The following section lists the ssoadm subcommands and their associated options. The sub commands are grouped under the following functional areas:
The following subcommands execute operations for the supported agent profile types defined in the OpenSSO Centralized Agent Configuration service.
Add agents to an agent group.
ssoadm add-agent-to-grp --options [--global-options]
The name of the realm.
The name of the agent group.
The names of the agent.
The administrator ID running the command.
The filename that contains the password of the administrator.
Remove an agent's properties.
ssoadm agent-remove-props --options [--global-options]
The name of the realm.
The name of the agent.
The names of the properties.
The administrator ID running the command.
The filename that contains the password of the administrator.
Create a new agent configuration.
ssoadm create-agent --options [--global-options]
The name of the realm.
The name of the agent.
The type of agent. For example, J2EEAgent or WebAgent.
The administrator ID running the command.
The filename that contains the password of the administrator.
The properties. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Create a new agent group.
ssoadm create-agent-grp --options [--global-options]
The name of the realm.
The name of the agent's group.
The type of agent. For example, J2EEAgent or WebAgent.
The administrator ID running the command.
The filename that contains the password of the administrator.
The properties. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Delete existing agent groups.
ssoadm delete-agent-grps --options [--global-options]
The name of the realm.
The names of the agent group.
The administrator ID running the command.
The filename that contains the password of the administrator.
Delete existing agent configurations.
ssoadm delete-agents --options [--global-options]
The name of the realm.
The names of the agent.
The administrator ID running the command.
The filename that contains the password of the administrator.
List the agents in an agent group.
ssoadm list-agent-grp-members --options [--global-options]
The name of the realm.
The name of the agent group.
The administrator ID running the command.
The filename that contains the password of the administrator.
Filter by a pattern.
List the agent groups.
ssoadm list-agent-grps --options [--global-options]
The name of the realm.
The administrator ID running the command.
The filename that contains the password of the administrator.
Filter by a pattern.
The type of agent. For example, J2EEAgent or WebAgent.
List the agent configurations.
ssoadm list-agents --options [--global-options]
The name of the realm.
The administrator ID running the command.
The filename that contains the password of the administrator.
Filter by a pattern.
The type of agent. For example, J2EEAgent or WebAgent.
Remove agents from an agent group.
ssoadm remove-agent-from-grp --options [--global-options]
The name of the realm.
The name of the agent group.
The names of the agent.
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the agent profile.
ssoadm show-agent --options [--global-options]
The name of the realm.
The name of the agent.
The administrator ID running the command.
The filename that contains the password of the administrator.
The filename where configuration is written.
Set this option to inherit properties from the parent group.
Show the agent group profile.
ssoadm show-agent-grp --options [--global-options]
The name of the realm.
The name of the agent group.
The administrator ID running the command.
The filename that contains the password of the administrator.
The filename where configuration is written.
List the agent's membership.
ssoadm show-agent-membership --options [--global-options]
The name of the realm.
The name of the agent.
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the agent types.
ssoadm show-agent-types --options [--global-options]
The administrator ID running the command.
The filename that contains the password of the administrator.
Update the agent's configuration.
ssoadm update-agent --options [--global-options]
The name of the realm.
The name of the agent.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set this flag to overwrite a property's values.
The properties. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Update the agent group's configuration.
ssoadm update-agent-grp --options [--global-options]
The name of the realm.
The name of the agent group.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set this flag to overwrite a property's values.
The properties. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
The following subcommands execute operations for the OpenSSO Enterprise Authentication service.
Add an authentication configuration entry.
ssoadm add-auth-cfg-entr --options [--global-options]
The name of the realm.
The name of the authentication configuration.
The module name.
The criteria for this entry. Possible values are REQUIRED, OPTIONAL, SUFFICIENT, and REQUISITE.
The administrator ID running the command.
The filename that contains the password of the administrator.
The options for this entry.
The position where the new entry is to be added.
Create an authentication configuration.
ssoadm create-auth-cfg --options [--global-options]
The name of the realm.
The name of the authentication configuration.
The administrator ID running the command.
The filename that contains the password of the administrator.
Create an authentication instance.
ssoadm create-auth-instance --options [--global-options]
The name of the realm.
The name of the authentication instance.
The type of authentication instance. For example LDAP or DataStore.
The administrator ID running the command.
The filename that contains the password of the administrator.
Delete existing authentication configurations.
ssoadm delete-auth-cfgs --options [--global-options]
The name of the realm.
The names of the authentication configurations.
The administrator ID running the command.
The filename that contains the password of the administrator.
Delete existing authentication instances.
ssoadm delete-auth-instances --options [--global-options]
The name of the realm.
The names of the authentication instances.
The administrator ID running the command.
The filename that contains the password of the administrator.
Get the authentication configuration entries.
ssoadm get-auth-cfg-entr --options [--global-options]
The name of the realm.
The name of the authentication configuration.
The administrator ID running the command.
The filename that contains the password of the administrator.
Get the authentication instance values.
ssoadm get-auth-instance --options [--global-options]
The name of the realm.
The name of the authentication instance.
The administrator ID running the command.
The filename that contains the password of the administrator.
List the authentication configurations.
ssoadm list-auth-cfgs --options [--global-options]
The name of the realm.
The administrator ID running the command.
The filename that contains the password of the administrator.
List the authentication instances.
ssoadm list-auth-instances --options [--global-options]
The name of the realm.
The administrator ID running the command.
The filename that contains the password of the administrator.
Register an authentication module.
ssoadm register-auth-module --options [--global-options]
The Java class name of the authentication module.
The administrator ID running the command.
The filename that contains the password of the administrator.
Unregister the authentication module.
ssoadm unregister-auth-module --options [--global-options]
The Java class name of the authentication module.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set the authentication configuration entries.
ssoadm update-auth-cfg-entr --options [--global-options]
The name of the realm.
The name of the authentication configuration.
The administrator ID running the command.
The filename that contains the password of the administrator.
The formatted authentication configuration entries.
The filename that contains the formatted authentication configuration entries. Enter one attribute-name=attribute-value per line.
Update the authentication instance values.
ssoadm update-auth-instance --options [--global-options]
The name of the realm.
The name of the authentication instance.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
The following subcommands execute operations for managing OpenSSO Enterprise datastores.
Create the AMSDK IdRepo plug-in.
ssoadm add-amsdk-idrepo-plugin --options [--global-options]
Contains the Directory Servers, and can contain multiple entries. Use the following format:
protocol://hostname:port
The Directory Server base distinguished name.
The filename that contains the password of the dsameuser.
The filename that contains the password of the puser.
The administrator ID running the command.
The filename that contains the password of the administrator.
The user objects naming attribute (defaults to uid).
the organization objects naming attribute (defaults to o).
Create a datastore under a realm.
ssoadm create-datastore --options [--global-options]
The name of the realm.
The name of the datastore.
The type of the datastore.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, sunIdRepoClass=com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo".
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Delete the data stores under a realm.
ssoadm delete-datastores --options [--global-options]
The name of the realm.
The names of the data stores.
The administrator ID running the command.
The filename that contains the password of the administrator.
List the supported data store types.
ssoadm list-datastore-types --options [--global-options]
The administrator ID running the command.
The filename that contains the password of the administrator.
List the data stores under a realm.
ssoadm list-datastores --options [--global-options]
The name of the realm.
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the data store profile.
ssoadm show-datastore --options [--global-options]
The name of the realm.
The name of the datastore.
The administrator ID running the command.
The filename that contains the password of the administrator.
Update the datastore profile.
ssoadm update-datastore --options [--global-options]
The name of the realm.
The name of the datastore.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, sunIdRepoClass=com.sun.identity.idm.plugins.files.FilesRepo.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
The following subcommands execute operations for managing identities associated with OpenSSO Enterprise.
Add an identity as a member of another identity.
ssoadm add-member --options [--global-options]
The name of the realm.
The name of the member's identity.
The type of the member's identity. For example, User, Role or Group.
The name of the identity.
The type of the identity.
The administrator ID running the command.
The filename that contains the password of the administrator.
Add privileges to an identity.
ssoadm add-privileges --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The names of the privileges to be added.
The administrator ID running the command.
The filename that contains the password of the administrator.
Add a service to an identity.
ssoadm add-svc-identity --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Create an identity in a realm.
ssoadm create-identity --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, inetuserstatus=Active.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Delete the identities in a realm.
ssoadm delete-identities --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
Get the identity property values.
ssoadm get-identity --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute names. All attribute values will be returned if this option is not provided.
Get the service in an identity.
ssoadm get-identity-svcs --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
Attribute name(s). All attribute values shall be returned if the option is not provided.
List the identities in a realm.
ssoadm list-identities --options [--global-options]
The name of the realm.
Filter by a pattern.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
List the assignable services for an identity.
ssoadm list-identity-assignable-svcs --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
Remove the membership of an identity from another identity.
ssoadm remove-member --options [--global-options]
The name of the realm.
The name of the member's identity.
The type of the member's identity. For example, User, Role or Group.
The name of the identity.
The type of the identity.
The administrator ID running the command.
The filename that contains the password of the administrator.
Remove the privileges from an identity.
ssoadm remove-privileges --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The names of the privileges to be removed.
The administrator ID running the command.
The filename that contains the password of the administrator.
Remove a service from an identity.
ssoadm remove-svc-identity --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set the attribute values of an identity.
ssoadm set-identity-attrs --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Set the service attribute values of an identity.
ssoadm set-identity-svc-attrs --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Show the allowed operations of an identity in a realm.
ssoadm show-identity-ops --options [--global-options]
The name of the realm.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the service attribute values of an identity.
ssoadm show-identity-svc-attrs --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the supported identity types in a realm.
ssoadm show-identity-types --options [--global-options]
The name of the realm.
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the members of an identity. For example, the members of a role.
ssoadm show-members --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The membership identity type.
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the memberships of an identity. For example, the memberships of a user.
ssoadm show-memberships --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The membership identity type.
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the privileges assigned to an identity.
ssoadm show-privileges --options [--global-options]
The name of the realm.
The name of the identity.
The type of the identity. For example, User, Role or Group.
The administrator ID running the command.
The filename that contains the password of the administrator.
The following subcommands execute operations for managing realms and policies in OpenSSO Enterprise.
Add service attribute values in a realm.
ssoadm add-svc-attrs --options [--global-options]
The name of the realm.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Add a service to a realm.
ssoadm add-svc-realm --options [--global-options]
The name of the realm.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Create policies in a realm.
ssoadm create-policies --options [--global-options]
The name of the realm.
The filename that contains the policy XML definition.
The administrator ID running the command.
The filename that contains the password of the administrator.
Create a realm.
ssoadm create-realm --options [--global-options]
The name of the realm to be created.
The administrator ID running the command.
The filename that contains the password of the administrator.
Delete policies from a realm.
ssoadm delete-policies --options [--global-options]
The name of the realm to which the policy belongs.
The names of the policies to be deleted.
The administrator ID running the command.
The filename that contains the password of the administrator.
Delete a realm.
ssoadm delete-realm --options [--global-options]
The name of the realm.
The administrator ID running the command.
The filename that contains the password of the administrator.
Deletes the descendent realms recursively.
Delete an attribute from a realm.
ssoadm delete-realm-attr --options [--global-options]
The name of the realm.
The name of the service.
The name of the attribute to be removed.
The administrator ID running the command.
The filename that contains the password of the administrator.
Get the realm property values.
ssoadm get-realm --options [--global-options]
The name of the realm.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
Get the realm's service attribute values.
ssoadm get-realm-svc-attrs --options [--global-options]
The name of the realm.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
List the policy definitions in a realm.
ssoadm list-policies --options [--global-options]
The name of the realm.
The administrator ID running the command.
The filename that contains the password of the administrator.
The names of the policy. This can be used as a wildcard. All policy definitions in the realm will be returned.
The filename where the policy definition will be written. The definitions will be printed in standard output.
List the realm's assignable services.
ssoadm list-realm-assignable-svcs --options [--global-options]
The name of the realm.
The administrator ID running the command.
The filename that contains the password of the administrator.
List the realms by name.
ssoadm list-realms --options [--global-options]
The name of the realm.
The administrator ID running the command.
The filename that contains the password of the administrator.
Filter by a pattern.
Search recursively.
Remove a realm's service attribute values.
ssoadm remove-svc-attrs --options [--global-options]
The name of the realm.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values to be removed. For example, homeaddress=here.
The filename that contains the attribute values to be removed, configured as in attribute-name=attribute-value. Enter one attribute and value per line.
Remove a service from a realm.
ssoadm remove-svc-realm --options [--global-options]
The name of the realm.
The name of the service to be removed.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set a realm's attribute values.
ssoadm set-realm-attrs --options [--global-options]
The name of the realm.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set this flag to append the values to existing ones.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Set the realm's service attribute values.
ssoadm set-svc-attrs --options [--global-options]
The name of the realm.
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Show the supported authentication modules in the system.
ssoadm show-auth-modules --options [--global-options]
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the supported data types in the system.
ssoadm show-data-types --options [--global-options]
The administrator ID running the command.
The filename that contains the password of the administrator.
Show the services in a realm.
ssoadm show-realm-svcs --options [--global-options]
The name of the realm.
The administrator ID running the command.
The filename that contains the password of the administrator.
Include mandatory services.
The following subcommands execute operations for managing realms and policies in OpenSSO Enterprise.
Add the default attribute values in a schema.
ssoadm add-attr-defs --options [--global-options]
The name of the service.
The type of schema.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
The name of the sub schema.
Add an attribute schema to an existing service.
ssoadm add-attrs --options [--global-options]
The name of the service.
The type of schema.
An XML file containing the attribute schema definition.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Add the plug-in interface to a service.
ssoadm add-plugin-interface --options [--global-options]
The name of the service.
The name of the interface.
The name of the plug-in.
The i18n key plug-in.
The administrator ID running the command.
The filename that contains the password of the administrator.
Add a sub schema.
ssoadm add-sub-schema --options [--global-options]
The name of the service.
The type of schema.
The filename that contains the schema.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Create a bootstrap URL that can bootstrap the product web application.
ssoadm create-boot-url --options [--global-options]
The Directory Server hostname.
The Directory Server port number.
The Directory Server base distinguished name.
The Directory Server base distinguished name.
The filename that contains the Directory Server administrator password.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set this flag for LDAPS.
Create a new sub configuration.
ssoadm create-sub-cfg --options [--global-options]
The name of the service.
The name of the sub configuration.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
The name of the realm. The sub configuration will be added to the global configuration if this option is not selected.
The ID of the parent configuration. The sub configuration will be added to the root configuration if this option is not selected.
The priority of the sub configuration.
Create a new service in the server.
ssoadm create-svc --options [--global-options]
The XML file that contains the schema.
The administrator ID running the command.
The filename that contains the password of the administrator.
Continue adding services if one or more previous services can not be added.
Create the serverconfig.xml file.
ssoadm create-svrcfg-xml --options [--global-options]
The administrator ID running the command.
The filename that contains the password of the administrator.
The Directory Server hostname.
The Directory Server port number.
The Directory Server base distinguished name.
The Directory Server base distinguished name.
The filename that contains the Directory Server administrator password.
The filename where serverconfig.xml is written.
Delete the attribute schemas from a service.
ssoadm delete-attr --options [--global-options]
The name of the service.
The type of schema.
The name of the attribute schema to be removed.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Delete the attribute schema default values.
ssoadm delete-attr-def-values --options [--global-options]
The name of the service.
The type of schema.
The default values to be deleted.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Delete the sub configuration.
ssoadm delete-sub-cfg --options [--global-options]
The name of the service.
The name of the sub configuration.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
The name of the realm. The sub configuration will be added to the global configuration if this option is not selected.
The ID of the parent configuration. The sub configuration will be added to the root configuration if this option is not selected.
The priority of the sub configuration.
Delete the service from the server.
ssoadm delete-svc --options [--global-options]
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
Continue deleting services if one or more previous services can not be deleted.
Delete the policy rule.
Export the service configuration.
ssoadm export-svc-cfg --options [--global-options]
The secret key for encrypting a password.
The administrator ID running the command.
The filename that contains the password of the administrator.
The filename where configuration is written.
Get the default attribute values in a schema.
ssoadm get-attr-defs --options [--global-options]
The name of the service.
The type of schema.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
The names of the attribute.
Get the service schema revision number.
ssoadm get-revision-number --options [--global-options]
The name of the service.
The administrator ID running the command.
The filename that contains the password of the administrator.
Import the service configuration.
ssoadm import-svc-cfg --options [--global-options]
The secret key for decrypting the password.
The XML file that contains the configuration data.
The administrator ID running the command.
The filename that contains the password of the administrator.
Remove choice values from the attribute schema.
ssoadm remove-attr-choicevals --options [--global-options]
The name of the service.
The type of schema.
The name of the attribute.
The choice values. For example, inactive.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Remove the default attribute values in a schema.
ssoadm remove-attr-defs --options [--global-options]
The name of the service.
The type of schema.
The names of the attribute.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Remove the sub schema.
ssoadm remove-sub-schema --options [--global-options]
The name of the service.
The type of schema.
The names of the sub schema to be removed.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the parent sub schema.
Set any member of the attribute schema.
ssoadm set-attr-any --options [--global-options]
The name of the service.
The type of schema.
The name of the attribute schema.
The attribute schema. Any value.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Set the boolean values of the attribute schema.
ssoadm set-attr-bool-values --options [--global-options]
The name of the service.
The type of schema.
The name of the attribute.
The value for true.
The internationalization key for the true value.
The value for false.
The internationalization key for the false value.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Set choice values for the attribute schema.
ssoadm set-attr-choicevals --options [--global-options]
The name of the service.
The type of schema.
The name of the attribute.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set this flag to append the choice values to existing ones.
The name of the sub schema.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
The choice values. For example, 0102=Inactive.
Set the default attribute values in a schema.
ssoadm set-attr-defs --options [--global-options]
The name of the service.
The type of schema.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Set the attribute schema end range.
ssoadm set-attr-end-range --options [--global-options]
The name of the service.
The type of schema.
The name of the attribute schema.
The end range.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Set the i18nkey member of the attribute schema.
ssoadm set-attr-i18n-key --options [--global-options]
The name of the service.
The type of schema.
The name of the attribute schema.
The attribute schema i18n key.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Set the attribute schema start range.
ssoadm set-attr-start-range --options [--global-options]
The name of the service.
The type of schema.
The name of the attribute schema.
The start range.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Set the syntax member of the attribute schema.
ssoadm set-attr-syntax --options [--global-options]
The name of the service.
The type of schema.
The name of the attribute schema.
The attribute schema syntax.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Set the type member of the attribute schema.
ssoadm set-attr-type --options [--global-options]
The name of the service.
The type of schema.
The name of the attribute schema.
The attribute schema type.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Set the UI type member of the attribute schema.
ssoadm set-attr-ui-type --options [--global-options]
The name of the service.
The type of schema.
The name of the attribute schema.
The attribute schema UI type.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Set the attribute schema validator.
ssoadm set-attr-validator --options [--global-options]
The name of the service.
The type of schema.
The name of the attribute schema.
The validator class name.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Set the properties view bean URL member of the attribute schema.
ssoadm set-attr-view-bean-url --options [--global-options]
The name of the service.
The type of schema.
The name of the attribute schema.
The attribute schema properties view bean URL.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the sub schema.
Set the inheritance value of the sub schema.
ssoadm set-inheritance --options [--global-options]
The name of the service.
The type of schema.
The name of the sub schema.
The value of inheritance.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set the properties view bean URL of the plug-in schema.
ssoadm set-plugin-viewbean-url --options [--global-options]
The name of the service.
The name of the interface.
The name of the plug-in.
The properties view bean URL.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set the service schema revision number.
ssoadm set-revision-number --options [--global-options]
The name of the service.
The revision number.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set the sub configuration.
ssoadm set-sub-cfg --options [--global-options]
The name of the service.
The name of the sub configuration.
The operation (either add/set/modify) to be performed on the sub configuration.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
The name of the realm. The sub configuration will be added to the global configuration if this option is not selected.
Set the service schema i18n key.
ssoadm set-svc-i18n-key --options [--global-options]
The name of the service.
The i18n key.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set the service schema properties view bean URL.
ssoadm set-svc-view-bean-url --options [--global-options]
The name of the service.
The service schema properties view bean URL.
The administrator ID running the command.
The filename that contains the password of the administrator.
Update the service.
ssoadm update-svc --options [--global-options]
The XML file that contains the schema.
The administrator ID running the command.
The filename that contains the password of the administrator.
Continue updating services if one or more previous services can not be updated.
The following subcommands execute operations for configuring and managing OpenSSO Enterprise servers and sites within your enterprise.
Add members to a site.
ssoadm add-site-members --options [--global-options]
The name of the site. For example, mysite.
The server name. For example, http://www.example.com:8080/opensso.
The administrator ID running the command.
The filename that contains the password of the administrator.
Add site secondary URLs.
ssoadm add-site-sec-urls --options [--global-options]
The name of the site. For example, mysite.
The secondary URLs.
The administrator ID running the command.
The filename that contains the password of the administrator.
Clone a server instance.
ssoadm clone-server --options [--global-options]
The server name.
The clone server name.
The administrator ID running the command.
The filename that contains the password of the administrator.
Create a server instance.
ssoadm create-server --options [--global-options]
The server name. For example, http://www.example.com:8080/opensso.
The server configuration XML filename.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
Create a site.
ssoadm create-site --options [--global-options]
The site name. For example, mysite.
The site's primary URL. For example, http://www.example.com:8080.
The administrator ID running the command.
The filename that contains the password of the administrator.
The secondary URLs.
Delete a server instance.
ssoadm delete-server --options [--global-options]
The server name. For example, http://www.example.com:8080/opensso.
The administrator ID running the command.
The filename that contains the password of the administrator.
Delete a site.
ssoadm delete-site --options [--global-options]
The site name. For example, mysite.
The administrator ID running the command.
The filename that contains the password of the administrator.
Export a server instance.
ssoadm export-server --options [--global-options]
The server name. For example, http://www.example.com:8080/opensso.
The administrator ID running the command.
The filename that contains the password of the administrator.
The filename where configuration is written.
Get the server configuration XML from the centralized data store.
ssoadm get-svrcfg-xml --options [--global-options]
The server name.
The administrator ID running the command.
The filename that contains the password of the administrator.
The filename where serverconfig.XML is written.
Import a server instance.
ssoadm import-server --options [--global-options]
The server name.
The XML file that contains the configuration.
The administrator ID running the command.
The filename that contains the password of the administrator.
List the server configuration.
ssoadm list-server-cfg --options [--global-options]
The server name.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set this flag to get the default configuration.
List all the server instances.
ssoadm list-servers --options [--global-options]
The administrator ID running the command.
The filename that contains the password of the administrator.
List all the sites.
ssoadm list-sites --options [--global-options]
The administrator ID running the command.
The filename that contains the password of the administrator.
Remove the server configuration.
ssoadm remove-server-cfg --options [--global-options]
The server name. For example, http://www.example.com:8080/opensso.
The names of the properties to be removed.
The administrator ID running the command.
The filename that contains the password of the administrator.
Remove members from a site.
ssoadm remove-site-members --options [--global-options]
The site name. For example, mysite.
The server name. For example, http://www.example.com:8080/opensso.
The administrator ID running the command.
The filename that contains the password of the administrator.
Remove the site secondary URLs.
ssoadm remove-site-sec-urls --options [--global-options]
The site name. For example, mysite.
The secondary URLs.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set the primary URL of a site.
ssoadm set-site-pri-url --options [--global-options]
The site name. For example, mysite.
The site's primary URL. For example, http://www.example.com:8080.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set the site secondary URLs.
ssoadm set-site-sec-urls --options [--global-options]
The site name. For example, mysite.
The secondary URLs.
The administrator ID running the command.
The filename that contains the password of the administrator.
Set the server configuration XML to the centralized data store.
ssoadm set-svrcfg-xml --options [--global-options]
The server name.
The XML file that contains the configuration.
The administrator ID running the command.
The filename that contains the password of the administrator.
The filename where serverconfig XML is written.
Show the site profile.
ssoadm show-site --options [--global-options]
The site name. For example, mysite.
The administrator ID running the command.
The filename that contains the password of the administrator.
Display the members of a site.
ssoadm show-site-members --options [--global-options]
The site name. For example, mysite.
The administrator ID running the command.
The filename that contains the password of the administrator.
Update the server configuration.
ssoadm update-server-cfg --options [--global-options]
The server name.
The administrator ID running the command.
The filename that contains the password of the administrator.
The attribute values. For example, homeaddress=here.
Name of file that contains attributes and corresponding values as in attribute-name=attribute-value. Enter one attribute and value per line.
The following subcommands execute operations for configuring and managing Federation-related data.
Add a member to a circle of trust.
ssoadm add-cot-member --options [--global-options]
The circle of trust.
The entity ID.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm that contains the circle of trust.
Specifies the metadata specification, either idff or saml2. The default is saml2.
Create a circle of trust.
ssoadm create-cot --options [--global-options]
The circle of trust.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm that contains the circle of trust.
The trusted providers.
The prefix URL for the idp discovery reader and the writer URL.
Create a new metadata template.
ssoadm create-metadata-templ --options [--global-options]
The entity ID.
The administrator ID running the command.
The filename that contains the password of the administrator.
Specifies the filename for the standard metadata to be created.
Specifies the filename for the extended metadata to be created.
Specifies the metaAlias for the hosted service provider to be created. The format must be <realm name>/.
Specifies the metaAlias for the hosted identity provider to be created. The format must be <realm name>/.
Specifies the metaAlias for the hosted attribute query provider to be created. The format must be <realm name>/.
Specifies the metaAlias for the hosted attribute authority to be created. The format must be <realm name>/.
Specifies the metaAlias for the hosted authentication authority to be created. The format must be <realm name>/.
Specifies the metaAlias for the policy enforcement point to be created. The format must be <realm name>/.
Specifies the metaAlias for the policy decision point to be created. The format must be <realm name>/.
Specifies the metaAlias for the hosted affiliation to be created. The format must be <realm name>/<identifier.
The affiliation owner ID.
The affiliation members.
The service provider signing certificate alias.
The identity provider signing certificate alias.
The attribute query provider signing certificate alias.
The attribute authority signing certificate alias.
The authentication authority signing certificate alias.
The affiliation signing certificate alias.
The policy decision point signing certificate alias.
The policy enforcement point signing certificate alias.
The service provider encryption certificate alias.
The identity provider encryption certificate alias.
The attribute query provider encryption certificate alias.
The attribute authority encryption certificate alias.
The authentication authority encryption certificate alias.
The affiliation encryption certificate alias.
The policy decision point encryption certificate alias.
The policy enforcement point encryption certificate alias.
Specifies the metadata specification, either idff or saml2. The default issaml2.
Delete the circle of trust.
ssoadm delete-cot --options [--global-options]
The circle of trust.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm that contains the circle of trust.
Delete an entity.
ssoadm delete-entity --options [--global-options]
The entity ID.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm that contains the circle of trust.
Set this flag to only delete extended data.
Specifies the metadata specification, either idff or saml2. The default is saml2.
Perform bulk federation.
ssoadm do-bulk-federation --options [--global-options]
Specify a metaAlias for the local provider.
The remote entity ID.
The filename that contains the local to remote user ID mapping. Format as follows: <local-user-id>|<remote-user-id>.
The filename that will be created by this sub command. It contains remote the user ID to name the identifier.
The administrator ID running the command.
The filename that contains the password of the administrator.
Specifies the metadata specification, either idff or saml2. The default is saml2.
Export an entity.
ssoadm export-entity --options [--global-options]
The entity ID.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm to which the entity belongs.
Set this flag to sign the metadata.
The metadata.
The extended data.
Specifies the metadata specification, either idff or saml2. The default is saml2.
Import the bulk federation data that is generated by the do-bulk-federation sub command.
ssoadm import-bulk-fed-data --options [--global-options]
Specifies the metaAlias for the local provider.
The filename that contains the bulk federation data that is generated by the do-bulk-federation sub command.
The administrator ID running the command.
The filename that contains the password of the administrator.
Specifies the metadata specification, either idff or saml2. The default issaml2.
Import an entity.
ssoadm import-entity --options [--global-options]
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm to which the entity belongs.
Specifies the filename for the standard metadata to be imported.
Specifies the filename for the extended entity configuration to be imported.
The circle of trust.
Specifies the metadata specification, either idff or saml2. The default issaml2.
List the members in a circle of trust.
ssoadm list-cot-members --options [--global-options]
The circle of trust.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm to which the circle of trust belongs.
Specifies the metadata specification, either idff or saml2. The default issaml2.
List the circles of trust.
ssoadm list-cots --options [--global-options]
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm to which the circle of trust belongs.
List the entities under a realm.
ssoadm list-entities --options [--global-options]
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm to which the entities belong.
Specifies the metadata specification, either idff or saml2. The default issaml2.
Remove a member from a circle of trust.
ssoadm remove-cot-member --options [--global-options]
The circle of trust.
The entity ID.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm to which the circle of trust belongs.
Specifies the metadata specification, either idff or saml2. The default issaml2.
Update the XML signing and encryption key information in the hosted entity metadata.
ssoadm update-entity-keyinfo --options [--global-options]
The entity ID.
The administrator ID running the command.
The filename that contains the password of the administrator.
The service provider signing certificate alias.
The identity provider signing certificate alias.
The service provider encryption certificate alias.
The identity provider encryption certificate alias.
Specifies the metadata specification, either idff or saml2. The default issaml2.
Lists the agent configurations.
Add a resource bundle to the data store.
ssoadm add-res-bundle --options [--global-options]
The resource bundle name.
The resource bundle physical file name.
The administrator ID running the command.
The filename that contains the password of the administrator.
The locale of the resource bundle.
Do multiple requests in one command.
ssoadm do-batch --options [--global-options]
The filename that contains the commands and options.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the status file.
Continue processing the rest of the request when the previous request was erroneous.
Migrate the organization to a realm.
ssoadm do-migration70 --options [--global-options]
The distinguished name of the organization to be migrated.
The administrator ID running the command.
The filename that contains the password of the administrator.
List a resource bundle in a data store.
ssoadm list-res-bundle --options [--global-options]
The resource bundle name.
The administrator ID running the command.
The filename that contains the password of the administrator.
The locale of the resource bundle.
List the sessions.
ssoadm list-sessions --options [--global-options]
The host name.
The administrator ID running the command.
The filename that contains the password of the administrator.
Filter by a pattern.
Do not prompt for session invalidation.
Remove a resource bundle from a data store.
ssoadm remove-res-bundle --options [--global-options]
The resource bundle name.
The administrator ID running the command.
The filename that contains the password of the administrator.
The locale of the resource bundle.