Documentation Home
> Sun Java System Access Manager 7.1 Administration Reference
Sun Java System Access Manager 7.1 Administration Reference
Book Information
Preface
Part I Command Line Interface Reference
Chapter 1 The amadmin Command Line Tool
The amadmin Command Line Executable
The amadmin Syntax
amadmin Options
--runasdn (-u)
--password (-w)
--locale (-l)
--continue (-c)
--session (-m)
--debug (-d)
--verbose (-v)
--data (-t)
--schema (-s)
--addattributes (-a)
--deleteservice (-r)
--serviceName
--help (-h)
--version (-n)
Using amadmin for Federation Management
Loading the Liberty meta compliance XML into Directory Server
--runasdn (-u)
--password (-w)
--passwordfile (-f)
--entityname (-e)
--import (-g)
Exporting an Entity to an XML File (Without XML Digital Signing)
--runasdn (-u)
--password (-w)
--passwordfile (-f)
--entityname (--e)
--export (-o)
Exporting an Entity to an XML File (With XML Digital Signing)
--runasdn (-u)
--password (-w)
--passwordfile (-f)
--entityname (--e)
--export (-o)
--xmlsig (-x)
Changing from Legacy Mode to Realm Mode
Using amadmin for Resource Bundles
Add resource bundle.
Get resource strings.
Remove resource bundle.
Chapter 2 The ampassword Command Line Tool
The ampassword Command Line Executable
To Run ampassword with Access Manager in SSL mode
Chapter 3 The VerifyArchive Command Line Tool
The VerifyArchive Command Line Executable
VerifyArchive Syntax
VerifyArchive Options
logName
path
uname
password
Chapter 4 The amsecuridd Helper
The amsecuridd Helper Command Line Executable
amsecuridd Syntax
amsecuridd Options
verbose (-v)
configure portnumber (-c portnm)
Running the amsecuridd helper
Required Libraries
Part II Configuration Attribute Reference
Chapter 5 Configuration Attributes
Authentication
Anonymous
Valid Anonymous Users
Default Anonymous User Name
Case Sensitive User IDs
Authentication Level
Active Directory
Primary Active Directory Server
Secondary Active Directory Server
DN to Start User Search
DN for Root User Bind
Password for Root User Bind
Password for Root User Bind (confirm)
Attribute Used to Retrieve User Profile
Attributes Used to Search for a User to be Authenticated
User Search Filter
Search Scope
SSL Access to Active Directory Server
Return User DN to Authenticate
Active Directory Server Check Interval
User Creation Attributes
Authentication Level
Authentication Configuration
Certificate
Match Certificate in LDAP
Subject DN Attribute Used to Search LDAP for Certificates
Match Certificate to CRL
Issuer DN Attribute Used to Search LDAP for CRLs
HTTP Parameters for CRL Update
OCSP Validation
LDAP Server Where Certificates are Stored
LDAP Start Search DN
LDAP Server Principal User
LDAP Server Principal Password
LDAP Server Principal Password (confirm)
LDAP Attribute for Profile ID
Use SSL for LDAP Access
Certificate Field Used to Access User Profile
Other Certificate Field Used to Access User Profile
Trusted Remote Hosts
SSL Port Number
HTTP Header Name for Client Certificate
Authentication Level
Core
Pluggable Authentication Module Classes
Supported Authentication Module for Clients
LDAP Connection Pool Size
Default LDAP Connection Pool Size
User Profile
Administrator Authentication Configuration
User Profile Dynamic Creation Default Roles
Persistent Cookie Mode
Persistent Cookie Maximum Time
Alias Search Attribute Name
Default Authentication Locale
Organization Authentication Configuration
Login Failure Lockout Mode
Login Failure Lockout Count
Login Failure Lockout Interval
Email Address to Send Lockout Notification
Warn User After N Failures
Login Failure Lockout Duration
Lockout Attribute Name
Lockout Attribute Value
Default Success Login URL
Default Failure Login URL
Authentication Post Processing Class
Generate UserID Mode
Pluggable User Name Generator Class
Identity Types
Pluggable User Status Event Classes
Store Invalid Attempts in Data Store
Module-based Authentication
Default Authentication Level
Data Store
Authentication Level
HTTP Basic
Authentication Level
JDBC
Connection Type
Connection Pool JNDI Name
JDBC Driver
JDBC URL
Connect This User to Database
Password for Connecting to Database
Password for Connecting to Database Confirm
Password Column String
Prepared Statement
Class to Transform Password Syntax
Authentication Level
To Configure a Connection Pool — Example
LDAP
Primary LDAP Server
Secondary LDAP Server
DN to Start User Search
DN for Root User Bind
Password for Root User Bind
Password for Root User Bind (confirm)
Attribute Used to Retrieve User Profile
Attributes Used to Search for a User to be Authenticated
User Search Filter
Search Scope
Enable SSL to Access LDAP Server
Return User DN to Authenticate
LDAP Server Check Interval
User Creation Attribute List
Authentication Level
Membership
Minimum Password Length
Default User Roles
User Status After Registration
Primary LDAP Server
Secondary LDAP Server
DN to Start User Search
DN for Root User Bind
Password for Root User Bind
Password for Root User Bind (confirm)
Attribute Used to Retrieve User Profile
Attributes Used to Search for a User to be Authenticated
User Search Filter
Search Scope
Enable SSL to Access LDAP Server
Return User DN to Authenticate
Authentication Level
MSISDN
Trusted Gateway IP Address
MSISDN Number Argument
LDAP Server and Port
LDAP Start Search DN
Attribute To Use To Search LDAP
LDAP Server Principal User
LDAP Server Principal Password
LDAP Server Principal Password (confirm)
Enable SSL for LDAP Access
LDAP Attribute Used to Retrieve User Profile
Return User DN on Authentication
Authentication Level
RADIUS
Server 1
Server 2
Shared Secret
Shared Secret Confirm
Port Number
Timeout
Authentication Level
SafeWord
Server
Server Verification Files Directory
Logging Enable
Logging Level
Log File
Authentication Connection Timeout
Client Type
EASSP Version
Minimum Authenticator Strength
Authentication Level
SAML
Authentication Level
SecurID
ACE/Server Configuration Path
Helper Configuration Port
Helper Authentication Port
Authentication Level
UNIX
Configuration Port
Authentication Port
Timeout
Threads
Authentication Level
PAM Service Name
Windows Desktop SSO
Service Principal
Keytab File Name
Kerberos Realm
Kerberos Server Name
Return Principal with Domain Name
Authentication Level
Windows NT
Authentication Domain
Authentication Host
Samba Configuration File Name
Authentication Level
Supported Language Locales
Console Properties
Administration
Federation Management
User Management
People Containers
Organizational Unit Containers
Group Containers
Managed Group Type
Default Role Permissions
Domain Component Tree
Administrative Groups
Compliance User Deletion
Dynamic Administrative Roles ACIs
User Profile Service Classes
DC Node Attribute List
Search Filters for Deleted Objects
Default People Container
Default Groups Container
Default Agents Container
Groups Default People Container
Groups People Container List
User Profile Display Class
End User Profile Display Class
Show Roles on User Profile Page
Show Groups on User Profile Page
User Self Subscription to Group
User Profile Display Options
User Creation Default Roles
Administrative Console Tabs
Maximum Results Returned From Search
Timeout For Search
JSP Directory Name
Online Help Documents
Required Services
User Search Key
User Search Return Attribute
User Creation Notification List
User Deletion Notification List
User Modification Notification List
Maximum Entries Displayed per Page
Event Listener Classes
Pre and Post Processing Classes
External Attributes Fetch
Invalid User ID Characters
UserID and Password Validation Plug-in Class
Globalization Settings
Charsets Supported By Each Locale
Charset Aliases
Auto Generated Common Name Format
Global Properties
Password Reset
User Validation
Secret Question
Search Filter
Base DN
Bind DN
Bind Password
Password Reset Option
Password Change Notification Option
Password Reset
Personal Question
Maximum Number of Questions
Force Change Password on Next Login
Password Reset Failure Lockout
Password Reset Failure Lockout Count
Password Reset Failure Lockout Interval
Email Address to Send Lockout Notification
Warn User After N Failure
Password Reset Failure Lockout Duration
Password Reset Lockout Attribute Name
Password Reset Lockout Attribute Value
Policy Configuration
Global Properties
Resource Comparator
Continue Evaluation on Deny Decision
Advices Handleable by Access Manager
Organization Alias Referrals
Realm Attributes
Primary LDAP Server
LDAP Base DN
LDAP Users Base DN
Access Manager Roles Base DN
LDAP Bind DN
LDAP Bind Password
LDAP Organization Search Filter
LDAP Organizations Search Scope
LDAP Groups Search Scope
LDAP Groups Search Filter
LDAP Users Search Filter
LDAP Users Search Scope
LDAP Roles Search Filter
LDAP Roles Search Scope
Access Manager Roles Search Scope
LDAP Organization Search Attribute
LDAP Groups Search Attribute
LDAP Users Search Attribute
LDAP Roles Search Attribute
Maximum Results Returned from Search
Search Timeout
LDAP SSL
LDAP Connection Pool Minimum Size
Connection Pool Maximum Size
Selected Policy Subjects
Selected Policy Conditions
Selected Policy Referrals
Subject Results Time To Live
User Alias
Selected Response Providers
Selected Dynamic Response Attributes
Session
Secondary Configuration Instance
Maximum Number of Search Results
Timeout for Search
Property Change Notifications
Quota Constraints
Read Timeout for Quota Constraint
Exempt Top-Level Admins From Constraint Checking
Resulting Behavior If Session Quota Exhausted
Notification Properties
Maximum Session Time
Maximum Idle Time
Maximum Caching Time
Active User Sessions
To Add a Sub Configuration
User
User Preferred Language
User Preferred Timezone
Inherited Locale
Administrator Starting View
Default User Status
System Properties
Client Detection
Client Types
Client Manager
Client Type
Default Client Type
Client Detection Class
Client Detection
To Add a New Client
Logging
Maximum Log Size
Number of History Files
Log File Location
Logging Type
Database User Name
Database User Password
Database User Password (confirm)
Database Driver Name
Configurable Log Fields
Log Verification Frequency
Log Signature Time
Secure Logging
Secure Logging Signing Algorithm
Maximum Number of Records
Number of Files per Archive
Buffer Size
DB Failure Memory Buffer Size
Buffer Time
Time Buffering
Naming
Profile Service URL
Session Service URL
Logging Service URL
Policy Service URL
Authentication Service URL
SAML Web Profile/Artifact Service URL
SAML SOAP Service URL
SAML Web Profile/POST Service URL
SAML Assertion Manager Service URL
Federation Assertion Manager Service URL
Security Token Manager URL
JAXRPC Endpoint URL
Platform
Site Name
Instance Name
Platform Locale
Cookie Domains
Login Service URL
Logout Service URL
Available Locales
Client Character Sets
To Create a New Site Name
To Create a New Instance Name
To Create a New Character Set
Part III File Reference
Chapter 6 amConfig.properties Reference
About the AMConfig.properties File
Access Manager Console
Access Manager Server Installation
am.util
amSDK
Application Server Installation
Authentication
Certificate Database
Cookies
Debugging
Directory Server Installation
Event Connection
Global Services Management
Helper Daemons
Identity Federation
JSS Proxy
LDAP Connection
Liberty Alliance Interactions
Logging Service
Logging Properties You Can Add to AMConfig.properties
Naming Service
Notification Service
Policy Agents
Policy Client API
Profile Service
Replication
SAML Service
Security
Session Service
SMTP
Statistics Service
Chapter 7 serverconfig.xml Reference
Overview
Proxy User
Admin User
server-config Definition Type Document
iPlanetDataAccessLayer Element
ServerGroup Element
Server Element
User Element
DirDN Element
DirPassword Element
BaseDN Element
MiscConfig Element
Failover Or Multimaster Configuration
Part IV Error Codes and Log File Reference
Chapter 8 Access Manager Component Error Codes
Access Manager Console Errors
Authentication Error Codes
Policy Error Codes
amadmin Error Codes
Chapter 9 Access Manager Log File Reference
Log Reference for amadmin Command Line Utility
Log Reference for Authentication
Access Manager Console
Federation
Liberty
Policy
SAML
Session
© 2010, Oracle Corporation and/or its affiliates