amAuth.properties revision 1c55e8b0acc5255bb5a10d740e37476c4c7157cf
1494N/A# $Id: amAuth.properties,v 1.15 2009/11/25 11:57:22 manish_rustagi Exp $
1494N/Aa102.help.txt=Controls whether a user profile is required for authentication to be successful or if the profile \
1494N/Awill be dynamically created if none already exists. Choose ignore if you do not have a data store configured in the realm.
1494N/Aa104.help.txt=This is the authentication chain that will be used to authentication administrative users to this realm.
a105.help=List of roles of which dynamically created users will be a member.
a105.help.txt=Enter the DN for each role that will be assigned to a new user when their profile has been dynamically \
a108.help=Enables persistent cookie mode for the OpenAM authentication interface.
a108.help.txt=Enabling Persistent cookie mode means that an authentication OpenAM user will not need to re-authenticate \
a109.help=The lifetime (in seconds) of the persistent cookie.
a109.help.txt=Use this setting to control how long the persistent cookie should exist for a user.<br><ul><li>3600 seconds: \
1 hour<li>86400 seconds: 1 day<li>2592000 seconds: 30 days</ul><br/><i>NB </i> Persistent cookie mode must be enabled for this property \
a114.help=The secondary LDAP attribute retrieves the user profile if the primary LDAP attribute specified in 'User Naming Attribute' fails.
a114.help.txt=This list of LDAP attributes is used to extend the set of attributes searched by OpenAM to find the users profile.<br>\
For example: <ul><li>cn</li><li>mail</li><li>givenname</li></ul><br/>A user authenticates to OpenAM under the id of steve, OpenAM \
will first search using the naming attribute (uid by default) so uid=steve, if no match is found then cn=steve will be searched until \
a117.help=List of configured authentication modules
a117.help.txt=The list of configured authentication modules available to OpenAM. All modules must extend from the \
<code>com.sun.identity.authentication.spi.AMLoginModule</code> class.
a117.help.uri=#tbd
a118.help=The primary LDAP attribute retrieves the user's profile after successful authentication.
a121.help=Default Authentication Chain for users
a121.help.txt=This is the authentication chain that will be used to authenticate users to this realm.
a125.help=Enables account lockout functionality for users authenticating to this realm.
a125.help.txt=OpenAM can track the number of failed authentications by a user over time and if a pre-defined limit is \
breached, OpenAM can lockout the users account and perform additional functions.<br/><br/><i>NB </i>This functionality \
a126.help=The maximum number of failed authentications for a user before their account is locked.
a126.help.txt=This setting controls the maximum number of failed authentications a user can have during the lockout \
a127.help=The lockout interval time is in minutes.
a127.help.txt=OpenAM tracks the failed authentication count for a user over the lockout interval.<br/><br/>For example: If \
the lockout interval is 5 minutes and the lockout count is 5; the user will have to have failed to authenticate 5 times \
over the previous 5 minutes for the account to be locked. Failed authentications the occurred outside of the 5 minute \
a128.help=An email address or set of email addresses that receive notifications about account lockout events.
a128.help.txt=OpenAM can be configured to send a localisable email message to a set of email addresses when account lockout \
events occur. The contents of the email message is configured using the following properties in the \
<code>amAuth.properties</code> file.<br/><ul><li><code>lockOutEmailFrom</code> : The "From" address of the email message</li>\
a129.help=Warn the user when they reach this level of failed authentications.
a129.help.txt=The user will be given a warning when they reach this level of failed authentications during the lockout interval.<br/>\
The text of the lockout warning is configured using the <code>lockOutWarning</code> property in the <code>amAuth.properties</code> file.
a130.help=The duration of the users account lockout, in minutes.
a130.help.txt=OpenAM can either lockout the users account indefinitely (until administration action) by setting the duration to 0, \
(the default) or OpenAM can lock the users account for a given number of minutes. After the lockout interval, the user will be able \
a1301.help=Value multiplied to the Login Failure Lockout Duration for each successive lockout.
a1301.help.txt=This property is used to enable OpenAM to increase the account lockout duration for each successive account lockout. \
For example: If the lockout duration is set to 10 and the duration multiplier is set to 2; the duration of the first lockout will be \
a131.help=Name of custom lockout attribute
a131.help.txt=When OpenAM locks an account, the <code>inetuserstatus</code> attribute in the locked account is set to Inactive. \
a132.help=Value to set in custom lockout attribute
a132.help.txt=This is the value that will be set on the custom attribute in the users profile when they account is locked.
a1321.help=The name of the attribute used to store information about failed authentications.
a1321.help.txt=OpenAM can be configured to store information about invalid authentications in the users profile. This allows multiple \
instances of OpenAM in the same site to share information about a users invalid authentication attempts. By default the custom \
attribute; <code>sunAMAuthInvalidAttemptsData</code> defined in the <code>sunAMAuthAccountLockout</code> objectclass is used to \
store this data. Use this property to change the attribute used by OpenAM to store this information.<br/><br/>\
a133.help=Successful logins will be forwarded to this URL
a133.help.txt=This is the URL to which clients will be forwarded upon successful authentication. Enter a URL or URI relative to the \
local OpenAM. URL or URI can be prefixed with the ClientType|URL if client specific. URL without http(s) protocol will be appended to \
a134.help=Failed logins will be forwarded to this URL
a134.help.txt=This is the URL to which clients will be forwarded upon failed authentication. Enter a URL or URI relative to the local \
OpenAM. URL or URI can be prefixed with ClientType|URL if client specific. URL without http(s) protocol will be appended to the current \
a135.help=A list of post authentication processing classes for all users in this realm.
a135.help.txt=This is a list of Post Processing Classes that will be called by OpenAM for all users that authenticate to this realm. \
Refer to the documentation for the places where the list of post authentication classes can be set and their precedence. \
<br/><br/>For example: org.forgerock.auth.PostProcessClass<br/>\
<i>NB </i>OpenAM must be able to find these classes on the <code>CLASSPATH</code> and must implement the interface \
a135.help.uri=#tbd
a138.help=Enables this mode in the Membership auth module.
a138.help.txt=When this mode is enabled, if the Membership auth module detects that the supplied username already exists in the \
a139.help=The name of the default implementation of the user name generator class.
a139.help.txt=The name of the class used to return a list of usernames to the Membership auth module.<br/><br/>\
<i>NB </i>This class must implement the interface <code>com.sun.identity.authentication.spi.UserIDGenerator</code>
a140.help=Controls the size of the LDAP connection pool used for authentication
a140.help.txt=Control the size of the connection pool to the LDAP directory server used by any of the authentication modules \
that use LDAP directly such as \LDAP or Active Directory.Different OpenAM servers can be configured with different connection \
a141.help=The default connection pool size; format is: mininum:maximum
a143.help=List of classes to be called when status of the user account changes.
a143.help.txt=When the status of a users account changes, OpenAM can be configured to call into a custom class. \
The custom class can then be used to perform some action as required. The built in status change events are:<br/><br/>\
<ul><li>Account locked</li><li>Password changed</li></ul><br/>Custom code can also extend this mechanism.
a143.help.uri=#tbd
a144.help=Enables sharing of login failure attempts across AM Instances
a144.help.txt=When this setting is enabled OpenAM will store the users invalid authentication information in the data store \
a145.help=Allows a user to authenticate via module based authentication.
a145.help.txt=The feature allow users to override the realm configuration and use a named authentication module to authenticate.\
a146.help=OpenAM requires authentication client to authenticate itself before authenticating users.
a146.help.txt=When this setting is enabled, OpenAM will require the authentication client (such as a policy agent) to authentication \
itself to OpenAM before the client will be allow to use the remote authentication API to authenticate users.
a147.help=Mapping of user profile attribute name to session attribute name.
a147.help.txt=The setting causes OpenAM to read the named attributes from the users profile in the data store and store their values \
a148.help=Store Post Processing Classes for the duration of the session.
a148.help.txt=Enabling this setting will cause OpenAM to store instances of post processing classes into the users session. \
When the user logs out the original instances of the post processing classes will be called instead of new instances. \
a149.help=The authentication modules instances will be stored in the users session.
a149.help.txt=Enabling this setting will cause OpenAM to store the authentication module instances used by the user to authenticate \
in the users session. Normally after authentication the module instances would be cleared. This may be needed for special logout \
a150.help=List of Valid goto URL domains
a150.help.txt=By default OpenAM will redirect the user to the URL specified in the goto parameter supplied to the authentication interface. \
To enhance security a list of valid DNS domains can be specified. OpenAM will only redirect a user if the domain of the goto URL \
a151.help=Keystore Alias for signing and encrypting RESTful Authentication requests.
a151.help.txt=This is the alias for the private/public keys in the Keystore used in RESTful authentication requests.
a152.help=Allows a user to authenticate using GET request parameters without showing the login screen.
a152.help.txt=Enable this feature if the authentication mechanism uses a single authentication screen or the first authentication screen should always be invisible to users (since it is auto-submitted). Use caution when enabling this feature as it can be used to authenticate using regular GET parameters, which could be cached by browsers and logged in server and proxy access logs exposing the values of the GET parameters.
a153.help=The authentication level for persistent cookie authentications
a153.help.txt=The authentication level set here will be used when persistent cookie is used for authentication.
a500.help=The default authentication level for modules in this realm.
a500.help.txt=If the authentication module does not set it's own auth level then the module will have the default authentication level \
a104.link=Edit
a121.link=Edit
amAuth-debug.off=Off
amAuth-debug.log=Log Messages
multipleUserMatchFound=Multiple matches found for user search, please contact your system administrator to fix the problem
### errroTemplate = is the jsp/html page to be rendered
100=User Requires Profile to Login|login_denied.jsp
101=User Account Expired!!|account_expired.jsp
102=Authentication Error!!|auth_error_template.jsp
103=Invalid Password!!|login_failed_template.jsp
104=User not Active|user_inactive.jsp
105=No Configuration found|noConfig.jsp
106=Invalid Peristent Cookie|invalidPCookieUserid.jsp
107=Authentication Failed!!|login_failed_template.jsp
108=Domain is invalid|invalid_domain.jsp
109=Org is inactive|org_inactive.jsp
110=Session has timed out|session_timeout.jsp
111=Authentication Module Denied|module_denied.jsp
112=User Account Locked|user_inactive.jsp
113=User does not belong to Role|userDenied.jsp
115=Maximum Sessions Limit Reached.|maxSessions.jsp
117=The browser is not configured or supported for the HTTP authentication handshaking|login_failed_template.jsp
119=Invalid Auth Level.|invalidAuthlevel.jsp
123=Exceed Password Retry Limits in DS - Constraint Violation|user_inactive.jsp
authentication.show.advanced.attributes=All Core Settings...
authentication.module.instances=Module Instances
authentication.module.instances.help=The list of authentication modules available to this realm
authentication.module.instances.help.txt=OpenAM uses authentication modules to identify the user. Normally authentication modules \
are associated with an authentication chain. Each realm has a default authentication chain that will be used to authenticate users. \
This section is used to add, configure or remove authentication module available for authentication into this realm.
authentication.module.configurations=Authentication Chaining
authentication.module.configurations.help=The list of authentication chains available to this realm
authentication.module.configurations.help.txt=OpenAM uses authentication chains to control the authentication flow for the user. \
label.items=Items
authentication.module.instance.table.noentries=There are no instances available. Press the New button to create one.
authentication.configuration.table.noentries=There are no authentication chains defined. Press the New button to create one.
label.current.value=Current Values
label.new.value=New Value
org-chain-list.help=This table lists the authentication modules that make up this authentication chain.
org-chain-list.help.txt=The list of modules that will be presented to the user during authentication. The criteria controls the processing \