#

# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.

#

# Copyright (c) 2011 ForgeRock AS. All Rights Reserved

#

# The contents of this file are subject to the terms

# of the Common Development and Distribution License

# (the License). You may not use this file except in

# compliance with the License.

#

# You can obtain a copy of the License at

# http://forgerock.org/license/CDDLv1.0.html

# See the License for the specific language governing

# permission and limitations under the License.

#

# When distributing Covered Code, include this CDDL

# Header Notice in each file and include the License file

# at http://forgerock.org/license/CDDLv1.0.html

# If applicable, add the following below the CDDL Header,

# with the fields enclosed by brackets [] replaced by

# your own identifying information:

# "Portions Copyrighted [year] [name of copyright owner]"

#

# Portions Copyrighted 2012 ForgeRock Inc

# Portions Copyrighted 2012 Open Source Solution Technology Corporation

onlinehelp.doc=authnadaptive.html

authentication=Authentication Modules

iplanet-am-auth-adaptive-service-description=Adaptive Risk

noInternalSession=Invalid session

noIdentity=Unable to find identity in Datastore

a500=Authentication Level

a500.help=The authentication level associated with this module.

a500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \

associated with the module; 0 is the lowest (and the default).

a502=Risk Threshold

a502.help=If the risk threshold value is not reached after executing the different tests, the authentication is considered to be successful.

a502.help.txt=Associated with many of the adaptive risk checks is a score; if a check does not passes then the score is added to the current \

running total. The final score is then compared with the <i>Risk Threshold</i>, if the score is lesser than said \

threshold the module will be successful.

a503=Failed Authentication Check

a503.help=Checks if the user has past authentication failures.

a503.help.txt=Check if the OpenAM account lockout mechanism has recorded past authentication failures for the user.<br/><br/>\

<i>NB </i>For this check to function, Account Lockout must be enabled.

a504=Enable Failed Authentication Reset

a504.help=Enable the failed authentication reset check.

a505=Score

a505.help=The amount to increment the score if this check fails.

a506=Invert Result

a506.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

a507=IP Range Check

a507.help=Enables the checking of the client IP address against a list of IP addresses.

a507.help.txt=The IP range check compares the IP of the client against a list of IP addresses, if the client IP is found within \

said list the check is successful.

a508=IP Range

a508.help=The list of IP address to compare against the client IP address.

a508.help.txt=The format of the IP address is as follows:<br/><br/>\

<ul><li>Single IP address: <code>172.16.90.1</code></li><li>CIDR notation: <code>172.16.90.0/24</code></li>\

<li>IP net-block with netmask: <code>172.16.90.0:255.255.255.0</code></li></ul>

a509=Score

a509.help=The amount to increment the score if this check fails.

a510=Invert Result

a510.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

a511=IP History Check

a511.help=Enables the checking of client IP address against a list of past IP addresses.

a511.help.txt=If this check is enabled; a set number of past IP addresses used by the client to access OpenAM is recorded in the user \

profile. This check passes if the current client IP address is present in the history list. If the IP address is not present, the check \

fails and the IP address is added to list if the overall authentication is successful (causing the oldest IP address to be removed).

a512=History size

a512.help=The number of client IP addresses to save in the history list.

a513=Profile Attribute Name

a513.help=The name of the attribute used to store the IP history list in the data store.

a513.help.txt=IP history list is stored in the Data Store meaning your Data Store should be able to store values under the configured \

attribute name. If you're using a directory server as backend, make sure your Data Store configuration contains the necessary \

objectclass and attribute related settings.

a514=Save Successful IP Address

a514.help=The IP History list will be updated in the data store

a514.help.txt=The Adaptive Risk Post Authentication Plug-in will update the IP history list if the overall authentication is successful.

a515=Score

a515.help=The amount to increment the score if this check fails.

a516=Invert Result

a516.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

a517=Cookie Value Check

a517.help=Enables the checking of a known cookie value in the client request

a517.help.txt=If this check is enabled, the check looks for a known cookie in the client request. If the cookie exists and has the \

correct value then the check will pass.

a518=Cookie Name

a518.help=The name of the cookie to set on the client.

a519=Cookie Value

a519.help=The value to be set on the cookie.

a520=Save Cookie Value on Successful Login

a520.help=The cookie will be created on the client after successful login

a520.help.txt=The Adaptive Risk Post Authentication Plug-in will set the cookie on the client response

a521=Score

a521.help=The amount to increment the score if this check fails.

a522=Invert Result

a522.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

a523=Time since Last login Check

a523.help=Enables the checking of the last time the user successfully authenticated.

a523.help.txt=If this check is enabled, the check ensures the user has successfully authenticated within a given interval. If the \

interval has been exceeded the check will fail. The last authentication for the user is stored in a client cookie.

a524=Cookie Name

a524.help=The name of the cookie used to store the time of the last successful authentication.

a525=Max Time since Last login

a525.help=The maximum number of days that can elapse before this test.

a526=Save time of Successful Login

a526.help=The last login time will be saved in a client cookie

a526.help.txt=The Adaptive Risk Post Authentication Plug-in will update the last login time

a527=Score

a527.help=The amount to increment the score if this check fails.

a528=Invert Result

a528.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

a529=Profile Risk Attribute check

a529.help=Enables the checking of the user profile for a matching attribute and value.

a529.help.txt=If this check is enabled, the check will pass if the users profile contains the required risk attribute and value.

a530=Attribute Name

a530.help=The name of the attribute to retrieve from the user profile in the data store.

a531=Attribute Value

a531.help=The required value of the named attribute.

a532=Score

a532.help=The amount to increment the score if this check fails.

a533=Invert Result

a533.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

a534=Device Registration Cookie Check

a534.help=Enables the checking of the client request for a known cookie.

a534.help.txt=If this check is enabled, the check will pass if the client request contains the named cookie.

a535=Cookie Name

a535.help=The name of the cookie to be checked for (and optionally set) on the client request

a536=Save Device Registration on Successful Login

a536.help=Set the device cookie on the client response

a536.help.txt=The Adaptive Risk Post Authentication Plug-in will set the device cookie on the client response

a537=Score

a537.help=The amount to increment the score if this check fails.

a538=Invert Result

a538.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

a539=Geolocation Country Code Check

a539.help=Enables the checking of the client IP address against the geolocation database.

a539.help.txt=The geolocation database associates IP addresses against their known location. This check passes if the country associated \

with the client IP address is matched against the list of valid country codes.<br/><br/>\

The geolocation database is available in binary format at <a href="http://www.maxmind.com/app/country" target="_blank">MaxMind</a>.

a540=Geolocation Database location

a540.help=The path to the location of the GEO location database.

a540.help.txt=The Geolocation database is not distributed with OpenAM, you can get it in binary format from \

<a href="http://www.maxmind.com/app/country" target="_blank">MaxMind</a>.

a541=Valid Country Codes

a541.help=The list of country codes that are considered as valid locations for client IPs.

a541.help.txt=The list is made up of country codes separated by a | character; for example:<br/><br/>\

<code>gb|us|no|fr</code>

a542=Score

a542.help=The amount to increment the score if this check fails.

a543=Invert Result

a543.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.

a544=Request Header Check

a544.help=Enables the checking of the client request for a known header name and value.

a544.help.txt=The request header check will pass if the client request contains the required named header and value.

a545=Request Header Name

a545.help=The name of the required HTTP header

a546=Request Header Value

a546.help=The required value of the named HTTP header.

a547=Score

a547.help=The amount to increment the score if this check fails.

a548=Invert Result

a548.help=If the check succeeds the score will be included in the total, for failure the score will not be incremented.