Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token Service
11g Release 1 (11.1.1)

Part Number E15478-10
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

F Introduction to Custom WLST Commands for Administrators

For certain administrative tasks, the WebLogic Scripting Tool (WLST) provides custom commands that can be used as an alternative to the Oracle Access Manager Console. This appendix provides an introduction to WLST commands for Administrators. Details for each command, however, are outside the scope of this book.

Sections in this appendix include:

F.1 Prerequisites

Become familiar with information in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.

F.2 Introduction to WebLogic Scripting Tool Commands

Custom WLST commands for OAM can be used for setting and managing OAM System Configuration only by Administrators.

The WebLogic Scripting Tool shares the same foundation layer with the Oracle Access Manager Console. WLST for Oracle Access Manager and Oracle Security Token Service is available within ORACLE_IDM.

Note:

To use the Infrastructure Security custom WLST commands, you must invoke the WLST script from the Oracle Common home. See "Using Custom WLST Commands" in the Oracle Fusion Middleware Administrator's Guide.

OAM WLST commands are defined in the oamWlstCmd.py file in the following path:

<ORACLE_IDM>/common/wlst

The oamWlstCmd.py file refers to jar files available in:

<Oracle_IDM>/oam/server/lib/jmx      
<Oracle_IDM>/oam/server/lib/wlst

Most WLST commands for OAM operate in both online and offline modes. Operational modes are described in Table F-1.

Table F-1 Operational Modes for WLST commands for OAM

Online Mode Offline Mode

Connects to the Mbean Server running on the WebLogic AdminServer

Method invocation happens locally in the WLST Shell

The Mbean Server can be running remotely

Requires the OAM Domain Home as a mandatory input

Invokes OAM WLST Mbean methods, which are executed in the server

N/A

OAM WLST Mbeans return the result of the execution to the WLST commands.

N/A


F.3 WLST Command Summary: Oracle Access Manager

Use the WLST commands listed in Table F-2 to manage Oracle Access Manager (OAM)-related components, such as authorization providers, identity asserters, and SSO providers, as well as to display metrics and deployment topology, manage Oracle Access Manager server and agent configuration and more.

See Also:

The section on Oracle Access Manager commands in the chapter "Infrastructure Security Custom WLST Commands" of the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.

Table F-2 WLST Oracle Access Manager Commands

Use this command... To... Use with WLST...

listOAMAuthnProviderParams

List the parameters set for an Oracle Access Manager authentication or identity assertion provider.

Online

createOAMIdentityAsserter

Create a new identity asserter.

Online

updateOAMIdentityAsserter

Update an existing identity asserter.

Online

createOAMAuthenticator

Create a new authenticator.

Online

deleteOAMAuthnProvider

Delete an existing authentication provider.

Online

updateOAMAuthenticator

Update an existing authenticator.

Online

addOAMSSOProvider

Add a new SSO provider.

Online

displayTopology

List the details of deployed Oracle Access Manager Servers.

Online

Offline

displayOamServer

Display Oracle Access Manager Server configuration details.

Online

Offline

createOamServer

Create an entry for an Oracle Access Manager Server configuration.

Online

Offline

editOamServer

Edit the entry for an Oracle Access Manager Server configuration.

Online

Offline

deleteOamServer

Delete the named Oracle Access Manager Server configuration.

Online

Offline

displayOssoAgent

Display OSSO Agent configuration details.

Online

Offline

editOssoAgent

Edit OSSO Agent configuration details.

Online

Offline

deleteOssoAgent

Delete the named OSSO Agent configuration.

Online

Offline

displayWebgateAgent

Display 10g Webgate Agent configuration details.

Online

Offline

editWebgateAgent

Edit 10g Webgate Agent registration details.

Online

Offline

deleteWebgateAgent

Delete the named 10g Webgate Agent configuration.

Online

Offline

changeLoggerSetting

Change Logger Settings.

Online

Offline

changeConfigDataEncryptionKey

Regenerate the configuration data encryption key and re-encrypt data.

Online

Offline

displayUserIdentityStore

Display a user identity store registration.

Online

Offline

editUserIdentityStore

Edit a user identity store registration.

Online

Offline

createUserIdentityStore

Create a user identity store registration.

Note: The roleAppdAdmin is removed as a part of multi-store support. WLST is restricted and cannot set a store as the System Store.

Online

Offline

deleteUserIdentityStore

Delete a user identity store registration.

Online

Offline

configRequestCacheType

Configure the SSO server request cache type.

Online

Offline

displayRequestCacheType

Display the SSO server request cache type entry.

Online

exportPolicy

Export Oracle Access Manager policy data from a test (source) to an intermediate Oracle Access Manager file.

Online

importPolicy

Import Oracle Access Manager policy data from the Oracle Access Manager file specified.

Online

importPolicyDelta

Import Oracle Access Manager policy changes from the Oracle Access Manager file specified.

Online

exportPartners

Export the Oracle Access Manager partners from the source to the intermediate Oracle Access Manager file specified.

Online

importPartners

Import the Oracle Access Manager partners from the intermediate Oracle Access Manager file specified.

Online

configureOAAM

Configure the Oracle Access Manager-Oracle Adaptive Access Manager basic integration.

Online

registerOIFDAPPartner

Register Oracle Identity Federation as Delegated Authentication Protocol (DAP) Partner.

Online

Offline

enableCoexistMode

Enable the Coexist Mode.

Online

disableCoexistMode

Disable the Coexist Mode.

Online

editGITOValues

Edit GITO configuration parameters.

Online

Offline

editWebgate11gAgent

Edit an 11g Webgate registration.

Online

deleteWebgate11gAgent

Remove an 11g Webgate Agent registration.

Online

Offline

displayWebgate11gAgent

Display an 11g Webgate Agent registration.

Online

Offline

displayOAMMetrics

Display metrics of OAM Servers.

Online

updateOIMHostPort

Update the Oracle Identity Manager configuration when integrated with Oracle Access Manager.

Online

Offline

configureOIM

Creates an Agent registration specific to Oracle Identity Manager when integrated with Oracle Access Manager.

Online

updateOSSOResponseCookieConfig

Updates OSSO Proxy response cookie settings.

Online

Offline

deleteOSSOResponseCookieConfig

Deletes OSSO Proxy response cookie settings.

Online

Offline

displaySimpleModeGlobalPassphrase

Displays the simple mode global passphrase in plain text from the system configuration.

Online

exportSelectedPartners

Exports selected OAM Partners to the intermediate OAM file specified.

Online

migrateArtifacts

Migrates artifacts based on the input artifact file.

Online

registerThirdPartyTAPPartner

Registers any third party as a Trusted Authentication Protocol (TAP) Partner.

Online


F.4 WLST Command Summary: Oracle Security Token Service

Use the WLST commands listed in Table F-3 to manage Oracle Security Token Service-related components.

See Also:

The section on Oracle Security Token Service commands in the chapter "Infrastructure Security Custom WLST Commands" of the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.

Table F-3 WLST Commands Oracle Security Token Service

Use this command... To... Use with WLST...

putBooleanProperty

putBooleanProperty("/stsglobal/ignoreunsupportedelements", "true")

Ignore unsupported WS-Trust elements present in the RST.

Default: true

Note: A value of false, returns an error if unsupported WS-Trust elements are present in the RST.

Online

Partner Commands

   

getPartner

Retrieve a partner and print result.

Online

getAllRequesterPartners

Retrieve the names of Requester partners.

Online

getAllRelyingPartyPartners

Retrieve the names of all Relying Party partners.

Online

getAllIssuingAuthorityPartners

Retrieve the names of all Issuing Authority partners.

Online

isPartnerPresent

Query OSTS to determine whether or not the partner exists in the Partner store.

Online

createPartner

Create a new Partner entry.

Online

updatePartner

Update an existing Partner entry based on the provided information.

Online

deletePartner

Delete a partner entry.

Online

getPartnerUsernameTokenUsername

Retrieve the partner's username value.

Online

getPartnerUsernameTokenPassword

Retrieve the partner's password value.

Online

setPartnerUsernameTokenCredential

Set the username and password values of a partner entry.

Online

deletePartnerUsernameTokenCredential

Remove the username and password values from a partner entry.

Online

getPartnerSigningCert

Retrieve the Base64 encoded signing certificate for the partner.

Online

getPartnerEncryptionCert

Retrieve the Base64 encoded encryption certificate for the partner.

Online

setPartnerSigningCert

Upload the signing certificate to the partner entry.

Online

setPartnerEncryptionCert

Upload the encryption certificate to the partner entry.

Online

deletePartnerSigningCert

Remove the signing certificate from the partner entry.

Online

Offline

deletePartnerEncryptionCert

Remove the encryption certificate from the partner entry.

Online

Offline

getPartnerAllIdentityAttributes

Retrieve and display all Identity mapping attributes used to map a token to a requester partner.

Online

Offline

getPartnerIdentityAttribute

Retrieve and display the identity mapping attribute.

Online

Offline

setPartnerIdentityAttribute

Set the identity mapping attribute for a requester partner.

Online

Offline

deletePartnerIdentityAttribute

Delete the identity mapping attribute for a requester partner.

Online

Offline

Relying Party Partner Mapping Commands

   

getAllWSPrefixAndPartnerMappings

Retrieve and display all WS Prefixes.

Online

Offline

getWSPrefixAndPartnerMapping

Retrieve and display the Relying Party Partner mapped to the specified wsprefix parameter.

Online

Offline

createWSPrefixAndPartnerMapping

Create a new WS Prefix mapping to a Relying Partner.

Online

Offline

deleteWSPrefixAndPartnerMapping

Delete an existing WS Prefix mapping to a Relying Partner.

Online

Offline

Partner Profiles Commands

   

getAllPartnerProfiles

Retrieve the names of all the existing partner profiles.

Online

getPartnerProfile

Retrieve partner profile configuration data.

Online

createRequesterPartnerProfile

Create a new Requester Partner profile with default configuration data.

Online

createRelyingPartyPartnerProfile

Create a new Relying Party Partner profile with default configuration data.

Online

createIssuingAuthorityPartnerProfile

Create a new Issuing Authority Partner profile with default configuration data.

Online

deletePartnerProfile

Delete an existing partner profile.

Online

Issuance Template Commands

   

getAllIssuanceTemplates

Retrieve the names of all the existing Issuance Templates.

Online

Offline

getIssuanceTemplate

Retrieve configuration data of a specific Issuance Template.

Online

createIssuanceTemplate

Create a new Issuance Template with default configuration data.

Online

deleteIssuanceTemplate

Delete an existing Issuance Template.

Online

Offline

Validation Template Commands

   

getAllValidationTemplates

Retrieve the names of all the existing Validation Templates.

Online

Offline

getValidationTemplate

Retrieve configuration data of a specific Validation Template.

Online

Offline

createWSSValidationTemplate

Create a new WS Security Validation Template with default configuration data.

Online

Offline

createWSTrustValidationTemplate

Create a new WS Trust Validation Template with default configuration data.

Online

Offline

deleteValidationTemplate

Delete an existing Issuance Template.

Online

Offline


F.5 Running WLST Commands

Administrators can use the following procedure as a guide for using WLST commands for Oracle Access Manager or Oracle Security Token Service operations. Included here are several operations:

See Also:

The chapter "Infrastructure Security Custom WLST Commands" of the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference

F.5.1 Starting the WLST Shell and Logging In

Use the following procedure for general information when you are starting the WLST shell.

To run WLST commands for OAM operations

  1. Ensure that the OAM AdminServer is running.

  2. Set up the environment for WLST by running the following command:

    DOMAIN_HOME/bin/setDomainEnv.sh
    
  3. Go to the ORACLE_HOME path: <Oracle_IDM>/common/bin.

  4. Execute the appropriate command to enter the WLST shell.

    Linux: wlst.sh
    Windows: wlst.cmd
    
  5. Execute help commands, as needed: help('oam') to list available OAM WLST commands.

    Note:

    You can also use the "help('oamap')" and "help('oamapsso')" commands to display additional commands.

    OAM WLST: help('oam')
    Specific Command: wlst.cmd
    
  6. Connect to your domain. For example:

    wls:/base_domain/serverConfig> connect()
    
  7. Enter the WebLogic Administration username and password, and enter the URL for the Administration Server in the following format:

    Please enter your username
    Please enter your password 
    Please enter your server URL : t3://OAMHOST1.mycompany.com:7001
    wls:/base_domain/serverConfig>
    
  8. Offline Mode: Provide 'domainHome' as an input to the command.

  9. Online Mode: Connect to the Mbean server using the command 'connect ()'

  10. Check the chapter "Infrastructure Security Custom WLST Commands" of the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference for full details.

F.5.2 Changing the Request Cache Type in a High Availability Environment

In high availability configurations, the Request Cache type must be changed from BASIC to COOKIE using Infrastructure Security custom WLST commands.

To change the Request Cache Type in a high-availability environment

  1. Log in to the WLST shell and connect to your domain as described in "Starting the WLST Shell and Logging In".

  2. Run the following command to configure the request cache type for a high-availability deployment as COOKIE:

    wls:/base_domain/serverConfig> configRequestCacheType(type="COOKIE")
    
  3. Validate that the command worked using the following command:

    wls:/base_domain/serverConfig> displayRequestCacheType()
    
  4. Restart the OAM Servers.