A Using the ssoadm Command-Line Interface

This chapter provides information about the ssoadm command-line interface. The following topics are contained in this chapter:

About ssoadm
Basic ssoadm Usage
Command-Line Reference

A.1 About ssoadm

The ssoadm interface has two main purposes: to load configuration data into the data store, and to perform batch administrative tasks. You can use ssoadm to load XML service files that use the format defined in the sms.dtd. XML service files are stored in the configuration data store and are referenced only by OpenSSO STS. When ssoadm is executed, the utility automatically checks the OpenSSO STS version. If the version does not match, the ssoadm command fails.

For information about installing the ssoadm utility, see Section 1.6, "Installing the OpenSSO STS Command-Line Utility."

A.2 Basic ssoadm Usage

The ssoadm command contains subcommands to perform specific tasks for OpenSSO STS services and plug-ins. Each subcommand contains a number of options, both required and optional, that are designed to carry out these tasks.

A.2.1 ssoadm Syntax

# ssoadm subcommand --options [--global-options]

The following global options are common to all subcommands, but are not required for the command to function:

Table A-1 Global Options for ssoadm

Option	Short Form	Description
--locale	-l	Name of the locale to display the results.
--debug	-d	Run in debug mode. Results sent to the debug file.
--verbose	-v	Run in verbose mode. Results sent to standard output.

A.2.2 Password File

In most ssoadm subcommands, the password file is required. The password file is a simple file that contains the administrator password for the given task.

To create a password file, complete the following steps:

Create the password file in a location you will remember. Example:

# echo "" > /tmp/testpwd
Change the permissions to read-only. Example:

# chmod 400 /tmp/testpwd

A.2.3 ssoadm Usage Example

This example uses the update-agent option to illustrate how to use the ssoadm command with options.

# ./ssoadm update-agent -e testRealm1 -b testAgent1 -f /tmp/testpwd -a "com.sun.identity.agents.config. notenforced.url[0]=/exampledir/public/*"

When using the ssoadm command, if you include values that contain wildcards ( * or -*-), then be sure to enclose the property name/value pair in quotes to avoid substitution by the shell. This applies when you use the -a (--attributevalues) option. The double quotes are not necessary when you list the properties in a data file and access them with the -D option.

A.2.4 Displaying Options for an ssoadm Subcommand

You can display a list of options while using the ssoadm command. On the OpenSSO STS host, in the directory containing the ssoadm utility, issue the ssoadm command with the appropriate subcommand with no options. For example:

ssoadm list-wsps --options [--global-options]
    List web service providers.
 
Usage:
ssoadm list-wsps
    --adminid|-u
    --password-file|-f
    [--filter|-x]
 
Global Options:
    --locale, -l
        Name of the locale to display the results.
 
    --debug, -d
        Run in debug mode. Results sent to the debug file.
 
    --verbose, -v
        Run in verbose mode. Results sent to standard output.
 
 
Options:
    --adminid, -u
        Administrator ID of running the command.
 
    --password-file, -f
        File name that contains password of administrator.
 
    --filter, -x
        Filter (Pattern).

In this example, since the command is missing required options, the utility lists all the options available for this subcommand. The global options are common to all subcommands.

A.2.5 ssoadm Subcommand Usage

By looking at the usage information of a subcommand, you can determine which options are required and which are optional. You can list an option for the command with either a single letter, such as -u or with an entire word, such as --adminid. The following table lists options and usage information for the list-wsps subcommand.

Option	Short Form	Description
--adminid	-u	Administrator ID of running the command
--password-file	-f	File name that contains password of administrator
--filter	-x	Filter (Pattern)

The options not bounded by square brackets [ ] are required. In this example, adminid, password-file, and filter are required.

For subcommand options that accept multiple values, the values are space-separated and placed within quotation marks. For example, the --attrubutevalues option uses the following format:

-attributevalues "attributename=value" "-attributename =value2"

A.3 Command-Line Reference

The following table lists ssoadm command and brief descriptions. Click a command name to jump to more detailed information about the command.

Table A-2 Summary of ssoadm Commands

Command	Description
add-attrs	Add an attribute schema to an existing service.
add-attr-defs	Add the default attribute values in a schema.
add-auth-cfg-entr	Add an authentication configuration entry.
add-plugin-interface	Add the plug-in interface to a service.
add-site-members	Add members to a site.
add-site-sec-urls	Add site secondary URLs.
add-sub-schema	Add a sub schema.
clone-server	Clone a server instance.
create-agent	Create a new agent configuration.
create-auth-cfg	Create an authentication configuration.
create-auth-instance	Create an authentication instance.
create-boot-url	Create a bootstrap URL that can bootstrap the product web application.
create-datastore	Create a datastore under a realm.
create-server	Create a server instance.
create-site	Create a site.
create-sub-cfg	Create a new sub configuration.
create-svc	Create a new service in the server.
create-svrcfg-xml	Create the serverconfig.xml file.
create-wsp	Creates a new web service provider.
create-wsp-grp	Create a new web service provider group.
delete-attr	Delete the attribute schemas from a service.
delete-attr-def-values	Delete the attribute schema default values.
delete-auth-cfgs	Delete existing authentication configurations.
delete-auth-instances	Delete existing authentication instances.
delete-datastores	Delete the data stores under a realm.
delete-server	Delete a server instance.
delete-site	Delete a site.
delete-sub-cfg	Delete the sub configuration.
delete-svc	Delete the service from the server.
delete-wsps	Delete web service providers.
delete-wsp-grps	Delete web service provider groups.
do-batch	Do multiple requests in one command.
export-server	Export a server instance
export-svc-cfg	Export the service configuration.
get-attr-defs	Get the default attribute values in a schema.
get-auth-cfg-entr	Get the authentication configuration entries.
get-auth-instance	Get the authentication instance values.
get-revision-number	Get the service schema revision number.
get-svrcfg-xml	Get the server configuration XML from the centralized data store.
import-server	Import a server instance.
import-svc-cfg	Import the service configuration.
list-auth-cfgs	List the authentication configurations.
list-auth-instances	List the authentication instances.
list-datastores	List the data stores under a realm.
list-datastore-types	List the supported data store types.
list-server-cfg	List the server configuration.
list-servers	List all the server instances.
list-sites	List all the sites.
list-wsps	Lists web service providers.
list-wsp-grps	List web service provider groups.
list-wsp-grp-members	List web service providers in web service provider group.
register-auth-module	Register an authentication module.
remove-attr-choicevals	Remove choice values from the attribute schema.
remove-attr-defs	Remove the default attribute values in a schema.
remove-server-cfg	Remove the server configuration.
remove-site-members	Remove members from a site.
remove-site-sec-urls	Remove the site secondary URLs.
remove-sub-schema	Remove the sub schema.
remove-wsp-from-grp	Remove web service providers from a group.
set-attr-any	Set any member of the attribute schema.
set-attr-bool-values	Set the boolean values of the attribute schema.
set-attr-choicevals	Set choice values for the attribute schema.
set-attr-defs	Set the default attribute values in a schema.
set-attr-end-range	Set the attribute schema end range.
set-attr-i18n-key	Set the i18nkey member of the attribute schema.
set-attr-start-range	Set attribute schema start range.
set-attr-syntax	Set syntax member of attribute schema.
set-attr-type	Set the type member of the attribute schema.
set-attr-ui-type	Set the UI type member of the attribute schema.
set-attr-validator	Set the attribute schema validator.
set-attr-view-bean-url	Set the properties view bean URL member of the attribute schema.
set-inheritance	Set the inheritance value of the sub schema.
set-plugin-viewbean-url	Set the properties view bean URL of the plug-in schema.
set-revision-number	Set the service schema revision number.
set-site-pri-url	Set the primary URL of a site.
set-site-sec-urls	Set the site secondary URLs.
set-sub-cfg	Set the sub configuration.
show-wsp	Shows web service provider.
set-svc-i18n-key	Set the service schema i18n key.
set-svc-view-bean-url	Set the service schema properties view bean URL.
set-svrcfg-xml	Set the server configuration XML to the centralized data store.
show-auth-modules	Show the supported authentication modules in the system.
show-datastore	Show the data store profile.
show-site	Show the site profile.
show-site-members	Display the members of a site.
show-wsp-grp	show web service provider group profile.
show-wsp-membership	List web service provider's membership.
unregister-auth-module	Unregister the authentication module.
update-auth-cfg-entr	Set the authentication configuration entries.
update-auth-instance	Update the authentication instance values.
update-datastore	Update the datastore profile.
update-server-cfg	Update the server configuration.
update-svc	Update the service.
update-wsp	Update web service provider.
update-wsp-grpd	Update web service provider group configuration.
wsp-remove-propsd	Remove web service provider's properties.

ssoadm Commands

add-attrs

Add an attribute schema to an existing service.

ssoadm add-attrs --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributeschemafile	-F	An XML file containing the attribute schema definition.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.

add-attr-defs

Add the default attribute values in a schema.

ssoadm add-attr-defs --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--adminid, -u	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--attributevalues]	-a	The attribute values. For example, homeaddress=here.
[--datafile]	-D	Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
[--subschemaname]	-c	The name of the sub schema.

add-auth-cfg-entr

Add an authentication configuration entry.

ssoadm add-auth-cfg-entr --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--name	-m	The name of the authentication configuration.
--modulename	o	The module name.
--criteria	-c	The criteria for this entry. Possible values are REQUIRED, OPTIONAL, SUFFICIENT, and REQUISITE.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--options]	-t	The options for this entry.
[--position]	-p	The position where the new entry is to be added.

add-plugin-interface

Add the plug-in interface to a service.

ssoadm add-plugin-interface --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--interfacename	-s	The name of the interface.
--pluginname	-g	The name of the plug-in.
--i18nkey	-g	The name of the plug-in.
--i18nkey	-k	The i18n key plug-in.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

add-site-members

Add members to a site.

ssoadm add-site-members --options [--global-options]

Option	Short Form	Description
--sitename	-s	The name of the site. For example, mysite.
--servernames	-e	The server name. For example, http://www.example.com:8080/openssosts
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

add-site-sec-urls

Add site secondary URLs.

ssoadm add-site-sec-urls --options [--global-options]

Option	Short Form	Description
--sitename	-s	The name of the site. For example, mysite.
--secondaryurls	-a	The secondary URLs.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

add-sub-schema

Add a sub schema.

ssoadm add-sub-schema --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--filename	-F	The filename that contains the schema.
--adminid	-u	The administrator ID running the command.
[--subschemaname]	-c	The name of the sub schema.

clone-server

Clone a server instance.

ssoadm clone-server --options [--global-options]

Option	Short Form	Description
--servername	-a	The server name.
--cloneservername	-o	The clone server name.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

create-agent

Create a new agent configuration.

ssoadm create-agent --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--agentname	-b	The type of agent. For example, J2EEAgent or WebAgent.
--adminid	-u	The type of agent. For example, J2EEAgent or WebAgent.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--attributevalues]	-f	The filename that contains the password of the administrator.
[--attributevalues]	-a	The properties. For example, homeaddress=here.
[--datafile]	-a	The properties. For example, homeaddress=here.
[--datafile]	-D	Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

create-auth-cfg

Create an authentication configuration.

ssoadm create-auth-cfg --options [--global-options]

Option	Short Form	Description
-realm	-e	The name of the realm.
-name	-m	The name of the authentication configuration.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

create-auth-instance

Create an authentication instance.

ssoadm create-auth-instance --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--name	-m	The name of the authentication instance.
--authtype	-t	The type of authentication instance. For example LDAP or DataStore.
--adminid	-u	The administrator ID running the command.
-password-file	-f	The filename that contains the password of the administrator.

create-boot-url

Create a bootstrap URL that can bootstrap the product web application.

ssoadm create-boot-url --options [--global-options]

Option	Short Form	Description
--dshost	-t	The Directory Server hostname.
--dsport	-p	The Directory Server port number.
--basedn	-p	The Directory Server port number.
--basedn	-b	The Directory Server base distinguished name.
--dsadmin	-a	The Directory Server base distinguished name.
--dspassword-file	-x	The filename that contains the Directory Server administrator password.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--ssl]	s	Set this flag for LDAPS.

create-datastore

Create a datastore under a realm.

ssoadm create-datastore --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--name	-m	The name of the datastore.
--datatype	-t	The type of the datastore.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--attributevalues]	-a	The attribute values. For example, sunIdRepoClass=com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo".
[--datafile]	-D	Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

create-server

Create a server instance.

ssoadm create-server --options [--global-options]

Option	Short Form	Description
--servername	-a	The server name. For example, http://www.example.com:8080/opensso.
--serverconfigxml	-X	The server configuration XML filename.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--attributevalues]	-a	The attribute values. For example, homeaddress=here.
[--datafile]	-D	Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

create-site

Create a site.

ssoadm create-site --options [--global-options]

Option	Short Form	Description
--sitename	-s	The site name. For example, mysite.
--siteurl	-i	The site's primary URL. For example, http://www.example.com:8080.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--secondaryurls]	-a	The secondary URLs.

create-sub-cfg

Create a new sub configuration.

ssoadm create-sub-cfg --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--subconfigname	-g	The name of the sub configuration.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--attributevalues]	-a	The attribute values. For example, homeaddress=here.
[--datafile]	-D	Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
[--realm]	-e	The name of the realm. The sub configuration will be added to the global configuration if this option is not selected.
[--subconfigid]	-b	The ID of the parent configuration. The sub configuration will be added to the root configuration if this option is not selected.
[--priority]	-p	The priority of the sub configuration.

create-svc

Create a new service in the server.

ssoadm create-svc --options [--global-options]

Option	Short Form	Description
--xmlfile	-X	The XML file that contains the schema.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--continue]	-c	Continue adding services if one or more previous services can not be added.

create-svrcfg-xml

Create the serverconfig.xml file.

ssoadm create-svrcfg-xml --options [--global-options]

Option	Short Form	Description
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--dshost]	-t	The Directory Server hostname.
[--dsport]	-p	The Directory Server port number.
[--basedn]	-b	The Directory Server base distinguished name.
[--dspassword-file]	-x	The filename that contains the Directory Server administrator password.
[--outfile]	-o	The filename where serverconfig.xml is written.

create-wsp

Creates a new web service provider.

ssoadm create-wsp --options [--global-options]

Example:

# ./ssoadm create-wsp -u amadmin -f /tmp/fampass --wspname wsptest  --securitymech urn:sun:wss:security:null:SAMLToken-HK --endpoint Default --publickeyalias test1 --samlattributemapping "abc=xyz" --nameidmapper nameidmapper.class --attributenamespace 123  --includememberships true
 
Web service provider was created.

Option	Short Form	Description
--wspname	-b	Name of web service provider.
--securitymech	-y	Security mechanism.
--endpoint	-e	Web service provider's end point
--publickeyalias	-a	Public key alias
--samlattributemapping	-t	SAML Attribute Mapping
--nameidmapper	-i	SAML NameID Mapper Plugin
--attributenamespace	-p	Attribute Namespace
--includememberships	-m	Include Memberships. Possible values are true or false.
--adminid	-u	Administrator ID of running the command.
--password-file	-f	File name that contains password of administrator.

create-wsp-grp

Create a new web service provider group.

ssoadm create-wsp-grp --options [--global-options]

Example:

# ./ssoadm create-wsp-grp -u amadmin -f /tmp/fampass --groupname wspgroup --securitymech urn:sun:wss:security:null:SAMLToken-HK --endpoint Default --publickeyalias test1 --samlattributemapping "abc=xyz" --nameidmapper nameidmapper.class --attributenamespace 123  --includememberships false

Group was created.

Option	Short Form	Description
--groupname	-b	Name of web service provider group
--securitymech	-y	Security mechanism
--endpoint	-e	Web service provider's end point
--publickeyalias	-a	Public key alias
--samlattributemapping	-t	SAML Attribute Mapping
--nameidmapper	-i	SAML NameID Mapper Plugin
--attributenamespace	-p	Attribute Namespace
--includememberships	-m	false]
--adminid	-u	Administrator ID of running the command
--password-file	-f	File name that contains password of administrator

delete-attr

Delete the attribute schemas from a service.

ssoadm delete-attr --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributeschema	-a	The administrator ID running the command.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.

delete-attr-def-values

Delete the attribute schema default values.

ssoadm delete-attr-def-values --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--defaultvalues	-e	The default values to be deleted.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname,	-c	The name of the sub schema.

delete-auth-cfgs

Delete existing authentication configurations.

ssoadm delete-auth-cfgs --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--names	-m	The names of the authentication configurations.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

delete-auth-instances

Delete existing authentication instances.

ssoadm delete-auth-instances --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--names	-m	The names of the authentication instances.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

delete-datastores

Delete the data stores under a realm.

ssoadm delete-datastores --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--names	-m	The names of the data stores.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

delete-server

Delete a server instance.

ssoadm delete-server --options [--global-options]

Option	Short Form	Description
--servername	-s	The server name. For example, http://www.example.com:8080/openssosts.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

delete-site

Delete a site.

ssoadm delete-site --options [--global-options]

Option	Short Form	Description
--sitename	-s	The site name. For example, mysite.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

delete-sub-cfg

Delete the sub configuration.

ssoadm delete-sub-cfg --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--subconfigname	-g	The name of the sub configuration.
-adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
--attributevalues	-a	The attribute values. For example, homeaddress=here.
--datafile	-D	Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
--realm	--realm	The name of the realm. The sub configuration will be added to the global configuration if this option is not selected.
--subconfigid	-b	The ID of the parent configuration. The sub configuration will be added to the root configuration if this option is not selected.
--priority	-p	The priority of the sub configuration.

delete-svc

Delete the service from the server.

ssoadm delete-svc --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--continue]	-c	Continue deleting services if one or more previous services can not be deleted
[--deletepolicyrule]	-r	Delete the policy rule.

delete-wsps

Delete web service providers.

ssoadm delete-wsps --options [--global-options]

Example:

# ./ssoadm delete-wsps -u amadmin -f /tmp/fampass  --wspnames wsptest
        
The followings were deleted.
       wsptest

Option	Short Form	Description
--wspnames	-s	Names of web service provider.
--adminid	-u	Administrator ID of running the command.
--password-file	-f	File name that contains password of administrator.

delete-wsp-grps

Delete web service provider groups.

ssoadm delete-wsp-grps --options [--global-options]

Example:

# ./ssoadm delete-wsp-grps -u amadmin -f /tmp/fampass --groupnames wspgroup

The following groups were deleted.            wspgroup

Option	Short Form	Description
--groupnames	-s	Names of group
--adminid	-u	Administrator ID of running the command.
--password-file	-f	File name that contains password of administrator.

do-batch

Do multiple requests in one command.

ssoadm do-batch --options [--global-options]

Option	Short Form	Description
--batchfile	-D	The filename that contains the commands and options.
--adminid	-u	The administrator ID running the command.
-password-file	-f	The filename that contains the password of the administrator.
[--batchstatus	-b	The name of the status file
[--continued	-c	Continue processing the rest of the request when the previous request was erroneous.

export-server

Export a server instance

ssoadm export-server --options [--global-options]

Option	Short Form	Description
--servername	-s	The server name. For example, http://www.example.com:8080/opensso.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--outfile]	-o	The filename where configuration is written.

export-svc-cfg

Export the service configuration.

ssoadm export-svc-cfg --options [--global-options]

Option	Short Form	Description
--encryptsecret	-e	The secret key for encrypting a password.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--outfile]	-o	The filename where configuration is written.

get-attr-defs

Get the default attribute values in a schema.

Get the default attribute values in a schema.

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.
[--attributenames]	-a	The names of the attribute.

get-auth-cfg-entr

Get the authentication configuration entries.

ssoadm get-auth-cfg-entr --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--name	-m	The name of the authentication configuration.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

get-auth-instance

Get the authentication instance values.

ssoadm get-auth-instance --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--name	-m	The name of the authentication instance.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

get-revision-number

Get the service schema revision number.

ssoadm get-revision-number --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

get-svrcfg-xml

Get the server configuration XML from the centralized data store.

ssoadm get-svrcfg-xml --options [--global-options]

Option	Short Form	Description
--servername	-s	The server name.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--outfile]	-o	The filename where serverconfig.XML is written.

import-server

Import a server instance.

ssoadm import-server --options [--global-options]

Option	Short Form	Description
-servername	-s	The server name.
--xmlfile	-X	The XML file that contains the configuration.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

import-svc-cfg

Import the service configuration.

ssoadm import-svc-cfg --options [--global-options]

Option	Short Form	Description
--encryptsecret	-e	The secret key for decrypting the password.
--xmlfile	-X	The XML file that contains the configuration data.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

list-auth-cfgs

List the authentication configurations.

ssoadm list-auth-cfgs --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

list-auth-instances

List the authentication instances.

ssoadm list-auth-instances --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
TBD	TBD	TBD

list-datastores

List the data stores under a realm.

ssoadm list-datastores --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

list-datastore-types

List the supported data store types.

ssoadm list-datastore-types --options [--global-options]

Option	Short Form	Description
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

list-server-cfg

List the server configuration.

ssoadm list-server-cfg --options [--global-options]

Option	Short Form	Description
--servername	-s	The server name.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--withdefaults]	-w	Set this flag to get the default configuration.

list-servers

List all the server instances.

ssoadm list-servers --options [--global-options]

Option	Short Form	Description
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

list-sites

List all the sites.

ssoadm list-sites --options [--global-options]

Option	Short Form	Description
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

list-wsps

Lists web service providers.

ssoadm list-wsps --options [--global-options]

Example:

# ./ssoadm list-wsps -u amadmin -f /tmp/fampass 
        
 wsptest (id=wsptest,ou=agentonly,dc=opensso,dc=java,dc=net)
 wsp (id=wsp,ou=agentonly,dc=opensso,dc=java,dc=net)

Option	Short Form	Description
--adminid	-u	Administrator ID of running the command
--password-file	-f	File name that contains password of administrator
--filter	-x	Filter (Pattern)

list-wsp-grps

List web service provider groups.

ssoadm list-wsp-grps --options [--global-options]

Example:

# ./ssoadm list-wsp-grps -u amadmin -f /tmp/fampass
 
wspgroup

Option	Short Form	Description
--adminid	-u	Administrator ID of running the command
--password-file	-f	File name that contains password of administrator
--filter	-x	Filter (Pattern)

list-wsp-grp-members

List web service providers in web service provider group.

ssoadm list-wsp-grp-members --options [--global-options]

Example:

# ./ssoadm list-wsp-grp-members -u amadmin -f /tmp/fampass --groupname wspgroup
        
wsptest (id=wsptest,ou=agent,dc=opensso,dc=java,dc=net)

Option	Short Form	Description
--groupname	-b	Name of web service provider group
--adminid	-u	Administrator ID of running the command
--password-file	-f	File name that contains password of administrator
--filter	-x	Filter (Pattern)

ssoadm register-auth-module --options [--global-options]

Option	Short Form	Description
--authmodule	-a	The Java class name of the authentication module.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

remove-attr-choicevals

Remove choice values from the attribute schema.

ssoadm remove-attr-choicevals --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributename	-a	The name of the attribute.
--choicevalues	-k	The choice values. For example, inactive.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.

remove-attr-defs

Remove the default attribute values in a schema.

ssoadm remove-attr-defs --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributenames	-a	The names of the attribute.
--adminid	-u	The administrator ID running the command
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.

remove-server-cfg

Remove the server configuration.

ssoadm remove-server-cfg --options [--global-options]

Option	Short Form	Description
--servername	-s	The server name. For example, http://www.example.com:8080/opensso.
--propertynames	-a	The names of the properties to be removed.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

remove-site-members

Remove members from a site.

ssoadm remove-site-members --options [--global-options]

Option	Short Form	Description
--sitename	-s	The site name. For example, mysite.
--servernames	-e	The server name. For example, http://www.example.com:8080/opensso.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

remove-site-sec-urls

Remove the site secondary URLs.

ssoadm remove-site-sec-urls --options [--global-options]

Option	Short Form	Description
--sitename	-s	The site name. For example, mysite.
--secondaryurls	-a	The secondary URLs.
--adminid	-f	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

remove-sub-schema

Remove the sub schema.

ssoadm remove-sub-schema --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--subschemanames	-a	The names of the sub schema to be removed.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
--subschemaname	-c	The name of the parent sub schema.

remove-wsp-from-grp

Remove web service providers from a group.

ssoadm remove-wsp-from-grp --options [--global-options]

Example:

# ./ssoadm remove-wsp-from-grp -u amadmin -f /tmp/fampass  --groupname wspgroup --wspnames wsptest

Provider was removed from group.

Option	Short Form	Description
--groupname	-b	Name of group.
--wspnames	-s	Names of web service providers.
--adminid	-u	Administrator ID of running the command.
--password-file	-f	File name that contains password of administrator

set-attr-any

Set any member of the attribute schema.

ssoadm set-attr-any --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributeschema	-a	The name of the attribute schema.
--any	-y	The attribute schema. Any value.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.

set-attr-bool-values

Set the boolean values of the attribute schema.

ssoadm set-attr-bool-values --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributename	-a	The name of the attribute.
--truevalue	-e	The value for true.
--truei18nkey	-k	The internationalization key for the true value.
--falsevalue	-z	The value for false.
--falsei18nkey	-j	The internationalization key for the false value.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.

set-attr-choicevals

Set choice values for the attribute schema.

ssoadm set-attr-choicevals --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributename	-a	The name of the attribute.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--add]	-p	Set this flag to append the choice values to existing ones.
[--subschemaname]	-c	The name of the sub schema.
[--datafile]	-D	Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
[--choicevalues]	-k	The choice values. For example, 0102=Inactive.

set-attr-defs

Set the default attribute values in a schema.

ssoadm set-attr-defs --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.
[--attributevalues]	-a	The attribute values. For example, homeaddress=here.
[--datafile]	-D]	Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

set-attr-end-range

Set the attribute schema end range.

ssoadm set-attr-end-range --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributeschema	-a	The name of the attribute schema.
--range	-r	The end range.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.

set-attr-i18n-key

Set the i18nkey member of the attribute schema.

ssoadm set-attr-i18n-key --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributeschema	-a	The name of the attribute schema.
--i18nkey	-k	The attribute schema i18n key.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.

set-attr-start-range

Set attribute schema start range.

ssoadm set-attr-start-range --options [--global-options]

Options	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributeschema	-a	The name of the attribute schema.
--range	-r	The start range.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.

set-attr-syntax

Set syntax member of attribute schema.

ssoadm set-attr-syntax --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributeschema	-a	The name of the attribute schema.
--syntax	-x	The attribute schema syntax.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.

set-attr-type

Set the type member of the attribute schema.

ssoadm set-attr-type --options [--global-options

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributeschema	-a	The name of the attribute schema.
--type	-p	The attribute schema type.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.

set-attr-ui-type

Set the UI type member of the attribute schema.

ssoadm set-attr-ui-type --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributeschema	-a	The name of the attribute schema.
--uitype	-p	The attribute schema UI type.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.

set-attr-validator

Set the attribute schema validator.

ssoadm set-attr-validator --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributeschema	-a	The name of the attribute schema.
--validator	-r	The validator class name.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.

set-attr-view-bean-url

Set the properties view bean URL member of the attribute schema.

ssoadm set-attr-view-bean-url --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--attributeschema	-a	The name of the attribute schema.
--url	-r	The attribute schema properties view bean URL.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--subschemaname]	-c	The name of the sub schema.

set-inheritance

Set the inheritance value of the sub schema.

ssoadm set-inheritance --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--schematype	-t	The type of schema.
--subschemaname	-c	The name of the sub schema.
--inheritance	-r	The value of inheritance.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

set-plugin-viewbean-url

Set the properties view bean URL of the plug-in schema.

ssoadm set-plugin-viewbean-url --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--interfacename	-i	The name of the interface.
--pluginname	-g	The name of the plug-in.
--url	-r	The properties view bean URL.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

set-revision-number

Set the service schema revision number.

ssoadm set-revision-number --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--revisionnumber	-r	The revision number.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

set-site-pri-url

Set the primary URL of a site.

ssoadm set-site-pri-url --options [--global-options]

Option	Short Form	Description
--sitename	-s	The site name. For example, mysite.
--siteurl	-i	The site's primary URL. For example, http://www.example.com:8080.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

set-site-sec-urls

Set the site secondary URLs.

ssoadm set-site-sec-urls --options [--global-options]

Option	Short Form	Description
--sitename	-s	The site name. For example, mysite.
--secondaryurls	-a	The secondary URLs.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

set-sub-cfg

Set the sub configuration.

ssoadm set-sub-cfg --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--subconfigname	-g	The name of the sub configuration.
--operation	-o	The operation (either add/set/modify) to be performed on the sub configuration.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--attributevalues]	-a	The attribute values. For example, `homeaddress=here`.
[--datafile]	-D	Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
[--realm]	-e	The name of the realm. The sub configuration will be added to the global configuration if this option is not selected.

show-wsp

Shows web service provider.

ssoadm show-wsp --options [--global-options]

Example:

# ./ssoadm show-wsp -u amadmin -f /tmp/fampass --wspname wsptest
        
securitymech=urn:sun:wss:security:null:SAMLToken-HK
publickeyalias=test1
endpoint=Default
includememberships=true
nameidmapper=nameidmapper.class
attributenamespace=123
samlattributemapping=abc=xyz

Option	Short Form	Description
--wspname	-b	Name of web service provider
--password-file	-f	File name that contains password of administrator
--outfile	-o	Filename where configuration is written to
--inherit	-i	Set this to inherit properties from parent group

set-svc-i18n-key

Set the service schema i18n key.

ssoadm set-svc-i18n-key --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--i18nkey	-k	The i18n key.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

set-svc-view-bean-url

Set the service schema properties view bean URL.

ssoadm set-svc-view-bean-url --options [--global-options]

Option	Short Form	Description
--servicename	-s	The name of the service.
--url	-r	The service schema properties view bean URL.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

set-svrcfg-xml

Set the server configuration XML to the centralized data store.

ssoadm set-svrcfg-xml --options [--global-options]

Option	Short Form	Description
--servername	-s	The server name.
--xmlfile	-X	The XML file that contains the configuration.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--outfile]	-o	The filename where serverconfig XML is written.

show-auth-modules

Show the supported authentication modules in the system.

ssoadm show-auth-modules --options [--global-options]

Option	Short Form	Description
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

show-datastore

Show the data store profile.

ssoadm show-datastore --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--name	-m	The name of the datastore.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

show-site

Show the site profile.

ssoadm show-site --options [--global-options]

Option	Short Form	Description
--sitename	-s	The site name. For example, mysite.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

show-site-members

Display the members of a site.

ssoadm show-site-members --options [--global-options]

Option	Short Form	Description
--sitename	-s	The site name. For example, mysite.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

show-wsp-grp

how web service provider group profile.

ssoadm show-wsp-grp --options [--global-options]

Example:

# ./ssoadm show-wsp-grp -u amadmin -f /tmp/fampass  --groupname wspgroup
        
securitymech=urn:sun:wss:security:null:SAMLToken-HK
publickeyalias=test1
endpoint=Default
includememberships=false
nameidmapper=nameidmapper.class
attributenamespace=123
samlattributemapping=abc=xyz

Option	Short Form	Description
--groupname	-b	Name of web service provider group
--adminid	-u	Administrator ID of running the command
--password-file	-f	File name that contains password of administrator
--outfile	-o	Filename where configuration is written to

show-wsp-membership

List web service provider's membership.

ssoadm show-wsp-membership --options [--global-options]

Example:

# ./ssoadm show-wsp-membership -u amadmin -f /tmp/fampass  --wspname wsptest
        
This provider belongs to wspgroup (id=wspgroup,ou=agentgroup,dc=opensso,dc=java,dc=net).

Option	Short Form	Description
--wspname	-b	Name of web service provider
--adminid	-u	Administrator ID of running the command
--password-file	-f	File name that contains password of administrator

unregister-auth-module

Unregister the authentication module.

ssoadm unregister-auth-module --options [--global-options]

Option	Short Form	Description
--authmodule	-a	The Java class name of the authentication module.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.

update-auth-cfg-entr

Set the authentication configuration entries.

ssoadm update-auth-cfg-entr --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--name	-m	The name of the authentication configuration.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--entries]	-a	The formatted authentication configuration entries.
[--datafile]	-D	The filename that contains the formatted authentication configuration entries. Enter one attribute-name=attribute-value per line.

update-auth-instance

Update the authentication instance values.

ssoadm update-auth-instance --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--name	-m	The name of the authentication instance.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--attributevalues]	-a	The attribute values. For example, homeaddress=here.
[--datafile]	-D	Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

update-datastore

Update the datastore profile.

ssoadm update-datastore --options [--global-options]

Option	Short Form	Description
--realm	-e	The name of the realm.
--name	-m	The name of the datastore.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--attributevalues]	-a	The attribute values. For example, sunIdRepoClass=com.sun.identity.idm.plugins.files.FilesRepo.
[--datafile]	-D	Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

update-server-cfg

Update the server configuration.

ssoadm update-server-cfg --options [--global-options]

Option	Short Form	Description
--servername	-s	The server name.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--attributevalues]	-a	The attribute values. For example, homeaddress=here.
[--datafile]	-D	Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

update-svc

Update the service.

ssoadm update-svc --options [--global-options]

Option	Short Form	Description
--xmlfile	-X	The XML file that contains the schema.
--adminid	-u	The administrator ID running the command.
--password-file	-f	The filename that contains the password of the administrator.
[--continue]	-c	Continue updating services if one or more previous services can not be updated.

update-wsp

Update web service provider.

ssoadm update-wsp --options [--global-options]

Example:

# ./ssoadm update-wsp -u amadmin -f /tmp/fampass --endpoint newendpoint -b wsptest

Web service provider was updated.

Option	Short Form	Description
--wspname	-b	Name of web service provider.
--adminid	-u	Administrator ID of running the command
--password-file	-f	File name that contains password of administrator
--securitymech	-y	Security mechanism
--endpoint	-e	Web service provider's end point
--publickeyalias	-a	Public key alias
--samlattributemapping	-t	SAML Attribute Mapping
--nameidmapper	-i	SAML NameID Mapper Plugin
--attributenamespace	-p	Attribute Namespace
--includememberships	-m	Include Memberships. Possible values are true or false.
--set	-s	Set this flag to overwrite properties values.

update-wsp-grpd

Update web service provider group configuration.

ssoadm update-wsp-grp --options [--global-options]

Example:

# ./ssoadm update-wsp-grp -u amadmin -f /tmp/fampass --groupname wspgroup --publickeyalias testtest

Web service provider group configuration was updated.

Option	Short Form	Description
--groupname	-b	Name of web service provider group
--adminid	-u	Administrator ID of running the command
--password-file	-f	File name that contains password of administrator
--securitymech	-y	Security mechanism
--endpoint	-e	Web service provider's end point
--publickeyalias	-a	Public key alias
--samlattributemapping	-t	SAML Attribute Mapping
--nameidmapper	-i	SAML NameID Mapper Plugin
--attributenamespace	-p	Attribute Namespace
--includememberships	-m	false]
--set	-s	et this flag to overwrite properties values.

wsp-remove-propsd

Remove web service provider's properties.

ssoadm wsp-remove-props --options [--global-options]

Example:

# ./ssoadm wsp-remove-props -u amadmin -f /tmp/fampass  --wspname wsptest --attributenames  includememberships

Properties were removed.

Option	Short Form	Description
--wspname	-b	Name of web service provider
--attributenames	-a	properties name(s). They are securitymech, endpoint publickeyalias samlattributemapping nameidmapper attributenamespace and includememberships.
--adminid	-u	Administrator ID of running the command
--password-file	-f	File name that contains password of administrator