#
#
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
#
# Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
#
# The contents of this file are subject to the terms
# of the Common Development and Distribution License
# (the License). You may not use this file except in
# compliance with the License.
#
# You can obtain a copy of the License at
# See the License for the specific language governing
# permission and limitations under the License.
#
# When distributing Covered Code, include this CDDL
# Header Notice in each file and include the License file
# If applicable, add the following below the CDDL Header,
# with the fields enclosed by brackets [] replaced by
# your own identifying information:
# "Portions Copyrighted [year] [name of copyright owner]"
#
# $Id: agentService.properties,v 1.85 2009/12/23 00:16:19 babysunil Exp $
#
# Portions Copyrighted 2011-2015 ForgeRock AS.
# Portions Copyrighted 2013-2015 Nomura Research Institute, Ltd.
label.Empty=---EMPTY----
a10=USER_ID
a11=PROFILE_ATTRIBUTE
a12=HTTP_HEADER
a13=SESSION_PROPERTY
a14=LOG_NONE
a15=LOG_ALLOW
a16=LOG_DENY
a17=LOG_BOTH
a18=REMOTE
a19=ALL
a20=NONE
a21=HTTP_HEADER
a22=REQUEST_ATTRIBUTE
a23=HTTP_COOKIE
a24=LOCAL
a25=3DES
a26=AES
a27=subtree
a28=self
a29=1.3
a30=1.0
a100=Password
a100.confirm=Password (Confirm)
a101=Status
a101.help=Status of the agent configuration.
a102=Active
a103=Inactive
a105=true
a106=false
a109=Agent Notification URL
a109.help=URL used by agent to register notification listeners. (property name: com.sun.identity.client.notification.url) <br>Hot-swap: No
a110=Location of Agent Configuration Repository
a110.help=Indicates agent's configuration located either on agent's host or centrally on OpenAM server.
a111=centralized
a112=local
# J2EE Agent properties
a113=Agent Filter Mode
a113.help=Specifies the mode of operation of the Filter. (property name: com.sun.identity.agents.config.filter.mode) <br>Valid key: the web application name. <br>Valid values: ALL, J2EE_POLICY, URL_POLICY, SSO_ONLY, NONE <br>For this property, a global value can be set to apply to all the applications that don't have their own specific filter mode. <br>Hot-swap: No <br>Examples: <br>To set ALL as the global filter mode: leave Map Key field empty, and enter ALL in Corresponding Map Value field. <br>To set URL_POLICY as the filter mode for application BankApp: enter BankApp in Map Key field, and enter URL_POLICY in Corresponding Map Value field.
a114=User Mapping Mode
a114.help=Specifies mechanism agent uses to determine user-ID. (property name: com.sun.identity.agents.config.user.mapping.mode) <br>Hot-swap: Yes
a115=User Attribute Name
a115.help=Name of the attribute which contains the user-ID. (property name: com.sun.identity.agents.config.user.attribute.name) <br>Hot-swap: Yes
a116=User Principal Flag
a116.help=Use principal instead of just the user-ID for authenticating the user. (property name: com.sun.identity.agents.config.user.principal) <br>Hot-swap: Yes
a117=User Token Name
a117.help=Session property name for user-ID of the authenticated user in session. (property name: com.sun.identity.agents.config.user.token) <br>Hot-swap: Yes
a118=Client IP Address Header
a118.help=HTTP header name that holds the IP address of the client. (property name: com.sun.identity.agents.config.client.ip.header) <br>Hot-swap: Yes
a119=Client Hostname Header
a119.help=HTTP header name that holds the Hostname of the client. (property name: com.sun.identity.agents.config.client.hostname.header) <br>Hot-swap: Yes
a121=Configuration Reload Interval
a121.help=Interval in seconds between configuration reloads. (property name: com.sun.identity.agents.config.load.interval) <br>Hot-swap: Yes
a122=Locale Language
a122.help=(property name: com.sun.identity.agents.config.locale.language) <br>Hot-swap: No
a123=Locale Country
a123.help=(property name: com.sun.identity.agents.config.locale.country) <br>Hot-swap: No
a124=Audit Access Types
a124.help=Types of messages to log based on user URL access attempts. (property name: com.sun.identity.agents.config.audit.accesstype) <br>Hot-swap: Yes
a125=Audit Log Location
a125.help=Specifies where audit messages should be logged. (property name: com.sun.identity.agents.config.log.disposition) <br>Hot-swap: Yes
a126=Remote Log File Name
a126.help=Name of file stored on OpenAM server that contains agent audit messages. (property name: com.sun.identity.agents.config.remote.logfile) <br>Hot-swap: Yes
a128=Rotate Local Audit Log
a128.help=Flag to indicate that audit log files should be rotated when reaching a certain size. (property name: com.sun.identity.agents.config.local.log.rotate) <br>Hot-swap: Yes
a129=Local Audit Log Rotation Size
a129.help=Size limit when a local audit log file is rotated to a new file. (property name: com.sun.identity.agents.config.local.log.size) <br>Hot-swap: Yes
a131=Web Service Enable
a131.help=Flag specifies if Web Service processing is enabled. (property name: com.sun.identity.agents.config.webservice.enable) <br>Hot-swap: Yes
a132=Web Service End Points
a132.help=A list of Web Application end points that represent Web Services. (property name: com.sun.identity.agents.config.webservice.endpoint) <br>Hot-swap: Yes
a133=Web Service Process GET Enable
a133.help=Flag to indicates if the processing of HTTP GET requests for Web Service endpoints is enabled. (property name: com.sun.identity.agents.config.webservice.process.get.enable) <br>Hot-swap: Yes
a134=Web Service Authenticator
a134.help=An implementation class of interface com.sun.identity.agents.filter.IWebServiceAuthenticator that can be used to authenticate web-service requests. (property name: com.sun.identity.agents.config.webservice.authenticator) <br>Hot-swap: Yes
a134a=Web Service Response Processor
a134a.help=An implementation class of interface com.sun.identity.agents.filter.IWebServiceResponseProcessor that can be used to process the web-service responses. (property name: com.sun.identity.agents.config.webservice.responseprocessor) <br>Hot-swap: Yes
a135=Web Service Internal Error Content File
a135.help= The name of file that contains content used by the Agent to generate an internal error fault for clients. (property name: com.sun.identity.agents.config.webservice.internalerror.content) <br>Hot-swap: Yes
a136=Web Service Authorization Error Content File
a136.help=The name of file that contains content used by the Agent to generate an authorization error fault for clients. (property name: com.sun.identity.agents.config.webservice.autherror.content) <br>Hot-swap: Yes
a137=Resource Access Denied URI
a137.help=An application-specific Map that identifies a URI of the customized access denied page. (property name: com.sun.identity.agents.config.access.denied.uri) <br>Valid key: the web application name. <br>Valid value: the customized application access denied page URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific access denied page. <br>Hot-swap: Yes <br> Examples: <br>To set a global access denied page: leave Map Key field empty, and enter the global access denied page URI /sample/accessdenied.html in Corresponding Map Value field. <br> To set the access denied page URI for application BankApp: enter BankApp in Map Key field, and enter the application access denied page URI /BankApp/accessdenied.html in Corresponding Map Value field.
a138=Login Form URI
a138.help=List of absolute URIs corresponding to an application's web.xml form-login-page element. (property name: com.sun.identity.agents.config.login.form) <br>Hot-swap: Yes <br> Example: <br> /BankApp/jsp/login.jsp
a139=Login Error URI
a139.help=List of absolute URIs corresponding to an application's web.xml form-error-page element. (property name: com.sun.identity.agents.config.login.error.uri) <br>Hot-swap: Yes <br> Example: <br> /BankApp/jsp/error.jsp
a141=Use Internal Login
a141.help=Set to false if want to customize Login Content File instead of default internal content provided. (property name: com.sun.identity.agents.config.login.use.internal) <br>Hot-swap: Yes
a142=Login Content File Name
a142.help=Complete path and name of custom login content file. (property name: com.sun.identity.agents.config.login.content.file) <br>Hot-swap: Yes
a143=Custom Authentication Handler
a143.help=Application specific authentication handler to authenticate the logged on user with the application server. (property name: com.sun.identity.agents.config.auth.handler) <br>Valid key: the web application name. <br>Valid value: the authentication handler class name. <br>Hot-swap: Yes <br>Example: <br>To set authentication handler for application BankApp: enter BankApp in Map Key field, and enter authentication handler class name BankAuthHandler in Corresponding Map Value field.
a144=Custom Logout Handler
a144.help=Application specific logout handler to log out a user with the application server. (property name: com.sun.identity.agents.config.logout.handler) <br>Valid key: the web application name. <br>Valid value: the logout handler class name. <br>Hot-swap: Yes <br> Example: <br>To set logout handler for application BankApp: enter BankApp in Map Key field, and enter logout handler class name BankLogoutHandler in Corresponding Map Value field.
a145=Custom Verification Handler
a145.help=Application specific verification handler to validate the user credentials with the local repository. (property name: com.sun.identity.agents.config.verification.handler) <br>Valid key: the web application name. <br>Valid value: the verification handler class name. <br>Hot-swap: Yes <br> Example: <br> To set verification handler for application BankApp: enter BankApp in Map Key field, and enter verification handler class name BankVerificationHandler in Corresponding Map Value field.
a146=HTTP Session Binding
a146.help=If true will invalidate the http session when login has failed, user has no SSO session, or principal user name does not match SSO user name. (property name: com.sun.identity.agents.config.httpsession.binding) <br>Hot-swap: Yes
a147=Goto Parameter Name
a147.help=Property used only when CDSSO is enabled. Default value should be changed only when the login URL has a landing page specified <br> Example : com.sun.identity.agents.config.cdsso.cdcservlet.url = http://host:port/opensso/cdcservlet?goto=http://agent:port/landing.jsp <br> The parameter is used by the Agent to append the original request URL to this cdcserlet URL. This parameter is consumed by the landing page to redirect to the original URL. (property name: com.sun.identity.agents.config.redirect.param) <br>Hot-swap: Yes <br> Example: com.sun.identity.agents.config.redirect.param = goto2<br> The complete URL sent for authentication will be <br> http://host:port/opensso/cdcservlet?goto=http://agent:port/landing.jsp?goto2=http://agent.port/original.jsp
a148=OpenAM Login URL
a148.help=OpenAM login page URL. (property name: com.sun.identity.agents.config.login.url) <br>Hot-swap: Yes <br> Example: <br> http://host:port/opensso/UI/Login
a149=Login URL Prioritized
a149.help=Specifies if failover sequence for Login URLs or CDSSO URLs should be prioritized as defined in the OpenAM Login URL list. (property name: com.sun.identity.agents.config.login.url.prioritized) <br>Hot-swap: Yes
a151=Login URL Probe
a151.help=Specifies if agent will check the availability of these urls before redirecting to them. (property name: com.sun.identity.agents.config.login.url.probe.enabled) <br>Hot-swap: Yes
a152=Login URL Probe Timeout
a152.help=The connect timeout value in milliseconds, if also Login URL Probe is set to true. (property name: com.sun.identity.agents.config.login.url.probe.timeout) <br>Hot-swap: Yes
a153=Alternative Agent Host Name
a153.help=Host name identifying the Agent protected server to the client browsers if different from the actual host name. (property name: com.sun.identity.agents.config.agent.host) <br>Hot-swap: Yes
a154=Alternative Agent Port Name
a154.help=Port number identifying the Agent protected server listening port to the client browsers if different from the actual listening port. (property name: com.sun.identity.agents.config.agent.port) <br>Hot-swap: Yes
a155=Alternative Agent Protocol
a155.help=Protocol being used (http/https) by the client browsers to communicate with the Agent protected server if different from the actual protocol used by the server. (property name: com.sun.identity.agents.config.agent.protocol) <br>Hot-swap: Yes
a156=Login Attempt Limit
a156.help=Limit of failed login attempts for a user's single browser session until triggering the blocking of the user request. Value of 0 disables this feature. (property name: com.sun.identity.agents.config.login.attempt.limit) <br>Hot-swap: Yes
a158=SSO Cache Enable
a158.help=Specifies if the SSO Cache is active for the agent. Cache is used through public APIs exposed by the agent SDK. (property name: com.sun.identity.agents.config.amsso.cache.enable) <br>Hot-swap: Yes
a159=Cookie Reset
a159.help=Agent resets cookies in the response before redirecting to authentication. (property name: com.sun.identity.agents.config.cookie.reset.enable) <br>Hot-swap: Yes
a161=Cookies Reset Name List
a161.help=Cookie names that will be reset by the Agent if Cookie Reset is enabled. (property name: com.sun.identity.agents.config.cdsso.cookie.reset.name) <br>Hot-swap: Yes
a162=Cookies Reset Domain Map
a162.help=Maps cookie names specified in Cookie Reset Name List to value being the domain of this cookie to be used when a reset event occurs. (property name: com.sun.identity.agents.config.cookie.reset.domain) <br>Hot-swap: Yes
a163=Cookies Reset Path Map
a163.help=Maps cookie names specified in Cookie Reset Name List to value being the path of this cookie to be used when a reset event occurs. (property name: com.sun.identity.agents.config.cookie.reset.path) <br>Hot-swap: Yes
a164=Cross Domain SSO
a164.help=Enables Cross Domain Single SignOn. (property name: com.sun.identity.agents.config.cdsso.enable) <br>Hot-swap: Yes
a165=CDSSO Redirect URI
a165.help= An intermediate URI that is used by the Agent for processing CDSSO requests. (property name: com.sun.identity.agents.config.cdsso.redirect.uri) <br>Hot-swap: Yes
a166=CDSSO Servlet URL
a166.help=List of URLs of the available CDSSO controllers that may be used by the Agent for CDSSO processing. (property name: com.sun.identity.agents.config.cdsso.cdcservlet.url) <br>Hot-swap: Yes <br> Example: <br> http://host:port/opensso/cdcservlet
a167=CDSSO Clock Skew
a167.help=Time in seconds to be used by the Agent to determine the validity of the CDSSO AuthnResponse assertion. (property name: com.sun.identity.agents.config.cdsso.clock.skew) <br>Hot-swap: Yes
a167b=Realm
a167b.help=Which realm to start evaluating from. (property name: org.forgerock.openam.agents.config.policy.evaluation.realm) <br>Hot-swap: Yes
a167c=Application
a167c.help=Which application contains the policies to evaluate with. (property name: org.forgerock.openam.agents.config.policy.evaluation.application) <br>Hot-swap: Yes
a168=CDSSO Trusted ID Provider
a168.help=List of OpenAM Server/ID providers that should be trusted by the agent, when evaluating the CDC Liberty Responses. (property name: com.sun.identity.agents.config.cdsso.trusted.id.provider) <br>Hot-swap: Yes <br> Example: <br> http://host:port/opensso/cdcservlet
a169=CDSSO Secure Enable
a169.help=The SSO Token cookie set by the agent in the different domains in CDSSO mode will be marked secure. Only transmitted if the communications channel with host is a secure one. (property name: com.sun.identity.agents.config.cdsso.secure.enable) <br>Hot-swap: Yes
a170=CDSSO Domain List
a170.help=Domains for which cookies have to be set in a CDSSO scenario. (property name: com.sun.identity.agents.config.cdsso.domain) <br>Hot-swap: Yes <br> Example: <br> .sun.com
a171=Application Logout Handler
a171.help=An application-specific Map that identifies a handler to be used for logout processing. (property name: com.sun.identity.agents.config.logout.application.handler) <br>Valid key: the web application name. <br>Valid value: the application logout handler class name. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout handler. <br>Hot-swap: Yes <br> Examples: <br>To set a global application logout handler: leave Map Key field empty, and enter the global application logout handler class name GlobalApplicationLogoutHandler in Corresponding Map Value field. <br>To set the logout handler for application BankApp: enter BankApp in Map Key field, and enter the application logout handler class name BankAppLogoutHandler in Corresponding Map Value field.
a172=Application Logout URI
a172.help=An application-specific Map that identifies a request URI which indicates a logout event. (property name: com.sun.identity.agents.config.logout.uri) <br>Valid key: the web application name. <br>Valid value: the application logout URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout URI. <br>Hot-swap: Yes <br> Examples: <br>To set a global application logout URI: leave Map Key field empty, and enter the global application logout URI /logout.jsp in Corresponding Map Value field. <br> To set the logout URI for application BankApp: enter BankApp in Map Key field, and enter the application logout URI /BankApp/logout.jsp in Corresponding Map Value field.
a173=Logout Request Parameter
a173.help=An application-specific Map that identifies a parameter which when present in the HTTP request indicates a logout event. (property name: com.sun.identity.agents.config.logout.request.param) <br>Valid key: the web application name. <br>Valid value: the logout request parameter. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout request parameter. <br>Hot-swap: Yes <br> Examples: <br>To set a global application logout request parameter: leave Map Key field empty, and enter the global application logout request parameter logoutparam in Corresponding Map Value field. <br> To set the logout request parameter for application BankApp: enter BankApp in Map Key field, and enter the logout request parameter logoutparam in Corresponding Map Value field.
a174=Logout Introspect Enabled
a174.help=Allows the Agent to search HTTP request body to locate logout parameter. (property name: com.sun.identity.agents.config.logout.introspect.enabled) <br>Hot-swap: Yes
a175=Logout Entry URI
a175.help=An application-specific Map that identifies a URI to be used as an entry point after successful logout and subsequent successful authentication if applicable. (property name: com.sun.identity.agents.config.logout.entry.uri) <br>Valid key: the web application name. <br>Valid value: the logout entry URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout entry URI. <br>Hot-swap: Yes <br> Examples: <br>To set a global application logout entry URI: leave Map Key field empty, and enter the global application logout entry URI /welcome.html in Corresponding Map Value field. <br> To set the logout entry URI for application BankApp: enter BankApp in Map Key field, and enter the logout entry URI /BankApp/welcome.html in Corresponding Map Value field.
a176=FQDN Check
a176.help=Enables checking of fqdn default value and fqdn map values. (property name: com.sun.identity.agents.config.fqdn.check.enable) <br>Hot-swap: Yes
a177=FQDN Default
a177.help=Fully qualified hostname that the users should use in order to access resources. (property name: com.sun.identity.agents.config.fqdn.default) <br>Hot-swap: Yes
a178=FQDN Virtual Host Map
a178.help=Maps virtual, invalid, or partial hostnames, and IP addresses to the FQDN to access protected resources. (property name: com.sun.identity.agents.config.fqdn.mapping) <br>Hot-swap: Yes <br> Examples: <br> To map the partial hostname myserver to myserver.mydomain.com: enter myserver in the Map Key field and myserver.mydomain.com in the Corresponding Map Value field. To map a virtual server rst.hostname.com that points to the actual server abc.hostname.com: enter valid1 in the Map Key field and rst.hostname.com in the Corresponding Map Value field.
a179=Legacy User Agent Support Enable
a179.help=Enables support for legacy user agents (browser). (property name: com.sun.identity.agents.config.legacy.support.enable) <br>Hot-swap: Yes
a181=Legacy User Agent List
a181.help=List of user agent header values that identify legacy browsers. Entries in this list can have wild card character '*'. (property name: com.sun.identity.agents.config.legacy.user.agent) <br>Hot-swap: Yes
a182=Legacy User Agent Redirect URI
a182.help=An intermediate URI used by the Agent to redirect legacy user agent requests. (property name: com.sun.identity.agents.config.legacy.redirect.uri) <br>Hot-swap: Yes
a183=Custom Response Header
a183.help=Map specifies the custom headers that are set by the Agent on the client browser. The key is the header name and the value represents the header value. (property name: com.sun.identity.agents.config.response.header) <br>Hot-swap: Yes <br> Example: <br> To set the custom header Cache-Control to value no-cache: enter Cache-Control in Map Key field, and enter no-cache in Corresponding Map Value field.
a184=Redirect Attempt Limit
a184.help=Number of successive single point redirects that a user can make using a single browser session which will trigger the blocking of the user request. Set to 0 to disable this feature. (property name: com.sun.identity.agents.config.redirect.attempt.limit) <br>Hot-swap: Yes
a185=Port Check Enable
a185.help=Indicates if port check functionality is enabled or disabled. (property name: com.sun.identity.agents.config.port.check.enable) <br>Hot-swap: Yes
a186=Port Check File
a186.help=Name or complete path of a file that has the necessary content needed to handle requests that need port correction. (property name: com.sun.identity.agents.config.port.check.file) <br>Hot-swap: Yes
a187=Port Check Setting
a187.help=Map of port versus protocol entries with the key being the listening port number and value being the listening protocol to be used by the Agent to identify requests with invalid port numbers. (property name: com.sun.identity.agents.config.port.check.setting) <br>Hot-swap: Yes <br> Example: <br> To map port 80 to protocol http: enter 80 in Map Key field, and enter http in Corresponding Map Value field.
a188=Not Enforced URIs
a188.help=List of URIs for which protection is not enforced by the Agent. (property name: com.sun.identity.agents.config.notenforced.uri) <br>Hot-swap: Yes <br> Examples: <br> /BankApp/public/* <br> /BankApp/images/*
a189=Invert Not Enforced URIs
a189.help=Inverts protection of URIs specified in Not Enforced URIs list. When set to true, it indicates that the URIs specified should be enforced and all other URIs should be not enforced by the Agent. (property name: com.sun.identity.agents.config.notenforced.uri.invert) <br>Hot-swap: Yes
a191=Not Enforced URIs Cache Enabled
a191.help=Enables the caching of the Not Enforced URIs list evaluation results. (property name: com.sun.identity.agents.config.notenforced.uri.cache.enable) <br>Hot-swap: Yes
a192=Not Enforced URIs Cache Size
a192.help=Size of the cache to be used if caching of not enforced URI list evaluation results is enabled. (property name: com.sun.identity.agents.config.notenforced.uri.cache.size) <br>Hot-swap: Yes
a193=Not Enforced Client IP List
a193.help=No authentication and authorization protection from agent are required for the requests coming from these client IP addresses. (property name: com.sun.identity.agents.config.notenforced.ip) <br>Hot-swap: Yes <br> Examples: <br> 192.18.145.* <br> 192.18.146.123
a194=Not Enforced IP Invert List
a194.help=Client IP Addresses to invert protection of IP addresses listed in the related Not Enforced Client IP List. (property name: com.sun.identity.agents.config.notenforced.ip.invert) <br>Hot-swap: Yes
a195=Not Enforced IP Cache Flag
a195.help=Enable caching of not-enforced IP list evaluation results. (property name: com.sun.identity.agents.config.notenforced.ip.cache.enable) <br>Hot-swap: Yes
a196=Not Enforced IP Cache Size
a196.help=Size of the cache to be used if Not Enforced IP Cache Flag is enabled. (property name: com.sun.identity.agents.config.notenforced.ip.cache.size) <br>Hot-swap: Yes
a197=Cookie Separator Character
a197.help=Character that will be used to separate multiple values of the same attribute when it is being set as a cookie. (property name: com.sun.identity.agents.config.attribute.cookie.separator) <br>Hot-swap: Yes
a198=Fetch Attribute Date Format
a198.help=Format of date attribute values to be used when the attribute is being set as HTTP header. Format is based on java.text.SimpleDateFormat. (property name: com.sun.identity.agents.config.attribute.date.format) <br>Hot-swap: Yes
a199=Attribute Cookie Encode
a199.help=Indicates if the value of the attribute should be URL encoded before being set as a cookie. (property name: com.sun.identity.agents.config.attribute.cookie.encode) <br>Hot-swap: Yes
a200=Refresh Session Idle Time
a200.help=Indicates if opensso session idle time should be refreshed or reset for not enforced URIs. (property name: com.sun.identity.agents.config.notenforced.refresh.session.idletime) <br>Hot-swap: Yes
a201=Profile Attribute Fetch Mode
a201.help=The mode of fetching profile attributes. (property name: com.sun.identity.agents.config.profile.attribute.fetch.mode) <br>Hot-swap: Yes
a202=Profile Attribute Mapping
a202.help=Maps the profile attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.profile.attribute.mapping) <br>Hot-swap: Yes <br> Example: <br> To populate the value of profile attribute cn under name CUSTOM-Common-Name: enter cn in Map Key field, and enter CUSTOM-Common-Name in Corresponding Map Value field. <br> To populate the value of profile attribute mail under name CUSTOM-Email: enter mail in Map Key field, and enter CUSTOM-Email in Corresponding Map Value field.
a203=Session Attribute Fetch Mode
a203.help=The mode of fetching session attributes. (property name: com.sun.identity.agents.config.session.attribute.fetch.mode) <br>Hot-swap: Yes
a204=Session Attribute Mapping
a204.help=Maps the session attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.session.attribute.mapping) <br>Hot-swap: Yes <br> Example: <br> To populate the value of session attribute UserToken under name CUSTOM-userid: enter UserToken in Map Key field, and enter CUSTOM-userid in Corresponding Map Value field.
a205=Response Attribute Fetch Mode
a205.help=The mode of fetching policy response attributes. (property name: com.sun.identity.agents.config.response.attribute.fetch.mode) <br>Hot-swap: Yes
a206=Response Attribute Mapping
a206.help=Maps the policy response attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.response.attribute.mapping) <br>Hot-swap: Yes <br> Example: <br> To populate the value of response attribute uid under name CUSTOM-USER-NAME: enter uid in Map Key field, and enter CUSTOM-USER-NAME in Corresponding Map Value field.
a207=Bypass Principal List
a207.help=List of principals that are bypassed by the Agent for authentication and search purposes. (property name: com.sun.identity.agents.config.bypass.principal) <br>Hot-swap: Yes <br> Examples: <br> guest <br> testuser
a208=Default Privileged Attribute
a208.help=List of privileged attributes that will be granted to all users who have a valid OpenAM session. (property name: com.sun.identity.agents.config.default.privileged.attribute) <br>Hot-swap: Yes <br> Example: <br> AUTHENTICATED_USERS
a209=Privileged Attribute Type
a209.help=List of privileged attribute types that will be fetched for each user. (property name: com.sun.identity.agents.config.privileged.attribute.type) <br>Hot-swap: Yes <br> Example: <br> Group
a211=Privileged Attributes To Lower Case
a211.help=Maps the privileged attribute types to whether they should be converted to lowercase. (property name: com.sun.identity.agents.config.privileged.attribute.tolowercase) <br> Valid Keys: the privileged attribute types, such as Group, Role. <br>Valid value: true, false. <br>Hot-swap: Yes <br> Example: <br> Enter Group in Map Key field, and enter false in Corresponding Map Value field.
a212=Privileged Session Attribute
a212.help=List of session property names which hold privileged attributes for the authenticated user. (property name: com.sun.identity.agents.config.privileged.session.attribute) <br>Hot-swap: Yes <br> Example: <br> UserToken
a213=Enable Privileged Attribute Mapping
a213.help=Enable a mapping from the original value of an attribute to another value. To satisfy container-specific restrictions on character set being used in certain configuration files. (property name: com.sun.identity.agents.config.privileged.attribute.mapping.enable) <br>Hot-swap: Yes
a214=Privileged Attribute Mapping
a214.help=Map if using Enable Privileged Attribute Mapping. (property name: com.sun.identity.agents.config.privileged.attribute.mapping) <br>Hot-swap: Yes <br> Examples: <br> To map UUID id=manager,ou=group,dc=openam,dc=forgerock,dc=org to the principal name am_manager_role specified in webapp's deployment descriptor: enter id=manager,ou=group,dc=openam,dc=forgerock,dc=org in Map Key field, and enter am_manager_role in Corresponding Map Value field. <br> To map UUID id=employee,ou=group,dc=openam,dc=forgerock,dc=org to the principal name am_employee_role specified in webapp's deployment descriptor: enter id=employee,ou=group,dc=openam,dc=forgerock,dc=org in Map Key field, and enter am_employee_role in Corresponding Map Value field.
a215=Agent Debug Level
a215.help=Specifies type of agent debug messages to log. (property name: com.iplanet.services.debug.level) <br>Hot-swap: Yes
a216=Cookie Name
a216.help=Name of the SSO Token cookie used between the OpenAM server and the Agent. (property name: com.iplanet.am.cookie.name) <br>Hot-swap: No
a218=Enable Client Polling
a218.help=Specifies if the session client must use polling for updating session information and not depend upon server notifications. (property name: com.iplanet.am.session.client.polling.enable) <br>Hot-swap: No
a219=Client Polling Period
a219.help=Time in seconds after which the session client will request update of cached session information from the server. (property name: com.iplanet.am.session.client.polling.period) <br>Hot-swap: No
a221=Encryption Provider
a221.help=Specifies the encryption provider implementation to be used by the Agent. (property name: com.iplanet.security.encryptor) <br>Hot-swap: No
a222=Enable Notification of User Data Caches
a222.help=Enable notifications for amsdk and IdRepo Caches. (property name: com.sun.identity.idm.remote.notification.enabled) <br>Hot-swap: No
a223=User Data Cache Polling Time
a223.help=Cache update time in minutes for user management data. If set to '0' no updates happen. (property name: com.iplanet.am.sdk.remote.pollingTime) <br>Hot-swap: No
a224=Enable Notification of Service Data Caches
a224.help=Enable the notifications for service management caches. (property name: com.sun.identity.sm.notification.enabled) <br>Hot-swap: No
a225=Service Data Cache Time
a225.help=Cache update time in minutes for service configuration data. If set to '0' no updates happen. (property name: com.sun.identity.sm.cacheTime) <br>Hot-swap: No
a229=OpenAM Authentication Service Protocol
a229.help=Protocol to be used by the OpenAM authentication service. (property name: com.iplanet.am.server.protocol) <br>Hot-swap: No
a231=OpenAM Authentication Service Host Name
a231.help=Host name to be used by the OpenAM authentication service. (property name: com.iplanet.am.server.host) <br>Hot-swap: No
a232=OpenAM Authentication Service Port
a232.help=Port to be used by the OpenAM authentication service. (property name: com.iplanet.am.server.port) <br>Hot-swap: No
a235=Enable Policy Notifications
a235.help=Enable Notifications for remote policy client. (property name: com.sun.identity.agents.notification.enabled) <br>Hot-swap: No
a237=Policy Client Polling Interval
a237.help=Duration in minutes after which the cached entries are refreshed by remote policy client. (property name: com.sun.identity.agents.polling.interval) <br>Hot-swap: No
a238=Policy Client Cache Mode
a238.help=Mode of caching to be used by remote policy client. (property name: com.sun.identity.policy.client.cacheMode) <br>Hot-swap: No
a239=Policy Client Boolean Action Values
a239.help=Boolean action values for policy action names. (property name: com.sun.identity.policy.client.booleanActionValues) <br>Hot-swap: No
a241=Policy Client Resource Comparators
a241.help=Resource Comparators to be used for different service names. (property name: com.sun.identity.policy.client.resourceComparators) <br>Hot-swap: No
a242=Policy Client Clock Skew
a242.help=Time in seconds which is allowed to accommodate the time difference between the OpenAM server machine and the remote policy client machine. (property name: com.sun.identity.policy.client.clockSkew) <br>Hot-swap: No
a243=URL Policy Env GET Parameters
a243.help=List of HTTP GET request parameters whose names and values will be set in the environment map for URL policy evaluation at OpenAM server.(property name: com.sun.identity.agents.config.policy.env.get.param) <br>Hot-swap: Yes <br> Examples: <br> name <br> phonenumber
a244=URL Policy Env POST Parameters
a244.help=List of HTTP POST request parameters whose names and values will be set in the environment map for URL policy evaluation at OpenAM server.(property name: com.sun.identity.agents.config.policy.env.post.param) <br>Hot-swap: Yes <br> Examples: <br> name <br> phonenumber
a245=URL Policy Env jsession Parameters
a245.help=List of HTTP SESSION attributes whose names and values will be set in the environment map for URL policy evaluation at OpenAM server. (property name: com.sun.identity.agents.config.policy.env.jsession.param) <br>Hot-swap: Yes <br> Examples: <br> name <br> phonenumber
a246=Agent Configuration Change Notification
a246.help=Enable agent to receive notification messages from OpenAM server for configuration changes. (property name: com.sun.identity.agents.config.change.notification.enable) <br>Hot-swap: Yes
a247=Custom Properties
a247.help=Additional properties that allow users to augment the set of properties supported by agent. (property name: com.sun.identity.agents.config.freeformproperties) <br>Hot-swap: Yes <br> Examples: <br> customproperty=custom-value1 <br> customlist[0]=customlist-value-0 <br> customlist[1]=customlist-value-1 <br> custommap[key1]=custommap-value-1 <br> custommap[key2]=custommap-value-2
a248=WebAuthentication Available
a248.help=Enable agent to make programmatic authentication with the JBoss web container using WebAuthentication feature. (property name: com.sun.identity.agents.config.jboss.webauth.available) <br>Hot-swap: Yes
a250=off
a251=error
a252=warning
a253=message
a254=OpenAM Logout URL
a254.help=OpenAM logout page URL. (property name: com.sun.identity.agents.config.logout.url) <br>Hot-swap: Yes <br> Example: <br> http://host:port/opensso/UI/Logout
a255=Logout URL Prioritized
a255.help=Specifies if failover sequence for Logout URLs should be prioritized as defined in the OpenAM Login URL list. (property name: com.sun.identity.agents.config.logout.url.prioritized) <br>Hot-swap: Yes
a256=Logout URL Probe
a256.help=Specifies if agent will check the availability of these urls before redirecting to them. (property name: com.sun.identity.agents.config.logout.url.probe.enabled) <br>Hot-swap: Yes
a257=Logout URL Probe Timeout
a257.help=The connect timeout value in milliseconds, if also Logout URL Probe is set to true. (property name: com.sun.identity.agents.config.logout.url.probe.timeout) <br>Hot-swap: Yes
a258=Possible XSS code elements
a258.help=If one of these strings occurs in the request, the client is redirected to an error page. (property name: com.sun.identity.agents.config.xss.code.elements) <br>Hot-swap: Yes
a259=XSS detection redirect URI
a259.help=An application-specific Map that identifies a URI of the customized page if XSS code has been deteced. (property name: com.sun.identity.agents.config.xss.redirect.uri) <br>Hot-swap: Yes <br>Examples: <br>To set a redirect target for application BankApp: enter BankApp in Map Key field, and enter a redirect URI in Corresponding Map Value field.
a260=Use HTTP-Redirect for composite advice
a260.help=Configure remote policy client to use HTTP-redirect instead of HTTP-POST for composite advices. (property name: com.sun.identity.agents.config.policy.advice.use.redirect) <br>Hot-swap: Yes
a261=Post Data Preservation enabled
a261.help=Post Data Preservation functionality basically stores any POST data before redirecting the user to the login screen and after successful login the agent will generate a page that autosubmits the same POST to the original URL. (property name: com.sun.identity.agents.config.postdata.preserve.enable)
a262=Missing PDP entry URI
a262.help=An application-specific URI Map that is used in case the referenced PDP entry cannot be found in the local cache (due to ttl). In such cases it will redirect to the specified URI, otherwise it will show a HTTP 403 Forbidden error. (property name: com.sun.identity.agents.config.postdata.preservce.cache.noentry.url)<br>Examples: <br>To set a redirect target for application BankApp: enter Bankapp in Map Key field and enter a redirect URI in corresponding Map Value field.
a263=PDP entry TTL
a263.help=This value tells how long a given POST entry should be stored in the local cache (in milliseconds), default value is 300000. (property name: com.sun.identity.agents.config.postdata.preserve.cache.entry.ttl)
a264=PDP Stickysession mode
a264.help=The PDP mechanism needs sticky loadbalancing, the URL mode will append a querystring, while the Cookie mode will create a cookie. (property name: com.sun.identity.agents.config.postdata.preserve.stickysession.mode)
a265=URL
a266=Cookie
a267=PDP Stickysession key-value
a267.help=The provided key-value pair will be used for adding to the URL or creating the cookie. <br>Example: <br>Set 'lb=server1' to append to the querystring or to have 'lb' cookie with 'server1' value. (property name: com.sun.identity.agents.config.postdata.preserve.stickysession.value)
a268=Shortened privilege attribute values
a268.help=When using privileged attribute type, this setting will ensure that the membership details will be stored \
in a shortened format and not in the default universal ID format.
a268.help.txt=By default the agent maps identity memberships using their universal IDs (e.g. \
id=admin,ou=group,dc=openam,dc=forgerock,dc=org), however this may not be always acceptable. Using this setting the \
identity membership details will be mapped in a shortened format, only including the group's/role's name (e.g. \
admin). Be aware that in case there are both roles and groups in the data store, this setting will make them \
indistinguishable from each other, i.e. if there is a group and a role with the same name it will not be possible to \
differentiate them.
# WSS Agents properties
a301=Security Mechanism
a302=STS Configuration
a302.help=This is required if Security Mechanism is set to STSSecurity
a303=Discovery Configuration
a303.help=This is required if Security Mechanism is set to LibertyDiscoverySecurity
a304=User Authentication Required
a305=Is Request Signed Enabled
a306=Is Request Header Encrypted
a307=Is Request Body Encrypted
a308=Is Response Signature Verified
a309=Is Response Encrypted
a309.help=Only Encrypted When Body is Encrypted.
a310=Preserve Security Headers in Message
a311=Use Default Keystore
a312=Location of Key Store
a313=Password of Key Store
a314=Password of Key
a315=Private Key Alias
a315.help=Key to sign Web Service Request / Response.
a316=Public Key Alias of Web Service Provider
a316.help=Key to encrypt Web Service Request.
a317=Web Service End Point
a317.help=This end point is optional unless the web service provider is configured to use Liberty tokens.
a318=Web Service Security Proxy End Point
a318.help=This end point is optional unless it is configured to use web security proxy.
a319=Liberty Service Type URN
a319.help=This is optional until Security Mechanism is LibertyDiscoverySecurity.
a320=Credential for User Token
a321=Authentication Chain
a322=Is Request Signature Verified
a323.title=Is Request Encryption Enabled
a323=Is Request Header Decrypted
a323.header=Header
a324=Is Request Body Decrypted
a324.body=Body
a325=Is Response Signed Enabled
a326=Is Response Encrypted
a326.help=Only Encrypted When Body is Encrypted.
a327=Private Key Type
a328=Public Key Alias of Web Service Client
a328.help=Key to encrypt Web Service Response
a329=Public Key Alias of Security Token Service
a330=Security Token Service End Point
a331=Security Token Service MEX End Point
a332=Discovery Service End Point
a333=Authentication Web Service End Point
a334=SAML Attribute Mapping
a335=SAML NameID Mapper Plugin
a336=SAML Attributes Namespace
a337=Include Memberships
a338=Kerberos Domain Server
a339=Kerberos Domain
a340=Kerberos Service Principal
a341=Kerberos Key Tab File
a342=Verify Kerberos Signature
a342.help=This is optional and must be enabled only when JDK6 is used.
a343=Token Conversion Type
a344=SSOToken
a345=SAML11Token
a346=SAML2Token
a350= Kerberos Domain Server
a351= Kerberos Domain
a352= Kerberos Service Principal
a353= Kerberos Ticket Cache Directory
a354= Use Pass Through Security Token
a354.help=This is valid for proxy web services client and will be used only when the SAML security mechanisms are enabled.
a355= Signing Reference Type.
a355.help=This applies only for X509 Token Security Mechanism
a356=Direct Reference
a357=KeyIdentifier Reference
a358=X509 Issuer Serial Reference
a359=Encryption Algorithm
a360=Encryption Strength
a360.help=For 3DES, the encryption strengths should be used are 0, 112, 168 and for AES they should be 128, 192 or 256.
a361=WS-Trust Version
a362=Detect User Token Replay
a363=Detect Message Replay
a364=Requested Key Type
a365=PublicKey
a366=SymmetricKey
a367=Requested Claims
a367.help=These are the requested attributes from the STS for an WSP.
a368=DNS Claim
a368.help=DNS Name that can uniquely identify the entity.
a369=Signed Elements
# Web Agent Properties
a400=Cookie Name
a400.help=Name of the SSO Token cookie used between the OpenAM server and the Agent. (property name: com.sun.identity.agents.config.cookie.name)<br>Hot-swap: No
a401=Cookie Security
a401.help=Agent sends secure cookies if communication is secure. (property name: com.sun.identity.agents.config.cookie.secure) <br>Hot-swap: No
a402=Ignore Path Info for Not Enforced URLs
a402.help=Indicate whether the path info and query should be stripped from the request URL before being compared with the URLs of the not enforced list when those URLs have a wildcard '*' character. (property name: com.sun.identity.agents.config.ignore.path.info.for.not.enforced.list) <br>Hot-swap: Yes
a403=Encode special chars in Cookies
a403.help=Encode special chars in cookie by URL encoding. Useful when profile, session and response attributes contain special chars and attributes fetch mode is set to HTTP_COOKIE. (property name: com.sun.identity.agents.config.encode.cookie.special.chars.enable) <br>Hot-swap: Yes
a405=Enable Notifications
a405.help=The notifications help in maintaining agent's sso, policy and configuration caches. (property name: com.sun.identity.agents.config.notification.enable) <br>Hot-swap: No
a406=Agent Notification URL
a406.help=URL used by agent to register notification listeners. (property name: com.sun.identity.client.notification.url) <br>Hot-swap: No
a407=URL Comparison Case Sensitivity Check
a407.help=Enforces case insensitivity in both policy and not enforced url evaluation. (property name: com.sun.identity.agents.config.url.comparison.case.ignore) <br>Hot-swap: Yes
a408=Policy Cache Polling Period
a408.help=Polling interval in minutes to refresh agent's policy cache. (property name: com.sun.identity.agents.config.policy.cache.polling.interval) <br>Hot-swap: No
a409=SSO Cache Polling Period
a409.help=Polling interval in minutes to refresh agent's sso cache. (property name: com.sun.identity.agents.config.sso.cache.polling.interval) <br>Hot-swap: No
a410=User ID Parameter
a410.help=Agent sets value of User Id to REMOTE_USER server variable. (property name: com.sun.identity.agents.config.userid.param) <br>Hot-swap: Yes
a411=User ID Parameter Type
a411.help=User ID can be fetched from either SESSION and LDAP attributes. (property name: com.sun.identity.agents.config.userid.param.type) <br>Hot-swap: Yes
a412=Profile Attribute Fetch Mode
a412.help= (property name: com.sun.identity.agents.config.profile.attribute.fetch.mode) <br>Hot-swap: Yes
a413=Profile Attribute Map
a413.help=Maps the profile attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.profile.attribute.mapping) <br>Hot-swap: Yes <br> Example: <br> To populate the value of profile attribute cn under name CUSTOM-Common-Name: enter cn in Map Key field, and enter CUSTOM-Common-Name in Corresponding Map Value field. <br> To populate the value of profile attribute mail under name CUSTOM-Email: enter mail in Map Key field, and enter CUSTOM-Email in Corresponding Map Value field.
a414=Session Attribute Fetch Mode
a414.help= (property name: com.sun.identity.agents.config.session.attribute.fetch.mode) <br>Hot-swap: Yes
a415=Session Attribute Map
a415.help=Maps the session attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.session.attribute.mapping) <br>Hot-swap: Yes <br> Example: <br> To populate the value of session attribute UserToken under name CUSTOM-userid: enter UserToken in Map Key field, and enter CUSTOM-userid in Corresponding Map Value field.
a416=Response Attribute Fetch Mode
a416.help= (property name: com.sun.identity.agents.config.response.attribute.fetch.mode) <br>Hot-swap: Yes
a417=Response Attribute Map
a417.help=Maps the policy response attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.response.attribute.mapping) <br>Hot-swap: Yes <br> Example: <br> To populate the value of response attribute uid under name CUSTOM-USER-NAME: enter uid in Map Key field, and enter CUSTOM-USER-NAME in Corresponding Map Value field.
a418=Attributes Values Separator
a418.help=Separator character used by profile, session and response attribute maps. (property name: com.sun.identity.agents.config.attribute.multi_value_separator) <br>Hot-swap: Yes
a419=Load Balancer Setup
a419.help=Set to true if a load balancer is used for OpenAM services. (property name: com.sun.identity.agents.config.load.balancer.enable) <br>Hot-swap: No
a420=Ignore Server Check
a420.help=Agent uses this value to check OpenAM is up before doing a 302 redirect. (property name: com.sun.identity.agents.config.ignore.server.check) <br>Hot-swap: Yes
a421=Ignore Preferred Naming URL in Naming Request
a421.help=Agent uses this value to send preferred naming url in the naming request. (property name: com.sun.identity.agents.config.ignore.preferred.naming.url) <br>Hot-swap: Yes
a422=Polling Period for Primary Server
a422.help=Interval in minutes, agent polls to check the primary server is up and running. (property name: com.sun.identity.agents.config.poll.primary.server) <br>Hot-swap: No
a423=OpenAM Login URL
a423.help=OpenAM login page URL. (property name: com.sun.identity.agents.config.login.url) <br>Hot-swap: Yes <br> Example: <br> http://host:port/opensso/UI/Login
a426=Agent Deployment URI Prefix
a426.help=(property name: com.sun.identity.agents.config.agenturi.prefix)<br>Hot-swap: Yes
a427=Agent Locale
a427.help=The default locale for the product. (property name: com.sun.identity.agents.config.locale) <br>Hot-swap: No
a428=SSO Only Mode
a428.help=Agent will just enforce authentication (SSO), but no authorization for policies. (property name: com.sun.identity.agents.config.sso.only) <br>Hot-swap: Yes
a429=Resources Access Denied URL
a429.help=The URL of the customized access denied page. (property name: com.sun.identity.agents.config.access.denied.url) <br>Hot-swap: Yes
a430=FQDN Check
a430.help=Enables checking of fqdn default value and fqdn map values. (property name: com.sun.identity.agents.config.fqdn.check.enable) <br>Hot-swap: Yes
a431=FQDN Default
a431.help=Fully qualified hostname that the users should use in order to access resources. (property name: com.sun.identity.agents.config.fqdn.default) <br>Hot-swap: Yes
a432=FQDN Virtual Host Map
a432.help=Maps virtual, invalid, or partial hostnames, and IP addresses to the FQDN to access protected resources. (property name: com.sun.identity.agents.config.fqdn.mapping) <br>Hot-swap: Yes <br> Examples: <br> To map the partial hostname myserver to myserver.mydomain.com: enter myserver in the Map Key field and myserver.mydomain.com in the Corresponding Map Value field. To map a virtual server rst.hostname.com that points to the actual server abc.hostname.com: enter valid1 in the Map Key field and rst.hostname.com in the Corresponding Map Value field.
a433=Cookie Reset
a433.help=Agent reset cookies in the response before redirecting to authentication. (property name: com.sun.identity.agents.config.cookie.reset.enable) <br>Hot-swap: Yes
a434=Cookies Reset Name List
a434.help=List of cookies in the format: name[=value][;Domain=value]. (property name: com.sun.identity.agents.config.cookie.reset) <br>Hot-swap: Yes <br> Examples: <br> Cookie1 <br> Cookie2=value;Domain=subdomain.domain.com
a435=Cross Domain SSO
a435.help=Enables Cross-Domain Single Sign On. (property name: com.sun.identity.agents.config.cdsso.enable) <br>Hot-swap: Yes
a436=Anonymous User Default Value
a436.help=User id of unauthenticated users. (property name: com.sun.identity.agents.config.anonymous.user.id) <br>Hot-swap: Yes
a437=Anonymous User
a437.help=Enable/Disable REMOTE_USER processing for anonymous users. (property name: com.sun.identity.agents.config.anonymous.user.enable) <br>Hot-swap: Yes
a438=Not Enforced URLs
a438.help=List of urls for which no authentication required. (property name: com.sun.identity.agents.config.notenforced.url) <br>Hot-swap: Yes <br> Example: <br> http://myagent.mydomain.com/*.gif
a439=Invert Not Enforced URLs
a439.help=Only not enforced list of urls will be enforced. (property name: com.sun.identity.agents.config.notenforced.url.invert) <br>Hot-swap: Yes
a440=Not Enforced Client IP List
a440.help=No authentication and authorization are required for the requests coming from these client IP addresses. (property name: com.sun.identity.agents.config.notenforced.ip) <br>Hot-swap: Yes <br> Examples: <br> 192.18.145.* <br> 192.18.146.123
a441=POST Data Preservation
a441.help=Enables POST data preservation.(property name: com.sun.identity.agents.config.postdata.preserve.enable) <br> Note that this feature is not supported in all the web agents. Please refer individual agents documentation for more details. <br>Hot-swap: Yes
a442=POST Data Entries Cache Period
a442.help=POST cache entry lifetime in minutes. (property name: com.sun.identity.agents.config.postcache.entry.lifetime) <br>Hot-swap: Yes
a443=CDSSO Servlet URL
a443.help=List of URLs of the available CDSSO controllers that may be used by the Agent for CDSSO processing. (property name: com.sun.identity.agents.config.cdsso.cdcservlet.url) <br>Hot-swap: Yes <br> Example: <br> http://host:port/opensso/cdcservlet
a444=Cookies Domain List
a444.help=List of domains in which cookies have to be set in CDSSO.(property name: com.sun.identity.agents.config.cdsso.cookie.domain) <br>Hot-swap: Yes <br> Example: <br> .sun.com
a445=Client IP Validation
a445.help=This validates if the subsequent browser requests come from the same ip address that the SSO token is initially issued against. (property name: com.sun.identity.agents.config.client.ip.validation.enable) <br>Hot-swap: Yes
a446=Profile Attributes Cookie Prefix
a446.help=Sets cookie prefix in the attributes headers. (property name: com.sun.identity.agents.config.profile.attribute.cookie.prefix) <br>Hot-swap: Yes
a447=Profile Attributes Cookie Maxage
a447.help=Maxage of attributes cookie headers. (property name: com.sun.identity.agents.config.profile.attribute.cookie.maxage) <br>Hot-swap: Yes
a448=Logout URL List
a448.help=List of application logout URLs. User gets logged out from OpenAM session when these urls accessed. (property name: com.sun.identity.agents.config.agent.logout.url). If this property is used, user should specify a value for the below Logout Redirect URL property.<br>Hot-swap: Yes <br> Example: <br> http://myagent.mydomain.com/logout.html
a449=Logout Cookies List for Reset
a449.help=Any cookies to be reset upon logout in the same format as cookie reset list. (property name: com.sun.identity.agents.config.logout.cookie.reset) <br>Hot-swap: Yes <br> Cookie1 <br> Cookie2=value;Domain=subdomain.domain.com
a450=Fetch Policies from Root Resource
a450.help=Agent caches policy decision of the resource and all resources from the root of the resource down. (property name: com.sun.identity.agents.config.fetch.from.root.resource) <br>Hot-swap: No
a451=Retrieve Client Hostname
a451.help=Gets the client's hostname through DNS reverse lookup for use in policy evaluation. (property name: com.sun.identity.agents.config.get.client.host.name) <br>Hot-swap: Yes
a452=Native Encoding of Profile Attributes
a452.help=Agent encodes the ldap header values in the default encoding of OS locale. If false, UTF-8 gets used. (property name: com.sun.identity.agents.config.convert.mbyte.enable) <br>Hot-swap: Yes
a453=Encode URL's Special Characters
a453.help=Encodes the url which has special characters before doing policy evaluation. (property name: com.sun.identity.agents.config.encode.url.special.chars.enable) <br>Hot-swap: Yes
a454=Ignore Path Info in Request URL
a454.help=The path info will be stripped from the request URL while doing Not Enforced List check and url policy evaluation if the value is set to true. (property name: com.sun.identity.agents.config.ignore.path.info) <br>Hot-swap: Yes
a455=Override Request URL Protocol
a455.help=Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the protocol with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.protocol) <br>Hot-swap: Yes
a456=Override Request URL Host
a456.help=Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the host with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.host) <br>Hot-swap: Yes
a457=Override Request URL Port
a457.help=Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the port with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.port) <br>Hot-swap: Yes
a458=Override Notification URL
a458.help=Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the URL with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.notification.url) <br>Hot-swap: Yes
a459=Agent Connection Timeout
a459.help=Timeout period in seconds for an agent connection with OpenAM auth server. (property name: com.sun.identity.agents.config.auth.connection.timeout) <br>Hot-swap: Yes
a460=Polling Period for Primary Server
a460.help=Interval in minutes, agent polls to check the primary server is up and running. (property name: com.sun.identity.agents.config.poll.primary.server) <br>Hot-swap: No
a461=Agent Locale
a461.help=The default locale for the product. (property name: com.sun.identity.agents.config.locale) <br>Hot-swap: No
a462=Override Proxy Server's Host and Port
a462.help=(property name: com.sun.identity.agents.config.proxy.override.host.port) <br>Hot-swap: No
a463=Configuration Reload Interval
a463.help=Interval in minutes to fetch agent configuration from OpenAM. (property name: com.sun.identity.agents.config.polling.interval) <br>Hot-swap: No
a464=Configuration Cleanup Interval
a464.help=Interval in minutes to cleanup old agent configuration entries. (property name: com.sun.identity.agents.config.cleanup.interval) <br>Hot-swap: No
a465=Custom Properties
a465.help=Additional properties that allow users to augment the set of properties supported by agent. (property name: com.sun.identity.agents.config.freeformproperties) <br>Hot-swap: Yes <br> Examples: <br> customproperty=custom-value1 <br> customlist[0]=customlist-value-0 <br> customlist[1]=customlist-value-1 <br> custommap[key1]=custommap-value-1 <br> custommap[key2]=custommap-value-2
a467=Fetch Attributes for Not Enforced URLs
a467.help=Agent fetches profile attributes for not enforced urls by doing policy evaluation. (property name: com.sun.identity.agents.config.notenforced.url.attributes.enable) <br>Hot-swap: Yes
a468=Error
a469=Warning
a470=Info
a471=Message
a472=All
a473=HIGH
a474=LOW
a475=MEDIUM
a476=DEFAULT
a477=Authentication Type
a477.help=(property name: com.sun.identity.agents.config.iis.auth.type)
a478=Replay Password Key
a478.help=DES key for decrypting the basic authentication password in the session. (property name: com.sun.identity.agents.config.replaypasswd.key)
a479=Filter Priority
a479.help=The loading priority of filter.(property name: com.sun.identity.agents.config.iis.filter.priority)
a480=Filter configured with OWA
a480.help=Set to true if the IIS agent filter is configured for OWA.(property name: com.sun.identity.agents.config.iis.owa.enable)
a481=Change URL Protocol to https
a481.help=If true, avoids IE6 security pop-ups. (property name: com.sun.identity.agents.config.iis.owa.enable.change.protocol)
a482=Idle Session Timeout Page URL
a482.help=URL of the local idle session timeout page. (property name: com.sun.identity.agents.config.iis.owa.enable.session.timeout.url)
a483=Check User in Domino Database
a483.help=If true, agent checks user existence in Domino name database. (property name: com.sun.identity.agents.config.domino.check.name.database)
a484=Use LTPA token
a484.help=Set to true if agent needs to use LTPA Token. (property name: com.sun.identity.agents.config.domino.ltpa.enable)
a485=LTPA Token Cookie Name
a485.help=The name of the cookie that contains the LTPA token. (property name: com.sun.identity.agents.config.domino.ltpa.cookie.name)
a486=LTPA Token Configuration Name
a486.help=The configuration name that the agent uses in order to employ the LTPA token mechanism. (property name: com.sun.identity.agents.config.domino.ltpa.config.name)
a487=LTPA Token Organization Name
a487.help=The organization name to which the LTPA token belongs. (property name: com.sun.identity.agents.config.domino.ltpa.org.name)
a488=Policy Clock Skew
a488.help=Time in seconds used adjust time difference between Agent machine and OpenAM. Clock skew in seconds = AgentTime - OpenAMServerTime. (property name: com.sun.identity.agents.config.policy.clock.skew) <br>Hot-swap: No
a488b=Realm
a488b.help=Which realm to start evaluating from (property name: org.forgerock.openam.agents.config.policy.evaluation.realm) <br>Hot-swap: Yes
a488c=Application
a488c.help=Which application contains the policies to evaluate with (property name: org.forgerock.openam.agents.config.policy.evaluation.application) <br>Hot-swap: Yes
a489=Audit Access Types
a489.help=Types of messages to log based on user URL access attempts. (property name: com.sun.identity.agents.config.audit.accesstype) <br>Hot-swap: Yes
a490=Audit Log Location
a490.help=Specifies where audit messages should be logged. (property name: com.sun.identity.agents.config.log.disposition) <br>Hot-swap: Yes
a491=Remote Log Filename
a491.help=Name of file stored on OpenAM server that contains agent audit messages. (property name: com.sun.identity.agents.config.remote.logfile) <br>Hot-swap: No
a492=Remote Audit Log Interval
a492.help=Periodic interval in minutes in which audit log messages are sent to remote log file. (property name: com.sun.identity.agents.config.remote.log.interval) <br>Hot-swap: No
a493=Rotate Local Audit Log
a493.help=Flag to indicate that audit log files should be rotated when reaching a certain size. (property name: com.sun.identity.agents.config.local.log.rotate) <br>Hot-swap: Yes
a494=Local Audit Log Rotation Size
a494.help=Size limit in bytes when a local audit log file is rotated to a new file. (property name: com.sun.identity.agents.config.local.log.size) <br>Hot-swap: Yes
a495=Agent Debug Level
a495.help=Agent debug level. (property name: com.sun.identity.agents.config.debug.level) <br>Hot-swap: Yes
a496=Agent Debug File Rotation
a496.help=Debug file gets rotated based on the size specified. (property name: com.sun.identity.agents.config.debug.file.rotate) <br>Hot-swap: Yes
a497=Agent Debug File Size
a497.help=Agent debug file size in bytes. (property name: com.sun.identity.agents.config.debug.file.size) <br>Hot-swap: Yes
a498=Attribute Multi Value Separator
a498.help=Specifies separator for multiple values. Applies to all types of attributes i.e. profile, session and response attributes. (property name: com.sun.identity.agents.config.attribute.multi.value.separator) <br>Hot-swap: Yes
a499=Logout Redirect URL
a499.help= User gets redirected to this url after logout. (property name: com.sun.identity.agents.config.logout.redirect.url). This property should be specified along with the above Logout URL List.<br>Hot-swap: Yes
# 2.2 Policy Agent properties
a500=Description
a501=Agent Key Value(s)
a501.help=Set the agent properties with a key/value pair. This property is used by OpenAM to receive agent requests \
for credential assertions about users. Currently, only one property is valid and all other properties will be \
ignored. Use the following format: <br> agentRootURL=protocol://hostname:port/ <br> The entry must be precise and \
agentRootURL is case sensitive.
# Agent Authenticator properties
a600=Agent Profiles allowed to Read.
a601=Agent Root URL for CDSSO
a601.help=The agent root URL for CDSSO. The valid value is in the following format: \
<br>protocol://hostname:port/<br> The protocol represents the protocol used, such as http or https. The hostname represents the host name of the machine on which the agent resides. The port represents the port number on which the agent is installed. The slash following the port number is required.
# IIS7 Agent properties
a602=Show Password in HTTP Header
a602.help=Set to true if encrypted password should be set in HTTP header AUTH_PASSWORD. \
(property name: com.sun.identity.agents.config.iis.password.header)
a603=Logon and Impersonation
a603.help=Set to true if agent should do Windows Logon and User Impersonation. \
(property name: com.sun.identity.agents.config.iis.logonuser)
# OAuth 2.0 Client properties
a700=Client password
a700.help=Client password. Used when the client authenticates to OpenAM.
a701=Client type
a701.help=Type of OAuth 2.0 client. Confidential clients can keep their password secret, and are typically web apps or \
other server-based clients. Public clients run the risk of exposing their password to a host or user agent, such as \
rich browser applications or desktop clients.
a702=Confidential
a703=Public
a704=Redirection URIs
a704.help=Redirection URIs (optional for confidential clients). Complete URIs or URIs consisting of protocol + \
authority + path are registered so that the OAuth 2.0 provider can trust that tokens are sent to trusted entities. \
If multiple URI's are registered, the client MUST specify the URI that the user should be redirected to following \
approval. May not contain a fragment (#).
a705=Scope(s)
a705.help=Scope(s). Scopes are strings that are presented to the user for approval and included in tokens so that the \
protected resource may make decisions about what to give access to.
a705.help.txt=Scopes may be entered as simple strings or pipe separated strings representing the internal scope name, \
locale, and localized description; e.g. "read|en|Permission to view email messages in your account". Locale strings \
are in the format <code>language + "_" + country + "_" + variant</code>, e.g. en, en_GB, en_US_WIN. \
If the locale and pipe is omitted, the description is displayed to all users having undefined locales. \
e.g. "read|Permission to view email messages in your account". \
<i>NB</i> If the description is also omitted, nothing is displayed to all users, e.g. specifying "read|" would allow \
the scope "read" to be used by the client, but would not display it to the user when it was requested.
a7055=Claim(s)
a7055.help=List of claim name translations, which will override those specified for the AS. Claims are values that \
are presented to the user to inform them what data is being made available to the Client.
a7055.help.txt=Claims may be entered as simple strings or pipe separated strings representing the internal claim name, \
locale, and localized description; e.g. "read|en|Permission to view email messages in your account". Locale strings \
are in the format <code>language + "_" + country + "_" + variant</code>, e.g. en, en_GB, en_US_WIN. \
If the locale and pipe is omitted, the description is displayed to all users having undefined locales. \
e.g. "name|Your full name". \
<i>NB</i> If the description is also omitted, nothing is displayed to all users, e.g. specifying "name|" would allow \
the claim "name" to be used by the client, but would not display it to the user when it was requested.\
<p>If a value is not given here, the value will be computed from the OAuth 2 Provider settings.
a706=Display name
a706.help=A client name that may be relevant to the resource owner when considering approval.
a706.help.txt=The name may be entered as a single string or as pipe separated strings for locale and localized name; \
e.g. "en|The ExampleCo Intranet". Locale strings are in the format <code>language + "_" + country + "_" + \
variant</code>, e.g. en, en_GB, en_US_WIN. \
If the locale is omitted, the name is displayed to all users having undefined locales. \
e.g. "The ExampleCo Intranet".
a707=Display description
a707.help=A description of the client or other information that may be relevant to the resource owner when considering \
approval.
a707.help.txt=The description may be entered as a single string or as pipe separated strings for locale and localized \
name; e.g. "en|The company intranet is requesting the following access permission". Locale strings are in the format \
<code>language + "_" + country + "_" + variant</code>, e.g. en, en_GB, en_US_WIN. \
If the locale is omitted, the description is displayed to all users having undefined locales. \
e.g. "The company intranet is requesting the following access permission".
a708=Default Scope(s)
a708.help=Default Scope(s). Scopes automatically given to tokens.
a708.help.txt=Default Scopes may be entered as simple strings or pipe separated strings representing the internal \
scope name, locale, and localized description; e.g. "read|en|Permission to view email messages in your account". \
Locale strings are in the format <code>language + "_" + country + "_" + variant</code>, e.g. en, en_GB, en_US_WIN. \
If the locale and pipe is omitted, the description is displayed to all users having undefined locales. \
e.g. "read|Permission to view email messages in your account". \
<i>NB</i> If the description is also omitted, nothing is displayed to all users, e.g. specifying "read|" would allow \
the scope "read" to be used by the client, but would not display it to the user when it was requested.
a709=Token Validation Type
a709.help=The type of token this client expects to receive.
a710=Bearer
a711=MAC
a712=SAML 2.0
a713=Automatically Approve Client
a713.help=Whether this client needs the resource owner to hit approve to allow the token access to a protected resource.
a714=Grant Types
a714.help=Grant types this client will support and use.
a715=Response Types
a715.help=Response types this client will support and use.
a716=Contacts
a716.help=Email addresses of users who can administrate this client.
a718=Logo URI
a718.help=The uri that contains the logo of this client.
a719=Token Endpoint Authentication Method
a719.help=The authentication method the token endpoint should use.
a720=Policy URI
a720.help=The URI that contains the policy this client uses.
a721=Terms of Service URI
a721.help=The uri that contains the terms of service this client uses.
a722=Json Web Key URI
a722.help=The uri that contains the client's public keys in Json Web Key format.
a723=Sector Identifier URI
a723.help=The Host component of this URL is used in the computation of pairwise Subject Identifiers.
a724=Subject Type
a724.help=The subject type added to responses for this client.
a725=Pairwise
a726=Public
a727=Request Object Signing Algorithm
a727.help=Algorithm the request objects for this client must be signed with.
a728=Userinfo Signed Response Algorithm
a728.help=Algorithm the response from the userinfo endpoint should be signed with.
a729=Userinfo Encrypted Response Algorithm
a729.help=Algorithm the response from the userinfo endpoint should be encrypted with.
a730=Userinfo Encrypted Response Encryption Algorithm
a730.help=Algorithm the response from the userinfo endpoint should be encrypted and signed with.
a731=ID Token Signed Response Algorithm
a731.help=Algorithm the ID Token for this client must be signed with.
a732=ID Token Encrypted Response Algorithm
a732.help=Algorithm the ID Token for this client must be encrypted with.
a733=ID Token Encrypted Response Encryption Algorithm
a733.help=Algorithm the ID Token for this client must be signed and encrypted with.
a735=Require Auth Time
a735.help=Toggle this to add or remove the auth time from the ID Token.
a736=Default ACR Values
a736.help=The default acr values the authorization server must use when processing requests from this client.
a737=Initiate Login URI
a737.help=URI to initiate login for this client.
a738=Post Logout Redirect URIs
a738.help=URIs that can be redirected to after the client logout process.
a739=Request URIs
a739.help=A json array of pre-registered uris for use by this client.
a740=client_secret_post
a741=client_secret_basic
a742=client_secret_jwt
a743=private_key_jwt
a744=Access Token
a744.help=The access token used to update the client.
a745=Client Session URI
a745.help=This is the URI that will be used to check messages sent to the session management endpoints. This URI must \
match the origin of the message
a746=Client Name
a746.help=This value is a readable name for this client.
a747=Client JWT Bearer Public Key
a747.help=A Base64 encoded X509 certificate, containing the public key, represented as a UTF-8 PEM file, of the key \
pair for signing the Client Bearer JWT.
a748=Default Max Age
a748.help=Minimum value 1. Sets the maximum length of time in seconds a session may be active after the \
authorization service has succeeded before the user must actively re-authenticate.
a749=Default Max Age Enabled
a749.help=Whether or not the default max age is enforced.
a750=Public key selector
a750.help=Select the public key for this client to come from either the jwks_uri, manual jwks or X509 field.
a751=JWKs_URI
a752=JWKs
a753=X509
a754=Authorization Code Lifetime (seconds)
a754.help=The time in seconds an authorization code is valid for. <i>NB</i> If this field is set to zero, \
Authorization Code Lifetime of the OAuth2 Provider is used instead of.
a755=Refresh Token Lifetime (seconds)
a755.help=The time in seconds a refresh token is valid for. <i>NB</i> If this field is set to zero, \
Refresh Token Lifetime of the OAuth2 Provider is used instead. If this field is set to -1, the token \
will never expire.
a756=Access Token Lifetime (seconds)
a756.help=The time in seconds an access token is valid for. <i>NB</i> If this field is set to zero, \
Access Token Lifetime of the OAuth2 Provider is used instead of.
a757=OpenID Connect JWT Token Lifetime (seconds)
a757.help=The time in seconds a JWT is valid for. <i>NB</i> If this field is set to zero, \
JWT Token Lifetime of the OAuth2 Provider is used instead of.
a7001=OAuth2 Client Settings
# UI properties
wss.header.general=General
wss.header.security=Security
wss.header.signencrypt=Signing and Encryption
wss.header.signing=Signing
wss.header.signing.SecurityToken=SecurityToken
wss.header.signing.Timestamp=Timestamp
wss.header.signing.ReplyTo=ReplyTo
wss.header.signing.Action=Action
wss.header.signing.MessageID=MessageID
wss.header.encryption=Encryption
wss.header.keystore=Key Store
wss.header.endpoints=End Points
wss.header.saml.configuration=SAML Configuration
wss.header.kerberos=Kerberos Configuration
label.Yes=Yes
web.services.profile.username-token-header=Credential for User Token
label.agentgroup=Group
keystore.usage=Key Store Usage
keystore.usage.default=Default
keystore.usage.custom=Custom
keystore.information=Location of Key Store (Mandatory if Use Default Keystore is not checked).
entity.attribute.label.uuid=Universal Identifier
wsp.encryption.is.request.decrypted=Is Request Decrypted
wsc.is.response.encrypted=Is Response Decrypted
sts.encryption.is.response.decrypted=Is Response Decrypted
soap.sts.agent.publish.service.poll.interval= Poll Interval
soap.sts.agent.publish.service.poll.interval.help=Interval, in seconds, to poll the sts publish service for \
newly-published SOAP STS instances.