#
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
#
# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
#
# The contents of this file are subject to the terms
# of the Common Development and Distribution License
# (the License). You may not use this file except in
# compliance with the License.
#
# You can obtain a copy of the License at
# See the License for the specific language governing
# permission and limitations under the License.
#
# When distributing Covered Code, include this CDDL
# Header Notice in each file and include the License file
# If applicable, add the following below the CDDL Header,
# with the fields enclosed by brackets [] replaced by
# your own identifying information:
# "Portions Copyrighted [year] [name of copyright owner]"
#
# $Id: amAuthWindowsDesktopSSO.properties,v 1.2 2008/06/25 05:40:35 qcheng Exp $
#
# Portions Copyrighted 2011-2014 ForgeRock AS
#
iplanet-am-auth-windowsdesktopsso-service-description=Windows Desktop SSO
a101=Service Principal
a101.help=The name of the Kerberos principal used during authentication
a101.help.txt=This principal must match the name used in the keytab file created from the Active Directory server.<br/>\
The format of the field is as follows:\<br/><br/><code>HTTP/openam.forgerock.com@AD_DOMAIN.COM</code>
a102=Keytab File Name
a102.help=The path of the AD keytab file
a102.help.txt=This is the absolute pathname of the AD keytab file. The keytab file is generated by the Active Directory server.
a102.help.uri=#tbd
a103=Kerberos Realm
a103.help=The name of the Kerberos (Active Directory) realm used for authentication
a104=Kerberos Server Name
a104.help=The hostname/IP address of the Kerberos (Active Directory) server.
a105=Return Principal with Domain Name
a105.help=Returns the fully qualified name of the authenticated user rather than just the username.
a108=Search for the user in the realm
a108.help=Validate that the user has a matched user profile configured in the data store.
a108.help.txt=If this option is enabled, the module validates whether the account corresponds to a user profile in the \
Data Store for the realm. The attributes to perform the search are configured under \
<i>Access Control > Realm Name > Authentication > All Core settings > Alias Search Attribute Name</i>.
a106=Authentication Level
a106.help=The authentication level associated with this module.
a106.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
associated with the module; 0 is the lowest (and the default).
a107=Trusted Kerberos realms
a107.help=List of trusted Kerberos realms for User Kerberos tickets.
a107.help.txt=If realms are configured, then Kerberos tickets are only accepted if the realm part of the UserPrincipalName \
of the Users Kerberos ticket matches a realm from the list.
token=Invalid Kerberos token.
auth=Failed to authentication.
serviceAuth=Service authentication failed.
context=Failed to establish context.
nullprincipal=Service principal name is null.
nullkeytab=Service keytab file is null.
nullrealm=KDC realm is null.
nullkdc=KDC server name is null.
nullauthlevel=Module auth level is null.
nokeytab=Keytab file {0} does not exist.
authlevel=Module auth level {0} is not correct.
idRepoSearch=IdRepo exception while trying to find the user {0} in the realm {1}
ssoSearch=SSO exception while trying to find the user {0} in the realm {1}
notfound=Unable to find the user {0} in the realm {1}
i18nTrue=Enabled
i18nFalse=Disabled
untrustedToken=Kerberos tokens from realm {0} are not trusted.