Description

1.5.3 Description

wsadmin uses specific commands to monitor and administrate active GWWS processes in the specified Tuxedo domain. The TUXCONFIG environment variable is used to determine the location where the Tuxedo configuration file is loaded. wsadmin is used in the same manner as tmadmin(1) or dmadmin(1).

wsadmin accepts below optional parameter:

-v

Causes wsadmin to display the SALT version number, SALT Patch Level and license information. wsadmin exits after print out.

wsadmin Commands

Commands may be entered using either their full name or their abbreviation (as given in parentheses), followed by any appropriate arguments. Arguments appearing in brackets [ ], are optional; arguments in braces, {}, indicate a selection from mutually exclusive options.

Note:

Command line options that are not in brackets do not need to appear in the command line if the corresponding default has been set via the default command.

wsadmin supports the following commands:

reload (reload) -i gwws_instance_id

Reload configuration for the specified GWWS gateway instance. The configuration file may have previously been modified using wsloadcf, this command is used to make the changes active.

configstats(cstat) -i gwws_instance_id

Displays the current configuration status for the specified GWWS process. The -i parameter must be specified.

default(d) [-i gwws_instance_id]

Sets the corresponding argument to the default GWWS Instance ID. The defaults can be changed by specifying * as an argument. If the default command is entered without arguments, the current defaults are printed.

echo(e) [{off | on}]

Repeats input command lines when set to on. If no option is given, the current setting is toggled, and the new setting is printed. The initial setting is off.

forgettrans (ft) -i gateway_instance_id [-c Coord_context]

Forgets one or all heuristic log records for the named GWWS instance. If the transaction identifier tran_id or coord_context coordination context is specified, only the heuristic log record for that transaction is forgotten. The coordination context (coord_context) can be obtained from the printtrans command or from the ULOG file.

help (h) [command]

Prints help messages. If command is specified, the abbreviation, arguments, and description for that command are printed.

Omitting all arguments causes the syntax of all commands to be displayed.

gwstats(gws) -i gwws_instance_id [-s serviceName]

Displays global level run time statistics information for the specified GWWS processes including fail, success, pending number for both inbound and outbound call, average processing time, active thread number, etc. If -s serviceName specified, the service-level information is displayed.

-i is mandatory. -s is optional.

paginate(page) [{off | on}]

Paginates output. If no option is given, the current setting is toggled, and the new setting is printed. The initial setting is on, unless either standard input or standard output is a non-tty device. Pagination may be turned on only when both standard input and standard output are tty devices.

The default paging command is indigenous to the native operating system environment. In a UNIX operating system environment, for example, the default paging command is pg. The shell environment variable PAGER may be used to override the default command used for paging output.

printtrans (pt) -i gateway_instance_id

Prints transaction information for the named GWWS instance. The output for each transaction record contains the following colon-delimited string fields:

process ID:GWWS instance id:service name:local
               GTRID:remote coordination context ID:record
               type:timestamp

quit (q)

Terminates the session.

saml create [-p password]

"saml create" is used to create a key file with the name "saml_key_meta" in the current working directory.

-p password

"saml create" command will use this as password to protect the key file. This tool will prompt user to enter password if this option is not given as part of command line argument.

The password option must be given whether to create the key file or in other operation to update the key file. The "password" is an administrative password for this key file. All the operations targeted at a key file must given the same password when the key file was first created.

Example(s):

Here is an example to create a key metadata file protected by password "password".

saml create -p password

saml add {-g -s shared_secret |-i -n issuer_name [ -l issuer_local_id]{[-c] [-s shared_secret]}} [-p password]

"saml add" can be used to add an entry to an existing GWWS key file. The key file must have the name "saml_key_meta" in the current working directory. Either one of the "-g" and "-i" option must be given.

-g: Add an entry for GWWS to the key file. If the GWWS record already exists then this operation will fail. When "-g" option is given then "-n", "-l" and "-c" options are not allowed, if anyone of them is given the operation will fail.

-i: Add an entry for trusted SAML issuer. When this option is specified then "-n" option for SAML issuer name must also be specified.

-n: The trusted SAML issuer name as it appears in the "issuer" subelement or attribute of a SAML assertion.

-l: The local reference id of the trusted issuer. It is a short-hand name for easier reference.

-s: The shared secret. It is the symmetric key used by issuer to sign the assertion.

-c: This indicate that the public key certificate for trusted SAML issuer is installed. If this is not specified in the command line then GWWS will not be able to use public key to verify the signature if such signing is done if binary security token is not attached to the SOAP message.

-p: The password for accessing the key file. This is not optional and must be the same password given when this key file is created. This tool will prompt user to enter password if it is not given as part of command line argument.; Example(s):; Here is an example to add a GWWS record to a key file that is protected by password "password".; saml add -g -s mysecret -p password; The following is an example to add a trusted issuer record to a key file that is protected by password "password". The trusted issuer is configured with both public key certificate and a shared secret.

tSaml add -i -n saml.abc.com -l abc -s accessabc -c -p password

If the add operation target is trusted issuer and "-l" option is not given then the operation will use issuer name as local reference name by default. Also in this case either "-c" or "-s" must be given; if both are given then both information will be stored in the key file as part of trusted issuer record.

Both "-n" and "-l" option must be unique in the key file this means that no other trusted issuer has the same issuer name or local reference name. If a record with the same issuer name or same local reference exists then the operation will fail.

saml modify {-g -s shared_secret |-i {[-n issuer_name ][ -l issuer_local_id]}{[-c][-s shared_secret]} [-p password]

"saml modify" can be used to modify an entry to an existing GWWS key file; the entry can be either GWWS entry or trusted issuer entry. The key file must have the name "saml_key_meta" in the current working directory. Either one of the "-g" and "-i" option must be given.

-g: Modify the GWWS entry in the key file. If the GWWS record does not exists then this operation will fail. When "-g" option is given then "-n", "-l" and "-c" options are not allowed, if anyone of them if given the operation will fail.

-i: Modify the trusted SAML issuer entry in the key file. When this option is specified then either "-n" or "-l" option for the issuer name must also be specified. If both "-n" and "-l" options are specified and there is no record matches both search criteria then the operation will fail.

-n: The trusted SAML issuer name as it appears in the "issuer" subelement or attribute of a SAML assertion.

-l: The local reference id of the trusted issuer. It is a short-hand name for easier reference.

-s: The shared secret. It is the symmetric key used by issuer to sign the assertion.

-c: This indicate that the public key certificate for trusted SAML issuer is installed. If this is not specified in the command line then GWWS will not be able to use public key to verify the signature if such signing is done if the binary security token is not attached to the SOAP message.

-p: The password for accessing the key file. This is not optional and must be the same password given when this key file is created. This tool will prompt user to enter the password if this option is not given as part of command line argument.

Example(s):

Here is an example to add a shared secret to the GWWS record in the key file that is protected by password "password".

saml modify -g -s mysecret -p password

The following is an example to add or modify a shared secret to a trusted issuer record in the key file that is protected by password "password".

saml modify -i -l abc -s accessabc -p password

The following is an example to remove a shared secret from a trusted issuer in the key file that is protected by password "password".

saml modify -i -l abc -s -p password

If the modify operation target is trusted issuer then only one of the "-n" and "-l" options is needed because both issuer name and local reference must be unique in the key file. If both "-n" and "-l" options are given then the record must match both; if no record matches both criteria then the operation will fail. If issuer is the target, i.e. "-i" option is given, and "-c" is not given then it will remove the certificate information from the record. If issuer is the target and "-c" is given then it will add the certificate information if it is not in the record originally.

If the "-s" option is given and the existing record already contains shared secret then the new shared secret will replace the old one. The "-s" option must be given with shared secret value specified. When the "-s" option is given with shared secret and the existing record does not have shared secret, then shared secret will be added to the record.

saml delete {-g|-i {-n issuer_name | -l issuer_local_id}} [-p password]

"saml delete" is used to delete an entry from an existing GWWS key file. The key file must have the name "saml_key_meta" in the current working directory. The entry can be either the GWWS entry or trusted issuer entry. Either "-g" or "-i" option must be given.

-g: Delete a GWWS entry from the key file. If the GWWS record does not exists then no operation will be performed. When this option is given then "-n" and "-l" options are not allowed.

-i: Delete a trusted SAML issuer entry from key file. When this option is specified then either "-n" or "-l" option for SAML issuer name must also be specified.

-n: The trusted SAML issuer name as it appears in the "issuer" subelement or attribute of a SAML assertion.

-l: The local reference id of the trusted issuer. It is a short-hand name for easier reference.

-p: The password for accessing the key file. This is not optional and must be the same password given when this key file is created. This tool will prompt user to enter password if this option is not part of command line argument.

Example(s):

Here is an example to delete a GWWS record from a key file that is protected by password "password".

saml delete -g -p password

The following is an example to delete a trusted issuer record from a key file that is protected by password "password".

Saml add -i -l abc -p password

verbose (v) [{off | on}]: Produces output in verbose mode. If no option is given, the current setting is toggled, and the new setting is printed. The initial setting is off.

!shellcommand: Escapes to the shell and executes shell command.

! !: Repeats previous shell command.

#[text]: Specifies comments. Lines beginning with # are ignored.

<CR>: Repeats the last command.

Parent topic: wsadmin