f49e19e14326027270bae0b699e616d77850fa55David Luna# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
f49e19e14326027270bae0b699e616d77850fa55David Luna# Copyright 2013-2015 ForgeRock AS.
f49e19e14326027270bae0b699e616d77850fa55David Luna# The contents of this file are subject to the terms
f49e19e14326027270bae0b699e616d77850fa55David Luna# of the Common Development and Distribution License
f49e19e14326027270bae0b699e616d77850fa55David Luna# (the License). You may not use this file except in
f49e19e14326027270bae0b699e616d77850fa55David Luna# compliance with the License.
f49e19e14326027270bae0b699e616d77850fa55David Luna# You can obtain a copy of the License at
f49e19e14326027270bae0b699e616d77850fa55David Luna# See the License for the specific language governing
f49e19e14326027270bae0b699e616d77850fa55David Luna# permission and limitations under the License.
f49e19e14326027270bae0b699e616d77850fa55David Luna# When distributing Covered Code, include this CDDL
f49e19e14326027270bae0b699e616d77850fa55David Luna# Header Notice in each file and include the License file
f49e19e14326027270bae0b699e616d77850fa55David Luna# If applicable, add the following below the CDDL Header,
f49e19e14326027270bae0b699e616d77850fa55David Luna# with the fields enclosed by brackets [] replaced by
f49e19e14326027270bae0b699e616d77850fa55David Luna# your own identifying information:
f49e19e14326027270bae0b699e616d77850fa55David Luna# "Portions copyright [year] [name of copyright owner]"
dba6264e760052e4f42a5114d2690f1e188cb767Kohei Tamura# Portions Copyrighted 2016 Nomura Research Institute, Ltd.
a61178eb9da1af3b752932e8e64657c5b65757d1Dirk Hoganforgerock-auth-authenticator-oath-service-description=ForgeRock Authenticator (OATH) Service
f49e19e14326027270bae0b699e616d77850fa55David Lunaa100=Profile Storage Attribute
f49e19e14326027270bae0b699e616d77850fa55David Lunaa100.help=The user's attribute in which to store Two Step Verification profiles.
f49e19e14326027270bae0b699e616d77850fa55David Lunaa100.help.txt=A specific field has been generated by OpenAM to handle these profiles, and in most cases the default \
f49e19e14326027270bae0b699e616d77850fa55David Luna value will work without further configuration. However, administrators are free to alter this. The new attribute \
f49e19e14326027270bae0b699e616d77850fa55David Luna must be able to handle Strings and be stored directly on the user's profile. LDAP User Attributes (accessible in the \
f49e19e14326027270bae0b699e616d77850fa55David Luna Realm -> Data Stores tab of the Administrator console) must also be configured to allow for any new attribute used.
f49e19e14326027270bae0b699e616d77850fa55David Lunaa101=Device Profile Encryption Scheme
f49e19e14326027270bae0b699e616d77850fa55David Lunaa101.help=Encryption scheme to use to secure device profiles stored on the server.
f49e19e14326027270bae0b699e616d77850fa55David Lunaa101.help.txt=If enabled, each device profile is encrypted using a unique random secret key using the given strength \
f49e19e14326027270bae0b699e616d77850fa55David Luna of AES encryption in CBC mode with PKCS#5 padding. A HMAC-SHA of the given strength (truncated to half-size) is \
dba6264e760052e4f42a5114d2690f1e188cb767Kohei Tamura used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given \
f49e19e14326027270bae0b699e616d77850fa55David Luna RSA key-pair and stored with the device profile. NB: AES-256 may require installation of JCE Unlimited Strength.
f49e19e14326027270bae0b699e616d77850fa55David Lunaa102=Encryption Key Store
f49e19e14326027270bae0b699e616d77850fa55David Lunaa102.help=Key Store to load encryption keys from.
f49e19e14326027270bae0b699e616d77850fa55David Lunaa103=Key Store Type
f49e19e14326027270bae0b699e616d77850fa55David Lunaa103.help=Type of KeyStore to load.
f49e19e14326027270bae0b699e616d77850fa55David Lunaa103.help.txt=Note: PKCS#11 keystores require hardware support such as a security device or smart card and is not \
f49e19e14326027270bae0b699e616d77850fa55David Luna available by default in most JVM installations. See the <a \
f49e19e14326027270bae0b699e616d77850fa55David Luna href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html" target="_blank">JDK 8 PKCS#11 \
f49e19e14326027270bae0b699e616d77850fa55David Luna Reference Guide</a> for more details.
f49e19e14326027270bae0b699e616d77850fa55David Lunaa104=Key Store Password
f49e19e14326027270bae0b699e616d77850fa55David Lunaa104.help=Password to unlock the keystore. This password will be encrypted.
f49e19e14326027270bae0b699e616d77850fa55David Lunaa105=Key-Pair Alias
f49e19e14326027270bae0b699e616d77850fa55David Lunaa105.help=Alias of the Certificate/PrivateKey in the keystore to use to encrypt/decrypt device profiles.
f49e19e14326027270bae0b699e616d77850fa55David Lunaa106=Private Key Password
f49e19e14326027270bae0b699e616d77850fa55David Lunaa106.help=Password to unlock the private key.
f49e19e14326027270bae0b699e616d77850fa55David LunaRSAES_AES128CBC_HS256=AES-128/HMAC-SHA-256 with RSA Key Wrapping
f49e19e14326027270bae0b699e616d77850fa55David LunaRSAES_AES256CBC_HS512=AES-256/HMAC-SHA-512 with RSA Key Wrapping
f49e19e14326027270bae0b699e616d77850fa55David LunaNone=No encryption of device settings.
f49e19e14326027270bae0b699e616d77850fa55David LunaJKS=Java Key Store (JKS).
f49e19e14326027270bae0b699e616d77850fa55David LunaJCEKS=Java Cryptography Extension Key Store (JCEKS).
f49e19e14326027270bae0b699e616d77850fa55David LunaPKCS11=PKCS#11 Hardware Crypto Storage.
f49e19e14326027270bae0b699e616d77850fa55David LunaPKCS12=PKCS#12 Key Store.
f49e19e14326027270bae0b699e616d77850fa55David Lunaa107=ForgeRock Authenticator (OATH) Device Skippable Attribute Name
f49e19e14326027270bae0b699e616d77850fa55David Lunaa107.help=Name of the attribute on a user's profile used to store their selection of whether to \
f49e19e14326027270bae0b699e616d77850fa55David Luna skip ForgeRock Authenticator (OATH) 2FA modules.