amAuth.properties revision ef96f871a85b0c8c44e1c22b603b8dfa47647437
#
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
#
# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
#
# The contents of this file are subject to the terms
# of the Common Development and Distribution License
# (the License). You may not use this file except in
# compliance with the License.
#
# You can obtain a copy of the License at
# https://opensso.dev.java.net/public/CDDLv1.0.html or
# opensso/legal/CDDLv1.0.txt
# See the License for the specific language governing
# permission and limitations under the License.
#
# When distributing Covered Code, include this CDDL
# Header Notice in each file and include the License file
# at opensso/legal/CDDLv1.0.txt.
# If applicable, add the following below the CDDL Header,
# with the fields enclosed by brackets [] replaced by
# your own identifying information:
# "Portions Copyrighted [year] [name of copyright owner]"
#
# $Id: amAuth.properties,v 1.15 2009/11/25 11:57:22 manish_rustagi Exp $
#
# Portions Copyrighted 2011 ForgeRock Inc
# Portions Copyrighted 2012 Open Source Solution Technology Corporation
onlinehelp.doc=coreauth.html
authentication=Authentication
sessNotActive=Session was never activated
requestReceived=**** Authd request received ***
Authentication=Authentication
Cert=Cert
Radius=RADIUS
RADIUS=RADIUS
LDAP=LDAP
Membership=Membership
NT=NT
SecurID=SecurID
Anonymous=Anonymous
HTTPBasic=HTTPBasic
WindowsDesktopSSO=WindowsDesktopSSO
JDBC=JDBC
AD=Active Directory
MSISDN=MSISDN
DataStore=DataStore
UserId=UserId
UserDomain=UserDomain
loginSuccess=Login Success
loginFailed=Login Failed
invalidPasswd=Invalid Password
noSuchAlgorithm=No such algorithm
noUserName=No user name
invalidKey=Invalid Key
restricted=Restricted userid session terminated
noMatchDomainURL=No match for domain url
userLoginDisabled=User login disabled
adminAuthFailedUid=Admin Authorization Failed UserId:
adminSessLogoutUid=Admin Session Logout UserId:
sessLogoutUid=Session Logout UserId:
submit=Submit
modprop=Module Properties for the Auth is null.
iplanet-am-auth-service-description=Core
Create=Dynamic
CreateWithAlias=Dynamic with User Alias
Required=Required
Ignore=Ignored
ServiceDoesNotExist=Service does not Exist
gettingSessionFailed=AuthD failed to get auth session
invalidSessionID=Session ID is not valid
a101=Organization Authentication Modules
a101.help=Authentication modules available to this organization.
a102=User Profile
a102.help=Controls the result of the user profile success post successful authentication.
a102.help.txt=Controls whether a user profile is required for authentication to be successful or if the profile \
will be dynamically created if none already exists. Choose ignore if you do not have a data store configured in the realm.
a104=Administrator Authentication Configuration
a104.help=Default Authentication Chain for administrators
a104.help.txt=This is the authentication chain that will be used to authentication administrative users to this realm.
a105=User Profile Dynamic Creation Default Roles
a105.help=List of roles of which dynamically created users will be a member.
a105.help.txt=Enter the DN for each role that will be assigned to a new user when their profile has been dynamically \
created by OpenAM.<br/><br/><i>NB </i> Deprecated functionality in OpenAM.
a106=Authentication Chaining Modules
a107=Authentication Chaining Enabled
a108=Persistent Cookie Mode
a108.help=Enables persistent cookie mode for the OpenAM authentication interface.
a108.help.txt=Enabling Persistent cookie mode means that an authentication OpenAM user will not need to re-authenticate \
to OpenAM after they close their browser and then return to OpenAM.
a109=Persistent Cookie Maximum Time
a109.help=The lifetime (in seconds) of the persistent cookie.
a109.help.txt=Use this setting to control how long the persistent cookie should exist for a user.<br><ul><li>3600 seconds: \
1 hour<li>86400 seconds: 1 day<li>2592000 seconds: 30 days</ul><br/><i>NB </i> Persistent cookie mode must be enabled for this property \
to take effect.
a110=Non Interactive Modules
a111=User's Default Redirect URL
a112=User Based Authentication
a113=People Container for All Users
a114=Alias Search Attribute Name
a114.help=The secondary LDAP attribute retrieves the user profile if the primary LDAP attribute specified in 'User Naming Attribute' fails.
a114.help.txt=This list of LDAP attributes is used to extend the set of attributes searched by OpenAM to find the users profile.<br>\
For example: <ul><li>cn</li><li>mail</li><li>givenname</li></ul><br/>A user authenticates to OpenAM under the id of steve, OpenAM \
will first search using the naming attribute (uid by default) so uid=steve, if no match is found then cn=steve will be searched until \
a match is found or the list is exhausted.<br>\
<br/><br/><i>NB </i> Only used when User Profile searching is enabled.
a115=User Authentication Modules
a117=Pluggable Authentication Module Classes
a117.help=List of configured authentication modules
a117.help.txt=The list of configured authentication modules available to OpenAM. All modules must extend from the \
<code>com.sun.identity.authentication.spi.AMLoginModule</code> class.
a117.help.uri=#tbd
a118=User Naming Attribute
a118.help=The primary LDAP attribute retrieves the user's profile after successful authentication.
a119=Pluggable Authentication Page Generator Class
a120=Default Authentication Locale
a121=Organization Authentication Configuration
a121.help=Default Authentication Chain for users
a121.help.txt=This is the authentication chain that will be used to authenticate users to this realm.
a125=Login Failure Lockout Mode
a125.help=Enables account lockout functionality for users authenticating to this realm.
a125.help.txt=OpenAM can track the number of failed authentications by a user over time and if a pre-defined limit is \
breached, OpenAM can lockout the users account and perform additional functions.<br/><br/><i>NB </i>This functionality \
is in addition to any account lockout behaviour implemented by the LDAP Directory Server.
a126=Login Failure Lockout Count
a126.help=The maximum number of failed authentications for a user before their account is locked.
a126.help.txt=This setting controls the maximum number of failed authentications a user can have during the lockout \
interval before OpenAM locks the users account.
a127=Login Failure Lockout Interval
a127.help=The lockout interval time is in minutes.
a127.help.txt=OpenAM tracks the failed authentication count for a user over the lockout interval.<br/><br/>For example: If \
the lockout interval is 5 minutes and the lockout count is 5; the user will have to have failed to authenticate 5 times \
over the previous 5 minutes for the account to be locked. Failed authentications the occurred outside of the 5 minute \
interval are ignored.
a128=Email Address to Send Lockout Notification
a128.help=An email address or set of email addresses that receive notifications about account lockout events.
a128.help.txt=OpenAM can be configured to send a localisable email message to a set of email addresses when account lockout \
events occur. The contents of the email message is configured using the following properties in the \
<code>amAuth.properties</code> file.<br/><ul><li><code>lockOutEmailFrom</code> : The "From" address of the email message</li>\
<li><code>lockOutEmailSub</code> : The subject of the email message</li>\
<li><code>lockOutEmailMsg</code> : The contents of the email message</li></ul><br/>\
The identity for whom the account has been locked is included in the email message.<br/><br/>\
The format of this property is:<br/>\
<code>emailaddress|locale|charset</code>. Multiple email addresses are space-separated.<br/>\
Email addresses must include the domain name, such as <code>admin@example.com</code>.
a129=Warn User After N Failures
a129.help=Warn the user when they reach this level of failed authentications.
a129.help.txt=The user will be given a warning when they reach this level of failed authentications during the lockout interval.<br/>\
The text of the lockout warning is configured using the <code>lockOutWarning</code> property in the <code>amAuth.properties</code> file.
a130=Login Failure Lockout Duration
a130.help=The duration of the users account lockout, in minutes.
a130.help.txt=OpenAM can either lockout the users account indefinitely (until administration action) by setting the duration to 0, \
(the default) or OpenAM can lock the users account for a given number of minutes. After the lockout interval, the user will be able \
to successfully authenticate to OpenAM.
a1301=Lockout Duration Multiplier
a1301.help=Value multiplied to the Login Failure Lockout Duration for each successive lockout.
a1301.help.txt=This property is used to enable OpenAM to increase the account lockout duration for each successive account lockout. \
For example: If the lockout duration is set to 10 and the duration multiplier is set to 2; the duration of the first lockout will be \
10 minutes and the duration of the second lockout will be 20 minutes.<br/><br/>\
The default value of 1 disables this function.
a131=Lockout Attribute Name
a131.help=Name of custom lockout attribute
a131.help.txt=When OpenAM locks an account, the <code>inetuserstatus</code> attribute in the locked account is set to Inactive. \
In addition, OpenAM can set the value of another attribute in the users profile.
a132=Lockout Attribute Value
a132.help=Value to set in custom lockout attribute
a132.help.txt=This is the value that will be set on the custom attribute in the users profile when they account is locked.
a1321=Invalid Attempts Data Attribute Name
a1321.help=The name of the attribute used to store information about failed authentications.
a1321.help.txt=OpenAM can be configured to store information about invalid authentications in the users profile. This allows multiple \
instances of OpenAM in the same site to share information about a users invalid authentication attempts. By default the custom \
attribute; <code>sunAMAuthInvalidAttemptsData</code> defined in the <code>sunAMAuthAccountLockout</code> objectclass is used to \
store this data. Use this property to change the attribute used by OpenAM to store this information.<br/><br/>\
<i>NB </i>Any attribute specified must be a valid attribute in the data store.
a133=Default Success Login URL
a133.help=Successful logins will be forwarded to this URL
a133.help.txt=This is the URL to which clients will be forwarded upon successful authentication. Enter a URL or URI relative to the \
local OpenAM. URL or URI can be prefixed with the ClientType|URL if client specific. URL without http(s) protocol will be appended to \
the current URI of OpenAM.
a134=Default Failure Login URL
a134.help=Failed logins will be forwarded to this URL
a134.help.txt=This is the URL to which clients will be forwarded upon failed authentication. Enter a URL or URI relative to the local \
OpenAM. URL or URI can be prefixed with ClientType|URL if client specific. URL without http(s) protocol will be appended to the current \
URI of OpenAM.
a135=Authentication Post Processing Classes
a135.help=A list of post authentication processing classes for all users in this realm.
a135.help.txt=This is a list of Post Processing Classes that will be called by OpenAM for all users that authenticate to this realm. \
Refer to the documentation for the places where the list of post authentication classes can be set and their precedence. \
<br/><br/>For example: org.forgerock.auth.PostProcessClass<br/>\
<i>NB </i>OpenAM must be able to find these classes on the <code>CLASSPATH</code> and must implement the interface \
<code>com.sun.identity.authentication.spi.AMPostAuthProcessInterface</code>.
a135.help.uri=#tbd
a138=Generate UserID Mode
a138.help=Enables this mode in the Membership auth module.
a138.help.txt=When this mode is enabled, if the Membership auth module detects that the supplied username already exists in the \
data store then a list of valid usernames can be shown to the user, if requested by said user.
a139=Pluggable User Name Generator Class
a139.help=The name of the default implementation of the user name generator class.
a139.help.txt=The name of the class used to return a list of usernames to the Membership auth module.<br/><br/>\
<i>NB </i>This class must implement the interface <code>com.sun.identity.authentication.spi.UserIDGenerator</code>
a140=LDAP Connection Pool Size
a140.help=Controls the size of the LDAP connection pool used for authentication
a140.help.txt=Control the size of the connection pool to the LDAP directory server used by any of the authentication modules \
that use LDAP directly such as \LDAP or Active Directory.Different OpenAM servers can be configured with different connection \
pool settings.<br/><br/>Format: host:port:minimum:maximum
a141=Default LDAP Connection Pool Size
a141.help=The default connection pool size; format is: mininum:maximum
a142=Identity Types
a143=Pluggable User Status Event Classes
a143.help=List of classes to be called when status of the user account changes.
a143.help.txt=When the status of a users account changes, OpenAM can be configured to call into a custom class. \
The custom class can then be used to perform some action as required. The built in status change events are:<br/><br/>\
<ul><li>Account locked</li><li>Password changed</li></ul><br/>Custom code can also extend this mechanism.
a143.help.uri=#tbd
a144=Store Invalid Attempts in Data Store
a144.help=Enables sharing of login failure attempts across AM Instances
a144.help.txt=When this setting is enabled OpenAM will store the users invalid authentication information in the data store \
under the attribute configured in the <i>Invalid Attempts Data Attribute Name</i> property.
a145=Module Based Authentication
a145.help=Allows a user to authenticate via module based authentication.
a145.help.txt=The feature allow users to override the realm configuration and use a named authentication module to authenticate.\
<br/><br/><i>NB </i>Recommended to turn this feature off in production environments.
a146=Remote Auth Security
a146.help=OpenAM requires authentication client to authenticate itself before authenticating users.
a146.help.txt=When this setting is enabled, OpenAM will require the authentication client (such as a policy agent) to authentication \
itself to OpenAM before the client will be allow to use the remote authentication API to authenticate users.
a147=User Attribute Mapping to Session Attribute
a147.help=Mapping of user profile attribute name to session attribute name.
a147.help.txt=The setting causes OpenAM to read the named attributes from the users profile in the data store and store their values \
in the users session.<br/></br>Format: User Profile Attribute|Session Attribute name.
a148=Keep Post Process Objects for Logout Processing
a148.help=Store Post Processing Classes for the duration of the session.
a148.help.txt=Enabling this setting will cause OpenAM to store instances of post processing classes into the users session. \
When the user logs out the original instances of the post processing classes will be called instead of new instances. \
This may be needed for special logout processing.<br/><br/>\
<i>NB </i>Enabling this setting will increase the memory usage of OpenAM.
a149=Keep Authentication Module Objects for Logout Processing.
a149.help=The authentication modules instances will be stored in the users session.
a149.help.txt=Enabling this setting will cause OpenAM to store the authentication module instances used by the user to authenticate \
in the users session. Normally after authentication the module instances would be cleared. This may be needed for special logout \
processing.<br/><br/>\
<i>NB </i>Enabling this setting will increase the memory usage of OpenAM.
a150=Valid goto URL domains
a150.help=List of Valid goto URL domains
a150.help.txt=By default OpenAM will redirect the user to the URL specified in the goto parameter supplied to the authentication interface. \
To enhance security a list of valid DNS domains can be specified. OpenAM will only redirect a user if the domain of the goto URL \
is present in this list.
#Always the Authentication Level attribute should be the last item in the
#display section of the profile page. Make sure the key is always a large
#number. Now it is a500. This is to avoid reshuffling the keys if new
#attributes are added.
a500=Default Authentication Level
a500.help=The default authentication level for modules in this realm.
a500.help.txt=If the authentication module does not set it's own auth level then the module will have the default authentication level \
for the realm.
a104.link=Edit
a121.link=Edit
error=General Error
changePasswdSucceeded=Changing user password succeeded
amAuth-debug.on=On
amAuth-debug.off=Off
amAuth-debug.log=Log Messages
initWorkerFailed=Failed to instantiate login worker class
getOrgFailed=Failed to get organization attributes
getUserFailed=Failed to get user attributes :
wrongCall=Method must be called in process(): {0}
invalidDN=Invalid DN string: {0}
nullLoginState=Null LoginState obtained
nullSess=Failed to get auth SSO session
noAuthenticator=No authenticators configured
multipleUserMatchFound=Multiple matches found for user search, please contact your system administrator to fix the problem
loginContextCreateFailed=Error creating LoginContext :
failedLogout=Error logging out :
authContextCreateFailed=Error creating AuthContext :
authContextRetrieveFailed=Error retrieving AuthContext :
userTokenNull=Token is null
nullLoginParams=Login Parameters are null
noRedirectTemplate=Redirect error
errorConstructingURL=Error constructing URL
redirectError=Error redirecting to URL
nullHandler=Null Callback Handler
invalidState=Invalid module state: {0}
noCallbackState=No callbacks defined for module state: {0}
invalidCode=Invalid return code: {0}
getModulePropertiesError=Could not get module properties
invalidCallbackIndex=Invalid replace callback index: {0}
nullCallback=Null replace callback instance
noConfig=Error retrieving Configuration
noUserProfile=User Profile does not exist
userInactive=User is not Active
userNotFoundInAlias=User does not exist
noUserTokens=No User Tokens
userRoleNotFound=User does not belong to this Role.
noModulesConfigured=No Authentication Modules found.
loginDenied=User denied Login
authServiceError=Authentication Service Error
callbackError=Error creating callback
pCookieError=Unable to create persistent cookie
abortFailed=Error aborting login process
modulePrompt=Authentication Menu
noSid=No Session ID found {0}
unknownCallback=Unsupported callback instance
errorState=Enter module error state :
loginReset=Resetting from AMLoginContext:exceuteLogin() :
sessionActivationFailed=Session Activation Failed
orgNotMatching=Organization Mismatch
lockOutEmailSub=WARNING: user lock out notice
lockOutEmailMsg=The account for {0} has been deactivated due to successive login failures
invalidtoken=SSOToken is not valid
invalidcontext=AuthContext is not valid
noInternalSession=No Old Session can be found as part of session upgrade
# This is used to form the "From" part of the e-mail that is sent out during the
# lockout. The '-' is intentional as without it the InternetAddress class throws
# an exception
lockOutEmailFrom=OpenAM
lockOutWarning=Warning: Account lockout will occur after next {0} password failure(s).
logout=Logout
lockOut=User Locked Out.
accountExpired=User Account Expired!!
loginTimeout=Login Timed Out.
moduleDenied=Authentication Module Denied.
invalidDomain=Invalid Domain
accountLockedOut=Account Locked Out.
lockoutMessage=Lockout Message Emailed to :
incorrectAuthLevel=Invalid Auth Level.
invalidChars=Invalid Characters detected in UserName
### Error codes
### format errorCode=errorMessage | errorTemplate
### seperator "|" to differentiate between errorMessage and errorTemplate
### errorMessage = is the error message describing the error
### errroTemplate = is the jsp/html page to be rendered
100=User Requires Profile to Login|login_denied.jsp
101=User Account Expired!!|account_expired.jsp
102=Authentication Error!!|auth_error_template.jsp
103=Invalid Password!!|login_failed_template.jsp
104=User not Active|user_inactive.jsp
105=No Configuration found|noConfig.jsp
106=Invalid Peristent Cookie|invalidPCookieUserid.jsp
107=Authentication Failed!!|login_failed_template.jsp
108=Domain is invalid|invalid_domain.jsp
109=Org is inactive|org_inactive.jsp
110=Session has timed out|session_timeout.jsp
111=Authentication Module Denied|module_denied.jsp
112=User Account Locked|user_inactive.jsp
113=User does not belong to Role|userDenied.jsp
114=Authentication Type Denied
115=Maximum Sessions Limit Reached.|maxSessions.jsp
116=User profile cannot be created
117=The browser is not configured or supported for the HTTP authentication handshaking|login_failed_template.jsp
118=Can not create new session.
119=Invalid Auth Level.|invalidAuthlevel.jsp
120=Module Based Authentication is not allowed.
121=Too Many Authentication Attempts!!
122=Invalid App SSO Token in Remote Authentication
123=Exceed Password Retry Limits in DS - Constraint Violation|user_inactive.jsp
124=Session Upgrade fails since user is different than original authenticated user
################################################################################
#
# Console View Properties
#
################################################################################
authentication.show.advanced.attributes=All Core Settings...
authentication.core.properties=Core
authentication.module.instances=Module Instances
authentication.module.instances.help=The list of authentication modules available to this realm
authentication.module.instances.help.txt=OpenAM uses authentication modules to identify the user. Normally authentication modules \
are associated with an authentication chain. Each realm has a default authentication chain that will be used to authenticate users. \
This section is used to add, configure or remove authentication module available for authentication into this realm.
authentication.module.instances.help.uri=#tbd
authentication.module.configurations=Authentication Chaining
authentication.module.configurations.help=The list of authentication chains available to this realm
authentication.module.configurations.help.txt=OpenAM uses authentication chains to control the authentication flow for the user. \
Use this section to add, configure or remove this realms set of authentication chains.
authentication.module.configurations.help.uri=#tbd
authentication.module.instances.action.label=Edit
authentication.module.configurations.action.label=Edit
label.items=Items
authentication.instance.table.name.column=Name
authentication.instance.table.type.column=Type
authentication.instance.table.action.column=Action
authentication.instance.table.create.button=New
authentication.instance.table.delete.button=Delete
authentication.module.instance.table.noentries=There are no instances available. Press the New button to create one.
authentication.configuration.table.name.column=Name
authentication.configuration.table.type.column=Type
authentication.configuration.table.action.column=Action
authentication.configuration.table.create.button=New
authentication.configuration.table.delete.button=Delete
authentication.configuration.table.noentries=There are no authentication chains defined. Press the New button to create one.
[Empty]=[empty]
i18nTrue=Enabled
i18nFalse=Disabled
label.current.value=Current Values
label.new.value=New Value
org-chain-list.help=This table lists the authentication modules that make up this authentication chain.
org-chain-list.help.txt=The list of modules that will be presented to the user during authentication. The criteria controls the processing \
of the chain. Each module has a set of options that be set to control how the module operates.
org-chain-list.help.uri=#tbd