a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington# The contents of this file are subject to the terms of the Common Development and
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington# Distribution License (the License). You may not use this file except in compliance with the
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington# specific language governing permission and limitations under the License.
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington# When distributing Covered Software, include this CDDL Header Notice in each file and include
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington# Header, with the fields enclosed by brackets [] replaced by your own identifying
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington# information: "Portions copyright [year] [name of copyright owner]".
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington# Copyright 2012-2015 ForgeRock AS.
90533edd2c9af1344e78bde34a258d1cd486b22bAlin Briciauthentication=Authentication Modules
48b78901f656af2c67b9b0702a15e7596eb74c54David LunaiPlanetAMAuthOATHServiceDescription=OATH
90533edd2c9af1344e78bde34a258d1cd486b22bAlin Bricia500=Authentication Level
90533edd2c9af1344e78bde34a258d1cd486b22bAlin Bricia500.help=The authentication level associated with this module.
90533edd2c9af1344e78bde34a258d1cd486b22bAlin Bricia500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
90533edd2c9af1344e78bde34a258d1cd486b22bAlin Briciassociated with the module; 0 is the lowest (and the default).
90533edd2c9af1344e78bde34a258d1cd486b22bAlin Bricia501=One Time Password Length
48b78901f656af2c67b9b0702a15e7596eb74c54David Lunaa501.help=The length of the generated OTP in digits. Must be 6 digits or longer.
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia502=Minimum Secret Key Length
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia502.help=Number of hexadecimal characters allowed for the Secret Key.
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia503=Secret Key Attribute Name
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia503.help=The name of the attribute in the user profile to store the user secret key.
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia504=OATH Algorithm to Use
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia504.help=Choose the algorithm your device uses to generate the OTP.
06164619be9407342071ba067c10d4aa528661b5Mark Craiga504.help.txt= HOTP uses a counter value that is incremented every time a new OTP is generated. TOTP generates a new OTP every few seconds as specified by the time step interval.
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia505=HOTP Window Size
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia505.help=The size of the window to resynchronize with the client.
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia505.help.txt=This sets the window that the OTP device and the server counter can be out of sync. For example, if the window size is 100 and the servers last successful login was at counter value 2, then the server will accept a OTP from the OTP device that is from device counter 3 to 102.
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia506=Counter Attribute Name
06164619be9407342071ba067c10d4aa528661b5Mark Craiga506.help=The name of the attribute in the user profile to store the user counter. This is required if HOTP is chosen as the OATH algorithm.
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia507=Add Checksum Digit
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia507.help=This adds a checksum digit to the OTP.
06164619be9407342071ba067c10d4aa528661b5Mark Craiga507.help.txt=This adds a digit to the end of the OTP generated to be used as a checksum to verify the OTP was generated correctly. This is in addition to the actual password length. You should only set this if your device supports it.
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia508=Truncation Offset
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia508.help=This adds an offset to the generation of the OTP.
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia508.help.txt=This is an option used by the HOTP algorithm that not all devices support. This should be left default unless you know your device uses a offset.
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia509=TOTP Time Step Interval
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia509.help= The TOTP time step in seconds that the OTP device uses to generate the OTP.
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia509.help.txt=This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia510=TOTP Time Steps
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia510.help=The number of time steps to check before and after receiving a OTP.
06164619be9407342071ba067c10d4aa528661b5Mark Craiga510.help.txt=This is the number of time step intervals to check the received OTP against both forward in time and back in time. For example, with 2 time steps and a time step interval of 30 seconds the server will allow a clock drift between client and server of 89 seconds. (2-30 second steps and 29 seconds for the interval that the OTP arrived in)
f4020ccf19a5ee356584e3da183ee3ef020f17d1Alin Bricia511=Last Login Time Attribute
06164619be9407342071ba067c10d4aa528661b5Mark Craiga511.help=Attribute to store the time of the users last login. This is required if TOTP is chosen as the OATH algorithm.
06164619be9407342071ba067c10d4aa528661b5Mark Craiga511.help.txt=This attribute stores the last time a user logged in to prevent time based attacks. The value is stored as a number (Unix Time).
48c5097840de0454f7d6889f9f5d28408ea500dfJon Jonthomasa512=The Shared Secret Provider Class
48c5097840de0454f7d6889f9f5d28408ea500dfJon Jonthomasa512.help=The fully qualified class name for the Shared Secret Provider extension.
48c5097840de0454f7d6889f9f5d28408ea500dfJon Jonthomasa512.help.txt=The class that is used to process the user profile attribute used to store the user secret key.
eab5e96b785a798b3028d13b19ca1b1afe615166Jon Jonthomasa513=Clock Drift Attribute Name
eab5e96b785a798b3028d13b19ca1b1afe615166Jon Jonthomasa513.help=The name of the attribute in the user profile to store the clock drift. If left empty then clock drift checking is disabled.
eab5e96b785a798b3028d13b19ca1b1afe615166Jon Jonthomasa513.help.txt=The name of the attribute used to store the last observed clock drift which is used to indicated when a manual resynchronisation is required.
eab5e96b785a798b3028d13b19ca1b1afe615166Jon Jonthomasa514=Maximum Allowed Clock Drift
eab5e96b785a798b3028d13b19ca1b1afe615166Jon Jonthomasa514.help=Number of time steps a client is allowed to get out of sync with the server before manual resynchronisation is required. This should be greater than the TOTP Time Steps value.
eab5e96b785a798b3028d13b19ca1b1afe615166Jon Jonthomasa514.help.txt=Number of time steps a client is allowed to get out of sync with the server before manual resynchronisation is required. As this checks the time drift over multiple requests it needs to be greater than the value specified in TOTP Time Steps.
eab5e96b785a798b3028d13b19ca1b1afe615166Jon JonthomasauthFailed=Authentication Failed
eab5e96b785a798b3028d13b19ca1b1afe615166Jon JonthomasoutOfSync=Device has exceeded maximum clock drift. Please re-register your device.