test

Sun OpenSSO Enterprise 8.0 Administration Reference

Federation Management

The following subcommands execute operations for configuring and managing Federation-related data.

add-cot-member

Add a member to a circle of trust.

Syntax

ssoadm add-cot-member --options [--global-options]

Options

--cot, -t

The circle of trust.

--entityid, -y

The entity ID.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--realm, -e]

The name of the realm that contains the circle of trust.

[--spec, -c]

Specifies the metadata specification, either idff or saml2. The default is saml2.

create-cot

Create a circle of trust.

Syntax

ssoadm create-cot --options [--global-options]

Options

--cot, -t

The circle of trust.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--realm, -e]

The name of the realm that contains the circle of trust.

[--trustedproviders, -k]

The trusted providers.

[--prefix, -p]

The prefix URL for the idp discovery reader and the writer URL.

create-metadata-templ

Create a new metadata template.

Syntax

ssoadm create-metadata-templ --options [--global-options]

Options

--entityid, -y

The entity ID.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--meta-data-file, -m]

Specifies the filename for the standard metadata to be created.

[--extended-data-file, -x]

Specifies the filename for the extended metadata to be created.

[--serviceprovider, -s]

Specifies the metaAlias for the hosted service provider to be created. The format must be <realm name>/.

[--identityprovider, -i]

Specifies the metaAlias for the hosted identity provider to be created. The format must be <realm name>/.

[--attrqueryprovider, -S]

Specifies the metaAlias for the hosted attribute query provider to be created. The format must be <realm name>/.

[--attrauthority, -I]

Specifies the metaAlias for the hosted attribute authority to be created. The format must be <realm name>/.

[--authnauthority, -C]

Specifies the metaAlias for the hosted authentication authority to be created. The format must be <realm name>/.

[--xacmlpep, -e]

Specifies the metaAlias for the policy enforcement point to be created. The format must be <realm name>/.

[--xacmlpdp, -p]

Specifies the metaAlias for the policy decision point to be created. The format must be <realm name>/.

[--affiliation, -F]

Specifies the metaAlias for the hosted affiliation to be created. The format must be <realm name>/<identifier.

[--affiownerid, -N]

The affiliation owner ID.

[--affimembers, -M]

The affiliation members.

[--spscertalias, -a]

The service provider signing certificate alias.

[--idpscertalias, -b]

The identity provider signing certificate alias.

[--attrqscertalias, -A]

The attribute query provider signing certificate alias.

[--attrascertalias, -B]

The attribute authority signing certificate alias.

[--authnascertalias, -D]

The authentication authority signing certificate alias.

[--affiscertalias, -J]

The affiliation signing certificate alias.

[--xacmlpdpscertalias, -t]

The policy decision point signing certificate alias.

[--xacmlpepscertalias, -k]

The policy enforcement point signing certificate alias.

[--specertalias, -r]

The service provider encryption certificate alias.

[--idpecertalias, -g]

The identity provider encryption certificate alias.

[--attrqecertalias, -R]

The attribute query provider encryption certificate alias.

[--attraecertalias, -G]

The attribute authority encryption certificate alias.

[--authnaecertalias, -E]

The authentication authority encryption certificate alias.

[--affiecertalias, -K]

The affiliation encryption certificate alias.

[--xacmlpdpecertalias, -j]

The policy decision point encryption certificate alias.

[--xacmlpepecertalias, -z]

The policy enforcement point encryption certificate alias.

[--spec, -c]

Specifies the metadata specification, either idff or saml2. The default issaml2.

delete-cot

Delete the circle of trust.

Syntax

ssoadm delete-cot --options [--global-options]

Options

--cot, -t

The circle of trust.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--realm, -e]

The name of the realm that contains the circle of trust.

delete-entity

Delete an entity.

Syntax

ssoadm delete-entity --options [--global-options]

Options

--entityid, -y

The entity ID.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--realm, -e]

The name of the realm that contains the circle of trust.

[--extendedonly, -x]

Set this flag to only delete extended data.

[--spec, -c]

Specifies the metadata specification, either idff or saml2. The default is saml2.

do-bulk-federation

Perform bulk federation.

Syntax

ssoadm do-bulk-federation --options [--global-options]

Options

--metaalias, -m

Specify a metaAlias for the local provider.

--remoteentityid, -r

The remote entity ID.

--useridmapping, -g

The filename that contains the local to remote user ID mapping. Format as follows: <local-user-id>|<remote-user-id>.

--nameidmapping, -e

The filename that will be created by this sub command. It contains remote the user ID to name the identifier.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--spec, -c]

Specifies the metadata specification, either idff or saml2. The default is saml2.

export-entity

Export an entity.

Syntax

ssoadm export-entity --options [--global-options]

Options

--entityid, -y

The entity ID.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--realm, -e]

The name of the realm to which the entity belongs.

[--sign, -g]

Set this flag to sign the metadata.

[--meta-data-file, -m]

The metadata.

[--extended-data-file, -x]

The extended data.

[--spec, -c]

Specifies the metadata specification, either idff or saml2. The default is saml2.

import-bulk-fed-data

Import the bulk federation data that is generated by the do-bulk-federation sub command.

Syntax

ssoadm import-bulk-fed-data --options [--global-options]

Options

--metaalias, -m

Specifies the metaAlias for the local provider.

--bulk-data-file, -g

The filename that contains the bulk federation data that is generated by the do-bulk-federation sub command.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--spec, -c]

Specifies the metadata specification, either idff or saml2. The default issaml2.

import-entity

Import an entity.

Syntax

ssoadm import-entity --options [--global-options]

Options

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--realm, -e]

The name of the realm to which the entity belongs.

[--meta-data-file, -m]

Specifies the filename for the standard metadata to be imported.

[--extended-data-file, -x]

Specifies the filename for the extended entity configuration to be imported.

[--cot, -t]

The circle of trust.

[--spec, -c]

Specifies the metadata specification, either idff or saml2. The default issaml2.

list-cot-members

List the members in a circle of trust.

Syntax

ssoadm list-cot-members --options [--global-options]

Options

--cot, -t

The circle of trust.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--realm, -e]

The name of the realm to which the circle of trust belongs.

[--spec, -c]

Specifies the metadata specification, either idff or saml2. The default issaml2.

list-cots

List the circles of trust.

Syntax

ssoadm list-cots --options [--global-options]

Options

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--realm, -e]

The name of the realm to which the circle of trust belongs.

list-entities

List the entities under a realm.

Syntax

ssoadm list-entities --options [--global-options]

Options

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--realm, -e]

The name of the realm to which the entities belong.

[--spec, -c]

Specifies the metadata specification, either idff or saml2. The default issaml2.

remove-cot-member

Remove a member from a circle of trust.

Syntax

ssoadm remove-cot-member --options [--global-options]

Options

--cot, -t

The circle of trust.

--entityid, -y

The entity ID.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--realm, -e]

The name of the realm to which the circle of trust belongs.

[--spec, -c]

Specifies the metadata specification, either idff or saml2. The default issaml2.

update-entity-keyinfo

Update the XML signing and encryption key information in the hosted entity metadata.

Syntax

ssoadm update-entity-keyinfo --options [--global-options]

Options

--entityid, -y

The entity ID.

--adminid, -u

The administrator ID running the command.

--password-file, -f

The filename that contains the password of the administrator.

[--spscertalias, -a]

The service provider signing certificate alias.

[--idpscertalias, -b]

The identity provider signing certificate alias.

[--specertalias, -r]

The service provider encryption certificate alias.

[--idpecertalias, -g]

The identity provider encryption certificate alias.

[--spec, -c]

Specifies the metadata specification, either idff or saml2. The default issaml2.