A_pxy_05_Authenware Authentication Process Manager Configuration Guide

Authentication Process ManagerConfiguration Guide

Version 2.5

March 2013 Revision: 8700

Authenware APM Configuration Guide

Table of Contents

Contact Us..............................................................................................................................3Preface................................................................................................................................... 4Typographical Conventions....................................................................................................4Configuration Process............................................................................................................5Configuration..........................................................................................................................6

Authenware Server Access................................................................................................6Session Handling of the Authentication Process Manager...............................................6Application Criteria for Authenware................................................................................... 6Security Aspects................................................................................................................ 7Signature Quality............................................................................................................... 8Signature Compression..................................................................................................... 8Training Criteria................................................................................................................. 9Handling the Verification Code – OTP (One Time Password).........................................10Alert Handling and Notifications...................................................................................... 13E-Mail Server and SMS................................................................................................... 16Directory Service Specifications...................................................................................... 18Credential Server Specifications..................................................................................... 20Juniper Radius Integration...............................................................................................20Database Logs.................................................................................................................21Device Detection..............................................................................................................21Default Properties............................................................................................................ 21APM Server Maintainers..................................................................................................22

Administration Web Service.................................................................................................23Configuring the Log Archives in Authenware APM Server...................................................24Authenware Message Codes...............................................................................................25For More Information............................................................................................................27

2


Contact Us

Copyright 2013, AuthenWare Corporation and/or its affiliates. All rights reserved.

This software and related documentation are protected by intellectual property laws and provided under an End User License Agreement which contains restrictions on use and disclosure. Except as expressly permitted in your End User License Agreement or allowed by law, you may not use, reproduce, copy, license, translate, modify, distribute, broadcast, transmit, publish, perform, exhibit, or display any part, in any form, by any means. Disassembly, decompilation, or reverse engineering of this software, unless required by law for interoperability, is prohibited.

Please click here to view the End User License Agreement.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

This software is developed for multi-factor authentication. It is not developed or intended to be a fail-safe software authentication application. You shall be responsible to take all appropriate measures to secure your data and and systems. AuthenWare Corporation and its affiliates disclaim any liability for any consequential damages caused by the use of this software application.

This software and documentation may provide information on or access to content, services, and products from third parties. AuthenWare Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, services and products. AuthenWare Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.

AuthenWare is a registered trademark of AuthenWare Corporation and/or its affiliates.If you have any questions or would like to contact us for any reason, feel free to do so at:

[email protected]

3

mailto:[email protected]


Preface

Audience: This manual is intended for users of Authenware Technology.

Overview: This document is meant to serve as a guide to understanding how to configure the Authentication Process Manager. It is not a user guide, nor does it provide installation information. If you require information outside the scope of this document, please refer to the “Related Documents” section below to find a manual that better meets your needs.

Related Documents: A_pxy_01_Authenware Authentication Process Manager InstallationA_pxy_02_Authenware Authentication Process Manager SSL Implementation GuideA_pxy_03_Authenware Authentication Process Manager User GuideA_pxy_04_Authenware Authentication Process Manager Web Service Specification

Summary: This document is organized in three main sections. The first section indicates where to find the APM configuration files and how they are set up. The second section outlines every aspect of the APM and how to configure it. The third section provides a listing of all possible error codes and what they mean. Also included is extra information regarding the web service and log archives.

Typographical Conventions

This document uses the following typographical conventions:

Type of Font Used For: Example

Consolas, 12 point, bold, gray

File names

Directory names

Example code

authenware-apm-parameters.xmlAdminEmail/com/authenware/apm/

value=”false”

Arial, 11 point, bold, gray Object or attribute names a property object called “userEmail”

4


Configuration Process

The configuration file for the Authenware Authentication Process Manager (APM) is:

authenware-apm-parameters.xml.

And is located at where was defined in the installation process, usually:

JBOSS_PATH/modules/com/authenware/apm/settings/main

Each parameter in this file has the following syntax:

<bean id="NumberOfFailuresAllowed" scope="prototype" class="java.lang.Integer" >

<constructor-arg index="0" type="java.lang.String" value="3"/></bean>

Each of the parameters has three sections.

• description of the parameter  • identification name id="NumberOfFailuresAllowed” • value for the current parameter name value="3”.

Only the value of each parameter needs to be modified. For example, if you want to allow 5 failed attempts, simply set value=“5”.

WARNING: Do not try to modify the parameter id or data type. Any modification of these could lead to an error on a service start, or when refreshParameters() is called.

Note: Changes to parameters' values will take effect only after restarting the APM or calling the refreshParameters() service.

5

!

N


Configuration

What follows is a description of every aspect of the APM, and instructions on how to modify the parameters.

Authenware Server Access

CoreEndPointThis is the URL where the Authenware Server is installed. For example:

value=”http://[IP Authenware Server]:8080/authenware-core/AuthenwareCoreService?wsdl”

Session Handling of the Authentication Process Manager

SessionValidTimeThis value indicates for how long a session would be valid on the APM. We consider a session as being from the user's first login attempt until he is accepted. A session stores useful information about the user, environment, number of rejections, etc. If a user’s session expires, all their values will be reset, including the number of user rejections.

This value is in milliseconds. So, for example, if you need the session to last for 30 minutes, the value is:

value=”1800000”

Application Criteria for Authenware

CheckGroupThis value indicates if Authenware will evaluate the users’ group. If this value is false then Authenware will always check the user’s signature. If this value is true, Authenware will check the user only if he belongs to any group specified in

6


AuthenwareGroups.

If you’d like to validate all users with Authenware, you should set this value to false.

value=”false”

AuthenwareGroupsThis value indicates which groups will be verified by the APM. If a user logs in to an application and belongs to a group listed in this parameter, it will be verified with Authenware. This only happens when the attribute CheckGroup is configured as true.

The list of groups should be separated by commas. For example:

value=”AuthenwareOperative,AuthenwareParanoid”

Security Aspects

ErrorActionTypeThis value indicates the action that the APM tells the client to take when an error occurs. The errors can be caused by configuration error, error in the parameters received, validation error, or errors from the Authenware Server.

The possible options are:

“loginUser”: Access granted; the user may login into the application.“denyAccess”: User access is denied.

If you would like to harden your security, you can deny the user access in the case of any kind of error with:

value=“denyAccess”

NumberOfFailuresAllowedThis value indicates how many times a user can fail in the login process before the system requests the verification code.

7


If you would like to allow five failed attempts before requesting the verification code, you should use:

value=“5”

Signature Quality

CheckBadQPRThis value indicates if the APM will verify the value of QPR (Quality of Personal Record) to alert the user or administrator that the value is below the established value.

If you would like to alert users and administrators to a low value, you should use:

value=“true”

BadQPRLimitThis value indicates the lowest value of an acceptable QPR; any QPR below this value will be considered bad quality. If the CheckBadQPR was configured as true, the server will start generating the corresponding messages.

If you would like to determine that 75% percent of QPR is a bad quality of signature, you should use:

value=“75”

Signature Compression

DecompressSignatureThis value indicates if the APM will decompress the signatures received. The signature can be compressed or decompressed, depending on the “Signature Builder” that was used in the client to generate it. If the signature is compressed, you should use:

value=“true”

8


Training Criteria

RequestTrainingActionType This value indicates which training type the APM will request the user to choose.


“requestTraining”: Will let the user select progressive or quick training.

“requestProgressiveTraining”: The user can only train with progressive training.

“requestQuickTraining”: The user will train his pattern with the quick training, but he will be able to enter the system even if the training has not been finished.

“requestForceQuickTraining”: The user will train his pattern with the quick training, and he will not be able to enter the system unless the training has finished.

If you want to make sure that the user may enter the system only once his training is complete, you should use:

value=“requestForceQuickTraining”

TrainingGroupsActionTypesThis value indicates which training process the APM will request of the user groups.


“requestTraining”: The user can choose between progressive or quick training

“requestProgressiveTraining”: Forces the progressive training mode

“requestQuickTraining”: Forces the quick training mode

“requestForceQuickTraining”: Forces the quick training mode, and the user will not be able to enter the system unless the training has finished.

For example:

<map><entry key="progressiveTrainingGroup" value="requestProgressiveTraining"/><entry key="quickTrainingGroup" value="requestQuickTraining"/>

</map>

9


MinimumTrainingFrequencyThis parameter is for internal use only, and should not be changed. The value indicates the minimum frequency of training, expressed in days. This is checked in the pre-validate user service.

With the value set to 0 (default), the parameter is disabled.

PatternSetSizeThis value indicates how many times a user must log in to the system to complete his biometric pattern.

We generally request that a user log into the system 10 times; accordingly, we would use:

value=“10”

Handling the Verification Code – OTP (One Time Password)

OtpLength This value indicates how many characters the OTP verification code will have. This code is delivered by the APM.

If you would like the verification code to have 8 characters (for example “A82GTD54”) you should use:

value=“8”

OtpValidTime This value indicates for how long the verification code (OTP) will be valid; after that time the OTP will be invalid. This value is in milliseconds.

If you would like the verification code (OTP) to be valid for 30 minutes, you should use:

value=“1800000”

10


SendOTPByThis list indicates what kind of communication channel will be used to deliver the verification code (OTP).


“SmsChannel”: The verification code (OTP) will be delivered by SMS text message. To deliver the message with SMS, the APM must receive a property object called “userCellPhone” with the user’s telephone number.

“EmailChannel”: The verification code (OTP) will be delivered by e-mail. To deliver the message with e-mail, the APM must receive a property object called “userEmail” with the user’s e-mail address.

If you would like to use e-mail and SMS to send the verification code (OTP), you should use:

<ref bean="SmsChannel"/> <ref bean="EmailChannel"/>

SplitOtpThis value Indicates if the verification code (OTP) should be split. Each part will be sent to one of the recipients defined in the properties “userEmail” and “userCellPhone”.

For example :

value=“false”

IncludeOtpInServiceResponseThis value indicates if the OTP must be included in the “validateUser” service response.

For example:

value=“false”

11


SendOtpToAdministratorThis value indicates if the OTP must be sent by e-mail to the e-mail address defined in the “AdminEmail” parameter.

For example:

value=“true”

UseOtpForNewUsersThis value establishes whether or not the system will send the OTP when a new user is created.

For example:

value=“true”

UseOtpForTrainingThis value establishes whether or not the system will send the OTP when a user is training a pattern.

For example:

value=“true”

UseOtpForExceededNumberAttemptsAllowedThis value establishes whether or not the system will send the OTP when a user exceeds the number of attempts allowed as defined in the “NumberOfFailuresAllowed” parameter.

For example:

value=“true”

TrainingGroupsUseOtpForNewUsersThis value establishes, for each trainingGroup, whether or not the system will send the OTP when a new user is created.

12


For example:

<map><entry key="progressiveTrainingGroup" value="false"/><entry key="quickTrainingGroup" value="true"/>

</map>

TrainingGroupsUseOtpForTrainingThis value establishes, for each trainingGroup, whether or not the system will send the OTP when a user is training a pattern.

For example:

<map><entry key="progressiveTrainingGroup" value="false"/><entry key="quickTrainingGroup" value="true"/>

</map>

Alert Handling and Notifications

AdminEmailThis value indicates the e-mail address for the administrators who will be notified with the alerts from the APM. If you need to indicate more than one e-mail account, you should use semicolon (“;”) to separate them.

value=“[email protected]”

AdminLocalThis value indicates the local settings for the Administrator.


“en”: English“es”: Spanish“fr”: French

13


For example:

value=“en”

AdminAlertCodesThis value indicates which one of the available alert codes will be delivered to the administrator when something happens on the APM. A complete list of error codes is provided later in this document.


“Cod1, Cod2, …, Cod n”: The APM will send only the selected alert messages.

“INFO”: The APM will send alert messages that are INFO, WARNINGS and ERRORS.

“WARNING”: The APM will send alert messages that are WARNINGS and ERRORS.

“ERROR”: The APM will send only alert messages that are ERRORS.

“”: Will not send any kind of alert messages.

If you would like the administrator to receive only alert messages regarding errors, you should use:

value=“ERROR”

UserAlertCodesThis value indicates which one of the available alert codes will be delivered to the user when something happens on the APM. A complete list of error codes is provided later in this document.


“Cod1, Cod2, …, Cod n”: The APM will send only the selected alert messages.

“INFO”: The APM will send alert messages that are INFO, WARNINGS and ERRORS.

“WARNING”: The APM will send alert messages that are WARNINGS and ERRORS.

“ERROR”: The APM will send only alert messages that are ERRORS.

“”: Will not send any kind of alert messages.

If you would like the user to receive only alert messages regarding warnings, we should use:

14


value=“WARNING”

EmailTemplatesMapThis value indicates the filenames of the templates for the APM when it sends alerts through e-mails.

These templates are stored in:

JBOSS_PATH/modules/com/authenware/apm/settings/main/

Each language is stored in a separate directory:

/en (English)/es (Spanish)/fr (French)

The default filename for the templates are:

For "error”, value="ERRORNotification.html"

For "warning", value="WARNINGNotification.html"

For "info", value="INFONotification.html"

For "otp", value="OTPNotification.html"

For "splitotp", value="SPLITOTPNotification.html"

SmsTemplatesMapThis value indicates the filename of the template for the APM when it sends text message (SMS) alerts.

This template is stored in:

JBOSS_PATH/modules/com/authenware/apm/settings/main/

Each language is stored in a separate directory:

/en (English)/es (Spanish)/fr (French)

The default filename for template is:

For "otp", value=“OTPSMS.txt”

15


For "splitotp", value=“SPLITOTPSMS.txt”

E-Mail Server and SMS

MailServerThis value indicates to the SMTP server to send e-mails.

For example:

value=“mail.yourdomain.com”

MailPortThis value indicates the port to be used by the e-mail server.

For example:

value=“25”

MailProtocolThis value indicates the e-mail server protocol.

For example:

value=“smtp”

MailPropertiesThis value indicates the properties that will be used by the SMTP server.

For example:

<props><prop key="mail.smtp.auth">true</prop><prop key="mail.smtp.connectiontimeout">5000</prop><prop key="mail.smtp.sendpartial">true</prop><prop key="mail.smtp.userset">true</prop><prop key="mail.smtp.localhost">yourdomain.com</prop>

</props>

16


Note: If authentication is not required in SMTP server, you should put "mail.smtp.auth = false"

MailUserThis value indicates the e-mail account to identify the user on the e-mail server. This value should be a valid account on the e-mail server.

For example:

value="user @yourdomain.com "

MailPasswordThis value indicates the password for the MailUser e-mail account.

For example:

value=“UsErPaSSwOrd”

MailFromUserThis value indicates the e-mail account from which alerts will be sent. This account should be a valid account on the e-mail server.

For example:

value=“[email protected]”

MailFromNameThis value indicates the name from which alerts will be sent.

For example:

value=“Authenware APM Server”

Note: The parameters MailFromUser and MailFromName are used in the following format: “Authenware APM Server <[email protected]>”

17

N

N




SmsDomainThis value indicates the domain name that should be added to a cell phone number before sending the SMS through an e-mail.

An example of a cell phone number in Argentina is 0261 157483922. With Movistar, to send an SMS we have to remove 0 and 15. The domain for Movistar’s cell phones is @sms.movistar.net.ar, so the address will be [email protected] . In this case, the value should be:

value=“sms.movistar.net.ar”

Directory Service Specifications

ValidateLdapThis value determines whether or not the APM will validate the user through a directory service.

For example:

value="false"

LdapAuthenticationThis value indicates the authentication string. The format depends on the authentication scheme.

For example:

value="${user}@testdomain.loc"

value="cn=${user},cn=Users,dc=testdomain,dc=loc"

Note: The Authenware APM server will replace ${user} with the appropriate user.

LdapHostThis value indicates where the LDAP is hosted.

18

N




For example:

value="ldap://ldapserverhost"

LdapSearchBaseThis value indicates the LDAP Search Base.

For example:

value="dc=testdomain,dc=loc"

UseLdapAdminUserThis value determines if the directory services will authenticate the Authenware APM Server using an LDAP Admin user.

For example:

value="false"

LdapAdminUserThis value indicates the LDAP Admin Username, which will be used if the parameter “UseLdapAdminUser” is “true”.

For example:

value="ldapadminuser"

LdapAdminPasswordThis value indicates the LDAP Admin User Password, which will be used if the parameter “UseLdapAdminUser” is “true”.

For example:

value="ldapadminpassword"

Credential Server Specifications

19


GetCredentialServerTimeUsingSntpThis value determines if the APM will get the time of day from Credential Server using SNTP.For example:

value="false"

CredentialServerSntpIpThis value indicates the Credential Server SNTP Host.

For example:

value="ldapserverhost"

CredentialServerSntpPortThis value indicates the Credential Server SNTP Port.

For example:

value="123"

Juniper Radius Integration

RadiusValidIpAddress & RadiusShareSecretThese values are used for the Juniper – Authenware Integration.

Note: Changes to the Radius' parameter values will not take effect if you are not using the Juniper Instant Virtual Extranet Integration. For more information see “A_int_03_Juniper-Authenware APM Configuration”

Database Logs

20

N


SaveEntryLogThis value determines whether or not the APM will log the user's entries.

For example:

value="true"

Device Detection

DeviceDetectionThis value determines if the APM will detect the device being used and recognize its category.

For example:

value="false"

Default Properties

DefaultPropertiesThis series of values specifies the default value for the properties array.

For example:

<map><entry key="ip" value=""/><entry key="isp" value=""/><entry key="securityLevel" value=""/><entry key="userGroup" value=""/><entry key="userEmail" value=""/><entry key="userCellPhone" value=""/><entry key="credentialContainerDate" value=""/><entry key="credentialLastSet" value=""/><entry key="userPassword" value=""/><entry key="userTrainingGroup" value=""/><entry key="compressedSignature" value=""/><entry key="deviceCategory" value=""/><entry key="device" value=""/>

21


<entry key="patternName" value=""/><entry key="locale" value="en"/><entry key="splitOtp" value=""/>

</map>

APM Server Maintainers

OTPMaintainerPeriodThis value determines the length of time for which the OTP maintainer process will be run, expressed in milliseconds.

For example:

value="10000"

OTPMaintainerMaxDeletesThis value indicates the maximum number of OTPs deleted in the maintainer process.

For example:

value="1000"

SessionMaintainerPeriodThis value determines the length of time for which the APM sessions maintainer process will be run, expressed in milliseconds.

For example:

value="10000"

SessionMaintainerMaxDeletesThis value indicates the maximum number of APM sessions deleted in the maintainer process.

For example:

value="1000"

22


Administration Web Service

The APM implements a web service for administration purposes. As of now, you can only refresh the parameters in the servers that were modified on the file authenware-apm-parameters.xml. It is not necessary to restart the APM when a parameter is modified. The web service definition is located at:

http://[IP Authenware Proxy]:8080/authenware-apm/AuthenwareApmAdminService?wsdl

The web service call for applying the configuration changes is called refreshParameters(). This call does not require any input parameters, and it returns an object of the RefreshParameterOut class. The attributes of this object are:

boolean result: This value is true when the changes can be applied.

Message[] messages: This is an array of errors which have occurred.

The attributes of the Message class are:

int code: This value is the error code.

String message: This value is the error message.

String type: This value indicates the possible message type (“info,” “error,” or “warning”.)

Configuring the Log Archives in Authenware APM Server

The file authenware-apm-log4j.xml has the configuration to change both log level and log file location.

You should locate the time/date-based rolling appender section to modify these two values. You’ll find them in the example below, with both values in bold.

23


The possible values for log level are: TRACE, DEBUG, INFO, WARNING, or ERROR. TRACE is the most verbose and ERROR the least verbose option. TRACE includes all other log levels and so on.



<appender name="FILE-AUTHENWARE-APM" class="org.apache.log4j.RollingFileAppender">

<param name="File" value="/etc/authenware/apm/authenware-apm.log"/> <param name="Append" value="true"/> <layout class="org.apache.log4j.PatternLayout">  <param name="ConversionPattern" value="%d %-5p [%c{1}] %m%n"/> </layout></appender>

<category name="com.authenware.authentest.proxy"><priority value="TRACE"/><appender-ref ref="FILE-AUTHENWARE-APM"/>

</category>

Authenware Message Codes

AUTHENWARE SERVER

CODE TYPE MESSAGE100 ERROR Error while parsing object AuthenwareSignature.

1001 WARNINGThe user doesn't have enough logins to be able to deliver a certain response. The trust identity rate should not be considered.

1002 INFO User needs <number> more logins to complete the pattern.

24


1003 ERRORError while parsing the dates in the pattern validity process. The correct format is yyyy-mm-dd hh:mm:ss.

4001 ERRORThe data capture is not consistent, the keyup and keydown events don't match.

4002 ERROR The number of captured events doesn't match with the pattern.4003 ERROR Error while getting the biometric pattern.

4004 ERRORThere was an error while inserting the login record in the LoginDAO class.

4005 ERRORThe user <user> of the organization <organization> is not registered in Authenware.

4006 ERROR The user <user> couldn’t be created on the database.4007 ERROR Parameter error; <parameter> doesn't have a value.4008 ERROR Parameter error; parameters container not found.

4009 ERRORThe application <application> doesn’t exist in the Authenware database.

4010 ERRORThe field <field> of the application <application> doesn’t exist in the Authenware database.

4012 ERRORThe data captured is not consistent, the number of keys do not match.

4013 ERROR The user name can not be empty.4014 ERROR The user name can not be blank.4015 ERROR The organization code can not be 0.4016 ERROR One of the fields doesn’t have any captured events.4023 ERROR Error checking user: <error>.4030 ERROR The application <application> couldn’t be created.

4031 ERRORThe application <application> couldn’t be created, the identifier or name is duplicated.

4032 ERROR The application name can not be empty.

4033 ERROR The application name can not be blank.

4034 ERRORThe security level <security level> for the application <application> is not a valid level.

4035 ERROR The application <application> could not be deleted.

4036 ERRORThe application <application> doesn’t exist in the Authenware database.

4040 ERROR The field <field> could not be created.

4041 ERRORThe field <field> could not be updated; the identifier was duplicated or the field of the client for the application was already entered.

4042 ERROR The client field can not be empty.4043 ERROR The client field can not be blank.4045 ERROR The field <field> could not be deleted.4060 ERROR It can't update the Login register.

4061 ERROR The user and the field can't be empty.

4084 ERROR The requested user doesn’t have a pattern.4500 ERROR Authenware unknown error: <error>.

25


4710 ERROR The security level <security level> is not a valid level.5000 ERROR Failed to locate the service: <error>.6001 WARNING It was promoted to gray zone by pattern <pattern>.6002 ERROR It was denied because the biometric record seems to be a fraud.8000 ERROR License Validation: Error parsing the license file.8001 ERROR The time defined for the license has expired.8002 ERROR The number of users defined for the license was exceeded.8003 ERROR The number of applications defined for the license was exceeded.

8004 ERRORThe number of organizations defined for the license was exceeded.

8005 ERROR The number of transactions defined for the license was exceeded.9010 ERROR Error while accessing to Authenware W.R.A.P. Server.9020 ERROR Error while getting Signature from Authenware W.R.A.P. Server.

9022 ERRORError creating the new pattern <pattern>, another pattern with this name already exists.

100 ERROR Error while parsing object AuthenwareSignature.

AUTHENWARE APM SERVER

CODE TYPE MESSAGE10001 INFO The user will be controlled by Authenware Server.10002 INFO The user does not exist in Authenware Server.10003 INFO The user was successfully created in Authenware Server.10004 INFO The user will not be controlled by Authenware Server.10005 WARNING The user should train again because his credentials were modified.10006 ERROR The verification code is incorrect.10007 ERROR The number of signatures is incorrect.10008 ERROR Error while accessing the Authenware Server service.

10009 ERRORError initializing the Authenware APM Server. Please check the parameter file, database connection and Core connection.

10010 ERROR Error while creating the user.10011 ERROR Error while validating the signature.10012 ERROR Error while resetting the pattern.10013 ERROR Error while verifying if the pattern is ready.10014 ERROR Error while creating a new pattern.

10015 WARNINGThe user could login, but his QPR is lower than the established limit.

10016 WARNING User exceeded the number of attempts allowed.10017 ERROR Error while checking validity of user credentials.10018 ERROR The Authenware Server URL is incorrect.10019 ERROR Error in connecting with Authenware Server.10020 ERROR Error while refreshing the parameters.10021 INFO The verification code (One Time Password) was sent to the user.10022 ERROR Error while saving the workstation log

26


10023 ERROR Error while parsing log10024 ERROR The SMS Server URL is incorrect.10025 ERROR Error in connecting to the SMS Server.10026 ERROR Error while validating user in the Directory Services.10027 ERROR The user will be validated in the Directory Services.10028 ERROR The user credentials are not valid in the Directory Services.10029 ERROR The user does not have data in the Directory Services.10030 ERROR There is no data (email or cellphone) to send the OTP.

10031 ERRORThe user should train again, because his QPR is lower than the established limit.

10032 ERROR Error while getting the time from the Credential Server using SNTP.10033 ERROR Error decompressing the signature.10034 ERROR Error checking the training frequency.10035 ERROR The user can not be blank.10036 ERROR The field and the application can not be blank.10037 ERROR Error creating/getting an APM session.10038 ERROR Error creating/getting one time password (OTP).10039 ERROR Error detecting device.10040 ERROR Error obtaining user's patterns.10041 ERROR The signature can not be blank.10099 ERROR Authenware APM unknown error: <error>.

For More Information

This manual is intended to provide information on how to configure the various aspects of the Authenware APM Server. If you require more information than was provided in this guide, please see the “Related Documents” section to find a document that better meets your needs.

Appendix I – End User License Agreement

Authenware ™ End User Software License Agreement This End User License Agreement governs the use of any of the versions of Authenware™ software and any related updates and/or upgrades regardless of the delivery mechanism.

1. License Grant. Subject to the terms and conditions of this Agreement, Licensor hereby grants to Licensee the right to use the Authenware™ software (the “Software”) solely for the internal business uses of Licensee, and not for resale, redistribution or use in operating a service bureau or otherwise providing business process management services to any third party.

2. Ownership by Licensor. Licensor (or its licensors) shall own all right, title, interest and in (a) the Software, including all business process templates developed solely by Licensor (and/or its contractors) or jointly by Licensor (and/or its contractors) and Licensee, (b) the following materials provided or developed by

27


Licensor during the course of this Agreement or any Statement of Work thereunder: Software specifications, operating instructions, pricing terms, training materials, user documentation, custom code, integrations, system requirements, user interface code or templates, software specifications, software, and drafts of the foregoing (the “Other Licensor Materials”), (c) all trade secrets, patents, trade marks, service marks, copyrights, trade dress, inventions, know how, applications to register any of the foregoing and other proprietary rights (“Intellectual Property Rights”) in the foregoing, and (d) any modifications or derivative works thereof and any copies of the foregoing. All suggestions, solutions, improvements, corrections, and other contributions provided by Licensee regarding the Software or the Other Licensor Materials shall become the property of Licensor (or its licensors) and Licensee hereby agrees to assign any such rights to Licensor.

3. Copies. Licensee agrees not to make any copies of the Software, except that it may make one copy of the Software for backup and archive purposes. Licensee shall keep and maintain complete and accurate records of each copy made of the Software and provide such records to Licensor upon request.

4. Restrictions. Licensee will not: (a) except as explicitly allowed under this Agreement, copy, edit, modify, adapt, translate, port, reproduce (except as necessary for installation), distribute, transfer, lend, sell, sub-license, assign or otherwise transfer any of the Software, any component thereof, or any output generated by the Software; (b) prepare any derivative work based upon the Software or any component thereof; (c) reverse engineer, disassemble or decompile the Software or any component thereof, or attempt to discover or disclose the source code of the Software or any component thereof; (d) encumber, time-share, rent or lease the rights granted by Licensor under this Agreement; (e) remove, obscure, or alter any notice of Licensor’s (or its licensors’) intellectual property rights present on or in the Software or any component thereof; (f) use the Software or any component thereof for any purpose not authorized or contemplated under this Agreement or in violation of any express prohibition set forth elsewhere in this Agreement, including the exhibits hereto or policies reference herein; or (g) authorize or permit any person or entity to do any of the foregoing; or (h) use, or permit an Licensee to use, the Software sub-licensed for a particular Licensee for the benefit of any party other than such Licensee or for any process other than for the specific process was sub-licensed.

5. Confidentiality

5.1 Definition. For purposes of this Agreement, the following information shall be considered “Confidential Information”: any and all (i) technical and non-technical information including but not limited to patent, trade secret and proprietary information, techniques, sketches, drawings, models, inventions, know-how, processes, apparatus, equipment, computer code and algorithms related to either party, and (ii) information relating to marketing plans, business opportunities, personnel, research, development or know-how. The Software and Other Licensor Materials shall be considered the Confidential Information of Licensor.

5.2 Treatment of Confidential Information. Each party (the “Receiving Party”) agrees (i) to use commercially reasonable efforts to protect the Confidential Information of the disclosing party (the “Disclosing Party”) and (ii) that it will not and will ensure that its employees, will not use, disseminate or in any way disclose any Confidential Information of the Disclosing Party to any person, firm or business, except as specifically authorized in this Agreement or for any purpose the Disclosing Party may hereafter authorize in writing. The Receiving Party agrees to disclose the Confidential Information of the Disclosing Party only to those employees who have a “need to know”.

5.3 Exceptions. The restrictions set forth in this Section 5 will not apply to any information that the Receiving Party can demonstrate: (a) was known by the Receiving Party without an obligation of confidentiality, prior to disclosure by the Disclosing Party; (b) was in or entered the public domain through no fault of the Receiving Party; (c) is disclosed to the Receiving Party without an obligation of confidentiality; or (d) is independently developed by the Receiving Party without reference to any Confidential Information of the Disclosing Party. A party shall not be in violation of this Section 5 if it discloses Confidential Information demanded by a lawful order from any court or any body empowered to issue such an order, provided that the Receiving Party notifies the Disclosing Party promptly of the receipt of any such order, provides the Disclosing Party with a copy of such order, and, if requested by the Disclosing Party, uses good faith efforts to limit or obtain confidential treatment with respect to information disclosed pursuant to such order.

5.4 No Conveyance of Ownership. Nothing in this Agreement shall be construed to convey any title or ownership rights to the Confidential Information of the Disclosing Party or to any Intellectual Property Rights therein or grant any other right, title, or ownership interest to the Disclosing Party Confidential Information except as may be provided by this Agreement.

28


6. Limited Warranty.

6.1 Performance. Licensor warrants that the Software, standing alone without use in combination or conjunction with any third party software or apparatus, will perform substantially in accordance with the applicable specifications included in the Other Licensor Materials for a period of thirty (30) days following delivery. This warranty shall be rendered null and void if the failure of the Software has resulted from an accident, abuse, or misapplication caused by Licensee. Licensor’s entire liability and Licensee’s exclusive remedy under this warranty is to repair or replace the Software which does not meet the warranties contained in this Section 6. Any replacement of the Software shall be warranted for the remainder of the original warranty period. Licensor’s warranty obligations shall not apply: (a) if the Software has not been installed in accordance with the installation instructions provided by Licensor; or (b) if the Licensee’s computing environment does not meet the minimum system requirements then specified by Licensor for the Software at the time the Software was ordered.

6.2 Warranty Disclaimer. SECTION 6.1 CONSTITUTES THE ONLY WARRANTIES GRANTED BY LICENSOR (OR ITS LICENSORS) WITH RESPECT TO THE SOFTWARE, SUPPORT SERVICES OR CONSULTING SERVICES AND ARE EXPRESSLY MADE IN LIEU OF ANY OTHER EXPRESS OR IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR OF NON-INFRINGEMENT. REGARDLESS OF ANY COURSE OF DEALING, PROMOTIONAL LITERATURE OR OTHER ACTIONS APPARENTLY CREATING A WARRANTY, LICENSOR MAKES NO WARRANTIES, EXPRESS OR IMPLIED, EXCEPT AS DETAILED IN THIS AGREEMENT RESPECTING THE FUNCTIONAL CHARACTERISTICS OR PERFORMANCE OF THE SOFTWARE, SUPPORT SERVICES OR CONSULTING SERVICES OR OF THE PROFITABILITY, COST BENEFITS OR OTHER BENEFITS TO BE OBTAINED BY LICENSEE FROM THE USE OF THE SOFTWARE OR SERVICES.

7. Limitation of Liability. LICENSOR (AND ITS LICENSORS) SHALL NOT BE LIABLE TO LICENSEE FOR DAMAGES FOR ANY CAUSE RELATED TO OR ARISING OUT OF THIS AGREEMENT, WHETHER IN CONTRACT, NEGLIGENCE OR TORT, IN AN AMOUNT THAT EXCEEDS THE TOTAL PORTION OF THE LICENSE FEES PAID BY LICENSEE TO LICENSOR DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRIOR TO THE EVENT WHICH GAVE RISE TO SUCH DAMAGES HEREUNDER. LICENSOR (AND ITS LICENSORS) SHALL NOT BE LIABLE TO LICENSEE UNDER ANY LEGAL THEORY, WHETHER IN AN ACTION BASED ON A CONTRACT, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY) OR ANY OTHER LEGAL THEORY, HOWEVER ARISING, FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES RESULTING FROM LOST PROFITS, INTERRUPTION OF BUSINESS, LOSS OF DATA OR PROGRAMS, LOSS OF USE OF COMPUTER HARDWARE, OR LOSS OF GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8 Early Termination. A party may terminate this Agreement: (a) by giving notice to the other party if the other party materially breaches the Agreement (which shall include, without limitation, failure by Licensee to make timely payments hereunder) and fails to cure such breach within 30 days of written notice thereof; or (b) if the other party ceases to conduct business, becomes or is declared insolvent or bankrupt, is the subject of any proceeding relating to its liquidation or insolvency which is not dismissed or stayed within ninety (90) days or makes a general assignment for the benefit of its creditors.

9 Effects of Termination. Upon termination of this Agreement: (a) Licensee’s right to use the Software shall automatically terminate; and (b) both parties will return or destroy the originals and all full or partial copies of the Confidential Information of the other party (including any Software in Licensee’s possession) and any other materials furnished hereunder within ten (10) days and, at the request of the other party, shall certify in writing that all such materials have been returned or destroyed.

10. General Provisions.

10.1 Export. Licensee shall comply with all then current Export Laws and Regulations of the United States Government pertaining to the Software. Licensee hereby certifies that it will not directly or indirectly, export, re-export, or transship the Software or related information, media, or products in violation of United States laws, rules, and regulations.

10.2 Attorneys’ Fees. In addition to any other relief awarded, the prevailing party in any action arising out of this Agreement will be entitled to its reasonable attorneys’ fees and costs.

10.3 Entire Agreement; Amendments. This Agreement, including any all Exhibits attached hereto and agreements, policies and programs reference herein, constitutes the entire agreement between the parties with respect to the subject matter contained herein and supersedes all prior proposals, agreements, negotiations, correspondence, understandings, and other communications, whether written or oral, between Licensor and

29


Licensee. There are no promises, covenants or undertakings other than those expressly set forth herein. This Agreement may not be modified except in writing signed by authorized representatives of Licensor and Licensee. The parties agree that facsimile signatures of authorized representatives of the parties on this Agreement will be binding.

10.4 Injunctive Relief. The parties agree that money damages will be inadequate in the event of a breach of Section 3, 4 and 5 of this Agreement and that the non-breaching party shall be entitled to injunctive relief in the event of such a breach without the necessity of posting a bond.

10.5 Discontinuation of Software or Support Services. Licensor reserves the right to discontinue supply of any or all Software or to discontinue renewing the Support Services in the event Licensor (or its licensors) generally discontinues active distribution of any or all of the Software or active provision of the Support Services.

10.6 Force Majeure. Neither party shall be in default for, or held responsible for damages caused by delay or failure to perform in full or in part its obligations under this Agreement (other than payment obligations) where such delay or failure is due to circumstances, such as fires, strikes, acts of God or acts of terrorism, which are beyond the control of the party.

10.7 Choice of Law and Forum. This Agreement shall be governed by, and construed in accordance with, the laws of the State of Florida without reference to conflicts of laws rules, which would require application of another substantive law. The United Nations Convention on Contracts for the International Sale of Goods is specifically excluded from application to this Agreement. All disputes arising out of or relating to this Agreement may only be brought in the state or federal courts located in Florida, and the parties hereby agree and submit to the personal and exclusive jurisdiction and venue of these courts.

10.8 Third Party Beneficiary. Licensee agrees that Licensor’s licensors are intended to be third party beneficiaries of this Agreement. Such licensors may bring direct action against Licensee for the breach of the terms hereof that relate to the software or other materials provided by such licensors.

10.9 Verification. Licensee agrees that Licensor (or its licensors) may, upon five (5) business days’ prior written notice, enter Licensee’s premises to verify Licensee’s compliance with the provisions of this Agreement. Licensor’s inspections shall: (i) be limited to one annual inspection (unless Licensor believes that it has just cause for multiple inspections); (ii) take place during Licensee’s normal business hours; and (iii) involve inspection of only those records pertaining to the Licensor Software including copy locations. If Licensee is found not to be in substantial compliance with this Agreement, Licensee shall pay the reasonable expenses associated with such inspection. Licensor’s rights of inspection shall remain in effect through the period ending one year from the termination or expiration of this Agreement.

10.10 Third Party Programs. Third Party components of the Authenware solution are subject to their own license terms. These third party software programs are components only and cannot be used directly by the Licensee. WARNING: Do not upgrade or reconfigure any software components. Any changes to the delivered configuration could result in serious consequences to the performance of the software.

10.11 Trademarks. Trademark 2010 Authenware Corporation, INC. All rights reserved. “Authenware” logo is a registered trademark of Authenware Corporation, Inc. All other trademarks are the property of their respective owners.

10.12 WARNINGS. ANY ATTEMPT TO TAMPER, MODIFY, ADAPT, REVERSE ENGINEER, DISASSEMBLE, DECOMPILE, DECRYPT OR OTHERWISE DERIVE SOURCE CODE FROM THE SOFTWARE WILL RESULT IN IMMEDIATE TERMINATION OF THE LICENSE AGREEMENT AND WILL BE PUNISHED TO THE FULLEST EXTENT OF THE LAW. DO NOT UPGRADE OR RECONFIGURE ANY SOFTWARE COMPONENT. ANY CHANGES TO DELIVERED CONFIGURATION MAY RESULT IN SERIOUS CONSEQUENCES TO THE PERFORMANCE OF THE SOFTWARE.

YOU MUST READ THIS ENTIRE AUTHENWARE™ END USER SOFTWARE LICENSE AGREEMENT

("LICENSE AGREEMENT") CAREFULLY BEFORE ACCEPTING OR INSTALLING THIS APPLICATION.

IF YOU DO NOT AGREE TO THE TERMS OF THIS LICENSE AGREEMENT, YOU AGREE NOT TO

INSTALL. BY CLICKING "I ACCEPT" OR BY INSTALLING YOU AGREE TO BECOME A PARTY TO, AND

30


BE BOUND BY, THE TERMS OF THIS LICENSE AGREEMENT AND THIS LICENSE IS ENTERED INTO

BETWEEN AUTHENWARE CORPORATION AND THE ORGANIZATION EXECUTING THIS LICENSE

AGREEMENT ("YOU" AND "YOUR").

31