test

Sun OpenSSO Enterprise 8.0 Administration Guide

Managing Circles of Trust Using ssoadm

The ssoadm command line interface creates and manages the circles of trust used by the Federation services. The following table describes the ssoadm subcommands specific to circle of trust management.

Table 7–2 ssoadm Subcommands for Managing Circles of Trust

Subcommand 

Description 

create-cot

Creates a circle of trust. 

delete-cot

Removes a circle of trust. 

Note –

To delete a circle of trust that contains providers, use remove-cot-members to remove each provider first, then use delete-cot to delete the circle itself.

add-cot-member

Adds a trusted provider to an existing circle of trust. 

Note –

add-cot-member can only add a single entity at a time. Add multiple entities when you first create the circle by using create-cot and the ---trustedproviders option.

remove-cot-member

Removes a trusted provider from an existing circle of trust. 

list-cot-members

Lists the member providers in a particular circle of trust. 

list-cots

Lists all the circles of trust configured on the system. 

The following command example will create a circle of trust:


ssoadm create-cot --cot COT-name --adminid 
admin-user --password-file password-filename 
[--realm realm-name] [--trustedproviders 
trusted-providers] [--prefix idp-discovery-URL-prefix]

This second command example will add a trusted provider to an existing circle of trust:


ssoadm add-cot-member --cot COT-name --enitityid 
entitiy_ID --adminid admin-user --password-file 
password [--realm realm-name] 
[--spec saml2-or-idff]

This next command example will remove a trusted provider from an existing circle of trust:


ssoadm remove-cot-member --cot COT-name --enitityid 
entitiy_ID --adminid admin-user --password-file 
password [--realm realm-name] 
[--spec saml2-or-idff]

This command example will list all the providers belonging to an existing circle of trust:


ssoadm list-cot-members --cot COT-name --adminid admin-user 
--password-file password [--realm realm-name]
 [--spec saml2-or-idff]

This command example will list all the available circles of trust:


ssoadm list-cots  --adminid admin-user --password-file password 
[--realm realm-name]