Sun OpenSSO Enterprise 8.0 Administration Guide

Bulk Federation

OpenSSO Enterprise handles the federation of user accounts in bulk through the ssoadm command line tool. From the service provider, import the metadata to create the bulk federation data. The full command is as follows:


ssoadm do-bulk-fed-data --metaalias meta_alias --remote-entity-id 
entity_ID--useridmapping id-mapping-filename --name-id-mapping 
created_nameid_filename --adminid administrator_ID
 --password-file password_filename --spec idff_or_saml2_or_wsfed

As input, the command takes a file that maps the user distinguished name (DN) of the identity provider to the user DN of the service provider. You specify this in the –useridmapping option of the do-bulk-federation subcommand. The format is the full DN of local-user-id|remote-user-id. For example:


id=spuser1,ou=user,dc=red,dc=iplanet,dc=com|id=idpuser1,
ou=user,dc=red,dc=iplanet,dc=com
id=spuser2,ou=user,dc=red,dc=iplanet,dc=com|id=idpuser2,
ou=user,dc=red,dc=iplanet,dc=com
id=spuser3,ou=user,dc=red,dc=iplanet,dc=com|id=idpuser3,
ou=user,dc=red,dc=iplanet,dc=com
id=spuser4,ou=user,dc=red,dc=iplanet,dc=com|id=idpuser4,
ou=user,dc=red,dc=iplanet,dc=com

Note –

The users defined in this file must already exist in the identity provider and service provider.


To load the bulk data into an identity provider, use the following command. The bulk federation file created by the do-bulk-federation subcommand is specified in the bulk-data-file option:


ssoadm import-bulk-fed-data --meta-aslias meta_alias --bulk-data-file 
bulk_federation_filename --adminid administrator_ID --password-
file password_filename --spec idff_or_saml2_or_wsfed