Authentication Process Manager

Configuration Guide
Version 2.5

March 2013

Revision: 8700

Authenware APM Configuration Guide

Table of Contents
Contact Us..............................................................................................................................3
Preface................................................................................................................................... 4
Typographical Conventions....................................................................................................4
Configuration Process............................................................................................................5
Configuration.......................................................................................................................... 6
Authenware Server Access................................................................................................6
Session Handling of the Authentication Process Manager...............................................6
Application Criteria for Authenware................................................................................... 6
Security Aspects................................................................................................................ 7
Signature Quality............................................................................................................... 8
Signature Compression..................................................................................................... 8
Training Criteria................................................................................................................. 9
Handling the Verification Code OTP (One Time Password).........................................10
Alert Handling and Notifications...................................................................................... 13
E-Mail Server and SMS................................................................................................... 16
Directory Service Specifications...................................................................................... 18
Credential Server Specifications..................................................................................... 20
Juniper Radius Integration...............................................................................................20
Database Logs.................................................................................................................21
Device Detection..............................................................................................................21
Default Properties............................................................................................................ 21
APM Server Maintainers..................................................................................................22
Administration Web Service................................................................................................. 23
Configuring the Log Archives in Authenware APM Server...................................................24
Authenware Message Codes...............................................................................................25
For More Information............................................................................................................27

Authenware APM Configuration Guide

Contact Us
Copyright 2013, AuthenWare Corporation and/or its affiliates. All rights reserved.
This software and related documentation are protected by intellectual property laws
and provided under an End User License Agreement which contains restrictions on
use and disclosure. Except as expressly permitted in your End User License
Agreement or allowed by law, you may not use, reproduce, copy, license, translate,
modify, distribute, broadcast, transmit, publish, perform, exhibit, or display any part,
in any form, by any means. Disassembly, decompilation, or reverse engineering of
this software, unless required by law for interoperability, is prohibited.
Please click here to view the End User License Agreement.
The information contained herein is subject to change without notice and is not
warranted to be error-free. If you find any errors, please report them to us in writing.
This software is developed for multi-factor authentication. It is not developed or
intended to be a fail-safe software authentication application. You shall be
responsible to take all appropriate measures to secure your data and and systems.
AuthenWare Corporation and its affiliates disclaim any liability for any consequential
damages caused by the use of this software application.
This software and documentation may provide information on or access to content,
services, and products from third parties. AuthenWare Corporation and its affiliates
are not responsible for and expressly disclaim all warranties of any kind with
respect to third-party content, services and products. AuthenWare Corporation and
its affiliates will not be responsible for any loss, costs, or damages incurred due to
your access to or use of third-party content, products, or services.
AuthenWare is a registered trademark of AuthenWare Corporation and/or its
affiliates.
If you have any questions or would like to contact us for any reason, feel free to do
so at:
support@authenware.com

Authenware APM Configuration Guide

Preface
Audience: This manual is intended for users of Authenware Technology.
Overview: This document is meant to serve as a guide to understanding how to
configure the Authentication Process Manager. It is not a user guide, nor does it
provide installation information. If you require information outside the scope of this
document, please refer to the Related Documents section below to find a manual
that better meets your needs.
Related Documents:
A_pxy_01_Authenware Authentication Process Manager Installation
A_pxy_02_Authenware Authentication Process Manager SSL Implementation
Guide
A_pxy_03_Authenware Authentication Process Manager User Guide
A_pxy_04_Authenware Authentication Process Manager Web Service Specification
Summary: This document is organized in three main sections. The first section
indicates where to find the APM configuration files and how they are set up. The
second section outlines every aspect of the APM and how to configure it. The third
section provides a listing of all possible error codes and what they mean. Also
included is extra information regarding the web service and log archives.

Typographical Conventions
This document uses the following typographical conventions:
Type of Font

Used For:

Example

Consolas, 12 point,
bold, gray

File names
Directory names

authenware-apmparameters.xml
AdminEmail
/com/authenware/apm/

Example code

value=false

Object or attribute names

a property object called

userEmail

Arial, 11 point, bold, gray

Authenware APM Configuration Guide

Configuration Process
The configuration file for the Authenware Authentication Process Manager (APM) is:
authenware-apm-parameters.xml.
And is located at where was defined in the installation process, usually:
JBOSS_PATH/modules/com/authenware/apm/settings/main
Each parameter in this file has the following syntax:
<!-- Number of failures allowed before request verification code
-->
<bean id="NumberOfFailuresAllowed" scope="prototype"
class="java.lang.Integer" >
<constructor-arg index="0" type="java.lang.String"
value="3"/>
</bean>

Each of the parameters has three sections.

description of the parameter

identification name
value for the current parameter name

<!-- Number of failures..-->

id="NumberOfFailuresAllowed
value="3.

Only the value of each parameter needs to be modified. For example, if you want to
allow 5 failed attempts, simply set value=5.

WARNING: Do not try to modify the parameter id or data type. Any modification of

Note: Changes to parameters' values will take effect only after restarting the APM

these could lead to an error on a service start, or when refreshParameters() is

called.

or calling the refreshParameters() service.

Authenware APM Configuration Guide

Configuration
What follows is a description of every aspect of the APM, and instructions on how to
modify the parameters.

Authenware Server Access

CoreEndPoint
This is the URL where the Authenware Server is installed. For example:
value=http://[IP Authenware Server]:8080/authenware core/AuthenwareCoreService?wsdl

Session Handling of the Authentication Process

Manager
SessionValidTime
This value indicates for how long a session would be valid on the APM. We
consider a session as being from the user's first login attempt until he is accepted. A
session stores useful information about the user, environment, number of rejections,
etc. If a users session expires, all their values will be reset, including the number of
user rejections.
This value is in milliseconds. So, for example, if you need the session to last for 30
minutes, the value is:
value=1800000

Application Criteria for Authenware

CheckGroup
This value indicates if Authenware will evaluate the users group. If this value is
false then Authenware will always check the users signature. If this value is true,
Authenware will check the user only if he belongs to any group specified in

Authenware APM Configuration Guide

AuthenwareGroups.
If youd like to validate all users with Authenware, you should set this value to false.
value=false

AuthenwareGroups
This value indicates which groups will be verified by the APM. If a user logs in to an
application and belongs to a group listed in this parameter, it will be verified with
Authenware. This only happens when the attribute CheckGroup is configured as
true.
The list of groups should be separated by commas. For example:
value=AuthenwareOperative,AuthenwareParanoid

Security Aspects
ErrorActionType
This value indicates the action that the APM tells the client to take when an error
occurs. The errors can be caused by configuration error, error in the parameters
received, validation error, or errors from the Authenware Server.
The possible options are:
loginUser: Access granted; the user may login into the application.
denyAccess: User access is denied.
If you would like to harden your security, you can deny the user access in the case
of any kind of error with:
value=denyAccess

NumberOfFailuresAllowed
This value indicates how many times a user can fail in the login process before the
system requests the verification code.

Authenware APM Configuration Guide

If you would like to allow five failed attempts before requesting the verification code,
you should use:
value=5

Signature Quality
CheckBadQPR
This value indicates if the APM will verify the value of QPR (Quality of Personal
Record) to alert the user or administrator that the value is below the established
value.
If you would like to alert users and administrators to a low value, you should use:
value=true

BadQPRLimit
This value indicates the lowest value of an acceptable QPR; any QPR below this
value will be considered bad quality. If the CheckBadQPR was configured as true,
the server will start generating the corresponding messages.
If you would like to determine that 75% percent of QPR is a bad quality of signature,
you should use:
value=75

Signature Compression
DecompressSignature
This value indicates if the APM will decompress the signatures received. The
signature can be compressed or decompressed, depending on the Signature
Builder that was used in the client to generate it.
If the signature is compressed, you should use:
value=true

Authenware APM Configuration Guide

Training Criteria
RequestTrainingActionType
This value indicates which training type the APM will request the user to choose.
The possible options are:
requestTraining: Will let the user select progressive or quick training.
requestProgressiveTraining: The user can only train with progressive training.
requestQuickTraining: The user will train his pattern with the quick training, but he
will be able to enter the system even if the training has not been finished.
requestForceQuickTraining: The user will train his pattern with the quick training,
and he will not be able to enter the system unless the training has finished.
If you want to make sure that the user may enter the system only once his training
is complete, you should use:
value=requestForceQuickTraining

TrainingGroupsActionTypes
This value indicates which training process the APM will request of the user groups.
The possible options are:
requestTraining: The user can choose between progressive or quick training
requestProgressiveTraining: Forces the progressive training mode
requestQuickTraining: Forces the quick training mode
requestForceQuickTraining: Forces the quick training mode, and the user will not
be able to enter the system unless the training has finished.
For example:
<map>
<entry key="progressiveTrainingGroup"
value="requestProgressiveTraining"/>
<entry key="quickTrainingGroup"
value="requestQuickTraining"/>
</map>

Authenware APM Configuration Guide

MinimumTrainingFrequency
This parameter is for internal use only, and should not be changed. The value
indicates the minimum frequency of training, expressed in days. This is checked in
the pre-validate user service.
With the value set to 0 (default), the parameter is disabled.

PatternSetSize
This value indicates how many times a user must log in to the system to complete
his biometric pattern.
We generally request that a user log into the system 10 times; accordingly, we
would use:
value=10

Handling the Verification Code OTP (One Time

Password)
OtpLength
This value indicates how many characters the OTP verification code will have. This
code is delivered by the APM.
If you would like the verification code to have 8 characters (for example
A82GTD54) you should use:
value=8

OtpValidTime
This value indicates for how long the verification code (OTP) will be valid; after that
time the OTP will be invalid. This value is in milliseconds.
If you would like the verification code (OTP) to be valid for 30 minutes, you should
use:
value=1800000

10

Authenware APM Configuration Guide

SendOTPBy
This list indicates what kind of communication channel will be used to deliver the
verification code (OTP).
The possible options are:
SmsChannel: The verification code (OTP) will be delivered by SMS text message.
To deliver the message with SMS, the APM must receive a property object called
userCellPhone with the users telephone number.
EmailChannel: The verification code (OTP) will be delivered by e-mail. To deliver
the message with e-mail, the APM must receive a property object called userEmail
with the users e-mail address.
If you would like to use e-mail and SMS to send the verification code (OTP), you
should use:
<ref bean="SmsChannel"/>
<ref bean="EmailChannel"/>

SplitOtp
This value Indicates if the verification code (OTP) should be split. Each part will be sent to
one of the recipients defined in the properties userEmail and userCellPhone.
For example :
value=false

IncludeOtpInServiceResponse
This value indicates if the OTP must be included in the validateUser service
response.
For example:
value=false

11

Authenware APM Configuration Guide

SendOtpToAdministrator
This value indicates if the OTP must be sent by e-mail to the e-mail address defined
in the AdminEmail parameter.
For example:
value=true

UseOtpForNewUsers
This value establishes whether or not the system will send the OTP when a new
user is created.
For example:
value=true

UseOtpForTraining
This value establishes whether or not the system will send the OTP when a user is
training a pattern.
For example:
value=true

UseOtpForExceededNumberAttemptsAllowed
This value establishes whether or not the system will send the OTP when a user
exceeds the number of attempts allowed as defined in the
NumberOfFailuresAllowed parameter.
For example:
value=true

TrainingGroupsUseOtpForNewUsers
This value establishes, for each trainingGroup, whether or not the system will send
the OTP when a new user is created.

12

Authenware APM Configuration Guide

For example:
<map>
<entry key="progressiveTrainingGroup"
value="false"/>
<entry key="quickTrainingGroup" value="true"/>
</map>

TrainingGroupsUseOtpForTraining
This value establishes, for each trainingGroup, whether or not the system will send
the OTP when a user is training a pattern.
For example:
<map>
<entry key="progressiveTrainingGroup"
value="false"/>
<entry key="quickTrainingGroup" value="true"/>
</map>

Alert Handling and Notifications

AdminEmail
This value indicates the e-mail address for the administrators who will be notified
with the alerts from the APM. If you need to indicate more than one e-mail account,
you should use semicolon (;) to separate them.
value=administrador@yourdomain.com

AdminLocal
This value indicates the local settings for the Administrator.
The possible options are:
en: English
es: Spanish
fr: French

13

Authenware APM Configuration Guide

For example:
value=en

AdminAlertCodes
This value indicates which one of the available alert codes will be delivered to the
administrator when something happens on the APM. A complete list of error codes
is provided later in this document.
The possible options are:
Cod1, Cod2, , Cod n: The APM will send only the selected alert messages.
INFO: The APM will send alert messages that are INFO, WARNINGS and
ERRORS.
WARNING: The APM will send alert messages that are WARNINGS and
ERRORS.
ERROR: The APM will send only alert messages that are ERRORS.
: Will not send any kind of alert messages.
If you would like the administrator to receive only alert messages regarding errors,
you should use:
value=ERROR

UserAlertCodes
This value indicates which one of the available alert codes will be delivered to the
user when something happens on the APM. A complete list of error codes is
provided later in this document.
The possible options are:
Cod1, Cod2, , Cod n: The APM will send only the selected alert messages.
INFO: The APM will send alert messages that are INFO, WARNINGS and
ERRORS.
WARNING: The APM will send alert messages that are WARNINGS and
ERRORS.
ERROR: The APM will send only alert messages that are ERRORS.
: Will not send any kind of alert messages.
If you would like the user to receive only alert messages regarding warnings, we
should use:

14

Authenware APM Configuration Guide

value=WARNING

EmailTemplatesMap
This value indicates the filenames of the templates for the APM when it sends alerts
through e-mails.
These templates are stored in:
JBOSS_PATH/modules/com/authenware/apm/settings/main /
Each language is stored in a separate directory:
/en (English)
/es (Spanish)
/fr (French)
The default filename for the templates are:
For "error, value="ERRORNotification.html"
For "warning", value="WARNINGNotification.html"
For "info", value="INFONotification.html"
For "otp", value="OTPNotification.html"
For "splitotp", value="SPLITOTPNotification.html"

SmsTemplatesMap
This value indicates the filename of the template for the APM when it sends text
message (SMS) alerts.
This template is stored in:
JBOSS_PATH/modules/com/authenware/apm/settings/main/
Each language is stored in a separate directory:
/en (English)
/es (Spanish)
/fr (French)
The default filename for template is:
For "otp", value=OTPSMS.txt

15

Authenware APM Configuration Guide

For "splitotp", value=SPLITOTPSMS.txt

E-Mail Server and SMS

MailServer
This value indicates to the SMTP server to send e-mails.
For example:
value=mail.yourdomain.com

MailPort
This value indicates the port to be used by the e-mail server.
For example:
value=25

MailProtocol
This value indicates the e-mail server protocol.
For example:
value=smtp

MailProperties
This value indicates the properties that will be used by the SMTP server.
For example:
<props>
<prop
<prop
<prop
<prop
<prop
</props>

key="mail.smtp.auth">true</prop>
key="mail.smtp.connectiontimeout">5000</prop>
key="mail.smtp.sendpartial">true</prop>
key="mail.smtp.userset">true</prop>
key="mail.smtp.localhost">yourdomain.com</prop>

16

Authenware APM Configuration Guide

Note: If authentication is not required in SMTP server, you should put

"mail.smtp.auth = false"

MailUser
This value indicates the e-mail account to identify the user on the e-mail server.
This value should be a valid account on the e-mail server.
For example:
value="user@yourdomain.com "

MailPassword
This value indicates the password for the MailUser e-mail account.
For example:
value=UsErPaSSwOrd

MailFromUser
This value indicates the e-mail account from which alerts will be sent. This account
should be a valid account on the e-mail server.
For example:
value=relay@yourdomain.com

MailFromName
This value indicates the name from which alerts will be sent.
For example:
value=Authenware APM Server

Note: The parameters MailFromUser and MailFromName are used in the following
format: Authenware APM Server <relay@yourdomain.com>

17

Authenware APM Configuration Guide

SmsDomain
This value indicates the domain name that should be added to a cell phone number
before sending the SMS through an e-mail.
An example of a cell phone number in Argentina is 0261 157483922. With Movistar,
to send an SMS we have to remove 0 and 15. The domain for Movistars cell
phones is @sms.movistar.net.ar, so the address will be
2617483922@sms.movistar.net.ar . In this case, the value should be:
value=sms.movistar.net.ar

Directory Service Specifications

ValidateLdap
This value determines whether or not the APM will validate the user through a
directory service.
For example:
value="false"

LdapAuthentication
This value indicates the authentication string. The format depends on the
authentication scheme.

For example:
value="${user}@testdomain.loc"
value="cn=${user},cn=Users,dc=testdomain,dc=loc"

Note: The Authenware APM server will replace ${user} with the appropriate user.

LdapHost
This value indicates where the LDAP is hosted.

18

Authenware APM Configuration Guide

For example:
value="ldap://ldapserverhost"

LdapSearchBase
This value indicates the LDAP Search Base.
For example:
value="dc=testdomain,dc=loc"

UseLdapAdminUser
This value determines if the directory services will authenticate the Authenware
APM Server using an LDAP Admin user.
For example:
value="false"

LdapAdminUser
This value indicates the LDAP Admin Username, which will be used if the
parameter UseLdapAdminUser is true.
For example:
value="ldapadminuser"

LdapAdminPassword
This value indicates the LDAP Admin User Password, which will be used if the
parameter UseLdapAdminUser is true.
For example:
value="ldapadminpassword"

Credential Server Specifications

19

Authenware APM Configuration Guide

GetCredentialServerTimeUsingSntp
This value determines if the APM will get the time of day from Credential Server
using SNTP.
For example:
value="false"

CredentialServerSntpIp
This value indicates the Credential Server SNTP Host.
For example:
value="ldapserverhost"

CredentialServerSntpPort
This value indicates the Credential Server SNTP Port.
For example:
value="123"

Juniper Radius Integration

RadiusValidIpAddress & RadiusShareSecret
These values are used for the Juniper Authenware Integration.

Note: Changes to the Radius' parameter values will not take effect if you are not
using the Juniper Instant Virtual Extranet Integration. For more information see
A_int_03_Juniper-Authenware APM Configuration

Database Logs

20

Authenware APM Configuration Guide

SaveEntryLog
This value determines whether or not the APM will log the user's entries.
For example:
value="true"

Device Detection
DeviceDetection
This value determines if the APM will detect the device being used and recognize its
category.
For example:
value="false"

Default Properties
DefaultProperties
This series of values specifies the default value for the properties array.
For example:
<map>
<entry
<entry
<entry
<entry
<entry
<entry
<entry
<entry
<entry
<entry
<entry
<entry
<entry

key="ip" value=""/>
key="isp" value=""/>
key="securityLevel" value=""/>
key="userGroup" value=""/>
key="userEmail" value=""/>
key="userCellPhone" value=""/>
key="credentialContainerDate" value=""/>
key="credentialLastSet" value=""/>
key="userPassword" value=""/>
key="userTrainingGroup" value=""/>
key="compressedSignature" value=""/>
key="deviceCategory" value=""/>
key="device" value=""/>

21

Authenware APM Configuration Guide

<entry key="patternName" value=""/>

<entry key="locale" value="en"/>
<entry key="splitOtp" value=""/>
</map>

APM Server Maintainers

OTPMaintainerPeriod
This value determines the length of time for which the OTP maintainer process will
be run, expressed in milliseconds.
For example:
value="10000"

OTPMaintainerMaxDeletes
This value indicates the maximum number of OTPs deleted in the maintainer
process.
For example:
value="1000"

SessionMaintainerPeriod
This value determines the length of time for which the APM sessions maintainer
process will be run, expressed in milliseconds.
For example:
value="10000"

SessionMaintainerMaxDeletes
This value indicates the maximum number of APM sessions deleted in the
maintainer process.
For example:
value="1000"

22

Authenware APM Configuration Guide

Administration Web Service

The APM implements a web service for administration purposes. As of now, you can
only refresh the parameters in the servers that were modified on the file
authenware-apm-parameters.xml. It is not necessary to restart the APM when
a parameter is modified. The web service definition is located at:
http://[IP Authenware Proxy]:8080/authenwareapm/AuthenwareApmAdminService?wsdl
The web service call for applying the configuration changes is called
refreshParameters(). This call does not require any input parameters, and it
returns an object of the RefreshParameterOut class. The attributes of this
object are:
boolean result: This value is true when the changes can be applied.
Message[] messages: This is an array of errors which have occurred.

The attributes of the Message class are:

int code: This value is the error code.
String message: This value is the error message.
String type: This value indicates the possible message type (info, error, or

warning.)

Configuring the Log Archives in Authenware APM Server

The file authenware-apm-log4j.xml has the configuration to change both log
level and log file location.
You should locate the time/date-based rolling appender section to modify these two
values. Youll find them in the example below, with both values in bold.

23

Authenware APM Configuration Guide

The possible values for log level are: TRACE, DEBUG, INFO, WARNING, or ERROR.
TRACE is the most verbose and ERROR the least verbose option. TRACE includes
all other log levels and so on.
<!-- A time/date based rolling appender -->
<appender name="FILE-AUTHENWARE-APM"
class="org.apache.log4j.RollingFileAppender">
<param name="File" value="/etc/authenware/apm/authenwareapm.log"/>
<param name="Append" value="true"/>
<layout class="org.apache.log4j.PatternLayout">
<!-- The default pattern: Date Priority [Category]
Message\n -->
<param name="ConversionPattern" value="%d %-5p [%c{1}]
%m%n"/>
</layout>
</appender>
<category name="com.authenware.authentest.proxy">
<priority value="TRACE"/>
<appender-ref ref="FILE-AUTHENWARE-APM"/>
</category>

Authenware Message Codes

AUTHENWARE SERVER
CODE
100
1001
1002

TYPE
ERROR

MESSAGE
Error while parsing object AuthenwareSignature.
The user doesn't have enough logins to be able to deliver a certain
WARNING
response. The trust identity rate should not be considered.
INFO
User needs <number> more logins to complete the pattern.

24

Authenware APM Configuration Guide

Error while parsing the dates in the pattern validity process. The
correct format is yyyy-mm-dd hh:mm:ss.
The data capture is not consistent, the keyup and keydown events
don't match.
The number of captured events doesn't match with the pattern.
Error while getting the biometric pattern.
There was an error while inserting the login record in the
LoginDAO class.
The user <user> of the organization <organization> is not
registered in Authenware.
The user <user> couldnt be created on the database.
Parameter error; <parameter> doesn't have a value.
Parameter error; parameters container not found.
The application <application> doesnt exist in the Authenware
database.
The field <field> of the application <application> doesnt exist in
the Authenware database.
The data captured is not consistent, the number of keys do not
match.
The user name can not be empty.
The user name can not be blank.
The organization code can not be 0.
One of the fields doesnt have any captured events.
Error checking user: <error>.
The application <application> couldnt be created.
The application <application> couldnt be created, the identifier or
name is duplicated.

1003

ERROR

4001

ERROR

4002
4003

ERROR
ERROR

4004

ERROR

4005

ERROR

4006
4007
4008

ERROR
ERROR
ERROR

4009

ERROR

4010

ERROR

4012

ERROR

4013
4014
4015
4016
4023
4030

ERROR
ERROR
ERROR
ERROR
ERROR
ERROR

4031

ERROR

4032

ERROR

The application name can not be empty.

4033

ERROR

4034

ERROR

4035

ERROR

4036

ERROR

4040

ERROR

4041

ERROR

4042
4043
4045
4060

ERROR
ERROR
ERROR
ERROR

The application name can not be blank.

The security level <security level> for the application <application>
is not a valid level.
The application <application> could not be deleted.
The application <application> doesnt exist in the Authenware
database.
The field <field> could not be created.
The field <field> could not be updated; the identifier was
duplicated or the field of the client for the application was already
entered.
The client field can not be empty.
The client field can not be blank.
The field <field> could not be deleted.
It can't update the Login register.

4061

ERROR

The user and the field can't be empty.

4084
4500

ERROR
ERROR

The requested user doesnt have a pattern.

Authenware unknown error: <error>.

25

Authenware APM Configuration Guide

4710
5000
6001
6002
8000
8001
8002
8003

ERROR
ERROR
WARNING
ERROR
ERROR
ERROR
ERROR
ERROR

8004

ERROR

8005
9010
9020

ERROR
ERROR
ERROR

9022

ERROR

100

ERROR

The security level <security level> is not a valid level.

Failed to locate the service: <error>.
It was promoted to gray zone by pattern <pattern>.
It was denied because the biometric record seems to be a fraud.
License Validation: Error parsing the license file.
The time defined for the license has expired.
The number of users defined for the license was exceeded.
The number of applications defined for the license was exceeded.
The number of organizations defined for the license was
exceeded.
The number of transactions defined for the license was exceeded.
Error while accessing to Authenware W.R.A.P. Server.
Error while getting Signature from Authenware W.R.A.P. Server.
Error creating the new pattern <pattern>, another pattern with this
name already exists.
Error while parsing object AuthenwareSignature.

AUTHENWARE APM SERVER

CODE TYPE
10001
INFO
10002
INFO
10003
INFO
10004
INFO
10005 WARNING
10006 ERROR
10007 ERROR
10008 ERROR

MESSAGE
The user will be controlled by Authenware Server.
The user does not exist in Authenware Server.
The user was successfully created in Authenware Server.
The user will not be controlled by Authenware Server.
The user should train again because his credentials were modified.
The verification code is incorrect.
The number of signatures is incorrect.
Error while accessing the Authenware Server service.
Error initializing the Authenware APM Server. Please check the
10009 ERROR
parameter file, database connection and Core connection.
10010 ERROR Error while creating the user.
10011
ERROR Error while validating the signature.
10012 ERROR Error while resetting the pattern.
10013 ERROR Error while verifying if the pattern is ready.
10014 ERROR Error while creating a new pattern.
The user could login, but his QPR is lower than the established
10015 WARNING
limit.
10016 WARNING User exceeded the number of attempts allowed.
10017 ERROR Error while checking validity of user credentials.
10018 ERROR The Authenware Server URL is incorrect.
10019 ERROR Error in connecting with Authenware Server.
10020 ERROR Error while refreshing the parameters.
10021
INFO
The verification code (One Time Password) was sent to the user.
10022 ERROR Error while saving the workstation log

26

Authenware APM Configuration Guide

10023
10024
10025
10026
10027
10028
10029
10030

ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR

10031

ERROR

10032
10033
10034
10035
10036
10037
10038
10039
10040
10041
10099

ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR

Error while parsing log

The SMS Server URL is incorrect.
Error in connecting to the SMS Server.
Error while validating user in the Directory Services.
The user will be validated in the Directory Services.
The user credentials are not valid in the Directory Services.
The user does not have data in the Directory Services.
There is no data (email or cellphone) to send the OTP.
The user should train again, because his QPR is lower than the
established limit.
Error while getting the time from the Credential Server using SNTP.
Error decompressing the signature.
Error checking the training frequency.
The user can not be blank.
The field and the application can not be blank.
Error creating/getting an APM session.
Error creating/getting one time password (OTP).
Error detecting device.
Error obtaining user's patterns.
The signature can not be blank.
Authenware APM unknown error: <error>.

For More Information

This manual is intended to provide information on how to configure the various
aspects of the Authenware APM Server. If you require more information than was
provided in this guide, please see the Related Documents section to find a
document that better meets your needs.

Appendix I End User License Agreement

Authenware End User Software License Agreement
This End User License Agreement governs the use of any of the versions of Authenware software and any
related updates and/or upgrades regardless of the delivery mechanism.
1.
License Grant. Subject to the terms and conditions of this Agreement, Licensor hereby grants to
Licensee the right to use the Authenware software (the Software) solely for the internal business uses of
Licensee, and not for resale, redistribution or use in operating a service bureau or otherwise providing
business process management services to any third party.
2.
Ownership by Licensor. Licensor (or its licensors) shall own all right, title, interest and in (a) the
Software, including all business process templates developed solely by Licensor (and/or its contractors) or
jointly by Licensor (and/or its contractors) and Licensee, (b) the following materials provided or developed by

27

Authenware APM Configuration Guide

Licensor during the course of this Agreement or any Statement of Work thereunder: Software specifications,
operating instructions, pricing terms, training materials, user documentation, custom code, integrations,
system requirements, user interface code or templates, software specifications, software, and drafts of the
foregoing (the Other Licensor Materials), (c) all trade secrets, patents, trade marks, service marks,
copyrights, trade dress, inventions, know how, applications to register any of the foregoing and other
proprietary rights (Intellectual Property Rights) in the foregoing, and (d) any modifications or derivative
works thereof and any copies of the foregoing. All suggestions, solutions, improvements, corrections, and
other contributions provided by Licensee regarding the Software or the Other Licensor Materials shall become
the property of Licensor (or its licensors) and Licensee hereby agrees to assign any such rights to Licensor.
3.
Copies. Licensee agrees not to make any copies of the Software, except that it may make one copy
of the Software for backup and archive purposes. Licensee shall keep and maintain complete and accurate
records of each copy made of the Software and provide such records to Licensor upon request.
4.
Restrictions. Licensee will not: (a) except as explicitly allowed under this Agreement, copy, edit,
modify, adapt, translate, port, reproduce (except as necessary for installation), distribute, transfer, lend, sell,
sub-license, assign or otherwise transfer any of the Software, any component thereof, or any output generated
by the Software; (b) prepare any derivative work based upon the Software or any component thereof; (c)
reverse engineer, disassemble or decompile the Software or any component thereof, or attempt to discover or
disclose the source code of the Software or any component thereof; (d) encumber, time-share, rent or lease the
rights granted by Licensor under this Agreement; (e) remove, obscure, or alter any notice of Licensors (or its
licensors) intellectual property rights present on or in the Software or any component thereof; (f) use the
Software or any component thereof for any purpose not authorized or contemplated under this Agreement or
in violation of any express prohibition set forth elsewhere in this Agreement, including the exhibits hereto or
policies reference herein; or (g) authorize or permit any person or entity to do any of the foregoing; or (h) use,
or permit an Licensee to use, the Software sub-licensed for a particular Licensee for the benefit of any party
other than such Licensee or for any process other than for the specific process was sub-licensed.
5.
Confidentiality
5.1
Definition. For purposes of this Agreement, the following information shall be considered
Confidential Information: any and all (i) technical and non-technical information including but not limited
to patent, trade secret and proprietary information, techniques, sketches, drawings, models, inventions, knowhow, processes, apparatus, equipment, computer code and algorithms related to either party, and (ii)
information relating to marketing plans, business opportunities, personnel, research, development or knowhow. The Software and Other Licensor Materials shall be considered the Confidential Information of
Licensor.
5.2
Treatment of Confidential Information. Each party (the Receiving Party) agrees (i) to use
commercially reasonable efforts to protect the Confidential Information of the disclosing party (the
Disclosing Party) and (ii) that it will not and will ensure that its employees, will not use, disseminate or in
any way disclose any Confidential Information of the Disclosing Party to any person, firm or business, except
as specifically authorized in this Agreement or for any purpose the Disclosing Party may hereafter authorize in
writing. The Receiving Party agrees to disclose the Confidential Information of the Disclosing Party only to
those employees who have a need to know.
5.3
Exceptions. The restrictions set forth in this Section 5 will not apply to any information that the
Receiving Party can demonstrate: (a) was known by the Receiving Party without an obligation of
confidentiality, prior to disclosure by the Disclosing Party; (b) was in or entered the public domain through no
fault of the Receiving Party; (c) is disclosed to the Receiving Party without an obligation of confidentiality; or
(d) is independently developed by the Receiving Party without reference to any Confidential Information of
the Disclosing Party. A party shall not be in violation of this Section 5 if it discloses Confidential Information
demanded by a lawful order from any court or any body empowered to issue such an order, provided that the
Receiving Party notifies the Disclosing Party promptly of the receipt of any such order, provides the
Disclosing Party with a copy of such order, and, if requested by the Disclosing Party, uses good faith efforts to
limit or obtain confidential treatment with respect to information disclosed pursuant to such order.
5.4
No Conveyance of Ownership. Nothing in this Agreement shall be construed to convey any title or
ownership rights to the Confidential Information of the Disclosing Party or to any Intellectual Property Rights
therein or grant any other right, title, or ownership interest to the Disclosing Party Confidential Information
except as may be provided by this Agreement.

28

Authenware APM Configuration Guide

6.
Limited Warranty.
6.1
Performance. Licensor warrants that the Software, standing alone without use in combination or
conjunction with any third party software or apparatus, will perform substantially in accordance with the
applicable specifications included in the Other Licensor Materials for a period of thirty (30) days following
delivery. This warranty shall be rendered null and void if the failure of the Software has resulted from an
accident, abuse, or misapplication caused by Licensee. Licensors entire liability and Licensees exclusive
remedy under this warranty is to repair or replace the Software which does not meet the warranties contained
in this Section 6. Any replacement of the Software shall be warranted for the remainder of the original
warranty period. Licensors warranty obligations shall not apply: (a) if the Software has not been installed in
accordance with the installation instructions provided by Licensor; or (b) if the Licensees computing
environment does not meet the minimum system requirements then specified by Licensor for the Software at
the time the Software was ordered.
6.2

Warranty Disclaimer. SECTION 6.1 CONSTITUTES THE ONLY WARRANTIES GRANTED BY

LICENSOR (OR ITS LICENSORS) WITH RESPECT TO THE SOFTWARE, SUPPORT SERVICES OR
CONSULTING SERVICES AND ARE EXPRESSLY MADE IN LIEU OF ANY OTHER EXPRESS OR IMPLIED
WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE OR OF NON-INFRINGEMENT. REGARDLESS OF ANY COURSE OF DEALING,
PROMOTIONAL LITERATURE OR OTHER ACTIONS APPARENTLY CREATING A WARRANTY, LICENSOR
MAKES NO WARRANTIES, EXPRESS OR IMPLIED, EXCEPT AS DETAILED IN THIS AGREEMENT
RESPECTING THE FUNCTIONAL CHARACTERISTICS OR PERFORMANCE OF THE SOFTWARE, SUPPORT
SERVICES OR CONSULTING SERVICES OR OF THE PROFITABILITY, COST BENEFITS OR OTHER BENEFITS
TO BE OBTAINED BY LICENSEE FROM THE USE OF THE SOFTWARE OR SERVICES.
7.

Limitation of Liability.

LICENSOR (AND ITS LICENSORS) SHALL NOT BE LIABLE TO LICENSEE FOR DAMAGES FOR ANY CAUSE
RELATED TO OR ARISING OUT OF THIS AGREEMENT, WHETHER IN CONTRACT, NEGLIGENCE OR TORT, IN AN
AMOUNT THAT EXCEEDS THE TOTAL PORTION OF THE LICENSE FEES PAID BY LICENSEE TO LICENSOR
DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRIOR TO THE EVENT WHICH GAVE RISE TO SUCH
DAMAGES HEREUNDER. LICENSOR (AND ITS LICENSORS) SHALL NOT BE LIABLE TO LICENSEE UNDER ANY
LEGAL THEORY, WHETHER IN AN ACTION BASED ON A CONTRACT, TORT (INCLUDING NEGLIGENCE AND
STRICT LIABILITY) OR ANY OTHER LEGAL THEORY, HOWEVER ARISING, FOR ANY INCIDENTAL, SPECIAL,
EXEMPLARY OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES RESULTING FROM
LOST PROFITS, INTERRUPTION OF BUSINESS, LOSS OF DATA OR PROGRAMS, LOSS OF USE OF COMPUTER
HARDWARE, OR LOSS OF GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8
Early Termination. A party may terminate this Agreement: (a) by giving notice to the other party if
the other party materially breaches the Agreement (which shall include, without limitation, failure by Licensee
to make timely payments hereunder) and fails to cure such breach within 30 days of written notice thereof; or
(b) if the other party ceases to conduct business, becomes or is declared insolvent or bankrupt, is the subject
of any proceeding relating to its liquidation or insolvency which is not dismissed or stayed within ninety (90)
days or makes a general assignment for the benefit of its creditors.
9
Effects of Termination. Upon termination of this Agreement: (a) Licensees right to use the
Software shall automatically terminate; and (b) both parties will return or destroy the originals and all full or
partial copies of the Confidential Information of the other party (including any Software in Licensees
possession) and any other materials furnished hereunder within ten (10) days and, at the request of the other
party, shall certify in writing that all such materials have been returned or destroyed.
10.
General Provisions.
10.1
Export. Licensee shall comply with all then current Export Laws and Regulations of the United
States Government pertaining to the Software. Licensee hereby certifies that it will not directly or indirectly,
export, re-export, or transship the Software or related information, media, or products in violation of United
States laws, rules, and regulations.
10.2
Attorneys Fees. In addition to any other relief awarded, the prevailing party in any action arising
out of this Agreement will be entitled to its reasonable attorneys fees and costs.
10.3
Entire Agreement; Amendments. This Agreement, including any all Exhibits attached hereto and
agreements, policies and programs reference herein, constitutes the entire agreement between the parties with
respect to the subject matter contained herein and supersedes all prior proposals, agreements, negotiations,
correspondence, understandings, and other communications, whether written or oral, between Licensor and

29

Authenware APM Configuration Guide

Licensee. There are no promises, covenants or undertakings other than those expressly set forth herein. This
Agreement may not be modified except in writing signed by authorized representatives of Licensor and
Licensee. The parties agree that facsimile signatures of authorized representatives of the parties on this
Agreement will be binding.
10.4
Injunctive Relief. The parties agree that money damages will be inadequate in the event of a breach
of Section 3, 4 and 5 of this Agreement and that the non-breaching party shall be entitled to injunctive relief in
the event of such a breach without the necessity of posting a bond.
10.5
Discontinuation of Software or Support Services. Licensor reserves the right to discontinue supply
of any or all Software or to discontinue renewing the Support Services in the event Licensor (or its licensors)
generally discontinues active distribution of any or all of the Software or active provision of the Support
Services.
10.6
Force Majeure. Neither party shall be in default for, or held responsible for damages caused by
delay or failure to perform in full or in part its obligations under this Agreement (other than payment
obligations) where such delay or failure is due to circumstances, such as fires, strikes, acts of God or acts of
terrorism, which are beyond the control of the party.
10.7
Choice of Law and Forum. This Agreement shall be governed by, and construed in accordance
with, the laws of the State of Florida without reference to conflicts of laws rules, which would require
application of another substantive law. The United Nations Convention on Contracts for the International Sale
of Goods is specifically excluded from application to this Agreement. All disputes arising out of or relating to
this Agreement may only be brought in the state or federal courts located in Florida, and the parties hereby
agree and submit to the personal and exclusive jurisdiction and venue of these courts.
10.8
Third Party Beneficiary. Licensee agrees that Licensors licensors are intended to be third party
beneficiaries of this Agreement. Such licensors may bring direct action against Licensee for the breach of the
terms hereof that relate to the software or other materials provided by such licensors.
10.9
Verification. Licensee agrees that Licensor (or its licensors) may, upon five (5) business days prior
written notice, enter Licensees premises to verify Licensees compliance with the provisions of this
Agreement. Licensors inspections shall: (i) be limited to one annual inspection (unless Licensor believes that
it has just cause for multiple inspections); (ii) take place during Licensees normal business hours; and (iii)
involve inspection of only those records pertaining to the Licensor Software including copy locations. If
Licensee is found not to be in substantial compliance with this Agreement, Licensee shall pay the reasonable
expenses associated with such inspection. Licensors rights of inspection shall remain in effect through the
period ending one year from the termination or expiration of this Agreement.
10.10
Third Party Programs. Third Party components of the Authenware solution are subject to their own
license terms. These third party software programs are components only and cannot be used directly by the
Licensee. WARNING: Do not upgrade or reconfigure any software components. Any changes to the delivered
configuration could result in serious consequences to the performance of the software.
10.11
Trademarks. Trademark 2010 Authenware Corporation, INC. All rights reserved. Authenware
logo is a registered trademark of Authenware Corporation, Inc. All other trademarks are the property of their
respective owners.
10.12

WARNINGS. ANY ATTEMPT TO TAMPER, MODIFY, ADAPT, REVERSE ENGINEER, DISASSEMBLE,

DECOMPILE, DECRYPT OR OTHERWISE DERIVE SOURCE CODE FROM THE SOFTWARE WILL RESULT IN
IMMEDIATE TERMINATION OF THE LICENSE AGREEMENT AND WILL BE PUNISHED TO THE FULLEST
EXTENT OF THE LAW. DO NOT UPGRADE OR RECONFIGURE ANY SOFTWARE COMPONENT. ANY
CHANGES TO DELIVERED CONFIGURATION MAY RESULT IN SERIOUS CONSEQUENCES TO THE
PERFORMANCE OF THE SOFTWARE.

YOU MUST READ THIS ENTIRE AUTHENWARE END USER SOFTWARE LICENSE AGREEMENT
("LICENSE AGREEMENT") CAREFULLY BEFORE ACCEPTING OR INSTALLING THIS APPLICATION.
IF YOU DO NOT AGREE TO THE TERMS OF THIS LICENSE AGREEMENT, YOU AGREE NOT TO
INSTALL. BY CLICKING "I ACCEPT" OR BY INSTALLING YOU AGREE TO BECOME A PARTY TO, AND

30

Authenware APM Configuration Guide

BE BOUND BY, THE TERMS OF THIS LICENSE AGREEMENT AND THIS LICENSE IS ENTERED INTO
BETWEEN AUTHENWARE CORPORATION AND THE ORGANIZATION EXECUTING THIS LICENSE
AGREEMENT ("YOU" AND "YOUR").

31