AuthenticatorOATHService.properties revision dba6264e760052e4f42a5114d2690f1e188cb767
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# Copyright 2013-2015 ForgeRock AS.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# The contents of this file are subject to the terms
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# of the Common Development and Distribution License
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# (the License). You may not use this file except in
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# compliance with the License.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# You can obtain a copy of the License at
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# http://forgerock.org/license/CDDLv1.0.html
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# See the License for the specific language governing
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# permission and limitations under the License.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# When distributing Covered Code, include this CDDL
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# Header Notice in each file and include the License file
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# at http://forgerock.org/license/CDDLv1.0.html
878d0086bd0aae2d7ad64451035c4e78047b1cffChristian Maeder# If applicable, add the following below the CDDL Header,
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# with the fields enclosed by brackets [] replaced by
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# your own identifying information:
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# "Portions copyright [year] [name of copyright owner]"
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder# Portions Copyrighted 2016 Nomura Research Institute, Ltd.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maederforgerock-auth-authenticator-oath-service-description=ForgeRock Authenticator (OATH) Service
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera100=Profile Storage Attribute
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maedera100.help=The user's attribute in which to store Two Step Verification profiles.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera100.help.txt=A specific field has been generated by OpenAM to handle these profiles, and in most cases the default \
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder value will work without further configuration. However, administrators are free to alter this. The new attribute \
5b9767cdede29cdc2fb4c871e7a5983d570ff2eaTill Mossakowski must be able to handle Strings and be stored directly on the user's profile. LDAP User Attributes (accessible in the \
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder Realm -> Data Stores tab of the Administrator console) must also be configured to allow for any new attribute used.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera101=Device Profile Encryption Scheme
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera101.help=Encryption scheme to use to secure device profiles stored on the server.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera101.help.txt=If enabled, each device profile is encrypted using a unique random secret key using the given strength \
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder of AES encryption in CBC mode with PKCS#5 padding. A HMAC-SHA of the given strength (truncated to half-size) is \
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given \
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder RSA key-pair and stored with the device profile. NB: AES-256 may require installation of JCE Unlimited Strength.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera102=Encryption Key Store
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera102.help=Key Store to load encryption keys from.
5b9767cdede29cdc2fb4c871e7a5983d570ff2eaTill Mossakowskia103=Key Store Type
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera103.help=Type of KeyStore to load.
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maedera103.help.txt=Note: PKCS#11 keystores require hardware support such as a security device or smart card and is not \
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder available by default in most JVM installations. See the <a \
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html" target="_blank">JDK 8 PKCS#11 \
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder Reference Guide</a> for more details.
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maedera104=Key Store Password
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera104.help=Password to unlock the keystore. This password will be encrypted.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera105=Key-Pair Alias
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera105.help=Alias of the Certificate/PrivateKey in the keystore to use to encrypt/decrypt device profiles.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera106=Private Key Password
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera106.help=Password to unlock the private key.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian MaederRSAES_AES128CBC_HS256=AES-128/HMAC-SHA-256 with RSA Key Wrapping
120eec9ff1748e1ae786e2ab073234198bc0f701Christian MaederRSAES_AES256CBC_HS512=AES-256/HMAC-SHA-512 with RSA Key Wrapping
120eec9ff1748e1ae786e2ab073234198bc0f701Christian MaederNone=No encryption of device settings.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian MaederJKS=Java Key Store (JKS).
120eec9ff1748e1ae786e2ab073234198bc0f701Christian MaederJCEKS=Java Cryptography Extension Key Store (JCEKS).
120eec9ff1748e1ae786e2ab073234198bc0f701Christian MaederPKCS11=PKCS#11 Hardware Crypto Storage.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian MaederPKCS12=PKCS#12 Key Store.
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera107=ForgeRock Authenticator (OATH) Device Skippable Attribute Name
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maedera107.help=Name of the attribute on a user's profile used to store their selection of whether to \
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder skip ForgeRock Authenticator (OATH) 2FA modules.