#

# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.

#

# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved

#

# The contents of this file are subject to the terms

# of the Common Development and Distribution License

# (the License). You may not use this file except in

# compliance with the License.

#

# You can obtain a copy of the License at

# https://opensso.dev.java.net/public/CDDLv1.0.html or

# opensso/legal/CDDLv1.0.txt

# See the License for the specific language governing

# permission and limitations under the License.

#

# When distributing Covered Code, include this CDDL

# Header Notice in each file and include the License file

# at opensso/legal/CDDLv1.0.txt.

# If applicable, add the following below the CDDL Header,

# with the fields enclosed by brackets [] replaced by

# your own identifying information:

# "Portions Copyrighted [year] [name of copyright owner]"

#

# $Id: amSession.properties,v 1.7 2009/02/19 05:49:41 bhavnab Exp $

#

# Portions Copyrighted 2011-2016 ForgeRock AS.

# Portions Copyrighted 2016 Nomura Research Institute, Ltd.

#

onlinehelp.doc=session.html

unexpectedResponse=Unexpected number of responses received.

unexpectedSession=Unexpected number of sessions received.

invalidSessionID=Invalid session ID.

invalidSessionState=Session state is invalid.

protectedPropertyNoClientToken=Cannot set protected property without client identification token.

protectedPropertyNoSSOTokenMgrInstance=Cannot get SSOTokenManager instance to validate client token.

protectedPropertyInvalidClientToken=Cannot set protected property as client token is invalid.

protectedPropertyNoAdminToken=Cannot retrieve admin token to validate against client token.

protectedPropertyNoPermission=Client does not have permission to set protected property. Rejected session update request.

unexpectedEOF=Unexpected end of file.

readRandomDeviceFailed=Reading random device failed.

noPrivilege=No privilege to perform this operation.

sessionNotObtained=Session was not obtained.

unknownRequestMethod=Unknown request method.

iplanet-am-session-service-description=Session

sessionTimedOut=Session timed out.

sessionNotTimedOut=Session has not timed out.

propertyMustBeSet=Properties com.iplanet.am.localserver.{protocol,host,port} must be set in failover mode.

restrictionViolation=Illegal attempt to use a restricted token.

appTokenInvalid=Application token passed in, is invalid.

emptyTrustedSourceList=No entries found in trusted source list or platform server list.

unsupportedFunction=Function is not supported.

SessionTableNotFound=Session table does not exist in session store.

getValidSessionsError=Failed to get the valid sessions from the specified server.

restrictedTokensUnsupported=Restricted tokens are not supported for stateless sessions.

ssoTokenListenersUnsupported=Stateless sessions cannot be observed.

a101=Maximum Session Time

a101.help=In minutes.

a102=Maximum Idle Time

a102.help=In minutes.

a103=Maximum Caching Time

a103.help=In minutes.

a104=Session Service Status

a105=Maximum Number of Search Results

a105.help=Do not set this attribute to a large value (greater than 1000) unless sufficient system resources are allocated.

a106=Timeout for Search

a106.help=In seconds.

a107=Session Failover

a108=Session Store User

a109=Session Store Password

a110=Session Cluster Server List

a111=Maximum Wait Time

a111.help=Read Timeout for retrieving the session (in milliseconds).

a112=JDBC Driver Impl Class Name

a113=LDAP URL

a113.help=Specify LDAP URL for distinct Session Failover Persistence. If using Embedded OpenDJ or External Configuration Store for Session Persistence, leave this field blank.

a114=Minimum Pool Size

a115=Maximum Pool Size

a116=Enable Property Change Notifications

a117=Enable Quota Constraints

a118=Active User Sessions

a118.help=Maximum number of concurrent sessions allowed for a user.

a119=Read Timeout for Quota Constraint

a119.help=Maximum Wait Time for retrieving session count (in milliseconds).

a119b=Resulting behavior if session quota exhausted

a119b.help=DENY_ACCESS (the new session creation request will be denied)<br/>DESTROY_NEXT_EXPIRING (the next expiring session will be destroyed)<br/>DESTROY_OLDEST_SESSION (the oldest session will be destroyed)<br/>DESTROY_OLD_SESSIONS (all previous sessions will be destroyed)

a119c=Deny user login when session repository is down

a119c.help=This attribute takes effect only when the session quota constraint is enabled.

a120=Notification Properties

a120.help=Send Notifications for these properties when modified.

a121=Session Persistence and High Availability Failover Enabled

a121.help=Enabling provides full Session persistence and when coupled with a clustered environment provides Session High availability Failover as well.

a121b=DN Restriction Only Enabled

a121b.help=If enabled, OpenAM will not perform DNS lookups when checking restrictions in cookie hijacking mode.

a121c.session.reduced.crosstalk.enabled=Reduced Crosstalk Enabled

a121c.session.reduced.crosstalk.enabled.help=If enabled then OpenAM instances will avoid talking to each other to \

resolve non-local sessions, and use session persistence instead. Defaults to on if session persistence is enabled. \

Will be silently disabled if session persistence is disabled.

a121d.session.destroy.logout.broadcast=Session Logout/Destroy Broadcast

a121d.session.destroy.logout.broadcast.help=When a session is logged out or destroyed, this can be broadcast to other \

servers so that they can block any requests that arrive before reduced crosstalk replication has taken place.

a121e.session.reduced.crosstalk.purge.delay=Reduced Crosstalk Purge Delay

a121e.session.reduced.crosstalk.purge.delay.help=The number of minutes to retain a copy of a session in a \

destroyed state in order to block any requests that arrive before reduced crosstalk replication has taken place.

a122=Enable Session Trimming

a123=Session Timeout Handler implementations

a123.help=Here you can list your session timeout handler implementations. You need to supply fully qualified names for the impl classes.

a124=Signing Algorithm Type

a124.help=Algorithm used to sign stateless session JWT in order to detect tampering.

a124.help.txt=NONE - No signature (not recommended).<br/>\

HS256 - HMAC using SHA-256 hash algorithm.<br/>\

HS384 - HMAC using SHA-384 hash algorithm.<br/>\

HS512 - HMAC using SHA-512 hash algorithm.<br/>\

RS256 - RSA using SHA-256 hash algorithm.<br/>\

ES256 - ECDSA using SHA-256 hash algorithm.<br/>\

ES384 - ECDSA using SHA-384 hash algorithm.<br/>\

ES512 - ECDSA using SHA-512 hash algorithm.

a125=Signing HMAC Shared Secret

a125.help=Base64 encoded key used by HS256, HS384 and HS512.

a126=Signing RSA/ECDSA Certificate Alias

a126.help=Name of a certificate containing public-private key pair used by RS256/ES256/ES384/ES512.

a126.help.txt=Certificate will be retrieved from the keystore referenced by the property com.sun.identity.saml.xmlsig.keystore

a127=Encryption Algorithm

a127.help=Overall encryption algorithm used to protect the contents of stateless sessions.

a127.help.txt=NONE - No encryption at all.<br>\

RSA - RSA encryption. Use property <code>org.forgerock.openam.session.stateless.rsa.padding</code> to control the \

RSA passing method (defaults to <code>RSA-OAEP-256</code>).<br>\

AES Key Wrapping - Symmetric encryption with AES Key Wrapping (<a href="https://tools.ietf.org/html/rfc3394" \

target="_blank">RFC 3394</a>).<br>\

Direct AES Encryption - Direct content encryption with the symmetric key.<br>\

<br>\

Use advanced property <code>org.forgerock.openam.session.stateless.encryption.method</code> to control the \

underlying content encryption method (defaults to <code>A128CBC-HS256</code>).

a128=Encryption RSA Certificate Alias

a128.help=Name of a certificate containing public-private key pair used for encryption.

a128.help.txt=Certificate will be retrieved from the keystore referenced by the property com.sun.identity.saml.xmlsig.keystore

a129=Enable Session Blacklisting

a129.help=If enabled then sessions will be blacklisted on the server on logout until the session expires.

a129.help.txt=It is recommended to enable this setting if the maximum session time is high. State is stored in the \

core token store (CTS) until the session token expires in order to ensure that session tokens cannot continue to \

be used. Requires a server restart for changes to take effect.

a130=Session Blacklist Cache Size

a130.help=Number of blacklisted sessions to cache in memory to speed up blacklist checks and reduce load on the CTS.

a131=Blacklist Poll Interval (seconds)

a131.help=How frequently to poll for session blacklist changes from other servers, in seconds.

a131.help.txt=How often each server will poll the CTS for session blacklist changes from other servers. This is used \

to maintain a highly compressed view of the overall current session blacklist improving performance. A lower number \

will reduce the delay for blacklisted sessions to propagate to all servers at the cost of increased CTS load. Set \

to 0 to disable this feature completely.

a132=Blacklist Purge Delay (minutes)

a132.help=Length of time to blacklist sessions beyond their expiry time.

a132.help.txt=Allows additional time to account for clock skew to ensure that a session has expired before it is \

removed from the blacklist.

a133=Symmetric AES Key

a133.help=Symmetric AES key for use with Direct or AES KeyWrap encryption modes.

a133.help.txt=This should be a base64-encoded random key. For direct encryption with AES-GCM or for AES-KeyWrap \

with any content encryption method, this should be 128, 192 or 256 bits. For direct encryption with AES-CBC-HMAC \

it should be double those sizes (one half for the AES key, the other half for the HMAC key). AES key sizes greater \

than 128 bits require installation of the JCE Unlimited Strength policy files in your JRE.

a134=Compression Algorithm

a134.help=WARNING: Enabling compression may compromise encryption.

a134.help.txt=If enabled the session state will be compressed before signing and encryption. This may leak \

information about the content of the session state if encryption is enabled.

p101=Get All Valid Sessions

p102=Destroy a Session

p103=Add a Session Listener on All Sessions

choiceActive=Active

choiceInactive=Inactive

choiceDeleted=Deleted

choiceON=ON

choiceOFF=OFF

choiceYES=YES

choiceNO=NO

choiceDenyAccess=DENY_ACCESS

choiceDestroyNextExpiring=DESTROY_NEXT_EXPIRING

choiceDestroyOldSession=DESTROY_OLDEST_SESSION

choiceDestroyAll=DESTROY_OLD_SESSIONS

i18nTrue=Enabled

i18nFalse=Disabled

choiceBroadcastOff=Disabled

choiceBroadcastToLocalSite=Broadcast only to local site servers

choiceBroadcastToAllSites=Broadcast to servers in all sites

choiceNONE=NONE

choiceHS256=HS256

choiceHS384=HS384

choiceHS512=HS512

choiceRS256=RS256

choiceES256=ES256

choiceES384=ES384

choiceES512=ES512

choiceRSA=RSA

choiceAESKeyWrap=AES KeyWrapping

choiceDirect=Direct AES encryption

choiceDEFLATE=Deflate Compression.