4 Infrastructure Security Custom WLST Commands

The following sections describe the Oracle Fusion Middleware Infrastructure Security custom WLST commands in detail. Topics include:

Overview of WSLT Security Commands
Audit Configuration Commands
SSL Configuration Commands
Oracle Identity Federation Commands
Directory Integration Platform Commands
Security Commands
Oracle Access Manager Commands

For additional information about Oracle Platform Security Services, see Oracle Fusion Middleware Security Guide.

Note:

To use the Infrastructure Security custom WLST commands, you must invoke the WLST script from the Oracle Common home. See "Using Custom WLST Commands" in the Oracle Fusion Middleware Administrator's Guide.

Overview of WSLT Security Commands

WLST security commands are divided into the following categories:

Table 4-1 WLST Command Categories

Command Category	Description
Audit Configuration Commands	View and manage audit policies and the audit repository configuration
SSL Configuration Commands	View and manage wallets, JKS keystores, and SSL configuration for Oracle HTTP Server, Oracle WebCache, Oracle Internet Directory, and Oracle Virtual Directory components.
Oracle Identity Federation Commands	View and manage configuration for Oracle Identity Federation
Directory Integration Platform Commands	For information on DIP tools, see "Directory Integration Platform Tools" in the Oracle Fusion Middleware User Reference for Oracle Identity Management
Security Commands	Manage domain and credential domain stores and migrate domain policy store.
Oracle Access Manager Commands	Manage OAM-related components, such as authorization providers, identityasserters, and SSO providers.

Audit Configuration Commands

Use the WLST commands listed in Table 4-2 to view and manage audit policies and the audit repository configuration.

Table 4-2 WLST Audit Commands

Use this command...	To...	Use with WLST...
getNonJava EEAuditMBeanName	Display the mBean name for a non-Java EE component.	Online
getAuditPolicy	Display audit policy settings.	Online
setAuditPolicy	Update audit policy settings.	Online
getAuditRepository	Display audit repository settings.	Online
setAuditRepository	Update audit repository settings.	Online
listAuditEvents	List audit events for one or all components.	Online
exportAuditConfig	Export a component's audit configuration.	Online
importAuditConfig	Import a component's audit configuration.	Online

For more information, see the Oracle Fusion Middleware Security Guide.

getNonJava EEAuditMBeanName

Online command that displays the mbean name for non-Java EE components.

Description

This command displays the mbean name for non-Java EE components given the instance name, component name, component type, and the name of the Oracle WebLogic Server on which the component's audit mbean is running. The mbean name is a required parameter to other audit WLST commands when managing a non-Java EE component.

Syntax

getNonJavaEEAuditMBeanName(instName, compName, compType, svrName)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are ohs, oid, ovd, and WebCache.
`svrName`	Specifies the name of the Oracle WebLogic Server.

Example

The following interactive command displays the mBean name for an Oracle Internet Directory:

wls:/mydomain/serverConfig> getNonJavaEEAuditMBeanName(instName='inst1', compName='oid1', compType='oid', svrName='AdminServer')

getAuditPolicy

Online command that displays the audit policy settings.

Description

This command displays audit policy settings including the filter preset, special users, custom events, maximum log file size, and maximum log directory size. The component mbean name is required for non-Java EE components like Oracle Internet Directory and Oracle Virtual Directory.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJava EEAuditMBeanName command.

Syntax

getAuditPolicy([mbeanName])

Argument	Definition
`mbeanName`	Specifies the name of the component audit MBean for non-Java EE components.

Examples

The following command displays the audit settings for a Java EE component:

wls:/mydomain/serverConfig> getAuditPolicy()
Location changed to domainRuntime tree. This is a read-only tree with DomainMBean as the root.
For more help, use help(domainRuntime)
 
FilterPreset:All
Max Log File Size:104857600
Max Log Dir Size:0

The following command displays the audit settings for MBean CSAuditProxyMBean:

wls:/mydomain/serverConfig> getAuditPolicy(on='oracle.security.audit.test:type=CSAuditMBean,
name=CSAuditProxyMBean')

setAuditPolicy

Online command that updates an audit policy.

Description

Online command that configures the audit policy settings. You can set the filter preset, add or remove users, and add or remove custom events. The component mbean name is required for non-Java EE components like Oracle Internet Directory and Oracle Virtual Directory.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJava EEAuditMBeanName command.

Syntax

setAuditPolicy([mbeanName],[filterPreset],[addSpecialUsers],
[removeSpecialUsers],[addCustomEvents],[removeCustomEvents])

Argument	Definition
`mbeanName`	Specifies the name of the component audit MBean for non-Java EE components.
`filterPreset`	Specifies the filter preset to be changed.
`addSpecialUsers`	Specifies the special users to be added.
`removeSpecialUsers`	Specifies the special users to be removed.
`addCustomEvents`	Specifies the custom events to be added.
`removeCustomEvents`	Specifies the custom events to be removed.

Examples

The following interactive command sets audit policy to None level, and adds users user2 and user3 while removing user1 from the policy:

wls:/mydomain/serverConfig> setAuditPolicy (filterPreset='None',addSpecialUsers='user2,user3',removeSpecialUsers='user1')

wls:/mydomain/serverConfig> getAuditPolicy();
Already in Domain Runtime Tree

FilterPreset:None
Special Users:user2,user3
Max Log File Size:104857600
Max Log Dir Size:0

The following interactive command adds login events while removing logout events from the policy:

wls:/mydomain/serverConfig> setAuditPolicy(filterPreset='Custom',addCustomEvents='UserLogin',removeCustomEvents='UserLogout')

The following interactive command sets audit policy to a Low level:

wls:/IDMDomain/domainRuntime> setAuditPolicy(filterPreset='Low');
Already in Domain Runtime Tree
Audit Policy Information updated successfully

wls:/IDMDomain/domainRuntime> getAuditPolicy();
Already in Domain Runtime Tree
FilterPreset:Low
Max Log File Size:104857600
Max Log Dir Size:0

The following command sets a custom filter to audit the CheckAuthorization event:

wls:/IDMDomain/domainRuntime> setAuditPolicy(filterPreset='Custom', addCustomEvents='JPS:CheckAuthorization');
Already in Domain Runtime Tree
 
Audit Policy Information updated successfully
wls:/IDMDomain/domainRuntime> getAuditPolicy();
Already in Domain Runtime Tree
 
FilterPreset:Custom
Special Users:user1
Max Log File Size:104857600
Max Log Dir Size:0
Custom Events:JPS:CheckAuthorization

getAuditRepository

Online command that displays audit repository settings.

Description

This command displays audit repository settings for Java EE components and applications (for other components like Oracle Internet Directory, the repository configuration resides in opmn.xml). Also displays database configuration if the repository is a database type.

Syntax

getAuditRepository

Example

The following command displays audit repository configuration:

wls:/IDMDomain/domainRuntime> getAuditRepository()
Already in Domain Runtime Tree
 
Repository Type:File

setAuditRepository

Online command that updates audit repository settings.

Description

This command sets the audit repository settings for Java EE components and applications (for other components like Oracle Internet Directory, the repository is configured by editing opmn.xml).

Syntax

setAuditRepository([switchToDB],[dataSourceName],[interval])

Argument	Definition
`switchToDB`	If `true`, switches the repository from file to database.
`dataSourceName`	Specifies the name of the data source.
`interval`	Specifies intervals at which the audit loader kicks off.

Examples

The following command switches from a file repository to a database repository:

wls:/IDMDomain/domainRuntime> setAuditRepository(switchToDB='true');
Already in Domain Runtime Tree
 
Audit Repository Information updated
 
wls:/IDMDomain/domainRuntime> getAuditRepository();
Already in Domain Runtime Tree
 
JNDI Name:jdbc/AuditDB
Interval:15
Repository Type:DB

The following interactive command changes audit repository to a specific database and sets the audit loader interval to 14 seconds:

wls:/mydomain/serverConfig> setAuditRepository(switchToDB='true',dataSourceName='jdbcAuditDB',interval='14')

listAuditEvents

Online command that displays a component's audit events.

Description

This command displays a component's audit events and attributes. For non-Java EE components, pass the component mbean name as a parameter. Java EE applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter. Without a component type, all generic attributes applicable to all components are displayed.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJava EEAuditMBeanName command.

Syntax

listAuditEvents([mbeanName],[componentType])

Argument	Definition
`mbeanName`	Specifies the name of the component MBean.
`componentType`	Specifies the component type.

Examples

The following command displays audit events for the Oracle Platform Security Services component:

wls:/IDMDomain/domainRuntime> listAuditEvents(componentType='JPS');
Already in Domain Runtime Tree
 
Common Attributes
ComponentType
Type of the component. For MAS integrated SystemComponents this is the componentType
InstanceId
Name of the MAS Instance, that this component belongs to
HostId
DNS hostname of originating host
HostNwaddr
IP or other network address of originating host
ModuleId
ID of the module that originated the message. Interpretation is unique within Component ID.
ProcessId
ID of the process that originated the message

The following command displays audit events for Oracle HTTP Server:

wls:/mydomain/serverConfig> listAuditEvents(componentType='ohs')

The following command displays all audit events:

wls:/IDMDomain/domainRuntime> listAuditEvents();
Already in Domain Runtime Tree
 
Components:
DIP
JPS
OIF
OWSM-AGENT
OWSM-PM-EJB
ReportsServer
WS-PolicyAttachment
WebCache
WebServices
Attributes applicable to all components:
ComponentType
InstanceId
HostId
HostNwaddr
ModuleId
ProcessId
OracleHome
HomeInstance
ECID
RID
...

exportAuditConfig

Online command that exports a component's audit configuration.

Description

This command exports the audit configuration to a file. For non-Java EE components, pass the component mbean name as a parameter. Java EE applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJava EEAuditMBeanName command.

Syntax

exportAuditConfig([mbeanName],fileName)

Argument	Definition
`mbeanName`	Specifies the name of the non-Java EE component MBean.
`fileName`	Specifies the path and file name to which the audit configuration should be exported.

Examples

The following interactive command exports the audit configuration for a component:

wls:/mydomain/serverConfig> exportAuditConfig(on='oracle.security.audit.test:type=CSAuditMBean,name=CSAuditProxyMBean',fileName='/tmp/auditconfig')

The following interactive command exports the audit configuration for a Java EE component; no mBean is specified:

wls:/mydomain/serverConfig> exportAuditConfig(fileName='/tmp/auditconfig')

importAuditConfig

Online command that imports a component's audit configuration.

Description

This command imports the audit configuration from an external file. For non-Java EE components, pass the component mbean name as a parameter. Java EE applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJava EEAuditMBeanName command.

Syntax

importAuditConfig([mbeanName],fileName)

Argument	Definition
`mbeanName`	Specifies the name of the non-Java EE component MBean.
`fileName`	Specifies the path and file name from which the audit configuration should be imported.

Examples

The following interactive command imports the audit configuration for a component:

wls:/mydomain/serverConfig> importAuditConfig(on='oracle.security.audit.test:type=CSAuditMBean,name='CSAuditProxyMBean',fileName='/tmp/auditconfig')

The following interactive command imports the audit configuration for a component; no mBean is specified:

wls:/mydomain/serverConfig> importAuditConfig(fileName='/tmp/auditconfig')

SSL Configuration Commands

Use the WLST commands listed in Table 4-3 to view and manage SSL configuration for Oracle Fusion Middleware components.

Table 4-3 WLST Commands for SSL Configuration

Use this command...	To...	Use with WLST...
addCertificateRequest	Generate a certificate signing request in an Oracle wallet.	Online
addSelfSignedCertificate	Add a self-signed certificate to an Oracle wallet.	Online
changeKeyStorePassword	Change the password to a JKS keystore.	Online
changeWalletPassword	Change the password to an Oracle wallet.	Online
configureSSL	Set the SSL attributes for a component listener.	Online
createKeyStore	Create a JKS keystore.	Online
createWallet	Create an Oracle wallet.	Online
deleteKeyStore	Delete a JKS keystore.	Online
deleteWallet	Delete an Oracle wallet.	Online
exportKeyStore	Export a JKS keystore to a file.	Online
exportKeyStoreObject	Export an object from a JKS keystore to a file.	Online
exportWallet	Export an Oracle wallet to a file.	Online
exportWalletObject	Export an object from an Oracle wallet to a file.	Online
generateKey	Generate a keypair in a JKS keystore.	Online
getKeyStoreObject	Display a certificate or other object present in a JKS keystore.	Online
getSSL	Display the SSL attributes for a component listener.	Online
getWalletObject	Display a certificate or other object present in an Oracle wallet.	Online
importKeyStore	Import a JKS keystore from a file.	Online
importKeyStoreObject	Import a certificate or other object from a file to a JKS keystore.	Online
importWallet	Import an Oracle wallet from a file.	Online
importWalletObject	Import a certificate or other object from a file to an Oracle wallet.	Online
listKeyStoreObjects	List all objects present in a JKS keystore.	Online
listKeyStores	List all JKS keystores configured for a component instance.	Online
listWalletObjects	List all objects present in an Oracle wallet.	Online
listWallets	List all Oracle wallets configured for a component instance.	Online
removeKeyStoreObject	Remove a certificate or other object from a component instance's JKS keystore.	Online
removeWalletObject	Remove a certificate or other object from a component instance's Oracle wallet.	Online

For more information, see the Oracle Fusion Middleware Administrator's Guide.

addCertificateRequest

Online command that generates a certificate signing request in an Oracle wallet.

Description

This command generates a certificate signing request in Base64 encoded PKCS#10 format in an Oracle wallet for a component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory). To get a certificate signed by a certificate authority (CA), send the certificate signing request to your CA.

Syntax

addCertificateRequest(instName, compName, compType, walletName, password, DN, keySize)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.
`walletName`	Specifies the name of the wallet file.
`password`	Specifies the password of the wallet.
`DN`	Specifies the Distinguished Name of the key pair entry.
`keySize`	Specifies the key size in bits.

Example

The following command generates a certificate signing request with DN cn=www.acme.com and key size 1024 in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> addCertificateRequest('inst1', 'oid1', 'oid','wallet1', 'password', 'cn=www.acme.com', '1024')

addSelfSignedCertificate

Online command that adds a self-signed certificate.

Description

This command creates a key pair and wraps it in a self-signed certificate in an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory). Only keys based on the RSA algorithm are generated.

Syntax

addSelfSignedCertificate(instName, compName, compType, walletName, password, DN, keySize)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.
`walletName`	Specifies the name of the wallet file.
`password`	Specifies the password of the wallet.
`DN`	Specifies the Distinguished Name of the key pair entry.
`keySize`	Specifies the key size in bits.

Example

The following command adds a self-signed certificate with DN cn=www.acme.com, key size 1024 to wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> addSelfSignedCertificate('inst1', 'oid1', 'oid','wallet1', 'password', 'cn=www.acme.com', '1024')

changeKeyStorePassword

Online command that changes the keystore password.

Description

This command changes the password of a Java Keystore (JKS) file for an Oracle Virtual Directory instance.

Syntax

changeKeyStorePassword(instName, compName, compType, keystoreName, currPassword, newPassword)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid value is 'ovd'.
`keystoreName`	Specifies the filename of the keystore.
`currPassword`	Specifies the current keystore password.
`newPassword`	Specifies the new keystore password.

Example

The following command changes the password of file keys.jks for Oracle Virtual Directory instance ovd1 in application server instance inst1:

wls:/mydomain/serverConfig> changeKeyStorePassword('inst1', 'ovd1', 'ovd','keys.jks', 'currpassword', 'newpassword')

changeWalletPassword

Online command that changes the password of an Oracle wallet.

Description

This command changes the password of an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory). This command is only applicable to password-protected wallets.

Syntax

changeWalletPassword(instName, compName, compType, walletName,currPassword, newPassword)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are 'oid', 'ohs', and 'webcache'.
`walletName`	Specifies the filename of the wallet.
`currPassword`	Specifies the current wallet password.
`newPassword`	Specifies the new wallet password.

Example

The following command changes the password for wallet1 from currpassword to newpassword for Oracle HTTP Server instance ohs1 in application server instance inst1:

wls:/mydomain/serverConfig> changeWalletPassword('inst1', 'ohs1', 'ohs','wallet1', 'currpassword', 'newpassword')

configureSSL

Online command that sets SSL attributes.

Description

This command sets the SSL attributes for a component listener. The attributes are specified in a properties file format (name=value). If a properties file is not provided, or it does not contain any SSL attributes, default attribute values are used. For component-specific SSL attribute value defaults, see the chapter "SSL Configuration in Oracle Fusion Middleware" in the Oracle Fusion Middleware Administrator's Guide.

Syntax

configureSSL(instName, compName, compType, listener, filePath)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are 'oid', 'ovd', ohs', and 'webcache'.
`listener`	Specifies the name of the component listener to be configured for SSL.
`filePath`	Specifies the absolute path of the properties file containing the SSL attributes to set.

Examples

The following command configures SSL attributes specified in the properties file /tmp/ssl.properties for Oracle Virtual Directory instance ovd1 in application server instance inst1, for listener listener1:

wls:/mydomain/serverConfig> configureSSL('inst1', 'ovd1', 'ovd', 'listener1','/tmp/ssl.properties')

The following command configures SSL attributes without specifying a properties file. Since no file is provided, the default SSL attribute values are used:

wls:/mydomain/serverConfig> configureSSL('inst1', 'ovd1', 'ovd', 'listener2')

createKeyStore

Online command that creates a JKS keystore.

Description

This command creates a Java keystore (JKS) for the specified Oracle Virtual Directory instance. For keystore file location and other information, see the chapter "Managing Keystores, Wallets, and Certificates" in the Oracle Fusion Middleware Administrator's Guide.

Syntax

createKeyStore(instName, compName, compType, keystoreName, password)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid value is 'ovd'.
`keystoreName`	Specifies the filename of the keystore file to be created.
`password`	Specifies the keystore password.

Example

The following command creates JKS file keys.jks with password password for Oracle Virtual Directory instance ovd1 in application server instance inst1:

wls:/mydomain/serverConfig> createKeyStore('inst1', 'ovd1', 'ovd','keys.jks', 'password')

createWallet

Online command that creates an Oracle wallet.

Description

This command creates an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory). Wallets can be of password-protected or auto-login type. For wallet details, see the chapter "Managing Keystores, Wallets, and Certificates" in the Oracle Fusion Middleware Administrator's Guide.

Syntax

createWallet(instName, compName, compType, walletName, password)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are 'oid', 'ohs', and 'webcache'.
`walletName`	Specifies the name of the wallet file to be created.
`password`	Specifies the wallet password.

Examples

The following command creates a wallet named wallet1 with password password, for Oracle HTTP Server instance ohs1 in application server instance inst1:

wls:/mydomain/serverConfig> createWallet('inst1', 'ohs1', 'ohs','wallet1', 'password')

The following command creates an auto-login wallet named wallet2 for Oracle WebCache instance wc1, in application server instance inst1:

wls:/mydomain/serverConfig> createWallet('inst1', 'wc1', 'webcache','wallet2', '')

deleteKeyStore

Online command that deletes a keystore.

Description

This command deletes a keystore for a specified Oracle Virtual Directory instance.

Syntax

deleteKeyStore(instName, compName, compType, keystoreName)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid value is 'ovd'.
`keystoreName`	Specifies the name of the keystore file to delete.

Example

The following command deletes JKS file keys.jks for Oracle Virtual Directory instance ovd1 in application server instance inst1:

wls:/mydomain/serverConfig> deleteKeyStore('inst1', 'ovd1', 'ovd','keys.jks')

deleteWallet

Online command that deletes an Oracle wallet.

Description

This command deletes an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory).

Syntax

deleteWallet(instName, compName, compType, walletName)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are 'oid', 'ohs', and 'webcache'.
`walletName`	Specifies the name of the wallet file to be deleted.

Example

The following command deletes a wallet named wallet1 for Oracle HTTP Server instance ohs1 in application server instance inst1:

wls:/mydomain/serverConfig> deleteWallet('inst1', 'ohs1', 'ohs','wallet1')

exportKeyStore

Online command that exports the keystore to a file.

Description

This command exports a keystore, configured for the specified Oracle Virtual Directory instance, to a file under the given directory. The exported filename is the same as the keystore name.

Syntax

exportKeyStore(instName, compName, compType, keystoreName, password, path)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid value is 'ovd'.
`keystoreName`	Specifies the name of the keystore file.
`password`	Specifies the password of the keystore.
`path`	Specifies the absolute path of the directory under which the keystore is exported.

Example

The following command exports the keystore keys.jks for Oracle Virtual Directory instance ovd1 to file keys.jks under /tmp:

wls:/mydomain/serverConfig> exportKeyStore('inst1', 'ovd1', 'ovd', 'keys.jks', 'password', '/tmp')

exportKeyStoreObject

Online command that exports an object from a keystore to a file.

Description

This command exports a certificate signing request, certificate/certificate chain, or trusted certificate present in a Java keystore (JKS) to a file for the specified Oracle Virtual Directory instance. The certificate signing request is generated before exporting the object. The alias specifies the object to be exported.

Syntax

exportKeyStoreObject(instName, compName, compType, keystoreName, password, type, path, alias)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid value is 'ovd'.
`keystoreName`	Specifies the name of the keystore file.
`password`	Specifies the password of the keystore.
`type`	Specifies the type of the keystore object to be exported. Valid values are 'CertificateRequest', 'Certificate', 'TrustedCertificate' and 'TrustedChain'.
`path`	Specifies the absolute path of the directory under which the object is exported as a file named base64.txt.
`alias`	Specifies the alias of the keystore object to be exported.

Examples

The following command generates and exports a certificate signing request from the key-pair indicated by alias mykey in keys.jks, for Oracle Virtual Directory instance ovd1 in application server instance inst1. The certificate signing request is exported under the directory /tmp:

wls:/mydomain/serverConfig> exportKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'CertificateRequest', '/tmp','mykey')

The following command exports a certificate or certificate chain indicated by alias mykey in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1. The certificate or certificate chain is exported under the directory /tmp:

wls:/mydomain/serverConfig> exportKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'Certificate', '/tmp','mykey')

The following command exports a trusted certificate indicated by alias mykey in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1. The trusted certificate is exported under the directory /tmp:

wls:/mydomain/serverConfig> exportKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'TrustedCertificate', '/tmp','mykey')

exportWallet

Online command that exports an Oracle wallet.

Description

This command exports an Oracle wallet, configured for a specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory), to file(s) under the given directory. If the exported file is an auto-login only wallet, the file name is 'cwallet.sso'. If it is password-protected wallet, two files are created - 'ewallet.p12' and 'cwallet.sso'.

Syntax

exportWallet(instName, compName, compType, walletName,password, path)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are 'oid', 'ohs', and 'webcache'.
`walletName`	Specifies the name of the wallet file.
`password`	Specifies the password of the wallet.
`path`	Specifies the absolute path of the directory under which the object is exported.

Examples

The following command exports auto-login wallet wallet1 for Oracle Internet Directory instance oid1 to file cwallet.sso under /tmp:

wls:/mydomain/serverConfig> exportWallet('inst1', 'oid1', 'oid', 'wallet1','','/tmp')

The following command exports password-protected wallet wallet2 for Oracle Internet Directory instance oid1 to two files, ewallet.p12 and cwallet.sso, under /tmp:

wls:/mydomain/serverConfig> exportWallet('inst1', 'oid1', 'oid', 'wallet2', 'password', '/tmp')

exportWalletObject

Online command that exports a certificate or other wallet object to a file.

Description

This command exports a certificate signing request, certificate, certificate chain or trusted certificate present in an Oracle wallet to a file for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory). DN is used to indicate the object to be exported.

Syntax

exportWalletObject(instName, compName, compType, walletName, password, type, path, DN)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are 'ohs','oid', and 'webcache'.
`walletName`	Specifies the name of the wallet file.
`password`	Specifies the password of the wallet.
`type`	Specifies the type of wallet object to be exported. Valid values are 'CertificateRequest', 'Certificate', 'TrustedCertificate' or 'TrustedChain'.
`path`	Specifies the absolute path of the directory under which the object is exported as a file base64.txt.
`DN`	Specifies the Distinguished Name of the wallet object being exported.

Examples

The following command exports a certificate signing request with DN cn=www.acme.com in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1. The certificate signing request is exported under the directory /tmp:

wls:/mydomain/serverConfig> exportWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'CertificateRequest', '/tmp','cn=www.acme.com')

The following command exports a certificate with DN cn=www.acme.com in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1. The certificate or certificate chain is exported under the directory /tmp:

wls:/mydomain/serverConfig> exportWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'Certificate', '/tmp','cn=www.acme.com')

The following command exports a trusted certificate with DN cn=www.acme.com in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1. The trusted certificate is exported under the directory /tmp:

wls:/mydomain/serverConfig> exportWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'TrustedCertificate', '/tmp','cn=www.acme.com')

The following command exports a certificate chain with DN cn=www.acme.com in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1. The certificate or certificate chain is exported under the directory /tmp:

wls:/mydomain/serverConfig> exportWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'TrustedChain', '/tmp','cn=www.acme.com')

generateKey

Online command that generates a key pair in a Java keystore.

Description

This command generates a key pair in a Java keystore (JKS) for Oracle Virtual Directory. It also wraps the key pair in a self-signed certificate. Only keys based on the RSA algorithm are generated.

Syntax

generateKey(instName, compName, compType, keystoreName, password, DN, keySize, alias, algorithm)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid value is 'ovd'.
`keystoreName`	Specifies the name of the keystore.
`password`	Specifies the password of the keystore.
`DN`	Specifies the Distinguished Name of the key pair entry.
`keySize`	Specifies the key size in bits.
`alias`	Specifies the alias of the key pair entry in the keystore.
`algorithm`	Specifies the key algorithm. Valid value is 'RSA'.

Examples

The following command generates a key pair with DN cn=www.acme.com, key size 1024, algorithm RSA and alias mykey in keys.jks, for Oracle Virtual Directory instance ovd1 in application server instance inst1:

wls:/mydomain/serverConfig> generateKey('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'cn=www.acme.com', '1024', 'mykey', 'RSA')

The following command is the same as above, except it does not explicitly specify the key algorithm:

wls:/mydomain/serverConfig> generateKey('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'cn=www.acme.com', '1024', 'mykey')

getKeyStoreObject

Online command that shows details about a keystore object.

Description

This command displays a specific certificate or trusted certificate present in a Java keystore (JKS) for Oracle Virtual Directory. The keystore object is indicated by its index number, as given by the listKeyStoreObjects command. It shows the certificate details including DN, key size, algorithm, and other information.

Syntax

getKeyStoreObject(instName, compName, compType, keystoreName, password, type, index)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid value is 'ovd'.
`keystoreName`	Specifies the name of the keystore file.
`password`	Specifies the password of the keystore.
`type`	Specifies the type of the keystore object to be listed. Valid values are 'Certificate' and 'TrustedCertificate'.
`index`	Specifies the index number of the keystore object as returned by the `listKeyStoreObjects` command.

Examples

The following command shows a trusted certificate with index 1 present in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1:

wls:/mydomain/serverConfig> getKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'TrustedCertificate', '1')

The following command shows a certificate with index 1 present in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1:

wls:/mydomain/serverConfig> getKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'Certificate', '1')

getSSL

Online command that lists the configured SSL attributes.

Description

This command lists the configured SSL attributes for the specified component listener. For Oracle Internet Directory, the listener name is always sslport1.

Syntax

getSSL(instName, compName, compType, listener)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are 'ovd', 'oid', 'ohs', and 'webcache'.
`listener`	Specifies the name of the component listener.

Example

The following command shows the SSL attributes configured for Oracle Internet Directory instance oid1, in application server instance inst1, for listener sslport1:

wls:/mydomain/serverConfig> getSSL('inst1', 'oid1', 'oid', 'sslport1')

getWalletObject

Online command that displays information about a certificate or other object in an Oracle wallet.

Description

This command displays a specific certificate signing request, certificate or trusted certificate present in an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory). The wallet object is indicated by its index number, as given by the listWalletObjects command. For certificates or trusted certificates, it shows the certificate details including DN, key size, algorithm and other data. For certificate signing requests, it shows the subject DN, key size and algorithm.

Syntax

getWalletObject(instName, compName, compType, walletName, password, type, index)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.
`walletName`	Specifies the name of the wallet file.
`password`	Specifies the password of the wallet.
`type`	Specifies the type of wallet object to be exported. Valid values are 'CertificateRequest', 'Certificate', and 'TrustedCertificate'.
`index`	Specifies the index number of the wallet object as returned by the `listWalletObjects` command.

Examples

The following command shows certificate signing request details for the object with index 0 present in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> getKeyStoreObject('inst1', 'oid1', 'oid','wallet1','password', 'CertificateRequest', '0')

The following command shows certificate details for the object with index 0 present in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> getKeyStoreObject('inst1', 'oid1', 'oid','wallet1','password', 'Certificate', '0')

The following command shows trusted certificate details for the object with index 0, present in wallet1, for Oracle Internet Directory instance oid1, in application serverinstance inst1:

wls:/mydomain/serverConfig> getKeyStoreObject('inst1', 'oid1', 'oid','wallet1','password', 'TrustedCertificate', '0')

importKeyStore

Online command that imports a keystore from a file.

Description

This command imports a Java keystore (JKS) from a file to the specified Oracle Virtual Directory instance for manageability. The component instance name must be unique.

Syntax

importKeyStore(instName, compName, compType, keystoreName, password, filePath)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid value is 'ovd'.
`keystoreName`	Specifies the name of the keystore being imported. This name must be unique for this component instance.
`password`	Specifies the password of the keystore.
`filePath`	Specifies the absolute path of the keystore file to be imported.

Example

The following command imports the keystore /tmp/keys.jks as file.jks into Oracle Virtual Directory instance ovd1. Subsequently, the keystore is managed through the name file.jks:

wls:/mydomain/serverConfig> importKeyStore('inst1', 'ovd1', 'ovd', 'file.jks',
'password', '/tmp/keys.jks')

importKeyStoreObject

Online command that imports an object from a file to a keystore.

Description

This command imports a certificate, certificate chain, or trusted certificate into a Java keystore (JKS) for Oracle Virtual Directory, assigning it the specified alias which must be unique in the keystore. If a certificate or certificate chain is being imported, the alias must match that of the corresponding key-pair.

Syntax

importKeyStoreObject(instName, compName, compType, keystoreName, password, type, filePath, alias)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid value is 'ovd'.
`keystoreName`	Specifies the name of the keystore.
`password`	Specifies the password of the keystore.
`type`	Specifies the type of the keystore object to be imported. Valid values are 'Certificate' and 'TrustedCertificate'.
`filePath`	Specifies the absolute path of the file containing the keystore object.
`alias`	Specifies the alias to assign to the keystore object to be imported.

Examples

The following command imports a certificate or certificate chain from file cert.txt into keys.jks, using alias mykey for Oracle Virtual Directory instance ovd1, in application server instance inst1. The file keys.jks must already have an alias mykey for a key-pair whose public key matches that in the certificate being imported:

wls:/mydomain/serverConfig> > importKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'Certificate','/tmp/cert.txt', 'mykey')

The following command imports a trusted certificate from file trust.txt into keys.jks using alias mykey1, for Oracle Virtual Directory instance ovd1 in application server instance inst1:

wls:/mydomain/serverConfig> importKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'TrustedCertificate','/tmp/trust.txt', 'mykey1')

importWallet

Online command that imports an Oracle wallet from a file.

Description

This command imports an Oracle wallet from a file to the specified component instance (Oracle HTTP Server, Oracle WebCache, or Oracle Internet Directory) for manageability. If the wallet being imported is an auto-login wallet, the file path must point to cwallet.sso; if the wallet is password-protected, it must point to ewallet.p12. The wallet name must be unique for the component instance.

Syntax

importWallet(instName, compName, compType, walletName, password, filePath)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.
`walletName`	Specifies the name of the wallet being imported. The name must be unique for the component instance.
`password`	Specifies the password of the wallet.
`filePath`	Specifies the absolute path of the wallet file being imported.

Examples

The following command imports auto-login wallet file /tmp/cwallet.sso as wallet1 into Oracle Internet Directory instance oid1. Subsequently, the wallet is managed with the name wallet1. No password is passed since it is an auto-login wallet:

wls:/mydomain/serverConfig> importWallet('inst1', 'oid1', 'oid', 'wallet1', '', '/tmp/cwallet.sso')

The following command imports password-protected wallet /tmp/ewallet.p12 as wallet2 into Oracle Internet Directory instance oid1. Subsequently, the wallet is managed with the name wallet2. The wallet password is passed as a parameter:

wls:/mydomain/serverConfig> importWallet('inst1', 'oid1', 'oid', 'wallet2', 'password', '/tmp/ewallet.p12')

importWalletObject

Online command that imports a certificate or other object into an Oracle wallet.

Description

This command imports a certificate, trusted certificate or certificate chain into an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache component or Oracle Internet Directory).When importing a certificate, use the same wallet file from which the certificate signing request was generated.

Syntax

importWalletObject(instName, compName, compType, walletName, password, type, filePath)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.
`walletName`	Specifies the name of the wallet file.
`password`	Specifies the password of the wallet.
`type`	Specifies the type of wallet object to be imported. Valid values are 'Certificate', 'TrustedCertificate' and 'TrustedChain'.
`filePath`	Specifies the absolute path of the file containing the wallet object.

Examples

The following command imports a certificate chain in PKCS#7 format from file chain.txt into wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> importWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'TrustedChain','/tmp/chain.txt')

The following command imports a certificate from file cert.txt into wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> importWalletObject('inst1', 'oid1', 'oid','wallet1', 
'password', 'Certificate','/tmp/cert.txt')

The following command imports a trusted certificate from file trust.txt into wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> importWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'TrustedCertificate','/tmp/trust.txt')

listKeyStoreObjects

Online command that lists the contents of a keystore.

Description

This command lists all the certificates or trusted certificates present in a Java keystore (JKS) for Oracle Virtual Directory.

Syntax

listKeyStoreObjects(instName, compName, compType, keystoreName, password, type)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid value is 'ovd'.
`keystoreName`	Specifies the name of the keystore file.
`password`	Specifies the password of the keystore.
`type`	Specifies the type of keystore object to be listed. Valid values are 'Certificate' and 'TrustedCertificate'.

Examples

The following command lists all trusted certificates present in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1:

wls:/mydomain/serverConfig> listKeyStoreObjects('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'TrustedCertificate')

The following command lists all certificates present in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1:

wls:/mydomain/serverConfig> listKeyStoreObjects('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'Certificate')

listKeyStores

Online command that lists all the keystores for a component.

Description

This command lists all the Java keystores (JKS) configured for the specified Oracle Virtual Directory instance.

Syntax

listKeyStores(instName, compName, compType)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance
`compType`	Specifies the type of component. Valid value is 'ovd'.

Example

The following command lists all keystores for Oracle Virtual Directory instance ovd1 in application server instance inst1:

wls:/mydomain/serverConfig> listKeyStores('inst1', 'ovd1', 'ovd')

listWalletObjects

Online command that lists all objects in an Oracle wallet.

Description

This command lists all certificate signing requests, certificates, or trusted certificates present in an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory).

Syntax

listWalletObjects(instName, compName, compType, walletName, password, type)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.
`walletName`	Specifies the name of the wallet file.
`password`	Specifies the password of the wallet.
`type`	Specifies the type of wallet object to be listed. Valid values are 'CertificateRequest', 'Certificate', and 'TrustedCertificate'.

Examples

The following command lists all certificate signing requests in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> > listWalletObjects('inst1', 'oid1', 'oid','wallet1','password', 'CertificateRequest')

The following command lists all certificates in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> listWalletObjects('inst1', 'oid1', 'oid','wallet1','password', 'Certificate')

The following command lists all trusted certificates in wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> listWalletObjects('inst1', 'oid1', 'oid','wallet1','password', 'TrustedCertificate')

listWallets

Online command that lists all wallets configured for a component instance.

Description

This command displays all the wallets configured for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory), and identifies the auto-login wallets.

Syntax

listWallets(instName, compName, compType)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance
`compType`	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.

Example

The following command lists all wallets for Oracle Internet Directory instance oid1 in application server instance inst1:

wls:/mydomain/serverConfig> listWallets('inst1', 'oid1', 'oid')

removeKeyStoreObject

Online command that removes an object from a keystore.

Description

This command removes a certificate request, certificate, trusted certificate, or all trusted certificates from a Java keystore (JKS) for Oracle Virtual Directory. Use an alias to remove a specific object; no alias is needed if all trusted certificates are being removed.

Syntax

removeKeyStoreObject(instName, compName, compType, keystoreName, password, type, alias)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid value is 'ovd'.
`keystoreName`	Specifies the name of the keystore file.
`password`	Specifies the password of the keystore.
`type`	Specifies the type of the keystore object to be removed. Valid values are 'Certificate', 'TrustedCertificate' or 'TrustedAll'.
`alias`	Specifies the alias of the keystore object to be removed.

Examples

The following command removes a certificate or certificate chain denoted by alias mykey in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1:

wls:/mydomain/serverConfig> removeKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'Certificate','mykey')

The following command removes a trusted certificate denoted by alias mykey in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1:

wls:/mydomain/serverConfig> removeKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'TrustedCertificate','mykey')

The following command removes all trusted certificates in keys.jks, for Oracle Virtual Directory instance ovd1, in application server instance inst1. Since no alias is required, the value None is passed for that parameter:

wls:/mydomain/serverConfig> removeKeyStoreObject('inst1', 'ovd1', 'ovd','keys.jks', 'password', 'TrustedAll',None)

removeWalletObject

Online command that removes a certificate or other object from an Oracle wallet.

Description

This command removes a certificate signing request, certificate, trusted certificate or all trusted certificates from an Oracle wallet for the specified component instance (Oracle HTTP Server, Oracle WebCache or Oracle Internet Directory). DN is used to indicate the object to be removed.

Syntax

removeWalletObject(instName, compName, compType, walletName, password, type, DN)

Argument	Definition
`instName`	Specifies the name of the application server instance.
`compName`	Specifies the name of the component instance.
`compType`	Specifies the type of component. Valid values are 'ohs', 'oid', and 'webcache'.
`walletName`	Specifies the name of the wallet file.
`password`	Specifies the password of the wallet.
`type`	Specifies the type of the keystore object to be removed. Valid values are 'CertificateRequest', 'Certificate', 'TrustedCertificate' or 'TrustedAll'.
`DN`	Specifies the Distinguished Name of the wallet object to be removed.

Examples

The following command removes all trusted certificates from wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1. It is not necessary to provide a DN, so we pass null (denoted by None) for the DN parameter:

wls:/mydomain/serverConfig> removeWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'TrustedAll',None)

The following command removes a certificate signing request indicated by DN cn=www.acme.com from wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> removeWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'CertificateRequest','cn=www.acme.com')

The following command removes a certificate indicated by DN cn=www.acme.com from wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> removeWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'Certificate','cn=www.acme.com')

The following command removes a trusted certificate indicated by DN cn=www.acme.com from wallet1, for Oracle Internet Directory instance oid1, in application server instance inst1:

wls:/mydomain/serverConfig> removeWalletObject('inst1', 'oid1', 'oid','wallet1', 'password', 'TrustedCertificate','cn=www.acme.com')

Oracle Identity Federation Commands

Use the WLST commands listed in Table 4-4 to view and manage configuration for Oracle Identity Federation.

Table 4-4 WLST Commands for Oracle Identity Federation

Use this command...	To...	Use with WLST...
addConfigListEntryInMap	Add a configuration list entry to a map.	Online
addConfigMapEntryInMap	Add a configuration map entry to a map.	Online
addConfigPropertyListEntry	Add a configuration property list entry.	Online
addConfigPropertyMapEntry	Add a configuration property map entry to the map.	Online
addCustomAuthnEngine	Add a custom authentication engine.	Online
addCustomSPEngine	Add a custom SP engine.	Online
addFederationListEntryInMap	Add a federations list entry to the map.	Online
addFederationMapEntryInMap	Add a federation map entry to the map.	Online
addFederationPropertyListEntry	Add a federation property list entry.	Online
addFederationPropertyMapEntry	Add a federation property map entry.	Online
deleteCustomAuthnEngine	Delete a custom authentication engine.	Online
deleteCustomSPEngine	Delete a custom SP engine.	Online
deleteProviderFederation	Delete a provider from the federation.	Online
deleteUserFederation	Delete a user from the federation.	Online
changeMessageStore	Change the message store to memory or RDBMS.	Online
changePeerProviderDescription	Change a peer provider's description.	Online
changeSessionStore	Change the session store to memory or RDBMS.	Online
createConfigPropertyList	Create a configuration property list.	Online
createConfigPropertyListInMap	Create a configuration property list in the map.	Online
createConfigPropertyMap	Create a configuration property map.	Online
createConfigPropertyMapInMap	Create a nested configuration property map in a map.	Online
createFederationPropertyList	Create a federation property list.	Online
createFederationPropertyListInMap	Create a federation property list in the map.	Online
createFederationPropertyMap	Create a federation property map.	Online
createFederationPropertyMapInMap	Create a nested federation property map in a map.	Online
createPeerProviderEntry	Create a peer provider entry.	Online
getConfigListValueInMap	Retrieve a configuration list value from the map.	Online
getConfigMapEntryInMap	Retrieve a configuration map value from the map.	Online
getConfigProperty	Retrieve a configuration property entry.	Online
getConfigPropertyList	Retrieve a configuration property list.	Online
getConfigPropertyMapEntry	Retrieve a configuration property map entry.	Online
getFederationListValueInMap	Retrieve a federation list value from the map.	Online
getFederationMapEntryInMap	Retrieve a federation map entry from a nested map.	Online
getFederationProperty	Retrieve a federation property.	Online
getFederationPropertyList	Retrieve the federation property list.	Online
getFederationPropertyMapEntry	Retrieve a federation property map entry.	Online
listCustomAuthnEngines	Display the list of custom authentication engines.	Online
listCustomSPEngines	Display the list of custom SP engines.	Online
loadMetadata	Load metadata from a file.	Online
oifStatus	Display the current status of Oracle Identity Federation on the managed server.	Online
removeConfigListInMap	Delete a configuration list in the map.	Online
removeConfigMapEntryInMap	Delete a configuration map entry in the map.	Online
removeConfigMapInMap	Delete a nested configuration map.	Online
removeConfigProperty	Delete a configuration property.	Online
removeConfigPropertyList	Delete a property list.	Online
removeConfigPropertyMap	Delete a property map.	Online
removeConfigPropertyMapEntry	Delete an entry in the property map.	Online
removeFederationListInMap	Delete a federation list in the map.	Online
removeFederationMapInMap	Delete a nested federation map.	Online
removeFederationMapEntryInMap	Delete a nested federation map entry.	Online
removeFederationProperty	Delete a federation property.	Online
removeFederationPropertyList	Delete a federation property list.	Online
removeFederationPropertyMap	Delete a federation property map.	Online
removeFederationPropertyMapEntry	Delete a federation property map entry.	Online
removePeerProviderEntry	Delete a peer provider entry.	Online
setConfigProperty	Set a configuration property.	Online
setCustomAuthnEngine	Define a custom authentication engine.	Online
setCustomSPEngine	Define a custom SP engine.	Online
setFederationProperty	Set a federation property.	Online

For more information, see the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation.

addConfigListEntryInMap

Online command that adds a property value to a map.

Description

This command adds a property value to a nested list inside a map in config.xml.

Syntax

addConfigListEntryInMap(configName, mapname, listName, value, type)

Argument	Definition
`configname`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
`mapname`	Specifies the name of the property to map to be changed in config.xml.
`listname`	Specifies the name of the list.
`value`	Specifies the property value.
`type`	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds valueA to a map list in server configuration:

wls:/mydomain/serverConfig> addConfigListEntryInMap('serverconfig','mymap','mylistA','valueA','string')

addConfigMapEntryInMap

Online command that adds a nested map property entry in a map.

Description

This command that adds a property name/value pair to a map nested inside a map in config.xml.

Syntax

addConfigMapEntryInMap(configName, mapname, nestedMapName, propName, value, type)

Argument	Definition
`configname`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
`mapname`	Specifies the name of the property map to be changed in config.xml.
`nestedmapname`	name of the nested property map to be changed.
`propname`	Specifies the name of the list.
`value`	Specifies the property value.
`type`	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds a boolean name/value pair to nestedmapB inside the map mymap.

wls:/mydomain/serverConfig> addConfigMapEntryInMap('serverconfig','mymap','nestedmapB','myvarB','true', 'boolean')

addConfigPropertyListEntry

Online command that adds a list property entry to config.xml.

Description

This command adds a property value to a list in config.xml.

Syntax

addConfigPropertyListEntry(configName, listName, value, type)

Argument	Definition
`configname`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
`mapname`	Specifies the name of the property list to be added in config.xml.
`listname`	Specifies the new property list value. The entered value is appended to the list.
`type`	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds a string value to mylistA.

wls:/mydomain/serverConfig> addConfigPropertyListEntry('serverconfig','mylistA','valueA','string')

addConfigPropertyMapEntry

Online command that adds a property name/value entry in a map in config.xml.

Description

This command adds a property name/value entry in a map in config.xml.

Syntax

addConfigPropertyMapEntry(configName, mapName, propName, value, type)

Argument	Definition
`configname`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
`mapname`	Specifies the name of the property map in config.xml.
`propname`	Specifies the name of the property map.
`value`	Specifies the property map value to be added.
`type`	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds valueA of string type to a map.

wls:/mydomain/serverConfig> addConfigPropertyMapEntry('serverconfig','mymapA','myvarA','valueA','string')

addCustomAuthnEngine

Online command that adds a custom authentication integration engine.

Description

This command adds a custom authentication integration engine to config.xml.

Syntax

addCustomAuthnEngine(name, [enabled], [webContext], [authnRelativePath],  [logoutRelativePath], [logoutEnabled])

Argument	Definition
`name`	Specifies the name of the custom engine.
`enabled`	This flag specifies whether the engine is enabled (true) or not (false, default).
`webContext`	Specifies the web context for the engine.
`authnRelativePath`	Specifies the authentication relative path URL for the engine.
`logoutRelativePath`	Specifies the logout relative path URL for the engine.
`logoutEnabled`	This flag is set true to enable logout for the engine, else false.

Example

The following command defines an engine named test and enables it.

wls:/mydomain/serverConfig> addCustomAuthnEngine('test','true')

addCustomSPEngine

Online command that adds a custom service provider (SP) engine.

Description

This command adds a custom SP integration engine to config.xml.

Syntax

addCustomSPEngine(name, [enabled, [authnMech], [webContext], [authnRelativePath], [logoutRelativePath], [logoutEnabled])

Argument	Definition
`name`	Specifies the name of the custom engine.
`enabled`	This flag specifies whether the engine is enabled (true) or not (false).
`authnMech`	Specifies the authentication mechanism for the engine.
`webContext`	Specifies the web context for the engine.
`authnRelativePath`	Specifies the authentication relative path URL for the engine.
`logoutRelativePath`	Specifies the logout relative path URL for the engine.
`logoutEnabled`	This flag is set true to enable logout for the engine, else false.

Example

The following command adds an engine and gives it a disabled status.

addCustomSPEngine('new engine','false','oracle:fed:authentication:unspecified','webcontext')

addFederationListEntryInMap

Online command that adds a list property entry in a map.

Description

This command adds a property value to a nested list inside a map in cot.xml.

Syntax

addFederationListEntryInMap(providerID, mapname, listName, value, type)

Argument	Definition
`providerID`	Specifies the provider ID.
`mapname`	Specifies the name of the property map to be changed in cot.xml.
`listname`	Specifies the name of the property list to be added to the map.
`value`	Specifies the property list value to be added. The entered value is appended to the list.
`type`	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds a boolean property list to mymap.

wls:/mydomain/serverConfig> addFederationListEntryInMap('providerB','mymap','mylistB','true','boolean')

addFederationMapEntryInMap

Online command that adds a nested map property entry in a map.

Description

This command adds a property name/value pair to a map nested inside a map in cot.xml.

Syntax

addFederationMapEntryInMap(providerID, mapname, nestedMapName, propName, value, type)

Argument	Definition
`providerID`	Specifies the provider ID.
`mapname`	Specifies the name of the property map to be changed in cot.xml.
`nestedMapName`	Specifies the name of the nested property map to be changed.
`propName`	Specifies the name of the property to be updated in the map.
`value`	Specifies the property value to be added. The entered value is appended to the list.
`type`	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds a value of type string to the myvarA property in a nested map.

wls:/mydomain/serverConfig> addFederationMapEntryInMap('providerA','mymap','nestedmapA','myvarA','valueA', 'string')

addFederationPropertyListEntry

Online command that adds a list property entry.

Description

This command adds a property value to a list in cot.xml.

Syntax

addFederationPropertyListEntry(providerID, listName, value, type)

Argument	Definition
`providerID`	Specifies the provider ID.
`listName`	Specifies the name of the property list to be updated.
`value`	Specifies the property list value to be added. The entered value is appended to the list.
`type`	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds a value in string format to a specified property list.

wls:/mydomain/serverConfig> addFederationPropertyListEntry('providerA','mylistA','valueA','string')

addFederationPropertyMapEntry

Online command that a property name/value entry in a map.

Description

This command adds a property name/value pair to a map in cot.xml.

Syntax

addFederationPropertyMapEntry(providerID, mapName, propName, value, type)

Argument	Definition
`providerID`	Specifies the provider ID.
`mapName`	Specifies the name of the property map to be changed in cot.xml.
`propName`	Specifies the name of the property to be added in the map.
`value`	Specifies the property value to be added. The entered value is appended to the list.
`type`	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command adds boolean property myvarB to a map.

wls:/mydomain/serverConfig> addFederationPropertyMapEntry('providerA','mymapB','myvarB','true','boolean')

deleteCustomAuthnEngine

Online command that deletes a custom authentication integration engine from the configuration.

Description

This command deletes a custom authentication integration engine in config.xml. You must provide the engine ID for an existing custom authentication engine in config.xml.

Syntax

deleteCustomAuthnEngine(engineID)

Argument	Definition
`engineID`	Specifies the engine ID of an existing engine to be deleted.

Example

The following command deletes the authentication engine with ID id1234.

wls:/mydomain/serverConfig> deleteCustomAuthnEngine('id1234')

deleteCustomSPEngine

Online command that deletes a custom service provider (SP) integration engine from the configuration.

Description

This command deletes a custom SP integration engine in config.xml. The EngineID for an existing custom SP engine in config.xml must be provided.

Syntax

ddeleteCustomSPEngine(engineID)

Argument	Definition
`engineID`	Specifies the engine ID of an existing engine to be deleted.

Example

The following command deletes the engine with ID id1234.

wls:/mydomain/serverConfig> deleteCustomSPEngine('id1234')

deleteProviderFederation

Online command that deletes federations for given provider.

Description

This command deletes federations for given provider ID.

Syntax

deleteProviderFederation(providerID)

Argument	Definition
`providerID`	Specifies the ProviderID for the peer provider for which federation is to be deleted.

Example

The following command deletes providerA:

wls:/mydomain/serverConfig> deleteProviderFederation(providerA)

deleteUserFederation

Online command that deletes federations for given users.

Description

This command deletes federations for the given list of users.

Syntax

deleteUserFederation([user1,..])

Argument	Definition
`user1`	Specifies a comma-separated list of users whose federations are to be deleted. At least one user must be specified.

Example

The following command deletes federations for three users:

wls:/mydomain/serverConfig> deleteUserFederation(['userA','userB','userC'])

changeMessageStore

Online command that changes the message store between memory and RDBMS.

Description

This command changes the message store to memory or RDBMS.

Syntax

changeMessageStore(type, [jndiname])

Argument	Definition
`type`	Specifies the type of store, RDBMS or Memory. Default is Memory.
`jndiname`	Specifies the `jndi` name to set for the store. Required if type is RDBMS.

Example

The following command changes the message store to RDBMS:

wls:/mydomain/serverConfig> changeMessageStore('RDBMS','jdbc/mydb')

changePeerProviderDescription

Online command that changes the peer provider description.

Description

This command updates a peer provider description in cot.xml.

Syntax

changePeerProviderDescription(providerID, description)

Argument	Definition
`providerID`	Specifies the provider ID.
`description`	Specifies the provider description.

Example

The following command updates the description of a provider:

wls:/mydomain/serverConfig> changePeerProviderDescription('providerA','new description')

changeSessionStore

Online command that changes the session store between memory and RDBMS.

Description

This command changes the session store to memory or RDBMS.

Syntax

changeSessionStore(type, [jndiname])

Argument	Definition
`type`	Specifies the type of store, RDBMS or Memory. Default is Memory.
`jndiname`	Specifies the jndi name to set for the store. Required if type is RDBMS.

Example

The following command changes the session store to RDBMS.

wls:/mydomain/serverConfig> changeSessionStore('RDBMS','jdbc/mydb')

createConfigPropertyList

Online command that creates a property list.

Description

This command creates a property list in config.xml.

Syntax

createConfigPropertyList(configName, listName)

Argument	Definition
`configname`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
`listname`	Specifies the property list name.

Example

The following command creates property list mylistA.

wls:/mydomain/serverConfig> createConfigPropertyList('serverconfig','mylistA')

createConfigPropertyListInMap

Online command that creates a property list nested in the property map.

Description

This command creates a property list, nested in the property map, in config.xml.

Syntax

createConfigPropertyListInMap(configName, mapName, listName)

Argument	Definition
`configName`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
`mapName`	Specifies an existing property map to contain the nested list.
`listName`	Specifies the property list name.

Example

The following command creates property list mylistA nested in a property map.

wls:/mydomain/serverConfig> createConfigPropertyListInMap('serverconfig','mymapA','mylistA')

createConfigPropertyMap

Online command that creates a property map.

Description

This command that creates a property map in config.xml.

Syntax

createConfigPropertyMap(configName, mapName)

Argument	Definition
`configName`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
`mapName`	Specifies the property map to create.

Example

The following command creates property map mymapA:

wls:/mydomain/serverConfig> createConfigPropertyMap('serverconfig','mymapA')

createConfigPropertyMapInMap

Online command that creates a property map.

Description

This command that creates a property map in config.xml.

Syntax

createConfigPropertyMapInMap(configName, mapName, nestedMapName)

Argument	Definition
`configName`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
`mapName`	Specifies the name of an existing property map.
`nestedMapName`	Specifies the name of the property map to create nested inside mapName.

Example

The following command creates nested property map nestedmymapA:

wls:/mydomain/serverConfig> createConfigPropertyMapInMap('serverconfig','mymapA','nestedmapA')

createFederationPropertyList

Online command that creates a property list.

Description

This command creates a property list in cot.xml.

Syntax

createFederationPropertyList(providerID, listName)

Argument	Definition
`providerID`	Specifies the provider ID.
`listName`	Specifies the name of the property list.

Example

The following command creates property list mylistA:

wls:/mydomain/serverConfig> createFederationPropertyList('providerA','mylistA')

createFederationPropertyListInMap

Online command that creates a property list nested in a property map.

Description

This command creates a property list, nested in a property map, in cot.xml.

Syntax

createFederationPropertyListInMap(providerID, mapName, listName)

Argument	Definition
`providerID`	Specifies the provider ID.
`mapName`	Specifies an existing property map to contain the nested list.
`listName`	Specifies the name of the property list.

Example

The following command creates nested property list mylistA:

wls:/mydomain/serverConfig> createFederationPropertyListInMap('providerA','mymapA','mylistA')

createFederationPropertyMap

Online command that creates a property map.

Description

This command that creates a property map in cot.xml.

Syntax

createFederationPropertyMap(providerID, mapName)

Argument	Definition
`providerID`	Specifies the provider ID.
`mapName`	Specifies the name of the property map to be added to cot.xml.

Example

The following command creates property map mymapA:

wls:/mydomain/serverConfig> createFederationPropertyMap('providerA','mymapA')

createFederationPropertyMapInMap

Online command that creates a nested property map.

Description

This command that creates a property map, nested in another property map, in cot.xml.

Syntax

createFederationPropertyMapInMap(providerID, mapName, nestedMapName)

Argument	Definition
`providerID`	Specifies the provider ID.
`mapName`	Specifies the name of an existing property map.
`nestedMapName`	Specifies the name of the property map to be nested inside mapName in cot.xml.

Example

The following command creates nested property map nestedmapA:

wls:/mydomain/serverConfig> createFederationPropertyMapInMap('providerA','mymapA','nestedmapA')

createPeerProviderEntry

Online command that creates a peer provider property map entry.

Description

This command creates a peer provider as a Map property entry to cot.xml.

Syntax

createPeerProviderEntry(providerID, description, providerType, version)

Argument	Definition
`providerID`	Specifies the provider ID to be created.
`description`	This is the description of the provider ID.
`providerType`	Specifies the provider type of the peer provider to be created.
`version`	Specifies the version of the peer provider to be created.

Example

The following command creates a SAML 2.0 service provider:

wls:/mydomain/serverConfig> createPeerProviderEntry('providerA','idp test','SP','SAML2.0')

getConfigListValueInMap

Online command that returns a list nested in a map.

Description

This command returns a list, nested in a map, from config.xml.

Syntax

getConfigListValueInMap(configName, mapName, listName)

Argument	Definition
`configName`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be accessed.
`mapName`	Specifies the name of the property map.
`listName`	Specifies the name of the list to be fetched from the map.

Example

The following command returns mylistA:

wls:/mydomain/serverConfig> getConfigListValueInMap('serverConfig','mymapA','mylistA')

getConfigMapEntryInMap

Online command that returns a map property entry nested in a map.

Description

This command returns a map property entry, nested in a map, from config.xml.

Syntax

getConfigMapEntryInMap(configName, mapname, nestedMapName, propName)

Argument	Definition
`configName`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be accessed.
`mapName`	Specifies the name of the property map.
`nestedMapName`	Specifies the name of the nested property map.
`propName`	Specifies the name of the property to be fetched from the nested map.

Example

The following command returns property entry myvarA:

wls:/mydomain/serverConfig> getConfigMapEntryInMap('serverconfig','mymap','nestedmapA','myvarA')

getConfigProperty

Online command that returns a property value.

Description

This command returns a property value from config.xml.

Syntax

getConfigProperty(configName, propName)

Argument	Definition
`configName`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be accessed.
`propName`	Specifies the name of the property to be fetched from the nested map.

Example

The following command returns property myvarA:

wls:/mydomain/serverConfig> getConfigProperty('serverconfig','myvarA')

getConfigPropertyList

Online command that returns a property list.

Description

This command returns a property list from config.xml.

Syntax

getConfigPropertyList(configName, listName)

Argument	Definition
`configName`	Specifies the configuration name.
`listName`	Specifies the name of the property list to be fetched from config.xml.

Example

The following command returns mylistA:

wls:/mydomain/serverConfig> getConfigPropertyList('serverconfig','mylistA')

getConfigPropertyMapEntry

Online command that returns a property value from a map.

Description

This command returns a property value from a map in config.xml.

Syntax

getConfigPropertyMapEntry(configName, mapName, propName)

Argument	Definition
`configName`	Specifies the configuration name (for example, idpsaml20, serverconfig, spsaml20,..).
`mapName`	Specifies the name of the property map.
`propName`	Specifies the name of the property to be fetched from the map in config.xml.

Example

The following command returns property propA:

wls:/mydomain/serverConfig> getConfigPropertyMapEntry('serverconfig','mapA', 'propA')

getFederationListValueInMap

Online command that returns a list value nested in a map.

Description

This command returns a list value nested in a map from cot.xml.

Syntax

getFederationListValueInMap(providerID, mapName, listName)

Argument	Definition
`providerID`	Specifies the name of the peer provider to be accessed.
`mapName`	Specifies the name of the property map.
`listName`	Specifies the name of the list to be fetched from the map.

Example

The following command returns nested list mylistA:

wls:/mydomain/serverConfig> getFederationListValueInMap('providerA','mymapA','mylistA')

getFederationMapEntryInMap

Online command that returns a map property entry nested in a map.

Description

This command returns a map property entry, nested in a map, from cot.xml.

Syntax

getFederationMapEntryInMap(providerID, mapname, nestedMapName, propName)

Argument	Definition
`providerID`	Specifies the name of the peer provider to be accessed.
`mapName`	Specifies the name of the property map.
`nestedMapName`	Specifies the name of the nested property map.
`propName`	Specifies the name of the property to be fetched from the nested map.

Example

The following command returns property entry myvarA:

wls:/mydomain/serverConfig> getFederationMapEntryInMap('providerA','mymap','nestedmapA','myvarA')

getFederationProperty

Online command that returns a property value.

Description

This command returns a property value from cot.xml.

Syntax

getFederationProperty(providerID, propName)

Argument	Definition
`providerID`	Specifies the name of the peer provider to be accessed.
`propName`	Specifies the name of the property to be fetched from cot.xml.

Example

The following command returns property myvarA:

wls:/mydomain/serverConfig> getFederationProperty('providerA','myvarA')

getFederationPropertyList

Online command that returns a property list.

Description

This command returns a property list from cot.xml.

Syntax

getFederationPropertyList(providerID, listName)

Argument	Definition
`providerID`	Specifies the name of the peer provider to be accessed.
`listName`	Specifies the name of the list to be fetched from the map.

Example

The following command returns list mylistA:

wls:/mydomain/serverConfig> getFederationPropertyList('providerA','mylistA')

getFederationPropertyMapEntry

Online command that returns a property value from a map.

Description

This command returns a property value from a map in cot.xml.

Syntax

getFederationPropertyMapEntry(providerID, mapName, propName)

Argument	Definition
`providerID`	Specifies the name of the peer provider to be accessed.
`mapName`	Specifies the name of the property map.
`propName`	Specifies the name of the property to be fetched from the nested map.

Example

The following command returns property propA from a map:

wls:/mydomain/serverConfig> getFederationPropertyMapEntry('providerA','mapA', 'propA')

listCustomAuthnEngines

Online command that returns a list of custom authentication integration engines.

Description

This command returns a list of custom authentication integration engines from config.xml.

Syntax

listCustomAuthnEngines()

Example

The following command returns the list of all SP engines:

wls:/mydomain/serverConfig> listCustomAuthnEngines()

listCustomSPEngines

Online command that returns a list of custom SP integration engines.

Description

This command returns a list of custom service provider (SP) integration engines from config.xml.

Syntax

listCustomSPEngines()

Example

The following command returns the list of all SP integration engines:

wls:/mydomain/serverConfig> listCustomSPEngines()

loadMetadata

Online command that loads metadata from an input file.

Description

This command loads metadata from an input file into cot.xml.

Syntax

loadMetadata(metadatafile,description)

Argument	Definition
`metadatafile`	Specifies the metadata file of the peer provider to be added or updated.
`description`	This is a brief description of the peer provider to be loaded.

Example

The following command loads metadata from the file metadatafile.xml:

wls:/mydomain/serverConfig> loadMetadata('/home/metadatafile.xml','some description')

oifStatus

Online command that reports the current status of the Oracle Identity Federation application in the managed server to which WLST is connected.

Description

This command displays the current status of Oracle Identity Federation on the managed server.

Syntax

loifStatus('serverurl', 'configfile', 'keyfile')

Argument	Definition
`serverurl`	Specifies the URL of the managed server.
`configfile`	This is a pre-defined user configuration file created with the WLST storeUserConfig command.
`keyfile`	This is a pre-defined key file created with the WLST storeUserConfig command

Example

The following command provides no arguments; WLST prompts you for the Oracle WebLogic Server username, password, and the managed server URL, then displays the federation server status:

wls:/mydomain/serverConfig> oifStatus()

The following command provides only the managed server URL; WLST prompts you for the Oracle WebLogic Server username and password:

wls:/mydomain/serverConfig> oifStatus('', '', 't3://localhost:7499')

The following command provides all arguments needed for WLST to display the federation server status:

wls:/mydomain/serverConfig> oifStatus('configfileA', 'keyfileB', 't3://localhost:7499')

removeConfigListInMap

Online command that removes a list property nested in a map.

Description

This command removes a list property nested in a map from config.xml.

Syntax

removeConfigListInMap(configName, mapName, listName)

Argument	Definition
`configName`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be accessed.
`mapName`	Specifies the name of the property map.
`listName`	Specifies the name of the list to be removed from the map.

Example

The following command removes the list property mylistA:

wls:/mydomain/serverConfig> removeConfigListInMap('serverConfig','mymapA','mylistA')

removeConfigMapEntryInMap

Online command that removes a map property nested in a map.

Description

This command removes a map property entry nested in a map from config.xml.

Syntax

removeConfigMapEntryInMap(configName, mapname, nestedMapName, propName)

Argument	Definition
`configName`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be accessed.
`mapName`	Specifies the name of the property map.
`nestedMapName`	Specifies the name of the nested property map.
`propName`	Specifies the name of the property to be removed from the nested map.

Example

The following command removes the nested property myvarA:

wls:/mydomain/serverConfig> removeConfigMapEntryInMap('serverconfig','mymap','nestedmapA','myvarA')

removeConfigMapInMap

Online command that removes a map property nested in a map.

Description

This command removes a map property entry nested in a map from config.xml.

Syntax

removeConfigMapEntryInMap(configName, mapName, nestedMapName, propName)

Argument	Definition
`configName`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
`mapName`	Specifies the name of the property map.
`nestedMapName`	Specifies the name of the nested property map.
`propName`	Specifies the name of the property to be removed from the nested map.

Example

The following command removes the nested property myvarA:

wls:/mydomain/serverConfig> removeConfigMapEntryInMap('serverconfig','mymap','nestedmapA','myvarA')

removeConfigProperty

Online command that removes a configuration property.

Description

This command removes a property from config.xml.

Syntax

removeConfigProperty(configName, propName)

Argument	Definition
`configName`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
`propName`	Specifies the name of the property to be removed.

Example

The following command removes the property myvarA:

wls:/mydomain/serverConfig> removeConfigProperty('serverconfig','myvarA')

removeConfigPropertyList

Online command that removes a configuration property list.

Description

This command removes a property list from config.xml.

Syntax

removeConfigPropertyList(configName, listName)

Argument	Definition
`configName`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
`listName`	Specifies the name of the property list to be removed.

Example

The following command removes the property list mylistA:

wls:/mydomain/serverConfig> removeConfigPropertyList('serverconfig','mylistA')

removeConfigPropertyMap

Online command that removes a property map.

Description

This command removes a property map in config.xml.

Syntax

removeConfigPropertyMap(configName, mapName)

Argument	Definition
`configName`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
`mapName`	Specifies the name of the property map to be removed.

Example

The following command removes mapA:

wls:/mydomain/serverConfig> removeConfigPropertyMap('serverconfig','mapA')

removeConfigPropertyMapEntry

Online command that removes a property value from a map.

Description

This command removes a property value from a map in config.xml.

Syntax

removeConfigPropertyMapEntry(configName, mapName, propName)

Argument	Definition
`configName`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
`mapName`	Specifies the name of the property map to be updated.
`propName`	Specifies the name of the property to be removed from the map.

Example

The following command removes property propA:

wls:/mydomain/serverConfig> removeConfigPropertyMapEntry('serverconfig','mapA', 'propA')

removeFederationListInMap

Online command that removes a property list in a map.

Description

This command removes a property list in a map, in cot.xml.

Syntax

removeFederationListInMap(providerID, mapName, listName)

Argument	Definition
`providerID`	Specifies the name of the peer provider to be accessed.
`mapName`	Specifies the name of the property map.
`listName`	Specifies the name of the property list to be removed.

Example

The following command removes mylistA in mymapA:

wls:/mydomain/serverConfig> removeFederationListInMap('providerA','mymapA','mylistA')

removeFederationMapInMap

Online command that removes a nested map in a map.

Description

This command removes a property map nested inside a map in cot.xml.

Syntax

removeFederationMapInMap(providerID, mapname, nestedMapName)

Argument	Definition
`providerID`	Specifies the name of the peer provider to be accessed.
`mapName`	Specifies the name of the property map containing the nested map.
`nestedMapName`	Specifies the name of the nested property map to be removed.

Example

The following command removes nestedmapA in mymap:

wls:/mydomain/serverConfig> removeFederationMapInMap('providerA','mymap','nestedmapA')

removeFederationMapEntryInMap

Online command that removes a nested map property entry in a map.

Description

This command removes a property name/value pair to a map nested inside a map in cot.xml.

Syntax

removeFederationMapEntryInMap(providerID, mapname, nestedMapName, propName)

Argument	Definition
`providerID`	Specifies the name of the peer provider to be accessed.
`mapName`	Specifies the name of the property map containing the nested map.
`nestedMapName`	Specifies the name of the nested property map.
`propName`	Specifies the name of the property to be removed from the nested map.

Example

The following command removes map property entry myvarA:

wls:/mydomain/serverConfig> removeFederationMapEntryInMap('providerA','mymap','nestedmapA','myvarA')

removeFederationProperty

Online command that removes a property value.

Description

This command removes a property entry in cot.xml.

Syntax

removeFederationProperty(providerID, propName)

Argument	Definition
`providerID`	Specifies the name of the peer provider to be updated.
`propName`	Specifies the name of the property to be removed.

Example

The following command removes the provider property myvarA:

wls:/mydomain/serverConfig> removeFederationProperty('providerA','myvarA')

removeFederationPropertyList

Online command that removes a property list entry.

Description

This command removes a property list entry in cot.xml.

Syntax

removeFederationPropertyList(providerID, listName)

Argument	Definition
`providerID`	Specifies the name of the peer provider to be accessed.
`listName`	Specifies the name of the property list to be removed.

Example

The following command removes mylistA:

wls:/mydomain/serverConfig> removeFederationPropertyList('providerA','mylistA')

removeFederationPropertyMap

Online command that removes a property map.

Description

This command removes a property map in cot.xml.

Syntax

removeFederationPropertyMap(providerID, mapName)

Argument	Definition
`providerID`	Specifies the name of the peer provider to be accessed.
`mapName`	Specifies the name of the property map to be removed.

Example

The following command removes a map:

wls:/mydomain/serverConfig> removeFederationPropertyMap('providerA','mapA')

removeFederationPropertyMapEntry

Online command that removes a property value from a map.

Description

This command removes a property value from a map in cot.xml.

Syntax

removeFederationPropertyMapEntry(providerID, mapName, propName)

Argument	Definition
`providerID`	Specifies the name of the peer provider to be accessed.
`mapName`	Specifies the name of the property map to be updated.
`propName`	Specifies the name of the property to be removed from the map.

Example

The following command removes property propA from a map:

wls:/mydomain/serverConfig> removeFederationPropertyMapEntry('providerA','mapA', 'propA')

removePeerProviderEntry

Online command that removes a peer provider entry.

Description

This command removes a peer provider entry from cot.xml.

Syntax

removePeerProviderEntry(providerID)

Argument	Definition
`providerID`	Specifies the name of the peer provider to be removed.

Example

The following command removes providerA:

wls:/mydomain/serverConfig> removePeerProviderEntry('providerA')

setConfigProperty

Online command that sets a property value in config.xml.

Description

This command adds or updates a property value in config.xml.

Syntax

setConfigProperty(configname, propName, value, type)

Argument	Definition
`configName`	Specifies the name of the configuration (for example, idpsaml20, serverconfig, spsaml20,..) to be updated.
`propName`	Specifies the name of the property to be added/updated in config.xml.
`value`	Specifies the property value.
`type`	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command sets the property myvarA and its value in the server configuration:

wls:/mydomain/serverConfig> setConfigProperty('serverconfig','myvarA','myvalA','string')

setCustomAuthnEngine

Online command that updates a custom authentication integration engine.

Description

This command updates a custom authentication integration engine in config.xml.

Syntax

setCustomAuthnEngine(engineID, name, [enabled], [webContext], [authnRelativePath], [logoutRelativePath], [logoutEnabled])

Argument	Definition
`engineID`	Specifies the engine ID of an existing engine.
`name`	Specifies the name of the custom engine.
`enabled`	This flag specifies whether the engine is enabled (true) or not (false).
`webContext`	Specifies the web context for the engine.
`authnRelativePath`	Specifies the authentication relative path URL for the engine.
`logoutRelativePath`	Specifies the logout relative path URL for the engine.
`logoutEnabled`	This flag is set true to enable logout for the engine, else false.

Example

The following command updates the configuration of custom authentication engine abcdef:

wls:/mydomain/serverConfig> setCustomAuthnEngine('abcdef',
'custom one','false','oracle:fed:authentication:unspecified','webcontext')

setCustomSPEngine

Online command that updates a custom SP integration engine.

Description

This command updates an existing custom SP integration engine in config.xml.

Syntax

setCustomSPEngine(engineID, name, [enabled, [authnMech], [webContext], [authnRelativePath], [logoutRelativePath], [logoutEnabled])

Argument	Definition
`engineID`	Specifies the engine ID of an existing custom engine.
`name`	Specifies the name of the custom engine.
`enabled`	This flag specifies whether the engine is enabled (true) or not (false).
`authnMech`	Specifies the authentication mechanism for the engine.
`webContext`	Specifies the web context for the engine.
`authnRelativePath`	Specifies the authentication relative path URL for the engine.
`logoutRelativePath`	Specifies the logout relative path URL for the engine.
`logoutEnabled`	This flag is set true to enable logout for the engine, else false.

Example

The following command sets the name and the enabled flag for the engine with ID engineID2:

wls:/mydomain/serverConfig> setCustomSPEngine('engineid2','test','true')

setFederationProperty

Online command that adds or updates a property value.

Description

This command adds a property entry or updates an existing entry in cot.xml.

Syntax

setFederationProperty(providerID, propName, value, type)

Argument	Definition
`providerID`	Specifies the name of the peer provider to be updated.
`propName`	Specifies the name of the property to be added/updated in cot.xml.
`value`	Specifies the property value.
`type`	Specifies the type of property, BOOLEAN or STRING or LONG.

Example

The following command creates the property myvarA and sets its value:

wls:/mydomain/serverConfig> setFederationProperty('providerA','myvarA','myvalA','string')

Directory Integration Platform Commands

Some of the Directory Integration Platform (DIP) tools use WLST internally, and therefore, there are no custom WLST commands available to run from the WLST command prompt or to use within scripts. For information on DIP tools, see "Directory Integration Platform Tools" in the Oracle Fusion Middleware User Reference for Oracle Identity Management.

Security Commands

Use the WLST security commands listed in Table 4-5 to operate on a domain policy or credentail store, and to migrate policies and credentials from a source repository to a target repository.

Table 4-5 WLST Security Commands

Use this command...	To...	Use with WLST...
createAppRole	Create a new application role.	Online
deleteAppRole	Remove an application role.	Online
grantAppRole	Add a principal to a role.	Online
revokeAppRole	Remove a principal from a role.	Online
listAppRoles	List all roles in an application.	Online
listAppRolesMembers	List all members in an application role.	Online
grantPermission	Create a new permission.	Online
revokePermission	Remove a permission.	Online
listPermissions	List all permissions granted to a principal.	Online
deleteAppPolicies	Remove all policies in an application.	Online
migrateSecurityStore	Migrate policies or credentials from a source repository to a target repository.	Offline
listCred	Obtain the list of attribute values of a credential.	Online
updateCred	Modify the attribute values of a credential.	Online
createCred	Create a new credential.	Online
deleteCred	Remove a credential.	Online
modifyBootStrapCredential	Update bootstrap credential store	Offline
reassociateSecurityStore	Reassociate policies and credentials to an LDAP repository	Online
upgradeSecurityStore	Upgrade security data from data used with release 10.1.x to data used with release 11.	Offline

createAppRole

Online command that creates a new application role.

Description

Creates a new application role in the domain policy store with a given application and role name. In the event of an error, the command returns a WLSTException.

Syntax

createAppRole(appStripe, appRoleName)

Argument	Definition
appStripe	Specifies an application stripe.
appRoleName	Specifies a role name.

Example

The following invocation creates a new application role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> createAppRole(appStripe="myApp", appRoleName="myRole")

deleteAppRole

Online command that removes an application role.

Description

Removes an application role in the domain policy store with a given application and role name. In the event of an error, the command returns a WLSTException.

Syntax

createAppRole(appStripe, appRoleName)

Argument	Definition
appStripe	Specifies an application stripe.
appRoleName	Specifies a role name.

Example

The following invocation removes the role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> createAppRole(appStripe="myApp", appRoleName="myRole")

grantAppRole

Online command that adds a principal to a role.

Description

Adds a principal (class or name) to a role with a given application stripe and name. In the event of an error, the command returns a WLSTException.

Syntax

grantAppRole(appStripe, appRoleName,principalClass, principalName)

Argument	Definition
appStripe	Specifies an appliation stripe.
appRoleName	Specifies a role name.
principalClass	Specifies the fully qualified name of a class.
principalName	Specifies the principal name.

Example

The following invocation adds a principal to the role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> grantAppRole(appStripe="myApp", appRoleName="myRole",principalClass="com.example.xyzPrincipal", principalName="myPrincipal")

revokeAppRole

Online command that removes a principal from a role.

Description

Removes a principal (class or name) from a role with a given application stripe and name. In the event of an error, the command returns a WLSTException.

Syntax

revokeAppRole(appStripe, appRoleName, principalClass, principalName)

Argument	Definition
appStripe	Specifies an application stripe.
appRoleName	Specifies a role name.
principalClass	Specifies the fully qualified name of a class.
principalName	Specifies the principal name.

Example

The following invocation removes a principal to the role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> revokeAppRole(appStripe="myApp", appRoleName="myRole",principalClass="com.example.xyzPrincipal", principalName="myPrincipal")

listAppRoles

Online command that lists all roles in an application.

Description

Lists all roles within a given application stripe. In the event of an error, the command returns a WLSTException.

Syntax

listAppRoles(appStripe)

Argument	Definition
appStripe	Specifies an application stripe.

Example

The following invocation returns all roles with application stripe myApp:

wls:/mydomain/serverConfig> listAppRoles(appStripe="myApp")

listAppRolesMembers

Online command that lists all members in a role.

Description

Lists all members in a role with a given application stripe and role name. In the event of an error, the command returns a WLSTException.

Syntax

listAppRoleMembers(appStripe, appRoleName)

Argument	Definition
appStripe	Specifies an application stripe.
appRoleName	Specifies a role name.

Example

The following invocation returns all members in the role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> listAppRoleMembers(appStripe="myApp", appRoleName="myRole")

grantPermission

Online command that creates a new permission.

Description

Creates a new permission for a given code base or URL. In the event of an error, the command returns a WLSTException.

Syntax

Optional arguments are enclosed in between square brackets.

grantPermission([appStripe,] [codeBaseURL,] [principalClass,] [principalName,]permClass, [permTarget,] [permActions])

Argument	Definition
appStripe	Specifies an application stripe. If not specified, the command works on system policies.
codeBaseURL	Specifies the URL of the code granted the permission.
principalClass	Specifies the fully qualified name of a class (grantee).
principalName	Specifies the name of the grantee principal.
permClass	Specifies the fully qualified name of the permission class.
permTarget	Specifies, when available, the name of the permission target. Some permissions may not include this attribute.
permActions	Specifies a comma-separted list of actions granted. Some permissions may not include this attribute and the actions available depend on the permission class.

Examples

The following invocation creates a new application permission (for the application with application stripe myApp) with the specified data:

wls:/mydomain/serverConfig> grantPermission(appStripe="myApp",  
principalClass="my.custom.Principal",  principalName="manager",
permClass="java.security.AllPermission")

The following invocation creates a new system permission with the specified data:

wls:/mydomain/serverConfig> grantPermission(principalClass="my.custom.Principal", principalName="manager",   
permClass="java.io.FilePermission", permTarget="/tmp/fileName.ext", 
permTarget="/tmp/fileName.ext", permActions="read,write")

revokePermission

Online command that removes a permission.

Description

Removes a permission for a given code base or URL. In the event of an error, the command returns a WLSTException.

Syntax

Optional arguments are enclosed in between square brackets.

revokePermission([appStripe,] [codeBaseURL,] [principalClass,] [principalName,]permClass, [permTarget,] [permActions])

Argument	Definition
appStripe	Specifies an application stripe. If not specified, the command works on system policies.
codeBaseURL	Specifies the URL of the code granted the permission.
principalClass	Specifies the fully qualified name of a class (grantee).
principalName	Specifies the name of the grantee principal.
permClass	Specifies the fully qualified name of the permission class.
permTarget	Specifies, when available, the name of the permission target. Some permissions may not include this attribute.
permActions	Specifies a comma-separted list of actions granted. Some permissions may not include this attribute and the actions available depend on the permission class.

Examples

The following invocation removes the application permission (for the application with application stripe myApp) with the specified data:

wls:/mydomain/serverConfig> revokePermission(appStripe="myApp",  
principalClass="my.custom.Principal", principalName="manager", 
permClass="java.security.AllPermission")

The following invocation removes the system permission with the specified data:

wls:/mydomain/serverConfig> revokePermission(principalClass="my.custom.Principal", principalName="manager",  permClass="java.io.FilePermission", permTarget="/tmp/fileName.ext", permActions="read,write")

listPermissions

Online command that lists all permissions granted to a given principal.

Description

Lists all permissions granted to a given principal. In the event of an error, the command returns a WLSTException.

Syntax

Optional arguments are enclosed in between square brackets.

listPermissions([appStripe,] principalClass, principalName)

Argument	Definition
appStripe	Specifies an application stripe. If not specified, the command works on system policies.
principalClass	Specifies the fully qualified name of a class (grantee).
principalName	Specifies the name of the grantee principal.

Examples

The following invocation lists all permissions granted to a principal by the policies of application myApp:

wls:/mydomain/serverConfig> listPermissions(appStripe="myApp", principalClass="my.custom.Principal",principalName="manager")

The following invocation lists all permissions granted to a principal by system policies:

wls:/mydomain/serverConfig> listPermissions(principalClass="my.custom.Principal", principalName="manager")

deleteAppPolicies

Online command that removes all policies with a given application stripe.

Description

Removes all policies with a given application stripe. In the event of an error, the command returns a WLSTException.

Syntax

deleteAppPolicies(appStripe)

Argument	Definition
appStripe	Specifies an application stripe. If not specified, the command works on system policies.

Example

The following invocation removes all policies of application myApp:

wls:/mydomain/serverConfig> deleteAppPolicies(appStripe="myApp")

migrateSecurityStore

Offline command that migrates identities, application-specific, system policies, a specific credential folder, or all credentials.

Description

Migrates identities, application-specific, or system policies from a source repository to a target repository. Migrates a specific credential folder or all credentials.

The kinds of the repositories where the source and target data is stored is transparent to the command, and any combination of file-based and LDAP-based repositories is allowed (LDAP-repositories must use an OVD or an OID LDAP server only). In the event of an error, the command returns a WLSTException.

Syntax

The command syntax varies depending on the scope (system or application-specific or both) of the policies being migrated.

Optional arguments are enclosed in square brackets.

To migrate identities, use the following syntax:

migrateSecurityStore(type="idStore", configFile, src, dst, [dstLdifFile])

To migrate all policies (system and application-specific, for all applications) use the following syntax

migrateSecurityStore(type="policyStore", configFile, src, dst,[overWrite,][preserveAppRoleGuid])

To migrate just system policies, use the following syntax:

migrateSecurityStore(type="globalPolicies", configFile, src, dst, [overWrite])

To migrate just application-specific policies, for one application, use the following syntax:

migrateSecurityStore(type="appPolicies", configFile,src, dst, srcApp, [dstApp,] [overWrite,] [migrateIdStoreMapping,][preserveAppRoleGuid])

To migrate all credentials, use the following syntax:

migrateSecurityStore(type="credStore", configFile, src, dst, [overWrite])

To migrate just one credential folder, use the following syntax:

migrateSecurityStore(type="folderCred", configFile,src, dst, [srcFolder,][dstFolde,] [srcConfigFile,] [overWrite])

Argument	Definition
type	Specifies the type of policies migrates. To migrate identities, set it to `idStore`. To migrate all policies (system and application-specific, for all applications), set to `policyStore`. To migrate just system policies, set to `globalPolicies`. To migrate just application-specific policies, set to `appPolicies`. To migrate all credentials, set to `credStore`. To migrate just one credential folder, set to `folderCred`.
configFile	Specifies the location of a configuration file `jps-config.xml` relative to the directory where the command is run. The configuration file passed need not be an actual domain configuration file, but it can be assembled just to specify the source and destination repositories of the migration.
src	Specifies the name of a jps-context in the configuration file passed to the argument `configFile`, where the source store is specified.
dst	Specifies the name of another jps-context in the configuration file passed to the argument `configFile`, where the destination store is specified.
srcApp	Specifies the name of the source application, that is, the application whose policies are being migrated.
dstApp	Specifies the name of the target application, that is, the application whose policies are being written. If unspecified, it defaults to the name of the source application.
srcFolder	Specifies the name of the folder from where credentials are migrated. This argument is optional. If unspecified, the credential store is assumed to have only one folder and the value of this argument defaults to the name of that folder.
dstFolder	Specifies the folder to where the source credentials are migrated. This argument is optional and, if unspecified, defaults to the folder passed to `srcFolder`.
srcConfigFile	Specifies the location of an alternate configuration file, and it is used in the special case in which credentials are not configured in the file passed to `configFile`. This argument is optional. If unspecified, it defaults to the value passed to `configFile`; if specified, the value passed to `configFile` is ignored.
overWrite	Specifies whether data in the target matching data being migrated should be overwritten by or merged with the source data. Optional and false by default. Set to true to overwrite matching data; set to false to merge matching data.
migrateIdStoreMapping	Specifies whether the migration of application policies should include or exclude the migration of enterprise policies. Optional and true by default. Set it to False to exclude enterprise policies from the migration of application policies.
dstLdifFile	Specifies the location where the LDIF file will be created. Required only if destination is an LDAP-based identity store. Notice that the LDIF file is not imported into the LDAP server; the importing of the file LDIF should be done manually, after the file has been edited to account for the appropriate attributes required in your LDAP server.
preserveAppRoleGuid	Specifies whether the migration of policies should preserve or recrate GUIDs. Optional and false, by default. Set to true to preserve GUIDs; set to false to recreated GUIDs.

Note the following requirements about the passed arguments:

The file jps-config.xml is found in the passed location.
The file jps-config.xml includes the passed jps-contexts.
The source and the destination context names are distinct. From these two contexts, the command determines the locations of the source and the target repositories involved in the migration.

Examples

The following invocation illustrates the migration of the file-based policies of application PolicyServlet1 to file-based policies of application PolicyServlet2:

wls:/mydomain/serverConfig> migrateSecurityStore(type="appPolicies",  
configFile="jps-congif.xml", src="default1", dst="context2",
srcApp="PolicyServlet1", dstApp="PolicyServlet2", overWrite="true")

The above invocation assumes that:

The file jps-config.xml is located in the directory where the command is run (current directory).
That file includes the following elements:

<serviceInstance name="policystore1.xml" provider="some.provider">
  <property name="location" value="jazn-data1.xml"/>
</serviceInstance>
<serviceInstance name="policystore2.xml" provider="some.provider">
  <property name="location" value="jazn-data2.xml"/>
</serviceInstance>
...
<jpsContext name="default1">
  <serviceInstanceRef ref="policystore1.xml"/>
  ...
</jpsContext>
<jpsContext name="context2">
  <serviceInstanceRef ref="policystore2.xml"/>
  ...
</jpsContext>

The file-based policies for the two applications involved in the migration are defined in the files jazn-data1.xml and jazn-data2.xml, which are not shown but assumed located in the current directory.

The following invocation illustrates the migration of file-based credentials from one location to another:

wls:/mydomain/serverConfig> migrateSecurityStore(type="credStore", configFile="jps-congif.xml", src="default1", dst="context2")

The above invocation assumes that:

The file jps-config.xml is located in the directory where the command is run (current directory).
That file includes the following elements:

<serviceInstance name="credstore1" provider="some.provider">
  <property name="location" value="./credstore1/cwallet.sso"/>
</serviceInstance>
<serviceInstance name="credstore2" provider="some.provider">
  <property name="location" value="./credstore2/cwallet.sso"/>
</serviceInstance>
...
<jpsContext name="default1">
  <serviceInstanceRef ref="credstore1"/>
  ...
</jpsContext>
<jpsContext name="context2">
  <serviceInstanceRef ref="credstore2"/>
  ...
</jpsContext>

listCred

Online command that returns the list of attribute values of a credential in the domain credential store.

Description

Returns the list of attribute values of a credential in the domain credential store with given map name and key name. This command lists the data encapsulated in credentials of type password only. In the event of an error, the command returns a WLSTException.

Syntax

listCred(map, key)

Argument	Definition
map	Specifies a map name (folder).
key	Specifies a key name.

Example

The following invocation returns all the information (such as user name, password, URL, port, and description) in the credential with map name myMap and key name myKey:

wls:/mydomain/serverConfig> listCred(map="myMap", key="myKey")

updateCred

Online command that modifies the type, user name, and password of a credential.

Description

Modifies the type, user name, password, URL, and port number of a credential in the domain credential store with given map name and key name. This command can update the data encapsulated in credentials of type password only. In the event of an error, the command returns a WLSTException. This command runs in interactive mode only.

Syntax

Optional arguments are enclosed in square brackets.

updateCred(map, key, user, password, [desc])

Argument	Definition
map	Specifies a map name (folder).
key	Specifies a key name.
user	Specifies the credential user name.
password	Specifies the credential password.
desc	Specifies a string describing the credential.

Examples

The following invocation updates a password credential with the specified data:

wls:/mydomain/serverConfig> updateCred(map="myMap", key="myKey", user="myUsr", password="myPassw", desc="updated passw cred to connect to app xyz")

createCred

Online command that creates a new credential in the domain credential store.

Description

Creates a new credential in the domain credential store with a given map name, key name, type, user name and password, URL and port number. In the event of an error, the command returns a WLSTException. This command runs in interactive mode only.

Syntax

Optional arguments are enclosed in square brackets.

createCred(map, key, user, password, [desc])

Argument	Definition
map	Specifies a map name (folder).
key	Specifies a key name.
user	Specifies the credential user name.
password	Specifies the credential password.
desc	Specifies a string describing the credential.

Examples

The following invocation creates a new password credential with the specified data:

wls:/mydomain/serverConfig> createCred(map="myMap, key="myKey", user="myUsr", password="myPassw", desc="updated usr name and passw to connect to app xyz")

deleteCred

Online command that removes a credential in the domain credential store.

Description

Removes a credential with given map name and key name from the domain credential store. In the event of an error, the command returns a WLSTException.

Syntax

deleteCred(map,key)

Argument	Definition
map	Specifies a map name (folder).
key	Specifies a key name.

Examples

The following invocation removes the credential with map name myMap and key name myKey:

wls:/mydomain/serverConfig> deleteCred(map="myApp",key="myKey")

modifyBootStrapCredential

Offline command that updates a bootstrap credential store.

Description

Updates a bootstrap credential store with given user name and password. In the event of an error, the command returns a WLSTException.

Typically used in the following scenario: suppose that the domain policy and credential stores are LDAP-based, and the credentials to access the LDAP store (stored in the LDAP server) are changed. Then this command can be used to seed those changes into the bootstrap credential store.

Syntax

modifyBootStrapCredential(jpsConfigFile, username, password)

Argument	Definition
jpsConfigFile	Specifies the location of the file `jps-config.xml` relative to the location where the command is run.
username	Specifies the distinguished name of the user in the LDAP store.
password	Specifies the password of the user.

Examples

Suppose that in the LDAP store, the password of the user with distinguished name cn=orcladmin has been changed to welcome1, and that the configuration file jps-config.xml is located in the current directory.Then the following invocation changes the password in the bootstrap credential store to welcome1:

wls:/mydomain/serverConfig> modifyBootStrapCredential(jpsConfigFile='./jps-config.xml', username='cn=orcladmin', password='welcome1')

Any output regarding the audit service can be disregarded.

reassociateSecurityStore

Online command that migrates the policy and credential stores to an LDAP repository.

Description

Migrates, within a give domain, both the policy store and the credential store to a target LDAP server repository. The only kinds of LDAP servers allowed are OID or OVD. This command also allows setting up a policy store shared by different domains (see optional argument join below). In the event of an error, the command returns a WLSTException. This command runs in interactive mode only.

Syntax

reassociateSecurityStore(domain, admin, password, ldapurl, servertype, jpsroot [, join])

Argument	Definition
domain	Specifies the domain name where the reassociating takes place.
admin	Specifies the administrator's user name on the LDAP server. The format is `cn=usrName`.
password	Specifies the password associated with the user specified for the argument `admin`.
ldapurl	Specifies the URI of the LDAP server. The format is `ldap//:host:port`, if you are using a default port, or `ldaps://host:port`, if you are using a secure LDAP port. The secure port must be configured specially for this function and it is distinct from the default (non-secure) port.
servertype	Specifies the kind of the target LDAP server. The only valid types are OID or OVD.
jpsroot	Specifies the root node in the target LDAP repository under which all data is migrated. The format is `cn=nodeName`.
join	Specifies whether the domain is to share a policy store specified in another domain. Optional. Set to true to share an existing policy store in another domain; set to false otherwise. The use of this argument allows multiple WebLogic domains to point to the same logical policy store.

Examples

The following invocation reassociates the domain policies and credentials to an LDAP Oracle Internet Directory server:

wls:/mydomain/serverConfig> reassociateSecurityStore(domain="myDomain", admin="cn=adminName", password="myPass", 
ldapurl="ldap://myhost.example.com:3060", servertype="OID", jpsroot="cn=testNode")

Suppose that you want some other domain (distinct from myDomain, say otherDomain) to share the policy store in myDomain. Then you would invoke the command as follows:

wls:/mydomain/serverConfig> reassociateSecurityStore(domain="otherDomain", admin="cn=adminName", password="myPass", 
ldapurl="ldap://myhost.example.com:3060", servertype="OID", jpsroot="cn=testNode", join="true")

upgradeSecurityStore

Offline command that migrates release 10.1.x security data to release 11 security data.

Description

Migrates identity, policy, and credential data used in release 10.1.x to security data that can be used with release 11. The migration of each kind of data is performed with separate invocations of this command. In the event of an error, the command returns a WLSTException.

Syntax

The syntax varies according to the type of data being updated.

To upgrade 10.1.x XML identity data to 11 XML identity data, use the following syntax:

updateSecurityStore(type="xmlIdStore", jpsConfigFile, srcJaznDataFile, srcRealm, dst)

To upgrade a 10.1.x XML policy data to 11 XML policy data, use the following syntax:

updateSecurityStore(type="xmlPolicyStore", jpsConfigFile, srcJaznDataFile, dst)

To upgrade a 10.1.x OID LDAP-based policy data to 11 XML policy data, use the following syntax:

updateSecurityStore(type="oidPolicyStore", jpsConfigFile, srcJaznDataFile, dst)

To upgrade a 10.1.x XML credential data to 11 XML credential data, use the following syntax:

updateSecurityStore(type="xmlCredStore", jpsConfigFile, srcJaznDataFile, users,  dst)

Argument	Definition
type	Specifies the kind of security data being upgraded. The only valid values are xmlIdStore, xmlPolicyStore, oidPolicyStore, and xmlCredStore.
jpsConfigFile	Specifies the location of a configuration file `jps-config.xml` relative to the directory where the command is run. The target store of the upgrading is read from the context specified with the argument `dst`.
srcJaznDataFile	Specifies the location of a 10.1.x jazn data file relative to the directory where the command is run. This argument is required if the specificied `type` is xmlIdStore, xmlPolicyStore, or xmlCredStore.
srcJaznConfigFile	Specifies the location of a 10.1.x jazn configuration file relative to the directory where the command is run. This argument is required if the specified `type` is oidPolicyStore.
srcRealm	Specifies the name of the realm from which identities need be migrated. This argument is required if the specified `type` is xmlIdStore.
users	Specifies a comma-separated list of users each formated as realmName/userName. This argument is required if the specified `type` is xmlCredStore.
dst	Specifies the name of the jpsContext in the file passed to the argument jpsConfigFile where the destinarion store is configured. Optional. If unspecified, it defaults to the default context in the file passed in the argument jpsConfigFile.

Examples

The following invocation migrates 10.1.3 file-based identities to an 11 file-based identity store:

wls:/mydomain/serverConfig> upgradeSecurityStore(type="xmlIdStore", jpsConfigFile="jps-config.xml", srcJaznDataFile="jazn-data.xml", 
srcRealm="jazn.com")

The following invocation migrates a 10.1.3 OID-based policy store to an 11 file-based policy store:

wls:/mydomain/serverConfig> upgradeSecurityStore(type="oidPolicyStore", jpsConfigFile="jps-config.xml", srcJaznDataFile="jazn-data.xml", dst="destinationContext)

Oracle Access Manager Commands

Use the WLST commands listed in Table 4-6 to manage Oracle Access Manager (OAM)-related components, such as authorization providers, identity asserters, and SSO providers.

Table 4-6 WLST OAM Commands

Use this command...	To...	Use with WLST...
listOAMAuthnProviderParams	List the parameters set for an OAM authentication or identity assertion provider.	Online
createOAMIdentityAsserter	Create a new identity asserter.	Online
updateOAMIdentityAsserter	Update an existing identity asserter.	Online
createOAMAuthenticator	Create a new authenticator.	Online
deleteOAMAuthnProvider	Delete an existing authentication provider.	Online
updateOAMAuthenticator	Update an existing authenticator.	Online
addOAMSSOProvider	Add a new SSO provider.	Online

listOAMAuthnProviderParams

Online command that lists the values of the parameters in effect in a domain OAM authenticator or identity asserter.

Description

Lists the values of the parameters set for a given OAM authenticator or identity asserter. In the event of an error, the command returns a WLSTException.

Syntax

listOAMAuthnProviderParams(name)

Argument	Definition
name	Specifies the name of the authenticator or identity asserter.

Example

The following invocation lists the parameters and values set for the asserter named myIdAsseter:

wls:/mydomain/serverConfig> listOAMAuthnProviderParams(name="myIdAsserter")

createOAMIdentityAsserter

Online command that creates an OAM identity asserter in the current domain.

Description

Creates an identity asserter with a given name in the current domain. Before executing this command, make sure that no OAM identity asserter is already configured in the current domain. In the event of an error, the command returns a WLSTException.

Syntax

createOAMIdentityAsserter(name)

Argument	Definition
name	Specifies the name of the new identity asserter. If no name is specified, it defaults to "OAMIdentityAsserter".

Example

The following invocation creates a new identity asserter named OAMIdentityAsserter:

wls:/mydomain/serverConfig> createOAMIdentityAsserter()

updateOAMIdentityAsserter

Online command that updates the values of parameters of the OAM identity asserter in the current domain.

Description

Updates the value of given parameters of the domain OAM identity asserter. In the event of an error, the command returns a WLSTException.

Syntax

updateOAMIdentityAsserter(name, paramNameValueList)

Argument Definition

name

Specifies the name of the OAM identity asserter whose parameter values to update.

paramNameValueList

Specficies the comma-separated list of pairs of parameter name-value to be updated. The format of each pair is

paramName='paramValue'

The parameter names that can be updated are the following only:

accessGateName - the name of the AccessGate used by the authenticator.
accessGatePwd - the password to the AccessGate used by the authenticator.
pAccessServer - the name of the primary access server. Values must have the format hostName:portNumber.
sAccessServer - the name of the secondary access server. Values must have the formar hostName:portNumber.
transportSecurity - the mode of communication between AccessGate and OAM Access Server.
keystorePwd - the password to access the domain key store.
keystorePath - the absolute path of the JKS key store used for SSL communication between the authenticator and OAM Access Server.
simpleModePassphrase - the password shared by AccessGate and OAM Access Server in simple communication mode.
truststorePath - the absolute path of the JKS trust store used for SSL communication between the authenticator and OAM Access Server.
poolMaxConnections - the maximum number of connections in the OAM Server connection pool.
poolMinConnections - the minimum number of connections in the OAM Server connection pool.
ssoHeaderName - the SSO header name.
controlFlag - the JAAS control flag that sets up dependencies among all authenticators in the domain. Values can be only REQUIRED, SUFFICIENT, REQUISITE, or OPTIONAL.
appDomain - the name of the application domain.

Example

The following invocation updates the parameters accessGateName, accessGatePwd, pAccessServer, and ssoHeaderName in the OAM identity asserter named myIdAsserter:

wls:/mydomain/serverConfig> updateOAMIdentityAsserter(name="myIdAsserter", 
accessGateName='OAM IAP AccessGate', accessGatePwd='welcome1', 
pAccessServer='myhost.domain.com:5543', ssoHeaderName='OAM_SSO_HEADER')

createOAMAuthenticator

Online command that creates an OAM authenticator in the current domain.

Description

Creates an OAM authenticator with a given name in the current domain. Before executin this command, make sure that no OAM authenticator is already configured in the default security domain. In the event of an error, the command returns a WLSTException.

Syntax

createOAMAuthenticator(name)

Argument	Definition
name	Specifies the name of the new authentication provider in the default domain. If no name is specified, it defaults to "OAMAuthenticator".

Example

The following invocation creates a new authentication provider named OAMAuthenticator:

wls:/mydomain/serverConfig> createOAMAuthenticator()

deleteOAMAuthnProvider

Online command that deletes the OAM authenticator from the current domain.

Description

Deletes the OAM authenticator with a given name from the current doamin. In the event of an error, the command returns a WLSTException.

Syntax

deleteOAMAuthnProvider(name)

Argument	Definition
name	Specifies the name of the authentication provider to delete.

Example

The following invocation deletes the authenticator myAuthenticator:

wls:/mydomain/serverConfig> deleteOAMAuthnProvider(name="myAuthenticator")

updateOAMAuthenticator

Online command that updates the values of parameters of the OAM authenticator in the current domain.

Description

Updates the value of given parameters of the domain OAM authenticator. In the event of an error, the command returns a WLSTException.

Syntax

updateOAMAuthenticator(name, paramNameValueList)

Argument Definition

name

Specifies the name of the OAM authenticator whose parameter values to update.

paramNameValueList

Specficies the comma-separated list of pairs of parameter name-value to be updated. The format of each pair is

paramName='paramValue'

The parameter names that can be updated are the following only:

accessGateName - the name of the AccessGate used by the authenticator.
accessGatePwd - the password to the AccessGate used by the authenticator.
pAccessServer - the name of the primary access server. Values must have the format hostName:portNumber.
sAccessServer - the name of the secondary access server. Values must have the formar hostName:portNumber.
transportSecurity - the mode of communication between AccessGate and OAM Access Server.
keystorePwd - the password to access the domain key store.
keystorePath - the absolute path of the JKS key store used for SSL communication between the authenticator and OAM Access Server.
simpleModePassphrase - the password shared by AccessGate and OAM Access Server in simple communication mode.
truststorePath - the absolute path of the JKS trust store used for SSL communication between the authenticator and OAM Access Server.
poolMaxConnections - the maximum number of connections in the OAM Server connection pool.
poolMinConnections - the minimum number of connections in the OAM Server connection pool.
useRetNameAsPrincipal - specifies whether the user name retrieved from the OAM authentictor should be used as the name of the Principal in the Subject.
controlFlag - the JAAS control flag that sets up dependencies among all authenticators in the domain. Values can be only REQUIRED, SUFFICIENT, REQUISITE, or OPTIONAL.
appDomain - the name of the application domain.

Example

The following invocation updates the parameters accessGateName, accessGatePwd, and pAccessServer in the OAM authenticator named myAuthenticator:

wls:/mydomain/serverConfig> updateOAMAuthenticator(name="myAuthenticator", accessGateName='OAM AP AccessGate', accessGatePwd='welcome1', pAccessServer='myhost.domain.com:5543')

addOAMSSOProvider

Online command that adds an OAM SSO provider.

Description

Adds an SSO provider with given login URI, logout URI, and auto-login URI. This command modifies the domain jps-config.xml by adding an OAM SSO service instance with the required properties. In the event of an error, the command returns a WLSTException.

Syntax

addOAMSSOProvider(loginuri, logouturi, autologinuri)

Argument Definition

loginuri

Specifies the URI of the login page. Required.

logouturi

Specifies the URI of the logout page. Optional. If unspecified, defaults to logouturi=NONE.

Set to "" to ensure that ADF security calls the OPSS logout service, which uses the implementation of the class OAMSSOServiceImpl to clear the cookie ObSSOCookie.

More generally, an ADF-secured web application that would like to clear cookies without loging out the user should use this setting.

autologinuri Specifies the URI of the autologin page. Optional. If unspecified, it defaults to autologin=NONE.

Example

The following invocation adds an SSO provider with the passed URIs; note the special behavior implied by the setting logouturi="", as explained in the table above:

wls:/mydomain/serverConfig> addOAMSSOProvider(loginuri="/${app.context}/adfAuthentication", logouturi="", 
autologin="/fooBar.cgi")