amAuth.properties revision 83b6876875220fb356bba2bd2315de3f8eefe81a
25cc5fbba63f84b47e389af749f55abbbde71c8cChristian Maeder# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
25cc5fbba63f84b47e389af749f55abbbde71c8cChristian Maeder# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder# The contents of this file are subject to the terms
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder# of the Common Development and Distribution License
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder# (the License). You may not use this file except in
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder# compliance with the License.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder# You can obtain a copy of the License at
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder# https://opensso.dev.java.net/public/CDDLv1.0.html or
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder# See the License for the specific language governing
d03ce8efc673309b40746bf5f66299cc3cefa3b0Klaus Luettich# permission and limitations under the License.
b7839add0728fef3cbb28244373661db382f6588Christian Maeder# When distributing Covered Code, include this CDDL
ce8b15da31cd181b7e90593cbbca98f47eda29d6Till Mossakowski# Header Notice in each file and include the License file
760ae19a92dde8249679a674f93f58d26a7c5f6bChristian Maeder# If applicable, add the following below the CDDL Header,
760ae19a92dde8249679a674f93f58d26a7c5f6bChristian Maeder# with the fields enclosed by brackets [] replaced by
88c800932dd7053322501ea2039d9f234be6866cKlaus Luettich# your own identifying information:
c0c2380bced8159ff0297ece14eba948bd236471Christian Maeder# "Portions Copyrighted [year] [name of copyright owner]"
c0c2380bced8159ff0297ece14eba948bd236471Christian Maeder# $Id: amAuth.properties,v 1.15 2009/11/25 11:57:22 manish_rustagi Exp $
8410667510a76409aca9bb24ff0eda0420088274Christian Maeder# Portions Copyrighted 2011 ForgeRock Inc
8410667510a76409aca9bb24ff0eda0420088274Christian Maeder# Portions Copyrighted 2012 Open Source Solution Technology Corporation
824125ad97b34671bd7ea72655967f46caeb0004Christian Maederauthentication=Authentication
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian MaedersessNotActive=Session was never activated
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian MaederrequestReceived=**** Authd request received ***
d67a33b40578beef2e255a274f89bb9c34aaf056Christian MaederAuthentication=Authentication
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian MaederMembership=Membership
5d44c8cecd07b47ce537c7e14bf7b41a39f08507Christian MaederSecurID=SecurID
c6fcd42c6d6d9dae8c7835c24fcb7ce8531a9050Christian MaederAnonymous=Anonymous
c6fcd42c6d6d9dae8c7835c24fcb7ce8531a9050Christian MaederHTTPBasic=HTTPBasic
31c49f2fa23d4ac089f35145d80a224deb6ea7e4Till MossakowskiWindowsDesktopSSO=WindowsDesktopSSO
7b2177999334c920c5669621bd3c142fe198a8d7Christian MaederAD=Active Directory
9e748851c150e1022fb952bab3315e869aaf0214Christian MaederDataStore=DataStore
9e748851c150e1022fb952bab3315e869aaf0214Christian MaederUserDomain=UserDomain
f4505a64a089693012a3f5c3b1f12a82cd7a2a5aKlaus LuettichloginSuccess=Login Success
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian MaederloginFailed=Login Failed
9e748851c150e1022fb952bab3315e869aaf0214Christian MaederinvalidPasswd=Invalid Password
9e748851c150e1022fb952bab3315e869aaf0214Christian MaedernoSuchAlgorithm=No such algorithm
9e748851c150e1022fb952bab3315e869aaf0214Christian MaedernoUserName=No user name
9e748851c150e1022fb952bab3315e869aaf0214Christian MaederinvalidKey=Invalid Key
9e748851c150e1022fb952bab3315e869aaf0214Christian Maederrestricted=Restricted userid session terminated
9e748851c150e1022fb952bab3315e869aaf0214Christian MaedernoMatchDomainURL=No match for domain url
9e748851c150e1022fb952bab3315e869aaf0214Christian MaederuserLoginDisabled=User login disabled
9e748851c150e1022fb952bab3315e869aaf0214Christian MaederadminAuthFailedUid=Admin Authorization Failed UserId:
9e748851c150e1022fb952bab3315e869aaf0214Christian MaederadminSessLogoutUid=Admin Session Logout UserId:
9e748851c150e1022fb952bab3315e869aaf0214Christian MaedersessLogoutUid=Session Logout UserId:
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedermodprop=Module Properties for the Auth is null.
9e748851c150e1022fb952bab3315e869aaf0214Christian Maederiplanet-am-auth-service-description=Core
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederCreate=Dynamic
c0c2380bced8159ff0297ece14eba948bd236471Christian MaederCreateWithAlias=Dynamic with User Alias
c0c2380bced8159ff0297ece14eba948bd236471Christian MaederRequired=Required
5d44c8cecd07b47ce537c7e14bf7b41a39f08507Christian MaederIgnore=Ignored
c0c2380bced8159ff0297ece14eba948bd236471Christian MaederServiceDoesNotExist=Service does not Exist
c0c2380bced8159ff0297ece14eba948bd236471Christian MaedergettingSessionFailed=AuthD failed to get auth session
c0c2380bced8159ff0297ece14eba948bd236471Christian MaederinvalidSessionID=Session ID is not valid
c0c2380bced8159ff0297ece14eba948bd236471Christian Maedera101=Organization Authentication Modules
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedera101.help=Authentication modules available to this organization.
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedera102=User Profile
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedera102.help=Controls the result of the user profile success post successful authentication.
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedera102.help.txt=Controls whether a user profile is required for authentication to be successful or if the profile \
9e748851c150e1022fb952bab3315e869aaf0214Christian Maederwill be dynamically created if none already exists. Choose ignore if you do not have a data store configured in the realm.
c0c2380bced8159ff0297ece14eba948bd236471Christian Maedera104=Administrator Authentication Configuration
549b97cfbe3a6687db74440a550b68b2fc19a272Christian Maedera104.help=Default Authentication Chain for administrators
549b97cfbe3a6687db74440a550b68b2fc19a272Christian Maedera104.help.txt=This is the authentication chain that will be used to authentication administrative users to this realm.
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maedera105=User Profile Dynamic Creation Default Roles
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maedera105.help=List of roles of which dynamically created users will be a member.
c0c2380bced8159ff0297ece14eba948bd236471Christian Maedera105.help.txt=Enter the DN for each role that will be assigned to a new user when their profile has been dynamically \
f4505a64a089693012a3f5c3b1f12a82cd7a2a5aKlaus Luettichcreated by OpenAM.<br/><br/><i>NB </i> Deprecated functionality in OpenAM.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera106=Authentication Chaining Modules
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera107=Authentication Chaining Enabled
f4505a64a089693012a3f5c3b1f12a82cd7a2a5aKlaus Luetticha108=Persistent Cookie Mode
f4505a64a089693012a3f5c3b1f12a82cd7a2a5aKlaus Luetticha108.help=Enables persistent cookie mode for the OpenAM authentication interface.
f4505a64a089693012a3f5c3b1f12a82cd7a2a5aKlaus Luetticha108.help.txt=Enabling Persistent cookie mode means that an authentication OpenAM user will not need to re-authenticate \
5d4038657f6a63e131f5804af2f7957b69e15a43Klaus Luettichto OpenAM after they close their browser and then return to OpenAM.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera109=Persistent Cookie Maximum Time
c0c2380bced8159ff0297ece14eba948bd236471Christian Maedera109.help=The lifetime (in seconds) of the persistent cookie.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera109.help.txt=Use this setting to control how long the persistent cookie should exist for a user.<br><ul><li>3600 seconds: \
77a65251ee036c6aaf09c2775315a4ee24259fbdJorina Freya Gerken1 hour<li>86400 seconds: 1 day<li>2592000 seconds: 30 days</ul><br/><i>NB </i> Persistent cookie mode must be enabled for this property \
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederto take effect.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera110=Non Interactive Modules
23ab8855c58adfbd03a0730584b917b24c603901Christian Maedera111=User's Default Redirect URL
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera112=User Based Authentication
97812b7ce9860bf514a8822a63503451795dbc65Klaus Luetticha113=People Container for All Users
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera114=Alias Search Attribute Name
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera114.help=The secondary LDAP attribute retrieves the user profile if the primary LDAP attribute specified in 'User Naming Attribute' fails.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera114.help.txt=This list of LDAP attributes is used to extend the set of attributes searched by OpenAM to find the users profile.<br>\
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederFor example: <ul><li>cn</li><li>mail</li><li>givenname</li><ul><br/>A user authenticates to OpenAM under the id of steve, OpenAM \
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maederwill first search using the naming attribute (uid by default) so uid=steve, if no match is found then cn=steve will be searched until \
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maedera match is found or the list is exhausted.<br>\
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder<br/><br/><i>NB </i> Only used when User Profile searching is enabled.
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maedera115=User Authentication Modules
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedera117=Pluggable Authentication Module Classes
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedera117.help=List of configured authentication modules
08e5741dd8b6bf9b7419e89298e384e18bc57f64Christian Maedera117.help.txt=The list of configured authentication modules available to OpenAM. All modules must extend from the \
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder<code>com.sun.identity.authentication.spi.AMLoginModule</code> class.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera118=User Naming Attribute
9df11f85fd7f8c4745d64464876e84ec4e263692Christian Maedera118.help=The primary LDAP attribute retrieves the user's profile after successful authentication.
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix Reckersa119=Pluggable Authentication Page Generator Class
9df11f85fd7f8c4745d64464876e84ec4e263692Christian Maedera120=Default Authentication Locale
5b818f10e11fc79def1fdd5c8a080d64a6438d87Christian Maedera121=Organization Authentication Configuration
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix Reckersa121.help=Default Authentication Chain for users
5d4038657f6a63e131f5804af2f7957b69e15a43Klaus Luetticha121.help.txt=This is the authentication chain that will be used to authenticate users to this realm.
5d4038657f6a63e131f5804af2f7957b69e15a43Klaus Luetticha125=Login Failure Lockout Mode
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maedera125.help=Enables account lockout functionality for users authenticating to this realm.
c432483b64662e8db604a58758cd18ea7fa65659Christian Maedera125.help.txt=OpenAM can track the number of failed authentications by a user over time and if a pre-defined limit is \
857992065be4ed40a72c6296b6c0aec62ab4c5b9Christian Maederbreached, OpenAM can lockout the users account and perform additional functions.<br/><br/><i>NB </i>This functionality \
857992065be4ed40a72c6296b6c0aec62ab4c5b9Christian Maederis in addition to any account lockout behaviour implemented by the LDAP Directory Server.
8659594bb40eb5f3da5439692f0908300947191eSonja Gröninga126=Login Failure Lockout Count
8c692d0cc44e7df93f58a3eed0d9774ba5908339Jorina Freya Gerkena126.help=The maximum number of failed authentications for a user before their account is locked.
eeb419aa20c97b4af973e97ee6ae77a8eed29e15Till Mossakowskia126.help.txt=This setting controls the maximum number of failed authentications a user can have during the lockout \
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix Reckersinterval before OpenAM locks the users account.
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedera127=Login Failure Lockout Interval
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedera127.help=The lockout interval time is in minutes.
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maedera127.help.txt=OpenAM tracks the failed authentication count for a user over the lockout interval.<br/><br/>For example: If \
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maederthe lockout interval is 5 minutes and the lockout count is 5; the user will have to have failed to authenticate 5 times \
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maederover the previous 5 minutes for the account to be locked. Failed authentications the occurred outside of the 5 minute \
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maederinterval are ignored.
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maedera128=Email Address to Send Lockout Notification
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maedera128.help=An email address or set of email addresses that receive notifications about account lockout events.
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maedera128.help.txt=OpenAM can be configured to send a localisable email message to a set of email addresses when account lockout \
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maederevents occur. The contents of the email message is configured using the following properties in the \
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maeder<code>amAuth.properties</code> file.<br/><ul><li><code>lockOutEmailFrom</code> : The "From" address of the email message</li>\
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maeder<li><code>lockOutEmailSub</code> : The subject of the email message</li>\
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maeder<li><code>lockOutEmailMsg</code> : The contents of the email message</li></ul><br/>\
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederThe identity for whom the account has been locked is included in the email message.<br/><br/>\
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederThe format of this property is:<br/>\
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maeder<code>emailaddress|locale|charset</code>. Multiple email addresses are space-separated.<br/>\
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederEmail addresses must include the domain name, such as <code>admin@example.com</code>.
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maedera129=Warn User After N Failures
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maedera129.help=Warn the user when they reach this level of failed authentications.
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix Reckersa129.help.txt=The user will be given a warning when they reach this level of failed authentications during the lockout interval.<br/>\
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederThe text of the lockout warning is configured using the <code>lockOutWarning</code> property in the <code>amAuth.properties</code> file.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera130=Login Failure Lockout Duration
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedera130.help=The duration of the users account lockout, in minutes.
a02a4eb2a2029d27a11fff2ebcc6c460574a74fcKlaus Luetticha130.help.txt=OpenAM can either lockout the users account indefinitely (until administration action) by setting the duration to 0, \
9e748851c150e1022fb952bab3315e869aaf0214Christian Maeder(the default) or OpenAM can lock the users account for a given number of minutes. After the lockout interval, the user will be able \
fdb2d618144159395f7bf8ce3327b3c112a17dd3Till Mossakowskito successfully authenticate to OpenAM.
fdb2d618144159395f7bf8ce3327b3c112a17dd3Till Mossakowskia1301=Lockout Duration Multiplier
b70b9c569e477c6a877c93d3ecc17c38c9e047dcChristian Maedera1301.help=Value multiplied to the Login Failure Lockout Duration for each successive lockout.
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedera1301.help.txt=This property is used to enable OpenAM to increase the account lockout duration for each successive account lockout. \
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederFor example: If the lockout duration is set to 10 and the duration multiplier is set to 2; the duration of the first lockout will be \
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maeder10 minutes and the duration of the second lockout will be 20 minutes.<br/><br/>\
a348b2eb46eb51f376c910d6dd4415fdab6713bdChristian MaederThe default value of 1 disables this function.
c0c2380bced8159ff0297ece14eba948bd236471Christian Maedera131=Lockout Attribute Name
7ea1b24778bb8f58c650f5ae659da720b9f9e109Klaus Luetticha131.help=Name of custom lockout attribute
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera131.help.txt=When OpenAM locks an account, the <code>inetuserstatus</code> attribute in the locked account is set to Inactive. \
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederIn addition, OpenAM can set the value of another attribute in the users profile.
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedera132=Lockout Attribute Value
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedera132.help=Value to set in custom lockout attribute
dbe752ee940baae7f9f231f29c62284bb0f90a25Christian Maedera132.help.txt=This is the value that will be set on the custom attribute in the users profile when they account is locked.
53818ced114da21321063fff307aa41c1ab31dd3Achim Mahnkea1321=Invalid Attempts Data Attribute Name
53818ced114da21321063fff307aa41c1ab31dd3Achim Mahnkea1321.help=The name of the attribute used to store information about failed authentications.
53818ced114da21321063fff307aa41c1ab31dd3Achim Mahnkea1321.help.txt=OpenAM can be configured to store information about invalid authentications in the users profile. This allows multiple \
53818ced114da21321063fff307aa41c1ab31dd3Achim Mahnkeinstances of OpenAM in the same site to share information about a users invalid authentication attempts. By default the custom \
53818ced114da21321063fff307aa41c1ab31dd3Achim Mahnkeattribute; <code>sunAMAuthInvalidAttemptsData</code> defined in the <code>sunAMAuthAccountLockout</code> objectclass is used to \
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederstore this data. Use this property to change the attribute used by OpenAM to store this information.<br/><br/>\
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder<i>NB </i>Any attribute specified must be a valid attribute in the data store.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera133=Default Success Login URL
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maedera133.help=Successful logins will be forwarded to this URL
23ab8855c58adfbd03a0730584b917b24c603901Christian Maedera133.help.txt=This is the URL to which clients will be forwarded upon successful authentication. Enter a URL or URI relative to the \
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maederlocal OpenAM. URL or URI can be prefixed with the ClientType|URL if client specific. URL without http(s) protocol will be appended to \
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maederthe current URI of OpenAM.
857992065be4ed40a72c6296b6c0aec62ab4c5b9Christian Maedera134=Default Failure Login URL
fdb2d618144159395f7bf8ce3327b3c112a17dd3Till Mossakowskia134.help=Failed logins will be forwarded to this URL
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera134.help.txt=This is the URL to which clients will be forwarded upon failed authentication. Enter a URL or URI relative to the local \
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian MaederOpenAM. URL or URI can be prefixed with ClientType|URL if client specific. URL without http(s) protocol will be appended to the current \
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix ReckersURI of OpenAM.
b49276c9f50038e0bd499ad49f7bd6444566a834Christian Maedera135=Authentication Post Processing Classes
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maedera135.help=A list of post authentication processing classes for all users in this realm.
ed9207cf24e96b0d6f59985822054ae28cb69b2eChristian Maedera135.help.txt=This is a list of Post Processing Classes that will be called by OpenAM for all users that authenticate to this realm. \
b49276c9f50038e0bd499ad49f7bd6444566a834Christian MaederRefer to the documentation for the places where the list of post authentication classes can be set and their precedence. \
9e748851c150e1022fb952bab3315e869aaf0214Christian Maeder<br/><br/>For example: org.forgerock.auth.PostProcessClass<br/>\
ac0bbbcb2774629bb87986e69cf53d3402c5f575Christian Maeder<i>NB </i>OpenAM must be able to find these classes on the <code>CLASSPATH</code> and must implement the interface \
33d042fe6a9eb27a4c48f840b80838f3e7d98e34Christian Maeder<code>com.sun.identity.authentication.spi.AMPostAuthProcessInterface</code>.
fa21fba9ceb1ddf7b3efd54731a12ed8750191d8Christian Maedera138=Generate UserID Mode
fa21fba9ceb1ddf7b3efd54731a12ed8750191d8Christian Maedera138.help=Enables this mode in the Membership auth module.
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedera138.help.txt=When this mode is enabled, if the Membership auth module detects that the supplied username already exists in the \
05a8b581f98b928baca6dab60cd20277659ac760Christian Maederdata store then a list of valid usernames can be shown to the user, if requested by said user.
ed9207cf24e96b0d6f59985822054ae28cb69b2eChristian Maedera139=Pluggable User Name Generator Class
fa21fba9ceb1ddf7b3efd54731a12ed8750191d8Christian Maedera139.help=The name of the default implementation of the user name generator class.
b49276c9f50038e0bd499ad49f7bd6444566a834Christian Maedera139.help.txt=The name of the class used to return a list of usernames to the Membership auth module.<br/><br/>\
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder<i>NB </i>This class must implement the interface <code>com.sun.identity.authentication.spi.UserIDGenerator</code>
b49276c9f50038e0bd499ad49f7bd6444566a834Christian Maedera140=LDAP Connection Pool Size
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera140.help=Controls the size of the LDAP connection pool used for authentication
b905126bab9454b89041f92b3c50bb9efc85e427Klaus Luetticha140.help.txt=Control the size of the connection pool to the LDAP directory server used by any of the authentication modules \
9e748851c150e1022fb952bab3315e869aaf0214Christian Maederthat use LDAP directly such as \LDAP or Active Directory.Different OpenAM servers can be configured with different connection \
9e748851c150e1022fb952bab3315e869aaf0214Christian Maederpool settings.<br/><br/>Format: host:port:minimum:maximum
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedera141=Default LDAP Connection Pool Size
b905126bab9454b89041f92b3c50bb9efc85e427Klaus Luetticha141.help=The default connection pool size; format is: mininum:maximum
08e5741dd8b6bf9b7419e89298e384e18bc57f64Christian Maedera142=Identity Types
08e5741dd8b6bf9b7419e89298e384e18bc57f64Christian Maedera143=Pluggable User Status Event Classes
53818ced114da21321063fff307aa41c1ab31dd3Achim Mahnkea143.help=List of classes to be called when status of the user account changes.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera143.help.txt=When the status of a users account changes, OpenAM can be configured to call into a custom class. \
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian MaederThe custom class can then be used to perform some action as required. The built in status change events are:<br/><br/>\
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder<ul><li>Account locked</li><li>Password changed</li></ul><br/>Custom code can also extend this mechanism.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera144=Store Invalid Attempts in Data Store
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera144.help=Enables sharing of login failure attempts across AM Instances
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera144.help.txt=When this setting is enabled OpenAM will store the users invalid authentication information in the data store \
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederunder the attribute configured in the <i>Invalid Attempts Data Attribute Name</i> property.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera145=Module Based Authentication
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera145.help=Allows a user to authenticate via module based authentication.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera145.help.txt=The feature allow users to override the realm configuration and use a named authentication module to authenticate.\
b905126bab9454b89041f92b3c50bb9efc85e427Klaus Luettich<br/><br/><i>NB </i>Recommended to turn this feature off in production environments.
b905126bab9454b89041f92b3c50bb9efc85e427Klaus Luetticha146=Remote Auth Security
b905126bab9454b89041f92b3c50bb9efc85e427Klaus Luetticha146.help=OpenAM requires authentication client to authenticate itself before authenticating users.
b905126bab9454b89041f92b3c50bb9efc85e427Klaus Luetticha146.help.txt=When this setting is enabled, OpenAM will require the authentication client (such as a policy agent) to authentication \
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederitself to OpenAM before the client will be allow to use the remote authentication API to authenticate users.
33d042fe6a9eb27a4c48f840b80838f3e7d98e34Christian Maedera147=User Attribute Mapping to Session Attribute
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maedera147.help=Mapping of user profile attribute name to session attribute name.
dbe752ee940baae7f9f231f29c62284bb0f90a25Christian Maedera147.help.txt=The setting causes OpenAM to read the named attributes from the users profile in the data store and store their values \
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederin the users session.<br/></br>Format: User Profile Attribute|Session Attribute name.
dbe752ee940baae7f9f231f29c62284bb0f90a25Christian Maedera148=Keep Post Process Objects for Logout Processing
dbe752ee940baae7f9f231f29c62284bb0f90a25Christian Maedera148.help=Store Post Processing Classes for the duration of the session.
ef67402074be14deb95e4ff564737d5593144130Klaus Luetticha148.help.txt=Enabling this setting will cause OpenAM to store instances of post processing classes into the users session. \
ef67402074be14deb95e4ff564737d5593144130Klaus LuettichWhen the user logs out the original instances of the post processing classes will be called instead of new instances. \
dbe752ee940baae7f9f231f29c62284bb0f90a25Christian MaederThis may be needed for special logout processing.<br/><br/>\
ef67402074be14deb95e4ff564737d5593144130Klaus Luettich<i>NB </i>Enabling this setting will increase the memory usage of OpenAM.
5958fabb264ec3f5b2125ac5602121bd34814a79Klaus Luetticha149=Keep Authentication Module Objects for Logout Processing.
5958fabb264ec3f5b2125ac5602121bd34814a79Klaus Luetticha149.help=The authentication modules instances will be stored in the users session.
e7e1ab2ac3f1fded8611bb92ae00e8f3b8c693fbKlaus Luetticha149.help.txt=Enabling this setting will cause OpenAM to store the authentication module instances used by the user to authenticate \
ef67402074be14deb95e4ff564737d5593144130Klaus Luettichin the users session. Normally after authentication the module instances would be cleared. This may be needed for special logout \
1323eba62fc519b068f5aaec4f9d2be05ffabea9Klaus Luettichprocessing.<br/><br/>\
a80c28bb8b7a23ccdf7e08d0fe216fc19cc97273Klaus Luettich<i>NB </i>Enabling this setting will increase the memory usage of OpenAM.
d784803f9c752667b4fcf7393d698002bedf3f89Klaus Luetticha150=Valid goto URL domains
1323eba62fc519b068f5aaec4f9d2be05ffabea9Klaus Luetticha150.help=List of Valid goto URL domains
1323eba62fc519b068f5aaec4f9d2be05ffabea9Klaus Luetticha150.help.txt=By default OpenAM will redirect the user to the URL specified in the goto parameter supplied to the authentication interface. \
725a68ec81cba9b8aa8647bebfb5baa449803e7eKlaus LuettichTo enhance security a list of valid DNS domains can be specified. OpenAM will only redirect a user if the domain of the goto URL \
d579f5b263e6c73d466c265f2fbfd45b0e69ca64Klaus Luettichis present in this list.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder#Always the Authentication Level attribute should be the last item in the
ac0bbbcb2774629bb87986e69cf53d3402c5f575Christian Maeder#display section of the profile page. Make sure the key is always a large
ac0bbbcb2774629bb87986e69cf53d3402c5f575Christian Maeder#number. Now it is a500. This is to avoid reshuffling the keys if new
ac0bbbcb2774629bb87986e69cf53d3402c5f575Christian Maeder#attributes are added.
ac0bbbcb2774629bb87986e69cf53d3402c5f575Christian Maedera500=Default Authentication Level
404166b9366552e9ec5abb87a37c76ec8a815fb7Klaus Luetticha500.help=The default authentication level for modules in this realm.
404166b9366552e9ec5abb87a37c76ec8a815fb7Klaus Luetticha500.help.txt=If the authentication module does not set it's own auth level then the module will have the default authentication level \
4e7050bcbcf0f372a5bad32ecd0282bccabf0983Klaus Luettichfor the realm.
9e748851c150e1022fb952bab3315e869aaf0214Christian Maedererror=General Error
ac0bbbcb2774629bb87986e69cf53d3402c5f575Christian MaederchangePasswdSucceeded=Changing user password succeeded
340706b6c0c6e3dbacdd7003e20e9cab7f9aa765Christian MaederinitWorkerFailed=Failed to instantiate login worker class
fdb2d618144159395f7bf8ce3327b3c112a17dd3Till MossakowskigetOrgFailed=Failed to get organization attributes
ac0bbbcb2774629bb87986e69cf53d3402c5f575Christian MaedergetUserFailed=Failed to get user attributes :
ac0bbbcb2774629bb87986e69cf53d3402c5f575Christian MaederwrongCall=Method must be called in process(): {0}
9e748851c150e1022fb952bab3315e869aaf0214Christian MaederinvalidDN=Invalid DN string: {0}
9c3edf2b283c09d33b2820696886d1ed32fcadc8Christian MaedernullLoginState=Null LoginState obtained
ac0bbbcb2774629bb87986e69cf53d3402c5f575Christian MaedernullSess=Failed to get auth SSO session
9c3edf2b283c09d33b2820696886d1ed32fcadc8Christian MaedernoAuthenticator=No authenticators configured
9c3edf2b283c09d33b2820696886d1ed32fcadc8Christian MaedermultipleUserMatchFound=Multiple matches found for user search, please contact your system administrator to fix the problem
9c3edf2b283c09d33b2820696886d1ed32fcadc8Christian MaederloginContextCreateFailed=Error creating LoginContext :
9c3edf2b283c09d33b2820696886d1ed32fcadc8Christian MaederfailedLogout=Error logging out :
33d042fe6a9eb27a4c48f840b80838f3e7d98e34Christian MaederauthContextCreateFailed=Error creating AuthContext :
94d3aa05411444596b44ede4531f05dd7ac20fdfChristian MaederauthContextRetrieveFailed=Error retrieving AuthContext :
dc929508a3bd3c666e9b0182d56898fcafb5d66fChristian MaederuserTokenNull=Token is null
dc929508a3bd3c666e9b0182d56898fcafb5d66fChristian MaedernullLoginParams=Login Parameters are null
94d3aa05411444596b44ede4531f05dd7ac20fdfChristian MaedernoRedirectTemplate=Redirect error
ac0bbbcb2774629bb87986e69cf53d3402c5f575Christian MaedererrorConstructingURL=Error constructing URL
8410667510a76409aca9bb24ff0eda0420088274Christian MaederredirectError=Error redirecting to URL
ddc9315cc0b1f5dd3d8f99a77f1c75064db33b48Christian MaedernullHandler=Null Callback Handler
ddc9315cc0b1f5dd3d8f99a77f1c75064db33b48Christian MaederinvalidState=Invalid module state: {0}
5d522dff4d0fabf57dd476d4c3de15d354a89f62Christian MaedernoCallbackState=No callbacks defined for module state: {0}
5d522dff4d0fabf57dd476d4c3de15d354a89f62Christian MaederinvalidCode=Invalid return code: {0}
5d522dff4d0fabf57dd476d4c3de15d354a89f62Christian MaedergetModulePropertiesError=Could not get module properties
8410667510a76409aca9bb24ff0eda0420088274Christian MaederinvalidCallbackIndex=Invalid replace callback index: {0}
8410667510a76409aca9bb24ff0eda0420088274Christian MaedernullCallback=Null replace callback instance
8410667510a76409aca9bb24ff0eda0420088274Christian MaedernoConfig=Error retrieving Configuration
ac43fa22d2d3f91a17674ac164cba3cf39a17795Klaus LuettichnoUserProfile=User Profile does not exist
ac43fa22d2d3f91a17674ac164cba3cf39a17795Klaus LuettichuserInactive=User is not Active
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix ReckersuserNotFoundInAlias=User does not exist
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaedernoUserTokens=No User Tokens
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix ReckersuserRoleNotFound=User does not belong to this Role.
42aacf1f63419cbab63a88725e6a0b2c8776f101Christian MaedernoModulesConfigured=No Authentication Modules found.
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix ReckersloginDenied=User denied Login
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederauthServiceError=Authentication Service Error
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaedercallbackError=Error creating callback
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederpCookieError=Unable to create persistent cookie
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederabortFailed=Error aborting login process
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaedermodulePrompt=Authentication Menu
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaedernoSid=No Session ID found {0}
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederunknownCallback=Unsupported callback instance
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaedererrorState=Enter module error state :
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederloginReset=Resetting from AMLoginContext:exceuteLogin() :
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaedersessionActivationFailed=Session Activation Failed
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederorgNotMatching=Organization Mismatch
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederlockOutEmailSub=WARNING: user lock out notice
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederlockOutEmailMsg=The account for {0} has been deactivated due to successive login failures
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maederinvalidtoken=SSOToken is not valid
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maederinvalidcontext=AuthContext is not valid
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaedernoInternalSession=No Old Session can be found as part of session upgrade
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maeder# This is used to form the "From" part of the e-mail that is sent out during the
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix Reckers# lockout. The '-' is intentional as without it the InternetAddress class throws
c0c2380bced8159ff0297ece14eba948bd236471Christian Maeder# an exception
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix ReckerslockOutEmailFrom=OpenAM
9e748851c150e1022fb952bab3315e869aaf0214Christian MaederlockOutWarning=Warning: Account lockout will occur after next {0} password failure(s).
9e748851c150e1022fb952bab3315e869aaf0214Christian MaederlockOut=User Locked Out.
9e748851c150e1022fb952bab3315e869aaf0214Christian MaederaccountExpired=User Account Expired!!
9e748851c150e1022fb952bab3315e869aaf0214Christian MaederloginTimeout=Login Timed Out.
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix ReckersmoduleDenied=Authentication Module Denied.
ba0ec5e897ef99d420c8c14c2374e0f32b7043dbKlaus LuettichinvalidDomain=Invalid Domain
61fa0ac06ede811c7aad54ec4c4202346727368eChristian MaederaccountLockedOut=Account Locked Out.
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix ReckerslockoutMessage=Lockout Message Emailed to :
4d5652abf9ed9c5714723ff7fdb80a54f7350fb2Christian MaederincorrectAuthLevel=Invalid Auth Level.
4d5652abf9ed9c5714723ff7fdb80a54f7350fb2Christian MaederinvalidChars=Invalid Characters detected in UserName
4d5652abf9ed9c5714723ff7fdb80a54f7350fb2Christian Maeder### Error codes
4d5652abf9ed9c5714723ff7fdb80a54f7350fb2Christian Maeder### format errorCode=errorMessage | errorTemplate
4d5652abf9ed9c5714723ff7fdb80a54f7350fb2Christian Maeder### seperator "|" to differentiate between errorMessage and errorTemplate
4d5652abf9ed9c5714723ff7fdb80a54f7350fb2Christian Maeder### errorMessage = is the error message describing the error
4d5652abf9ed9c5714723ff7fdb80a54f7350fb2Christian Maeder### errroTemplate = is the jsp/html page to be rendered
4d5652abf9ed9c5714723ff7fdb80a54f7350fb2Christian Maeder100=User Requires Profile to Login|login_denied.jsp
4d5652abf9ed9c5714723ff7fdb80a54f7350fb2Christian Maeder101=User Account Expired!!|account_expired.jsp
4d5652abf9ed9c5714723ff7fdb80a54f7350fb2Christian Maeder102=Authentication Error!!|auth_error_template.jsp
4d5652abf9ed9c5714723ff7fdb80a54f7350fb2Christian Maeder103=Invalid Password!!|login_failed_template.jsp
4d5652abf9ed9c5714723ff7fdb80a54f7350fb2Christian Maeder104=User not Active|user_inactive.jsp
7b2177999334c920c5669621bd3c142fe198a8d7Christian Maeder105=No Configuration found|noConfig.jsp
4d5652abf9ed9c5714723ff7fdb80a54f7350fb2Christian Maeder106=Invalid Peristent Cookie|invalidPCookieUserid.jsp
4d5652abf9ed9c5714723ff7fdb80a54f7350fb2Christian Maeder107=Authentication Failed!!|login_failed_template.jsp
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder108=Domain is invalid|invalid_domain.jsp
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder109=Org is inactive|org_inactive.jsp
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder110=Session has timed out|session_timeout.jsp
a80c28bb8b7a23ccdf7e08d0fe216fc19cc97273Klaus Luettich111=Authentication Module Denied|module_denied.jsp
a80c28bb8b7a23ccdf7e08d0fe216fc19cc97273Klaus Luettich112=User Account Locked|user_inactive.jsp
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder113=User does not belong to Role|userDenied.jsp
a80c28bb8b7a23ccdf7e08d0fe216fc19cc97273Klaus Luettich114=Authentication Type Denied
26f228bf3a3fea810223396e5794c217a79a8d5bChristian Maeder115=Maximum Sessions Limit Reached.|maxSessions.jsp
6e049108aa87dc46bcff96fae50a4625df1d9648Klaus Luettich116=User profile cannot be created
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder117=The browser is not configured or supported for the HTTP authentication handshaking|login_failed_template.jsp
b9625461755578f3eed04676d42a63fd2caebd0cChristian Maeder118=Can not create new session.
b9625461755578f3eed04676d42a63fd2caebd0cChristian Maeder119=Invalid Auth Level.|invalidAuthlevel.jsp
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder120=Module Based Authentication is not allowed.
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix Reckers121=Too Many Authentication Attempts!!
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder122=Invalid App SSO Token in Remote Authentication
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder123=Exceed Password Retry Limits in DS - Constraint Violation|user_inactive.jsp
d67a33b40578beef2e255a274f89bb9c34aaf056Christian Maeder124=Session Upgrade fails since user is different than original authenticated user
d67a33b40578beef2e255a274f89bb9c34aaf056Christian Maeder################################################################################
26f228bf3a3fea810223396e5794c217a79a8d5bChristian Maeder# Console View Properties
26f228bf3a3fea810223396e5794c217a79a8d5bChristian Maeder################################################################################
ba904a15082557e939db689fcfba0c68c9a4f740Christian Maederauthentication.show.advanced.attributes=All Core Settings...
ba904a15082557e939db689fcfba0c68c9a4f740Christian Maederauthentication.module.instances=Module Instances
6ae5607d2def114f998fd49bac4eef12a2620fafChristian Maederauthentication.module.instances.help=The list of authentication modules available to this realm
6ae5607d2def114f998fd49bac4eef12a2620fafChristian Maederauthentication.module.instances.help.txt=OpenAM uses authentication modules to identify the user. Normally authentication modules \
6ae5607d2def114f998fd49bac4eef12a2620fafChristian Maederare associated with an authentication chain. Each realm has a default authentication chain that will be used to authenticate users. \
08e5741dd8b6bf9b7419e89298e384e18bc57f64Christian MaederThis section is used to add, configure or remove authentication module available for authentication into this realm.
08e5741dd8b6bf9b7419e89298e384e18bc57f64Christian Maederauthentication.module.instances.help.uri=#tbd
08e5741dd8b6bf9b7419e89298e384e18bc57f64Christian Maederauthentication.module.configurations=Authentication Chaining
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederauthentication.module.configurations.help=The list of authentication chains available to this realm
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederauthentication.module.configurations.help.txt=OpenAM uses authentication chains to control the authentication flow for the user. \
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian MaederUse this section to add, configure or remove this realms set of authentication chains.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederauthentication.module.configurations.help.uri=#tbd
26f228bf3a3fea810223396e5794c217a79a8d5bChristian Maederauthentication.module.instances.action.label=Edit
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederauthentication.module.configurations.action.label=Edit
08e5741dd8b6bf9b7419e89298e384e18bc57f64Christian Maederauthentication.instance.table.name.column=Name
75cda7e5b890d050d560d970af244a183f28328fKlaus Luettichauthentication.instance.table.type.column=Type
b9625461755578f3eed04676d42a63fd2caebd0cChristian Maederauthentication.instance.table.action.column=Action
b9625461755578f3eed04676d42a63fd2caebd0cChristian Maederauthentication.instance.table.create.button=New
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederauthentication.instance.table.delete.button=Delete
08e5741dd8b6bf9b7419e89298e384e18bc57f64Christian Maederauthentication.module.instance.table.noentries=There are no instances available. Press the New button to create one.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederauthentication.configuration.table.name.column=Name
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederauthentication.configuration.table.type.column=Type
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix Reckersauthentication.configuration.table.action.column=Action
b70b9c569e477c6a877c93d3ecc17c38c9e047dcChristian Maederauthentication.configuration.table.create.button=New
340706b6c0c6e3dbacdd7003e20e9cab7f9aa765Christian Maederauthentication.configuration.table.delete.button=Delete
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederauthentication.configuration.table.noentries=There are no authentication chains defined. Press the New button to create one.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder[Empty]=[empty]
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederi18nTrue=Enabled
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederi18nFalse=Disabled
470ca7a2797069ae4b27c34c1b71419f67be1f84Christian Maederorg-chain-list.help=This table lists the authentication modules that make up this authentication chain.
470ca7a2797069ae4b27c34c1b71419f67be1f84Christian Maederorg-chain-list.help.txt=The list of modules that will be presented to the user during authentication. The criteria controls the processing \
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederof the chain. Each module has a set of options that be set to control how the module operates.