AuthenticatorOATHService.properties revision a61178eb9da1af3b752932e8e64657c5b65757d1
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# Copyright 2013-2015 ForgeRock AS.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# The contents of this file are subject to the terms
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# of the Common Development and Distribution License
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# (the License). You may not use this file except in
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# compliance with the License.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# You can obtain a copy of the License at
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# See the License for the specific language governing
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# permission and limitations under the License.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# When distributing Covered Code, include this CDDL
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# Header Notice in each file and include the License file
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# If applicable, add the following below the CDDL Header,
5a7797ce9bcfe70ce0ab366abc3051dce3cede6fJesse Butler# with the fields enclosed by brackets [] replaced by
5a7797ce9bcfe70ce0ab366abc3051dce3cede6fJesse Butler# your own identifying information:
5a7797ce9bcfe70ce0ab366abc3051dce3cede6fJesse Butler# "Portions copyright [year] [name of copyright owner]"
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhforgerock-auth-authenticator-oath-service-description=ForgeRock Authenticator (OATH) Service
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha100=Profile Storage Attribute
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha100.help=The user's attribute in which to store Two Step Verification profiles.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha100.help.txt=A specific field has been generated by OpenAM to handle these profiles, and in most cases the default \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh value will work without further configuration. However, administrators are free to alter this. The new attribute \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh must be able to handle Strings and be stored directly on the user's profile. LDAP User Attributes (accessible in the \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh Realm -> Data Stores tab of the Administrator console) must also be configured to allow for any new attribute used.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha101=Device Profile Encryption Scheme
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha101.help=Encryption scheme to use to secure device profiles stored on the server.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha101.help.txt=If enabled, each device profile is encrypted using a unique random secret key using the given strength \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh of AES encryption in CBC mode with PKCS#5 padding. A HMAC-SHA of the given strength (truncated to half-size) is \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given\
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh RSA key-pair and stored with the device profile. NB: AES-256 may require installation of JCE Unlimited Strength.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha102=Encryption Key Store
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha102.help=Key Store to load encryption keys from.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha103=Key Store Type
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha103.help=Type of KeyStore to load.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha103.help.txt=Note: PKCS#11 keystores require hardware support such as a security device or smart card and is not \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh available by default in most JVM installations. See the <a \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html" target="_blank">JDK 8 PKCS#11 \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh Reference Guide</a> for more details.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha104=Key Store Password
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha104.help=Password to unlock the keystore. This password will be encrypted.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha105=Key-Pair Alias
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha105.help=Alias of the Certificate/PrivateKey in the keystore to use to encrypt/decrypt device profiles.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha106=Private Key Password
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha106.help=Password to unlock the private key.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhRSAES_AES128CBC_HS256=AES-128/HMAC-SHA-256 with RSA Key Wrapping
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhRSAES_AES256CBC_HS512=AES-256/HMAC-SHA-512 with RSA Key Wrapping
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhNone=No encryption of device settings.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhJKS=Java Key Store (JKS).
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhJCEKS=Java Cryptography Extension Key Store (JCEKS).
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhPKCS11=PKCS#11 Hardware Crypto Storage.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhPKCS12=PKCS#12 Key Store.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha107=ForgeRock Authenticator (OATH) Device Skippable Attribute Name
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dha107.help=Name of the attribute on a user's profile used to store their selection of whether to \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh skip ForgeRock Authenticator (OATH) 2FA modules.