Sun OpenSSO Enterprise 8.0 Administration Reference

Identity Management

The following subcommands execute operations for managing identities associated with OpenSSO Enterprise.

add-member

Add an identity as a member of another identity.

Syntax

ssoadm add-member --options [--global-options]

Options

--realm, -e

The name of the realm.

--memberidname, -m

The name of the member's identity.

--memberidtype, -y

The type of the member's identity. For example, User, Role or Group.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

add-privileges

Add privileges to an identity.

Syntax

ssoadm add-privileges --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--privileges, -g

The names of the privileges to be added.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

add-svc-identity

Add a service to an identity.

Syntax

ssoadm add-svc-identity --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--servicename, -s

The name of the service.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--attributevalues, -a]

The attribute values. For example, homeaddress=here.

[--datafile, -D]

Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

create-identity

Create an identity in a realm.

Syntax

ssoadm create-identity --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--attributevalues, -a]

The attribute values. For example, inetuserstatus=Active.

[--datafile, -D]

Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

delete-identities

Delete the identities in a realm.

Syntax

ssoadm delete-identities --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

get-identity

Get the identity property values.

Syntax

ssoadm get-identity --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

--attributenames, -a

The attribute names. All attribute values will be returned if this option is not provided.

get-identity-svcs

Get the service in an identity.

Syntax

ssoadm get-identity-svcs --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--attributenames, -a]

Attribute name(s). All attribute values shall be returned if the option is not provided.

list-identities

List the identities in a realm.

Syntax

ssoadm list-identities --options [--global-options]

Options

--realm, -e

The name of the realm.

--filter, -x

Filter by a pattern.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

list-identity-assignable-svcs

List the assignable services for an identity.

Syntax

ssoadm list-identity-assignable-svcs --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

remove-member

Remove the membership of an identity from another identity.

Syntax

ssoadm remove-member --options [--global-options]

Options

--realm, -e

The name of the realm.

--memberidname, -m

The name of the member's identity.

--memberidtype, -y

The type of the member's identity. For example, User, Role or Group.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

remove-privileges

Remove the privileges from an identity.

Syntax

ssoadm remove-privileges --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--privileges, -g

The names of the privileges to be removed.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

remove-svc-identity

Remove a service from an identity.

Syntax

ssoadm remove-svc-identity --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--servicename, -s

The name of the service.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

set-identity-attrs

Set the attribute values of an identity.

Syntax

ssoadm set-identity-attrs --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--attributevalues, -a]

The attribute values. For example, homeaddress=here.

[--datafile, -D]

Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

set-identity-svc-attrs

Set the service attribute values of an identity.

Syntax

ssoadm set-identity-svc-attrs --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--servicename, -s

The name of the service.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--attributevalues, -a]

The attribute values. For example, homeaddress=here.

[--datafile, -D]

Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.

show-identity-ops

Show the allowed operations of an identity in a realm.

Syntax

ssoadm show-identity-ops --options [--global-options]

Options

--realm, -e

The name of the realm.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

show-identity-svc-attrs

Show the service attribute values of an identity.

Syntax

ssoadm show-identity-svc-attrs --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--servicename, -s

The name of the service.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

show-identity-types

Show the supported identity types in a realm.

Syntax

ssoadm show-identity-types --options [--global-options]

Options

--realm, -e

The name of the realm.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

show-members

Show the members of an identity. For example, the members of a role.

Syntax

ssoadm show-members --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--membershipidtype, -m

The membership identity type.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

show-memberships

Show the memberships of an identity. For example, the memberships of a user.

Syntax

ssoadm show-memberships --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--membershipidtype, -m

The membership identity type.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

show-privileges

Show the privileges assigned to an identity.

Syntax

ssoadm show-privileges --options [--global-options]

Options

--realm, -e

The name of the realm.

--idname, -i

The name of the identity.

--idtype, -t

The type of the identity. For example, User, Role or Group.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.