| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| |
| |
| # |
| # This file contains localization strings for configuration labels and |
| # descriptions as used in the metatype.xml descriptor generated by the |
| # the Sling SCR plugin |
| |
| # |
| # Open ID Authentication handler |
| auth.openid.name = Apache Sling OpenID Authenticator |
| auth.openid.description = The OpenID Authenticator authenticates Sling users via OpenID. \ |
| The login sequence is triggered automatically for a resource if 'Allow Anonymous Access' \ |
| is false in the Request Authenticator. You can manually show the login form by accessing \ |
| the Login Request path (/system/sling/openid/login). You can logout by accessing the \ |
| Logout Request path (/system/sling/openid/logout). The various displayed pages \ |
| (login, auth success, auth fail & logout) are customizable. |
| |
| path.name = URL path prefixes |
| path.description = URL path prefixes handled by this Authenticator. If no \ |
| path is configured, it is regarded as inactive. If the handler should be \ |
| used for all requests, the path should be '/'. |
| |
| openid.use.cookie.name = Use cookie |
| openid.use.cookie.description = Use a cookie to persist the authentication. If this is \ |
| false, uses an HTTP session attribute. |
| |
| openid.cookie.name.name = Cookie name |
| openid.cookie.name.description = Name of cookie used to persist authentication. Only \ |
| used if 'Use Cookie' is true. |
| |
| openid.cookie.domain.name = Cookie domain |
| openid.cookie.domain.description = Domain of cookie used to persist authentication. Only \ |
| used if 'Use Cookie' is true. |
| |
| openid.cookie.path.name = Cookie path |
| openid.cookie.path.description = Path of cookie used to persist authentication. Only \ |
| used if 'Use Cookie' is true. |
| |
| openid.cookie.secret.key.name = Cookie Secret Key |
| openid.cookie.secret.key.description = Secret key used to encrypt cookie contents. Must \ |
| be less than 24 characters long. Only used if 'Use Cookie' is true. |
| |
| openid.login.form.name = URL of Open ID login form |
| openid.login.form.description = This should provide a way to capture the user's \ |
| OpenID identifier. This is not the OpenID Provider's login page, however, it does \ |
| not have to be a local URL. If it is a local Sling URL, it must be readable by \ |
| the anonymous user AND either 'Allow Anonymous Access' must be on in the Request \ |
| Authenticator OR 'Access auth resources anonymously' must be checked here. \ |
| The user is HTTP Redirect'ed to this URL. This page \ |
| should POST back the user's OpenID identifier (as named by the form field parameter) \ |
| to the originally requested URL (obtainable from HTTP Session attribute \ |
| OpenIDConstants.ORIGINAL_URL_ATTRIBUTE). If this form is accessed directly, \ |
| an optional request parameter 'OpenID.redirect' can set the \ |
| redirect URL that will be used after successful authentication (if 'Redirect to \ |
| original URL' is true). |
| |
| openid.login.identifier.name = OpenID identifier form field |
| openid.login.identifier.description = The name of the form parameter that contains \ |
| the user's OpenID identifier. By convention this is 'openid_identifier'. |
| |
| openid.original.url.onsuccess.name = Redirect to original URL |
| openid.original.url.onsuccess.description = Whether to redirect to the originally \ |
| requested URL after successful authentication. |
| |
| openid.login.success.name = Authentication Success URL |
| openid.login.success.description = URL to redirect user to after successful \ |
| authentication. Only respected if 'Redirect to original URL' is false. |
| |
| openid.login.fail.name = Authentication Failure URL |
| openid.login.fail.description = URL to redirect user to after failed \ |
| OpenID authentication. It does not have to be a local URL. If it is a local \ |
| Sling URL, it must be readable by the anonymous user AND either \ |
| 'Allow Anonymous Access' must be on in the Request Authenticator OR 'Access auth \ |
| resources anonymously' must be checked here. The user is HTTP Redirect'ed to this URL. \ |
| NOTE: this redirect is NOT called for a failed Repository login (in that case, \ |
| the login form will be re-displayed) |
| |
| openid.logout.name = Post-Logout URL |
| openid.logout.description = URL to redirect user to after logging out. Logout \ |
| is triggered by accessing Logout Request Path (/system/sling/openid/logout). An \ |
| optional request parameter 'OpenID.redirect' can override this URL for a single \ |
| logout request. |
| |
| openid.external.url.prefix.name = External URL prefix |
| openid.external.url.prefix.description = The prefix of URLs generated for OpenID \ |
| authentication requests. This URL must be resolvable from the client browser. \ |
| This is usually necessary when running Sling behind a proxy (like Apache) since proxy \ |
| mapping is not performed on the OpenID ReturnTo and TrustRoot URLs as they \ |
| are sent to the Provider as form parameters. If this is empty, the URLs are generated \ |
| using the hostname found in the original request. |
| |
| openid.anon.auth.resources.name = Access auth resources anonymously |
| openid.anon.auth.resources.description = Causes the authenticator to authenticate the \ |
| request as the anonymous user for the local login, auth failure & logout pages. \ |
| This is an explicit authentication as anonymous, and so circumvents the Request Authenticator's \ |
| 'Allow Anonymous' setting (which operates as a fallback). Setting this to true enables \ |
| Sling to serve the authentication resources to unauthenticated users even if 'Allow Anonymous' \ |
| is false (assuming the ACLs on the resources allow the anonymous user read access). |