|
|
@@ -284,12 +284,12 @@ Setting_Description_display.custom.resourceBundle=<p>Upload a custom ZIP file co
|
|
|
Setting_Description_display.hideConfigHealthWarnings=Enable this option to hide health warnings about configuration issues from the health status monitors.
|
|
|
Setting_Description_display.homeButton=Enable this option to show a "home" button in the header and other menus as appropriate to authenticated users and administrators.
|
|
|
Setting_Description_display.idleTimeout=Enable this option to show the user's remaining idle time, and when that time reaches zero, @PwmAppName@ redirects the user to the logout page.
|
|
|
-Setting_Description_display.js.custom=Enter custom JavaScript that @PwmAppName@ will embed onto all user HTML pages. The @PwmAppName@ JavaScript environment is not documented and may change from version to version. Using this feature should be done only in an environment where development resources are available to maintaine the custom JavaScript over time.<br/><br/>A few general tips:<ul><li>The custom JavaScript will execute after the body onload event and after most of the @PwmAppName@ libraries have loaded.</li><li>The custom JavaScript will load on every page view. Your code can identify the current page by examinng the <code>data-jsp-name</code> attribute of the <code>application-info</code> html element. This element will appear on all pages.</li><li>Referencing any JavaScript or other URLs externally is not permitted by the default <code>Content-Security-Policy</code>. Instead include any scripts, images or css files you need locally by using <code>@PwmSettingReference:display.custom.resourceBundle@.</code></li></ul>
|
|
|
+Setting_Description_display.js.custom=Specify a custom JavaScript that @PwmAppName@ injects into all pages inside an HTML tag near the bottom of the page.
|
|
|
Setting_Description_display.logoutButton=Enable this option to show a logout button in the header and other menus as appropriate to authenticated users and administrators.
|
|
|
Setting_Description_display.maskPasswordFields=Enable this option to mask sensitive input fields with standard "password" masking. If set to false, @PwmAppName@ displays sensitive fields as normal text input fields.
|
|
|
Setting_Description_display.maskResponseFields=Enable this option to mask Challenge/Response answer input fields with standard "password" masking. If set to false, @PwmAppName@ displays response fields as normal text input fields. This setting applies to both setup responses and forgotten password response entry screens.
|
|
|
Setting_Description_display.maskTokenFields=Enable this option to mask token input fields with standard "password" masking. When enabled, multi-line tokens (such as crypto-format tokens) will not be easily input by users.
|
|
|
-Setting_Description_display.newuser.agreement=<p>Specify a message to display to users before allowing them to register as a new user. If blank, @PwmAppName@ does not display the new user agreement page to the user. This message can include HTML tags.
|
|
|
+Setting_Description_display.newuser.agreement=<p>Specify a message to display to users before allowing them to register as a new user. If blank, @PwmAppName@ will not display the new user agreement page to the user trying to register. This New User Agreement Message can also include HTML tags.
|
|
|
Setting_Description_display.password.changeAgreement=<p>Specify a message to display to users before allowing them to change their passwords. If blank, @PwmAppName@ does not display the change password agreement page to the users. This message can include HTML tags.</p> <p>This setting can use macros. For more information about macros, see the "View" menu "Show Macro Help".</p>
|
|
|
Setting_Description_display.password.completeMessage=<p>Specify a message to display to users when they complete a password change. If blank, @PwmAppName@ does not display the change password completion page to the user. This message can include HTML tags.</p> <p>This setting can use macros. For more information, see the "View" menu "Show Macro Help".</p>
|
|
|
Setting_Description_display.password.guideText=<p>Specify the text (with HTML tags/formatting) to show users on password guide page. This appears as a "password guide" link and pop-up dialog. Leave blank to not show the password guide link.</p><p>This setting allows macros. For more information, see the "View" menu "Show Macro Help".</p>
|
|
|
@@ -465,22 +465,22 @@ Setting_Description_network.allowMultiIPSession=Enable this option to allow @Pwm
|
|
|
Setting_Description_network.ip.permittedRange=Enable this option to have @PwmAppName@ only permit connections originating from the specified IP address ranges. If disabled (default), @PwmAppName@ permits any source IP address. <p>Supported range specifications are\:<p><ul><li>Full IPv4 address, such as <b>12.34.56.78</b></li><li>Full IPv6 address, such as <b>2001\:18e8\:3\:171\:218\:8bff\:fe2a\:56a4</b></li><li>Partial IPv4 address, such as <b>12.34</b> (which matches any IP addres starting <b>12.34</b></li><li>IPv4 network/netmask, such as <b>18.25.0.0/255.255.0.0</b></li><li>IPv4 or IPv6 CIDR slash notation, such as <b>18.25.0.0/16</b> or <b>2001\:18e8\:3\:171\:\:/64</b></li></ul>
|
|
|
Setting_Description_network.requiredHttpHeaders=<p>If specified, any HTTP/S request sent to this @PwmAppName@ application server must include these headers. This feature is useful if you have an upstream security gateway, proxy or web server and wish to only allow sessions from the gateway, and deny direct access to this @PwmAppName@ application server from clients.</p><p>The settings must be in <code>name\=value</code> format. If the upstream security gateway, proxy or web server is not setting these name/value headers, you will no longer be able to access this @PwmAppName@ application server.</p><p><b>WARNING:</b>If the client you are using to access this server is not setting the headers configured here, this @PwmAppName@ server will become inaccessible.</p>
|
|
|
Setting_Description_network.reverseDNS.enable=Enable this option to have @PwmAppName@ use its reverse DNS system to record the hostname of the client. In some cases this can cause performance issues so you can disable it if you do not requrie it.
|
|
|
-Setting_Description_newUser.createContext=Specify the LDAP context where @PwmAppName@ creates new users. You can use macros in this setting. @PwmAppName@ uses the default LDAP profile for new user creation.
|
|
|
+Setting_Description_newUser.createContext=Specify the LDAP context where you would like @PwmAppName@ to create new users. You can use macros in this setting. @PwmAppName@ uses the default LDAP profile when creating new user.
|
|
|
Setting_Description_newUser.deleteOnFail=Enable this option to have @PwmAppName@ delete the new user account if the creation fails for some reason. It deletes the (potentially partially-created) "broken" account in LDAP.
|
|
|
-Setting_Description_newUser.email.verification=Enable this option to have @PwmAppName@ send an email to the new user's email address before it creates the account. The new user must verify receipt of the email before @PwmAppName@ creates the account.
|
|
|
+Setting_Description_newUser.email.verification=Enable this option to have @PwmAppName@ send an email to the new user's email address before it creates the account. The new user must verify receipt of the email before @PwmAppName@ creates the account. All of your email settings must also be filled out before this will work. Testing the email settings should take place to verify that this email will be sent.
|
|
|
Setting_Description_newUser.enable=Enable this option to allow @PwmAppName@ to display the new user registration.
|
|
|
-Setting_Description_newUser.form=Specify the New User form creation attributes and fields.
|
|
|
+Setting_Description_newUser.form=Specify the New User form creation attributes and fields. This is used to determine what information will need to be filled in before submitting the new user form to create the new user.
|
|
|
Setting_Description_newUser.minimumWaitTime=Specify a delay time during a new user creation. @PwmAppName@ delays the creation of the user for at least this amount of time before forwarding the user to the next activity. <br/><br/>Specify the value in seconds.
|
|
|
-Setting_Description_newUser.passwordPolicy.user=Specify the user @PwmAppName@ uses a template for the new user password policy. If the value is <i>TESTUSER</i>, @PwmAppName@ uses the configured test user's password policy.
|
|
|
-Setting_Description_newUser.profile.displayName=Specify the publicly viewable display name of this profile.
|
|
|
+Setting_Description_newUser.passwordPolicy.user=Specify the user @PwmAppName@ uses as a template for the new user password policy. If the value is <i>TESTUSER</i>, @PwmAppName@ uses the configured test user's password policy. The <i>TESTUSER</i> was entered at installation time.
|
|
|
+Setting_Description_newUser.profile.displayName=Specify the publicly viewable display name of this profile. This value will only be seen if the profile was enabled to be shown publicly.
|
|
|
Setting_Description_newUser.profile.list=List of New User profiles. When you configure multiple new user profiles, the user can select which profile to complete. @PwmAppName@ shows the profile name to the users as the value of the setting <code>@PwmSettingReference\:newUser.profile.displayName@</code>.
|
|
|
Setting_Description_newUser.profile.visible=Show this New User profile to users when they select New User registration. If disabled, this profile is still available by direct URL but is not shown as a selectable profile.
|
|
|
Setting_Description_newUser.promptForPassword=Prompt user for password during user registration. If not enabled, a random password will be assigned to the user. In most cases you will want this enabled.
|
|
|
Setting_Description_newUser.redirectUrl=URL to redirect user to after new user registration process is completed.
|
|
|
-Setting_Description_newUser.sms.verification=Enable this option to have @PwmAppName@ send an SMS to the new user's mobile phone number before it creates the account. The NewUser must verify receipt of the SMS before @PwmAppName@ creates the account.
|
|
|
+Setting_Description_newUser.sms.verification=Enable this option to have @PwmAppName@ send an SMS message to the new user's mobile phone number before it creates the account. The NewUser must verify receipt of the SMS message before @PwmAppName@ creates the account. please insure that the user has entered their SMS information.
|
|
|
Setting_Description_newUser.token.lifetime=Specify the lifetime a new user email token is valid (in seconds). The default is 0. When set to 0, the effective value is inherited from the setting <code>@PwmSettingReference\:token.lifetime@</code>
|
|
|
Setting_Description_newUser.token.lifetime.sms=Specify the lifetime a new user SMS token is valid (in seconds). The default is 0. When set to 0, the effective value is inherited from the setting <code>@PwmSettingReference\:token.lifetime@</code>
|
|
|
-Setting_Description_newUser.username.definition=<p>Specify the entry ID of the newly created LDAP entry. In some directories this is often used as the "user name", though many directories separate the concepts and values of entry ID and user name.</p><br/><br/><p>Values can (and usually do) include macros. In case the first value already exists in the directory, @PwmAppName@ tries each successive value until it finds a free value. Though @PwmAppName@ has not yet created the user when it evaluates the macros, the LDAP macros use the data provided on the new user form. Other macros might not be useful as there no data yet available on the user.</p><br/><br/><p>If blank, the user name must be present in the form, defined as the LDAP naming attribute value.</p>
|
|
|
+Setting_Description_newUser.username.definition=<p>Specify the display name, or entry ID that is included in the LDAP naming attribute for the new registered users. Some directories use an LDAP entry instead of a user name.<p>When you enable this setting, the system generates an entryID or an LDAP entry that includes random characters by default.You must specify macros for this setting. For more information about macros, see <a href=https://www.netiq.com/documentation/self-service-password-reset-40/adminguide/data/b19nnbhy.html>Configuring Macros for Messages and Actions</a>.<p>If you leave this field blank, the system does not generate a random user name or entry ID.<p>For example, in the LDAP directory, specify the value as @User:Email@ to display the display name or entry ID for the new registered user as their email address.</p>
|
|
|
Setting_Description_newUser.writeAttributes=Specify the actions the system takes when it creates a user. The actions will be executed just after the user is created in the LDAP directory. You can use macros in this setting.
|
|
|
Setting_Description_notes.noteText=Specify any configuration notes about your system. This option allows you to keep notes about any specific configuration options you have made with the system.
|
|
|
Setting_Description_oauth.idserver.attributesUrl=Specify the URL of the web service provided by the identity server to return attribute data about the user.
|
|
|
@@ -601,14 +601,14 @@ Setting_Description_recovery.oauth.idserver.secret=Specify the OAuth shared secr
|
|
|
Setting_Description_recovery.oauth.idserver.serverCerts=Import the certificate for the OAuth web service server.
|
|
|
Setting_Description_recovery.oauth.idserver.usernameSendValue=Specify the user name value to send as part of the <code>/grant</code> redirect request. The remote OAuth server must support the /sign endpoint for this to work.
|
|
|
Setting_Description_recovery.postActions=Actions to execute after a user has successfully completed the forgotten password sequence and the user's password has been modified. You can use macros.
|
|
|
-Setting_Description_recovery.profile.list=Add a list of forgotten password policies. @PwmAppName@ evaluates this list in the order shown here. @PwmAppName@ applies the first profile in the list that matches on the setting <code>@PwmSettingReference\:recovery.queryMatch@</code> to a user.<br/><br/>Unless you must define different forgotten password behavior for different users, do not change this list from the default.
|
|
|
+Setting_Description_recovery.profile.list=Add a list of forgotten password policies. @PwmAppName@ evalutes this list in the order shown here. @PwmAppName@ applies the first profile in the list that matches on the setting <code>@PwmSettingReference\:recovery.queryMatch@</code> to a user.<br/><br/>Unless you must define different forgotten password behavior for different users, do not change this list from the default.
|
|
|
Setting_Description_recovery.queryMatch=Add an LDAP filter that defines the set of users that @PwmAppName@ assigns to this profile.
|
|
|
Setting_Description_recovery.require.otp=Enable this option to require a one time password during the forgotten password process. @PwmAppName@ requires the users to type the generated tokens in order to proceed to recover their passwords. If you disable this setting, then you must set at least one other recovery method to true for forgotten password recovery to operate.
|
|
|
Setting_Description_recovery.response.readPreference=Select the location where @PwmAppName@ reads the responses. If you select an option with multiple values, @PwmAppName@ reads each location in turn until it finds a stored response.
|
|
|
Setting_Description_recovery.response.writePreference=<p>Select the location where @PwmAppName@ writes the responses. @PwmAppName@ writes to all storage methods when the user configures their response answers.</p><p><b>WARNING\: </b>Never use the LocalDB to store responses in a production system as there are no methods to make the LocalDB storage redundant, nor are optimal backup methods available for the LocalDB.</p>
|
|
|
Setting_Description_recovery.searchFilter=Add an LDAP search filter @PwmAppName@ uses to search for users during forgotten password recovery. The LDAP search filter must include each attribute in the <b>Forgotten Password User Search Form</b>. @PwmAppName@ replaces tokens made of a form item name (such as <code>cn</code>) enclosed with a percent sign <code>%cn%</code> with values supplied by the user.<br><br>For example, if the <b>Activate User Form</b> included the attributes <code>cn</code> and <code>sn</code>, then this filter might be appropriate\:<br><br><code>(&(objectClass\=person)(cn\=%cn%)(sn\=%sn%))</code><br><br>If this setting is left blank, @PwmAppName@ automatically generates a search filter based on the required items in the <b>Forgotten Password User Search Form</b>.
|
|
|
Setting_Description_recovery.sendNewPassword.sendMethod=Select the method to send new password to users when the <b>Forgotten Password Success Action</b> is set to <b>Send new password</b>.
|
|
|
-Setting_Description_recovery.token.resend.enable=Allow the user to resend a new token. Previously issued tokens are not directly invalidated.
|
|
|
+Setting_Description_recovery.token.resend.enable=Allow the user to resend a token in case they did not receive it.
|
|
|
Setting_Description_recovery.verificationMethods=Select the verification methods @PwmAppName@ uses during the forgotten password process. The users must satisfy each option set to required. The users can then select any of the remaining optional methods until they complete the minimum number of optional methods.<br/><br/>You can modify tthe names and a description shown to users for these methods by editing the display text keys for <code>Field_VerificationMethod[Method]</code> and <code>Description_VerificationMethod[Method]</code> where <code>[Method]</code> is the method type.
|
|
|
Setting_Description_reporting.enable=Enable daily reporting job. When enabled, @PwmAppName@ will execute a daily report update job.
|
|
|
Setting_Description_reporting.job.intensity=Control the level of intensity of a reporting job execution. Higher levels will complete the report job faster but cause more workload on @PwmAppName@ and the LDAP directory.
|
|
|
@@ -668,11 +668,11 @@ Setting_Description_token.length=Specify the length of the email token
|
|
|
Setting_Description_token.lifetime=Specify the default lifetime an token is valid (in seconds). The default is one hour. This default may be overridden by module specific settings.
|
|
|
Setting_Description_token.storageMethod=Select the storage method @PwmAppName@ uses to save issued tokens.<table style\="width\: 400px"><tr><td>Method</td><td>Description</td></tr><tr><td>LocalDB</td><td>Stores the tokens in the local embedded LocalDB database. Tokens are not common across multiple application instances.</td></tr><tr><td>DB</td><td>Store the tokens in a configured, remote database. Tokens work across multiple application instances.</td></tr><tr><td>Crypto</td><td>Use crypto to create and read tokens, they are not stored locally. Tokens work across multiple application instances if they have the same Security Key. Crypto tokens ignore the length rules and might be too long to use for SMS purposes.</td></tr><tr><td>LDAP</td><td>Use the LDAP directory to store tokens. Tokens work across multiple application instances. You cannot use LDAP tokens as New User Registration tokens.</td></tr></table>
|
|
|
Setting_Description_updateAttributes.check.queryMatch=When you use the "checkProfile" or "checkAll" parameter with the command servlet, @PwmAppName@ uses this query match to determine if the user is required to populate the parameter values. <br/><br/>If this value is blank, then @PwmAppName@ checks the user's current values against the form requirements.
|
|
|
-Setting_Description_updateAttributes.email.verification=Enable this option to send an email to the user's email address before @PwmAppName@ updates the account. The user must verify receipt of the email before @PwmAppName@ updates the account.
|
|
|
+Setting_Description_updateAttributes.email.verification=Enable this option to send an email to the user's email address before @PwmAppName@ updates the account. The user's email must change to cause this verification email to be sent. The user must verify receipt of the email before @PwmAppName@ updates the account.
|
|
|
Setting_Description_updateAttributes.enable=Enable the option to Update Profile Attributes. If true, this setting enables the Update Profile module.
|
|
|
Setting_Description_updateAttributes.forceSetup=Enable this option to present the Update Profile module to the users upon login if the users do not satisfy the form configuration conditions. Specifically, @PwmAppName@ checks the <b>Required</b> and <b>Regular Expression</b> conditions against the current LDAP form values. The users cannot perform other functions until they update the form values to values that match the form configuration.
|
|
|
Setting_Description_updateAttributes.form=Update Profile Form values.
|
|
|
-Setting_Description_updateAttributes.profile.list=List of Update Attribute profiles. In most cases, only a single profile is needed. Only define multiple profiles if different user populations users will need different features/permissions. Each profile has a <code>@PwmSettingReference\:updateAttributes.queryMatch@</code> setting used to define to whom the profile applies. If multiple profiles could apply for a user, the first profile in the list defined here will be assigned.
|
|
|
+Setting_Description_updateAttributes.profile.list=Update Attributes Profiles
|
|
|
Setting_Description_updateAttributes.queryMatch=Add an LDAP query that only allows users who match this query to update their profiles.
|
|
|
Setting_Description_updateAttributes.showConfirmation=Enable this option to show the update attributes to the users after they configure them. This gives your users an opportunity to read and review their attributes before submitting, however, it shows the responses on the screen and makes them visible to anyone else watching the users' screens.
|
|
|
Setting_Description_updateAttributes.sms.verification=Enable this option to send an SMS to the users' mobile phone numbers before updating the account. The user must verify receipt of the SMS before @PwmAppName@ updates the account.
|
|
|
@@ -1157,7 +1157,7 @@ Setting_Label_updateAttributes.enable=Enable Update Profile
|
|
|
Setting_Label_updateAttributes.forceSetup=Force Update Profile
|
|
|
Setting_Label_updateAttributes.form=Update Profile Form
|
|
|
Setting_Label_updateAttributes.preferredlanguage=Update Profile language
|
|
|
-Setting_Label_updateAttributes.profile.list=Update Profile Profiles
|
|
|
+Setting_Label_updateAttributes.profile.list=List of Update Attribute profiles. In most cases, only a single profile is needed. Only define multiple profiles if different user populations users will need different features/permissions. Each profile has a <i>Update Attributes Profile Match</i> setting used to define to whom the profile applies. If multiple profiles could apply for a user, the first profile in the list defined here will be assigned.
|
|
|
Setting_Label_updateAttributes.queryMatch=Update Profile Match
|
|
|
Setting_Label_updateAttributes.showConfirmation=Show Update Profile Confirmation
|
|
|
Setting_Label_updateAttributes.sms.verification=Enable SMS Verification
|
Jason