For certain OAM administrative tasks, the WebLogic Scripting Tool (WLST) provides custom commands that can be used as an alternative to the OAM Administration Console. This appendix provides an introduction to WLST commands for OAM administrators. Details for each command, however, are outside the scope of this book.
Sections in this appendix include:
Become familiar with information in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
Custom WLST commands for OAM can be used for setting and managing OAM System Configuration only by OAM Administrators.
The WebLogic Scripting Tool shares the same foundation layer with the OAM Administration Console. WLST for OAM is available within ORACLE_IDM.
Note:
To use the Infrastructure Security custom WLST commands, you must invoke the WLST script from the Oracle Common home. See "Using Custom WLST Commands" in the Oracle Fusion Middleware Administrator's Guide.OAM WLST commands are defined in the oamWlstCmd.py file in the following path:
<ORACLE_IDM>/common/wlst
The oamWlstCmd.py file refers to jar files available in:
<Oracle_IDM>/oam/server/lib/jmx
<Oracle_IDM>/oam/server/lib/wlst
Most WLST commands for OAM operate in both online and offline modes. Operational modes are described in Table F-1.
Table F-1 Operational Modes for WLST commands for OAM
Online Mode | Offline Mode |
---|---|
Connects to the Mbean Server running on the WebLogic AdminServer |
Method invocation happens locally in the WLST Shell |
The Mbean Server can be running remotely |
Requires the OAM Domain Home as a mandatory input |
Invokes OAM WLST Mbean methods, which are executed in the server |
N/A |
OAM WLST Mbeans return the result of the execution to the WLST commands. |
N/A |
Use the WLST commands listed in Table F-2 to manage Oracle Access Manager (OAM)-related components, such as authorization providers, identity asserters, and SSO providers, as well as to display metrics and deployment topology, manage Oracle Access Manager server and agent configuration and more.
See Also:
The section on Oracle Access Manager commands in the chapter "Infrastructure Security Custom WLST Commands" of the Oracle Fusion Middleware WebLogic Scripting Tool Command ReferenceTable F-2 WLST Oracle Access Manager Commands
Use this command... | To... | Use with WLST... |
---|---|---|
listOAMAuthnProviderParams |
List the parameters set for an Oracle Access Manager authentication or identity assertion provider. |
Online |
createOAMIdentityAsserter |
Create a new identity asserter. |
Online |
updateOAMIdentityAsserter |
Update an existing identity asserter. |
Online |
createOAMAuthenticator |
Create a new authenticator. |
Online |
deleteOAMAuthnProvider |
Delete an existing authentication provider. |
Online |
updateOAMAuthenticator |
Update an existing authenticator. |
Online |
addOAMSSOProvider |
Add a new SSO provider. |
Online |
displayTopology |
List the details of deployed Oracle Access Manager Servers. |
Online Offline |
displayOamServer |
Display Oracle Access Manager Server configuration details. |
Online Offline |
createOamServer |
Create an entry for an Oracle Access Manager Server configuration. |
Online Offline |
editOamServer |
Edit the entry for an Oracle Access Manager Server configuration. |
Online Offline |
deleteOamServer |
Delete the named Oracle Access Manager Server configuration. |
Online Offline |
displayOssoAgent |
Display OSSO Agent configuration details. |
Online Offline |
editOssoAgent |
Edit OSSO Agent configuration details. |
Online Offline |
deleteOssoAgent |
Delete the named OSSO Agent configuration. |
Online Offline |
displayWebgateAgent |
Display 10g WebGate Agent configuration details. |
Online Offline |
editWebgateAgent |
Edit 10g WebGate Agent registration details. |
Online Offline |
deleteWebgateAgent |
Delete the named 10g WebGate Agent configuration. |
Online Offline |
changeLoggerSetting |
Change Logger Settings. |
Online Offline |
changeConfigDataEncryptionKey |
Regenerate the configuration data encryption key and re-encrypt data. |
Online Offline |
displayUserIdentityStoreConfig |
Display a user identity store registration. |
Online Offline |
editUserIdentityStoreConfig |
Edit a user identity store registration. |
Online Offline |
createUserIdentityStoreConfig |
Create a user identity store registration. |
Online Offline |
deleteUserIdentityStore |
Delete a user identity store registration. |
Online Offline |
configRequestCacheType |
Configure the SSO server request cache type. |
Online Offline |
displayRequestCacheType |
Display the SSO server request cache type entry. |
Online |
exportPolicy |
Export Oracle Access Manager policy data from a test (source) to an intermediate Oracle Access Manager file. |
Online |
importPolicy |
Import Oracle Access Manager policy data from the Oracle Access Manager file specified. |
Online |
importPolicyDelta |
Import Oracle Access Manager policy changes from the Oracle Access Manager file specified. |
Online |
migratePartnersToProd |
Migrate partners from the source Oracle Access Manager Server to the specified target Oracle Access Manager Server. |
Online |
exportPartners |
Export the Oracle Access Manager partners from the source to the intermediate Oracle Access Manager file specified. |
Online |
importPartners |
Import the Oracle Access Manager partners from the intermediate Oracle Access Manager file specified. |
Online |
configureOAAM |
Configure the Oracle Access Manager-Oracle Adaptive Access Manager basic integration. |
Online |
registerOIFDAPPartner |
Register Oracle Identity Federation as Delegated Authentication Protocol (DAP) Partner. |
Online Offline |
enableCoexistMode |
Enable the Coexist Mode. |
Online |
disableCoexistMode |
Disable the Coexist Mode. |
Online |
editGITOValues |
Edit GITO configuration parameters. |
Online Offline |
editWebgate11gAgent |
Edit an 11g WebGate registration. |
Online |
deleteWebgate11gAgent |
Remove an 11g WebGate Agent registration. |
Online Offline |
displayWebgate11gAgent |
Display an 11g WebGate Agent registration. |
Online Offline |
displayOAMMetrics |
Display metrics of OAM Servers. |
Online Offline |
updateOIMHostPort |
Update the Oracle Identity Manager configuration when integrated with Oracle Access Manager. |
Online Offline |
configureOIM |
Creates an Agent registration specific to Oracle Identity Manager when integrated with Oracle Access Manager. |
Online |
updateOSSOResponseCookieConfig |
Updates OSSO Proxy response cookie settings. |
Online Offline |
deleteOSSOResponseCookieConfig |
Deletes OSSO Proxy response cookie settings. |
Online Offline |
OAM Administrators can use the following procedure as a guide for using WLST commands for OAM-specific operations. Included here are several operations:
See Also:
The section on Oracle Access Manager commands in the chapter "Infrastructure Security Custom WLST Commands" of the Oracle Fusion Middleware WebLogic Scripting Tool Command ReferenceUse the following procedure for general information when you are starting the WLST shell.
To run WLST commands for OAM operations
Ensure that the OAM AdminServer is running.
Set up the environment for WLST by running the following command:
DOMAIN_HOME/bin/setDomainEnv.sh
Go to the OAM_HOME path: <Oracle_IDM>/common/bin.
Execute the appropriate command to enter the WLST shell.
Linux: wlst.sh Windows: wlst.cmd
Execute help commands, as needed: help('oam') to list available OAM WLST commands.
OAM WLST: help('oam') Specific Command: wlst.cmd
Connect to your domain. For example:
wls:/base_domain/serverConfig> connect()
Enter the WebLogic Administration username and password, and enter the URL for the Administration Server in the following format:
Please enter your username Please enter your password Please enter your server URL : t3://OAMHOST1.mycompany.com:7001 wls:/base_domain/serverConfig>
Offline Mode: Provide 'domainHome' as an input to the command.
Online Mode: Connect to the Mbean server using the command 'connect ()'
Check the section on Oracle Access Manager commands in the chapter "Infrastructure Security Custom WLST Commands" of the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference for full details.
In high availability configurations, the Request Cache type must be changed from BASIC to COOKIE using Infrastructure Security custom WLST commands.
See Also:
OAM_REQ cookie in Table 7-4, "SSO Cookies"
To change the Request Cache Type in a high-availability environment
Log in to the WLST shell and connect to your domain as described in "Starting the WLST Shell and Logging In".
Run the following command to configure the request cache type for a high-availability deployment as COOKIE:
wls:/base_domain/serverConfig> configRequestCacheType(type="COOKIE")
Validate that the command worked using the following command:
wls:/base_domain/serverConfig> displayRequestCacheType
Restart the OAM Servers.