2 Access Manager WLST Commands

Use these custom WebLogic Scripting Tool (WLST) commands to manage Oracle Access Management Access Manager related components such as authorization providers, identity asserters, and SSO providers. These commands allow you to display metrics and deployment topology, manage your server and agent configurations and logger settings.

The Access Manager Commandssection lists the Oracle Access Management Access Manager WLST commands and their details.

2.1 Access Manager Commands

Table 2-1 WLST Access Manager Commands

Use this command... To... Use with WLST...

displayAuthZCallBackKey

Generate and retrieve the key used to hash a resource URL in an authorization policy.

Online

updateCustomPages

Enables and disables custom error and login pages.

Online

Offline

createUserIdentityStore

Create a user identity store registration.

Online

Offline

editUserIdentityStore

Edit a user identity store registration.

Online

Offline

deleteUserIdentityStore

Delete a user identity store registration.

Online

Offline

displayUserIdentityStore

Display a user identity store registration.

Online

createOAMServer

Create an entry for an Access Manager Server configuration.

Online

Offline

editOAMServer

Edit the entry for an Access Manager Server configuration.

Online

Offline

deleteOAMServer

Delete the named Access Manager Server configuration.

Online

Offline

displayOAMServer

Display Access Manager Server configuration details.

Online

Offline

configurePersistentLogin

Enable or disable the Persistent Login feature.

Online

configOAMLoginPagePref

Configure the Access Manager login page user preferences.

Online

configRequestCacheType

Configure the SSO server request cache type.

Online

displayRequestCacheType

Display the SSO server request cache type entry.

Online

Offline

editOssoAgent

Edit OSSO Agent configuration details.

Online

Offline

deleteOssoAgent

Delete the named OSSO Agent configuration.

Online

Offline

displayOssoAgent

Display OSSO Agent configuration details.

Online

Offline

editWebgateAgent

Edit 10g WebGate Agent registration details.

Online

Offline

deleteWebgateAgent

Delete the named 10g WebGate Agent configuration.

Online

Offline

displayWebgateAgent

Display WebGate Agent configuration details.

Online

Offline

exportPolicy

Export Access Manager policy data from a test (source) to an intermediate Access Manager file.

Online

importPolicy

Import Access Manager policy data from the Access Manager file specified.

Online

importPolicyDelta

Import Access Manager policy changes from the Access Manager file specified.

Online

migratePartnersToProd

Migrate partners from the source Access Manager Server to the specified target Access Manager Server.

Online

exportPartners

Export the Access Manager partners from the source to the intermediate Access Manager file specified.

Online

importPartners

Import the Access Manager partners from the intermediate Access Manager file specified.

Online

displayTopology

List the details of deployed Access Manager Servers.

Online

Offline

configureOAAMPartner

Configure the Access Manager-Oracle Adaptive Access Manager basic integration.

Online

registerOIFDAPPartner

Register Identity Federation as Delegated Authentication Protocol (DAP) Partner.

Online

Offline

registerOIFDAPPartnerIDPMode

Registers Identity Federation in IDP mode.

registerThirdPartyTAPPartner

Registers any third party as a Trusted Authentication Protocol (TAP) Partner.

Online

disableCoexistMode

Disable the Coexist Mode.

Online

enableOamAgentCoexist

Enables Coexist Mode for the Access Manager agent (enabling the Access Manager 11g server to own the Obssocookie set by 10g WebGate).

Online

disableOamAgentCoexist

Disables Coexist Mode for the Access Manager agent (disabling the Access Manager 11g server from the Obssocookie set by 10g WebGate).

Online

editGITOValues

Edit GITO configuration parameters.

Online

editWebgate11gAgent

Edit an 11g WebGate registration.

Online

Offline

deleteWebgate11gAgent

Remove an 11g WebGate Agent registration.

Online

Offline

displayWebgate11gAgent

Display an 11g WebGate Agent registration.

Online

Offline

displayOAMMetrics

Display metrics of Access Manager Servers.

Online

Offline

updateOIMHostPort (deprecated)

Update the Oracle Identity Manager configuration when integrated with Access Manager.

Online

configureOIM (deprecated)

Creates an Agent registration specific to Oracle Identity Manager when integrated with Access Manager.

Online

updateOSSOResponseCookieConfig

Updates OSSO Proxy response cookie settings.

Online

deleteOSSOResponseCookieConfig

Deletes OSSO Proxy response cookie settings.

Online

configureAndCreateIdentityStore

Configures an identity store and external user store.

Online

configAndCreateIdStoreUsingPropFile

Configures an identity store and external user store using values defined in a file.

Online

manageAuditEvents Disables the audit of events of a specific type.

Online

Offline

migrateArtifacts (deprecated)

Migrates artifacts based on the specified artifact file.

Online

displaySimpleModeGlobalPassphrase

Displays the simple mode global passphrase in plain text from the system configuration.

Online

exportSelectedPartners

Exports selected Access Manager Partners to the intermediate Access Manager file specified.

Online

oamMigrate

Migrates policies, authentication stores, and user stores from OSSO, OAM10g, OpenSSO, or AM 7.1 to OAM11g.

Online

preSchemeUpgrade

Invokes the preSchemeUpgrade operation.

Online

postSchemeUpgrade

Invokes the postSchemeUpgrade operation.

Online

oamSetWhiteListMode

Set to true and the Access Manager Server will redirect to the URLS specified in the WhiteListURL list only.

Online

oamWhiteListURLConfig

Add, update or remove whitelist URL entries from configuration file.

Online

enableMultiDataCentreMode

Enable Multi Data Centre Mode.

Online

disableMultiDataCentreMode

Disable Multi Data Centre Mode.

Online

setMultiDataCentreClusterName

Set the Multi Data Centre Cluster name.

Online

setMultiDataCentreLogoutURLs

Set the Multi Data Centre logout URLs.

Online

addPartnerForMultiDataCentre

Add partner for Multi Data Centre.

Online

removePartnerForMultiDataCentre

Remove partner from Multi Data Centre.

Online

addOAMSSOProvider

Adds an OAM SSO provider.

Online

2.1.1 displayAuthZCallBackKey

The displayAuthZCallBackKey command is an online command that allows generation and retrieval of the key used to hash the resource URL that is returned during authorization when a success or failure URL is configured for the policy.

Description

Allows retrieval of the key used to hash the resource URL during authorization if already present. If the key is not present it is created and returned. The scope of this command is an instance only; the scope is not an argument.

Syntax

displayAuthZCallBackKey()

Note:

There are no arguments for this command.

Example

The following example displays the hash key.

displayAuthZCallBackKey()

2.1.2 updateCustomPages

The updateCustomPages command is an online and offline command that enables and disables custom error and login page configuration.

Description

Adds a context path and page extension to oam-config.xml that points to the WAR containing the custom Error and login pages:

<Setting Name="ssoengine" Type="htf:map">
<Setting Name="ErrorConfig" Type="htf:map">
<Setting Name="ErrorMode" Type="xsd:string">EXTERNAL</Setting>
<Setting Name="CustomPageExtension" Type="xsd:string">jsp</Setting>
<Setting Name="CustomPageContext" Type="xsd:string">/SampleApp</Setting>
</Setting>
</Setting>

Syntax

updateCustomPages(pageExtension="<fileExtension>", context="<contextPath>")
Argument Definition
context

Specifies the context path to the application; for example, /SampleApp.

pageExtension

Has a default value of "jsp" but can be left blank.

Example

To enable the Custom Error page functionality, use updateCustomPages with the context and pageExtension parameters. This will modify the oam-config.xml file and enable the custom page functionality.

updateCustomPages(pageExtension ="jsp", context="/SampleApp") 

To disable the Custom Error page functionality, use the command without parameters [updateCustomPages()]. This will undo the modifications made when the command is run with parameters.

2.1.3 createUserIdentityStore

The createUserIdentityStore command is an online and offline command that creates an identity store registration in the Access Manager system configuration.

Description

Creates an entry in the system configuration for a new user identity store registered with Access Manager. The scope of this command is an instance only; the scope is not an argument.

Syntax

createUserIdentityStore(name="<Name>", principal="<Principal>", 
credential="<Credential>", type="<Type>", userAttr="<userAttr>", 
ldapProvider="<ldapProvider>", userSearchBase="<userSearchBase>", 
ldapUrl="<ldapUrl>", isPrimary="<isPrimary>", isSystem="<isSystem>", 
userIDProvider="<userIDProvider>", roleSecAdmin="<roleSecAdmin>", 
roleSysMonitor="<roleSysMonitor>", roleAppAdmin="<roleAppAdmin>", 
roleSysManager="<roleSysManager>", roleSecAdminGroups="<roleSecAdminGroups>", 
roleSecAdminUsers="<roleSecAdminUsers>", groupSearchBase="<groupSearchBase>", 
supplementaryReturnAttributes="<supplementaryReturnAttributes>", 
domainHome="<domainHome>")
Argument Definition
name

Mandatory. Specifies the unique name of the LDAP identity store being created. Use only upper and lower case alpha characters and numbers.

principal

Mandatory. Specifies the Principal Administrator of the LDAP identity store being created. For example, cn=Admin.

credential

Mandatory. Specifies the password of the Principal for the LDAP identity store being created.

type

Mandatory. Specifies the type of the LDAP identity store being created. For this command, the value would be LDAP.

userAttr

Mandatory. Specifies the user attributes of the LDAP identity store being created.

ldapProvider

Mandatory. Specifies the type of the LDAP identity store being created. The value might be ODSEE, AD, OID, OVD, SJS, OUD, and the like. This value is defined when a new user identity store is created using the Access Manager Administration Console and corresponds with Store Type in the user identity store.

userSearchBase

Mandatory. Specifies the node under which user data is stored in the LDAP identity store being created. For example, cn=users.

groupSearchBase

Mandatory. Specifies the node under which group data is stored in the LDAP identity store being created. For example, cn=groups.

ldapUrl

Mandatory. Specifies the URL of the server host (including port number) of the LDAP identity store being created. For example, ldap://localhost:7001.

isPrimary

Optional. Specifies whether the LDAP identity store being created is the primary identity store. Takes true or false as a value.

isSystem

Optional. Specifies whether the LDAP identity store being created is the system store. Takes true or false as a value.

userIDProvider

Optional. Specifies the underlying infrastructure with which to connect to the identity store. Only supported type is OracleUserRoleAPI.

roleSecAdminGroups

Optional. Specifies one or more comma-delimited groups with Access Manager Console Administrator privileges. Needed if it is a System Store in which the IsSystem property is set to true.

roleSecAdminUsers

Optional. Specifies one or more comma-delimited users with Access Manager Console Administrator privileges. Needed if it is a System Store in which the IsSystem property is set to true.

roleSecAdmin

Optional. Specifies the Security Administrator of the LDAP identity store being created.

roleSysMonitor

Optional. Specifies the System Monitor of the LDAP identity store being created.

roleAppAdmin

Optional. Specifies the Application Administrator of the LDAP identity store being created.

roleSysManager

Optional. Specifies the System Manager of the LDAP identity store being created.

supplementaryReturnAttributes

Specifies a comma-delimited list of attributes that need to be retrieved as part of the User object. For example: ORCL_USR_ENC_FIRST_NAME,ORCL_USR_ENC_LAST_NAME,USR_USRNAME,ORCL_USR_CTY_CODE,ORCL_USR_LANG_CODE_S,ORCL_USR_JROLE_ID_S,ORCL_USR_IND_ID,ORCL_USR_COMP_REL_ID,ORCL_USR_ASCII_IND,ORCL_ORA_UCM_VER,ORCL_ORA_UCM_SRVC

domainHome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere.

Example

The following example registers a new Oracle Internet Directory user identity store definition for use with Access Manager.

createUserIdentityStore(name="Name1", principal="Principal1", 
credential="Credential1", type="Type1", userAttr="userAttr1", 
ldapProvider="ldapProvider", userSearchBase="userSearchBase", ldapUrl="ldapUrl", 
isPrimary="isPrimary", isSystem="isSystem", userIDProvider="userIDProvider", 
roleSecAdmin="<roleSecAdmin>", roleSysMonitor="<roleSysMonitor>",  
roleAppAdmin="<roleAppAdmin>", roleSysManager="<roleSysManager>", 
roleSecAdminGroups="<roleSecAdminGroups>", 
roleSecAdminUsers="<roleSecAdminUsers>", groupSearchBase="groupSearchBase", 
supplementaryReturnAttributes="supplementaryReturnAttributes", 
domainHome="domainHome1")

2.1.4 editUserIdentityStore

The editUserIdentityStore command is an online and offline command that modifies an existing identity store registration for Access Manager.

Description

Changes one or more attributes of the user identity store registered with Access Manager. The scope of this command is an instance only; the scope is not an argument.

Syntax

editUserIdentityStore(name="<Name>", [ principal="<Principal>", 
credential="<Credential>", type="<Type>", userAttr="<userAttr>", 
ldapProvider="<ldapProvider>", roleSecAdmin="<roleSecAdmin>", 
roleSysMonitor="<roleSysMonitor>", roleSysManager="<roleSysManager>" , 
roleAppAdmin="<roleAppAdmin>", roleSecAdminGroups="<roleSecAdminGroups>", 
roleSecAdminUsers="<roleSecAdminUsers>", userSearchBase="<userSearchBase>", 
ldapUrl="<ldapUrl>", isPrimary="<isPrimary>", isSystem="<isSystem>", 
userIDProvider="<userIDProvider>" , groupSearchBase="<groupSearchBase>", 
domainHome="<domainHome>", userFilterObjectClasses="<userFilterObjectClasses>",  
groupFilterObjectClasses="<groupFilterObjectClasses>", 
referralPolicy="<referralPolicy>", searchTimeLimit="<searchTimeLimit>",  
minConnections="<minConnections>", maxConnections="<maxConnections>", 
connectionWaitTimeout="<connectionWaitTimeout>",  
connectionRetryCount="<connectionRetryCount>", groupNameAttr="<groupNameAttr>", 
groupCacheEnabled="<groupCacheEnabled>", groupCacheSize="<groupCacheSize>", 
groupCacheTTL=<"groupCacheTTL>", 
supplementaryReturnAttributes="<supplementaryReturnAttributes>" ) 
Argument Definition
name

Mandatory. Specifies the unique name of the LDAP identity store being modified. Use only upper and lower case alpha characters and numbers.

principal

Specifies the Principal Administrator of the LDAP identity store being modified. For example, cn=Admin.

credential

Specifies the encrypted Password of the Principal Administrator for the LDAP identity store being modified.

type

Specifies the type of the base identity store being modified. For this command, the value would be LDAP.

userAttr

Mandatory. Specifies the user attributes of the LDAP identity store being modified.

ldapProvider

Mandatory. Specifies the LDAP type of the LDAP identity store being registered. The value might be ODSEE, AD, OID, OVD, SJS, OUD, and the like. This value is defined when a new user identity store is created using the Access Manager Administration Console and corresponds with Store Type in the user identity store.

roleSecAdminGroups

Optional. Specifies one or more comma-delimited groups with Access Manager Console Administrator privileges. Needed if it is a System Store in which the IsSystem property is set to true.

roleSecAdminUsers

Optional. Specifies one or more comma-delimited users with Access Manager Console Administrator privileges. Needed if it is a System Store in which the IsSystem property is set to true.

roleSecAdmin

Optional. Specifies the Security Administrator of the LDAP identity store being modified.

roleSysMonitor

Optional. Specifies the System Monitor of the LDAP identity store being modified.

roleAppAdmin

Optional. Specifies the Application Administrator of the LDAP identity store being modified.

roleSysManager

Optional. Specifies the System Manager of the LDAP identity store being modified.

userSearchBase

Mandatory. Specifies the node under which user data is stored in the LDAP identity store being modified. For example, cn=users.

groupSearchBase

Mandatory. Specifies the node under which user data is stored in the LDAP identity store being modified. For example, cn=groups.

ldapUrl

Mandatory. Specifies the URL of the server host (including port number) of the LDAP identity store being modified. For example, ldap://localhost:7001.

isPrimary

Optional. Specifies whether the LDAP identity store being modified is the primary identity store. Takes true or false as a value.

isSystem

Optional. Specifies whether the LDAP identity store being modified is the system store. Takes true or false as a value.

userIDProvider

Optional. Specifies the underlying infrastructure with which to connect to the identity store. Only supported type is OracleUserRoleAPI.

supplementaryReturnAttributes

Specifies a comma-delimited list of attributes that need to be retrieved as part of the User object. For example: ORCL_USR_ENC_FIRST_NAME,ORCL_USR_ENC_LAST_NAME,USR_USRNAME,ORCL_USR_CTY_CODE,ORCL_USR_LANG_CODE_S,ORCL_USR_JROLE_ID_S,ORCL_USR_IND_ID,ORCL_USR_COMP_REL_ID,ORCL_USR_ASCII_IND,ORCL_ORA_UCM_VER,ORCL_ORA_UCM_SRVC

domainHome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

userFilterObjectClasses

Mandatory. Specifies a list of user filter object classes (separated by semicolon).

groupFilterObjectClasses 

Specifies a list of group filter object classes (separated by semicolon).

referralPolicy 

Specifies an LDAP referral policy (either "follow", "ignore" or "throw").

searchTimeLimit 

Specifies the time limit in seconds for an LDAP Search operation.

minConnections 

Specifies the minimum number of connections in the connection pool.

maxConnections 

Specifies the maximum number of connections in the connection pool.

connectionWaitTimeout

Specifies the number of seconds to wait for obtaining a connection from the pool.

connectionRetryCount

Specifies the number of attempts to retry when establishing a connection to the identity store.

groupNameAttr

Specifies the name of the attribute to lookup the user groups. For example, ou=people,ou=myrealm,dc=base_domain.

groupCacheEnabled

A boolean that specifies whether to enable the LDAP group cache. Takes true or false as a value.

groupCacheSize

Specifies the number of entries in the LDAP group cache.

groupCacheTTL

Specifies the total time to live for each entry in the LDAP group cache.

Example

The following example changes the search base values for the registered identity store.

editUserIdentityStore(name="IdStore1", userSearchBase="cn=users", groupSearchBase="cn=groups")

2.1.5 displayUserIdentityStore

The displayUserIdentityStore command is an online command that displays user identity store registration information.

Description

Displays the information regarding the identity store registered with Access Manager. The scope of this command is an instance only; the scope is not an argument.

Syntax

displayUserIdentityStore(name="<name>", domainHome="<domainHome>") 
Argument Definition
name

Mandatory. Specifies the name of the LDAP identity store registration to be displayed.

domainhome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere.

Example

The following example invocation for WebSphere displays registration details of the user identity store. To use this command in online mode with WebLogic, there is no need to specify the domainHome argument.

displayUserIdentityStore(name="ID_Store1", domainHome="domainHome1")

2.1.6 createOAMServer

THe createOAMServer command is an online and offline command that creates an Access Manager Server entry in the system configuration.

Description

Creates an Access Manager Server registration. The details include the host, port, registration name, Access Manager Proxy port, server ID and, optionally, the OAM Proxy shared secret. The scope of this command is an instance only; the scope is not an argument.

Syntax

createOAMServer(configurationProfile="<configurationProfile>", host="<host>",port="<port>", oamProxyPort="<0000>", oamProxyServerID="<oamProxyServerID>",siteName="<siteName>", domainHome="<domainHome>")
Argument Definition
configurationProfile

Mandatory. Specifies the Configuration Profile of the OAM Server. The profile appears under Server Instances on the System Configuration tab in the Access Manager Administration Console.

host

Mandatory. Specifies the name of the Access Manager Server host.

port

Mandatory. Specifies the listening port of the Access Manager Server host.

oamProxyPort

Mandatory. Specifies the proxy port of the Access Manager Server host.

oamProxyServerID

Mandatory. Specifies the proxy server ID of the Access Manager Server host. The Access Manager Proxy name appears under the Access Manager Proxy sub tab of the server instance in the Access Manager Administration Console.

siteName

Mandatory. Specifies the siteName/serverName for the instance.

domainHome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example creates a configuration for my_host with listening port 15000. The configuration entry in the Access Manager Administration Console will be oam_server1. The Access Manager Proxy port is 3004 and the Access Manager Proxy Server ID is oamProxyServerID1.

createOAMServer(configurationProfile="oam_server1", host="my_host",
port="15000", oamProxyPort="3004", oamProxyServerID="oamProxyServerID1",
siteName="siteName1", domainHome="domainHome1")

2.1.7 editOAMServer

The editOAMServer command is an online and offline command that enables you to modify the details of an Access Manager Server registration.

Description

Modifies the specified parameter values of the registration for an Access Manager Server. The details may include the host, port, registration name, Access Manager Proxy port, server ID and, optionally, the Access Manager Proxy shared secret. The scope of this command is an instance only; the scope is not an argument.

Syntax

editOAMServer(configurationProfile="<configurationProfile>", host="<host>",port="<port>", oamProxyPort="<0000>", oamProxyServerID="<oamProxyServerID>",siteName="<siteName>", domainHome="<domainHome>")
Argument Definition
configurationProfile

Mandatory. Specifies the Configuration Profile of the Access Manager Server. The profile appears under Server Instances on the System Configuration tab in the Access Manager Administration Console.

host

Mandatory. Specifies the name of the Access Manager Server host.

port

Mandatory. Specifies the listening port of the Access Manager Server host.

oamProxyPort

Mandatory. Specifies the proxy port of the Access Manager Server host.

oamProxyServerID

Mandatory. Specifies the proxy server ID of the Access Manager Server host. The Access Manager Proxy name appears under the Access Manager Proxy sub tab of the server instance in the Access Manager Administration Console.

siteName

Mandatory. Specifies the siteName/serverName for the instance.

domainHome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

You can use any of the optional attributes to change current settings. The following invocation enables you to add the Access Manager Proxy Sever ID to the configuration entry oam_server1.

editOAMServer(configurationProfile="oam_server1", host="my_host",
port="15000", oamProxyPort="3004", oamProxyServerID="oamProxyServerID1",
siteName="siteName1", domainHome="domainHome1")

2.1.8 deleteOAMServer

The deleteOAMServer command is an online and offline command that enables you to delete the specified Access Manager Server registration.

Description

Deletes the specified Access Manager Server configuration. The scope of this command is an instance only; the scope is not an argument.

Syntax

deleteOAMServer(host="<host>", port="<port>", domainHome="<domainHome>")
Argument Definition
host

Mandatory. Specifies the name of the Access Manager Server host.

port

Mandatory. Specifies the listening port of the Access Manager Server host.

domainHome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example enables you to delete the oam_server1 Access Manager Server registration with listening port 15000.

deleteOAMServer(host="oam_server1", port="15000", domainHome="domainHome1")

2.1.9 deleteUserIdentityStore

The deleteUserIdentityStore command is an online and offline command that deletes an existing identity store registration for Access Manager.

Description

Deletes the identity store registration. The scope of this command is an instance only; the scope is not an argument.

Syntax

deleteUserIdentityStore(name="<name>", domainHome="<domainHome>") 
Argument Definition
name

Mandatory. Specifies the name of the LDAP identity store registration to be removed.

domainHome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example can be used on WebSphere and deletes the registration of the named identity store. To use this command in online mode with WebLogic Server, the domainHome argument need not be specified.

deleteUserIdentityStore(name="identity_store", domainHome="domainHome1")

2.1.10 displayOAMServer

The displayOAMServer command is an online and offline command that displays registration details for the specified Access Manager Server.

Description

Displays the registration details of the specified Access Manager Server, including the host, port, registration name, Access Manager Proxy port, server ID and, optionally, the Access Manager Proxy shared secret. The scope of this command is an instance only; the scope is not an argument.

Syntax

displayOAMServer(host="<host>", port="<port>", domainHome="<domainHome>")
Argument Definition
host

Mandatory. Specifies the name of the Access Manager Server host.

port

Mandatory. Specifies the listening port of the Access Manager Server host.

domainHome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example will list all metrics specific to the my_host Access Manager Server.

displayOAMServer(host="my_host", port="15000", domainHome="domainHome1")

2.1.11 configurePersistentLogin

The configurePersistentLogin command is an online command used to enable or disable the Persistent Login feature.

Description

Enables the Persistent Login feature.

Syntax

configurePersistentLogin(enable="true/false", 
 validityInDays="<#>", maxAuthnLevel="<#>", userAttribute="<userAttr>") 
Argument Definition
enable

Mandatory. Specify true or false.

validityInDays

Mandatory. Specifies the number of days that the user login will be persisted for a particular browser instance or device.

maxAuthnLevel

Mandatory. Specifies the maximum Authentication Level allowed after re-authenticating automatically through Persistent Login.

userAttr

Mandatory. Specifies the user attribute with which Persistent Login properties will be stored.

Example

The following example changes the search base values for the registered identity store.

configurePersistentLogin(enable="true", validityInDays="30", maxAuthnLevel="2"
 userAttribute="obPSFTID")

2.1.12 configOAMLoginPagePref

The configOAMLoginPagePref command is an online command that configures the Access Manager login page user preferences.

Description

Configures the Access Manager login page user preferences.

Syntax

configOAMLoginPagePref(persistentCookie="true", persistentCookieLifetime=14, 
langPrefCookieDomain="oracle.com", langPrefOrder="serverOverrideLangPref, 
oamPrefsCookie, browserAcceptLanguage, defaultLanguage", 
serverOverrideLanguage="en", defaultLanguage="en", 
applicationSupportedLocales="en,fr")
Argument Definition
persistentCookie

Mandatory. Boolean that defines whether the OAM_LANG_PREF cookie is persistent or non-persistent. Set to true or false.

persistentCookieLifetime

Mandatory. Lifetime of the OAM_LANG_PREF cookie if persistent.

langPrefCookieDomain

Mandatory. Defines the domain of the OAM_LANG_PREF cookie.

langPrefOrder

Mandatory. Decides the order of language precedence. Must be formatted as in the syntax and example. The allowed value set is (serverOverrideLangPref,oamPrefsCookie,browserAcceptLanguage,defaultLanguage).

"oamPrefsCookie, browserAcceptLanguage, serverOverrideLangPref"

serverOverrideLanguage

The server side language of Access Manager. Must be defined in language codes and selected from OAM supported languages. Default value is en.

defaultLanguage

The default language.

applicationSupportedLocales

Supported languages defined in a comma-delimited list. Setting applicationSupportedLocales="en,fr" insures the OAM Login page will display a list of values containing French and English. The supported language codes are documented in Table 2-2 below.

Table 2-2 Language Codes For Login Pages

Language Code Language Administrators

ar

Arabic

cs

Czech

da

Danish

de

German

German

el

Greek

en

English

English

es

Spanish

Spanish

fi

Finnish

fr

French

French

fr-CA

Canadian French

Canadian French

he

Hebrew

hr

Croatian

hu

Hungarian

it

Italian

Italian

ja

Japanese

Japanese

ko

Korean

Korean

nl

Dutch

no

Norwegian

pl

Polish

pt-BR

Brazilian Portuguese

Brazilian Portuguese

pt

Portuguese

ro

Romanian

ru

Russian

sk

Slovak

sv

Swedish

th

Thai

tr

Turkish

zh-CN

Simplified Chinese

Simplified Chinese

zh-TW

Traditional Chinese

Traditional Chinese

Example

configOAMLoginPagePref(persistentCookie="true", persistentCookieLifetime=14, 
langPrefCookieDomain="oracle.com", langPrefOrder="serverOverrideLangPref, 
oamPrefsCookie, browserAcceptLanguage, defaultLanguage", 
serverOverrideLanguage="en", defaultLanguage="en", 
applicationSupportedLocales="en,fr")

This next example allows an administrator to revert back to the default behavior in which no language list of values is displayed.

configOAMLoginPagePref(persistentCookie="true", 
persistentCookieLifetime=14,langPrefCookieDomain="example.com", 
langPrefOrder="serverOverrideLangPref,oamPrefsCookie,browserAcceptLanguage,
defaultLanguage",serverOverrideLanguage="", 
defaultLanguage="en",applicationSupportedLocales="") 

2.1.13 configRequestCacheType

The configRequestCacheType command is an online and offline command that defines the SSO server request cache type in the system configuration.

Description

Defines the SSO server request cache type in the system configuration. The scope of this command is an instance only; the scope is not an argument.

Syntax

configRequestCacheType(type="<requestCacheType>", domainHome="<domainHome>") 
Argument Definition
type

Mandatory. Specifies the request cache type. Takes a value of BASIC or COOKIE.

domainHome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example identifies the request cache type as Cookie:

configRequestCacheType(type="COOKIE") 

2.1.14 displayRequestCacheType

The displayRequestCacheType command is an online and offline command that displays the SSO server request cache type defined for the specified domain. The request cache type may be BASIC or COOKIE.

Description

Displays the SSO server request cache type entry defined for the specified domain. The scope of this command is an instance only; the scope is not an argument.

Syntax

displayRequestCacheType(domainHome="<domainHome>")
Argument Definition
domainHome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example will display the request cache type (BASIC or COOKIE) defined for the specified domain home.

displayRequestCacheType(domainHome="domainHome1") 

2.1.15 editOssoAgent

The editOssoAgent command is an online and offline command that enables you to modify the details of an OpenSSO (OSSO) Agent registration in the system configuration.

Description

Modifies OSSO Agent registration details including the Site Token, Success URL, Failure URL, Home URL, Logout URL, Start Date, End Date, Administrator ID, and Administrator Info. The scope of this command is an instance only; the scope is not an argument.

Syntax

editOssoAgent(agentName="AgentName", partnerId = "<partnerId>", 
siteToken = "<siteToken>", siteName = "<siteName>", successUrl ="<successUrl>", 
failureUrl = "<failureUrl>", homeUrl="<homeUrl>", logoutUrl="<logoutUrl>", startDate = "<startDate>", endDate = "<endDate>", adminId = "<adminId>", 
adminInfo = "<AdminInfo>", domainHome="<domainHomeName>") 
Argument Definition
agentName

Mandatory. Specifies the name of the OSSO Agent entry to be modified.

adminId=admin Id of OSSO agent <optional>

adminInfo=admin Information of OSSO agent <optional>

partnerId

Optional. Specifies the Agent Name of the OSSO agent instance.

siteToken

Optional. Specifies the Application Token used by the partner when requesting authentication.

siteName

Optional. Specifies the SiteName/ServerName for the OSSO agent instance.

successUrl

Optional. Specifies the redirect URL to be used by the OSSO Agent if authentication is successful.

failureUrl

Optional. Specifies the redirect URL to be used by the OSSO Agent if authentication fails.

homeUrl

Optional. Specifies the redirect URL to be used for the Home page after authentication.

logoutUrl

Optional. Specifies the redirect URL to be used when a user is logging out.

startDate

Optional. Specifies the first month, day, and year for which login to the application is allowed by the server.

endDate

Optional. Specifies the final month, day, and year for which login to the application is allowed by the server.

adminId

Optional. Specifies the administrator login ID for the OSSO Agent.

adminInfo

Optional. Specifies an administrator identifier for the OSSO Agent for tracking purpose.

domainHome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example changes the Administrator ID and information in the registration entry for OSSOAgent1.

editOssoAgent(agentName = "OSSOAgent1", partnerId = "partnerId", 
siteToken = "siteToken", siteName = "siteName", successUrl="successUrl", 
failureUrl = "failureUrl", homeUrl="homeUrl", logoutUrl="logoutUrl", 
startDate = "2009-12-10", endDate = "2012-12-30", adminId = "345", 
adminInfo = "Agent11", domainHome="domainHome1")

2.1.16 deleteOssoAgent

The deleteOssoAgent command is an online and offline command that enables you to remove the specified OSSO Agent registration in the system configuration.

Description

Removes the specified OSSO Agent registration in the system configuration. The scope of this command is an instance only; the scope is not an argument.

Syntax

deleteOssoAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
Argument Definition
agentName

Mandatory. Specifies the name of the OSSO Agent entry to be removed.

domainhome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example removes the OSSO Agent registration entry named OSSOAgent1.

deleteOssoAgent(agentName="OSSOAgent1", domainHome="domainHome1")

2.1.17 displayOssoAgent

The displayOssoAgent command is an online and offline command that displays the details of the specified OSSO Agent entry in the system configuration.

Description

Displays the details of the specified OSSO Agent entry in the Access Manager Administration Console. The scope of this command is an instance only; the scope is not an argument.

Syntax

displayOssoAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
Argument Definition
agentName

Mandatory. Specifies the name of the OSSO Agent entry to be displayed.

domainHome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example displays the OSSOAgent1 entry details.

displayOssoAgent(agentName="OSSOAgent1", domainHome="domainHome1")

2.1.18 editWebgateAgent

The editWebgateAgent command is an online and offline command that enables you to modify a Webgate 10g registration entry in the system configuration.

Description

Enables you to modify a Webgate 10g registration entry in the system configuration. The scope of this command is an instance only; the scope is not an argument.

Syntax

editWebgateAgent(agentName="<AgentName>",
accessClientPasswd="<accessClientPassword >",state="<state>", preferredHost="<host>", 
aaaTimeOutThreshold="<aaaTimeoutThreshold >", security="<security>",primaryCookieDomain="<primaryCookieDomain>", maxConnections="<maxConnections>",maxCacheElems="<maxCacheElements >", cacheTimeout="<cacheTimeOut>", 
cookieSessionTime="<cookieSessionTime >", maxSessionTime="<maxSessionTime>",
idleSessionTimeout="<idleSessionTimeout >",failoverThreshold="<failoverThreshold >", domainHome="<domainHomeName>")
Argument Definition
agentName

Mandatory. Specifies the name of the WebGate Agent to be modified.

accessClientPasswd

Optional. Specifies the access client password of WebGate Agent.

state

Optional. Specifies whether the WebGate Agent is enabled or disabled with a value of either Enabled or Disabled, respectively.

preferredHost

Optional. Specifies the preferred host of the WebGate Agent. This prevents security holes that can be created if a host's identifier is not included in the Host Identifiers list. For virtual hosting, you must use the Host Identifiers feature.

aaaTimeOutThreshold

Optional. Specifies the number (in seconds) to wait for a response from the Access Manager run-time server. If this parameter is set, it is used as an application TCP/IP timeout instead of the default TCP/IP timeout. Default = -1 (default network TCP/IP timeout is used)

security

Optional. Specifies the level of transport security to and from the Access Manager run-time server. Takes as a value either open, simple, or cert.

primaryCookieDomain

Optional. Specifies the Web server domain on which the Access Manager Agent is deployed. For example, .acompany.com

maxConnections

Optional. Specifies the maximum number of connections that this Access Manager Agent can establish with the Access Manager Server. This number must be the same as (or greater than) the number of connections that are actually associated with this agent. Default = 1

maxCacheElems

Optional. Specifies the maximum number of elements maintained in the cache. Cache elements are URLs or Authentication Schemes. The value of this setting refers to the maximum consolidated count for elements in both of these caches. Default = 10000

cacheTimeout

Optional. Specifies the amount of time cached information remains in the Access Manager Agent cache when the information is neither used nor referenced. Default = 1800 (seconds)

cookieSessionTime

Optional. Specifies the amount of time that the ObSSOCookie persists. Default = 3600 (seconds)

maxSessionTime

Optional. Specifies the maximum amount of time in seconds that a user's authentication session is valid regardless of their activity. At the expiration of this time, the user is re-challenged for authentication. This is a forced logout. A value of 0 disables this timeout setting. Default = 3600 (seconds)

idleSessionTimeout

Specifies the location of the Domain Home. When Offline, a value is mandatory; when online, optional.

failoverThreshold

Optional. Specifies a number representing the point when this Access Manager Agent opens connections to a Secondary Access Manager Server. Default = 1

domainHome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

You can alter any or all of the settings. Use the following example to change the Agent ID, state, maximum connections, Access Manager Server timeout, primary cookie domain, cache time out, cookie session timeout, maximum session timeout, idle session timeout, and failover threshold.

editWebgateAgent(agentName="WebgateAgent1", accessClientPasswd="welcome1",
state="Enabled", preferredHost="141.144.168.148:2001", aaaTimeOutThreshold = "10",
security="open", primaryCookieDomain="primaryCookieDomain", maxConnections="16",
maxCacheElems="10000", cacheTimeout="1800", cookieSessionTime="3600",
maxSessionTime="24", idleSessionTimeout="3600", failoverThreshold="1", 
domainHome="domainHome1")

2.1.19 deleteWebgateAgent

The deleteWebgateAgent command is an online and offline command that enables you to delete a Webgate_agent registration entry in the system configuration.

Description

Removes the specified Webgate_agent registration entry from the system configuration. The scope of this command is an instance only; the scope is not an argument.

Syntax

deleteWebgateAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
Argument Definition
agentName

Mandatory. Specifies the name of the WebGate Agent being deleted.

domainHome

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example removes the WebGate Agent named WebgateAgent1.

deleteWebgateAgent(agentName="WebgateAgent1", domainHome="domainHome1")

2.1.20 displayWebgateAgent

The displayWebgateAgent command is an online and offline command that displays all details of the specified Webgate_agent registration entry in the Access Manager Administration Console.

Description

Displays all details of the specified Webgate_agent registration entry in the Access Manager Administration Console. The scope of this command is an instance only; the scope is not an argument.

Syntax

displayWebgateAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
Argument Definition
agentName

Mandatory. Specifies the name of the WebGate Agent being displayed.

domainhome 

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example displays entry details for WebgateAgent1.

displayWebgateAgent(agentName="WebgateAgent1", domainHome="domainHome1")

2.1.21 exportPolicy

The exportPolicy command is an online command that exports Access Manager policy data from a test (source) environment to the intermediate Access Manager file specified.

Description

Exports Access Manager policy data from a test (source) environment to the intermediate Access Manager file. The scope of this command is an instance only; the scope is not an argument.

Syntax

exportPolicy(pathTempOAMPolicyFile="<absoluteFilePath>")
Argument Definition
pathTempOAMPolicyFile 

Mandatory. Specifies the absolute path to the temporary Access Manager file.

Example

The following example specifies the path to the tempfile.txt file used when exporting policy data from a test (source) environment.

exportPolicy(pathTempOAMPolicyFile="/exampleroot/parent/tempfile.txt") 

2.1.22 importPolicy

The importPolicy command is an online command that imports the Access Manager policy data from the specified Access Manager file.

Description

Imports the Access Manager policy data from the specified Access Manager file. The scope of this command is an instance only; the scope is not an argument.

Syntax

importPolicy(pathTempOAMPolicyFile="<absoluteFilePath>")
Argument Definition
pathTempOAMPolicyFile 

Mandatory. Specifies the absolute path to the temporary Access Manager file.

Example

The following example specifies the path to the tempfile.txt file used when importing policy data to a production (target) environment.

importPolicy(pathTempOAMPolicyFile="/exampleroot/parent/tempfile.txt") 

2.1.23 importPolicyDelta

The importPolicyDelta command is an online command that imports the Access Manager policy changes from the specified Access Manager file.

Description

Imports the Access Manager policy changes from the specified Access Manager file. The scope of this command is an instance only; the scope is not an argument.

Syntax

importPolicyDelta(pathTempOAMPolicyFile="<absoluteFilePath>")
Argument Definition
pathTempOAMPolicyFile 

Mandatory. Specifies the absolute path to the temporary Access Manager file.

Example

The following example specifies the path to the tempfile_delta.txt file used when importing changed policy data to a production (target) environment.

importPolicyDelta(pathTempOAMPolicyFile="/exampleroot/parent/tempfile_delta.txt") 

2.1.24 migratePartnersToProd

The migratePartnersToProd command is an online command that migrates partners from the current (source) Access Manager Server to the specified (target) Access Manager Server.

Description

Migrates partners from the current (source) Access Manager Server to the specified (target) Access Manager Server. The scope of this command is an instance only; the scope is not an argument.

Syntax

migratePartnersToProd(prodServerHost="<host>", prodServerPort="<port>", 
prodServerAdminUser="<user>", prodServerAdminPwd="<passwd>")
Argument Definition

prodServerHost

Host name of the target Access Manager Server to which partners are to be migrated.

prodServerPort

Port of the target Access Manager Server to which partners are to be migrated.

prodServerAdminUser

Administrator of the target Access Manager Server to which partners are to be migrated.

prodServerAdminPwd

Target Access Manager Server administrator's password.

Example

The following example specifies the required information for partner migration.

migratePartnersToProd(prodServerHost="myhost", prodServerPort="1234", 
prodServerAdminUser="weblogic", prodServerAdminPwd="welcome")

2.1.25 exportPartners

The exportPartners command is an online command that exports Access Manager partners from the source to the Access Manager file specified.

Description

Exports the Access Manager partners from the source to the Access Manager file specified. The scope of this command is an instance only; the scope is not an argument.

Syntax

exportPartners(pathTempOAMPartnerFile="<absoluteFilePath>")
Argument Definition
pathTempOAMPolicyFile 

Mandatory. Specifies the absolute path to the temporary Access Manager file.

Example

The following example specifies the absolute path to the Access Manager partners file.

exportPartners(pathTempOAMPolicyFile="/exampleroot/parent/tempfile_partners.xml") 

2.1.26 importPartners

The importPartners command is an online command that imports Access Manager partners from the specified Access Manager file.

Description

Imports the Access Manager partners from the specified Access Manager file. The scope of this command is an instance only; the scope is not an argument.

Syntax

importPartners(pathTempOAMPartnerFile="<absoluteFilePath>")
Argument Definition

pathTempOAMPartnerFile

Mandatory. Specifies the path to the temporary Access Manager partner file.

Example

The following example specifies the absolute path to the Access Manager file from which the partners will be imported.

importPartners(pathTempOAMPolicyFile="/exampleroot/parent/tempfile_partners.xml") 

2.1.27 displayTopology

The displayTopology command is an online and offline command that displays information about all Access Manager Servers in a deployment.

Description

Lists the topology of deployed Access Manager Servers.

Syntax

displayTopology(domainHome="<domainHomeName>")
Argument Definition
domainHome

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example lists the details of all deployed Access Manager Servers in the specified domain home.

displayTopology(domainHome="domainHome1")

2.1.28 configureOAAMPartner

The configureOAAMPartner command is an online command that configures the basic integration of Access Manager and Oracle Adaptive Access Manager (OAAM).

Description

Configures the basic integration of Access Manager and OAAM. The scope of this command is an instance only; the scope is not an argument.

Syntax

configureOAAMPartner(dataSourceName="<dataSourceName>", hostName="<hostName>", 
port="<port>", serviceName="<serviceName>", userName="<userName>", 
passWord="<passWord>", maxConnectionSize="<maxConnectionSize>", 
maxPoolSize="<maxPoolSize>", serverName="<serverName>")
Argument Definition

dataSourceName

Mandatory. Specifies the name of the data source to be created.

hostName

Mandatory. Specifies the name of the database host.

port

Mandatory. Specifies the database port number.

serviceName

Mandatory. Specifies the database service name.

userName

Mandatory. Specifies the OAAM schema name.

passWord

Mandatory. Specifies the OAAM schema password.

maxConnectionSize

Optional. Specifies the maximum connection reserve time out size.

maxPoolSize

Optional. Specifies the maximum size for the connection pool.

serverName

Optional. Specifies the target server for the data source.

Example

The following example configures a basic integration for Access Manager and OAAM.

configureOAAMPartner(dataSourceName="MyOAAMDS", hostName="host.example.com", 
port="1521", serviceName="sevice1", userName="username", passWord="password", 
maxConnectionSize=None, maxPoolSize=None, serverName="oam_server1")

2.1.29 registerOIFDAPPartner

The registerOIFDAPPartner command is an online and offline command that registers Oracle Access Management Identity Federation (Identity Federation) as a Delegated Authentication Protocol (DAP) Partner.

Description

Registers Identity Federation as Delegated Authentication Protocol (DAP) Partner. The scope of this command is an instance only; the scope is not an argument.

Syntax

registerOIFDAPPartner(keystoreLocation="/scratch/keystore" 
logoutURL="http://<oifhost>:<oifport>/fed/user/splooam11g?
 doneURL=http(s)://<oamhost>:<oamport>/oam/server/pages/logout.jsp", 
rolloverTime="nnn")
Argument Definition

keystoreLocation

Mandatory. Specifies the location of the Keystore file (generated at the Identity Federation Server).

logoutURL

Mandatory. Specifies the logout URL for the Identity Federation server.

rolloverTime

Optional. Specifies the amount of time in seconds for which the keys used to encrypt/decrypt SASSO tokens can be rolled over.

Example

The following example illustrates the use of the parameters.

registerOIFDAPPartner(keystoreLocation="/scratch/keystore",
logoutURL="http(s)://oif.mycompany.com:1234/fed/user/splooam11g?
doneURL=http(s)://oam.mycompany.com:5678/oam/server/pages/logout.jsp", rolloverTime="500")

2.1.30 registerOIFDAPPartnerIDPMode

The registerOIFDAPPartnerIDPMode command is an online and offline command that registers Identity Federation as a Delegated Authentication Protocol (DAP) Partner in IDP Mode.

Description

Registers Identity Federation as Delegated Authentication Protocol (DAP) Partner in IDP Mode. The scope of this command is an instance only; the scope is not an argument.

Syntax

registerOIFDAPPartnerIDPMode(logoutURL="http://<oifhost>:<oifport>/fed/user/sploosso?doneURL=http://<oamhost>:<oamport>/ngam/server/pages/logout.jsp")
Argument Definition

logoutURL

Mandatory. Specifies the logout URL for the Identity Federation server.

Example

The following example illustrates the use of the logout URL parameter.

registerOIFDAPPartner(
logoutURL="http://oif.oracle.com:1234/fed/user/sploosso?
 doneURL=http://oam.oracle.com:5678/ngam/server/pages/logout.jsp")

2.1.31 registerThirdPartyTAPPartner

The registerThirdPartyTAPPartner command is an online command that registers any third party as a Trusted Authentication Protocol (TAP) Partner.

Description

Registers any third party as a Trusted Authentication Protocol (TAP) Partner.

Syntax

registerThirdPartyTAPPartner(partnerName="ThirdPartyTAPPartner", 
keystoreLocation="/scratch/DAPKeyStore/mykeystore.jks", 
password="test", tapTokenVersion="v2.0", tapScheme="TAPScheme", 
tapRedirectUrl="http://thirdpartyserverhost:port/loginPage.jsp")
Argument Definition
partnerName 

Mandatory. Specifies the name of the partner. Can be any name used to identify the third party partner.

keystoreLocation 

Mandatory. Specifies the location of the keystore file.

password 

Mandatory. Specifies the password for the keystore file.

tapTokenVersion

Mandatory. Specifies the version of the Trusted Authentication Protocol.

tapScheme

Optional. Specifies the TAPScheme name used to protect the resource - TAPScheme, out of the box.

tapRedirectUrl

Optional. Specifies the TAP challenge URL to which the credential collector will be redirected.

Example

The following example illustrates the use of the parameters.

registerThirdPartyTAPPartner(partnerName = "ThirdPartyTAPPartner", 
keystoreLocation="/scratch/DAPKeyStore/mykeystore.jks", 
password="test", tapTokenVersion="v2.0", tapScheme="TAPScheme", 
tapRedirectUrl="http://thirdpartyserverhost:port/loginPage.jsp")

2.1.32 disableCoexistMode

The disableCoexistMode command is an online command that disables Coexist Mode.

Description

Disables Coexist Mode. The scope of this command is an instance only; the scope is not an argument. There are no arguments for this command.

Syntax

disableCoexistMode()

Example

The following example disables Coexist Mode.

disableCoexistMode()

2.1.33 enableOamAgentCoexist

The enableOamAgentCoexist command is an online command that enables coexist mode for the Access Manager agent (enabling the Access Manager 11g server to own the Obssocookie set by 10g WebGate).

Description

Enables Coexist Mode for the Access Manager agent. The scope of this command is an instance only; the scope is not an argument. There are no arguments for this command.

Syntax

enableOamAgentCoexist()

Example

The following example enables the Coexist Mode.

enableOamAgentCoexist

2.1.34 disableOamAgentCoexist

The disableOamAgentCoexist command is an online command that disables coexist mode for the Access Manager agent.

Description

Disables the Coexist Mode for the Access Manager agent. The scope of this command is an instance only; the scope is not an argument. There are no arguments for this command.

Syntax

disableOamAgentCoexist()

Example

The following invocation enables the Coexist Mode.

disableOamAgentCoexist

2.1.35 editGITOValues

The editGITOValues command is an online and offline command that edits GITO configuration parameters.

Description

Edits GITO configuration parameters. The scope of this command is an instance only; the scope is not an argument.

Syntax

editGITOValues(gitoEnabled="true", gitoCookieDomain=".abc.com", 
gitoCookieName="ABC", gitoVersion="v1.0", gitoTimeout="20", 
gitoSecureCookieEnabled="false", domainHome="/abc/def/ijk")
Argument Definition

gitoEnabled

Allows (or denies) user to set GITO enabled property. Takes a value of true or false.

gitoCookieDomain

Mandatory. Specifies the GITO cookie domain.

gitoCookieName

Optional. Specifies the cookie name.

gitoVersion

Optional. Specifies the GITO version. Takes ONLY v1.0 or v3.0.

gitoTimeout

Optional. Specifies the GITO timeout value.

gitoSecureCookieEnabled

Optional. Enables the GITO cookie enabled property. Takes a value of true or false.

domainHome

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example edits the GITO configuration parameters.

editGITOValues(gitoEnabled="true", gitoCookieDomain=".abc.com", 
gitoCookieName="ABC", gitoVersion="v1.0", gitoTimeout="20", 
gitoSecureCookieEnabled="false", domainHome="/abc/def/ijk")

2.1.36 editWebgate11gAgent

The editWebgate11gAgent command is an online and offline command that edits an 11g Webgate_entry registration in the system configuration.

Description

Edits an 11g Webgate_entry registration in the system configuration. The scope of this command is an instance only; the scope is not an argument.

Syntax

editWebgate11gAgent(agentName="<AgentName>", 
accessClientPasswd="<accessClientPassword >",state="<state>", preferredHost="<host>", 
aaaTimeoutThreshold="<aaaTimeOutThreshold>", security="<security>",logOutUrls="<logOutUrls>", maxConnections="<maxConnections>",maxCacheElems="<maxCacheElements>", cacheTimeout="<cacheTimeOut>", 
logoutCallbackUrl="<logoutCallbackUrl >",maxSessionTime="<maxSessionTime>", logoutRedirectUrl="<logoutRedirectUrl >",failoverThreshold="<failoverThreshold>",
tokenValidityPeriod="<tokenValidityPeriod>",logoutTargetUrlParamName="<logoutTargetUrlParamName>", domainHome="<domainHome>",allowManagementOperations="<allowManagementOperations>", 
allowTokenScopeOperations="<allowTokenScopeOperations>", 
allowMasterTokenRetrieval="<allowMasterTokenRetrieval>", 
allowCredentialCollectorOperations="<allowCredentialCollectorOperations>")
Argument Definition
agentName

Mandatory. Specifies the name of the 11g WebGate Agent to be modified.

accessClientPasswd

Optional. Specifies the unique client password for this WebGate Agent.

state

Optional. Specifies whether the WebGate Agent is enabled or disabled with a value of either Enabled or Disabled, respectively.

preferredHost

Optional. Specifies the preferred host of the WebGate Agent. This prevents security holes that can be created if a host's identifier is not included in the Host Identifiers list. For virtual hosting, you must use the Host Identifiers feature.

aaaTimeoutThreshold

Optional. Specifies the number (in seconds) to wait for a response from the Access Manager run-time server. If this parameter is set, it is used as an application TCP/IP timeout instead of the default TCP/IP timeout. Default = -1 (default network TCP/IP timeout is used)

security

Optional. Specifies the level of transport security to and from the Access Manager run-time server. Takes as a value either open, simple, or cert.

logOutUrls

List of URLS that trigger the logout handler, which removes the ObSSOCookie.

maxConnections

Optional. Specifies the maximum number of connections that this Access Manager Agent can establish with the Access Manager Server. This number must be the same as (or greater than) the number of connections that are actually associated with this agent. Default = 1

maxCacheElems

Optional. Specifies the maximum number of elements maintained in the cache. Cache elements are URLs or Authentication Schemes. The value of this setting refers to the maximum consolidated count for elements in both of these caches. Default = 10000

cacheTimeout

Optional. Specifies the amount of time cached information remains in the Access Manager Agent cache when the information is neither used nor referenced. Default = 1800 (seconds)

logoutCallbackUrl

The URL to oam_logout_success, which clears cookies during the call back. By default, this is based on the Agent base URL supplied during agent registration. For example:

http://<host>:<port>

maxSessionTime

Optional. Specifies the maximum amount of time in seconds that a user's authentication session is valid regardless of their activity. At the expiration of this time, the user is re-challenged for authentication. This is a forced logout. A value of 0 disables this timeout setting. Default = 3600 (seconds)

logoutRedirectUrl

Optional. Specifies the URL (absolute path) to the central logout page (logout.html). By default, this is based on the Access Manager Administration Console host name with a default port of 14200.

failoverThreshold

Optional. Specifies a number representing the point when this Access Manager Agent opens connections to a Secondary Access Manager Server. Default = 1

tokenValidityPeriod

Optional. Specifies the amount of time in seconds that a user's authentication session remains valid without accessing any Access Manager Agent protected resources.

logoutTargetUrlParamName

Optional. The value for this is the Logout Target URL to be invoked on logout and configured at the OPSS level.

domainHome

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

allowManagementOperations

Optional. Specifies the Set the flag for Allow Management Operations

allowTokenScopeOperations

Optional. Specifies the Set the flag for Allow Token Scope Operations

idleSessionTimeout

Optional. Specifies the

allowMasterTokenRetrieval

Set flag for Allow Master Token Retrieval

allowCredentialCollectorOperations

Set flag for Allow Credential Collector Operations

Example

The following example uses all mandatory and optional parameters.

editWebgate11gAgent(agentName="WebgateAgent1", accessClientPasswd="welcome1",
state="Enabled", preferredHost="141.144.168.148:2001", aaaTimeoutThreshold="10",
security="open", logOutUrls="http://host1.oracle.com:1234", maxConnections = "16",
maxCacheElems="10000", cacheTimeout="1800", 
logoutCallbackUrl="http://host2.oracle.com:1234",
maxSessionTime="24", logoutRedirectUrl="logoutRedirectUrl", 
failoverThreshold="1", tokenValidityPeriod="tokenValidityPeriod",
logoutTargetUrlParamName="logoutTargetUrl", domainHome="domainHome1",
allowManagementOperations="false", allowTokenScopeOperations="false", 
allowMasterTokenRetrieval="false", allowCredentialCollectorOperations="false")

2.1.37 deleteWebgate11gAgent

The deleteWebgate11gAgent command is an online and offline command that enables you to remove an 11g Webgate_agent entry in the system configuration.

Description

Removes an 11g Webgate_agent entry in the system configuration. The scope of this command is an instance only; the scope is not an argument.

Syntax

deleteWebgate11gAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
Argument Definition
agentName

Mandatory. Specifies the name of the 11g WebGate Agent to be removed.

domainHome

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example removes the 11g Webgate_agent entry named my_11gWebGate.

deleteWebgate11gAgent(agentName="my_11gWebGate", domainHome="domainHome1")

2.1.38 displayWebgate11gAgent

The displayWebgate11gAgent command is an online and offline command that enables you to display an 11g Webgate_agent registration entry.

Description

Displays an 11g WebGate Agent registration entry. The scope of this command is an instance only; the scope is not an argument.

Syntax

displayWebgate11gAgent(agentName="<AgentName>", domainHome="<domainHomeName>")
Argument Definition
agentName

Mandatory. Specifies the name of the 11g WebGate Agent to be modified.

domainHome

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example displays the WebGate Agent named my_11gWebGate:

displayWebgate11gAgent(agentName="my_11gWebGate", domainHome="domainHome1")

2.1.39 displayOAMMetrics

The displayOAMMetrics command is an online and offline command that enables the display of metrics for Access Manager Servers.

Description

Enables the display of metrics for Access Manager Servers. The scope of this command is an instance only; the scope is not an argument.

Syntax

displayOAMMetrics(domainHome="<domainHomeName>")
Argument Definition
domainHome

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example displays the metrics for Access Manager Servers in the specified domain.

displayOAMMetrics(domainHome="domainHome1") 

2.1.40 updateOIMHostPort (deprecated)

DEPRECATED - Online only command that updates the Oracle Identity Manager configuration when integrated with Access Manager.

Description

Updates the Identity Manager configuration in the system configuration. The scope of this command is an instance only; the scope is not an argument.

Syntax

updateOIMHostPort(hostName="<host name>", port="<port number>", secureProtocol="true")
Argument Definition

hostName

Name of the Identity Manager host.

port

Port of the Identity Manager host.

secureProtocol

Takes a value of true or false depending on whether communication is through HTTP or HTTPS.

Example

The following example illustrates this command.

updateOIMHostPort(hostName="OIM.oracle.com", port="7777", secureProtocol="true") 

2.1.41 configureOIM (deprecated)

DEPRECATED - Online only command that registers an agent profile specific to Oracle Identity Manager when integrated with Access Manager.

Description

Creates an Agent profile specific to Oracle Identity Manager when integrated with Access Manager. The scope of this command is an instance only; the scope is not an argument.

Syntax

configureOIM(oimHost="<OIM host>", oimPort="<port>", 
oimSecureProtocolEnabled="true | false", oimAccessGatePwd="<AccessGatePassword>", 
oimCookieDomain="<OIMCookieDomain>", oimWgId="<OIMWebgateID>", 
oimWgVersion="<OIMWebgateVersion>")
Argument Definition

oimHost

Name of the Oracle Identity Manager host. In the case of EDG, the front ending LBR hostname of the OIM Cluster.

oimPort

Port of the Oracle Identity Manager Managed Server. In the case of EDG, the front ending LBR port of the OIM Managed Server Cluster.

oimSecureProtocolEnabled

Takes a value of true or false depending on whether communication is through HTTP or HTTPS.

oimAccessGatePwd

If provided, the agent password for Open mode.

oimCookieDomain

Domain in which the cookie is to be set .

oimWgId

Agent registration name.

oimWgVersion

Possible values are 10g or 11g. If not provided, default is 10g.

Example

The following example illustrates this command.

configureOIM(oimHost="oracle.com", oimPort="7777", oimSecureProtocolEnabled="true",
oimAccessGatePwd = "welcome", oimCookieDomain = "domain1",
oimWgId="<OIM Webgate ID>", oimWgVersion="10g")

2.1.42 updateOSSOResponseCookieConfig

The updateOSSOResponseCookieConfig command is an online and offline command that updates the OSSO Proxy response cookie settings.

Description

Updates OSSO Proxy response cookie settings. The scope of this command is an instance only; the scope is not an argument.

Syntax

updateOSSOResponseCookieConfig(cookieName="<cookieName>",cookieMaxAge="<cookie age in minutes>", isSecureCookie="true | false",cookieDomain="<domain of the cookie>", domainHome="<domainHomeName>")
Argument Definition

cookieName

Optional. Name of the cookie for which settings are updated. If not specified, the global setting is updated.

cookieMaxAge

Maximum age of a cookie in minutes. A negative value sets a session cookie.

isSecureCookie

Boolean flag that specifies if cookie should be secure (sent over SSL channel).

cookieDomain

The domain of the cookie.

domainHome

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example illustrates this command.

updateOSSOResponseCookieConfig(cookieName = "ORASSO_AUTH_HINT",
cookieMaxAge = "525600", isSecureCookie = "false",
cookieDomain=".example.com", domainHome = "<domain_home>")

2.1.43 deleteOSSOResponseCookieConfig

The deleteOSSOResponseCookieConfig command is an online and offline command that deletes the OSSO Proxy response cookie settings in the system configuration.

Description

Deletes the OSSO Proxy response cookie settings. The scope of this command is an instance only; the scope is not an argument.

Syntax

deleteOSSOResponseCookieConfig(cookieName="<cookieName>", 
domainHome="<domainHomeName>")
Argument Definition

cookieName

Mandatory. Name of the cookie for which settings are being deleted. The global cookie setting cannot be deleted.

domainHome

Specifies the location for the Weblogic Server OR Cell Path for WebSphere. This parameter is mandatory for WebSphere. When Offline, a value is mandatory; when online, optional.

Example

The following example illustrates this command.

deleteOSSOResponseCookieConfig(cookieName="ORASSO_AUTH_HINT",
domainHome = "<domain_home>")

2.1.44 configureAndCreateIdentityStore

The configureAndCreateIdentityStore command is an online command that configures the identity store and external user store.

Description

Configures the identity store and external user store using the values supplied.

Syntax

configureOIM(oimHost="<OIM host>", oimPort="<port>", 
oimSecureProtocolEnabled="true | false", oimAccessGatePwd="<AccessGatePassword>", 
oimCookieDomain="<OIMCookieDomain>", oimWgId="<OIMWebgateID>", 
oimWgVersion="<OIMWebgateVersion>"), nameOfIdStore="<nameOfIdStore>", 
idStoreSecurityCredential="<idStoreSecurityCredential>",
userSearchBase="<userSearchBase>", ldapUrl="<ldapUrl>", 
groupSearchBase="<groupSearchBase>", securityPrincipal="<securityPrincipal>", idStoreType="<idStoreType>", ldapProvider="<ldapProvider>",
isPrimary="<isPrimary>", userIDProvider="<userIDProvider>", 
userNameAttr="<userNameAttr>"
Argument Definition

oimHost

Name of the Oracle Identity Manager host. In the case of EDG, the front ending LBR hostname of the OIM Cluster.

oimPort

Port of the Oracle Identity Manager Managed Server. In the case of EDG, the front ending LBR port of the OIM Managed Server Cluster.

oimSecureProtocolEnabled

Takes a value of true or false depending on whether communication is through HTTP or HTTPS.

oimAccessGatePwd

If provided, the agent password for Open mode.

oimCookieDomain

Domain in which the cookie is to be set .

oimWgId

Agent registration name.

oimWgVersion

Possible values are 10g or 11g. If not provided, default is 10g.

nameOfIdStore

Mandatory. Specifies the name of the LDAP ID store to be created.

idStoreSecurityCredential

Mandatory. Specifies the password of the Principal for the LDAP identity store being created.

userSearchBase

Mandatory. Specifies the node under which user data is stored in the LDAP identity store being created.

ldapUrl

Mandatory. Specifies the URL for the LDAP host (including port number) of the LDAP identity store being created.

groupSearchBase

Mandatory. Specifies the node under which group data is stored in the LDAP identity store being created.

securityPrincipal

Mandatory. Specifies the Principal Administrator of the LDAP identity store being created.

idStoreType

Mandatory. Specifies the type of the LDAP identity store being created.

ldapProvider

Specifies the LDAP Provider type of the store being created.

isPrimary

Optional. Specifies whether the LDAP identity store being registered is the primary identity store. Takes true or false as a value.

userIDProvider

Specifies the user Identity Provider for the store being created.

userNameAttr

Mandatory. Specifies the user attributes for the store.

Example

The following example illustrates this command.

configureOIM(oimHost="oracle.com", oimPort="7777", oimSecureProtocolEnabled="true",
oimAccessGatePwd = "welcome", oimCookieDomain = "domain1",
oimWgId="<OIM Webgate ID>", oimWgVersion="10g"
nameOfIdStore="nameOfIdStore", 
idStoreSecurityCredential="idStoreSecurityCredential", 
userSearchBase="userSearchBase", ldapUrl="ldapUrl", 
groupSearchBase="groupSearchBase", securityPrincipal="securityPrincipal", idStoreType="idStoreType", ldapProvider="ldapProvider", isPrimary="true", userIDProvider="userIDProvider", userNameAttr="userNameAttr")

2.1.45 configAndCreateIdStoreUsingPropFile

The configAndCreateIdStoreUsingPropFile command is an online command that configures the identity store and external user store using the values supplied in a properties file.

Description

Configures the identity store and external user store using the values supplied in the specified properties file.

Syntax

configAndCreateIdStoreUsingPropFile(path="<path_of_property_file>")
Argument Definition

path

Path to the property file in which the values are defined.

Example

The following example illustrates this command.

configAndCreateIdStoreUsingPropFile(path="/prop_file_directory/values.properties")

2.1.46 manageAuditEvents

Use the manageAuditEvents command to disable the audit of events of a specific type.

Description

The manageAuditEvents is an event type filter that allows you to disable the audit of events of a specific type. The command can be run in online mode (after domainRuntime() is run) or offline mode.

Syntax

manageAuditEvents(eventType="<event type>",auditEnabled="<true|false>",[eventStatus="<true|false>"],[presetFilter="<All|Medium|Low>"])
Argument Definition

eventType

Mandatory

Specifies the event type to be filtered. Its value is as defined in the audit.log file by the EventType field or in the IAU_BASE table by the iau_eventtype field. It is case sensitive.

auditEnabled

Mandatory

Set to true to disable the audit.

Setting it to true is equivalent to removing the filter.

eventStatus

Optional

Enables or Disables audit of events of specific event status.

Set to true (false) to disable only the audit of events, which status is true (false).

presetFilter

Optional

Activates the filter only for the specified preset filter.

Example 2-1 Examples

The following command disables the audit of all PluginInvocationStartevents, in offline mode.

manageAuditEvents(eventType="PluginInvocationStart",auditEnabled="false",domainHome="/MW_HOME/user_projects/domains/oam_domain")

The following command disables the audit of successful Authorization events, in online mode.

manageAuditEvents(eventType="Authorization",auditEnabled="false",eventStatus="true")

The following command disables the audit of all the events of type Authorization, in online mode.

manageAuditEvents(eventType="Authorization",auditEnabled="false")

2.1.47 migrateArtifacts (deprecated)

DEPRECATED - Migrates artifacts.

Description

Migrates artifacts based on the values defined in the input artifact file.

Syntax

migrateArtifacts(path="<path_to_artifacts_file>", password="<password>", 
type="OutOfPlace|InPlace", isIncremental="true|false")
Argument Definition
path

Location of the artifacts file

password 

Password used while generating original artifacts.

type 

Boolean that defines the type of migration and takes as a value InPlace or OutOfPlace

isIncremental

Boolean that takes a value of true or false. If true, an incremental upgrade is done.

Example

The following example illustrates this command.

migrateArtifacts(path="/exampleroot/parent/t", password="welcome", 
type="InPlace", isIncremental="false")

2.1.48 displaySimpleModeGlobalPassphrase

The displaySimpleModeGlobalPassphrase command is an online command that displays the simple mode global passphrase defined in the system configuration in plain text.

Description

Online only command that displays the simple mode global passphrase in plain text. There are no arguments for this command.

Syntax

displaySimpleModeGlobalPassphrase()

Example

The following example illustrates this command.

displaySimpleModeGlobalPassphrase()

2.1.49 exportSelectedPartners

The exportSelectedPartners command is an online command that exports selected Access Manager Partners to the specified Access Manager file.

Description

Exports selected Access Manager Partners to the specified Access Manager file specified.

Syntax

exportSelectedPartners(pathTempOAMPartnerFile="<absoluteFilePath>", 
partnersNameList="<comma_separated_partner_names>")
Argument Definition

pathTempOAMPartnerFile

Mandatory. The location of the file to which the information will be exported.

partnersNameList

Mandatory. Specifies a comma separated list of partner ids being exported.

Example

The following example illustrates this command.

exportSelectedPartners(pathTempOAMPartnerFile="/exampleroot/parent/tempfile.extn"
partnersNameList="partner1,partner2")

2.1.50 oamMigrate

The oamMigrate command is an online command that migrates policies, authentication stores, and user stores from OSSO, OAM10g, OpenSSO, or AM 7.1 to OAM11g.

Description

Invokes the beginMigrate operation of the migration framework mbean.

Syntax

oamMigrate(oamMigrateType=<migrationType>, 
pathMigrationPropertiesFile="<absoluteFilePath>") 
Argument Definition

oamMigrateType

Mandatory. Specifies the type of migration being done. Takes one of the following as a value: OSSO | OpenSSO | OAM10g

NOTE: OpenSSO applies to both SAML 7.1 and OpenSSO.

pathMigrationPropertiesFile

Mandatory. Specifies the path to the file from which the necessary artifacts for migration are read.

Example

The following example illustrates this command.

oamMigrate(oamMigrateType=OSSO,
pathMigrationPropertiesFile="/middlewarehome/oam-migrate.properties")

2.1.51 preSchemeUpgrade

The preSchemeUpgrade command is an online command that invokes the preSchemeUpgrade operation.

Description

Invokes the preSchemeUpgrade operation.

Syntax

preSchemeUpgrade
(pathUpgradePropertiesFile="/middlewarehome/oam-upgrade.properties")
Argument Definition

pathUpgradePropertiesFile

Mandatory. Specifies the path to the file from which the necessary system properties for upgrade are read.

Example

The following example illustrates this command.

preSchemeUpgrade(pathUpgradePropertiesFile="/exampleroot/parent/tempfile.extn")

2.1.52 postSchemeUpgrade

The postSchemeUpgrade command is an online command that invokes the postSchemeUpgrade operation.

Description

Invokes the postSchemeUpgrade operation.

Syntax

postSchemeUpgrade
(pathUpgradePropertiesFile="/middlewarehome/oam-upgrade.properties")
Argument Definition

pathUpgradePropertiesFile

Mandatory. Specifies the path to the file from which the necessary system properties for upgrade are read.

Example

The following example illustrates this command.

postSchemeUpgrade(pathUpgradePropertiesFile="/exampleroot/parent/tempfile.extn")

2.1.53 oamSetWhiteListMode

The oamSetWhiteListMode command is an online command that sets the oamSetWhiteListMode to true or false.

Description

Sets the oamSetWhiteListMode to true or false. If true, Access Manager redirects to the last URL requested by the consuming application only if it is configured as a white-list URL.

Syntax

oamSetWhiteListMode(oamWhiteListMode="true|false")
Argument Definition

oamWhiteListMode

Mandatory. Enables the Access Manager white list mode.

Example

The following example illustrates this command.

oamSetWhiteListMode(oamWhiteListMode="true")

2.1.54 oamWhiteListURLConfig

The oamWhiteListURLConfig command is an online command that performs actions on whitelist URL entries from the specified file based on the add, update, or remove operations.

Description

Add, update or remove whitelist URL entries from the specified file.

This command allows you to enter whitelist URL values having wildcard port/host into the WhiteList config map.

In the value field, if host/port is specified using wildcard characters (* symbol) then all the host/port belonging to that particular format will be allowed.

On adding the * symbol, the match will be made for the WhiteList URL based on wild card comparison mechanism.

Syntax

oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:1234", 
Operation="Remove|Update")
Argument Definition

Name

Mandatory. A valid string representing the name (key) for this entry.

Value

Mandatory. A valid URL in the <protocol>://<host>:<port> format. If the port is not specified, default HTTP/HTTPS ports are assigned accordingly.

Operation

Mandatory. Takes as a value Update or Remove. Not case sensitive.

Example

The following example illustrates this command:

oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:1234", Operation="Update")

The following example illustrates this command using wildcards for Whitelist ports:

oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:*", Operation="Update")
oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:*", Operation="Remove")

The following examples illustrates this command when host/port is specified using wild card characters in value field:

oamWhiteListURLConfig(Name="xyz", Value="http://*.com:7777", Operation="Update")

The above command will allow URL's such as http://xyz.com:7777, http://abc.com:7777 and so on for redirection.

oamWhiteListURLConfig(Name="xyz", Value="http://xyz.com:*", Operation="Update")

The above command will allow URL's such as http://xyz.com:8000, http://abc.com:4040 and so on for redirection.

2.1.55 enableMultiDataCentreMode

The enableMultiDataCentreMode command is an online command that enables Multi Data Center Mode.

Description

Enables Multi Data Center Mode.

Syntax

enableMultiDataCentreMode(propfile="<absoluteFilePath>")
Argument Definition

propFile

Mandatory. Specifies the absolute path to a file from which the properties to enable the Multi Data Center are read.

Example

The following example illustrates this command.

enableMultiDataCentre(propfile="/middlewarehome/oamMDCProperty.properties")

2.1.56 disableMultiDataCentreMode

The disableMultiDataCentreMode command is an online command that disables Multi Data Center Mode.

Description

Disables Multi Data Center Mode. This command has no arguments.

Syntax

disableMultiDataCentreMode()

Example

The following example illustrates this command.

disableMultiDataCentreMode()

2.1.57 setMultiDataCentreClusterName

The setMultiDataCentreClusterName command is an online command that sets the Multi Data Center cluster name.

Description

Sets the Multi Data Center cluster name.

Syntax

setMultiDataCentreClusterName(clusterName="MyCluster")
Argument Definition

clusterName

Mandatory. Specifies the name of the cluster.

Example

The following example illustrates this command.

postSchemeUpgrade(clusterName="MyCluster")

2.1.58 setMultiDataCentreLogoutURLs

The setMultiDataCentreLogoutURLs command is an online command that sets the Multi Data Center Partner logout URLs.

Description

Sets the Multi Data Center Partner logout URLs.

Syntax

setMultiDataCentreLogoutURLs
(logoutURLs="http://<host>:<port>/logout.jsp,http://<host>:<port>/logout.jsp")
Argument Definition

logoutURLs

Mandatory. Specify a comma separated list of Multi Data Center Partner logout URLs.

Example

The following example illustrates this command.

setMultiDataCentreLogoutURLs(logoutURLs="http://localhost:6666/logout.jsp,http://localhost:8888/logout.jsp")

2.1.59 updateMultiDataCentreLogoutURLs

The updateMultiDataCentreLogoutURLs command updates the Multi Data Center Partner logout URLs.

Description

Updates the Multi Data Center Partner logout URLs.

Syntax

updateMultiDataCentreLogoutURLs
(logoutURLs="http://<host>:<port>/logout.jsp,http://<host>:<port>/logout.jsp")
Argument Definition

logoutURLs

Mandatory. Specify a comma separated list of Multi Data Center Partner logout URLs.

Example

The following example illustrates this command.

updateMultiDataCentreLogoutURLs(logoutURLs="http://localhost:7777/logout.jsp,http://localhost:9999/logout.jsp")

2.1.60 addPartnerForMultiDataCentre

The addPartnerForMultiDataCentre command is an online command that adds a partner to a Multi Data Center.

Description

Adds a partner to a Multi Data Center. This command is supported only in online mode and adds one partner at a time.

Syntax

addPartnerForMultiDataCentre(propfile="<absoluteFilePath>")
Argument Definition

propFile

Mandatory. Specifies the absolute path to a file that contains the agent information.

Example

The following example illustrates this command.

addPartnerForMultiDataCentre(propfile="/middlewarehome/partnerInfo.properties")

2.1.61 removePartnerForMultiDataCentre

The removePartnerForMultiDataCentre command is an online command that removes a partner from Multi Data Center.

Description

Removes a partner from Multi Data Center. This command is supported only in online mode and removes one partner at a time.

Syntax

removePartnerForMultiDataCentre(webgateid="<webgateId")
Argument Definition

webgateid

Mandatory. Specifies the ID of the partner to be deleted.

Example

The following example illustrates this command.

removePartnerForMultiDataCentre(webgateid="IAMSuite")

2.1.62 addOAMSSOProvider

The addOAMSSOProvider command is an online command that adds an Access Manager SSO provider with the given login URI, logout URI, and auto-login URI.

Description

This command modifies the domain jps-config.xml by adding an Access Manager SSO service instance with the required properties. In the event of an error, the command returns a WLSTException.

Syntax

addOAMSSOProvider(loginuri, logouturi, autologinuri)
Argument Definition

loginuri

Specifies the URI of the login page. Required.

logouturi

Specifies the URI of the logout page. Optional. If unspecified, defaults to logouturi=NONE.

Set to "" to ensure that ADF security calls the OPSS logout service, which uses the implementation of the class OAMSSOServiceImpl to clear the cookie ObSSOCookie. An ADF-secured web application that would like to clear cookies without logging out the user should use this setting.

autologinuri

Specifies the URI of the autologin page. Optional. If unspecified, it defaults to autologin=NONE.

Example

The following example illustrates this command.

addOAMSSOProvider(loginuri="/${app.context}/adfAuthentication", 
 logouturi="/oamsso/logout.html", autologinuri="/example.cgi")