ssoadm
Configure OpenAM core services.
ssoadm [subcommand] [options]
Description
The ssoadm command provides a rich command-line interface for configuring OpenAM core services.
Also see the Installation Guide procedure, To Set Up Administration Tools for instructions on setting up the ssoadm command.
Global Options
The following global options are supported.
--debug, -dRun in debug mode. Results sent to the debug file.
--help, -?Print usage.
This command can also be used with subcommands as in ssoadm subcommand --help.
--information, -OPrint basic information about the tool.
--locale, -lName of the locale to display the results.
--verbose, -vRun in verbose mode. Results sent to standard output.
--version, -VPrint the version of this tool.
JVM Properties for ssoadm
You can specifically set the authentication module or chain for administrator logins using two JVM settings. These settings provide more control to select the exact authentication mechanisms to be used when ssoadm authenticates administrators in the top-level realm.
To set these properties, manually edit the following two JVM settings in the ssoadm or ssoadm.bat script.
-
org.forgerock.openam.ssoadm.auth.indexType Specifies the module or chain-based authentication in the top level realm. If the property is set, OpenAM uses only that authentication mechanism.
-
org.forgerock.openam.ssoadm.auth.indexName Specifies the actual name of the authentication module/chain as controlled by the
indexTypesetting. For example, if theindexTypeis set tomodule_instanceandindexNameis set toLDAP, then ssoadm authenticates using only the LDAP authentication module.
Subcommands: By Category
This section lists subcommands by category. The subsequent section lists subcommands in alphabetical order with a short description.
See ssoadm subcommand --help for detailed options.
Agent Configuration
Authentication Service Management
Data Store Management
Entitlements
Federation Management
Identity Management
Policy Management
Realm Management
Server Configuration
Service Management
To translate settings applied in OpenAM console to service attributes for use with ssoadm, login to the OpenAM console as as amadmin and access the services page, such as http://openam.example.com:8080/openam/services.jsp.
Subcommands: Alphabetical Order
The following subcommands are supported.
See also ssoadm subcommand --help.
ssoadm add-agent-to-grp
Add agents to a agent group.
Usage: ssoadm add-agent-to-grp --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--agentgroupname, -bName of agent group.
--agentnames, -sNames of agents.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm add-amsdk-idrepo-plugin
Create AMSDK IdRepo Plug-in
Usage: ssoadm add-amsdk-idrepo-plugin --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--basedn, -bDirectory Server base distinguished name.
--bind-password-file, -mFile that contains password of bind password.
--binddn, -eDirectory Server bind distinguished name.
--directory-servers, -sdirectory servers <protocol>://<hostname>:<port>. Can have multiple entries.
--dsame-password-file, -xFile that contains password of the dsameuser
--password-file, -fFile name that contains password of administrator.
--puser-password-file, -pFile that contains password of the puser
[--org, -o]Organization objects naming attribute (defaults to 'o')
[--user, -a]User objects naming attribute (defaults to 'uid')
ssoadm add-app-priv
Add a policy set privilege to delegate resources of a given policy set. Note that policy sets are cached for 30 minutes. Restart OpenAM to apply changes immediately.
Usage: ssoadm add-app-priv --options [--global-options]
--actions, -aPossible values are READ, MODIFY, DELEGATE, ALL
--adminid, -uAdministrator ID of running the command.
--application, -tPolicy set name
--name, -mName for the this delegation
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
--subjects, -sSubject name
--subjecttype, -bPossible values are User or Group
[--description, -p]Description for the this delegation.
[--resources, -r]Resources to delegate, All resources in the policy set will be delegated if this option is absent.
ssoadm add-attr-defs
Add default attribute values in schema.
Usage: ssoadm add-attr-defs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
[--attributevalues, -a]Attribute values e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values data.
[--subschemaname, -c]Name of sub schema.
ssoadm add-attrs
Add attribute schema to an existing service.
Usage: ssoadm add-attrs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributeschemafile, -FXML file containing attribute schema definition.
--password-file, -fFile name that contains password of administrator.
--schematype, -tSchema Type.
--servicename, -sService Name.
[--subschemaname, -c]Name of sub schema.
ssoadm add-auth-cfg-entr
Add authentication configuration entry
Usage: ssoadm add-auth-cfg-entr --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--criteria, -cCriteria for this entry. Possible values are REQUIRED, OPTIONAL, SUFFICIENT, REQUISITE
--modulename, -oModule Name.
--name, -mName of authentication configuration.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--options, -t]Options for this entry.
[--position, -p]Position where the new entry is to be added. This is option is not set, entry shall be added to the end of the list. If value of this option is 0, it will be inserted to the front of the list. If value is greater of the length of the list, entry shall be added to the end of the list.
ssoadm add-cot-member
Add a member to a circle of trust.
Usage: ssoadm add-cot-member --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--cot, -tCircle of Trust
--entityid, -yEntity ID
--password-file, -fFile name that contains password of administrator.
[--realm, -e]Realm where circle of trust resides
[--spec, -c]Specify metadata specification, either wsfed, idff or saml2, defaults to saml2
ssoadm add-member
Add an identity as member of another identity
Usage: ssoadm add-member --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity
--memberidname, -mName of identity that is member.
--memberidtype, -yType of Identity of member such as User, Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm add-plugin-interface
Add Plug-in interface to service.
Usage: ssoadm add-plugin-interface --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--i18nkey, -kPlug-in I18n Key.
--interfacename, -iName of interface.
--password-file, -fFile name that contains password of administrator.
--pluginname, -gName of Plug-in.
--servicename, -sName of service.
ssoadm add-plugin-schema
Add Plug-in schema to service.
Usage: ssoadm add-plugin-schema --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--classname, -cName of the Plugin Schema class implementation
--i18nkey, -kPlug-in I18n Key.
--i18nname, -nPlug-in I18n Name.
--interfacename, -iName of interface.
--password-file, -fFile name that contains password of administrator.
--pluginname, -gName of Plug-in.
--servicename, -sName of service.
ssoadm add-privileges
Add privileges to an identity. To add a privilege to all authenticated users, use the "All Authenticated Users" idname with "role" idtype.
Usage: ssoadm add-privileges --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity such as Role and Group.
--password-file, -fFile name that contains password of administrator.
--privileges, -gName of privileges to be added. Privilege names are AgentAdmin, ApplicationModifyAccess, ApplicationReadAccess, ApplicationTypesReadAccess, ConditionTypesReadAccess, DecisionCombinersReadAccess, EntitlementRestAccess, FederationAdmin, LogAdmin, LogRead, LogWrite, PolicyAdmin, PrivilegeRestAccess, PrivilegeRestReadAccess, RealmAdmin, RealmReadAccess, ResourceTypeModifyAccess, ResourceTypeReadAccess, SubjectAttributesReadAccess, and SubjectTypesReadAccess.
--realm, -eName of realm.
ssoadm add-res-bundle
Add resource bundle to data store.
Usage: ssoadm add-res-bundle --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--bundlefilename, -BResource bundle physical file name.
--bundlename, -bResource Bundle Name.
--password-file, -fFile name that contains password of administrator.
[--bundlelocale, -o]Locale of the resource bundle.
ssoadm add-site-members
Add members to a site.
Usage: ssoadm add-site-members --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servernames, -eServer names, e.g. http://www.example.com:8080/fam
--sitename, -sSite name, e.g. mysite
ssoadm add-site-sec-urls
Add Site Secondary URLs.
Usage: ssoadm add-site-sec-urls --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--secondaryurls, -aSecondary URLs
--sitename, -sSite name, e.g. mysite
ssoadm add-sub-schema
Add sub schema.
Usage: ssoadm add-sub-schema --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--filename, -FName of file that contains the schema
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
ssoadm add-svc-attrs
Add service attribute values in a realm. Long content for an attribute can be supplied in a file by appending '-file' to the attribute name, and giving the filename as the value.
Usage: ssoadm add-svc-attrs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--servicename, -sName of service.
[--attributevalues, -a]Attribute values to be added e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values to be added.
ssoadm add-svc-identity
Add Service to an identity
Usage: ssoadm add-svc-identity --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity such as User, Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--servicename, -sName of service.
[--attributevalues, -a]Attribute values e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values data.
ssoadm add-svc-realm
Add service to a realm. Long content for an attribute can be supplied in a file by appending '-file' to the attribute name, and giving the filename as the value.
Usage: ssoadm add-svc-realm --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--servicename, -sService Name.
[--attributevalues, -a]Attribute values e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values data.
ssoadm agent-remove-props
Remove agent's properties.
Usage: ssoadm agent-remove-props --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--agentname, -bName of agent.
--attributenames, -aproperties name(s).
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm clone-server
Clone a server instance.
Usage: ssoadm clone-server --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--cloneservername, -oClone server name
--password-file, -fFile name that contains password of administrator.
--servername, -sServer name
ssoadm create-agent
Create a new agent configuration.
Usage: ssoadm create-agent --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--agentname, -bName of agent.
--agenttype, -tType of agent. Possible values: J2EEAgent, WebAgent, 2.2_Agent, SharedAgent, OAuth2Client
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--agenturl, -g]Agent URL. e.g. http://www.agent.example:8080/agent. WebAgent does not take URL with path. e.g. http://www.agent.example:8080. This option is valid only for J2EEAgent and WebAgent agent types, and is required when the agent type is J2EEAgent or WebAgent.
[--attributevalues, -a]Properties e.g. sunIdentityServerDeviceKeyValue=https://agent.example.com:443/
[--datafile, -D]Name of file that contains properties.
[--serverurl, -s]Server URL. e.g. http://www.example.com:58080/openam. This option is valid only for J2EEAgent and WebAgent agent types, and is required when the agent type is J2EEAgent or WebAgent.
ssoadm create-agent-grp
Create a new agent group.
Usage: ssoadm create-agent-grp --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--agentgroupname, -bName of agent group.
--agenttype, -tType of agent group. e.g. J2EEAgent, WebAgent
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--attributevalues, -a]Properties e.g. homeaddress=here.
[--datafile, -D]Name of file that contains properties.
[--serverurl, -s]Server URL. e.g. http://www.example.com:58080/openam. This option is valid for J2EEAgent and WebAgent.
ssoadm create-appl
Create policy set.
Usage: ssoadm create-appl --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--applicationtype, -tApplication type name
--name, -mPolicy set name
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
[--attributevalues, -a]Attribute values e.g. applicationType=iPlanetAMWebAgentService.
[--datafile, -D]Name of file that contains attribute values data. Mandatory attributes are resources, subjects, conditions and entitlementCombiner. Optional ones are actions, searchIndexImpl, saveIndexImpl, resourceComparator, subjectAttributeNames.
ssoadm create-appl-type
Create application type.
Usage: ssoadm create-appl-type --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mApplication Type name
--password-file, -fFile name that contains password of administrator.
[--attributevalues, -a]Application Type attribute values e.g. actions=enabled=true.
[--datafile, -D]Name of file that contains attribute type values data. Mandatory attributes are actions, searchIndexImpl and saveIndexImpl. Optional are resourceComparator.
ssoadm create-auth-cfg
Create authentication configuration
Usage: ssoadm create-auth-cfg --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mName of authentication configuration.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm create-auth-instance
Create authentication module instance
Usage: ssoadm create-auth-instance --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--authtype, -tType of authentication module instance. Possible values include AD, Adaptive, Anonymous, Cert, DataStore, DeviceIdMatch, DeviceIdSave, Federation, HOTP, HTTPBasic, JDBC, LDAP, Membership, MSISDN, OATH, OAuth, OpenIdConnect, PersistentCookie, RADIUS, SAE, Scripted, WindowsDesktopSSO, NT, and WSSAuthModule.
--name, -mName of authentication module instance.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm create-cot
Create circle of trust.
Usage: ssoadm create-cot --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--cot, -tCircle of Trust
--password-file, -fFile name that contains password of administrator.
[--prefix, -p]Prefix URL for idp discovery reader and writer URL.
[--realm, -e]Realm where circle of trust resides
[--trustedproviders, -k]Trusted Providers
ssoadm create-datastore
Create data store under a realm
Usage: ssoadm create-datastore --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--datatype, -tType of datastore. Use the list-datastore-types subcommand to get a list of supported datastore types.
--name, -mName of datastore.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--attributevalues, -a]Attribute values e.g. sunIdRepoClass=com.sun.identity.idm.plugins.files.FilesRepo.
[--datafile, -D]Name of file that contains attribute values data.
ssoadm create-identity
Create identity in a realm
Usage: ssoadm create-identity --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity such as User, Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--attributevalues, -a]Attribute values e.g. sunIdentityServerDeviceStatus=Active.
[--datafile, -D]Name of file that contains attribute values data.
ssoadm create-metadata-templ
Create new metadata template.
Usage: ssoadm create-metadata-templ --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--entityid, -yEntity ID
--password-file, -fFile name that contains password of administrator.
[--affiecertalias, -K]Affiliation encryption certificate alias
[--affiliation, -F]Specify metaAlias for hosted affiliation. to be created. The format must be <realm name>/<identifier>
[--affimembers, -M]Affiliation members
[--affiownerid, -N]Affiliation Owner ID
[--affiscertalias, -J]Affiliation signing certificate alias
[--attraecertalias, -G]Attribute authority encryption certificate alias.
[--attrascertalias, -B]Attribute authority signing certificate alias
[--attrauthority, -I]Specify metaAlias for hosted attribute authority to be created. The format must be <realm name>/<identifier>.
[--attrqecertalias, -R]Attribute query provider encryption certificate alias
[--attrqscertalias, -A]Attribute query provider signing certificate alias
[--attrqueryprovider, -S]Specify metaAlias for hosted attribute query provider to be created. The format must be <realm name>/<identifier>.
[--authnaecertalias, -E]Authentication authority encryption certificate alias.
[--authnascertalias, -D]Authentication authority signing certificate alias
[--authnauthority, -C]Specify metaAlias for hosted authentication authority to be created. The format must be <realm name>/<identifier>.
[--extended-data-file, -x]Specify file name for the extended metadata to be created. XML will be displayed on terminal if this file name is not provided.
[--identityprovider, -i]Specify metaAlias for hosted identity provider to be created. The format must be <realm name>/<identifier>.
[--idpecertalias, -g]Identity provider encryption certificate alias.
[--idpscertalias, -b]Identity provider signing certificate alias
[--meta-data-file, -m]Specify file name for the standard metadata to be created. XML will be displayed on terminal if this file name is not provided.
[--serviceprovider, -s]Specify metaAlias for hosted service provider to be created. The format must be <realm name>/<identifier>.
[--specertalias, -r]Service provider encryption certificate alias
[--spec, -c]Specify metadata specification, either wsfed, idff or saml2, defaults to saml2
[--spscertalias, -a]Service provider signing certificate alias
[--xacmlpdpecertalias, -j]Policy decision point encryption certificate alias
[--xacmlpdpscertalias, -t]Policy decision point signing certificate alias
[--xacmlpdp, -p]Specify metaAlias for policy decision point to be created. The format must be <realm name>/<identifier>.
[--xacmlpepecertalias, -z]Policy enforcement point encryption certificate alias
[--xacmlpepscertalias, -k]Policy enforcement point signing certificate alias
[--xacmlpep, -e]Specify metaAlias for policy enforcement point to be created. The format must be <realm name>/<identifier>.
ssoadm create-realm
Create realm.
Usage: ssoadm create-realm --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm to be created.
ssoadm create-server
Create a server instance.
Usage: ssoadm create-server --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--serverconfigxml, -XServer Configuration XML file name.
--servername, -sServer name, e.g. http://www.example.com:8080/fam
[--attributevalues, -a]Attribute values e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values data.
ssoadm create-site
Create a site.
Usage: ssoadm create-site --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--sitename, -sSite name, e.g. mysite
--siteurl, -iSite's primary URL, e.g. http://www.example.com:8080
[--secondaryurls, -a]Secondary URLs
ssoadm create-sub-cfg
Create a new sub configuration. Long content for an attribute can be supplied in a file by appending '-file' to the attribute name, and giving the filename as the value.
Usage: ssoadm create-sub-cfg --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servicename, -sName of service.
--subconfigname, -gSub-schema name of (or path to) the type of sub-configuration being added.
[--attributevalues, -a]Attribute values e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values data.
[--priority, -p]Priority of the sub configuration.
[--realm, -e]Name of realm (Sub Configuration shall be added to global configuration if this option is not provided).
[--subconfigid, -b]User-specfieid ID of (or path to) the sub-configuration.
ssoadm create-svc
Create a new service in server.
Usage: ssoadm create-svc --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--xmlfile, -XXML file(s) that contains schema.
[--continue, -c]Continue adding service if one or more previous service cannot be added.
ssoadm create-svrcfg-xml
Create serverconfig.xml file. No options are required for flat file configuration data store.
Usage: ssoadm create-svrcfg-xml --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
[--basedn, -b]Directory Server base distinguished name.
[--dsadmin, -a]Directory Server administrator distinguished name
[--dshost, -t]Directory Server host name
[--dspassword-file, -x]File that contains Directory Server administrator password
[--dsport, -p]Directory Server port number
[--outfile, -o]File name where serverconfig XML is written.
ssoadm create-xacml
Create policies in a realm with XACML input.
Usage: ssoadm create-xacml --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--xmlfile, -XFile that contains the policy XACML definition. In the console, paste the XML into the text field instead.
[--dryrun, -n]Provide a summary of the policies which would be updated, and those which would be added, as a result of the create-xacml command without the 'dryrun' option specified. Nothing will be updated or added when using this option.
[--outfile, -o]Filename where the output of a 'dryrun' command will be sent to. If no 'dryrun' command is specified, the outfile will not be used for anything.
ssoadm delete-agent-grps
Delete agent groups.
Usage: ssoadm delete-agent-grps --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--agentgroupnames, -s]Separate multiple agent group names with spaces.
[--file, -D]File containing agent group names, with multiple group names separated by spaces.
ssoadm delete-agents
Delete agent configurations.
Usage: ssoadm delete-agents --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--agentnames, -s]Separate multiple agent names with spaces.
[--file, -D]File containing agent names, with multiple agent names separated by spaces.
ssoadm delete-appl-types
Delete application types.
Usage: ssoadm delete-appl-types --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--names, -mApplication Type names
--password-file, -fFile name that contains password of administrator.
ssoadm delete-appls
Delete policy sets. Note that policy sets are cached for 30 minutes. Restart OpenAM to apply changes immediately.
Usage: ssoadm delete-appls --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--names, -mPolicy set names
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
ssoadm delete-attr
Delete attribute schemas from a service
Usage: ssoadm delete-attr --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributeschema, -aName of attribute schema to be removed.
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
[--subschemaname, -c]Name of sub schema.
ssoadm delete-attr-def-values
Delete attribute schema default values.
Usage: ssoadm delete-attr-def-values --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributeschema, -aName of attribute schema
--defaultvalues, -eDefault value(s) to be deleted
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
[--subschemaname, -c]Name of sub schema.
ssoadm delete-auth-cfgs
Delete authentication configurations
Usage: ssoadm delete-auth-cfgs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--names, -mName of authentication configurations.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm delete-auth-instances
Delete authentication instances
Usage: ssoadm delete-auth-instances --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--names, -mName of authentication instances.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm delete-cot
Delete circle of trust.
Usage: ssoadm delete-cot --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--cot, -tCircle of Trust
--password-file, -fFile name that contains password of administrator.
[--realm, -e]Realm where circle of trust resides
ssoadm delete-datastores
Delete data stores under a realm
Usage: ssoadm delete-datastores --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--names, -mNames of datastore.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm delete-entity
Delete entity.
Usage: ssoadm delete-entity --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--entityid, -yEntity ID
--password-file, -fFile name that contains password of administrator.
[--extendedonly, -x]Set to flag to delete only extended data.
[--realm, -e]Realm where data resides
[--spec, -c]Specify metadata specification, either wsfed, idff or saml2, defaults to saml2
ssoadm delete-identities
Delete identities in a realm
Usage: ssoadm delete-identities --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idtype, -tType of Identity such as User, Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--file, -D]Name of file that contains the identity names to be deleted.
[--idnames, -i]Names of identites.
ssoadm delete-realm
Delete realm.
Usage: ssoadm delete-realm --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm to be deleted.
[--recursive, -r]Delete descendent realms recursively.
ssoadm delete-realm-attr
Delete attribute from a realm.
Usage: ssoadm delete-realm-attr --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributename, -aName of attribute to be removed.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--servicename, -sName of service.
ssoadm delete-server
Delete a server instance.
Usage: ssoadm delete-server --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servername, -sServer name, e.g. http://www.example.com:8080/fam
ssoadm delete-site
Delete a site.
Usage: ssoadm delete-site --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--sitename, -sSite name, e.g. mysite
ssoadm delete-sub-cfg
Remove Sub Configuration.
Usage: ssoadm delete-sub-cfg --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servicename, -sName of service.
--subconfigname, -gName of sub configuration.
[--realm, -e]Name of realm (Sub Configuration shall be deleted from the global configuration if this option is not provided).
ssoadm delete-svc
Delete service from the server.
Usage: ssoadm delete-svc --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servicename, -sService Name(s).
[--continue, -c]Continue deleting service if one or more previous services cannot be deleted.
[--deletepolicyrule, -r]Delete policy rule.
ssoadm delete-xacml
Delete XACML policies from a realm.
Usage: ssoadm delete-xacml --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--file, -D]Name of file that contains the policy names to be deleted.
[--policynames, -p]Names of policy to be deleted.
ssoadm do-batch
Do multiple requests in one command.
Usage: ssoadm do-batch --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--batchfile, -ZName of file that contains commands and options.
--password-file, -fFile name that contains password of administrator.
[--batchstatus, -b]Name of status file.
[--continue, -c]Continue processing the rest of the request when preceeding request was erroneous.
ssoadm do-bulk-federation
Perform bulk federation.
Usage: ssoadm do-bulk-federation --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--metaalias, -mSpecify metaAlias for local provider.
--nameidmapping, -eName of file that will be created by this sub command. It contains remote user Id to name identifier. It shall be used by remote provider to update user profile.
--password-file, -fFile name that contains password of administrator.
--remoteentityid, -rRemote entity Id
--useridmapping, -gFile name of local to remote user Id mapping. Format <local-user-id>|<remote-user-id>
[--spec, -c]Specify metadata specification, either idff or saml2, defaults to saml2
ssoadm do-migration70
Migrate organization to realm.
Usage: ssoadm do-migration70 --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--entrydn, -eDistinguished name of organization to be migrated.
--password-file, -fFile name that contains password of administrator.
ssoadm embedded-status
Status of embedded store.
Usage: ssoadm embedded-status --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--port, -pEmbedded store port
[--password, -w]Embedded store password
ssoadm export-entity
Export entity.
Usage: ssoadm export-entity --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--entityid, -yEntity ID
--password-file, -fFile name that contains password of administrator.
[--extended-data-file, -x]Extended data
[--meta-data-file, -m]Metadata
[--realm, -e]Realm where data resides
[--sign, -g]Set this flag to sign the metadata
[--spec, -c]Specify metadata specification, either wsfed, idff or saml2, defaults to saml2
ssoadm export-server
Export a server instance.
Usage: ssoadm export-server --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servername, -sServer name
[--outfile, -o]Filename where configuration was written.
ssoadm export-svc-cfg
Export service configuration. In production environments, you should back up the service configuration using file system utilities or the export-ldif command. Note that export-ldif/import-ldif commands must be on the same deployment where the encryption keys are located.
Usage: ssoadm export-svc-cfg --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--encryptsecret, -eSecret key for encrypting password. Any arbitrary value can be specified.
--password-file, -fFile name that contains password of administrator.
[--outfile, -o]Filename where configuration was written.
ssoadm get-attr-choicevals
Get choice values of attribute schema.
Usage: ssoadm get-attr-choicevals --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributename, -aName of attribute.
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
[--subschemaname, -c]Name of sub schema.
ssoadm get-attr-defs
Get default attribute values in schema.
Usage: ssoadm get-attr-defs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema. One of dynamic, global, or organization (meaning realm).
--servicename, -sName of service.
[--attributenames, -a]Attribute name(s).
[--subschemaname, -c]Name of sub schema.
ssoadm get-auth-cfg-entr
Get authentication configuration entries
Usage: ssoadm get-auth-cfg-entr --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mName of authentication configuration.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm get-auth-instance
Get authentication instance values
Usage: ssoadm get-auth-instance --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mName of authentication instance.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm get-identity
Get identity property values
Usage: ssoadm get-identity --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity such as User, Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--attributenames, -a]Attribute name(s). All attribute values shall be returned if the option is not provided.
ssoadm get-identity-svcs
Get the service in an identity
Usage: ssoadm get-identity-svcs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity such as User, Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm get-realm
Get realm property values.
Usage: ssoadm get-realm --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--servicename, -sName of service.
ssoadm get-realm-svc-attrs
Get realm's service attribute values.
Usage: ssoadm get-realm-svc-attrs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--servicename, -sName of service.
ssoadm get-recording-status
Get the status of recording operations.
Usage: ssoadm get-recording-status --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servername, -sServer name, e.g. http://openam.example.com:8080/openam
ssoadm get-revision-number
Get service schema revision number.
Usage: ssoadm get-revision-number --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servicename, -sName of service.
ssoadm get-sub-cfg
Get sub configuration.
Usage: ssoadm get-sub-cfg --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servicename, -sName of service.
--subconfigname, -gName of sub configuration.
[--realm, -e]Name of realm (Sub Configuration shall be retrieved from the global configuration if this option is not provided).
ssoadm get-svrcfg-xml
Get server configuration XML from centralized data store
Usage: ssoadm get-svrcfg-xml --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servername, -sServer name, e.g. http://www.example.com:8080/fam
[--outfile, -o]File name where serverconfig XML is written.
ssoadm import-bulk-fed-data
Import bulk federation data which is generated by 'do-bulk-federation' sub command.
Usage: ssoadm import-bulk-fed-data --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--bulk-data-file, -gFile name of bulk federation data which is generated by 'do-bulk-federation' sub command.
--metaalias, -mSpecify metaAlias for local provider.
--password-file, -fFile name that contains password of administrator.
[--spec, -c]Specify metadata specification, either idff or saml2, defaults to saml2
ssoadm import-entity
Import entity.
Usage: ssoadm import-entity --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
[--cot, -t]Specify name of the Circle of Trust this entity belongs.
[--extended-data-file, -x]Specify file name for the extended entity configuration to be imported.<web>Extended entity configuration to be imported.
[--meta-data-file, -m]Specify file name for the standard metadata to be imported.<web>Standard metadata to be imported.
[--realm, -e]Realm where entity resides.
[--spec, -c]Specify metadata specification, either wsfed, idff or saml2, defaults to saml2
ssoadm import-server
Import a server instance.
Usage: ssoadm import-server --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servername, -sServer name
--xmlfile, -XXML file that contains configuration.
ssoadm import-svc-cfg
Import service configuration. In production environments, you should restore the service configuration using file system utilities or the import-ldif command. Note that import-ldif/export-ldif commands must be on the same deployment where the encryption keys are located.
Usage: ssoadm import-svc-cfg --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--encryptsecret, -eSecret key for decrypting password.
--password-file, -fFile name that contains password of administrator.
--xmlfile, -XXML file that contains configuration data.
ssoadm list-agent-grp-members
List agents in agent group.
Usage: ssoadm list-agent-grp-members --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--agentgroupname, -bName of agent group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--filter, -x]Filter (Pattern).
ssoadm list-agent-grps
List agent groups.
Usage: ssoadm list-agent-grps --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--agenttype, -t]Type of agent. e.g. J2EEAgent, WebAgent
[--filter, -x]Filter (Pattern).
ssoadm list-agents
List agent configurations.
Usage: ssoadm list-agents --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--agenttype, -t]Type of agent. e.g. J2EEAgent, WebAgent
[--filter, -x]Filter (Pattern).
ssoadm list-app-privs
List policy set privileges in a realm.
Usage: ssoadm list-app-privs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
ssoadm list-appl-types
List application types.
Usage: ssoadm list-appl-types --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
ssoadm list-appls
List policy set in a realm.
Usage: ssoadm list-appls --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
ssoadm list-auth-cfgs
List authentication configurations
Usage: ssoadm list-auth-cfgs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm list-auth-instances
List authentication instances
Usage: ssoadm list-auth-instances --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm list-cot-members
List the members in a circle of trust.
Usage: ssoadm list-cot-members --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--cot, -tCircle of Trust
--password-file, -fFile name that contains password of administrator.
[--realm, -e]Realm where circle of trust resides
[--spec, -c]Specify metadata specification, either wsfed, idff or saml2, defaults to saml2
ssoadm list-cots
List circles of trust.
Usage: ssoadm list-cots --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
[--realm, -e]Realm where circle of trusts reside
ssoadm list-datastore-types
List the supported data store types
Usage: ssoadm list-datastore-types --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
ssoadm list-datastores
List data stores under a realm
Usage: ssoadm list-datastores --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm list-entities
List entities under a realm.
Usage: ssoadm list-entities --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
[--realm, -e]Realm where entities reside.
[--spec, -c]Specify metadata specification, either wsfed, idff or saml2, defaults to saml2
ssoadm list-identities
List identities in a realm
Usage: ssoadm list-identities --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--filter, -xFilter (Pattern).
--idtype, -tType of Identity such as User, Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm list-identity-assignable-svcs
List the assignable service to an identity
Usage: ssoadm list-identity-assignable-svcs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity such as User, Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm list-realm-assignable-svcs
List the assignable services to a realm.
Usage: ssoadm list-realm-assignable-svcs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm list-realms
List realms by name.
Usage: ssoadm list-realms --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm where search begins.
[--filter, -x]Filter (Pattern).
[--recursive, -r]Search recursively
ssoadm list-res-bundle
List resource bundle in data store.
Usage: ssoadm list-res-bundle --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--bundlename, -bResource Bundle Name.
--password-file, -fFile name that contains password of administrator.
[--bundlelocale, -o]Locale of the resource bundle.
ssoadm list-server-cfg
List server configuration.
Usage: ssoadm list-server-cfg --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servername, -sServer name, e.g. http://www.example.com:8080/fam or enter default to list default server configuration.
[--withdefaults, -w]Set this flag to get default configuration.
ssoadm list-servers
List all server instances.
Usage: ssoadm list-servers --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
ssoadm list-sessions
List stateful sessions.
Usage: ssoadm list-sessions --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--host, -tHost Name.
--password-file, -fFile name that contains password of administrator.
[--filter, -x]Filter (Pattern).
[--quiet, -q]Do not prompt for session invalidation.
ssoadm list-sites
List all sites.
Usage: ssoadm list-sites --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
ssoadm list-xacml
Export policies in realm as XACML.
Usage: ssoadm list-xacml --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--namesonly, -n]Returns only names of matching policies. Policies are not returned.
[--outfile, -o]Filename where policy definition will be printed to. Definition will be printed in standard output if this option is not provided.
[--policynames, -p]Names of policy. This can be a wildcard. All policy definition in the realm will be returned if this option is not provided.
ssoadm policy-export
Export policy configuration for a given realm
Usage: ssoadm policy-export --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--jsonfile, -JJSON file for which to write the policy model to.
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
--servername, -sServer name, e.g. http://openam.example.com:8080/openam
ssoadm policy-import
Import policy model into a given realm
Usage: ssoadm policy-import --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--jsonfile, -JJSON file containing the policy model to be imported.
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
--servername, -sServer name, e.g. http://openam.example.com:8080/openam
ssoadm register-auth-module
Registers authentication module.
Usage: ssoadm register-auth-module --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--authmodule, -aJava class name of authentication module.
--password-file, -fFile name that contains password of administrator.
ssoadm remove-agent-from-grp
Remove agents from a agent group.
Usage: ssoadm remove-agent-from-grp --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--agentgroupname, -bName of agent group.
--agentnames, -sNames of agents.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm remove-app-priv-resources
Remove policy set privilege resources. Note that policy sets are cached for 30 minutes. Restart OpenAM to apply changes immediately.
Usage: ssoadm remove-app-priv-resources --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--application, -tPolicy set name
--name, -mName for the this delegation
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
[--resources, -r]Resources to removed, All resources in the policy set will be removed if this option is absent.
ssoadm remove-app-priv-subjects
Remove policy set privilege subjects.
Usage: ssoadm remove-app-priv-subjects --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mName for the this delegation
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
--subjects, -sSubject name
--subjecttype, -bPossible values are User or Group
ssoadm remove-app-privs
Remove policy set privileges.
Usage: ssoadm remove-app-privs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--names, -mNames of policy set privileges to be removed
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
ssoadm remove-attr-choicevals
Remove choice values from attribute schema.
Usage: ssoadm remove-attr-choicevals --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributename, -aName of attribute.
--choicevalues, -kChoice values e.g. Inactive
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
[--subschemaname, -c]Name of sub schema.
ssoadm remove-attr-defs
Remove default attribute values in schema.
Usage: ssoadm remove-attr-defs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributenames, -aAttribute name(s).
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
[--subschemaname, -c]Name of sub schema.
ssoadm remove-cot-member
Remove a member from a circle of trust.
Usage: ssoadm remove-cot-member --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--cot, -tCircle of Trust
--entityid, -yEntity ID
--password-file, -fFile name that contains password of administrator.
[--realm, -e]Realm where circle of trust resides
[--spec, -c]Specify metadata specification, either wsfed, idff or saml2, defaults to saml2
ssoadm remove-member
Remove membership of identity from another identity
Usage: ssoadm remove-member --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity
--memberidname, -mName of identity that is member.
--memberidtype, -yType of Identity of member such as User, Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm remove-plugin-schema
Add Plug-in interface to service.
Usage: ssoadm remove-plugin-schema --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--interfacename, -iName of interface.
--password-file, -fFile name that contains password of administrator.
--pluginname, -gName of Plug-in.
--servicename, -sName of service.
ssoadm remove-privileges
Remove privileges from an identity
Usage: ssoadm remove-privileges --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity such as Role and Group.
--password-file, -fFile name that contains password of administrator.
--privileges, -gName of privileges to be removed. Privilege names are AgentAdmin, ApplicationModifyAccess, ApplicationReadAccess, ApplicationTypesReadAccess, ConditionTypesReadAccess, DecisionCombinersReadAccess, EntitlementRestAccess, FederationAdmin, LogAdmin, LogRead, LogWrite, PolicyAdmin, PrivilegeRestAccess, PrivilegeRestReadAccess, RealmAdmin, RealmReadAccess, ResourceTypeModifyAccess, ResourceTypeReadAccess, SubjectAttributesReadAccess, and SubjectTypesReadAccess.
--realm, -eName of realm.
ssoadm remove-res-bundle
Remove resource bundle from data store.
Usage: ssoadm remove-res-bundle --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--bundlename, -bResource Bundle Name.
--password-file, -fFile name that contains password of administrator.
[--bundlelocale, -o]Locale of the resource bundle.
ssoadm remove-server-cfg
Remove server configuration.
Usage: ssoadm remove-server-cfg --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--propertynames, -aName of properties to be removed.
--servername, -sServer name, e.g. http://www.example.com:8080/fam or enter default to remove default server configuration.
ssoadm remove-site-members
Remove members from a site.
Usage: ssoadm remove-site-members --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servernames, -eServer names, e.g. http://www.example.com:8080/fam
--sitename, -sSite name, e.g. mysite
ssoadm remove-site-sec-urls
Remove Site Secondary URLs.
Usage: ssoadm remove-site-sec-urls --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--secondaryurls, -aSecondary URLs
--sitename, -sSite name, e.g. mysite
ssoadm remove-sub-schema
Remove sub schema.
Usage: ssoadm remove-sub-schema --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
--subschemanames, -aName(s) of sub schema to be removed.
[--subschemaname, -c]Name of parent sub schema.
ssoadm remove-svc-attrs
Remove service attribute values in a realm.
Usage: ssoadm remove-svc-attrs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--servicename, -sName of service.
[--attributevalues, -a]Attribute values to be removed e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values to be removed.
ssoadm remove-svc-identity
Remove Service from an identity
Usage: ssoadm remove-svc-identity --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity such as User, Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--servicename, -sName of service.
ssoadm remove-svc-realm
Remove service from a realm.
Usage: ssoadm remove-svc-realm --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--servicename, -sName of service to be removed.
ssoadm set-appl
Set policy set attributes. Note that policy sets are cached for 30 minutes. Restart OpenAM to apply changes immediately.
Usage: ssoadm set-appl --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mPolicy set name
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
[--attributevalues, -a]Attribute values e.g. applicationType=iPlanetAMWebAgentService.
[--datafile, -D]Name of file that contains attribute values data. Possible attributes are resources, subjects, conditions, actions, searchIndexImpl, saveIndexImpl, resourceComparator, subjectAttributeNames and entitlementCombiner.
ssoadm set-attr-any
Set any member of attribute schema.
Usage: ssoadm set-attr-any --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--any, -yAttribute Schema Any value
--attributeschema, -aName of attribute schema
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
[--subschemaname, -c]Name of sub schema.
ssoadm set-attr-bool-values
Set boolean values of attribute schema.
Usage: ssoadm set-attr-bool-values --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributename, -aName of attribute.
--falsei18nkey, -jInternationalization key for false value.
--falsevalue, -zValue for false.
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
--truei18nkey, -kInternationalization key for true value.
--truevalue, -eValue for true.
[--subschemaname, -c]Name of sub schema.
ssoadm set-attr-choicevals
Set choice values of attribute schema.
Usage: ssoadm set-attr-choicevals --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributename, -aName of attribute.
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
[--add, -p]Set this flag to append the choice values to existing ones.
[--choicevalues, -k]Choice value e.g. o102=Inactive.
[--datafile, -D]Name of file that contains attribute values data.
[--subschemaname, -c]Name of sub schema.
ssoadm set-attr-defs
Set default attribute values in schema.
Usage: ssoadm set-attr-defs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
[--attributevalues, -a]Attribute values e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values data.
[--subschemaname, -c]Name of sub schema.
ssoadm set-attr-end-range
Set attribute schema end range.
Usage: ssoadm set-attr-end-range --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributeschema, -aName of attribute schema
--password-file, -fFile name that contains password of administrator.
--range, -rEnd range
--schematype, -tType of schema.
--servicename, -sName of service.
[--subschemaname, -c]Name of sub schema.
ssoadm set-attr-i18n-key
Set i18nKey member of attribute schema.
Usage: ssoadm set-attr-i18n-key --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributeschema, -aName of attribute schema
--i18nkey, -kAttribute Schema I18n Key
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
[--subschemaname, -c]Name of sub schema.
ssoadm set-attr-start-range
Set attribute schema start range.
Usage: ssoadm set-attr-start-range --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributeschema, -aName of attribute schema
--password-file, -fFile name that contains password of administrator.
--range, -rStart range
--schematype, -tType of schema.
--servicename, -sName of service.
[--subschemaname, -c]Name of sub schema.
ssoadm set-attr-syntax
Set syntax member of attribute schema.
Usage: ssoadm set-attr-syntax --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributeschema, -aName of attribute schema
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
--syntax, -xAttribute Schema Syntax
[--subschemaname, -c]Name of sub schema.
ssoadm set-attr-type
Set type member of attribute schema.
Usage: ssoadm set-attr-type --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributeschema, -aName of attribute schema
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
--type, -pAttribute Schema Type
[--subschemaname, -c]Name of sub schema.
ssoadm set-attr-ui-type
Set UI type member of attribute schema.
Usage: ssoadm set-attr-ui-type --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributeschema, -aName of attribute schema
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
--uitype, -pAttribute Schema UI Type
[--subschemaname, -c]Name of sub schema.
ssoadm set-attr-validator
Set attribute schema validator.
Usage: ssoadm set-attr-validator --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributeschema, -aName of attribute schema
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
--validator, -rvalidator class name
[--subschemaname, -c]Name of sub schema.
ssoadm set-attr-view-bean-url
Set properties view bean URL member of attribute schema.
Usage: ssoadm set-attr-view-bean-url --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--attributeschema, -aName of attribute schema
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
--url, -rAttribute Schema Properties View Bean URL
[--subschemaname, -c]Name of sub schema.
ssoadm set-entitlement-conf
Set entitlements service configuration
Usage: ssoadm set-entitlement-conf --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
[--attributevalues, -a]Attribute values e.g. evalThreadSize=4.
[--datafile, -D]Name of file that contains attribute values data. Possible attributes are evalThreadSize, searchThreadSize, policyCacheSize and indexCacheSize.
ssoadm set-identity-attrs
Set attribute values of an identity
Usage: ssoadm set-identity-attrs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity such as User, Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--attributevalues, -a]Attribute values e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values data.
ssoadm set-identity-svc-attrs
Set service attribute values of an identity
Usage: ssoadm set-identity-svc-attrs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity such as User, Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--servicename, -sName of service.
[--attributevalues, -a]Attribute values e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values data.
ssoadm set-inheritance
Set Inheritance value of Sub Schema.
Usage: ssoadm set-inheritance --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--inheritance, -rValue of Inheritance.
--password-file, -fFile name that contains password of administrator.
--schematype, -tType of schema.
--servicename, -sName of service.
--subschemaname, -cName of sub schema.
ssoadm set-plugin-viewbean-url
Set properties view bean URL of plug-in schema.
Usage: ssoadm set-plugin-viewbean-url --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--interfacename, -iName of interface.
--password-file, -fFile name that contains password of administrator.
--pluginname, -gName of Plug-in.
--servicename, -sName of service.
--url, -rProperties view bean URL.
ssoadm set-realm-attrs
Set attribute values of a realm.
Usage: ssoadm set-realm-attrs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--servicename, -sName of service.
[--append, -p]Set this flag to append the values to existing ones.
[--attributevalues, -a]Attribute values e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values data.
ssoadm set-realm-svc-attrs
Set attribute values of a service that is assigned to a realm. Long content for an attribute can be supplied in a file by appending '-file' to the attribute name, and giving the filename as the value.
Usage: ssoadm set-realm-svc-attrs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--servicename, -sName of service.
[--append, -p]Set this flag to append the values to existing ones.
[--attributevalues, -a]Attribute values e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values data.
ssoadm set-revision-number
Set service schema revision number.
Usage: ssoadm set-revision-number --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--revisionnumber, -rRevision Number
--servicename, -sName of service.
ssoadm set-site-id
Set the ID of a site.
Usage: ssoadm set-site-id --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--siteid, -iSite's ID, e.g. 10
--sitename, -sSite name, e.g. mysite
ssoadm set-site-pri-url
Set the primary URL of a site.
Usage: ssoadm set-site-pri-url --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--sitename, -sSite name, e.g. mysite
--siteurl, -iSite's primary URL, e.g. http://site.www.example.com:8080
ssoadm set-site-sec-urls
Set Site Secondary URLs.
Usage: ssoadm set-site-sec-urls --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--secondaryurls, -aSecondary URLs
--sitename, -sSite name, e.g. mysite
ssoadm set-sub-cfg
Set sub configuration. Long content for an attribute can be supplied in a file by appending '-file' to the attribute name, and giving the filename as the value.
Usage: ssoadm set-sub-cfg --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--operation, -oOperation (either add/set/delete) to be performed on the sub configuration.
--password-file, -fFile name that contains password of administrator.
--servicename, -sName of service.
--subconfigname, -gName of sub configuration.
[--attributevalues, -a]Attribute values e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values data.
[--realm, -e]Name of realm (Sub Configuration shall be set to global configuration if this option is not provided).
ssoadm set-svc-attrs
Set service attribute values in a realm. Long content for an attribute can be supplied in a file by appending '-file' to the attribute name, and giving the filename as the value.
Usage: ssoadm set-svc-attrs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--servicename, -sName of service.
[--attributevalues, -a]Attribute values e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values data.
ssoadm set-svc-i18n-key
Set service schema i18n key.
Usage: ssoadm set-svc-i18n-key --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--i18nkey, -kI18n Key.
--password-file, -fFile name that contains password of administrator.
--servicename, -sName of service.
ssoadm set-svc-view-bean-url
Set service schema properties view bean URL.
Usage: ssoadm set-svc-view-bean-url --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servicename, -sName of service.
--url, -rService Schema Properties View Bean URL
ssoadm set-svrcfg-xml
Set server configuration XML to centralized data store
Usage: ssoadm set-svrcfg-xml --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servername, -sServer name, e.g. http://www.example.com:8080/fam
--xmlfile, -XXML file that contains configuration.
ssoadm show-agent
Show agent profile.
Usage: ssoadm show-agent --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--agentname, -bName of agent.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--includepassword, -p]Include the hashed password in the export.
[--inherit, -i]Set this to inherit properties from parent group.
[--outfile, -o]Filename where configuration is written to.
ssoadm show-agent-grp
Show agent group profile.
Usage: ssoadm show-agent-grp --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--agentgroupname, -bName of agent group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--outfile, -o]Filename where configuration is written to.
ssoadm show-agent-membership
List agent's membership.
Usage: ssoadm show-agent-membership --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--agentname, -bName of agent.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm show-agent-types
Show agent types.
Usage: ssoadm show-agent-types --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
ssoadm show-app-priv
Show policy set privilege.
Usage: ssoadm show-app-priv --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mName of policy set privilege
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
ssoadm show-appl
Show policy set attributes.
Usage: ssoadm show-appl --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mPolicy set name
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
ssoadm show-appl-type
Show application type details.
Usage: ssoadm show-appl-type --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mApplication Type name
--password-file, -fFile name that contains password of administrator.
ssoadm show-auth-modules
Show the supported authentication modules in the system.
Usage: ssoadm show-auth-modules --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
ssoadm show-data-types
Show the supported data type in the system.
Usage: ssoadm show-data-types --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
ssoadm show-datastore
Show data store profile.
Usage: ssoadm show-datastore --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mName of datastore.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm show-entitlement-conf
Display entitlements service configuration
Usage: ssoadm show-entitlement-conf --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
ssoadm show-identity-ops
Show the allowed operations of an identity a realm
Usage: ssoadm show-identity-ops --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idtype, -tType of Identity such as User, Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm show-identity-svc-attrs
Show the service attribute values of an identity
Usage: ssoadm show-identity-svc-attrs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity such as User, Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
--servicename, -sName of service.
ssoadm show-identity-types
Show the supported identity type in a realm
Usage: ssoadm show-identity-types --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm show-members
Show the members of an identity. For example show the members of a role
Usage: ssoadm show-members --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity such as User, Role and Group.
--membershipidtype, -mMembership identity type.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm show-memberships
Show the memberships of an identity. For sample show the memberships of an user.
Usage: ssoadm show-memberships --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity such as User, Role and Group.
--membershipidtype, -mMembership identity type.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm show-privileges
Show privileges assigned to an identity
Usage: ssoadm show-privileges --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--idname, -iName of identity.
--idtype, -tType of Identity such Role and Group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
ssoadm show-realm-svcs
Show services in a realm.
Usage: ssoadm show-realm-svcs --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--mandatory, -y]Include Mandatory services.
ssoadm show-site
Show site profile.
Usage: ssoadm show-site --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--sitename, -sSite name, e.g. mysite
ssoadm show-site-members
Display members of a site.
Usage: ssoadm show-site-members --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--sitename, -sSite name, e.g. mysite
ssoadm start-recording
Start recording a bundle that contains troubleshooting information, including debug logs, thread dumps, and environment information.
Usage: ssoadm start-recording --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--jsonfile, -JJSON control file for a recording operation.
--password-file, -fFile name that contains password of administrator.
--servername, -sServer name, e.g. http://openam.example.com:8080/openam
ssoadm stop-recording
Stop an active recording operation.
Usage: ssoadm stop-recording --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servername, -sServer name, e.g. http://openam.example.com:8080/openam
ssoadm unregister-auth-module
Unregisters authentication module.
Usage: ssoadm unregister-auth-module --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--authmodule, -aJava class name of authentication module.
--password-file, -fFile name that contains password of administrator.
ssoadm update-agent
Update agent configuration.
Usage: ssoadm update-agent --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--agentname, -bName of agent.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--attributevalues, -a]Properties e.g. homeaddress=here.
[--datafile, -D]Name of file that contains properties.
[--set, -s]Set this flag to overwrite properties values.
ssoadm update-agent-grp
Update agent group configuration.
Usage: ssoadm update-agent-grp --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--agentgroupname, -bName of agent group.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--attributevalues, -a]Properties e.g. homeaddress=here.
[--datafile, -D]Name of file that contains properties.
[--set, -s]Set this flag to overwrite properties values.
ssoadm update-app-priv
Update a policy set privilege.
Usage: ssoadm update-app-priv --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mName for the this delegation
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
[--actions, -a]Possible values are READ, MODIFY, DELEGATE, ALL
[--description, -p]Description for the this delegation.
ssoadm update-app-priv-resources
Set policy set privilege resources. Note that policy sets are cached for 30 minutes. Restart OpenAM to apply changes immediately.
Usage: ssoadm update-app-priv-resources --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--application, -tPolicy set name
--name, -mName for the this delegation
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
[--add, -p]Resources are added to this policy set if this option is set. Otherwise, resources in the current policy set privilege will be overwritten.
[--resources, -r]Resources to delegate, All resources in the policy set will be delegated if this option is absent.
ssoadm update-app-priv-subjects
Set policy set privilege subjects.
Usage: ssoadm update-app-priv-subjects --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mName for the this delegation
--password-file, -fFile name that contains password of administrator.
--realm, -eRealm name
--subjects, -sSubject name
--subjecttype, -bPossible values are User or Group
[--add, -p]Subjects are added to this policy set if this option is set. Otherwise, subjects in the current policy set privilege will be overwritten.
ssoadm update-auth-cfg-entr
Set authentication configuration entries
Usage: ssoadm update-auth-cfg-entr --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mName of authentication configuration.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--datafile, -D]Name of file that contains formatted authentication configuration entries in this format name|flag|options. option can be REQUIRED, OPTIONAL, SUFFICIENT, REQUISITE. e.g. myauthmodule|REQUIRED|my options.
[--entries, -a]formatted authentication configuration entries in this format name|flag|options. option can be REQUIRED, OPTIONAL, SUFFICIENT, REQUISITE. e.g. myauthmodule|REQUIRED|my options.
ssoadm update-auth-cfg-props
Set authentication configuration properties
Usage: ssoadm update-auth-cfg-props --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mName of authentication configuration.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--attributevalues, -a]authentication configuration properties, valid configuration keys are: iplanet-am-auth-login-failure-url, iplanet-am-auth-login-success-url and iplanet-am-auth-post-login-process-class.
[--datafile, -D]Name of file that contains authentication configuration properties.
ssoadm update-auth-instance
Update authentication instance values
Usage: ssoadm update-auth-instance --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mName of authentication instance.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--attributevalues, -a]Attribute values e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values data.
ssoadm update-datastore
Update data store profile.
Usage: ssoadm update-datastore --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--name, -mName of datastore.
--password-file, -fFile name that contains password of administrator.
--realm, -eName of realm.
[--attributevalues, -a]Attribute values e.g. sunIdRepoClass=com.sun.identity.idm.plugins.files.FilesRepo.
[--datafile, -D]Name of file that contains attribute values data.
ssoadm update-entity-keyinfo
Update XML signing and encryption key information in hosted entity metadata.
Usage: ssoadm update-entity-keyinfo --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--entityid, -yEntity ID
--password-file, -fFile name that contains password of administrator.
[--idpecertalias, -g]Identity provider encryption certificate aliases.
[--idpscertalias, -b]Identity provider signing certificate aliases
[--realm, -e]Realm where entity resides.
[--specertalias, -r]Service provider encryption certificate aliases
[--spec, -c]Specify metadata specification, either wsfed, idff or saml2, defaults to saml2
[--spscertalias, -a]Service provider signing certificate aliases
ssoadm update-server-cfg
Update server configuration.
Usage: ssoadm update-server-cfg --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--servername, -sServer name, e.g. http://www.example.com:8080/fam or enter default to update default server configuration.
[--attributevalues, -a]Attribute values e.g. homeaddress=here.
[--datafile, -D]Name of file that contains attribute values data.
ssoadm update-svc
Update service.
Usage: ssoadm update-svc --options [--global-options]
--adminid, -uAdministrator ID of running the command.
--password-file, -fFile name that contains password of administrator.
--xmlfile, -XXML file(s) that contains schema.
[--continue, -c]Continue updating service if one or more previous services cannot be updated.