|
|
@@ -284,7 +284,7 @@ Setting_Description_display.custom.resourceBundle=<p>Upload a custom ZIP file co
|
|
|
Setting_Description_display.hideConfigHealthWarnings=Enable this option to hide health warnings about configuration issues from the health status monitors.
|
|
|
Setting_Description_display.homeButton=Enable this option to show a "home" button in the header and other menus as appropriate to authenticated users and administrators.
|
|
|
Setting_Description_display.idleTimeout=Enable this option to show the user's remaining idle time, and when that time reaches zero, @PwmAppName@ redirects the user to the logout page.
|
|
|
-Setting_Description_display.js.custom=Specify a custom JavaScript that @PwmAppName@ injects into all pages inside an HTML tag near the bottom of the page.
|
|
|
+Setting_Description_display.js.custom=Enter custom JavaScript that @PwmAppName@ will embed onto all user HTML pages. The @PwmAppName@ JavaScript environment is not documented and may change from version to version. Using this feature should be done only in an environment where development resources are available to maintaine the custom JavaScript over time.<br/><br/>A few general tips:<ul><li>The custom JavaScript will execute after the body onload event and after most of the @PwmAppName@ libraries have loaded.</li><li>The custom JavaScript will load on every page view. Your code can identify the current page by examinng the <code>data-jsp-name</code> attribute of the <code>application-info</code> html element. This element will appear on all pages.</li><li>Referencing any JavaScript or other URLs externally is not permitted by the default <code>Content-Security-Policy</code>. Instead include any scripts, images or css files you need locally by using <code>@PwmSettingReference:display.custom.resourceBundle@.</code></li></ul>
|
|
|
Setting_Description_display.logoutButton=Enable this option to show a logout button in the header and other menus as appropriate to authenticated users and administrators.
|
|
|
Setting_Description_display.maskPasswordFields=Enable this option to mask sensitive input fields with standard "password" masking. If set to false, @PwmAppName@ displays sensitive fields as normal text input fields.
|
|
|
Setting_Description_display.maskResponseFields=Enable this option to mask Challenge/Response answer input fields with standard "password" masking. If set to false, @PwmAppName@ displays response fields as normal text input fields. This setting applies to both setup responses and forgotten password response entry screens.
|
|
|
@@ -601,14 +601,14 @@ Setting_Description_recovery.oauth.idserver.secret=Specify the OAuth shared secr
|
|
|
Setting_Description_recovery.oauth.idserver.serverCerts=Import the certificate for the OAuth web service server.
|
|
|
Setting_Description_recovery.oauth.idserver.usernameSendValue=Specify the user name value to send as part of the <code>/grant</code> redirect request. The remote OAuth server must support the /sign endpoint for this to work.
|
|
|
Setting_Description_recovery.postActions=Actions to execute after a user has successfully completed the forgotten password sequence and the user's password has been modified. You can use macros.
|
|
|
-Setting_Description_recovery.profile.list=Add a list of forgotten password policies. @PwmAppName@ evalutes this list in the order shown here. @PwmAppName@ applies the first profile in the list that matches on the setting <code>@PwmSettingReference\:recovery.queryMatch@</code> to a user.<br/><br/>Unless you must define different forgotten password behavior for different users, do not change this list from the default.
|
|
|
+Setting_Description_recovery.profile.list=Add a list of forgotten password policies. @PwmAppName@ evaluates this list in the order shown here. @PwmAppName@ applies the first profile in the list that matches on the setting <code>@PwmSettingReference\:recovery.queryMatch@</code> to a user.<br/><br/>Unless you must define different forgotten password behavior for different users, do not change this list from the default.
|
|
|
Setting_Description_recovery.queryMatch=Add an LDAP filter that defines the set of users that @PwmAppName@ assigns to this profile.
|
|
|
Setting_Description_recovery.require.otp=Enable this option to require a one time password during the forgotten password process. @PwmAppName@ requires the users to type the generated tokens in order to proceed to recover their passwords. If you disable this setting, then you must set at least one other recovery method to true for forgotten password recovery to operate.
|
|
|
Setting_Description_recovery.response.readPreference=Select the location where @PwmAppName@ reads the responses. If you select an option with multiple values, @PwmAppName@ reads each location in turn until it finds a stored response.
|
|
|
Setting_Description_recovery.response.writePreference=<p>Select the location where @PwmAppName@ writes the responses. @PwmAppName@ writes to all storage methods when the user configures their response answers.</p><p><b>WARNING\: </b>Never use the LocalDB to store responses in a production system as there are no methods to make the LocalDB storage redundant, nor are optimal backup methods available for the LocalDB.</p>
|
|
|
Setting_Description_recovery.searchFilter=Add an LDAP search filter @PwmAppName@ uses to search for users during forgotten password recovery. The LDAP search filter must include each attribute in the <b>Forgotten Password User Search Form</b>. @PwmAppName@ replaces tokens made of a form item name (such as <code>cn</code>) enclosed with a percent sign <code>%cn%</code> with values supplied by the user.<br><br>For example, if the <b>Activate User Form</b> included the attributes <code>cn</code> and <code>sn</code>, then this filter might be appropriate\:<br><br><code>(&(objectClass\=person)(cn\=%cn%)(sn\=%sn%))</code><br><br>If this setting is left blank, @PwmAppName@ automatically generates a search filter based on the required items in the <b>Forgotten Password User Search Form</b>.
|
|
|
Setting_Description_recovery.sendNewPassword.sendMethod=Select the method to send new password to users when the <b>Forgotten Password Success Action</b> is set to <b>Send new password</b>.
|
|
|
-Setting_Description_recovery.token.resend.enable=Allow the user to resend a token in case they did not receive it.
|
|
|
+Setting_Description_recovery.token.resend.enable=Allow the user to resend a new token. Previously issued tokens are not directly invalidated.
|
|
|
Setting_Description_recovery.verificationMethods=Select the verification methods @PwmAppName@ uses during the forgotten password process. The users must satisfy each option set to required. The users can then select any of the remaining optional methods until they complete the minimum number of optional methods.<br/><br/>You can modify tthe names and a description shown to users for these methods by editing the display text keys for <code>Field_VerificationMethod[Method]</code> and <code>Description_VerificationMethod[Method]</code> where <code>[Method]</code> is the method type.
|
|
|
Setting_Description_reporting.enable=Enable daily reporting job. When enabled, @PwmAppName@ will execute a daily report update job.
|
|
|
Setting_Description_reporting.job.intensity=Control the level of intensity of a reporting job execution. Higher levels will complete the report job faster but cause more workload on @PwmAppName@ and the LDAP directory.
|
|
|
@@ -672,7 +672,7 @@ Setting_Description_updateAttributes.email.verification=Enable this option to se
|
|
|
Setting_Description_updateAttributes.enable=Enable the option to Update Profile Attributes. If true, this setting enables the Update Profile module.
|
|
|
Setting_Description_updateAttributes.forceSetup=Enable this option to present the Update Profile module to the users upon login if the users do not satisfy the form configuration conditions. Specifically, @PwmAppName@ checks the <b>Required</b> and <b>Regular Expression</b> conditions against the current LDAP form values. The users cannot perform other functions until they update the form values to values that match the form configuration.
|
|
|
Setting_Description_updateAttributes.form=Update Profile Form values.
|
|
|
-Setting_Description_updateAttributes.profile.list=Update Attributes Profiles
|
|
|
+Setting_Description_updateAttributes.profile.list=List of Update Attribute profiles. In most cases, only a single profile is needed. Only define multiple profiles if different user populations users will need different features/permissions. Each profile has a <code>@PwmSettingReference\:updateAttributes.queryMatch@</code> setting used to define to whom the profile applies. If multiple profiles could apply for a user, the first profile in the list defined here will be assigned.
|
|
|
Setting_Description_updateAttributes.queryMatch=Add an LDAP query that only allows users who match this query to update their profiles.
|
|
|
Setting_Description_updateAttributes.showConfirmation=Enable this option to show the update attributes to the users after they configure them. This gives your users an opportunity to read and review their attributes before submitting, however, it shows the responses on the screen and makes them visible to anyone else watching the users' screens.
|
|
|
Setting_Description_updateAttributes.sms.verification=Enable this option to send an SMS to the users' mobile phone numbers before updating the account. The user must verify receipt of the SMS before @PwmAppName@ updates the account.
|
|
|
@@ -1157,7 +1157,7 @@ Setting_Label_updateAttributes.enable=Enable Update Profile
|
|
|
Setting_Label_updateAttributes.forceSetup=Force Update Profile
|
|
|
Setting_Label_updateAttributes.form=Update Profile Form
|
|
|
Setting_Label_updateAttributes.preferredlanguage=Update Profile language
|
|
|
-Setting_Label_updateAttributes.profile.list=List of Update Attribute profiles. In most cases, only a single profile is needed. Only define multiple profiles if different user populations users will need different features/permissions. Each profile has a <i>Update Attributes Profile Match</i> setting used to define to whom the profile applies. If multiple profiles could apply for a user, the first profile in the list defined here will be assigned.
|
|
|
+Setting_Label_updateAttributes.profile.list=Update Profile Profiles
|
|
|
Setting_Label_updateAttributes.queryMatch=Update Profile Match
|
|
|
Setting_Label_updateAttributes.showConfirmation=Show Update Profile Confirmation
|
|
|
Setting_Label_updateAttributes.sms.verification=Enable SMS Verification
|
Jason Rivard