required. For example for Active directory, it is common to use 'cn' as RDN attribute when username attribute might be 'sAMAccountName'.
+uuid-ldap-attribute=UUID LDAP attribute
+ldap-attribute-name-for-uuid=LDAP attribute name for UUID
+uuid-ldap-attribute.tooltip=Name of LDAP attribute, which is used as unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors, it is 'entryUUID'; however some are different. For example for Active directory it should be 'objectGUID'. If your LDAP server does not support the notion of UUID, you can use any other attribute that is supposed to be unique among LDAP users in tree. For example 'uid' or 'entryDN'.
+user-object-classes=User Object Classes
+ldap-user-object-classes.placeholder=LDAP User Object Classes (div. by comma)
+ldap-connection-url=LDAP connection URL
+ldap-users-dn=LDAP Users DN
+ldap-bind-dn=LDAP Bind DN
+ldap-bind-credentials=LDAP Bind Credentials
+ldap-filter=LDAP Filter
+ldap.user-object-classes.tooltip=All values of LDAP objectClass attribute for users in LDAP divided by comma. For example: 'inetOrgPerson, organizationalPerson' . Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records are found just if they contain all those object classes.
+connection-url=Connection URL
+ldap.connection-url.tooltip=Connection URL to your LDAP server
+test-connection=Test connection
+users-dn=Users DN
+ldap.users-dn.tooltip=Full DN of LDAP tree where your users are. This DN is the parent of LDAP users. It could be for example 'ou=users,dc=example,dc=com' assuming that your typical user will have DN like 'uid=john,ou=users,dc=example,dc=com'
+authentication-type=Bind Type
+ldap.authentication-type.tooltip=Type of the Authentication method used during LDAP Bind operation. It is used in most of the requests sent to the LDAP server. Currently only 'none' (anonymous LDAP authentication) or 'simple' (Bind credential + Bind password authentication) mechanisms are available
+bind-dn=Bind DN
+ldap.bind-dn.tooltip=DN of LDAP admin, which will be used by Keycloak to access LDAP server
+bind-credential=Bind Credential
+ldap.bind-credential.tooltip=Password of LDAP admin. This field is able to obtain its value from vault, use ${vault.ID} format.
+test-authentication=Test authentication
+custom-user-ldap-filter=Custom User LDAP Filter
+ldap.custom-user-ldap-filter.tooltip=Additional LDAP Filter for filtering searched users. Leave this empty if you don't need additional filter. Make sure that it starts with '(' and ends with ')'
+search-scope=Search Scope
+ldap.search-scope.tooltip=For one level, the search applies only for users in the DNs specified by User DNs. For subtree, the search applies to the whole subtree. See LDAP documentation for more details
+use-truststore-spi=Use Truststore SPI
+ldap.use-truststore-spi.tooltip=Specifies whether LDAP connection will use the truststore SPI with the truststore configured in standalone.xml/domain.xml. 'Always' means that it will always use it. 'Never' means that it will not use it. 'Only for ldaps' means that it will use if your connection URL use ldaps. Note even if standalone.xml/domain.xml is not configured, the default Java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.
+validate-password-policy=Validate Password Policy
+connection-pooling=Connection Pooling
+connection-pooling-settings=Connection Pooling Settings
+connection-pooling-authentication=Connection Pooling Authentication
+connection-pooling-authentication-default=none simple
+connection-pooling-debug=Connection Pool Debug Level
+connection-pooling-debug-default=off
+connection-pooling-initsize=Connection Pool Initial Size
+connection-pooling-initsize-default=1
+connection-pooling-maxsize=Connection Pool Maximum Size
+connection-pooling-maxsize-default=1000
+connection-pooling-prefsize=Connection Pool Preferred Size
+connection-pooling-prefsize-default=5
+connection-pooling-protocol=Connection Pool Protocol
+connection-pooling-protocol-default=plain
+connection-pooling-timeout=Connection Pool Timeout
+connection-pooling-timeout-default=300000
+ldap-connection-timeout=Connection Timeout
+ldap.connection-timeout.tooltip=LDAP Connection Timeout in milliseconds
+ldap-read-timeout=Read Timeout
+ldap.read-timeout.tooltip=LDAP Read Timeout in milliseconds. This timeout applies for LDAP read operations
+ldap.validate-password-policy.tooltip=Determines if Keycloak should validate the password with the realm password policy before updating it
+ldap.connection-pooling.tooltip=Determines if Keycloak should use connection pooling for accessing LDAP server
+ldap.connection-pooling.authentication.tooltip=A list of space-separated authentication types of connections that may be pooled. Valid types are "none", "simple", and "DIGEST-MD5".
+ldap.connection-pooling.debug.tooltip=A string that indicates the level of debug output to produce. Valid values are "fine" (trace connection creation and removal) and "all" (all debugging information).
+ldap.connection-pooling.initsize.tooltip=The string representation of an integer that represents the number of connections per connection identity to create when initially creating a connection for the identity.
+ldap.connection-pooling.maxsize.tooltip=The string representation of an integer that represents the maximum number of connections per connection identity that can be maintained concurrently.
+ldap.connection-pooling.prefsize.tooltip=The string representation of an integer that represents the preferred number of connections per connection identity that should be maintained concurrently.
+ldap.connection-pooling.protocol.tooltip=A list of space-separated protocol types of connections that may be pooled. Valid types are "plain" and "ssl".
+ldap.connection-pooling.timeout.tooltip=The string representation of an integer that represents the number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool.
+ldap.pagination.tooltip=Does the LDAP server support pagination.
+ldap.startTls.tooltip=Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling.
+kerberos-integration=Kerberos Integration
+allow-kerberos-authentication=Allow Kerberos authentication
+ldap.allow-kerberos-authentication.tooltip=Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will be provisioned from this LDAP server
+use-kerberos-for-password-authentication=Use Kerberos For Password Authentication
+ldap.use-kerberos-for-password-authentication.tooltip=Use Kerberos login module for authenticate username/password against Kerberos server instead of authenticating against LDAP server with Directory Service API
+batch-size=Batch Size
+ldap.batch-size.tooltip=Count of LDAP users to be imported from LDAP to Keycloak within a single transaction.
+ldap.periodic-full-sync.tooltip=Does periodic full synchronization of LDAP users to Keycloak should be enabled or not
+ldap.periodic-changed-users-sync.tooltip=Does periodic synchronization of changed or newly created LDAP users to Keycloak should be enabled or not
+ldap.changed-users-sync-period.tooltip=Period for synchronization of changed or newly created LDAP users in seconds
+user-federation-mappers=User Federation Mappers
+create-user-federation-mapper=Create user federation mapper
+add-user-federation-mapper=Add user federation mapper
+provider-name=Provider Name
+no-user-federation-providers-configured=No user federation providers configured
+no-user-storage-providers-configured=No user storage providers configured
+add-identity-provider=Add identity provider
+add-identity-provider-link=Add identity provider link
+identity-provider=Identity Provider
+identity-provider-user-id=Identity Provider User ID
+identity-provider-user-id.tooltip=Unique ID of the user on the Identity Provider side
+identity-provider-username=Identity Provider Username
+identity-provider-username.tooltip=Username on the Identity Provider side
+pagination=Pagination
+browser-flow=Browser Flow
+browser-flow.tooltip=Select the flow you want to use for browser authentication.
+registration-flow=Registration Flow
+registration-flow.tooltip=Select the flow you want to use for registration.
+direct-grant-flow=Direct Grant Flow
+direct-grant-flow.tooltip=Select the flow you want to use for direct grant authentication.
+reset-credentials=Reset Credentials
+reset-credentials.tooltip=Select the flow you want to use when the user has forgotten their credentials.
+client-authentication=Client Authentication
+client-authentication.tooltip=Select the flow you want to use for authentication of clients.
+docker-auth=Docker Authentication
+docker-auth.tooltip=Select the flow you want to use for authentication against a docker client.
+new=New
+copy=Copy
+add-execution=Add execution
+add-flow=Add flow
+auth-type=Auth Type
+requirement=Requirement
+config=Config
+no-executions-available=No executions available
+authentication-flows=Authentication Flows
+create-authenticator-config=Create authenticator config
+authenticator.alias.tooltip=Name of the configuration
+otp-type=OTP Type
+time-based=Time Based
+counter-based=Counter Based
+otp-type.tooltip=totp is Time-Based One Time Password. 'hotp' is a counter base one time password in which the server keeps a counter to hash against.
+otp-hash-algorithm=OTP Hash Algorithm
+otp-hash-algorithm.tooltip=What hashing algorithm should be used to generate the OTP.
+number-of-digits=Number of Digits
+otp.number-of-digits.tooltip=How many digits should the OTP have?
+look-ahead-window=Look Ahead Window
+otp.look-ahead-window.tooltip=How far ahead should the server look just in case the token generator and server are out of time sync or counter sync?
+initial-counter=Initial Counter
+otp.initial-counter.tooltip=What should the initial counter value be?
+otp-token-period=OTP Token Period
+otp-token-period.tooltip=How many seconds should an OTP token be valid? Defaults to 30 seconds.
+otp-supported-applications=Supported Applications
+otp-supported-applications.tooltip=Applications that are known to work with the current OTP policy
+table-of-password-policies=Table of Password Policies
+add-policy.placeholder=Add policy...
+policy-type=Policy Type
+policy-value=Policy Value
+webauthn-policy=WebAuthn Policy
+webauthn-policy.tooltip=Policy for WebAuthn authentication. This one will be used by 'WebAuthn Register' required action and 'WebAuthn Authenticator' authenticator. Typical usage is, when WebAuthn will be used for the two-factor authentication.
+webauthn-policy-passwordless=WebAuthn Passwordless Policy
+webauthn-policy-passwordless.tooltip=Policy for passwordless WebAuthn authentication. This one will be used by 'Webauthn Register Passwordless' required action and 'WebAuthn Passwordless Authenticator' authenticator. Typical usage is, when WebAuthn will be used as first-factor authentication. Having both 'WebAuthn Policy' and 'WebAuthn Passwordless Policy' allows to use WebAuthn as both first factor and second factor authenticator in the same realm.
+webauthn-rp-entity-name=Relying Party Entity Name
+webauthn-rp-entity-name.tooltip=Human-readable server name as WebAuthn Relying Party
+webauthn-signature-algorithms=Signature Algorithms
+webauthn-signature-algorithms.tooltip=What signature algorithms should be used for Authentication Assertion.
+webauthn-rp-id=Relying Party ID
+webauthn-rp-id.tooltip=This is ID as WebAuthn Relying Party. It must be origin's effective domain.
+webauthn-attestation-conveyance-preference=Attestation Conveyance Preference
+webauthn-attestation-conveyance-preference.tooltip=Communicates to an authenticator the preference of how to generate an attestation statement.
+webauthn-authenticator-attachment=Authenticator Attachment
+webauthn-authenticator-attachment.tooltip=Communicates to an authenticator an acceptable attachment pattern.
+webauthn-require-resident-key=Require Resident Key
+webauthn-require-resident-key.tooltip=It tells an authenticator create a public key credential as Resident Key or not.
+webauthn-user-verification-requirement=User Verification Requirement
+webauthn-user-verification-requirement.tooltip=Communicates to an authenticator to confirm actually verifying a user.
+webauthn-create-timeout=Timeout
+webauthn-create-timeout.tooltip=Timeout value for creating user's public key credential in seconds. if set to 0, this timeout option is not adapted.
+webauthn-avoid-same-authenticator-register=Avoid Same Authenticator Registration
+webauthn-avoid-same-authenticator-register.tooltip=avoid registering the authenticator that has already been registered.
+webauthn-acceptable-aaguids=Acceptable AAGUIDs
+webauthn-acceptable-aaguids.tooltip=The list of AAGUID of which an authenticator can be registered.
+manage-webauthn-authenticator=Manage WebAuthn Authenticator
+public-key-credential-id=Public Key Credential ID
+public-key-credential-aaguid=Public Key Credential AAGUID
+public-key-credential-label=Public Key Credential Label
+admin-events=Admin Events
+admin-events.tooltip=Displays saved admin events for the realm. Events are related to admin account, for example a realm creation. To enable persisted events go to config.
+login-events=Login Events
+filter=Filter
+update=Update
+reset=Reset
+operation-types=Operation Types
+resource-types=Resource Types
+select-operations.placeholder=Select operations...
+select-resource-types.placeholder=Select resource types...
+resource-path=Resource Path
+resource-path.tooltip=Filter by resource path. Supports wildcard '*' (for example 'users/*').
+date-(from)=Date (From)
+date-(to)=Date (To)
+authentication-details=Authentication Details
+ip-address=IP Address
+time=Time
+operation-type=Operation Type
+resource-type=Resource Type
+auth=Auth
+representation=Representation
+register=Register
+required-action=Required Action
+default-action=Default Action
+auth.default-action.tooltip=If enabled, any new user will have this required action assigned to it.
+no-required-actions-configured=No required actions configured
+defaults-to-id=Defaults to id
+flows=Flows
+bindings=Bindings
+client-flow-bindings=Authentication Flow Overrides
+client-flow-bindings.tooltip=Override realm authentication flow bindings.
+required-actions=Required Actions
+password-policy=Password Policy
+otp-policy=OTP Policy
+user-groups=User Groups
+default-groups=Default Groups
+groups.default-groups.tooltip=Set of groups that new users will automatically join.
+cut=Cut
+paste=Paste
+create-group=Create group
+create-authenticator-execution=Create Authenticator Execution
+create-form-action-execution=Create Form Action Execution
+create-top-level-form=Create Top Level Form
+flow.alias.tooltip=Specifies display name for the flow.
+top-level-flow-type=Top Level Flow Type
+flow.generic=generic
+flow.client=client
+top-level-flow-type.tooltip=What kind of top level flow is it? Type 'client' is used for authentication of clients (applications) when generic is for users and everything else
+create-execution-flow=Create Execution Flow
+flow-type=Flow Type
+flow.form.type=form
+flow.generic.type=generic
+flow-type.tooltip=What kind of form is it
+form-provider=Form Provider
+default-groups.tooltip=Newly created or registered users will automatically be added to these groups
+select-a-type.placeholder=select a type
+available-groups=Available Groups
+available-groups.tooltip=Select a group you want to add as a default.
+value=Value
+table-of-group-members=Table of group members
+table-of-role-members=Table of role members
+last-name=Last Name
+first-name=First Name
+email=Email
+toggle-navigation=Toggle navigation
+manage-account=Manage account
+sign-out=Sign Out
+server-info=Server Info
+resource-not-found=Resource <strong>not found</strong>...
+resource-not-found.instruction=We could not find the resource you are looking for. Please make sure the URL you entered is correct.
+go-to-the-home-page=Go to the home page &raquo;
+page-not-found=Page <strong>not found</strong>...
+page-not-found.instruction=We could not find the page you are looking for. Please make sure the URL you entered is correct.
+events.tooltip=Displays saved events for the realm. Events are related to user accounts, for example a user login. To enable persisted events go to config.
+select-event-types.placeholder=Select event types...
+events-config.tooltip=Displays configuration options to enable persistence of user and admin events.
+select-an-action.placeholder=Select an action...
+event-listeners.tooltip=Configure what listeners receive events for the realm.
+login.save-events.tooltip=If enabled, login events are saved to the database, which makes events available to the admin and account management consoles.
+clear-events.tooltip=Deletes all events in the database.
+events.expiration.tooltip=Sets the expiration for events. Expired events are periodically deleted from the database.
+admin-events-settings=Admin Events Settings
+save-events=Save Events
+admin.save-events.tooltip=If enabled, admin events are saved to the database, which makes events available to the admin console.
+saved-types.tooltip=Configure what event types are saved.
+include-representation=Include Representation
+include-representation.tooltip=Include JSON representation for create and update requests.
+clear-admin-events.tooltip=Deletes all admin events in the database.
+server-version=Server Version
+server-profile=Server Profile
+server-disabled=Disabled Features
+server-disabled.tooltip=Features that are not currently enabled. Some features are not enabled by default. This applies to all preview and experimental features.
+server-preview=Preview Features
+server-preview.tooltip=Preview features are not supported in production use and may be significantly changed or removed in the future.
+server-experimental=Experimental Features
+server-experimental.tooltip=Experimental features, which may not be fully functional. Never use experimental features in production.
+info=Info
+providers=Providers
+server-time=Server Time
+server-uptime=Server Uptime
+profile=Profile
+memory=Memory
+total-memory=Total Memory
+free-memory=Free Memory
+used-memory=Used Memory
+system=System
+current-working-directory=Current Working Directory
+java-version=Java Version
+java-vendor=Java Vendor
+java-runtime=Java Runtime
+java-vm=Java VM
+java-vm-version=Java VM Version
+java-home=Java Home
+user-name=User Name
+user-timezone=User Timezone
+user-locale=User Locale
+system-encoding=System Encoding
+operating-system=Operating System
+os-architecture=OS Architecture
+spi=SPI
+granted-client-scopes=Granted Client Scopes
+additional-grants=Additional Grants
+consent-created-date=Created
+consent-last-updated-date=Last updated
+revoke=Revoke
+new-password=New Password
+password-confirmation=Password Confirmation
+reset-password=Reset Password
+set-password=Set Password
+credentials.temporary.tooltip=If enabled, the user must change the password on next login
+remove-totp=Remove OTP
+credentials.remove-totp.tooltip=Remove one time password generator for user.
+reset-actions=Reset Actions
+credentials.reset-actions.tooltip=Set of actions to execute when sending the user a Reset Actions Email. 'Verify email' sends an email to the user to verify their email address. 'Update profile' requires user to enter in new personal information. 'Update password' requires user to enter in a new password. 'Configure OTP' requires setup of a mobile password generator.
+reset-actions-email=Reset Actions Email
+send-email=Send email
+credentials.reset-actions-email.tooltip=Sends an email to user with an embedded link. Clicking the link enables the user to execute the reset actions without first logging in. For example, set the action to update password, click this button, and the user can change the password without logging in.
+add-user=Add user
+created-at=Created At
+user-enabled=User Enabled
+user-enabled.tooltip=A disabled user cannot login.
+user-temporarily-locked=User Temporarily Locked
+user-temporarily-locked.tooltip=The user may be locked due to multiple failed attempts to log in.
+unlock-user=Unlock user
+federation-link=Federation Link
+email-verified=Email Verified
+email-verified.tooltip=Has the user's email been verified?
+required-user-actions=Required User Actions
+required-user-actions.tooltip=Require an action when the user logs in. 'Verify email' sends an email to the user to verify their email address. 'Update profile' requires user to enter in new personal information. 'Update password' requires user to enter in a new password. 'Configure OTP' requires setup of a mobile password generator.
+locale=Locale
+select-one.placeholder=Select one...
+impersonate=Impersonate
+impersonate-user=Impersonate user
+impersonate-user.tooltip=Login as this user. If user is in same realm as you, your current login session will be logged out before you are logged in as this user.
+identity-provider-alias=Identity Provider Alias
+provider-user-id=Provider User ID
+provider-username=Provider Username
+no-identity-provider-links-available=No identity provider links available
+group-membership=Group Membership
+leave=Leave
+group-membership.tooltip=Groups where the user has membership. To leave a group, select it and click Leave.
+membership.available-groups.tooltip=Groups a user can join. Select a group and click Join.
+table-of-realm-users=Table of Realm Users
+view-all-users=View all users
+view-all-groups=View all groups
+view-all-roles=View all roles
+unlock-users=Unlock users
+no-users-available=No users available
+users.instruction=Please enter a search, or click on view all users
+clients.instruction=Please enter a search
+consents=Consents
+started=Started
+logout-all-sessions=Log out all sessions
+logout=Logout
+new-name=New Name
+ok=Ok
+attributes=Attributes
+role-mappings=Role Mappings
+members=Members
+details=Details
+identity-provider-links=Identity Provider Links
+register-required-action=Register required action
+gender=Gender
+address=Address
+phone=Phone
+profile-url=Profile URL
+picture-url=Picture URL
+website=Website
+import-keys-and-cert=Import keys and cert
+import-keys-and-cert.tooltip=Upload the client's key pair and cert.
+upload-keys=Upload Keys
+download-keys-and-cert=Download keys and cert
+no-value-assigned.placeholder=No value assigned
+remove=Remove
+no-group-members=No group members
+no-role-members=No role members
+temporary=Temporary
+join=Join
+event-type=Event Type
+events-config=Events Config
+event-listeners=Event Listeners
+login-events-settings=Login Events Settings
+clear-events=Clear events
+saved-types=Saved Types
+clear-admin-events=Clear admin events
+clear-changes=Clear changes
+error=Error
+# Authz
+# Authz Common
+authz-authorization=Authorization
+authz-owner=Owner
+authz-uri=URI
+authz-uris=URIS
+authz-scopes=Scopes
+authz-resource=Resource
+authz-resource-type=Resource Type
+authz-resources=Resources
+authz-scope=Scope
+authz-authz-scopes=Authorization Scopes
+authz-policies=Policies
+authz-policy=Policy
+authz-permissions=Permissions
+authz-users=Users in Role
+authz-evaluate=Evaluate
+authz-icon-uri=Icon URI
+authz-icon-uri.tooltip=An URI pointing to an icon.
+authz-select-scope=Select a scope
+authz-select-resource=Select a resource
+authz-associated-policies=Associated Policies
+authz-any-resource=Any resource
+authz-any-scope=Any scope
+authz-any-role=Any role
+authz-policy-evaluation=Policy Evaluation
+authz-select-user=Select a user
+authz-select-client=Select a client
+authz-entitlements=Entitlements
+authz-no-resources=No resources
+authz-result=Result
+authz-authorization-services-enabled=Authorization Enabled
+authz-authorization-services-enabled.tooltip=Enable/Disable fine-grained authorization support for a client
+authz-required=Required
+authz-show-details=Show Details
+authz-hide-details=Hide Details
+authz-associated-permissions=Associated Permissions
+authz-no-permission-associated=No permissions associated
+# Authz Settings
+authz-import-config.tooltip=Import a JSON file containing authorization settings for this resource server.
+authz-policy-enforcement-mode=Policy Enforcement Mode
+authz-policy-enforcement-mode.tooltip=The policy enforcement mode dictates how policies are enforced when evaluating authorization requests. 'Enforcing' means requests are denied by default even when there is no policy associated with a given resource. 'Permissive' means requests are allowed even when there is no policy associated with a given resource. 'Disabled' completely disables the evaluation of policies and allows access to any resource.
+authz-policy-enforcement-mode-enforcing=Enforcing
+authz-policy-enforcement-mode-permissive=Permissive
+authz-policy-enforcement-mode-disabled=Disabled
+authz-remote-resource-management=Remote Resource Management
+authz-remote-resource-management.tooltip=Should resources be managed remotely by the resource server? If false, resources can be managed only from this admin console.
+authz-export-settings=Export Settings
+authz-export-settings.tooltip=Export and download all authorization settings for this resource server.
+authz-server-decision-strategy.tooltip=The decision strategy dictates how permissions are evaluated and how a final decision is obtained. 'Affirmative' means that at least one permission must evaluate to a positive decision in order to grant access to a resource and its scopes. 'Unanimous' means that all permissions must evaluate to a positive decision in order for the final decision to be also positive.
+# Authz Resource List
+authz-no-resources-available=No resources available.
+authz-no-scopes-assigned=No scopes assigned.
+authz-no-type-defined=No type defined.
+authz-no-uri-defined=No URI defined.
+authz-no-permission-assigned=No permission assigned.
+authz-no-policy-assigned=No policy assigned.
+authz-create-permission=Create Permission
+# Authz Resource Detail
+authz-add-resource=Add Resource
+authz-resource-name.tooltip=A unique name for this resource. The name can be used to uniquely identify a resource, useful when querying for a specific resource.
+authz-resource-owner.tooltip=The owner of this resource.
+authz-resource-type.tooltip=The type of this resource. It can be used to group different resource instances with the same type.
+authz-resource-uri.tooltip=Set of URIs which are protected by resource.
+authz-resource-scopes.tooltip=The scopes associated with this resource.
+authz-resource-attributes=Resource Attributes
+authz-resource-attributes.tooltip=The attributes associated wth the resource.
+authz-resource-user-managed-access-enabled=User-Managed Access Enabled
+authz-resource-user-managed-access-enabled.tooltip=If enabled, the access to this resource can be managed by the resource owner.
+
+# Authz Scope List
+authz-add-scope=Add Scope
+authz-no-scopes-available=No scopes available.
+# Authz Scope Detail
+authz-scope-name.tooltip=A unique name for this scope. The name can be used to uniquely identify a scope, useful when querying for a specific scope.
+# Authz Policy List
+authz-all-types=All types
+authz-create-policy=Create Policy
+authz-no-policies-available=No policies available.
+# Authz Policy Detail
+authz-policy-name.tooltip=The name of this policy.
+authz-policy-description.tooltip=A description for this policy.
+authz-policy-logic=Logic
+authz-policy-logic-positive=Positive
+authz-policy-logic-negative=Negative
+authz-policy-logic.tooltip=The logic dictates how the policy decision should be made. If 'Positive', the resulting effect (permit or deny) obtained during the evaluation of this policy will be used to perform a decision. If 'Negative', the resulting effect will be negated, in other words, a permit becomes a deny and vice-versa.
+authz-policy-apply-policy=Apply Policy
+authz-policy-apply-policy.tooltip=Specifies all the policies that must be applied to the scopes defined by this policy or permission.
+authz-policy-decision-strategy=Decision Strategy
+authz-policy-decision-strategy.tooltip=The decision strategy dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. 'Affirmative' means that at least one policy must evaluate to a positive decision in order for the final decision to be also positive. 'Unanimous' means that all policies must evaluate to a positive decision in order for the final decision to be also positive. 'Consensus' means that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, the final decision will be negative.
+authz-policy-decision-strategy-affirmative=Affirmative
+authz-policy-decision-strategy-unanimous=Unanimous
+authz-policy-decision-strategy-consensus=Consensus
+authz-select-a-policy=Select existing policy
+authz-no-policies-assigned=No policies assigned.
+# Authz Role Policy Detail
+authz-add-role-policy=Add Role Policy
+authz-no-roles-assigned=No roles assigned.
+authz-policy-role-realm-roles.tooltip=Specifies the *realm* roles allowed by this policy.
+authz-policy-role-clients.tooltip=Selects a client in order to filter the client roles that can be applied to this policy.
+authz-policy-role-client-roles.tooltip=Specifies the client roles allowed by this policy.
+# Authz User Policy Detail
+authz-add-user-policy=Add User Policy
+authz-no-users-assigned=No users assigned.
+authz-policy-user-users.tooltip=Specifies which user(s) are allowed by this policy.
+# Authz Client Policy Detail
+authz-add-client-policy=Add Client Policy
+authz-no-clients-assigned=No clients assigned.
+authz-policy-client-clients.tooltip=Specifies which client(s) are allowed by this policy.
+# Authz Time Policy Detail
+authz-add-time-policy=Add Time Policy
+authz-policy-time-not-before.tooltip=Defines the time before which the policy MUST NOT be granted. Only granted if current date/time is after or equal to this value.
+authz-policy-time-not-on-after=Not On or After
+authz-policy-time-not-on-after.tooltip=Defines the time after which the policy MUST NOT be granted. Only granted if current date/time is before or equal to this value.
+authz-policy-time-day-month=Day of Month
+authz-policy-time-day-month.tooltip=Defines the day of month when the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current day of month is between or equal to the two values you provided.
+authz-policy-time-month=Month
+authz-policy-time-month.tooltip=Defines the month which the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current month is between or equal to the two values you provided.
+authz-policy-time-year=Year
+authz-policy-time-year.tooltip=Defines the year when the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current year is between or equal to the two values you provided.
+authz-policy-time-hour=Hour
+authz-policy-time-hour.tooltip=Defines the hour when the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current hour is between or equal to the two values you provided.
+authz-policy-time-minute=Minute
+authz-policy-time-minute.tooltip=Defines the minute when the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current minute is between or equal to the two values you provided.
+# Authz JS Policy Detail
+authz-add-js-policy=Add JavaScript Policy
+authz-policy-js-code=Code
+authz-policy-js-code.tooltip=The JavaScript code providing the conditions for this policy.
+# Authz Aggregated Policy Detail
+authz-aggregated=Aggregated
+authz-add-aggregated-policy=Add Aggregated Policy
+# Authz Group Policy Detail
+authz-add-group-policy=Add Group Policy
+authz-no-groups-assigned=No groups assigned.
+authz-policy-group-claim=Groups Claim
+authz-policy-group-claim.tooltip=If defined, the policy will fetch user's groups from the given claim within an access token or ID token representing the identity asking permissions. If not defined, user's groups are obtained from your realm configuration.
+authz-policy-group-groups.tooltip=Specifies the groups allowed by this policy.
+
+# Authz Permission List
+authz-no-permissions-available=No permissions available.
+
+# Authz Permission Detail
+authz-permission-name.tooltip=The name of this permission.
+authz-permission-description.tooltip=A description for this permission.
+
+# Authz Resource Permission Detail
+authz-add-resource-permission=Add Resource Permission
+authz-permission-resource-apply-to-resource-type=Apply to Resource Type
+authz-permission-resource-apply-to-resource-type.tooltip=Specifies if this permission should be applied to all resources with a given type. In this case, this permission will be evaluated for all instances of a given resource type.
+authz-permission-resource-resource.tooltip=Specifies that this permission must be applied to a specific resource instance.
+authz-permission-resource-type.tooltip=Specifies that this permission must be applied to all resources instances of a given type.
+
+# Authz Scope Permission Detail
+authz-add-scope-permission=Add Scope Permission
+authz-permission-scope-resource.tooltip=Restrict the scopes to those associated with the selected resource. If not selected all scopes would be available.
+authz-permission-scope-scope.tooltip=Specifies that this permission must be applied to one or more scopes.
+
+# Authz Evaluation
+authz-evaluation-identity-information=Identity Information
+authz-evaluation-identity-information.tooltip=The available options to configure the identity information that will be used when evaluating policies.
+authz-evaluation-client.tooltip=Select the client making this authorization request. If not provided, authorization requests would be done based on the client you are in.
+authz-evaluation-user.tooltip=Select a user whose identity is going to be used to query permissions from the server.
+authz-evaluation-role.tooltip=Select the roles you want to associate with the selected user.
+authz-evaluation-new=New Evaluation
+authz-evaluation-re-evaluate=Re-Evaluate
+authz-evaluation-previous=Previous Evaluation
+authz-evaluation-contextual-info=Contextual Information
+authz-evaluation-contextual-info.tooltip=The available options to configure any contextual information that will be used when evaluating policies.
+authz-evaluation-contextual-attributes=Contextual Attributes
+authz-evaluation-contextual-attributes.tooltip=Any attribute provided by a running environment or execution context.
+authz-evaluation-permissions.tooltip=The available options to configure the permissions to which policies will be applied.
+authz-evaluation-evaluate=Evaluate
+authz-evaluation-any-resource-with-scopes=Any resource with scope(s)
+authz-evaluation-no-result=Could not obtain any result for the given authorization request. Check if the provided resource(s) or scope(s) are associated with any policy.
+authz-evaluation-no-policies-resource=No policies were found for this resource.
+authz-evaluation-result.tooltip=The overall result for this permission request.
+authz-evaluation-scopes.tooltip=The list of allowed scopes.
+authz-evaluation-policies.tooltip=Details about which policies were evaluated and their decisions.
+authz-evaluation-authorization-data=Response
+authz-evaluation-authorization-data.tooltip=Represents a token carrying authorization data as a result of the processing of an authorization request. This representation is basically what Keycloak issues to clients asking for permissions. Check the 'authorization' claim for the permissions that were granted based on the current authorization request.
+authz-show-authorization-data=Show Authorization Data
+
+keys=Keys
+status=Status
+keystore=Keystore
+keystores=Keystores
+add-keystore=Add Keystore
+add-keystore.placeholder=Add keystore...
+view=View
+active=Active
+passive=Passive
+disabled=Disabled
+algorithm=Algorithm
+providerHelpText=Provider description
+
+Sunday=Sunday
+Monday=Monday
+Tuesday=Tuesday
+Wednesday=Wednesday
+Thursday=Thursday
+Friday=Friday
+Saturday=Saturday
+
+user-storage-cache-policy=Cache Settings
+userStorage.cachePolicy=Cache Policy
+userStorage.cachePolicy.option.DEFAULT=DEFAULT
+userStorage.cachePolicy.option.EVICT_WEEKLY=EVICT_WEEKLY
+userStorage.cachePolicy.option.EVICT_DAILY=EVICT_DAILY
+userStorage.cachePolicy.option.MAX_LIFESPAN=MAX_LIFESPAN
+userStorage.cachePolicy.option.NO_CACHE=NO_CACHE
+userStorage.cachePolicy.tooltip=Cache Policy for this storage provider. 'DEFAULT' is whatever the default settings are for the global cache. 'EVICT_DAILY' is a time of day every day that the cache will be invalidated. 'EVICT_WEEKLY' is a day of the week and time the cache will be invalidated. 'MAX-LIFESPAN' is the time in milliseconds that will be the lifespan of a cache entry.
+userStorage.cachePolicy.evictionDay=Eviction Day
+userStorage.cachePolicy.evictionDay.tooltip=Day of the week the entry will become invalid on
+userStorage.cachePolicy.evictionHour=Eviction Hour
+userStorage.cachePolicy.evictionHour.tooltip=Hour of day the entry will become invalid on.
+userStorage.cachePolicy.evictionMinute=Eviction Minute
+userStorage.cachePolicy.evictionMinute.tooltip=Minute of day the entry will become invalid on.
+userStorage.cachePolicy.maxLifespan=Max Lifespan
+userStorage.cachePolicy.maxLifespan.tooltip=Max lifespan of cache entry in milliseconds.
+user-origin-link=Storage Origin
+user-origin.tooltip=UserStorageProvider the user was loaded from
+user-link.tooltip=UserStorageProvider this locally stored user was imported from.
+client-origin-link=Storage Origin
+client-origin.tooltip=Provider the client was loaded from
+
+client-storage-cache-policy=Cache Settings
+clientStorage.cachePolicy=Cache Policy
+clientStorage.cachePolicy.option.DEFAULT=DEFAULT
+clientStorage.cachePolicy.option.EVICT_WEEKLY=EVICT_WEEKLY
+clientStorage.cachePolicy.option.EVICT_DAILY=EVICT_DAILY
+clientStorage.cachePolicy.option.MAX_LIFESPAN=MAX_LIFESPAN
+clientStorage.cachePolicy.option.NO_CACHE=NO_CACHE
+clientStorage.cachePolicy.tooltip=Cache Policy for this storage provider. 'DEFAULT' is whatever the default settings are for the global cache. 'EVICT_DAILY' is a time of day every day that the cache will be invalidated. 'EVICT_WEEKLY' is a day of the week and time the cache will be invalidated. 'MAX-LIFESPAN' is the time in milliseconds that will be the lifespan of a cache entry.
+clientStorage.cachePolicy.evictionDay=Eviction Day
+clientStorage.cachePolicy.evictionDay.tooltip=Day of the week the entry will become invalid on
+clientStorage.cachePolicy.evictionHour=Eviction Hour
+clientStorage.cachePolicy.evictionHour.tooltip=Hour of day the entry will become invalid on.
+clientStorage.cachePolicy.evictionMinute=Eviction Minute
+clientStorage.cachePolicy.evictionMinute.tooltip=Minute of day the entry will become invalid on.
+clientStorage.cachePolicy.maxLifespan=Max Lifespan
+clientStorage.cachePolicy.maxLifespan.tooltip=Max lifespan of cache entry in milliseconds.
+
+client-storage-list-no-entries=Keycloak can federate external client databases. By default, we support Openshift OAuth clients and service accounts. To get started, select a provider from the dropdown below:
+
+
+disable=Disable
+disableable-credential-types=Disableable Types
+credentials.disableable.tooltip=List of credential types that you can disable
+disable-credential-types=Disable Credential Types
+credentials.disable.tooltip=Click button to disable selected credential types
+credential-types=Credential Types
+manage-user-password=Manage Password
+supported-user-storage-credential-types=Supported User Storage Credential Types
+supported-user-storage-credential-types.tooltip=Credential types, which are provided by User Storage Provider and which are configured for this user. Validation and eventually update of the credentials of those types can be delegated to the User Storage Provider based on the configuration and implementation of the particular provider.
+provided-by=Provided By
+manage-credentials=Manage Credentials
+manage-credentials.tooltip=Credentials, which are not provided by the user storage. They are saved in the local database.
+disable-credentials=Disable Credentials
+credential-reset-actions=Credential Reset
+credential-reset-actions-timeout=Expires In
+credential-reset-actions-timeout.tooltip=Maximum time before the action permit expires.
+ldap-mappers=LDAP Mappers
+create-ldap-mapper=Create LDAP mapper
+map-role-mgmt-scope-description=Policies that decide if an administrator can map this role to a user or group
+manage-authz-users-scope-description=Policies that decide if an administrator can manage all users in the realm
+view-authz-users-scope-description=Policies that decide if an administrator can view all users in realm
+permissions-enabled-role=Permissions Enabled
+permissions-enabled-role.tooltip=Determines if fine grained permissions are enabled for managing this role. Disabling will delete all current permissions that have been set up.
+manage-permissions-role.tooltip=Fine grained permissions for managing roles. For example, you can define different policies for who is allowed to map a role.
+lookup=Lookup
+manage-permissions-users.tooltip=Fine grained permissions for managing all users in realm. You can define different policies for who is allowed to manage users in the realm.
+permissions-enabled-users=Permissions Enabled
+permissions-enabled-users.tooltip=Determines if fined grain permissions are enabled for managing users. Disabling will delete all current permissions that have been set up.
+manage-permissions-client.tooltip=Fine grained permissions for administrators that want to manage this client or apply roles defined by this client.
+manage-permissions-group.tooltip=Fine grained permissions for administrators that want to manage this group or the members of this group.
+manage-authz-group-scope-description=Policies that decide if an administrator can manage this group
+view-authz-group-scope-description=Policies that decide if an administrator can view this group
+view-members-authz-group-scope-description=Policies that decide if an administrator can manage the members of this group
+token-exchange-authz-client-scope-description=Policies that decide which clients are allowed exchange tokens for a token that is targeted to this client.
+token-exchange-authz-idp-scope-description=Policies that decide which clients are allowed exchange tokens for an external token minted by this identity provider.
+manage-authz-client-scope-description=Policies that decide if an administrator can manage this client
+configure-authz-client-scope-description=Reduced management permissions for administrator. Cannot set scope, template, or protocol mappers.
+view-authz-client-scope-description=Policies that decide if an administrator can view this client
+map-roles-authz-client-scope-description=Policies that decide if an administrator can map roles defined by this client
+map-roles-client-scope-authz-client-scope-description=Policies that decide if an administrator can apply roles defined by this client to the client scope of another client
+map-roles-composite-authz-client-scope-description=Policies that decide if an administrator can apply roles defined by this client as a composite to another role
+map-role-authz-role-scope-description=Policies that decide if an administrator can map this role to a user or group
+map-role-client-scope-authz-role-scope-description=Policies that decide if an administrator can apply this role to the client scope of a client
+map-role-composite-authz-role-scope-description=Policies that decide if an administrator can apply this role as a composite to another role
+manage-group-membership-authz-users-scope-description=Policies that decide if an administrator can manage group membership for all users in the realm. This is used in conjunction with specific group policy
+impersonate-authz-users-scope-description=Policies that decide if administrator can impersonate other users
+map-roles-authz-users-scope-description=Policies that decide if administrator can map roles for all users
+user-impersonated-authz-users-scope-description=Policies that decide which users can be impersonated. These policies are applied to the user being impersonated.
+manage-membership-authz-group-scope-description=Policies that decide if administrator can add or remove users from this group
+manage-members-authz-group-scope-description=Policies that decide if an administrator can manage the members of this group
+
+# KEYCLOAK-6771 Certificate Bound Token
+# https://tools.ietf.org/html/draft-ietf-oauth-mtls-08#section-3
+advanced-client-settings=Advanced Settings
+advanced-client-settings.tooltip=Expand this section to configure advanced settings of this client
+tls-client-certificate-bound-access-tokens=OAuth 2.0 Mutual TLS Certificate Bound Access Tokens Enabled
+tls-client-certificate-bound-access-tokens.tooltip=This enables support for OAuth 2.0 Mutual TLS Certificate Bound Access Tokens, which means that keycloak bind an access token and a refresh token with a X.509 certificate of a token requesting client exchanged in mutual TLS between keycloak's Token Endpoint and this client. These tokens can be treated as Holder-of-Key tokens instead of bearer tokens.
+subjectdn=Subject DN
+subjectdn-tooltip=A regular expression for validating Subject DN in the Client Certificate. Use "(.*?)(?:$)" to match all kind of expressions.
+
+pkce-code-challenge-method=Proof Key for Code Exchange Code Challenge Method
+pkce-code-challenge-method.tooltip=Choose which code challenge method for PKCE is used. If not specified, keycloak does not applies PKCE to a client unless the client sends an authorization request with appropriate code challenge and code exchange method.
+
+key-not-allowed-here=Key '{{character}}' is not allowed here.
diff --git a/admin/messages/admin-messages_es.properties b/admin/messages/admin-messages_es.properties
new file mode 100644
index 0000000..3a9245f
--- /dev/null
+++ b/admin/messages/admin-messages_es.properties
@@ -0,0 +1,467 @@
+# Common messages
+enabled=Habilitado
+name=Nombre
+save=Guardar
+cancel=Cancelar
+onText=SI
+offText=NO
+client=Cliente
+clients=Clientes
+clear=Limpiar
+selectOne=Selecciona uno...
+
+true=S\u00ED
+false=No
+
+
+# Realm settings
+realm-detail.enabled.tooltip=Los usuarios y clientes solo pueden acceder a un dominio si est\u00E1 habilitado
+registrationAllowed=Registro de usuario
+registrationAllowed.tooltip=Habilitar/deshabilitar la p\u00E1gina de registro. Un enlace para el registro se mostrar\u00E1 tambi\u00E9n en la p\u00E1gina de inicio de sesi\u00F3n.
+registrationEmailAsUsername=Email como nombre de usuario
+registrationEmailAsUsername.tooltip=Si est\u00E1 habilitado el nombre de usuario queda oculto del formulario de registro y el email se usa como nombre de usuario para los nuevos usuarios.
+editUsernameAllowed=Editar nombre de usuario
+editUsernameAllowed.tooltip=Si est\u00E1 habilitado, el nombre de usuario es editable, en otro caso es de solo lectura.
+resetPasswordAllowed=Olvido contrase\u00F1a
+resetPasswordAllowed.tooltip=Muestra un enlace en la p\u00E1gina de inicio de sesi\u00F3n para que el usuario haga clic cuando ha olvidado sus credenciales.
+rememberMe=Seguir conectado
+rememberMe.tooltip=Muestra la casilla de selecci\u00F3n en la p\u00E1gina de inicio de sesi\u00F3n para permitir al usuario permanecer conectado entre reinicios del navegador hasta que la sesi\u00F3n expire.
+verifyEmail=Verificar email
+verifyEmail.tooltip=Forzar al usuario a verificar su direcci\u00F3n de email la primera vez que inicie sesi\u00F3n.
+sslRequired=Solicitar SSL
+sslRequired.option.all=todas las peticiones
+sslRequired.option.external=peticiones externas
+sslRequired.option.none=ninguna
+sslRequired.tooltip=\u00BFEs HTTP obligatorio? ''ninguna'' significa que HTTPS no es obligatorio para ninguna direcic\u00F3n IP de cliente, ''peticiones externas'' indica que localhost y las direcciones IP privadas pueden acceder sin HTTPS, ''todas las peticiones'' significa que HTTPS es obligatorio para todas las direcciones IP.
+publicKey=Clave p\u00FAblica
+gen-new-keys=Generar nuevas claves
+certificate=Certificado
+host=Host
+smtp-host=Host SMTP
+port=Puerto
+smtp-port=Puerto SMTP (por defecto 25)
+from=De
+sender-email-addr=Email del emisor
+enable-ssl=Habilitar SSL
+enable-start-tls=Habilitar StartTLS
+enable-auth=Habilitar autenticaci\u00F3n
+username=Usuario
+login-username=Usuario
+password=Contrase\u00F1a
+login-password=Contrase\u00F1a
+login-theme=Tema de inicio de sesi\u00F3n
+select-one=Selecciona uno...
+login-theme.tooltip=Selecciona el tema para las p\u00E1ginas de inicio de sesi\u00F3n, OTP, permisos, registro y recordatorio de contrase\u00F1a.
+account-theme=Tema de cuenta
+account-theme.tooltip=Selecciona el tema para las p\u00E1ginas de gesti\u00F3n de la cuenta de usuario.
+admin-console-theme=Tema de consola de administraci\u00F3n
+select-theme-admin-console=Selecciona el tema para la consola de administraci\u00F3n.
+email-theme=Tema de email
+select-theme-email=Selecciona el tema para los emails que son enviados por el servidor.
+i18n-enabled=Internacionalizaci\u00F3n activa
+supported-locales=Idiomas soportados
+supported-locales.placeholder=Indica el idioma y pulsa Intro
+default-locale=Idioma por defecto
+realm-cache-enabled=Cach\u00E9 de dominio habilitada
+realm-cache-enabled.tooltip=Activar/desactivar la cach\u00E9 para el dominio, cliente y datos de roles.
+user-cache-enabled=Cach\u00E9 de usuario habilitada
+user-cache-enabled.tooltip=Habilitar/deshabilitar la cach\u00E9 de usuarios y de asignaciones de usuarios a roles.
+revoke-refresh-token=Revocar el token de actualizaci\u00F3n
+revoke-refresh-token.tooltip=Si est\u00E1 activado los tokens de actualizaci\u00F3n solo pueden usarse una vez. En otro caso los tokens de actualizaci\u00F3n no se revocan cuando se utilizan y pueden ser usado m\u00FAltiples veces.
+sso-session-idle=Sesiones SSO inactivas
+seconds=Segundos
+minutes=Minutos
+hours=Horas
+days=D\u00EDas
+sso-session-max=Tiempo m\u00E1ximo sesi\u00F3n SSO
+sso-session-idle.tooltip=Tiempo m\u00E1ximo que una sesi\u00F3n puede estar inactiva antes de que expire. Los tokens y sesiones de navegador son invalidadas cuando la sesi\u00F3n expira.
+sso-session-max.tooltip=Tiempo m\u00E1ximo antes de que una sesi\u00F3n expire. Los tokens y sesiones de navegador son invalidados cuando una sesi\u00F3n expira.
+offline-session-idle=Inactividad de sesi\u00F3n sin conexi\u00F3n
+offline-session-idle.tooltip=Tiempo m\u00E1ximo inactivo de una sesi\u00F3n sin conexi\u00F3n antes de que expire. Necesitas usar un token sin conexi\u00F3n para refrescar al menos una vez dentro de este periodo, en otro caso la sesi\u00F3n sin conexi\u00F3n expirar\u00E1.
+access-token-lifespan=Duraci\u00F3n del token de acceso
+access-token-lifespan.tooltip=Tiempo m\u00E1ximo antes de que un token de acceso expire. Se recomienda que este valor sea corto en relaci\u00F3n al tiempo m\u00E1ximo de SSO
+client-login-timeout=Tiempo m\u00E1ximo de autenticaci\u00F3n
+client-login-timeout.tooltip=Tiempo m\u00E1ximo que un cliente tiene para finalizar el protocolo de obtenci\u00F3n del token de acceso. Deber\u00EDa ser normalmente del orden de 1 minuto.
+login-timeout=Tiempo m\u00E1ximo de desconexi\u00F3n
+login-timeout.tooltip=Tiempo m\u00E1ximo que un usuario tiene para completar el inicio de sesi\u00F3n. Se recomienda que sea relativamente alto. 30 minutos o m\u00E1s.
+login-action-timeout=Tiempo m\u00E1ximo de acci\u00F3n en el inicio de sesi\u00F3n
+login-action-timeout.tooltip=Tiempo m\u00E1ximo que un usuario tiene para completar acciones relacionadas con el inicio de sesi\u00F3n, como la actualizaci\u00F3n de contrase\u00F1a o configuraci\u00F3n de OTP. Es recomendado que sea relativamente alto. 5 minutos o m\u00E1s.
+headers=Cabeceras
+brute-force-detection=Detecci\u00F3n de ataques por fuerza bruta
+x-frame-options=X-Frame-Options
+click-label-for-info=Haz clic en el enlace de la etiqueta para obtener m\u00E1s informaci\u00F3n. El valor por defecto evita que las p\u00E1ginas sean incluidas desde iframes externos.
+content-sec-policy=Content-Security-Policy
+max-login-failures=N\u00FAmero m\u00E1ximo de fallos de inicio de sesi\u00F3n
+max-login-failures.tooltip=Indica cuantos fallos se permiten antes de que se dispare una espera.
+wait-increment=Incremento de espera
+wait-increment.tooltip=Cuando se ha alcanzado el umbral de fallo, \u00BFcuanto tiempo debe estar un usuario bloqueado?
+quick-login-check-millis=Tiempo en milisegundos entre inicios de sesi\u00F3n r\u00E1pidos
+quick-login-check-millis.tooltip=Si ocurren errores de forma concurrente y muy r\u00E1pida, bloquear al usuario.
+min-quick-login-wait=Tiempo m\u00EDnimo entre fallos de conexi\u00F3n r\u00E1pidos
+min-quick-login-wait.tooltip=Cuanto tiempo se debe esperar tras un fallo en un intento r\u00E1pido de identificaci\u00F3n
+max-wait=Espera m\u00E1xima
+max-wait.tooltip=Tiempo m\u00E1ximo que un usuario quedar\u00E1 bloqueado.
+failure-reset-time=Reinicio del contador de errores
+failure-reset-time.tooltip=\u00BFCuando se debe reiniciar el contador de errores?
+realm-tab-login=Inicio de sesi\u00F3n
+realm-tab-keys=Claves
+realm-tab-email=Email
+realm-tab-themes=Temas
+realm-tab-cache=Cach\u00E9
+realm-tab-tokens=Tokens
+realm-tab-security-defenses=Defensas de seguridad
+realm-tab-general=General
+add-realm=A\u00F1adir dominio
+
+#Session settings
+realm-sessions=Sesiones de dominio
+revocation=Revocaci\u00F3n
+logout-all=Desconectar todo
+active-sessions=Sesiones activas
+sessions=Sesiones
+not-before=No antes de
+not-before.tooltip=Revocar cualquier token emitido antes de esta fecha.
+set-to-now=Fijar a ahora
+push=Push
+push.tooltip=Para cada cliente que tiene una URL de administraci\u00F3n, notificarlos las nuevas pol\u00EDticas de revocaci\u00F3n.
+
+#Protocol Mapper
+usermodel.prop.label=Propiedad
+usermodel.prop.tooltip=Nombre del m\u00E9todo de propiedad en la interfaz UserModel. Por ejemplo, un valor de ''email'' referenciar\u00EDa al m\u00E9todo UserModel.getEmail().
+usermodel.attr.label=Atributo de usuario
+usermodel.attr.tooltip=Nombre del atributo de usuario almacenado que es el nombre del atributo dentro del map UserModel.attribute.
+userSession.modelNote.label=Nota sesi\u00F3n usuario
+userSession.modelNote.tooltip=Nombre de la nota almacenada en la sesi\u00F3n de usuario dentro del mapa UserSessionModel.note
+multivalued.label=Valores m\u00FAltiples
+multivalued.tooltip=Indica si el atributo soporta m\u00FAltiples valores. Si est\u00E1 habilitado, la lista de todos los valores de este atributo se fijar\u00E1 como reclamaci\u00F3n. Si est\u00E1 deshabilitado, solo el primer valor ser\u00E1 fijado como reclamaci\u00F3n.
+selectRole.label=Selecciona rol
+selectRole.tooltip=Introduce el rol en la caja de texto de la izquierda, o haz clic en este bot\u00F3n para navegar y buscar el rol que quieres.
+tokenClaimName.label=Nombre de reclamo del token
+tokenClaimName.tooltip=Nombre del reclamo a insertar en el token. Puede ser un nombre completo como ''address.street''. En este caso, se crear\u00E1 un objeto JSON anidado.
+jsonType.label=Tipo JSON de reclamaci\u00F3n
+jsonType.tooltip=El tipo de JSON que deber\u00EDa ser usado para rellenar la petici\u00F3n de JSON en el token. long, int, boolean y String son valores v\u00E1lidos
+includeInIdToken.label=A\u00F1adir al token de ID
+includeInAccessToken.label=A\u00F1adir al token de acceso
+includeInAccessToken.tooltip=\u00BFDeber\u00EDa a\u00F1adirse la identidad reclamada al token de acceso?
+
+
+# client details
+clients.tooltip=Los clientes son aplicaciones de navegador de confianza y servicios web de un dominio. Estos clientes pueden solicitar un inicio de sesi\u00F3n. Tambi\u00E9n puedes definir roles espec\u00EDficos de cliente.
+search.placeholder=Buscar...
+create=Crear
+import=Importar
+client-id=ID Cliente
+base-url=URL Base
+actions=Acciones
+not-defined=No definido
+edit=Editar
+delete=Borrar
+no-results=Sin resultados
+no-clients-available=No hay clientes disponibles
+add-client=A\u00F1adir Cliente
+select-file=Selecciona archivo
+view-details=Ver detalles
+clear-import=Limpiar importaci\u00F3n
+client-id.tooltip=Indica el identificador (ID) referenciado en URIs y tokens. Por ejemplo ''my-client''
+client.name.tooltip=Indica el nombre visible del cliente. Por ejemplo ''My Client''. Tambi\u00E9n soporta claves para valores localizados. Por ejemplo: ${my_client}
+client.enabled.tooltip=Los clientes deshabilitados no pueden iniciar una identificaci\u00F3n u obtener c\u00F3digos de acceso.
+consent-required=Consentimiento necesario
+consent-required.tooltip=Si est\u00E1 habilitado, los usuarios tienen que consentir el acceso del cliente.
+direct-grants-only=Solo permisos directos
+direct-grants-only.tooltip=Cuando est\u00E1 habilitado, el cliente solo puede obtener permisos de la API REST.
+client-protocol=Protocolo del Cliente
+client-protocol.tooltip=''OpenID connect'' permite a los clientes verificar la identidad del usuario final basado en la autenticaci\u00F3n realizada por un servidor de autorizaci\u00F3n. ''SAML'' habilita la autenticaci\u00F3n y autorizaci\u00F3n de escenarios basados en web incluyendo cross-domain y single sign-on (SSO) y utiliza tokens de seguridad que contienen afirmaciones para pasar informaci\u00F3n.
+access-type=Tipo de acceso
+access-type.tooltip=Los clientes ''Confidential'' necesitan un secreto para iniciar el protocolo de identificaci\u00F3n. Los clientes ''Public'' no requieren un secreto. Los clientes ''Bearer-only'' son servicios web que nunca inician un login.
+service-accounts-enabled=Cuentas de servicio habilitadas
+service-accounts-enabled.tooltip=Permitir autenticar este cliente contra Keycloak y recibir un token de acceso dedicado para este cliente.
+include-authnstatement=Incluir AuthnStatement
+include-authnstatement.tooltip=\u00BFDeber\u00EDa incluirse una declaraci\u00F3n especificando el m\u00E9todo y la marca de tiempo en la respuesta de inicio de sesi\u00F3n?
+sign-documents=Firmar documentos
+sign-documents.tooltip=\u00BFDeber\u00EDa el dominio firmar los documentos SAML?
+sign-assertions=Firmar aserciones
+sign-assertions.tooltip=\u00BFDeber\u00EDan firmarse las aserciones en documentos SAML? Este ajuste no es necesario si el documento ya est\u00E1 siendo firmado.
+signature-algorithm=Algoritmo de firma
+signature-algorithm.tooltip=El algoritmo de firma usado para firmar los documentos.
+canonicalization-method=M\u00E9todo de canonicalizaci\u00F3n
+canonicalization-method.tooltip=M\u00E9todo de canonicalizaci\u00F3n para las firmas XML
+encrypt-assertions=Cifrar afirmaciones
+encrypt-assertions.tooltip=\u00BFDeber\u00EDan cifrarse las afirmaciones SAML con la clave p\u00FAblica del cliente usando AES?
+client-signature-required=Firma de Cliente requerida
+client-signature-required.tooltip=\u00BFFirmar\u00E1 el cliente sus peticiones y respuestas SAML? \u00BFY deber\u00EDan ser validadas?
+force-post-binding=Forzar enlaces POST
+force-post-binding.tooltip=Usar siempre POST para las respuestas
+front-channel-logout=Desonexi\u00F3n en primer plano (Front Channel)
+front-channel-logout.tooltip=Cuando est\u00E1 activado, la desconexi\u00F3n require una redirecci\u00F3n del navegador hacia el cliente. Cuando no est\u00E1 activado, el servidor realiza una invovaci\u00F3n de desconexi\u00F3n en segundo plano.
+force-name-id-format=Forzar formato NameID
+force-name-id-format.tooltip=Ignorar la petici\u00F3n de sujeto NameID y usar la configurada en la consola de administraci\u00F3n.
+name-id-format=Formato de NameID
+name-id-format.tooltip=El formato de NameID que se usar\u00E1 para el t\u00EDtulo
+root-url=URL ra\u00EDz
+root-url.tooltip=URL ra\u00EDz a\u00F1adida a las URLs relativas
+valid-redirect-uris=URIs de redirecci\u00F3n v\u00E1lidas
+valid-redirect-uris.tooltip=Patr\u00F3n de URI v\u00E1lida para la cual un navegador puede solicitar la redirecci\u00F3n tras un inicio o cierre de sesi\u00F3n completado. Se permiten comodines simples p.ej. ''http://example.com/*''. Tambi\u00E9n se pueden indicar rutas relativas p.ej. ''/my/relative/path/*''. Las rutas relativas generar\u00E1n una URI de redirecci\u00F3n usando el host y puerto de la petici\u00F3n. Para SAML, se deben fijar patrones de URI v\u00E1lidos si quieres confiar en la URL del servicio del consumidor indicada en la petici\u00F3n de inicio de sesi\u00F3n.
+base-url.tooltip=URL por defecto para usar cuando el servidor de autorizaci\u00F3n necesita redirigir o enviar de vuelta al cliente.
+admin-url=URL de administraci\u00F3n
+admin-url.tooltip=URL a la interfaz de administraci\u00F3n del cliente. Fija este valor si el cliente soporta el adaptador de REST. Esta API REST permite al servidor de autenticaci\u00F3n enviar al cliente pol\u00EDticas de revocaci\u00F3n y otras tareas administrativas. Normalment se fija a la URL base del cliente.
+master-saml-processing-url=URL principal de procesamiento SAML
+master-saml-processing-url.tooltip=Si est\u00E1 configurada, esta URL se usar\u00E1 para cada enlace al proveedor del servicio del consumidor de aserciones y servicios de desconexi\u00F3n \u00FAnicos. Puede ser sobreescrito de forma individual para cada enlace y servicio en el punto final de configuraci\u00F3n fina de SAML.
+idp-sso-url-ref=Nombre de la URL de un SSO iniciado por el IDP
+idp-sso-url-ref.tooltip=Nombre del fragmento de la URL para referenciar al cliente cuando quieres un SSO iniciado por el IDP. Dejando esto vac\u00EDo deshabilita los SSO iniciados por el IDP. La URL referenciada desde el navegador ser\u00E1: {server-root}/realms/{realm}/protocol/saml/clients/{client-url-name}
+idp-sso-relay-state=Estado de retransmisi\u00F3n de un SSO iniciado por el IDP
+idp-sso-relay-state.tooltip=Estado de retransmisi\u00F3n que quieres enviar con una petici\u00F3n SAML cuando se inicia un SSO iniciado por el IDP
+web-origins=Or\u00EDgenes web
+web-origins.tooltip=Or\u00EDgenes CORS permitidos. Para permitir todos los or\u00EDgenes de URIs de redirecci\u00F3n v\u00E1lidas a\u00F1ade ''+''. Para permitir todos los or\u00EDgenes a\u00F1ade ''*''.
+fine-saml-endpoint-conf=Fine Grain SAML Endpoint Configuration
+fine-saml-endpoint-conf.tooltip=Expande esta secci\u00F3n para configurar las URL exactas para Assertion Consumer y Single Logout Service.
+assertion-consumer-post-binding-url=Assertion Consumer Service POST Binding URL
+assertion-consumer-post-binding-url.tooltip=SAML POST Binding URL for the client''s assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.
+assertion-consumer-redirect-binding-url=Assertion Consumer Service Redirect Binding URL
+assertion-consumer-redirect-binding-url.tooltip=Assertion Consumer Service Redirect Binding URL
+logout-service-post-binding-url=URL de enlace SAML POST para la desconexi\u00F3n
+logout-service-post-binding-url.tooltip=URL de enlace SAML POST para la desconexi\u00F3n \u00FAnica del cliente. Puedes dejar esto en blanco si est\u00E1s usando un enlace distinto.
+logout-service-redir-binding-url=URL de enlace SAML de redirecci\u00F3n para la desconexi\u00F3n
+logout-service-redir-binding-url.tooltip=URL de enlace SAML de redirecci\u00F3n para la desconexi\u00F3n \u00FAnica del cliente. Puedes dejar esto en blanco si est\u00E1s usando un enlace distinto.
+
+# client import
+import-client=Importar Cliente
+format-option=Formato
+select-format=Selecciona un formato
+import-file=Archivo de Importaci\u00F3n
+
+# client tabs
+settings=Ajustes
+credentials=Credenciales
+saml-keys=Claves SAML
+roles=Roles
+mappers=Asignadores
+mappers.tooltip=Los asignadores de protocolos realizan transformaciones en tokens y documentos. Pueden hacer cosas como asignar datos de usuario en peticiones de protocolo, o simplemente transformar cualquier petici\u00F3n entre el cliente y el servidor de autenticaci\u00F3n.
+scope=\u00C1mbito
+scope.tooltip=Las asignaciones de \u00E1mbito te permiten restringir que asignaciones de roles de usuario se incluyen en el token de acceso solicitado por el cliente.
+sessions.tooltip=Ver sesiones activas para este cliente. Permite ver qu\u00E9 usuarios est\u00E1n activos y cuando se identificaron.
+offline-access=Acceso sin conexi\u00F3n
+offline-access.tooltip=Ver sesiones sin conexi\u00F3n para este cliente. Te permite ver que usuarios han solicitado tokens sin conexi\u00F3n y cuando los solicitaron. Para revocar todos los tokens del cliente, accede a la pesta\u00F1a de Revocaci\u00F3n y fija el valor \"No antes de\" a \"now\".
+clustering=Clustering
+installation=Instalaci\u00F3n
+installation.tooltip=Herramienta de ayuda para generar la configuraci\u00F3n de varios formatos de adaptadores de cliente que puedes descargar o copiar y pegar para configurar tus clientes.
+service-account-roles=Roles de cuenta de servicio
+service-account-roles.tooltip=Permitir autenticar asignaciones de rol para la cuenta de servicio dedicada a este cliente.
+
+# client credentials
+client-authenticator=Cliente autenticador
+client-authenticator.tooltip=Cliente autenticador usado para autenticar este cliente contra el servidor Keycloak
+certificate.tooltip=Certificado de clinete para validar los JWT emitidos por este cliente y firmados con la clave privada del cliente de tu almac\u00E9n de claves.
+no-client-certificate-configured=No se ha configurado el certificado de cliente
+gen-new-keys-and-cert=Generar nuevas claves y certificado
+import-certificate=Importar Certificado
+gen-client-private-key=Generar clave privada de cliente
+generate-private-key=Generar clave privada
+archive-format=Formato de Archivo
+archive-format.tooltip=Formato de archivo Java keystore o PKCS12
+key-alias=Alias de clave
+key-alias.tooltip=Alias del archivo de tu clave privada y certificado.
+key-password=Contrase\u00F1a de la clave
+key-password.tooltip=Contrase\u00F1a para acceder a la clave privada contenida en el archivo
+store-password=Contrase\u00F1a del almac\u00E9n
+store-password.tooltip=Contrase\u00F1a para acceder al archivo
+generate-and-download=Generar y descargar
+client-certificate-import=Importaci\u00F3n de certificado de cliente
+import-client-certificate=Importar Certificado de Cliente
+jwt-import.key-alias.tooltip=Alias del archivo de tu certificado.
+secret=Secreto
+regenerate-secret=Regenerar secreto
+add-role=A\u00F1adir rol
+role-name=Nombre de rol
+composite=Compuesto
+description=Descripci\u00F3n
+no-client-roles-available=No hay roles de cliente disponibles
+scope-param-required=Par\u00E1metro de \u00E1mbito obligatorio
+scope-param-required.tooltip=Este rol solo ser\u00E1 concedido si el par\u00E1metro de \u00E1mbito con el nombre del rol es usado durante la petici\u00F3n de autorizaci\u00F3n/obtenci\u00F3n de token.
+composite-roles=Roles compuestos
+composite-roles.tooltip=Cuando este rol es asignado/desasignado a un usuario cualquier rol asociado con \u00E9l ser\u00E1 asignado/desasignado de forma impl\u00EDcita.
+realm-roles=Roles de dominio
+available-roles=Roles Disponibles
+add-selected=A\u00F1adir seleccionado
+associated-roles=Roles Asociados
+composite.associated-realm-roles.tooltip=Roles a nivel de dominio asociados con este rol compuesto.
+composite.available-realm-roles.tooltip=Roles a nivel de dominio disponibles en este rol compuesto.
+remove-selected=Borrar seleccionados
+client-roles=Roles de Cliente
+select-client-to-view-roles=Selecciona el cliente para ver sus roles
+available-roles.tooltip=Roles de este cliente que puedes asociar a este rol compuesto.
+client.associated-roles.tooltip=Roles de cliente asociados con este rol compuesto.
+add-builtin=A\u00F1adir Builtin
+category=Categor\u00EDa
+type=Tipo
+no-mappers-available=No hay asignadores disponibles
+add-builtin-protocol-mappers=A\u00F1adir Builtin Protocol Mappers
+add-builtin-protocol-mapper=A\u00F1adir Builtin Protocol Mapper
+scope-mappings=Asignaciones de \u00E1mbito
+full-scope-allowed=Permitir todos los \u00E1mbitos
+full-scope-allowed.tooltip=Permite deshabilitar todas las restricciones.
+scope.available-roles.tooltip=Roles de dominio que pueden ser asignados al \u00E1mbito
+assigned-roles=Roles Asignados
+assigned-roles.tooltip=Roles a nivel de dominio asignados a este \u00E1mbito.
+effective-roles=Roles Efectivos
+realm.effective-roles.tooltip=Roles de dominio asignados que pueden haber sido heredados de un rol compuesto.
+select-client-roles.tooltip=Selecciona el cliente para ver sus roles
+assign.available-roles.tooltip=Roles de clientes disponibles para ser asignados.
+client.assigned-roles.tooltip=Roles de cliente asignados
+client.effective-roles.tooltip=Roles de cliente asignados que pueden haber sido heredados desde un rol compuesto.
+basic-configuration=Configuraci\u00F3n b\u00E1sica
+node-reregistration-timeout=Tiempo de espera de re-registro de nodo
+node-reregistration-timeout.tooltip=Indica el m\u00E1ximo intervalo de tiempo para que los nodos del cluster registrados se vuelvan a registrar. Si el nodo del cluster no env\u00EDa una petici\u00F3n de re-registro a Keycloak dentro de este intervalo, ser\u00E1 desregistrado de Keycloak
+registered-cluster-nodes=Registrar nodos de cluster
+register-node-manually=Registrar nodo manualmente
+test-cluster-availability=Probar disponibilidad del cluster
+last-registration=\u00DAltimo registro
+node-host=Host del nodo
+no-registered-cluster-nodes=No hay nodos de cluster registrados disponibles
+cluster-nodes=Nodos de cl\u00FAster
+add-node=A\u00F1adir Nodo
+active-sessions.tooltip=N\u00FAmero total de sesiones activas para este cliente.
+show-sessions=Mostrar sesiones
+show-sessions.tooltip=Advertencia, esta es una operaci\u00F3n potencialmente costosa dependiendo del n\u00FAmero de sesiones activas.
+user=Usuario
+from-ip=Desde IP
+session-start=Inicio de sesi\u00F3n
+first-page=Primera p\u00E1gina
+previous-page=P\u00E1gina Anterior
+next-page=P\u00E1gina siguiente
+client-revoke.not-before.tooltip=Revocar todos los tokens emitidos antes de esta fecha para este cliente.
+client-revoke.push.tooltip=Si la URL de administraci\u00F3n est\u00E1 configurada para este cliente, env\u00EDa esta pol\u00EDtica a este cliente.
+select-a-format=Selecciona un formato
+download=Descargar
+offline-tokens=Tokens sin conexi\u00F3n
+offline-tokens.tooltip=N\u00FAmero total de tokens sin conexi\u00F3n de este cliente.
+show-offline-tokens=Mostrar tokens sin conexi\u00F3n
+show-offline-tokens.tooltip=Advertencia, esta es una operaci\u00F3n potencialmente costosa dependiendo del n\u00FAmero de tokens sin conexi\u00F3n.
+token-issued=Token expedido
+last-access=\u00DAltimo Acceso
+last-refresh=\u00DAltima actualizaci\u00F3n
+key-export=Exportar clave
+key-import=Importar clave
+export-saml-key=Exportar clave SAML
+import-saml-key=Importar clave SAML
+realm-certificate-alias=Alias del certificado del dominio
+realm-certificate-alias.tooltip=El certificado del dominio es almacenado en archivo. Este es el alias al mismo.
+signing-key=Clave de firma
+saml-signing-key=Clave de firma SAML.
+private-key=Clave Privada
+generate-new-keys=Generar nuevas claves
+export=Exportar
+encryption-key=Clave de cifrado
+saml-encryption-key.tooltip=Clave de cifrado de SAML
+service-accounts=Cuentas de servicio
+service-account.available-roles.tooltip=Roles de dominio que pueden ser asignados a la cuenta del servicio.
+service-account.assigned-roles.tooltip=Roles de dominio asignados a la cuenta del servicio.
+service-account-is-not-enabled-for=La cuenta del servicio no est\u00E1 habilitada para {{client}}
+create-protocol-mappers=Crear asignadores de protocolo
+create-protocol-mapper=Crear asignador de protocolo
+protocol=Protocolo
+protocol.tooltip=Protocolo.
+id=ID
+mapper.name.tooltip=Nombre del asignador.
+mapper.consent-required.tooltip=Cuando se concede acceso temporal, \u00BFes necesario el consentimiento del usuario para proporcinar estos datos al cliente?
+consent-text=Texto del consentimiento
+consent-text.tooltip=Texto para mostrar en la p\u00E1gina de consentimiento.
+mapper-type=Tipo de asignador
+
+# realm identity providers
+identity-providers=Proveedores de identidad
+table-of-identity-providers=Tabla de proveedores de identidad
+add-provider.placeholder=A\u00F1adir proveedor...
+provider=Proveedor
+gui-order=Orden en la interfaz gr\u00E1fica (GUI)
+redirect-uri=URI de redirecci\u00F3n
+redirect-uri.tooltip=La URI de redirecci\u00F3n usada para configurar el proveedor de identidad.
+alias=Alias
+identity-provider.alias.tooltip=El alias que identifica de forma \u00FAnica un proveedor de identidad, se usa tambi\u00E9n para construir la URI de redirecci\u00F3n.
+identity-provider.enabled.tooltip=Habilita/deshabilita este proveedor de identidad.
+authenticate-by-default=Autenticar por defecto
+identity-provider.authenticate-by-default.tooltip=Indica si este proveedor deber\u00EDa ser probado por defecto para autenticacaci\u00F3n incluso antes de mostrar la p\u00E1gina de inicio de sesi\u00F3n.
+store-tokens=Almacenar tokens
+identity-provider.store-tokens.tooltip=Habiltar/deshabilitar si los tokens deben ser almacenados despu\u00E9s de autenticar a los usuarios.
+stored-tokens-readable=Tokens almacenados legibles
+identity-provider.stored-tokens-readable.tooltip=Habilitar/deshabilitar si los nuevos usuarios pueden leer los tokens almacenados. Esto asigna el rol ''broker.read-token''.
+update-profile-on-first-login=Actualizar perfil en el primer inicio de sesi\u00F3n
+on=Activado
+on-missing-info=Si falta informaci\u00F3n
+off=Desactivado
+update-profile-on-first-login.tooltip=Define condiciones bajo las cuales un usuario tiene que actualizar su perfil durante el primer inicio de sesi\u00F3n.
+trust-email=Confiar en el email
+trust-email.tooltip=Si est\u00E1 habilitado, el email recibido de este proveedor no se verificar\u00E1 aunque la verificaci\u00F3n est\u00E9 habilitada para el dominio.
+gui-order.tooltip=N\u00FAmero que define el orden del proveedor en la interfaz gr\u00E1fica (GUI) (ej. en la p\u00E1gina de inicio de sesi\u00F3n)
+openid-connect-config=Configuraci\u00F3n de OpenID Connect
+openid-connect-config.tooltip=Configuraci\u00F3n de OIDC SP e IDP externos
+authorization-url=URL de autorizaci\u00F3n
+authorization-url.tooltip=La URL de autorizaci\u00F3n.
+token-url=Token URL
+token-url.tooltip=La URL del token.
+logout-url=URL de desconexi\u00F3n
+identity-provider.logout-url.tooltip=Punto de cierre de sesi\u00F3n para usar en la desconexi\u00F3n de usuarios desde un proveedor de identidad (IDP) externo.
+backchannel-logout=Backchannel Logout
+backchannel-logout.tooltip=Does the external IDP support backchannel logout?
+user-info-url=URL de informaci\u00F3n de usuario
+user-info-url.tooltip=La URL de informaci\u00F3n de usuario. Opcional.
+identity-provider.client-id.tooltip=El cliente o identificador de cliente registrado en el proveedor de identidad.
+client-secret=Secreto de Cliente
+show-secret=Mostrar secreto
+hide-secret=Ocultar secreto
+client-secret.tooltip=El cliente o el secreto de cliente registrado en el proveedor de identidad.
+issuer=Emisor
+issuer.tooltip=El identificador del emisor para el emisor de la respuesta. Si no se indica, no se realizar\u00E1 ninguna validaci\u00F3n.
+default-scopes=\u00C1mbitos por defecto
+identity-provider.default-scopes.tooltip=Los \u00E1mbitos que se enviar\u00E1n cuando se solicite autorizaci\u00F3n. Puede ser una lista de \u00E1mbitos separados por espacios. El valor por defecto es ''openid''.
+prompt=Prompt
+unspecified.option=no especificado
+none.option=ninguno
+consent.option=consentimiento
+login.option=login
+select-account.option=select_account
+prompt.tooltip=Indica si el servidor de autorizaci\u00F3n solicita al usuario final para reautenticaci\u00F3n y consentimiento.
+validate-signatures=Validar firmas
+identity-provider.validate-signatures.tooltip=Habilitar/deshabilitar la validaci\u00F3n de firmas de proveedores de identidad (IDP) externos
+validating-public-key=Validando clave p\u00FAblica
+identity-provider.validating-public-key.tooltip=La clave p\u00FAblica en formato PEM que debe usarse para verificar las firmas de proveedores de identidad (IDP) externos.
+import-external-idp-config=Importar configuraci\u00F3n externa de IDP
+import-external-idp-config.tooltip=Te permite cargar metadatos de un proveedor de identidad (IDP) externo de un archivo de coniguraci\u00F3n o descargarlo desde una URL.
+import-from-url=Importar desde URL
+identity-provider.import-from-url.tooltip=Importar metadatos desde un descriptor de un proveedor de identidad (IDP) remoto.
+import-from-file=Importar desde archivo
+identity-provider.import-from-file.tooltip=Importar metadatos desde un descriptor de un proveedor de identidad (IDP) descargado.
+saml-config=Configuraci\u00F3n SAML
+identity-provider.saml-config.tooltip=Configuraci\u00F3n de proveedor SAML e IDP externo
+single-signon-service-url=URL de servicio de conexi\u00F3n \u00FAnico (SSO)
+saml.single-signon-service-url.tooltip=La URL que debe ser usada para enviar peticiones de autenticaci\u00F3n (SAML AuthnRequest).
+single-logout-service-url=URL de servicio de desconexi\u00F3n \u00FAnico
+saml.single-logout-service-url.tooltip=La URL que debe usarse para enviar peticiones de desconexi\u00F3n.
+nameid-policy-format=Formato de pol\u00EDtica NameID
+nameid-policy-format.tooltip=Indica la referencia a la URI correspondiente a un formato de NameID. El valor por defecto es urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
+http-post-binding-response=HTTP-POST enlace de respuesta
+http-post-binding-response.tooltip=Indica si se reponde a las peticiones usando HTTP-POST. Si no est\u00E1 activado, se usa HTTP-REDIRECT.
+http-post-binding-for-authn-request=HTTP-POST para AuthnRequest
+http-post-binding-for-authn-request.tooltip=Indica si AuthnRequest debe ser enviada usando HTTP-POST. Si no est\u00E1 activado se hace HTTP-REDIRECT.
+want-authn-requests-signed=Firmar AuthnRequests
+want-authn-requests-signed.tooltip=Indica si el proveedor de identidad espera recibir firmadas las AuthnRequest.
+force-authentication=Forzar autenticaci\u00F3n
+identity-provider.force-authentication.tooltip=Indica si el proveedor de identidad debe autenticar al presentar directamente las credenciales en lugar de depender de un contexto de seguridad previo.
+validate-signature=Validar firma
+saml.validate-signature.tooltip=Habilitar/deshabilitar la validaci\u00F3n de firma en respuestas SAML.
+validating-x509-certificate=Validando certificado X509
+validating-x509-certificate.tooltip=El certificado en formato PEM que debe usarse para comprobar las firmas.
+saml.import-from-url.tooltip=Importar metadatos desde un descriptor de entidad remoto de un IDP de SAML
+social.client-id.tooltip=El identificador del cliente registrado con el proveedor de identidad.
+social.client-secret.tooltip=El secreto del cliente registrado con el proveedor de identidad.
+social.default-scopes.tooltip=\u00C1mbitos que se enviar\u00E1n cuando se solicite autorizaci\u00F3n. Ver la documentaci\u00F3n para los posibles valores, separador y valor por defecto.
+key=Clave
+stackoverflow.key.tooltip=La clave obtenida en el registro del cliente de Stack Overflow.
+
+realms=Dominios
+realm=Dominio
+
+identity-provider-mappers=Asignadores de proveedores de identidad (IDP)
+create-identity-provider-mapper=Crear asignador de proveedor de identidad (IDP)
+add-identity-provider-mapper=A\u00F1adir asignador de proveedor de identidad
+client.description.tooltip=Indica la descripci\u00F3n del cliente. Por ejemplo ''My Client for TimeSheets''. Tambi\u00E9n soporta claves para valores localizados. Por ejemplo: ${my_client_description}
+content-type-options=
diff --git a/admin/messages/admin-messages_fr.properties b/admin/messages/admin-messages_fr.properties
new file mode 100644
index 0000000..2ecf49a
--- /dev/null
+++ b/admin/messages/admin-messages_fr.properties
@@ -0,0 +1,142 @@
+consoleTitle=Keycloak Admin Console
+
+# Common messages
+enabled=Actif
+name=Nom
+displayName=Display name
+displayNameHtml=HTML Display name
+save=Sauver
+cancel=Annuler
+onText=Oui
+offText=Non
+client=Client
+clients=Clients
+clear=Effacer
+selectOne=Select One...
+
+manage=G\u00e9rer
+authentication=Authentification
+user-federation=Regroupement Utilisateur
+user-storage=Stockage Utilisateur
+events=\u00c9v\u00e8nements
+realm-settings=Configurations du domaine
+configure=Configurer
+select-realm=Choisir un domaine
+add=Ajouter
+
+true=Vrai
+false=Faux
+
+endpoints=Endpoints
+
+# Realm settings
+realm-detail.enabled.tooltip=Les utilisateurs et les clients peuvent acc\u00e9der au domaine si celui-ci est actif
+realm-detail.oidc-endpoints.tooltip=Affiche les configurations de l''endpoint OpenID Connect
+registrationAllowed=Enregistrement d''utilisateur
+registrationAllowed.tooltip=Activer/d\u00e9sactiver la page d''enregistrement. Un lien pour l''enregistrement sera visible sur la page de connexion.
+registrationEmailAsUsername=Courriel comme nom d''utilisateur
+registrationEmailAsUsername.tooltip=Si actif, le champ du nom de l''utilisateur est cach\u00e9 pendant l''enregistrement ; le courriel est utilis\u00e9 comme nom d''utilisateur.
+editUsernameAllowed=\u00c9ditez le nom de l''utilisateur
+editUsernameAllowed.tooltip=Si actif, le champ du nom de l''utilisateur est modifiable.
+resetPasswordAllowed=Mot de passe oubli\u00e9
+resetPasswordAllowed.tooltip=Affiche un lien sur la page de connexion pour les utilisateurs ayant oubli\u00e9 leurs accr\u00e9ditations.
+rememberMe=Se souvenir de moi
+rememberMe.tooltip=Affiche une case \u00e0 cocher sur la page de connexion pour permettre aux utilisateurs de rester connect\u00e9s entre deux red\u00e9marrages de leur navigateur, jusqu''\u00e0 expiration de la session.
+verifyEmail=V\u00e9rification du courriel
+verifyEmail.tooltip=Force l''utilisateur \u00e0 v\u00e9rifier son courriel lors de la premi\u00e8re connexion.
+loginWithEmailAllowed=Authentification avec courriel
+loginWithEmailAllowed.tooltip=Autorise l''utilisateur \u00e0 s''authentifier avec son adresse de courriel.
+duplicateEmailsAllowed=Doublon courriel
+duplicateEmailsAllowed.tooltip=Autorise plusieurs utilisateurs \u00e0 avoir la m\u00eame adresse de courriel. Changer cette configuration va vider le cache. Il est recommand\u00e9 de mettre \u00e0 jour manuellement les contraintes sur le courriel dans la base de donn\u00e9es apr\u00e8s la d\u00e9sactivation du support des doublons.
+sslRequired=SSL requis
+sslRequired.option.all=toutes les requ\u00eates
+sslRequired.option.external=les requ\u00eates externes
+sslRequired.option.none=aucun
+sslRequired.tooltip=Niveau d''exigence HTTPS \: ''aucun'' signifie que le HTTPS n''est requis pour aucune adresse IP cliente. ''les requ\u00eates externes'' signifie que localhost et les adresses IP priv\u00e9es peuvent acc\u00e9der sans HTTPS. ''toutes les requ\u00eates'' signifie que le protocole HTTPS est obligatoire pour toutes les adresses IP.
+publicKey=Clef publique
+gen-new-keys=Cr\u00e9ation de nouvelle clef
+certificate=Certificat
+host=H\u00f4te
+smtp-host=H\u00f4te SMTP
+port=Port
+smtp-port=Port SMTP (25 par d\u00e9faut)
+from=De
+sender-email-addr=Courriel de l''exp\u00e9diteur
+enable-ssl=Activer SSL/TLS
+enable-start-tls=Activer StartTLS
+enable-auth=Activer l''authentification
+username=Nom de l''utilisateur
+login-username=Connexion de l''utilisateur
+password=Mot de passe
+login-password=Mot de passe
+login-theme=Th\u00e8me de connexion
+select-one=S\u00e9lectionnez-en un...
+login-theme.tooltip=S\u00e9lectionnez le th\u00e8me pour les pages de connexion, de mot de passe \u00e0 usage unique bas\u00e9 sur le temps, des droits, de l''enregistrement, et du mot passe oubli\u00e9.
+account-theme=Th\u00e8me du compte
+account-theme.tooltip=S\u00e9lectionnez le th\u00e8me pour la gestion des comptes.
+admin-console-theme=Th\u00e8me de la console d''administration
+select-theme-admin-console=S\u00e9lectionnez le th\u00e8me de la console d''administration.
+email-theme=Th\u00e8me pour le courriel
+select-theme-email=S\u00e9lectionnez le th\u00e8me pour les courriels envoy\u00e9es par le serveur.
+i18n-enabled=Internationalisation activ\u00e9e
+supported-locales=Locales support\u00e9es
+supported-locales.placeholder=Entrez la locale et validez
+default-locale=Locale par d\u00e9faut
+realm-cache-enabled=Cache du domaine activ\u00e9
+realm-cache-enabled.tooltip=Activer/D\u00e9sactiver le cache pour le domaine, client et donn\u00e9es.
+user-cache-enabled=Cache utilisateur activ\u00e9
+user-cache-enabled.tooltip=Activer/D\u00e9sactiver le cache utilisateur, et le cache de relation entre utilisateurs et r\u00f4les.
+sso-session-idle=Sessions SSO inactives
+seconds=Secondes
+minutes=Minutes
+hours=Heures
+days=Jours
+sso-session-max=Maximum de sessions SSO
+sso-session-idle.tooltip=Temps d''inactivit\u00e9 autoris\u00e9 avant expiration de la session. Les jetons et les sessions navigateurs sont invalid\u00e9es quand la session expire.
+sso-session-max.tooltip=Dur\u00e9e maximale avant que la session n''expire. Les jetons et les sessions navigateurs sont invalid\u00e9es quand la session expire.
+access-token-lifespan=Dur\u00e9e de vie du jeton d''acc\u00e8s
+access-token-lifespan.tooltip=Dur\u00e9e maximale avant que le jeton d''acc\u00e8s n''expire. Cette valeur devrait \u00eatre relativement plus petite que la dur\u00e9e d''inactivit\u00e9 (timeout) du SSO.
+client-login-timeout=Dur\u00e9e d''inactivit\u00e9 de connexion (timeout)
+client-login-timeout.tooltip=Dur\u00e9e maximale qu''a un client pour finir le protocole du jeton d''acc\u00e8s. Devrait \u00eatre de l''ordre de la minute (1 min).
+login-timeout=Dur\u00e9e d''inactivit\u00e9 de connexion
+login-timeout.tooltip=Dur\u00e9e maximale autoris\u00e9e pour finaliser la connexion. Devrait \u00eatre relativement long \: 30 minutes, voire plus.
+login-action-timeout=Dur\u00e9e d''inactivit\u00e9 des actions de connexions
+login-action-timeout.tooltip=Dur\u00e9e maximale qu''a un utilisateur pour finir ses actions concernant la mise \u00e0 jour de son mot de passe ou bien de la configuration du mot de passe \u00e0 usage unique (OTP). Devrait \u00eatre relativement long \: 5 minutes, voire plus.
+headers=En-t\u00eates
+brute-force-detection=D\u00e9tection des attaques par force brute
+x-frame-options=X-Frame-Options
+click-label-for-info=Cliquer sur le label pour plus d''information. Les valeurs par d\u00e9faut \u00e9vitent que les pages soient incluses dans des iframes \u00e9trang\u00e8res.
+content-sec-policy=Content-Security-Policy
+max-login-failures=Nombre maximal d''erreurs de connexion
+max-login-failures.tooltip=Nombre d''erreurs avant de d\u00e9clencher le temps d''attente.
+wait-increment=Temps d''attente
+wait-increment.tooltip=Quand le seuil des erreurs est atteint, combien de temps l''utilisateur est-il bloqu\u00e9 ?
+quick-login-check-millis=Nombre de millisecondes entre deux connexions
+quick-login-check-millis.tooltip=Si une erreur apparait trop rapidement, bloquer le compte utilisateur.
+min-quick-login-wait=Dur\u00e9e minimale d''attente entre deux connexions
+min-quick-login-wait.tooltip=Dur\u00e9e d''attente demand\u00e9e apr\u00e8s une erreur entre deux connexions.
+max-wait=Dur\u00e9e maximale d''attente
+max-wait.tooltip=Dur\u00e9e maximale de blocage du compte utilisateur
+failure-reset-time=Dur\u00e9e de remise \u00e0 z\u00e9ro des erreurs
+failure-reset-time.tooltip=Quand les erreurs sont-elles remises \u00e0 z\u00e9ro ?
+realm-tab-login=Connexion
+realm-tab-keys=Clefs
+realm-tab-email=Courriels
+realm-tab-themes=Th\u00e8mes
+realm-tab-cache=Cache
+realm-tab-tokens=Jetons
+realm-tab-security-defenses=Mesures de s\u00e9curit\u00e9
+realm-tab-general=G\u00e9n\u00e9ral
+add-realm=Ajouter un domaine
+
+#Session settings
+realm-sessions=Sessions du domaine
+revocation=R\u00e9vocation
+logout-all=D\u00e9connexion globale
+active-sessions=Sessions actives
+sessions=Sessions
+not-before=Pas avant
+not-before.tooltip=R\u00e9voquer tous les jetons demand\u00e9s avant cette date.
+set-to-now=Mettre \u00e0 maintenant
+push=Appuyer
+push.tooltip=Pour tous les clients ayant une URL d''administration, les notifier de la politique de r\u00e9vocation.
diff --git a/admin/messages/admin-messages_it.properties b/admin/messages/admin-messages_it.properties
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/admin/messages/admin-messages_it.properties
diff --git a/admin/messages/admin-messages_ja.properties b/admin/messages/admin-messages_ja.properties
new file mode 100644
index 0000000..642d474
--- /dev/null
+++ b/admin/messages/admin-messages_ja.properties
@@ -0,0 +1,1547 @@
+# encoding: utf-8
+consoleTitle=Keycloak 管理コンソール
+
+# Common messages
+enabled=有効
+hidden=非表示
+link-only-column=リンクのみ
+name=名前
+displayName=表示名
+displayNameHtml=HTML 表示名
+save=保存
+cancel=キャンセル
+next=次へ
+onText=オン
+offText=オフ
+client=クライアント
+clients=クライアント
+clear=クリア
+selectOne=1つ選択...
+
+true=はい
+false=いいえ
+
+endpoints=エンドポイント
+
+# Realm settings
+realm-detail.enabled.tooltip=有効の場合は、ユーザーとクライアントはこのレルムのみアクセス可能になります
+realm-detail.protocol-endpoints.tooltip=プロトコルエンドポイントの設定を表示します。
+realm-detail.protocol-endpoints.oidc=OpenIDエンドポイントの設定
+realm-detail.protocol-endpoints.saml=SAML 2.0アイデンティティー・プロバイダー・メタデータ
+realm-detail.userManagedAccess.tooltip=有効にすると、ユーザーはアカウント管理コンソールを使用してリソースとパーミッションを管理できます。
+userManagedAccess=User-Managed Access
+registrationAllowed=ユーザー登録
+registrationAllowed.tooltip=登録ページの有効/無効。ログインページに登録のリンクも表示されるようになります。
+registrationEmailAsUsername=Eメールをユーザー名とする
+registrationEmailAsUsername.tooltip=有効の場合は、登録フォームにおいてユーザー名フィールドが非表示となり、Eメールが新規ユーザーのユーザー名として使われます。
+editUsernameAllowed=ユーザー名の編集
+editUsernameAllowed.tooltip=有効の場合はユーザー名フィールドが編集可能になり、そうでない場合は読み取り専用になります。
+resetPasswordAllowed=パスワード忘れ
+resetPasswordAllowed.tooltip=パスワードを忘れてしまった場合にクリックするリンクを、ログインページに表示します。
+rememberMe=ログイン状態の保存
+rememberMe.tooltip=セッションの有効期限が切れるまではブラウザーの再起動でもログイン状態を保存するチェックボックスをログインページに表示します。
+loginWithEmailAllowed=Eメールでログイン
+loginWithEmailAllowed.tooltip=ユーザーがEメールアドレスでログインできるようにします。
+duplicateEmailsAllowed=メールの重複
+duplicateEmailsAllowed.tooltip=複数のユーザーが同じEメールアドレスを持つことを許可します。この設定を変更すると、ユーザーのキャッシュもクリアされます。重複するEメールアドレスのサポートを無効にした後で、データベース内の既存ユーザーのEメールの制約を手動で更新することをお勧めします。
+verifyEmail=Eメールの確認
+verifyEmail.tooltip=初回ログイン後またはアドレスの変更が送信された後に、ユーザーに自分の電子メールアドレスを確認するように要求します。
+sslRequired=SSL の要求
+sslRequired.option.all=全てのリクエスト
+sslRequired.option.external=外部リクエスト
+sslRequired.option.none=なし
+sslRequired.tooltip=HTTPS は必須ですか? 「なし」 は HTTPS がどのクライアント IP アドレスにも要求されないことを意味します。 「外部リクエスト」 はローカルホストとプライベート IP アドレスは HTTPS なしでアクセスできることを意味します。 「すべてのリクエスト」 は HTTPS がすべての IP アドレスに要求されることを意味します。
+publicKeys=公開鍵
+publicKey=公開鍵
+privateKey=秘密鍵
+gen-new-keys=新しい鍵を生成する
+certificate=証明書
+host=ホスト
+smtp-host=SMTP ホスト
+port=ポート
+smtp-port=SMTP ポート (デフォルトは25)
+from=差出人
+fromDisplayName=差出人の表示名
+fromDisplayName.tooltip=差出人のアドレスのユーザーフレンドリーな名前です(オプション)。
+replyTo=返信先
+replyToDisplayName=返信先の表示名
+replyToDisplayName.tooltip=返信先のアドレスのユーザーフレンドリーな名前です(オプション)。
+envelopeFrom=Envelope From
+envelopeFrom.tooltip=バウンスに使用されるEメールアドレス(オプション)。
+sender-email-addr=送信者のメールアドレス
+sender-email-addr-display=送信者Eメールアドレスの表示名
+reply-to-email-addr=返信先のメールアドレス
+reply-to-email-addr-display=返信先メールアドレスの表示名
+sender-envelope-email-addr=送信者の Envelope Eメールアドレス
+enable-ssl=SSL の有効
+enable-start-tls=StartTLS の有効
+enable-auth=認証の有効
+username=ユーザー名
+login-username=ログインユーザー名
+password=パスワード
+login-password=ログインパスワード
+login-theme=ログインテーマ
+login-theme.tooltip=ログイン、OTP、グラント、登録、およびパスワード忘れに使用するページのテーマを選択します。
+account-theme=アカウントテーマ
+account-theme.tooltip=ユーザーアカウント管理画面のテーマを選択します。
+admin-console-theme=管理コンソールテーマ
+select-theme-admin-console=管理コンソールのテーマを選択します。
+email-theme=Eメールテーマ
+select-theme-email=サーバーから送信されるEメールのテーマを選択します。
+i18n-enabled=国際化の有効
+supported-locales=サポートされるロケール
+supported-locales.placeholder=ロケールを入力し Enter キーを押してください
+default-locale=デフォルトロケール
+realm-cache-clear=レルムキャッシュ
+realm-cache-clear.tooltip=レルムキャッシュからすべてのエントリをクリアする (すべてのレルムのエントリをクリアします)
+user-cache-clear=ユーザーキャッシュ
+user-cache-clear.tooltip=ユーザーキャッシュからすべてのエントリを削除します (すべてのレルムのエントリをクリアします)
+keys-cache-clear=キーキャッシュ
+keys-cache-clear.tooltip=外部公開鍵のキャッシュからすべてのエントリーを消去します。これらは、外部のクライアントまたはアイデンティティプロバイダーの鍵です(これにより、すべてのレルムのエントリーがクリアされます)。
+default-signature-algorithm=デフォルトの署名アルゴリズム
+default-signature-algorithm.tooltip=このレルムでトークンの署名に使用されるデフォルトのアルゴリズム
+revoke-refresh-token=リフレッシュトークンの無効化
+revoke-refresh-token.tooltip=有効にすると、リフレッシュトークンは「リフレッシュトークンの最大再利用回数」までしか使用できず、別のトークンが使用されると無効化されます。無効の場合、リフレッシュトークンは使用後に無効化されず、複数回使用できます。
+refresh-token-max-reuse=リフレッシュトークンの最大再利用回数
+refresh-token-max-reuse.tooltip=リフレッシュトークンを再利用できる最大回数。別のトークンが使用された場合、即時に無効化されます。
+sso-session-idle=SSO セッションアイドル
+seconds=秒
+minutes=分
+hours=時
+days=日
+sso-session-max=SSO セッション最大
+sso-session-idle.tooltip=セッションの有効期限が切れるまでのアイドル時間です。セッションが有効期限切れの際はトークンとブラウザーセッションは無効化されます。
+sso-session-max.tooltip=セッションの有効期限が切れるまでの最大時間です。セッションが有効期限切れの際はトークンとブラウザーセッションは無効化されます。
+sso-session-idle-remember-me=SSOセッション・アイドル・リメンバー・ミー
+sso-session-idle-remember-me.tooltip=リメンバー・ミー・セッションの有効期限が切れるまでのアイドル時間です。セッションが期限切れになると、トークンおよびブラウザー・セッションは無効になります。設定されていない場合は、標準のSSOセッション・アイドル値が使用されます。
+sso-session-max-remember-me=SSOセッション最大リメンバー・ミー
+sso-session-max-remember-me.tooltip=ユーザーがリメンバー・ミー・オプションを設定したときにセッションが期限切れになるまでの最大時間。セッションが期限切れになると、トークンおよびブラウザー・セッションは無効になります。設定されていない場合は、標準のSSO Session Max値が使用されます。
+offline-session-idle=オフラインセッションアイドル
+offline-session-idle.tooltip=セッションの有効期限が切れるまでのオフライン時間です。この期限内に少なくとも1回はオフライントークンを使用してリフレッシュしないと、オフラインセッションは有効期限切れとなります。
+realm-detail.hostname=ホスト名
+realm-detail.hostname.tooltip=レルムに対してホスト名を設定します。特定のレルムのサーバーホスト名を上書きするために、固定ホスト名プロバイダーと組み合わせて使用​​します。
+
+## KEYCLOAK-7688 Offline Session Max for Offline Token
+offline-session-max-limited=オフラインセッション最大制限
+offline-session-max-limited.tooltip=オフラインセッションの最大時間制限を有効にします。
+offline-session-max=オフラインセッション最大
+offline-session-max.tooltip=アクティビティに関係なく、オフラインセッションが期限切れになるまでの最大時間。
+
+access-token-lifespan=アクセストークン生存期間
+access-token-lifespan.tooltip=アクセストークンが有効期限切れとなる最大時間です。この値は SSO タイムアウトと比べて短くすることをお勧めします。
+access-token-lifespan-for-implicit-flow=Implicit Flow におけるアクセストークン生存期間
+access-token-lifespan-for-implicit-flow.tooltip=OpenID Connect Implicit Flow で発行されたアクセストークンが有効期限切れとなる最大時間です。この値は SSO タイムアウトより短くすることをお勧めします。 Implicit Flow ではトークンを更新することはありませんので、 「アクセストークン生存期間」 とは異なる別々のタイムアウト設定を設けています。
+action-token-generated-by-admin-lifespan=デフォルトの管理者起動アクションの有効期間
+action-token-generated-by-admin-lifespan.tooltip=管理者によってユーザーに送信されたアクション許可の有効期限が切れるまでの最大時間。この値は、管理者が現在オフラインになっているユーザーに対してEメールを送信できるように、長くすることをお勧めします。デフォルトのタイムアウトは、トークンを発行する直前にオーバーライドすることができます。
+action-token-generated-by-user-lifespan=ユーザー起動アクションの有効期間
+action-token-generated-by-user-lifespan.tooltip=ユーザーが送信したアクション許可(パスワード忘れのEメールなど)の有効期限が切れるまでの最大時間。ユーザーが自分で作成した操作にすばやく反応することが期待されるため、この値は短くすることをお勧めします。
+
+action-token-generated-by-user.execute-actions=アクションの実行
+action-token-generated-by-user.idp-verify-account-via-email=IdPアカウントのEメール検証
+action-token-generated-by-user.reset-credentials=パスワード忘れ
+action-token-generated-by-user.verify-email=Eメールでの確認
+action-token-generated-by-user.tooltip=ユーザーが送信したアクション許可(パスワード忘れなど)が特定の操作で期限切れになるまでの、最大時間のデフォルト設定をオーバーライドします。ユーザーが自分で作成した操作にすばやく反応することが期待されるため、この値は短くすることをお勧めします。
+action-token-generated-by-user.reset=リセット
+action-token-generated-by-user.operation=ユーザーが開始したアクションの有効期限をオーバーライドします
+
+client-login-timeout=クライアントのログインタイムアウト
+client-login-timeout.tooltip=クライアントがアクセストークンプロトコルを終了するまでの最大時間。これは通常1分です。
+login-timeout=ログインタイムアウト
+login-timeout.tooltip=ユーザーがログインを完了するまでの最大時間です。これは30分以上と比較的長くすることをお勧めします。
+login-action-timeout=ログインアクションタイムアウト
+login-action-timeout.tooltip=ユーザーがパスワードの更新や OTP の設定のようなログインに関係するアクションを完了するまでの最大時間です。これは5分以上と比較的長くすることをお勧めします。
+headers=ヘッダー
+brute-force-detection=ブルートフォースの検出
+x-frame-options=X-Frame-Options
+x-frame-options-tooltip=デフォルト値では別のオリジンの IFrame からの読み込みを防ぎます (詳細はラベルをクリックしてください)
+content-sec-policy=Content-Security-Policy
+content-sec-policy-tooltip=デフォルト値では別のオリジンの IFrame からの読み込みを防ぎます (詳細はラベルをクリックしてください)
+content-sec-policy-report-only=Content-Security-Policy-Report-Only
+content-sec-policy-report-only-tooltip=コンテンツセキュリティポリシーのテスト用
+content-type-options=X-Content-Type-Options
+content-type-options-tooltip=デフォルト値では Internet Explorer と Google Chrome に対して、宣言された content-type を避けてレスポンスの MIME-sniffing を行うことを防ぎます (詳細はラベルをクリックしてください)
+robots-tag=X-Robots-Tag
+robots-tag-tooltip=検索エンジンにページが表示されないようにする(詳細については、ラベルをクリックしてください)。
+x-xss-protection=X-XSS-Protection
+x-xss-protection-tooltip=このヘッダーは、ブラウザーにクロスサイトスクリプティング(XSS)フィルターを設定します。デフォルトの動作を使用すると、ブラウザーはXSS攻撃が検出されたときにページのレンダリングを防止します(詳細については、ラベルをクリックしてください)
+strict-transport-security=HTTP Strict Transport Security (HSTS)
+strict-transport-security-tooltip=Strict-Transport-Security HTTPヘッダーは、常にHTTPSを使用するようにブラウザーに指示します。ブラウザーはこのヘッダーを確認すると、max-ageで指定された期間(1年間)、HTTPS経由でのみサイトにアクセスします(サブドメインを含む)。
+permanent-lockout=永久ロックアウト
+permanent-lockout.tooltip=最大ログイン失敗回数を超えたときに、ユーザーを永久にロックします。
+max-login-failures=最大ログイン失敗回数
+max-login-failures.tooltip=検出するまでの失敗回数です。
+wait-increment=連続失敗時の待機時間
+wait-increment.tooltip=失敗回数が閾値に達した場合、どれくらいの時間ユーザーはロックアウトされるか設定します。
+quick-login-check-millis=クイックログイン試行間のミリ秒数チェック
+quick-login-check-millis.tooltip=クイックログイン失敗があまりにも頻繁に発生した場合は、ユーザーをロックアウトします。
+min-quick-login-wait=クイックログイン失敗時の最小待機時間
+min-quick-login-wait.tooltip=クイックログイン失敗後にどれくらいの時間待機するか設定します。
+max-wait=最大待機時間
+max-wait.tooltip=ユーザーがロックアウトされる最大待機時間を設定します。
+failure-reset-time=ログイン失敗回数のリセット時間
+failure-reset-time.tooltip=いつ失敗回数がリセットされるか設定します。
+realm-tab-login=ログイン
+realm-tab-keys=鍵
+realm-tab-email=Eメール
+realm-tab-themes=テーマ
+realm-tab-cache=キャッシュ
+realm-tab-tokens=トークン
+realm-tab-client-registration=クライアント登録
+realm-tab-security-defenses=セキュリティ防御
+realm-tab-general=一般
+add-realm=レルムの追加
+
+#Session settings
+realm-sessions=レルムセッション
+revocation=取り消し
+logout-all=すべてログアウトする
+active-sessions=有効なセッション
+offline-sessions=オフラインセッション
+sessions=セッション
+not-before=この日時より前
+not-before.tooltip=この日時より前に発行されたトークンを取り消します。
+set-to-now=現在日時を設定
+push=プッシュ
+push.tooltip=管理URLを持つすべてのクライアントに対して、新しい取り消しポリシーを通知します。
+
+#Protocol Mapper
+usermodel.prop.label=プロパティ
+usermodel.prop.tooltip=UserModel インタフェースのプロパティメソッドの名前です。例えば、 「email」 の値は UserModel.getEmail() メソッドを参照しています。
+usermodel.attr.label=ユーザー属性
+usermodel.attr.tooltip=格納されるユーザー属性名、UserMode.attribute マップ内の属性名です。
+userSession.modelNote.label=ユーザーセッションノート
+userSession.modelNote.tooltip=UserSessionModel.note マップ内のユーザーセッションノート名です。
+multivalued.label=マルチバリュー
+multivalued.tooltip=属性がマルチバリューをサポートしているかどうかを示します。サポートしている場合は、この属性のすべての値リストがクレームとして設定されます。サポートしていない場合は、最初の値だけがクレームとして設定されます。
+aggregate.attrs.label=属性値の集約
+aggregate.attrs.tooltip=属性値をグループ属性と集約する必要があるかどうかを示します。OpenID Connectマッパーを使用している場合は、すべての値を取得するためにマルチバリューのオプションも有効にする必要があります。重複した値は破棄され、値の順序はこのオプションでは保証されません。
+selectRole.label=ロールの選択
+selectRole.tooltip=左側にあるテキストボックスにロールを入力するか、ブラウズして必要なロールを選択するためにこのボタンをクリックしてください。
+tokenClaimName.label=トークンクレーム名
+tokenClaimName.tooltip=トークン内に挿入するクレームの名前を設定します。 「address.street」 のように完全修飾名で設定します。この場合、ネストされた JSON オブジェクトが作成されます。ネスティングを防ぎ、ドットを文字通りに使用するには、ドットをバックスラッシュ(\\.)でエスケープします。
+jsonType.label=クレーム JSON タイプ
+jsonType.tooltip=トークンへの JSON クレーム の追加で使用される JSON タイプを設定します。 long、int、boolean、String、JSON が有効な値です。
+includeInIdToken.label=ID トークンに追加
+includeInIdToken.tooltip=クレームを ID トークンに追加すべきかどうかを設定します。
+includeInAccessToken.label=アクセストークンに追加
+includeInAccessToken.tooltip=クレームをアクセストークンに追加すべきかどうかを設定します。
+includeInUserInfo.label=UserInfo に追加
+includeInUserInfo.tooltip=クレームを UserInfo に追加すべきかどうかを設定します。
+usermodel.clientRoleMapping.clientId.label=クライアント ID
+usermodel.clientRoleMapping.clientId.tooltip=ロールマッピング用のクライアント ID。このクライアントのクライアント・ロールだけがトークンに追加されます。これが設定されていない場合は、すべてのクライアントのクライアント・ロールがトークンに追加されます。
+usermodel.clientRoleMapping.rolePrefix.label=クライアントロールのプレフィックス
+usermodel.clientRoleMapping.rolePrefix.tooltip=各クライアントロールのプレフィックスを設定します (オプション)。
+usermodel.clientRoleMapping.tokenClaimName.tooltip=トークン内に挿入するクレームの名前を設定します。 「address.street」 のように完全修飾名で設定します。この場合、ネストされた JSON オブジェクトが作成されます。ネスティングを防ぎ、ドットを文字通りに使用するには、ドットをバックスラッシュ(\\.)でエスケープします。特別なトークン${client_id}を使うことができ、これは実際のクライアントIDに置き換えられます。使用例は「resource_access.${client_id}.roles」です。これは、すべてのクライアントからロールを追加する場合(特に「Client ID」スイッチが設定されていない場合)や、各クライアントのクライアントロールを別々の場所に配置する場合に、特に便利です。
+usermodel.realmRoleMapping.rolePrefix.label=レルムロールのプレフィックス
+usermodel.realmRoleMapping.rolePrefix.tooltip=各レルムロールのプレフィックスを設定します (オプション)。
+sectorIdentifierUri.label=Sector Identifier URI
+sectorIdentifierUri.tooltip=pairwise sub 値を使用し、かつ Dynamic Client Registration をサポートするプロバイダーは、sector_identifier_uri パラメータを使用すべきです (SHOULD)。これは、共通の管理下にある Web サイト群に対し、個々のドメイン名とは独立して parwise sub 値の一貫性を保持する方法を提供します。また、クライアントに対し、すべてのユーザーを再登録させることなしに redirect_uri を変更する方法も提供します。
+pairwiseSubAlgorithmSalt.label=ソルト
+pairwiseSubAlgorithmSalt.tooltip=pairwise subject identifier を計算する際に使用するソルトを設定します。空白のままにするとソルトは生成されます。
+addressClaim.street.label=その他住所のユーザー属性名
+addressClaim.street.tooltip=「address」トークンクレーム内の「street_address」サブクレームにマップするために使用されるユーザー属性の名前。デフォルトは「street」です。
+addressClaim.locality.label=市区町村のユーザー属性名
+addressClaim.locality.tooltip=「address」トークンクレーム内の「locality」サブクレームにマップするために使用されるユーザー属性の名前。デフォルトは「locality」です。
+addressClaim.region.label=都道府県のユーザー属性名
+addressClaim.region.tooltip=「address」トークンクレーム内の「region」サブクレームにマップするために使用されるユーザー属性の名前。デフォルトは「region」です。
+addressClaim.postal_code.label=郵便番号のユーザー属性名
+addressClaim.postal_code.tooltip=「address」トークンクレーム内の「postal_code」サブクレームにマップするために使用されるユーザー属性の名前。デフォルトは「postal_code」です。
+addressClaim.country.label=国のユーザー属性名
+addressClaim.country.tooltip=「address」トークンクレーム内の「country」サブクレームにマップするために使用されるユーザー属性の名前。デフォルトは「country」です。
+addressClaim.formatted.label=整形された住所のユーザー属性名
+addressClaim.formatted.tooltip=「address」トークンクレーム内の「formatted」サブクレームにマップするために使用されるユーザー属性の名前。デフォルトは「formatted」です。
+included.client.audience.label=含まれるクライアント・オーディエンス
+included.client.audience.tooltip=指定されたオーディエンス・クライアントのクライアントIDが、トークンのオーディエンス(aud)フィールドに含まれます。トークンに既存のオーディエンスが存在する場合は、指定された値が単にそれらに追加されます。既存のオーディエンスを上書きすることはありません。
+included.custom.audience.label=含まれるカスタム・オーディエンス
+included.custom.audience.tooltip=これは「含まれるクライアント・オーディエンス」が入力されていない場合にのみ使用されます。指定された値が、トークンのオーディエンス(aud)フィールドに含まれます。トークンに既存のオーディエンスが存在する場合は、指定された値が単にそれらに追加されます。既存のオーディエンスを上書きすることはありません。
+
+# client details
+clients.tooltip=クライアントとはレルム内の信頼されたブラウザーアプリケーションや Web サービスです。これらのクライアントはログインを要求することができます。また、クライアント固有のロールを定義することができます。
+search.placeholder=検索...
+create=作成
+import=インポート
+client-id=クライアント ID
+base-url=ベース URL
+actions=アクション
+not-defined=未定義
+edit=編集
+delete=削除
+no-results=結果がありません
+no-clients-available=使用可能なクライアントはありません
+add-client=クライアントの追加
+select-file=ファイルを選択
+view-details=詳細を参照
+clear-import=インポートをクリア
+client-id.tooltip=URI とトークンで参照される ID を指定します。例えば 「my-client」 です。 SAML においては 期待される AuthnRequest の Issuer の値になります。
+client.name.tooltip=クライアントの表示名を指定します。例えば、 「My Client」 です。ローカライズ用のキーもサポートしています。例\: ${my_client}
+client.enabled.tooltip=無効なクライアントはログインを開始したり、アクセストークンを取得したりすることはできません。
+consent-required=同意が必要
+consent-required.tooltip=有効の場合は、ユーザーはクライアントアクセスに同意する必要があります。
+client.display-on-consent-screen=同意画面でクライアントを表示
+client.display-on-consent-screen.tooltip=同意する必要がある場合にのみ適用されます。このスイッチがオフの場合、同意画面には設定されたクライアントスコープに対応する同意のみが表示されます。オンの場合、同意画面にこのクライアント自体に関する項目も1つ表示されます。
+client.consent-screen-text=クライアントの同意画面のテキスト
+client.consent-screen-text.tooltip=このクライアントに対して、「同意画面でクライアントを表示」がオンの場合にのみ適用されます。このクライアントに対する特定のアクセス許可について、同意画面に表示するテキストを設定します。
+client-protocol=クライアントプロトコル
+client-protocol.tooltip=「OpenID Connect」 は、認可サーバーによって実行される認証を元にして、エンドユーザーのアイデンティティを確認するクライアントです。 「SAML」 は、クロスドメインのシングルサインオン (SSO) を含むWeb ベースの認証と認可シナリオを可能にし、情報を渡すためにアサーションを含むセキュリティトークンを使用します。
+access-type=アクセスタイプ
+access-type.tooltip=「Confidential」 クライアントはログインプロトコルの開始するためにシークレットを必要とします。 「Public」 クライアントはシークレットを必要としません。 「Bearer-only」 クライアントはログインを開始することはない Web サービスです。
+standard-flow-enabled=Standard Flow の有効
+standard-flow-enabled.tooltip=OpenID Connect の標準的な、認可コードによるリダイレクトベースの認証を有効にします。 OpenID Connect または OAuth2 の仕様における 「Authorization Code Flow」 のサポートを有効にします。
+implicit-flow-enabled=Implicit Flow の有効
+implicit-flow-enabled.tooltip=OpenID Connect の認可コードなしのリダイレクトベース認証のサポートを有効にします。OpenID Connect または OAuth2 の仕様における 「Implicit Flow」 のサポートを有効にします。
+direct-access-grants-enabled=ダイレクトアクセスグラントの有効
+direct-access-grants-enabled.tooltip=ダイレクトアクセスグラントのサポートを有効にします。これは、アクセストークンの取得のために Keycloak サーバーとユーザーのユーザー名/パスワードで直接アクセスを行います。OAuth2 の仕様における 「リソースオーナーパスワードクレデンシャルグラント」 のサポートを有効にします。
+service-accounts-enabled=サービスアカウントの有効
+service-accounts-enabled.tooltip=Keycloak にこのクライアントを認証し、このクライアント専用のアクセストークンの取得ができるようになります。OAuth2 の仕様における 「クライアントクレデンシャルグラント」 のサポートを有効にします。
+include-authnstatement=AuthnStatement を含める
+include-authnstatement.tooltip=認証方式とタイムスタンプを含めたステートメントをログインレスポンスに含めるべきか設定します。
+include-onetimeuse-condition=OneTimeUse 条件を含める
+include-onetimeuse-condition.tooltip=OneTimeUse 条件をログインレスポンスに含めるべきか設定します。
+sign-documents=ドキュメントを署名する
+sign-documents.tooltip=SAML ドキュメントをレルムで署名すべきか設定します。
+sign-documents-redirect-enable-key-info-ext=REDIRECT 署名鍵検索の最適化
+sign-documents-redirect-enable-key-info-ext.tooltip=Keycloak アダプターによって保護された SP の REDIRECT Binding で SAML ドキュメントに署名する際、署名キーの ID を <Extensions> 要素の SAML プロトコルメッセージに含める必要がありますか? これにより、検証のために既知のすべてのキーを試行する代わりに単一のキーを使用するため、署名の検証が最適化されます。
+sign-assertions=アサーションを署名する
+sign-assertions.tooltip=SAML ドキュメント内のアサーションを署名すべきか設定します。もしドキュメントが既に署名済みの場合は、この設定は不要です。
+signature-algorithm=署名アルゴリズム
+signature-algorithm.tooltip=ドキュメントの署名に使用する署名アルゴリズムです。
+canonicalization-method=正規化方式
+canonicalization-method.tooltip=XML署名の正規化方式 (Canonicalization Method) を設定します。
+encrypt-assertions=アサーションを暗号化する
+encrypt-assertions.tooltip=SAML アサーションをクライアントの公開鍵で AES を使い暗号化すべきか設定します。
+client-signature-required=クライアント署名が必須
+client-signature-required.tooltip=クライアントは SAML リクエストとレスポンスを署名しますか? それらを検証すべきか設定します。
+force-post-binding=POST Binding を強制
+force-post-binding.tooltip=レスポンスに常に POST Binding を使用します。
+front-channel-logout=フロントチャンネルログアウト
+front-channel-logout.tooltip=有効の場合は、ログアウトはクライアントへのブラウザーリダイレクトが必要になります。無効の場合は、サーバーはログアウトのバックグラウンド呼び出しを行います。
+force-name-id-format=Name ID フォーマットを強制
+force-name-id-format.tooltip=要求された NameID サブジェクトフォーマットを無視し、管理コンソールで設定された物を使用します。
+name-id-format=Name ID フォーマット
+name-id-format.tooltip=サブジェクトに使用する Name ID フォーマットを設定します。
+root-url=ルート URL
+root-url.tooltip=相対 URL に追加するルート URL を設定します。
+valid-redirect-uris=有効なリダイレクト URI
+valid-redirect-uris.tooltip=ログインまたはログインの成功後にブラウザーがリダイレクト可能とする、有効な URI パターンを設定します。単純なワイルドカード、つまり 「http://example.com/*」 が使用可能です。相対パス、つまり 「/my/relative/path/*」 も指定可能です。相対パスはクライアントのルート URL を基準とします。または、未指定の場合は認証サーバーのルート URL が使用されます。SAML では、ログインリクエストに埋め込まれたコンシューマサービスの URL に依存している場合は、有効な URI パターンを設定する必要があります。
+base-url.tooltip=認証サーバーがクライアントへのリダイレクトまたは戻るリンクを必要とする際に使用するデフォルト URL を設定します。
+admin-url=管理 URL
+admin-url.tooltip=クライアントの管理インタフェースの URL を設定します。クライアントがアダプターの REST API をサポートしている場合に設定してください。この REST API により、認証サーバーは取り消しポリシーや他の管理タスクをプッシュすることができます。通常、クライアントのベース URL を設定します。
+master-saml-processing-url=SAML を処理するマスター URL
+master-saml-processing-url.tooltip=設定された場合は、この URL が SP のアサーションコンシューマおよびシングルログアウトサービスの両方の Binding に使われます。これは、SAML エンドポイントの詳細設定にある各 Binding やサービスの設定にて個別に上書きすることができます。
+idp-sso-url-ref=IDP Initiated SSO の URL Name
+idp-sso-url-ref.tooltip=IDP Initiated SSO を行う際にクライアントを参照するための URL フラグメント名を設定します。空にすると IDP Initiated SSO は無効になります。ブラウザーから参照する URL は 「{server-root}/realms/{realm}/protocol/saml/clients/{client-url-name}」 になります。
+idp-sso-url-ref.urlhint=対象の IDP initiated SSO の URL:
+idp-sso-relay-state=IDP Initiated SSO の RelayState
+idp-sso-relay-state.tooltip=IDP Initiated SSO を行う際の SAML リクエストで送信したい RelayState を設定します。
+web-origins=Web オリジン
+web-origins.tooltip=許可される CORS オリジンを設定します。有効なリダイレクト URI のすべてのオリジンを許可するには 「+」 を追加してください。すべてのオリジンを許可するには 「*」 を追加してください。
+fine-oidc-endpoint-conf=OpenID Connect の詳細設定
+fine-oidc-endpoint-conf.tooltip=このセクションを展開して、OpenID Connect プロトコルに関連するこのクライアントの高度な設定を行います。
+access-token-signed-response-alg=アクセストークン署名アルゴリズム
+access-token-signed-response-alg.tooltip=アクセストークンの署名に使用されるJWAアルゴリズム。
+id-token-signed-response-alg=IDトークン署名アルゴリズム
+id-token-signed-response-alg.tooltip=IDトークンの署名に使用されるJWAアルゴリズム。
+id-token-encrypted-response-alg=IDトークン暗号化鍵管理アルゴリズム
+id-token-encrypted-response-alg.tooltip=IDトークンの暗号化鍵の管理に使用されるJWAアルゴリズム。このオプションは、暗号化されたIDトークンが必要な場合にのみ必須です。空のままにすると、IDトークンは署名されますが、暗号化されません。
+id-token-encrypted-response-enc=IDトークン暗号化コンテンツの暗号化アルゴリズム
+id-token-encrypted-response-enc.tooltip=id-token-encrypted-response-enc.tooltip=IDトークンの暗号化の際に、コンテンツの暗号化に使用されるJWAアルゴリズム。このオプションは、暗号化されたIDトークンが必要な場合にのみ必須です。空のままにすると、IDトークンは署名されますが、暗号化されません。
+user-info-signed-response-alg=署名付き User Info レスポンスのアルゴリズム
+user-info-signed-response-alg.tooltip=署名付き User Info エンドポイントのレスポンスに使用する JWA アルゴリズムを設定します。「unsigned」 に設定した場合は、User Info レスポンスは署名されず、application/json 形式で返されます。
+request-object-signature-alg=リクエストオブジェクトの署名アルゴリズム
+request-object-signature-alg.tooltip=クライアントが 「request」 または 「request_uri」 パラメータで指定された OIDC リクエストオブジェクトを送信する際に使用する必要がある、JWA アルゴリズムを設定します。「any」 に設定した場合は、リクエストオブジェクトは任意のアルゴリズム (「none」 を含む) で署名されます。
+request-object-required=リクエストオブジェクトが必要
+request-object-required.tooltip=クライアントが認可リクエストとともにリクエストオブジェクトを提供する必要があるかどうか、およびそのためにどの方法を使用できるかを指定します。「not required」に設定されている場合、リクエストオブジェクトの提供はオプションです。それ以外のケースでは、リクエストオブジェクトを提供する必要があります。「request」に設定されている場合、リクエストオブジェクトは値で提供される必要があります。「request_uri」に設定されている場合、リクエストオブジェクトは参照によって提供される必要があります。「requestまたはrequest_uri」に設定されている場合、いずれの方法も使用できます。
+fine-saml-endpoint-conf=SAML エンドポイントの詳細設定
+fine-saml-endpoint-conf.tooltip=アサーションコンシューマおよびシングルログアウトサービスの正確な URL を設定するにはこのセクションを開きます。
+assertion-consumer-post-binding-url=アサーションコンシューマサービスの POST Binding URL
+assertion-consumer-post-binding-url.tooltip=アサーションコンシューマサービス (ログインレスポンス) の SAML POST Binding URL を設定します。この Binding のための URL がない場合は空でよいです。
+assertion-consumer-redirect-binding-url=アサーションコンシューマサービスの Redirect Binding URL
+assertion-consumer-redirect-binding-url.tooltip=アサーションコンシューマサービス (ログインレスポンス) の SAML Redirect Binding URL を設定します。この Binding のための URL がない場合は空でよいです。
+logout-service-post-binding-url=ログアウトサービスの POST Binding URL
+logout-service-post-binding-url.tooltip=シングルログアウトサービスの SAML POST Binding URLを設定します。異なる Binding を使用している場合は空でよいです。
+logout-service-redir-binding-url=ログアウトサービスの Redirect Binding URL
+logout-service-redir-binding-url.tooltip=シングルログアウトサービスの SAML Redirect Binding URLを設定します。異なる Binding を使用している場合は空でよいです。
+saml-signature-keyName-transformer= SAML署名鍵名
+saml-signature-keyName-transformer.tooltip=署名されたSAML文書には、KeyName要素の署名鍵の識別情報が含まれています。Keycloak / RH-SSOカウンターパーティーの場合は、KEY_IDを使用し、MS AD FSの場合はCERT_SUBJECTを使用します。他のオプションが動作しない場合はNONEをチェックして使用します。
+oidc-compatibility-modes= OpenID Connect互換モード
+oidc-compatibility-modes.tooltip=このセクションを展開して、古いOpenID Connect / OAuth2アダプターとの下位互換性の設定を行います。これは、クライアントが古いバージョンのKeycloak / RH-SSOアダプターを使用している場合に特に便利です。
+exclude-session-state-from-auth-response=認証レスポンスからセッション状態を除外
+exclude-session-state-from-auth-response.tooltip=これがオンの場合、パラメーター「session_state」はOpenID Connect認証レスポンスに含まれません。クライアントが「session_state」パラメーターをサポートしていない古いOIDC / OAuth2アダプターを使用している場合に便利です。
+
+# client import
+import-client=クライアントのインポート
+format-option=フォーマットオプション
+select-format=フォーマットを選択
+import-file=ファイルをインポート
+
+# client tabs
+settings=設定
+credentials=クレデンシャル
+saml-keys=SAML 鍵
+roles=ロール
+mappers=マッパー
+mappers.tooltip=プロトコルマッパーはトークンやドキュメントの変換を行います。ユーザーデータをプロトコルのクレームにマッピングしたり、クライアントと認証サーバー間の任意のリクエストを単に変換したりすることができます。
+scope=スコープ
+scope.tooltip=スコープマッピングはクライアントに要求されたアクセストークン内に含まれるユーザーのロールマッピングを制限することができます。
+sessions.tooltip=このクライアントの有効なセッションを参照します。どのユーザーがアクティブでいつログインしたかを見ることができます。
+offline-access=オフラインアクセス
+offline-access.tooltip=このクライアントのオフラインセッションを参照します。オフライントークンをどのユーザーがいつ取得したかを見ることができます。このクライアントのすべてのトークンを取り消すには、取り消しタブを開き、 「この日時より前」 に現在日時を設定してください。
+clustering=クラスタリング
+installation=インストール
+installation.tooltip=様々なクライアントアダプターの設定フォーマットを生成するヘルパーユーティリティです。生成したものをダウンロードまたはカットアンドペーストしてクライアントに設定することができます。
+service-account-roles=サービスアカウントロール
+service-account-roles.tooltip=このクライアント専用のサービスアカウントのロールマッピングを認証できるようにします。
+
+# client credentials
+client-authenticator=クライアント認証
+client-authenticator.tooltip=Keycloak サーバーに対してこのクライアントの認証に使用するクライアント認証方式を設定します。
+certificate.tooltip=クライアントで発行され、キーストアの秘密鍵で署名された JWT を検証するためのクライアント証明書です。
+publicKey.tooltip=クライアントで発行され、秘密鍵で署名された JWT を検証するための公開鍵です。
+no-client-certificate-configured=クライアント証明書が設定されていません
+gen-new-keys-and-cert=新しい鍵と証明書を生成
+import-certificate=証明書をインポート
+gen-client-private-key=クライアントの秘密鍵の生成
+generate-private-key=秘密鍵の生成
+kid=Kid
+kid.tooltip=インポートされた JWKS のクライアントの公開鍵の KID (Key ID) を設定します。
+use-jwks-url=JWKS URL の使用
+use-jwks-url.tooltip=有効とした場合は、クライアントの公開鍵が指定の JWKS URL からダウンロードされます。 これにより、クライアントが新しい鍵ペアを生成した際に、新しい鍵が常に再ダウンロードされるため、柔軟性が向上します。無効とした場合は、Keycloak DB の公開鍵 (または証明書) が使用されるため、クライアントの鍵ペアが変更された際には、常に新しい鍵 (または証明書) を Keycloak DB にもインポートする必要があります。
+jwks-url=JWKS URL
+jwks-url.tooltip=JWK 形式のクライアント鍵が格納されている URL を設定します。詳細は JWK の仕様を参照してください。「jwt」 クレデンシャルを持つ keycloak クライアントアダプターを使用している場合は、アプリケーションに「/k_jwks」という接尾辞を付けた URL を使用することができます。例えば、「http://www.myhost.com/myapp/k_jwks」 です。
+archive-format=アーカイブ形式
+archive-format.tooltip=Java キーストアまたは PKCS12 アーカイブ形式
+key-alias=キーエイリアス
+key-alias.tooltip=秘密鍵と証明書のアーカイブエイリアスです。
+key-password=鍵のパスワード
+key-password.tooltip=アーカイブ内の秘密鍵にアクセスするためのパスワード
+store-password=ストアのパスワード
+store-password.tooltip=アーカイブ自身にアクセスするためのパスワード
+generate-and-download=生成 & ダウンロード
+client-certificate-import=クライアント証明書のインポート
+import-client-certificate=クライアント証明書のインポート
+jwt-import.key-alias.tooltip=証明書のアーカイブエイリアスです。
+secret=シークレット
+regenerate-secret=シークレットの再生成
+registrationAccessToken=登録用アクセストークン
+registrationAccessToken.regenerate=登録用アクセストークンの再生成
+registrationAccessToken.tooltip=登録用アクセストークンにより、クライアントはクライアント登録サービスにアクセスできます。
+add-role=ロールの追加
+role-name=ロール名
+composite=複合
+description=説明
+no-client-roles-available=使用可能なクライアントロールはありません。
+composite-roles=複合ロール
+composite-roles.tooltip=このロールがユーザーにアサイン(アサイン解除)された際に、関連するロールが暗黙的にアサイン(アサイン解除)されます。
+realm-roles=レルムロール
+available-roles=使用可能なロール
+add-selected=選択したものを追加
+associated-roles=関連ロール
+composite.associated-realm-roles.tooltip=この複合ロールに関連付けされているレルムレベルのロールです。
+composite.available-realm-roles.tooltip=この複合ロールに関連付け可能なレルムレベルのロールです。
+remove-selected=選択されたものを削除
+client-roles=クライアントロール
+select-client-to-view-roles=ロールを参照するにはクライアントを選択してください
+available-roles.tooltip=この複合ロール関連付け可能なこのクライアントのロールです。
+client.associated-roles.tooltip=この複合ロールに関連付けされているクライアントロールです。
+add-builtin=ビルトインを追加
+category=カテゴリ
+type=タイプ
+priority-order=優先順位
+no-mappers-available=使用可能なマッパーはありません
+add-builtin-protocol-mappers=ビルトインプロトコルマッパーを追加
+add-builtin-protocol-mapper=ビルトインプロトコルマッパーを追加
+scope-mappings=スコープマッピング
+full-scope-allowed=フルスコープを許可
+full-scope-allowed.tooltip=全ての制限の無効を許可します。
+scope.available-roles.tooltip=スコープにアサイン可能なレルムレベルのロールです。
+assigned-roles=アサイン済みロール
+assigned-roles.tooltip=スコープにアサイン済みのレルムレベルのロールです。
+effective-roles=有効なロール
+realm.effective-roles.tooltip=複合ロールの継承も含めたアサイン済みのレルムレベルのロールです。
+select-client-roles.tooltip=ロールを参照するにはクライアントを選択してください
+assign.available-roles.tooltip=アサイン可能なクライアントロールです。
+client.assigned-roles.tooltip=アサイン済みクライアントロールです。
+client.effective-roles.tooltip=複合ロールより引き継いでいるロールも含めたアサイン済みのクライアントロールです。
+basic-configuration=基本設定
+node-reregistration-timeout=ノード再登録のタイムアウト
+node-reregistration-timeout.tooltip=登録されたクライアントをクラスターノードへ再登録する際の最大時間間隔を設定します。クラスターノードがこの時間内に Keycloak に再登録リクエストを送信しない場合は、Keycloak から登録解除されます。
+registered-cluster-nodes=登録済みクラスターノード
+register-node-manually=ノードを手動で登録
+test-cluster-availability=クラスターの可用性をテスト
+last-registration=最終登録
+node-host=ノードホスト
+no-registered-cluster-nodes=使用可能な登録済みクラスターノードがありません
+cluster-nodes=クラスターノード
+add-node=ノードを追加
+active-sessions.tooltip=このクライントの有効なユーザーセッションの合計数です。
+show-sessions=セッションを表示
+show-sessions.tooltip=有効なセッション数に応じて高負荷なオペレーションになる恐れがありますので注意してください。
+user=ユーザー
+from-ip=From IP
+session-start=セッション開始
+first-page=最初のページ
+previous-page=前のページ
+next-page=次のページ
+client-revoke.not-before.tooltip=この日時より前に発行されたこのクライアント用のトークンを取り消します。
+client-revoke.push.tooltip=管理 URL がこのクライアントに設定されている場合は、クライアントにポリシーをプッシュします。
+select-a-format=フォーマットを選択
+download=ダウンロード
+offline-tokens=オフライントークン
+offline-tokens.tooltip=このクライアントのオフライントークンの合計数です。
+show-offline-tokens=オフライントークンを表示
+show-offline-tokens.tooltip=オフライントークン数に応じて高負荷なオペレーションになる恐れがありますので注意してください。
+token-issued=発行済みトークン
+last-access=最終アクセス
+last-refresh=最終リフレッシュ
+key-export=鍵をエクスポート
+key-import=鍵をインポート
+export-saml-key=SAML 鍵をエクスポート
+import-saml-key=SAML 鍵をインポート
+realm-certificate-alias=レルム証明書エイリアス
+realm-certificate-alias.tooltip=レルム証明書もアーカイブに格納されます。これはそのエイリアスとなります。
+signing-key=署名鍵
+saml-signing-key=SAML 署名鍵です。
+private-key=秘密鍵
+generate-new-keys=新しい鍵を生成
+export=エクスポート
+encryption-key=暗号化鍵
+saml-encryption-key.tooltip=SAML 暗号化鍵です。
+service-accounts=サービスアカウント
+service-account.available-roles.tooltip=サービスアカウントにアサイン可能なレルムレベルのロールです。
+service-account.assigned-roles.tooltip=サービスアカウントにアサイン済みのレルムレベルのロールです。
+service-account-is-not-enabled-for={{client}} のサービスアカウントは有効ではありません
+create-protocol-mappers=プロトコルマッパーを作成
+create-protocol-mapper=プロトコルマッパーを作成
+protocol=プロトコル
+protocol.tooltip=プロトコルです。
+id=ID
+mapper.name.tooltip=マッパーの名前です。
+mapper.consent-required.tooltip=一時的なアクセスを許可する際に、クライアントへの提供データにユーザーの同意を必要とするか設定します。
+consent-text=同意のテキスト
+consent-text.tooltip=同意ページに表示するテキストです。
+mapper-type=マッパータイプ
+mapper-type.tooltip=マッパーのタイプです。
+# realm identity providers
+identity-providers=アイデンティティ プロバイダー
+table-of-identity-providers=アイデンティティ プロバイダーの一覧表
+add-provider.placeholder=プロバイダーを追加...
+provider=プロバイダー
+gui-order=GUI 順序
+first-broker-login-flow=初回ログインフロー
+post-broker-login-flow=ログイン後のフロー
+redirect-uri=リダイレクト URI
+redirect-uri.tooltip=アイデンティティ プロバイダーの設定で使用するリダイレクト URIです。
+alias=エイリアス
+display-name=表示名
+identity-provider.alias.tooltip=エイリアスは一意にアイデンティティ プロバイダーを識別するもので、リダイレクト URI の構築にも使用されます。
+identity-provider.display-name.tooltip=アイデンティティ プロバイダーの分かりやすい名前を設定します。
+identity-provider.enabled.tooltip=このアイデンティティ プロバイダーの有効/無効を設定します。
+authenticate-by-default=デフォルトで認証
+identity-provider.authenticate-by-default.tooltip=ログイン画面の表示前に、このプロバイダーでデフォルトで認証試行すべきかどうかを示しています。
+store-tokens=トークンの格納
+identity-provider.store-tokens.tooltip=ユーザー認証後のトークン格納の有効/無効を設定します。
+stored-tokens-readable=読み取り可能なトークンを格納
+identity-provider.stored-tokens-readable.tooltip=新しいユーザーが格納されたトークンを読み取り可能かどうかの有効/無効設定です。broker.read-token ロールをアサインします。
+disableUserInfo=User Info の無効
+identity-provider.disableUserInfo.tooltip=追加のユーザー情報を取得する User Info サービスの使用を無効にしますか? デフォルトではこの OIDC サービスを使用します。
+userIp=userIp パラメータの使用
+identity-provider.google-userIp.tooltip=Googleの User Info サービスの呼び出し時に「userIp」クエリパラメータを設定します。これはユーザーの IP アドレスを使用します。Google が User Info サービスへのアクセスを制限している場合に役立ちます。
+offlineAccess=リフレッシュトークンを要求する
+identity-provider.google-offlineAccess.tooltip=リフレッシュトークンを取得するには、Google認可エンドポイントにリダイレクトするときに「access_type」クエリー・パラメーターを「offline」に設定します。ユーザーがブラウザーを利用していないときに、Google APIにアクセスするためのGoogleトークンを取得するために、トークン交換の使用を計画している場合に便利です。
+hostedDomain=ホストされたドメイン
+identity-provider.google-hostedDomain.tooltip=Googleにログインするときに「hd」クエリー・パラメーターを設定します。Googleはこのドメインのアカウントのみを一覧表示します。Keycloakは、返されたIDトークンにこのドメインに対するクレームがあることを検証します。「*」を入力すると、任意のホストされたアカウントを使用できます。
+sandbox=対象のサンドボックス
+identity-provider.paypal-sandbox.tooltip=対象のPayPalサンドボックス環境
+update-profile-on-first-login=初回ログイン時にプロフィールを更新
+on=オン
+on-missing-info=情報不足の場合
+off=オフ
+update-profile-on-first-login.tooltip=初回ログイン時にどのユーザーがプロフィールの更新を必要とするか条件を定義します。
+trust-email=Eメールを信頼
+trust-email.tooltip=有効とした場合は、このレルムでEメールの確認が有効となっている場合でも、このプロバイダーが提供するEメールは確認されなくなります。
+link-only=アカウントのリンクのみ
+link-only.tooltip=trueの場合、ユーザーはこのプロバイダーからログインできません。このプロバイダーにリンクすることのみできます。これは、プロバイダーからのログインを許可したくないが、プロバイダーと統合したい場合に便利です
+hide-on-login-page=ログインページで非表示
+hide-on-login-page.tooltip=非表示の場合、明示的にリクエストされていれば(例えば、'kc_idp_hint'パラメーターを使用していれば)、このプロバイダーによるログインが可能です。
+gui-order.tooltip=GUI (例. ログインページ上) でのプロバイダーの表示順序を決める番号を設定します。
+first-broker-login-flow.tooltip=このアイデンティティ プロバイダーでの初回ログイン後に起動させる認証フローのエイリアスです。 「初回ログイン」 という用語は、認証したアイデンティティ プロバイダーアカウントに関連付けられた Keycloak アカウントがまだ存在しない状態であることを意味します。
+post-broker-login-flow.tooltip=このアイデンティティ プロバイダーでの各ログイン後に起動させる認証フローのエイリアスです。このアイデンティティ プロバイダーで認証された各ユーザーの追加の確認 (例えば OTP) を行いたい場合に便利です。このアイデンティティ プロバイダーによるログイン後に追加の Authenticator の起動を行いたくない場合は、空のままとしてください。また、Authenticator の実装では、ClientSession にはアイデンティティ プロバイダーによりユーザーが既に設定されていることに注意してください。
+openid-connect-config=OpenID Connect の設定
+openid-connect-config.tooltip=OIDC SP と 外部 IDP の設定です。
+authorization-url=認可 URL
+authorization-url.tooltip=認可 URL を設定します。
+token-url=トークン URL
+token-url.tooltip=トークン URL を設定します。
+loginHint=login_hintを渡す
+loginHint.tooltip=アイデンティティプロバイダーにlogin_hintを渡します。
+uiLocales=現在のロケールを渡す
+uiLocales.tooltip=現在のロケールをui_localesパラメーターとしてアイデンティティー・プロバイダーに渡します。
+logout-url=ログアウト URL
+identity-provider.logout-url.tooltip=外部 IDP からユーザーのログアウトに使用するセッション終了エンドポイントを設定します。
+backchannel-logout=バックチャンネルログアウト
+backchannel-logout.tooltip=外部 IDP がバックチャンネルログアウトをサポートするどうかを設定します。
+user-info-url=UserInfo URL
+user-info-url.tooltip=UserInfo の URL を設定します。これはオプションです。
+identity-provider.client-id.tooltip=アイデンティティ プロバイダーで登録されているクライアントまたはクライアント識別子を設定します。
+client-secret=クライアントシークレット
+show-secret=シークレットを表示する
+hide-secret=シークレットを隠す
+client-secret.tooltip=アイデンティティ プロバイダーで登録されているクライアントまたはクライアントシークレットを設定します。
+issuer=発行者 (Issuer)
+issuer.tooltip=レスポンス内の発行者の識別子 (Issuer Identifier) を設定します。未設定の場合は、検証は実行されません。
+default-scopes=デフォルトスコープ
+identity-provider.default-scopes.tooltip=認可要求の際に送信されるスコープです。スペース区切りでスコープのリストを設定します。デフォルトは 「openid」 です。
+prompt=プロンプト (prompt)
+unspecified.option=未定義
+none.option=none
+consent.option=consent
+login.option=login
+select-account.option=select_account
+prompt.tooltip=認証サーバーは再認証や同意をエンドユーザーに促すかどうかを指定します。
+accepts-prompt-none-forward-from-client=クライアントから転送されるprompt=noneを受け入れる
+accepts-prompt-none-forward-from-client.tooltip=これは、アイデンティティー・プロバイダー・オーセンティケーターとともに使用されるか、またはkc_idp_hintがこのアイデンティティー・プロバイダーを指す場合に使用されます。クライアントがprompt=noneでリクエストを送信し、ユーザーがまだ認証されていない場合、エラーは直接クライアントに返されませんが、prompt=noneのリクエストはこのアイデンティティー・プロバイダーに転送されます。
+validate-signatures=署名検証
+identity-provider.validate-signatures.tooltip=外部 IDP の署名検証の有効/無効を設定します。
+identity-provider.use-jwks-url.tooltip=有効とした場合は、アイデンティティ プロバイダーの公開鍵が指定された JWKS URL からダウンロードされます。アイデンティティ プロバイダーが新しい鍵ペアを生成する際に、新しい鍵が常に再ダウンロードされるため、柔軟性が大幅に向上します。無効とした場合は、Keycloak DB の公開鍵 (または証明書) が使用されるため、アイデンティティ プロバイダーの鍵ペアが変更された際には、常に Keycloak DB に新しい鍵をインポートする必要があります。
+identity-provider.jwks-url.tooltip=JWK 形式のアイデンティティ プロバイダーの鍵が格納されている URL を設定します。詳細は JWK の仕様を参照してください。外部の Keycloak アイデンティティ プロバイダーを使用する場合は、ブローカーの Keycloak が 「http://broker-keycloak:8180」 で実行されておりレルムが 「test」 と仮定すると、「http://broker-keycloak:8180/auth/realms/test/protocol/openid-connect/certs」 のような URL を使用することができます。
+validating-public-key=検証用の公開鍵
+identity-provider.validating-public-key.tooltip=外部 IDP の署名検証に使用する PEM 形式の公開鍵を設定します。
+validating-public-key-id=検証用の公開鍵ID
+identity-provider.validating-public-key-id.tooltip=鍵IDの場合、上記の検証用の公開鍵の明示的なID。外部IDPで指定された鍵IDに関係なく、上記の鍵を常に使用する必要がある場合は空白のままにしてください。鍵を使用する必要がある場合、外部IDPからの鍵IDが一致するかどうかを確認するためにのみ設定します。
+allowed-clock-skew=許容されるクロックスキュー
+identity-provider.allowed-clock-skew.tooltip=アイデンティティプロバイダーのトークンの検証時に許容されるクロックスキュー(秒単位)。デフォルト値は0です。
+forwarded-query-parameters=転送されるクエリー・パラメーター
+identity-provider.forwarded-query-parameters.tooltip=最初のアプリケーションへのリクエストから取得し、外部IDPの認可エンドポイントへ転送されるOpenID Connect/OAuth標準以外のクエリー・パラメーター。複数のパラメーターをカンマ(,)で区切って入力できます。
+import-external-idp-config=外部 IDP 設定のインポート
+import-external-idp-config.tooltip=外部 IDP メタデータを設定ファイルよりロード、または URL よりダウンロードして設定します。
+import-from-url=URL よりインポート
+identity-provider.import-from-url.tooltip=リモート IDP ディスカバリディスクリプタよりメタデータをインポートします。
+import-from-file=ファイルよりインポート
+identity-provider.import-from-file.tooltip=ダウンロードした IDP ディスカバリディスクリプタよりメタデータをインポートします。
+saml-config=SAML 設定
+identity-provider.saml-config.tooltip=SAML SP と 外部 IDP の設定です。
+single-signon-service-url=シングルサインオンサービスの URL
+saml.single-signon-service-url.tooltip=認証リクエスト (SAML AuthnRequest) の送信に使用する URL を設定します。
+single-logout-service-url=シングルログアウトサービスの URL
+saml.single-logout-service-url.tooltip=ログアウトリクエストの送信に使用する URL を設定します。
+nameid-policy-format=Name ID ポリシーフォーマット
+nameid-policy-format.tooltip=Name ID フォーマットに対応する URI リファレンスを指定します。デフォルトは urn:oasis:names:tc:SAML:2.0:nameid-format:persistent になります。
+http-post-binding-response=HTTP-POST Binding レスポンス
+http-post-binding-response.tooltip=HTTP-POST Binding を使用してリクエストに応答するかどうかを設定します。オフの場合は、HTTP-REDIRECT Binding が使用されます。
+http-post-binding-for-authn-request=AuthnRequest の HTTP-POST Binding
+http-post-binding-for-authn-request.tooltip=HTTP-POST Binding を使用して AuthnRequest を送信するかどうかを設定します。オフの場合は、HTTP-REDIRECT Binding が使用されます。
+http-post-binding-logout=HTTP-POST Binding ログアウト
+http-post-binding-logout.tooltip=HTTP-POST Binding を使用してリクエストに応答するかどうかを設定します。オフの場合、HTTP-REDIRECT Binding が使用されます。
+want-authn-requests-signed=AuthnRequest の署名が必要
+want-authn-requests-signed.tooltip=アイデンティティプロバイダーが署名付きAuthnRequestを要求するかどうかを設定します。
+want-assertions-signed=アサーションの署名が必要
+want-assertions-signed.tooltip=このサービスプロバイダーが署名付きアサーションを要求するかどうかを設定します。
+want-assertions-encrypted=アサーションの暗号化が必要
+want-assertions-encrypted.tooltip=このサービスプロバイダーが暗号化されたアサーションを期待するかどうかを設定します。
+force-authentication=認証を強制
+identity-provider.force-authentication.tooltip=アイデンティティ プロバイダーが以前のセキュリティコンテキストに頼るのではなく、プレゼンターを直接認証すべきかどうかを設定します。
+validate-signature=署名検証
+saml.validate-signature.tooltip=SAML レスポンスの署名検証の有効/無効を設定します。
+validating-x509-certificate=検証用の X509 証明書
+validating-x509-certificate.tooltip=署名の確認に使用する PEM 形式の証明書を設定します。
+saml.import-from-url.tooltip=リモート IDP の SAML エンティティディスクリプタからメタデータをインポートします。
+social.client-id.tooltip=アイデンティティ プロバイダーで登録されているクライアント識別子を設定します。
+social.client-secret.tooltip=アイデンティティ プロバイダーで登録されているクライアントシークレットを設定します。
+social.default-scopes.tooltip=認可要求の際に送信されるスコープを設定します。設定可能な値、区切り文字、デフォルト値はドキュメントを参照してください。
+key=Key
+stackoverflow.key.tooltip=Stack Overflow のクライアント登録で取得した Key を設定します。
+openshift.base-url=ベースURL
+openshift.base-url.tooltip=OpenShift Online APIのベースURL
+openshift4.base-url=ベースURL
+openshift4.base-url.tooltip=OpenShift Online APIのベースURL
+gitlab-application-id=アプリケーションID
+gitlab-application-secret=アプリケーションシークレット
+gitlab.application-id.tooltip=GitLabアプリケーションのアカウントメニューで作成したアプリケーションのアプリケーションID
+gitlab.application-secret.tooltip=GitLabアプリケーションのアカウントメニューで作成したアプリケーションのシークレット
+gitlab.default-scopes.tooltip=ログイン時に要求するスコープ。openidは常に要求されます。何も指定しない場合は、さらにapiを追加します。
+bitbucket-consumer-key=コンシューマーキー
+bitbucket-consumer-secret=コンシューマーシークレット
+bitbucket.key.tooltip=Bitbucket OAuthコンシューマーキー
+bitbucket.secret.tooltip=Bitbucket OAuthコンシューマーシークレット
+bitbucket.default-scopes.tooltip=ログイン時に要求するスコープ。何も指定しなければ、scopeはデフォルトで「email」になります。
+# User federation
+sync-ldap-roles-to-keycloak=LDAP ロールを Keycloak に同期
+sync-keycloak-roles-to-ldap=Keycloak ロールを LDAP に同期
+sync-ldap-groups-to-keycloak=LDAP グループを Keycloak に同期
+sync-keycloak-groups-to-ldap=Keycloak グループを LDAP に同期
+realms=レルム
+realm=レルム
+identity-provider-mappers=アイデンティティ プロバイダー マッパー
+create-identity-provider-mapper=アイデンティティ プロバイダー マッパーを作成
+add-identity-provider-mapper=アイデンティティ プロバイダー マッパーを追加
+client.description.tooltip=クライアントの説明を指定します。例えば 「タイムシート用のクライアント」 です。ローカライズ用のキーもサポートしています。例\: ${my_client_description}
+expires=有効期限
+expiration=有効期限
+expiration.tooltip=トークンの有効期間を指定します。
+count=カウント
+count.tooltip=このトークンを利用してクライアントをいくつ作成可能か指定します。
+remainingCount=残りのカウント
+created=作成日時
+back=戻る
+initial-access-tokens=初期アクセストークン
+add-initial-access-tokens=初期アクセストークンを追加
+initial-access-token=初期アクセストークン
+initial-access.copyPaste.tooltip=このページから移動する前に初期アクセストークンをコピー/ペーストします。後で検索することはできません。
+continue=続ける
+initial-access-token.confirm.title=初期アクセストークンのコピー
+initial-access-token.confirm.text=後からは取得することはできませんので、初期アクセストークンのコピー & ペーストを行ってください
+no-initial-access-available=使用可能な初期アクセストークンはありません
+client-reg-policies=クライアント登録ポリシー
+client-reg-policy.name.tooltip=ポリシーの表示名を設定します。
+anonymous-policies=Anonymous アクセスのポリシー
+anonymous-policies.tooltip=これらのポリシーはクライアント登録サービスが未認証リクエストによって呼び出された際に使用されます。これは、リクエストには初期アクセストークンも Bearer トークンも含まれないことを意味します。
+auth-policies=認証済みアクセスのポリシー
+auth-policies.tooltip=これらのポリシーは認証されたリクエストによってクライアント登録サービスが呼び出された際に使用されます。これは、リクエストに初期アクセストークンまたは Bearer トークンが含まれていることを意味します。
+policy-name=ポリシー名
+no-client-reg-policies-configured=クライアント登録ポリシーはありません。
+trusted-hosts.label=信頼されたホスト
+trusted-hosts.tooltip=信頼され、クライアント登録サービスを呼び出すことが許可されている、および/またはクライアント URI の値として使用されているホストのリストを設定します。ホスト名または IP アドレスを使用して設定します。スター (例えば 「* .example.com」) を使用すると、example.com のドメイン全体が信頼されます。
+host-sending-registration-request-must-match.label=クライアント登録リクエストを送信するホストの一致が必須
+host-sending-registration-request-must-match.tooltip=有効とした場合は、信頼されたホストまたはドメインから送信されたクライアント登録サービスへのリクエストは許可されます。
+client-uris-must-match.label=クライアント URI の一致が必須
+client-uris-must-match.tooltip=有効とした場合は、すべてのクライアント URI (リダイレクト URI など) は、信頼されたホストまたはドメインと一致する場合にのみ許可されます。
+allowed-protocol-mappers.label=許可されたプロトコルマッパー
+allowed-protocol-mappers.tooltip=許可されたプロトコルマッパープロバイダーのホワイトリストを設定します。ホワイトリストに登録されていないプロトコルマッパーを含むクライアントを登録しようとすると、登録リクエストは拒否されます。
+consent-required-for-all-mappers.label=マッパーの同意が必要
+consent-required-for-all-mappers.tooltip=有効とした場合は、新たに登録されたすべてのプロトコルマッパーは自動的に 「同意が必要」 が有効となります。これは、ユーザーが同意画面で承認する必要があることを意味します。注記: 同意画面は、クライアントが 「同意が必要」 を有効にしている場合にのみ表示されます。そのため、通常は同意が必要なポリシーとともに使用します。
+allowed-client-scopes.label=許可されたクライアントスコープ
+allowed-client-scopes.tooltip=クライアントスコープのホワイトリスト。新しく登録されたクライアントで使用できます。 ホワイトリストに登録されていないクライアントスコープをクライアントに登録しようとすると、拒否されます。 デフォルトでは、ホワイトリストは空かレルムのデフォルトのクライアントスコープが含まれているかのいずれかです(「デフォルトスコープの許可」設定プロパティに基づいています)。
+allow-default-scopes.label=許可されたデフォルトスコープ
+allow-default-scopes.tooltip=オンの場合、新規に登録されたクライアントは、レルムのデフォルトのクライアントスコープか、レルムのオプションのクライアントスコープに記述されたクライアントスコープを持つことが許可されます。
+max-clients.label=レルムあたりの最大クライアント数
+max-clients.tooltip=レルム内の既存のクライアントの数が設定された制限と同じかそれ以上の場合は、新しいクライアントを登録することはできません。
+
+client-scopes=クライアントスコープ
+client-scopes.tooltip=クライアントスコープを使用すると、複数のクライアント間で共有されるプロトコルマッパーとロールの共通セットを定義できます
+
+groups=グループ
+
+group.add-selected.tooltip=グループにアサイン可能なレルムロールです。
+group.assigned-roles.tooltip=グループにマッピングされたレルムロールです。
+group.effective-roles.tooltip=マッピングされているすべてのレルムロールです。複合ロールより引き継いでいるロールも含みます。
+group.available-roles.tooltip=このクライアントよりアサイン可能なロールです。
+group.assigned-roles-client.tooltip=マッピングされたこのクライアントのロールです。
+group.effective-roles-client.tooltip=マッピングされたこのクライアントのロールです。複合ロールより引き継いでいるロールも含みます。
+
+default-roles=デフォルトロール
+no-realm-roles-available=使用可能なレルムロールはありません
+
+users=ユーザー
+user.add-selected.tooltip=ユーザーにアサイン可能なレルムロールです。
+user.assigned-roles.tooltip=ユーザーにマッピングされたレルムロールです。
+user.effective-roles.tooltip=マッピングされているすべてのレルムロールです。複合ロールより引き継いでいるロールも含みます。
+user.available-roles.tooltip=このクライアントよりアサイン可能なロールです。
+user.assigned-roles-client.tooltip=マッピングされたこのクライアントのロールです。
+user.effective-roles-client.tooltip=マッピングされたこのクライアントのロールです。複合ロールより引き継いでいるロールも含みます。
+default.available-roles.tooltip=アサイン可能なレルムレベルのロールです。
+realm-default-roles=レルムのデフォルトロール
+realm-default-roles.tooltip=ユーザーにアサインされたレルムレベルのロールです。
+default.available-roles-client.tooltip=デフォルトでアサイン可能なこのクライアントのロールです。
+client-default-roles=クライアントのデフォルトロール
+client-default-roles.tooltip=デフォルトロールとしてアサインされたこのクライアントのロールです。
+composite.available-roles.tooltip=この複合ロールに関連付け可能なレルムレベルのロールです。
+composite.associated-roles.tooltip=この複合ロールに関連付けされているレルムレベルのロールです。
+composite.available-roles-client.tooltip=この複合ロールに関連付け可能なこのクライアントのロールです。
+composite.associated-roles-client.tooltip=この複合ロールに関連付けされているクライアントロールです。
+partial-import=部分インポート
+partial-import.tooltip=部分インポートでは、以前にエクスポートした JSON ファイルよりユーザー、クライアント、およびその他のリソースをインポートすることができます。
+
+file=ファイル
+exported-json-file=エクスポートされた JSON ファイル
+import-from-realm=レルムからインポート
+import-users=ユーザーをインポート
+import-groups=グループをインポート
+import-clients=クライアントをインポート
+import-identity-providers=アイデンティティ プロバイダーをインポート
+import-realm-roles=レルムロールをインポート
+import-client-roles=クライアントロールをインポート
+if-resource-exists=リソースが存在する場合
+fail=失敗
+skip=スキップ
+overwrite=上書き
+if-resource-exists.tooltip=既に存在するリソースをインポートしようとした場合にどうすべきかを指定します。
+
+partial-export=部分エクスポート
+partial-export.tooltip=部分エクスポートでは、レルム設定やその他の関連リソースをjsonファイルにエクスポートできます。
+export-groups-and-roles=グループとロールのエクスポート
+export-clients=クライアントのエクスポート
+
+action=アクション
+role-selector=ロールの選択
+realm-roles.tooltip=選択可能なレルムロールです。
+
+select-a-role=ロールを選択してください
+select-realm-role=レルムロールを選択
+client-roles.tooltip=選択可能なクライアントロールです。
+select-client-role=クライアントロールを選択
+
+client-saml-endpoint=クライアント SAML エンドポイント
+add-client-scope=クライアントスコープの追加
+
+default-client-scopes=デフォルトのクライアントスコープ
+default-client-scopes.tooltip=作成された各クライアントに自動的に追加されるクライアントスコープ
+default-client-scopes.default=デフォルトのクライアントスコープ
+default-client-scopes.default.tooltip=作成された各クライアントにデフォルトスコープとして追加されるクライアントスコープの定義を許可する
+default-client-scopes.default.available=利用可能なクライアントスコープ
+default-client-scopes.default.available.tooltip=レルムのデフォルトまたはオプションのスコープとして割り当てられていないクライアントスコープ
+default-client-scopes.default.assigned=割り当てられたデフォルトのクライアントスコープ
+default-client-scopes.default.assigned.tooltip=作成された各クライアントにデフォルトスコープとして追加されるクライアントスコープ
+default-client-scopes.optional=オプションのクライアントスコープ
+default-client-scopes.optional.tooltip=作成された各クライアントにオプションのスコープとして追加されるクライアントスコープの定義を許可する
+default-client-scopes.optional.available=利用可能なクライアントスコープ
+default-client-scopes.optional.available.tooltip=レルムのデフォルトまたはオプションのスコープとして割り当てられていないクライアントスコープ
+default-client-scopes.optional.assigned=割り当てられたオプションのクライアントスコープ
+default-client-scopes.optional.assigned.tooltip=作成された各クライアントにオプションのスコープとして追加されるクライアントスコープ
+
+client-scopes.setup=セットアップ
+client-scopes.setup.tooltip=このクライアントにリンクされたクライアントスコープを設定できるようにします
+client-scopes.default=デフォルトのクライアントスコープ
+client-scopes.default.tooltip=このクライアントにトークンを発行する際に、デフォルトのクライアントスコープが常に適用されます。プロトコルマッパーとロールスコープのマッピングは、OIDC認可リクエストで使用されているスコープパラメーターの値に関係なく常に適用されます
+client-scopes.default.available=利用可能なクライアントスコープ
+client-scopes.default.available.tooltip=デフォルトまたはオプションのスコープとして割り当てられていないクライアントスコープ
+client-scopes.default.assigned=割り当てられたデフォルトのクライアントスコープ
+client-scopes.default.assigned.tooltip=このクライアントのトークンを生成する際に、デフォルトスコープとして使用されるクライアントスコープ
+client-scopes.optional=オプションのクライアントスコープ
+client-scopes.optional.tooltip=このクライアントのトークンを発行する際に、適用されるオプションのクライアントスコープ。ただし、OIDC認可リクエストのスコープパラメーターによって要求された場合のみ
+client-scopes.optional.available=利用可能なクライアントスコープ
+client-scopes.optional.available.tooltip=デフォルトまたはオプションのスコープとして割り当てられていないクライアントスコープ
+client-scopes.optional.assigned=割り当てられたオプションのクライアントスコープ
+client-scopes.optional.assigned.tooltip=このクライアントのトークンを生成する際に、オプションのスコープとして使用できるクライアントスコープ
+
+client-scopes.evaluate=評価
+client-scopes.evaluate.tooltip=このクライアントに発行されたトークンで使用されるすべてのプロトコルマッパーとロールスコープのマッピングを表示することを許可します。また、提供されたスコープパラメーターに基づいてサンプルアクセストークンを生成することもできます
+scope-parameter=スコープパラメーター
+scope-parameter.tooltip=このスコープパラメーターの値をコピー/ペーストし、このクライアントアダプターから送信された最初のOpenID Connect認証リクエストで使用できます。このクライアントに発行されたトークンを生成するときは、デフォルトのクライアントスコープと選択されたオプションのクライアントスコープが使用されます
+client-scopes.evaluate.scopes=クライアントスコープ
+client-scopes.evaluate.scopes.tooltip=このクライアントに発行されたトークンを生成する際に使用されるオプションのクライアントスコープを選択することを許可します
+client-scopes.evaluate.scopes.available=利用可能なオプションのクライアントスコープ
+client-scopes.evaluate.scopes.available.tooltip=これにはオプションのクライアントスコープが含まれています。このスコープは、このクライアントのアクセストークンを発行するときにオプションで使用できます
+client-scopes.evaluate.scopes.assigned=選択されたオプションのクライアントスコープ
+client-scopes.evaluate.scopes.assigned.tooltip=選択されたオプションのクライアントスコープは、このクライアントのアクセストークンを発行するときに使用されます。これらのオプションのクライアントスコープを最初のOpenID Connect認証リクエストがクライアントアダプターから送信されたときに適用する場合、OAuthスコープパラメーターのどの値を使用する必要があるかを上で見ることができます
+client-scopes.evaluate.scopes.effective=有効なクライアントスコープ
+client-scopes.evaluate.scopes.effective.tooltip=すべてのデフォルトのクライアントスコープと選択されたオプションのスコープが含まれます。クライアントに発行されたアクセストークンを生成するときに、すべてのクライアントスコープのすべてのプロトコルマッパーとロールスコープのマッピングが使用されます
+client-scopes.evaluate.user.tooltip=必要に応じて、サンプルのアクセストークンを生成するユーザーを選択します。ユーザーを選択しないと、評価中にサンプルのアクセストークンは生成されません
+send-evaluation-request=評価
+send-evaluation-request.tooltip=これをクリックすると、このクライアントにアクセストークンを発行するときに使用されるすべてのプロトコルマッパーとロールスコープのマッピングが表示されます。いくつかのユーザーが選択された場合には、オプションでサンプルのアクセストークンも生成されます
+
+evaluated-protocol-mappers=有効なプロトコルマッパー
+evaluated-protocol-mappers.tooltip=このクライアントにトークンを発行する際に使用されるすべての有効なプロトコルマッパーを表示できます。選択されたオプションのクライアントスコープのプロトコルマッパーも含まれます。プロトコルマッパーごとに、どのクライアントスコープから継承されているかを見ることができます
+evaluated-roles=有効なロールスコープマッピング
+evaluated-roles.tooltip=このクライアントにトークンを発行するときに使用されるすべての有効なロールスコープマッピングを表示できます。選択したオプションのクライアントスコープのロールスコープマッピングも含まれます。
+parent-client-scope=親クライアントスコープ
+client-scopes.evaluate.not-granted-roles=許可されていないロール
+client-scopes.evaluate.not-granted-roles.tooltip=クライアントには、これらのロールのスコープマッピングがありません。これらのロールは、認証されたユーザーがそれらのメンバーであっても、このクライアントに発行されるアクセストークンには含まれません
+client-scopes.evaluate.granted-realm-effective-roles=付与された有効なレルムロール
+client-scopes.evaluate.granted-realm-effective-roles.tooltip=クライアントには、これらのロールのスコープマッピングがあります。認証されたユーザーがそれらのメンバーである場合、これらのロールはこのクライアントに発行されるアクセストークンに含まれます
+client-scopes.evaluate.granted-client-effective-roles=付与された有効なクライアントロール
+generated-access-token=生成されたアクセストークン
+generated-access-token.tooltip=選択されたユーザーが認証されると生成され、クライアントに送信されるトークンのサンプルを参照してください。トークンには、有効なプロトコルマッパーとロールスコープのマッピングに基づいて、またユーザー自身に割り当てられたクレーム/ロールに基づいた、クレームとロールが表示されます
+
+manage=管理
+authentication=認証
+user-federation=ユーザーフェデレーション
+user-storage=ユーザーストレージ
+events=イベント
+realm-settings=レルムの設定
+configure=設定
+select-realm=レルムの選択
+add=追加
+
+client-storage=クライアントストレージ
+no-client-storage-providers-configured=クライアントストレージプロバイダーが設定されていません
+client-stores.tooltip=Keycloakは、クライアントとその詳細を外部ストアから取得できます。
+
+client-scope.name.tooltip=クライアントスコープの名前。レルム内でユニークでなければなりません。スコープパラメーターの値として使用されるため、名前には空白文字を含めないでください
+client-scope.description.tooltip=クライアントスコープの説明
+client-scope.protocol.tooltip=このクライアントスコープによって提供されているSSOプロトコル設定がどれか
+client-scope.display-on-consent-screen=同意画面で表示する
+client-scope.display-on-consent-screen.tooltip=オンで、このクライアントスコープが同意が必要なクライアントに追加された場合、「同意画面のテキスト」で指定されたテキストが同意画面に表示されます。オフの場合、このクライアントスコープは同意画面に表示されません
+client-scope.consent-screen-text=同意画面のテキスト
+client-scope.consent-screen-text.tooltip=このクライアントスコープが同意が必要なクライアントに追加された場合に、同意画面に表示されるテキスト。指定しない場合は、デフォルトでクライアントスコープの名前になります
+client-scope.gui-order=GUI順序
+client-scope.gui-order.tooltip=GUI(例:同意ページ)でのプロバイダーの順序をに整数で指定します。
+client-scope.include-in-token-scope=トークンスコープに含める
+client-scope.include-in-token-scope.tooltip=オンの場合、このクライアント・スコープの名前がアクセストークン・プロパティーの「scope」と同様にトークン・イントロスペクション・エンドポイントのレスポンスに追加されます。オフの場合、このクライアント・スコープはトークンとトークン・イントロスペクション・エンドポイントのレスポンスから除外されます。
+
+add-user-federation-provider=ユーザー フェデレーション プロバイダーの追加
+add-user-storage-provider=ユーザー ストレージ プロバイダーの追加
+required-settings=必要な設定
+provider-id=プロバイダー ID
+console-display-name=コンソール表示名
+console-display-name.tooltip=管理コンソール内でのリンク表示名を設定します。
+priority=優先度
+priority.tooltip=ユーザーを検索する際のプロバイダーの優先度を設定します。低い順となります。
+user-storage.enabled.tooltip=プロバイダーが無効になっている場合、クエリーは考慮されず、プロバイダーが再度有効になるまで、インポートされたユーザーは無効かつ読み取り専用になります。
+sync-settings=同期の設定
+periodic-full-sync=定期的なフル同期
+periodic-full-sync.tooltip=プロバイダーユーザーの Keycloak への定期的なフル同期を有効または無効とすべきかを設定します。
+full-sync-period=フル同期の周期
+full-sync-period.tooltip=フル同期の周期を秒で設定します。
+periodic-changed-users-sync=定期的な変更ユーザーの同期
+periodic-changed-users-sync.tooltip=変更または新規作成されたプロバイダーユーザーの Keycloak への定期的な同期を有効または無効とすべきか設定します。
+changed-users-sync-period=変更ユーザーの同期周期
+changed-users-sync-period.tooltip=変更または新規作成されたプロバイダーユーザーの同期周期を秒で設定します。
+synchronize-changed-users=変更ユーザーを同期
+synchronize-all-users=すべてのユーザーを同期
+remove-imported-users=インポートを削除
+unlink-users=ユーザーのリンクを解除する
+kerberos-realm=Kerberos レルム
+kerberos-realm.tooltip=Kerberos レルムの名前を設定します。例えば、 FOO.ORG です。
+server-principal=サーバープリンシパル
+server-principal.tooltip=サーバー、ドメイン名を含む HTTP サービスのサービスプリンシパルのフルネームを設定します。例えば、 HTTP/host.foo.org@FOO.ORG です。
+keytab=KeyTab
+keytab.tooltip=サーバープリンシパルのクレデンシャルを含む Kerberos の KeyTab ファイルを設定します。例えば、/etc/krb5.keytab です。
+debug=デバッグ
+debug.tooltip=Krb5LoginModule の標準出力へのデバッグロギングの有効/無効を設定します。
+allow-password-authentication=パスワード認証を許可
+allow-password-authentication.tooltip=Kerberos データベースに対するユーザー名/パスワード認証の有効/無効を設定します。
+edit-mode=編集モード
+edit-mode.tooltip=READ_ONLYは、パスワード更新が許可されず、ユーザーが常にKerberosパスワードで認証されることを意味します。UNSYNCEDは、ユーザーがKeycloakデータベースでパスワードを変更できることを意味し、このパスワードはKerberosパスワードの代わりに使用されます
+ldap.edit-mode.tooltip=READ_ONLYは、読み取り専用のLDAPストアです。WRITABLEは、必要に応じてデータをLDAPに同期させることを意味します。UNSYNCEDは、ユーザーデータをインポートするが、LDAPに同期しないことを意味します。
+update-profile-first-login=初回ログイン時にプロフィールを更新
+update-profile-first-login.tooltip=初回ログイン時のプロフィール更新の有効/無効を設定します。
+sync-registrations=登録の同期
+ldap.sync-registrations.tooltip=LDAP ストア内に新規作成ユーザーを作成すべきかどうかを設定します。どのプロバイダーが新しいユーザーの同期先に選択されるかは、優先度が影響します。
+import-enabled=ユーザーのインポート
+ldap.import-enabled.tooltip=trueの場合、LDAPユーザーはKeycloak DBにインポートされ、設定された同期ポリシーによって同期されます。
+vendor=ベンダー
+ldap.vendor.tooltip=LDAP ベンダー (プロバイダー)
+username-ldap-attribute=ユーザー名の LDAP 属性
+ldap-attribute-name-for-username=ユーザー名の LDAP 属性名
+username-ldap-attribute.tooltip=Keycloak ユーザー名にマッピングされる LDAP 属性名を設定します。多くの LDAP サーバーベンダーでは 「uid」 となります。Active Directory では 「sAMAccountName」 または 「cn」 となります。LDAP から Keycloak にインポートするすべての LDAP ユーザーのレコードで、属性は入力されているはずです。
+rdn-ldap-attribute=RDN LDAP 属性
+ldap-attribute-name-for-user-rdn=ユーザー RDN の LDAP 属性名
+rdn-ldap-attribute.tooltip=一般的なユーザー DN の RDN (top 属性) として使用される LDAP 属性名を設定します。通常は、ユーザー名の LDAP 属性 と同じですが、必須ではありません。例えば Active Directory では、ユーザー名が 「sAMAccountName」 だと RDN 属性として 「cn」 を使用するのが一般的です。
+uuid-ldap-attribute=UUID LDAP 属性
+ldap-attribute-name-for-uuid=UUID の LDAP 属性名
+uuid-ldap-attribute.tooltip=LDAP 内でオブジェクトのユニークなオブジェクト識別子 (UUID) として使用される LDAP 属性名を設定します。多くの LDAP サーバーベンダーでは 「entryUUID」 となりますが、異なる場合もあります。例えば Active Directory では、 「objectGUID」 となります。お使いの LDAP サーバーが UUID をサポートしていない場合は、ツリー内の LDAP ユーザーの中でユニークとなる他の属性を使用することができます。例えば、 「uid」 や 「entryDN」 です。
+user-object-classes=ユーザーオブジェクトクラス
+ldap-user-object-classes.placeholder=LDAP のユーザーオブジェクトクラス (カンマ区切り)
+ldap-connection-url=LDAP 接続 URL
+ldap-users-dn=LDAP ユーザー DN
+ldap-bind-dn=LDAP Bind DN
+ldap-bind-credentials=LDAP Bind のクレデンシャル
+ldap-filter=LDAP フィルター
+ldap.user-object-classes.tooltip=LDAP ユーザー用の すべての LDAP オブジェクトクラスをカンマ区切りで設定します。例: 「inetOrgPerson, organizationalPerson」 。新規作成された Keycloak ユーザーは、これらすべてのオブジェクトクラスを使用して LDAP に書き込まれます。また、既存の LDAP ユーザーのレコードは、これらすべてのオブジェクトクラスを含む場合だけ発見されます。
+connection-url=接続 URL
+ldap.connection-url.tooltip=お使いの LDAP サーバーへの接続 URL
+test-connection=接続テスト
+users-dn=ユーザー DN
+ldap.users-dn.tooltip=ユーザーがいる LDAP ツリーの完全 DN を設定します。この DN は LDAP ユーザーの親になります。例えば、典型的なユーザーは 「uid=john,ou=users,dc=example,dc=com」 のような DN となりますが、この場合は 「ou=users,dc=example,dc=com」 となります。
+authentication-type=バインドタイプ
+ldap.authentication-type.tooltip=LDAPバインド操作中に使用される認証方式のタイプ。LDAPサーバーに送信されるほとんどのリクエストで使用されます。現時点では「none」(匿名LDAP認証)または「simple」(クレデンシャル・バインド + パスワード・バインドの認証)のメカニズムしか利用できません。
+bind-dn=Bind DN
+ldap.bind-dn.tooltip=Keycloak が LDAP サーバーにアクセスするために使用する LDAP 管理者の DN を設定します。
+bind-credential=Bind のクレデンシャル
+ldap.bind-credential.tooltip=LDAP 管理者のパスワードを設定します。
+test-authentication=認証テスト
+custom-user-ldap-filter=カスタムユーザー LDAP フィルター
+ldap.custom-user-ldap-filter.tooltip=ユーザー検索のフィルタリングを行う LDAP フィルターを設定します。追加のフィルターが必要ない場合は空のままにしてください。設定は、 「(」 から始まり 「)」 で終わることを確認してください。
+search-scope=検索スコープ
+ldap.search-scope.tooltip=One Level では、ユーザー DN で指定された DN 内のユーザーのみを検索します。subtree では、サブツリー全体を検索します。より詳細については LDAP のドキュメントを参照してください。
+use-truststore-spi=トラストストア SPI を使用
+ldap.use-truststore-spi.tooltip=LDAP 接続で、standalone.xml/domain.xml で設定されたトラストストアの トラストストア SPI を使用するかどうかを指定します。 「Always」 は常に使用することを意味します。 「Never」 は使用しないことを意味します。 「Only for ldaps」 は、接続 URL が ldaps の場合に使用することを意味します。standalone.xml/domain.xml で設定されていない場合でも、デフォルトの Java CA 証明書 (cacerts) や 「javax.net.ssl.trustStore」 プロパティで指定された証明書が使用される点に注意してください。
+validate-password-policy=パスワードポリシーの検証
+connection-pooling=接続プーリング
+connection-pooling-settings=接続プーリングの設定
+connection-pooling-authentication=接続プーリング認証
+connection-pooling-authentication-default=none simple
+connection-pooling-debug=接続プールのデバッグレベル
+connection-pooling-debug-default=オフ
+connection-pooling-initsize=接続プールの初期サイズ
+connection-pooling-initsize-default=1
+connection-pooling-maxsize=接続プールの最大サイズ
+connection-pooling-maxsize-default=1000
+connection-pooling-prefsize=接続プールの推奨サイズ
+connection-pooling-prefsize-default=5
+connection-pooling-protocol=接続プールのプロトコル
+connection-pooling-protocol-default=plain
+connection-pooling-timeout=接続プールのタイムアウト
+connection-pooling-timeout-default=300000
+ldap-connection-timeout=接続タイムアウト
+ldap.connection-timeout.tooltip=LDAP接続タイムアウト(ミリ秒単位)
+ldap-read-timeout=読み取りタイムアウト
+ldap.read-timeout.tooltip=LDAP読み取りタイムアウト(ミリ秒単位)。このタイムアウトはLDAP読み取り操作に適用されます
+ldap.validate-password-policy.tooltip=パスワードを更新する前に、Keycloakはパスワードポリシーでパスワードを検証する必要があります
+ldap.connection-pooling.tooltip=Keycloak は LDAP サーバーへのアクセスで接続プールを使用するかどうかを設定します。
+ldap.connection-pooling.authentication.tooltip=プール可能な接続の認証タイプのリスト(スペース区切り)。有効なタイプは「none」、「simple」、「DIGEST-MD5」です。
+ldap.connection-pooling.debug.tooltip=生成するデバッグ出力のレベルを示す文字列。有効な値は、「fine」(接続の作成と削除のトレース)と「all」(すべてのデバッグ情報)です。
+ldap.connection-pooling.initsize.tooltip=アイデンティティ用に最初に接続を作成するときに作成する接続アイデンティティごとの接続数を表す整数の文字列表現。
+ldap.connection-pooling.maxsize.tooltip=接続アイデンティティごとに同時に維持できる接続の最大数を表す整数の文字列表現。
+ldap.connection-pooling.prefsize.tooltip=同時に維持する必要がある接続アイデンティティごとの優先接続数を表す整数の文字列表現。
+ldap.connection-pooling.protocol.tooltip=プール可能な接続のプロトコルタイプのリスト(スペース区切り)。有効なタイプは「plain」と「ssl」です。
+ldap.connection-pooling.timeout.tooltip=アイドル状態の接続がクローズされず、プールからも削除されないままプールに残る時間(ミリ秒)を表す整数の文字列表現。
+ldap.pagination.tooltip=LDAP サーバーはページネーションをサポートするかどうかを設定します。
+ldap.startTls.tooltip=STARTTLSを使用してLDAPへの接続を暗号化します。これにより接続プールが無効になります。
+kerberos-integration=Kerberos と統合
+allow-kerberos-authentication=Kerberos 認証を許可
+ldap.allow-kerberos-authentication.tooltip=SPNEGO/Kerberos のトークンを持つユーザーの HTTP 認証を有効/無効にします。認証されたユーザーに関するデータはこの LDAP サーバーよりプロビジョニングされます。
+use-kerberos-for-password-authentication=パスワード認証に Kerberos を使用
+ldap.use-kerberos-for-password-authentication.tooltip=LDAP サーバーに対してディレクトリサービスの API で認証する代わりに、Kerberos に対して ユーザー名/パスワード認証する Kerberos ログインモジュールを使用します。
+batch-size=バッチサイズ
+ldap.batch-size.tooltip=1トランザクションで LDAP から Keycloak にインポートされる LDAP ユーザー数を設定します。
+ldap.periodic-full-sync.tooltip=Keycloak への LDAP ユーザーの定期的なフル同期を有効/無効にします。
+ldap.periodic-changed-users-sync.tooltip=Keycloak への 変更または新規作成された LDAP ユーザーの定期的な同期を有効/無効にします。
+ldap.changed-users-sync-period.tooltip=変更または新規作成された LDAP ユーザーの同期周期を秒で設定します。
+user-federation-mappers=ユーザーフェデレーションのマッパー
+create-user-federation-mapper=ユーザーフェデレーション マッパーの作成
+add-user-federation-mapper=ユーザーフェデレーション マッパーの追加
+provider-name=プロバイダー名
+no-user-federation-providers-configured=設定されているユーザーフェデレーション プロバイダーはありません
+no-user-storage-providers-configured=設定されているユーザーストレージ プロバイダーはありません
+add-identity-provider=アイデンティティ プロバイダーの登録
+add-identity-provider-link=アイデンティティ プロバイダーのリンク登録
+identity-provider=アイデンティティ プロバイダー
+identity-provider-user-id=アイデンティティ プロバイダーのユーザー ID
+identity-provider-user-id.tooltip=アイデンティティ プロバイダー側のユーザーのユニーク ID です。
+identity-provider-username=アイデンティティ プロバイダーのユーザー名
+identity-provider-username.tooltip=アイデンティティ プロバイダー側のユーザー名です。
+pagination=ページネーション
+browser-flow=ブラウザーフロー
+browser-flow.tooltip=ブラウザー認証で使用したいフローを選択してください。
+registration-flow=登録フロー
+registration-flow.tooltip=登録で使用したいフローを選択してください。
+direct-grant-flow=ダイレクトグラントフロー
+direct-grant-flow.tooltip=ダイレクトグラント認証で使用したいフローを選択してください。
+reset-credentials=クレデンシャルのリセット
+reset-credentials.tooltip=ユーザーがクレデンシャルを忘れた際に使用したいフローを選択してください。
+client-authentication=クライアント認証
+client-authentication.tooltip=クライアント認証で使用したいフローを選択してください。
+docker-auth=Docker認証
+docker-auth.tooltip=Dockerクライアントに対する認証に使用するフローを選択します。
+new=新規作成
+copy=コピー
+add-execution=Execution を追加
+add-flow=フローを追加
+auth-type=認証タイプ
+requirement=必要条件
+config=設定
+no-executions-available=使用可能な Execution がありません
+authentication-flows=認証フロー
+create-authenticator-config=認証設定の作成
+authenticator.alias.tooltip=この設定の名前を設定します。
+otp-type=OTP タイプ
+time-based=タイムベース
+counter-based=カウンターベース
+otp-type.tooltip=OTP はタイムベースのワンタイムパスワードです。 「hotp」 は、サーバーでハッシュに対してカウンターを保持するカウンターベースのワンタイムパスワードです。
+otp-hash-algorithm=OTP ハッシュアルゴリズム
+otp-hash-algorithm.tooltip=OTP を生成するのにどのハッシュアルゴリズムを使用するか設定します。
+number-of-digits=桁数
+otp.number-of-digits.tooltip=OTP の桁数を設定します。
+look-ahead-window=先読みウィンドウ
+otp.look-ahead-window.tooltip=トークンジェネレーターとサーバーが時刻同期またはカウンター同期していないことを考慮してどれくらい先読みを行うか設定します。
+initial-counter=初期カウンター
+otp.initial-counter.tooltip=初期カウンターの値は何とするか設定します。
+otp-token-period=OTP トークンの期間
+otp-token-period.tooltip=OTP トークンは何秒有効とするか設定します。デフォルトは30秒です。
+otp-supported-applications=サポートされるアプリケーション
+otp-supported-applications.tooltip=現在のOTPポリシーで動作することが分かっているアプリケーション
+table-of-password-policies=パスワードポリシーの一覧表
+add-policy.placeholder=ポリシーを追加...
+policy-type=ポリシーのタイプ
+policy-value=ポリシーの値
+admin-events=管理イベント
+admin-events.tooltip=保存されたレルムの管理イベントを表示します。管理イベントは