1879N/A# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
0N/A# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
0N/A# The contents of this file are subject to the terms
0N/A# of the Common Development and Distribution License
0N/A# (the License). You may not use this file except in
0N/A# compliance with the License.
0N/A# You can obtain a copy of the License at
0N/A# See the License for the specific language governing
0N/A# permission and limitations under the License.
0N/A# When distributing Covered Code, include this CDDL
0N/A# Header Notice in each file and include the License file
1472N/A# If applicable, add the following below the CDDL Header,
1472N/A# with the fields enclosed by brackets [] replaced by
0N/A# your own identifying information:
0N/A# "Portions Copyrighted [year] [name of copyright owner]"
1879N/A# Portions Copyrighted 2011 ForgeRock AS
1879N/Aauthentication=Authentication Modules
1879N/ACERTex=Unknown Certificate Authority.
1879N/ACertNoContext=Unable to set up LDAP context.
1879N/ACertExpired=Certificate Has Expired.
0N/ACertVerifyFailed=Could not verify certificate.
0N/ACertNoReg=Error locating registered certificate.
0N/ACertRevoked=Certificate has been revoked.
0N/AiCertNotValidYet=Certificate is not yet valid.
0N/ACertIsNotValid=Certificate is not valid.
0N/Aiplanet-am-auth-cert-service-description=Certificate
0N/Aa101=Match Certificate in LDAP
0N/Aa101.help=The client certificate must exist in the directory for the authentication to be successful.
0N/Aa1011=Subject DN Attribute Used to Search LDAP for Certificates
0N/Aa1011.help=This is the attribute used to search the directory for the certificate
0N/Aa1011.help.txt=The Certificate module will search the directory for the certificate using the search filter based on this attribute \
0N/Aand the value of the Subject DN taken from the certificate.
0N/Aa102=Match Certificate to CRL
0N/Aa102.help=The Client Certificate will be checked against the Certificate Revocation list held in the directory
0N/Aa102.help.txt=A Certificate Revocation List can be provisioned into the directory. Having this option enabled will cause all client \
0N/Acertificates to be checked against this list.
0N/Aa1023=Match CA Certificate to CRL
0N/Aa1023.help=The CA certificate that issued the client certificate will also be checked against the CRL.
0N/Aa1021=Issuer DN Attribute Used to Search LDAP for CRLs
0N/Aa1021.help=This is the name of the attribute taken from the CA certificate that will be used to search the CRL.
0N/Aa1022=HTTP Parameters for CRL Update
0N/Aa1022.help=These parameters will be included in any HTTP CRL call to the Certificate Authority
0N/Aa1022.help.txt=If the Client or CA certificate contains the Issuing Distribution Point Extension then OpenAM will use this information \
0N/Ato retrieve the CRL from the distribution point. This property allow custom HTTP parameters to be included in the CRL request.<br/><br/>\
0N/AThe format of the parameter is as follows:<br/><br/>\
0N/A<code>param1=value1,param2=value</code>
0N/Aa103.help=Enable Online Certificate Status Protocol validation for OCSP aware certificates
0N/Aa103.help.txt=If the certificate contains OCSP validation information then OpenAM will use this information to check the validity \
0N/Aof the certificate as part of the authentication process.<br/><br/>\
0N/A<i>NB </i>The OpenAM server must have Internet connectivity for OCSP to work
0N/Aa104=LDAP Server Where Certificates are Stored
0N/Aa104.help=Use this list to set the LDAP server used to search for certificates.
0N/Aa104.help.txt=The Certificate authentication module will use this list for the LDAP server used to search for certificates. A single entry \
0N/Amust be in the format:<br/><br/><code>ldap_server:port</code><br/><br/>Multiple entries allow associations between OpenAM servers and a \
0N/ALDAP server. The format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
0N/AThe local server name is the full name of the server from the list of servers and sites.
0N/Aa105=LDAP Search Start or Base DN
0N/Aa105.help=The start point in the LDAP server for the certificate search
0N/Aa105.help.txt=When entering multiple entries, each entry must be prefixed with a local server name. Multiple entries allow different \
0N/Asearch Base DNs depending on the OpenAM server in use. The format is:<br/><br/><code>local server name | base dn</code><br/><br/>\
0N/AThe local server name is the full name of the server from the list of servers and sites.
0N/Aa106=LDAP Access Authentication Type
0N/Aa107=LDAP Server Authentication User
0N/Aa107.help=DN of the user used by the module to authenticate to the LDAP server
0N/Aa107.help.txt=The Certificate module authenticates to the LDAP server in order to search for a matching certificate. The DN entered here \
0N/Arepresents the account used for said authentication and must have
read/search access to the LDAP server.
0N/Aa108=LDAP Server Authentication Password
0N/Aa109=LDAP Attribute for Profile ID
0N/Aa109.help=Enter any valid attribute in a user entry (CN, SN) that can be used as the user ID.
0N/Aa111=Certificate Field Used to Access User Profile
0N/Aa111.help=The certificate module needs to read a value from the client certificate that can be used to search the LDAP server for a \
0N/Amatching certificate.
0N/Aa1111=Other Certificate Field Used to Access User Profile
0N/Aa1111.help=This field is only used if the <i>Certificate Field Used to Access User Profile</i> attribute is set to <i>other</i>. This \
0N/Afield allows a custom certificate field to be used as the basis of the user search.
0N/Aa1112=SubjectAltNameExt Value Type to Access User Profile
0N/Aa1112.help=Use the Subject Alternative Name Field in preference to one of the standard certificate fields.
0N/Aa1112.help.txt=Selecting RFC822Name or UPN will cause this field to have have precedence over the <i>Certificate Field Used to Access \
0N/AUser Profile</i> or <i>Other Certificate Field Used to Access User Profile</i> attribute.<br/><br/>\
0N/A<i>NB </i>The client certificate must contain the <i>Subject Alternate Name Extension</i> for this function to operate.
0N/Aa500=Authentication Level
0N/Aa500.help=The authentication level associated with this module.
0N/Aa500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
0N/Aassociated with the module; 0 is the lowest (and the default).
0N/Aa113=Trusted Remote Hosts
0N/Aa113.help=A list of IP addresses trusted to supply client certificates.
0N/Aa113.help.txt=If
SSL/TLS is being terminated at a load balancer or at the Distributed Authentication server then this option can be used \
0N/Ato ensure that only specified <i>trusted</i> hosts (identified by IP address) are allowed to supply client certificates to the certificate \
0N/Amodule,<br/><br/>Valid values for this list are as follows:<ul><li>none</li><li>all</li><li>multiple IP addresses</li></ul><br/><br/>\
0N/AThe default value of <i>none</i> disables this functionality
0N/Aa115=HTTP Header Name for Client Certificate
0N/Aa115.help=The name of the HTTP request header containing the certificate, only used when <i>Trusted Remote Hosts</i> mode is enabled.
0N/AamAuthCert-eeh-debug-desc=Turn on debugging.
0N/AamAuthCert-ff-aliases-desc=Certificate User Aliases
0N/AemailAddrTag=email address
0N/AnoCert=User certificate not found
0N/AjssSockFactoryFail=Failed to create LDAP connection with JSS
0N/ANoCallbackHandler=No callback handler available
0N/Acertificate=Certificate
0N/AwrongLDAPServer=LDAP server and port number are misconfigured.
0N/AwrongStartDN=LDAP Start Search DN misconfigured.
0N/AnoLDAPAttr=No value provided for attribute name to search LDAP.
0N/AnoCRLAttr=No value provided for attribute name to search CRL.
0N/AnoOtherAttr=No value provided for other field to access user profile.
0N/AnoURLCertAuth=URL certificate authentication not enabled.
0N/AchoiceCRAM-MD5=CRAM-MD5
0N/AchoiceIssuerDN=issuer DN
0N/AchoiceIssuerCN=issuer CN
0N/AchoiceIssuer0=issuer O
0N/AchoiceSerialNumber=serial number
0N/AchoiceSubjectDN=subject DN
0N/AchoiceSubjectCN=subject CN
851N/AchoiceSubjectUID=subject UID
0N/AchoiceSubject0=subject O
0N/AchoiceEmail=email address
0N/AchoiceRFC822Name=RFC822Name