The following subcommands execute operations for configuring and managing Federation-related data.
Add a member to a circle of trust.
ssoadm add-cot-member --options [--global-options]
The circle of trust.
The entity ID.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm that contains the circle of trust.
Specifies the metadata specification, either idff or saml2. The default is saml2.
Create a circle of trust.
ssoadm create-cot --options [--global-options]
The circle of trust.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm that contains the circle of trust.
The trusted providers.
The prefix URL for the idp discovery reader and the writer URL.
Create a new metadata template.
ssoadm create-metadata-templ --options [--global-options]
The entity ID.
The administrator ID running the command.
The filename that contains the password of the administrator.
Specifies the filename for the standard metadata to be created.
Specifies the filename for the extended metadata to be created.
Specifies the metaAlias for the hosted service provider to be created. The format must be <realm name>/.
Specifies the metaAlias for the hosted identity provider to be created. The format must be <realm name>/.
Specifies the metaAlias for the hosted attribute query provider to be created. The format must be <realm name>/.
Specifies the metaAlias for the hosted attribute authority to be created. The format must be <realm name>/.
Specifies the metaAlias for the hosted authentication authority to be created. The format must be <realm name>/.
Specifies the metaAlias for the policy enforcement point to be created. The format must be <realm name>/.
Specifies the metaAlias for the policy decision point to be created. The format must be <realm name>/.
Specifies the metaAlias for the hosted affiliation to be created. The format must be <realm name>/<identifier.
The affiliation owner ID.
The affiliation members.
The service provider signing certificate alias.
The identity provider signing certificate alias.
The attribute query provider signing certificate alias.
The attribute authority signing certificate alias.
The authentication authority signing certificate alias.
The affiliation signing certificate alias.
The policy decision point signing certificate alias.
The policy enforcement point signing certificate alias.
The service provider encryption certificate alias.
The identity provider encryption certificate alias.
The attribute query provider encryption certificate alias.
The attribute authority encryption certificate alias.
The authentication authority encryption certificate alias.
The affiliation encryption certificate alias.
The policy decision point encryption certificate alias.
The policy enforcement point encryption certificate alias.
Specifies the metadata specification, either idff or saml2. The default issaml2.
Delete the circle of trust.
ssoadm delete-cot --options [--global-options]
The circle of trust.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm that contains the circle of trust.
Delete an entity.
ssoadm delete-entity --options [--global-options]
The entity ID.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm that contains the circle of trust.
Set this flag to only delete extended data.
Specifies the metadata specification, either idff or saml2. The default is saml2.
Perform bulk federation.
ssoadm do-bulk-federation --options [--global-options]
Specify a metaAlias for the local provider.
The remote entity ID.
The filename that contains the local to remote user ID mapping. Format as follows: <local-user-id>|<remote-user-id>.
The filename that will be created by this sub command. It contains remote the user ID to name the identifier.
The administrator ID running the command.
The filename that contains the password of the administrator.
Specifies the metadata specification, either idff or saml2. The default is saml2.
Export an entity.
ssoadm export-entity --options [--global-options]
The entity ID.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm to which the entity belongs.
Set this flag to sign the metadata.
The metadata.
The extended data.
Specifies the metadata specification, either idff or saml2. The default is saml2.
Import the bulk federation data that is generated by the do-bulk-federation sub command.
ssoadm import-bulk-fed-data --options [--global-options]
Specifies the metaAlias for the local provider.
The filename that contains the bulk federation data that is generated by the do-bulk-federation sub command.
The administrator ID running the command.
The filename that contains the password of the administrator.
Specifies the metadata specification, either idff or saml2. The default issaml2.
Import an entity.
ssoadm import-entity --options [--global-options]
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm to which the entity belongs.
Specifies the filename for the standard metadata to be imported.
Specifies the filename for the extended entity configuration to be imported.
The circle of trust.
Specifies the metadata specification, either idff or saml2. The default issaml2.
List the members in a circle of trust.
ssoadm list-cot-members --options [--global-options]
The circle of trust.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm to which the circle of trust belongs.
Specifies the metadata specification, either idff or saml2. The default issaml2.
List the circles of trust.
ssoadm list-cots --options [--global-options]
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm to which the circle of trust belongs.
List the entities under a realm.
ssoadm list-entities --options [--global-options]
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm to which the entities belong.
Specifies the metadata specification, either idff or saml2. The default issaml2.
Remove a member from a circle of trust.
ssoadm remove-cot-member --options [--global-options]
The circle of trust.
The entity ID.
The administrator ID running the command.
The filename that contains the password of the administrator.
The name of the realm to which the circle of trust belongs.
Specifies the metadata specification, either idff or saml2. The default issaml2.
Update the XML signing and encryption key information in the hosted entity metadata.
ssoadm update-entity-keyinfo --options [--global-options]
The entity ID.
The administrator ID running the command.
The filename that contains the password of the administrator.
The service provider signing certificate alias.
The identity provider signing certificate alias.
The service provider encryption certificate alias.
The identity provider encryption certificate alias.
Specifies the metadata specification, either idff or saml2. The default issaml2.