4 Infrastructure Security Custom WLST Commands

The following sections describe the Oracle Fusion Middleware Infrastructure Security custom WLST commands in detail. Topics include:

• Overview of WSLT Security Commands

• Audit Configuration Commands

• SSL Configuration Commands

• Oracle Identity Federation Commands

• Directory Integration Platform Commands

• Security Commands

• Oracle Access Manager Commands

For additional information about Oracle Platform Security Services, see Oracle Fusion Middleware Security Guide.

Note:

To use the Infrastructure Security custom WLST commands, you must invoke the WLST script from the Oracle Common home. See "Using Custom WLST Commands" in the Oracle Fusion Middleware Administrator's Guide.

Overview of WSLT Security Commands

WLST security commands are divided into the following categories:

Table 4-1 WLST Command Categories

Command Category	Description
Audit Configuration Commands	View and manage audit policies and the audit repository configuration
SSL Configuration Commands	View and manage wallets, JKS keystores, and SSL configuration for Oracle HTTP Server, Oracle WebCache, Oracle Internet Directory, and Oracle Virtual Directory components.
Oracle Identity Federation Commands	View and manage configuration for Oracle Identity Federation
Directory Integration Platform Commands	For information on DIP tools, see "Directory Integration Platform Tools" in the Oracle Fusion Middleware User Reference for Oracle Identity Management
Security Commands	Manage domain and credential domain stores and migrate domain policy store.
Oracle Access Manager Commands	Manage OAM-related components, such as authorization providers, identity asserters, and SSO providers.

Audit Configuration Commands

Use the WLST commands listed in Table 4-2 to view and manage audit policies and the audit repository configuration.

Table 4-2 WLST Audit Commands

Use this command...	To...	Use with WLST...
getNonJavaEEAuditMBeanName	Display the mBean name for a non-Java EE component.	Online
getAuditPolicy	Display audit policy settings.	Online
setAuditPolicy	Update audit policy settings.	Online
getAuditRepository	Display audit repository settings.	Online
setAuditRepository	Update audit repository settings.	Online
listAuditEvents	List audit events for one or all components.	Online
exportAuditConfig	Export a component's audit configuration.	Online
importAuditConfig	Import a component's audit configuration.	Online

For more information, see the Oracle Fusion Middleware Security Guide.

getNonJavaEEAuditMBeanName

Online command that displays the mbean name for non-Java EE components.

Description

This command displays the mbean name for non-Java EE components given the instance name, component name, component type, and the name of the Oracle WebLogic Server on which the component's audit mbean is running. The mbean name is a required parameter to other audit WLST commands when managing a non-Java EE component.

Syntax

getNonJavaEEAuditMBeanName(instName, compName, compType, svrName)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are ohs, oid, ovd, and WebCache.
svrName	Specifies the name of the Oracle WebLogic Server.

Example

The following interactive command displays the mBean name for an Oracle Internet Directory:

wls:/mydomain/serverConfig> getNonJavaEEAuditMBeanName(instName='inst1', compName='oid1', compType='oid', svrName='AdminServer')

getAuditPolicy

Online command that displays the audit policy settings.

Description

This command displays audit policy settings including the filter preset, special users, custom events, maximum log file size, and maximum log directory size. The component mbean name is required for non-Java EE components like Oracle Internet Directory and Oracle Virtual Directory.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.

Syntax

getAuditPolicy([mbeanName])

Argument	Definition
mbeanName	Specifies the name of the component audit MBean for non-Java EE components.

Examples

The following command displays the audit settings for a Java EE component:

wls:/mydomain/serverConfig> getAuditPolicy()
Location changed to domainRuntime tree. This is a read-only tree with DomainMBean as the root.
For more help, use help(domainRuntime)
 
FilterPreset:All
Max Log File Size:104857600
Max Log Dir Size:0

The following command displays the audit settings for MBean CSAuditProxyMBean:

wls:/mydomain/serverConfig> getAuditPolicy(on='oracle.security.audit.test:type=CSAuditMBean,
name=CSAuditProxyMBean')

setAuditPolicy

Online command that updates an audit policy.

Description

Online command that configures the audit policy settings. You can set the filter preset, add or remove users, and add or remove custom events. The component mbean name is required for non-Java EE components like Oracle Internet Directory and Oracle Virtual Directory.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.

Syntax

setAuditPolicy([mbeanName],[filterPreset],[addSpecialUsers],
[removeSpecialUsers],[addCustomEvents],[removeCustomEvents])

Argument	Definition
mbeanName	Specifies the name of the component audit MBean for non-Java EE components.
filterPreset	Specifies the filter preset to be changed.
addSpecialUsers	Specifies the special users to be added.
removeSpecialUsers	Specifies the special users to be removed.
addCustomEvents	Specifies the custom events to be added.
removeCustomEvents	Specifies the custom events to be removed.

Examples

The following interactive command sets audit policy to None level, and adds users user2 and user3 while removing user1 from the policy:

wls:/mydomain/serverConfig> setAuditPolicy (filterPreset=
'None',addSpecialUsers='user2,user3',removeSpecialUsers='user1')

wls:/mydomain/serverConfig> getAuditPolicy();
Already in Domain Runtime Tree

FilterPreset:None
Special Users:user2,user3
Max Log File Size:104857600
Max Log Dir Size:0

The following interactive command adds login events while removing logout events from the policy:

wls:/mydomain/serverConfig> setAuditPolicy(filterPreset=
'Custom',addCustomEvents='UserLogin',removeCustomEvents='UserLogout')
 

The following interactive command sets audit policy to a Low level:

wls:/IDMDomain/domainRuntime> setAuditPolicy(filterPreset='Low');
Already in Domain Runtime Tree
Audit Policy Information updated successfully

wls:/IDMDomain/domainRuntime> getAuditPolicy();
Already in Domain Runtime Tree
FilterPreset:Low
Max Log File Size:104857600
Max Log Dir Size:0

The following command sets a custom filter to audit the CheckAuthorization event:

wls:/IDMDomain/domainRuntime> setAuditPolicy(filterPreset='Custom', addCustomEvents='JPS:CheckAuthorization');
Already in Domain Runtime Tree
 
Audit Policy Information updated successfully
wls:/IDMDomain/domainRuntime> getAuditPolicy();
Already in Domain Runtime Tree
 
FilterPreset:Custom
Special Users:user1
Max Log File Size:104857600
Max Log Dir Size:0
Custom Events:JPS:CheckAuthorization

getAuditRepository

Online command that displays audit repository settings.

Description

This command displays audit repository settings for Java EE components and applications (for other components like Oracle Internet Directory, the repository configuration resides in opmn.xml). Also displays database configuration if the repository is a database type.

Syntax

getAuditRepository 

Example

The following command displays audit repository configuration:

wls:/IDMDomain/domainRuntime> getAuditRepository()
Already in Domain Runtime Tree
 
Repository Type:File

setAuditRepository

Online command that updates audit repository settings.

Description

This command sets the audit repository settings for Java EE components and applications (for other components like Oracle Internet Directory, the repository is configured by editing opmn.xml).

Syntax

setAuditRepository([switchToDB],[dataSourceName],[interval])

Argument	Definition
switchToDB	If true, switches the repository from file to database.
dataSourceName	Specifies the name of the data source.
interval	Specifies intervals at which the audit loader kicks off.

Examples

The following command switches from a file repository to a database repository:

wls:/IDMDomain/domainRuntime> setAuditRepository(switchToDB='true');
Already in Domain Runtime Tree
 
Audit Repository Information updated
 
wls:/IDMDomain/domainRuntime> getAuditRepository();
Already in Domain Runtime Tree
 
JNDI Name:jdbc/AuditDB
Interval:15
Repository Type:DB

The following interactive command changes audit repository to a specific database and sets the audit loader interval to 14 seconds:

wls:/mydomain/serverConfig> setAuditRepository(switchToDB='true',dataSourceName='jdbcAuditDB',interval='14')

listAuditEvents

Online command that displays a component's audit events.

Description

This command displays a component's audit events and attributes. For non-Java EE components, pass the component mbean name as a parameter. Java EE applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter. Without a component type, all generic attributes applicable to all components are displayed.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.

Syntax

listAuditEvents([mbeanName],[componentType])

Argument	Definition
mbeanName	Specifies the name of the component MBean.
componentType	Specifies the component type.

Examples

The following command displays audit events for the Oracle Platform Security Services component:

wls:/IDMDomain/domainRuntime> listAuditEvents(componentType='JPS');
Already in Domain Runtime Tree
 
Common Attributes
ComponentType
Type of the component. For MAS integrated SystemComponents this is the componentType
InstanceId
Name of the MAS Instance, that this component belongs to
HostId
DNS hostname of originating host
HostNwaddr
IP or other network address of originating host
ModuleId
ID of the module that originated the message. Interpretation is unique within Component ID.
ProcessId
ID of the process that originated the message

The following command displays audit events for Oracle HTTP Server:

wls:/mydomain/serverConfig> listAuditEvents(componentType='ohs')

The following command displays all audit events:

wls:/IDMDomain/domainRuntime> listAuditEvents();
Already in Domain Runtime Tree
 
Components:
DIP
JPS
OIF
OWSM-AGENT
OWSM-PM-EJB
ReportsServer
WS-PolicyAttachment
WebCache
WebServices
Attributes applicable to all components:
ComponentType
InstanceId
HostId
HostNwaddr
ModuleId
ProcessId
OracleHome
HomeInstance
ECID
RID
...

exportAuditConfig

Online command that exports a component's audit configuration.

Description

This command exports the audit configuration to a file. For non-Java EE components, pass the component mbean name as a parameter. Java EE applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.

Syntax

exportAuditConfig([mbeanName],fileName)

Argument	Definition
mbeanName	Specifies the name of the non-Java EE component MBean.
fileName	Specifies the path and file name to which the audit configuration should be exported.

Examples

The following interactive command exports the audit configuration for a component:

wls:/mydomain/serverConfig> exportAuditConfig(on='oracle.security.audit.test:type=CSAuditMBean,
name=CSAuditProxyMBean',fileName='/tmp/auditconfig')

The following interactive command exports the audit configuration for a Java EE component; no mBean is specified:

wls:/mydomain/serverConfig> exportAuditConfig(fileName='/tmp/auditconfig')

importAuditConfig

Online command that imports a component's audit configuration.

Description

This command imports the audit configuration from an external file. For non-Java EE components, pass the component mbean name as a parameter. Java EE applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.

Syntax

importAuditConfig([mbeanName],fileName)

Argument	Definition
mbeanName	Specifies the name of the non-Java EE component MBean.
fileName	Specifies the path and file name from which the audit configuration should be imported.

Examples

The following interactive command imports the audit configuration for a component:

wls:/mydomain/serverConfig> importAuditConfig(on='oracle.security.audit.test:type=CSAuditMBean,
name='CSAuditProxyMBean',fileName='/tmp/auditconfig')

The following interactive command imports the audit configuration for a component; no mBean is specified:

wls:/mydomain/serverConfig> importAuditConfig(fileName='/tmp/auditconfig')

SSL Configuration Commands

Use the WLST commands listed in Table 4-3 to view and manage SSL configuration for Oracle Fusion Middleware components.

Table 4-3 WLST Commands for SSL Configuration

Use this command...	To...	Use with WLST...
addCertificateRequest	Generate a certificate signing request in an Oracle wallet.	Online
addSelfSignedCertificate	Add a self-signed certificate to an Oracle wallet.	Online
changeKeyStorePassword	Change the password to a JKS keystore.	Online
changeWalletPassword	Change the password to an Oracle wallet.	Online
configureSSL	Set the SSL attributes for a component listener.	Online
createKeyStore	Create a JKS keystore.	Online
createWallet	Create an Oracle wallet.	Online
deleteKeyStore	Delete a JKS keystore.	Online
deleteWallet	Delete an Oracle wallet.	Online
exportKeyStore	Export a JKS keystore to a file.	Online
exportKeyStoreObject	Export an object from a JKS keystore to a file.	Online
exportWallet	Export an Oracle wallet to a file.	Online
exportWalletObject	Export an object from an Oracle wallet to a file.	Online
generateKey	Generate a key pair in a JKS keystore.	Online
getKeyStoreObject	Display a certificate or other object present in a JKS keystore.	Online
getSSL	Display the SSL attributes for a component listener.	Online
getWalletObject	Display a certificate or other object present in an Oracle wallet.	Online
importKeyStore	Import a JKS keystore from a file.	Online
importKeyStoreObject	Import a certificate or other object from a file to a JKS keystore.	Online
importWallet	Import an Oracle wallet from a file.	Online
importWalletObject	Import a certificate or other object from a file to an Oracle wallet.	Online
listKeyStoreObjects	List all objects present in a JKS keystore.	Online
listKeyStores	List all JKS keystores configured for a component instance.	Online
listWalletObjects	List all objects present in an Oracle wallet.	Online
listWallets	List all Oracle wallets configured for a component instance.	Online
removeKeyStoreObject	Remove a certificate or other object from a component instance's JKS keystore.	Online
removeWalletObject	Remove a certificate or other object from a component instance's Oracle wallet.	Online

For more information, see the Oracle Fusion Middleware Administrator's Guide.

addCertificateRequest

Online command that generates a certificate signing request in an Oracle wallet.

Description

This command generates a certificate signing request in Base64 encoded PKCS#10 format in an Oracle wallet for a component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory). To get a certificate signed by a certificate authority (CA), send the certificate signing request to your CA.

Syntax

addCertificateRequest(instName, compName, compType, walletName, password, DN, keySize)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.
walletName	Specifies the name of the wallet file.
password	Specifies the password of the wallet.
DN	Specifies the Distinguished Name of the key pair entry.
keySize	Specifies the key size in bits.

Example

The following command generates a certificate signing request with DN cn=www.acme.com and key size 1024 in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> addCertificateRequest('inst1', 'oid1', 'oid','wallet1', 'password', 'cn=www.acme.com', '1024')

addSelfSignedCertificate

Online command that adds a self-signed certificate.

Description

This command creates a key pair and wraps it in a self-signed certificate in an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory). Only keys based on the RSA algorithm are generated.

Syntax

addSelfSignedCertificate(instName, compName, compType, walletName, password, DN, keySize)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.
walletName	Specifies the name of the wallet file.
password	Specifies the password of the wallet.
DN	Specifies the Distinguished Name of the key pair entry.
keySize	Specifies the key size in bits.

Example

The following command adds a self-signed certificate with DN cn=www.acme.com, key size 1024 to wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> addSelfSignedCertificate('inst1', 'oid1', 'oid','wallet1', 'password', 'cn=www.acme.com', '1024')

changeKeyStorePassword

Online command that changes the keystore password.

Description

This command changes the password of a Java Keystore (JKS) file for an Oracle Virtual Directory instance.

Syntax

changeKeyStorePassword(instName, compName, compType, keystoreName, currPassword, newPassword)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid value is 'ovd'.
keystoreName	Specifies the filename of the keystore.
currPassword	Specifies the current keystore password.
newPassword	Specifies the new keystore password.

Example

The following command changes the password of file keys.jks for Oracle Virtual Directory instance ovd1 in application server instance inst1:

wls:/mydomain/serverConfig> changeKeyStorePassword('inst1', 'ovd1', 'ovd','keys.jks', 'currpassword', 'newpassword')

changeWalletPassword

Online command that changes the password of an Oracle wallet.

Description

This command changes the password of an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory). This command is only applicable to password-protected wallets.

Syntax

changeWalletPassword(instName, compName, compType, walletName,currPassword, newPassword)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are 'oid', 'ohs', and 'webcache'.
walletName	Specifies the filename of the wallet.
currPassword	Specifies the current wallet password.
newPassword	Specifies the new wallet password.

Example

The following command changes the password for wallet1 from currpassword to newpassword for Oracle HTTP Server instance ohs1 in application server instance inst1:

wls:/mydomain/serverConfig> changeWalletPassword('inst1', 'ohs1', 'ohs','wallet1', 'currpassword', 'newpassword')

configureSSL

Online command that sets SSL attributes.

Description

This command sets the SSL attributes for a component listener. The attributes are specified in a properties file format (name=value). If a properties file is not provided, or it does not contain any SSL attributes, default attribute values are used. For component-specific SSL attribute value defaults, see the chapter "SSL Configuration in Oracle Fusion Middleware" in the Oracle Fusion Middleware Administrator's Guide.

Syntax

configureSSL(instName, compName, compType, listener, filePath)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are 'oid', 'ovd', ohs', and 'webcache'.
listener	Specifies the name of the component listener to be configured for SSL.
filePath	Specifies the absolute path of the properties file containing the SSL attributes to set.

Examples

The following command configures SSL attributes specified in the properties file /tmp/ssl.properties for Oracle Virtual Directory instance ovd1 in application server instance inst1, for listener listener1:

wls:/mydomain/serverConfig> configureSSL('inst1', 'ovd1', 'ovd', 'listener1','/tmp/ssl.properties')

The following command configures SSL attributes without specifying a properties file. Since no file is provided, the default SSL attribute values are used:

wls:/mydomain/serverConfig> configureSSL('inst1', 'ovd1', 'ovd', 'listener2')

createKeyStore

Online command that creates a JKS keystore.

Description

This command creates a Java keystore (JKS) for the specified Oracle Virtual Directory instance. For keystore file location and other information, see the chapter "Managing Keystores, Wallets, and Certificates" in the Oracle Fusion Middleware Administrator's Guide.

Syntax

createKeyStore(instName, compName, compType, keystoreName, password)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid value is 'ovd'.
keystoreName	Specifies the filename of the keystore file to be created.
password	Specifies the keystore password.

Example

The following command creates JKS file keys.jks with password password for Oracle Virtual Directory instance ovd1 in application server instance inst1:

wls:/mydomain/serverConfig> createKeyStore('inst1', 'ovd1', 'ovd','keys.jks', 'password')

createWallet

Online command that creates an Oracle wallet.

Description

This command creates an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory). Wallets can be of password-protected or auto-login type. For wallet details, see the chapter "Managing Keystores, Wallets, and Certificates" in the Oracle Fusion Middleware Administrator's Guide.

Syntax

createWallet(instName, compName, compType, walletName, password)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are 'oid', 'ohs', and 'webcache'.
walletName	Specifies the name of the wallet file to be created.
password	Specifies the wallet password.

Examples

The following command creates a wallet named wallet1 with password password, for Oracle HTTP Server instance ohs1 in application server instance inst1:

wls:/mydomain/serverConfig> createWallet('inst1', 'ohs1', 'ohs','wallet1', 'password')

The following command creates an auto-login wallet named wallet2 for Oracle WebCache instance wc1, in application server instance inst1:

wls:/mydomain/serverConfig> createWallet('inst1', 'wc1', 'webcache','wallet2', '')

deleteKeyStore

Online command that deletes a keystore.

Description

This command deletes a keystore for a specified Oracle Virtual Directory instance.

Syntax

deleteKeyStore(instName, compName, compType, keystoreName)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid value is 'ovd'.
keystoreName	Specifies the name of the keystore file to delete.

Example

The following command deletes JKS file keys.jks for Oracle Virtual Directory instance ovd1 in application server instance inst1:

wls:/mydomain/serverConfig> deleteKeyStore('inst1', 'ovd1', 'ovd','keys.jks')

deleteWallet

Online command that deletes an Oracle wallet.

Description

This command deletes an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory).

Syntax

deleteWallet(instName, compName, compType, walletName)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are 'oid', 'ohs', and 'webcache'.
walletName	Specifies the name of the wallet file to be deleted.

Example

The following command deletes a wallet named wallet1 for Oracle HTTP Server instance ohs1 in application server instance inst1:

wls:/mydomain/serverConfig> deleteWallet('inst1', 'ohs1', 'ohs','wallet1')

exportKeyStore

Online command that exports the keystore to a file.

Description

This command exports a keystore, configured for the specified Oracle Virtual Directory instance, to a file under the given directory. The exported filename is the same as the keystore name.

Syntax

exportKeyStore(instName, compName, compType, keystoreName, password, path)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid value is 'ovd'.
keystoreName	Specifies the name of the keystore file.
password	Specifies the password of the keystore.
path	Specifies the absolute path of the directory under which the keystore is exported.

Example

The following command exports the keystore keys.jks for Oracle Virtual Directory instance ovd1 to file keys.jks under /tmp:

wls:/mydomain/serverConfig> exportKeyStore('inst1', 'ovd1', 'ovd', 'keys.jks', 'password', '/tmp')

exportKeyStoreObject

Online command that exports an object from a keystore to a file.

Description

This command exports a certificate signing request, certificate/certificate chain, or trusted certificate present in a Java keystore (JKS) to a file for the specified Oracle Virtual Directory instance. The certificate signing request is generated before exporting the object. The alias specifies the object to be exported.

Syntax

exportKeyStoreObject(instName, compName, compType, keystoreName, password, type, path, alias)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid value is 'ovd'.
keystoreName	Specifies the name of the keystore file.
password	Specifies the password of the keystore.
type	Specifies the type of the keystore object to be exported. Valid values are 'CertificateRequest', 'Certificate', 'TrustedCertificate' and 'TrustedChain'.
path	Specifies the absolute path of the directory under which the object is exported as a file named base64.txt.
alias	Specifies the alias of the keystore object to be exported.

Examples

The following command generates and exports a certificate signing request from the key-pair indicated by alias mykey in keys.jks, for Oracle Virtual Directory instance ovd1 in application server instance inst1. The certificate signing request is exported under the directory /tmp:

wls:/mydomain/serverConfig> exportKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'CertificateRequest', '/tmp','mykey')

The following command exports a certificate or certificate chain indicated by alias mykey in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1. The certificate or certificate chain is exported under the directory /tmp:

wls:/mydomain/serverConfig> exportKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'Certificate', '/tmp','mykey')

The following command exports a trusted certificate indicated by alias mykey in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1. The trusted certificate is exported under the directory /tmp:

wls:/mydomain/serverConfig> exportKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'TrustedCertificate', '/tmp','mykey')

exportWallet

Online command that exports an Oracle wallet.

Description

This command exports an Oracle wallet, configured for a specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory), to file(s) under the given directory. If the exported file is an auto-login only wallet, the file name is 'cwallet.sso'. If it is password-protected wallet, two files are created: 'ewallet.p12' and 'cwallet.sso'.

Syntax

exportWallet(instName, compName, compType, walletName,password, path)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are 'oid', 'ohs', and 'webcache'.
walletName	Specifies the name of the wallet file.
password	Specifies the password of the wallet.
path	Specifies the absolute path of the directory under which the object is exported.

Examples

The following command exports auto-login wallet wallet1 for Oracle Internet Directory instance oid1 to file cwallet.sso under /tmp:

wls:/mydomain/serverConfig> exportWallet('inst1', 'oid1', 'oid', 'wallet1','','/tmp')

The following command exports password-protected wallet wallet2 for Oracle Internet Directory instance oid1 to two files, ewallet.p12 and cwallet.sso, under /tmp:

wls:/mydomain/serverConfig> exportWallet('inst1', 'oid1', 'oid', 'wallet2', 'password', '/tmp')

exportWalletObject

Online command that exports a certificate or other wallet object to a file.

Description

This command exports a certificate signing request, certificate, certificate chain or trusted certificate present in an Oracle wallet to a file for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory). DN is used to indicate the object to be exported.

Syntax

exportWalletObject(instName, compName, compType, walletName, password, type, path, DN)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are 'ohs','oid', and 'webcache'.
walletName	Specifies the name of the wallet file.
password	Specifies the password of the wallet.
type	Specifies the type of wallet object to be exported. Valid values are 'CertificateRequest', 'Certificate', 'TrustedCertificate' or 'TrustedChain'.
path	Specifies the absolute path of the directory under which the object is exported as a file base64.txt.
DN	Specifies the Distinguished Name of the wallet object being exported.

Examples

The following command exports a certificate signing request with DN cn=www.acme.com in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1. The certificate signing request is exported under the directory /tmp:

wls:/mydomain/serverConfig> exportWalletObject('inst1', 'oid1', 
'oid','wallet1', 'password', 'CertificateRequest', '/tmp','cn=www.acme.com')

The following command exports a certificate with DN cn=www.acme.com in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1. The certificate or certificate chain is exported under the directory /tmp:

wls:/mydomain/serverConfig> exportWalletObject('inst1', 'oid1', 
'oid','wallet1', 'password', 'Certificate', '/tmp','cn=www.acme.com')

The following command exports a trusted certificate with DN cn=www.acme.com in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1. The trusted certificate is exported under the directory /tmp:

wls:/mydomain/serverConfig> exportWalletObject('inst1', 'oid1', 
'oid','wallet1', 'password', 'TrustedCertificate', '/tmp','cn=www.acme.com')

The following command exports a certificate chain with DN cn=www.acme.com in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1. The certificate or certificate chain is exported under the directory /tmp:

wls:/mydomain/serverConfig> exportWalletObject('inst1', 'oid1', 
'oid','wallet1', 'password', 'TrustedChain', '/tmp','cn=www.acme.com')

generateKey

Online command that generates a key pair in a Java keystore.

Description

This command generates a key pair in a Java keystore (JKS) for Oracle Virtual Directory. It also wraps the key pair in a self-signed certificate. Only keys based on the RSA algorithm are generated.

Syntax

generateKey(instName, compName, compType, keystoreName, password, DN, keySize, alias, algorithm)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid value is 'ovd'.
keystoreName	Specifies the name of the keystore.
password	Specifies the password of the keystore.
DN	Specifies the Distinguished Name of the key pair entry.
keySize	Specifies the key size in bits.
alias	Specifies the alias of the key pair entry in the keystore.
algorithm	Specifies the key algorithm. Valid value is 'RSA'.

Examples

The following command generates a key pair with DN cn=www.acme.com, key size 1024, algorithm RSA and alias mykey in keys.jks, for Oracle Virtual Directory instance ovd1 in application server instance inst1:

wls:/mydomain/serverConfig> generateKey('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'cn=www.acme.com', '1024', 'mykey', 'RSA')

The following command is the same as above, except it does not explicitly specify the key algorithm:

wls:/mydomain/serverConfig> generateKey('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'cn=www.acme.com', '1024', 'mykey')

getKeyStoreObject

Online command that shows details about a keystore object.

Description

This command displays a specific certificate or trusted certificate present in a Java keystore (JKS) for Oracle Virtual Directory. The keystore object is indicated by its index number, as given by the listKeyStoreObjects command. It shows the certificate details including DN, key size, algorithm, and other information.

Syntax

getKeyStoreObject(instName, compName, compType, keystoreName, password, type, index)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid value is 'ovd'.
keystoreName	Specifies the name of the keystore file.
password	Specifies the password of the keystore.
type	Specifies the type of the keystore object to be listed. Valid values are 'Certificate' and 'TrustedCertificate'.
index	Specifies the index number of the keystore object as returned by the listKeyStoreObjects command.

Examples

The following command shows a trusted certificate with index 1 present in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1:

wls:/mydomain/serverConfig> getKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'TrustedCertificate', '1')

The following command shows a certificate with index 1 present in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1:

wls:/mydomain/serverConfig> getKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'Certificate', '1')

getSSL

Online command that lists the configured SSL attributes.

Description

This command lists the configured SSL attributes for the specified component listener. For Oracle Internet Directory, the listener name is always sslport1.

Syntax

getSSL(instName, compName, compType, listener)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are 'ovd', 'oid', 'ohs', and 'webcache'.
listener	Specifies the name of the component listener.

Example

The following command shows the SSL attributes configured for Oracle Internet Directory instance oid1, in application server instance inst1, for listener sslport1:

wls:/mydomain/serverConfig> getSSL('inst1', 'oid1', 'oid', 'sslport1')

getWalletObject

Online command that displays information about a certificate or other object in an Oracle wallet.

Description

This command displays a specific certificate signing request, certificate or trusted certificate present in an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory). The wallet object is indicated by its index number, as given by the listWalletObjects command. For certificates or trusted certificates, it shows the certificate details including DN, key size, algorithm and other data. For certificate signing requests, it shows the subject DN, key size and algorithm.

Syntax

getWalletObject(instName, compName, compType, walletName, password, type, index)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.
walletName	Specifies the name of the wallet file.
password	Specifies the password of the wallet.
type	Specifies the type of wallet object to be exported. Valid values are 'CertificateRequest', 'Certificate', and 'TrustedCertificate'.
index	Specifies the index number of the wallet object as returned by the listWalletObjects command.

Examples

The following command shows certificate signing request details for the object with index 0 present in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> getKeyStoreObject('inst1', 'oid1', 'oid','wallet1','password', 'CertificateRequest', '0')

The following command shows certificate details for the object with index 0 present in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> getKeyStoreObject('inst1', 'oid1', 'oid','wallet1','password', 'Certificate', '0')

The following command shows trusted certificate details for the object with index 0, present in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> getKeyStoreObject('inst1', 'oid1', 'oid','wallet1','password', 'TrustedCertificate', '0')

importKeyStore

Online command that imports a keystore from a file.

Description

This command imports a Java keystore (JKS) from a file to the specified Oracle Virtual Directory instance for manageability. The component instance name must be unique.

Syntax

importKeyStore(instName, compName, compType, keystoreName, password, filePath)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid value is 'ovd'.
keystoreName	Specifies the name of the keystore being imported. This name must be unique for this component instance.
password	Specifies the password of the keystore.
filePath	Specifies the absolute path of the keystore file to be imported.

Example

The following command imports the keystore /tmp/keys.jks as file.jks into Oracle Virtual Directory instance ovd1. Subsequently, the keystore is managed through the name file.jks:

wls:/mydomain/serverConfig> importKeyStore('inst1', 'ovd1', 'ovd', 'file.jks',
'password', '/tmp/keys.jks')

importKeyStoreObject

Online command that imports an object from a file to a keystore.

Description

This command imports a certificate, certificate chain, or trusted certificate into a Java keystore (JKS) for Oracle Virtual Directory, assigning it the specified alias which must be unique in the keystore. If a certificate or certificate chain is being imported, the alias must match that of the corresponding key-pair.

Syntax

importKeyStoreObject(instName, compName, compType, keystoreName, password, type, filePath, alias)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid value is 'ovd'.
keystoreName	Specifies the name of the keystore.
password	Specifies the password of the keystore.
type	Specifies the type of the keystore object to be imported. Valid values are 'Certificate' and 'TrustedCertificate'.
filePath	Specifies the absolute path of the file containing the keystore object.
alias	Specifies the alias to assign to the keystore object to be imported.

Examples

The following command imports a certificate or certificate chain from file cert.txt into keys.jks, using alias mykey for Oracle Virtual Directory instance ovd1, in application server instance inst1. The file keys.jks must already have an alias mykey for a key-pair whose public key matches that in the certificate being imported:

wls:/mydomain/serverConfig> > importKeyStoreObject('inst1', 'ovd1', 
'ovd','keys.jks', 'password', 'Certificate','/tmp/cert.txt', 'mykey')

The following command imports a trusted certificate from file trust.txt into keys.jks using alias mykey1, for Oracle Virtual Directory instance ovd1 in application server instance inst1:

wls:/mydomain/serverConfig> importKeyStoreObject('inst1', 'ovd1', 
'ovd','keys.jks', 'password', 'TrustedCertificate','/tmp/trust.txt', 'mykey1')

importWallet

Online command that imports an Oracle wallet from a file.

Description

This command imports an Oracle wallet from a file to the specified component instance (Oracle HTTP Server, Oracle WebCache, or Oracle Internet Directory) for manageability. If the wallet being imported is an auto-login wallet, the file path must point to cwallet.sso; if the wallet is password-protected, it must point to ewallet.p12. The wallet name must be unique for the component instance.

Syntax

importWallet(instName, compName, compType, walletName, password, filePath)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.
walletName	Specifies the name of the wallet being imported. The name must be unique for the component instance.
password	Specifies the password of the wallet.
filePath	Specifies the absolute path of the wallet file being imported.

Examples

The following command imports auto-login wallet file /tmp/cwallet.sso as wallet1 into Oracle Internet Directory instance oid1. Subsequently, the wallet is managed with the name wallet1. No password is passed since it is an auto-login wallet:

wls:/mydomain/serverConfig> importWallet('inst1', 'oid1', 'oid', 'wallet1', '', '/tmp/cwallet.sso')

The following command imports password-protected wallet /tmp/ewallet.p12 as wallet2 into Oracle Internet Directory instance oid1. Subsequently, the wallet is managed with the name wallet2. The wallet password is passed as a parameter:

wls:/mydomain/serverConfig> importWallet('inst1', 'oid1', 'oid', 'wallet2', 'password', '/tmp/ewallet.p12')

importWalletObject

Online command that imports a certificate or other object into an Oracle wallet.

Description

This command imports a certificate, trusted certificate or certificate chain into an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache component or Oracle Internet Directory).When importing a certificate, use the same wallet file from which the certificate signing request was generated.

Syntax

importWalletObject(instName, compName, compType, walletName, password, type, filePath)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.
walletName	Specifies the name of the wallet file.
password	Specifies the password of the wallet.
type	Specifies the type of wallet object to be imported. Valid values are 'Certificate', 'TrustedCertificate' and 'TrustedChain'.
filePath	Specifies the absolute path of the file containing the wallet object.

Examples

The following command imports a certificate chain in PKCS#7 format from file chain.txt into wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> importWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'TrustedChain','/tmp/chain.txt')

The following command imports a certificate from file cert.txt into wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> importWalletObject('inst1', 'oid1', 'oid','wallet1', 
'password', 'Certificate','/tmp/cert.txt')

The following command imports a trusted certificate from file trust.txt into wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> importWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'TrustedCertificate','/tmp/trust.txt')

listKeyStoreObjects

Online command that lists the contents of a keystore.

Description

This command lists all the certificates or trusted certificates present in a Java keystore (JKS) for Oracle Virtual Directory.

Syntax

listKeyStoreObjects(instName, compName, compType, keystoreName, password, type)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid value is 'ovd'.
keystoreName	Specifies the name of the keystore file.
password	Specifies the password of the keystore.
type	Specifies the type of keystore object to be listed. Valid values are 'Certificate' and 'TrustedCertificate'.

Examples

The following command lists all trusted certificates present in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1:

wls:/mydomain/serverConfig> listKeyStoreObjects('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'TrustedCertificate')

The following command lists all certificates present in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1:

wls:/mydomain/serverConfig> listKeyStoreObjects('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'Certificate')

listKeyStores

Online command that lists all the keystores for a component.

Description

This command lists all the Java keystores (JKS) configured for the specified Oracle Virtual Directory instance.

Syntax

listKeyStores(instName, compName, compType)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance
compType	Specifies the type of component. Valid value is 'ovd'.

Example

The following command lists all keystores for Oracle Virtual Directory instance ovd1 in application server instance inst1:

wls:/mydomain/serverConfig> listKeyStores('inst1', 'ovd1', 'ovd')

listWalletObjects

Online command that lists all objects in an Oracle wallet.

Description

This command lists all certificate signing requests, certificates, or trusted certificates present in an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory).

Syntax

listWalletObjects(instName, compName, compType, walletName, password, type)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.
walletName	Specifies the name of the wallet file.
password	Specifies the password of the wallet.
type	Specifies the type of wallet object to be listed. Valid values are 'CertificateRequest', 'Certificate', and 'TrustedCertificate'.

Examples

The following command lists all certificate signing requests in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> > listWalletObjects('inst1', 'oid1', 'oid','wallet1','password', 'CertificateRequest')

The following command lists all certificates in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> listWalletObjects('inst1', 'oid1', 'oid','wallet1','password', 'Certificate')

The following command lists all trusted certificates in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> listWalletObjects('inst1', 'oid1', 'oid','wallet1','password', 'TrustedCertificate')

listWallets

Online command that lists all wallets configured for a component instance.

Description

This command displays all the wallets configured for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory), and identifies the auto-login wallets.

Syntax

listWallets(instName, compName, compType)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance
compType	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.

Example

The following command lists all wallets for Oracle Internet Directory instance oid1 in application server instance inst1:

wls:/mydomain/serverConfig> listWallets('inst1', 'oid1', 'oid')

removeKeyStoreObject

Online command that removes an object from a keystore.

Description

This command removes a certificate request, certificate, trusted certificate, or all trusted certificates from a Java keystore (JKS) for Oracle Virtual Directory. Use an alias to remove a specific object; no alias is needed if all trusted certificates are being removed.

Syntax

removeKeyStoreObject(instName, compName, compType, keystoreName, password, type, alias)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid value is 'ovd'.
keystoreName	Specifies the name of the keystore file.
password	Specifies the password of the keystore.
type	Specifies the type of the keystore object to be removed. Valid values are 'Certificate', 'TrustedCertificate' or 'TrustedAll'.
alias	Specifies the alias of the keystore object to be removed.

Examples

The following command removes a certificate or certificate chain denoted by alias mykey in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1:

wls:/mydomain/serverConfig> removeKeyStoreObject('inst1', 'ovd1', 
'ovd','keys.jks', 'password', 'Certificate','mykey')

The following command removes a trusted certificate denoted by alias mykey in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1:

wls:/mydomain/serverConfig> removeKeyStoreObject('inst1', 'ovd1', 
'ovd','keys.jks', 'password', 'TrustedCertificate','mykey')

The following command removes all trusted certificates in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1. Since no alias is required, the value None is passed for that parameter:

wls:/mydomain/serverConfig> removeKeyStoreObject('inst1', 'ovd1', 
'ovd','keys.jks', 'password', 'TrustedAll',None)

removeWalletObject

Online command that removes a certificate or other object from an Oracle wallet.

Description

This command removes a certificate signing request, certificate, trusted certificate or all trusted certificates from an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory). DN is used to indicate the object to be removed.

Syntax

removeWalletObject(instName, compName, compType, walletName, password, type, DN)

Argument	Definition
instName	Specifies the name of the application server instance.
compName	Specifies the name of the component instance.
compType	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.
walletName	Specifies the name of the wallet file.
password	Specifies the password of the wallet.
type	Specifies the type of the keystore object to be removed. Valid values are 'CertificateRequest', 'Certificate', 'TrustedCertificate' or 'TrustedAll'.
DN	Specifies the Distinguished Name of the wallet object to be removed.

Examples

The following command removes all trusted certificates from wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1. It is not necessary to provide a DN, so we pass null (denoted by None) for the DN parameter:

wls:/mydomain/serverConfig> removeWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'TrustedAll',None)

The following command removes a certificate signing request indicated by DN cn=www.acme.com from wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> removeWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'CertificateRequest','cn=www.acme.com')

The following command removes a certificate indicated by DN cn=www.acme.com from wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> removeWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'Certificate','cn=www.acme.com')

The following command removes a trusted certificate indicated by DN cn=www.acme.com from wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> removeWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'TrustedCertificate','cn=www.acme.com')

Oracle Identity Federation Commands

Use the WLST commands listed in Table 4-4 to view and manage configuration for Oracle Identity Federation.

Table 4-4 WLST Commands for Oracle Identity Federation

Use this command...	To...	Use with WLST...
addConfigListEntryInMap	Add a configuration list entry to a map.	Online
addConfigMapEntryInMap	Add a configuration map entry to a map.	Online
addConfigPropertyListEntry	Add a configuration property list entry.	Online
addConfigPropertyMapEntry	Add a configuration property map entry to the map.	Online
addCustomAuthnEngine	Add a custom authentication engine.	Online
addCustomSPEngine	Add a custom SP engine.	Online
addFederationListEntryInMap	Add a federations list entry to the map.	Online
addFederationMapEntryInMap	Add a federation map entry to the map.	Online
addFederationPropertyListEntry	Add a federation property list entry.	Online
addFederationPropertyMapEntry	Add a federation property map entry.	Online
deleteCustomAuthnEngine	Delete a custom authentication engine.	Online
deleteCustomSPEngine	Delete a custom SP engine.	Online
deleteProviderFederation	Delete a provider from the federation.	Online
deleteUserFederation	Delete a user from the federation.	Online
changeMessageStore	Change the message store to memory or RDBMS.	Online
changePeerProviderDescription	Change a peer provider's description.	Online
changeSessionStore	Change the session store to memory or RDBMS.	Online
createConfigPropertyList	Create a configuration property list.	Online
createConfigPropertyListInMap	Create a configuration property list in the map.	Online
createConfigPropertyMap	Create a configuration property map.	Online
createConfigPropertyMapInMap	Create a nested configuration property map in a map.	Online
createFederationPropertyList	Create a federation property list.	Online
createFederationPropertyListInMap	Create a federation property list in the map.	Online
createFederationPropertyMap	Create a federation property map.	Online
createFederationPropertyMapInMap	Create a nested federation property map in a map.	Online
createPeerProviderEntry	Create a peer provider entry.	Online
getConfigListValueInMap	Retrieve a configuration list value from the map.	Online
getConfigMapEntryInMap	Retrieve a configuration map value from the map.	Online
getConfigProperty	Retrieve a configuration property entry.	Online
getConfigPropertyList	Retrieve a configuration property list.	Online
getConfigPropertyMapEntry	Retrieve a configuration property map entry.	Online
getFederationListValueInMap	Retrieve a federation list value from the map.	Online
getFederationMapEntryInMap	Retrieve a federation map entry from a nested map.	Online
getFederationProperty	Retrieve a federation property.	Online
getFederationPropertyList	Retrieve the federation property list.	Online
getFederationPropertyMapEntry	Retrieve a federation property map entry.	Online
listCustomAuthnEngines	Display the list of custom authentication engines.	Online
listCustomSPEngines	Display the list of custom SP engines.	Online
loadMetadata	Load metadata from a file.	Online
oifStatus	Display the current status of Oracle Identity Federation on the managed server.	Online
removeConfigListInMap	Delete a configuration list in the map.	Online
removeConfigMapEntryInMap	Delete a configuration map entry in the map.	Online
removeConfigMapInMap	Delete a nested configuration map.	Online
removeConfigProperty	Delete a configuration property.	Online
removeConfigPropertyList	Delete a property list.	Online
removeConfigPropertyMap	Delete a property map.	Online
removeConfigPropertyMapEntry	Delete an entry in the property map.	Online
removeFederationListInMap	Delete a federation list in the map.	Online
removeFederationMapInMap	Delete a nested federation map.	Online
removeFederationMapEntryInMap	Delete a nested federation map entry.	Online
removeFederationProperty	Delete a federation property.	Online
removeFederationPropertyList	Delete a federation property list.	Online
removeFederationPropertyMap	Delete a federation property map.	Online
removeFederationPropertyMapEntry	Delete a federation property map entry.	Online
removePeerProviderEntry	Delete a peer provider entry.	Online
setConfigProperty	Set a configuration property.	Online
setCustomAuthnEngine	Define a custom authentication engine.	Online
setCustomSPEngine	Define a custom SP engine.	Online
setFederationProperty	Set a federation property.	Online

For more information, see the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation.

addConfigListEntryInMap

Online command that adds a property value to a map.

Description

This command adds a property value to a nested list inside a map in config.xml.

Syntax

addConfigListEntryInMap(configName, mapname, listName, value, type)

Argument	Definition
configname	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
mapname	Specifies the name of the property to map to be changed in config.xml.
listname	Specifies the name of the list.
value	Specifies the property value.
type	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds valueA to a map list in server configuration:

wls:/mydomain/serverConfig> addConfigListEntryInMap('serverconfig','mymap','mylistA','valueA','string')

addConfigMapEntryInMap

Online command that adds a nested map property entry in a map.

Description

This command that adds a property name/value pair to a map nested inside a map in config.xml.

Syntax

addConfigMapEntryInMap(configName, mapname, nestedMapName, propName, value, type)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
mapname	Specifies the name of the property map to be changed in config.xml.
nestedMapName	name of the nested property map to be changed.
propName	Specifies the name of the list.
value	Specifies the property value.
type	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds a boolean name/value pair to nestedmapB inside the map mymap.

wls:/mydomain/serverConfig> addConfigMapEntryInMap('serverconfig','mymap','nestedmapB','myvarB','true', 'boolean')

addConfigPropertyListEntry

Online command that adds a list property entry to config.xml.

Description

This command adds a property value to a list in config.xml.

Syntax

addConfigPropertyListEntry(configName, listName, value, type)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
listName	Specifies the name of the property list to be added in config.xml.
value	Specifies the new property list value. The entered value is appended to the list.
type	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds a string value to mylistA.

wls:/mydomain/serverConfig> addConfigPropertyListEntry('serverconfig','mylistA','valueA','string')

addConfigPropertyMapEntry

Online command that adds a property name/value entry in a map in config.xml.

Description

This command adds a property name/value entry in a map in config.xml.

Syntax

addConfigPropertyMapEntry(configName, mapName, propName, value, type)

Argument	Definition
configname	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
mapname	Specifies the name of the property map in config.xml.
propName	Specifies the name of the property map.
value	Specifies the property map value to be added.
type	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds valueA of string type to a map.

wls:/mydomain/serverConfig> addConfigPropertyMapEntry('serverconfig','mymapA','myvarA','valueA','string')

addCustomAuthnEngine

Online command that adds a custom authentication integration engine.

Description

This command adds a custom authentication integration engine to config.xml.

Syntax

addCustomAuthnEngine(name, [enabled], [webContext], [authnRelativePath],  [logoutRelativePath], [logoutEnabled])

Argument	Definition
name	Specifies the name of the custom engine.
enabled	This flag specifies whether the engine is enabled (true) or not (false, default).
webContext	Specifies the web context for the engine.
authnRelativePath	Specifies the authentication relative path URL for the engine.
logoutRelativePath	Specifies the logout relative path URL for the engine.
logoutEnabled	This flag is set true to enable logout for the engine, else false.

Example

The following command defines an engine named test and enables it.

wls:/mydomain/serverConfig> addCustomAuthnEngine('test','true')

addCustomSPEngine

Online command that adds a custom service provider (SP) engine.

Description

This command adds a custom SP integration engine to config.xml.

Syntax

addCustomSPEngine(name, [enabled, [authnMech], [webContext], [authnRelativePath], [logoutRelativePath], [logoutEnabled])

Argument	Definition
name	Specifies the name of the custom engine.
enabled	This flag specifies whether the engine is enabled (true) or not (false).
authnMech	Specifies the authentication mechanism for the engine.
webContext	Specifies the web context for the engine.
authnRelativePath	Specifies the authentication relative path URL for the engine.
logoutRelativePath	Specifies the logout relative path URL for the engine.
logoutEnabled	This flag is set true to enable logout for the engine, else false.

Example

The following command adds an engine and gives it a disabled status.

addCustomSPEngine('new engine','false','oracle:fed:authentication:unspecified','webcontext')

addFederationListEntryInMap

Online command that adds a list property entry in a map.

Description

This command adds a property value to a nested list inside a map in cot.xml.

Syntax

addFederationListEntryInMap(providerID, mapname, listName, value, type)

Argument	Definition
providerID	Specifies the provider ID.
mapname	Specifies the name of the property map to be changed in cot.xml.
listName	Specifies the name of the property list to be added to the map.
value	Specifies the property list value to be added. The entered value is appended to the list.
type	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds a boolean property list to mymap.

wls:/mydomain/serverConfig> addFederationListEntryInMap('providerB','mymap','mylistB','true','boolean')

addFederationMapEntryInMap

Online command that adds a nested map property entry in a map.

Description

This command adds a property name/value pair to a map nested inside a map in cot.xml.

Syntax

addFederationMapEntryInMap(providerID, mapname, nestedMapName, propName, value, type)

Argument	Definition
providerID	Specifies the provider ID.
mapname	Specifies the name of the property map to be changed in cot.xml.
nestedMapName	Specifies the name of the nested property map to be changed.
propName	Specifies the name of the property to be updated in the map.
value	Specifies the property value to be added. The entered value is appended to the list.
type	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds a value of type string to the myvarA property in a nested map.

wls:/mydomain/serverConfig> addFederationMapEntryInMap('providerA','mymap','nestedmapA','myvarA','valueA',
'string')

addFederationPropertyListEntry

Online command that adds a list property entry.

Description

This command adds a property value to a list in cot.xml.

Syntax

addFederationPropertyListEntry(providerID, listName, value, type)

Argument	Definition
providerID	Specifies the provider ID.
listName	Specifies the name of the property list to be updated.
value	Specifies the property list value to be added. The entered value is appended to the list.
type	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds a value in string format to a specified property list.

wls:/mydomain/serverConfig> addFederationPropertyListEntry('providerA','mylistA','valueA','string')

addFederationPropertyMapEntry

Online command that a property name/value entry in a map.

Description

This command adds a property name/value pair to a map in cot.xml.

Syntax

addFederationPropertyMapEntry(providerID, mapName, propName, value, type)

Argument	Definition
providerID	Specifies the provider ID.
mapName	Specifies the name of the property map to be changed in cot.xml.
propName	Specifies the name of the property to be added in the map.
value	Specifies the property value to be added. The entered value is appended to the list.
type	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds boolean property myvarB to a map.

wls:/mydomain/serverConfig> addFederationPropertyMapEntry('providerA','mymapB','myvarB','true','boolean')

deleteCustomAuthnEngine

Online command that deletes a custom authentication integration engine from the configuration.

Description

This command deletes a custom authentication integration engine in config.xml. You must provide the engine ID for an existing custom authentication engine in config.xml.

Syntax

deleteCustomAuthnEngine(engineID)

Argument	Definition
engineID	Specifies the engine ID of an existing engine to be deleted.

Example

The following command deletes the authentication engine with ID id1234.

wls:/mydomain/serverConfig> deleteCustomAuthnEngine('id1234')

deleteCustomSPEngine

Online command that deletes a custom service provider (SP) integration engine from the configuration.

Description

This command deletes a custom SP integration engine in config.xml. The EngineID for an existing custom SP engine in config.xml must be provided.

Syntax

ddeleteCustomSPEngine(engineID)

Argument	Definition
engineID	Specifies the engine ID of an existing engine to be deleted.

Example

The following command deletes the engine with ID id1234.

wls:/mydomain/serverConfig> deleteCustomSPEngine('id1234')

deleteProviderFederation

Online command that deletes federations for given provider.

Description

This command deletes federations for given provider ID.

Syntax

deleteProviderFederation(providerID)

Argument	Definition
providerID	Specifies the ProviderID for the peer provider for which federation is to be deleted.

Example

The following command deletes providerA:

wls:/mydomain/serverConfig> deleteProviderFederation(providerA)

deleteUserFederation

Online command that deletes federations for given users.

Description

This command deletes federations for the given list of users.

Syntax

deleteUserFederation([user1,..])

Argument	Definition
user1	Specifies a comma-separated list of users whose federations are to be deleted. At least one user must be specified.

Example

The following command deletes federations for three users:

wls:/mydomain/serverConfig> deleteUserFederation(['userA','userB','userC'])

changeMessageStore

Online command that changes the message store between memory and RDBMS.

Description

This command changes the message store to memory or RDBMS.

Syntax

changeMessageStore(type, [jndiname])

Argument	Definition
type	Specifies the type of store, RDBMS or Memory. Default is Memory.
jndiname	Specifies the jndi name to set for the store. Required if type is RDBMS.

Example

The following command changes the message store to RDBMS:

wls:/mydomain/serverConfig> changeMessageStore('RDBMS','jdbc/mydb')

changePeerProviderDescription

Online command that changes the peer provider description.

Description

This command updates a peer provider description in cot.xml.

Syntax

changePeerProviderDescription(providerID, description)

Argument	Definition
providerID	Specifies the provider ID.
description	Specifies the provider description.

Example

The following command updates the description of a provider:

wls:/mydomain/serverConfig> changePeerProviderDescription('providerA','new description')

changeSessionStore

Online command that changes the session store between memory and RDBMS.

Description

This command changes the session store to memory or RDBMS.

Syntax

changeSessionStore(type, [jndiname])

Argument	Definition
type	Specifies the type of store, RDBMS or Memory. Default is Memory.
jndiname	Specifies the jndi name to set for the store. Required if type is RDBMS.

Example

The following command changes the session store to RDBMS.

wls:/mydomain/serverConfig> changeSessionStore('RDBMS','jdbc/mydb')

createConfigPropertyList

Online command that creates a property list.

Description

This command creates a property list in config.xml.

Syntax

createConfigPropertyList(configName, listName)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
listName	Specifies the property list name.

Example

The following command creates property list mylistA.

wls:/mydomain/serverConfig> createConfigPropertyList('serverconfig','mylistA')

createConfigPropertyListInMap

Online command that creates a property list nested in the property map.

Description

This command creates a property list, nested in the property map, in config.xml.

Syntax

createConfigPropertyListInMap(configName, mapName, listName)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
mapName	Specifies an existing property map to contain the nested list.
listName	Specifies the property list name.

Example

The following command creates property list mylistA nested in a property map.

wls:/mydomain/serverConfig> createConfigPropertyListInMap('serverconfig','mymapA','mylistA')

createConfigPropertyMap

Online command that creates a property map.

Description

This command that creates a property map in config.xml.

Syntax

createConfigPropertyMap(configName, mapName)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
mapName	Specifies the property map to create.

Example

The following command creates property map mymapA:

wls:/mydomain/serverConfig> createConfigPropertyMap('serverconfig','mymapA')

createConfigPropertyMapInMap

Online command that creates a property map.

Description

This command that creates a property map in config.xml.

Syntax

createConfigPropertyMapInMap(configName, mapName, nestedMapName)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
mapName	Specifies the name of an existing property map.
nestedMapName	Specifies the name of the property map to create nested inside mapName.

Example

The following command creates nested property map nestedmymapA:

wls:/mydomain/serverConfig> createConfigPropertyMapInMap('serverconfig','mymapA','nestedmapA')

createFederationPropertyList

Online command that creates a property list.

Description

This command creates a property list in cot.xml.

Syntax

createFederationPropertyList(providerID, listName)

Argument	Definition
providerID	Specifies the provider ID.
listName	Specifies the name of the property list.

Example

The following command creates property list mylistA:

wls:/mydomain/serverConfig> createFederationPropertyList('providerA','mylistA')

createFederationPropertyListInMap

Online command that creates a property list nested in a property map.

Description

This command creates a property list, nested in a property map, in cot.xml.

Syntax

createFederationPropertyListInMap(providerID, mapName, listName)

Argument	Definition
providerID	Specifies the provider ID.
mapName	Specifies an existing property map to contain the nested list.
listName	Specifies the name of the property list.

Example

The following command creates nested property list mylistA:

wls:/mydomain/serverConfig> createFederationPropertyListInMap('providerA','mymapA','mylistA')

createFederationPropertyMap

Online command that creates a property map.

Description

This command that creates a property map in cot.xml.

Syntax

createFederationPropertyMap(providerID, mapName)

Argument	Definition
providerID	Specifies the provider ID.
mapName	Specifies the name of the property map to be added to cot.xml.

Example

The following command creates property map mymapA:

wls:/mydomain/serverConfig> createFederationPropertyMap('providerA','mymapA')

createFederationPropertyMapInMap

Online command that creates a nested property map.

Description

This command that creates a property map, nested in another property map, in cot.xml.

Syntax

createFederationPropertyMapInMap(providerID, mapName, nestedMapName)

Argument	Definition
providerID	Specifies the provider ID.
mapName	Specifies the name of an existing property map.
nestedMapName	Specifies the name of the property map to be nested inside mapName in cot.xml.

Example

The following command creates nested property map nestedmapA:

wls:/mydomain/serverConfig> createFederationPropertyMapInMap('providerA','mymapA','nestedmapA')

createPeerProviderEntry

Online command that creates a peer provider property map entry.

Description

This command creates a peer provider as a Map property entry to cot.xml.

Syntax

createPeerProviderEntry(providerID, description, providerType, version)

Argument	Definition
providerID	Specifies the provider ID to be created.
description	This is the description of the provider ID.
providerType	Specifies the provider type of the peer provider to be created.
version	Specifies the version of the peer provider to be created.

Example

The following command creates a SAML 2.0 service provider:

wls:/mydomain/serverConfig> createPeerProviderEntry('providerA','idp test','SP','SAML2.0')

getConfigListValueInMap

Online command that returns a list nested in a map.

Description

This command returns a list, nested in a map, from config.xml.

Syntax

getConfigListValueInMap(configName, mapName, listName)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be accessed.
mapName	Specifies the name of the property map.
listName	Specifies the name of the list to be fetched from the map.

Example

The following command returns mylistA:

wls:/mydomain/serverConfig> getConfigListValueInMap('serverConfig','mymapA','mylistA')

getConfigMapEntryInMap

Online command that returns a map property entry nested in a map.

Description

This command returns a map property entry, nested in a map, from config.xml.

Syntax

getConfigMapEntryInMap(configName, mapname, nestedMapName, propName)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be accessed.
mapname	Specifies the name of the property map.
nestedMapName	Specifies the name of the nested property map.
propName	Specifies the name of the property to be fetched from the nested map.

Example

The following command returns property entry myvarA:

wls:/mydomain/serverConfig> getConfigMapEntryInMap('serverconfig','mymap','nestedmapA','myvarA')

getConfigProperty

Online command that returns a property value.

Description

This command returns a property value from config.xml.

Syntax

getConfigProperty(configName, propName)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be accessed.
propName	Specifies the name of the property to be fetched from the nested map.

Example

The following command returns property myvarA:

wls:/mydomain/serverConfig> getConfigProperty('serverconfig','myvarA')

getConfigPropertyList

Online command that returns a property list.

Description

This command returns a property list from config.xml.

Syntax

getConfigPropertyList(configName, listName)

Argument	Definition
configName	Specifies the configuration name.
listName	Specifies the name of the property list to be fetched from config.xml.

Example

The following command returns mylistA:

wls:/mydomain/serverConfig> getConfigPropertyList('serverconfig','mylistA')

getConfigPropertyMapEntry

Online command that returns a property value from a map.

Description

This command returns a property value from a map in config.xml.

Syntax

getConfigPropertyMapEntry(configName, mapName, propName)

Argument	Definition
configName	Specifies the configuration name (for example, idpsaml20, serverconfig, spsaml20,..).
mapName	Specifies the name of the property map.
propName	Specifies the name of the property to be fetched from the map in config.xml.

Example

The following command returns property propA:

wls:/mydomain/serverConfig> getConfigPropertyMapEntry('serverconfig','mapA', 'propA')

getFederationListValueInMap

Online command that returns a list value nested in a map.

Description

This command returns a list value nested in a map from cot.xml.

Syntax

getFederationListValueInMap(providerID, mapName, listName)

Argument	Definition
providerID	Specifies the name of the peer provider to be accessed.
mapName	Specifies the name of the property map.
listName	Specifies the name of the list to be fetched from the map.

Example

The following command returns nested list mylistA:

wls:/mydomain/serverConfig> getFederationListValueInMap('providerA','mymapA','mylistA')

getFederationMapEntryInMap

Online command that returns a map property entry nested in a map.

Description

This command returns a map property entry, nested in a map, from cot.xml.

Syntax

getFederationMapEntryInMap(providerID, mapname, nestedMapName, propName)

Argument	Definition
providerID	Specifies the name of the peer provider to be accessed.
mapName	Specifies the name of the property map.
nestedMapName	Specifies the name of the nested property map.
propName	Specifies the name of the property to be fetched from the nested map.

Example

The following command returns property entry myvarA:

wls:/mydomain/serverConfig> getFederationMapEntryInMap('providerA','mymap','nestedmapA','myvarA')

getFederationProperty

Online command that returns a property value.

Description

This command returns a property value from cot.xml.

Syntax

getFederationProperty(providerID, propName)

Argument	Definition
providerID	Specifies the name of the peer provider to be accessed.
propName	Specifies the name of the property to be fetched from cot.xml.

Example

The following command returns property myvarA:

wls:/mydomain/serverConfig> getFederationProperty('providerA','myvarA')

getFederationPropertyList

Online command that returns a property list.

Description

This command returns a property list from cot.xml.

Syntax

getFederationPropertyList(providerID, listName)

Argument	Definition
providerID	Specifies the name of the peer provider to be accessed.
listName	Specifies the name of the list to be fetched from the map.

Example

The following command returns list mylistA:

wls:/mydomain/serverConfig> getFederationPropertyList('providerA','mylistA')

getFederationPropertyMapEntry

Online command that returns a property value from a map.

Description

This command returns a property value from a map in cot.xml.

Syntax

getFederationPropertyMapEntry(providerID, mapName, propName)

Argument	Definition
providerID	Specifies the name of the peer provider to be accessed.
mapName	Specifies the name of the property map.
propName	Specifies the name of the property to be fetched from the nested map.

Example

The following command returns property propA from a map:

wls:/mydomain/serverConfig> getFederationPropertyMapEntry('providerA','mapA', 'propA')

listCustomAuthnEngines

Online command that returns a list of custom authentication integration engines.

Description

This command returns a list of custom authentication integration engines from config.xml.

Syntax

listCustomAuthnEngines()

Example

The following command returns the list of all SP engines:

wls:/mydomain/serverConfig> listCustomAuthnEngines()

listCustomSPEngines

Online command that returns a list of custom SP integration engines.

Description

This command returns a list of custom service provider (SP) integration engines from config.xml.

Syntax

listCustomSPEngines()

Example

The following command returns the list of all SP integration engines:

wls:/mydomain/serverConfig> listCustomSPEngines()

loadMetadata

Online command that loads metadata from an input file.

Description

This command loads metadata from an input file into cot.xml.

Syntax

loadMetadata(metadatafile,description)

Argument	Definition
metadatafile	Specifies the metadata file of the peer provider to be added or updated.
description	This is a brief description of the peer provider to be loaded.

Example

The following command loads metadata from the file metadatafile.xml:

wls:/mydomain/serverConfig> loadMetadata('/home/metadatafile.xml','some description')

oifStatus

Online command that reports the current status of the Oracle Identity Federation application in the managed server to which WLST is connected.

Description

This command displays the current status of Oracle Identity Federation on the managed server.

Syntax

loifStatus('serverurl', 'configfile', 'keyfile')

Argument	Definition
serverurl	Specifies the URL of the managed server.
configfile	This is a pre-defined user configuration file created with the WLST storeUserConfig command.
keyfile	This is a pre-defined key file created with the WLST storeUserConfig command

Example

The following command provides no arguments; WLST prompts you for the Oracle WebLogic Server username, password, and the managed server URL, then displays the federation server status:

wls:/mydomain/serverConfig> oifStatus()

The following command provides only the managed server URL; WLST prompts you for the Oracle WebLogic Server username and password:

wls:/mydomain/serverConfig> oifStatus('', '', 't3://localhost:7499')

The following command provides all arguments needed for WLST to display the federation server status:

wls:/mydomain/serverConfig> oifStatus('configfileA', 'keyfileB', 't3://localhost:7499')

removeConfigListInMap

Online command that removes a list property nested in a map.

Description

This command removes a list property nested in a map from config.xml.

Syntax

removeConfigListInMap(configName, mapName, listName)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be accessed.
mapName	Specifies the name of the property map.
listName	Specifies the name of the list to be removed from the map.

Example

The following command removes the list property mylistA:

wls:/mydomain/serverConfig> removeConfigListInMap('serverConfig','mymapA','mylistA')

removeConfigMapEntryInMap

Online command that removes a map property nested in a map.

Description

This command removes a map property entry nested in a map from config.xml.

Syntax

removeConfigMapEntryInMap(configName, mapname, nestedMapName, propName)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be accessed.
mapName	Specifies the name of the property map.
nestedMapName	Specifies the name of the nested property map.
propName	Specifies the name of the property to be removed from the nested map.

Example

The following command removes the nested property myvarA:

wls:/mydomain/serverConfig> removeConfigMapEntryInMap('serverconfig','mymap','nestedmapA','myvarA')

removeConfigMapInMap

Online command that removes a map property nested in a map.

Description

This command removes a map property entry nested in a map from config.xml.

Syntax

removeConfigMapEntryInMap(configName, mapName, nestedMapName, propName)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
mapName	Specifies the name of the property map.
nestedMapName	Specifies the name of the nested property map.
propName	Specifies the name of the property to be removed from the nested map.

Example

The following command removes the nested property myvarA:

wls:/mydomain/serverConfig> removeConfigMapEntryInMap('serverconfig','mymap','nestedmapA','myvarA')

removeConfigProperty

Online command that removes a configuration property.

Description

This command removes a property from config.xml.

Syntax

removeConfigProperty(configName, propName)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
propName	Specifies the name of the property to be removed.

Example

The following command removes the property myvarA:

wls:/mydomain/serverConfig> removeConfigProperty('serverconfig','myvarA')

removeConfigPropertyList

Online command that removes a configuration property list.

Description

This command removes a property list from config.xml.

Syntax

removeConfigPropertyList(configName, listName)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
listName	Specifies the name of the property list to be removed.

Example

The following command removes the property list mylistA:

wls:/mydomain/serverConfig> removeConfigPropertyList('serverconfig','mylistA')

removeConfigPropertyMap

Online command that removes a property map.

Description

This command removes a property map in config.xml.

Syntax

removeConfigPropertyMap(configName, mapName)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
mapName	Specifies the name of the property map to be removed.

Example

The following command removes mapA:

wls:/mydomain/serverConfig> removeConfigPropertyMap('serverconfig','mapA')

removeConfigPropertyMapEntry

Online command that removes a property value from a map.

Description

This command removes a property value from a map in config.xml.

Syntax

removeConfigPropertyMapEntry(configName, mapName, propName)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
mapName	Specifies the name of the property map to be updated.
propName	Specifies the name of the property to be removed from the map.

Example

The following command removes property propA:

wls:/mydomain/serverConfig> removeConfigPropertyMapEntry('serverconfig','mapA', 'propA')

removeFederationListInMap

Online command that removes a property list in a map.

Description

This command removes a property list in a map, in cot.xml.

Syntax

removeFederationListInMap(providerID, mapName, listName)

Argument	Definition
providerID	Specifies the name of the peer provider to be accessed.
mapName	Specifies the name of the property map.
listName	Specifies the name of the property list to be removed.

Example

The following command removes mylistA in mymapA:

wls:/mydomain/serverConfig> removeFederationListInMap('providerA','mymapA','mylistA')

removeFederationMapInMap

Online command that removes a nested map in a map.

Description

This command removes a property map nested inside a map in cot.xml.

Syntax

removeFederationMapInMap(providerID, mapname, nestedMapName)

Argument	Definition
providerID	Specifies the name of the peer provider to be accessed.
mapName	Specifies the name of the property map containing the nested map.
nestedMapName	Specifies the name of the nested property map to be removed.

Example

The following command removes nestedmapA in mymap:

wls:/mydomain/serverConfig> removeFederationMapInMap('providerA','mymap','nestedmapA')

removeFederationMapEntryInMap

Online command that removes a nested map property entry in a map.

Description

This command removes a property name/value pair to a map nested inside a map in cot.xml.

Syntax

removeFederationMapEntryInMap(providerID, mapname, nestedMapName, propName)

Argument	Definition
providerID	Specifies the name of the peer provider to be accessed.
mapName	Specifies the name of the property map containing the nested map.
nestedMapName	Specifies the name of the nested property map.
propName	Specifies the name of the property to be removed from the nested map.

Example

The following command removes map property entry myvarA:

wls:/mydomain/serverConfig> removeFederationMapEntryInMap('providerA','mymap','nestedmapA','myvarA')

removeFederationProperty

Online command that removes a property value.

Description

This command removes a property entry in cot.xml.

Syntax

removeFederationProperty(providerID, propName)

Argument	Definition
providerID	Specifies the name of the peer provider to be updated.
propName	Specifies the name of the property to be removed.

Example

The following command removes the provider property myvarA:

wls:/mydomain/serverConfig> removeFederationProperty('providerA','myvarA')

removeFederationPropertyList

Online command that removes a property list entry.

Description

This command removes a property list entry in cot.xml.

Syntax

removeFederationPropertyList(providerID, listName)

Argument	Definition
providerID	Specifies the name of the peer provider to be accessed.
listName	Specifies the name of the property list to be removed.

Example

The following command removes mylistA:

wls:/mydomain/serverConfig> removeFederationPropertyList('providerA','mylistA')

removeFederationPropertyMap

Online command that removes a property map.

Description

This command removes a property map in cot.xml.

Syntax

removeFederationPropertyMap(providerID, mapName)

Argument	Definition
providerID	Specifies the name of the peer provider to be accessed.
mapName	Specifies the name of the property map to be removed.

Example

The following command removes a map:

wls:/mydomain/serverConfig> removeFederationPropertyMap('providerA','mapA')

removeFederationPropertyMapEntry

Online command that removes a property value from a map.

Description

This command removes a property value from a map in cot.xml.

Syntax

removeFederationPropertyMapEntry(providerID, mapName, propName)

Argument	Definition
providerID	Specifies the name of the peer provider to be accessed.
mapName	Specifies the name of the property map to be updated.
propName	Specifies the name of the property to be removed from the map.

Example

The following command removes property propA from a map:

wls:/mydomain/serverConfig> removeFederationPropertyMapEntry('providerA','mapA', 'propA')

removePeerProviderEntry

Online command that removes a peer provider entry.

Description

This command removes a peer provider entry from cot.xml.

Syntax

removePeerProviderEntry(providerID)

Argument	Definition
providerID	Specifies the name of the peer provider to be removed.

Example

The following command removes providerA:

wls:/mydomain/serverConfig> removePeerProviderEntry('providerA')

setConfigProperty

Online command that sets a property value in config.xml.

Description

This command adds or updates a property value in config.xml.

Syntax

setConfigProperty(configname, propName, value, type)

Argument	Definition
configName	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
propName	Specifies the name of the property to be added/updated in config.xml.
value	Specifies the property value.
type	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command sets the property myvarA and its value in the server configuration:

wls:/mydomain/serverConfig> setConfigProperty('serverconfig','myvarA','myvalA','string')

setCustomAuthnEngine

Online command that updates a custom authentication integration engine.

Description

This command updates a custom authentication integration engine in config.xml.

Syntax

setCustomAuthnEngine(engineID, name, [enabled], [webContext], [authnRelativePath], [logoutRelativePath], [logoutEnabled])

Argument	Definition
engineID	Specifies the engine ID of an existing engine.
name	Specifies the name of the custom engine.
enabled	This flag specifies whether the engine is enabled (true) or not (false).
webContext	Specifies the web context for the engine.
authnRelativePath	Specifies the authentication relative path URL for the engine.
logoutRelativePath	Specifies the logout relative path URL for the engine.
logoutEnabled	This flag is set true to enable logout for the engine, else false.

Example

The following command updates the configuration of custom authentication engine abcdef:

wls:/mydomain/serverConfig> setCustomAuthnEngine('abcdef',
'custom one','false','oracle:fed:authentication:unspecified','webcontext')

setCustomSPEngine

Online command that updates a custom SP integration engine.

Description

This command updates an existing custom SP integration engine in config.xml.

Syntax

setCustomSPEngine(engineID, name, [enabled, [authnMech], [webContext], [authnRelativePath], [logoutRelativePath], [logoutEnabled])

Argument	Definition
engineID	Specifies the engine ID of an existing custom engine.
name	Specifies the name of the custom engine.
enabled	This flag specifies whether the engine is enabled (true) or not (false).
authnMech	Specifies the authentication mechanism for the engine.
webContext	Specifies the web context for the engine.
authnRelativePath	Specifies the authentication relative path URL for the engine.
logoutRelativePath	Specifies the logout relative path URL for the engine.
logoutEnabled	This flag is set true to enable logout for the engine, else false.

Example

The following command sets the name and the enabled flag for the engine with ID engineID2:

wls:/mydomain/serverConfig> setCustomSPEngine('engineid2','test','true')

setFederationProperty

Online command that adds or updates a property value.

Description

This command adds a property entry or updates an existing entry in cot.xml.

Syntax

setFederationProperty(providerID, propName, value, type)

Argument	Definition
providerID	Specifies the name of the peer provider to be updated.
propName	Specifies the name of the property to be added/updated in cot.xml.
value	Specifies the property value.
type	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command creates the property myvarA and sets its value:

wls:/mydomain/serverConfig> setFederationProperty('providerA','myvarA','myvalA','string')

Directory Integration Platform Commands

Some of the Directory Integration Platform (DIP) tools use WLST internally, and therefore, there are no custom WLST commands available to run from the WLST command prompt or to use within scripts. For information on DIP tools, see "Directory Integration Platform Tools" in the Oracle Fusion Middleware User Reference for Oracle Identity Management.

Security Commands

Use the WLST security commands listed in Table 4-5 to operate on a domain policy or credential store, and to migrate policies and credentials from a source repository to a target repository.

Table 4-5 WLST Security Commands

Use this command...	To...	Use with WLST...
createAppRole	Create a new application role.	Online
deleteAppRole	Remove an application role.	Online
grantAppRole	Add a principal to a role.	Online
revokeAppRole	Remove a principal from a role.	Online
listAppRoles	List all roles in an application.	Online
listAppRolesMembers	List all members in an application role.	Online
grantPermission	Create a new permission.	Online
revokePermission	Remove a permission.	Online
listPermissions	List all permissions granted to a principal.	Online
deleteAppPolicies	Remove all policies in an application.	Online
migrateSecurityStore	Migrate policies or credentials from a source repository to a target repository.	Offline
listCred	Obtain the list of attribute values of a credential.	Online
updateCred	Modify the attribute values of a credential.	Online
createCred	Create a new credential.	Online
deleteCred	Remove a credential.	Online
modifyBootStrapCredential	Update bootstrap credential store	Offline
reassociateSecurityStore	Reassociate policies and credentials to an LDAP repository	Online
upgradeSecurityStore	Upgrade security data from data used with release 10.1.x to data used with release 11.	Offline
createResourceType	Create a new resource type.	Online
getResourceType	Fetch an existing resource type.	Online
deleteResourceType	Remove an existing resource type.	Online

createAppRole

Online command that creates a new application role.

Description

Creates a new application role in the domain policy store with a given application and role name. In the event of an error, the command returns a WLSTException.

Syntax

createAppRole(appStripe, appRoleName)

Argument	Definition
appStripe	Specifies an application stripe.
appRoleName	Specifies a role name.

Example

The following invocation creates a new application role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> createAppRole(appStripe="myApp", appRoleName="myRole")

deleteAppRole

Online command that removes an application role.

Description

Removes an application role in the domain policy store with a given application and role name. In the event of an error, the command returns a WLSTException.

Syntax

createAppRole(appStripe, appRoleName)

Argument	Definition
appStripe	Specifies an application stripe.
appRoleName	Specifies a role name.

Example

The following invocation removes the role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> createAppRole(appStripe="myApp", appRoleName="myRole")

grantAppRole

Online command that adds a principal to a role.

Description

Adds a principal (class or name) to a role with a given application stripe and name. In the event of an error, the command returns a WLSTException.

Syntax

grantAppRole(appStripe, appRoleName,principalClass, principalName)

Argument	Definition
appStripe	Specifies an application stripe.
appRoleName	Specifies a role name.
principalClass	Specifies the fully qualified name of a class.
principalName	Specifies the principal name.

Example

The following invocation adds a principal to the role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> grantAppRole(appStripe="myApp",  
appRoleName="myRole",principalClass="com.example.xyzPrincipal",
principalName="myPrincipal")

revokeAppRole

Online command that removes a principal from a role.

Description

Removes a principal (class or name) from a role with a given application stripe and name. In the event of an error, the command returns a WLSTException.

Syntax

revokeAppRole(appStripe, appRoleName, principalClass, principalName)

Argument	Definition
appStripe	Specifies an application stripe.
appRoleName	Specifies a role name.
principalClass	Specifies the fully qualified name of a class.
principalName	Specifies the principal name.

Example

The following invocation removes a principal to the role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> revokeAppRole(appStripe="myApp", 
appRoleName="myRole",principalClass="com.example.xyzPrincipal", 
principalName="myPrincipal")

listAppRoles

Online command that lists all roles in an application.

Description

Lists all roles within a given application stripe. In the event of an error, the command returns a WLSTException.

Syntax

listAppRoles(appStripe)

Argument	Definition
appStripe	Specifies an application stripe.

Example

The following invocation returns all roles with application stripe myApp:

wls:/mydomain/serverConfig> listAppRoles(appStripe="myApp")

listAppRolesMembers

Online command that lists all members in a role.

Description

Lists all members in a role with a given application stripe and role name. In the event of an error, the command returns a WLSTException.

Syntax

listAppRoleMembers(appStripe, appRoleName)

Argument	Definition
appStripe	Specifies an application stripe.
appRoleName	Specifies a role name.

Example

The following invocation returns all members in the role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> listAppRoleMembers(appStripe="myApp", appRoleName="myRole")

grantPermission

Online command that creates a new permission.

Description

Creates a new permission for a given code base or URL. In the event of an error, the command returns a WLSTException.

Syntax

Optional arguments are enclosed in between square brackets.

grantPermission([appStripe,] [codeBaseURL,] [principalClass,] [principalName,]permClass, [permTarget,] [permActions])

Argument	Definition
appStripe	Specifies an application stripe. If not specified, the command works on system policies.
codeBaseURL	Specifies the URL of the code granted the permission.
principalClass	Specifies the fully qualified name of a class (grantee).
principalName	Specifies the name of the grantee principal.
permClass	Specifies the fully qualified name of the permission class.
permTarget	Specifies, when available, the name of the permission target. Some permissions may not include this attribute.
permActions	Specifies a comma-separated list of actions granted. Some permissions may not include this attribute and the actions available depend on the permission class.

Examples

The following invocation creates a new application permission (for the application with application stripe myApp) with the specified data:

wls:/mydomain/serverConfig> grantPermission(appStripe="myApp",  
principalClass="my.custom.Principal",  principalName="manager",
permClass="java.security.AllPermission")

The following invocation creates a new system permission with the specified data:

wls:/mydomain/serverConfig> grantPermission(principalClass="my.custom.Principal", principalName="manager",   
permClass="java.io.FilePermission", permTarget="/tmp/fileName.ext", 
permTarget="/tmp/fileName.ext", permActions="read,write")

revokePermission

Online command that removes a permission.

Description

Removes a permission for a given code base or URL. In the event of an error, the command returns a WLSTException.

Syntax

Optional arguments are enclosed in between square brackets.

revokePermission([appStripe,] [codeBaseURL,] [principalClass,] [principalName,]permClass, [permTarget,] [permActions])

Argument	Definition
appStripe	Specifies an application stripe. If not specified, the command works on system policies.
codeBaseURL	Specifies the URL of the code granted the permission.
principalClass	Specifies the fully qualified name of a class (grantee).
principalName	Specifies the name of the grantee principal.
permClass	Specifies the fully qualified name of the permission class.
permTarget	Specifies, when available, the name of the permission target. Some permissions may not include this attribute.
permActions	Specifies a comma-separated list of actions granted. Some permissions may not include this attribute and the actions available depend on the permission class.

Examples

The following invocation removes the application permission (for the application with application stripe myApp) with the specified data:

wls:/mydomain/serverConfig> revokePermission(appStripe="myApp",  
principalClass="my.custom.Principal", principalName="manager", 
permClass="java.security.AllPermission")

The following invocation removes the system permission with the specified data:

wls:/mydomain/serverConfig> revokePermission(principalClass="my.custom.Principal", principalName="manager",  
permClass="java.io.FilePermission", permTarget="/tmp/fileName.ext", 
permActions="read,write")

listPermissions

Online command that lists all permissions granted to a given principal.

Description

Lists all permissions granted to a given principal. In the event of an error, the command returns a WLSTException.

Syntax

Optional arguments are enclosed in between square brackets.

listPermissions([appStripe,] principalClass, principalName)

Argument	Definition
appStripe	Specifies an application stripe. If not specified, the command works on system policies.
principalClass	Specifies the fully qualified name of a class (grantee).
principalName	Specifies the name of the grantee principal.

Examples

The following invocation lists all permissions granted to a principal by the policies of application myApp:

wls:/mydomain/serverConfig> listPermissions(appStripe="myApp", principalClass="my.custom.Principal",principalName="manager")
                

The following invocation lists all permissions granted to a principal by system policies:

wls:/mydomain/serverConfig> listPermissions(principalClass="my.custom.Principal", principalName="manager")

deleteAppPolicies

Online command that removes all policies with a given application stripe.

Description

Removes all policies with a given application stripe. In the event of an error, the command returns a WLSTException.

Syntax

deleteAppPolicies(appStripe)

Argument	Definition
appStripe	Specifies an application stripe. If not specified, the command works on system policies.

Example

The following invocation removes all policies of application myApp:

wls:/mydomain/serverConfig> deleteAppPolicies(appStripe="myApp")

migrateSecurityStore

Offline command that migrates identities, application-specific, system policies, a specific credential folder, or all credentials.

Description

Migrates identities, application-specific, or system policies from a source repository to a target repository. Migrates a specific credential folder or all credentials.

The kinds of the repositories where the source and target data is stored is transparent to the command, and any combination of file-based and LDAP-based repositories is allowed (LDAP-repositories must use an OVD or an OID LDAP server only). In the event of an error, the command returns a WLSTException.

Syntax

The command syntax varies depending on the scope (system or application-specific or both) of the policies being migrated.

Optional arguments are enclosed in square brackets.

To migrate identities, use the following syntax:

migrateSecurityStore(type="idStore", configFile, src, dst, [dstLdifFile])
                     

To migrate all policies (system and application-specific, for all applications) use the following syntax

migrateSecurityStore(type="policyStore", configFile, src, 
dst,[overWrite,][preserveAppRoleGuid])

To migrate just system policies, use the following syntax:

migrateSecurityStore(type="globalPolicies", configFile, src, dst, [overWrite])

To migrate just application-specific policies, for one application, use the following syntax:

migrateSecurityStore(type="appPolicies", configFile,src, dst, srcApp 
[,dstApp] [,overWrite] [,migrateIdStoreMapping][,preserveAppRoleGuid] [,mode])

To migrate all credentials, use the following syntax:

migrateSecurityStore(type="credStore", configFile, src, dst, [overWrite])

To migrate just one credential folder, use the following syntax:

migrateSecurityStore(type="folderCred", configFile,src, dst, [srcFolder,]
[dstFolde,] [srcConfigFile,] [overWrite])

Argument	Definition
type	Specifies the type of policies migrates. To migrate identities, set it to idStore. To migrate all policies (system and application-specific, for all applications), set to policyStore. To migrate just system policies, set to globalPolicies. To migrate just application-specific policies, set to appPolicies. To migrate all credentials, set to credStore. To migrate just one credential folder, set to folderCred.
configFile	Specifies the location of a configuration file jps-config.xml relative to the directory where the command is run. The configuration file passed need not be an actual domain configuration file, but it can be assembled just to specify the source and destination repositories of the migration.
src	Specifies the name of a jps-context in the configuration file passed to the argument configFile, where the source store is specified.
dst	Specifies the name of another jps-context in the configuration file passed to the argument configFile, where the destination store is specified.
srcApp	Specifies the name of the source application, that is, the application whose policies are being migrated.
dstApp	Specifies the name of the target application, that is, the application whose policies are being written. If unspecified, it defaults to the name of the source application.
srcFolder	Specifies the name of the folder from where credentials are migrated. This argument is optional. If unspecified, the credential store is assumed to have only one folder and the value of this argument defaults to the name of that folder.
dstFolder	Specifies the folder to where the source credentials are migrated. This argument is optional and, if unspecified, defaults to the folder passed to srcFolder.
srcConfigFile	Specifies the location of an alternate configuration file, and it is used in the special case in which credentials are not configured in the file passed to configFile. This argument is optional. If unspecified, it defaults to the value passed to configFile; if specified, the value passed to configFile is ignored.
overWrite	Specifies whether data in the target matching data being migrated should be overwritten by or merged with the source data. Optional and false by default. Set to true to overwrite matching data; set to false to merge matching data.
migrateIdStoreMapping	Specifies whether the migration of application policies should include or exclude the migration of enterprise policies. Optional and true by default. Set it to False to exclude enterprise policies from the migration of application policies.
dstLdifFile	Specifies the location where the LDIF file will be created. Required only if destination is an LDAP-based identity store. Notice that the LDIF file is not imported into the LDAP server; the importing of the file LDIF should be done manually, after the file has been edited to account for the appropriate attributes required in your LDAP server.
preserveAppRoleGuid	Specifies whether the migration of policies should preserve or recreate GUIDs. Optional and false, by default. Set to true to preserve GUIDs; set to false to recreated GUIDs.
mode	Specifies whether the migration should stop and signal an error upon encountering a duplicate principal or a duplicate permission in an application policy. Set to lax to allow the migration to continue upon encountering duplicate items, to migrate just one of the duplicated items, and to log a warning to this effect; set to strict to force the migration to stop upon encountering duplicate items. If unspecified, it defaults to strict.

Note the following requirements about the passed arguments:

• The file jps-config.xml is found in the passed location.

• The file jps-config.xml includes the passed jps-contexts.

• The source and the destination context names are distinct. From these two contexts, the command determines the locations of the source and the target repositories involved in the migration.

Examples

The following invocation illustrates the migration of the file-based policies of application PolicyServlet1 to file-based policies of application PolicyServlet2, that does not stop on encountering duplicate principals or permissions, that migrates just one of duplicate items, and that logs a warning when duplicates are found:

wls:/mydomain/serverConfig> migrateSecurityStore(type="appPolicies",  
configFile="jps-congif.xml", src="default1", dst="context2",
srcApp="PolicyServlet1", dstApp="PolicyServlet2", overWrite="true", mode="lax")
                

The above invocation assumes that:

• The file jps-config.xml is located in the directory where the command is run (current directory).

• That file includes the following elements:

<serviceInstance name="policystore1.xml" provider="some.provider">
  <property name="location" value="jazn-data1.xml"/>
</serviceInstance>
<serviceInstance name="policystore2.xml" provider="some.provider">
  <property name="location" value="jazn-data2.xml"/>
</serviceInstance>
...
<jpsContext name="default1">
  <serviceInstanceRef ref="policystore1.xml"/>
  ...
</jpsContext>
<jpsContext name="context2">
  <serviceInstanceRef ref="policystore2.xml"/>
  ...
</jpsContext>

The file-based policies for the two applications involved in the migration are defined in the files jazn-data1.xml and jazn-data2.xml, which are not shown but assumed located in the current directory.

The following invocation illustrates the migration of file-based credentials from one location to another:

wls:/mydomain/serverConfig> migrateSecurityStore(type="credStore", configFile="jps-congif.xml", src="default1", dst="context2")
                

The above invocation assumes that:

• The file jps-config.xml is located in the directory where the command is run (current directory).

• That file includes the following elements:

<serviceInstance name="credstore1" provider="some.provider">
  <property name="location" value="./credstore1/cwallet.sso"/>
</serviceInstance>
<serviceInstance name="credstore2" provider="some.provider">
  <property name="location" value="./credstore2/cwallet.sso"/>
</serviceInstance>
...
<jpsContext name="default1">
  <serviceInstanceRef ref="credstore1"/>
  ...
</jpsContext>
<jpsContext name="context2">
  <serviceInstanceRef ref="credstore2"/>
  ...
</jpsContext>

listCred

Online command that returns the list of attribute values of a credential in the domain credential store.

Description

Returns the list of attribute values of a credential in the domain credential store with given map name and key name. This command lists the data encapsulated in credentials of type password only. In the event of an error, the command returns a WLSTException.

Syntax

listCred(map, key)

Argument	Definition
map	Specifies a map name (folder).
key	Specifies a key name.

Example

The following invocation returns all the information (such as user name, password, URL, port, and description) in the credential with map name myMap and key name myKey:

wls:/mydomain/serverConfig> listCred(map="myMap", key="myKey")

updateCred

Online command that modifies the type, user name, and password of a credential.

Description

Modifies the type, user name, password, URL, and port number of a credential in the domain credential store with given map name and key name. This command can update the data encapsulated in credentials of type password only. In the event of an error, the command returns a WLSTException. This command runs in interactive mode only.

Syntax

Optional arguments are enclosed in square brackets.

updateCred(map, key, user, password, [desc])

Argument	Definition
map	Specifies a map name (folder).
key	Specifies a key name.
user	Specifies the credential user name.
password	Specifies the credential password.
desc	Specifies a string describing the credential.

Examples

The following invocation updates a password credential with the specified data:

wls:/mydomain/serverConfig> updateCred(map="myMap", key="myKey", user="myUsr", 
password="myPassw", desc="updated passw cred to connect to app xyz")

createCred

Online command that creates a new credential in the domain credential store.

Description

Creates a new credential in the domain credential store with a given map name, key name, type, user name and password, URL and port number. In the event of an error, the command returns a WLSTException. This command runs in interactive mode only.

Syntax

Optional arguments are enclosed in square brackets.

createCred(map, key, user, password, [desc])

Argument	Definition
map	Specifies a map name (folder).
key	Specifies a key name.
user	Specifies the credential user name.
password	Specifies the credential password.
desc	Specifies a string describing the credential.

Examples

The following invocation creates a new password credential with the specified data:

wls:/mydomain/serverConfig> createCred(map="myMap, key="myKey", user="myUsr", 
password="myPassw", desc="updated usr name and passw to connect to app xyz")

deleteCred

Online command that removes a credential in the domain credential store.

Description

Removes a credential with given map name and key name from the domain credential store. In the event of an error, the command returns a WLSTException.

Syntax

deleteCred(map,key)

Argument	Definition
map	Specifies a map name (folder).
key	Specifies a key name.

Examples

The following invocation removes the credential with map name myMap and key name myKey:

wls:/mydomain/serverConfig> deleteCred(map="myApp",key="myKey")

modifyBootStrapCredential

Offline command that updates a bootstrap credential store.

Description

Updates a bootstrap credential store with given user name and password. In the event of an error, the command returns a WLSTException.

Typically used in the following scenario: suppose that the domain policy and credential stores are LDAP-based, and the credentials to access the LDAP store (stored in the LDAP server) are changed. Then this command can be used to seed those changes into the bootstrap credential store.

Syntax

modifyBootStrapCredential(jpsConfigFile, username, password)

Argument	Definition
jpsConfigFile	Specifies the location of the file jps-config.xml relative to the location where the command is run.
username	Specifies the distinguished name of the user in the LDAP store.
password	Specifies the password of the user.

Examples

Suppose that in the LDAP store, the password of the user with distinguished name cn=orcladmin has been changed to welcome1, and that the configuration file jps-config.xml is located in the current directory.Then the following invocation changes the password in the bootstrap credential store to welcome1:

wls:/mydomain/serverConfig> modifyBootStrapCredential(jpsConfigFile='./jps-config.xml', username='cn=orcladmin', password='welcome1')

Any output regarding the audit service can be disregarded.

reassociateSecurityStore

Online command that migrates the policy and credential stores to an LDAP repository.

Description

Migrates, within a give domain, both the policy store and the credential store to a target LDAP server repository. The only kinds of LDAP servers allowed are OID or OVD. This command also allows setting up a policy store shared by different domains (see optional argument join below). In the event of an error, the command returns a WLSTException. This command runs in interactive mode only.

Syntax

reassociateSecurityStore(domain, admin, password, ldapurl, servertype, jpsroot [, join])

Argument	Definition
domain	Specifies the domain name where the reassociating takes place.
admin	Specifies the administrator's user name on the LDAP server. The format is cn=usrName.
password	Specifies the password associated with the user specified for the argument admin.
ldapurl	Specifies the URI of the LDAP server. The format is ldap//:host:port, if you are using a default port, or ldaps://host:port, if you are using a secure LDAP port. The secure port must be configured specially for this function and it is distinct from the default (non-secure) port.
servertype	Specifies the kind of the target LDAP server. The only valid types are OID or OVD.
jpsroot	Specifies the root node in the target LDAP repository under which all data is migrated. The format is cn=nodeName.
join	Specifies whether the domain is to share a policy store specified in another domain. Optional. Set to true to share an existing policy store in another domain; set to false otherwise. The use of this argument allows multiple WebLogic domains to point to the same logical policy store.

Examples

The following invocation reassociates the domain policies and credentials to an LDAP Oracle Internet Directory server:

wls:/mydomain/serverConfig> reassociateSecurityStore(domain="myDomain", 
admin="cn=adminName", password="myPass",ldapurl="ldap://myhost.example.com:3060", 
servertype="OID", jpsroot="cn=testNode")

Suppose that you want some other domain (distinct from myDomain, say otherDomain) to share the policy store in myDomain. Then you would invoke the command as follows:

wls:/mydomain/serverConfig> reassociateSecurityStore(domain="otherDomain", 
admin="cn=adminName", password="myPass", ldapurl="ldap://myhost.example.com:3060", 
servertype="OID", jpsroot="cn=testNode", join="true")

upgradeSecurityStore

Offline command that migrates release 10.1.x security data to release 11 security data.

Description

Migrates identity, policy, and credential data used in release 10.1.x to security data that can be used with release 11. The migration of each kind of data is performed with separate invocations of this command. In the event of an error, the command returns a WLSTException.

Syntax

The syntax varies according to the type of data being updated.

To upgrade 10.1.x XML identity data to 11 XML identity data, use the following syntax:

updateSecurityStore(type="xmlIdStore", jpsConfigFile, srcJaznDataFile, srcRealm, dst)

To upgrade a 10.1.x XML policy data to 11 XML policy data, use the following syntax:

updateSecurityStore(type="xmlPolicyStore", jpsConfigFile, srcJaznDataFile, dst)

To upgrade a 10.1.x OID LDAP-based policy data to 11 XML policy data, use the following syntax:

updateSecurityStore(type="oidPolicyStore", jpsConfigFile, srcJaznDataFile, dst)

To upgrade a 10.1.x XML credential data to 11 XML credential data, use the following syntax:

updateSecurityStore(type="xmlCredStore", jpsConfigFile, srcJaznDataFile, users,  dst)

Argument	Definition
type	Specifies the kind of security data being upgraded. The only valid values are xmlIdStore, xmlPolicyStore, oidPolicyStore, and xmlCredStore.
jpsConfigFile	Specifies the location of a configuration file jps-config.xml relative to the directory where the command is run. The target store of the upgrading is read from the context specified with the argument dst.
srcJaznDataFile	Specifies the location of a 10.1.x jazn data file relative to the directory where the command is run. This argument is required if the specified type is xmlIdStore, xmlPolicyStore, or xmlCredStore.
srcJaznConfigFile	Specifies the location of a 10.1.x jazn configuration file relative to the directory where the command is run. This argument is required if the specified type is oidPolicyStore.
srcRealm	Specifies the name of the realm from which identities need be migrated. This argument is required if the specified type is xmlIdStore.
users	Specifies a comma-separated list of users each formatted as realmName/userName. This argument is required if the specified type is xmlCredStore.
dst	Specifies the name of the jpsContext in the file passed to the argument jpsConfigFile where the destination store is configured. Optional. If unspecified, it defaults to the default context in the file passed in the argument jpsConfigFile.

Examples

The following invocation migrates 10.1.3 file-based identities to an 11 file-based identity store:

wls:/mydomain/serverConfig> upgradeSecurityStore(type="xmlIdStore",  
jpsConfigFile="jps-config.xml", srcJaznDataFile="jazn-data.xml",
srcRealm="jazn.com")

The following invocation migrates a 10.1.3 OID-based policy store to an 11 file-based policy store:

wls:/mydomain/serverConfig> upgradeSecurityStore(type="oidPolicyStore", 
jpsConfigFile="jps-config.xml", srcJaznDataFile="jazn-data.xml",
dst="destinationContext)

createResourceType

Online command that creates a new resource type in the domain policy store within a given application stripe.

Description

Creates a new resource type element in the domain policy store within a given application stripe and with specified name, display name, description, and actions. Optional arguments are enclosed in between square brackets; all other arguments are required. In the event of an error, the command returns a WLSTException.

Syntax

Optional arguments are enclosed in square brackets.

createResourceType(appStripe, resourceTypeName, displayName, description [, provider] [, matcher], actions [, delimeter])

Argument	Definition
appStripe	Specifies the application stripe where to insert the resource type.
resourceTypeName	Specifies the name of the resource type to insert.
displayName	Specifies the name for the resource type used in UI gadgets.
description	Specifies a brief description of the resource type.
provider	Specifies the provider for the resource type.
matchere	Specifies the class of the resource type. If unspecified, it defaults to oracle.security.jps.ResourcePermission.
actions	Specifies the actions allowed on instances of the resource type.
delimeter	Specifies the character used to delimit the list of actions. If unspecified, it defaults to comma ','.

Examples

The following invocation creates a resource type in the stripe myApplication with actions BWPrint and ColorPrint delimited by a semicolon:

wls:/mydomain/serverConfig> createResourceType(appStripe="myApplication", 
resourceTypeName="resTypeName", displayName="displName", description="A resource
type", provider="Printer", matcher="com.printer.Printer",
actions="BWPrint;ColorPrint" [, delimeter=";"])

getResourceType

Online command that fetches a resource type from the domain policy store within a given application stripe.

Description

Gets the relevant parameters of a <resource-type> entry in the domain policy store within a given application stripe and with specified name. In the event of an error, the command returns a WLSTException.

Syntax

getResourceType(appStripe, resourceTypeName)

Argument	Definition
appStripe	Specifies the application stripe from where to fetch the resource type.
resourceTypeName	Specifies the name of the resource type to fetch.

Examples

The following invocation fetches the resource type myResType from the stripe myApplication:

wls:/mydomain/serverConfig> getResourceType(appStripe="myApplication", resourceTypeName="myResType")

deleteResourceType

Online command that removes a resource type from the domain policy store within a given application stripe.

Description

Removes a <resource-type> entry in the domain policy store within a given application stripe and with specified name. In the event of an error, the command returns a WLSTException.

Syntax

deleteResourceType(appStripe, resourceTypeName)

Argument	Definition
appStripe	Specifies the application stripe from where to remove the resource type.
resourceTypeName	Specifies the name of the resource type to remove.

Examples

The following invocation removes the resource type myResType from the stripe myApplication:

wls:/mydomain/serverConfig> deleteResourceType(appStripe="myApplication", resourceTypeName="myResType")

Oracle Access Manager Commands

Use the WLST commands listed in Table 4-6 to manage Oracle Access Manager (OAM)-related components, such as authorization providers, identity asserters, and SSO providers, as well as to display metrics and deployment topology, manage Oracle Access Manager server and agent configuration and logger settings.

Table 4-6 WLST Oracle Access Manager Commands

Use this command...	To...	Use with WLST...
listOAMAuthnProviderParams	List the parameters set for an Oracle Access Manager authentication or identity assertion provider.	Online
createOAMIdentityAsserter	Create a new identity asserter.	Online
updateOAMIdentityAsserter	Update an existing identity asserter.	Online
createOAMAuthenticator	Create a new authenticator.	Online
deleteOAMAuthnProvider	Delete an existing authentication provider.	Online
updateOAMAuthenticator	Update an existing authenticator.	Online
addOAMSSOProvider	Add a new SSO provider.	Online
displayTopology	List the details of deployed Oracle Access Manager Servers.	Online Offline
displayMetrics	Display the performance metrics of an Oracle Access Manager Server and domain	Online
displayOamServer	Display Oracle Access Manager Server configuration details.	Online Offline
createOamServer	Create an entry for an Oracle Access Manager Server configuration.	Online Offline
editOamServer	Edit the entry for an Oracle Access Manager Server configuration.	Online Offline
deleteOamServer	Delete the named Oracle Access Manager Server configuration.	Online Offline
displayOssoAgent	Display OSSO Agent configuration details.	Online Offline
editOssoAgent	Edit OSSO Agent configuration details.	Online Offline
deleteOssoAgent	Delete the named OSSO Agent configuration.	Online Offline
displayWebgateAgent	Display WebGate Agent configuration details.	Online Offline
editWebgateAgent	Edit 10g WebGate Agent registration details.	Online Offline
deleteWebgateAgent	Delete the named 10g WebGate Agent configuration.	Online Offline
changeLoggerSetting	Change Logger Settings.	Online Offline
changeConfigDataEncryptionKey	Regenerate the configuration data encryption key and re-encrypt data.	Online Offline
displayUserIdentityStore	Display a user identity store registration.	Online Offline
editUserIdentityStore	Edit a user identity store registration.	Online Offline
createUserIdentityStore	Create a user identity store registration.	Online Offline
deleteUserIdentityStore	Delete a user identity store registration.	Online Offline
configRequestCacheType	Configure the SSO server request cache type.	Online Offline
displayRequestCacheType	Display the SSO server request cache type entry.	Online Offline
exportPolicy	Export Oracle Access Manager policy data from a test (source) to an intermediate Oracle Access Manager file.	Online
importPolicy	Import Oracle Access Manager policy data from the Oracle Access Manager file specified.	Online
importPolicyDelta	Import Oracle Access Manager policy changes from the Oracle Access Manager file specified.	Online
migratePartnersToProd	Migrate partners from the source Oracle Access Manager Server to the specified target Oracle Access Manager Server.	Online
exportPartners	Export the Oracle Access Manager partners from the source to the intermediate Oracle Access Manager file specified.	Online
importPartners	Import the Oracle Access Manager partners from the intermediate Oracle Access Manager file specified.	Online
configureOAAM	Configure the Oracle Access Manager-Oracle Adaptive Access Manager basic integration.	Online
registerOIFDAPPartner	Register Oracle Identity Federation as Delegated Authentication Protocol (DAP) Partner.	Online Offline
enableCoexistMode	Enable the Coexist Mode.	Online
disableCoexistMode	Disable the Coexist Mode.	Online
editGITOValues	Edit GITO configuration parameters.	Online Offline
editWebgate11gAgent	Edit an 11g WebGate registration.	Online Offline
deleteWebgate11gAgent	Remove an 11g WebGate Agent registration.	Online Offline
displayWebgate11gAgent	Display an 11g WebGate Agent registration.	Online Offline
displayOAMMetrics	Display metrics of OAM Servers.	Online Offline
updateOIMHostPort	Update the Oracle Identity Manager configuration when integrated with Oracle Access Manager.	Online Offline
configureOIM	Creates an Agent registration specific to Oracle Identity Manager when integrated with Oracle Access Manager.	Online
updateOSSOResponseCookieConfig	Updates OSSO Proxy response cookie settings.	Online Offline
deleteOSSOResponseCookieConfig	Deletes OSSO Proxy response cookie settings.	Online Offline

listOAMAuthnProviderParams

Online command that lists the values of the parameters in effect in a domain authenticator or identity asserter.

Description

Lists the values of the parameters set for a given Oracle Access Manager authenticator or identity asserter. In the event of an error, the command returns a WLSTException.

Syntax

listOAMAuthnProviderParams(name)

Argument	Definition
name	Specifies the name of the authenticator or identity asserter.

Example

The following invocation lists the parameters and values set for the asserter named myIdAsserter:

listOAMAuthnProviderParams(name="myIdAsserter")

createOAMIdentityAsserter

Online command that creates an Oracle Access Manager identity asserter in the current domain.

Description

Creates an identity asserter with a given name in the current domain. Before executing this command, make sure that no Oracle Access Manager identity asserter is already configured in the current domain. In the event of an error, the command returns a WLSTException.

Syntax

createOAMIdentityAsserter(name)

Argument	Definition
name	Specifies the name of the new identity asserter. If no name is specified, it defaults to "OAMIdentityAsserter".

Example

The following invocation creates a new identity asserter named OAMIdentityAsserter:

createOAMIdentityAsserter(name="OAMIdentityAsserter")

updateOAMIdentityAsserter

Online command that updates the values of parameters of the Oracle Access Manager identity asserter in the current domain.

Description

Updates the value of given parameters of the domain Oracle Access Manager identity asserter. In the event of an error, the command returns a WLSTException.

Syntax

updateOAMIdentityAsserter(name, paramNameValueList)

Argument	Definition
name	Specifies the name of the Oracle Access Manager identity asserter whose parameter values to update.
paramNameValueList	Specifies the comma-separated list of pairs of parameter name-value to be updated. The format of each pair is: paramName="paramValue" The parameter names that can be updated are the following only: accessGateName—The name of the AccessGate used by the authenticator. accessGatePwd—The password to the AccessGate used by the authenticator. pAccessServer—The name of the primary access server. Values must have the format hostName:portNumber. sAccessServer—The name of the secondary access server. Values must have the format hostName:portNumber. transportSecurity—The mode of communication between AccessGate and OAM Access Server. keystorePwd—The password to access the domain key store. keystorePath—The absolute path of the JKS key store used for SSL communication between the authenticator and OAM Access Server. simpleModePassphrase—The password shared by AccessGate and OAM Access Server in simple communication mode. truststorePath —The absolute path of the JKS trust store used for SSL communication between the authenticator and OAM Access Server. poolMaxConnections—The maximum number of connections in the OAM Server connection pool. poolMinConnections—The minimum number of connections in the OAM Server connection pool. ssoHeaderName—The SSO header name. controlFlag—The JAAS control flag that sets up dependencies among all authenticators in the domain. Values can be only REQUIRED, SUFFICIENT, REQUISITE, or OPTIONAL. appDomain—The name of the application domain.

Example

The following invocation updates the parameters accessGateName, accessGatePwd, pAccessServer, and ssoHeaderName in the Oracle Access Manager identity asserter named myIdAsserter:

updateOAMIdentityAsserter(name="myIdAsserter", 
accessGateName="OAM IAP AccessGate", accessGatePwd="welcome1", 
pAccessServer="myhost.domain.com:5543", ssoHeaderName="OAM_SSO_HEADER")

createOAMAuthenticator

Online command that creates an Oracle Access Manager authenticator in the current domain.

Description

Creates an Oracle Access Manager authenticator with a given name in the current domain. Before executing this command, make sure that no Oracle Access Manager authenticator is already configured in the default security domain. In the event of an error, the command returns a WLSTException.

Syntax

createOAMAuthenticator(name)

Argument	Definition
name	Specifies the name of the new authentication provider in the default domain. If no name is specified, it defaults to "OAMAuthenticator".

Example

The following invocation creates a new authentication provider named OAMAuthenticator:

createOAMAuthenticator(name="OAMAuthenticator")

deleteOAMAuthnProvider

Online command that deletes the OAM authenticator from the current domain.

Description

Deletes the OAM authenticator with a given name from the current domain. In the event of an error, the command returns a WLSTException.

Syntax

deleteOAMAuthnProvider(name)

Argument	Definition
name	Specifies the name of the authentication provider to delete.

Example

The following invocation deletes the authenticator myAuthenticator:

deleteOAMAuthnProvider(name="myAuthenticator")

updateOAMAuthenticator

Online command that updates the values of parameters of the Oracle Access Manager authenticator in the current domain.

Description

Updates the value of given parameters of the domain Oracle Access Manager authenticator. In the event of an error, the command returns a WLSTException.

Syntax

updateOAMAuthenticator(name, paramNameValueList)

Argument	Definition
name	Specifies the name of the Oracle Access Manager authenticator whose parameter values to update.
paramNameValueList	Specifies the comma-separated list of pairs of parameter name-value to be updated. The format of each pair is paramName='paramValue' The only parameter names that can be updated are the following: accessGateName—The name of the AccessGate used by the authenticator. accessGatePwd—The password to the AccessGate used by the authenticator. pAccessServer—The name of the primary access server. Values must have the format hostName:portNumber. sAccessServer—The name of the secondary access server. Values must have the format hostName:portNumber. transportSecurity—The mode of communication between AccessGate and OAM Access Server: open, simple, or cert. keystorePwd—The password to access the domain key store. keystorePath—The absolute path of the JKS key store used for SSL communication between the authenticator and OAM Access Server. simpleModePassphrase—The password shared by AccessGate and OAM Access Server in simple communication mode. truststorePath—The absolute path of the JKS trust store used for SSL communication between the authenticator and OAM Access Server. poolMaxConnections—The maximum number of connections in the OAM Server connection pool. poolMinConnections—The minimum number of connections in the OAM Server connection pool. useRetNameAsPrincipal—Specifies whether the user name retrieved from the OAM authenticator should be used as the name of the Principal in the Subject. controlFlag—The JAAS control flag that sets up dependencies among all authenticators in the domain. Values can be only REQUIRED, SUFFICIENT, REQUISITE, or OPTIONAL. appDomain—The name of the application domain.

Example

The following invocation updates the parameters accessGateName, accessGatePwd, and pAccessServer in the Oracle Access Manager authenticator named myAuthenticator:

updateOAMAuthenticator(name="myAuthenticator", 
accessGateName="OAM AP AccessGate", accessGatePwd="welcome1",
pAccessServer="myhost.domain.com:5543")

addOAMSSOProvider

Online command that adds an Oracle Access Manager SSO provider.

Description

Adds an SSO provider with given login URI, logout URI, and auto-login URI. This command modifies the domain jps-config.xml by adding an Oracle Access Manager SSO service instance with the required properties. In the event of an error, the command returns a WLSTException.

Syntax

addOAMSSOProvider(loginuri, logouturi, autologinuri)

Argument	Definition
loginuri	Specifies the URI of the login page. Required.
logouturi	Specifies the URI of the logout page. Optional. If unspecified, defaults to logouturi=NONE. Set to "" to ensure that ADF security calls the OPSS logout service, which uses the implementation of the class OAMSSOServiceImpl to clear the cookie ObSSOCookie. More generally, an ADF-secured web application that would like to clear cookies without logging out the user should use this setting.
autologinuri	Specifies the URI of the autologin page. Optional. If unspecified, it defaults to autologin=NONE.

Example

The following invocation adds an SSO provider with the passed URIs; note the special behavior implied by the setting logouturi="", as explained in the above table:

addOAMSSOProvider(loginuri="/${app.context}/adfAuthentication", logouturi="", 
autologin="/fooBar.cgi")

displayTopology

Online and offline command that displays the information about all the OAM Servers in a deployment.

Description

Lists the topology of deployed OAM Servers. There are no arguments for this command.

Syntax

displayTopology

Example

The following invocation lists the details of all deployed OAM Servers, as described above:

displayTopology

displayMetrics

Online command that displays the performance metrics of an OAM Server and domain.

Description

Displays the performance metrics of an OAM Server and domain specific to collectors, including host, process, and server names. There are no aguments for this command.

Syntax

displayMetrics()

Example

The following invocation lists all metrics specific to named collectors, as described above:

displayMetrics()

displayOamServer

Online and offline command that displays OAM Server registration details.

Description

Displays OAM Server registration details, including the host, port, registration name, OAM Proxy port and server ID, and, optionally, the OAM Proxy shared secret.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

displayOamServer(host,port)

Argument	Definition
host	Mandatory. Specifies the name of the OAM Server host.
port	Mandatory. Specifies the listening port of the OAM Server host.
domainhome	Offline mode: Mandatory Online mode: Optional

Example

The following invocation lists all metrics specific to named collectors, as described above:

displayOamServer(host="my_host", port="15000", domainHome="domainHome1")

createOamServer

Online and offline command that creates an OAM Server entry in the system configuration.

Description

Creates an OAM Server registration, including the host, port, registration name, OAM Proxy port and server ID, and, optionally, the OAM Proxy shared secret.

The scope of this command is an instance, only. The scope is not an argument

Syntax

createOamServer(host,port, paramNameValueList)

Argument	Definition
host	Mandatory. Specifies the name of the OAM Server host.
port	Mandatory. Specifies the listening port of the OAM Server host.
domainHome	Offline mode: Mandatory Online mode: Optional
paramNameValueList	Specifies the comma-separated list of parameter name-value pairs. The format of each pair is: paramName='paramValue' Mandatory: configurationProfile—The name of this instance registration, which appears under Server Instances on the System Configuration tab in the OAM Administration Console. oamProxyPort—The listening port of this instance. oamProxyServerID—The name of the OAM Proxy for this server instance, which will appear under the OAM Proxy sub tab of the server instance in the OAM Administration Console. siteName—siteName/serverName for the instance.

Example

The following invocation creates a configuration for your_host with listening port 15000. The configuration entry in the Administration Console will be oam_server1. The OAM Proxy port is 3004 and the OAM Proxy Server ID is AccessServerConfigProxy:

createOamServer(host="my_host", port="15000", configurationProfile=
"oam_server1", oamProxyPort="3004", oamProxyServerID="ProxyID", 
siteName="siteName1",domainHome="domainHome1")

editOamServer

Online and offline command that enables you to edit OAM Server registration details.

Description

Edits the registration for an OAM Server, which can include the host, port, registration name, OAM Proxy port and server ID, and, optionally, the OAM Proxy shared secret.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

editOamServer(name, port, paramNameValueList)

Argument	Definition
name	Mandatory. Specifies the name of the OAM Server host.
port	Mandatory. Specifies the port number of the OAM Server host.
domainHome	Offline mode: Mandatory Online mode: Optional
paramNameValueList	Specifies the comma-separated list of parameter name-value pairs. The format of each pair is: paramName='paramValue' Mandatory: configurationProfile—The name of this instance registration, which appears under Server Instances on the System Configuration tab in the OAM Administration Console. oamProxyPort—The listening port of this instance. oamProxyServerID—The name of the OAM Proxy for this server instance, which will appear under the OAM Proxy sub tab of the server instance in the OAM Administration Console. siteName—siteName/serverName for the instance.

Example

You can use any of the optional attributes to change current settings. The following invocation enables you to add the OAM Proxy shared secret to the configuration entry oam_server1.

editOamServer(name="oam_server1", port="15000",configurationProfile=
"oam_server1", oamProxyPort="3004",oamProxyServerID="Proxy1", 
siteName="siteName1",domainHome="domainHome1")

deleteOamServer

Online and offline command that enables you to delete the named OAM Server registration.

Description

Deletes an entire OAM Server configuration.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

deleteOamServer(host,port)

Argument	Definition
host	Mandatory. Specifies the name of the OAM Server host.
port	Mandatory. Specifies the listening port of the OAM Server host.
domainhome	Offline mode: Mandatory Online mode: Optional

Example

The following invocation enables you to delete the OAM Server registration for oam_server1 with listening port 15000.

deleteOamServer(host="oam_server1",port="15000",domainHome="domainHome1")

displayOssoAgent

Online and offline command that displays OSSO Agent configuration details.

Description

Displays OSSO Agent registration details, which also appear in the OAM Administration Console.

The scope of this command is an instance, only. The scope is not an argument

Syntax

displayOssoAgent(agentName)

Argument	Definition
agentName	Mandatory. Specifies the name of the OSSO Agent.
domainhome	Offline mode: Mandatory Online mode: Optional

Example

The following invocation displays the OSSO Agent's registration information:

displayOssoAgent(agentName="OSSOAgent1",domainHome="domainHome1")

editOssoAgent

Online and offline command that enables you to edit an OSSO Agent registration.

Description

Changes OSSO Agent configuration details, including the Site Token, Success URL, Failure URL, Home URL, Logout URL, Start Date, End Date, Administrator ID, and Administrator Info.

The scope of this command is an instance, only. The scope is not an argument

Syntax

editOssoAgent(agentName,paramNameValueList)

Argument	Definition
agentName	Mandatory. Specifies the name of the OSSO Agent.
domainhome	Offline mode: Mandatory Online mode: Optional
paramNameValueList	Specifies the comma-separated list of parameter name-value pairs to be updated. The format of each pair is: paramName='paramValue' Optional: siteToken—The Application Token used by the partner when requesting authentication. successUrl—The redirect URL to be used upon successful authentication. failureUrl—The redirect URL to be used if authentication fails. homeUrl—The redirect URL to be used for the Home page after authentication. logoutUrl—The redirect URL to be used when logging out. This redirects the user to the global logout page on the server startDate—First month, day, and year for which login to the application is allowed by the server. endDate—Final month, day, and year for which login to the application is allowed by the server. adminId—Administrator login ID for this mod_osso instance. adminInfo—Administrator details for this mod_osso instance.

Example

The following invocation changes the Administrator ID and information in the registration entry for OSSOAgent1:

editOssoAgent(agentName="OSSOAgent1", siteToken="siteToken", 
successUrl="successUrl",failureUrl="failureUrl",homeUrl="homeUrl", 
logoutUrl="logoutUrl",startDate="2009-12-10", endDate="2012-12-30",  
adminId= 345", adminInfo="Agent11", domainHome="domainHome1") 

deleteOssoAgent

Online and offline command that enables you to delete an OSSO Agent registration.

Description

Removes an OSSO Agent configuration.

The scope of this command is an instance, only. The scope is not an argument

Syntax

deleteOssoAgent(agentName)

Argument	Definition
agentName	Mandatory. Specifies the name of the OSSO Agent.
domainhome	Offline mode: Mandatory Online mode: Optional

Example

The following invocation removes the OSSO Agent named OSSOAgent1:

deleteOssoAgent(agentName="OSSOAgent1", domainHome="domainHome1")

displayWebgateAgent

Online and offline command that displays a 10g WebGate registration.

Description

Displays all 10g WebGate registration details, which can also be seen in the OAM Administration Console.

The scope of this command is an instance, only. The scope is not an argument

Syntax

displayWebgateAgent(agentName)

Argument	Definition
agentName	Mandatory. Specifies the name of the WebGate Agent.
domainhome	Offline mode: Mandatory Online mode: Optional

Example

The following invocation displays registration information for my_WebGate:

displayWebgateAgent(agentName=)"my_Webgate", domainHome="domainHome1")

editWebgateAgent

Online and offline command that enables you to edit a 10g WebGate registration.

Description

Enables you to change 10g WebGate Agent registration details.

The scope of this command is an instance, only. The scope is not an argument

Syntax

editWebgateAgent(agentName,paramNameValueList)

Argument	Definition
agentName	Mandatory. Specifies the name of the WebGate Agent.
domainhome	Offline mode: Mandatory Online mode: Optional
paramNameValueList	Specifies the comma-separated list of parameter name-value pairs to be updated. The format of each pair is: paramName='paramValue' Mandatory: agentId—Name of the OAM Agent (WebGate). Optional: accessClientPassword—An optional password for this WebGate Agent. state—Whether the OAM Agent is enabled or disabled. preferredHost—Prevents security holes that can be created if a host's identifier is not included in the Host Identifiers list. For virtual hosting, you must use the Host Identifiers feature. aaaTimeOutThreshold—Number (in seconds) to wait for a response from the OAM Run-time Server. If this parameter is set, it is used as an application TCP/IP timeout instead of the default TCP/IP timeout. Default = -1 (default network TCP/IP timeout is used). security—Level of transport security to and from the OAM Run-time Server: open, simple, or cert. primaryCookieDomain—The Web server domain on which the OAM Agent is deployed, for instance,.acompany.com. maxConnections—The maximum number of connections that this OAM Agent can establish with the OAM Server. This number must be the same as (or greater than) the number of connections that are actually associated with this agent. Default = 1. maxCacheElements—Number of elements maintained in the cache. Cache elements are URLs or Authentication Schemes. The value of this setting refers to the maximum consolidated count for elements in both of these caches. Default = 10000. cacheTimeOut—Amount of time cached information remains in the OAM Agent cache when the information is neither used nor referenced. Default = 1800 (seconds). cookieSessionTime—Amount of time that the ObSSOCookie persists. Default = 3600 (seconds)*. maxSessionTime—Maximum amount of time, in seconds, that a user's authentication session is valid regardless of their activity. At the expiration of this time, the user is re-challenged for authentication. This is a forced logout. Default = 3600 (seconds). A value of 0 disables this timeout setting. idleSessionTimeout—Amount of time in seconds that a user's authentication session remains valid without accessing any OAM Agent protected resources. Default = 3600 (seconds). A value of 0 disables this timeout setting. failoverThreshold—Number representing the point when this OAM Agent opens connections to a Secondary OAM Server. Default = 1.

Example

You can alter any or all of the settings. Use the following invocation to change specific information in the WebGate Agent registration, including the Agent ID, state, maximum connections, OAM Server timeout, primary cookie domain, cache time out, cookie session timeout, maximum session timeout, idle session timeout, and failover threshold, as follows:

editWebgateAgent(agentName="my_WebGate", agentId="WebGate2", state=
"enabled", maxConnections="2", aaaTimeOutThreshold="2", 
primaryCookieDomain="adomain.com", cacheTimeOut="1200", 
cookieSessionTime=1500, maxSessionTime=1500, idleSessionTimeout=
"1500", failoverThreshold="25", domainHome="domainHome1")

deleteWebgateAgent

Online and offline command that enables you to delete a 10g WebGate Agent registration.

Description

Removes an 10g WebGate Agent registration.

The scope of this command is an instance, only. The scope is not an argument

Syntax

deleteWebgateAgent(agentName)

Argument	Definition
agentName	Mandatory. Specifies the name of the WebGate Agent.
domainhome	Offline mode: Mandatory Online mode: Optional

Example

The following invocation removes the WebGate Agent named my_WebGate:

deleteWebgateAgent(agentName="my_WebGate", domainHome="domainHome1")

changeLoggerSetting

Online and offline command that changes the logger level.

Description

Changes the level of one or more, or all, loggers.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

changeLoggerSetting (loggerName='', loggerLevel=''): 

Argument	Definition
loggerName	Optional. Specifies the OAM logger name. Multiple OAM logger names can be specified, separated by commas, or you can use the wildcard (*) character to specify all OAM collectors, which is the default.
loggerLevel	SEVERE, WARNING, INFO, CONFIG, FINE.

Example

The following invocation changes the logger level to SEVERE:

changeLoggerSetting(loggerName=" ", loggerLevel=SEVERE)

changeConfigDataEncryptionKey

Offline command that regenerates the configuration data encryption key.

Description

Regenerates the configuration data encryption key, re-encrypts the configuration data using the new key, and outputs attribute information of the identity store.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

changePasswordEncKey (oldpassword='', newPassword='')

Argument	Definition
oldPassword	Mandatory. Specifies the password that retrieves the current encryption key.
newPassword	Mandatory. Defines a new password that protects the newly generated encryption key.

Example

The following invocation changes the old and new password, regenerates the key, and re-encrypts the configuration data:

changePasswordEncKey(oldpassword="oldpassword", 
newPassword="newpassword")

displayUserIdentityStore

Online and offline command that displays user identity store registration information.

Description

Displays information of the user identity store registered with Oracle Access Manager.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

displayUserIdentityStore(name) 

Argument	Definition
name	Mandatory. Specifies the name of the LDAP user identity store.
domainhome	Offline mode: Mandatory Online mode: Optional

Example

The following invocation displays registration details of the user identity store:

displayUserIdentityStore(name="ID_store1", domainHome="domainHome1")

editUserIdentityStore

Online and offline command that changes attributes of the user identity store for Oracle Access Manager.

Description

Changes one or more attributes of the user identity store registered with Oracle Access Manager.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

editUserIdentityStore(name,paramNameValueList)

Argument	Definition
name	Mandatory. Specifies the unique name of the LDAP user identity store (only upper and lower case alpha characters and numbers).
domainhome	Offline mode: Mandatory Online mode: Optional
paramNameValueList	Specifies the comma-separated list of parameter name-value pairs. The format of each pair is: paramName='paramValue' Include one or more of the following parameter name-value pairs, in addition to those in createUserIdentityStore, to change the OAM user identity store configuration: userFilterObjectClasses—List of user filter object classes (separated by semi-colon). groupFilterObjectClasses—List of group filter object classes (separated by semi-colon). referralPolicy—LDAP referral policy (either "follow", "ignore" or "throw"). searchTimeLimit—Time limit in seconds for LDAP Search operation. minConnections—Minimum number of connections in the connection pool. maxConnections—Maximum number of connections in the connection pool. connectionWaitTimeout—Number of seconds to wait for obtaining a connection from the pool. connectionRetryCount—Number of attempts to establish a connection to identity store. groupNameAttr—Name of the attribute to look up the user groups. For example: ou=people,ou=myrealm,dc=base_domain groupCacheEnabled—Toggle (true/false) to enable LDAP group cache. groupCacheSize—Number of entries in LDAP group cache. groupCacheTTL—Total time to live for each entry of LDAP group cache.

Example

The following invocation changes the LDAP URL of the user identity store for OAM:

editUserIdentityStore(name="identity_store_name", 
LDAP_url="ldap://localhost:7003", domainHome="domaonHome1")

createUserIdentityStore

Online and offline command that creates a user identity store registration for Oracle Access Manager.

Description

Creates an entry for a new user identity store to be registered with Oracle Access Manager.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

createUserIdentityStore(name=,paramNameValueList)

Argument	Definition
name	Mandatory. Specifies the unique name of the LDAP user identity store (only upper and lower case alpha characters and numbers).
domainhome	Offline mode: Mandatory Online mode: Optional
paramNameValueList	Specifies the comma-separated list of parameter name-value pairs. The format of each pair is: paramName='paramValue' Mandatory: name—The name for this user ID store. principal—The login ID of the LDAP administrator. For example, cn=Admin. credential—The password of the Principal, which is encrypted for security. type—The type of the LDAP ID store to be created. userAttr—User attributes of the store. usersearchbase—The node under which user data is stored in the LDAP ID store to be created. For example: cn=users. groupSearchBase—The node under which group data is stored in the LDAP ID store to be created. Mandatory Attribute. For example: cn=groups. ldapUrl—The URL for the LDAP host, including port number of the LDAP ID store to be created. For example, ldap://localhost:7001. Optional: roleSecAdmin—Name of the Admin group with all privileges for LDAP ID store. roleSysMonitor—Name of the Admin group with read-only privileges for LDAP ID store to be created. roleSysManager— Name of the Admin group with day-to-day operational privileges for LDAP ID store to be created. roleAppAdmin—Name of the Admin group with operational privileges for the LDAP ID store to be created. ldapProvider—A supported LDAP provider. For example, OVD. isPrimary—The designation of the primary User Identity Store. Boolean field. userIDProvider—User Identity Provider of the store to be created. domainHome—Domain Home location.

Example

The following invocation creates a new Oracle Internet Directory user identity store definition for use with Oracle Access Manager:

createUserIdentityStore(name="Name1",principal="Principal1", 
credential="Credential1", type="OID", userAttr="userAttr1", 
ldapProvider="ldapProvider", roleSecAdmin="roleSecAdmin1",
roleSysMonitor="roleSysMonitor", roleSysManager="roleSysManager", 
roleAppAdmin="roleAppAdmin", userSearchBase="cn=users, 
ldapUrl="ldapUrl", isPrimary="isPrimary", userIDProvider="userIDProvider",
groupSearchBase="cn=groups",domainHome="domainHome1")

deleteUserIdentityStore

Online and offline command that removes a Oracle Access Manager user identity store registration.

Description

Deletes the user identity store registered with Oracle Access Manager.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

deleteUserIdentityStore(name) 

Argument	Definition
name	Mandatory. Specifies the name of the LDAP user identity store to be removed.
domainhome	Offline mode: Mandatory Online mode: Optional

Example

The following invocation deletes the registration of the user identity store:

deleteUserIdentityStore(name="identity_store", domainHome="domainHome1")

configRequestCacheType

Online and offline command that configures the SSO server request cache type.

Description

Configures the SSO server request cache type.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

configRequestCacheType(type) 

Argument	Definition
type	Mandatory. Specifies requestCacheType. requestCacheType—The value of request cache type: BASIC or COOKIE.

Example

The following invocation identifies the request cache type as Cookie:

configRequestCacheType(type="COOKIE") 

displayRequestCacheType

Online and offline command that displays the SSO server request cache type.

Description

Displays the SSO server request cache type entry.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

displayRequestCacheType(domainHome)

Argument	Definition
type	Mandatory. Specifies requestCacheType. requestCacheType—The value of request cache type: BASIC or COOKIE.
domainhome	Offline mode: Mandatory Online mode: Optional

Example

The following invocation displays the request cache type.

displayRequestCacheType(domainHome="domainHome") 

exportPolicy

Online only command that exports OAM policy data from a test (source) environment to the intermediate Oracle Access Manager file specified.

Description

Exports OAM policy data from a test (source) environment to the intermediate Oracle Access Manager file.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

exportPolicy(pathTempOAMPolicyFile)

Argument	Definition
pathTempOAMPolicyFile	Mandatory. Specifies the path to the temporary Oracle Access Manager file.

Example

The following invocation specifies the path to the temporary file used when exporting policy data from a test (source) environment.

exportPolicy(pathTempOAMPolicyFile="oam_policy.xml") 

importPolicy

Online only command that imports the OAM policy data from the intermediate Oracle Access Manager file specified.

Description

Imports the OAM policy data from the intermediate Oracle Access Manager file specified.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

importPolicy(pathTempOAMPolicyFile)

Argument	Definition
pathTempOAMPolicyFile	Mandatory. Specifies the path to the temporary OAM file.

Example

The following invocation specifies the path to the temporary file used when importing policy data to a production (target).

importPolicy(pathTempOAMPolicyFile="oam_policy.xml") 

importPolicyDelta

Online only command that imports the OAM policy changes from the intermediate Oracle Access Manager file specified.

Description

Imports the OAM policy changes from the intermediate Oracle Access Manager file specified.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

importPolicyDelta(pathTempOAMPolicyFile)

Argument	Definition
pathTempOAMPolicyFile	Mandatory. Specifies the path to the temporary Oracle Access Manager file.

Example

The following invocation specifies the path to the temporary file used when importing only changed policy data to a production (target).

importPolicyDelta(pathTempOAMPolicyFile="oam_policy_delta.xml") 

migratePartnersToProd

Online only command that migrates partners from the current (source) OAM Server to the specified (target) OAM Server.

Description

Migrates partners from the current (source) OAM Server to the specified (target) OAM Server.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

migratePartnersToProd(prodServerHost,prodServerPort,prodServerAdminUser,prodServerAdminPwd)

Argument	Definition
prodServerHost	Hostname of the target OAM Server to which partners are to be migrated.
prodServerPort	Port of the target OAM Server to which partners are to be migrated.
prodServerAdminUser	Administrator of the target OAM Server to which partners are to be migrated.
prodServerAdminPwd	Target OAM Server administrator's password.

Example

The following invocation specifies the required information.

migratePartnersToProd(prodServerHost="host",prodServerPort="port", 
prodServerAdminUser="weblogic",prodServerAdminPwd="welcome")

exportPartners

Online only command that exports Oracle Access Manager partners from the source to the intermediate Oracle Access Manager file specified.

Description

Exports the Oracle Access Manager partners from the source to the intermediate Oracle Access Manager file specified.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

exportPartners(pathTempOAMPartnerFile)

Argument	Definition
pathTempOAMPartnerFile	Mandatory. Specifies the path to the temporary Oracle Access Manager partner file.

Example

The following invocation specifies the path to the intermediate OAM partners file.

exportPartners(pathTempOAMPartnerFile="oam_partners.xml")

importPartners

Online only command that imports Oracle Access Manager partners from the intermediate Oracle Access Manager file specified.

Description

Imports the OAM partners from the intermediate Oracle Access Manager file specified.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

importPartners(pathTempOAMPartnerFile)

Argument	Definition
pathTempOAMPartnerFile	Mandatory. Specifies the path to the temporary OAM partner file.

Example

The following invocation specifies the path to the intermediate OAM partners file.

importPartners(pathTempOAMPartnerFile="oam_partners.xml")

configureOAAM

Online only command that configures the Oracle Access Manager-Oracle Adaptive Access Manager basic integration.

Description

Configures the OAM-OAAM basic integration.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

configureOAAM(dataSourceName,paramNameValueList)

Argument	Definition
dataSourceName	Name of the data source to be created
paramNameValueList	Specifies the comma-separated list of parameter name-value pairs. The format of each pair is: paramName='paramValue' Mandatory: hostName—The name of the database host. port—Database port. sid—The database sid (database identifier). userName—OAAM schema name. passWord—OAAM schema password. Optional: maxConnectionSize—Max connection reserve time out size. maxPoolSize—Maximum size for connection pool. serverName—Target server for the data source.

Example

The following invocation configures the Oracle Access Manager-Oracle Adaptive Access Manager basic integration.

configureOAAM(dataSourceName = "MyOAAMDS", hostName = "host.us.co.com", 
port = "1521", sid = "sid", userName = "username", passWord = "password", 
maxConnectionSize = None, maxPoolSize = None, serverName = "oam_server1")

registerOIFDAPPartner

Online and offline command that registers Oracle Identity Federation as a Delegated Authentication Protocol (DAP) Partner.

Description

Registers Oracle Identity Federation as Delegated Authentication Protocol (DAP) Partner.

The scope of this command is an instance only. The scope is not an argument.

Syntax

registerOIFDAPPartner()

Argument

Definition

paramNameValueList

Specifies the comma-separated list of parameter name-value pairs. The format of each pair is: paramName='paramValue' Mandatory: Include the following parameter name-value pairs to create a new OAM user identity store configuration: keystoreLocation—Location of the Keystore file (generated at the OIF Server.). logoutURL—The OIF Server's logout URL. Optional: rolloverInterval—The Rollover Interval for the keys used to encrypt/decrypt SASSO Tokens.

Example

The following invocation illustrates use of all parameters.

registerOIFDAPPartner(keystoreLocation="/scratch/keystore", 
logoutURL="http://<oifhost>:<oifport>/fed/user/sploosso?doneURL=http://<oamhost>: 
<oam port>/ngam/server/pages/logout.jsp", rolloverTime="526")

enableCoexistMode

Online command that enables the Coexist Mode.

Description

Enables the Coexist Mode.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

enableCoexistMode()

Example

The following invocation enables the Coexist Mode.

enableCoexistMode

disableCoexistMode

Online command that disables the Coexist Mode.

Description

Disables the Coexist Mode.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

disableCoexistMode()

Example

The following invocation enables the Coexist Mode.

disableCoexistMode

editGITOValues

Online and offline command that edits GITO configuration parameters.

Description

Edits GITO configuration parameters.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

editGITOValues(gitoEnabled, paramNameValueList)

Argument	Definition
gitoEnabled	True (or false). Allows (or denies) user to set GITO enabled property.
domainhome	Offline mode: Mandatory Online mode: Optional
paramNameValueList	Specifies the comma-separated list of parameter name-value pairs. The format of each pair is: paramName='paramValue' Mandatory: Include the following parameter name-value pairs to create a new OAM user identity store configuration: gitoCookieDomain—Allows user to set the GITO cookie domain entry. Optional: gitoCookieName—Allows user to set the GITO cookie name. gitoVersion—Allows user to set the GITO version. Can be ONLY v1.0 or v3.0. gitoTimeout—Allows user to set the GITO timeout value. gitoSecureCookieEnabled—True (or false). Allows (or denies) user to set the GITO cookie enabled property.

Example

The following invocation edits GITO configuration parameters.

editGITOValues(gitoEnabled="true",gitoCookieDomain=".abc.com",gitoCookieName="ABC"
,gitoVersion="v1.0",gitoTimeout="20",gitoSecureCookieEnabled="false",domainHome="/
abc/def/ijk")\n

editWebgate11gAgent

Online and offline command that edits an 11g WebGate registration.

Description

Edits an 11g WebGate registration.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

editWebgate11gAgent(agentname, paramNameValueList)

Argument	Definition
agentname	Name of the registered OAM 11g WebGate agent to be edited.
domainhome	Offline mode: Mandatory Online mode: Optional
paramNameValueList	Specifies the comma-separated list of parameter name-value pairs. The format of each pair is: paramName='paramValue' Optional: accessClientPassword—Unique password for this WebGate state—Specifies whether or the agent is enabled or disabled. security—Level of communication security between the Agent and the OAM Server: Open, Simple, Cert. aaaTimeOutThreshold—Number (in seconds) to wait for a response from the OAM Server. logOutUrls—List of URLS that trigger the logout handler, which removes the ObSSOCookie. maxConnections—The maximum number of connections that this OAM Agent can establish with the OAM Server. maxCacheElements—Number of elements maintained in the cache. cacheTimeout—Amount of time cached information remains in the OAM Agent cache when the information is neither used nor referenced. Default = 1800 (seconds). logoutCallbackUrl —The URL to oam_logout_success, which clears cookies during the call back. By default, this is based on the Agent base URL supplied during agent registration. For example: http://<host>:<port> maxSessionTime—Maximum amount of time in seconds that a user's authentication session is valid, regardless of their activity. logoutRedirectUrl—The URL (absolute path) to the central logout page (logout.html). By default, this is based on the OAM Administration Console host name with a default port of 14200. failoverThreshold—Number representing the point when this OAM Agent opens connections to a Secondary OAM Server. tokenValidityPeriod—Amount of time in seconds that a user's authentication session remains valid without accessing any OAM Agent protected resources. logoutTargetUrlParamName—The value for this is name for the query parameter that the OPSS applications passes to WebGate during logout.

Example

The following invocation lists all mandatory and optional parameters.

editWebgate11gAgent(agentName="WebgateAgent1", accessClientPasswd = "welcome1", 
state = "Enabled", preferredHost="141.144.168.148:2001", aaaTimeoutThreshold="10",
security = "open", logOutUrls = "http://<host>:<port>", maxConnections = "16" 
maxCacheElems = "10000" , cacheTimeout = "1800", logoutCallbackUrl = 
"http://<host>:<port>", maxSessionTime = "24", logoutRedirectUrl =  
"logoutRedirectUrl", failoverThreshold = "1", tokenValidityPeriod="aPeriod" 
logoutTargetUrlParamName = "logoutTargetUrl", domainHome="domainHome1")

deleteWebgate11gAgent

Online and offline command that enables you to delete an 11g WebGate Agent registration.

Description

Removes an 11g WebGate Agent registration.

The scope of this command is an instance, only. The scope is not an argument

Syntax

deleteWebgate11gAgent(agentName)

Argument	Definition
agentName	Mandatory. Specifies the name of the 11g WebGate Agent.
domainhome	Offline mode: Mandatory Online mode: Optional

Example

The following invocation removes the 11g WebGate Agent named my_11gWebGate:

deleteWebgate11gAgent(agentName="my_11gWebGate", domainHome="domainHome1")

displayWebgate11gAgent

Online and offline command that enables you to display an 11g WebGate Agent registration.

Description

Displays an 11g WebGate Agent registration.

The scope of this command is an instance, only. The scope is not an argument

Syntax

displayWebgate11gAgent(agentName)

Argument	Definition
agentName	Mandatory. Specifies the name of the WebGate Agent.
domainhome	Offline mode: Mandatory Online mode: Optional

Example

The following invocation displays the WebGate Agent named my_11gWebGate:

displayWebgate11gAgent(agentName="my_11gWebGate", domainHome="domainHome1")

displayOAMMetrics

Online and offline command that enables the display of metrics of OAM Servers.

Description

Enables the display of metrics of OAM Servers.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

displayOAMMetrics(domainHome)

Argument	Definition
domainhome	Offline mode: Mandatory Online mode: Optional

Example

The following invocation enables the display of metrics of OAM Servers.

displayOAMMetrics (domainHome=(domainHome1") 

updateOIMHostPort

Online only command that updates the Oracle Identity Manager configuration when integrated with Oracle Access Manager.

Description

Updates the Oracle Identity manager configuration in system configuration.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

updateOIMHostPort(hostname, port, secureProtocol)

Argument	Definition
hostname	Name of the Oracle Identity Manager host.
port	Port of the Oracle Identity Manager host.
secureProtocol	True or false.

Example

The following invocation illustrates this command.

updateOIMHostPort(hostName="OIM host", port="7777", secureProtocol="true") 

configureOIM

Online only command that creates an agent registration specific to Oracle Identity Manager when integrated with Oracle Access Manager.

Description

Creates an Agent registration specific to Oracle Identity Manager when integrated with Oracle Access Manager.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

updateOIMHostPort(hostname, port, secureProtocol)

Argument	Definition
hostname	Name of the Oracle Identity Manager host.
port	Port of the Oracle Identity Manager Managed Server.
oimSecureProtocolEnabled	True or false (depending on HTTP or HTTPS).
oimAccessGatePwd	If provided will be the agent password for Open mode
oimCookieDomain	Domain to which the cookie is to be set
oimWgId	Agent registration name.
oimWgVersion	Possible values 10g or 11g. If not provided, default is 10g.

Example

The following invocation illustrates this command.

updateOIMHostPort(hostName="OIM host", port="7777", secureProtocol="true") 
configureOIM(oimHost="OIM host", oimPort="7777", oimSecureProtocolEnabled="true",
oimAccessGatePwd = "Access Gate Password", oimCookieDomain = "OIM Cookie Domain",
oimWgId="OIM Webgate ID", oimWgVersion="OIM Webgate Version")

updateOSSOResponseCookieConfig

Online and offline command that updates OSSO Proxy response cookie settings.

Description

Updates OSSO Proxy response cookie settings.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

updateOSSOResponseCookieConfig()

Argument	Definition
domainhome	Offline mode: Mandatory Online mode: Optional
cookieName	Optional. Name of the cookie for which settings are updated. If not specified, the global setting is updated.
cookieMaxAge	Maximum age of a cookie in minutes. A negative value sets a session cookie.
isSecureCookie	Boolean flag specifies if cookie should be secure (sent only over SSL channel).
cookieDomain	The domain of the cookie.

Example

The following invocation illustrates this command.

updateOSSOResponseCookieConfig(cookieName = "<cookieName>",
cookieMaxAge = "<cookie age in minutes>", isSecureCookie = "true | false",
cookieDomain="<domain of the cookie>", domainHome = "<wls_domain_home_path>")

deleteOSSOResponseCookieConfig

Online and offline command that deletes OSSO Proxy response cookie settings.

Description

Deletes OSSO Proxy response cookie settings.

The scope of this command is an instance, only. The scope is not an argument.

Syntax

deleteOSSOResponseCookieConfig()

Argument	Definition
domainhome	Offline mode: Mandatory Online mode: Optional
cookieName	Mandatory. Name of the cookie for which settings are deleted.

Example

The following invocation illustrates this command.

deleteOSSOResponseCookieConfig(cookieName = "<cookieName>",
cookieDomain="<domain of the cookie>", domainHome = "<wls_domain_home_path>")