Internationalization - SSO

All the texts presented on the login screens can be customized by using message bundle files. Support for multiple languages can be achieved by using multiple message bundle files. The language selection can either originate from the web application or the clients can change the used language themselves.

Message bundle files can either contain normal UI texts (uas-group) or error texts (errors-group).

When writing new message bundle files, the default values can be used as templates. It is not necessary to redefine all of the keys, however, for example if you write a message bundle providing a translation to the German language and leave a key undefined, the value that will be used for that key will be the one from the English default values.

Some messages show parameters, which are represented by a sequence number in curly braces. The files use the message formatting system from java.text.MessageFormat (http://download.oracle.com/javase/6/docs/api/java/text/MessageFormat.html). For example, in uas-group the key MENU_INTRO_TEXT takes a parameter.

Use of some special characters is not permitted and must be replaced by the equivalent html code. Examples include hyphen (-) and backslash (\)   – use - and \ respectively.


Listing 1. The default messages in the uas-group
#
# i18n/uas.properties
#
# This file declares messages for the user-interface
#

#Common

SERVER_NAME = Ubisecure
COPYRIGHT = Powered By Ubisecure

HEADER_TEXT1 = Identify and authorize.
HEADER_TEXT2 = Enable secure business.

# Buttons

EXIT = Exit
NEXT = Sign In
CONTINUE = Continue
CANCEL = Cancel
CONFIRM = Confirm

# General login

USERNAME = Username:
PASSWORD = Password:
METHOD = Domain:
OTP_PASSWORD = One-Time Password:
SMS_PASSWORD = One-Time Password:
SMTP_PASSWORD = One-Time Password:
NEW_PASSWORD = New password:
NEW_PASSWORD_CONFIRM = Confirm:

# Menu

MENU_INTRO_TITLE = Welcome
MENU_INTRO_TEXT = The service that you are trying to access, {0}, requires you to sign in.
MENU_INTRO2_TEXT = 
MENU_HELP_TITLE = Help
MENU_HELP_TEXT = Please sign in using one of the options on the right hand side.
MENU_HELP_LINKS = <li><a href="javascript:view.navigate('password.reset')">Password Reset</a></li>
MENU_LOGIN_TITLE = Sign In
MENU_LOGIN_TEXT = Please enter your username and password.
MENU_LOGIN_OTHER = Or choose another way to sign in
MENU_EXTERNAL_TITLE = Sign In Using a Provider
MENU_EXTERNAL_TEXT = You can sign in using an authentication provider.

# Password

PASSWORD_INTRO_TITLE = Welcome
PASSWORD_INTRO_TEXT = The service that you are trying to access, {0}, requires you to sign in.
PASSWORD_INTRO2_TEXT = 
PASSWORD_HELP_TITLE = Help
PASSWORD_HELP_TEXT = If you have an account, please enter your username and password to access the service.
PASSWORD_HELP_LINKS = <li><a href="javascript:view.navigate('password.reset')">Password Reset</a></li>
PASSWORD_LOGIN_TITLE = Sign In
PASSWORD_LOGIN_TEXT = Please enter your username and password.

PASSWORD_EXPIRED_HELP_TITLE = Help
PASSWORD_EXPIRED_HELP_TEXT = You have been authenticated, but your password has expired. You must change your password before \
you can proceed to the requested service. The new password must be entered twice to confirm that it is entered correctly.
PASSWORD_EXPIRED_HELP_LINKS =
PASSWORD_EXPIRED_LOGIN_TITLE = Password Change
PASSWORD_EXPIRED_LOGIN_TEXT = Your password was correct, but has expired. Please choose a new password.
PASSWORD_EXPIRED_NEXT = Change password

PASSWORD_EXPIRING_HELP_TITLE = Help
PASSWORD_EXPIRING_HELP_TEXT = You have been authenticated and you may continue to the service. However your password will \
expire soon. You can change it now before proceeding to the service, or skip the change if you prefer to do it later. \
The new password must be entered twice to confirm that it is entered correctly.
PASSWORD_EXPIRING_HELP_LINKS =
PASSWORD_EXPIRING_LOGIN_TITLE = Password Notification
PASSWORD_EXPIRING_LOGIN_TEXT = Your password was correct, but it will expire soon. Either change it now or continue to the service.
PASSWORD_EXPIRING_NEXT = Change password
PASSWORD_EXPIRING_SKIP = Skip Change and Continue

# StepUp

STEPUP_HELP_TITLE = Help
STEPUP_HELP_TEXT = Your username and password are correct. However, this service requires that you also use a stronger \
authentication method to sign in.
STEPUP_HELP_LINKS =
STEPUP_LOGIN_TITLE = Sign In
STEPUP_LOGIN_TEXT = Your password was accepted. Please continue by choosing one of the following options.

# TOTP

TOTP_HELP_TITLE = Help
TOTP_HELP_TEXT = To verify your identity, you must enter the password from your authenticator application.  
TOTP_HELP_LINKS =
TOTP_LOGIN_TITLE = Sign In
TOTP_LOGIN_TEXT = Please enter your time-based one-time password.
TOTP_PASSWORD = Time-Based One-Time Password:

# OTP

OTP_HELP_TITLE = Help
OTP_HELP_TEXT = To verify your identity, you must enter the next unused password from your one-time password list. If you have a list which hasn't been used before, you can activate it by \ entering the first password of the new list. 
OTP_HELP_LINKS =
OTP_LOGIN_TITLE = Sign In
OTP_LOGIN_TEXT = Please enter your next unused one-time password.
OTP_LOGIN_SEQUENCE = Password sequence number: {0}
OTP_LOGIN_SEQUENCE_NAME = List ID: {0}
OTP_LOGIN_NEXT_SEQUENCE_NAME = Next list ID: {0}
OTP_LOGIN_REMAINING_PASSWORD_AMOUNT = {0,choice,-1#You have no remaining passwords.|0#You are using your last password from your current password list.|0<You have {0} passwords left in your password list after this sign in.}

OTP_EXPIRING_TITLE = Print One-time Password List
OTP_EXPIRING_TEXT =  Your one-time password list is expiring. Select Print to print a new list now. 
OTP_EXPIRING_HELP_TITLE = Help 
OTP_EXPIRING_HELP_TEXT =  If you do not print a new list before the current list expires, your access to this service may be suspended. Select "Skip Print and Continue" to print the list next time you login.
OTP_EXPIRING_HELP_LINKS =
OTP_EXPIRING_SKIP = Skip Print and Continue 
OTP_EXPIRING_NEXT = Print

OTP_PRINT_TITLE = Print One-time Password List
OTP_PRINT_TEXT =  OTP list cannot be used without activation. Select Activate to start using the new list.
OTP_PRINT_HELP_TITLE = Help
OTP_PRINT_HELP_TEXT = If you did not have access to a printer or the printing was unsuccessful, press Cancel to return to the previous screen. After activation, the new list can be used for your next sign in by entering the first one-time password. Any existing list will be disabled after the new list has been used.
OTP_PRINT_HELP_LINKS =
OTP_PRINT_LISTID = OTP Print List ID: 
OTP_PRINT_ACTIVATE = Activate
OTP_PRINT_LIST_TEXT = OTP Print List ID: {0}
OTP_PRINT_LIST_CLOSE = Close


# SMS

SMS_HELP_TITLE = Help
SMS_HELP_TEXT = You should enter the one-time password which has been sent to your mobile phone via SMS. If you do not receive the \
message shortly, please press the Cancel button.
SMS_HELP_LINKS =
SMS_LOGIN_TITLE = Sign In
SMS_LOGIN_TEXT = Please enter the password sent to your mobile phone.
SMS_NUMBER = Please give your phone number

# SMS and unregistered SMS

SMS_TEXT = {0} is your One-Time Password

# Unregistered SMS


SMS_HELP_TITLE_UNREGISTERED = Help
SMS_HELP_TEXT_UNREGISTERED = First insert your phone number to the field, and press Sign in-button. After that you should enter the one-time password which has been sent to your mobile phone via SMS. If you do not receive the \
message shortly, please press the Cancel button.
SMS_LOGIN_TEXT_UNREGISTERED = Log in to service
SMS_LOGIN_TITLE_UNREGISTERED = Sign in 
SMS_UNREGISTERED_MOBILENUMBER = Mobile number: 



# Unregistered MePIN

MEPIN_UNREGISTERED_LOGIN_TITLE = Sign in
MEPIN_UNREGISTERED_LOGIN_TEXT = Log in to service
MEPIN_UNREGISTERED_INTRO_TITLE = Welcome
MEPIN_UNREGISTERED_INTRO_TEXT = The service that you are trying to access, {0}, requires you to sign in.
MEPIN_UNREGISTERED_INTRO2_TEXT = The service that you are trying to access, {1}, requires you to sign in.
MEPIN_UNREGISTERED_HELP_TITLE = Help
MEPIN_UNREGISTERED_HELP_TEXT = Insert your phone number in the field, and press Sign in -button.
MEPIN_UNREGISTERED_HELP_LINKS = 

MEPIN_UNREGISTERED_ACCOUNT_LINKING_NAME = MePIN nickname
MEPIN_UNREGISTERED_ACCOUNT_LINKING_LOGIN_TITLE = Account linking
MEPIN_UNREGISTERED_ACCOUNT_LINKING_LOGIN_TEXT = Perform account linking for your MePIN app.
MEPIN_UNREGISTERED_ACCOUNT_LINKING_HELP_TITLE = Help
MEPIN_UNREGISTERED_ACCOUNT_LINKING_HELP_TEXT = Insert your MePIN nickname in this field and press Sign in -button.
MEPIN_UNREGISTERED_ACCOUNT_LINKING_HELP_LINKS = 

MEPIN_UNREGISTERED_ACCOUNT_LINKING_WAIT_LOGIN_TITLE = Account linking request in progress
MEPIN_UNREGISTERED_ACCOUNT_LINKING_WAIT_LOGIN_TEXT = An account linking request has been sent to your mobile phone. Please enter the Access Code shown into your MePIN app. Progress: {0}%
MEPIN_UNREGISTERED_ACCOUNT_LINKING_WAIT_HELP_TITLE = Help
MEPIN_UNREGISTERED_ACCOUNT_LINKING_WAIT_HELP_TEXT = Enter the Access Code shown into your MePIN app and press Sign in -button.
MEPIN_UNREGISTERED_ACCOUNT_LINKING_WAIT_HELP_LINKS = 
MEPIN_UNREGISTERED_ACCOUNT_LINKING_WAIT_ACCESSCODE = Access Code

# MePIN
MEPIN_NAME = Phone number

MEPIN_LOGIN_TITLE = Sign in
MEPIN_LOGIN2_TITLE = 
MEPIN_LOGIN_TEXT = Log in to service
MEPIN_LOGIN2_TEXT = 
MEPIN_INTRO_TITLE = Welcome
MEPIN_INTRO_TEXT = The service that you are trying to access, {0}, requires you to sign in.
MEPIN_INTRO2_TEXT = 
MEPIN_HELP_TITLE = Help
MEPIN_HELP_TEXT = Insert your phone number in the field, and press Sign in -button.
MEPIN_HELP_LINKS = 

MEPIN_EVENT_ID = Event ID

MEPIN_LOGIN_WAIT_TITLE = Sign in request in progress
MEPIN_LOGIN_WAIT2_TITLE = 
MEPIN_LOGIN_WAIT_TEXT = A sign in request has been sent to your MePIN app. Verify that the event id matches in the message before accepting the request. Progress: {0}%
MEPIN_LOGIN_WAIT2_TEXT = 
MEPIN_LOGIN_WAIT_INTRO_TITLE = Welcome
MEPIN_LOGIN_WAIT_INTRO_TEXT = The service that you are trying to access, {0}, requires you to sign in.
MEPIN_LOGIN_WAIT_INTRO2_TEXT = 
MEPIN_LOGIN_WAIT_HELP_TITLE = Help
MEPIN_LOGIN_WAIT_HELP_TEXT = Perform requested authentication in your MePIN app and press Sign in -button.
MEPIN_LOGIN_WAIT_HELP_LINKS =
 

# Messages sent to MePIN app
# Parameters {0} and {1} can be used in all three message parameters below
# {0} = eventID
# {1} = agentFriendlyName (or agentHostName if agentFriendlyName doesn't exist)
MEPIN_MESSAGE_TEXT = Event ID {0}
MEPIN_SHORT_MESSAGE_TEXT = Confirmation required
MEPIN_HEADER_TEXT = Confirm



    

# Unregistered SMTP

SMTP_HELP_TITLE_UNREGISTERED = Help
SMTP_HELP_TEXT_UNREGISTERED = First insert your e-mail address to the field, and press Sign in-button. After that you should enter the one-time password which has been sent to your e-mail. If you do not receive the \
message shortly, please press the Cancel button.
SMTP_LOGIN_TEXT_UNREGISTERED = Log in to service
SMTP_LOGIN_TITLE_UNREGISTERED = Sign in 
SMTP_UNREGISTERED_EMAIL = E-mail:


# Unregistered SMTP

SMTP_TEXT = {0} is your One-Time Password
SMTP_TEXT_CONTENT_TYPE = text/plain
SMTP_HEADER = E-mail subject

# Mobile PKI

MPKI_HELP_TITLE = Help
MPKI_HELP_TEXT = To use this service you will need a mobile phone with a Mobile Certificate SIM card.
MPKI_HELP_LINKS = <a href="http://www.mobiilivarmenne.fi">More information about Mobile Certificate</a>
MPKI_LOGIN_TITLE = Sign In
MPKI_LOGIN_TEXT = Please enter your mobile phone number in international format (+35812345678).
MPKI_LOGIN_TEXT_NOSPAMCODE = Please enter your mobile phone number in international format (+35812345678) and your spam prevention code if you have one.

MPKI_UNREGISTERED_MOBILENUMBER = Mobile number: 
MPKI_UNREGISTERED_NOSPAMCODE = Spam prevention code: 

MPKI_LOGIN_WAIT_TITLE = Sign in request in progress
MPKI_LOGIN_WAIT_TEXT = A sign in request has been sent to your mobile phone. <br/>Verify that the event id matches in the message before accepting the request. Progress: {0}%

MPKI_TEXT = {0} is your Event ID.
MPKI_EVENT_ID = Event ID:
MPKI_USERLANG = en

# Proxy

PROXY_HELP_TITLE = Help
PROXY_HELP_TEXT = You are now being redirected to the authentication provider. If the redirect does not occur automatically \
you can press the Continue button to continue to the authentication provider service.
PROXY_HELP_LINKS =
PROXY_LOGIN_TITLE = Signing in
PROXY_LOGIN_TEXT = You are being transferred to {0}.

PROXY_ERROR_HELP_TITLE = Help
PROXY_ERROR_HELP_TEXT = Signing in using the authentication provider failed. You can retry by pressing the Continue button. \
To cancel the sign in process, use the Exit link.
PROXY_ERROR_HELP_LINKS =
PROXY_ERROR_LOGIN_TITLE = Error
PROXY_ERROR_LOGIN_TEXT = Error occurred while trying to sign in using {0}. Press the Continue button to try again.

# Success

SUCCESS_HELP_TITLE = Help
SUCCESS_HELP_TEXT = Your access to the requested service has been granted. Please wait while you are being transferred to the service. \
If the transfer does not occur automatically, you can press the Continue button to continue to the service.
SUCCESS_HELP_LINKS =
SUCCESS_LOGIN_TITLE = Success
SUCCESS_LOGIN_TEXT = Access granted. Proceeding to the service.

# Error

ERROR_HELP_TITLE = Help
ERROR_HELP_TEXT = An error has occurred and the sign in process cannot be continued. Please try again later.
ERROR_HELP_LINKS =
ERROR_LOGIN_TITLE = Error
ERROR_LOGIN_TEXT = An error has occurred

# Exit

EXIT_HELP_TITLE = Help
EXIT_HELP_TEXT = You are being transferred back to the service. If the transfer does not occur automatically, \
you can press the Continue button to continue to the service.
EXIT_HELP_LINKS =
EXIT_LOGIN_TITLE = Exit
EXIT_LOGIN_TEXT = You are exiting the sign in process.

# Redirect
# {0} is application's name

REDIRECT_HELP_TITLE = Help
REDIRECT_HELP_TEXT = You are being redirected to application. If the transfer does not occur automatically, \
you can press the Continue button to continue to the service.
REDIRECT_HELP_LINKS =
REDIRECT_LOGIN_TITLE = Redirect
REDIRECT_LOGIN_TEXT = You are being redirected to {0}

# Landing Page

LANDING_PAGE_HELP_TITLE = Help
LANDING_PAGE_HELP_TEXT =  Your session is not valid. This can occur if you leave this application unattended for too long, \
if you try to access this link from a different browser than the original or you have cleared your browser cookies. \
Try accessing the same service again.
LANDING_PAGE_HELP_LINKS =
LANDING_PAGE_LOGIN_TITLE = Error
LANDING_PAGE_LOGIN_TEXT = Your session is not valid.
LANDING_PAGE_EXIT_LINK = Go to home page

# Logout

LOGOUT_HELP_TITLE = Help
LOGOUT_PROCEEDING_HELP_TEXT = The logout procedure has been started and you will shortly be logged out from the service.
LOGOUT_COMPLETED_HELP_TEXT = The logout procedure has now been completed. For additional security, please close your browser.
LOGOUT_HELP_LINKS =
LOGOUT_LOGIN_TITLE = Logout
LOGOUT_PROCEEDING_LOGIN_TEXT = Performing logout. Please wait.
LOGOUT_COMPLETED_LOGIN_TEXT = Logout completed.

# Logout error

LOGOUT_ERROR_HELP_TITLE = Help
LOGOUT_ERROR_HELP_TEXT = Single logout was not completed successfully. Please logout manually from \
all individual applications and close all browser windows.
LOGOUT_ERROR_HELP_LINKS =
LOGOUT_ERROR_LOGIN_TITLE = Logout failed
LOGOUT_ERROR_LOGIN_TEXT = Could not complete logout.

# Consent

CONSENT_INTRO_TITLE = Single Sign-On
CONSENT_INTRO_TEXT = You have been authenticated and are being redirected to: {0} 
CONSENT_HELP_TITLE = Help
CONSENT_HELP_TEXT = For more information regarding your privacy, please read the following documents:
CONSENT_HELP_LINKS =
CONSENT_LOGIN_TITLE = Consent to Use Personal Data

# Consent without scopes

CONSENT_LOGIN_TEXT = By confirming, you agree to permit the required personal data to be transmitted from this system to the service provider being accessed. <br/>Your personal data is not displayed on this screen and is transmitted securely to the service provider. 
CONSENT_LOGIN_ACCEPT_TEXT = 

# Consent with scopes

CONSENT_SCOPES_LOGIN_TEXT = By confirming, you agree to permit the required personal data types shown below to be transmitted from this system to the service provider being accessed. <br/>Your personal data is not displayed on this screen and is transmitted securely to the service provider. 
CONSENT_SCOPES_LOGIN_ACCEPT_TEXT = 

# Accept terms

ACCEPT_TERMS_HELP_TITLE = Help
ACCEPT_TERMS_HELP_TEXT = You must accept Terms of Use before continuing.
ACCEPT_TERMS_HELP_LINKS = 
ACCEPT_TERMS_TITLE = Accept terms
ACCEPT_TERMS_TEXT = Accept Terms of Use.
ACCEPT_TERMS_CHECKBOX_TITLE = Accept Terms of Use
ACCEPT_TERMS_NEXT = Continue

# Confirm Federate

CONFIRM_INTRO_TITLE = Create Account Link
CONFIRM_INTRO_TEXT = Before entering the requested service you can link your external identity with your existing user permanently. 
CONFIRM_HELP_TITLE = Help
CONFIRM_HELP_TEXT = The account you used has not been linked to your existing account. Please save the link and continue to the service.
CONFIRM_HELP_LINKS = 
CONFIRM_LOGIN_TITLE = Account Settings
CONFIRM_LOGIN_TEXT = Please select to remember the account link.
CONFIRM_LOGIN_PERSISTENT_TEXT = Remember this next time

# Mobile Connect
MOBILECONNECT_LOGIN_TITLE = Sign In
MOBILECONNECT_LOGIN_TEXT = Log in to service
MOBILECONNECT_MOBILENUMBER = Mobile number:
MOBILECONNECT_HELP_TITLE = Help
MOBILECONNECT_HELP_TEXT = Enter you mobile number and press Sign In. Your browser will be redirected to Mobile Connect authentication provider.    
MOBILECONNECT_HELP_LINKS =



Listing 2. The default messages in the errors-group
### system startup ###

# system error: incompatible login module and authentication
# args: 0=actual authentication method, 1=expected type
SYSTEM_INCOMPATIBLE_MODULE = {0} is not compatible with {1}


### authentication failures ###

# user not found
# nothing related to the user was found in the database
# action: retry with different user account
# action: start
# InvalidUserException.NOTFOUND
USER_NOT_FOUND = The user was not found

# more than one mapping to user exists
# conflict
# action: start
# InvalidUserException.NOTIDENTIFIED
USER_NOT_IDENTIFIED = Cannot identify user

# account disabled
# the account is disabled
# action: retry with different user account
# action: start
# InvalidUserException.DISABLED
ACCOUNT_DISABLED = The user account is disabled

# account locked out
# the account is locked out
# eg. because of entering invalid credentials too many times
# action: retry with different user account
# action: start
# InvalidUserException.LOCKED
ACCOUNT_LOCKED = The user account is locked

# invalid account
# the user account exists, but some information required for authentication is missing
# action: retry with different user account
# action: start
# InvalidUserException.INVALID
ACCOUNT_INVALID = The user account is invalid

# invalid credentials
# the credentials entered by the user were invalid
# action: retry with correct credentials
# InvalidCredentialsException.VERIFY
INVALID_CREDENTIALS = Invalid credentials

# expiring credentials
# the credentials entered by the user were validated
# the credentials will soon expire and the credentials should be reset
# action: prompt for user's action: reset credentials or continue
EXPIRING_CREDENTIALS = The user credentials are expiring

# expired credentials
# the credentials entered by the user were validated
# the credentials have expired and must be reset before continuing
# action: reset credentials or retry with different user account
# action: change
# CredentialsExpiredException.EXPIRED
EXPIRED_CREDENTIALS = The user credentials have expired

# expiring account
# the credentials entered by the user were validated
# the account will expire and the credentials should be reset
# action: prompt for user's action: reset credentials or continue
ACCOUNT_EXPIRING = The user account is expiring

# expired account
# the credentials entered by the user were validated
# the credentials have expired and must be reset before continuing
# action: reset credentials or retry with different user account
# action: change
# AccountExpiredException.EXPIRED
ACCOUNT_EXPIRED = The user account has expired

# terms of use has not been accepted
# must accept terms of use
# action: if status is locked, retry with and check accept checkbox 
# action: if status is expired, enter new credentials and check accept checkbox
ACCOUNT_MUST_ACCEPT_TERMS = Must accept Terms of Use

# interrupted
# authentication was interrupted for some reason
# action: restart authentication or select new authentication method
LOGIN_CANCEL = Authentication was interrupted

# authentication is pending
# authentication is not complete and continues
# action: restart authentication or select new authentication method
LOGIN_PENDING = Authentication still pending

# expired
# authentication expired
# action: restart authentication or select new authentication method
LOGIN_EXPIRED = Authentication expired

# new credentials not valid
# new credentials are not valid for policy
# action: retry with correct new credentials
# InvalidCredentialsException.CHANGE
INVALID_NEW_CREDENTIALS = The new credentials were not accepted

# invalid state
# (should not happen)
# args: name of action or method (such as "op" or "submit")
# action: LoginError
# LoginException.INVALID_STATE
INVALID_STATE = Invalid system state: {0}

# server error
# (should not happen)
# login module received invalid or unknown request type
# login module sent invalid or unknown response type
# the login module configuration is invalid or missing
# action: LoginError
# LoginException.SERVER_ERROR
SERVER_ERROR = Internal server error

# external failure
# some external service (SMS GW etc) is down or has failed
# action: LoginError
# LoginException.EXTERNAL_FAILURE
EXTERNAL_FAILURE = The external service needed to complete the authentication has failed


### ticket request/response failures ###

# invalid ticket request
# the url parameters of the request are invalid
# args: url or other parameter name
# action: fail
TICKET_REQUEST_ERROR = Invalid ticket request: {0}

# application not found
# the requested application is not found
# input: appid value
# action: fail
AGENT_NOT_FOUND = The requested application was not found

# application disabled
# the requested application is disabled
# input: appid value
# action: fail
AGENT_DISABLED = The requested application is disabled

# application invalid
# configuration information for the requested application is invalid or missing
# input: appid value
# action: fail
AGENT_INVALID = The requested application is invalid

# ticket validation failure
# cannot decrypt ticket
# cannot derive ticket key
# cannot validate ticket signature/mac/digest
# action: fail
TICKET_VALIDATION_ERROR = Ticket validation error

# ticket generation failure
# cannot encrypt/sign ticket
# cannot derive ticket key
# action: fail
TICKET_GENERATION_ERROR = Ticket generation error

# ticket protocol failure
# the ticket contents and/or url parameters are invalid
# args: ticket attribute name
# action: fail
TICKET_PROTOCOL_ERROR = Ticket protocol error: {0}

# the authentication agent failed
# an error code response was received from the authentication agent
AUTHENTICATION_AGENT_ERROR = The authentication agent failed

# the authentication agent sent a response with statements that are not trusted
# for example: certificate issuer, directory name or namespace
ASSERTION_ISSUER_NOT_TRUSTED = The issuer of the authentication assertion is not trusted


### session management ###

# session validation failure
# cannot decrypt session
# cannot validate session signature/mac/digest
SESSION_VALIDATION_ERROR = Error validating session

# invalid session
# session contents are not valid
# args: session attribute name
SESSION_ERROR = Error restoring session: {0}


### authorization ###

# not authenticated
USER_NOT_AUTHENTICATED = The user is not authenticated

# access denied
ACCESS_DENIED = Access to the requested resource is denied

# authentication method not allowed
AUTHENTICATION_METHOD_NOT_ALLOWED = The authentication method is not allowed to the requested resource: {0}

# access denied
AUTHZ_DENIED = Access to the requested resource is denied

# cannot resolve username
# the UsernameAuthorizer cannot resolve a username
AUTHZ_NO_USERNAME = The username for the ticket response is unspecified

# a required attribute was not assigned
# AttributeAuthorizer
# args: attribute name
AUTHZ_REQUIRED_ATTRIBUTE = The required attribute constraint failed: {0}

# a single-value attribute was assigned more than once
# AttributeAuthorizer
# args: attribute name
AUTHZ_SINGLEVALUE_ATTRIBUTE = The single-value attribute constraint failed: {0}

# UserMappingAuthorizer
AUTHZ_USERMAPPING_MISSING = No user mapping for the authenticated user was found in the mapping table

# UserMappingAuthorizer
AUTHZ_USERMAPPING_ERROR = Error while processing the user mapping table

# when consent is required with passive request
CONSENT_REQUIRED = Consent must be confirmed

### other failures ###

# invalid request received
# a required request parameter is missing or invalid
# args: url parameter name
REQUEST_ERROR = Invalid request: {0}

# the authentication method is invalid
# caused by invalid configuration
# action: authentication cannot continue
# args: name of invalid or missing configuration parameter
# Errors.AUTHENTICATION_METHOD_INVALID
AUTHENTICATION_METHOD_INVALID = The authentication method configuration is invalid: {0}

# The requested operation is not implemented
# LoginException
OPERATION_NOT_IMPLEMENTED = Internal server error. The requested operation is not implemented