amAuth.properties revision e8721886dbfd32e88cc7077cbee4b6bb1b44b443
7a23067e782dd5612d4d4b539906e1733b664df7jwoolley# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
7a23067e782dd5612d4d4b539906e1733b664df7jwoolley# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
7a23067e782dd5612d4d4b539906e1733b664df7jwoolley# The contents of this file are subject to the terms
6032a7c97a25c52f4bdd78ce23f2010e52c9e81arederpj# of the Common Development and Distribution License
6032a7c97a25c52f4bdd78ce23f2010e52c9e81arederpj# (the License). You may not use this file except in
6032a7c97a25c52f4bdd78ce23f2010e52c9e81arederpj# compliance with the License.
ba2e14e474516f1c75a96b4f6d1a9dec332175efianh# You can obtain a copy of the License at
f0791c5bdfd36969d292a4092df076aa6d1c34ccwrowe# See the License for the specific language governing
f0791c5bdfd36969d292a4092df076aa6d1c34ccwrowe# permission and limitations under the License.
749011213737e8d0cd6ca78d5eb532ec6f6b9fdfianh# When distributing Covered Code, include this CDDL
749011213737e8d0cd6ca78d5eb532ec6f6b9fdfianh# Header Notice in each file and include the License file
ec69fc6e323eb1f3112966e06e9e37be608d052cianh# If applicable, add the following below the CDDL Header,
ec69fc6e323eb1f3112966e06e9e37be608d052cianh# with the fields enclosed by brackets [] replaced by
e7bf4d6f15d04e86e20002e65f60d7fbf80e5974stoddard# your own identifying information:
e7bf4d6f15d04e86e20002e65f60d7fbf80e5974stoddard# "Portions Copyrighted [year] [name of copyright owner]"
de42d3dfd83a4cc62f0dd6b79ee5cbcfa69fd503brianp# $Id: amAuth.properties,v 1.15 2009/11/25 11:57:22 manish_rustagi Exp $
de42d3dfd83a4cc62f0dd6b79ee5cbcfa69fd503brianp# Portions Copyrighted 2011 ForgeRock Inc
8ab933f1df663f95c27e2ce5772127d4f3a10e0bstriker# Portions Copyrighted 2012 Open Source Solution Technology Corporation
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweauthentication=Authentication
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowesessNotActive=Session was never activated
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowerequestReceived=**** Authd request received ***
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweAuthentication=Authentication
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweRadius=RADIUS
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweRADIUS=RADIUS
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweMembership=Membership
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweSecurID=SecurID
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweAnonymous=Anonymous
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweHTTPBasic=HTTPBasic
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweWindowsDesktopSSO=WindowsDesktopSSO
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweAD=Active Directory
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweMSISDN=MSISDN
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweDataStore=DataStore
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweUserId=UserId
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweUserDomain=UserDomain
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweloginSuccess=Login Success
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweloginFailed=Login Failed
39dde7f4cd79d701cc14e5beac8ea528bc58d038wroweinvalidPasswd=Invalid Password
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawrowenoSuchAlgorithm=No such algorithm
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawrowenoUserName=No user name
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawroweinvalidKey=Invalid Key
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawrowerestricted=Restricted userid session terminated
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawrowenoMatchDomainURL=No match for domain url
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawroweuserLoginDisabled=User login disabled
6ba861fd6c705eaeb1f9bb97df86ddea6895e263minfrinadminAuthFailedUid=Admin Authorization Failed UserId:
6ba861fd6c705eaeb1f9bb97df86ddea6895e263minfrinadminSessLogoutUid=Admin Session Logout UserId:
6ba861fd6c705eaeb1f9bb97df86ddea6895e263minfrinsessLogoutUid=Session Logout UserId:
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawrowesubmit=Submit
b78ed256f4b99e72836d36fd68d4e7a26dbe032cianhmodprop=Module Properties for the Auth is null.
b78ed256f4b99e72836d36fd68d4e7a26dbe032cianhiplanet-am-auth-service-description=Core
b78ed256f4b99e72836d36fd68d4e7a26dbe032cianhCreate=Dynamic
698670444b30b79e808155739f98c39bec35f72awroweCreateWithAlias=Dynamic with User Alias
e7ec1c54206901c9369e40f471b71836c78e017dwroweRequired=Required
698670444b30b79e808155739f98c39bec35f72awroweIgnore=Ignored
57bea0f0559e31536af3b7b5859d3681ee29a34cwroweServiceDoesNotExist=Service does not Exist
57bea0f0559e31536af3b7b5859d3681ee29a34cwrowegettingSessionFailed=AuthD failed to get auth session
57bea0f0559e31536af3b7b5859d3681ee29a34cwroweinvalidSessionID=Session ID is not valid
57bea0f0559e31536af3b7b5859d3681ee29a34cwrowea101=Organization Authentication Modules
57bea0f0559e31536af3b7b5859d3681ee29a34cwrowea101.help=Authentication modules available to this organization.
57bea0f0559e31536af3b7b5859d3681ee29a34cwrowea102=User Profile
94e2b2d12fa269af16fa63a6270d3336d9f126f2trawicka102.help=Controls the result of the user profile success post successful authentication.
94e2b2d12fa269af16fa63a6270d3336d9f126f2trawicka102.help.txt=Controls whether a user profile is required for authentication to be successful or if the profile \
94e2b2d12fa269af16fa63a6270d3336d9f126f2trawickwill be dynamically created if none already exists. Choose ignore if you do not have a data store configured in the realm.
94e2b2d12fa269af16fa63a6270d3336d9f126f2trawicka104=Administrator Authentication Configuration
35313c8d7368125c3e95d3118238d2be9a613000trawicka104.help=Default Authentication Chain for administrators
35313c8d7368125c3e95d3118238d2be9a613000trawicka104.help.txt=This is the authentication chain that will be used to authentication administrative users to this realm.
35313c8d7368125c3e95d3118238d2be9a613000trawicka105=User Profile Dynamic Creation Default Roles
55da18d54a0ba74dc51aecba5b0daf71a2ed10a7trawicka105.help=List of roles of which dynamically created users will be a member.
55da18d54a0ba74dc51aecba5b0daf71a2ed10a7trawicka105.help.txt=Enter the DN for each role that will be assigned to a new user when their profile has been dynamically \
55da18d54a0ba74dc51aecba5b0daf71a2ed10a7trawickcreated by OpenAM.<br/><br/><i>NB </i> Deprecated functionality in OpenAM.
55da18d54a0ba74dc51aecba5b0daf71a2ed10a7trawicka106=Authentication Chaining Modules
55da18d54a0ba74dc51aecba5b0daf71a2ed10a7trawicka107=Authentication Chaining Enabled
c51f2b89da23e3371959a74808dee1792d96f5c1wsancheza108=Persistent Cookie Mode
c51f2b89da23e3371959a74808dee1792d96f5c1wsancheza108.help=Enables persistent cookie mode for the OpenAM authentication interface.
c51f2b89da23e3371959a74808dee1792d96f5c1wsancheza108.help.txt=Enabling Persistent cookie mode means that an authentication OpenAM user will not need to re-authenticate \
c51f2b89da23e3371959a74808dee1792d96f5c1wsanchezto OpenAM after they close their browser and then return to OpenAM.
c51f2b89da23e3371959a74808dee1792d96f5c1wsancheza109=Persistent Cookie Maximum Time
79c9b0ac498d97336874edba0daf9f544ad14671trawicka109.help=The lifetime (in seconds) of the persistent cookie.
79c9b0ac498d97336874edba0daf9f544ad14671trawicka109.help.txt=Use this setting to control how long the persistent cookie should exist for a user.<br><ul><li>3600 seconds: \
79c9b0ac498d97336874edba0daf9f544ad14671trawick1 hour<li>86400 seconds: 1 day<li>2592000 seconds: 30 days</ul><br/><i>NB </i> Persistent cookie mode must be enabled for this property \
79c9b0ac498d97336874edba0daf9f544ad14671trawickto take effect.
79c9b0ac498d97336874edba0daf9f544ad14671trawicka110=Non Interactive Modules
5a7d934619b2be92e18be5dd3366f4ac6ddeab43trawicka111=User's Default Redirect URL
5a7d934619b2be92e18be5dd3366f4ac6ddeab43trawicka112=User Based Authentication
5a7d934619b2be92e18be5dd3366f4ac6ddeab43trawicka113=People Container for All Users
5a70e5b66eb7758d0e64e070211f699fc83fca70wrowea114=Alias Search Attribute Name
5a70e5b66eb7758d0e64e070211f699fc83fca70wrowea114.help=The secondary LDAP attribute retrieves the user profile if the primary LDAP attribute specified in 'User Naming Attribute' fails.
5a70e5b66eb7758d0e64e070211f699fc83fca70wrowea114.help.txt=This list of LDAP attributes is used to extend the set of attributes searched by OpenAM to find the users profile.<br>\
5a70e5b66eb7758d0e64e070211f699fc83fca70wroweFor example: <ul><li>cn</li><li>mail</li><li>givenname</li></ul><br/>A user authenticates to OpenAM under the id of steve, OpenAM \
5a70e5b66eb7758d0e64e070211f699fc83fca70wrowewill first search using the naming attribute (uid by default) so uid=steve, if no match is found then cn=steve will be searched until \
84eeb0ab12215fc22577a9a0a9589cea2a445712trawicka match is found or the list is exhausted.<br>\
84eeb0ab12215fc22577a9a0a9589cea2a445712trawick<br/><br/><i>NB </i> Only used when User Profile searching is enabled.
1d3fbd2d9f03c0826977d940a2081401edf522d4jerenkrantza115=User Authentication Modules
1d3fbd2d9f03c0826977d940a2081401edf522d4jerenkrantza117=Pluggable Authentication Module Classes
b5cc0253789825ace46944dc9cde744be08dd77fjerenkrantza117.help=List of configured authentication modules
b5cc0253789825ace46944dc9cde744be08dd77fjerenkrantza117.help.txt=The list of configured authentication modules available to OpenAM. All modules must extend from the \
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslive<code>com.sun.identity.authentication.spi.AMLoginModule</code> class.
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslivea118=User Naming Attribute
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslivea118.help=The primary LDAP attribute retrieves the user's profile after successful authentication.
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslivea119=Pluggable Authentication Page Generator Class
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslivea120=Default Authentication Locale
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslivea121=Organization Authentication Configuration
ba2bab42e97405dc41c0f8fe3416f7f9a79ed7a9brianpa121.help=Default Authentication Chain for users
ba2bab42e97405dc41c0f8fe3416f7f9a79ed7a9brianpa121.help.txt=This is the authentication chain that will be used to authenticate users to this realm.
ba2bab42e97405dc41c0f8fe3416f7f9a79ed7a9brianpa125=Login Failure Lockout Mode
756b54396a86db555817bb52149d91b60d00e35fwrowea125.help=Enables account lockout functionality for users authenticating to this realm.
756b54396a86db555817bb52149d91b60d00e35fwrowea125.help.txt=OpenAM can track the number of failed authentications by a user over time and if a pre-defined limit is \
756b54396a86db555817bb52149d91b60d00e35fwrowebreached, OpenAM can lockout the users account and perform additional functions.<br/><br/><i>NB </i>This functionality \
756b54396a86db555817bb52149d91b60d00e35fwroweis in addition to any account lockout behaviour implemented by the LDAP Directory Server.
b4251d1fbef86f96e01c68f8de086e0dbb8bcb74trawicka126=Login Failure Lockout Count
b4251d1fbef86f96e01c68f8de086e0dbb8bcb74trawicka126.help=The maximum number of failed authentications for a user before their account is locked.
b4251d1fbef86f96e01c68f8de086e0dbb8bcb74trawicka126.help.txt=This setting controls the maximum number of failed authentications a user can have during the lockout \
24efed0910118b762a4eb84830875d4714b8d315ianhinterval before OpenAM locks the users account.
24efed0910118b762a4eb84830875d4714b8d315ianha127=Login Failure Lockout Interval
50e60f30bdc074fbc887f0b98f4d570457ac97c9brianpa127.help=The lockout interval time is in minutes.
50e60f30bdc074fbc887f0b98f4d570457ac97c9brianpa127.help.txt=OpenAM tracks the failed authentication count for a user over the lockout interval.<br/><br/>For example: If \
50e60f30bdc074fbc887f0b98f4d570457ac97c9brianpthe lockout interval is 5 minutes and the lockout count is 5; the user will have to have failed to authenticate 5 times \
bdbafc44d060509e86f0cc56ff4d19579438f846strikerover the previous 5 minutes for the account to be locked. Failed authentications the occurred outside of the 5 minute \
bdbafc44d060509e86f0cc56ff4d19579438f846strikerinterval are ignored.
bdbafc44d060509e86f0cc56ff4d19579438f846strikera128=Email Address to Send Lockout Notification
fbd0c3dbae333ba4a7225dad2d090419ad894e4ctrawicka128.help=An email address or set of email addresses that receive notifications about account lockout events.
bdbafc44d060509e86f0cc56ff4d19579438f846strikera128.help.txt=OpenAM can be configured to send a localisable email message to a set of email addresses when account lockout \
bdbafc44d060509e86f0cc56ff4d19579438f846strikerevents occur. The contents of the email message is configured using the following properties in the \
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowe<code>amAuth.properties</code> file.<br/><ul><li><code>lockOutEmailFrom</code> : The "From" address of the email message</li>\
6d0ec39a3ef89ce485f23008efa399b7b35bf1fdjwoolley<li><code>lockOutEmailSub</code> : The subject of the email message</li>\
6d0ec39a3ef89ce485f23008efa399b7b35bf1fdjwoolley<li><code>lockOutEmailMsg</code> : The contents of the email message</li></ul><br/>\
6d0ec39a3ef89ce485f23008efa399b7b35bf1fdjwoolleyThe identity for whom the account has been locked is included in the email message.<br/><br/>\
6d0ec39a3ef89ce485f23008efa399b7b35bf1fdjwoolleyThe format of this property is:<br/>\
0fdf8c342123fde84405b885fb1720ebc652e10djerenkrantz<code>emailaddress|locale|charset</code>. Multiple email addresses are space-separated.<br/>\
0fdf8c342123fde84405b885fb1720ebc652e10djerenkrantzEmail addresses must include the domain name, such as <code>admin@example.com</code>.
0fdf8c342123fde84405b885fb1720ebc652e10djerenkrantza129=Warn User After N Failures
0fdf8c342123fde84405b885fb1720ebc652e10djerenkrantza129.help=Warn the user when they reach this level of failed authentications.
0fdf8c342123fde84405b885fb1720ebc652e10djerenkrantza129.help.txt=The user will be given a warning when they reach this level of failed authentications during the lockout interval.<br/>\
6b87b6eee6a43f40ef6bead9ef3173979b4cd76crbbThe text of the lockout warning is configured using the <code>lockOutWarning</code> property in the <code>amAuth.properties</code> file.
6b87b6eee6a43f40ef6bead9ef3173979b4cd76crbba130=Login Failure Lockout Duration
6b87b6eee6a43f40ef6bead9ef3173979b4cd76crbba130.help=The duration of the users account lockout, in minutes.
6b87b6eee6a43f40ef6bead9ef3173979b4cd76crbba130.help.txt=OpenAM can either lockout the users account indefinitely (until administration action) by setting the duration to 0, \
6b87b6eee6a43f40ef6bead9ef3173979b4cd76crbb(the default) or OpenAM can lock the users account for a given number of minutes. After the lockout interval, the user will be able \
bfd2cedbf2918fcb95daa9f850ecdf5e24765c22jerenkrantzto successfully authenticate to OpenAM.
bfd2cedbf2918fcb95daa9f850ecdf5e24765c22jerenkrantza1301=Lockout Duration Multiplier
bfd2cedbf2918fcb95daa9f850ecdf5e24765c22jerenkrantza1301.help=Value multiplied to the Login Failure Lockout Duration for each successive lockout.
f9a773d26994c3b267589e404cdb5b760f83e888jerenkrantza1301.help.txt=This property is used to enable OpenAM to increase the account lockout duration for each successive account lockout. \
f9a773d26994c3b267589e404cdb5b760f83e888jerenkrantzFor example: If the lockout duration is set to 10 and the duration multiplier is set to 2; the duration of the first lockout will be \
f9a773d26994c3b267589e404cdb5b760f83e888jerenkrantz10 minutes and the duration of the second lockout will be 20 minutes.<br/><br/>\
a250599aab6669d5877edf158032efd2538e5820trawickThe default value of 1 disables this function.
a250599aab6669d5877edf158032efd2538e5820trawicka131=Lockout Attribute Name
a250599aab6669d5877edf158032efd2538e5820trawicka131.help=Name of custom lockout attribute
a250599aab6669d5877edf158032efd2538e5820trawicka131.help.txt=When OpenAM locks an account, the <code>inetuserstatus</code> attribute in the locked account is set to Inactive. \
41338e6ead3fa8d60ad3841d069f4b47e71d9177wroweIn addition, OpenAM can set the value of another attribute in the users profile.
41338e6ead3fa8d60ad3841d069f4b47e71d9177wrowea132=Lockout Attribute Value
41338e6ead3fa8d60ad3841d069f4b47e71d9177wrowea132.help=Value to set in custom lockout attribute
41338e6ead3fa8d60ad3841d069f4b47e71d9177wrowea132.help.txt=This is the value that will be set on the custom attribute in the users profile when they account is locked.
92b0ffb9cbc04b3d9c7ce6becadc0c3d88dea2d9wrowea1321=Invalid Attempts Data Attribute Name
92b0ffb9cbc04b3d9c7ce6becadc0c3d88dea2d9wrowea1321.help=The name of the attribute used to store information about failed authentications.
92b0ffb9cbc04b3d9c7ce6becadc0c3d88dea2d9wrowea1321.help.txt=OpenAM can be configured to store information about invalid authentications in the users profile. This allows multiple \
961ff00a8f1fe79a8ac8b18617b40a404e28cb35brianpinstances of OpenAM in the same site to share information about a users invalid authentication attempts. By default the custom \
961ff00a8f1fe79a8ac8b18617b40a404e28cb35brianpattribute; <code>sunAMAuthInvalidAttemptsData</code> defined in the <code>sunAMAuthAccountLockout</code> objectclass is used to \
961ff00a8f1fe79a8ac8b18617b40a404e28cb35brianpstore this data. Use this property to change the attribute used by OpenAM to store this information.<br/><br/>\
92b0ffb9cbc04b3d9c7ce6becadc0c3d88dea2d9wrowe<i>NB </i>Any attribute specified must be a valid attribute in the data store.
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowea133=Default Success Login URL
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowea133.help=Successful logins will be forwarded to this URL
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowea133.help.txt=This is the URL to which clients will be forwarded upon successful authentication. Enter a URL or URI relative to the \
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowelocal OpenAM. URL or URI can be prefixed with the ClientType|URL if client specific. URL without http(s) protocol will be appended to \
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowethe current URI of OpenAM.
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowea134=Default Failure Login URL
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowea134.help=Failed logins will be forwarded to this URL
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowea134.help.txt=This is the URL to which clients will be forwarded upon failed authentication. Enter a URL or URI relative to the local \
c43fd8f8f90a7549bffe1e581eedbd087db1163estoddardOpenAM. URL or URI can be prefixed with ClientType|URL if client specific. URL without http(s) protocol will be appended to the current \
c43fd8f8f90a7549bffe1e581eedbd087db1163estoddardURI of OpenAM.
c43fd8f8f90a7549bffe1e581eedbd087db1163estoddarda135=Authentication Post Processing Classes
a8dda281113c5038945423320d8c9b42e3d1ddb1jwoolleya135.help=A list of post authentication processing classes for all users in this realm.
854cc4d3451547c2359c27870a3c354ad385a49bianha135.help.txt=This is a list of Post Processing Classes that will be called by OpenAM for all users that authenticate to this realm. \
854cc4d3451547c2359c27870a3c354ad385a49bianhRefer to the documentation for the places where the list of post authentication classes can be set and their precedence. \
854cc4d3451547c2359c27870a3c354ad385a49bianh<br/><br/>For example: org.forgerock.auth.PostProcessClass<br/>\
02ec77ed8e15b4b601de98a322e4bd8d7d3e1ec2trawick<i>NB </i>OpenAM must be able to find these classes on the <code>CLASSPATH</code> and must implement the interface \
02ec77ed8e15b4b601de98a322e4bd8d7d3e1ec2trawick<code>com.sun.identity.authentication.spi.AMPostAuthProcessInterface</code>.
49ada1eac7c4cae429ba193273b7f40f355d9c7ejwoolleya138=Generate UserID Mode
49ada1eac7c4cae429ba193273b7f40f355d9c7ejwoolleya138.help=Enables this mode in the Membership auth module.
49ada1eac7c4cae429ba193273b7f40f355d9c7ejwoolleya138.help.txt=When this mode is enabled, if the Membership auth module detects that the supplied username already exists in the \
88425bd3442321915195ac9dfa9a80ffcd968fa4brianpdata store then a list of valid usernames can be shown to the user, if requested by said user.
88425bd3442321915195ac9dfa9a80ffcd968fa4brianpa139=Pluggable User Name Generator Class
88425bd3442321915195ac9dfa9a80ffcd968fa4brianpa139.help=The name of the default implementation of the user name generator class.
88425bd3442321915195ac9dfa9a80ffcd968fa4brianpa139.help.txt=The name of the class used to return a list of usernames to the Membership auth module.<br/><br/>\
a8dda281113c5038945423320d8c9b42e3d1ddb1jwoolley<i>NB </i>This class must implement the interface <code>com.sun.identity.authentication.spi.UserIDGenerator</code>
a8dda281113c5038945423320d8c9b42e3d1ddb1jwoolleya140=LDAP Connection Pool Size
a8dda281113c5038945423320d8c9b42e3d1ddb1jwoolleya140.help=Controls the size of the LDAP connection pool used for authentication
a8dda281113c5038945423320d8c9b42e3d1ddb1jwoolleya140.help.txt=Control the size of the connection pool to the LDAP directory server used by any of the authentication modules \
37b8494ffaeb4ee9a9a2f9917d334078c16d4212jwoolleythat use LDAP directly such as \LDAP or Active Directory.Different OpenAM servers can be configured with different connection \
37b8494ffaeb4ee9a9a2f9917d334078c16d4212jwoolleypool settings.<br/><br/>Format: host:port:minimum:maximum
bf3d1782a29630335a1df535eb395355ab1cd154jwoolleya141=Default LDAP Connection Pool Size
bf3d1782a29630335a1df535eb395355ab1cd154jwoolleya141.help=The default connection pool size; format is: mininum:maximum
37b8494ffaeb4ee9a9a2f9917d334078c16d4212jwoolleya142=Identity Types
da16bea08c6ff10ceb8d250ff23e8e81a372cef8jwoolleya143=Pluggable User Status Event Classes
da16bea08c6ff10ceb8d250ff23e8e81a372cef8jwoolleya143.help=List of classes to be called when status of the user account changes.
99f692732327e0c200fd639105dbf9940bd229f1rbba143.help.txt=When the status of a users account changes, OpenAM can be configured to call into a custom class. \
99f692732327e0c200fd639105dbf9940bd229f1rbbThe custom class can then be used to perform some action as required. The built in status change events are:<br/><br/>\
99f692732327e0c200fd639105dbf9940bd229f1rbb<ul><li>Account locked</li><li>Password changed</li></ul><br/>Custom code can also extend this mechanism.
80f73246cc14f02d50bfac5306c079464c2dd1c6rbba144=Store Invalid Attempts in Data Store
80f73246cc14f02d50bfac5306c079464c2dd1c6rbba144.help=Enables sharing of login failure attempts across AM Instances
80f73246cc14f02d50bfac5306c079464c2dd1c6rbba144.help.txt=When this setting is enabled OpenAM will store the users invalid authentication information in the data store \
80f73246cc14f02d50bfac5306c079464c2dd1c6rbbunder the attribute configured in the <i>Invalid Attempts Data Attribute Name</i> property.
dcdc78fce34f06533df4829abbc726f7fbf207fejwoolleya145=Module Based Authentication
dcdc78fce34f06533df4829abbc726f7fbf207fejwoolleya145.help=Allows a user to authenticate via module based authentication.
dcdc78fce34f06533df4829abbc726f7fbf207fejwoolleya145.help.txt=The feature allow users to override the realm configuration and use a named authentication module to authenticate.\
d4a93d608a28bf331625544a2896fa20bef4a2b4rbb<br/><br/><i>NB </i>Recommended to turn this feature off in production environments.
d4a93d608a28bf331625544a2896fa20bef4a2b4rbba146=Remote Auth Security
d4a93d608a28bf331625544a2896fa20bef4a2b4rbba146.help=OpenAM requires authentication client to authenticate itself before authenticating users.
d4a93d608a28bf331625544a2896fa20bef4a2b4rbba146.help.txt=When this setting is enabled, OpenAM will require the authentication client (such as a policy agent) to authentication \
d4a93d608a28bf331625544a2896fa20bef4a2b4rbbitself to OpenAM before the client will be allow to use the remote authentication API to authenticate users.
36fcd3d96b9bf9a2d4af424e64584b5dede3e3e6brianpa147=User Attribute Mapping to Session Attribute
36fcd3d96b9bf9a2d4af424e64584b5dede3e3e6brianpa147.help=Mapping of user profile attribute name to session attribute name.
36fcd3d96b9bf9a2d4af424e64584b5dede3e3e6brianpa147.help.txt=The setting causes OpenAM to read the named attributes from the users profile in the data store and store their values \
4b34d6a5b70303010612df6c87da3ee91ae86078rbbin the users session.<br/></br>Format: User Profile Attribute|Session Attribute name.
4b34d6a5b70303010612df6c87da3ee91ae86078rbba148=Keep Post Process Objects for Logout Processing
4b34d6a5b70303010612df6c87da3ee91ae86078rbba148.help=Store Post Processing Classes for the duration of the session.
4b34d6a5b70303010612df6c87da3ee91ae86078rbba148.help.txt=Enabling this setting will cause OpenAM to store instances of post processing classes into the users session. \
4b34d6a5b70303010612df6c87da3ee91ae86078rbbWhen the user logs out the original instances of the post processing classes will be called instead of new instances. \
4b34d6a5b70303010612df6c87da3ee91ae86078rbbThis may be needed for special logout processing.<br/><br/>\
4b34d6a5b70303010612df6c87da3ee91ae86078rbb<i>NB </i>Enabling this setting will increase the memory usage of OpenAM.
44d971eef4337ad80ba3d360c84ffa8188d50325trawicka149=Keep Authentication Module Objects for Logout Processing.
84bdb86d57d2a2f828b17e77ac2379fed551c2adtrawicka149.help=The authentication modules instances will be stored in the users session.
84bdb86d57d2a2f828b17e77ac2379fed551c2adtrawicka149.help.txt=Enabling this setting will cause OpenAM to store the authentication module instances used by the user to authenticate \
84bdb86d57d2a2f828b17e77ac2379fed551c2adtrawickin the users session. Normally after authentication the module instances would be cleared. This may be needed for special logout \
46603605c2edcc1cc84fa45634e19a395134078atrawickprocessing.<br/><br/>\
46603605c2edcc1cc84fa45634e19a395134078atrawick<i>NB </i>Enabling this setting will increase the memory usage of OpenAM.
46603605c2edcc1cc84fa45634e19a395134078atrawicka150=Valid goto URL domains
46603605c2edcc1cc84fa45634e19a395134078atrawicka150.help=List of Valid goto URL domains
46603605c2edcc1cc84fa45634e19a395134078atrawicka150.help.txt=By default OpenAM will redirect the user to the URL specified in the goto parameter supplied to the authentication interface. \
86826d685f83170ca07d56550db9f0c2922a916btrawickTo enhance security a list of valid DNS domains can be specified. OpenAM will only redirect a user if the domain of the goto URL \
86826d685f83170ca07d56550db9f0c2922a916btrawickis present in this list.
86826d685f83170ca07d56550db9f0c2922a916btrawick#Always the Authentication Level attribute should be the last item in the
86826d685f83170ca07d56550db9f0c2922a916btrawick#display section of the profile page. Make sure the key is always a large
4f412c60e9c2af999619d11b236068a0e0e94944trawick#number. Now it is a500. This is to avoid reshuffling the keys if new
4f412c60e9c2af999619d11b236068a0e0e94944trawick#attributes are added.
4f6effa17a5084085c9104b0bb97c2ba1622cfa6jerenkrantza500=Default Authentication Level
4f6effa17a5084085c9104b0bb97c2ba1622cfa6jerenkrantza500.help=The default authentication level for modules in this realm.
4f6effa17a5084085c9104b0bb97c2ba1622cfa6jerenkrantza500.help.txt=If the authentication module does not set it's own auth level then the module will have the default authentication level \
4f6effa17a5084085c9104b0bb97c2ba1622cfa6jerenkrantzfor the realm.
a946a7e607c21cf6068e7380d7e81cc2bf027913trawickerror=General Error
da16bea08c6ff10ceb8d250ff23e8e81a372cef8jwoolleychangePasswdSucceeded=Changing user password succeeded
e59e4b703b7e19c4b35030e4baac8a96a8d4b504dougminitWorkerFailed=Failed to instantiate login worker class
e59e4b703b7e19c4b35030e4baac8a96a8d4b504dougmgetOrgFailed=Failed to get organization attributes
e59e4b703b7e19c4b35030e4baac8a96a8d4b504dougmgetUserFailed=Failed to get user attributes :
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougmwrongCall=Method must be called in process(): {0}
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougminvalidDN=Invalid DN string: {0}
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougmnullLoginState=Null LoginState obtained
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougmnullSess=Failed to get auth SSO session
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougmnoAuthenticator=No authenticators configured
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougmmultipleUserMatchFound=Multiple matches found for user search, please contact your system administrator to fix the problem
835836eaf9e2a23192a262307b08f626e50e2180trawickloginContextCreateFailed=Error creating LoginContext :
835836eaf9e2a23192a262307b08f626e50e2180trawickfailedLogout=Error logging out :
835836eaf9e2a23192a262307b08f626e50e2180trawickauthContextCreateFailed=Error creating AuthContext :
81dddb023f9dd43b350f782972c1f75a88a2d93ftrawickauthContextRetrieveFailed=Error retrieving AuthContext :
81dddb023f9dd43b350f782972c1f75a88a2d93ftrawickuserTokenNull=Token is null
81dddb023f9dd43b350f782972c1f75a88a2d93ftrawicknullLoginParams=Login Parameters are null
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwrowenoRedirectTemplate=Redirect error
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwroweerrorConstructingURL=Error constructing URL
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwroweredirectError=Error redirecting to URL
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwrowenullHandler=Null Callback Handler
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwroweinvalidState=Invalid module state: {0}
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwrowenoCallbackState=No callbacks defined for module state: {0}
b26781e595625911fc8fc8215133ad2285ed75d8jiminvalidCode=Invalid return code: {0}
b26781e595625911fc8fc8215133ad2285ed75d8jimgetModulePropertiesError=Could not get module properties
b26781e595625911fc8fc8215133ad2285ed75d8jiminvalidCallbackIndex=Invalid replace callback index: {0}
5117466ef123b1efbc2feba168f37069ef6f230bianhnullCallback=Null replace callback instance
5117466ef123b1efbc2feba168f37069ef6f230bianhnoConfig=Error retrieving Configuration
5117466ef123b1efbc2feba168f37069ef6f230bianhnoUserProfile=User Profile does not exist
9c39f8fb982df4dbce5304e49385568e6d35bfa8trawickuserInactive=User is not Active
9c39f8fb982df4dbce5304e49385568e6d35bfa8trawickuserNotFoundInAlias=User does not exist
9c39f8fb982df4dbce5304e49385568e6d35bfa8trawicknoUserTokens=No User Tokens
9c39f8fb982df4dbce5304e49385568e6d35bfa8trawickuserRoleNotFound=User does not belong to this Role.
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowenoModulesConfigured=No Authentication Modules found.
bdd4aa13a97de79596cd19708f1516e8fa92700ewroweloginDenied=User denied Login
bdd4aa13a97de79596cd19708f1516e8fa92700ewroweauthServiceError=Authentication Service Error
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowecallbackError=Error creating callback
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowepCookieError=Unable to create persistent cookie
1d50c90ddb7e3d144ec8a2bd848ca1e7bbf8e534bnicholesabortFailed=Error aborting login process
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowemodulePrompt=Authentication Menu
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowenoSid=No Session ID found {0}
1d50c90ddb7e3d144ec8a2bd848ca1e7bbf8e534bnicholesunknownCallback=Unsupported callback instance
1d50c90ddb7e3d144ec8a2bd848ca1e7bbf8e534bnicholeserrorState=Enter module error state :
24e361af20a3107dc934b4895911ce6bcce0603ejwoolleyloginReset=Resetting from AMLoginContext:exceuteLogin() :
24e361af20a3107dc934b4895911ce6bcce0603ejwoolleysessionActivationFailed=Session Activation Failed
24e361af20a3107dc934b4895911ce6bcce0603ejwoolleyorgNotMatching=Organization Mismatch
4657f9b12af4b123b80e15c73fa03c190e47a8bftrawicklockOutEmailSub=WARNING: user lock out notice
4657f9b12af4b123b80e15c73fa03c190e47a8bftrawicklockOutEmailMsg=The account for {0} has been deactivated due to successive login failures
4657f9b12af4b123b80e15c73fa03c190e47a8bftrawickinvalidtoken=SSOToken is not valid
4657f9b12af4b123b80e15c73fa03c190e47a8bftrawickinvalidcontext=AuthContext is not valid
c36bac9a918f59b2dbf5dcd7d67b50c1da04c89drbbnoInternalSession=No Old Session can be found as part of session upgrade
c36bac9a918f59b2dbf5dcd7d67b50c1da04c89drbb# This is used to form the "From" part of the e-mail that is sent out during the
c36bac9a918f59b2dbf5dcd7d67b50c1da04c89drbb# lockout. The '-' is intentional as without it the InternetAddress class throws
c36bac9a918f59b2dbf5dcd7d67b50c1da04c89drbb# an exception
c36bac9a918f59b2dbf5dcd7d67b50c1da04c89drbblockOutEmailFrom=OpenAM
ad668861e40da485f2eea24dc4c1f9940e470698rbblockOutWarning=Warning: Account lockout will occur after next {0} password failure(s).
ad668861e40da485f2eea24dc4c1f9940e470698rbblogout=Logout
ad668861e40da485f2eea24dc4c1f9940e470698rbblockOut=User Locked Out.
ad668861e40da485f2eea24dc4c1f9940e470698rbbaccountExpired=User Account Expired!!
89211a5d592cdf0170d2b541946661b1a2a279c5trawickloginTimeout=Login Timed Out.
89211a5d592cdf0170d2b541946661b1a2a279c5trawickmoduleDenied=Authentication Module Denied.
89211a5d592cdf0170d2b541946661b1a2a279c5trawickinvalidDomain=Invalid Domain
89211a5d592cdf0170d2b541946661b1a2a279c5trawickaccountLockedOut=Account Locked Out.
5caa0a5c428439b566a4fcc711747e2053bcfd1ajerenkrantzlockoutMessage=Lockout Message Emailed to :
5caa0a5c428439b566a4fcc711747e2053bcfd1ajerenkrantzincorrectAuthLevel=Invalid Auth Level.
5caa0a5c428439b566a4fcc711747e2053bcfd1ajerenkrantzinvalidChars=Invalid Characters detected in UserName
34d672a81f3e72f30568462135ddf6d71dcfa8d8bnicholes### Error codes
34d672a81f3e72f30568462135ddf6d71dcfa8d8bnicholes### format errorCode=errorMessage | errorTemplate
34d672a81f3e72f30568462135ddf6d71dcfa8d8bnicholes### seperator "|" to differentiate between errorMessage and errorTemplate
b1d2d2797866636f792717f96401292481697145wrowe### errorMessage = is the error message describing the error
b1d2d2797866636f792717f96401292481697145wrowe### errroTemplate = is the jsp/html page to be rendered
b1d2d2797866636f792717f96401292481697145wrowe100=User Requires Profile to Login|login_denied.jsp
b1d2d2797866636f792717f96401292481697145wrowe101=User Account Expired!!|account_expired.jsp
b1d2d2797866636f792717f96401292481697145wrowe102=Authentication Error!!|auth_error_template.jsp
b1d2d2797866636f792717f96401292481697145wrowe103=Invalid Password!!|login_failed_template.jsp
b1d2d2797866636f792717f96401292481697145wrowe104=User not Active|user_inactive.jsp
b1d2d2797866636f792717f96401292481697145wrowe105=No Configuration found|noConfig.jsp
4a98c07ecf4f27a9b18963bbe85260857664d03bjerenkrantz106=Invalid Peristent Cookie|invalidPCookieUserid.jsp
4a98c07ecf4f27a9b18963bbe85260857664d03bjerenkrantz107=Authentication Failed!!|login_failed_template.jsp
8abcc73436888a98721b10f0c09206f6fea68c55jerenkrantz108=Domain is invalid|invalid_domain.jsp
b24d065530fdf97376f390522396be5a4469fcf4jerenkrantz109=Org is inactive|org_inactive.jsp
b24d065530fdf97376f390522396be5a4469fcf4jerenkrantz110=Session has timed out|session_timeout.jsp
b24d065530fdf97376f390522396be5a4469fcf4jerenkrantz111=Authentication Module Denied|module_denied.jsp
a981bcb9c3b780184e75ff069d67fe84da6c3d3dbnicholes112=User Account Locked|user_inactive.jsp
a981bcb9c3b780184e75ff069d67fe84da6c3d3dbnicholes113=User does not belong to Role|userDenied.jsp
8e2e1446dd3b216c1f414493758f8b0d267a3c0dwrowe114=Authentication Type Denied
a981bcb9c3b780184e75ff069d67fe84da6c3d3dbnicholes115=Maximum Sessions Limit Reached.|maxSessions.jsp
a981bcb9c3b780184e75ff069d67fe84da6c3d3dbnicholes116=User profile cannot be created
b2cff333bc23b8e74c6aad9ee97973df02cca180aaron117=The browser is not configured or supported for the HTTP authentication handshaking|login_failed_template.jsp
b2cff333bc23b8e74c6aad9ee97973df02cca180aaron118=Can not create new session.
b2cff333bc23b8e74c6aad9ee97973df02cca180aaron119=Invalid Auth Level.|invalidAuthlevel.jsp
7eb55be5bcc75f2acf789aeca38d88a9c75d001ejwoolley120=Module Based Authentication is not allowed.
7eb55be5bcc75f2acf789aeca38d88a9c75d001ejwoolley121=Too Many Authentication Attempts!!
7eb55be5bcc75f2acf789aeca38d88a9c75d001ejwoolley122=Invalid App SSO Token in Remote Authentication
d31e50dddb975275ef388ab64e380b6d4e5d9710jerenkrantz123=Exceed Password Retry Limits in DS - Constraint Violation|user_inactive.jsp
d31e50dddb975275ef388ab64e380b6d4e5d9710jerenkrantz124=Session Upgrade fails since user is different than original authenticated user
d31e50dddb975275ef388ab64e380b6d4e5d9710jerenkrantz################################################################################
d5eaaee4a1e5faaf21e7111fd61732c6e7dbe8b2jwoolley# Console View Properties
d5eaaee4a1e5faaf21e7111fd61732c6e7dbe8b2jwoolley################################################################################
c88a70518d7d0b5bccb22a68d446c2d6589790dcjwoolleyauthentication.show.advanced.attributes=All Core Settings...
c88a70518d7d0b5bccb22a68d446c2d6589790dcjwoolleyauthentication.module.instances.help=The list of authentication modules available to this realm
c64c364bf863ad985309ef10d68caaa93e8d09ccstoddardauthentication.module.instances.help.txt=OpenAM uses authentication modules to identify the user. Normally authentication modules \
c64c364bf863ad985309ef10d68caaa93e8d09ccstoddardare associated with an authentication chain. Each realm has a default authentication chain that will be used to authenticate users. \
c64c364bf863ad985309ef10d68caaa93e8d09ccstoddardThis section is used to add, configure or remove authentication module available for authentication into this realm.
d8d240df2f2b23455be6b01343daedebaa6c4f96trawickauthentication.module.configurations=Authentication Chaining
d8d240df2f2b23455be6b01343daedebaa6c4f96trawickauthentication.module.configurations.help=The list of authentication chains available to this realm
d8d240df2f2b23455be6b01343daedebaa6c4f96trawickauthentication.module.configurations.help.txt=OpenAM uses authentication chains to control the authentication flow for the user. \
d8d240df2f2b23455be6b01343daedebaa6c4f96trawickUse this section to add, configure or remove this realms set of authentication chains.
b5b5e8cc4668ab29d8f08f590d829dcfaeda9d33brianpauthentication.module.configurations.action.label=Edit
d980a97cfc68de0ef35432ce03f1c1e468a19877jwoolleyauthentication.module.instance.table.noentries=There are no instances available. Press the New button to create one.
aa3510b82ec5d82ddbf4748829ec90f1ce71398ebrianpauthentication.configuration.table.action.column=Action
51b1d7f8eaa74807ab14479edde4421e77f5d1d7brianpauthentication.configuration.table.delete.button=Delete
51b1d7f8eaa74807ab14479edde4421e77f5d1d7brianpauthentication.configuration.table.noentries=There are no authentication chains defined. Press the New button to create one.
08aff55373b2ae69182a58055a5c1b3a12d927b0slive[Empty]=[empty]
08aff55373b2ae69182a58055a5c1b3a12d927b0slivei18nTrue=Enabled
08aff55373b2ae69182a58055a5c1b3a12d927b0slivei18nFalse=Disabled
5a63340978acb9dd7e87724be57d2bde1cf1f629trawickorg-chain-list.help=This table lists the authentication modules that make up this authentication chain.
5a63340978acb9dd7e87724be57d2bde1cf1f629trawickorg-chain-list.help.txt=The list of modules that will be presented to the user during authentication. The criteria controls the processing \
5a63340978acb9dd7e87724be57d2bde1cf1f629trawickof the chain. Each module has a set of options that be set to control how the module operates.