0N/A#

2362N/A# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.

0N/A#

0N/A# Copyright (c) 2011 ForgeRock AS. All Rights Reserved

0N/A#

0N/A# The contents of this file are subject to the terms

2362N/A# of the Common Development and Distribution License

0N/A# (the License). You may not use this file except in

2362N/A# compliance with the License.

0N/A#

0N/A# You can obtain a copy of the License at

0N/A# http://forgerock.org/license/CDDLv1.0.html

0N/A# See the License for the specific language governing

0N/A# permission and limitations under the License.

0N/A#

0N/A# When distributing Covered Code, include this CDDL

0N/A# Header Notice in each file and include the License file

0N/A# at http://forgerock.org/license/CDDLv1.0.html

0N/A# If applicable, add the following below the CDDL Header,

0N/A# with the fields enclosed by brackets [] replaced by

2362N/A# your own identifying information:

2362N/A# "Portions Copyrighted [year] [name of copyright owner]"

2362N/A#

0N/A

0N/A# Portions Copyrighted 2012 ForgeRock Inc

0N/A# Portions Copyrighted 2012 Open Source Solution Technology Corporation

0N/A

0N/Aonlinehelp.doc=authnadaptive.html

178N/Aauthentication=Authentication Modules

178N/Aiplanet-am-auth-adaptive-service-description=Adaptive Risk

0N/A

0N/AnoInternalSession=Invalid session

0N/AnoIdentity=Unable to find identity in Datastore

0N/A

0N/Aa500=Authentication Level

0N/Aa500.help=The authentication level associated with this module.

0N/Aa500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \

0N/Aassociated with the module; 0 is the lowest (and the default).

0N/Aa502=Risk Threshold

0N/Aa502.help=If the risk threshold value is not reached after executing the different tests, the authentication is considered to be successful.

0N/Aa502.help.txt=Associated with many of the adaptive risk checks is a score; if a check does not passes then the score is added to the current \

0N/Arunning total. The final score is then compared with the <i>Risk Threshold</i>, if the score is lesser than said \

0N/Athreshold the module will be successful.

0N/A

0N/Aa503=Failed Authentication Check

0N/Aa503.help=Checks if the user has past authentication failures.

0N/Aa503.help.txt=Check if the OpenAM account lockout mechanism has recorded past authentication failures for the user.<br/><br/>\

0N/A<i>NB </i>For this check to function, Account Lockout must be enabled.

0N/Aa504=Enable Failed Authentication Reset

0N/Aa504.help=Enable the failed authentication reset check.

0N/Aa505=Score

0N/Aa505.help=The amount to increment the score if this check fails.

0N/Aa506=Invert Result

0N/Aa506.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

0N/A

0N/Aa507=IP Range Check

0N/Aa507.help=Enables the checking of the client IP address against a list of IP addresses.

0N/Aa507.help.txt=The IP range check compares the IP of the client against a list of IP addresses, if the client IP is found within \

0N/Asaid list the check is successful.

0N/Aa508=IP Range

0N/Aa508.help=The list of IP address to compare against the client IP address.

0N/Aa508.help.txt=The format of the IP address is as follows:<br/><br/>\

0N/A<ul><li>Single IP address: <code>172.16.90.1</code></li><li>CIDR notation: <code>172.16.90.0/24</code></li>\

0N/A<li>IP net-block with netmask: <code>172.16.90.0:255.255.255.0</code></li></ul>

0N/Aa509=Score

0N/Aa509.help=The amount to increment the score if this check fails.

0N/Aa510=Invert Result

0N/Aa510.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

0N/A

0N/Aa511=IP History Check

0N/Aa511.help=Enables the checking of client IP address against a list of past IP addresses.

0N/Aa511.help.txt=If this check is enabled; a set number of past IP addresses used by the client to access OpenAM is recorded in the user \

0N/Aprofile. This check passes if the current client IP address is present in the history list. If the IP address is not present, the check \

0N/Afails and the IP address is added to list if the overall authentication is successful (causing the oldest IP address to be removed).

0N/Aa512=History size

178N/Aa512.help=The number of client IP addresses to save in the history list.

1790N/Aa513=Profile Attribute Name

178N/Aa513.help=The name of the attribute used to store the IP history list in the data store.

178N/Aa513.help.txt=IP history list is stored in the Data Store meaning your Data Store should be able to store values under the configured \

0N/Aattribute name. If you're using a directory server as backend, make sure your Data Store configuration contains the necessary \

objectclass and attribute related settings.

a514=Save Successful IP Address

a514.help=The IP History list will be updated in the data store

a514.help.txt=The Adaptive Risk Post Authentication Plug-in will update the IP history list if the overall authentication is successful.

a515=Score

a515.help=The amount to increment the score if this check fails.

a516=Invert Result

a516.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

a517=Cookie Value Check

a517.help=Enables the checking of a known cookie value in the client request

a517.help.txt=If this check is enabled, the check looks for a known cookie in the client request. If the cookie exists and has the \

correct value then the check will pass.

a518=Cookie Name

a518.help=The name of the cookie to set on the client.

a519=Cookie Value

a519.help=The value to be set on the cookie.

a520=Save Cookie Value on Successful Login

a520.help=The cookie will be created on the client after successful login

a520.help.txt=The Adaptive Risk Post Authentication Plug-in will set the cookie on the client response

a521=Score

a521.help=The amount to increment the score if this check fails.

a522=Invert Result

a522.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

a523=Time since Last login Check

a523.help=Enables the checking of the last time the user successfully authenticated.

a523.help.txt=If this check is enabled, the check ensures the user has successfully authenticated within a given interval. If the \

interval has been exceeded the check will fail. The last authentication for the user is stored in a client cookie.

a524=Cookie Name

a524.help=The name of the cookie used to store the time of the last successful authentication.

a525=Max Time since Last login

a525.help=The maximum number of days that can elapse before this test.

a526=Save time of Successful Login

a526.help=The last login time will be saved in a client cookie

a526.help.txt=The Adaptive Risk Post Authentication Plug-in will update the last login time

a527=Score

a527.help=The amount to increment the score if this check fails.

a528=Invert Result

a528.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

a529=Profile Risk Attribute check

a529.help=Enables the checking of the user profile for a matching attribute and value.

a529.help.txt=If this check is enabled, the check will pass if the users profile contains the required risk attribute and value.

a530=Attribute Name

a530.help=The name of the attribute to retrieve from the user profile in the data store.

a531=Attribute Value

a531.help=The required value of the named attribute.

a532=Score

a532.help=The amount to increment the score if this check fails.

a533=Invert Result

a533.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

a534=Device Registration Cookie Check

a534.help=Enables the checking of the client request for a known cookie.

a534.help.txt=If this check is enabled, the check will pass if the client request contains the named cookie.

a535=Cookie Name

a535.help=The name of the cookie to be checked for (and optionally set) on the client request

a536=Save Device Registration on Successful Login

a536.help=Set the device cookie on the client response

a536.help.txt=The Adaptive Risk Post Authentication Plug-in will set the device cookie on the client response

a537=Score

a537.help=The amount to increment the score if this check fails.

a538=Invert Result

a538.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

a539=Geolocation Country Code Check

a539.help=Enables the checking of the client IP address against the geolocation database.

a539.help.txt=The geolocation database associates IP addresses against their known location. This check passes if the country associated \

with the client IP address is matched against the list of valid country codes.<br/><br/>\

The geolocation database is available in binary format at <a href="http://www.maxmind.com/app/country" target="_blank">MaxMind</a>.

a540=Geolocation Database location

a540.help=The path to the location of the GEO location database.

a540.help.txt=The Geolocation database is not distributed with OpenAM, you can get it in binary format from \

<a href="http://www.maxmind.com/app/country" target="_blank">MaxMind</a>.

a541=Valid Country Codes

a541.help=The list of country codes that are considered as valid locations for client IPs.

a541.help.txt=The list is made up of country codes separated by a | character; for example:<br/><br/>\

<code>gb|us|no|fr</code>

a542=Score

a542.help=The amount to increment the score if this check fails.

a543=Invert Result

a543.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

a544=Request Header Check

a544.help=Enables the checking of the client request for a known header name and value.

a544.help.txt=The request header check will pass if the client request contains the required named header and value.

a545=Request Header Name

a545.help=The name of the required HTTP header

a546=Request Header Value

a546.help=The required value of the named HTTP header.

a547=Score

a547.help=The amount to increment the score if this check fails.

a548=Invert Result

a548.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.