NAME | SYNOPSIS | DESCRIPTION | OPTIONS | OPTIONAL ATTRIBUTES | OPERANDS | EXAMPLES | EXIT STATUS | SEE ALSO
Enables the administrator to create the message-security-config and provider-config sub-elements for the security service in domain.xml (the file that specifies parameters and properties of a domain to the Application Server). The options specified in the list below apply to attributes within the message-security-config and provider-config sub-elements of the domain.xml file.
If the message-layer (message-security-config) element does not exist, this command creates it, and then provider-config is created under it.
This command is supported in remote mode only.
If an option has a short option name, then the short option preceeds the long option name. Short options have one dash whereas long options have two dashes.
Indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false.
Setting to true will echo the command line statement on the standard output. Default is false.
If set to true (default), only the required password options are prompted.
The machine name where the domain administration server is running. The default value is localhost.
The HTTP/S port for administration. This is the port to which you should point your browser in order to manage the domain. For example, http://localhost:4848.
The default port number for Platform Edition is 4848. The default port number for Enterprise Edition is 4849.
If set to true, uses SSL/TLS to communicate with the domain administration server.
The authorized domain administration server administrative username.
If you have authenticated to a domain using the asadmin login command, then you need not specify the --user option on subsequent operations to this particular domain.
The ––passwordfile option specifies the name of a file containing the password entries in a specific format. The entry for the password must have the AS_ADMIN_ prefix followed by the password name in uppercase letters.
For example, to specify the domain administration server password, use an entry with the following format: AS_ADMIN_PASSWORD=password, where password is the actual administrator password. Other passwords that can be specified include AS_ADMIN_MAPPEDPASSWORD, AS_ADMIN_USERPASSWORD, and AS_ADMIN_ALIASPASSWORD.
All remote commands must specify the admin password to authenticate to the domain administration server, either through ––passwordfile or asadmin login, or interactively on the command prompt. The asadmin login command can be used only to specify the admin password. For other passwords, that must be specified for remote commands, use the ––passwordfile or enter them at the command prompt.
If you have authenticated to a domain using the asadmin login command, then you need not specify the admin password through the ––passwordfile option on subsequent operations to this particular domain. However, this is applicable only to AS_ADMIN_PASSWORD option. You will still need to provide the other passwords, for example, AS_ADMIN_USERPASSWORD, as and when required by individual commands, such as update-file-user.
For security reasons, passwords specified as an environment variable will not be read by asadmin.
Displays the help text for the command.
In Enterprise Edition, specifies the target to which you are deploying. The following values are valid:
server Deploys the component to the default server instance server and is the default value.
domain Deploys the component to the domain.
cluster_name Deploys the component to every server instance in the cluster.
instance_name Deploys the component to a particular sever instance.
The following optional attribute name/value pairs are available:
Property |
Definition |
---|---|
classname |
Defines the Java implementation class of the provider. Client authentication providers must implement the com.sun.enterprise. security.jauth.ClientAuthModule interface. Server-side providers must implement the com.sun.enterprise.security jauth.ServerAuthModule interface. A provider may implement both interfaces, but it must implement the interface corresponding to its provider type. |
layer |
The message-layer entity used to define the value of the auth-layer attribute of message-security-config elements. The default is SOAP. |
providertype |
Establishes whether the provider is to be used as client authentication provider, server authentication provider, or both. Valid options for this property include client, server, or client-server. The default value is client-server. |
requestauthsource |
The auth-source attribute defines a requirement for message-layer sender authentication (e.g. username password) or content authentication (e.g. digital signature) to be applied to request messages. Possible values are sender or content. When this argument is not specified, source authentication of the request is not required. |
requestauthrecipient |
The auth-recipient attribute defines a requirement for message-layer authentication of the receiver of a message to its sender (e.g. by XML encryption). Possible values are before-content or after-content. The default value is after-content. |
responseauthsource |
The auth-source attribute defines a requirement for message-layer sender authentication (e.g. username password) or content authentication (e.g. digital signature) to be applied to response messages. Possible values are sender or content. When this option is not specified, source authentication of the response is not required. |
responseauthrecipient |
The auth-recipient attribute defines a requirement for message-layer authentication of the receiver of the response message to its sender (e.g. by XML encryption). Possible values are before-content or after-content. The default value is after-content. |
isdefaultprovider |
The default-provider attribute is used to designate the provider as the default provider (at the layer) of the type or types identified by the providertype argument. There is no default associated with this option. |
property |
Use this property to pass provider-specific property values to the provider when it is initialized. Properties passed in this way might include key aliases to be used by the provider to get keys from keystores, signing, canonicalization, encryption algorithms, etc. |
The following example shows how to create a message security provider for a client.
asadmin> create-message-security-provider --user admin --passwordfile pwd_file --classname com.sun.enterprise.security.jauth.ClientAuthModule --providertype client mySecurityProvider |
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | OPTIONAL ATTRIBUTES | OPERANDS | EXAMPLES | EXIT STATUS | SEE ALSO