#

# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.

#

# Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved

#

# The contents of this file are subject to the terms

# of the Common Development and Distribution License

# (the License). You may not use this file except in

# compliance with the License.

#

# You can obtain a copy of the License at

# https://opensso.dev.java.net/public/CDDLv1.0.html or

# opensso/legal/CDDLv1.0.txt

# See the License for the specific language governing

# permission and limitations under the License.

#

# When distributing Covered Code, include this CDDL

# Header Notice in each file and include the License file

# at opensso/legal/CDDLv1.0.txt.

# If applicable, add the following below the CDDL Header,

# with the fields enclosed by brackets [] replaced by

# your own identifying information:

# "Portions Copyrighted [year] [name of copyright owner]"

#

# $Id: agentService.properties,v 1.85 2009/12/23 00:16:19 babysunil Exp $

#

# Portions Copyrighted 2011 ForgeRock AS

label.Empty=---EMPTY----

a10=USER_ID

a11=PROFILE_ATTRIBUTE

a12=HTTP_HEADER

a13=SESSION_PROPERTY

a14=LOG_NONE

a15=LOG_ALLOW

a16=LOG_DENY

a17=LOG_BOTH

a18=REMOTE

a19=ALL

a20=NONE

a21=HTTP_HEADER

a22=REQUEST_ATTRIBUTE

a23=HTTP_COOKIE

a24=LOCAL

a25=3DES

a26=AES

a27=subtree

a28=self

a29=1.3

a30=1.0

a100=Password

a100.confirm=Password (Confirm)

a101=Status

a101.help=Status of the agent configuration.

a102=Active

a103=Inactive

a105=true

a106=false

a109=Agent Notification URL

a109.help=URL used by agent to register notification listeners. (property name: com.sun.identity.client.notification.url) <br>Hot-swap: No

a110=Location of Agent Configuration Repository

a110.help=Indicates agent's configuration located either on agent's host or centrally on OpenAM server.

a111=centralized

a112=local

# J2EE Agent properties

a113=Agent Filter Mode

a113.help=Specifies the mode of operation of the Filter. (property name: com.sun.identity.agents.config.filter.mode) <br>Valid key: the web application name. <br>Valid values: ALL, J2EE_POLICY, URL_POLICY, SSO_ONLY, NONE <br>For this property, a global value can be set to apply to all the applications that don't have their own specific filter mode. <br>Hot-swap: No <br>Examples: <br>To set ALL as the global filter mode: leave Map Key field empty, and enter ALL in Corresponding Map Value field. <br>To set URL_POLICY as the filter mode for application BankApp: enter BankApp in Map Key field, and enter URL_POLICY in Corresponding Map Value field.

a114=User Mapping Mode

a114.help=Specifies mechanism agent uses to determine user-ID. (property name: com.sun.identity.agents.config.user.mapping.mode) <br>Hot-swap: Yes

a115=User Attribute Name

a115.help=Name of the attribute which contains the user-ID. (property name: com.sun.identity.agents.config.user.attribute.name) <br>Hot-swap: Yes

a116=User Principal Flag

a116.help=Use principal instead of just the user-ID for authenticating the user. (property name: com.sun.identity.agents.config.user.principal) <br>Hot-swap: Yes

a117=User Token Name

a117.help=Session property name for user-ID of the authenticated user in session. (property name: com.sun.identity.agents.config.user.token) <br>Hot-swap: Yes

a118=Client IP Address Header

a118.help=HTTP header name that holds the IP address of the client. (property name: com.sun.identity.agents.config.client.ip.header) <br>Hot-swap: Yes

a119=Client Hostname Header

a119.help=HTTP header name that holds the Hostname of the client. (property name: com.sun.identity.agents.config.client.hostname.header) <br>Hot-swap: Yes

a121=Configuration Reload Interval

a121.help=Interval in seconds between configuration reloads. (property name: com.sun.identity.agents.config.load.interval) <br>Hot-swap: Yes

a122=Locale Language

a122.help=(property name: com.sun.identity.agents.config.locale.language) <br>Hot-swap: No

a123=Locale Country

a123.help=(property name: com.sun.identity.agents.config.locale.country) <br>Hot-swap: No

a124=Audit Access Types

a124.help=Types of messages to log based on user URL access attempts. (property name: com.sun.identity.agents.config.audit.accesstype) <br>Hot-swap: Yes

a125=Audit Log Location

a125.help=Specifies where audit messages should be logged. (property name: com.sun.identity.agents.config.log.disposition) <br>Hot-swap: Yes

a126=Remote Log File Name

a126.help=Name of file stored on OpenAM server that contains agent audit messages. (property name: com.sun.identity.agents.config.remote.logfile) <br>Hot-swap: Yes

a128=Rotate Local Audit Log

a128.help=Flag to indicate that audit log files should be rotated when reaching a certain size. (property name: com.sun.identity.agents.config.local.log.rotate) <br>Hot-swap: Yes

a129=Local Audit Log Rotation Size

a129.help=Size limit when a local audit log file is rotated to a new file. (property name: com.sun.identity.agents.config.local.log.size) <br>Hot-swap: Yes

a131=Web Service Enable

a131.help=Flag specifies if Web Service processing is enabled. (property name: com.sun.identity.agents.config.webservice.enable) <br>Hot-swap: Yes

a132=Web Service End Points

a132.help=A list of Web Application end points that represent Web Services. (property name: com.sun.identity.agents.config.webservice.endpoint) <br>Hot-swap: Yes

a133=Web Service Process GET Enable

a133.help=Flag to indicates if the processing of HTTP GET requests for Web Service endpoints is enabled. (property name: com.sun.identity.agents.config.webservice.process.get.enable) <br>Hot-swap: Yes

a134=Web Service Authenticator

a134.help=An implementation class of interface com.sun.identity.agents.filter.IWebServiceAuthenticator that can be used to authenticate web-service requests. (property name: com.sun.identity.agents.config.webservice.authenticator) <br>Hot-swap: Yes

a134a=Web Service Response Processor

a134a.help=An implementation class of interface com.sun.identity.agents.filter.IWebServiceResponseProcessor that can be used to process the web-service responses. (property name: com.sun.identity.agents.config.webservice.responseprocessor) <br>Hot-swap: Yes

a135=Web Service Internal Error Content File

a135.help= The name of file that contains content used by the Agent to generate an internal error fault for clients. (property name: com.sun.identity.agents.config.webservice.internalerror.content) <br>Hot-swap: Yes

a136=Web Service Authorization Error Content File

a136.help=The name of file that contains content used by the Agent to generate an authorization error fault for clients. (property name: com.sun.identity.agents.config.webservice.autherror.content) <br>Hot-swap: Yes

a137=Resource Access Denied URI

a137.help=An application-specific Map that identifies a URI of the customized access denied page. (property name: com.sun.identity.agents.config.access.denied.uri) <br>Valid key: the web application name. <br>Valid value: the customized application access denied page URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific access denied page. <br>Hot-swap: Yes <br> Examples: <br>To set a global access denied page: leave Map Key field empty, and enter the global access denied page URI /sample/accessdenied.html in Corresponding Map Value field. <br> To set the access denied page URI for application BankApp: enter BankApp in Map Key field, and enter the application access denied page URI /BankApp/accessdenied.html in Corresponding Map Value field.

a138=Login Form URI

a138.help=List of absolute URIs corresponding to an application's web.xml form-login-page element. (property name: com.sun.identity.agents.config.login.form) <br>Hot-swap: Yes <br> Example: <br> /BankApp/jsp/login.jsp

a139=Login Error URI

a139.help=List of absolute URIs corresponding to an application's web.xml form-error-page element. (property name: com.sun.identity.agents.config.login.error.uri) <br>Hot-swap: Yes <br> Example: <br> /BankApp/jsp/error.jsp

a141=Use Internal Login

a141.help=Set to false if want to customize Login Content File instead of default internal content provided. (property name: com.sun.identity.agents.config.login.use.internal) <br>Hot-swap: Yes

a142=Login Content File Name

a142.help=Complete path and name of custom login content file. (property name: com.sun.identity.agents.config.login.content.file) <br>Hot-swap: Yes

a143=Custom Authentication Handler

a143.help=Application specific authentication handler to authenticate the logged on user with the application server. (property name: com.sun.identity.agents.config.auth.handler) <br>Valid key: the web application name. <br>Valid value: the authentication handler class name. <br>Hot-swap: Yes <br>Example: <br>To set authentication handler for application BankApp: enter BankApp in Map Key field, and enter authentication handler class name BankAuthHandler in Corresponding Map Value field.

a144=Custom Logout Handler

a144.help=Application specific logout handler to log out a user with the application server. (property name: com.sun.identity.agents.config.logout.handler) <br>Valid key: the web application name. <br>Valid value: the logout handler class name. <br>Hot-swap: Yes <br> Example: <br>To set logout handler for application BankApp: enter BankApp in Map Key field, and enter logout handler class name BankLogoutHandler in Corresponding Map Value field.

a145=Custom Verification Handler

a145.help=Application specific verification handler to validate the user credentials with the local repository. (property name: com.sun.identity.agents.config.verification.handler) <br>Valid key: the web application name. <br>Valid value: the verification handler class name. <br>Hot-swap: Yes <br> Example: <br> To set verification handler for application BankApp: enter BankApp in Map Key field, and enter verification handler class name BankVerificationHandler in Corresponding Map Value field.

a146=HTTP Session Binding

a146.help=If true will invalidate the http session when login has failed, user has no SSO session, or principal user name does not match SSO user name. (property name: com.sun.identity.agents.config.httpsession.binding) <br>Hot-swap: Yes

a147=Goto Parameter Name

a147.help=Property used only when CDSSO is enabled. Default value should be changed only when the login URL has a landing page specified <br> Example : com.sun.identity.agents.config.cdsso.cdcservlet.url = http://host:port/opensso/cdcservlet?goto=http://agent:port/landing.jsp <br> The parameter is used by the Agent to append the original request URL to this cdcserlet URL. This parameter is consumed by the landing page to redirect to the original URL. (property name: com.sun.identity.agents.config.redirect.param) <br>Hot-swap: Yes <br> Example: com.sun.identity.agents.config.redirect.param = goto2<br> The complete URL sent for authentication will be <br> http://host:port/opensso/cdcservlet?goto=http://agent:port/landing.jsp?goto2=http://agent.port/original.jsp

a148=OpenAM Login URL

a148.help=OpenAM login page URL. (property name: com.sun.identity.agents.config.login.url) <br>Hot-swap: Yes <br> Example: <br> http://host:port/opensso/UI/Login

a149=Login URL Prioritized

a149.help=Specifies if failover sequence for Login URLs or CDSSO URLs should be prioritized as defined in the OpenAM Login URL list. (property name: com.sun.identity.agents.config.login.url.prioritized) <br>Hot-swap: Yes

a151=Login URL Probe

a151.help=Specifies if agent will check the availability of these urls before redirecting to them. (property name: com.sun.identity.agents.config.login.url.probe.enabled) <br>Hot-swap: Yes

a152=Login URL Probe Timeout

a152.help=The connect timeout value in milliseconds, if also Login URL Probe is set to true. (property name: com.sun.identity.agents.config.login.url.probe.timeout) <br>Hot-swap: Yes

a153=Alternative Agent Host Name

a153.help=Host name identifying the Agent protected server to the client browsers if different from the actual host name. (property name: com.sun.identity.agents.config.agent.host) <br>Hot-swap: Yes

a154=Alternative Agent Port Name

a154.help=Port number identifying the Agent protected server listening port to the client browsers if different from the actual listening port. (property name: com.sun.identity.agents.config.agent.port) <br>Hot-swap: Yes

a155=Alternative Agent Protocol

a155.help=Protocol being used (http/https) by the client browsers to communicate with the Agent protected server if different from the actual protocol used by the server. (property name: com.sun.identity.agents.config.agent.protocol) <br>Hot-swap: Yes

a156=Login Attempt Limit

a156.help=Limit of failed login attempts for a user's single browser session until triggering the blocking of the user request. Value of 0 disables this feature. (property name: com.sun.identity.agents.config.login.attempt.limit) <br>Hot-swap: Yes

a158=SSO Cache Enable

a158.help=Specifies if the SSO Cache is active for the agent. Cache is used through public APIs exposed by the agent SDK. (property name: com.sun.identity.agents.config.amsso.cache.enable) <br>Hot-swap: Yes

a159=Cookie Reset

a159.help=Agent resets cookies in the response before redirecting to authentication. (property name: com.sun.identity.agents.config.cookie.reset.enable) <br>Hot-swap: Yes

a161=Cookies Reset Name List

a161.help=Cookie names that will be reset by the Agent if Cookie Reset is enabled. (property name: com.sun.identity.agents.config.cdsso.cookie.reset.name) <br>Hot-swap: Yes

a162=Cookies Reset Domain Map

a162.help=Maps cookie names specified in Cookie Reset Name List to value being the domain of this cookie to be used when a reset event occurs. (property name: com.sun.identity.agents.config.cookie.reset.domain) <br>Hot-swap: Yes

a163=Cookies Reset Path Map

a163.help=Maps cookie names specified in Cookie Reset Name List to value being the path of this cookie to be used when a reset event occurs. (property name: com.sun.identity.agents.config.cookie.reset.path) <br>Hot-swap: Yes

a164=Cross Domain SSO

a164.help=Enables Cross Domain Single SignOn. (property name: com.sun.identity.agents.config.cdsso.enable) <br>Hot-swap: Yes

a165=CDSSO Redirect URI

a165.help= An intermediate URI that is used by the Agent for processing CDSSO requests. (property name: com.sun.identity.agents.config.cdsso.redirect.uri) <br>Hot-swap: Yes

a166=CDSSO Servlet URL

a166.help=List of URLs of the available CDSSO controllers that may be used by the Agent for CDSSO processing. (property name: com.sun.identity.agents.config.cdsso.cdcservlet.url) <br>Hot-swap: Yes <br> Example: <br> http://host:port/opensso/cdcservlet

a167=CDSSO Clock Skew

a167.help=Time in seconds to be used by the Agent to determine the validity of the CDSSO AuthnResponse assertion. (property name: com.sun.identity.agents.config.cdsso.clock.skew) <br>Hot-swap: Yes

a168=CDSSO Trusted ID Provider

a168.help=List of OpenAM Server/ID providers that should be trusted by the agent, when evaluating the CDC Liberty Responses. (property name: com.sun.identity.agents.config.cdsso.trusted.id.provider) <br>Hot-swap: Yes <br> Example: <br> http://host:port/opensso/cdcservlet

a169=CDSSO Secure Enable

a169.help=The SSO Token cookie set by the agent in the different domains in CDSSO mode will be marked secure. Only transmitted if the communications channel with host is a secure one. (property name: com.sun.identity.agents.config.cdsso.secure.enable) <br>Hot-swap: Yes

a170=CDSSO Domain List

a170.help=Domains for which cookies have to be set in a CDSSO scenario. (property name: com.sun.identity.agents.config.cdsso.domain) <br>Hot-swap: Yes <br> Example: <br> .sun.com

a171=Application Logout Handler

a171.help=An application-specific Map that identifies a handler to be used for logout processing. (property name: com.sun.identity.agents.config.logout.application.handler) <br>Valid key: the web application name. <br>Valid value: the application logout handler class name. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout handler. <br>Hot-swap: Yes <br> Examples: <br>To set a global application logout handler: leave Map Key field empty, and enter the global application logout handler class name GlobalApplicationLogoutHandler in Corresponding Map Value field. <br>To set the logout handler for application BankApp: enter BankApp in Map Key field, and enter the application logout handler class name BankAppLogoutHandler in Corresponding Map Value field.

a172=Application Logout URI

a172.help=An application-specific Map that identifies a request URI which indicates a logout event. (property name: com.sun.identity.agents.config.logout.uri) <br>Valid key: the web application name. <br>Valid value: the application logout URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout URI. <br>Hot-swap: Yes <br> Examples: <br>To set a global application logout URI: leave Map Key field empty, and enter the global application logout URI /logout.jsp in Corresponding Map Value field. <br> To set the logout URI for application BankApp: enter BankApp in Map Key field, and enter the application logout URI /BankApp/logout.jsp in Corresponding Map Value field.

a173=Logout Request Parameter

a173.help=An application-specific Map that identifies a parameter which when present in the HTTP request indicates a logout event. (property name: com.sun.identity.agents.config.logout.request.param) <br>Valid key: the web application name. <br>Valid value: the logout request parameter. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout request parameter. <br>Hot-swap: Yes <br> Examples: <br>To set a global application logout request parameter: leave Map Key field empty, and enter the global application logout request parameter logoutparam in Corresponding Map Value field. <br> To set the logout request parameter for application BankApp: enter BankApp in Map Key field, and enter the logout request parameter logoutparam in Corresponding Map Value field.

a174=Logout Introspect Enabled

a174.help=Allows the Agent to search HTTP request body to locate logout parameter. (property name: com.sun.identity.agents.config.logout.introspect.enabled) <br>Hot-swap: Yes

a175=Logout Entry URI

a175.help=An application-specific Map that identifies a URI to be used as an entry point after successful logout and subsequent successful authentication if applicable. (property name: com.sun.identity.agents.config.logout.entry.uri) <br>Valid key: the web application name. <br>Valid value: the logout entry URI. <br>For this property, a global value can be set to apply to all the applications that don't have their own specific logout entry URI. <br>Hot-swap: Yes <br> Examples: <br>To set a global application logout entry URI: leave Map Key field empty, and enter the global application logout entry URI /welcome.html in Corresponding Map Value field. <br> To set the logout entry URI for application BankApp: enter BankApp in Map Key field, and enter the logout entry URI /BankApp/welcome.html in Corresponding Map Value field.

a176=FQDN Check

a176.help=Enables checking of fqdn default value and fqdn map values. (property name: com.sun.identity.agents.config.fqdn.check.enable) <br>Hot-swap: Yes

a177=FQDN Default

a177.help=Fully qualified hostname that the users should use in order to access resources. (property name: com.sun.identity.agents.config.fqdn.default) <br>Hot-swap: Yes

a178=FQDN Virtual Host Map

a178.help=Enables virtual hosts, partial hostname and IP address to access protected resources. Maps invalid key to valid value. (property name: com.sun.identity.agents.config.fqdn.mapping) <br>Hot-swap: Yes <br> Example: <br> To map myserver to myserver.mydomain.com: enter myserver in Map Key field, and enter myserver.mydomain.com in Corresponding Map Value field.

a179=Legacy User Agent Support Enable

a179.help=Enables support for legacy user agents (browser). (property name: com.sun.identity.agents.config.legacy.support.enable) <br>Hot-swap: Yes

a181=Legacy User Agent List

a181.help=List of user agent header values that identify legacy browsers. Entries in this list can have wild card character '*'. (property name: com.sun.identity.agents.config.legacy.user.agent) <br>Hot-swap: Yes

a182=Legacy User Agent Redirect URI

a182.help=An intermediate URI used by the Agent to redirect legacy user agent requests. (property name: com.sun.identity.agents.config.legacy.redirect.uri) <br>Hot-swap: Yes

a183=Custom Response Header

a183.help=Map specifies the custom headers that are set by the Agent on the client browser. The key is the header name and the value represents the header value. (property name: com.sun.identity.agents.config.response.header) <br>Hot-swap: Yes <br> Example: <br> To set the custom header Cache-Control to value no-cache: enter Cache-Control in Map Key field, and enter no-cache in Corresponding Map Value field.

a184=Redirect Attempt Limit

a184.help=Number of successive single point redirects that a user can make using a single browser session which will trigger the blocking of the user request. Set to 0 to disable this feature. (property name: com.sun.identity.agents.config.redirect.attempt.limit) <br>Hot-swap: Yes

a185=Port Check Enable

a185.help=Indicates if port check functionality is enabled or disabled. (property name: com.sun.identity.agents.config.port.check.enable) <br>Hot-swap: Yes

a186=Port Check File

a186.help=Name or complete path of a file that has the necessary content needed to handle requests that need port correction. (property name: com.sun.identity.agents.config.port.check.file) <br>Hot-swap: Yes

a187=Port Check Setting

a187.help=Map of port versus protocol entries with the key being the listening port number and value being the listening protocol to be used by the Agent to identify requests with invalid port numbers. (property name: com.sun.identity.agents.config.port.check.setting) <br>Hot-swap: Yes <br> Example: <br> To map port 80 to protocol http: enter 80 in Map Key field, and enter http in Corresponding Map Value field.

a188=Not Enforced URIs

a188.help=List of URIs for which protection is not enforced by the Agent. (property name: com.sun.identity.agents.config.notenforced.uri) <br>Hot-swap: Yes <br> Examples: <br> /BankApp/public/* <br> /BankApp/images/*

a189=Invert Not Enforced URIs

a189.help=Inverts protection of URIs specified in Not Enforced URIs list. When set to true, it indicates that the URIs specified should be enforced and all other URIs should be not enforced by the Agent. (property name: com.sun.identity.agents.config.notenforced.uri.invert) <br>Hot-swap: Yes

a191=Not Enforced URIs Cache Enabled

a191.help=Enables the caching of the Not Enforced URIs list evaluation results. (property name: com.sun.identity.agents.config.notenforced.uri.cache.enable) <br>Hot-swap: Yes

a192=Not Enforced URIs Cache Size

a192.help=Size of the cache to be used if caching of not enforced URI list evaluation results is enabled. (property name: com.sun.identity.agents.config.notenforced.uri.cache.size) <br>Hot-swap: Yes

a193=Not Enforced Client IP List

a193.help=No authentication and authorization protection from agent are required for the requests coming from these client IP addresses. (property name: com.sun.identity.agents.config.notenforced.ip) <br>Hot-swap: Yes <br> Examples: <br> 192.18.145.* <br> 192.18.146.123

a194=Not Enforced IP Invert List

a194.help=Client IP Addresses to invert protection of IP addresses listed in the related Not Enforced Client IP List. (property name: com.sun.identity.agents.config.notenforced.ip.invert) <br>Hot-swap: Yes

a195=Not Enforced IP Cache Flag

a195.help=Enable caching of not-enforced IP list evaluation results. (property name: com.sun.identity.agents.config.notenforced.ip.cache.enable) <br>Hot-swap: Yes

a196=Not Enforced IP Cache Size

a196.help=Size of the cache to be used if Not Enforced IP Cache Flag is enabled. (property name: com.sun.identity.agents.config.notenforced.ip.cache.size) <br>Hot-swap: Yes

a197=Cookie Separator Character

a197.help=Character that will be used to separate multiple values of the same attribute when it is being set as a cookie. (property name: com.sun.identity.agents.config.attribute.cookie.separator) <br>Hot-swap: Yes

a198=Fetch Attribute Date Format

a198.help=Format of date attribute values to be used when the attribute is being set as HTTP header. Format is based on java.text.SimpleDateFormat. (property name: com.sun.identity.agents.config.attribute.date.format) <br>Hot-swap: Yes

a199=Attribute Cookie Encode

a199.help=Indicates if the value of the attribute should be URL encoded before being set as a cookie. (property name: com.sun.identity.agents.config.attribute.cookie.encode) <br>Hot-swap: Yes

a200=Refresh Session Idle Time

a200.help=Indicates if opensso session idle time should be refreshed or reset for not enforced URIs. (property name: com.sun.identity.agents.config.notenforced.refresh.session.idletime) <br>Hot-swap: Yes

a201=Profile Attribute Fetch Mode

a201.help=The mode of fetching profile attributes. (property name: com.sun.identity.agents.config.profile.attribute.fetch.mode) <br>Hot-swap: Yes

a202=Profile Attribute Mapping

a202.help=Maps the profile attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.profile.attribute.mapping) <br>Hot-swap: Yes <br> Example: <br> To populate the value of profile attribute cn under name CUSTOM-Common-Name: enter cn in Map Key field, and enter CUSTOM-Common-Name in Corresponding Map Value field. <br> To populate the value of profile attribute mail under name CUSTOM-Email: enter mail in Map Key field, and enter CUSTOM-Email in Corresponding Map Value field.

a203=Session Attribute Fetch Mode

a203.help=The mode of fetching session attributes. (property name: com.sun.identity.agents.config.session.attribute.fetch.mode) <br>Hot-swap: Yes

a204=Session Attribute Mapping

a204.help=Maps the session attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.session.attribute.mapping) <br>Hot-swap: Yes <br> Example: <br> To populate the value of session attribute UserToken under name CUSTOM-userid: enter UserToken in Map Key field, and enter CUSTOM-userid in Corresponding Map Value field.

a205=Response Attribute Fetch Mode

a205.help=The mode of fetching policy response attributes. (property name: com.sun.identity.agents.config.response.attribute.fetch.mode) <br>Hot-swap: Yes

a206=Response Attribute Mapping

a206.help=Maps the policy response attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.response.attribute.mapping) <br>Hot-swap: Yes <br> Example: <br> To populate the value of response attribute uid under name CUSTOM-USER-NAME: enter uid in Map Key field, and enter CUSTOM-USER-NAME in Corresponding Map Value field.

a207=Bypass Principal List

a207.help=List of principals that are bypassed by the Agent for authentication and search purposes. (property name: com.sun.identity.agents.config.bypass.principal) <br>Hot-swap: Yes <br> Examples: <br> guest <br> testuser

a208=Default Privileged Attribute

a208.help=List of privileged attributes that will be granted to all users who have a valid OpenAM session. (property name: com.sun.identity.agents.config.default.privileged.attribute) <br>Hot-swap: Yes <br> Example: <br> AUTHENTICATED_USERS

a209=Privileged Attribute Type

a209.help=List of privileged attribute types that will be fetched for each user. (property name: com.sun.identity.agents.config.privileged.attribute.type) <br>Hot-swap: Yes <br> Example: <br> Group

a211=Privileged Attributes To Lower Case

a211.help=Maps the privileged attribute types to whether they should be converted to lowercase. (property name: com.sun.identity.agents.config.privileged.attribute.tolowercase) <br> Valid Keys: the privileged attribute types, such as Group, Role. <br>Valid value: true, false. <br>Hot-swap: Yes <br> Example: <br> Enter Group in Map Key field, and enter false in Corresponding Map Value field.

a212=Privileged Session Attribute

a212.help=List of session property names which hold privileged attributes for the authenticated user. (property name: com.sun.identity.agents.config.privileged.session.attribute) <br>Hot-swap: Yes <br> Example: <br> UserToken

a213=Enable Privileged Attribute Mapping

a213.help=Enable a mapping from the original value of an attribute to another value. To satisfy container-specific restrictions on character set being used in certain configuration files. (property name: com.sun.identity.agents.config.privileged.attribute.mapping.enable) <br>Hot-swap: Yes

a214=Privileged Attribute Mapping

a214.help=Map if using Enable Privileged Attribute Mapping. (property name: com.sun.identity.agents.config.privileged.attribute.mapping) <br>Hot-swap: Yes <br> Examples: <br> To map UUID id=manager,ou=group,dc=openam,dc=forgerock.dc=org to the principal name am_manager_role specified in webapp's deployment descriptor: enter id=manager,ou=group,dc=openam,dc=forgerock.dc=org in Map Key field, and enter am_manager_role in Corresponding Map Value field. <br> To map UUID id=employee,ou=group,dc=openam,dc=forgerock.dc=org to the principal name am_employee_role specified in webapp's deployment descriptor: enter id=employee,ou=group,dc=openam,dc=forgerock.dc=org in Map Key field, and enter am_employee_role in Corresponding Map Value field.

a215=Agent Debug Level

a215.help=Specifies type of agent debug messages to log. (property name: com.iplanet.services.debug.level) <br>Hot-swap: Yes

a216=Cookie Name

a216.help=Name of the SSO Token cookie used between the OpenAM server and the Agent. (property name: com.iplanet.am.cookie.name) <br>Hot-swap: No

a218=Enable Client Polling

a218.help=Specifies if the session client must use polling for updating session information and not depend upon server notifications. (property name: com.iplanet.am.session.client.polling.enable) <br>Hot-swap: No

a219=Client Polling Period

a219.help=Time in seconds after which the session client will request update of cached session information from the server. (property name: com.iplanet.am.session.client.polling.period) <br>Hot-swap: No

a221=Encryption Provider

a221.help=Specifies the encryption provider implementation to be used by the Agent. (property name: com.iplanet.security.encryptor) <br>Hot-swap: No

a222=Enable Notification of User Data Caches

a222.help=Enable notifications for amsdk and IdRepo Caches. (property name: com.sun.identity.idm.remote.notification.enabled) <br>Hot-swap: No

a223=User Data Cache Polling Time

a223.help=Cache update time in minutes for user management data. If set to '0' no updates happen. (property name: com.iplanet.am.sdk.remote.pollingTime) <br>Hot-swap: No

a224=Enable Notification of Service Data Caches

a224.help=Enable the notifications for service management caches. (property name: com.sun.identity.sm.notification.enabled) <br>Hot-swap: No

a225=Service Data Cache Time

a225.help=Cache update time in minutes for service configuration data. If set to '0' no updates happen. (property name: com.sun.identity.sm.cacheTime) <br>Hot-swap: No

a229=OpenAM Authentication Service Protocol

a229.help=Protocol to be used by the OpenAM authentication service. (property name: com.iplanet.am.server.protocol) <br>Hot-swap: No

a231=OpenAM Authentication Service Host Name

a231.help=Host name to be used by the OpenAM authentication service. (property name: com.iplanet.am.server.host) <br>Hot-swap: No

a232=OpenAM Authentication Service Port

a232.help=Port to be used by the OpenAM authentication service. (property name: com.iplanet.am.server.port) <br>Hot-swap: No

a235=Enable Policy Notifications

a235.help=Enable Notifications for remote policy client. (property name: com.sun.identity.agents.notification.enabled) <br>Hot-swap: No

a237=Policy Client Polling Interval

a237.help=Duration in minutes after which the cached entries are refreshed by remote policy client. (property name: com.sun.identity.agents.polling.interval) <br>Hot-swap: No

a238=Policy Client Cache Mode

a238.help=Mode of caching to be used by remote policy client. (property name: com.sun.identity.policy.client.cacheMode) <br>Hot-swap: No

a239=Policy Client Boolean Action Values

a239.help=Boolean action values for policy action names. (property name: com.sun.identity.policy.client.booleanActionValues) <br>Hot-swap: No

a241=Policy Client Resource Comparators

a241.help=Resource Comparators to be used for different service names. (property name: com.sun.identity.policy.client.resourceComparators) <br>Hot-swap: No

a242=Policy Client Clock Skew

a242.help=Time in seconds which is allowed to accommodate the time difference between the OpenAM server machine and the remote policy client machine. (property name: com.sun.identity.policy.client.clockSkew) <br>Hot-swap: No

a243=URL Policy Env GET Parameters

a243.help=List of HTTP GET request parameters whose names and values will be set in the environment map for URL policy evaluation at OpenAM server.(property name: com.sun.identity.agents.config.policy.env.get.param) <br>Hot-swap: Yes <br> Examples: <br> name <br> phonenumber

a244=URL Policy Env POST Parameters

a244.help=List of HTTP POST request parameters whose names and values will be set in the environment map for URL policy evaluation at OpenAM server.(property name: com.sun.identity.agents.config.policy.env.post.param) <br>Hot-swap: Yes <br> Examples: <br> name <br> phonenumber

a245=URL Policy Env jsession Parameters

a245.help=List of HTTP SESSION attributes whose names and values will be set in the environment map for URL policy evaluation at OpenAM server. (property name: com.sun.identity.agents.config.policy.env.jsession.param) <br>Hot-swap: Yes <br> Examples: <br> name <br> phonenumber

a246=Agent Configuration Change Notification

a246.help=Enable agent to receive notification messages from OpenAM server for configuration changes. (property name: com.sun.identity.agents.config.change.notification.enable) <br>Hot-swap: Yes

a247=Custom Properties

a247.help=Additional properties that allow users to augment the set of properties supported by agent. (property name: com.sun.identity.agents.config.freeformproperties) <br>Hot-swap: Yes <br> Examples: <br> customproperty=custom-value1 <br> customlist[0]=customlist-value-0 <br> customlist[1]=customlist-value-1 <br> custommap[key1]=custommap-value-1 <br> custommap[key2]=custommap-value-2

a248=WebAuthentication Available

a248.help=Enable agent to make programmatic authentication with the JBoss web container using WebAuthentication feature. (property name: com.sun.identity.agents.config.jboss.webauth.available) <br>Hot-swap: Yes

a250=off

a251=error

a252=warning

a253=message

a254=OpenAM Logout URL

a254.help=OpenAM logout page URL. (property name: com.sun.identity.agents.config.logout.url) <br>Hot-swap: Yes <br> Example: <br> http://host:port/opensso/UI/Logout

a255=Logout URL Prioritized

a255.help=Specifies if failover sequence for Logout URLs should be prioritized as defined in the OpenAM Login URL list. (property name: com.sun.identity.agents.config.logout.url.prioritized) <br>Hot-swap: Yes

a256=Logout URL Probe

a256.help=Specifies if agent will check the availability of these urls before redirecting to them. (property name: com.sun.identity.agents.config.logout.url.probe.enabled) <br>Hot-swap: Yes

a257=Logout URL Probe Timeout

a257.help=The connect timeout value in milliseconds, if also Logout URL Probe is set to true. (property name: com.sun.identity.agents.config.logout.url.probe.timeout) <br>Hot-swap: Yes

a258=Possible XSS code elements

a258.help=If one of these strings occurs in the request, the client is redirected to an error page. (property name: com.sun.identity.agents.config.xss.code.elements) <br>Hot-swap: Yes

a259=XSS detection redirect URI

a259.help=An application-specific Map that identifies a URI of the customized page if XSS code has been deteced. (property name: com.sun.identity.agents.config.xss.redirect.uri) <br>Hot-swap: Yes <br>Examples: <br>To set a redirect target for application BankApp: enter BankApp in Map Key field, and enter a redirect URI in Corresponding Map Value field.

a260=Use HTTP-Redirect for composite advice

a260.help=Configure remote policy client to use HTTP-redirect instead of HTTP-POST for composite advices. (property name: com.sun.identity.agents.config.policy.advice.use.redirect) <br>Hot-swap: Yes

a261=Post Data Preservation enabled

a261.help=Post Data Preservation functionality basically stores any POST data before redirecting the user to the login screen and after successful login the agent will generate a page that autosubmits the same POST to the original URL. (property name: com.sun.identity.agents.config.postdata.preserve.enable)

a262=Missing PDP entry URI

a262.help=An application-specific URI Map that is used in case the referenced PDP entry cannot be found in the local cache (due to ttl). In such cases it will redirect to the specified URI, otherwise it will show a HTTP 403 Forbidden error. (property name: com.sun.identity.agents.config.postdata.preservce.cache.noentry.url)<br>Examples: <br>To set a redirect target for application BankApp: enter Bankapp in Map Key field and enter a redirect URI in corresponding Map Value field.

a263=PDP entry TTL

a263.help=This value tells how long a given POST entry should be stored in the local cache (in milliseconds), default value is 300000. (property name: com.sun.identity.agents.config.postdata.preserve.cache.entry.ttl)

a264=PDP Stickysession mode

a264.help=The PDP mechanism needs sticky loadbalancing, the URL mode will append a querystring, while the Cookie mode will create a cookie. (property name: com.sun.identity.agents.config.postdata.preserve.stickysession.mode)

a265=URL

a266=Cookie

a267=PDP Stickysession key-value

a267.help=The provided key-value pair will be used for adding to the URL or creating the cookie. <br>Example: <br>Set 'lb=server1' to append to the querystring or to have 'lb' cookie with 'server1' value. (property name: com.sun.identity.agents.config.postdata.preserve.stickysession.value)

# WSS Agents properties

a301=Security Mechanism

a302=STS Configuration

a302.help=This is required if Security Mechanism is set to STSSecurity

a303=Discovery Configuration

a303.help=This is required if Security Mechanism is set to LibertyDiscoverySecurity

a304=User Authentication Required

a305=Is Request Signed Enabled

a306=Is Request Header Encrypted

a307=Is Request Body Encrypted

a308=Is Response Signature Verified

a309=Is Response Encrypted

a309.help=Only Encrypted When Body is Encrypted.

a310=Preserve Security Headers in Message

a311=Use Default Keystore

a312=Location of Key Store

a313=Password of Key Store

a314=Password of Key

a315=Private Key Alias

a315.help=Key to sign Web Service Request / Response.

a316=Public Key Alias of Web Service Provider

a316.help=Key to encrypt Web Service Request.

a317=Web Service End Point

a317.help=This end point is optional unless the web service provider is configured to use Liberty tokens.

a318=Web Service Security Proxy End Point

a318.help=This end point is optional unless it is configured to use web security proxy.

a319=Liberty Service Type URN

a319.help=This is optional until Security Mechanism is LibertyDiscoverySecurity.

a320=Credential for User Token

a321=Authentication Chain

a322=Is Request Signature Verified

a323.title=Is Request Encryption Enabled

a323=Is Request Header Decrypted

a323.header=Header

a324=Is Request Body Decrypted

a324.body=Body

a325=Is Response Signed Enabled

a326=Is Response Encrypted

a326.help=Only Encrypted When Body is Encrypted.

a327=Private Key Type

a328=Public Key Alias of Web Service Client

a328.help=Key to encrypt Web Service Response

a329=Public Key Alias of Security Token Service

a330=Security Token Service End Point

a331=Security Token Service MEX End Point

a332=Discovery Service End Point

a333=Authentication Web Service End Point

a334=SAML Attribute Mapping

a335=SAML NameID Mapper Plugin

a336=SAML Attributes Namespace

a337=Include Memberships

a338=Kerberos Domain Server

a339=Kerberos Domain

a340=Kerberos Service Principal

a341=Kerberos Key Tab File

a342=Verify Kerberos Signature

a342.help=This is optional and must be enabled only when JDK6 is used.

a343=Token Conversion Type

a344=SSOToken

a345=SAML11Token

a346=SAML2Token

a350= Kerberos Domain Server

a351= Kerberos Domain

a352= Kerberos Service Principal

a353= Kerberos Ticket Cache Directory

a354= Use Pass Through Security Token

a354.help=This is valid for proxy web services client and will be used only when the SAML security mechanisms are enabled.

a355= Signing Reference Type.

a355.help=This applies only for X509 Token Security Mechanism

a356=Direct Reference

a357=KeyIdentifier Reference

a358=X509 Issuer Serial Reference

a359=Encryption Algorithm

a360=Encryption Strength

a360.help=For 3DES, the encryption strengths should be used are 0, 112, 168 and for AES they should be 128, 192 or 256.

a361=WS-Trust Version

a362=Detect User Token Replay

a363=Detect Message Replay

a364=Requested Key Type

a365=PublicKey

a366=SymmetricKey

a367=Requested Claims

a367.help=These are the requested attributes from the STS for an WSP.

a368=DNS Claim

a368.help=DNS Name that can uniquely identify the entity.

a369=Signed Elements

# Web Agent Properties

a400=Cookie Name

a400.help=Name of the SSO Token cookie used between the OpenAM server and the Agent. (property name: com.sun.identity.agents.config.cookie.name)<br>Hot-swap: No

a401=Cookie Security

a401.help=Agent sends secure cookies if communication is secure. (property name: com.sun.identity.agents.config.cookie.secure) <br>Hot-swap: No

a402=Ignore Path Info for Not Enforced URLs

a402.help=Indicate whether the path info and query should be stripped from the the request URL before being compared with the URLs of the not enforced list when those URLs have a wildcard '*' character. (property name: com.sun.identity.agents.config.ignore.path.info.for.not.enforced.list) <br>Hot-swap: Yes

a403=Encode special chars in Cookies

a403.help=Encode special chars in cookie by URL encoding. Useful when profile, session and response attributes contain special chars and attributes fetch mode is set to HTTP_COOKIE. (property name: com.sun.identity.agents.config.encode.cookie.special.chars.enable) <br>Hot-swap: Yes

a405=Enable Notifications

a405.help=The notifications help in maintaining agent's sso, policy and configuration caches. (property name: com.sun.identity.agents.config.notification.enable) <br>Hot-swap: No

a406=Agent Notification URL

a406.help=URL used by agent to register notification listeners. (property name: com.sun.identity.client.notification.url) <br>Hot-swap: No

a407=URL Comparison Case Sensitivity Check

a407.help=Enforces case sensitivity in both policy and not enforced url evaluation. (property name: com.sun.identity.agents.config.url.comparison.case.ignore) <br>Hot-swap: Yes

a408=Policy Cache Polling Period

a408.help=Polling interval in minutes to refresh agent's policy cache. (property name: com.sun.identity.agents.config.policy.cache.polling.interval) <br>Hot-swap: No

a409=SSO Cache Polling Period

a409.help=Polling interval in minutes to refresh agent's sso cache. (property name: com.sun.identity.agents.config.sso.cache.polling.interval) <br>Hot-swap: No

a410=User ID Parameter

a410.help=Agent sets value of User Id to REMOTE_USER server variable. (property name: com.sun.identity.agents.config.userid.param) <br>Hot-swap: Yes

a411=User ID Parameter Type

a411.help=User ID can be fetched from either SESSION and LDAP attributes. (property name: com.sun.identity.agents.config.userid.param.type) <br>Hot-swap: Yes

a412=Profile Attribute Fetch Mode

a412.help= (property name: com.sun.identity.agents.config.profile.attribute.fetch.mode) <br>Hot-swap: Yes

a413=Profile Attribute Map

a413.help=Maps the profile attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.profile.attribute.mapping) <br>Hot-swap: Yes <br> Example: <br> To populate the value of profile attribute cn under name CUSTOM-Common-Name: enter cn in Map Key field, and enter CUSTOM-Common-Name in Corresponding Map Value field. <br> To populate the value of profile attribute mail under name CUSTOM-Email: enter mail in Map Key field, and enter CUSTOM-Email in Corresponding Map Value field.

a414=Session Attribute Fetch Mode

a414.help= (property name: com.sun.identity.agents.config.session.attribute.fetch.mode) <br>Hot-swap: Yes

a415=Session Attribute Map

a415.help=Maps the session attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.session.attribute.mapping) <br>Hot-swap: Yes <br> Example: <br> To populate the value of session attribute UserToken under name CUSTOM-userid: enter UserToken in Map Key field, and enter CUSTOM-userid in Corresponding Map Value field.

a416=Response Attribute Fetch Mode

a416.help= (property name: com.sun.identity.agents.config.response.attribute.fetch.mode) <br>Hot-swap: Yes

a417=Response Attribute Map

a417.help=Maps the policy response attributes to be populated under specific names for the currently authenticated user. (property name: com.sun.identity.agents.config.response.attribute.mapping) <br>Hot-swap: Yes <br> Example: <br> To populate the value of response attribute uid under name CUSTOM-USER-NAME: enter uid in Map Key field, and enter CUSTOM-USER-NAME in Corresponding Map Value field.

a418=Attributes Values Separator

a418.help=Separator character used by profile, session and response attribute maps. (property name: com.sun.identity.agents.config.attribute.multi_value_separator) <br>Hot-swap: Yes

a419=Load Balancer Setup

a419.help=Set to true if a load balancer is used for OpenAM services. (property name: com.sun.identity.agents.config.load.balancer.enable) <br>Hot-swap: No

a420=Ignore Server Check

a420.help=Agent uses this value to check OpenAM is up before doing a 302 redirect. (property name: com.sun.identity.agents.config.ignore.server.check) <br>Hot-swap: Yes

a421=Ignore Preferred Naming URL in Naming Request

a421.help=Agent uses this value to send preferred naming url in the naming request. (property name: com.sun.identity.agents.config.ignore.preferred.naming.url) <br>Hot-swap: Yes

a422=Polling Period for Primary Server

a422.help=Interval in minutes, agent polls to check the primary server is up and running. (property name: com.sun.identity.agents.config.poll.primary.server) <br>Hot-swap: No

a423=OpenAM Login URL

a423.help=OpenAM login page URL. (property name: com.sun.identity.agents.config.login.url) <br>Hot-swap: Yes <br> Example: <br> http://host:port/opensso/UI/Login

a426=Agent Deployment URI Prefix

a426.help=(property name: com.sun.identity.agents.config.agenturi.prefix)<br>Hot-swap: No

a427=Agent Locale

a427.help=The default locale for the product. (property name: com.sun.identity.agents.config.locale) <br>Hot-swap: No

a428=SSO Only Mode

a428.help=Agent will just enforce authentication (SSO), but no authorization for policies. (property name: com.sun.identity.agents.config.sso.only) <br>Hot-swap: Yes

a429=Resources Access Denied URL

a429.help=The URL of the customized access denied page. (property name: com.sun.identity.agents.config.access.denied.url) <br>Hot-swap: Yes

a430=FQDN Check

a430.help=Enables checking of fqdn default value and fqdn map values. (property name: com.sun.identity.agents.config.fqdn.check.enable) <br>Hot-swap: Yes

a431=FQDN Default

a431.help=Fully qualified hostname that the users should use in order to access resources. (property name: com.sun.identity.agents.config.fqdn.default) <br>Hot-swap: Yes

a432=FQDN Virtual Host Map

a432.help=Enables virtual hosts, partial hostname and IP address to access protected resources. Maps invalid key to valid value. (property name: com.sun.identity.agents.config.fqdn.mapping) <br>Hot-swap: Yes <br> Example: <br> To map myserver to myserver.mydomain.com: enter myserver in Map Key field, and enter myserver.mydomain.com in Corresponding Map Value field.

a433=Cookie Reset

a433.help=Agent reset cookies in the response before redirecting to authentication. (property name: com.sun.identity.agents.config.cookie.reset.enable) <br>Hot-swap: Yes

a434=Cookies Reset Name List

a434.help=List of cookies in the format: name[=value][;Domain=value]. (property name: com.sun.identity.agents.config.cookie.reset) <br>Hot-swap: Yes <br> Examples: <br> Cookie1 <br> Cookie2=value;Domain=subdomain.domain.com

a435=Cross Domain SSO

a435.help=Enables Cross-Domain Single Sign On. (property name: com.sun.identity.agents.config.cdsso.enable) <br>Hot-swap: Yes

a436=Anonymous User Default Value

a436.help=User id of unauthenticated users. (property name: com.sun.identity.agents.config.anonymous.user.id) <br>Hot-swap: Yes

a437=Anonymous User

a437.help=Enable/Disable REMOTE_USER processing for anonymous users. (property name: com.sun.identity.agents.config.anonymous.user.enable) <br>Hot-swap: Yes

a438=Not Enforced URLs

a438.help=List of urls for which no authentication required. (property name: com.sun.identity.agents.config.notenforced.url) <br>Hot-swap: Yes <br> Example: <br> http://myagent.mydomain.com/*.gif

a439=Invert Not Enforced URLs

a439.help=Only not enforced list of urls will be enforced. (property name: com.sun.identity.agents.config.notenforced.url.invert) <br>Hot-swap: Yes

a440=Not Enforced Client IP List

a440.help=No authentication and authorization are required for the requests coming from these client IP addresses. (property name: com.sun.identity.agents.config.notenforced.ip) <br>Hot-swap: Yes <br> Examples: <br> 192.18.145.* <br> 192.18.146.123

a441=POST Data Preservation

a441.help=Enables POST data preservation.(property name: com.sun.identity.agents.config.postdata.preserve.enable) <br> Note that this feature is not supported in all the web agents. Please refer individual agents documentation for more details. <br>Hot-swap: Yes

a442=POST Data Entries Cache Period

a442.help=POST cache entry lifetime in minutes. (property name: com.sun.identity.agents.config.postcache.entry.lifetime) <br>Hot-swap: Yes

a443=CDSSO Servlet URL

a443.help=List of URLs of the available CDSSO controllers that may be used by the Agent for CDSSO processing. (property name: com.sun.identity.agents.config.cdsso.cdcservlet.url) <br>Hot-swap: Yes <br> Example: <br> http://host:port/opensso/cdcservlet

a444=Cookies Domain List

a444.help=List of domains in which cookies have to be set in CDSSO.(property name: com.sun.identity.agents.config.cdsso.cookie.domain) <br>Hot-swap: Yes <br> Example: <br> .sun.com

a445=Client IP Validation

a445.help=This validates if the subsequent browser requests come from the same ip address that the SSO token is initially issued against. (property name: com.sun.identity.agents.config.client.ip.validation.enable) <br>Hot-swap: Yes

a446=Profile Attributes Cookie Prefix

a446.help=Sets cookie prefix in the attributes headers. (property name: com.sun.identity.agents.config.profile.attribute.cookie.prefix) <br>Hot-swap: Yes

a447=Profile Attributes Cookie Maxage

a447.help=Maxage of attributes cookie headers. (property name: com.sun.identity.agents.config.profile.attribute.cookie.maxage) <br>Hot-swap: Yes

a448=Logout URL List

a448.help=List of application logout URLs. User gets logged out from OpenAM session when these urls accessed. (property name: com.sun.identity.agents.config.agent.logout.url). If this property is used, user should specify a value for the below Logout Redirect URL property.<br>Hot-swap: Yes <br> Example: <br> http://myagent.mydomain.com/logout.html

a449=Logout Cookies List for Reset

a449.help=Any cookies to be reset upon logout in the same format as cookie reset list. (property name: com.sun.identity.agents.config.logout.cookie.reset) <br>Hot-swap: Yes <br> Cookie1 <br> Cookie2=value;Domain=subdomain.domain.com

a450=Fetch Policies from Root Resource

a450.help=Agent caches policy decision of the resource and all resources from the root of the resource down. (property name: com.sun.identity.agents.config.fetch.from.root.resource) <br>Hot-swap: No

a451=Retrieve Client Hostname

a451.help=Gets the client's hostname through DNS reverse lookup for use in policy evaluation. (property name: com.sun.identity.agents.config.get.client.host.name) <br>Hot-swap: Yes

a452=Native Encoding of Profile Attributes

a452.help=Agent encodes the ldap header values in the default encoding of OS locale. If false, UTF-8 gets used. (property name: com.sun.identity.agents.config.convert.mbyte.enable) <br>Hot-swap: Yes

a453=Encode URL's Special Characters

a453.help=Encodes the url which has special characters before doing policy evaluation. (property name: com.sun.identity.agents.config.encode.url.special.chars.enable) <br>Hot-swap: Yes

a454=Ignore Path Info in Request URL

a454.help=The path info will be stripped from the request URL while doing Not Enforced List check and url policy evaluation if the value is set to true. (property name: com.sun.identity.agents.config.ignore.path.info) <br>Hot-swap: Yes

a455=Override Request URL Protocol

a455.help=Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the protocol with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.protocol) <br>Hot-swap: Yes

a456=Override Request URL Host

a456.help=Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the host with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.host) <br>Hot-swap: Yes

a457=Override Request URL Port

a457.help=Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the port with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.port) <br>Hot-swap: Yes

a458=Override Notification URL

a458.help=Set to true if the agent is sitting behind a ssl/tls off-loader, load balancer, or proxy to override the URL with the value from the property com.sun.identity.agents.config.agenturi.prefix. (property name: com.sun.identity.agents.config.override.notification.url) <br>Hot-swap: Yes

a459=Agent Connection Timeout

a459.help=Timeout period in seconds for an agent connection with OpenAM auth server. (property name: com.sun.identity.agents.config.auth.connection.timeout) <br>Hot-swap: Yes

a460=Polling Period for Primary Server

a460.help=Interval in minutes, agent polls to check the primary server is up and running. (property name: com.sun.identity.agents.config.poll.primary.server) <br>Hot-swap: No

a461=Agent Locale

a461.help=The default locale for the product. (property name: com.sun.identity.agents.config.locale) <br>Hot-swap: No

a462=Override Proxy Server's Host and Port

a462.help=(property name: com.sun.identity.agents.config.proxy.override.host.port) <br>Hot-swap: No

a463=Configuration Reload Interval

a463.help=Interval in minutes to fetch agent configuration from OpenAM. (property name: com.sun.identity.agents.config.polling.interval) <br>Hot-swap: No

a464=Configuration Cleanup Interval

a464.help=Interval in minutes to cleanup old agent configuration entries. (property name: com.sun.identity.agents.config.cleanup.interval) <br>Hot-swap: No

a465=Custom Properties

a465.help=Additional properties that allow users to augment the set of properties supported by agent. (property name: com.sun.identity.agents.config.freeformproperties) <br>Hot-swap: Yes <br> Examples: <br> customproperty=custom-value1 <br> customlist[0]=customlist-value-0 <br> customlist[1]=customlist-value-1 <br> custommap[key1]=custommap-value-1 <br> custommap[key2]=custommap-value-2

a467=Fetch Attributes for Not Enforced URLs

a467.help=Agent fetches profile attributes for not enforced urls by doing policy evaluation. (property name: com.sun.identity.agents.config.notenforced.url.attributes.enable) <br>Hot-swap: Yes

a468=Error

a469=Warning

a470=Info

a471=Message

a472=All

a473=HIGH

a474=LOW

a475=MEDIUM

a476=DEFAULT

a477=Authentication Type

a477.help=(property name: com.sun.identity.agents.config.iis.auth.type)

a478=Replay Password Key

a478.help=DES key for decrypting the basic authentication password in the session. (property name: com.sun.identity.agents.config.replaypasswd.key)

a479=Filter Priority

a479.help=The loading priority of filter.(property name: com.sun.identity.agents.config.iis.filter.priority)

a480=Filter configured with OWA

a480.help=Set to true if the IIS agent filter is configured for OWA.(property name: com.sun.identity.agents.config.iis.owa.enable)

a481=Change URL Protocol to https

a481.help=If true, avoids IE6 security pop-ups. (property name: com.sun.identity.agents.config.iis.owa.enable.change.protocol)

a482=Idle Session Timeout Page URL

a482.help=URL of the local idle session timeout page. (property name: com.sun.identity.agents.config.iis.owa.enable.session.timeout.url)

a483=Check User in Domino Database

a483.help=If true, agent checks user existence in Domino name database. (property name: com.sun.identity.agents.config.domino.check.name.database)

a484=Use LTPA token

a484.help=Set to true if agent needs to use LTPA Token. (property name: com.sun.identity.agents.config.domino.ltpa.enable)

a485=LTPA Token Cookie Name

a485.help=The name of the cookie that contains the LTPA token. (property name: com.sun.identity.agents.config.domino.ltpa.cookie.name)

a486=LTPA Token Configuration Name

a486.help=The configuration name that the agent uses in order to employ the LTPA token mechanism. (property name: com.sun.identity.agents.config.domino.ltpa.config.name)

a487=LTPA Token Organization Name

a487.help=The organization name to which the LTPA token belongs. (property name: com.sun.identity.agents.config.domino.ltpa.org.name)

a488=Policy Clock Skew

a488.help=Time in seconds used adjust time difference between Agent machine and OpenAM. Clock skew in seconds = AgentTime - OpenAMServerTime. (property name: com.sun.identity.agents.config.policy.clock.skew) <br>Hot-swap: No

a489=Audit Access Types

a489.help=Types of messages to log based on user URL access attempts. (property name: com.sun.identity.agents.config.audit.accesstype) <br>Hot-swap: Yes

a490=Audit Log Location

a490.help=Specifies where audit messages should be logged. (property name: com.sun.identity.agents.config.log.disposition) <br>Hot-swap: Yes

a491=Remote Log Filename

a491.help=Name of file stored on OpenAM server that contains agent audit messages. (property name: com.sun.identity.agents.config.remote.logfile) <br>Hot-swap: No

a492=Remote Audit Log Interval

a492.help=Periodic interval in minutes in which audit log messages are sent to remote log file. (property name: com.sun.identity.agents.config.remote.log.interval) <br>Hot-swap: No

a493=Rotate Local Audit Log

a493.help=Flag to indicate that audit log files should be rotated when reaching a certain size. (property name: com.sun.identity.agents.config.local.log.rotate) <br>Hot-swap: Yes

a494=Local Audit Log Rotation Size

a494.help=Size limit in bytes when a local audit log file is rotated to a new file. (property name: com.sun.identity.agents.config.local.log.size) <br>Hot-swap: Yes

a495=Agent Debug Level

a495.help=Agent debug level. (property name: com.sun.identity.agents.config.debug.level) <br>Hot-swap: Yes

a496=Agent Debug File Rotation

a496.help=Debug file gets rotated based on the size specified. (property name: com.sun.identity.agents.config.debug.file.rotate) <br>Hot-swap: Yes

a497=Agent Debug File Size

a497.help=Agent debug file size in bytes. (property name: com.sun.identity.agents.config.debug.file.size) <br>Hot-swap: Yes

a498=Attribute Multi Value Separator

a498.help=Specifies separator for multiple values. Applies to all types of attributes i.e. profile, session and response attributes. (property name: com.sun.identity.agents.config.attribute.multi.value.separator) <br>Hot-swap: Yes

a499=Logout Redirect URL

a499.help= User gets redirected to this url after logout.(property name: com.sun.identity.agents.config.logout.redirect.url). This property should be specified along with the above Logout URL List.<br>Hot-swap: Yes

# 2.2 Policy Agent properties

a500=Description

a501=Agent Key Value(s)

a501.help=Set the agent properties with a key/value pair. This property is used by OpenAM to receive agent requests for credential assertions about users. Currently, only one property is valid and all other properties will be ignored. Use the following format: <br> agentRootURL=protocol://hostname:port/ <br> The entry must be precise and agentRootURL is case sensitive.

# Agent Authenticator properties

a600=Agent Profiles allowed to Read.

a601=Agent Root URL for CDSSO

a601.help=The agent root URL for CDSSO. The valid value is in the following format: <br>protocol://hostname:port/<br> The protocol represents the protocol used, such as http or https. The hostname represents the host name of the machine on which the agent resides. The port represents the port number on which the agent is installed. The slash following the port number is required.

# OAuth 2.0 Client properties

a700=Client password

a700.help=Client password. Used when the client authenticates to OpenAM. (property name:

a701=Client type

a701.help=Type of OAuth 2.0 client. Confidential clients can keep their password secret, and are typically web apps or other server-based clients. Public clients run the risk of exposing their password to a host or user agent, such as rich browser applications or desktop clients.

a702=Confidential

a703=Public

a704=Redirection URI's

a704.help=Redirection URI's (optional for confidential clients). Complete URI's or URI's consisting of protocol + authority + path are registered so that the OAuth 2.0 provider can trust that tokens are sent to trusted entities. If multiple URI's are registered, the client MUST specify the URI that the user should be redirected to following approval.

a705=Scope(s)

a705.help=Scope(s). Scopes are strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to. Scopes may be entered as simple strings or pipe separated strings representing the internal scope name, locale, and localized description; e.g. "read|en|Permission to view email messages in your account"

a706=Display name

a706.help=The name as displayed to users during approval. The name may be entered as a single string or as pipe separated strings for locale and localized name; e.g. "en|The ExampleCo Intranet".

a707=Display description

a707.help=A description of the client or other information that may be relevant to the resource owner when considering approval. The description may be entered as a single string or as pipe separated strings for locale and localized name; e.g. "en|The company intranet is requesting the following access permission".

a708=Default Scope(s)

a708.help=Default Scope(s). Scopes Scopes automatically given to tokens. Default Scopes may be entered as simple strings or pipe separated strings representing the internal scope name, locale, and localized description; e.g. "read|en|Permission to view email messages in your account"

a709=Token Validation Type

a709.help=The type of token this client expects to recieve.

a710=Bearer

a711=MAC

a712=SAML 2.0

a713=Automatically Approve Client

a713.help=Whether this client needs the resource owner to hit approve to allow the token access to a protected resource.

# UI properties

wss.header.general=General

wss.header.security=Security

wss.header.signencrypt=Signing and Encryption

wss.header.signing=Signing

wss.header.signing.Body=Body

wss.header.signing.SecurityToken=SecurityToken

wss.header.signing.Timestamp=Timestamp

wss.header.signing.To=To

wss.header.signing.From=From

wss.header.signing.ReplyTo=ReplyTo

wss.header.signing.Action=Action

wss.header.signing.MessageID=MessageID

wss.header.encryption=Encryption

wss.header.keystore=Key Store

wss.header.endpoints=End Points

wss.header.saml.configuration=SAML Configuration

wss.header.kerberos=Kerberos Configuration

blank.header=

label.Yes=Yes

web.services.profile.username-token-header=Credential for User Token

label.agentgroup=Group

keystore.usage=Key Store Usage

keystore.usage.default=Default

keystore.usage.custom=Custom

keystore.information=Location of Key Store (Mandatory if Use Default Keystore is not checked).

entity.attribute.label.uuid=Universal Identifier

entity.attribute.label.identityType=Type

web.services.profile.usernametokenname=Name

web.services.profile.usernametokenpassword=Password

wsp.encryption.is.request.decrypted=Is Request Decrypted

wsc.is.response.encrypted=Is Response Decrypted

sts.encryption.is.response.decrypted=Is Response Decrypted