Documentation Home
> Sun OpenSSO Enterprise 8.0 Administration Reference
Sun OpenSSO Enterprise 8.0 Administration Reference
Book Information
Preface
Part I Command Line Interface Reference
Chapter 1 ssoadm Command Line Interface Reference
Using the ssoadm Command Line Interface
Password File
ssoadm Usage Example
Listing Options for an ssoadm Subcommand
Subcommand Usage
ssoadm Subcommands and Options
Agent Configuration
add-agent-to-grp
Syntax
Options
agent-remove-props
Syntax
Options
create-agent
Syntax
Options
create-agent-grp
Syntax
Options
delete-agent-grps
Syntax
Options
delete-agents
Syntax
Options
list-agent-grp-members
Syntax
Options
list-agent-grps
Syntax
Options
list-agents
Syntax
Options
remove-agent-from-grp
Syntax
Options
show-agent
Syntax
Options
show-agent-grp
Syntax
Options
show-agent-membership
Syntax
Options
show-agent-types
Syntax
Options
update-agent
Syntax
Options
update-agent-grp
Syntax
Options
Authentication Service Management
add-auth-cfg-entr
Syntax
Options
create-auth-cfg
Syntax
Options
create-auth-instance
Syntax
Options
delete-auth-cfgs
Syntax
Options
delete-auth-instances
Syntax
Options
get-auth-cfg-entr
Syntax
Options
get-auth-instance
Syntax
Options
list-auth-cfgs
Syntax
Options
list-auth-instances
Syntax
Options
register-auth-module
Syntax
Options
unregister-auth-module
Syntax
Options
update-auth-cfg-entr
Syntax
Options
update-auth-instance
Syntax
Options
Datastore Management
add-amsdk-idrepo-plugin
Syntax
Options
create-datastore
Syntax
Options
delete-datastores
Syntax
Options
list-datastore-types
Syntax
Options
list-datastores
Syntax
Options
show-datastore
Syntax
Options
update-datastore
Syntax
Options
Identity Management
add-member
Syntax
Options
add-privileges
Syntax
Options
add-svc-identity
Syntax
Options
create-identity
Syntax
Options
delete-identities
Syntax
Options
get-identity
Syntax
Options
get-identity-svcs
Syntax
Options
list-identities
Syntax
Options
list-identity-assignable-svcs
Syntax
Options
remove-member
Syntax
Options
remove-privileges
Syntax
Options
remove-svc-identity
Syntax
Options
set-identity-attrs
Syntax
Options
set-identity-svc-attrs
Syntax
Options
show-identity-ops
Syntax
Options
show-identity-svc-attrs
Syntax
Options
show-identity-types
Syntax
Options
show-members
Syntax
Options
show-memberships
Syntax
Options
show-privileges
Syntax
Options
Realm and Policy Management
add-svc-attrs
Syntax
Options
add-svc-realm
Syntax
Options
create-policies
Syntax
Options
create-realm
Syntax
Options
delete-policies
Syntax
Options
delete-realm
Syntax
Options
delete-realm-attr
Syntax
Options
get-realm
Syntax
Options
get-realm-svc-attrs
Syntax
Options
list-policies
Syntax
Options
list-realm-assignable-svcs
Syntax
Options
list-realms
Syntax
Options
remove-svc-attrs
Syntax
Options
remove-svc-realm
Syntax
Options
set-realm-attrs
Syntax
Options
set-svc-attrs
Syntax
Options
show-auth-modules
Syntax
Options
show-data-types
Syntax
Options
show-realm-svcs
Syntax
Options
Service Management
add-attr-defs
Syntax
Options
add-attrs
Syntax
Options
add-plugin-interface
Syntax
Options
add-sub-schema
Syntax
Options
create-boot-url
Syntax
Options
create-sub-cfg
Syntax
Options
create-svc
Syntax
Options
create-svrcfg-xml
Syntax
Options
delete-attr
Syntax
Options
delete-attr-def-values
Syntax
Options
delete-sub-cfg
Syntax
Options
delete-svc
Syntax
Options
export-svc-cfg
Syntax
Options
get-attr-defs
Syntax
Options
get-revision-number
Syntax
Options
import-svc-cfg
Syntax
Options
remove-attr-choicevals
Syntax
Options
remove-attr-defs
Syntax
Options
remove-sub-schema
Syntax
Options
set-attr-any
Syntax
Options
set-attr-bool-values
Syntax
Options
set-attr-choicevals
Syntax
Options
set-attr-defs
Syntax
Options
set-attr-end-range
Syntax
Options
set-attr-i18n-key
Syntax
Options
set-attr-start-range
Syntax
Options
set-attr-syntax
Syntax
Options
set-attr-type
Syntax
Options
set-attr-ui-type
Syntax
Options
set-attr-validator
Syntax
Options
set-attr-view-bean-url
Syntax
Options
set-inheritance
Syntax
Options
set-plugin-viewbean-url
Syntax
Options
set-revision-number
Syntax
Options
set-sub-cfg
Syntax
Options
set-svc-i18n-key
Syntax
Options
set-svc-view-bean-url
Syntax
Options
update-svc
Syntax
Options
Server Configuration
add-site-members
Syntax
Options
add-site-sec-urls
Syntax
Options
clone-server
Syntax
Options
create-server
Syntax
Options
create-site
Syntax
Options
delete-server
Syntax
Options
delete-site
Syntax
Options
export-server
Syntax
Options
get-svrcfg-xml
Syntax
Options
import-server
Syntax
Options
list-server-cfg
Syntax
Options
list-servers
Syntax
Options
list-sites
Syntax
Options
remove-server-cfg
Syntax
Options
remove-site-members
Syntax
Options
remove-site-sec-urls
Syntax
Options
set-site-pri-url
Syntax
Options
set-site-sec-urls
Syntax
Options
set-svrcfg-xml
Syntax
Options
show-site
Syntax
Options
show-site-members
Syntax
Options
update-server-cfg
Syntax
Options
Federation Management
add-cot-member
Syntax
Options
create-cot
Syntax
Options
create-metadata-templ
Syntax
Options
delete-cot
Syntax
Options
delete-entity
Syntax
Options
do-bulk-federation
Syntax
Options
export-entity
Syntax
Options
import-bulk-fed-data
Syntax
Options
import-entity
Syntax
Options
list-cot-members
Syntax
Options
list-cots
Syntax
Options
list-entities
Syntax
Options
remove-cot-member
Syntax
Options
update-entity-keyinfo
Syntax
Options
Miscellaneous
add-res-bundle
Syntax
Options
do-batch
Syntax
Options
do-migration70
Syntax
Options
list-res-bundle
Syntax
Options
list-sessions
Syntax
Options
remove-res-bundle
Syntax
Options
Chapter 2 The amadmin Command Line Tool
The amadmin Command Line Executable
The amadmin Syntax
amadmin Options
--runasdn (-u)
--password (-w)
--locale (-l)
--continue (-c)
--session (-m)
--debug (-d)
--verbose (-v)
--data (-t)
--schema (-s)
--addattributes (-a)
--deleteservice (-r)
--serviceName
--help (-h)
--version (-n)
Using amadmin for Federation Management
Loading the Liberty meta compliance XML into Directory Server
--runasdn (-u)
--password (-w)
--passwordfile (-f)
--entityname (-e)
--import (-g)
Exporting an Entity to an XML File (Without XML Digital Signing)
--runasdn (-u)
--password (-w)
--passwordfile (-f)
--entityname (--e)
--export (-o)
Exporting an Entity to an XML File (With XML Digital Signing)
--runasdn (-u)
--password (-w)
--passwordfile (-f)
--entityname (--e)
--export (-o)
--xmlsig (-x)
Changing from Legacy Mode to Realm Mode
Using amadmin for Resource Bundles
Add resource bundle.
Get resource strings.
Remove resource bundle.
Chapter 3 The ampassword Command Line Tool
The ampassword Command Line Executable
To Run ampassword with OpenSSO Enterprise in SSL mode
Chapter 4 The amverifyarchive Command Line Tool
The amverifyarchive Command Line Executable
amverifyarchive Syntax
amverifyarchive Options
logName
path
uname
password
Part II OpenSSO Attribute Reference
Chapter 5 Centralized Agent Configuration Attributes
Agent Configuration Attributes
Web Policy Agent
J2EE Policy Agent
Web Service Provider
General
Group
Password
Password Confirm
Status
Universal Identifier
Security
Security Mechanism
Authentication Chain
Token Conversion Type
Preserve Security Headers in Message
Private Key Type
Liberty Service Type URN
Credential for User Token
SAML Configuration
SAML Attribute Mapping
SAML NameID Mapper Plugin
SAML Attributes Namespace
Include Memberships
Signing and Encryption
Is Response Signed
Is Response Encrypted
Is Request Signature Verified
Is Request Header Decrypted
Is Request Decrypted
Signing Reference Type
Encryption Algorithm
Encryption Strength
Key Store
Public Key Alias of Web Service Client
Private Key Alias
Key Storage Usage
End Points
Web Service Proxy End Point
Web Service End Point
Kerberos Configuration
Kerberos Domain Server
Kerberos Domain
Kerberos Service Principal
Kerberos Key Tab File
Verify Kerberos Signature
Web Service Client Attributes
General
Group
Password
Password Confirm
Status
Universal Identifier
Security
Security Mechanism
STS Configuration
Discovery Configuration
User Authentication Required
Preserve Security Headers in Message
Use Pass Through Security Token
Liberty Service Type URN
Credential for User Token
Signing and Encryption
Is Request Signed
Is Request Header Encrypted
Is Request Encrypted
Is Response Signature Verified
Is Response Decrypted
Signing Reference Type
Encryption Algorithm
Encryption Strength
Key Store
Public Key Alias of Web Service Provider
Private Key Alias
Key Storage Usage
End Points
Web Service Security Proxy End Point
Web Service End Point
Kerberos Configuration
Kerberos Domain Server
Kerberos Domain
Kerberos Service Principal
Kerberos Ticket Cache Directory
STS Client
Discovery Agent Attributes
Group
Password
Password Confirm
Status
Location of Agent Configuration Repository
Private Key Alias
Discovery Service End Point
Authentication Web Service End Point
Security Token Service Agent Attributes
General
Group
Password
Password Confirm
Status
WS-Trust Version
Universal Identifier
Security
Security Mechanism
STS Configuration
Preserve Security Headers in Message
Credential for User Token
Signing and Encryption
Is Request signed
Is Request Header Encrypted
Is Request Encrypted
Is Response Signature Verified
Is Response Decrypted
Signing Reference Type
Encryption Algorithm
Encryption Strength
Key Store
Public Key Alias of Web Service Provider
Private Key Alias
Key Storage Usage
End Points
Security Token Service End Point
Security Token Service MEX End Point
Kerberos Configuration
Kerberos Domain Server
Kerberos Domain
Kerberos Service Principal
Kerberos Ticket Cache Directory
2.2 Policy Agent
Password
Password Confirm
Status
Description
Agent Key Value
Agent Authenticator
Password
Password Confirm
Status
Agent Profiles Allowed to Read
Chapter 6 Federation Attributes for Entity Providers
SAMLv2 Entity Provider Attributes
SAMLv2 Service Provider Customization
Assertion Content
Request/Response Signing
Encryption
Certificate Aliases
Name ID Format
Authentication Context
Assertion Time Skew
Basic Authentication
Assertion Processing
Attribute Mapper
Auto Federation
Account Mapper
Artifact Message Encoding
Transient User
URL
Default Relay State
Adapter
Services
Meta Alias
Single Logout Service
Manage Name ID Service
Assertion Artifact Consumer Service
Advanced
SP URL
SP Logout URL
App Secret List
Request IDP List Finder Implementation
Request IDP List Get Complete
Request IDP List
IDP Proxy
Introduction
Proxy Count
IDP Proxy List
SAMLv2 Identity Provider Customization
Assertion Content
Request/Response Signing
Encryption
Certificate Aliases
Name ID Format
Name ID Value Map
Authentication Context
Assertion Time
Basic Authentication
Assertion Cache
Bootstrapping
Assertion Processing
Attribute Mapper
Account Mapper
Local Configuration
Auth URL
External Application Logout URL
Services
Meta Alias
Artifact Resolution Service
Single Logout Service
Manage Name ID Service
Single Sign-On Service
Advanced
IDP URL
App Secret List
IDP Mapper Session
SAMLv2 XACML PDP Customization
Protocol Support Enumeration
Signing Key Alias
Encryption Key Alias
Basic Authorization
Authorization Decision Query Signed
Authorization Service
SAMLv2 XACML PEP Customization
Protocol Support Enumeration
Signing Key Alias
Encryption Key Alias
Basic Authorization
Authorization Decision Response Signed
Assertion Encrypted
SAMLv2 Attribute Authority Customization
Signing and Encryption
Attribute Service
AssertionID Request
Attribute Profile
Cert Alias
Subject Data Store
SAMLv2 Attribute Query Customization
NameID Format
Cert Alias
SAMLv2 Authentication Authority Customization
Signing and Encryption
Authn Query Service
AssertionID Request
Cert Alias
ID-FF Entity Provider Attributes
ID-FF Identity Provider Customization
Common Attributes
Provider Type
Description
Protocol Support Enumeration
Signing Key
Encryption Key
Name Identifier Encryption
Communication URLs
SOAP Endpoint
Single Sign-on Service URL
Single Logout Service
Single Logout Return
Federation Termination Service
Federation Termination Return
Name Registration Service
Name Registration Return
Communication Profiles
Federation Termination
Single Logout
Name Registration
Single Sign-on/Federation
Identity Provider Configuration
Provider Alias
Authentication Type
Assertion Issuer
Responds With
Provider Status
Service URL
Home Page URL
Single Sign-on Failure Redirect URL
Federate Page URL
Registration Done URL
List of COTs Page URL
Termination URL
Termination Done URL
Error Page URL
Logout Done URL
Plug-ins
Name Identifier Implementation
Attribute Statement Plug-in
User Provider Class
Identity Provider Attribute Mapper
Attribute Mapper Class
Identity Provider Attribute Mapping
Bootstrapping
Generate Discovery Bootstrapping Resource Offering
Auto Federation
Auto Federation
Auto Federation Common Attribute Name
Authentication Context
SAML Attributes
Assertion Interval
Cleanup Interval
Artifact Timeout
Assertion Limit
ID-FF Service Provider Customization
Common Attributes
Provider Type
Description
Protocol Support Enumeration
Signing Key
Encryption Key
Name Identifier Encryption
Sign Authentication Request
Communication URLs
SOAP Endpoint
Single Logout Service
Single Logout Return
Federation Termination Service
Federation Termination Return
Name Registration Service
Name Registration Return
Assertion Consumer URL
Assertion Consumer Service URL ID
Set Assertion consumer Service URL as Default
Communication Profiles
Federation Termination
Single Logout
Name Registration
Supported SSO Profile
Service Provider Configuration
Provider Alias
Authentication Type
Identity Provider Forced Authentication
Request Identity Provider to be Passive
Name Registration After Federation
Name ID Policy
Affiliation Federation
Provider Status
Responds With
Service URL
List of COTs Page URL
Federate Page URL
Home Page URL
Single Sign-on Failure Redirect URL
Termination Done URL
Error Page URL
Logout Done URL
Plug-ins
Service Provider Adapter
Federation SP Adapter Env
User Provider Class
Name Identifier Implementation
Service Provider Attribute Mapper
Attribute Mapper Class
Service Provider Attribute Mapping
Auto Federation
Auto Federation
Auto Federation Common Attribute Name
Authentication Context
Proxy Authentication Configuration
Proxy Authentication
Proxy Identity Providers List
Maximum Number of Proxies
Use Introduction Cookie for Proxying
WS-Federation Entity Provider Attributes
WS-Federation General Attributes
SP Display Name
IDP Display Name
Realm
Token Issuer Name
Token Issuer Endpoint
WS-Federation Identity Provider Customization
NameID Format
NameID Attribute
Name Includes Domain
Domain Attribute
UPN Domain
Signing Cert Alias
Claim Types
Account Mapper
Attribute Mapper
Attribute Map
Assertion Effective Time
WS-Federation Service Provider Customization
Assertion Signed
Account Mapper
Attribute Mapper
Attribute Map
Assertion Effective Time
Assertion Skew Time
Default Relay State
Home Realm Discovery
Account Realm Selection
Chapter 7 Configuration Attributes
Authentication
Active Directory
Primary Active Directory Server
Secondary Active Directory Server
DN to Start User Search
DN for Root User Bind
Password for Root User Bind
Password for Root User Bind (confirm)
Attribute Used to Retrieve User Profile
Attributes Used to Search for a User to be Authenticated
User Search Filter
Search Scope
SSL Access to Active Directory Server
Return User DN to Authenticate
Active Directory Server Check Interval
User Creation Attributes
Authentication Level
Anonymous
Valid Anonymous Users
Default Anonymous User Name
Case Sensitive User IDs
Authentication Level
Authentication Configuration
Certificate
Match Certificate in LDAP
Subject DN Attribute Used to Search LDAP for Certificates
Match Certificate to CRL
Issuer DN Attribute Used to Search LDAP for CRLs
HTTP Parameters for CRL Update
OCSP Validation
LDAP Server Where Certificates are Stored
LDAP Start Search DN
LDAP Server Principal User
LDAP Server Principal Password
LDAP Server Principal Password (confirm)
Use SSL for LDAP Access
Certificate Field Used to Access User Profile
Other Certificate Field Used to Access User Profile
SubjectAltNameExt Value Type to Access User Profile
Trusted Remote Hosts
SSL Port Number
HTTP Header Name for Client Certificate
Authentication Level
Core
Pluggable Authentication Module Classes
Supported Authentication Module for Clients
LDAP Connection Pool Size
Default LDAP Connection Pool Size
User Profile
Remote Auth Security
Administrator Authentication Configuration
User Profile Dynamic Creation Default Roles
Persistent Cookie Mode
Persistent Cookie Maximum Time
Alias Search Attribute Name
Default Authentication Locale
Organization Authentication Configuration
Login Failure Lockout Mode
Login Failure Lockout Count
Login Failure Lockout Interval
Email Address to Send Lockout Notification
Warn User After N Failures
Login Failure Lockout Duration
Lockout Duration Multiplier
Lockout Attribute Name
Lockout Attribute Value
Default Success Login URL
Default Failure Login URL
Authentication Post Processing Class
Generate UserID Mode
Pluggable User Name Generator Class
Identity Types
Pluggable User Status Event Classes
Store Invalid Attempts in Data Store
Module-based Authentication
User Attribute Mapping to Session Attribute
Default Authentication Level
Data Store
Authentication Level
Federation
Authentication Level
HTTP Basic
Backend Module Name
Authentication Level
JDBC
Connection Type
Connection Pool JNDI Name
JDBC Driver
JDBC URL
Connect This User to Database
Password for Connecting to Database
Password for Connecting to Database Confirm
Password Column String
Prepared Statement
Class to Transform Password Syntax
Authentication Level
To Configure a Connection Pool — Example
LDAP
Primary LDAP Server
Secondary LDAP Server
DN to Start User Search
DN for Root User Bind
Password for Root User Bind
Password for Root User Bind (confirm)
Attribute Used to Retrieve User Profile
Attributes Used to Search for a User to be Authenticated
User Search Filter
Search Scope
SSL to Access LDAP Server
Return User DN to Authenticate
LDAP Server Check Interval
User Creation Attribute List
Authentication Level
Membership
Minimum Password Length
Default User Roles
User Status After Registration
Authentication Level
MSISDN
Trusted Gateway IP Address
MSISDN Number Argument
LDAP Server and Port
LDAP Start Search DN
Attribute To Use To Search LDAP
LDAP Server Principal User
LDAP Server Principal Password
LDAP Server Principal Password (confirm)
SSL for LDAP Access
MSISDN Header Search Attribute
LDAP Attribute Used to Retrieve User Profile
Return User DN on Authentication
Authentication Level
RADIUS
Server 1
Server 2
Shared Secret
Shared Secret Confirm
Port Number
Timeout
Authentication Level
SAE
Authentication Level
SafeWord
Server
Server Verification Files Directory
Logging
Logging Level
Log File
Authentication Connection Timeout
Client Type
EASSP Version
Minimum Authenticator Strength
Authentication Level
SecurID
ACE/Server Configuration Path
Authentication Level
Unix
Configuration Port
Authentication Port
Timeout
Threads
Authentication Level
PAM Service Name
Windows Desktop SSO
Service Principal
Keytab File Name
Kerberos Realm
Kerberos Server Name
Return Principal with Domain Name
Authentication Level
Windows NT
Authentication Domain
Authentication Host
Samba Configuration File Name
Authentication Level
Console Properties
Administration
Federation Management
Default Agents Container
Maximum Results Returned From Search
Timeout For Search
User Search Key
Search Return Attribute
Maximum Entries Displayed per Page
External Attributes Fetch
Globalization Settings
Charsets Supported By Each Locale
Charset Aliases
Auto Generated Common Name Format
Supported Language Locales
Global Properties
Common Federation Configuration
Datastore SPI Implementation Class
Configuration Instance SPI Implementation Class
Logger SPI Implementation Class
Session Provider SPI Implementation Class
Maximum Allowed Content Length
Password Decoder SPI Implementation Class
Signature Provider SPI Implementation Class
Key Provider SPI Implementation Class
Check Presence of Certificates
XML Cannonicalization Algorithm
XML Signature Algorithm
XML Transformation Algorithm
Liberty ID-FF Service Configuration
Federation Cookie Name
IDP Proxy Finder SPI Implementation Class
Request Cache Cleanup Interval
Request Cache Timeout
IDP Login URl
XML Signing On
Liberty ID-WSF Security Service
Security Attribute Plugin Class
Key Info Type
Security Token Provider Class
Default WSC Certificate Alias
Trusted Authority Signing Certificate Alias
Trusted CA Signing Certificate Aliases
Liberty Interaction Service
WSP to Redirect User for Interaction
WSP to Redirect User for Interaction for Data
WSP's Expected Duration for Interaction
WSP to Enforce That returnToURL must be SSL
WSP to Enforce Return to Host be the Same as Request Host
HTML Style Sheet Location
WML Style Sheet Location
WSP Interaction URL
WSP Interaction URL if Behind Load Balancer
List of Interaction URLs of the WSP Cluster (site) Behind the Load Balancer
Interaction Configuration Class
Options for WSC to Participate in Interaction
WSC to Include userInteractionHeader
WSC to redirect user for Interaction
WSC's Expected Duration for Interaction
WSC to Enforce that Redirection URL Must be SSL
Multi Federation Protocol
Single Logout Handler List
Password Reset
User Validation
Secret Question
Search Filter
Base DN
Bind DN
Bind Password
Bind Password Confirm
Password Reset Option
Password Change Notification Option
Password Reset
Personal Question
Maximum Number of Questions
Force Change Password on Next Login
Password Reset Failure Lockout
Password Reset Failure Lockout Count
Password Reset Failure Lockout Interval
Email Address to Send Lockout Notification
Warn User After N Failures
Password Reset Failure Lockout Duration
Password Reset Lockout Attribute Name
Password Reset Lockout Attribute Value
Policy Configuration
Global Properties
Resource Comparator
Continue Evaluation on Deny Decision
Advices Handleable by OpenSSO
Realm Alias Referrals
Realm Attributes
Primary LDAP Server
LDAP Base DN
LDAP Users Base DN
OpenSSO Enterprise Roles Base DN
LDAP Bind DN
LDAP Bind Password
LDAP Bind Password Confirm
LDAP Organizations Search Filter
LDAP Organizations Search Scope
LDAP Groups Search Scope
LDAP Groups Search Filter
LDAP Users Search Filter
LDAP Users Search Scope
LDAP Roles Search Filter
LDAP Roles Search Scope
OpenSSO Roles Search Scope
LDAP Organization Search Attribute
LDAP Groups Search Attribute
LDAP Users Search Attribute
LDAP Roles Search Attribute
Maximum Results Returned from Search
Search Timeout
LDAP SSL
LDAP Connection Pool Minimum Size
Connection Pool Maximum Size
Selected Policy Subjects
Selected Policy Conditions
Selected Policy Referrals
Subject Results Time To Live
User Alias
Selected Response Providers
Selected Dynamic Response Attributes
SAMLv2 Service Configuration
Cache Cleanup Interval
Attribute Name for Name ID Information
Attribute Name for Name ID Information Key
Cookie Domain for IDP Discovery Service
Cookie Type for IDP Discovery Service
URL Scheme for IDP Discovery Service
XML Encryption SPI Implementation Class
Include Encrypted Key Inside KeyInfo Element
XML Signing Implementation Class
XML Signing Certificate Validation
CA Certificate Validation
SAMLv2 SOAP Binding
Request Handler List
To Configure a Request Handler
Security Token Service
Issuer
End Point
Encryption Issued Key
Encryption Issued Token
Lifetime for Security Token
Token Implementation Class
Certificate Alias Name
STS End User Token Plug-in Class
Security Mechanism
Authentication Chain
User Credential
Is Request Signature Verified
Is Request Header Decrypted
Is Request Decrypted
Is Response Signed
Is Response Encrypted
Signing Reference Type
Encryption Algorithm
Encryption Strength
Private Key Alias
Private Key Type
Public Key Alias of Web Service (WS-Trust) Client
Kerberos Domain Server
Kerberos Domain
Kerberos Service Principal
Kerberos Key Tab File
Verify Kerberos Signature
SAML Attribute Mapping
NameID Mapper
Should Include Memberships
Attribute Namespace
Trusted Issuers
Trusted IP Addresses
Session
Secondary Configuration Instance
To Add a Sub Configuration
Maximum Number of Search Results
Timeout for Search
Enable Property Change Notifications
Enable Quota Constraints
Read Timeout for Quota Constraint
Exempt Top-Level Admins From Constraint Checking
Resulting Behavior If Session Quota Exhausted
Deny User Login When Session Repository is Down
Notification Properties
Enable Session Trimming
Maximum Session Time
Maximum Idle Time
Maximum Caching Time
Active User Sessions
User
User Preferred Language
User Preferred Timezone
Administrator Starting View
Default User Status
System Properties
Client Detection
Default Client Type
Client Detection Class
Enable Client Detection
Logging
Maximum Log Size
Number of History Files
Log File Location
Log Status
Log Record Resolve Host Name
Logging Type
Database User Name
Database User Password
Database User Password (confirm)
Database Driver Name
Configurable Log Fields
Log Verification Frequency
Log Signature Time
Secure Logging
Secure Logging Signing Algorithm
Logging Certificate Store Location
Maximum Number of Records
Number of Files per Archive
Buffer Size
DB Failure Memory Buffer Size
Buffer Time
Time Buffering
Logging Level
Naming
Profile Service URL
Session Service URL
Logging Service URL
Policy Service URL
Authentication Service URL
SAML Web Profile/Artifact Service URL
SAML SOAP Service URL
SAML Web Profile/POST Service URL
SAML Assertion Manager Service URL
Federation Assertion Manager Service URL
Security Token Manager URL
JAXRPC Endpoint URL
Identity Web Services Endpoint URL
Identity REST Services Endpoint URL
Security Token Service Endpoint URL
Security Token Service MEX Endpoint URL
Platform
Platform Locale
Cookie Domains
Hex Encode Cookies
Client Character Sets
To Specify a New Character Set
Servers and Sites
To Create a New Server Instance
Inheritance Settings
General
Site Attributes
Parent Site
System Attributes
Base Installation Directory
Default Locale
Notification URL
XML Validation
Debugging Attributes
Debug Level
Merge Debug Files
Debug Directory
Mail Server
Mail Server Host Name
Mail Server Port Number
Security
Encryption
Password Encryption Key
Authentication Service Shared Secret
Encryption Class
Secure Random Factory Class
Validation
Platform Low Level Comm. Max. Content Length
Client IP Address Check
Cookie
Cookie Name
Secure Cookie
Encode Cookie Value
Keystore
Keystore File
Keystore Password File
Private Key Password File
Certificate Alias
Certificate Revocation List Caching
LDAP Server Host Name
LDAP Server Port Number
SSL Enabled
LDAP Server Bind User Name
LDAP Server Bind Password
LDAP Search Base DN
Search Attributes
Online Certificate Status Protocol Check
Check Enabled
Responder URL
Certificate Nickname
Federal Information Processing Standards
FIPS Mode
Session
Session Limits
Maximum Sessions
Invalidate Session Max Time
Session Purge Delay
Statistics
Logging Interval
State
Directory
Enable Host Lookup
Notification
Notification Pool Size
Notification Thread Pool Threshold
Validation
Case Insensitive Client DN Comparison
SDK
Data Store
Enable Datastore Notification
Enable Directory Proxy
Notification Pool Size
Event Service
Number of Retries for Event Service Connections
Delay Between LDAP Connection Tries
Error Codes for LDAP Connection Tries
Idle Timeout
Disabled Event Service Connection
LDAP Connection
Number of Retries for LDAP Connection
Delay Between LDAP Connection Retries
Error Codes for LDAP Connection Retries
Caching and Replica
SDK Caching Max. Size
SDK Replica Retries
Delay Between SDK Replica Tries
Time To Live Configuration
Cache Entry Expiration Enabled
User Entry Expiration Time
Default Entry Expiration Time
Directory Configuration
Directory Configuration
Minimum Connection Pool
Maximum Connection Pool
Bind DN
Bind Password
Server
Legacy Configuration
Minimum Connection Pool
Maximum Connection Pool
Server
Advanced
To Create a New Site Instance
To Edit a Site Instance
Servers and Sites Console Attribute Maps
Chapter 8 Data Store Attributes
Active Directory Attributes
LDAP Server
LDAP Bind DN
LDAP Bind Password
LDAP Bind Password (confirm)
LDAP Organization DN
LDAP SSL
LDAP Connection Pool Minimum Size
LDAP Connection Pool Maximum Size
Maximum Results Returned from Search
Search Timeout
LDAP Follows Referral
LDAPv3 Repository Plugin Class Name
Attribute Name Mapping
LDAPv3 Plugin Supported Types and Operations
LDAPv3 Plug-in Search Scope
LDAP Users Search Attribute
LDAP Users Search Filter
LDAP User Object Class
LDAP User Attributes
Create User Attribute Mapping
Attribute Name of User Status
User Status Active Value
User Status Inactive Value
LDAP Groups Search Attribute
LDAP Group Search Filter
LDAP Groups Container Naming Attribute
LDAP Groups Container Value
LDAP Groups Object Classes
LDAP Groups Attributes
Attribute Name for Group Membership
Attribute Name of Unique Member
Attribute Name of Group Member URL
LDAP People Container Naming Attribute
LDAP People Container Value
Identity Types That Can be Authenticated
Authentication Naming Attribute
Persistent Search Base DN
Persistent Search Filter
Persistent Search Scope
Persistent Search Maximum Idle Time Before Restart
Maximum Number of Retries After Error Code
The Delay Time Between Retries
LDAPException Error Codes to Retry
Caching
Maximum Age of Cached Items
Maximum Size of the Cache
Generic LDAPv3 Attributes
LDAP Server
LDAP Bind DN
LDAP Bind Password
LDAP Bind Password (confirm)
LDAP Organization DN
LDAP SSL
LDAP Connection Pool Minimum Size
LDAP Connection Pool Maximum Size
Maximum Results Returned from Search
Search Timeout
LDAP Follows Referral
LDAPv3 Repository Plugin Class Name
Attribute Name Mapping
LDAPv3 Plugin Supported Types and Operations
LDAPv3 Plug-in Search Scope
LDAP Users Search Attribute
LDAP Users Search Filter
LDAP User Object Class
LDAP User Attributes
Create user Attribute Mapping
Attribute Name of User Status
User Status Active Value
User Status Inactive Value
LDAP Groups Search Attribute
LDAP Group Search Filter
LDAP Groups Container Naming Attribute
LDAP Groups Container Value
LDAP Groups Object Classes
LDAP Groups Attributes
Attribute Name for Group Membership
Attribute Name of Unique Member
Attribute Name of Group Member URL
Default Group Member's User DN
LDAP People Container Naming Attribute
LDAP People Container Value
Identity Types That Can Be Authenticated
Persistent Search Base DN
Persistent Search Filter
Persistent Search Scope
Persistent Search Maximum Idle Time Before Restart
Maximum Number of Retries After Error Code
The Delay Time Between Retries
LDAPException Error Codes to Retry
Caching
Maximum Age of Cached Items
Maximum Size of the Cache
Sun Directory Server with OpenSSO Enterprise Schema Attributes
LDAP Server
LDAP Bind DN
LDAP Bind Password
LDAP Bind Password (confirm)
LDAP Organization DN
LDAP SSL
LDAP Connection Pool Minimum Size
LDAP Connection Pool Maximum Size
Maximum Results Returned from Search
Search Timeout
LDAP Follows Referral
LDAPv3 Repository Plugin Class Name
Attribute Name Mapping
LDAPv3 Plugin Supported Types and Operations
LDAPv3 Plug-in Search Scope
LDAP Users Search Attribute
LDAP Users Search Filter
LDAP User Object Class
LDAP User Attributes
Create User Attribute Mappings
Attribute Name of User Status
LDAP Groups Search Attribute
LDAP Group Search Filter
LDAP Groups Container Naming Attribute
LDAP Groups Container Value
LDAP Groups Object Classes
LDAP Groups Attributes
Attribute Name for Group Memberships
Attribute Name of Unique Member
Attribute Name of Group Member URL
LDAP Roles Search Attribute
LDAP Role Search Filter
LDAP Role Object Class
LDAP Roles Attributes
LDAP Filter Roles Search Attribute
LDAP Filter Role Search Filter
LDAP Filter Role Object Class
LDAP Filter Roles Attributes
LDAP People Container Naming Attribute
LDAP People Container Value
Identity Types that can be Authenticated
Persistent Search Base DN
Persistent Search Filter
Persistent Search Scope
Persistent Search Maximum Idle Time Before Restart
Maximum Number of Retries After Error Code
The Delay Time Between Retries
LDAPException Error Codes to Retry
Caching
Maximum Age of Cached Items
Maximum Size of the Cache
Part III Error Codes and Log File Reference
Chapter 9 OpenSSO Enterprise Component Error Codes
OpenSSO Enterprise Console Errors
ssoadm Command Line Interface Error Codes
Authentication Error Codes
Policy Error Codes
amadmin Error Codes
Chapter 10 OpenSSO Enterprise Log File Reference
amadmin Command Line Utility
Authentication
Command Line Interface – ssoadm
Console
Circle of Trust
Liberty ID-FF
Liberty ID-WSF
Logging
Policy
SAML 1.x
SAMLv2
Session
Web Services Security
WS-Federation
© 2010, Oracle Corporation and/or its affiliates