Skip to end of metadata
Go to start of metadata

Possible outdated information

PLEASE NOTE: This page may be out of date and could contain inaccuracies. In future it may be significantly revised or removed altogether. Current product documentation is available from: http://docs.forgerock.org/en/openam/11.0.0/reference/index/ssoadm-1.html

add-agent-to-grp

Add agents to an agent group.

Syntax

ssoadm add-agent-to-grp options [--global-options]

Options

--realm, -e
The name of the realm.

--agentgroupname, -b
The name of the agent group.

--agentnames, -s
The names of the agent.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

agent-remove-props

Remove an agent's properties.

Syntax

ssoadm agent-remove-props options [--global-options]

Options

--realm, -e
The name of the realm.

--agentname, -b
The name of the agent.

--attributenames, -a
The names of the properties.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

create-agent

Create a new agent configuration.

Syntax

ssoadm create-agent options [--global-options]

Options

--realm, -e
The name of the realm.

--agentname, -b
The name of the agent.

--agenttype, -t
The type of agent. For example, J2EEAgent or WebAgent.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The properties. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

create-agent-grp

Create a new agent group.

Syntax

ssoadm create-agent-grp options [--global-options]

Options

--realm, -e
The name of the realm.

--agentgroupname, -b
The name of the agent's group.

--agenttype, -t
The type of agent. For example, J2EEAgent or WebAgent.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The properties. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

delete-agent-grps

Delete existing agent groups.

Syntax

ssoadm delete-agent-grps options [--global-options]

Options

--realm, -e
The name of the realm.

--agentgroupnames, -s
The names of the agent group.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

delete-agents

Delete existing agent configurations.

Syntax

ssoadm delete-agents options [--global-options]

Options

--realm, -e
The name of the realm.

--agentnames, -s
The names of the agent.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

list-agent-grp-members

List the agents in an agent group.

Syntax

ssoadm list-agent-grp-members options [--global-options]

Options

--realm, -e
The name of the realm.

--agentgroupname, -b
The name of the agent group.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--filter, -x]}}
Filter by a pattern.

list-agent-grps

List the agent groups.

Syntax

ssoadm list-agent-grps options [--global-options]

Options

--realm, -e
The name of the realm.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--filter, -x]}}
Filter by a pattern.

[--agenttype, -t]
The type of agent. For example, J2EEAgent or WebAgent.

list-agents

List the agent configurations.

Syntax

ssoadm list-agents options [--global-options]

Options

--realm, -e
The name of the realm.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--filter, -x]}}
Filter by a pattern.

[--agenttype, -t]
The type of agent. For example, J2EEAgent or WebAgent.

remove-agent-from-grp

Remove agents from an agent group.

Syntax

ssoadm remove-agent-from-grp options [--global-options]

Options

--realm, -e
The name of the realm.

--agentgroupname, -b
The name of the agent group.

--agentnames, -s
The names of the agent.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

show-agent

Show the agent profile.

Syntax

ssoadm show-agent options [--global-options]

Options

--realm, -e
The name of the realm.

--agentname, -b
The name of the agent.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--outfile, -o]}}
The filename where configuration is written.

[--inherit, -i]
Set this option to inherit properties from the parent group.

show-agent-grp

Show the agent group profile.

Syntax

ssoadm show-agent-grp options [--global-options]

Options

--realm, -e
The name of the realm.

--agentgroupname, -b
The name of the agent group.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--outfile, -o]}}
The filename where configuration is written.

show-agent-membership

List the agent's membership.

Syntax

ssoadm show-agent-membership options [--global-options]

Options

--realm, -e
The name of the realm.

--agentname, -b
The name of the agent.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

show-agent-types

Show the agent types.

Syntax

ssoadm show-agent-types options [--global-options]

Options

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

update-agent

Update the agent's configuration.

Syntax

ssoadm update-agent options [--global-options]

Options

--realm, -e
The name of the realm.

--agentname, -b
The name of the agent.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--set, -s]
Set this flag to overwrite a property's values.

[--attributevalues, -a]
The properties. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

update-agent-grp

Update the agent group's configuration.

Syntax

ssoadm update-agent-grp options [--global-options]

Options

--realm, -e
The name of the realm.

--agentgroupname, -b
The name of the agent group.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--set, -s]
Set this flag to overwrite a property's values.

[--attributevalues, -a]
The properties. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

Authentication Service Management

The following subcommands execute operations for the OpenAM Authentication service.

add-auth-cfg-entr

Add an authentication configuration entry.

Syntax

ssoadm add-auth-cfg-entr options [--global-options]

Options

--realm, -e
The name of the realm.

--name, -m
The name of the authentication configuration.

--modulename, -o
The module name.

--criteria, -c
The criteria for this entry. Possible values are REQUIRED, OPTIONAL, SUFFICIENT, and REQUISITE.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--options, -t]
The options for this entry.

[--position, -p]
The position where the new entry is to be added.

create-auth-cfg

Create an authentication configuration.

Syntax

ssoadm create-auth-cfg options [--global-options]

Options

--realm, -e
The name of the realm.

--name, -m
The name of the authentication configuration.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

create-auth-instance

Create an authentication instance.

Syntax

ssoadm create-auth-instance options [--global-options]

Options

--realm, -e
The name of the realm.

--name, -m
The name of the authentication instance.

--authtype, -t
The type of authentication instance. For example LDAP or DataStore.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

delete-auth-cfgs

Delete existing authentication configurations.

Syntax

ssoadm delete-auth-cfgs options [--global-options]

Options

--realm, -e
The name of the realm.

--names, -m
The names of the authentication configurations.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

delete-auth-instances

Delete existing authentication instances.

Syntax

ssoadm delete-auth-instances options [--global-options]

Options

--realm, -e
The name of the realm.

--names, -m
The names of the authentication instances.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

get-auth-cfg-entr

Get the authentication configuration entries.

Syntax

ssoadm get-auth-cfg-entr options [--global-options]

Options

--realm, -e
The name of the realm.

--name, -m
The name of the authentication configuration.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

get-auth-instance

Get the authentication instance values.

Syntax

ssoadm get-auth-instance options [--global-options]

Options

--realm, -e
The name of the realm.

--name, -m
The name of the authentication instance.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

list-auth-cfgs

List the authentication configurations.

Syntax

ssoadm list-auth-cfgs options [--global-options]

Options

--realm, -e
The name of the realm.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

list-auth-instances

List the authentication instances.

Syntax

ssoadm list-auth-instances options [--global-options]

Options

--realm, -e
The name of the realm.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

register-auth-module

Register an authentication module.

Syntax

ssoadm register-auth-module options [--global-options]

Options

--authmodule, -a
The Java class name of the authentication module.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

unregister-auth-module

Unregister the authentication module.

Syntax

ssoadm unregister-auth-module options [--global-options]

Options

--authmodule, -a
The Java class name of the authentication module.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

update-auth-cfg-entr

Set the authentication configuration entries.

Syntax

ssoadm update-auth-cfg-entr options [--global-options]

Options

--realm, -e
The name of the realm.

--name, -m
The name of the authentication configuration.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[-entries, -a]
The formatted authentication configuration entries.

[--datafile, -D]
The filename that contains the formatted authentication configuration entries. Enter one attribute-name=attribute-value per line.

update-auth-instance

Update the authentication instance values.

Syntax

ssoadm update-auth-instance options [--global-options]

Options

--realm, -e
The name of the realm.

--name, -m
The name of the authentication instance.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

Datastore Management

The following subcommands execute operations for managing OpenAM datastores.

add-amsdk-idrepo-plugin

Create the AMSDK IdRepo plug-in.

Syntax

ssoadm add-amsdk-idrepo-plugin options [--global-options]

Options

--directory-servers, -s
Contains the Directory Servers, and can contain multiple entries. Use the following format:

protocol://hostname:port

--basedn, -b
The Directory Server base distinguished name.

--dsame-password-file, -x
The filename that contains the password of the dsameuser.

--puser-password-file, -p
The filename that contains the password of the puser.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--user, -a]
The user objects naming attribute (defaults to uid).

[--org, -o]
the organization objects naming attribute (defaults to o).

create-datastore

Create a datastore under a realm.

Syntax

ssoadm create-datastore options [--global-options]

Options

--realm, -e
The name of the realm.

--name, -m
The name of the datastore.

--datatype, -t
The type of the datastore.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, sunIdRepoClass=com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo".

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

delete-datastores

Delete the data stores under a realm.

Syntax

ssoadm delete-datastores options [--global-options]

Options

--realm, -e
The name of the realm.

--names, -m
The names of the data stores.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

list-datastore-types

List the supported data store types.

Syntax

ssoadm list-datastore-types options [--global-options]

Options

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

list-datastores

List the data stores under a realm.

Syntax

ssoadm list-datastores options [--global-options]

Options

--realm, -e
The name of the realm.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

show-datastore

Show the data store profile.

Syntax

ssoadm show-datastore options [--global-options]

Options

--realm, -e
The name of the realm.

--name, -m
The name of the datastore.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

update-datastore

Update the datastore profile.

Syntax

ssoadm update-datastore options [--global-options]

Options

--realm, -e
The name of the realm.

--name, -m
The name of the datastore.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, sunIdRepoClass=com.sun.identity.idm.plugins.files.FilesRepo.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

Identity Management

The following subcommands execute operations for managing identities associated with OpenAM.

add-member

Add an identity as a member of another identity.

Syntax

ssoadm add-member options [--global-options]

Options

--realm, -e
The name of the realm.

--memberidname, -m
The name of the member's identity.

--memberidtype, -y
The type of the member's identity. For example, User, Role or Group.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

add-privileges

Add privileges to an identity.

Syntax

ssoadm add-privileges options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--privileges, -g
The names of the privileges to be added.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

add-svc-identity

Add a service to an identity.

Syntax

ssoadm add-svc-identity options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--servicename, -s
The name of the service.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

create-identity

Create an identity in a realm.

Syntax

ssoadm create-identity options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, inetuserstatus=Active.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

delete-identities

Delete the identities in a realm.

Syntax

ssoadm delete-identities options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

get-identity

Get the identity property values.

Syntax

ssoadm get-identity options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

--attributenames, -a
The attribute names. All attribute values will be returned if this option is not provided.

get-identity-svcs

Get the service in an identity.

Syntax

ssoadm get-identity-svcs options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributenames, -a]
Attribute name(s). All attribute values shall be returned if the option is not provided.

list-identities

List the identities in a realm.

Syntax

ssoadm list-identities options [--global-options]

Options

--realm, -e
The name of the realm.

--filter, -x
Filter by a pattern.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

list-identity-assignable-svcs

List the assignable services for an identity.

Syntax

ssoadm list-identity-assignable-svcs options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

remove-member

Remove the membership of an identity from another identity.

Syntax

ssoadm remove-member options [--global-options]

Options

--realm, -e
The name of the realm.

--memberidname, -m
The name of the member's identity.

--memberidtype, -y
The type of the member's identity. For example, User, Role or Group.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

remove-privileges

Remove the privileges from an identity.

Syntax

ssoadm remove-privileges options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--privileges, -g
The names of the privileges to be removed.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

remove-svc-identity

Remove a service from an identity.

Syntax

ssoadm remove-svc-identity options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--servicename, -s
The name of the service.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

set-identity-attrs

Set the attribute values of an identity.

Syntax

ssoadm set-identity-attrs options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

set-identity-svc-attrs

Set the service attribute values of an identity.

Syntax

ssoadm set-identity-svc-attrs options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--servicename, -s
The name of the service.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

show-identity-ops

Show the allowed operations of an identity in a realm.

Syntax

ssoadm show-identity-ops options [--global-options]

Options

--realm, -e
The name of the realm.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

show-identity-svc-attrs

Show the service attribute values of an identity.

Syntax

ssoadm show-identity-svc-attrs options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--servicename, -s
The name of the service.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

show-identity-types

Show the supported identity types in a realm.

Syntax

ssoadm show-identity-types options [--global-options]

Options

--realm, -e
The name of the realm.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

show-members

Show the members of an identity. For example, the members of a role.

Syntax

ssoadm show-members options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--membershipidtype, -m
The membership identity type.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

show-memberships

Show the memberships of an identity. For example, the memberships of a user.

Syntax

ssoadm show-memberships options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--membershipidtype, -m
The membership identity type.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

show-privileges

Show the privileges assigned to an identity.

Syntax

ssoadm show-privileges options [--global-options]

Options

--realm, -e
The name of the realm.

--idname, -i
The name of the identity.

--idtype, -t
The type of the identity. For example, User, Role or Group.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

Realm and Policy Management

The following subcommands execute operations for managing realms and policies in OpenAM Enterprise.

add-svc-attrs

Add service attribute values in a realm.

Syntax

ssoadm add-svc-attrs options [--global-options]

Options

--realm, -e
The name of the realm.

--servicename, -s
The name of the service.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

add-svc-realm

Add a service to a realm.

Syntax

ssoadm add-svc-realm options [--global-options]

Options

--realm, -e
The name of the realm.

--servicename, -s
The name of the service.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

create-policies

Create policies in a realm.

Syntax

ssoadm create-policies options [--global-options]

Options

--realm, -e
The name of the realm.

--xmlfile, -X
The filename that contains the policy XML definition.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

create-realm

Create a realm.

Syntax

ssoadm create-realm options [--global-options]

Options

--realm, -e
The name of the realm to be created.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

delete-policies

Delete policies from a realm.

Syntax

ssoadm delete-policies options [--global-options]

Options

--realm, -e
The name of the realm to which the policy belongs.

--policynames, -p
The names of the policies to be deleted.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

delete-realm

Delete a realm.

Syntax

ssoadm delete-realm options [--global-options]

Options

--realm, -e
The name of the realm.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--recursive, -r]
Deletes the descendent realms recursively.

delete-realm-attr

Delete an attribute from a realm.

Syntax

ssoadm delete-realm-attr options [--global-options]

Options

--realm, -e
The name of the realm.

--servicename, -s
The name of the service.

--attributename, -a
The name of the attribute to be removed.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

get-realm

Get the realm property values.

Syntax

ssoadm get-realm options [--global-options]

Options

--realm, -e
The name of the realm.

--servicename, -s
The name of the service.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

get-realm-svc-attrs

Get the realm's service attribute values.

Syntax

ssoadm get-realm-svc-attrs options [--global-options]

Options

--realm, -e
The name of the realm.

--servicename, -s
The name of the service.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

list-policies

List the policy definitions in a realm.

Syntax

ssoadm list-policies options [--global-options]

Options

--realm, -e
The name of the realm.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--policynames, -p]
The names of the policy. This can be used as a wildcard. All policy definitions in the realm will be returned.

[--outfile, -o]
The filename where the policy definition will be written. The definitions will be printed in standard output.

list-realm-assignable-svcs

List the realm's assignable services.

Syntax

ssoadm list-realm-assignable-svcs options [--global-options]

Options

--realm, -e
The name of the realm.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

list-realms

List the realms by name.

Syntax

ssoadm list-realms options [--global-options]

Options

--realm, -e
The name of the realm.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--filter, -x]
Filter by a pattern.

[--recursive, -r]
Search recursively.

remove-svc-attrs

Remove a realm's service attribute values.

Syntax

ssoadm remove-svc-attrs options [--global-options]

Options

--realm, -e
The name of the realm.

--servicename, -s
The name of the service.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values to be removed. For example, homeaddress=here.

[--datafile, -D]
The filename that contains the attribute values to be removed, configured as in attribute-name=attribute-value. Enter one attribute and value per line.

remove-svc-realm

Remove a service from a realm.

Syntax

ssoadm remove-svc-realm options [--global-options]

Options

--realm, -e
The name of the realm.

--servicename, -s
The name of the service to be removed.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

set-realm-attrs

Set a realm's attribute values.

Syntax

ssoadm set-realm-attrs options [--global-options]

Options

--realm, -e
The name of the realm.

--servicename, -s
The name of the service.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--append, -p]
Set this flag to append the values to existing ones.

[--attributevalues, -a]
The attribute values. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

set-svc-attrs

Set the realm's service attribute values.

Syntax

ssoadm set-svc-attrs options [--global-options]

Options

--realm, -e
The name of the realm.

--servicename, -s
The name of the service.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

show-auth-modules

Show the supported authentication modules in the system.

Syntax

ssoadm show-auth-modules options [--global-options]

Options

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

show-data-types

Show the supported data types in the system.

Syntax

ssoadm show-data-types options [--global-options]

Options

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

show-realm-svcs

Show the services in a realm.

Syntax

ssoadm show-realm-svcs options [--global-options]

Options

--realm, -e
The name of the realm.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--mandatory, -y]
Include mandatory services.

Service Management

The following subcommands execute operations for managing realms and policies in OpenAM.

add-attr-defs

Add the default attribute values in a schema.

Syntax

ssoadm add-attr-defs options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

[--subschemaname, -c]
The name of the sub schema.

add-attrs

Add an attribute schema to an existing service.

Syntax

ssoadm add-attrs options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributeschemafile, -F
An XML file containing the attribute schema definition.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

add-plugin-interface

Add the plug-in interface to a service.

Syntax

ssoadm add-plugin-interface options [--global-options]

Options

--servicename, -s
The name of the service.

--interfacename, -i
The name of the interface.

--pluginname, -g
The name of the plug-in.

--i18nkey, -k
The i18n key plug-in.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

add-sub-schema

Add a sub schema.

Syntax

ssoadm add-sub-schema options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--filename, -F
The filename that contains the schema.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

create-boot-url

Create a bootstrap URL that can bootstrap the product web application.

Syntax

ssoadm create-boot-url options [--global-options]

Options

--dshost, -t
The Directory Server hostname.

--dsport, -p
The Directory Server port number.

--basedn, -b
The Directory Server base distinguished name.

--dsadmin, -a
The Directory Server base distinguished name.

--dspassword-file, -x
The filename that contains the Directory Server administrator password.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--ssl, -s]
Set this flag for LDAPS.

create-sub-cfg

Create a new sub configuration.

Syntax

ssoadm create-sub-cfg options [--global-options]

Options

--servicename, -s
The name of the service.

--subconfigname, -g
The name of the sub configuration.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

[--realm, -e]
The name of the realm. The sub configuration will be added to the global configuration if this option is not selected.

[--subconfigid, -b]
The ID of the parent configuration. The sub configuration will be added to the root configuration if this option is not selected.

[--priority, -p]
The priority of the sub configuration.

create-svc

Create a new service in the server.

Syntax

ssoadm create-svc options [--global-options]

Options

--xmlfile, -X
The XML file that contains the schema.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--continue, -c]
Continue adding services if one or more previous services can not be added.

create-svrcfg-xml

Create the serverconfig.xml file.

Syntax

ssoadm create-svrcfg-xml options [--global-options]

Options

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--dshost, -t]
The Directory Server hostname.

[--dsport, -p]
The Directory Server port number.

[--basedn, -b]
The Directory Server base distinguished name.

[--dsadmin, -a]
The Directory Server base distinguished name.

[--dspassword-file, -x]
The filename that contains the Directory Server administrator password.

[--outfile, -o]
The filename where serverconfig.xml is written.

delete-attr

Delete the attribute schemas from a service.

Syntax

ssoadm delete-attr options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributeschema, -a
The name of the attribute schema to be removed.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

delete-sub-cfg

Delete the sub configuration.

Syntax

ssoadm delete-sub-cfg options [--global-options]

Options

--servicename, -s
The name of the service.

--subconfigname, -g
The name of the sub configuration.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

--attributevalues, -a
The attribute values. For example, homeaddress=here.

--datafile, -D
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

--realm, -e
The name of the realm. The sub configuration will be added to the global configuration if this option is not selected.

--subconfigid, -b
The ID of the parent configuration. The sub configuration will be added to the root configuration if this option is not selected.

--priority, -p
The priority of the sub configuration.

delete-svc

Delete the service from the server.

Syntax

ssoadm delete-svc options [--global-options]

Options

--servicename, -s
The name of the service.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--continue, -c]
Continue deleting services if one or more previous services can not be deleted.

[--deletepolicyrule, -r]
Delete the policy rule.

export-svc-cfg

Export the service configuration.

Syntax

ssoadm export-svc-cfg options [--global-options]

Options

-encryptsecret, -e
The secret key for encrypting a password.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--outfile, -o]
The filename where configuration is written.

get-attr-defs

Get the default attribute values in a schema.

Syntax

ssoadm get-attr-defs options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

[--attributenames, -a]
The names of the attribute.

get-revision-number

Get the service schema revision number.

Syntax

ssoadm get-revision-number options [--global-options]

Options

--servicename, -s
The name of the service.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

import-svc-cfg

Import the service configuration.

Syntax

ssoadm import-svc-cfg options [--global-options]

Options

-encryptsecret, -e
The secret key for decrypting the password.

--xmlfile, -X
The XML file that contains the configuration data.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

remove-attr-choicevals

Remove choice values from the attribute schema.

Syntax

ssoadm remove-attr-choicevals options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributename, -a
The name of the attribute.

--choicevalues, -k
The choice values. For example, inactive.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

remove-attr-defs

Remove the default attribute values in a schema.

Syntax

ssoadm remove-attr-defs options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributenames, -a
The names of the attribute.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

remove-sub-schema

Remove the sub schema.

Syntax

ssoadm remove-sub-schema options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--subschemanames, -a
The names of the sub schema to be removed.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the parent sub schema.

set-attr-any

Set any member of the attribute schema.

Syntax

ssoadm set-attr-any options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributeschema, -a
The name of the attribute schema.

--any, -y
The attribute schema. Any value.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

set-attr-bool-values

Set the boolean values of the attribute schema.

Syntax

ssoadm set-attr-bool-values options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributename, -a
The name of the attribute.

--truevalue, -e
The value for true.

--truei18nkey, -k
The internationalization key for the true value.

--falsevalue, -z
The value for false.

--falsei18nkey, -j
The internationalization key for the false value.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

set-attr-choicevals

Set choice values for the attribute schema.

Syntax

ssoadm set-attr-choicevals options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributename, -a
The name of the attribute.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--add, -p]
Set this flag to append the choice values to existing ones.

[--subschemaname, -c]
The name of the sub schema.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

[--choicevalues, -k]
The choice values. For example, 0102=Inactive.

set-attr-defs

Set the default attribute values in a schema.

Syntax

ssoadm set-attr-defs options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

[--attributevalues, -a]
The attribute values. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

set-attr-end-range

Set the attribute schema end range.

Syntax

ssoadm set-attr-end-range options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributeschema, -a
The name of the attribute schema.

--range, -r
The end range.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

set-attr-i18n-key

Set the i18nkey member of the attribute schema.

Syntax

ssoadm set-attr-i18n-key options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributeschema, -a
The name of the attribute schema.

--i18nkey, -k
The attribute schema i18n key.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

set-attr-start-range

Set the attribute schema start range.

Syntax

ssoadm set-attr-start-range options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributeschema, -a
The name of the attribute schema.

--range, -r
The start range.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

set-attr-syntax

Set the syntax member of the attribute schema.

Syntax

ssoadm set-attr-syntax options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributeschema, -a
The name of the attribute schema.

--syntax, -x
The attribute schema syntax.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

set-attr-type

Set the type member of the attribute schema.

Syntax

ssoadm set-attr-type options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributeschema, -a
The name of the attribute schema.

--type, -p
The attribute schema type.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

set-attr-ui-type

Set the UI type member of the attribute schema.

Syntax

ssoadm set-attr-ui-type options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributeschema, -a
The name of the attribute schema.

--uitype, -p
The attribute schema UI type.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

set-attr-validator

Set the attribute schema validator.

Syntax

ssoadm set-attr-validator options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributeschema, -a
The name of the attribute schema.

--validator, -r
The validator class name.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

set-attr-view-bean-url

Set the properties view bean URL member of the attribute schema.

Syntax

ssoadm set-attr-view-bean-url options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--attributeschema, -a
The name of the attribute schema.

--url, -r
The attribute schema properties view bean URL.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--subschemaname, -c]
The name of the sub schema.

set-inheritance

Set the inheritance value of the sub schema.

Syntax

ssoadm set-inheritance options [--global-options]

Options

--servicename, -s
The name of the service.

--schematype, -t
The type of schema.

--subschemaname, -c
The name of the sub schema.

--inheritance, -r
The value of inheritance.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

set-plugin-viewbean-url

Set the properties view bean URL of the plug-in schema.

Syntax

ssoadm set-plugin-viewbean-url options [--global-options]

Options

--servicename, -s
The name of the service.

--interfacename, -i
The name of the interface.

--pluginname, -g
The name of the plug-in.

--url, -r
The properties view bean URL.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

set-revision-number

Set the service schema revision number.

Syntax

ssoadm set-revision-number options [--global-options]

Options

--servicename, -s
The name of the service.

--revisionnumber, -r
The revision number.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

set-sub-cfg

Set the sub configuration.

Syntax

ssoadm set-sub-cfg options [--global-options]

Options

--servicename, -s
The name of the service.

--subconfigname, -g
The name of the sub configuration.

--operation, -o
The operation (either add/set/modify) to be performed on the sub configuration.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

[--realm, -e]
The name of the realm. The sub configuration will be added to the global configuration if this option is not selected.

Example

./ssoadm set-sub-cfg -u amadmin -f pwdfile -s iPlanetAMPlatformService -g "com-sun-identity-servers/http://identity.example.com:8080/openam" -o set -a serverid=05

Note that the forward slashes in the url have been replaced with '/'.

set-svc-i18n-key

Set the service schema i18n key.

Syntax

ssoadm set-svc-i18n-key options [--global-options]

Options

--servicename, -s
The name of the service.

--i18nkey, -k
The i18n key.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

set-svc-view-bean-url

Set the service schema properties view bean URL.

Syntax

ssoadm set-svc-view-bean-url options [--global-options]

Options

--servicename, -s
The name of the service.

--url, -r
The service schema properties view bean URL.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

update-svc

Update the service.

Syntax

ssoadm update-svc options [--global-options]

Options

--xmlfile, -X
The XML file that contains the schema.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--continue, -c]
Continue updating services if one or more previous services can not be updated.

Server Configuration

The following subcommands execute operations for configuring and managing OpenAM servers and sites within your enterprise.

add-site-members

Add members to a site.

Syntax

ssoadm add-site-members options [--global-options]

Options

--sitename, -s
The name of the site. For example, mysite.

--servernames, -e
The server name. For example, http://www.example.com:8800/openAM.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

add-site-sec-urls

Add site secondary URLs.

Syntax

ssoadm add-site-sec-urls options [--global-options]

Options

--sitename, -s
The name of the site. For example, mysite.

--secondaryurls, -a
The secondary URLs.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

clone-server

Clone a server instance.

Syntax

ssoadm clone-server options [--global-options]

Options

--servername, -a
The server name.

--cloneservername, -o
The clone server name.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

create-server

Create a server instance.

Syntax

ssoadm create-server options [--global-options]

Options

--servername, -a
The server name. For example, http://www.example.com:8800/openAM.

--serverconfigxml, -X
The server configuration XML filename.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

create-site

Create a site.

Syntax

ssoadm create-site options [--global-options]

Options

--sitename, -s
The site name. For example, mysite.

--siteurl, -i
The site's primary URL. For example, http://www.example.com:8800.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--secondaryurls, -a]
The secondary URLs.

delete-server

Delete a server instance.

Syntax

ssoadm delete-server options [--global-options]

Options

--servername, -s
The server name. For example, http://www.example.com:8800/openAM.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

delete-site

Delete a site.

Syntax

ssoadm delete-site options [--global-options]

Options

--sitename, -s
The site name. For example, mysite.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

export-server

Export a server instance.

Syntax

ssoadm export-server options [--global-options]

Options

--servername, -s
The server name. For example, http://www.example.com:8800/openAM.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--outfile, -o]}}
The filename where configuration is written.

get-svrcfg-xml

Get the server configuration XML from the centralized data store.

Syntax

ssoadm get-svrcfg-xml options [--global-options]

Options

--servername, -s
The server name.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--outfile, -o]
The filename where serverconfig.XML is written.

import-server

Import a server instance.

Syntax

ssoadm import-server options [--global-options]

Options

--servername, -s
The server name.

--xmlfile, -X
The XML file that contains the configuration.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

list-server-cfg

List the server configuration.

Syntax

ssoadm list-server-cfg options [--global-options]

Options

--servername, -s
The server name.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--withdefaults, -w]
Set this flag to get the default configuration.

list-servers

List all the server instances.

Syntax

ssoadm list-servers options [--global-options]

Options

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

list-sites

List all the sites.

Syntax

ssoadm list-sites options [--global-options]

Options

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

remove-server-cfg

Remove the server configuration.

Syntax

ssoadm remove-server-cfg options [--global-options]

Options

--servername, -s
The server name. For example, http://www.example.com:8080/opensso.

--propertynames, -a
The names of the properties to be removed.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

remove-site-members

Remove members from a site.

Syntax

ssoadm remove-site-members options [--global-options]

Options

--sitename, -s
The site name. For example, mysite.

--servernames, -e
The server name. For example, http://www.example.com:8800/openAM.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

remove-site-sec-urls

Remove the site secondary URLs.

Syntax

ssoadm remove-site-sec-urls options [--global-options]

Options

--sitename, -s
The site name. For example, mysite.

--secondaryurls, -a
The secondary URLs.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

set-site-pri-url

Set the primary URL of a site.

Syntax

ssoadm set-site-pri-url options [--global-options]

Options

--sitename, -s
The site name. For example, mysite.

--siteurl, -i
The site's primary URL. For example, http://www.example.com:8800.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

set-site-sec-urls

Set the site secondary URLs.

Syntax

ssoadm set-site-sec-urls options [--global-options]

Options

--sitename, -s
The site name. For example, mysite.

--secondaryurls, -a
The secondary URLs.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

set-svrcfg-xml

Set the server configuration XML to the centralized data store.

Syntax

ssoadm set-svrcfg-xml options [--global-options]

Options

--servername, -s
The server name.

--xmlfile, -X
The XML file that contains the configuration.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--outfile, -o]
The filename where serverconfig XML is written.

show-site

Show the site profile.

Syntax

ssoadm show-site options [--global-options]

Options

--sitename, -s
The site name. For example, mysite.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

show-site-members

Display the members of a site.

Syntax

ssoadm show-site-members options [--global-options]

Options

--sitename, -s
The site name. For example, mysite.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

update-server-cfg

Update the server configuration.

Syntax

ssoadm update-server-cfg options [--global-options]

Options

--servername, -s
The server name.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--attributevalues, -a]
The attribute values. For example, homeaddress=here.

[--datafile, -D]
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

Federation Management

The following subcommands execute operations for configuring and managing Federation-related data.

add-cot-member

Add a member to a circle of trust.

Syntax

ssoadm add-cot-member --options [--global-options]

Options

--cot, -t
The circle of trust.

-entityid, -y
The entity ID.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--realm, -e]
The name of the realm that contains the circle of trust.

[--spec, -c]
Specifies the metadata specification, either idff or saml2. The default is saml2.

create-cot

Create a circle of trust.

Syntax

ssoadm create-cot options [--global-options]

Options

--cot, -t
The circle of trust.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--realm, -e]
The name of the realm that contains the circle of trust.

[--trustedproviders, -k]
The trusted providers.

[--prefix, -p]
The prefix URL for the idp discovery reader and the writer URL.

create-metadata-templ

Create a new metadata template.

Syntax

ssoadm create-metadata-templ options [--global-options]

Options

-entityid, -y
The entity ID.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--meta-data-file, -m]
Specifies the filename for the standard metadata to be created.

[-extended-data-file, -x]
Specifies the filename for the extended metadata to be created.

[--serviceprovider, -s]
Specifies the metaAlias for the hosted service provider to be created. The format must be <realm name>/.

[--identityprovider, -i]
Specifies the metaAlias for the hosted identity provider to be created. The format must be <realm name>/.

[--attrqueryprovider, -S]
Specifies the metaAlias for the hosted attribute query provider to be created. The format must be <realm name>/.

[--attrauthority, -I]
Specifies the metaAlias for the hosted attribute authority to be created. The format must be <realm name>/.

[--authnauthority, -C]
Specifies the metaAlias for the hosted authentication authority to be created. The format must be <realm name>/.

[--xacmlpep, -e]
Specifies the metaAlias for the policy enforcement point to be created. The format must be <realm name>/.

[--xacmlpdp, -p]
Specifies the metaAlias for the policy decision point to be created. The format must be <realm name>/.

[--affiliation, -F]
Specifies the metaAlias for the hosted affiliation to be created. The format must be <realm name>/<identifier.

[--affiownerid, -N]
The affiliation owner ID.

[--affimembers, -M]
The affiliation members.

[--spscertalias, -a]
The service provider signing certificate alias.

[--idpscertalias, -b]
The identity provider signing certificate alias.

[--attrqscertalias, -A]
The attribute query provider signing certificate alias.

[--attrascertalias, -B]
The attribute authority signing certificate alias.

[--authnascertalias, -D]
The authentication authority signing certificate alias.

[--affiscertalias, -J]
The affiliation signing certificate alias.

[--xacmlpdpscertalias, -t]
The policy decision point signing certificate alias.

[--xacmlpepscertalias, -k]
The policy enforcement point signing certificate alias.

[--specertalias, -r]
The service provider encryption certificate alias.

[--idpecertalias, -g]
The identity provider encryption certificate alias.

[--attrqecertalias, -R]
The attribute query provider encryption certificate alias.

[--attraecertalias, -G]
The attribute authority encryption certificate alias.

[--authnaecertalias, -E]
The authentication authority encryption certificate alias.

[--affiecertalias, -K]
The affiliation encryption certificate alias.

[--xacmlpdpecertalias, -j]
The policy decision point encryption certificate alias.

[--xacmlpepecertalias, -z]
The policy enforcement point encryption certificate alias.

[--spec, -c]
Specifies the metadata specification, either idff or saml2. The default issaml2.

delete-cot

Delete the circle of trust.

Syntax

ssoadm delete-cot options [--global-options]

Options

--cot, -t
The circle of trust.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--realm, -e]
The name of the realm that contains the circle of trust.

delete-entity

Delete an entity.

Syntax

ssoadm delete-entity options [--global-options]

Options

-entityid, -y
The entity ID.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--realm, -e]
The name of the realm that contains the circle of trust.

[-extendedonly, -x]
Set this flag to only delete extended data.

[--spec, -c]
Specifies the metadata specification, either idff or saml2. The default is saml2.

do-bulk-federation

Perform bulk federation.

Syntax

ssoadm do-bulk-federation options [--global-options]

Options

--metaalias, -m
Specify a metaAlias for the local provider.

--remoteentityid, -r
The remote entity ID.

--useridmapping, -g
The filename that contains the local to remote user ID mapping. Format as follows: <local-user-id>|<remote-user-id>.

--nameidmapping, -e
The filename that will be created by this sub command. It contains remote the user ID to name the identifier.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--spec, -c]
Specifies the metadata specification, either idff or saml2. The default is saml2.

export-entity

Export an entity.

Syntax

ssoadm export-entity options [--global-options]

Options

-entityid, -y
The entity ID.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--realm, -e]
The name of the realm to which the entity belongs.

[--sign, -g]
Set this flag to sign the metadata.

[--meta-data-file, -m]
The metadata.

[-extended-data-file, -x]
The extended data.

[--spec, -c]
Specifies the metadata specification, either idff or saml2. The default is saml2.

import-bulk-fed-data

Import the bulk federation data that is generated by the do-bulk-federation sub command.

Syntax

ssoadm import-bulk-fed-data options [--global-options]

Options

--metaalias, -m
Specifies the metaAlias for the local provider.

--bulk-data-file, -g
The filename that contains the bulk federation data that is generated by the do-bulk-federation sub command.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--spec, -c]
Specifies the metadata specification, either idff or saml2. The default issaml2.

import-entity

Import an entity.

Syntax

ssoadm import-entity options [--global-options]

Options

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--realm, -e]
The name of the realm to which the entity belongs.

[--meta-data-file, -m]
Specifies the filename for the standard metadata to be imported.

[-extended-data-file, -x]
Specifies the filename for the extended entity configuration to be imported.

[--cot, -t]
The circle of trust.

[--spec, -c]
Specifies the metadata specification, either idff or saml2. The default issaml2.

list-cot-members

List the members in a circle of trust.

Syntax

ssoadm list-cot-members options [--global-options]

Options

--cot, -t
The circle of trust.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--realm, -e]
The name of the realm to which the circle of trust belongs.

[--spec, -c]
Specifies the metadata specification, either idff or saml2. The default issaml2.

list-cots

List the circles of trust.

Syntax

ssoadm list-cots options [--global-options]

Options

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--realm, -e]
The name of the realm to which the circle of trust belongs.

list-entities

List the entities under a realm.

Syntax

ssoadm list-entities options [--global-options]

Options

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--realm, -e]
The name of the realm to which the entities belong.

[--spec, -c]
Specifies the metadata specification, either idff or saml2. The default issaml2.

remove-cot-member

Remove a member from a circle of trust.

Syntax

ssoadm remove-cot-member options [--global-options]

Options

--cot, -t
The circle of trust.

-entityid, -y
The entity ID.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--realm, -e]
The name of the realm to which the circle of trust belongs.

[--spec, -c]
Specifies the metadata specification, either idff or saml2. The default issaml2.

update-entity-keyinfo

Update the XML signing and encryption key information in the hosted entity metadata.

Syntax

ssoadm update-entity-keyinfo options [--global-options]

Options

-entityid, -y
The entity ID.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[-realm, -e]
The realm in which the entity resides

[--spscertalias, -a]
The service provider signing certificate alias.

[--idpscertalias, -b]
The identity provider signing certificate alias.

[--specertalias, -r]
The service provider encryption certificate alias.

[--idpecertalias, -g]
The identity provider encryption certificate alias.

[--spec, -c]
Specifies the metadata specification, either idff or saml2. The default issaml2.

Miscellaneous

Lists the agent configurations.

add-res-bundle

Add a resource bundle to the data store.

Syntax

ssoadm add-res-bundle options [--global-options]

Options

--bundlename, -b
The resource bundle name.

--bundlefilename, -B
The resource bundle physical file name.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--bundlelocale, -o]
The locale of the resource bundle.

do-batch

Do multiple requests in one command.

Syntax

ssoadm do-batch options [--global-options]

Options

--batchfile, -D
The filename that contains the commands and options.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--batchstatus, -b]
The name of the status file.

[--continue, -c]
Continue processing the rest of the request when the previous request was erroneous.

do-migration70

Migrate the organization to a realm.

Syntax

ssoadm do-migration70 options [--global-options]

Options

-entrydn, -e
The distinguished name of the organization to be migrated.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

list-res-bundle

List a resource bundle in a data store.

Syntax

ssoadm list-res-bundle options [--global-options]

Options

--bundlename, -b
The resource bundle name.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--bundlelocale, -o]
The locale of the resource bundle.

list-sessions

List the sessions.

Syntax

ssoadm list-sessions options [--global-options]

Options

--host, -t
The host name.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

--filter, -x
Filter by a pattern.

[--quiet, -q]
Do not prompt for session invalidation.

remove-res-bundle

Remove a resource bundle from a data store.

Syntax

ssoadm remove-res-bundle options [--global-options]

Options

--bundlename, -b
The resource bundle name.

--adminid, -u
The administrator ID running the command.

--password-file, -f
The filename that contains the password of the administrator.

[--bundlelocale, -o]
The locale of the resource bundle.

Entitlements

add-app-priv

Add an application priviledge

Syntax

ssoadm add-app-priv options [--global-options]
Add an application privilege to delegate resources of a given application.

Options:

--realm, -e
Realm name

--name, -m
Name for the this delegation

--application, -t
Application name

--actions, -a
Possible values are READ, MODIFY, DELEGATE, ALL

--subjecttype, -b
Possible values are User or Group

--subjects, -s
Subject name

--adminid, -u
Administrator ID of running the command.

--password-file, -f
File name that contains password of administrator.

--description, -p
Description for the this delegation.

--resources, -r
Resources to delegate, All resources in the applications will be delegated if this option is absent.

create-xacml

Create policies in a realm with XACML input.

Syntax

ssoadm create-xacml options [--global-options]

Options:

--realm, -e
Name of realm.

--xmlfile, -X
Name of file that contains policy XACML definition.

--adminid, -u
Administrator ID of running the command.

--password-file, -f
File name that contains password of administrator.

delete-appls

Delete applications

Syntax

ssoadm delete-appls options [--global-options]

Options:

--realm, -e
Realm name

--names, -m
Application names

--adminid, -u
Administrator ID of running the command.

--password-file, -f
File name that contains password of administrator.

delete-xacml

Delete XACML policies from a realm.

Syntax

ssoadm delete-xacml options [--global-options]

Options:

--realm, -e
Name of realm.

--adminid, -u
Administrator ID of running the command.

--password-file, -f
File name that contains password of administrator.

--policynames, -p
Names of policy to be deleted.

--file, -D
Name of file that contains the policy names to be deleted.

list-appls

List applications in a realm.

Syntax

ssoadm list-appls options [--global-options]

Options:

--realm, -e
Realm name

--adminid, -u
Administrator ID of running the command.

--password-file, -f
File name that contains password of administrator.

list-xacml

Export policies in realm as XACML.

Syntax

ssoadm list-xacml options [--global-options]

Options:

--realm, -e
Name of realm.

--adminid, -u
Administrator ID of running the command.

--password-file, -f
File name that contains password of administrator.

--policynames, -p
Names of policy. This can be a wildcard. All policy definition in the realm will be returned if this option is not provided.

--outfile, -o
Filename where policy definition will be printed to. Definition will be printed in standard output if this option is not provided.

--namesonly, -n
Returns only names of matching policies. Policies are not returned.

set-appl

Set application attributes.

Syntax

ssoadm set-appl options [--global-options]

Options:

--realm, -e
Realm name

--name, -m
Application name

--adminid, -u
Administrator ID of running the command.

--password-file, -f
File name that contains password of administrator.

--attributevalues, -a
Attribute values e.g. applicationType=iPlanetAMWebAgentService.

--datafile, -D
Name of file that contains attribute values data. Possible attributes are resources, subjects, conditions, actions, searchIndexImpl, saveIndexImpl, resourceComparator, subjectAttributeNames and entitlementCombiner.

set-entitlement-conf

Set entitlements service configuration

Syntax

ssoadm set-entitlement-conf options [--global-options]

Options:

--adminid, -u
Administrator ID of running the command.

--password-file, -f
File name that contains password of administrator.

--attributevalues, -a
Attribute values e.g. evalThreadSize=4.

--datafile, -D
Name of file that contains attribute values data. Possible attributes are evalThreadSize, searchThreadSize, policyCacheSize and indexCacheSize.

show-app-priv

Show application privilege.

Syntax

ssoadm show-app-priv options [--global-options]

Options:

--realm, -e
Realm name

--name, -m
Name of application privilege

--adminid, -u
Administrator ID of running the command.

--password-file, -f
File name that contains password of administrator.

show-appl

Show application attributes.

Syntax

ssoadm show-appl options [--global-options]

Options:

--realm, -e
Realm name

--name, -m
Application name

--adminid, -u
Administrator ID of running the command.

--password-file, -f
File name that contains password of administrator.

show-entitlement-conf

Display entitlements service configuration

Syntax

ssoadm show-entitlement-conf options [--global-options]

Options:

--adminid, -u
Administrator ID of running the command.

--password-file, -f
File name that contains password of administrator.

update-app-priv

Update an application privilege

Syntax

ssoadm update-app-priv options [--global-options]

Options:

--realm, -e
Realm name

--name, -m
Name for the this delegation

--adminid, -u
Administrator ID of running the command.

--password-file, -f
File name that contains password of administrator.

--actions, -a
Possible values are READ, MODIFY, DELEGATE, ALL

--description, -p
Description for the this delegation.

update-app-priv-resources

Set application privilege resources.

Syntax

.
ssoadm update-app-priv-resources options [--global-options]

Options:

--realm, -e
Realm name

--name, -m
Name for the this delegation

--application, -t
Application name

--adminid, -u
Administrator ID of running the command.

--password-file, -f
File name that contains password of administrator.

--add, -p
Resources are added to this application if this option is set. Otherwise, resources in the current application privilege will be overwritten.

--resources, -r
Resources to delegate, All resources in the applications will be delegated if this option is absent.

update-app-priv-subjects

Set application privilege subjects.

Syntax

ssoadm update-app-priv-subjects options [--global-options]

Options:

--realm, -e
Realm name

--name, -m
Name for the this delegation

--subjecttype, -b
Possible values are User or Group

--subjects, -s
Subject name

--adminid, -u
Administrator ID of running the command.

--password-file, -f
File name that contains password of administrator.

--add, -p
Subjects are added to this application if this option is set. Otherwise, subjects in the current application privilege will be overwritten.

  • No labels