12N/A# The contents of this file are subject to the terms of the Common Development and

12N/A# Distribution License (the License). You may not use this file except in compliance with the

12N/A# License.

12N/A#

12N/A# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the

12N/A# specific language governing permission and limitations under the License.

12N/A#

12N/A# When distributing Covered Software, include this CDDL Header Notice in each file and include

12N/A# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL

12N/A# Header, with the fields enclosed by brackets [] replaced by your own identifying

12N/A# information: "Portions copyright [year] [name of copyright owner]".

12N/A#

12N/A# Copyright 2012-2015 ForgeRock AS.

12N/A

12N/Aauthentication=Authentication Modules

12N/AiPlanetAMAuthOATHServiceDescription=Two Step Verification

12N/Aa500=Authentication Level

12N/Aa500.help=The authentication level associated with this module.

12N/Aa500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \

12N/Aassociated with the module; 0 is the lowest (and the default).

12N/Aa501=One Time Password Length

12N/Aa501.help=The length of the generated OTP in digits. Must be 6 digits or longer.

12N/Aa502=Minimum Secret Key Length

12N/Aa502.help=Number of hexadecimal characters allowed for the Secret Key.

12N/Aa503=Secret Key Attribute Name

12N/Aa503.help=The name of the attribute in the user profile to store the user secret key.

12N/Aa504=OATH Algorithm to Use

12N/Aa504.help=Choose the algorithm your device uses to generate the OTP.

12N/Aa504.help.txt= HOTP uses a counter value that is incremented every time a new OTP is generated. TOTP generates a new OTP every few seconds as specified by the time step interval.

12N/Aa505=HOTP Window Size

12N/Aa505.help=The size of the window to resynchronize with the client.

12N/Aa505.help.txt=This sets the window that the OTP device and the server counter can be out of sync. For example, if the window size is 100 and the servers last successful login was at counter value 2, then the server will accept a OTP from the OTP device that is from device counter 3 to 102.

30N/Aa506=Counter Attribute Name

30N/Aa506.help=The name of the attribute in the user profile to store the user counter. This is required if HOTP is chosen as the OATH algorithm.

12N/Aa507=Add Checksum Digit

12N/Aa507.help=This adds a checksum digit to the OTP.

12N/Aa507.help.txt=This adds a digit to the end of the OTP generated to be used as a checksum to verify the OTP was generated correctly. This is in addition to the actual password length. You should only set this if your device supports it.

114N/Aa508=Truncation Offset

114N/Aa508.help=This adds an offset to the generation of the OTP.

12N/Aa508.help.txt=This is an option used by the HOTP algorithm that not all devices support. This should be left default unless you know your device uses a offset.

12N/Aa509=TOTP Time Step Interval

12N/Aa509.help= The TOTP time step in seconds that the OTP device uses to generate the OTP.

114N/Aa509.help.txt=This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.

114N/Aa510=TOTP Time Steps

12N/Aa510.help=The number of time steps to check before and after receiving a OTP.

30N/Aa510.help.txt=This is the number of time step intervals to check the received OTP against both forward in time and back in time. For example, with 2 time steps and a time step interval of 30 seconds the server will allow a clock drift between client and server of 89 seconds. (2-30 second steps and 29 seconds for the interval that the OTP arrived in)

30N/Aa511=Last Login Time Attribute

29N/Aa511.help=Attribute to store the time of the users last login. This is required if TOTP is chosen as the OATH algorithm.

29N/Aa511.help.txt=This attribute stores the last time a user logged in to prevent time based attacks. The value is stored as a number (Unix Time).

29N/Aa514=Maximum Allowed Clock Drift

29N/Aa514.help=Number of time steps a client is allowed to get out of sync with the server before manual resynchronisation\

59N/A is required.

29N/AHOTP=HOTP

29N/ATOTP=TOTP

59N/AauthFailed=Authentication Failed

59N/AoutOfSync=Device has exceeded maximum clock drift. Please re-register your device.