|
|
@@ -30,14 +30,14 @@ Category_Description_AUDIT_CONFIG=Auditing
|
|
|
Category_Description_AUDIT_FORWARD=Auditing
|
|
|
Category_Description_AUDITING=Auditing
|
|
|
Category_Description_BASIC_SSO=Basic Authentication
|
|
|
-Category_Description_CAPTCHA=Captcha functionality uses an implementation of reCAPTCHA to prevent non-human attacks. If this server will be facing the public internet, it is strongly recommended to enable captcha functionality. reCAPTCHA info can be found at <a href\="http\://www.google.com/recaptcha" target\="_blank">http\://www.google.com/recaptcha/</a><br/><br/>Registration at the reCAPTCHA site will provide a public and private key which must be configured here for reCAPTCHA support.
|
|
|
+Category_Description_CAPTCHA=Captcha functionality uses an implementation of reCAPTCHA to prevent non-human attacks. If this server faces the public internet, it is strongly recommended to enable the CAPTCHA functionality. reCAPTCHA information can be found at <a href\="http\://www.google.com/recaptcha" target\="_blank">http\://www.google.com/recaptcha/</a><br/><br/>Registration at the reCAPTCHA site provides a public and private key which you must configure here for reCAPTCHA support.
|
|
|
Category_Description_CAS_SSO=
|
|
|
-Category_Description_CHALLENGE_POLICY=Define the challenge policy users will use for populating response answers.
|
|
|
-Category_Description_CHALLENGE=Settings that control challenge/response features. These global settings apply regardless of the challenge policy. For profile-specific challenge settings, see Profiles --> Challenge Profiles.
|
|
|
+Category_Description_CHALLENGE_POLICY=Define the challenge policy users use for populating response answers.
|
|
|
+Category_Description_CHALLENGE=Settings that control the Challenge/Response features. These global settings apply regardless of the challenge policy. For profile-specific challenge settings, see Profiles --> Challenge Profiles.
|
|
|
Category_Description_CHANGE_PASSWORD=The change password module is the core functionality of the application. Use these settings to control the behavior and functionality of the change password functionality seen by all users.
|
|
|
Category_Description_CLUSTERING=Session Management
|
|
|
Category_Description_DATABASE_ADV=Advanced database configuration settings.
|
|
|
-Category_Description_DATABASE=Optional database configuration settings. If configured, a remote RDBMS SQL-complaint database can be used to store data for certain functions. Any standard RDBMS that supports a standard Java JDBC driver can work. Upon startup, a database connection will be made and any necessary tables and schema will be created. Multiple application instances can be configured for the same database instance.
|
|
|
+Category_Description_DATABASE=Optional database configuration settings. If configured, you can use a remote RDBMS SQL-complaint database to store data for certain functions. Any standard RDBMS that supports a standard Java JDBC driver can work. Upon startup, @PwmAppName@ establishes a database connection and creates any necessary tables and schema. You can configure multiple application instances for the same database instance.
|
|
|
Category_Description_DATABASE_SETTINGS=Settings
|
|
|
Category_Description_DELETE_ACCOUNT=Delete Account
|
|
|
Category_Description_DELETE_ACCOUNT_PROFILE=Profiles
|
|
|
@@ -45,47 +45,47 @@ Category_Description_DELETE_ACCOUNT_SETTINGS=Settings
|
|
|
Category_Description_EDIR_CR_SETTINGS=NetIQ eDirectory CR specific settings.
|
|
|
Category_Description_EDIRECTORY=NetIQ eDirectory specific settings.
|
|
|
Category_Description_EDIR_SETTINGS=NetIQ eDirectory specific settings.
|
|
|
-Category_Description_EMAIL=<p>Configuration settings for all sent emails. For email body configuration, both plaintext and HTML settings are provided. It is encouraged that for each configured setting and locale, both plaintext and HTML email bodies are configured. Email will be delivered in both formats and the email client can choose which to display.</p> <p>Email definitions may use Macros. See the "View" menu "Show Macro Help" for more information about Macros.</p>
|
|
|
+Category_Description_EMAIL=<p>Configuration settings for all sent emails. The settings for the email body configuration are for both plaintext and HTML. We encourage that for each configured setting and locale for the email body, that you configure both plaintext and HTML. @PwmAppName@ deliveres the emailin both formats and the email client can choose which to display.</p> <p>Email definitions might use Macros. See the "View" menu "Show Macro Help" for more information about Macros.</p>
|
|
|
Category_Description_EMAIL_SETTINGS=
|
|
|
Category_Description_EMAIL_TEMPLATES=
|
|
|
-Category_Description_FORGOTTEN_USERNAME=Allow a user to search for a forgotten user name using a configurable search filter and attributes.
|
|
|
+Category_Description_FORGOTTEN_USERNAME=Allows a user to search for a forgotten user name using a configurable search filter and attributes.
|
|
|
Category_Description_GENERAL=General settings for the application. Settings here control the functionality and behavior of the system overall.
|
|
|
Category_Description_GUEST=Note\: The guest user registration module requires that the logged in user has sufficient permissions to create users and, if so configured, to check for duplicate values.
|
|
|
-Category_Description_HELPDESK_BASE=Helpdesk Base
|
|
|
+Category_Description_HELPDESK_BASE=Help Desk Base
|
|
|
Category_Description_HELPDESK=Help Desk Administrators
|
|
|
-Category_Description_HELPDESK_OPTIONS=Helpdesk Options
|
|
|
+Category_Description_HELPDESK_OPTIONS=Help Desk Options
|
|
|
Category_Description_HELPDESK_PROFILE=Profile for Help Desk activities.
|
|
|
Category_Description_HELPDESK_SETTINGS=System-wide settings for Help Desk module.
|
|
|
-Category_Description_HELPDESK_VERIFICATION=Helpdesk Verification
|
|
|
+Category_Description_HELPDESK_VERIFICATION=Help Desk Verification
|
|
|
Category_Description_HTTPS_SERVER=HTTPS Web Server
|
|
|
Category_Description_HTTP_SSO=
|
|
|
Category_Description_INTERNAL=Internal Settings
|
|
|
Category_Description_INTRUDER_SETTINGS=
|
|
|
-Category_Description_INTRUDER=This application has built in intruder detection independent of what your LDAP directory may provide. Because this application may be exposed directly to the internet, this additional layer of detection helps protect against direct attacks. The LDAP directory's own internal intruder detection (if enabled) will always be honored as well. The goal for this intruder detection system isn't to watch for human intruders, it is designed to stop robot or automatic attacks. It is recommended that the triggers be sufficiently high so that normal user usage will not cause an application-level intruder detection. Lockouts due to this intruder detection system can not be unlocked by the Help Desk or administrator.
|
|
|
+Category_Description_INTRUDER=This application has built in intruder detection independent of what your LDAP directory might provide. Because this application might be exposed directly to the internet, this additional layer of detection helps protect against direct attacks. The interal intruder detection for the LDAP directory (if enabled) is always honored as well. The goal for this intruder detection system is not to watch for human intruders, it is designed to stop robot or automatic attacks. It is recommended that the triggers be sufficiently high so that normal user usage does not cause an application-level intruder detection. The Help Desk or an administrator cannot unlock lockouts due to this intruder detection system.
|
|
|
Category_Description_INTRUDER_TIMEOUTS=
|
|
|
Category_Description_LDAP=
|
|
|
Category_Description_LDAP_ATTRIBUTES=Attributes
|
|
|
Category_Description_LDAP_BASE=Connection
|
|
|
-Category_Description_LDAP_GLOBAL=Global settings that control the interaction with an LDAP directory. These settings are applied regardless of the user's LDAP profile. For profile-specific settings, see Profiles -> LDAP Directory Profiles.
|
|
|
+Category_Description_LDAP_GLOBAL=Global settings that control the interaction with an LDAP directory. @PwmAppName@ applies these settings regardless of the user's LDAP profile. For profile-specific settings, see Profiles -> LDAP Directory Profiles.
|
|
|
Category_Description_LDAP_LOGIN=Login Setup
|
|
|
-Category_Description_LDAP_PROFILE=Settings that control interaction with the LDAP directory. Multiple directory profiles can be created to support multiple LDAP user stores.
|
|
|
+Category_Description_LDAP_PROFILE=Settings that control interaction with the LDAP directory. You can create tultiple directory profiles to support multiple LDAP user stores.
|
|
|
Category_Description_LDAP_SETTINGS=LDAP Settings
|
|
|
Category_Description_LOCALIZATION=Localization
|
|
|
-Category_Description_LOGGING=Setting high debug levels can cause undesired overhead and the application may suffer as a result. Conversely, retaining high-level logs can help aid troubleshooting as well as security forensics.
|
|
|
+Category_Description_LOGGING=Setting high debug levels can cause undesired overhead and the application might suffer as a result. Conversely, retaining high-level logs can help aid troubleshooting as well as security forensics.
|
|
|
Category_Description_MODULES=Modules
|
|
|
Category_Description_MODULES_PRIVATE=Authenticated
|
|
|
Category_Description_MODULES_PUBLIC=Public
|
|
|
-Category_Description_NAAF=NAAF (Advanced Authentication Framework)
|
|
|
-Category_Description_NEWUSER=New user self registration settings. The new user registration module requires that the proxy user has sufficient permissions to create users and, if so configured, to check for duplicate values. New users are created in the default LDAP directory profile.
|
|
|
-Category_Description_NEWUSER_PROFILE=New user self registration settings. The new user registration module requires that the proxy user has sufficient permissions to create users and, if so configured, to check for duplicate values. New users are created in the default LDAP directory profile.
|
|
|
-Category_Description_NEWUSER_SETTINGS=New user self registration settings. The new user registration module requires that the proxy user has sufficient permissions to create users and, if so configured, to check for duplicate values. New users are created in the default LDAP directory profile.
|
|
|
+Category_Description_NAAF=NAAF (Advanced Authentication)
|
|
|
+Category_Description_NEWUSER=New user self registration settings. The new user registration module requires that the proxy user has sufficient permissions to create users and, if so configured, to check for duplicate values. @PwmAppName@ creates the new users in the default LDAP directory profile.
|
|
|
+Category_Description_NEWUSER_PROFILE=New user self registration settings. The new user registration module requires that the proxy user has sufficient permissions to create users and, if so configured, to check for duplicate values. @PwmAppName@ creates new users in the default LDAP directory profile.
|
|
|
+Category_Description_NEWUSER_SETTINGS=New user self registration settings. The new user registration module requires that the proxy user has sufficient permissions to create users and, if so configured, to check for duplicate values. @PwmAppName@ creates new users in the default LDAP directory profile.
|
|
|
Category_Description_NOTES=Configuration Notes
|
|
|
Category_Description_OAUTH=Integration with an OAuth identity server for SSO to this application.
|
|
|
Category_Description_ORACLE_DS=Oracle Directory Server specific settings
|
|
|
Category_Description_OTP=Options for time based one time passwords.
|
|
|
Category_Description_PASSWORD_GLOBAL=Password related settings that apply to all users regardless of the password policy or profile appear here. For profile-specific password settings, see Profiles -> Password Policy Profiles.
|
|
|
Category_Description_PASSWORD_POLICY=Settings that define the LDAP directories that are used by the application. If the user identities are in multiple LDAP directories, configure each directory as an LDAP Directory Profile. Within each LDAP directory profile definition you can control the individual servers and other settings for each LDAP directory.
|
|
|
-Category_Description_PEOPLE_SEARCH=The people search module provides basic white pages or directory lookup functionality to your users. Customizations alow easy searching and display quick detailed information about your user's colleagues.
|
|
|
+Category_Description_PEOPLE_SEARCH=The people search module provides basic white pages or directory lookup functionality to your users. Customizations alow easy searching and display quick detailed information about your users' colleagues.
|
|
|
Category_Description_PROFILES=Profiles
|
|
|
Category_Description_RECOVERY_DEF=Definition
|
|
|
Category_Description_RECOVERY_OAUTH=OAuth
|
|
|
@@ -95,23 +95,23 @@ Category_Description_RECOVERY_SETTINGS=Settings for forgotten password configura
|
|
|
Category_Description_REPORTING=Options to enable and configure reporting.
|
|
|
Category_Description_REST_CLIENT=
|
|
|
Category_Description_REST_SERVER=
|
|
|
-Category_Description_SECURITY=Settings that control security aspects of the system. In some cases, the security features of this application may interfere with integration of other systems. Use caution when changing these settings as the overall security of the application could be impacted.
|
|
|
+Category_Description_SECURITY=Settings that control security aspects of the system. In some cases, the security features of this application might interfere with integration of other systems. Use caution when changing these settings as you could impact the overall security of the application.
|
|
|
Category_Description_SETTINGS=Settings
|
|
|
-Category_Description_SHORTCUT=The shortcut menu is used to display a list of click-able links to users. This functionality may be useful as a basic landing page for users.
|
|
|
-Category_Description_SMS=Configuration settings for interfacing with SMS service gateways. The SMS gateway should support REST web service to use with this application. The service provider will provide you with information that will allow you to complete the settings here.
|
|
|
+Category_Description_SHORTCUT=The shortcut menu displays a list of click-able links to users. This functionality might be useful as a basic landing page for users.
|
|
|
+Category_Description_SMS=Configuration settings for interfacing with SMS service gateways. The SMS gateway supports REST web service to use with this application. The service provider provides you with information that allows you to complete the settings here.
|
|
|
Category_Description_SMS_GATEWAY=
|
|
|
Category_Description_SMS_MESSAGES=
|
|
|
Category_Description_SSO=
|
|
|
Category_Description_TELEMETRY=Telemetry
|
|
|
Category_Description_TEMPLATES=
|
|
|
-Category_Description_TOKEN=Options for email and sms tokens sent to users. Chose a token method appropriate to your environment.
|
|
|
+Category_Description_TOKEN=Options for email and SMS tokens sent to users. Chose a token method appropriate to your environment.
|
|
|
Category_Description_UI_FEATURES=
|
|
|
Category_Description_UI_WEB=
|
|
|
Category_Description_UPDATE_PROFILE=.
|
|
|
Category_Description_UPDATE_SETTINGS=.
|
|
|
-Category_Description_UPDATE=The update user profile module will force/allow the user to update the attributes configured here. This is useful for forcing the user to populate to update some piece of information.
|
|
|
+Category_Description_UPDATE=The update user profile module forces or allows the user to update the attributes configured here. This is useful for forcing the user to populate and to update some piece of information.
|
|
|
Category_Description_USER_HISTORY=Auditing
|
|
|
-Category_Description_USER_INTERFACE=These settings control application wide features and display format that is visible to the end user.
|
|
|
+Category_Description_USER_INTERFACE=These settings control application wide features and the display format that the end user sees.
|
|
|
Category_Description_WEB_SECURITY=
|
|
|
Category_Description_WEB_SERVICES=Settings that are of interest to developers or component integrators.
|
|
|
Category_Description_WORDLISTS=Word Lists
|
|
|
@@ -210,28 +210,28 @@ Category_Label_USER_INTERFACE=User Interface
|
|
|
Category_Label_WEB_SECURITY=Web Security
|
|
|
Category_Label_WEB_SERVICES=Web Services
|
|
|
Category_Label_WORDLISTS=Word Lists
|
|
|
-Setting_Description_accountInfo.view.form=LDAP attributes to show to user on account information page.
|
|
|
-Setting_Description_accountInfo.viewStatusValues=Select the fields that are available for user's to be able to view about their own account.
|
|
|
-Setting_Description_activateUser.allowUnlock=Try to unlock the user account during activation. If true, and if the user's account is locked the user account will be unlocked.
|
|
|
-Setting_Description_activateUser.enable=Enable the new user activation module.
|
|
|
-Setting_Description_activateUser.form=Form fields for activate user module. Each attribute will be required to be entered by the user. Ideally, the user will be required to enter some personal data that is not publicly known.
|
|
|
-Setting_Description_activateUser.queryMatch=Only allow users who match this query to be activated. Generally, you will only allow users who have never been authenticated and are not disabled to activate. The default example uses the last login time attribute(s) on the user object to determine if the user has never logged in. It is the responsibility of the administrator to ensure this activation feature works correctly. Misconfiguration could potentially result in unintended activations being able to take place.
|
|
|
-Setting_Description_activateUser.searchFilter=LDAP search filter used to search for users during user activation. The LDAP search filter should include each attribute in the <i>Activate User Form</i>. Tokens made of a form item name (such as <code>cn</code>) enclosed with a percent sign <code>%cn%</code> will be replaced with values supplied by the user.<br><br>For example, if the <i>Activate User Form</i> included the attributes <code>cn</code> and <code>sn</code>, then this filter may be appropriate\:<br><br><code>(&(objectClass\=person)(cn\=%cn%)(sn\=%sn%))</code><br><br>Any attributes that are listed in the form but are not used in the search filter will tested by performing an LDAP compare operation with the user supplied value.<br><br>If this setting is left blank, a search filter based on the required items in the <i>Activate User Search Form</i> will be automatically generated.
|
|
|
-Setting_Description_activateUser.token.sendMethod=Set the method(s) used for sending the token code to the user.
|
|
|
-Setting_Description_activateUser.writePostAttributes=Actions to execute after a user is activated and has changed/set their initial password. Typically this is used to activate the account, as well as put some searchable indicator.<br/><br/> Macros may be used.
|
|
|
-Setting_Description_activateUser.writePreAttributes=Actions to execute after a user is activated but before the password is set. Typically this is used to activate the account, as well as put some searchable indicator.<br/><br/> Macros may be used.
|
|
|
-Setting_Description_audit.syslog.certificates=TLS Certificate of syslog service.
|
|
|
-Setting_Description_audit.syslog.servers=Syslog audit server. When configured, all audit events will be forwarded to the specified syslog server. The format is <b><protocol></b>,<b><address></b>,<b><port></b>. The value for <b><protocol></b> can be either <i>udp</i> or <i>tcp</i>.<br/><br/>Examples\:<table><tr><td>Protocol</td><td>Address</td><td>Port</td><td>Setting</td><tr><tr><td>UDP</td><td>127.0.0.1</td><td>514</td><td>udp,127.0.0.1,514</td><tr><tr><td>TCP</td><td>central-syslog.example.com</td><td>514</td><td>tcp,central-syslog.example.com,514</td><tr><tr><td>TLS</td><td>secure-syslog.example.com</td><td>6514</td><td>tls,central-syslog.example.com,6514</td><tr></table>
|
|
|
-Setting_Description_audit.system.eventList=Event types to record and act upon.
|
|
|
-Setting_Description_audit.user.eventList=Event types to record and act upon.
|
|
|
-Setting_Description_audit.userEvent.toAddress=Send an email User Audit events occur to these email addresses.
|
|
|
-Setting_Description_basicAuth.enable=Enable Basic Authentication
|
|
|
-Setting_Description_captcha.intruderAttemptTrigger=Number of intruder attempts before CAPTCHA is required. If set to 0, intruder attempt count is ignored and captcha is always required. Intruder attempts for the current session and for the source network address is considered.<br/><br/>The recommended value for this setting is 0. Determined network attackers may be able to bypass the CAPTCHA verification altogether if this setting is used.
|
|
|
-Setting_Description_captcha.protectedPages=Pages protected by CAPTCHA. CAPTCHA validation is required only once per session. Thus, after a user passes captcha validation during a session, the user will not be forced to pass the captcha again despite accessing a second module enabled here.
|
|
|
-Setting_Description_captcha.recaptcha.privateKey=Private reCAPTCHA key. If blank no captcha verification will be performed.
|
|
|
-Setting_Description_captcha.recaptcha.publicKey=Public reCAPTCHA key. If blank no captcha verification will be performed.
|
|
|
-Setting_Description_captcha.skip.cookie=Allows for skipping the captcha request if a known browser cookie value is held by the browser the cookie is stored in a cookie named 'captcha-key'. If the value is correct,then the captcha check is skipped. The cookie value is stored in the browser after a successful captcha check.<br/><br/>If blank, then no cookie will be read/stored. If set to 'INSTANCEID', then the instanceID is used. If set to any other value, then the literal value will be used.
|
|
|
-Setting_Description_captcha.skip.param=Allows for skipping the captcha request if a known parameter is passed as a request parameter with a key of "skipCaptcha". This is useful for "internal" clients / links where the captcha is unneccessary.<br/><br/>For example, if the value is 'okay', a request to\:<br/><br/><i>/public/forgottenpassword?skipCaptcha\=okay</i><br/><br/>would cause captcha to be bypassed.
|
|
|
+Setting_Description_accountInfo.view.form=Specify the LDAP attributes to show to users on the account information page.
|
|
|
+Setting_Description_accountInfo.viewStatusValues=Select the fields that are available for the users to view about their own account.
|
|
|
+Setting_Description_activateUser.allowUnlock=Enable this option to allow users to try to unlock the user account during activation. If true, and if the users' account are locked @PwmAppName@ unlocks the users' accounts.
|
|
|
+Setting_Description_activateUser.enable=Enables the new user activation module.
|
|
|
+Setting_Description_activateUser.form=Specify the form fields for activate user module. @PwmAppName@ requires the users to enter each attribute specified. Ideally, add attributes that require the user to enter some personal data that is not publicly known.
|
|
|
+Setting_Description_activateUser.queryMatch=Specify and LDAP filter that only allows @PwmAppName@ to active users who match this query. Generally, you only allow users who have never been authenticated and are not disabled to activate. The default example uses the last login time attributes on the user object to determine if the user has never logged in. It is the responsibility of the administrator to ensure this activation feature works correctly. Misconfiguration could potentially result in unintended activations occuring.
|
|
|
+Setting_Description_activateUser.searchFilter=Specify an LDAP search filter @PwmAppName@ uses to search for users during the user activation. Include each attribute in the <i>Activate User Form</i> in the LDAP search filter. @PwmAppName@ replaces tokens made of a form item name (such as <code>cn</code>) enclosed with a percent sign <code>%cn%</code> with values supplied by the user.<br><br>For example, if the <i>Activate User Form</i> includes the attributes <code>cn</code> and <code>sn</code>, then this filter might be appropriate\:<br><br><code>(&(objectClass\=person)(cn\=%cn%)(sn\=%sn%))</code><br><br>@PwmAppName@ tests any attributes listed in the form but not used in the search filter by performing an LDAP compare operation with the user supplied value.<br><br>If this setting is left blank, @PwmAppName@ automatically generates a search filter based on the required items in the Activate User Search Form.
|
|
|
+Setting_Description_activateUser.token.sendMethod=Select the methods used for sending the token code to the user.
|
|
|
+Setting_Description_activateUser.writePostAttributes=Add actions @PwmAppName@ executes after it actives the users and the users have changed or set their initial passwords. Typically, use this to activate the account, as well as add some searchable indicator.<br/><br/> You can use macros.
|
|
|
+Setting_Description_activateUser.writePreAttributes=Add actions @PwmAppName@ executes after it activates the users but before it sets the password. Typically, use this to activate the account, as well as add some searchable indicator.<br/><br/> You can use macros.
|
|
|
+Setting_Description_audit.syslog.certificates=Import the TLS Certificate of syslog service.
|
|
|
+Setting_Description_audit.syslog.servers=Specify the connection information for the syslog audit server. When configured, @PwmAppName@ forwards all audit events to the specified syslog server. The format is <b><protocol></b>,<b><address></b>,<b><port></b>. The value for <b><protocol></b> can be either <\b>UDP</b> or <b>TCP</b>.<br/><br/>Examples\:<table><tr><td>Protocol</td><td>Address</td><td>Port</td><td>Setting</td><tr><tr><td>UDP</td><td>127.0.0.1</td><td>514</td><td>udp,127.0.0.1,514</td><tr><tr><td>TCP</td><td>central-syslog.example.com</td><td>514</td><td>tcp,central-syslog.example.com,514</td><tr><tr><td>TLS</td><td>secure-syslog.example.com</td><td>6514</td><td>tls,central-syslog.example.com,6514</td><tr></table>
|
|
|
+Setting_Description_audit.system.eventList=Select system event types to record and act upon.
|
|
|
+Setting_Description_audit.user.eventList=Select user event types to record and act upon.
|
|
|
+Setting_Description_audit.userEvent.toAddress=Specify one or more email addresses that the system sends an email to when the User Audit events occur.
|
|
|
+Setting_Description_basicAuth.enable=Enables Basic Authentication.
|
|
|
+Setting_Description_captcha.intruderAttemptTrigger=Specify a number of intruder attempts before @PwmAppName@ requires CAPTCHA. If set to 0, @PwmAppName@ ignores the intruder attempt count and it alwyas requires CAPTCHA. @PwmAppName@ considers intruder attempts for the current session and for the source network address.<br/><br/>The recommended value for this setting is 0. Determined network attackers might be able to bypass the CAPTCHA verification altogether if you use this setting.
|
|
|
+Setting_Description_captcha.protectedPages=Select the pages @PwmAppName@ protects with CAPTCHA. @PwmAppName@ requires the CAPTCHA validation only once per session. Thus, after a user passes the CAPTCHA validation during a session, @PwmAppName@ does not force the user to pass the CAPTCHA again despite the user accessing a second module enabled here.
|
|
|
+Setting_Description_captcha.recaptcha.privateKey=Add a private reCAPTCHA key. If blank, @PwmAppName@ does not perform the CAPTCHA verification.
|
|
|
+Setting_Description_captcha.recaptcha.publicKey=Add a public reCAPTCHA key. If blank, @PwmAppName@ does not perform the CAPTCHA verification.
|
|
|
+Setting_Description_captcha.skip.cookie=Specify a known browser cookie value in a cookie named 'captcha-key'. This allows @PwmAppName@ to skip the CAPTCHA request if the value of the browser cookie is correct. @PwmAppName@ stores the cookie value in the browser after a successful CAPTCHA check.<br/><br/>If blank, then @PwmAppName@ does not store nor read the browser cookie. If set to 'INSTANCEID', then @PwmAppName@ uses the instanceID. If set to any other value, then @PwmAppName@ uses the literal value.
|
|
|
+Setting_Description_captcha.skip.param=Specify a parameter with a key of "skipCaptcha" to allow @PwmAppName@ to skip the CAPTCHA request. This is useful for "internal" clients or links where the CAPTCHA is unneccessary.<br/><br/>For example, if the value is 'okay', a request to\:<br/><br/><i>/public/forgottenpassword?skipCaptcha\=okay</i><br/><br/> causes @PwmAppName@ to bypass the CAPTCHA.
|
|
|
Setting_Description_cas.clearPassUrl=For <a href\="http\://www.jasig.org/cas">CAS</a> authentication integration, enter the ClearPass url here. If blank, CAS authentication integration will be disabled.<br/><br/>You will also need to edit the <i>WEB-INF/web.xml</i> file to enable CAS integration. Uncomment the section for the CAS servlet filters, and modify the CAS servlet parameters as appropriate for your configuration.
|
|
|
Setting_Description_challenge.allowDuplicateResponses=Control if each response is required to be unique
|
|
|
Setting_Description_challenge.allowSetup.queryMatch=Permission used to determine if a user is a permitted to configure challenges. The user must be returned during this ldap query or else the user will not be permitted to configure challenges.
|
Jason