This chapter provides descriptions of custom WebLogic Scripting Tool (WLST) commands for Oracle Access Management Access Manager, including command syntax, arguments and examples.
The following section lists the Oracle Access Management Access Manager WLST commands and contains links to the command reference details.
Use the WLST commands listed in Table 4-1 to manage Oracle Access Management Access Manager (Access Manager) related components, such as authorization providers, identity asserters, and SSO providers. Other commands allow you to display metrics and deployment topology, manage your server and agent configurations and logger settings.
Table 4-1 WLST Access Manager Commands
| Use this command... | To... | Use with WLST... |
|---|---|---|
|
Generate and retrieve the key used to hash a resource URL in an authorization policy. |
Online |
|
|
Enables and disables custom error and login pages. |
Online Offline |
|
|
Create a user identity store registration. |
Online Offline |
|
|
Edit a user identity store registration. |
Online Offline |
|
|
Delete a user identity store registration. |
Online Offline |
|
|
Display a user identity store registration. |
Online |
|
|
Create an entry for an Access Manager Server configuration. |
Online Offline |
|
|
Edit the entry for an Access Manager Server configuration. |
Online Offline |
|
|
Delete the named Access Manager Server configuration. |
Online Offline |
|
|
Display Access Manager Server configuration details. |
Online Offline |
|
|
Enable or disable the Persistent Login feature. |
Online |
|
|
Configure the Access Manager login page user preferences. |
Online |
|
|
Configure the SSO server request cache type. |
Online |
|
|
Display the SSO server request cache type entry. |
Online Offline |
|
|
Edit OSSO Agent configuration details. |
Online Offline |
|
|
Delete the named OSSO Agent configuration. |
Online Offline |
|
|
Display OSSO Agent configuration details. |
Online Offline |
|
|
Edit 10g WebGate Agent registration details. |
Online Offline |
|
|
Delete the named 10g WebGate Agent configuration. |
Online Offline |
|
|
Display WebGate Agent configuration details. |
Online Offline |
|
|
Export Access Manager policy data from a test (source) to an intermediate Access Manager file. |
Online |
|
|
Import Access Manager policy data from the Access Manager file specified. |
Online |
|
|
Import Access Manager policy changes from the Access Manager file specified. |
Online |
|
|
Migrate partners from the source Access Manager Server to the specified target Access Manager Server. |
Online |
|
|
Export the Access Manager partners from the source to the intermediate Access Manager file specified. |
Online |
|
|
Import the Access Manager partners from the intermediate Access Manager file specified. |
Online |
|
|
List the details of deployed Access Manager Servers. |
Online Offline |
|
|
Configure the Access Manager-Oracle Adaptive Access Manager basic integration. |
Online |
|
|
Register Identity Federation as Delegated Authentication Protocol (DAP) Partner. |
Online Offline |
|
|
Registers Identity Federation in IDP mode. |
||
|
Registers any third party as a Trusted Authentication Protocol (TAP) Partner. |
Online |
|
|
Disable the Coexist Mode. |
Online |
|
|
Enables Coexist Mode for the Access Manager agent (enabling the Access Manager 11g server to own the Obssocookie set by 10g WebGate). |
Online |
|
|
Disables Coexist Mode for the Access Manager agent (disabling the Access Manager 11g server from the Obssocookie set by 10g WebGate). |
Online |
|
|
Edit GITO configuration parameters. |
Online |
|
|
Edit an 11g WebGate registration. |
Online Offline |
|
|
Remove an 11g WebGate Agent registration. |
Online Offline |
|
|
Display an 11g WebGate Agent registration. |
Online Offline |
|
|
Display metrics of Access Manager Servers. |
Online Offline |
|
|
Update the Oracle Identity Manager configuration when integrated with Access Manager. |
Online |
|
|
Creates an Agent registration specific to Oracle Identity Manager when integrated with Access Manager. |
Online |
|
|
Updates OSSO Proxy response cookie settings. |
Online |
|
|
Deletes OSSO Proxy response cookie settings. |
Online |
|
|
Configures an identity store and external user store. |
Online |
|
|
Configures an identity store and external user store using values defined in a file. |
Online |
|
|
Migrates artifacts based on the specified artifact file. |
Online |
|
|
Displays the simple mode global passphrase in plain text from the system configuration. |
Online |
|
|
Exports selected Access Manager Partners to the intermediate Access Manager file specified. |
Online |
|
|
Migrates policies, authentication stores, and user stores from OSSO, OAM10g, OpenSSO, or AM 7.1 to OAM11g. |
Online |
|
|
Invokes the preSchemeUpgrade operation. |
Online |
|
|
Invokes the postSchemeUpgrade operation. |
Online |
|
|
Set to true and the Access Manager Server will redirect to the URLS specified in the WhiteListURL list only. |
Online |
|
|
Add, update or remove whitelist URL entries from configuration file. |
Online |
|
|
Enable Multi Data Centre Mode. |
Online |
|
|
Disable Multi Data Centre Mode. |
Online |
|
|
Set the Multi Data Centre Cluster name. |
Online |
|
|
Set the Multi Data Centre logout URLs. |
Online |
|
|
Add partner for Multi Data Centre. |
Online |
|
|
Remove partner from Multi Data Centre. |
Online |
|
|
Adds an OAM SSO provider. |
Online |
Online command that allows generation and retrieval of the key used to hash the resource URL that is returned during authorization when a success/failure URL is configured for the policy.
Allows retrieval of the key used to hash the resource URL during authorization if already present. If the key is not present it is created and returned. The scope of this command is an instance only; the scope is not an argument.
Enables and disables custom error and login page configuration.
Adds a context path and page extension to oam-config.xml that points to the WAR containing the custom Error and login pages:
<Setting Name="ssoengine" Type="htf:map"> <Setting Name="ErrorConfig" Type="htf:map"> <Setting Name="ErrorMode" Type="xsd:string">EXTERNAL</Setting> <Setting Name="CustomPageExtension" Type="xsd:string">jsp</Setting> <Setting Name="CustomPageContext" Type="xsd:string">/SampleApp</Setting> </Setting> </Setting>
updateCustomPages(pageExtension="<fileExtension>", context="<contextPath>")
| Argument | Definition |
|---|---|
context
|
Specifies the context path to the application; for example, /SampleApp. |
pageExtension
|
Has a default value of "jsp" but can be left blank. |
To enable the Custom Error page functionality, use updateCustomPages with the context and pageExtension parameters. This will modify the oam-config.xml file and enable the custom page functionality.
updateCustomPages(pageExtension ="jsp", context="/SampleApp")
To disable the Custom Error page functionality, use the command without parameters [updateCustomPages()]. This will undo the modifications made when the command is run with parameters.
Creates an identity store registration in the Access Manager system configuration.
Creates an entry in the system configuration for a new user identity store registered with Access Manager. The scope of this command is an instance only; the scope is not an argument.
createUserIdentityStore(name="<Name>", principal="<Principal>", credential="<Credential>", type="<Type>", userAttr="<userAttr>", ldapProvider="<ldapProvider>", userSearchBase="<userSearchBase>", ldapUrl="<ldapUrl>", isPrimary="<isPrimary>", isSystem="<isSystem>", userIDProvider="<userIDProvider>", roleSecAdmin="<roleSecAdmin>", roleSysMonitor="<roleSysMonitor>", roleAppAdmin="<roleAppAdmin>", roleSysManager="<roleSysManager>", roleSecAdminGroups="<roleSecAdminGroups>", roleSecAdminUsers="<roleSecAdminUsers>", groupSearchBase="<groupSearchBase>", supplementaryReturnAttributes="<supplementaryReturnAttributes>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
name
|
Mandatory. Specifies the unique name of the LDAP identity store being created. Use only upper and lower case alpha characters and numbers. |
principal
|
Mandatory. Specifies the Principal Administrator of the LDAP identity store being created. For example, cn=Admin. |
credential
|
Mandatory. Specifies the password of the Principal for the LDAP identity store being created. |
type
|
Mandatory. Specifies the type of the LDAP identity store being created. For this command, the value would be LDAP. |
userAttr
|
Mandatory. Specifies the user attributes of the LDAP identity store being created. |
ldapProvider
|
Mandatory. Specifies the type of the LDAP identity store being created. The value might be ODSEE, AD, OID, OVD, SJS, OUD, and the like. This value is defined when a new user identity store is created using the Access Manager Administration Console and corresponds with Store Type in the user identity store. |
userSearchBase
|
Mandatory. Specifies the node under which user data is stored in the LDAP identity store being created. For example, cn=users. |
groupSearchBase
|
Mandatory. Specifies the node under which group data is stored in the LDAP identity store being created. For example, cn=groups. |
ldapUrl
|
Mandatory. Specifies the URL of the server host (including port number) of the LDAP identity store being created. For example, ldap://localhost:7001. |
isPrimary
|
Optional. Specifies whether the LDAP identity store being created is the primary identity store. Takes true or false as a value. |
isSystem
|
Optional. Specifies whether the LDAP identity store being created is the system store. Takes true or false as a value. |
userIDProvider
|
Optional. Specifies the underlying infrastructure with which to connect to the identity store. Only supported type is OracleUserRoleAPI. |
roleSecAdminGroups
|
Optional. Specifies one or more comma-delimited groups with Access Manager Console Administrator privileges. Needed if it is a System Store in which the IsSystem property is set to true. |
roleSecAdminUsers
|
Optional. Specifies one or more comma-delimited users with Access Manager Console Administrator privileges. Needed if it is a System Store in which the IsSystem property is set to true. |
roleSecAdmin
|
Optional. Specifies the Security Administrator of the LDAP identity store being created. |
roleSysMonitor
|
Optional. Specifies the System Monitor of the LDAP identity store being created. |
roleAppAdmin
|
Optional. Specifies the Application Administrator of the LDAP identity store being created. |
roleSysManager
|
Optional. Specifies the System Manager of the LDAP identity store being created. |
supplementaryReturnAttributes
|
Specifies a comma-delimited list of attributes that need to be retrieved as part of the User object. For example: ORCL_USR_ENC_FIRST_NAME,ORCL_USR_ENC_LAST_NAME,USR_USRNAME,ORCL_USR_CTY_CODE,ORCL_USR_LANG_CODE_S,ORCL_USR_JROLE_ID_S,ORCL_USR_IND_ID,ORCL_USR_COMP_REL_ID,ORCL_USR_ASCII_IND,ORCL_ORA_UCM_VER,ORCL_ORA_UCM_SRVC |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. |
The following example registers a new Oracle Internet Directory user identity store definition for use with Access Manager.
createUserIdentityStore(name="Name1", principal="Principal1", credential="Credential1", type="Type1", userAttr="userAttr1", ldapProvider="ldapProvider", userSearchBase="userSearchBase", ldapUrl="ldapUrl", isPrimary="isPrimary", isSystem="isSystem", userIDProvider="userIDProvider", roleSecAdmin="<roleSecAdmin>", roleSysMonitor="<roleSysMonitor>", roleAppAdmin="<roleAppAdmin>", roleSysManager="<roleSysManager>", roleSecAdminGroups="<roleSecAdminGroups>", roleSecAdminUsers="<roleSecAdminUsers>", groupSearchBase="groupSearchBase", supplementaryReturnAttributes="supplementaryReturnAttributes", domainHome="domainHome1")
Online and offline command that modifies an already defined identity store registration for Access Manager.
Changes one or more attributes of the user identity store registered with Access Manager. The scope of this command is an instance only; the scope is not an argument.
editUserIdentityStore(name="<Name>", [ principal="<Principal>", credential="<Credential>", type="<Type>", userAttr="<userAttr>", ldapProvider="<ldapProvider>", roleSecAdmin="<roleSecAdmin>", roleSysMonitor="<roleSysMonitor>", roleSysManager="<roleSysManager>" , roleAppAdmin="<roleAppAdmin>", roleSecAdminGroups="<roleSecAdminGroups>", roleSecAdminUsers="<roleSecAdminUsers>", userSearchBase="<userSearchBase>", ldapUrl="<ldapUrl>", isPrimary="<isPrimary>", isSystem="<isSystem>", userIDProvider="<userIDProvider>" , groupSearchBase="<groupSearchBase>", domainHome="<domainHome>", userFilterObjectClasses="<userFilterObjectClasses>", groupFilterObjectClasses="<groupFilterObjectClasses>", referralPolicy="<referralPolicy>", searchTimeLimit="<searchTimeLimit>", minConnections="<minConnections>", maxConnections="<maxConnections>", connectionWaitTimeout="<connectionWaitTimeout>", connectionRetryCount="<connectionRetryCount>", groupNameAttr="<groupNameAttr>", groupCacheEnabled="<groupCacheEnabled>", groupCacheSize="<groupCacheSize>", groupCacheTTL=<"groupCacheTTL>", supplementaryReturnAttributes="<supplementaryReturnAttributes>" )
| Argument | Definition |
|---|---|
name
|
Mandatory. Specifies the unique name of the LDAP identity store being modified. Use only upper and lower case alpha characters and numbers. |
principal
|
Specifies the Principal Administrator of the LDAP identity store being modified. For example, cn=Admin. |
credential
|
Specifies the encrypted Password of the Principal Administrator for the LDAP identity store being modified. |
type
|
Specifies the type of the base identity store being modified. For this command, the value would be LDAP. |
userAttr
|
Mandatory. Specifies the user attributes of the LDAP identity store being modified. |
ldapProvider
|
Mandatory. Specifies the LDAP type of the LDAP identity store being registered. The value might be ODSEE, AD, OID, OVD, SJS, OUD, and the like. This value is defined when a new user identity store is created using the Access Manager Administration Console and corresponds with Store Type in the user identity store. |
roleSecAdminGroups
|
Optional. Specifies one or more comma-delimited groups with Access Manager Console Administrator privileges. Needed if it is a System Store in which the IsSystem property is set to true. |
roleSecAdminUsers
|
Optional. Specifies one or more comma-delimited users with Access Manager Console Administrator privileges. Needed if it is a System Store in which the IsSystem property is set to true. |
roleSecAdmin
|
Optional. Specifies the Security Administrator of the LDAP identity store being modified. |
roleSysMonitor
|
Optional. Specifies the System Monitor of the LDAP identity store being modified. |
roleAppAdmin
|
Optional. Specifies the Application Administrator of the LDAP identity store being modified. |
roleSysManager
|
Optional. Specifies the System Manager of the LDAP identity store being modified. |
userSearchBase
|
Mandatory. Specifies the node under which user data is stored in the LDAP identity store being modified. For example, cn=users. |
groupSearchBase
|
Mandatory. Specifies the node under which user data is stored in the LDAP identity store being modified. For example, cn=groups. |
ldapUrl
|
Mandatory. Specifies the URL of the server host (including port number) of the LDAP identity store being modified. For example, ldap://localhost:7001. |
isPrimary
|
Optional. Specifies whether the LDAP identity store being modified is the primary identity store. Takes true or false as a value. |
isSystem
|
Optional. Specifies whether the LDAP identity store being modified is the system store. Takes true or false as a value. |
userIDProvider
|
Optional. Specifies the underlying infrastructure with which to connect to the identity store. Only supported type is OracleUserRoleAPI. |
supplementaryReturnAttributes
|
Specifies a comma-delimited list of attributes that need to be retrieved as part of the User object. For example: ORCL_USR_ENC_FIRST_NAME,ORCL_USR_ENC_LAST_NAME,USR_USRNAME,ORCL_USR_CTY_CODE,ORCL_USR_LANG_CODE_S,ORCL_USR_JROLE_ID_S,ORCL_USR_IND_ID,ORCL_USR_COMP_REL_ID,ORCL_USR_ASCII_IND,ORCL_ORA_UCM_VER,ORCL_ORA_UCM_SRVC |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
userFilterObjectClasses
|
Mandatory. Specifies a list of user filter object classes (separated by semicolon). |
groupFilterObjectClasses
|
Specifies a list of group filter object classes (separated by semicolon). |
referralPolicy
|
Specifies an LDAP referral policy (either "follow", "ignore" or "throw"). |
searchTimeLimit
|
Specifies the time limit in seconds for an LDAP Search operation. |
minConnections
|
Specifies the minimum number of connections in the connection pool. |
maxConnections
|
Specifies the maximum number of connections in the connection pool. |
connectionWaitTimeout
|
Specifies the number of seconds to wait for obtaining a connection from the pool. |
connectionRetryCount
|
Specifies the number of attempts to retry when establishing a connection to the identity store. |
groupNameAttr
|
Specifies the name of the attribute to lookup the user groups. For example, ou=people,ou=myrealm,dc=base_domain. |
groupCacheEnabled
|
A boolean that specifies whether to enable the LDAP group cache. Takes true or false as a value. |
groupCacheSize
|
Specifies the number of entries in the LDAP group cache. |
groupCacheTTL
|
Specifies the total time to live for each entry in the LDAP group cache. |
Online and offline command that removes an already defined identity store registration for Access Manager.
Deletes the identity store registration. The scope of this command is an instance only; the scope is not an argument.
deleteUserIdentityStore(name="<name>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
name
|
Mandatory. Specifies the name of the LDAP identity store registration to be removed. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Online command that displays user identity store registration information.
Displays the information regarding the identity store registered with Access Manager. The scope of this command is an instance only; the scope is not an argument.
displayUserIdentityStore(name="<name>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
name
|
Mandatory. Specifies the name of the LDAP identity store registration to be displayed. |
domainhome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. |
Online and offline command that creates an Access Manager Server entry in the system configuration.
Creates an Access Manager Server registration. Details include the host, port, registration name, Access Manager Proxy port, server ID and, optionally, the OAM Proxy shared secret. The scope of this command is an instance only; the scope is not an argument.
createOAMServer(configurationProfile="<configurationProfile>", host="<host>",port="<port>", oamProxyPort="<0000>", oamProxyServerID="<oamProxyServerID>",siteName="<siteName>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
configurationProfile
|
Mandatory. Specifies the Configuration Profile of the OAM Server. The profile appears under Server Instances on the System Configuration tab in the Access Manager Administration Console. |
host
|
Mandatory. Specifies the name of the Access Manager Server host. |
port
|
Mandatory. Specifies the listening port of the Access Manager Server host. |
oamProxyPort
|
Mandatory. Specifies the proxy port of the Access Manager Server host. |
oamProxyServerID
|
Mandatory. Specifies the proxy server ID of the Access Manager Server host. The Access Manager Proxy name appears under the Access Manager Proxy sub tab of the server instance in the Access Manager Administration Console. |
siteName
|
Mandatory. Specifies the siteName/serverName for the instance. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
The following example creates a configuration for my_host with listening port 15000. The configuration entry in the Access Manager Administration Console will be oam_server1. The Access Manager Proxy port is 3004 and the Access Manager Proxy Server ID is oamProxyServerID1.
createOAMServer(configurationProfile="oam_server1", host="my_host", port="15000", oamProxyPort="3004", oamProxyServerID="oamProxyServerID1", siteName="siteName1", domainHome="domainHome1")
Online and offline command that enables you to modify the details of an Access Manager Server registration.
Modifies the specified parameter values of the registration for an Access Manager Server. Details may include the host, port, registration name, Access Manager Proxy port, server ID and, optionally, the Access Manager Proxy shared secret. The scope of this command is an instance only; the scope is not an argument.
editOAMServer(configurationProfile="<configurationProfile>", host="<host>",port="<port>", oamProxyPort="<0000>", oamProxyServerID="<oamProxyServerID>",siteName="<siteName>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
configurationProfile
|
Mandatory. Specifies the Configuration Profile of the Access Manager Server. The profile appears under Server Instances on the System Configuration tab in the Access Manager Administration Console. |
host
|
Mandatory. Specifies the name of the Access Manager Server host. |
port
|
Mandatory. Specifies the listening port of the Access Manager Server host. |
oamProxyPort
|
Mandatory. Specifies the proxy port of the Access Manager Server host. |
oamProxyServerID
|
Mandatory. Specifies the proxy server ID of the Access Manager Server host. The Access Manager Proxy name appears under the Access Manager Proxy sub tab of the server instance in the Access Manager Administration Console. |
siteName
|
Mandatory. Specifies the siteName/serverName for the instance. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
You can use any of the optional attributes to change current settings. The following invocation enables you to add the Access Manager Proxy Sever ID to the configuration entry oam_server1.
editOAMServer(configurationProfile="oam_server1", host="my_host", port="15000", oamProxyPort="3004", oamProxyServerID="oamProxyServerID1", siteName="siteName1", domainHome="domainHome1")
Online and offline command that enables you to delete the specified Access Manager Server registration.
Deletes the specified Access Manager Server configuration. The scope of this command is an instance only; the scope is not an argument.
deleteOAMServer(host="<host>", port="<port>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
host
|
Mandatory. Specifies the name of the Access Manager Server host. |
port
|
Mandatory. Specifies the listening port of the Access Manager Server host. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Online and offline command that displays registration details for the specified Access Manager Server.
Displays the registration details of the specified Access Manager Server, including the host, port, registration name, Access Manager Proxy port, server ID and, optionally, the Access Manager Proxy shared secret. The scope of this command is an instance only; the scope is not an argument.
displayOAMServer(host="<host>", port="<port>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
host
|
Mandatory. Specifies the name of the Access Manager Server host. |
port
|
Mandatory. Specifies the listening port of the Access Manager Server host. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Online command to enable or disable the Persistent Login feature.
configurePersistentLogin(enable="true/false", validityInDays="<#>", maxAuthnLevel="<#>", userAttribute="<userAttr>")
| Argument | Definition |
|---|---|
enable
|
Mandatory. Specify true or false. |
validityInDays
|
Mandatory. Specifies the number of days that the user login will be persisted for a particular browser instance or device. |
maxAuthnLevel
|
Mandatory. Specifies the maximum Authentication Level allowed after re-authenticating automatically through Persistent Login. |
userAttr
|
Mandatory. Specifies the user attribute with which Persistent Login properties will be stored. |
Online command that configures the Access Manager login page user preferences.
configOAMLoginPagePref(persistentCookie="true", persistentCookieLifetime=14, langPrefCookieDomain="oracle.com", langPrefOrder="serverOverrideLangPref, oamPrefsCookie, browserAcceptLanguage, defaultLanguage", serverOverrideLanguage="en", defaultLanguage="en", applicationSupportedLocales="en,fr")
| Argument | Definition |
|---|---|
persistentCookie
|
Mandatory. Boolean that defines whether the OAM_LANG_PREF cookie is persistent or non-persistent. Set to true or false. |
persistentCookieLifetime
|
Mandatory. Lifetime of the OAM_LANG_PREF cookie if persistent. |
langPrefCookieDomain
|
Mandatory. Defines the domain of the OAM_LANG_PREF cookie. |
langPrefOrder
|
Mandatory. Decides the order of language precedence. Must be formatted as in the syntax and example. The allowed value set is (serverOverrideLangPref,oamPrefsCookie,browserAcceptLanguage,defaultLanguage).
"oamPrefsCookie, browserAcceptLanguage, serverOverrideLangPref" |
serverOverrideLanguage
|
The server side language of Access Manager. Must be defined in language codes and selected from OAM supported languages. Default value is en. |
defaultLanguage
|
The default language. |
applicationSupportedLocales
|
Supported languages defined in a comma-delimited list. Setting applicationSupportedLocales="en,fr" insures the OAM Login page will display a list of values containing French and English. The supported language codes are documented in Table 4-2 below. |
Table 4-2 Language Codes For Login Pages
| Language Code | Language | Administrators |
|---|---|---|
|
ar |
Arabic |
|
|
cs |
Czech |
|
|
da |
Danish |
|
|
de |
German |
German |
|
el |
Greek |
|
|
en |
English |
English |
|
es |
Spanish |
Spanish |
|
fi |
Finnish |
|
|
fr |
French |
French |
|
fr-CA |
Canadian French |
Canadian French |
|
he |
Hebrew |
|
|
hr |
Croatian |
|
|
hu |
Hungarian |
|
|
it |
Italian |
Italian |
|
ja |
Japanese |
Japanese |
|
ko |
Korean |
Korean |
|
nl |
Dutch |
|
|
no |
Norwegian |
|
|
pl |
Polish |
|
|
pt-BR |
Brazilian Portuguese |
Brazilian Portuguese |
|
pt |
Portuguese |
|
|
ro |
Romanian |
|
|
ru |
Russian |
|
|
sk |
Slovak |
|
|
sv |
Swedish |
|
|
th |
Thai |
|
|
tr |
Turkish |
|
|
zh-CN |
Simplified Chinese |
Simplified Chinese |
|
zh-TW |
Traditional Chinese |
Traditional Chinese |
configOAMLoginPagePref(persistentCookie="true", persistentCookieLifetime=14, langPrefCookieDomain="oracle.com", langPrefOrder="serverOverrideLangPref, oamPrefsCookie, browserAcceptLanguage, defaultLanguage", serverOverrideLanguage="en", defaultLanguage="en", applicationSupportedLocales="en,fr")
This next example allows an administrator to revert back to the default behavior in which no language list of values is displayed.
configOAMLoginPagePref(persistentCookie="true", persistentCookieLifetime=14,langPrefCookieDomain="example.com", langPrefOrder="serverOverrideLangPref,oamPrefsCookie,browserAcceptLanguage, defaultLanguage",serverOverrideLanguage="", defaultLanguage="en",applicationSupportedLocales="")
Online and offline command that defines the SSO server request cache type in the system configuration.
Defines the SSO server request cache type in the system configuration. The scope of this command is an instance only; the scope is not an argument.
configRequestCacheType(type="<requestCacheType>", domainHome="<domainHome>")
| Argument | Definition |
|---|---|
type
|
Mandatory. Specifies the request cache type. Takes a value of BASIC or COOKIE. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Online and offline command that displays the SSO server request cache type defined for the specified domain. The request cache type may be BASIC or COOKIE.
Displays the SSO server request cache type entry defined for the specified domain. The scope of this command is an instance only; the scope is not an argument.
displayRequestCacheType(domainHome="<domainHome>")
| Argument | Definition |
|---|---|
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Online and offline command that enables you to modify the details of an OpenSSO (OSSO) Agent registration in the system configuration.
Modifies OSSO Agent registration details including the Site Token, Success URL, Failure URL, Home URL, Logout URL, Start Date, End Date, Administrator ID, and Administrator Info. The scope of this command is an instance only; the scope is not an argument.
editOssoAgent(agentName="AgentName", partnerId = "<partnerId>", siteToken = "<siteToken>", siteName = "<siteName>", successUrl ="<successUrl>", failureUrl = "<failureUrl>", homeUrl="<homeUrl>", logoutUrl="<logoutUrl>", startDate = "<startDate>", endDate = "<endDate>", adminId = "<adminId>", adminInfo = "<AdminInfo>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
agentName
|
Mandatory. Specifies the name of the OSSO Agent entry to be modified.
adminId=admin Id of OSSO agent <optional> adminInfo=admin Information of OSSO agent <optional> |
partnerId
|
Optional. Specifies the Agent Name of the OSSO agent instance. |
siteToken
|
Optional. Specifies the Application Token used by the partner when requesting authentication. |
siteName
|
Optional. Specifies the SiteName/ServerName for the OSSO agent instance. |
successUrl
|
Optional. Specifies the redirect URL to be used by the OSSO Agent if authentication is successful. |
failureUrl
|
Optional. Specifies the redirect URL to be used by the OSSO Agent if authentication fails. |
homeUrl
|
Optional. Specifies the redirect URL to be used for the Home page after authentication. |
logoutUrl
|
Optional. Specifies the redirect URL to be used when a user is logging out. |
startDate
|
Optional. Specifies the first month, day, and year for which login to the application is allowed by the server. |
endDate
|
Optional. Specifies the final month, day, and year for which login to the application is allowed by the server. |
adminId
|
Optional. Specifies the administrator login ID for the OSSO Agent. |
adminInfo
|
Optional. Specifies an administrator identifier for the OSSO Agent for tracking purpose. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
The following example changes the Administrator ID and information in the registration entry for OSSOAgent1.
editOssoAgent(agentName = "OSSOAgent1", partnerId = "partnerId", siteToken = "siteToken", siteName = "siteName", successUrl="successUrl", failureUrl = "failureUrl", homeUrl="homeUrl", logoutUrl="logoutUrl", startDate = "2009-12-10", endDate = "2012-12-30", adminId = "345", adminInfo = "Agent11", domainHome="domainHome1")
Online and offline command that enables you to remove the specified OSSO Agent registration in the system configuration.
Removes the specified OSSO Agent registration in the system configuration. The scope of this command is an instance only; the scope is not an argument.
deleteOssoAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
agentName
|
Mandatory. Specifies the name of the OSSO Agent entry to be removed. |
domainhome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Online and offline command that displays the details of the specified OSSO Agent entry in the system configuration.
Displays the details of the specified OSSO Agent entry in the Access Manager Administration Console. The scope of this command is an instance only; the scope is not an argument.
displayOssoAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
agentName
|
Mandatory. Specifies the name of the OSSO Agent entry to be displayed. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Online and offline command that enables you to modify a Webgate 10g registration entry in the system configuration.
Enables you to modify a Webgate 10g registration entry in the system configuration. The scope of this command is an instance only; the scope is not an argument.
editWebgateAgent(agentName="<AgentName>", accessClientPasswd="<accessClientPassword >",state="<state>", preferredHost="<host>", aaaTimeOutThreshold="<aaaTimeoutThreshold >", security="<security>",primaryCookieDomain="<primaryCookieDomain>", maxConnections="<maxConnections>",maxCacheElems="<maxCacheElements >", cacheTimeout="<cacheTimeOut>", cookieSessionTime="<cookieSessionTime >", maxSessionTime="<maxSessionTime>", idleSessionTimeout="<idleSessionTimeout >",failoverThreshold="<failoverThreshold >", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
agentName
|
Mandatory. Specifies the name of the WebGate Agent to be modified. |
accessClientPasswd
|
Optional. Specifies the access client password of WebGate Agent. |
state
|
Optional. Specifies whether the WebGate Agent is enabled or disabled with a value of either Enabled or Disabled, respectively. |
preferredHost
|
Optional. Specifies the preferred host of the WebGate Agent. This prevents security holes that can be created if a host's identifier is not included in the Host Identifiers list. For virtual hosting, you must use the Host Identifiers feature. |
aaaTimeOutThreshold
|
Optional. Specifies the number (in seconds) to wait for a response from the Access Manager run-time server. If this parameter is set, it is used as an application TCP/IP timeout instead of the default TCP/IP timeout. Default = -1 (default network TCP/IP timeout is used) |
security
|
Optional. Specifies the level of transport security to and from the Access Manager run-time server. Takes as a value either open, simple, or cert. |
primaryCookieDomain
|
Optional. Specifies the Web server domain on which the Access Manager Agent is deployed. For example, .acompany.com |
maxConnections
|
Optional. Specifies the maximum number of connections that this Access Manager Agent can establish with the Access Manager Server. This number must be the same as (or greater than) the number of connections that are actually associated with this agent. Default = 1 |
maxCacheElems
|
Optional. Specifies the maximum number of elements maintained in the cache. Cache elements are URLs or Authentication Schemes. The value of this setting refers to the maximum consolidated count for elements in both of these caches. Default = 10000 |
cacheTimeout
|
Optional. Specifies the amount of time cached information remains in the Access Manager Agent cache when the information is neither used nor referenced. Default = 1800 (seconds) |
cookieSessionTime
|
Optional. Specifies the amount of time that the ObSSOCookie persists. Default = 3600 (seconds) |
maxSessionTime
|
Optional. Specifies the maximum amount of time in seconds that a user's authentication session is valid regardless of their activity. At the expiration of this time, the user is re-challenged for authentication. This is a forced logout. A value of 0 disables this timeout setting. Default = 3600 (seconds) |
idleSessionTimeout
|
Specifies the location of the Domain Home. When Offline, a value is mandatory; when online, optional. |
failoverThreshold
|
Optional. Specifies a number representing the point when this Access Manager Agent opens connections to a Secondary Access Manager Server. Default = 1 |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
You can alter any or all of the settings. Use the following example to change the Agent ID, state, maximum connections, Access Manager Server timeout, primary cookie domain, cache time out, cookie session timeout, maximum session timeout, idle session timeout, and failover threshold.
editWebgateAgent(agentName="WebgateAgent1", accessClientPasswd="welcome1", state="Enabled", preferredHost="141.144.168.148:2001", aaaTimeOutThreshold = "10", security="open", primaryCookieDomain="primaryCookieDomain", maxConnections="16", maxCacheElems="10000", cacheTimeout="1800", cookieSessionTime="3600", maxSessionTime="24", idleSessionTimeout="3600", failoverThreshold="1", domainHome="domainHome1")
Online and offline command that enables you to delete a Webgate_agent registration entry in the system configuration.
Removes the specified Webgate_agent registration entry from the system configuration. The scope of this command is an instance only; the scope is not an argument.
deleteWebgateAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
agentName
|
Mandatory. Specifies the name of the WebGate Agent being deleted. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Online and offline command that displays a Webgate_agent registration entry.
Displays all details of the specified Webgate_agent registration entry in the Access Manager Administration Console. The scope of this command is an instance only; the scope is not an argument.
displayWebgateAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
agentName
|
Mandatory. Specifies the name of the WebGate Agent being displayed. |
domainhome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Online only command that exports Access Manager policy data from a test (source) environment to the intermediate Access Manager file specified.
Exports Access Manager policy data from a test (source) environment to the intermediate Access Manager file. The scope of this command is an instance only; the scope is not an argument.
exportPolicy(pathTempOAMPolicyFile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
pathTempOAMPolicyFile
|
Mandatory. Specifies the absolute path to the temporary Access Manager file. |
Online only command that imports the Access Manager policy data from the specified Access Manager file.
Imports the Access Manager policy data from the specified Access Manager file. The scope of this command is an instance only; the scope is not an argument.
importPolicy(pathTempOAMPolicyFile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
pathTempOAMPolicyFile
|
Mandatory. Specifies the absolute path to the temporary Access Manager file. |
Online only command that imports the Access Manager policy changes from the specified Access Manager file.
Imports the Access Manager policy changes from the specified Access Manager file. The scope of this command is an instance only; the scope is not an argument.
importPolicyDelta(pathTempOAMPolicyFile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
pathTempOAMPolicyFile
|
Mandatory. Specifies the absolute path to the temporary Access Manager file. |
Online only command that migrates partners from the current (source) Access Manager Server to the specified (target) Access Manager Server.
Migrates partners from the current (source) Access Manager Server to the specified (target) Access Manager Server. The scope of this command is an instance only; the scope is not an argument.
migratePartnersToProd(prodServerHost="<host>", prodServerPort="<port>", prodServerAdminUser="<user>", prodServerAdminPwd="<passwd>")
| Argument | Definition |
|---|---|
prodServerHost |
Host name of the target Access Manager Server to which partners are to be migrated. |
prodServerPort |
Port of the target Access Manager Server to which partners are to be migrated. |
prodServerAdminUser |
Administrator of the target Access Manager Server to which partners are to be migrated. |
prodServerAdminPwd |
Target Access Manager Server administrator's password. |
Online only command that exports Access Manager partners from the source to the Access Manager file specified.
Exports the Access Manager partners from the source to the Access Manager file specified. The scope of this command is an instance only; the scope is not an argument.
exportPartners(pathTempOAMPartnerFile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
pathTempOAMPolicyFile
|
Mandatory. Specifies the absolute path to the temporary Access Manager file. |
Online only command that imports Access Manager partners from the specified Access Manager file.
Imports the Access Manager partners from the specified Access Manager file. The scope of this command is an instance only; the scope is not an argument.
importPartners(pathTempOAMPartnerFile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
pathTempOAMPartnerFile |
Mandatory. Specifies the path to the temporary Access Manager partner file. |
Online and offline command that displays information about all Access Manager Servers in a deployment.
displayTopology(domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Online only command that configures the basic integration of Access Manager and Oracle Adaptive Access Manager (OAAM).
Configures the basic integration of Access Manager and OAAM. The scope of this command is an instance only; the scope is not an argument.
configureOAAMPartner(dataSourceName="<dataSourceName>", hostName="<hostName>", port="<port>", serviceName="<serviceName>", userName="<userName>", passWord="<passWord>", maxConnectionSize="<maxConnectionSize>", maxPoolSize="<maxPoolSize>", serverName="<serverName>")
| Argument | Definition |
|---|---|
dataSourceName |
Mandatory. Specifies the name of the data source to be created. |
hostName |
Mandatory. Specifies the name of the database host. |
port |
Mandatory. Specifies the database port number. |
serviceName |
Mandatory. Specifies the database service name. |
userName |
Mandatory. Specifies the OAAM schema name. |
passWord |
Mandatory. Specifies the OAAM schema password. |
maxConnectionSize |
Optional. Specifies the maximum connection reserve time out size. |
maxPoolSize |
Optional. Specifies the maximum size for the connection pool. |
serverName |
Optional. Specifies the target server for the data source. |
The following example configures a basic integration for Access Manager and OAAM.
configureOAAMPartner(dataSourceName="MyOAAMDS", hostName="host.example.com", port="1521", serviceName="sevice1", userName="username", passWord="password", maxConnectionSize=None, maxPoolSize=None, serverName="oam_server1")
Online and offline command that registers Oracle Access Management Identity Federation (Identity Federation) as a Delegated Authentication Protocol (DAP) Partner.
Registers Identity Federation as Delegated Authentication Protocol (DAP) Partner. The scope of this command is an instance only; the scope is not an argument.
registerOIFDAPPartner(keystoreLocation="/scratch/keystore" logoutURL="http://<oifhost>:<oifport>/fed/user/splooam11g? doneURL=http(s)://<oamhost>:<oamport>/oam/server/pages/logout.jsp", rolloverTime="nnn")
| Argument | Definition |
|---|---|
keystoreLocation |
Mandatory. Specifies the location of the Keystore file (generated at the Identity Federation Server). |
logoutURL |
Mandatory. Specifies the logout URL for the Identity Federation server. |
rolloverTime |
Optional. Specifies the amount of time in seconds for which the keys used to encrypt/decrypt SASSO tokens can be rolled over. |
Online and offline command that registers Identity Federation as a Delegated Authentication Protocol (DAP) Partner in IDP Mode.
Registers Identity Federation as Delegated Authentication Protocol (DAP) Partner in IDP Mode. The scope of this command is an instance only; the scope is not an argument.
registerOIFDAPPartnerIDPMode(logoutURL="http://<oifhost>:<oifport>/fed/user/sploosso?doneURL=http://<oamhost>:<oamport>/ngam/server/pages/logout.jsp")
| Argument | Definition |
|---|---|
logoutURL |
Mandatory. Specifies the logout URL for the Identity Federation server. |
Registers any third party as a Trusted Authentication Protocol (TAP) Partner.
registerThirdPartyTAPPartner(partnerName="ThirdPartyTAPPartner", keystoreLocation="/scratch/DAPKeyStore/mykeystore.jks", password="test", tapTokenVersion="v2.0", tapScheme="TAPScheme", tapRedirectUrl="http://thirdpartyserverhost:port/loginPage.jsp")
| Argument | Definition |
|---|---|
partnerName
|
Mandatory. Specifies the name of the partner. Can be any name used to identify the third party partner. |
keystoreLocation
|
Mandatory. Specifies the location of the keystore file. |
password
|
Mandatory. Specifies the password for the keystore file. |
tapTokenVersion |
Mandatory. Specifies the version of the Trusted Authentication Protocol. |
tapScheme |
Optional. Specifies the TAPScheme name used to protect the resource - TAPScheme, out of the box. |
tapRedirectUrl |
Optional. Specifies the TAP challenge URL to which the credential collector will be redirected. |
The following example illustrates the use of the parameters.
registerThirdPartyTAPPartner(partnerName = "ThirdPartyTAPPartner", keystoreLocation="/scratch/DAPKeyStore/mykeystore.jks", password="test", tapTokenVersion="v2.0", tapScheme="TAPScheme", tapRedirectUrl="http://thirdpartyserverhost:port/loginPage.jsp")
Online command that disables Coexist Mode.
Disables Coexist Mode. The scope of this command is an instance only; the scope is not an argument. There are no arguments for this command.
Enables Coexist Mode for the Access Manager agent (enabling the Access Manager 11g server to own the Obssocookie set by 10g WebGate).
Enables Coexist Mode for the Access Manager agent. The scope of this command is an instance only; the scope is not an argument. There are no arguments for this command.
Disables Coexist Mode for the Access Manager agent.
Disables the Coexist Mode for the Access Manager agent. The scope of this command is an instance only; the scope is not an argument. There are no arguments for this command.
Online and offline command that edits GITO configuration parameters.
Edits GITO configuration parameters. The scope of this command is an instance only; the scope is not an argument.
editGITOValues(gitoEnabled="true", gitoCookieDomain=".abc.com", gitoCookieName="ABC", gitoVersion="v1.0", gitoTimeout="20", gitoSecureCookieEnabled="false", domainHome="/abc/def/ijk")
| Argument | Definition |
|---|---|
gitoEnabled |
Allows (or denies) user to set GITO enabled property. Takes a value of true or false. |
gitoCookieDomain |
Mandatory. Specifies the GITO cookie domain. |
gitoCookieName |
Optional. Specifies the cookie name. |
gitoVersion |
Optional. Specifies the GITO version. Takes ONLY v1.0 or v3.0. |
gitoTimeout |
Optional. Specifies the GITO timeout value. |
gitoSecureCookieEnabled |
Optional. Enables the GITO cookie enabled property. Takes a value of true or false. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Online and offline command that edits an 11g Webgate_entry registration in the system configuration.
Edits an 11g Webgate_entry registration in the system configuration. The scope of this command is an instance only; the scope is not an argument.
editWebgate11gAgent(agentName="<AgentName>", accessClientPasswd="<accessClientPassword >",state="<state>", preferredHost="<host>", aaaTimeoutThreshold="<aaaTimeOutThreshold>", security="<security>",logOutUrls="<logOutUrls>", maxConnections="<maxConnections>",maxCacheElems="<maxCacheElements>", cacheTimeout="<cacheTimeOut>", logoutCallbackUrl="<logoutCallbackUrl >",maxSessionTime="<maxSessionTime>", logoutRedirectUrl="<logoutRedirectUrl >",failoverThreshold="<failoverThreshold>", tokenValidityPeriod="<tokenValidityPeriod>",logoutTargetUrlParamName="<logoutTargetUrlParamName>", domainHome="<domainHome>",allowManagementOperations="<allowManagementOperations>", allowTokenScopeOperations="<allowTokenScopeOperations>", allowMasterTokenRetrieval="<allowMasterTokenRetrieval>", allowCredentialCollectorOperations="<allowCredentialCollectorOperations>")
| Argument | Definition |
|---|---|
agentName
|
Mandatory. Specifies the name of the 11g WebGate Agent to be modified. |
accessClientPasswd
|
Optional. Specifies the unique client password for this WebGate Agent. |
state
|
Optional. Specifies whether the WebGate Agent is enabled or disabled with a value of either Enabled or Disabled, respectively. |
preferredHost
|
Optional. Specifies the preferred host of the WebGate Agent. This prevents security holes that can be created if a host's identifier is not included in the Host Identifiers list. For virtual hosting, you must use the Host Identifiers feature. |
aaaTimeoutThreshold
|
Optional. Specifies the number (in seconds) to wait for a response from the Access Manager run-time server. If this parameter is set, it is used as an application TCP/IP timeout instead of the default TCP/IP timeout. Default = -1 (default network TCP/IP timeout is used) |
security
|
Optional. Specifies the level of transport security to and from the Access Manager run-time server. Takes as a value either open, simple, or cert. |
logOutUrls
|
List of URLS that trigger the logout handler, which removes the ObSSOCookie. |
maxConnections
|
Optional. Specifies the maximum number of connections that this Access Manager Agent can establish with the Access Manager Server. This number must be the same as (or greater than) the number of connections that are actually associated with this agent. Default = 1 |
maxCacheElems
|
Optional. Specifies the maximum number of elements maintained in the cache. Cache elements are URLs or Authentication Schemes. The value of this setting refers to the maximum consolidated count for elements in both of these caches. Default = 10000 |
cacheTimeout
|
Optional. Specifies the amount of time cached information remains in the Access Manager Agent cache when the information is neither used nor referenced. Default = 1800 (seconds) |
logoutCallbackUrl
|
The URL to oam_logout_success, which clears cookies during the call back. By default, this is based on the Agent base URL supplied during agent registration. For example:
|
maxSessionTime
|
Optional. Specifies the maximum amount of time in seconds that a user's authentication session is valid regardless of their activity. At the expiration of this time, the user is re-challenged for authentication. This is a forced logout. A value of 0 disables this timeout setting. Default = 3600 (seconds) |
logoutRedirectUrl
|
Optional. Specifies the URL (absolute path) to the central logout page (logout.html). By default, this is based on the Access Manager Administration Console host name with a default port of 14200. |
failoverThreshold
|
Optional. Specifies a number representing the point when this Access Manager Agent opens connections to a Secondary Access Manager Server. Default = 1 |
tokenValidityPeriod
|
Optional. Specifies the amount of time in seconds that a user's authentication session remains valid without accessing any Access Manager Agent protected resources. |
logoutTargetUrlParamName
|
Optional. The value for this is the Logout Target URL to be invoked on logout and configured at the OPSS level. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
allowManagementOperations
|
Optional. Specifies the Set the flag for Allow Management Operations |
allowTokenScopeOperations
|
Optional. Specifies the Set the flag for Allow Token Scope Operations |
idleSessionTimeout
|
Optional. Specifies the |
allowMasterTokenRetrieval
|
Set flag for Allow Master Token Retrieval |
allowCredentialCollectorOperations
|
Set flag for Allow Credential Collector Operations |
The following example uses all mandatory and optional parameters.
editWebgate11gAgent(agentName="WebgateAgent1", accessClientPasswd="welcome1", state="Enabled", preferredHost="141.144.168.148:2001", aaaTimeoutThreshold="10", security="open", logOutUrls="http://host1.oracle.com:1234", maxConnections = "16", maxCacheElems="10000", cacheTimeout="1800", logoutCallbackUrl="http://host2.oracle.com:1234", maxSessionTime="24", logoutRedirectUrl="logoutRedirectUrl", failoverThreshold="1", tokenValidityPeriod="tokenValidityPeriod", logoutTargetUrlParamName="logoutTargetUrl", domainHome="domainHome1", allowManagementOperations="false", allowTokenScopeOperations="false", allowMasterTokenRetrieval="false", allowCredentialCollectorOperations="false")
Online and offline command that enables you to remove an 11g Webgate_agent entry in the system configuration.
Removes an 11g Webgate_agent entry in the system configuration. The scope of this command is an instance only; the scope is not an argument.
deleteWebgate11gAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
agentName
|
Mandatory. Specifies the name of the 11g WebGate Agent to be removed. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Online and offline command that enables you to display an 11g Webgate_agent registration entry.
Displays an 11g WebGate Agent registration entry. The scope of this command is an instance only; the scope is not an argument.
displayWebgate11gAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
agentName
|
Mandatory. Specifies the name of the 11g WebGate Agent to be modified. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Online and offline command that enables the display of metrics for Access Manager Servers.
Enables the display of metrics for Access Manager Servers. The scope of this command is an instance only; the scope is not an argument.
displayOAMMetrics(domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
DEPRECATED - Online only command that updates the Oracle Identity Manager configuration when integrated with Access Manager.
Updates the Identity Manager configuration in the system configuration. The scope of this command is an instance only; the scope is not an argument.
updateOIMHostPort(hostName="<host name>", port="<port number>", secureProtocol="true")
| Argument | Definition |
|---|---|
hostName |
Name of the Identity Manager host. |
port |
Port of the Identity Manager host. |
secureProtocol |
Takes a value of true or false depending on whether communication is through HTTP or HTTPS. |
DEPRECATED - Online only command that registers an agent profile specific to Oracle Identity Manager when integrated with Access Manager.
Creates an Agent profile specific to Oracle Identity Manager when integrated with Access Manager. The scope of this command is an instance only; the scope is not an argument.
configureOIM(oimHost="<OIM host>", oimPort="<port>", oimSecureProtocolEnabled="true | false", oimAccessGatePwd="<AccessGatePassword>", oimCookieDomain="<OIMCookieDomain>", oimWgId="<OIMWebgateID>", oimWgVersion="<OIMWebgateVersion>")
| Argument | Definition |
|---|---|
oimHost |
Name of the Oracle Identity Manager host. In the case of EDG, the front ending LBR hostname of the OIM Cluster. |
oimPort |
Port of the Oracle Identity Manager Managed Server. In the case of EDG, the front ending LBR port of the OIM Managed Server Cluster. |
oimSecureProtocolEnabled |
Takes a value of true or false depending on whether communication is through HTTP or HTTPS. |
oimAccessGatePwd |
If provided, the agent password for Open mode. |
oimCookieDomain |
Domain in which the cookie is to be set . |
oimWgId |
Agent registration name. |
oimWgVersion |
Possible values are 10g or 11g. If not provided, default is 10g. |
Online and offline command that updates the OSSO Proxy response cookie settings.
Updates OSSO Proxy response cookie settings. The scope of this command is an instance only; the scope is not an argument.
updateOSSOResponseCookieConfig(cookieName="<cookieName>",cookieMaxAge="<cookie age in minutes>", isSecureCookie="true | false",cookieDomain="<domain of the cookie>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
cookieName |
Optional. Name of the cookie for which settings are updated. If not specified, the global setting is updated. |
cookieMaxAge |
Maximum age of a cookie in minutes. A negative value sets a session cookie. |
isSecureCookie |
Boolean flag that specifies if cookie should be secure (sent over SSL channel). |
cookieDomain |
The domain of the cookie. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Online and offline command that deletes the OSSO Proxy response cookie settings in the system configuration.
Deletes the OSSO Proxy response cookie settings. The scope of this command is an instance only; the scope is not an argument.
deleteOSSOResponseCookieConfig(cookieName="<cookieName>", domainHome="<domainHomeName>")
| Argument | Definition |
|---|---|
cookieName |
Mandatory. Name of the cookie for which settings are being deleted. The global cookie setting cannot be deleted. |
domainHome
|
Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional. |
Configures the identity store and external user store.
configureOIM(oimHost="<OIM host>", oimPort="<port>", oimSecureProtocolEnabled="true | false", oimAccessGatePwd="<AccessGatePassword>", oimCookieDomain="<OIMCookieDomain>", oimWgId="<OIMWebgateID>", oimWgVersion="<OIMWebgateVersion>"), nameOfIdStore="<nameOfIdStore>", idStoreSecurityCredential="<idStoreSecurityCredential>", userSearchBase="<userSearchBase>", ldapUrl="<ldapUrl>", groupSearchBase="<groupSearchBase>", securityPrincipal="<securityPrincipal>", idStoreType="<idStoreType>", ldapProvider="<ldapProvider>", isPrimary="<isPrimary>", userIDProvider="<userIDProvider>", userNameAttr="<userNameAttr>"
| Argument | Definition |
|---|---|
oimHost |
Name of the Oracle Identity Manager host. In the case of EDG, the front ending LBR hostname of the OIM Cluster. |
oimPort |
Port of the Oracle Identity Manager Managed Server. In the case of EDG, the front ending LBR port of the OIM Managed Server Cluster. |
oimSecureProtocolEnabled |
Takes a value of true or false depending on whether communication is through HTTP or HTTPS. |
oimAccessGatePwd |
If provided, the agent password for Open mode. |
oimCookieDomain |
Domain in which the cookie is to be set . |
oimWgId |
Agent registration name. |
oimWgVersion |
Possible values are 10g or 11g. If not provided, default is 10g. |
nameOfIdStore |
Mandatory. Specifies the name of the LDAP ID store to be created. |
idStoreSecurityCredential |
Mandatory. Specifies the password of the Principal for the LDAP identity store being created. |
userSearchBase |
Mandatory. Specifies the node under which user data is stored in the LDAP identity store being created. |
ldapUrl |
Mandatory. Specifies the URL for the LDAP host (including port number) of the LDAP identity store being created. |
groupSearchBase |
Mandatory. Specifies the node under which group data is stored in the LDAP identity store being created. |
securityPrincipal |
Mandatory. Specifies the Principal Administrator of the LDAP identity store being created. |
idStoreType |
Mandatory. Specifies the type of the LDAP identity store being created. |
ldapProvider |
Specifies the LDAP Provider type of the store being created. |
isPrimary |
Optional. Specifies whether the LDAP identity store being registered is the primary identity store. Takes true or false as a value. |
userIDProvider |
Specifies the user Identity Provider for the store being created. |
userNameAttr |
Mandatory. Specifies the user attributes for the store. |
The following example illustrates this command.
configureOIM(oimHost="oracle.com", oimPort="7777", oimSecureProtocolEnabled="true", oimAccessGatePwd = "welcome", oimCookieDomain = "domain1", oimWgId="<OIM Webgate ID>", oimWgVersion="10g" nameOfIdStore="nameOfIdStore", idStoreSecurityCredential="idStoreSecurityCredential", userSearchBase="userSearchBase", ldapUrl="ldapUrl", groupSearchBase="groupSearchBase", securityPrincipal="securityPrincipal", idStoreType="idStoreType", ldapProvider="ldapProvider", isPrimary="true", userIDProvider="userIDProvider", userNameAttr="userNameAttr")
Configures the identity store and external user store using the values supplied in a properties file.
Configures the identity store and external user store using the values supplied in the specified properties file.
configAndCreateIdStoreUsingPropFile(path="<path_of_property_file>")
| Argument | Definition |
|---|---|
path |
Path to the property file in which the values are defined. |
DEPRECATED - Migrates artifacts.
migrateArtifacts(path="<path_to_artifacts_file>", password="<password>", type="OutOfPlace|InPlace", isIncremental="true|false")
| Argument | Definition |
|---|---|
path
|
Location of the artifacts file |
password
|
Password used while generating original artifacts. |
type
|
Boolean that defines the type of migration and takes as a value InPlace or OutOfPlace |
isIncremental |
Boolean that takes a value of true or false. If true, an incremental upgrade is done. |
Displays the simple mode global passphrase defined in the system configuration in plain text.
Online only command that displays the simple mode global passphrase in plain text. There are no arguments for this command.
Exports selected Access Manager Partners to the specified Access Manager file.
Exports selected Access Manager Partners to the specified Access Manager file specified.
exportSelectedPartners(pathTempOAMPartnerFile="<absoluteFilePath>", partnersNameList="<comma_separated_partner_names>")
| Argument | Definition |
|---|---|
pathTempOAMPartnerFile |
Mandatory. The location of the file to which the information will be exported. |
partnersNameList |
Mandatory. Specifies a comma separated list of partner ids being exported. |
Online only command that migrates policies, authentication stores, and user stores from OSSO, OAM10g, OpenSSO, or AM 7.1 to OAM11g.
oamMigrate(oamMigrateType=<migrationType>, pathMigrationPropertiesFile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
oamMigrateType |
Mandatory. Specifies the type of migration being done. Takes one of the following as a value: OSSO | OpenSSO | OAM10g
NOTE: OpenSSO applies to both SAML 7.1 and OpenSSO. |
pathMigrationPropertiesFile |
Mandatory. Specifies the path to the file from which the necessary artifacts for migration are read. |
Online only command that invokes the preSchemeUpgrade operation.
preSchemeUpgrade (pathUpgradePropertiesFile="/middlewarehome/oam-upgrade.properties")
| Argument | Definition |
|---|---|
pathUpgradePropertiesFile |
Mandatory. Specifies the path to the file from which the necessary system properties for upgrade are read. |
Invokes the postSchemeUpgrade operation.
postSchemeUpgrade (pathUpgradePropertiesFile="/middlewarehome/oam-upgrade.properties")
| Argument | Definition |
|---|---|
pathUpgradePropertiesFile |
Mandatory. Specifies the path to the file from which the necessary system properties for upgrade are read. |
Sets the oamSetWhiteListMode to true or false.
Sets the oamSetWhiteListMode to true or false. If true, Access Manager redirects to the last URL requested by the consuming application only if it is configured as a white-list URL.
oamSetWhiteListMode(oamWhiteListMode="true|false")
| Argument | Definition |
|---|---|
oamWhiteListMode |
Mandatory. Enables the Access Manager white list mode. |
Add, update or remove whitelist URL entries from the specified file.
Add, update or remove whitelist URL entries from the specified file.
This command allows you to enter whitelist URL values having wildcard port/host into the WhiteList config map.
In the value field, if host/port is specified using wildcard characters (* symbol) then all the host/port belonging to that particular format will be allowed.
On adding the * symbol, the match will be made for the WhiteList URL based on wild card comparison mechanism.
oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:1234", Operation="Remove|Update")
| Argument | Definition |
|---|---|
Name |
Mandatory. A valid string representing the name (key) for this entry. |
Value |
Mandatory. A valid URL in the <protocol>://<host>:<port> format. If the port is not specified, default HTTP/HTTPS ports are assigned accordingly. |
Operation |
Mandatory. Takes as a value Update or Remove. Not case sensitive. |
The following example illustrates this command:
oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:1234", Operation="Update")
The following example illustrates this command using wildcards for Whitelist ports:
oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:*", Operation="Update") oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:*", Operation="Remove")
The following examples illustrates this command when host/port is specified using wild card characters in value field:
oamWhiteListURLConfig(Name="xyz", Value="http://*.com:7777", Operation="Update")
The above command will allow URL's such as http://xyz.com:7777, http://abc.com:7777 and so on for redirection.
oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:*", Operation="Update")
The above command will allow URL's such as http://xyz.com:8000, http://abc.com:4040 and so on for redirection.
Online only command to enable Multi Data Center Mode.
enableMultiDataCentreMode(propfile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
propFile |
Mandatory. Specifies the absolute path to a file from which the properties to enable the Multi Data Center are read. |
Online only command to disable Multi Data Center Mode.
Sets the Multi Data Center cluster name.
setMultiDataCentreClusterName(clusterName="MyCluster")
| Argument | Definition |
|---|---|
clusterName |
Mandatory. Specifies the name of the cluster. |
Sets the Multi Data Center Partner logout URLs.
setMultiDataCentreLogoutURLs (logoutURLs="http://<host>:<port>/logout.jsp,http://<host>:<port>/logout.jsp")
| Argument | Definition |
|---|---|
logoutURLs |
Mandatory. Specify a comma separated list of Multi Data Center Partner logout URLs. |
Updates the Multi Data Center Partner logout URLs.
updateMultiDataCentreLogoutURLs (logoutURLs="http://<host>:<port>/logout.jsp,http://<host>:<port>/logout.jsp")
| Argument | Definition |
|---|---|
logoutURLs |
Mandatory. Specify a comma separated list of Multi Data Center Partner logout URLs. |
Online command that adds a partner to a Multi Data Center.
Adds a partner to a Multi Data Center. This command is supported only in online mode and adds one partner at a time.
addPartnerForMultiDataCentre(propfile="<absoluteFilePath>")
| Argument | Definition |
|---|---|
propFile |
Mandatory. Specifies the absolute path to a file that contains the agent information. |
Removes a partner from Multi Data Center.
Removes a partner from Multi Data Center. This command is supported only in online mode and removes one partner at a time.
removePartnerForMultiDataCentre(webgateid="<webgateId")
| Argument | Definition |
|---|---|
webgateid |
Mandatory. Specifies the ID of the partner to be deleted. |
Online command that adds an Access Manager SSO provider with the given login URI, logout URI, and auto-login URI.
This command modifies the domain jps-config.xml by adding an Access Manager SSO service instance with the required properties. In the event of an error, the command returns a WLSTException.
addOAMSSOProvider(loginuri, logouturi, autologinuri)
| Argument | Definition |
|---|---|
| loginuri | Specifies the URI of the login page. Required. |
| logouturi | Specifies the URI of the logout page. Optional. If unspecified, defaults to logouturi=NONE.
Set to "" to ensure that ADF security calls the OPSS logout service, which uses the implementation of the class OAMSSOServiceImpl to clear the cookie ObSSOCookie. An ADF-secured web application that would like to clear cookies without logging out the user should use this setting. |
| autologinuri | Specifies the URI of the autologin page. Optional. If unspecified, it defaults to autologin=NONE. |